1# SPDX-License-Identifier: GPL-2.0+ 2# Copyright 2023 Linaro Limited 3# 4"""Bintool implementation for mkeficapsule tool 5 6mkeficapsule is a tool used for generating EFI capsules. 7 8The following are the commandline options to be provided 9to the tool 10Usage: mkeficapsule [options] <image blob> <output file> 11Options: 12 -g, --guid <guid string> guid for image blob type 13 -i, --index <index> update image index 14 -I, --instance <instance> update hardware instance 15 -v, --fw-version <version> firmware version 16 -p, --private-key <privkey file> private key file 17 -c, --certificate <cert file> signer's certificate file 18 -m, --monotonic-count <count> monotonic count 19 -d, --dump_sig dump signature (*.p7) 20 -A, --fw-accept firmware accept capsule, requires GUID, no image blob 21 -R, --fw-revert firmware revert capsule, takes no GUID, no image blob 22 -o, --capoemflag Capsule OEM Flag, an integer between 0x0000 and 0xffff 23 -h, --help print a help message 24""" 25 26from binman import bintool 27 28class Bintoolmkeficapsule(bintool.Bintool): 29 """Handles the 'mkeficapsule' tool 30 31 This bintool is used for generating the EFI capsules. The 32 capsule generation parameters can either be specified through 33 commandline, or through a config file. 34 """ 35 def __init__(self, name): 36 super().__init__(name, 'mkeficapsule tool for generating capsules') 37 38 def generate_capsule(self, image_index, image_guid, hardware_instance, 39 payload, output_fname, priv_key, pub_key, 40 monotonic_count=0, version=0, oemflags=0): 41 """Generate a capsule through commandline-provided parameters 42 43 Args: 44 image_index (int): Unique number for identifying payload image 45 image_guid (str): GUID used for identifying the image 46 hardware_instance (int): Optional unique hardware instance of 47 a device in the system. 0 if not being used 48 payload (str): Path to the input payload image 49 output_fname (str): Path to the output capsule file 50 priv_key (str): Path to the private key 51 pub_key(str): Path to the public key 52 monotonic_count (int): Count used when signing an image 53 version (int): Image version (Optional) 54 oemflags (int): Optional 16 bit OEM flags 55 56 Returns: 57 str: Tool output 58 """ 59 args = [ 60 f'--index={image_index}', 61 f'--guid={image_guid}', 62 f'--instance={hardware_instance}' 63 ] 64 65 if version: 66 args += [f'--fw-version={version}'] 67 if oemflags: 68 args += [f'--capoemflag={oemflags}'] 69 if priv_key and pub_key: 70 args += [ 71 f'--monotonic-count={monotonic_count}', 72 f'--private-key={priv_key}', 73 f'--certificate={pub_key}' 74 ] 75 76 args += [ 77 payload, 78 output_fname 79 ] 80 81 return self.run_cmd(*args) 82 83 def generate_empty_capsule(self, image_guid, output_fname, 84 accept=True): 85 """Generate empty capsules for FWU A/B updates 86 87 Args: 88 image_guid (str): GUID used for identifying the image 89 in case of an accept capsule 90 output_fname (str): Path to the output capsule file 91 accept (bool): Generate an accept capsule, 92 else a revert capsule 93 94 Returns: 95 str: Tool output 96 """ 97 if accept: 98 args = [ 99 f'--guid={image_guid}', 100 '--fw-accept' 101 ] 102 else: 103 args = [ '--fw-revert' ] 104 105 args += [ output_fname ] 106 107 return self.run_cmd(*args) 108 109 def fetch(self, method): 110 """Fetch handler for mkeficapsule 111 112 This builds the tool from source 113 114 Returns: 115 tuple: 116 str: Filename of fetched file to copy to a suitable directory 117 str: Name of temp directory to remove, or None 118 """ 119 if method != bintool.FETCH_BUILD: 120 return None 121 122 cmd = ['tools-only_defconfig', 'tools'] 123 result = self.build_from_git( 124 'https://source.denx.de/u-boot/u-boot.git', 125 cmd, 126 'tools/mkeficapsule') 127 return result 128