global: Restrict use of '#include <linux/kconfig.h>'

In general terms, we -include include/linux/kconfig.h and so normal
U-Boot code does not need to also #include it. However, for code which
is shared with userspace we may need to add it so that either our full
config is available or so that macros such as CONFIG_IS_ENABLED() can be
evaluated. In this case make sure that we guard these includes with a
test for USE_HOSTCC so that it clear as to why we're doing this.

Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Tom Rini <trini@konsulko.com>

tools: mkeficapsule: Add support to print capsule headers

Add support to dump the contents of capsule headers. This is useful as
a debug feature for checking the contents of the capsule headers, and
can also be used in capsule verification.

Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Reviewed-by: Simon Glass <sjg@chromium.org>

mkeficapsule: add FMP Payload Header

Current mkeficapsule tool does not provide firmware
version management. EDK II reference implementation inserts
the FMP Payload Header right before the payload.
It coutains the fw_version and lowest supported version.

This commit adds a new parameters required to generate
the FMP Payload Header for mkeficapsule tool.
'-v' indicates the firmware version.

When mkeficapsule tool is invoked without '-v' option,
FMP Payload Header is not inserted, the behavior is same as
current implementation.

The lowest supported version included in the FMP Payload Header
is not used, the value stored in the device tree is used instead.

Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>

mkeficapsule: Add support for setting OEM flags in capsule header

Add support for setting OEM flags in the capsule header. As per the
UEFI specification, bits 0-15 of the flags member of the capsule
header can be defined per capsule GUID.

The oemflags will be used for the FWU Multi Bank update feature, as
specified by the Dependable Boot specification[1]. Bit
15 of the flags member will be used to determine if the
acceptance/rejection of the updated images is to be done by the
firmware or an external component like the OS.

[1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf

Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

mkeficapsule: Add support for generating empty capsules

The Dependable Boot specification[1] describes the structure of the
firmware accept and revert capsules. These are empty capsules which
are used for signalling the acceptance or rejection of the updated
firmware by the OS. Add support for generating these empty capsules.

[1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf

Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

mkeficapsule: Remove raw and FIT GUID types

While building a capsule, the GUID value of that specific image is to
be passed through the --guid command option to the mkeficapsule
tool instead of using one of --raw or --fit options, where the GUID
value passed through the command line option is the image GUID.

This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and
EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the
--raw and --fit command line options as well. Also modify the
mkeficapsule man page to reflect this change.

Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>

tools: mkeficapsule: remove duplicated code

That code is mistakenly duplicated due to copy-and-paste error.
Just remove it.

Fixes: CID 348360
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>

tools: mkeficapsule: allow for specifying GUID explicitly

The existing options, "--fit" and "--raw," are only used to put a proper
GUID in a capsule header, where GUID identifies a particular FMP (Firmware
Management Protocol) driver which then would handle the firmware binary in
a capsule. In fact, mkeficapsule does the exact same job in creating
a capsule file whatever the firmware binary type is.

To prepare for the future extension, the command syntax will be a bit
modified to allow users to specify arbitrary GUID for their own FMP driver.
OLD:
[--fit <image> | --raw <image>] <capsule file>
NEW:
[--fit | --raw | --guid <guid-string>] <image> <capsule file>

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Simon Glass <sjg@chromium.org>

tools: mkeficapsule: add firmware image signing

With this enhancement, mkeficapsule will be able to sign a capsule
file when it is created. A signature added will be used later
in the verification at FMP's SetImage() call.

To do that, we need specify additional command parameters:
-monotonic-cout <count> : monotonic count
-private-key <private key file> : private key file
-certificate <certificate file> : certificate file
Only when all of those parameters are given, a signature will be added
to a capsule file.

Users are expected to maintain and increment the monotonic count at
every time of the update for each firmware image.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>

tools: mkeficapsule: dont use malloc.h

malloc() functions are declared via stdlib.h. Including malloc.h can lead
to build errors e.g. on OS-X.

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>

tools: mkeficapsule: rework the code a little bit

Abstract common routines to make the code easily understandable.
No functional change.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Simon Glass <sjg@chromium.org>

tools: mkeficapsule: output messages to stderr instead of stdout

All the error messages should be printed out to stderr.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>

Revert "Revert "mkeficapsule: Remove dtb related options""

This reverts commit d428e81266a59974ade74c1ba019af39f23304ab.
We have agreed with removing dtb-related stuff from mkeficapsule
command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move
signature from DTB to .rodata"") was applied.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>

Revert "mkeficapsule: Remove dtb related options"

This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352.

Signed-off-by: Simon Glass <sjg@chromium.org>

mkeficapsule: Remove dtb related options

commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb")
added a bunch of options enabling the addition of the capsule public key
in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this
this functionality anymore

Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>

tools/mkeficapsule: improve online help

Show short arguments along with long arguments in online help:

$ tools/mkeficapsule -h
Usage: mkeficapsule [options] <output file>
Options:
-f, --fit <fit image> new FIT image file
-r, --raw <raw image> new raw image file
-i, --index <index> update image index
-I, --instance <instance> update hardware instance
-K, --public-key <key file> public key esl file
-D, --dtb <dtb file> dtb file
-O, --overlay the dtb file is an overlay
-h, --help print a help message

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>

mkeficapsule: Correct printf() strings

Use %z when printing size_t values. This avoids errors on 32-bit
machines.

Signed-off-by: Simon Glass <sjg@chromium.org>
Use a conversion to size_t for printing stat.st_size.
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>

tools/mkeficapsule.c: fix DEBUG build

Fix a missing comma sign (,) from a printf(), that is only
reachable if DEBUG is defined, in which case the build fails with:

tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’
266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid);
| ^~~~
| )

Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>

mkeficapsule: Miscellaneous fixes in the utility

Miscellaneous fixes in the mkeficapsule utility -- these include a few
resource leak issues flagged by Coverity along with some additional
code improvements suggested by Heinrich during code review.

Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>

tools: mkeficapsule: fill reserved members of structure

Fill reserved members of efi_firmware_management_capsule_image_header
structure with zero's for safety.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Fixes: CID 316354
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>

mkeficapsule: Add support for embedding public key in a dtb

Add options for embedding the public key esl(efi signature list) file
to the platform's dtb. The esl file is then retrieved and used for
authenticating the capsule to be used for updating firmare components
on the platform.

The esl file can now be embedded in the dtb by invoking the following
command
mkeficapsule -K <pub_key.esl> -D <dtb>

In the scenario where the esl file is to be embedded in an overlay,
this can be done through the following command
mkeficapsule -O -K <pub_key.esl> -D <dtb>

This will create a node named 'signature' in the dtb, and the esl file
will be stored as 'capsule-key'

Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>

test/py: efi_capsule: test for FIT image capsule

The test can run on sandbox build and it attempts to execute a firmware
update via a capsule-on-disk, using a FIT image capsule,
CONFIG_EFI_CAPSULE_FIT.

To run this test successfully, you need configure U-Boot specifically;
See test_capsule_firmware.py for requirements, and hence it won't run
on Travis CI, at least, for now.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>

tools: add mkeficapsule command for UEFI capsule update

This is a utility mainly for test purpose.
mkeficapsule -f: create a test capsule file for FIT image firmware

Having said that, you will be able to customize the code to fit
your specific requirements for your platform.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>

global: Restrict use of '#include <linux/kconfig.h>'

In general terms, we -include include/linux/kconfig.h and so normal
U-Boot code does not need to also #include it. However, for code which
is shared with userspace we may need to add it so that either our full
config is available or so that macros such as CONFIG_IS_ENABLED() can be
evaluated. In this case make sure that we guard these includes with a
test for USE_HOSTCC so that it clear as to why we're doing this.

Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Tom Rini <trini@konsulko.com>

tools: mkeficapsule: Add support to print capsule headers

Add support to dump the contents of capsule headers. This is useful as
a debug feature for checking the contents of the capsule headers, and
can also be used in capsule verification.

Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Reviewed-by: Simon Glass <sjg@chromium.org>

mkeficapsule: add FMP Payload Header

Current mkeficapsule tool does not provide firmware
version management. EDK II reference implementation inserts
the FMP Payload Header right before the payload.
It coutains the fw_version and lowest supported version.

This commit adds a new parameters required to generate
the FMP Payload Header for mkeficapsule tool.
'-v' indicates the firmware version.

When mkeficapsule tool is invoked without '-v' option,
FMP Payload Header is not inserted, the behavior is same as
current implementation.

The lowest supported version included in the FMP Payload Header
is not used, the value stored in the device tree is used instead.

Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>

mkeficapsule: Add support for setting OEM flags in capsule header

Add support for setting OEM flags in the capsule header. As per the
UEFI specification, bits 0-15 of the flags member of the capsule
header can be defined per capsule GUID.

The oemflags will be used for the FWU Multi Bank update feature, as
specified by the Dependable Boot specification[1]. Bit
15 of the flags member will be used to determine if the
acceptance/rejection of the updated images is to be done by the
firmware or an external component like the OS.

[1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf

Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

mkeficapsule: Add support for generating empty capsules

The Dependable Boot specification[1] describes the structure of the
firmware accept and revert capsules. These are empty capsules which
are used for signalling the acceptance or rejection of the updated
firmware by the OS. Add support for generating these empty capsules.

[1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf

Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

mkeficapsule: Remove raw and FIT GUID types

While building a capsule, the GUID value of that specific image is to
be passed through the --guid command option to the mkeficapsule
tool instead of using one of --raw or --fit options, where the GUID
value passed through the command line option is the image GUID.

This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and
EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the
--raw and --fit command line options as well. Also modify the
mkeficapsule man page to reflect this change.

Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>

tools: mkeficapsule: remove duplicated code

That code is mistakenly duplicated due to copy-and-paste error.
Just remove it.

Fixes: CID 348360
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>

tools: mkeficapsule: allow for specifying GUID explicitly

The existing options, "--fit" and "--raw," are only used to put a proper
GUID in a capsule header, where GUID identifies a particular FMP (Firmware
Management Protocol) driver which then would handle the firmware binary in
a capsule. In fact, mkeficapsule does the exact same job in creating
a capsule file whatever the firmware binary type is.

To prepare for the future extension, the command syntax will be a bit
modified to allow users to specify arbitrary GUID for their own FMP driver.
OLD:
[--fit <image> | --raw <image>] <capsule file>
NEW:
[--fit | --raw | --guid <guid-string>] <image> <capsule file>

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Simon Glass <sjg@chromium.org>

tools: mkeficapsule: add firmware image signing

With this enhancement, mkeficapsule will be able to sign a capsule
file when it is created. A signature added will be used later
in the verification at FMP's SetImage() call.

To do that, we need specify additional command parameters:
-monotonic-cout <count> : monotonic count
-private-key <private key file> : private key file
-certificate <certificate file> : certificate file
Only when all of those parameters are given, a signature will be added
to a capsule file.

Users are expected to maintain and increment the monotonic count at
every time of the update for each firmware image.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>

tools: mkeficapsule: dont use malloc.h

malloc() functions are declared via stdlib.h. Including malloc.h can lead
to build errors e.g. on OS-X.

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>

tools: mkeficapsule: rework the code a little bit

Abstract common routines to make the code easily understandable.
No functional change.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Simon Glass <sjg@chromium.org>

tools: mkeficapsule: output messages to stderr instead of stdout

All the error messages should be printed out to stderr.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>

Revert "Revert "mkeficapsule: Remove dtb related options""

This reverts commit d428e81266a59974ade74c1ba019af39f23304ab.
We have agreed with removing dtb-related stuff from mkeficapsule
command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move
signature from DTB to .rodata"") was applied.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>

Revert "mkeficapsule: Remove dtb related options"

This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352.

Signed-off-by: Simon Glass <sjg@chromium.org>

mkeficapsule: Remove dtb related options

commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb")
added a bunch of options enabling the addition of the capsule public key
in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this
this functionality anymore

Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>

tools/mkeficapsule: improve online help

Show short arguments along with long arguments in online help:

$ tools/mkeficapsule -h
Usage: mkeficapsule [options] <output file>
Options:
-f, --fit <fit image> new FIT image file
-r, --raw <raw image> new raw image file
-i, --index <index> update image index
-I, --instance <instance> update hardware instance
-K, --public-key <key file> public key esl file
-D, --dtb <dtb file> dtb file
-O, --overlay the dtb file is an overlay
-h, --help print a help message

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>

mkeficapsule: Correct printf() strings

Use %z when printing size_t values. This avoids errors on 32-bit
machines.

Signed-off-by: Simon Glass <sjg@chromium.org>
Use a conversion to size_t for printing stat.st_size.
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>

tools/mkeficapsule.c: fix DEBUG build

Fix a missing comma sign (,) from a printf(), that is only
reachable if DEBUG is defined, in which case the build fails with:

tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’
266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid);
| ^~~~
| )

Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>

mkeficapsule: Miscellaneous fixes in the utility

Miscellaneous fixes in the mkeficapsule utility -- these include a few
resource leak issues flagged by Coverity along with some additional
code improvements suggested by Heinrich during code review.

Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>

tools: mkeficapsule: fill reserved members of structure

Fill reserved members of efi_firmware_management_capsule_image_header
structure with zero's for safety.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Fixes: CID 316354
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>

mkeficapsule: Add support for embedding public key in a dtb

Add options for embedding the public key esl(efi signature list) file
to the platform's dtb. The esl file is then retrieved and used for
authenticating the capsule to be used for updating firmare components
on the platform.

The esl file can now be embedded in the dtb by invoking the following
command
mkeficapsule -K <pub_key.esl> -D <dtb>

In the scenario where the esl file is to be embedded in an overlay,
this can be done through the following command
mkeficapsule -O -K <pub_key.esl> -D <dtb>

This will create a node named 'signature' in the dtb, and the esl file
will be stored as 'capsule-key'

Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>

test/py: efi_capsule: test for FIT image capsule

The test can run on sandbox build and it attempts to execute a firmware
update via a capsule-on-disk, using a FIT image capsule,
CONFIG_EFI_CAPSULE_FIT.

To run this test successfully, you need configure U-Boot specifically;
See test_capsule_firmware.py for requirements, and hence it won't run
on Travis CI, at least, for now.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>

tools: add mkeficapsule command for UEFI capsule update

This is a utility mainly for test purpose.
mkeficapsule -f: create a test capsule file for FIT image firmware

Having said that, you will be able to customize the code to fit
your specific requirements for your platform.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>

global: Restrict use of '#include <linux/kconfig.h>'

In general terms, we -include include/linux/kconfig.h and so normal
U-Boot code does not need to also #include it. However, for code which
is shared with userspace we may need to add it so that either our full
config is available or so that macros such as CONFIG_IS_ENABLED() can be
evaluated. In this case make sure that we guard these includes with a
test for USE_HOSTCC so that it clear as to why we're doing this.

Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Tom Rini <trini@konsulko.com>

tools: mkeficapsule: Add support to print capsule headers

Add support to dump the contents of capsule headers. This is useful as
a debug feature for checking the contents of the capsule headers, and
can also be used in capsule verification.

Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Reviewed-by: Simon Glass <sjg@chromium.org>

mkeficapsule: add FMP Payload Header

Current mkeficapsule tool does not provide firmware
version management. EDK II reference implementation inserts
the FMP Payload Header right before the payload.
It coutains the fw_version and lowest supported version.

This commit adds a new parameters required to generate
the FMP Payload Header for mkeficapsule tool.
'-v' indicates the firmware version.

When mkeficapsule tool is invoked without '-v' option,
FMP Payload Header is not inserted, the behavior is same as
current implementation.

The lowest supported version included in the FMP Payload Header
is not used, the value stored in the device tree is used instead.

Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>

mkeficapsule: Add support for setting OEM flags in capsule header

Add support for setting OEM flags in the capsule header. As per the
UEFI specification, bits 0-15 of the flags member of the capsule
header can be defined per capsule GUID.

The oemflags will be used for the FWU Multi Bank update feature, as
specified by the Dependable Boot specification[1]. Bit
15 of the flags member will be used to determine if the
acceptance/rejection of the updated images is to be done by the
firmware or an external component like the OS.

[1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf

Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

mkeficapsule: Add support for generating empty capsules

The Dependable Boot specification[1] describes the structure of the
firmware accept and revert capsules. These are empty capsules which
are used for signalling the acceptance or rejection of the updated
firmware by the OS. Add support for generating these empty capsules.

[1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf

Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

mkeficapsule: Remove raw and FIT GUID types

While building a capsule, the GUID value of that specific image is to
be passed through the --guid command option to the mkeficapsule
tool instead of using one of --raw or --fit options, where the GUID
value passed through the command line option is the image GUID.

This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and
EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the
--raw and --fit command line options as well. Also modify the
mkeficapsule man page to reflect this change.

Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>

tools: mkeficapsule: remove duplicated code

That code is mistakenly duplicated due to copy-and-paste error.
Just remove it.

Fixes: CID 348360
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>

tools: mkeficapsule: allow for specifying GUID explicitly

The existing options, "--fit" and "--raw," are only used to put a proper
GUID in a capsule header, where GUID identifies a particular FMP (Firmware
Management Protocol) driver which then would handle the firmware binary in
a capsule. In fact, mkeficapsule does the exact same job in creating
a capsule file whatever the firmware binary type is.

To prepare for the future extension, the command syntax will be a bit
modified to allow users to specify arbitrary GUID for their own FMP driver.
OLD:
[--fit <image> | --raw <image>] <capsule file>
NEW:
[--fit | --raw | --guid <guid-string>] <image> <capsule file>

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Simon Glass <sjg@chromium.org>

tools: mkeficapsule: add firmware image signing

With this enhancement, mkeficapsule will be able to sign a capsule
file when it is created. A signature added will be used later
in the verification at FMP's SetImage() call.

To do that, we need specify additional command parameters:
-monotonic-cout <count> : monotonic count
-private-key <private key file> : private key file
-certificate <certificate file> : certificate file
Only when all of those parameters are given, a signature will be added
to a capsule file.

Users are expected to maintain and increment the monotonic count at
every time of the update for each firmware image.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>

tools: mkeficapsule: dont use malloc.h

malloc() functions are declared via stdlib.h. Including malloc.h can lead
to build errors e.g. on OS-X.

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>

tools: mkeficapsule: rework the code a little bit

Abstract common routines to make the code easily understandable.
No functional change.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Simon Glass <sjg@chromium.org>

tools: mkeficapsule: output messages to stderr instead of stdout

All the error messages should be printed out to stderr.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>

Revert "Revert "mkeficapsule: Remove dtb related options""

This reverts commit d428e81266a59974ade74c1ba019af39f23304ab.
We have agreed with removing dtb-related stuff from mkeficapsule
command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move
signature from DTB to .rodata"") was applied.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>

Revert "mkeficapsule: Remove dtb related options"

This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352.

Signed-off-by: Simon Glass <sjg@chromium.org>

mkeficapsule: Remove dtb related options

commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb")
added a bunch of options enabling the addition of the capsule public key
in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this
this functionality anymore

Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>

tools/mkeficapsule: improve online help

Show short arguments along with long arguments in online help:

$ tools/mkeficapsule -h
Usage: mkeficapsule [options] <output file>
Options:
-f, --fit <fit image> new FIT image file
-r, --raw <raw image> new raw image file
-i, --index <index> update image index
-I, --instance <instance> update hardware instance
-K, --public-key <key file> public key esl file
-D, --dtb <dtb file> dtb file
-O, --overlay the dtb file is an overlay
-h, --help print a help message

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>

mkeficapsule: Correct printf() strings

Use %z when printing size_t values. This avoids errors on 32-bit
machines.

Signed-off-by: Simon Glass <sjg@chromium.org>
Use a conversion to size_t for printing stat.st_size.
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>

tools/mkeficapsule.c: fix DEBUG build

Fix a missing comma sign (,) from a printf(), that is only
reachable if DEBUG is defined, in which case the build fails with:

tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’
266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid);
| ^~~~
| )

Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>

mkeficapsule: Miscellaneous fixes in the utility

Miscellaneous fixes in the mkeficapsule utility -- these include a few
resource leak issues flagged by Coverity along with some additional
code improvements suggested by Heinrich during code review.

Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>

tools: mkeficapsule: fill reserved members of structure

Fill reserved members of efi_firmware_management_capsule_image_header
structure with zero's for safety.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Fixes: CID 316354
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>

mkeficapsule: Add support for embedding public key in a dtb

Add options for embedding the public key esl(efi signature list) file
to the platform's dtb. The esl file is then retrieved and used for
authenticating the capsule to be used for updating firmare components
on the platform.

The esl file can now be embedded in the dtb by invoking the following
command
mkeficapsule -K <pub_key.esl> -D <dtb>

In the scenario where the esl file is to be embedded in an overlay,
this can be done through the following command
mkeficapsule -O -K <pub_key.esl> -D <dtb>

This will create a node named 'signature' in the dtb, and the esl file
will be stored as 'capsule-key'

Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>

test/py: efi_capsule: test for FIT image capsule

The test can run on sandbox build and it attempts to execute a firmware
update via a capsule-on-disk, using a FIT image capsule,
CONFIG_EFI_CAPSULE_FIT.

To run this test successfully, you need configure U-Boot specifically;
See test_capsule_firmware.py for requirements, and hence it won't run
on Travis CI, at least, for now.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>

tools: add mkeficapsule command for UEFI capsule update

This is a utility mainly for test purpose.
mkeficapsule -f: create a test capsule file for FIT image firmware

Having said that, you will be able to customize the code to fit
your specific requirements for your platform.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>

global: Restrict use of '#include <linux/kconfig.h>'

In general terms, we -include include/linux/kconfig.h and so normal
U-Boot code does not need to also #include it. However, for code which
is shared with userspace we may need to add it so that either our full
config is available or so that macros such as CONFIG_IS_ENABLED() can be
evaluated. In this case make sure that we guard these includes with a
test for USE_HOSTCC so that it clear as to why we're doing this.

Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Tom Rini <trini@konsulko.com>

tools: mkeficapsule: Add support to print capsule headers

Add support to dump the contents of capsule headers. This is useful as
a debug feature for checking the contents of the capsule headers, and
can also be used in capsule verification.

Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Reviewed-by: Simon Glass <sjg@chromium.org>

mkeficapsule: add FMP Payload Header

Current mkeficapsule tool does not provide firmware
version management. EDK II reference implementation inserts
the FMP Payload Header right before the payload.
It coutains the fw_version and lowest supported version.

This commit adds a new parameters required to generate
the FMP Payload Header for mkeficapsule tool.
'-v' indicates the firmware version.

When mkeficapsule tool is invoked without '-v' option,
FMP Payload Header is not inserted, the behavior is same as
current implementation.

The lowest supported version included in the FMP Payload Header
is not used, the value stored in the device tree is used instead.

Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>

mkeficapsule: Add support for setting OEM flags in capsule header

Add support for setting OEM flags in the capsule header. As per the
UEFI specification, bits 0-15 of the flags member of the capsule
header can be defined per capsule GUID.

The oemflags will be used for the FWU Multi Bank update feature, as
specified by the Dependable Boot specification[1]. Bit
15 of the flags member will be used to determine if the
acceptance/rejection of the updated images is to be done by the
firmware or an external component like the OS.

[1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf

Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

mkeficapsule: Add support for generating empty capsules

The Dependable Boot specification[1] describes the structure of the
firmware accept and revert capsules. These are empty capsules which
are used for signalling the acceptance or rejection of the updated
firmware by the OS. Add support for generating these empty capsules.

[1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf

Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

mkeficapsule: Remove raw and FIT GUID types

While building a capsule, the GUID value of that specific image is to
be passed through the --guid command option to the mkeficapsule
tool instead of using one of --raw or --fit options, where the GUID
value passed through the command line option is the image GUID.

This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and
EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the
--raw and --fit command line options as well. Also modify the
mkeficapsule man page to reflect this change.

Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>

tools: mkeficapsule: remove duplicated code

That code is mistakenly duplicated due to copy-and-paste error.
Just remove it.

Fixes: CID 348360
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>

tools: mkeficapsule: allow for specifying GUID explicitly

The existing options, "--fit" and "--raw," are only used to put a proper
GUID in a capsule header, where GUID identifies a particular FMP (Firmware
Management Protocol) driver which then would handle the firmware binary in
a capsule. In fact, mkeficapsule does the exact same job in creating
a capsule file whatever the firmware binary type is.

To prepare for the future extension, the command syntax will be a bit
modified to allow users to specify arbitrary GUID for their own FMP driver.
OLD:
[--fit <image> | --raw <image>] <capsule file>
NEW:
[--fit | --raw | --guid <guid-string>] <image> <capsule file>

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Simon Glass <sjg@chromium.org>

tools: mkeficapsule: add firmware image signing

With this enhancement, mkeficapsule will be able to sign a capsule
file when it is created. A signature added will be used later
in the verification at FMP's SetImage() call.

To do that, we need specify additional command parameters:
-monotonic-cout <count> : monotonic count
-private-key <private key file> : private key file
-certificate <certificate file> : certificate file
Only when all of those parameters are given, a signature will be added
to a capsule file.

Users are expected to maintain and increment the monotonic count at
every time of the update for each firmware image.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>

tools: mkeficapsule: dont use malloc.h

malloc() functions are declared via stdlib.h. Including malloc.h can lead
to build errors e.g. on OS-X.

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>

tools: mkeficapsule: rework the code a little bit

Abstract common routines to make the code easily understandable.
No functional change.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Simon Glass <sjg@chromium.org>

tools: mkeficapsule: output messages to stderr instead of stdout

All the error messages should be printed out to stderr.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>

Revert "Revert "mkeficapsule: Remove dtb related options""

This reverts commit d428e81266a59974ade74c1ba019af39f23304ab.
We have agreed with removing dtb-related stuff from mkeficapsule
command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move
signature from DTB to .rodata"") was applied.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>

Revert "mkeficapsule: Remove dtb related options"

This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352.

Signed-off-by: Simon Glass <sjg@chromium.org>

mkeficapsule: Remove dtb related options

commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb")
added a bunch of options enabling the addition of the capsule public key
in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this
this functionality anymore

Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>

tools/mkeficapsule: improve online help

Show short arguments along with long arguments in online help:

$ tools/mkeficapsule -h
Usage: mkeficapsule [options] <output file>
Options:
-f, --fit <fit image> new FIT image file
-r, --raw <raw image> new raw image file
-i, --index <index> update image index
-I, --instance <instance> update hardware instance
-K, --public-key <key file> public key esl file
-D, --dtb <dtb file> dtb file
-O, --overlay the dtb file is an overlay
-h, --help print a help message

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>

mkeficapsule: Correct printf() strings

Use %z when printing size_t values. This avoids errors on 32-bit
machines.

Signed-off-by: Simon Glass <sjg@chromium.org>
Use a conversion to size_t for printing stat.st_size.
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>

tools/mkeficapsule.c: fix DEBUG build

Fix a missing comma sign (,) from a printf(), that is only
reachable if DEBUG is defined, in which case the build fails with:

tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’
266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid);
| ^~~~
| )

Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>

mkeficapsule: Miscellaneous fixes in the utility

Miscellaneous fixes in the mkeficapsule utility -- these include a few
resource leak issues flagged by Coverity along with some additional
code improvements suggested by Heinrich during code review.

Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>

tools: mkeficapsule: fill reserved members of structure

Fill reserved members of efi_firmware_management_capsule_image_header
structure with zero's for safety.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Fixes: CID 316354
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>

mkeficapsule: Add support for embedding public key in a dtb

Add options for embedding the public key esl(efi signature list) file
to the platform's dtb. The esl file is then retrieved and used for
authenticating the capsule to be used for updating firmare components
on the platform.

The esl file can now be embedded in the dtb by invoking the following
command
mkeficapsule -K <pub_key.esl> -D <dtb>

In the scenario where the esl file is to be embedded in an overlay,
this can be done through the following command
mkeficapsule -O -K <pub_key.esl> -D <dtb>

This will create a node named 'signature' in the dtb, and the esl file
will be stored as 'capsule-key'

Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>

test/py: efi_capsule: test for FIT image capsule

The test can run on sandbox build and it attempts to execute a firmware
update via a capsule-on-disk, using a FIT image capsule,
CONFIG_EFI_CAPSULE_FIT.

To run this test successfully, you need configure U-Boot specifically;
See test_capsule_firmware.py for requirements, and hence it won't run
on Travis CI, at least, for now.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>

tools: add mkeficapsule command for UEFI capsule update

This is a utility mainly for test purpose.
mkeficapsule -f: create a test capsule file for FIT image firmware

Having said that, you will be able to customize the code to fit
your specific requirements for your platform.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>

global: Restrict use of '#include <linux/kconfig.h>'

In general terms, we -include include/linux/kconfig.h and so normal
U-Boot code does not need to also #include it. However, for code which
is shared with userspace we may need to add it so that either our full
config is available or so that macros such as CONFIG_IS_ENABLED() can be
evaluated. In this case make sure that we guard these includes with a
test for USE_HOSTCC so that it clear as to why we're doing this.

Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Tom Rini <trini@konsulko.com>

tools: mkeficapsule: Add support to print capsule headers

Add support to dump the contents of capsule headers. This is useful as
a debug feature for checking the contents of the capsule headers, and
can also be used in capsule verification.

Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Reviewed-by: Simon Glass <sjg@chromium.org>

mkeficapsule: add FMP Payload Header

Current mkeficapsule tool does not provide firmware
version management. EDK II reference implementation inserts
the FMP Payload Header right before the payload.
It coutains the fw_version and lowest supported version.

This commit adds a new parameters required to generate
the FMP Payload Header for mkeficapsule tool.
'-v' indicates the firmware version.

When mkeficapsule tool is invoked without '-v' option,
FMP Payload Header is not inserted, the behavior is same as
current implementation.

The lowest supported version included in the FMP Payload Header
is not used, the value stored in the device tree is used instead.

Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>

mkeficapsule: Add support for setting OEM flags in capsule header

Add support for setting OEM flags in the capsule header. As per the
UEFI specification, bits 0-15 of the flags member of the capsule
header can be defined per capsule GUID.

The oemflags will be used for the FWU Multi Bank update feature, as
specified by the Dependable Boot specification[1]. Bit
15 of the flags member will be used to determine if the
acceptance/rejection of the updated images is to be done by the
firmware or an external component like the OS.

[1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf

Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

mkeficapsule: Add support for generating empty capsules

The Dependable Boot specification[1] describes the structure of the
firmware accept and revert capsules. These are empty capsules which
are used for signalling the acceptance or rejection of the updated
firmware by the OS. Add support for generating these empty capsules.

[1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf

Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

mkeficapsule: Remove raw and FIT GUID types

While building a capsule, the GUID value of that specific image is to
be passed through the --guid command option to the mkeficapsule
tool instead of using one of --raw or --fit options, where the GUID
value passed through the command line option is the image GUID.

This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and
EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the
--raw and --fit command line options as well. Also modify the
mkeficapsule man page to reflect this change.

Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>

tools: mkeficapsule: remove duplicated code

That code is mistakenly duplicated due to copy-and-paste error.
Just remove it.

Fixes: CID 348360
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>

tools: mkeficapsule: allow for specifying GUID explicitly

The existing options, "--fit" and "--raw," are only used to put a proper
GUID in a capsule header, where GUID identifies a particular FMP (Firmware
Management Protocol) driver which then would handle the firmware binary in
a capsule. In fact, mkeficapsule does the exact same job in creating
a capsule file whatever the firmware binary type is.

To prepare for the future extension, the command syntax will be a bit
modified to allow users to specify arbitrary GUID for their own FMP driver.
OLD:
[--fit <image> | --raw <image>] <capsule file>
NEW:
[--fit | --raw | --guid <guid-string>] <image> <capsule file>

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Simon Glass <sjg@chromium.org>

tools: mkeficapsule: add firmware image signing

With this enhancement, mkeficapsule will be able to sign a capsule
file when it is created. A signature added will be used later
in the verification at FMP's SetImage() call.

To do that, we need specify additional command parameters:
-monotonic-cout <count> : monotonic count
-private-key <private key file> : private key file
-certificate <certificate file> : certificate file
Only when all of those parameters are given, a signature will be added
to a capsule file.

Users are expected to maintain and increment the monotonic count at
every time of the update for each firmware image.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>

tools: mkeficapsule: dont use malloc.h

malloc() functions are declared via stdlib.h. Including malloc.h can lead
to build errors e.g. on OS-X.

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>

tools: mkeficapsule: rework the code a little bit

Abstract common routines to make the code easily understandable.
No functional change.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Simon Glass <sjg@chromium.org>

tools: mkeficapsule: output messages to stderr instead of stdout

All the error messages should be printed out to stderr.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>

Revert "Revert "mkeficapsule: Remove dtb related options""

This reverts commit d428e81266a59974ade74c1ba019af39f23304ab.
We have agreed with removing dtb-related stuff from mkeficapsule
command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move
signature from DTB to .rodata"") was applied.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>

Revert "mkeficapsule: Remove dtb related options"

This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352.

Signed-off-by: Simon Glass <sjg@chromium.org>

mkeficapsule: Remove dtb related options

commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb")
added a bunch of options enabling the addition of the capsule public key
in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this
this functionality anymore

Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>

tools/mkeficapsule: improve online help

Show short arguments along with long arguments in online help:

$ tools/mkeficapsule -h
Usage: mkeficapsule [options] <output file>
Options:
-f, --fit <fit image> new FIT image file
-r, --raw <raw image> new raw image file
-i, --index <index> update image index
-I, --instance <instance> update hardware instance
-K, --public-key <key file> public key esl file
-D, --dtb <dtb file> dtb file
-O, --overlay the dtb file is an overlay
-h, --help print a help message

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>

mkeficapsule: Correct printf() strings

Use %z when printing size_t values. This avoids errors on 32-bit
machines.

Signed-off-by: Simon Glass <sjg@chromium.org>
Use a conversion to size_t for printing stat.st_size.
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>

tools/mkeficapsule.c: fix DEBUG build

Fix a missing comma sign (,) from a printf(), that is only
reachable if DEBUG is defined, in which case the build fails with:

tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’
266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid);
| ^~~~
| )

Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>

mkeficapsule: Miscellaneous fixes in the utility

Miscellaneous fixes in the mkeficapsule utility -- these include a few
resource leak issues flagged by Coverity along with some additional
code improvements suggested by Heinrich during code review.

Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>

tools: mkeficapsule: fill reserved members of structure

Fill reserved members of efi_firmware_management_capsule_image_header
structure with zero's for safety.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Fixes: CID 316354
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>

mkeficapsule: Add support for embedding public key in a dtb

Add options for embedding the public key esl(efi signature list) file
to the platform's dtb. The esl file is then retrieved and used for
authenticating the capsule to be used for updating firmare components
on the platform.

The esl file can now be embedded in the dtb by invoking the following
command
mkeficapsule -K <pub_key.esl> -D <dtb>

In the scenario where the esl file is to be embedded in an overlay,
this can be done through the following command
mkeficapsule -O -K <pub_key.esl> -D <dtb>

This will create a node named 'signature' in the dtb, and the esl file
will be stored as 'capsule-key'

Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>

test/py: efi_capsule: test for FIT image capsule

The test can run on sandbox build and it attempts to execute a firmware
update via a capsule-on-disk, using a FIT image capsule,
CONFIG_EFI_CAPSULE_FIT.

To run this test successfully, you need configure U-Boot specifically;
See test_capsule_firmware.py for requirements, and hence it won't run
on Travis CI, at least, for now.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>

tools: add mkeficapsule command for UEFI capsule update

This is a utility mainly for test purpose.
mkeficapsule -f: create a test capsule file for FIT image firmware

Having said that, you will be able to customize the code to fit
your specific requirements for your platform.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>

global: Restrict use of '#include <linux/kconfig.h>'

In general terms, we -include include/linux/kconfig.h and so normal
U-Boot code does not need to also #include it. However, for code which
is shared with userspace we may need to add it so that either our full
config is available or so that macros such as CONFIG_IS_ENABLED() can be
evaluated. In this case make sure that we guard these includes with a
test for USE_HOSTCC so that it clear as to why we're doing this.

Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Tom Rini <trini@konsulko.com>

tools: mkeficapsule: Add support to print capsule headers

Add support to dump the contents of capsule headers. This is useful as
a debug feature for checking the contents of the capsule headers, and
can also be used in capsule verification.

Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Reviewed-by: Simon Glass <sjg@chromium.org>

mkeficapsule: add FMP Payload Header

Current mkeficapsule tool does not provide firmware
version management. EDK II reference implementation inserts
the FMP Payload Header right before the payload.
It coutains the fw_version and lowest supported version.

This commit adds a new parameters required to generate
the FMP Payload Header for mkeficapsule tool.
'-v' indicates the firmware version.

When mkeficapsule tool is invoked without '-v' option,
FMP Payload Header is not inserted, the behavior is same as
current implementation.

The lowest supported version included in the FMP Payload Header
is not used, the value stored in the device tree is used instead.

Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>

mkeficapsule: Add support for setting OEM flags in capsule header

Add support for setting OEM flags in the capsule header. As per the
UEFI specification, bits 0-15 of the flags member of the capsule
header can be defined per capsule GUID.

The oemflags will be used for the FWU Multi Bank update feature, as
specified by the Dependable Boot specification[1]. Bit
15 of the flags member will be used to determine if the
acceptance/rejection of the updated images is to be done by the
firmware or an external component like the OS.

[1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf

Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

mkeficapsule: Add support for generating empty capsules

The Dependable Boot specification[1] describes the structure of the
firmware accept and revert capsules. These are empty capsules which
are used for signalling the acceptance or rejection of the updated
firmware by the OS. Add support for generating these empty capsules.

[1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf

Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

mkeficapsule: Remove raw and FIT GUID types

While building a capsule, the GUID value of that specific image is to
be passed through the --guid command option to the mkeficapsule
tool instead of using one of --raw or --fit options, where the GUID
value passed through the command line option is the image GUID.

This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and
EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the
--raw and --fit command line options as well. Also modify the
mkeficapsule man page to reflect this change.

Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>

tools: mkeficapsule: remove duplicated code

That code is mistakenly duplicated due to copy-and-paste error.
Just remove it.

Fixes: CID 348360
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>

tools: mkeficapsule: allow for specifying GUID explicitly

The existing options, "--fit" and "--raw," are only used to put a proper
GUID in a capsule header, where GUID identifies a particular FMP (Firmware
Management Protocol) driver which then would handle the firmware binary in
a capsule. In fact, mkeficapsule does the exact same job in creating
a capsule file whatever the firmware binary type is.

To prepare for the future extension, the command syntax will be a bit
modified to allow users to specify arbitrary GUID for their own FMP driver.
OLD:
[--fit <image> | --raw <image>] <capsule file>
NEW:
[--fit | --raw | --guid <guid-string>] <image> <capsule file>

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Simon Glass <sjg@chromium.org>

tools: mkeficapsule: add firmware image signing

With this enhancement, mkeficapsule will be able to sign a capsule
file when it is created. A signature added will be used later
in the verification at FMP's SetImage() call.

To do that, we need specify additional command parameters:
-monotonic-cout <count> : monotonic count
-private-key <private key file> : private key file
-certificate <certificate file> : certificate file
Only when all of those parameters are given, a signature will be added
to a capsule file.

Users are expected to maintain and increment the monotonic count at
every time of the update for each firmware image.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>

tools: mkeficapsule: dont use malloc.h

malloc() functions are declared via stdlib.h. Including malloc.h can lead
to build errors e.g. on OS-X.

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>

tools: mkeficapsule: rework the code a little bit

Abstract common routines to make the code easily understandable.
No functional change.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Simon Glass <sjg@chromium.org>

tools: mkeficapsule: output messages to stderr instead of stdout

All the error messages should be printed out to stderr.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>

Revert "Revert "mkeficapsule: Remove dtb related options""

This reverts commit d428e81266a59974ade74c1ba019af39f23304ab.
We have agreed with removing dtb-related stuff from mkeficapsule
command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move
signature from DTB to .rodata"") was applied.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>

Revert "mkeficapsule: Remove dtb related options"

This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352.

Signed-off-by: Simon Glass <sjg@chromium.org>

mkeficapsule: Remove dtb related options

commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb")
added a bunch of options enabling the addition of the capsule public key
in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this
this functionality anymore

Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>

tools/mkeficapsule: improve online help

Show short arguments along with long arguments in online help:

$ tools/mkeficapsule -h
Usage: mkeficapsule [options] <output file>
Options:
-f, --fit <fit image> new FIT image file
-r, --raw <raw image> new raw image file
-i, --index <index> update image index
-I, --instance <instance> update hardware instance
-K, --public-key <key file> public key esl file
-D, --dtb <dtb file> dtb file
-O, --overlay the dtb file is an overlay
-h, --help print a help message

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>

mkeficapsule: Correct printf() strings

Use %z when printing size_t values. This avoids errors on 32-bit
machines.

Signed-off-by: Simon Glass <sjg@chromium.org>
Use a conversion to size_t for printing stat.st_size.
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>

tools/mkeficapsule.c: fix DEBUG build

Fix a missing comma sign (,) from a printf(), that is only
reachable if DEBUG is defined, in which case the build fails with:

tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’
266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid);
| ^~~~
| )

Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>

mkeficapsule: Miscellaneous fixes in the utility

Miscellaneous fixes in the mkeficapsule utility -- these include a few
resource leak issues flagged by Coverity along with some additional
code improvements suggested by Heinrich during code review.

Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>

tools: mkeficapsule: fill reserved members of structure

Fill reserved members of efi_firmware_management_capsule_image_header
structure with zero's for safety.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Fixes: CID 316354
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>

mkeficapsule: Add support for embedding public key in a dtb

Add options for embedding the public key esl(efi signature list) file
to the platform's dtb. The esl file is then retrieved and used for
authenticating the capsule to be used for updating firmare components
on the platform.

The esl file can now be embedded in the dtb by invoking the following
command
mkeficapsule -K <pub_key.esl> -D <dtb>

In the scenario where the esl file is to be embedded in an overlay,
this can be done through the following command
mkeficapsule -O -K <pub_key.esl> -D <dtb>

This will create a node named 'signature' in the dtb, and the esl file
will be stored as 'capsule-key'

Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>

test/py: efi_capsule: test for FIT image capsule

The test can run on sandbox build and it attempts to execute a firmware
update via a capsule-on-disk, using a FIT image capsule,
CONFIG_EFI_CAPSULE_FIT.

To run this test successfully, you need configure U-Boot specifically;
See test_capsule_firmware.py for requirements, and hence it won't run
on Travis CI, at least, for now.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>

tools: add mkeficapsule command for UEFI capsule update

This is a utility mainly for test purpose.
mkeficapsule -f: create a test capsule file for FIT image firmware

Having said that, you will be able to customize the code to fit
your specific requirements for your platform.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>

global: Restrict use of '#include <linux/kconfig.h>'

In general terms, we -include include/linux/kconfig.h and so normal
U-Boot code does not need to also #include it. However, for code which
is shared with userspace we may need to add it so that either our full
config is available or so that macros such as CONFIG_IS_ENABLED() can be
evaluated. In this case make sure that we guard these includes with a
test for USE_HOSTCC so that it clear as to why we're doing this.

Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Tom Rini <trini@konsulko.com>

tools: mkeficapsule: Add support to print capsule headers

Add support to dump the contents of capsule headers. This is useful as
a debug feature for checking the contents of the capsule headers, and
can also be used in capsule verification.

Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Reviewed-by: Simon Glass <sjg@chromium.org>

mkeficapsule: add FMP Payload Header

Current mkeficapsule tool does not provide firmware
version management. EDK II reference implementation inserts
the FMP Payload Header right before the payload.
It coutains the fw_version and lowest supported version.

This commit adds a new parameters required to generate
the FMP Payload Header for mkeficapsule tool.
'-v' indicates the firmware version.

When mkeficapsule tool is invoked without '-v' option,
FMP Payload Header is not inserted, the behavior is same as
current implementation.

The lowest supported version included in the FMP Payload Header
is not used, the value stored in the device tree is used instead.

Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>

mkeficapsule: Add support for setting OEM flags in capsule header

Add support for setting OEM flags in the capsule header. As per the
UEFI specification, bits 0-15 of the flags member of the capsule
header can be defined per capsule GUID.

The oemflags will be used for the FWU Multi Bank update feature, as
specified by the Dependable Boot specification[1]. Bit
15 of the flags member will be used to determine if the
acceptance/rejection of the updated images is to be done by the
firmware or an external component like the OS.

[1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf

Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

mkeficapsule: Add support for generating empty capsules

The Dependable Boot specification[1] describes the structure of the
firmware accept and revert capsules. These are empty capsules which
are used for signalling the acceptance or rejection of the updated
firmware by the OS. Add support for generating these empty capsules.

[1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf

Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

mkeficapsule: Remove raw and FIT GUID types

While building a capsule, the GUID value of that specific image is to
be passed through the --guid command option to the mkeficapsule
tool instead of using one of --raw or --fit options, where the GUID
value passed through the command line option is the image GUID.

This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and
EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the
--raw and --fit command line options as well. Also modify the
mkeficapsule man page to reflect this change.

Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>

tools: mkeficapsule: remove duplicated code

That code is mistakenly duplicated due to copy-and-paste error.
Just remove it.

Fixes: CID 348360
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>

tools: mkeficapsule: allow for specifying GUID explicitly

The existing options, "--fit" and "--raw," are only used to put a proper
GUID in a capsule header, where GUID identifies a particular FMP (Firmware
Management Protocol) driver which then would handle the firmware binary in
a capsule. In fact, mkeficapsule does the exact same job in creating
a capsule file whatever the firmware binary type is.

To prepare for the future extension, the command syntax will be a bit
modified to allow users to specify arbitrary GUID for their own FMP driver.
OLD:
[--fit <image> | --raw <image>] <capsule file>
NEW:
[--fit | --raw | --guid <guid-string>] <image> <capsule file>

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Simon Glass <sjg@chromium.org>

tools: mkeficapsule: add firmware image signing

With this enhancement, mkeficapsule will be able to sign a capsule
file when it is created. A signature added will be used later
in the verification at FMP's SetImage() call.

To do that, we need specify additional command parameters:
-monotonic-cout <count> : monotonic count
-private-key <private key file> : private key file
-certificate <certificate file> : certificate file
Only when all of those parameters are given, a signature will be added
to a capsule file.

Users are expected to maintain and increment the monotonic count at
every time of the update for each firmware image.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>

tools: mkeficapsule: dont use malloc.h

malloc() functions are declared via stdlib.h. Including malloc.h can lead
to build errors e.g. on OS-X.

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>

tools: mkeficapsule: rework the code a little bit

Abstract common routines to make the code easily understandable.
No functional change.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Simon Glass <sjg@chromium.org>

tools: mkeficapsule: output messages to stderr instead of stdout

All the error messages should be printed out to stderr.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>

Revert "Revert "mkeficapsule: Remove dtb related options""

This reverts commit d428e81266a59974ade74c1ba019af39f23304ab.
We have agreed with removing dtb-related stuff from mkeficapsule
command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move
signature from DTB to .rodata"") was applied.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>

Revert "mkeficapsule: Remove dtb related options"

This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352.

Signed-off-by: Simon Glass <sjg@chromium.org>

mkeficapsule: Remove dtb related options

commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb")
added a bunch of options enabling the addition of the capsule public key
in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this
this functionality anymore

Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>

tools/mkeficapsule: improve online help

Show short arguments along with long arguments in online help:

$ tools/mkeficapsule -h
Usage: mkeficapsule [options] <output file>
Options:
-f, --fit <fit image> new FIT image file
-r, --raw <raw image> new raw image file
-i, --index <index> update image index
-I, --instance <instance> update hardware instance
-K, --public-key <key file> public key esl file
-D, --dtb <dtb file> dtb file
-O, --overlay the dtb file is an overlay
-h, --help print a help message

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>

mkeficapsule: Correct printf() strings

Use %z when printing size_t values. This avoids errors on 32-bit
machines.

Signed-off-by: Simon Glass <sjg@chromium.org>
Use a conversion to size_t for printing stat.st_size.
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>

tools/mkeficapsule.c: fix DEBUG build

Fix a missing comma sign (,) from a printf(), that is only
reachable if DEBUG is defined, in which case the build fails with:

tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’
266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid);
| ^~~~
| )

Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>

mkeficapsule: Miscellaneous fixes in the utility

Miscellaneous fixes in the mkeficapsule utility -- these include a few
resource leak issues flagged by Coverity along with some additional
code improvements suggested by Heinrich during code review.

Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>

tools: mkeficapsule: fill reserved members of structure

Fill reserved members of efi_firmware_management_capsule_image_header
structure with zero's for safety.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Fixes: CID 316354
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>

mkeficapsule: Add support for embedding public key in a dtb

Add options for embedding the public key esl(efi signature list) file
to the platform's dtb. The esl file is then retrieved and used for
authenticating the capsule to be used for updating firmare components
on the platform.

The esl file can now be embedded in the dtb by invoking the following
command
mkeficapsule -K <pub_key.esl> -D <dtb>

In the scenario where the esl file is to be embedded in an overlay,
this can be done through the following command
mkeficapsule -O -K <pub_key.esl> -D <dtb>

This will create a node named 'signature' in the dtb, and the esl file
will be stored as 'capsule-key'

Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>

test/py: efi_capsule: test for FIT image capsule

The test can run on sandbox build and it attempts to execute a firmware
update via a capsule-on-disk, using a FIT image capsule,
CONFIG_EFI_CAPSULE_FIT.

To run this test successfully, you need configure U-Boot specifically;
See test_capsule_firmware.py for requirements, and hence it won't run
on Travis CI, at least, for now.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>

tools: add mkeficapsule command for UEFI capsule update

This is a utility mainly for test purpose.
mkeficapsule -f: create a test capsule file for FIT image firmware

Having said that, you will be able to customize the code to fit
your specific requirements for your platform.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>

global: Restrict use of '#include <linux/kconfig.h>'

In general terms, we -include include/linux/kconfig.h and so normal
U-Boot code does not need to also #include it. However, for code which
is shared with userspace we may need to add it so that either our full
config is available or so that macros such as CONFIG_IS_ENABLED() can be
evaluated. In this case make sure that we guard these includes with a
test for USE_HOSTCC so that it clear as to why we're doing this.

Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Tom Rini <trini@konsulko.com>

tools: mkeficapsule: Add support to print capsule headers

Add support to dump the contents of capsule headers. This is useful as
a debug feature for checking the contents of the capsule headers, and
can also be used in capsule verification.

Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Reviewed-by: Simon Glass <sjg@chromium.org>

mkeficapsule: add FMP Payload Header

Current mkeficapsule tool does not provide firmware
version management. EDK II reference implementation inserts
the FMP Payload Header right before the payload.
It coutains the fw_version and lowest supported version.

This commit adds a new parameters required to generate
the FMP Payload Header for mkeficapsule tool.
'-v' indicates the firmware version.

When mkeficapsule tool is invoked without '-v' option,
FMP Payload Header is not inserted, the behavior is same as
current implementation.

The lowest supported version included in the FMP Payload Header
is not used, the value stored in the device tree is used instead.

Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>

mkeficapsule: Add support for setting OEM flags in capsule header

Add support for setting OEM flags in the capsule header. As per the
UEFI specification, bits 0-15 of the flags member of the capsule
header can be defined per capsule GUID.

The oemflags will be used for the FWU Multi Bank update feature, as
specified by the Dependable Boot specification[1]. Bit
15 of the flags member will be used to determine if the
acceptance/rejection of the updated images is to be done by the
firmware or an external component like the OS.

[1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf

Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

mkeficapsule: Add support for generating empty capsules

The Dependable Boot specification[1] describes the structure of the
firmware accept and revert capsules. These are empty capsules which
are used for signalling the acceptance or rejection of the updated
firmware by the OS. Add support for generating these empty capsules.

[1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf

Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

mkeficapsule: Remove raw and FIT GUID types

While building a capsule, the GUID value of that specific image is to
be passed through the --guid command option to the mkeficapsule
tool instead of using one of --raw or --fit options, where the GUID
value passed through the command line option is the image GUID.

This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and
EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the
--raw and --fit command line options as well. Also modify the
mkeficapsule man page to reflect this change.

Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>

tools: mkeficapsule: remove duplicated code

That code is mistakenly duplicated due to copy-and-paste error.
Just remove it.

Fixes: CID 348360
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>

tools: mkeficapsule: allow for specifying GUID explicitly

The existing options, "--fit" and "--raw," are only used to put a proper
GUID in a capsule header, where GUID identifies a particular FMP (Firmware
Management Protocol) driver which then would handle the firmware binary in
a capsule. In fact, mkeficapsule does the exact same job in creating
a capsule file whatever the firmware binary type is.

To prepare for the future extension, the command syntax will be a bit
modified to allow users to specify arbitrary GUID for their own FMP driver.
OLD:
[--fit <image> | --raw <image>] <capsule file>
NEW:
[--fit | --raw | --guid <guid-string>] <image> <capsule file>

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Simon Glass <sjg@chromium.org>

tools: mkeficapsule: add firmware image signing

With this enhancement, mkeficapsule will be able to sign a capsule
file when it is created. A signature added will be used later
in the verification at FMP's SetImage() call.

To do that, we need specify additional command parameters:
-monotonic-cout <count> : monotonic count
-private-key <private key file> : private key file
-certificate <certificate file> : certificate file
Only when all of those parameters are given, a signature will be added
to a capsule file.

Users are expected to maintain and increment the monotonic count at
every time of the update for each firmware image.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>

tools: mkeficapsule: dont use malloc.h

malloc() functions are declared via stdlib.h. Including malloc.h can lead
to build errors e.g. on OS-X.

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>

tools: mkeficapsule: rework the code a little bit

Abstract common routines to make the code easily understandable.
No functional change.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Simon Glass <sjg@chromium.org>

tools: mkeficapsule: output messages to stderr instead of stdout

All the error messages should be printed out to stderr.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>

Revert "Revert "mkeficapsule: Remove dtb related options""

This reverts commit d428e81266a59974ade74c1ba019af39f23304ab.
We have agreed with removing dtb-related stuff from mkeficapsule
command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move
signature from DTB to .rodata"") was applied.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>

Revert "mkeficapsule: Remove dtb related options"

This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352.

Signed-off-by: Simon Glass <sjg@chromium.org>

mkeficapsule: Remove dtb related options

commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb")
added a bunch of options enabling the addition of the capsule public key
in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this
this functionality anymore

Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>

tools/mkeficapsule: improve online help

Show short arguments along with long arguments in online help:

$ tools/mkeficapsule -h
Usage: mkeficapsule [options] <output file>
Options:
-f, --fit <fit image> new FIT image file
-r, --raw <raw image> new raw image file
-i, --index <index> update image index
-I, --instance <instance> update hardware instance
-K, --public-key <key file> public key esl file
-D, --dtb <dtb file> dtb file
-O, --overlay the dtb file is an overlay
-h, --help print a help message

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>

mkeficapsule: Correct printf() strings

Use %z when printing size_t values. This avoids errors on 32-bit
machines.

Signed-off-by: Simon Glass <sjg@chromium.org>
Use a conversion to size_t for printing stat.st_size.
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>

tools/mkeficapsule.c: fix DEBUG build

Fix a missing comma sign (,) from a printf(), that is only
reachable if DEBUG is defined, in which case the build fails with:

tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’
266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid);
| ^~~~
| )

Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>

mkeficapsule: Miscellaneous fixes in the utility

Miscellaneous fixes in the mkeficapsule utility -- these include a few
resource leak issues flagged by Coverity along with some additional
code improvements suggested by Heinrich during code review.

Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>

tools: mkeficapsule: fill reserved members of structure

Fill reserved members of efi_firmware_management_capsule_image_header
structure with zero's for safety.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Fixes: CID 316354
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>

mkeficapsule: Add support for embedding public key in a dtb

Add options for embedding the public key esl(efi signature list) file
to the platform's dtb. The esl file is then retrieved and used for
authenticating the capsule to be used for updating firmare components
on the platform.

The esl file can now be embedded in the dtb by invoking the following
command
mkeficapsule -K <pub_key.esl> -D <dtb>

In the scenario where the esl file is to be embedded in an overlay,
this can be done through the following command
mkeficapsule -O -K <pub_key.esl> -D <dtb>

This will create a node named 'signature' in the dtb, and the esl file
will be stored as 'capsule-key'

Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>

test/py: efi_capsule: test for FIT image capsule

The test can run on sandbox build and it attempts to execute a firmware
update via a capsule-on-disk, using a FIT image capsule,
CONFIG_EFI_CAPSULE_FIT.

To run this test successfully, you need configure U-Boot specifically;
See test_capsule_firmware.py for requirements, and hence it won't run
on Travis CI, at least, for now.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>

tools: add mkeficapsule command for UEFI capsule update

This is a utility mainly for test purpose.
mkeficapsule -f: create a test capsule file for FIT image firmware

Having said that, you will be able to customize the code to fit
your specific requirements for your platform.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>

global: Restrict use of '#include <linux/kconfig.h>'

In general terms, we -include include/linux/kconfig.h and so normal
U-Boot code does not need to also #include it. However, for code which
is shared with userspace we may need to add it so that either our full
config is available or so that macros such as CONFIG_IS_ENABLED() can be
evaluated. In this case make sure that we guard these includes with a
test for USE_HOSTCC so that it clear as to why we're doing this.

Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Tom Rini <trini@konsulko.com>

tools: mkeficapsule: Add support to print capsule headers

Add support to dump the contents of capsule headers. This is useful as
a debug feature for checking the contents of the capsule headers, and
can also be used in capsule verification.

Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Reviewed-by: Simon Glass <sjg@chromium.org>

mkeficapsule: add FMP Payload Header

Current mkeficapsule tool does not provide firmware
version management. EDK II reference implementation inserts
the FMP Payload Header right before the payload.
It coutains the fw_version and lowest supported version.

This commit adds a new parameters required to generate
the FMP Payload Header for mkeficapsule tool.
'-v' indicates the firmware version.

When mkeficapsule tool is invoked without '-v' option,
FMP Payload Header is not inserted, the behavior is same as
current implementation.

The lowest supported version included in the FMP Payload Header
is not used, the value stored in the device tree is used instead.

Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>

mkeficapsule: Add support for setting OEM flags in capsule header

Add support for setting OEM flags in the capsule header. As per the
UEFI specification, bits 0-15 of the flags member of the capsule
header can be defined per capsule GUID.

The oemflags will be used for the FWU Multi Bank update feature, as
specified by the Dependable Boot specification[1]. Bit
15 of the flags member will be used to determine if the
acceptance/rejection of the updated images is to be done by the
firmware or an external component like the OS.

[1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf

Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

mkeficapsule: Add support for generating empty capsules

The Dependable Boot specification[1] describes the structure of the
firmware accept and revert capsules. These are empty capsules which
are used for signalling the acceptance or rejection of the updated
firmware by the OS. Add support for generating these empty capsules.

[1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf

Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

mkeficapsule: Remove raw and FIT GUID types

While building a capsule, the GUID value of that specific image is to
be passed through the --guid command option to the mkeficapsule
tool instead of using one of --raw or --fit options, where the GUID
value passed through the command line option is the image GUID.

This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and
EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the
--raw and --fit command line options as well. Also modify the
mkeficapsule man page to reflect this change.

Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>

tools: mkeficapsule: remove duplicated code

That code is mistakenly duplicated due to copy-and-paste error.
Just remove it.

Fixes: CID 348360
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>

tools: mkeficapsule: allow for specifying GUID explicitly

The existing options, "--fit" and "--raw," are only used to put a proper
GUID in a capsule header, where GUID identifies a particular FMP (Firmware
Management Protocol) driver which then would handle the firmware binary in
a capsule. In fact, mkeficapsule does the exact same job in creating
a capsule file whatever the firmware binary type is.

To prepare for the future extension, the command syntax will be a bit
modified to allow users to specify arbitrary GUID for their own FMP driver.
OLD:
[--fit <image> | --raw <image>] <capsule file>
NEW:
[--fit | --raw | --guid <guid-string>] <image> <capsule file>

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Simon Glass <sjg@chromium.org>

tools: mkeficapsule: add firmware image signing

With this enhancement, mkeficapsule will be able to sign a capsule
file when it is created. A signature added will be used later
in the verification at FMP's SetImage() call.

To do that, we need specify additional command parameters:
-monotonic-cout <count> : monotonic count
-private-key <private key file> : private key file
-certificate <certificate file> : certificate file
Only when all of those parameters are given, a signature will be added
to a capsule file.

Users are expected to maintain and increment the monotonic count at
every time of the update for each firmware image.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>

tools: mkeficapsule: dont use malloc.h

malloc() functions are declared via stdlib.h. Including malloc.h can lead
to build errors e.g. on OS-X.

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>

tools: mkeficapsule: rework the code a little bit

Abstract common routines to make the code easily understandable.
No functional change.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Simon Glass <sjg@chromium.org>

tools: mkeficapsule: output messages to stderr instead of stdout

All the error messages should be printed out to stderr.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>

Revert "Revert "mkeficapsule: Remove dtb related options""

This reverts commit d428e81266a59974ade74c1ba019af39f23304ab.
We have agreed with removing dtb-related stuff from mkeficapsule
command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move
signature from DTB to .rodata"") was applied.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>

Revert "mkeficapsule: Remove dtb related options"

This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352.

Signed-off-by: Simon Glass <sjg@chromium.org>

mkeficapsule: Remove dtb related options

commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb")
added a bunch of options enabling the addition of the capsule public key
in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this
this functionality anymore

Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>

tools/mkeficapsule: improve online help

Show short arguments along with long arguments in online help:

$ tools/mkeficapsule -h
Usage: mkeficapsule [options] <output file>
Options:
-f, --fit <fit image> new FIT image file
-r, --raw <raw image> new raw image file
-i, --index <index> update image index
-I, --instance <instance> update hardware instance
-K, --public-key <key file> public key esl file
-D, --dtb <dtb file> dtb file
-O, --overlay the dtb file is an overlay
-h, --help print a help message

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>

mkeficapsule: Correct printf() strings

Use %z when printing size_t values. This avoids errors on 32-bit
machines.

Signed-off-by: Simon Glass <sjg@chromium.org>
Use a conversion to size_t for printing stat.st_size.
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>

tools/mkeficapsule.c: fix DEBUG build

Fix a missing comma sign (,) from a printf(), that is only
reachable if DEBUG is defined, in which case the build fails with:

tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’
266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid);
| ^~~~
| )

Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>

mkeficapsule: Miscellaneous fixes in the utility

Miscellaneous fixes in the mkeficapsule utility -- these include a few
resource leak issues flagged by Coverity along with some additional
code improvements suggested by Heinrich during code review.

Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>

tools: mkeficapsule: fill reserved members of structure

Fill reserved members of efi_firmware_management_capsule_image_header
structure with zero's for safety.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Fixes: CID 316354
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>

mkeficapsule: Add support for embedding public key in a dtb

Add options for embedding the public key esl(efi signature list) file
to the platform's dtb. The esl file is then retrieved and used for
authenticating the capsule to be used for updating firmare components
on the platform.

The esl file can now be embedded in the dtb by invoking the following
command
mkeficapsule -K <pub_key.esl> -D <dtb>

In the scenario where the esl file is to be embedded in an overlay,
this can be done through the following command
mkeficapsule -O -K <pub_key.esl> -D <dtb>

This will create a node named 'signature' in the dtb, and the esl file
will be stored as 'capsule-key'

Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>

test/py: efi_capsule: test for FIT image capsule

The test can run on sandbox build and it attempts to execute a firmware
update via a capsule-on-disk, using a FIT image capsule,
CONFIG_EFI_CAPSULE_FIT.

To run this test successfully, you need configure U-Boot specifically;
See test_capsule_firmware.py for requirements, and hence it won't run
on Travis CI, at least, for now.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>

tools: add mkeficapsule command for UEFI capsule update

This is a utility mainly for test purpose.
mkeficapsule -f: create a test capsule file for FIT image firmware

Having said that, you will be able to customize the code to fit
your specific requirements for your platform.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>

global: Restrict use of '#include <linux/kconfig.h>'

In general terms, we -include include/linux/kconfig.h and so normal
U-Boot code does not need to also #include it. However, for code which
is shared with userspace we may need to add it so that either our full
config is available or so that macros such as CONFIG_IS_ENABLED() can be
evaluated. In this case make sure that we guard these includes with a
test for USE_HOSTCC so that it clear as to why we're doing this.

Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Tom Rini <trini@konsulko.com>

tools: mkeficapsule: Add support to print capsule headers

Add support to dump the contents of capsule headers. This is useful as
a debug feature for checking the contents of the capsule headers, and
can also be used in capsule verification.

Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Reviewed-by: Simon Glass <sjg@chromium.org>

mkeficapsule: add FMP Payload Header

Current mkeficapsule tool does not provide firmware
version management. EDK II reference implementation inserts
the FMP Payload Header right before the payload.
It coutains the fw_version and lowest supported version.

This commit adds a new parameters required to generate
the FMP Payload Header for mkeficapsule tool.
'-v' indicates the firmware version.

When mkeficapsule tool is invoked without '-v' option,
FMP Payload Header is not inserted, the behavior is same as
current implementation.

The lowest supported version included in the FMP Payload Header
is not used, the value stored in the device tree is used instead.

Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>

mkeficapsule: Add support for setting OEM flags in capsule header

Add support for setting OEM flags in the capsule header. As per the
UEFI specification, bits 0-15 of the flags member of the capsule
header can be defined per capsule GUID.

The oemflags will be used for the FWU Multi Bank update feature, as
specified by the Dependable Boot specification[1]. Bit
15 of the flags member will be used to determine if the
acceptance/rejection of the updated images is to be done by the
firmware or an external component like the OS.

[1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf

Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

mkeficapsule: Add support for generating empty capsules

The Dependable Boot specification[1] describes the structure of the
firmware accept and revert capsules. These are empty capsules which
are used for signalling the acceptance or rejection of the updated
firmware by the OS. Add support for generating these empty capsules.

[1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf

Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

mkeficapsule: Remove raw and FIT GUID types

While building a capsule, the GUID value of that specific image is to
be passed through the --guid command option to the mkeficapsule
tool instead of using one of --raw or --fit options, where the GUID
value passed through the command line option is the image GUID.

This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and
EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the
--raw and --fit command line options as well. Also modify the
mkeficapsule man page to reflect this change.

Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>

tools: mkeficapsule: remove duplicated code

That code is mistakenly duplicated due to copy-and-paste error.
Just remove it.

Fixes: CID 348360
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>

tools: mkeficapsule: allow for specifying GUID explicitly

The existing options, "--fit" and "--raw," are only used to put a proper
GUID in a capsule header, where GUID identifies a particular FMP (Firmware
Management Protocol) driver which then would handle the firmware binary in
a capsule. In fact, mkeficapsule does the exact same job in creating
a capsule file whatever the firmware binary type is.

To prepare for the future extension, the command syntax will be a bit
modified to allow users to specify arbitrary GUID for their own FMP driver.
OLD:
[--fit <image> | --raw <image>] <capsule file>
NEW:
[--fit | --raw | --guid <guid-string>] <image> <capsule file>

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Simon Glass <sjg@chromium.org>

tools: mkeficapsule: add firmware image signing

With this enhancement, mkeficapsule will be able to sign a capsule
file when it is created. A signature added will be used later
in the verification at FMP's SetImage() call.

To do that, we need specify additional command parameters:
-monotonic-cout <count> : monotonic count
-private-key <private key file> : private key file
-certificate <certificate file> : certificate file
Only when all of those parameters are given, a signature will be added
to a capsule file.

Users are expected to maintain and increment the monotonic count at
every time of the update for each firmware image.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>

tools: mkeficapsule: dont use malloc.h

malloc() functions are declared via stdlib.h. Including malloc.h can lead
to build errors e.g. on OS-X.

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>

tools: mkeficapsule: rework the code a little bit

Abstract common routines to make the code easily understandable.
No functional change.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Simon Glass <sjg@chromium.org>

tools: mkeficapsule: output messages to stderr instead of stdout

All the error messages should be printed out to stderr.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>

Revert "Revert "mkeficapsule: Remove dtb related options""

This reverts commit d428e81266a59974ade74c1ba019af39f23304ab.
We have agreed with removing dtb-related stuff from mkeficapsule
command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move
signature from DTB to .rodata"") was applied.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>

Revert "mkeficapsule: Remove dtb related options"

This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352.

Signed-off-by: Simon Glass <sjg@chromium.org>

mkeficapsule: Remove dtb related options

commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb")
added a bunch of options enabling the addition of the capsule public key
in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this
this functionality anymore

Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>

tools/mkeficapsule: improve online help

Show short arguments along with long arguments in online help:

$ tools/mkeficapsule -h
Usage: mkeficapsule [options] <output file>
Options:
-f, --fit <fit image> new FIT image file
-r, --raw <raw image> new raw image file
-i, --index <index> update image index
-I, --instance <instance> update hardware instance
-K, --public-key <key file> public key esl file
-D, --dtb <dtb file> dtb file
-O, --overlay the dtb file is an overlay
-h, --help print a help message

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>

mkeficapsule: Correct printf() strings

Use %z when printing size_t values. This avoids errors on 32-bit
machines.

Signed-off-by: Simon Glass <sjg@chromium.org>
Use a conversion to size_t for printing stat.st_size.
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>

tools/mkeficapsule.c: fix DEBUG build

Fix a missing comma sign (,) from a printf(), that is only
reachable if DEBUG is defined, in which case the build fails with:

tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’
266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid);
| ^~~~
| )

Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>

mkeficapsule: Miscellaneous fixes in the utility

Miscellaneous fixes in the mkeficapsule utility -- these include a few
resource leak issues flagged by Coverity along with some additional
code improvements suggested by Heinrich during code review.

Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>

tools: mkeficapsule: fill reserved members of structure

Fill reserved members of efi_firmware_management_capsule_image_header
structure with zero's for safety.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Fixes: CID 316354
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>

mkeficapsule: Add support for embedding public key in a dtb

Add options for embedding the public key esl(efi signature list) file
to the platform's dtb. The esl file is then retrieved and used for
authenticating the capsule to be used for updating firmare components
on the platform.

The esl file can now be embedded in the dtb by invoking the following
command
mkeficapsule -K <pub_key.esl> -D <dtb>

In the scenario where the esl file is to be embedded in an overlay,
this can be done through the following command
mkeficapsule -O -K <pub_key.esl> -D <dtb>

This will create a node named 'signature' in the dtb, and the esl file
will be stored as 'capsule-key'

Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>

test/py: efi_capsule: test for FIT image capsule

The test can run on sandbox build and it attempts to execute a firmware
update via a capsule-on-disk, using a FIT image capsule,
CONFIG_EFI_CAPSULE_FIT.

To run this test successfully, you need configure U-Boot specifically;
See test_capsule_firmware.py for requirements, and hence it won't run
on Travis CI, at least, for now.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>

tools: add mkeficapsule command for UEFI capsule update

This is a utility mainly for test purpose.
mkeficapsule -f: create a test capsule file for FIT image firmware

Having said that, you will be able to customize the code to fit
your specific requirements for your platform.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>

global: Restrict use of '#include <linux/kconfig.h>'

In general terms, we -include include/linux/kconfig.h and so normal
U-Boot code does not need to also #include it. However, for code which
is shared with userspace we may need to add it so that either our full
config is available or so that macros such as CONFIG_IS_ENABLED() can be
evaluated. In this case make sure that we guard these includes with a
test for USE_HOSTCC so that it clear as to why we're doing this.

Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Tom Rini <trini@konsulko.com>

tools: mkeficapsule: Add support to print capsule headers

Add support to dump the contents of capsule headers. This is useful as
a debug feature for checking the contents of the capsule headers, and
can also be used in capsule verification.

Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Reviewed-by: Simon Glass <sjg@chromium.org>

mkeficapsule: add FMP Payload Header

Current mkeficapsule tool does not provide firmware
version management. EDK II reference implementation inserts
the FMP Payload Header right before the payload.
It coutains the fw_version and lowest supported version.

This commit adds a new parameters required to generate
the FMP Payload Header for mkeficapsule tool.
'-v' indicates the firmware version.

When mkeficapsule tool is invoked without '-v' option,
FMP Payload Header is not inserted, the behavior is same as
current implementation.

The lowest supported version included in the FMP Payload Header
is not used, the value stored in the device tree is used instead.

Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>

mkeficapsule: Add support for setting OEM flags in capsule header

Add support for setting OEM flags in the capsule header. As per the
UEFI specification, bits 0-15 of the flags member of the capsule
header can be defined per capsule GUID.

The oemflags will be used for the FWU Multi Bank update feature, as
specified by the Dependable Boot specification[1]. Bit
15 of the flags member will be used to determine if the
acceptance/rejection of the updated images is to be done by the
firmware or an external component like the OS.

[1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf

Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

mkeficapsule: Add support for generating empty capsules

The Dependable Boot specification[1] describes the structure of the
firmware accept and revert capsules. These are empty capsules which
are used for signalling the acceptance or rejection of the updated
firmware by the OS. Add support for generating these empty capsules.

[1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf

Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

mkeficapsule: Remove raw and FIT GUID types

While building a capsule, the GUID value of that specific image is to
be passed through the --guid command option to the mkeficapsule
tool instead of using one of --raw or --fit options, where the GUID
value passed through the command line option is the image GUID.

This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and
EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the
--raw and --fit command line options as well. Also modify the
mkeficapsule man page to reflect this change.

Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>

tools: mkeficapsule: remove duplicated code

That code is mistakenly duplicated due to copy-and-paste error.
Just remove it.

Fixes: CID 348360
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>

tools: mkeficapsule: allow for specifying GUID explicitly

The existing options, "--fit" and "--raw," are only used to put a proper
GUID in a capsule header, where GUID identifies a particular FMP (Firmware
Management Protocol) driver which then would handle the firmware binary in
a capsule. In fact, mkeficapsule does the exact same job in creating
a capsule file whatever the firmware binary type is.

To prepare for the future extension, the command syntax will be a bit
modified to allow users to specify arbitrary GUID for their own FMP driver.
OLD:
[--fit <image> | --raw <image>] <capsule file>
NEW:
[--fit | --raw | --guid <guid-string>] <image> <capsule file>

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Simon Glass <sjg@chromium.org>

tools: mkeficapsule: add firmware image signing

With this enhancement, mkeficapsule will be able to sign a capsule
file when it is created. A signature added will be used later
in the verification at FMP's SetImage() call.

To do that, we need specify additional command parameters:
-monotonic-cout <count> : monotonic count
-private-key <private key file> : private key file
-certificate <certificate file> : certificate file
Only when all of those parameters are given, a signature will be added
to a capsule file.

Users are expected to maintain and increment the monotonic count at
every time of the update for each firmware image.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>

tools: mkeficapsule: dont use malloc.h

malloc() functions are declared via stdlib.h. Including malloc.h can lead
to build errors e.g. on OS-X.

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>

tools: mkeficapsule: rework the code a little bit

Abstract common routines to make the code easily understandable.
No functional change.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Simon Glass <sjg@chromium.org>

tools: mkeficapsule: output messages to stderr instead of stdout

All the error messages should be printed out to stderr.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>

Revert "Revert "mkeficapsule: Remove dtb related options""

This reverts commit d428e81266a59974ade74c1ba019af39f23304ab.
We have agreed with removing dtb-related stuff from mkeficapsule
command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move
signature from DTB to .rodata"") was applied.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>

Revert "mkeficapsule: Remove dtb related options"

This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352.

Signed-off-by: Simon Glass <sjg@chromium.org>

mkeficapsule: Remove dtb related options

commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb")
added a bunch of options enabling the addition of the capsule public key
in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this
this functionality anymore

Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>

tools/mkeficapsule: improve online help

Show short arguments along with long arguments in online help:

$ tools/mkeficapsule -h
Usage: mkeficapsule [options] <output file>
Options:
-f, --fit <fit image> new FIT image file
-r, --raw <raw image> new raw image file
-i, --index <index> update image index
-I, --instance <instance> update hardware instance
-K, --public-key <key file> public key esl file
-D, --dtb <dtb file> dtb file
-O, --overlay the dtb file is an overlay
-h, --help print a help message

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>

mkeficapsule: Correct printf() strings

Use %z when printing size_t values. This avoids errors on 32-bit
machines.

Signed-off-by: Simon Glass <sjg@chromium.org>
Use a conversion to size_t for printing stat.st_size.
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>

tools/mkeficapsule.c: fix DEBUG build

Fix a missing comma sign (,) from a printf(), that is only
reachable if DEBUG is defined, in which case the build fails with:

tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’
266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid);
| ^~~~
| )

Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>

mkeficapsule: Miscellaneous fixes in the utility

Miscellaneous fixes in the mkeficapsule utility -- these include a few
resource leak issues flagged by Coverity along with some additional
code improvements suggested by Heinrich during code review.

Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>

tools: mkeficapsule: fill reserved members of structure

Fill reserved members of efi_firmware_management_capsule_image_header
structure with zero's for safety.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Fixes: CID 316354
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>

mkeficapsule: Add support for embedding public key in a dtb

Add options for embedding the public key esl(efi signature list) file
to the platform's dtb. The esl file is then retrieved and used for
authenticating the capsule to be used for updating firmare components
on the platform.

The esl file can now be embedded in the dtb by invoking the following
command
mkeficapsule -K <pub_key.esl> -D <dtb>

In the scenario where the esl file is to be embedded in an overlay,
this can be done through the following command
mkeficapsule -O -K <pub_key.esl> -D <dtb>

This will create a node named 'signature' in the dtb, and the esl file
will be stored as 'capsule-key'

Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>

test/py: efi_capsule: test for FIT image capsule

The test can run on sandbox build and it attempts to execute a firmware
update via a capsule-on-disk, using a FIT image capsule,
CONFIG_EFI_CAPSULE_FIT.

To run this test successfully, you need configure U-Boot specifically;
See test_capsule_firmware.py for requirements, and hence it won't run
on Travis CI, at least, for now.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>

tools: add mkeficapsule command for UEFI capsule update

This is a utility mainly for test purpose.
mkeficapsule -f: create a test capsule file for FIT image firmware

Having said that, you will be able to customize the code to fit
your specific requirements for your platform.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>

global: Restrict use of '#include <linux/kconfig.h>'

In general terms, we -include include/linux/kconfig.h and so normal
U-Boot code does not need to also #include it. However, for code which
is shared with userspace we may need to add it so that either our full
config is available or so that macros such as CONFIG_IS_ENABLED() can be
evaluated. In this case make sure that we guard these includes with a
test for USE_HOSTCC so that it clear as to why we're doing this.

Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Tom Rini <trini@konsulko.com>

tools: mkeficapsule: Add support to print capsule headers

Add support to dump the contents of capsule headers. This is useful as
a debug feature for checking the contents of the capsule headers, and
can also be used in capsule verification.

Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Reviewed-by: Simon Glass <sjg@chromium.org>

mkeficapsule: add FMP Payload Header

Current mkeficapsule tool does not provide firmware
version management. EDK II reference implementation inserts
the FMP Payload Header right before the payload.
It coutains the fw_version and lowest supported version.

This commit adds a new parameters required to generate
the FMP Payload Header for mkeficapsule tool.
'-v' indicates the firmware version.

When mkeficapsule tool is invoked without '-v' option,
FMP Payload Header is not inserted, the behavior is same as
current implementation.

The lowest supported version included in the FMP Payload Header
is not used, the value stored in the device tree is used instead.

Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>

mkeficapsule: Add support for setting OEM flags in capsule header

Add support for setting OEM flags in the capsule header. As per the
UEFI specification, bits 0-15 of the flags member of the capsule
header can be defined per capsule GUID.

The oemflags will be used for the FWU Multi Bank update feature, as
specified by the Dependable Boot specification[1]. Bit
15 of the flags member will be used to determine if the
acceptance/rejection of the updated images is to be done by the
firmware or an external component like the OS.

[1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf

Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

mkeficapsule: Add support for generating empty capsules

The Dependable Boot specification[1] describes the structure of the
firmware accept and revert capsules. These are empty capsules which
are used for signalling the acceptance or rejection of the updated
firmware by the OS. Add support for generating these empty capsules.

[1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf

Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

mkeficapsule: Remove raw and FIT GUID types

While building a capsule, the GUID value of that specific image is to
be passed through the --guid command option to the mkeficapsule
tool instead of using one of --raw or --fit options, where the GUID
value passed through the command line option is the image GUID.

This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and
EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the
--raw and --fit command line options as well. Also modify the
mkeficapsule man page to reflect this change.

Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>

tools: mkeficapsule: remove duplicated code

That code is mistakenly duplicated due to copy-and-paste error.
Just remove it.

Fixes: CID 348360
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>

tools: mkeficapsule: allow for specifying GUID explicitly

The existing options, "--fit" and "--raw," are only used to put a proper
GUID in a capsule header, where GUID identifies a particular FMP (Firmware
Management Protocol) driver which then would handle the firmware binary in
a capsule. In fact, mkeficapsule does the exact same job in creating
a capsule file whatever the firmware binary type is.

To prepare for the future extension, the command syntax will be a bit
modified to allow users to specify arbitrary GUID for their own FMP driver.
OLD:
[--fit <image> | --raw <image>] <capsule file>
NEW:
[--fit | --raw | --guid <guid-string>] <image> <capsule file>

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Simon Glass <sjg@chromium.org>

tools: mkeficapsule: add firmware image signing

With this enhancement, mkeficapsule will be able to sign a capsule
file when it is created. A signature added will be used later
in the verification at FMP's SetImage() call.

To do that, we need specify additional command parameters:
-monotonic-cout <count> : monotonic count
-private-key <private key file> : private key file
-certificate <certificate file> : certificate file
Only when all of those parameters are given, a signature will be added
to a capsule file.

Users are expected to maintain and increment the monotonic count at
every time of the update for each firmware image.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>

tools: mkeficapsule: dont use malloc.h

malloc() functions are declared via stdlib.h. Including malloc.h can lead
to build errors e.g. on OS-X.

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>

tools: mkeficapsule: rework the code a little bit

Abstract common routines to make the code easily understandable.
No functional change.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Simon Glass <sjg@chromium.org>

tools: mkeficapsule: output messages to stderr instead of stdout

All the error messages should be printed out to stderr.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>

Revert "Revert "mkeficapsule: Remove dtb related options""

This reverts commit d428e81266a59974ade74c1ba019af39f23304ab.
We have agreed with removing dtb-related stuff from mkeficapsule
command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move
signature from DTB to .rodata"") was applied.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>

Revert "mkeficapsule: Remove dtb related options"

This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352.

Signed-off-by: Simon Glass <sjg@chromium.org>

mkeficapsule: Remove dtb related options

commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb")
added a bunch of options enabling the addition of the capsule public key
in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this
this functionality anymore

Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>

tools/mkeficapsule: improve online help

Show short arguments along with long arguments in online help:

$ tools/mkeficapsule -h
Usage: mkeficapsule [options] <output file>
Options:
-f, --fit <fit image> new FIT image file
-r, --raw <raw image> new raw image file
-i, --index <index> update image index
-I, --instance <instance> update hardware instance
-K, --public-key <key file> public key esl file
-D, --dtb <dtb file> dtb file
-O, --overlay the dtb file is an overlay
-h, --help print a help message

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>

mkeficapsule: Correct printf() strings

Use %z when printing size_t values. This avoids errors on 32-bit
machines.

Signed-off-by: Simon Glass <sjg@chromium.org>
Use a conversion to size_t for printing stat.st_size.
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>

tools/mkeficapsule.c: fix DEBUG build

Fix a missing comma sign (,) from a printf(), that is only
reachable if DEBUG is defined, in which case the build fails with:

tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’
266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid);
| ^~~~
| )

Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>

mkeficapsule: Miscellaneous fixes in the utility

Miscellaneous fixes in the mkeficapsule utility -- these include a few
resource leak issues flagged by Coverity along with some additional
code improvements suggested by Heinrich during code review.

Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>

tools: mkeficapsule: fill reserved members of structure

Fill reserved members of efi_firmware_management_capsule_image_header
structure with zero's for safety.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Fixes: CID 316354
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>

mkeficapsule: Add support for embedding public key in a dtb

Add options for embedding the public key esl(efi signature list) file
to the platform's dtb. The esl file is then retrieved and used for
authenticating the capsule to be used for updating firmare components
on the platform.

The esl file can now be embedded in the dtb by invoking the following
command
mkeficapsule -K <pub_key.esl> -D <dtb>

In the scenario where the esl file is to be embedded in an overlay,
this can be done through the following command
mkeficapsule -O -K <pub_key.esl> -D <dtb>

This will create a node named 'signature' in the dtb, and the esl file
will be stored as 'capsule-key'

Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>

test/py: efi_capsule: test for FIT image capsule

The test can run on sandbox build and it attempts to execute a firmware
update via a capsule-on-disk, using a FIT image capsule,
CONFIG_EFI_CAPSULE_FIT.

To run this test successfully, you need configure U-Boot specifically;
See test_capsule_firmware.py for requirements, and hence it won't run
on Travis CI, at least, for now.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>

tools: add mkeficapsule command for UEFI capsule update

This is a utility mainly for test purpose.
mkeficapsule -f: create a test capsule file for FIT image firmware

Having said that, you will be able to customize the code to fit
your specific requirements for your platform.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>

global: Restrict use of '#include <linux/kconfig.h>'

In general terms, we -include include/linux/kconfig.h and so normal
U-Boot code does not need to also #include it. However, for code which
is shared with userspace we may need to add it so that either our full
config is available or so that macros such as CONFIG_IS_ENABLED() can be
evaluated. In this case make sure that we guard these includes with a
test for USE_HOSTCC so that it clear as to why we're doing this.

Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Tom Rini <trini@konsulko.com>

tools: mkeficapsule: Add support to print capsule headers

Add support to dump the contents of capsule headers. This is useful as
a debug feature for checking the contents of the capsule headers, and
can also be used in capsule verification.

Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Reviewed-by: Simon Glass <sjg@chromium.org>

mkeficapsule: add FMP Payload Header

Current mkeficapsule tool does not provide firmware
version management. EDK II reference implementation inserts
the FMP Payload Header right before the payload.
It coutains the fw_version and lowest supported version.

This commit adds a new parameters required to generate
the FMP Payload Header for mkeficapsule tool.
'-v' indicates the firmware version.

When mkeficapsule tool is invoked without '-v' option,
FMP Payload Header is not inserted, the behavior is same as
current implementation.

The lowest supported version included in the FMP Payload Header
is not used, the value stored in the device tree is used instead.

Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>

mkeficapsule: Add support for setting OEM flags in capsule header

Add support for setting OEM flags in the capsule header. As per the
UEFI specification, bits 0-15 of the flags member of the capsule
header can be defined per capsule GUID.

The oemflags will be used for the FWU Multi Bank update feature, as
specified by the Dependable Boot specification[1]. Bit
15 of the flags member will be used to determine if the
acceptance/rejection of the updated images is to be done by the
firmware or an external component like the OS.

[1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf

Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

mkeficapsule: Add support for generating empty capsules

The Dependable Boot specification[1] describes the structure of the
firmware accept and revert capsules. These are empty capsules which
are used for signalling the acceptance or rejection of the updated
firmware by the OS. Add support for generating these empty capsules.

[1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf

Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

mkeficapsule: Remove raw and FIT GUID types

While building a capsule, the GUID value of that specific image is to
be passed through the --guid command option to the mkeficapsule
tool instead of using one of --raw or --fit options, where the GUID
value passed through the command line option is the image GUID.

This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and
EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the
--raw and --fit command line options as well. Also modify the
mkeficapsule man page to reflect this change.

Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>

tools: mkeficapsule: remove duplicated code

That code is mistakenly duplicated due to copy-and-paste error.
Just remove it.

Fixes: CID 348360
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>

tools: mkeficapsule: allow for specifying GUID explicitly

The existing options, "--fit" and "--raw," are only used to put a proper
GUID in a capsule header, where GUID identifies a particular FMP (Firmware
Management Protocol) driver which then would handle the firmware binary in
a capsule. In fact, mkeficapsule does the exact same job in creating
a capsule file whatever the firmware binary type is.

To prepare for the future extension, the command syntax will be a bit
modified to allow users to specify arbitrary GUID for their own FMP driver.
OLD:
[--fit <image> | --raw <image>] <capsule file>
NEW:
[--fit | --raw | --guid <guid-string>] <image> <capsule file>

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Simon Glass <sjg@chromium.org>

tools: mkeficapsule: add firmware image signing

With this enhancement, mkeficapsule will be able to sign a capsule
file when it is created. A signature added will be used later
in the verification at FMP's SetImage() call.

To do that, we need specify additional command parameters:
-monotonic-cout <count> : monotonic count
-private-key <private key file> : private key file
-certificate <certificate file> : certificate file
Only when all of those parameters are given, a signature will be added
to a capsule file.

Users are expected to maintain and increment the monotonic count at
every time of the update for each firmware image.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>

tools: mkeficapsule: dont use malloc.h

malloc() functions are declared via stdlib.h. Including malloc.h can lead
to build errors e.g. on OS-X.

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>

tools: mkeficapsule: rework the code a little bit

Abstract common routines to make the code easily understandable.
No functional change.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Simon Glass <sjg@chromium.org>

tools: mkeficapsule: output messages to stderr instead of stdout

All the error messages should be printed out to stderr.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>

Revert "Revert "mkeficapsule: Remove dtb related options""

This reverts commit d428e81266a59974ade74c1ba019af39f23304ab.
We have agreed with removing dtb-related stuff from mkeficapsule
command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move
signature from DTB to .rodata"") was applied.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>

Revert "mkeficapsule: Remove dtb related options"

This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352.

Signed-off-by: Simon Glass <sjg@chromium.org>

mkeficapsule: Remove dtb related options

commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb")
added a bunch of options enabling the addition of the capsule public key
in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this
this functionality anymore

Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>

tools/mkeficapsule: improve online help

Show short arguments along with long arguments in online help:

$ tools/mkeficapsule -h
Usage: mkeficapsule [options] <output file>
Options:
-f, --fit <fit image> new FIT image file
-r, --raw <raw image> new raw image file
-i, --index <index> update image index
-I, --instance <instance> update hardware instance
-K, --public-key <key file> public key esl file
-D, --dtb <dtb file> dtb file
-O, --overlay the dtb file is an overlay
-h, --help print a help message

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>

mkeficapsule: Correct printf() strings

Use %z when printing size_t values. This avoids errors on 32-bit
machines.

Signed-off-by: Simon Glass <sjg@chromium.org>
Use a conversion to size_t for printing stat.st_size.
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>

tools/mkeficapsule.c: fix DEBUG build

Fix a missing comma sign (,) from a printf(), that is only
reachable if DEBUG is defined, in which case the build fails with:

tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’
266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid);
| ^~~~
| )

Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>

mkeficapsule: Miscellaneous fixes in the utility

Miscellaneous fixes in the mkeficapsule utility -- these include a few
resource leak issues flagged by Coverity along with some additional
code improvements suggested by Heinrich during code review.

Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>

tools: mkeficapsule: fill reserved members of structure

Fill reserved members of efi_firmware_management_capsule_image_header
structure with zero's for safety.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Fixes: CID 316354
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>

mkeficapsule: Add support for embedding public key in a dtb

Add options for embedding the public key esl(efi signature list) file
to the platform's dtb. The esl file is then retrieved and used for
authenticating the capsule to be used for updating firmare components
on the platform.

The esl file can now be embedded in the dtb by invoking the following
command
mkeficapsule -K <pub_key.esl> -D <dtb>

In the scenario where the esl file is to be embedded in an overlay,
this can be done through the following command
mkeficapsule -O -K <pub_key.esl> -D <dtb>

This will create a node named 'signature' in the dtb, and the esl file
will be stored as 'capsule-key'

Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>

test/py: efi_capsule: test for FIT image capsule

The test can run on sandbox build and it attempts to execute a firmware
update via a capsule-on-disk, using a FIT image capsule,
CONFIG_EFI_CAPSULE_FIT.

To run this test successfully, you need configure U-Boot specifically;
See test_capsule_firmware.py for requirements, and hence it won't run
on Travis CI, at least, for now.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>

tools: add mkeficapsule command for UEFI capsule update

This is a utility mainly for test purpose.
mkeficapsule -f: create a test capsule file for FIT image firmware

Having said that, you will be able to customize the code to fit
your specific requirements for your platform.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>

global: Restrict use of '#include <linux/kconfig.h>'

In general terms, we -include include/linux/kconfig.h and so normal
U-Boot code does not need to also #include it. However, for code which
is shared with userspace we may need to add it so that either our full
config is available or so that macros such as CONFIG_IS_ENABLED() can be
evaluated. In this case make sure that we guard these includes with a
test for USE_HOSTCC so that it clear as to why we're doing this.

Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Tom Rini <trini@konsulko.com>

tools: mkeficapsule: Add support to print capsule headers

Add support to dump the contents of capsule headers. This is useful as
a debug feature for checking the contents of the capsule headers, and
can also be used in capsule verification.

Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Reviewed-by: Simon Glass <sjg@chromium.org>

mkeficapsule: add FMP Payload Header

Current mkeficapsule tool does not provide firmware
version management. EDK II reference implementation inserts
the FMP Payload Header right before the payload.
It coutains the fw_version and lowest supported version.

This commit adds a new parameters required to generate
the FMP Payload Header for mkeficapsule tool.
'-v' indicates the firmware version.

When mkeficapsule tool is invoked without '-v' option,
FMP Payload Header is not inserted, the behavior is same as
current implementation.

The lowest supported version included in the FMP Payload Header
is not used, the value stored in the device tree is used instead.

Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>

mkeficapsule: Add support for setting OEM flags in capsule header

Add support for setting OEM flags in the capsule header. As per the
UEFI specification, bits 0-15 of the flags member of the capsule
header can be defined per capsule GUID.

The oemflags will be used for the FWU Multi Bank update feature, as
specified by the Dependable Boot specification[1]. Bit
15 of the flags member will be used to determine if the
acceptance/rejection of the updated images is to be done by the
firmware or an external component like the OS.

[1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf

Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

mkeficapsule: Add support for generating empty capsules

The Dependable Boot specification[1] describes the structure of the
firmware accept and revert capsules. These are empty capsules which
are used for signalling the acceptance or rejection of the updated
firmware by the OS. Add support for generating these empty capsules.

[1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf

Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

mkeficapsule: Remove raw and FIT GUID types

While building a capsule, the GUID value of that specific image is to
be passed through the --guid command option to the mkeficapsule
tool instead of using one of --raw or --fit options, where the GUID
value passed through the command line option is the image GUID.

This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and
EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the
--raw and --fit command line options as well. Also modify the
mkeficapsule man page to reflect this change.

Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>

tools: mkeficapsule: remove duplicated code

That code is mistakenly duplicated due to copy-and-paste error.
Just remove it.

Fixes: CID 348360
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>

tools: mkeficapsule: allow for specifying GUID explicitly

The existing options, "--fit" and "--raw," are only used to put a proper
GUID in a capsule header, where GUID identifies a particular FMP (Firmware
Management Protocol) driver which then would handle the firmware binary in
a capsule. In fact, mkeficapsule does the exact same job in creating
a capsule file whatever the firmware binary type is.

To prepare for the future extension, the command syntax will be a bit
modified to allow users to specify arbitrary GUID for their own FMP driver.
OLD:
[--fit <image> | --raw <image>] <capsule file>
NEW:
[--fit | --raw | --guid <guid-string>] <image> <capsule file>

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Simon Glass <sjg@chromium.org>

tools: mkeficapsule: add firmware image signing

With this enhancement, mkeficapsule will be able to sign a capsule
file when it is created. A signature added will be used later
in the verification at FMP's SetImage() call.

To do that, we need specify additional command parameters:
-monotonic-cout <count> : monotonic count
-private-key <private key file> : private key file
-certificate <certificate file> : certificate file
Only when all of those parameters are given, a signature will be added
to a capsule file.

Users are expected to maintain and increment the monotonic count at
every time of the update for each firmware image.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>

tools: mkeficapsule: dont use malloc.h

malloc() functions are declared via stdlib.h. Including malloc.h can lead
to build errors e.g. on OS-X.

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>

tools: mkeficapsule: rework the code a little bit

Abstract common routines to make the code easily understandable.
No functional change.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Simon Glass <sjg@chromium.org>

tools: mkeficapsule: output messages to stderr instead of stdout

All the error messages should be printed out to stderr.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>

Revert "Revert "mkeficapsule: Remove dtb related options""

This reverts commit d428e81266a59974ade74c1ba019af39f23304ab.
We have agreed with removing dtb-related stuff from mkeficapsule
command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move
signature from DTB to .rodata"") was applied.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>

Revert "mkeficapsule: Remove dtb related options"

This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352.

Signed-off-by: Simon Glass <sjg@chromium.org>

mkeficapsule: Remove dtb related options

commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb")
added a bunch of options enabling the addition of the capsule public key
in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this
this functionality anymore

Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>

tools/mkeficapsule: improve online help

Show short arguments along with long arguments in online help:

$ tools/mkeficapsule -h
Usage: mkeficapsule [options] <output file>
Options:
-f, --fit <fit image> new FIT image file
-r, --raw <raw image> new raw image file
-i, --index <index> update image index
-I, --instance <instance> update hardware instance
-K, --public-key <key file> public key esl file
-D, --dtb <dtb file> dtb file
-O, --overlay the dtb file is an overlay
-h, --help print a help message

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>