From patchwork Tue Jun 13 10:37:59 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sughosh Ganu X-Patchwork-Id: 691956 Delivered-To: patch@linaro.org Received: by 2002:a5d:4d91:0:0:0:0:0 with SMTP id b17csp341817wru; Tue, 13 Jun 2023 03:38:57 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ6mMLJzybANjrvX1/hdl3b63fYjbrzOgs3RGBzZibRs6lxGRZxNDoC8VoQMSmfbFKQ0N4Dr X-Received: by 2002:a05:6808:13ca:b0:39c:4653:615c with SMTP id d10-20020a05680813ca00b0039c4653615cmr8024867oiw.22.1686652737630; Tue, 13 Jun 2023 03:38:57 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1686652737; cv=none; d=google.com; s=arc-20160816; b=0/gr3X6zLjpP3U4ta5vxYXD+g/71Jav8QKBF2QJDG56t3p/ewR7ODKRvmTSCkSEpwP /2C9Mk+aUAwQ9eRya6/RtWmTHBOuUMGz/6rF7RcW9MmhmTeuiU3AusD1qpQ1NJZYkM0B OmwsHqSbKq7i7mJygxmyqcVHDNVGw4Fmt+ciJDNdrb8V1FQW3CuUWZlzXWNRPt8fEkGq UlhEFTQvhRiK0O2Ql/OJKERQ8DvsygyH99PcKBczb0e/1BoieOXJ+XKEYHpq5eVflYpn 26r1sDWxQZSiMVfEiFiIywM9ljCxlT5WUp/s6mv/id+qVwYAmDVjDl+stOuAnLE8nmLB QXfw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:content-transfer-encoding :mime-version:message-id:date:subject:cc:to:from; bh=oglHgRA5Ba5Y+vG6D+njhmkLm9ruLJSOMYOcuTJPUKs=; b=lyI/O/U5qZneegLBop3hIlwcAsVgMPrHygKgXsnIatxKNakW08RMDtVRRO8H9i6Rjc l8vgoXk0VjXEQs11scN9+v4MsvYMBrCj0ZY3LOS7fHzBf64GbBbPiVtnwcRS+A2QyInw ITUrqBwUT5WeL/2EOG/NOKhke/h4EuLtkTBef+n2mKzcEHNDt1hj2jejmyM+6mrTrhfu cSznM6mGVHPeB+D3KiTp7YiW7oucFExeQ0p5MjmMXs/td1ORKuBgZjLa4tddvWQw+j0N E3Dr3ucRDm9Ti3Y/Wu/28Tl+7CeLh3IEhcxHFIYJSgz8wcAHAsufdto46/Uhyf2u68Z9 G0Ww== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 85.214.62.61 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from phobos.denx.de (phobos.denx.de. [85.214.62.61]) by mx.google.com with ESMTPS id i6-20020a17090a2a0600b0025be7a18dd1si3071699pjd.94.2023.06.13.03.38.56 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 13 Jun 2023 03:38:57 -0700 (PDT) Received-SPF: pass (google.com: domain of u-boot-bounces@lists.denx.de designates 85.214.62.61 as permitted sender) client-ip=85.214.62.61; Authentication-Results: mx.google.com; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 85.214.62.61 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 2052D861A4; Tue, 13 Jun 2023 12:38:51 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=fail (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Received: by phobos.denx.de (Postfix, from userid 109) id 051BB861A4; Tue, 13 Jun 2023 12:38:49 +0200 (CEST) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-1.2 required=5.0 tests=BAYES_00,SPF_HELO_NONE, SPF_SOFTFAIL,T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=3.4.2 Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by phobos.denx.de (Postfix) with ESMTP id 5623C85EF6 for ; Tue, 13 Jun 2023 12:38:46 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=fail (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=fail smtp.mailfrom=sughosh.ganu@linaro.org Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 937CE1FB; Tue, 13 Jun 2023 03:39:30 -0700 (PDT) Received: from a076522.blr.arm.com (unknown [10.162.46.7]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id C946F3F71E; Tue, 13 Jun 2023 03:38:43 -0700 (PDT) From: Sughosh Ganu To: u-boot@lists.denx.de Cc: Heinrich Schuchardt , Ilias Apalodimas , Simon Glass , Michal Simek , Takahiro Akashi Subject: [PATCH 0/7] Integrate EFI capsule tasks into u-boot's build flow Date: Tue, 13 Jun 2023 16:07:59 +0530 Message-Id: <20230613103806.812065-1-sughosh.ganu@linaro.org> X-Mailer: git-send-email 2.34.1 MIME-Version: 1.0 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.39 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.8 at phobos.denx.de X-Virus-Status: Clean This patchset aims to bring two capsule related tasks under the u-boot build flow. One is the embedding of the public key into the platform's dtb as part of dtb' build. The public key is in the form of an EFI Signature List(ESL) file and is used for capsule authentication. This is achieved at the time of the dtb generation, with the path to the ESL file being provided through a Kconfig symbol(CONFIG_EFI_CAPSULE_ESL_FILE). Changes have also been made to the test flow so that the keys used for signing the capsule, and the ESL file, are generated prior to invoking the u-boot's build, which enables embedding the ESL file into the dtb as part of the u-boot build flow. The other task is to add a make target for generating capsules. This is being achieved by adding support for parsing a config file to get the capsule generation parameters. Multiple payloads can be specified, resulting in generation of multiple capsules with a single invocation of the command. The path to the config file is to be specified through a Kconfig symbol(CONFIG_EFI_CAPSULE_CFG_FILE). Changes have also been made to the efi capsule test setup, whereby, with the above config symbol having been populated, the capsule files are generated through the make capsule command. The requisite config file has been placed under the test/py/tests/test_efi_capsule/ directory, which results in generation of the same set of capsule files. Currently, the capsule authentication feature is tested on the sandbox and sandbox_flattree variants. The capsule generation through config file is enabled for the sandbox variant, with the sandbox_flattree variant generating capsules through the command-line parameters. The document has been updated to reflect the above changes. Sughosh Ganu (7): capsule: authenticate: Embed capsule public key in platform's dtb test: py: Generate capsule keys prior to building u-boot doc: capsule: Document the new mechanism to embed ESL file into dtb tools: mkeficapsule: Add support for parsing capsule params from config file Makefile: Add a target for building capsules test: efi_capsule: Test capsule generation from config file doc: Add documentation to describe capsule config file format Makefile | 9 + configs/sandbox_defconfig | 2 + configs/sandbox_flattree_defconfig | 1 + doc/develop/uefi/uefi.rst | 83 ++++- lib/efi_loader/Kconfig | 11 + scripts/Makefile.lib | 8 + scripts/embed_capsule_key.sh | 25 ++ test/py/conftest.py | 64 ++++ test/py/tests/test_efi_capsule/conftest.py | 144 ++++---- .../test_efi_capsule/sandbox_capsule_cfg.txt | 75 ++++ test/py/tests/test_efi_capsule/signature.dts | 10 - tools/Kconfig | 9 + tools/Makefile | 1 + tools/eficapsule.h | 110 ++++++ tools/mkeficapsule.c | 106 ++++-- tools/mkeficapsule_parse.c | 345 ++++++++++++++++++ 16 files changed, 866 insertions(+), 137 deletions(-) create mode 100755 scripts/embed_capsule_key.sh create mode 100644 test/py/tests/test_efi_capsule/sandbox_capsule_cfg.txt delete mode 100644 test/py/tests/test_efi_capsule/signature.dts create mode 100644 tools/mkeficapsule_parse.c