From patchwork Wed Jun 7 05:41:56 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Masahisa Kojima X-Patchwork-Id: 690171 Delivered-To: patch@linaro.org Received: by 2002:a5d:4d8a:0:0:0:0:0 with SMTP id b10csp139916wru; Tue, 6 Jun 2023 22:44:02 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ4dOuQYHdRujeTktXEXVhoezQ5L6LVguN1lHpBKVoQI98Hu/fZwYeRyaxYDlUi3PGSBInjO X-Received: by 2002:a25:1402:0:b0:b8f:5639:cb8a with SMTP id 2-20020a251402000000b00b8f5639cb8amr4155957ybu.9.1686116642653; Tue, 06 Jun 2023 22:44:02 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1686116642; cv=none; d=google.com; s=arc-20160816; b=Yqbv0ws/tmFdnOdf9DmVApP4ak6P8wUpH8FKfYx4eUEWcb4xZl7tTwUBsSG+2dQhRW gWEgHoSo6kqvZ7jeauyFSwL9Jexs9Eo5X/WsweUDhkBE1XLJP7j2X8TZLIlb0AIt+s40 zdpqAY/+YmGYJkQF3bde3fXSNVFbO9k62kF4N6mCZaue/Boze0TbGcpjYWOxRlcOP87s aqHanB7axSROhACnK8fMqd1+Xm0GYQB/SoPrZKEF9X0AAYDtKTGASFwMrzlmIxLDl4ku 7XR/osA/IH4nE7GySDsRXLa6ixKOoUjO28UH/LgckC19U8AXCCkw2ce0sEUXqhwg9Gi2 24qw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:content-transfer-encoding :mime-version:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=MW7GFDppTaa4shPmyFzR8JHCQGmM/eby59Lo7pOvM6w=; b=mwhZjW3bV4EOyHk8T1fKzzluMU+XbAzjJ8yDKZaDwiCyit3eXg7tcl0uaBHWRB3zEe lOQnapg4A39iXuqcPCNdF0nDSUG3b4zP/Cc+nepKemOBHQrz0SRmgAD/AZkfVK2DaDOP CynlXLLTJeUkXjVu48ewm4DQzoIMP1cUZlx2JCgg+p7ThLKswfE2CXUfHya3wtAboNzK ju5NnEh4Bf0NiU3baF+WGzhPSpLHZJrEtJ4ConE1Cs3VOd/rBW22QEm8U5oC8mgdZm0K 1Ci5KYvfD0VHo1qNAj6pHK7w5rLJ19mi5h0KBbp5xrDaoW8bRF7IRiEU90jz0J7wwxNx CCOw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=DzNxqxpy; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from phobos.denx.de (phobos.denx.de. [2a01:238:438b:c500:173d:9f52:ddab:ee01]) by mx.google.com with ESMTPS id jh2-20020a170903328200b001a2513b8e14si8089894plb.84.2023.06.06.22.44.01 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 06 Jun 2023 22:44:02 -0700 (PDT) Received-SPF: pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) client-ip=2a01:238:438b:c500:173d:9f52:ddab:ee01; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=DzNxqxpy; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 1925686043; Wed, 7 Jun 2023 07:43:00 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="DzNxqxpy"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id 82EF58603A; Wed, 7 Jun 2023 07:42:59 +0200 (CEST) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.2 Received: from mail-ot1-x336.google.com (mail-ot1-x336.google.com [IPv6:2607:f8b0:4864:20::336]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id 2799385FD2 for ; Wed, 7 Jun 2023 07:42:56 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=masahisa.kojima@linaro.org Received: by mail-ot1-x336.google.com with SMTP id 46e09a7af769-6b29a03ec42so1246657a34.1 for ; Tue, 06 Jun 2023 22:42:56 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1686116574; x=1688708574; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=MW7GFDppTaa4shPmyFzR8JHCQGmM/eby59Lo7pOvM6w=; b=DzNxqxpyBKBQJUCxxUN3dQ9wtnXg9tSMfV1uWb4meHaHvDXVgW8IGmp5LKChsPeqUg 8BADF6G2LPK9CSpJm8hlZ96yz3EbD9PZrh/gXdnmBbbFzs8rMakDcb4petUfx2+S4k3r S8sBzyfQKxA0fuhBLKPs3w7C7ZAzJQJap4MaBaFgU4YXNOaSPYerzV8+kyZGPzz6Tt30 sxGu9BP13p11d922wuJwsw0OTUolLKOCN7e9tFIID0xzLvjQlcagwX3Hc822TWc5YH2q NyQVQUcoIK3NwwWYljPuXFBSUVWxb23nqwexkBVgTyGo8YOeQ74xjxK6yevKx1fGufnM cDOg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1686116574; x=1688708574; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=MW7GFDppTaa4shPmyFzR8JHCQGmM/eby59Lo7pOvM6w=; b=iKxDpMfOnqXJNLLiZweUpf7+00RxR4YXAFd8qIFg+ACOKP+K5e9/NHqtdB457q4B5J UXmcYj5q2M63dbSyWgnb+wIYQqSqzpQjpZxHDlLUawqRjhfQXiSU+L/YBbUxJHGl6dSp ddbfkQyzKhgLJM1PlVAHfivfZrfy0PmGVy0ktfq3J5BbHmRAS9HnF0PxPlJB5wbXJVTL SfLOayViUisgK0gP9ZDjFaFXgTuMJYFdOyoGw821of4gCZ+NqAaDeUZEHdzK6fXYfhzj PrG0ggq2OYXF/a5aRFRh/TyoygF83FQLUFAjyJpkSlLzaKrzsT0kK3awtARB6FKozgdO QBVg== X-Gm-Message-State: AC+VfDzTbVe7GAYBmk5mQWXkKqPuL02uo1KGPAURl5OaaL2jrfXqEPTg HRLSLxMCtBjShvRCzn+ZTPIErHIKL7KDoCFr4bQ= X-Received: by 2002:a05:6358:e95:b0:129:cb51:7efe with SMTP id 21-20020a0563580e9500b00129cb517efemr2403630rwg.14.1686116574400; Tue, 06 Jun 2023 22:42:54 -0700 (PDT) Received: from ubuntu-SVE15129CJS.. ([240d:1a:cf7:5800:d3c2:bf07:d08b:b72d]) by smtp.gmail.com with ESMTPSA id fh2-20020a17090b034200b0024df2b712a7sm469033pjb.52.2023.06.06.22.42.52 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 06 Jun 2023 22:42:53 -0700 (PDT) From: Masahisa Kojima To: u-boot@lists.denx.de Cc: Heinrich Schuchardt , Ilias Apalodimas , Simon Glass , Takahiro Akashi , malte.schmidt-oss@weidmueller.com, Masahisa Kojima , Etienne Carriere , Sughosh Ganu Subject: [PATCH v9 06/10] mkeficapsule: add FMP Payload Header Date: Wed, 7 Jun 2023 14:41:56 +0900 Message-Id: <20230607054201.42702-7-masahisa.kojima@linaro.org> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20230607054201.42702-1-masahisa.kojima@linaro.org> References: <20230607054201.42702-1-masahisa.kojima@linaro.org> MIME-Version: 1.0 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.39 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.8 at phobos.denx.de X-Virus-Status: Clean Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima Acked-by: Ilias Apalodimas --- No update since v5 Changes in v5: - remove --lsv since we use the lowest_supported_version in the dtb Changes in v3: - remove '-f' option - move some definitions into tools/eficapsule.h - add dependency check of fw_version and lowest_supported_version - remove unexpected modification of existing fprintf() call - add documentation Newly created in v2 doc/mkeficapsule.1 | 10 ++++++++++ tools/eficapsule.h | 30 ++++++++++++++++++++++++++++++ tools/mkeficapsule.c | 37 +++++++++++++++++++++++++++++++++---- 3 files changed, 73 insertions(+), 4 deletions(-) diff --git a/doc/mkeficapsule.1 b/doc/mkeficapsule.1 index 1ca245a10f..c4c2057d5c 100644 --- a/doc/mkeficapsule.1 +++ b/doc/mkeficapsule.1 @@ -61,6 +61,16 @@ Specify an image index .BI "-I\fR,\fB --instance " instance Specify a hardware instance +.PP +FMP Payload Header is inserted right before the payload if +.BR --fw-version +is specified + + +.TP +.BI "-v\fR,\fB --fw-version " firmware-version +Specify a firmware version, 0 if omitted + .PP For generation of firmware accept empty capsule .BR --guid diff --git a/tools/eficapsule.h b/tools/eficapsule.h index 072a4b5598..753fb73313 100644 --- a/tools/eficapsule.h +++ b/tools/eficapsule.h @@ -113,4 +113,34 @@ struct efi_firmware_image_authentication { struct win_certificate_uefi_guid auth_info; } __packed; +/* fmp payload header */ +#define SIGNATURE_16(A, B) ((A) | ((B) << 8)) +#define SIGNATURE_32(A, B, C, D) \ + (SIGNATURE_16(A, B) | (SIGNATURE_16(C, D) << 16)) + +#define FMP_PAYLOAD_HDR_SIGNATURE SIGNATURE_32('M', 'S', 'S', '1') + +/** + * struct fmp_payload_header - EDK2 header for the FMP payload + * + * This structure describes the header which is preprended to the + * FMP payload by the edk2 capsule generation scripts. + * + * @signature: Header signature used to identify the header + * @header_size: Size of the structure + * @fw_version: Firmware versions used + * @lowest_supported_version: Lowest supported version (not used) + */ +struct fmp_payload_header { + uint32_t signature; + uint32_t header_size; + uint32_t fw_version; + uint32_t lowest_supported_version; +}; + +struct fmp_payload_header_params { + bool have_header; + uint32_t fw_version; +}; + #endif /* _EFI_CAPSULE_H */ diff --git a/tools/mkeficapsule.c b/tools/mkeficapsule.c index b71537beee..52be1f122e 100644 --- a/tools/mkeficapsule.c +++ b/tools/mkeficapsule.c @@ -41,6 +41,7 @@ static struct option options[] = { {"guid", required_argument, NULL, 'g'}, {"index", required_argument, NULL, 'i'}, {"instance", required_argument, NULL, 'I'}, + {"fw-version", required_argument, NULL, 'v'}, {"private-key", required_argument, NULL, 'p'}, {"certificate", required_argument, NULL, 'c'}, {"monotonic-count", required_argument, NULL, 'm'}, @@ -60,6 +61,7 @@ static void print_usage(void) "\t-g, --guid guid for image blob type\n" "\t-i, --index update image index\n" "\t-I, --instance update hardware instance\n" + "\t-v, --fw-version firmware version\n" "\t-p, --private-key private key file\n" "\t-c, --certificate signer's certificate file\n" "\t-m, --monotonic-count monotonic count\n" @@ -402,6 +404,7 @@ static void free_sig_data(struct auth_context *ctx) */ static int create_fwbin(char *path, char *bin, efi_guid_t *guid, unsigned long index, unsigned long instance, + struct fmp_payload_header_params *fmp_ph_params, uint64_t mcount, char *privkey_file, char *cert_file, uint16_t oemflags) { @@ -410,10 +413,11 @@ static int create_fwbin(char *path, char *bin, efi_guid_t *guid, struct efi_firmware_management_capsule_image_header image; struct auth_context auth_context; FILE *f; - uint8_t *data; + uint8_t *data, *new_data, *buf; off_t bin_size; uint64_t offset; int ret; + struct fmp_payload_header payload_header; #ifdef DEBUG fprintf(stderr, "For output: %s\n", path); @@ -423,6 +427,7 @@ static int create_fwbin(char *path, char *bin, efi_guid_t *guid, auth_context.sig_size = 0; f = NULL; data = NULL; + new_data = NULL; ret = -1; /* @@ -431,12 +436,30 @@ static int create_fwbin(char *path, char *bin, efi_guid_t *guid, if (read_bin_file(bin, &data, &bin_size)) goto err; + buf = data; + + /* insert fmp payload header right before the payload */ + if (fmp_ph_params->have_header) { + new_data = malloc(bin_size + sizeof(payload_header)); + if (!new_data) + goto err; + + payload_header.signature = FMP_PAYLOAD_HDR_SIGNATURE; + payload_header.header_size = sizeof(payload_header); + payload_header.fw_version = fmp_ph_params->fw_version; + payload_header.lowest_supported_version = 0; /* not used */ + memcpy(new_data, &payload_header, sizeof(payload_header)); + memcpy(new_data + sizeof(payload_header), data, bin_size); + buf = new_data; + bin_size += sizeof(payload_header); + } + /* first, calculate signature to determine its size */ if (privkey_file && cert_file) { auth_context.key_file = privkey_file; auth_context.cert_file = cert_file; auth_context.auth.monotonic_count = mcount; - auth_context.image_data = data; + auth_context.image_data = buf; auth_context.image_size = bin_size; if (create_auth_data(&auth_context)) { @@ -536,7 +559,7 @@ static int create_fwbin(char *path, char *bin, efi_guid_t *guid, /* * firmware binary */ - if (write_capsule_file(f, data, bin_size, "Firmware binary")) + if (write_capsule_file(f, buf, bin_size, "Firmware binary")) goto err; ret = 0; @@ -545,6 +568,7 @@ err: fclose(f); free_sig_data(&auth_context); free(data); + free(new_data); return ret; } @@ -644,6 +668,7 @@ int main(int argc, char **argv) unsigned long oemflags; char *privkey_file, *cert_file; int c, idx; + struct fmp_payload_header_params fmp_ph_params = { 0 }; guid = NULL; index = 0; @@ -679,6 +704,10 @@ int main(int argc, char **argv) case 'I': instance = strtoul(optarg, NULL, 0); break; + case 'v': + fmp_ph_params.fw_version = strtoul(optarg, NULL, 0); + fmp_ph_params.have_header = true; + break; case 'p': if (privkey_file) { fprintf(stderr, @@ -751,7 +780,7 @@ int main(int argc, char **argv) exit(EXIT_FAILURE); } } else if (create_fwbin(argv[argc - 1], argv[argc - 2], guid, - index, instance, mcount, privkey_file, + index, instance, &fmp_ph_params, mcount, privkey_file, cert_file, (uint16_t)oemflags) < 0) { fprintf(stderr, "Creating firmware capsule failed\n"); exit(EXIT_FAILURE);