From patchwork Sat Jul 15 13:45:28 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Sughosh Ganu <sughosh.ganu@linaro.org>
X-Patchwork-Id: 703199
Delivered-To: patch@linaro.org
Received: by 2002:a5d:4e4d:0:b0:314:25da:8dc4 with SMTP id r13csp154241wrt;
 Sat, 15 Jul 2023 06:47:17 -0700 (PDT)
X-Google-Smtp-Source: APBJJlEuKFpaj+zwdTqpvvMLqk8EJCeaZR7Zv0gNI1asiTokl+MX2/uKCaZ1EKy5KZ926Es7flbK
X-Received: by 2002:a05:6402:b2e:b0:51e:3cc5:e036 with SMTP id
 bo14-20020a0564020b2e00b0051e3cc5e036mr6618906edb.18.1689428837021;
 Sat, 15 Jul 2023 06:47:17 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1689428837; cv=none;
 d=google.com; s=arc-20160816;
 b=EcR9WyAnJWeD/jzqK4o0TGdxYuL66tnzKpkne9y7mtnMJ0yq7xoljIVbDy7tFPU7tw
 sGHz3+DZvDVRyltBqtWU/dPNNugXTg43P4FQtRPVIJrJF43CgPKUJ9y8V8sEkwJCluKx
 yw+hWdRiEc27MWblJ3eDFy/tu77lSq6CnfNoX8d7BQlS5UzEuVod1IRVfZNs7COdiBeL
 GitvavQ5tzfnTneCROiaCvj1uDZsfDjpSycSHxqk1gD8OKgBWD80/tSITegP6IiiTDcq
 +do5qbUWGHJGk2CBOwQanrt/nj6v00VqSO127ighrclna6l2n302EnkD+RDTATC+H4il
 vTDw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816;
 h=sender:errors-to:list-subscribe:list-help:list-post:list-archive
 :list-unsubscribe:list-id:precedence:content-transfer-encoding
 :mime-version:references:in-reply-to:message-id:date:subject:cc:to
 :from; bh=vXuE5PtuU320prE9yRblWtf+HBxXb0ubv40/0tm23wA=;
 fh=pvWoYJ8DnC9IyTD46q2s71hlWpPSBdE/YYp0/eyIYcc=;
 b=V4I6WS58O0DiTHVq5C/PfW6IkAvno5kc/phdHctqyq6CNIUm/hUFDNWyR3JtrBJ9e0
 42yJJvQm+keFjzZvkn8CLPYvw3IJsdkZZdbDfmTAgGx4pwXF+lVdMPYs4qome09TWbRV
 fUA+ZdYHKYcE8+NYiMQooAuGCWD26g1SoV22aDHDYLP+FcrnVWrbS6M6LosHdiiY/kwv
 5Y1dXg4zpjewrk6MH0znEPI9ctdGkQhQK2CZqQjwBDYBeH3P73E6W5/M0C93kH5p1B5b
 4EggS+/RnrlPmwCLk9UlxNznzzd5zkf0pjUKCM5cgI90TwZIZL8iSPfM8bs4F+fJCVoS
 NvMA==
ARC-Authentication-Results: i=1; mx.google.com;
 spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates
 85.214.62.61 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; 
 dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org
Return-Path: <u-boot-bounces@lists.denx.de>
Received: from phobos.denx.de (phobos.denx.de. [85.214.62.61])
 by mx.google.com with ESMTPS id
 o12-20020aa7c50c000000b0051e257699acsi5114959edq.305.2023.07.15.06.47.16
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Sat, 15 Jul 2023 06:47:17 -0700 (PDT)
Received-SPF: pass (google.com: domain of u-boot-bounces@lists.denx.de
 designates 85.214.62.61 as permitted sender) client-ip=85.214.62.61;
Authentication-Results: mx.google.com;
 spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates
 85.214.62.61 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; 
 dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org
Received: from h2850616.stratoserver.net (localhost [IPv6:::1])
 by phobos.denx.de (Postfix) with ESMTP id 2911D860A6;
 Sat, 15 Jul 2023 15:46:27 +0200 (CEST)
Authentication-Results: phobos.denx.de;
 dmarc=fail (p=none dis=none) header.from=linaro.org
Authentication-Results: phobos.denx.de;
 spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de
Received: by phobos.denx.de (Postfix, from userid 109)
 id 4EA3D861A5; Sat, 15 Jul 2023 15:46:24 +0200 (CEST)
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de
X-Spam-Level: 
X-Spam-Status: No, score=-1.2 required=5.0 tests=BAYES_00,SPF_HELO_NONE,
 SPF_SOFTFAIL,T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no
 version=3.4.2
Received: from foss.arm.com (foss.arm.com [217.140.110.172])
 by phobos.denx.de (Postfix) with ESMTP id 77D0C861A5
 for <u-boot@lists.denx.de>; Sat, 15 Jul 2023 15:46:21 +0200 (CEST)
Authentication-Results: phobos.denx.de;
 dmarc=fail (p=none dis=none) header.from=linaro.org
Authentication-Results: phobos.denx.de;
 spf=fail smtp.mailfrom=sughosh.ganu@linaro.org
Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14])
 by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 1BA601063;
 Sat, 15 Jul 2023 06:47:03 -0700 (PDT)
Received: from a076522.blr.arm.com (a076522.blr.arm.com [10.162.46.7])
 by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id 22A1D3F67D;
 Sat, 15 Jul 2023 06:46:17 -0700 (PDT)
From: Sughosh Ganu <sughosh.ganu@linaro.org>
To: u-boot@lists.denx.de
Cc: Heinrich Schuchardt <xypron.glpk@gmx.de>,
 Ilias Apalodimas <ilias.apalodimas@linaro.org>,
 Simon Glass <sjg@chromium.org>,
 Takahiro Akashi <takahiro.akashi@linaro.org>,
 Malte Schmidt <malte.schmidt-oss@weidmueller.com>,
 Michal Simek <michal.simek@amd.com>, Tom Rini <trini@konsulko.com>,
 Sughosh Ganu <sughosh.ganu@linaro.org>
Subject: [PATCH v4 07/12] doc: Add documentation to highlight capsule
 generation related updates
Date: Sat, 15 Jul 2023 19:15:28 +0530
Message-Id: <20230715134533.2025893-8-sughosh.ganu@linaro.org>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <20230715134533.2025893-1-sughosh.ganu@linaro.org>
References: <20230715134533.2025893-1-sughosh.ganu@linaro.org>
MIME-Version: 1.0
X-BeenThere: u-boot@lists.denx.de
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: U-Boot discussion <u-boot.lists.denx.de>
List-Unsubscribe: <https://lists.denx.de/options/u-boot>,
 <mailto:u-boot-request@lists.denx.de?subject=unsubscribe>
List-Archive: <https://lists.denx.de/pipermail/u-boot/>
List-Post: <mailto:u-boot@lists.denx.de>
List-Help: <mailto:u-boot-request@lists.denx.de?subject=help>
List-Subscribe: <https://lists.denx.de/listinfo/u-boot>,
 <mailto:u-boot-request@lists.denx.de?subject=subscribe>
Errors-To: u-boot-bounces@lists.denx.de
Sender: "U-Boot" <u-boot-bounces@lists.denx.de>
X-Virus-Scanned: clamav-milter 0.103.8 at phobos.denx.de
X-Virus-Status: Clean

The UEFI capsule can now be generate by specifying the capsule
parameters through a config file. Additionally, the capsules can be
generated as part of u-boot build, through binman. Highlight these
changes in the documentation.

Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
---
Changes since V3:
* Move the paragraph on version support under a separate subsection.
* Move the description on generating capsules through config file
  under the section to describe capsule generation.
* Add a subsection highlighting generation of capsules through
  binman.

 doc/develop/uefi/uefi.rst | 84 +++++++++++++++++++++++++++++++++++++++
 1 file changed, 84 insertions(+)

diff --git a/doc/develop/uefi/uefi.rst b/doc/develop/uefi/uefi.rst
index 3d07aa33b8..251eaa13fd 100644
--- a/doc/develop/uefi/uefi.rst
+++ b/doc/develop/uefi/uefi.rst
@@ -318,6 +318,79 @@ Run the following command
       --guid <image GUID> \
       <capsule_file_name>
 
+Alternatively, the capsules can be generated through a config
+file. When generating the capsules through a config file, the Kconfig
+symbol CONFIG_EFI_CAPSULE_CFG_FILE is to be used for specifying the
+path to the config file.
+
+The config file describes the parameters that are used for generating
+one or more capsules. The parameters for a given capsule file are
+specified within curly braces, in the form of "key:value" pairs. All
+the parameters that are currently supported by the mkeficapsule tool
+can be specified through the config file.
+
+The following are some example payload parameters specified through
+the config file.
+
+.. code-block:: none
+
+	{
+	    image-guid: 02f4d760-cfd5-43bd-8e2d-a42acb33c660
+	    hardware-instance: 0
+	    monotonic-count: 1
+	    payload: u-boot.bin
+	    image-index: 1
+	    fw-version: 2
+	    private-key: /path/to/priv/key
+	    pub-key-cert: /path/to/pub/key
+	    capsule: u-boot.capsule
+	}
+	{
+	    image-guid: 4ce292da-1dd8-428d-a1c2-77743ef8b96e
+	    hardware-instance: 0
+	    payload: u-boot.itb
+	    image-index: 2
+	    fw-version: 7
+	    oemflags: 0x8000
+	    capsule: fit.capsule
+	}
+	{
+	    capsule-type: accept
+	    image-guid: 4ce292da-1dd8-428d-a1c2-77743ef8b96e
+	    capsule: accept.capsule
+	}
+	{
+	    capsule-type: revert
+	    capsule: revert.capsule
+	}
+
+The following are the keys that specify the capsule parameters
+
+..code-block:: none
+
+    image-guid: Image GUID
+    image-index: Image index value
+    fw-version: Image version
+    private-key: Path to the private key file used for capsule signing
+    pub-key-cert: Path to the public key crt file used for capsule signing
+    payload: Path to the capsule payload file
+    capsule: Path to the output capsule file that is generated
+    hardware-instance: Hardware Instance value
+    monotonic-count: Monotonic count value
+    capsule-type: Specifies capsule type. normal(default), accept or revert
+    oemflags: 16bit Oemflags value to be used(populated in capsule header)
+
+When generating capsules through a config file, the command would look
+like
+
+.. code-block:: console
+
+    $ mkeficapsule --cfg-file </path/to/the/config/file>
+
+
+Capsule with firmware version
+*****************************
+
 The UEFI specification does not define the firmware versioning mechanism.
 EDK II reference implementation inserts the FMP Payload Header right before
 the payload. It coutains the fw_version and lowest supported version,
@@ -345,6 +418,17 @@ add --fw-version option in mkeficapsule tool.
 If the --fw-version option is not set, FMP Payload Header is not inserted
 and fw_version is set as 0.
 
+
+Capsule Generation through binman
+*********************************
+
+Support has also been added to generate capsules during u-boot build
+through binman. This requires the platform's DTB to be populated with
+the capsule entry nodes for binman. The capsules then can be generated
+by specifying the capsule parameters either through a config file, or
+by specifying them as properties in the capsule entry node.
+
+
 Performing the update
 *********************