From patchwork Tue Jul 27 09:10:46 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: AKASHI Takahiro X-Patchwork-Id: 486667 Delivered-To: patch@linaro.org Received: by 2002:a05:6638:1185:0:0:0:0 with SMTP id f5csp37504jas; Tue, 27 Jul 2021 02:12:31 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzTSeP0YmbYvLGu4HfVkfaEWpvRspAwr11gdaPV1eCkXBQiHX34aAFcqA9r44qLJR1ZZp9y X-Received: by 2002:a17:906:cd1a:: with SMTP id oz26mr2348929ejb.101.1627377150935; Tue, 27 Jul 2021 02:12:30 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1627377150; cv=none; d=google.com; s=arc-20160816; b=KDtYsBlnLGIU8jL+YQCiqMZ6KATrib4cCFHOdkw4uprlsKoF3x4mzJW1MWWlrVbmGf cVX00cLQJmEFm3fAu8eU36KBgTqNbWplic2IQQyYzYrGZvNt5VvWId9sa11ERBsyYe/p BRAHQ+FvVWOELREbSRkt7Z8khWoZsXhy1XWmGj6/hZ9Yb/qpuCTVwV9lMj26hPAo5egm q+6LjzGpusfOt5p3jtmxU0u8zkc2GDD3hVdhOUXEYXYsrZbTtDzfjnj1S0m8uCn0P06p LzqVNZgyl6cXJ1uUlDYITcs4rq+gvimWYwalyh+YN0yr0Om7Pj2txn7KKTj/S7AH7fXg p8fQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:content-transfer-encoding :mime-version:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=+V+GtyS51kdzSznUDAG2dXbsyNOpNBPam+NBlH88tXs=; b=yGq+bdc4m3SOd+xcodAztwelGxBVeDQpgAv+wHNYA0v9FLEmvTHxzHMcGyz1X9vhU9 caG5nvu6h7mzecUj2anQB0s7IWY9dekPjoMjMKeeo9L9ZUXRzvwDHmLj2Us09TR0g//s jaxHnxcK9BVk6d79RbgryxDOXgfXijRXXqwGWQ5WH+Fvm4Imj/fHRP/b6BgiLS2raD2T F6moXv0hPDpXnunixvxD2X1tVnmQS2UWxnvx54jj7ipB/4DOkjLiJIUSoxKgXRjX1Uky kJSB1xnf/CpJgSg+FWm74vfHqofeUz4SM7n8tWMDRvGa9O7JCCJPsZVLL44ybc9MzRW8 6qEw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=uQGax1h4; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 85.214.62.61 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from phobos.denx.de (phobos.denx.de. [85.214.62.61]) by mx.google.com with ESMTPS id b5si2349974edv.330.2021.07.27.02.12.30 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 27 Jul 2021 02:12:30 -0700 (PDT) Received-SPF: pass (google.com: domain of u-boot-bounces@lists.denx.de designates 85.214.62.61 as permitted sender) client-ip=85.214.62.61; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=uQGax1h4; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 85.214.62.61 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 3D97A83454; Tue, 27 Jul 2021 11:12:29 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="uQGax1h4"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id E8BEE83454; Tue, 27 Jul 2021 11:12:24 +0200 (CEST) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,SPF_HELO_NONE autolearn=ham autolearn_force=no version=3.4.2 Received: from mail-pl1-x62b.google.com (mail-pl1-x62b.google.com [IPv6:2607:f8b0:4864:20::62b]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id 36DE88344A for ; Tue, 27 Jul 2021 11:12:15 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=takahiro.akashi@linaro.org Received: by mail-pl1-x62b.google.com with SMTP id e14so15088200plh.8 for ; Tue, 27 Jul 2021 02:12:15 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=+V+GtyS51kdzSznUDAG2dXbsyNOpNBPam+NBlH88tXs=; b=uQGax1h4I5qcNkC/FS9xMaO5dttIQcEg1joJvxepYm+JvvB3TYzFB+8gzWiVTMJYl6 AhyqZW6+H5FCJAGL+PjmuVn6M/uow9rV4AQE4Gz9iNClw5sjuOjhBmn1HgWIvalMebqr 7ibaCsduUhAFJH9cMYo8+diqVe3uyo6im3iuaIM8gMUi4hEhDeAbYtr5vZxDNA2kblJZ 0q1VEVzUHuBlG+vCTOhlJlKHqBCilbAeKZt8zDYiAL8akmt8t4mmkQ9GaRIvXPLkjNFz 1kj+teizofdMRRkju+vUKif2JRKEcKZp8RM3GxVwSxA7xsgX8AQS0I+BkAWnv5ZMgEMk MRPQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=+V+GtyS51kdzSznUDAG2dXbsyNOpNBPam+NBlH88tXs=; b=H3bBdxF6F+3KbE93CdDpAHCrDJ5IjIPqPVV/9iQmGpTsr8qqHVJH+eTEDpfh5AsI4A lcyyyyODHtZ4/BazZjUM1E+DuWgo8Wsqq22j0Go+0AKB24qfTGeVotMg8usTtGorP5eJ gnFDNVym4QneMZ2gL/w+i0HAk4cOVxFuMDNTdYzvjXQVIyMb4kHBz/TBaZyKWkca14W1 1BXME+CcWM84X0v6dniAcdYNn7HKlrk5lWyZDNhj8XO2kfgAm7xU6yiMiGDXZrE0p2zr VHJwaqFhvXY4v1yMceNrd1P284/snZ+niKa9mWc1uJVyxZ6vZrl2YWnE+OADnGCPmJgT W+mg== X-Gm-Message-State: AOAM532hol5kB63KZL4fEfNP1o8VE82dkSsMiAAEe7rR3HwlCF18LRd6 u9uEyn8aiRLyHilINDKnf5SqbA== X-Received: by 2002:aa7:947d:0:b029:32c:c2e7:5f38 with SMTP id t29-20020aa7947d0000b029032cc2e75f38mr22267269pfq.39.1627377133262; Tue, 27 Jul 2021 02:12:13 -0700 (PDT) Received: from localhost.localdomain (pdb6272ed.tkyea130.ap.so-net.ne.jp. [219.98.114.237]) by smtp.gmail.com with ESMTPSA id q13sm2008218pjq.10.2021.07.27.02.12.03 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 27 Jul 2021 02:12:12 -0700 (PDT) From: AKASHI Takahiro To: xypron.glpk@gmx.de, agraf@csgraf.de, trini@konsulko.com, sjg@chromium.org Cc: ilias.apalodimas@linaro.org, sughosh.ganu@linaro.org, masami.hiramatsu@linaro.org, u-boot@lists.denx.de, AKASHI Takahiro Subject: [PATCH v2 1/9] tools: mkeficapsule: add firmwware image signing Date: Tue, 27 Jul 2021 18:10:46 +0900 Message-Id: <20210727091054.512050-2-takahiro.akashi@linaro.org> X-Mailer: git-send-email 2.31.0 In-Reply-To: <20210727091054.512050-1-takahiro.akashi@linaro.org> References: <20210727091054.512050-1-takahiro.akashi@linaro.org> MIME-Version: 1.0 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.34 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.2 at phobos.denx.de X-Virus-Status: Clean With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, We need specify additional command parameters: -monotonic-cout : monotonic count -private-key : private key file -certificate : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro --- tools/Kconfig | 7 + tools/Makefile | 8 +- tools/mkeficapsule.c | 332 +++++++++++++++++++++++++++++++++++++++---- 3 files changed, 316 insertions(+), 31 deletions(-) -- 2.31.0 Tested-by: Masami Hiramatsu diff --git a/tools/Kconfig b/tools/Kconfig index d6f82cd949b5..9a37ed035311 100644 --- a/tools/Kconfig +++ b/tools/Kconfig @@ -20,4 +20,11 @@ config TOOLS_LIBCRYPTO This selection does not affect target features, such as runtime FIT signature verification. +config TOOLS_MKEFICAPSULE + bool "Build efimkcapsule command" + default y if EFI_CAPSULE_ON_DISK + help + This command allows users to create a UEFI capsule file and, + optionally sign that file. If you want to enable UEFI capsule + update feature on your target, you certainly need this. endmenu diff --git a/tools/Makefile b/tools/Makefile index bae3f95c4995..af8536489652 100644 --- a/tools/Makefile +++ b/tools/Makefile @@ -245,8 +245,12 @@ hostprogs-$(CONFIG_MIPS) += mips-relocs hostprogs-$(CONFIG_ASN1_COMPILER) += asn1_compiler HOSTCFLAGS_asn1_compiler.o = -idirafter $(srctree)/include -mkeficapsule-objs := mkeficapsule.o $(LIBFDT_OBJS) -hostprogs-$(CONFIG_EFI_HAVE_CAPSULE_SUPPORT) += mkeficapsule +HOSTLDLIBS_mkeficapsule += -luuid +ifeq ($(CONFIG_TOOLS_LIBCRYPTO),y) +HOSTLDLIBS_mkeficapsule += \ + $(shell pkg-config --libs libssl libcrypto 2> /dev/null || echo "-lssl -lcrypto") +endif +hostprogs-$(CONFIG_TOOLS_MKEFICAPSULE) += mkeficapsule # We build some files with extra pedantic flags to try to minimize things # that won't build on some weird host compiler -- though there are lots of diff --git a/tools/mkeficapsule.c b/tools/mkeficapsule.c index 4995ba4e0c2a..798706c7b5f7 100644 --- a/tools/mkeficapsule.c +++ b/tools/mkeficapsule.c @@ -15,6 +15,16 @@ #include #include +#include +#ifdef CONFIG_TOOLS_LIBCRYPTO +#include +#include +#include +#include +#include +#include +#endif + typedef __u8 u8; typedef __u16 u16; typedef __u32 u32; @@ -38,12 +48,25 @@ efi_guid_t efi_guid_image_type_uboot_fit = EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID; efi_guid_t efi_guid_image_type_uboot_raw = EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID; +efi_guid_t efi_guid_cert_type_pkcs7 = EFI_CERT_TYPE_PKCS7_GUID; + +#ifdef CONFIG_TOOLS_LIBCRYPTO +static const char *opts_short = "f:r:i:I:v:p:c:m:dh"; +#else +static const char *opts_short = "f:r:i:I:v:h"; +#endif static struct option options[] = { {"fit", required_argument, NULL, 'f'}, {"raw", required_argument, NULL, 'r'}, {"index", required_argument, NULL, 'i'}, {"instance", required_argument, NULL, 'I'}, +#ifdef CONFIG_TOOLS_LIBCRYPTO + {"private-key", required_argument, NULL, 'p'}, + {"certificate", required_argument, NULL, 'c'}, + {"monotonic-count", required_argument, NULL, 'm'}, + {"dump-sig", no_argument, NULL, 'd'}, +#endif {"help", no_argument, NULL, 'h'}, {NULL, 0, NULL, 0}, }; @@ -57,16 +80,195 @@ static void print_usage(void) "\t-r, --raw new raw image file\n" "\t-i, --index update image index\n" "\t-I, --instance update hardware instance\n" +#ifdef CONFIG_TOOLS_LIBCRYPTO + "\t-p, --private-key private key file\n" + "\t-c, --certificate signer's certificate file\n" + "\t-m, --monotonic-count monotonic count\n" + "\t-d, --dump_sig dump signature (*.p7)\n" +#endif "\t-h, --help print a help message\n", tool_name); } +struct auth_context { + char *key_file; + char *cert_file; + u8 *image_data; + size_t image_size; + struct efi_firmware_image_authentication auth; + u8 *sig_data; + size_t sig_size; +}; + +static int dump_sig; + +#ifdef CONFIG_TOOLS_LIBCRYPTO +static EVP_PKEY *fileio_read_pkey(const char *filename) +{ + EVP_PKEY *key = NULL; + BIO *bio; + + bio = BIO_new_file(filename, "r"); + if (!bio) + goto out; + + key = PEM_read_bio_PrivateKey(bio, NULL, NULL, NULL); + +out: + BIO_free_all(bio); + if (!key) { + printf("Can't load key from file '%s'\n", filename); + ERR_print_errors_fp(stderr); + } + + return key; +} + +static X509 *fileio_read_cert(const char *filename) +{ + X509 *cert = NULL; + BIO *bio; + + bio = BIO_new_file(filename, "r"); + if (!bio) + goto out; + + cert = PEM_read_bio_X509(bio, NULL, NULL, NULL); + +out: + BIO_free_all(bio); + if (!cert) { + printf("Can't load certificate from file '%s'\n", filename); + ERR_print_errors_fp(stderr); + } + + return cert; +} + +static int create_auth_data(struct auth_context *ctx) +{ + EVP_PKEY *key = NULL; + X509 *cert = NULL; + BIO *data_bio = NULL; + const EVP_MD *md; + PKCS7 *p7; + int flags, ret = -1; + + OpenSSL_add_all_digests(); + OpenSSL_add_all_ciphers(); + ERR_load_crypto_strings(); + + key = fileio_read_pkey(ctx->key_file); + if (!key) + goto err; + cert = fileio_read_cert(ctx->cert_file); + if (!cert) + goto err; + + /* + * create a BIO, containing: + * * firmware image + * * monotonic count + * in this order! + * See EDK2's FmpAuthenticatedHandlerRsa2048Sha256() + */ + data_bio = BIO_new(BIO_s_mem()); + BIO_write(data_bio, ctx->image_data, ctx->image_size); + BIO_write(data_bio, &ctx->auth.monotonic_count, + sizeof(ctx->auth.monotonic_count)); + + md = EVP_get_digestbyname("SHA256"); + if (!md) + goto err; + + /* create signature */ + /* TODO: maybe add PKCS7_NOATTR and PKCS7_NOSMIMECAP */ + flags = PKCS7_BINARY | PKCS7_DETACHED; + p7 = PKCS7_sign(NULL, NULL, NULL, data_bio, flags | PKCS7_PARTIAL); + if (!p7) + goto err; + if (!PKCS7_sign_add_signer(p7, cert, key, md, flags)) + goto err; + if (!PKCS7_final(p7, data_bio, flags)) + goto err; + + /* convert pkcs7 into DER */ + ctx->sig_data = NULL; + ctx->sig_size = ASN1_item_i2d((ASN1_VALUE *)p7, &ctx->sig_data, + ASN1_ITEM_rptr(PKCS7)); + if (!ctx->sig_size) + goto err; + + /* fill auth_info */ + ctx->auth.auth_info.hdr.dwLength = sizeof(ctx->auth.auth_info) + + ctx->sig_size; + ctx->auth.auth_info.hdr.wRevision = WIN_CERT_REVISION_2_0; + ctx->auth.auth_info.hdr.wCertificateType = WIN_CERT_TYPE_EFI_GUID; + memcpy(&ctx->auth.auth_info.cert_type, &efi_guid_cert_type_pkcs7, + sizeof(efi_guid_cert_type_pkcs7)); + + ret = 0; +err: + BIO_free_all(data_bio); + EVP_PKEY_free(key); + X509_free(cert); + + return ret; +} + +static int dump_signature(const char *path, u8 *signature, size_t sig_size) +{ + char *sig_path; + FILE *f; + size_t size; + int ret = -1; + + sig_path = malloc(strlen(path) + 3 + 1); + if (!sig_path) + return ret; + + sprintf(sig_path, "%s.p7", path); + f = fopen(sig_path, "w"); + if (!f) + goto err; + + size = fwrite(signature, 1, sig_size, f); + if (size == sig_size) + ret = 0; + + fclose(f); +err: + free(sig_path); + return ret; +} + +static void free_sig_data(struct auth_context *ctx) +{ + if (ctx->sig_size) + OPENSSL_free(ctx->sig_data); +} +#else +static int create_auth_data(struct auth_context *ctx) +{ + return 0; +} + +static int dump_signature(const char *path, u8 *signature, size_t sig_size) +{ + return 0; +} + +static void free_sig_data(struct auth_context *ctx) {} +#endif + static int create_fwbin(char *path, char *bin, efi_guid_t *guid, - unsigned long index, unsigned long instance) + unsigned long index, unsigned long instance, + uint64_t mcount, char *privkey_file, char *cert_file) { struct efi_capsule_header header; struct efi_firmware_management_capsule_header capsule; struct efi_firmware_management_capsule_image_header image; + struct auth_context auth_context; FILE *f, *g; struct stat bin_stat; u8 *data; @@ -78,6 +280,7 @@ static int create_fwbin(char *path, char *bin, efi_guid_t *guid, printf("\tbin: %s\n\ttype: %pUl\n", bin, guid); printf("\tindex: %ld\n\tinstance: %ld\n", index, instance); #endif + auth_context.sig_size = 0; g = fopen(bin, "r"); if (!g) { @@ -93,11 +296,34 @@ static int create_fwbin(char *path, char *bin, efi_guid_t *guid, printf("cannot allocate memory: %zx\n", (size_t)bin_stat.st_size); goto err_1; } - f = fopen(path, "w"); - if (!f) { - printf("cannot open %s\n", path); + + size = fread(data, 1, bin_stat.st_size, g); + if (size < bin_stat.st_size) { + printf("read failed (%zx)\n", size); goto err_2; } + + /* first, calculate signature to determine its size */ + if (privkey_file && cert_file) { + auth_context.key_file = privkey_file; + auth_context.cert_file = cert_file; + auth_context.auth.monotonic_count = mcount; + auth_context.image_data = data; + auth_context.image_size = bin_stat.st_size; + + if (create_auth_data(&auth_context)) { + printf("Signing firmware image failed\n"); + goto err_3; + } + + if (dump_sig && + dump_signature(path, auth_context.sig_data, + auth_context.sig_size)) { + printf("Creating signature file failed\n"); + goto err_3; + } + } + header.capsule_guid = efi_guid_fm_capsule; header.header_size = sizeof(header); /* TODO: The current implementation ignores flags */ @@ -106,11 +332,20 @@ static int create_fwbin(char *path, char *bin, efi_guid_t *guid, + sizeof(capsule) + sizeof(u64) + sizeof(image) + bin_stat.st_size; + if (auth_context.sig_size) + header.capsule_image_size += sizeof(auth_context.auth) + + auth_context.sig_size; + + f = fopen(path, "w"); + if (!f) { + printf("cannot open %s\n", path); + goto err_3; + } size = fwrite(&header, 1, sizeof(header), f); if (size < sizeof(header)) { printf("write failed (%zx)\n", size); - goto err_3; + goto err_4; } capsule.version = 0x00000001; @@ -119,13 +354,13 @@ static int create_fwbin(char *path, char *bin, efi_guid_t *guid, size = fwrite(&capsule, 1, sizeof(capsule), f); if (size < (sizeof(capsule))) { printf("write failed (%zx)\n", size); - goto err_3; + goto err_4; } offset = sizeof(capsule) + sizeof(u64); size = fwrite(&offset, 1, sizeof(offset), f); if (size < sizeof(offset)) { printf("write failed (%zx)\n", size); - goto err_3; + goto err_4; } image.version = 0x00000003; @@ -135,34 +370,53 @@ static int create_fwbin(char *path, char *bin, efi_guid_t *guid, image.reserved[1] = 0; image.reserved[2] = 0; image.update_image_size = bin_stat.st_size; + if (auth_context.sig_size) + image.update_image_size += sizeof(auth_context.auth) + + auth_context.sig_size; image.update_vendor_code_size = 0; /* none */ image.update_hardware_instance = instance; image.image_capsule_support = 0; + if (auth_context.sig_size) + image.image_capsule_support |= CAPSULE_SUPPORT_AUTHENTICATION; size = fwrite(&image, 1, sizeof(image), f); if (size < sizeof(image)) { printf("write failed (%zx)\n", size); - goto err_3; + goto err_4; } - size = fread(data, 1, bin_stat.st_size, g); - if (size < bin_stat.st_size) { - printf("read failed (%zx)\n", size); - goto err_3; + + if (auth_context.sig_size) { + size = fwrite(&auth_context.auth, 1, + sizeof(auth_context.auth), f); + if (size < sizeof(auth_context.auth)) { + printf("write failed (%zx)\n", size); + goto err_4; + } + size = fwrite(auth_context.sig_data, 1, + auth_context.sig_size, f); + if (size < auth_context.sig_size) { + printf("write failed (%zx)\n", size); + goto err_4; + } } + size = fwrite(data, 1, bin_stat.st_size, f); if (size < bin_stat.st_size) { printf("write failed (%zx)\n", size); - goto err_3; + goto err_4; } fclose(f); fclose(g); free(data); + free_sig_data(&auth_context); return 0; -err_3: +err_4: fclose(f); +err_3: + free_sig_data(&auth_context); err_2: free(data); err_1: @@ -171,23 +425,25 @@ err_1: return -1; } -/* - * Usage: - * $ mkeficapsule -f - */ int main(int argc, char **argv) { char *file; efi_guid_t *guid; unsigned long index, instance; + uint64_t mcount; + char *privkey_file, *cert_file; int c, idx; file = NULL; guid = NULL; index = 0; instance = 0; + mcount = 0; + privkey_file = NULL; + cert_file = NULL; + dump_sig = 0; for (;;) { - c = getopt_long(argc, argv, "f:r:i:I:v:h", options, &idx); + c = getopt_long(argc, argv, opts_short, options, &idx); if (c == -1) break; @@ -214,26 +470,44 @@ int main(int argc, char **argv) case 'I': instance = strtoul(optarg, NULL, 0); break; +#ifdef CONFIG_TOOLS_LIBCRYPTO + case 'p': + if (privkey_file) { + printf("Private Key already specified\n"); + return -1; + } + privkey_file = optarg; + break; + case 'c': + if (cert_file) { + printf("Certificate file already specified\n"); + return -1; + } + cert_file = optarg; + break; + case 'm': + mcount = strtoul(optarg, NULL, 0); + break; + case 'd': + dump_sig = 1; + break; +#endif /* CONFIG_TOOLS_LIBCRYPTO */ case 'h': print_usage(); return 0; } } - /* need an output file */ - if (argc != optind + 1) { + /* check necessary parameters */ + if ((argc != optind + 1) || !file || + ((privkey_file && !cert_file) || + (!privkey_file && cert_file))) { print_usage(); exit(EXIT_FAILURE); } - /* need a fit image file or raw image file */ - if (!file) { - print_usage(); - exit(EXIT_SUCCESS); - } - - if (create_fwbin(argv[optind], file, guid, index, instance) - < 0) { + if (create_fwbin(argv[optind], file, guid, index, instance, + mcount, privkey_file, cert_file) < 0) { printf("Creating firmware capsule failed\n"); exit(EXIT_FAILURE); } From patchwork Tue Jul 27 09:10:47 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: AKASHI Takahiro X-Patchwork-Id: 486669 Delivered-To: patch@linaro.org Received: by 2002:a05:6638:1185:0:0:0:0 with SMTP id f5csp37809jas; Tue, 27 Jul 2021 02:13:00 -0700 (PDT) X-Google-Smtp-Source: ABdhPJy7hPRFt01H6hL0c0oq7sUL502i5GBgPaS8AQDEIcXAGgIqdUH2JYhxbEEJ0lys/ag2ecZJ X-Received: by 2002:aa7:d395:: with SMTP id x21mr26344022edq.98.1627377180472; Tue, 27 Jul 2021 02:13:00 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1627377180; cv=none; d=google.com; s=arc-20160816; b=k2pd14JorbaXOGoqOhLPyfFH3i8Aj1sUX8hfHGtvbhbDJgQH7IL78HGaZ8zsUEn3XQ S2fopO6EzoinxRrbK0aklrb0LVhbEiDAwOyo57xNnne3YMTproD9HGpufHlW1Qhp07Nm /qfD8LJdJMXMwDEQOsIkmRtKEudGXVajVqIAA7ZWTE9wDVEXCm5YvsgQcA8YO1BEfvLS cpOpV0xA4BLwF/d/DeMDi9k57Zf6+rwJQl+cLgzxKUa+ySDQ/jdvaVOZtH13MhBIKO6N o+NVbOTRrqN9d8UhvavnBJABKdBYVItrNZSAe5QtRo9DXuTep9AD90zDGRV+MtWnxX9A GhWg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:content-transfer-encoding :mime-version:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=MLlwQPSRER3ANkN8G56lbwkpfzx2oclPAcZJZwKKhDA=; b=dqIY6pw93HCc/eDyiN4ZztzMnJsimrVEtuOGT/Q8w3MfuomO29oI/vgBD6ofRki9c2 3AUlCNAoisEejryFYwB4kBUiNfrnxdeAJxZQAJlDq0EEvPgX/cEKcp7VnKggGzDulyij s9v1lQ+7dn4SRWYW9xKR1XH+39Lgi2DVRZPGHznxQPi4zHcGVbEqiIUoAQJY75vC1OpS awhFspxUQoilNYAhDnRF7AgBzJ3UdrtvUhfEptMdyE2sbG7Mn6e4PdCKOWqC+6qKOz7U d2DieW1IuSlc3TzVwSdzHfNk5OcTiYJ+zdP5aOov2ROSLE9FhXPl6uEsp3iYnhwEeAwk NX7Q== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b="o/wxagC9"; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 85.214.62.61 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from phobos.denx.de (phobos.denx.de. [85.214.62.61]) by mx.google.com with ESMTPS id q5si2425496edi.242.2021.07.27.02.13.00 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 27 Jul 2021 02:13:00 -0700 (PDT) Received-SPF: pass (google.com: domain of u-boot-bounces@lists.denx.de designates 85.214.62.61 as permitted sender) client-ip=85.214.62.61; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b="o/wxagC9"; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 85.214.62.61 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 3D82F83450; Tue, 27 Jul 2021 11:12:55 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="o/wxagC9"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id A7ECA83458; Tue, 27 Jul 2021 11:12:34 +0200 (CEST) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,SPF_HELO_NONE autolearn=ham autolearn_force=no version=3.4.2 Received: from mail-pj1-x1036.google.com (mail-pj1-x1036.google.com [IPv6:2607:f8b0:4864:20::1036]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id 1C21C8344E for ; Tue, 27 Jul 2021 11:12:18 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=takahiro.akashi@linaro.org Received: by mail-pj1-x1036.google.com with SMTP id m1so16861638pjv.2 for ; Tue, 27 Jul 2021 02:12:18 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=MLlwQPSRER3ANkN8G56lbwkpfzx2oclPAcZJZwKKhDA=; b=o/wxagC9o+UOJLnG1QzA9RtBm694ie7U2qXhfBc+MPn8bALedbhabYYC90wvA/vbX3 YDOIjC2LnhXsSe44jVGYuWmTBMa+viuTEdU8vjWKUbNTtm+ZQaGuBkUewlmV3YRD+983 7NC3Bb5OFACI7K8y9yb565J9M3yuZUv4tRPGEy8cbf+Lc9res+/shnSIA5bJB2YahqhL 0/7Y/LivnEGKmuR7yzMyjTThAQrp37T5aiJtVJns84p4x/bllsucdQkrRq5MylVaPAey Een/BnL0OrUstF+1bMSVmBSQ+6eWe1ns72nUxoipahuqjZFpVIdeZqGyPVJ5u/9QLXdc 5n0w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=MLlwQPSRER3ANkN8G56lbwkpfzx2oclPAcZJZwKKhDA=; b=bvIGP0tuiULNSHwvrKlbWH7zLTHT5eS/D54Ri0aUNs6coECiIgziPR0Io0krwH+Tj8 99uXMtKnp5ED6wSdcnzmAiBToHY1XTpKDO5dUd688U9TZwCvxpboRKiHGyLifkAjZslD K30Xwo+QIFR69bXcJ7bhAgwT24EKW311GMoi9o3I1encsIaHGNmpe319Bg1nt7VYZg+T hZ6+02e5OwbTTfGuSfG8+jLUfxbZV0LtLzDlo0Hwgoy91sefd1r4nEOaxS0RFzbUWGS3 UT1q93KxFwbTh2+QvOV0zr7QQqtdUde3JbVcrXSyR+ni8xmskrT9kPse3e8oJYFrsMKe ji5g== X-Gm-Message-State: AOAM533eKe4Yp1VYZ4VIg+hdeXvf+edgEsW41hI03fDaWOstMfKE7cFj wXzPJvDsnZjN6KFaAyZ9cJztLw== X-Received: by 2002:aa7:8550:0:b029:32b:963f:f53b with SMTP id y16-20020aa785500000b029032b963ff53bmr22430030pfn.0.1627377136437; Tue, 27 Jul 2021 02:12:16 -0700 (PDT) Received: from localhost.localdomain (pdb6272ed.tkyea130.ap.so-net.ne.jp. [219.98.114.237]) by smtp.gmail.com with ESMTPSA id q13sm2008218pjq.10.2021.07.27.02.12.13 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 27 Jul 2021 02:12:16 -0700 (PDT) From: AKASHI Takahiro To: xypron.glpk@gmx.de, agraf@csgraf.de, trini@konsulko.com, sjg@chromium.org Cc: ilias.apalodimas@linaro.org, sughosh.ganu@linaro.org, masami.hiramatsu@linaro.org, u-boot@lists.denx.de, AKASHI Takahiro Subject: [PATCH v2 2/9] tools: mkeficapsule: add man page Date: Tue, 27 Jul 2021 18:10:47 +0900 Message-Id: <20210727091054.512050-3-takahiro.akashi@linaro.org> X-Mailer: git-send-email 2.31.0 In-Reply-To: <20210727091054.512050-1-takahiro.akashi@linaro.org> References: <20210727091054.512050-1-takahiro.akashi@linaro.org> MIME-Version: 1.0 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.34 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.2 at phobos.denx.de X-Virus-Status: Clean Add a man page for mkeficapsule command. Signed-off-by: AKASHI Takahiro --- MAINTAINERS | 1 + doc/mkeficapsule.1 | 91 ++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 92 insertions(+) create mode 100644 doc/mkeficapsule.1 -- 2.31.0 Reviewed-by: Heinrich Schuchardt diff --git a/MAINTAINERS b/MAINTAINERS index ae6c70860d3a..24f52f837066 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -696,6 +696,7 @@ S: Maintained T: git https://source.denx.de/u-boot/custodians/u-boot-efi.git F: doc/api/efi.rst F: doc/develop/uefi/* +F: doc/mkeficapsule.1 F: doc/usage/bootefi.rst F: drivers/rtc/emul_rtc.c F: include/capitalization.h diff --git a/doc/mkeficapsule.1 b/doc/mkeficapsule.1 new file mode 100644 index 000000000000..7c2341160ea4 --- /dev/null +++ b/doc/mkeficapsule.1 @@ -0,0 +1,91 @@ +.TH MAEFICAPSULE 1 "May 2021" + +.SH NAME +mkeficapsule \- Generate EFI capsule file for U-Boot + +.SH SYNOPSIS +.B mkeficapsule +.RB [\fIoptions\fP] " \fIcapsule-file\fP" + +.SH "DESCRIPTION" +The +\fBmkeficapsule\fP +command is used to create an EFI capsule file for use with the U-Boot +EFI capsule update. +A capsule file may contain various type of firmware blobs which +are to be applied to the system and must be placed in the specific +directory on the UEFI system partition. An update will be automatically +executed at next reboot. + +Optionally, a capsule file can be signed with a given private key. +In this case, the update will be authenticated by verifying the signature +before applying. + +\fBmkeficapsule\fP supports two different format of image files: +.TP +.I raw image +format is a single binary blob of any type of firmware. + +.TP +.I FIT (Flattened Image Tree) image +format +is the same as used in the new \fIuImage\fP format and allows for +multiple binary blobs in a single capsule file. +This type of image file can be generated by \fBmkimage\fP. + +.SH "OPTIONS" + +.TP +.BI "-f, --fit \fIfit-image-file\fP" +Specify a FIT image file + +.TP +.BI "-r, --raw \fIraw-image-file\fP" +Specify a raw image file + +.TP +.BI "-i, --index \fIindex\fP" +Specify an image index + +.TP +.BI "-I, --instance \fIinstance\fP" +Specify a hardware instance + +.TP +.BI "-h, --help" +Print a help message + +.TP 0 +.B With signing: + +.TP +.BI "-p, --private-key \fIprivate-key-file\fP" +Specify signer's private key file in PEM + +.TP +.BI "-c, --certificate \fIcertificate-file\fP" +Specify signer's certificate file in EFI certificate list format + +.TP +.BI "-m, --monotonic-count \fIcount\fP" +Specify a monotonic count which is set to be monotonically incremented +at every firmware update. + +.TP +.BI "-d, --dump_sig" +Dump signature data into *.p7 file + +.PP +.SH FILES +.TP +.BI "\fI/EFI/UpdateCapsule\fP" +The directory in which all capsule files be placed + +.SH SEE ALSO +.B mkimage + +.SH AUTHORS +Written by AKASHI Takahiro + +.SH HOMEPAGE +http://www.denx.de/wiki/U-Boot/WebHome From patchwork Tue Jul 27 09:10:48 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: AKASHI Takahiro X-Patchwork-Id: 486668 Delivered-To: patch@linaro.org Received: by 2002:a05:6638:1185:0:0:0:0 with SMTP id f5csp37687jas; Tue, 27 Jul 2021 02:12:48 -0700 (PDT) X-Google-Smtp-Source: ABdhPJyiM9P6Ljw53FVPVzsdQecn0SBRt57P45trO3XPhgNi5LZuMWysd09oh4QU3StLNOuk6hjo X-Received: by 2002:a17:906:6011:: with SMTP id o17mr20434782ejj.157.1627377168391; Tue, 27 Jul 2021 02:12:48 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1627377168; cv=none; d=google.com; s=arc-20160816; b=TkquWqNEL9lzC4JPghCsGK3e34Ru4l+aW6nJ5HiNLmH0ZbDmdrSiCrujLi6yMOrLym lOPL8EBMYCA8BwqTIvdvRr1bUJN2TlLaPf/ZupHdDg1M12h7Z2ZMcEbgoe5T/GtYAJ38 A61zgb3Ogu6hzjcgZkL/0mVLYp3Eun4PPAqYKeKCf8ieU03HR4GW/JUpMNaRHUoJDt1Y 5a7EDnmtBEv7Ke4KJF5+nFfibVxA9qMt2qmUDTnCkPOJMxpdRSdxsIq014VH3swIRbsG pyH4QUQm4Ewmema9LsgIuOPKR2L+AfGwSDurbeoAqtKK+JQtCCfTOmKziGXDv3UXT/Qx cedA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:content-transfer-encoding :mime-version:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=E0CmJji2nnTKGZRTV6KvvICjwddAW4DDOZEG5c+nP84=; b=PPMX8UXphGM7Mt3fbn0uSGSnuftTnSxxgO0TKaLv/jYrZnrzDjEWfEMF/ShdM+44JA ++vooXCoB1u0j9wkXLx2UIXYkctKrCDsy7oARWuOZah5oc4HISRZsiM5L1oby0PLWRTQ sF3q+qKbeHNDGcrhwwa6cg9LoDQ91afvFqRMvGBlpUeV3XfrnHxb4FfzB+gn4V3NdTdZ sp3Iiie8slJfnJ2Bjq6DQGV1lIw3pl5O/yTWe3HwFgp63usU/x1TEq4rMTp4tW/jbhrm MzYWRagpme9/n+bhix+mYgD1fpUgViThVqHgNJHIrCBKSWG2Mu9uFQ7P9D/qg/d81aVu yDbw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=grTBzvv8; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from phobos.denx.de (phobos.denx.de. [2a01:238:438b:c500:173d:9f52:ddab:ee01]) by mx.google.com with ESMTPS id jw8si2497456ejc.78.2021.07.27.02.12.48 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 27 Jul 2021 02:12:48 -0700 (PDT) Received-SPF: pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) client-ip=2a01:238:438b:c500:173d:9f52:ddab:ee01; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=grTBzvv8; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id C3A3383459; Tue, 27 Jul 2021 11:12:45 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="grTBzvv8"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id 0C4EE8345F; Tue, 27 Jul 2021 11:12:31 +0200 (CEST) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,SPF_HELO_NONE autolearn=ham autolearn_force=no version=3.4.2 Received: from mail-pj1-x102a.google.com (mail-pj1-x102a.google.com [IPv6:2607:f8b0:4864:20::102a]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id 755DD83455 for ; Tue, 27 Jul 2021 11:12:21 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=takahiro.akashi@linaro.org Received: by mail-pj1-x102a.google.com with SMTP id mz5-20020a17090b3785b0290176ecf64922so3198565pjb.3 for ; Tue, 27 Jul 2021 02:12:21 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=E0CmJji2nnTKGZRTV6KvvICjwddAW4DDOZEG5c+nP84=; b=grTBzvv8Y4pjIuveNfdc0IRy4JZQ3xJQ5S3harSvywkh95Bwa/KBW2407DL3dxjsPt kYvD0InyQ0jumh3KOuditvUbgpCuXJUk6LDCZApInR65gQHX3YhRia2fwdlZpXtLgizP 8t4DroG1mhZUuy6wfEzTAO1B8/4Z3wUJ7rW3JJo/jvBWX0yX9LxpfRXY7hpvxizMHtJZ e+Z/Z0A+Ece/kdryIK72wvz84emT4CmcIWz40Uix9gRh+/cRks+t29qxBFr2AMDGEVDZ ixhXdlmvkMU89HaKhXVokrhRvHxTLuR3GqYD5x3E8nPmDWfPxP+XfXtTuhlTWi5PQxhx peZg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=E0CmJji2nnTKGZRTV6KvvICjwddAW4DDOZEG5c+nP84=; b=Xq8K62WgBLTyLehpSxArlcw7aofLksQkpSAL+7l3bnfLBUPPH/KqB0qVbmPYmMsrPp AD/s1lIJoAS/geWnOTmagnpFXo8IKe7xUOt3q+iB7chZcYLmBGekmSvdYedRcrP8hnbg yiXTMpFcPLTAGOE3kGY29llZd93l/RgkuIEWtruWfWPXiLQLKQeZOl3iA0orWWq4ZQqf OQef0auTZmHkfLo/TQIJjSuRz6QGi9e403aNFKt4FgBXoqz6zOrivT/tU4CvFli4J+hL BHr4MFmYQQ7gHcBb7eAPKI7ifNcRUdKNGrg/FTBfiByeOr76DCQTsVFE6dr7J6Fmd6MM 2sNA== X-Gm-Message-State: AOAM5317HxtFAGiWl+SCz0cyoNNOz7YRHeILt1Ru3VAjgteiD7ASTviR 7Yibe7yTsfwWxNjp5pIMhkcA6w== X-Received: by 2002:a05:6a00:785:b029:2f7:dcbe:c292 with SMTP id g5-20020a056a000785b02902f7dcbec292mr7605436pfu.63.1627377139724; Tue, 27 Jul 2021 02:12:19 -0700 (PDT) Received: from localhost.localdomain (pdb6272ed.tkyea130.ap.so-net.ne.jp. [219.98.114.237]) by smtp.gmail.com with ESMTPSA id q13sm2008218pjq.10.2021.07.27.02.12.16 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 27 Jul 2021 02:12:19 -0700 (PDT) From: AKASHI Takahiro To: xypron.glpk@gmx.de, agraf@csgraf.de, trini@konsulko.com, sjg@chromium.org Cc: ilias.apalodimas@linaro.org, sughosh.ganu@linaro.org, masami.hiramatsu@linaro.org, u-boot@lists.denx.de, AKASHI Takahiro Subject: [PATCH v2 3/9] doc: update UEFI document for usage of mkeficapsule Date: Tue, 27 Jul 2021 18:10:48 +0900 Message-Id: <20210727091054.512050-4-takahiro.akashi@linaro.org> X-Mailer: git-send-email 2.31.0 In-Reply-To: <20210727091054.512050-1-takahiro.akashi@linaro.org> References: <20210727091054.512050-1-takahiro.akashi@linaro.org> MIME-Version: 1.0 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.34 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.2 at phobos.denx.de X-Virus-Status: Clean Now we can use mkeficapsule command instead of EDK-II's script to create a signed capsule file. So update the instruction for capsule authentication. Signed-off-by: AKASHI Takahiro --- doc/develop/uefi/uefi.rst | 31 ++++++++++++++----------------- 1 file changed, 14 insertions(+), 17 deletions(-) -- 2.31.0 Acked-by: Heinrich Schuchardt diff --git a/doc/develop/uefi/uefi.rst b/doc/develop/uefi/uefi.rst index 64fe9346c7f2..5ccb455da984 100644 --- a/doc/develop/uefi/uefi.rst +++ b/doc/develop/uefi/uefi.rst @@ -347,23 +347,20 @@ and used by the steps highlighted below:: -keyout CRT.key -out CRT.crt -nodes -days 365 $ cert-to-efi-sig-list CRT.crt CRT.esl - $ openssl x509 -in CRT.crt -out CRT.cer -outform DER - $ openssl x509 -inform DER -in CRT.cer -outform PEM -out CRT.pub.pem - - $ openssl pkcs12 -export -out CRT.pfx -inkey CRT.key -in CRT.crt - $ openssl pkcs12 -in CRT.pfx -nodes -out CRT.pem - -The capsule file can be generated by using the GenerateCapsule.py -script in EDKII:: - - $ ./BaseTools/BinWrappers/PosixLike/GenerateCapsule -e -o \ - --monotonic-count --fw-version \ - --lsv --guid \ - e2bb9c06-70e9-4b14-97a3-5a7913176e3f --verbose \ - --update-image-index --signer-private-cert \ - /path/to/CRT.pem --trusted-public-cert \ - /path/to/CRT.pub.pem --other-public-cert /path/to/CRT.pub.pem \ - +The signed capsule file can be generated by using tools/mkeficapsule. +To build this tool, enable:: + + CONFIG_TOOLS_MKEFICAPSULE=y + CONFIG_TOOLS_LIBCRYPTO=y + +To generate and sign the capsule file:: + + $ mkeficapsule --monotonic-count 1 \ + --private-key CRT.key \ + --certificate CRT.crt \ + --index 1 --instance 0 \ + [--fit | --raw ] \ + Place the capsule generated in the above step on the EFI System Partition under the EFI/UpdateCapsule directory From patchwork Tue Jul 27 09:10:49 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: AKASHI Takahiro X-Patchwork-Id: 486670 Delivered-To: patch@linaro.org Received: by 2002:a05:6638:1185:0:0:0:0 with SMTP id f5csp38164jas; Tue, 27 Jul 2021 02:13:35 -0700 (PDT) X-Google-Smtp-Source: ABdhPJyRUc7dCzs2dELHCgW6ls9RNlTXpPfo3OokYV+AFQrKuKEcvuTXxFQLO3KaUQfeTnyy1tCx X-Received: by 2002:a17:906:24d3:: with SMTP id f19mr9877527ejb.391.1627377214814; Tue, 27 Jul 2021 02:13:34 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1627377214; cv=none; d=google.com; s=arc-20160816; b=VEXE83R5Jpwayn8ZIgzyYpXe43Uhw+9b/zbp25n6CDLwORssM+LOMR6nG1vxy2zSNn 5I5S7c120389+214qUqfRYZdcSUuKXZzNqQ0vyF1yubRyCOwRn0mV35u0KBtHd4+t4rQ 44oeIPmyNVZvUR6wNAnkiwOz9ptjYDRGplQ65add9Qt6rCm5Y6VOb+bw6n2SkySWfsDK GffL2tt3WeC67tlFbfEic1j2zR4sM+tnBQbGVTlHX8q5paAaXALPkkvhnDDG9aVmVsbn Izrpu47JLxn1hgypZpAoJwM3nt+ogt56WEsjK9GY+H3/L6lt6u0NohONCtg9ib2//jUk QxPw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:content-transfer-encoding :mime-version:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=m0fZBfOpFtkibzNSmeRc44zmLSFHl7il0D55qyIOWDE=; b=roig6fELFKDHy6CcMCw97ch08uTJC3Jcr28fV2WmWICLYnYrkVvHE8IApLZZYn4rW/ /GXGlEANXjKqS4nCPYunCSGRV8q9SqWh12phfQORcezZjfc0Fg8TkkaE6Nucz99NRjJt TaHiN0Pjhs5nJVbinHZWaXYsacp1+CirK5+gVDsiDU3rz+WOA74NloqwPHTYMAwcrDFx W3J97eO5ZWAAnNjQy+j1AMbh9zfPbnc1LYGPb0pEclHOWAWjP+lfg6J618jZYAQK4yxB Qdwd4Qmn4EZeX5mEov7ni0LFZQYKUtqiOdK80rqJwjgjp8rs+N1TLw6/YJfOko/kBBgv 5nwg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=MWuurUal; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from phobos.denx.de (phobos.denx.de. [2a01:238:438b:c500:173d:9f52:ddab:ee01]) by mx.google.com with ESMTPS id g16si2507443ejm.150.2021.07.27.02.13.34 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 27 Jul 2021 02:13:34 -0700 (PDT) Received-SPF: pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) client-ip=2a01:238:438b:c500:173d:9f52:ddab:ee01; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=MWuurUal; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id DED3D83445; Tue, 27 Jul 2021 11:13:32 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="MWuurUal"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id C106983458; Tue, 27 Jul 2021 11:12:42 +0200 (CEST) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,SPF_HELO_NONE autolearn=ham autolearn_force=no version=3.4.2 Received: from mail-pl1-x632.google.com (mail-pl1-x632.google.com [IPv6:2607:f8b0:4864:20::632]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id C18E183448 for ; Tue, 27 Jul 2021 11:12:25 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=takahiro.akashi@linaro.org Received: by mail-pl1-x632.google.com with SMTP id e21so10556948pla.5 for ; Tue, 27 Jul 2021 02:12:25 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=m0fZBfOpFtkibzNSmeRc44zmLSFHl7il0D55qyIOWDE=; b=MWuurUalEN0LrIKmLkdzqF2xk4fB7G2+Z0p2s4+ttpE+QCJuto7EHdHp1xhYoaCOLe 87NbfV8cm5O60JX/TfArFxXSXdKS94uhgT6ZnVQh0AbnBoRZEdk/Sk6Q2m8f8ulMqOtt QL06SElJV67w282aFIUq3WVF71oE/BfSoaEwue4xYpksgnMoq8DwuNocuo9LDxcKOV9U 6+PxZRxrCRi+F+0VT/vuE3nJSeeV+i148JmS31vbCervxM4RNdGs3feJaJEtUhoTyk7V zfRfOGy/JWOUJx0y+1F0wVN6BZMetX8VmxtZb7cgN4OTjNA/uH53WkYDOeBtYrkQiwFb mLTw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=m0fZBfOpFtkibzNSmeRc44zmLSFHl7il0D55qyIOWDE=; b=g4rj3+pXNxLVuMgVZnLY9qlbiphDmwCcOD7ad5VRmppgUVFPmjFzRUuhhZKkM/IEit bWhJY+ZgjRGa69G5Mi0Tm1qV9FXzkQmvBCnWJBZNPFTBO0bMaAJXfNnwbNelgT+0102l 36wH/OqECxJyiYpRzuZXlMgt/LbKgRy+yiwapTbHJPK4QwJ2P24EmrO4lot+wjcDh+WF CvzUvZTQQRjsSpoQYw/iBoHwuZLxZL1vsC3f8N6PD4eM3/EE9NtG1U0ipmFap/y/SBFm v8DZ4fINgKZRAnZ27+UF/tIFb8DlM4BNiR+m4yS/T1IHUKVNqISbnIV4p8JkvHTC762y d7Iw== X-Gm-Message-State: AOAM532Sjsz+Hc8AwqtV6TGyqm/CBlmH0BqI5TPr/dhSF9QQJYGzVJYG F97W0I9JVBnK7kDUkfu1NewaAA== X-Received: by 2002:a17:902:f68f:b029:12c:228a:5226 with SMTP id l15-20020a170902f68fb029012c228a5226mr7981017plg.61.1627377144094; Tue, 27 Jul 2021 02:12:24 -0700 (PDT) Received: from localhost.localdomain (pdb6272ed.tkyea130.ap.so-net.ne.jp. [219.98.114.237]) by smtp.gmail.com with ESMTPSA id q13sm2008218pjq.10.2021.07.27.02.12.20 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 27 Jul 2021 02:12:23 -0700 (PDT) From: AKASHI Takahiro To: xypron.glpk@gmx.de, agraf@csgraf.de, trini@konsulko.com, sjg@chromium.org Cc: ilias.apalodimas@linaro.org, sughosh.ganu@linaro.org, masami.hiramatsu@linaro.org, u-boot@lists.denx.de, AKASHI Takahiro Subject: [PATCH v2 4/9] efi_loader: ease the file path check for public key Date: Tue, 27 Jul 2021 18:10:49 +0900 Message-Id: <20210727091054.512050-5-takahiro.akashi@linaro.org> X-Mailer: git-send-email 2.31.0 In-Reply-To: <20210727091054.512050-1-takahiro.akashi@linaro.org> References: <20210727091054.512050-1-takahiro.akashi@linaro.org> MIME-Version: 1.0 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.34 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.2 at phobos.denx.de X-Virus-Status: Clean The check for CONFIG_EFI_CAPSULE_KEY_PATH: ifeq ("$(wildcard $(EFI_CAPSULE_KEY_PATH))","") does not allow users to specify a relative path for including a public key binary. This is fine for most of all cases, but it will make it difficult to add pytest test cases as pre-created keys/certificates are placed in "test" directory. So just ease the check, still causing an error if the specified file does not exist at compiling efi_capsule_key.S. Signed-off-by: AKASHI Takahiro --- lib/efi_loader/Makefile | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) -- 2.31.0 diff --git a/lib/efi_loader/Makefile b/lib/efi_loader/Makefile index 9b369430e258..fca0da4d131e 100644 --- a/lib/efi_loader/Makefile +++ b/lib/efi_loader/Makefile @@ -21,8 +21,9 @@ targets += helloworld.o endif ifeq ($(CONFIG_EFI_CAPSULE_AUTHENTICATE),y) -EFI_CAPSULE_KEY_PATH := $(subst $\",,$(CONFIG_EFI_CAPSULE_KEY_PATH)) -ifeq ("$(wildcard $(EFI_CAPSULE_KEY_PATH))","") +#EFI_CAPSULE_KEY_PATH := $(subst $\",,$(CONFIG_EFI_CAPSULE_KEY_PATH)) +#ifeq ("$(wildcard $(EFI_CAPSULE_KEY_PATH))","") +ifeq ($(CONFIG_EFI_CAPSULE_KEY_PATH),"") $(error .esl cerificate not found. Configure your CONFIG_EFI_CAPSULE_KEY_PATH) endif endif From patchwork Tue Jul 27 09:10:50 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: AKASHI Takahiro X-Patchwork-Id: 486671 Delivered-To: patch@linaro.org Received: by 2002:a05:6638:1185:0:0:0:0 with SMTP id f5csp38324jas; Tue, 27 Jul 2021 02:13:52 -0700 (PDT) X-Google-Smtp-Source: ABdhPJz/OH/5yZawrPPbMeha3F5nmtomSAkLgTSQtSGhyJQG3ByGTBxl5n0ahU0wohK2COQTsbmO X-Received: by 2002:a17:907:75d2:: with SMTP id jl18mr20530144ejc.238.1627377232297; Tue, 27 Jul 2021 02:13:52 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1627377232; cv=none; d=google.com; s=arc-20160816; b=YLJO8hNX76JgBUIBcCmR5m/fwoRF6LD3L3Rca3lrzAwn0A0g6nuEkykEEt7I6tBcXA G/ijyOkp+Gov1li0cKoN6VoC6RI9FqqtISGhCbpSEz6+lO9R9XMWaxjfAsNV6TJ/ywAP 4N0quR+GWGsVnBDGZeSjRaky0ajqireZbKQU1ag8OvE30z9RmgPofLWRJiaQe+0KdvvI rjgVXjQS0VuFhN56Gf3hVfRlFXeAnlU1BObtbIwGaya3vFdMCbXJ6wLkpzkuPic1VCIt h1yiR14oUqFxG/ya+LUV4Wfp+RPBDisoHn/4pfOo12mrYoH5RNRVBFO4nAgZueNuyOIk 2m6A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:content-transfer-encoding :mime-version:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=b+EZQpVl2iyyInrLFjAoUnhaaQQU1rALBONp60p05CQ=; b=ZnWsKrqmHrE3YuEn91vqqGBL/oW9gVfTVlBLCqgnmE/R2c9jTIu2sq6vstfQWE8xyc 7Q6XlnnU+6W1MSA3mFEbEzXmEV8K9CnSHh4HhdM+8d3GytmpTsJvkKoCTRF+C8DDxSMd 2D8cezod80GURZAq08FSXvgUilklqfmgaorQsuQzadhnX2GAidh9XMBll/U071eLgw82 hqmwCZ0c2VbhgyNB18v7jr5wKBmmhCvwFcZMKOnzUlOZi4IKEu62gxGoBeAYY8JFRpgo pLwRJckj7COSZr3GrEFXiirTY3ia+qJ9z4uQgNGzqVnpT9jkbCkO/Bf+JjXzuI9ISI1B 2n0g== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=HXMjwros; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 85.214.62.61 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from phobos.denx.de (phobos.denx.de. [85.214.62.61]) by mx.google.com with ESMTPS id h16si2389229ede.546.2021.07.27.02.13.52 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 27 Jul 2021 02:13:52 -0700 (PDT) Received-SPF: pass (google.com: domain of u-boot-bounces@lists.denx.de designates 85.214.62.61 as permitted sender) client-ip=85.214.62.61; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=HXMjwros; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 85.214.62.61 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 29B6F83459; Tue, 27 Jul 2021 11:13:40 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="HXMjwros"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id 1FF948345C; Tue, 27 Jul 2021 11:12:51 +0200 (CEST) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,SPF_HELO_NONE autolearn=ham autolearn_force=no version=3.4.2 Received: from mail-pj1-x102c.google.com (mail-pj1-x102c.google.com [IPv6:2607:f8b0:4864:20::102c]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id EE8308344E for ; Tue, 27 Jul 2021 11:12:35 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=takahiro.akashi@linaro.org Received: by mail-pj1-x102c.google.com with SMTP id u9-20020a17090a1f09b029017554809f35so3176119pja.5 for ; Tue, 27 Jul 2021 02:12:35 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=b+EZQpVl2iyyInrLFjAoUnhaaQQU1rALBONp60p05CQ=; b=HXMjwrosVOkcgjggS7tuIg1ju7RosLdKnNlQ01hIRqAUhRoE5896tY6qXeedtkeisC i4mZzZUt/k/M0oh/ABM8pFNskcYUr3MD/Qp6E/9vsLZxc2/r72yAjVQfEN7eeXYph5f1 T0VBIOHIOgCoqNqJu6z689kyxk32SIrWFQMxqhvup1/y14tEF25LOO0OJ6uOPh+74X8Y 7VDcmB+ezJAWuA4t7OVuzd47Lyw/Ebx+Xdiqat+vJlx9amGmtYqCWOaFFs6TXwpvzG4C r2epzPa21sejd8vvQGmVNPhRXoI6VBVXvmk0YAFF+bN6Y8oxniqBNtdRGVda3Qqu7Gm8 ZAtg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=b+EZQpVl2iyyInrLFjAoUnhaaQQU1rALBONp60p05CQ=; b=RzlO0lt6EcM5aFD7m4zromz0eWmSXNkp7DbZlimciFFXfowfKYDK/kS9kHSVyYglMq sUUjx88D1aFhXLQgryFZhVLwKL9pwiPXWDGVuc+Hd79UQeJcPAAD8tMvQpQVL2WSnkGU VcqjKGzefyo5DRGKv1uCqMNo7qomBRbIPhilcQCEUTszvXr68FgWAJu9CVDlqGFaAfbk Bz5VQOh3viwzp15LQGTcM82aOM1nxJl0i2DlOF6QrtN3npfKHab7bBxaV0ZhwtAZHAC9 1Djirf50XE5sMXqxrlfnbxZjWkVCH2wCKAQXl1e0iD19xxcrppZqJb63n0fY8RU+17Nm aWTA== X-Gm-Message-State: AOAM530J3y0xZT/MPmirkwDVkPHW6B+kryGqqI5gDC7UgdgcFWF7zVMg OWNA+k02QyUydWDaoPlM+IzXeA== X-Received: by 2002:a63:f241:: with SMTP id d1mr22317220pgk.424.1627377153897; Tue, 27 Jul 2021 02:12:33 -0700 (PDT) Received: from localhost.localdomain (pdb6272ed.tkyea130.ap.so-net.ne.jp. [219.98.114.237]) by smtp.gmail.com with ESMTPSA id q13sm2008218pjq.10.2021.07.27.02.12.24 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 27 Jul 2021 02:12:33 -0700 (PDT) From: AKASHI Takahiro To: xypron.glpk@gmx.de, agraf@csgraf.de, trini@konsulko.com, sjg@chromium.org Cc: ilias.apalodimas@linaro.org, sughosh.ganu@linaro.org, masami.hiramatsu@linaro.org, u-boot@lists.denx.de, AKASHI Takahiro Subject: [PATCH v2 5/9] test/py: efi_capsule: add image authentication test Date: Tue, 27 Jul 2021 18:10:50 +0900 Message-Id: <20210727091054.512050-6-takahiro.akashi@linaro.org> X-Mailer: git-send-email 2.31.0 In-Reply-To: <20210727091054.512050-1-takahiro.akashi@linaro.org> References: <20210727091054.512050-1-takahiro.akashi@linaro.org> MIME-Version: 1.0 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.34 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.2 at phobos.denx.de X-Virus-Status: Clean Add a couple of test cases against capsule image authentication for capsule-on-disk, where only a signed capsule file with the verified signature will be applied to the system. Due to the difficulty of embedding a public key (esl file) in U-Boot binary during pytest setup time, all the keys/certificates are pre-created. Signed-off-by: AKASHI Takahiro --- test/py/tests/test_efi_capsule/SIGNER.crt | 19 ++ test/py/tests/test_efi_capsule/SIGNER.esl | Bin 0 -> 829 bytes test/py/tests/test_efi_capsule/SIGNER.key | 28 +++ test/py/tests/test_efi_capsule/SIGNER2.crt | 19 ++ test/py/tests/test_efi_capsule/SIGNER2.key | 28 +++ .../py/tests/test_efi_capsule/capsule_defs.py | 5 + test/py/tests/test_efi_capsule/conftest.py | 35 ++- .../test_capsule_firmware_signed.py | 228 ++++++++++++++++++ 8 files changed, 359 insertions(+), 3 deletions(-) create mode 100644 test/py/tests/test_efi_capsule/SIGNER.crt create mode 100644 test/py/tests/test_efi_capsule/SIGNER.esl create mode 100644 test/py/tests/test_efi_capsule/SIGNER.key create mode 100644 test/py/tests/test_efi_capsule/SIGNER2.crt create mode 100644 test/py/tests/test_efi_capsule/SIGNER2.key create mode 100644 test/py/tests/test_efi_capsule/test_capsule_firmware_signed.py -- 2.31.0 diff --git a/test/py/tests/test_efi_capsule/SIGNER.crt b/test/py/tests/test_efi_capsule/SIGNER.crt new file mode 100644 index 000000000000..f63ec01d9996 --- /dev/null +++ b/test/py/tests/test_efi_capsule/SIGNER.crt @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDDTCCAfWgAwIBAgIUD96z+lSbhDFN76YoIY2LnDBt1yQwDQYJKoZIhvcNAQEL +BQAwFjEUMBIGA1UEAwwLVEVTVF9TSUdORVIwHhcNMjEwNzI2MDg1MzE1WhcNMjIw +NzI2MDg1MzE1WjAWMRQwEgYDVQQDDAtURVNUX1NJR05FUjCCASIwDQYJKoZIhvcN +AQEBBQADggEPADCCAQoCggEBAMBuazX28i0y4L0loJYJOtlvF5eWb4tbx7zwei5c +KoSzQYixinS10OrVy7y8mELyXOlGOOsM509vzvoia0nffwEPsvTBeS3le2JBz9iN +/+AIo+gUmzgEPQN+jp+s4fi0yzRvq3BgWu1ego2gExxQ7AePQHoSkX8UeC3Kb7SF +a8Kt/TopOupZfEuZ+EtoxPA4JUStFgEUEcRJEfpQqECXV+lKqcyqHc2ZUzMisu+i +5omkneX8sEZdIPFsSGanCyY3F9VjWzIxo60PU2xUBOIcEUg5luR+VXT4090g/yCw +8PSf9rIKgGIQSQKAlUSc7zuXQIdgIMTS1xUpc/Nx+SqWNZECAwEAAaNTMFEwHQYD +VR0OBBYEFHndZVpPrAjc3OD3UZ3xkXQqDOlZMB8GA1UdIwQYMBaAFHndZVpPrAjc +3OD3UZ3xkXQqDOlZMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEB +AG88t6w0qTXE50ltps62f6wtuuZsiX1zj+AluO4E8E3Wi0QsNtT24JdY2P4mAg8y +abYLdgJIldzzsfjWWok9Dfqnx29tqgesKWkgUo16v70i4EVZ9YWGe+CfOK639OxL +4D0XPcU5CUpDrEcnt59wCxQ7IArZzrDxrqigEw5nReejtgQV/mEzvVOzWjLjmngy +SpvrydxYpfSvOJ3KGV9xw3Oa/qO3pS0ZNX9QqZdcC94M0SI6OF635oxJkz6JToYq ++qtv9PZtZnEU/cwzL0nTXMj7yRsP5+2Wre26yT62nKRy9P/3UFwmsJ0OuEmnol5I +141ZGfBYmSQ6EReOwNeK7A0= +-----END CERTIFICATE----- diff --git a/test/py/tests/test_efi_capsule/SIGNER.esl b/test/py/tests/test_efi_capsule/SIGNER.esl new file mode 100644 index 0000000000000000000000000000000000000000..a54536e243d274b74985abbecfe234d14013ef33 GIT binary patch literal 829 zcmZ1&d0^?2Da*aux2_hA(f&|m%gg`rmsjgYuF^))dnAzQ)7%D~*j$j<{VSbjnnF8zWDTM`Q6dS_k5_*i_vP??AWoft7PkiS65H(*)zlGQ_M>@i`P8Q z{qxWLQp)zcU(d+D>C3@N-KW(_j^}Um{(r!+_=U)93l>}Ey1w~q9{$*J+9ZEV4>==R*X?Z@QA12 zuYeT})5BkStvs_z_Uz1HW2H^+7d`7-GWY494Q{atA9Fm?mUF9_i(gHSHZokimOnTr zgyoTppoitOCv~AEKQ7-@_^+_x!%2dxFA|OV>p;i$53s z)S6~Gk%^g+fpKxLL7;&wFw|xFSj1RFD(|L7`LE%)bLYYLz_}kMmT2+3j5Lr3Nh`BR z7>G4sSHKTaAk4`4pM}+c8Au@qJ1}N}!OqB#Z?k=k$x72B&pmUOo!eHwMt9e*l!)AJ?r| zAk3HU`h4*=7SVr+#(RS|M;SeyRbk{c`}N5?5lg?Ux0riMGQRL|@vMJ~w=dO|G_4O< zIX#B^9?wN3D~q`8&w4y3+jaW2Y5iKA|K(e5TA|3_GsgO!mt#)+J}J%r{Oz>0Z+D%v r+csxO(U u-boot.bin.old; echo -n u-boot:New > u-boot.bin.new; echo -n u-boot-env:Old -> u-boot.env.old; echo -n u-boot-env:New > u-boot.env.new' % data_dir, @@ -56,6 +72,19 @@ def efi_capsule_data(request, u_boot_config): check_call('cd %s; %s/tools/mkeficapsule --raw u-boot.bin.new --index 1 Test02' % (data_dir, u_boot_config.build_dir), shell=True) + if capsule_auth_enabled: + # copy keys/certificates + check_call('cp %s/test/py/tests/test_efi_capsule/SIGNER*.* %s' % + (u_boot_config.source_dir, data_dir), + shell=True) + # firmware signed with proper key + check_call('cd %s; %s/tools/mkeficapsule --raw u-boot.bin.new --index 1 --monotonic-count 1 --private-key SIGNER.key --certificate SIGNER.crt Test03' % + (data_dir, u_boot_config.build_dir), + shell=True) + # firmware signed with *mal* key + check_call('cd %s; %s/tools/mkeficapsule --raw u-boot.bin.new --index 1 --monotonic-count 1 --private-key SIGNER2.key --certificate SIGNER2.crt Test04' % + (data_dir, u_boot_config.build_dir), + shell=True) # Create a disk image with EFI system partition check_call('virt-make-fs --partition=gpt --size=+1M --type=vfat %s %s' % diff --git a/test/py/tests/test_efi_capsule/test_capsule_firmware_signed.py b/test/py/tests/test_efi_capsule/test_capsule_firmware_signed.py new file mode 100644 index 000000000000..8fe93ef424ac --- /dev/null +++ b/test/py/tests/test_efi_capsule/test_capsule_firmware_signed.py @@ -0,0 +1,228 @@ +# SPDX-License-Identifier: GPL-2.0+ +# Copyright (c) 2021, Linaro Limited +# Author: AKASHI Takahiro +# +# U-Boot UEFI: Firmware Update (Signed capsule) Test + +""" +This test verifies capsule-on-disk firmware update +with signed capsule files +""" + +from subprocess import check_call, check_output, CalledProcessError +import pytest +from capsule_defs import * + +@pytest.mark.boardspec('sandbox') +@pytest.mark.buildconfigspec('efi_capsule_firmware_raw') +@pytest.mark.buildconfigspec('efi_capsule_authenticate') +@pytest.mark.buildconfigspec('dfu') +@pytest.mark.buildconfigspec('dfu_sf') +@pytest.mark.buildconfigspec('cmd_efidebug') +@pytest.mark.buildconfigspec('cmd_fat') +@pytest.mark.buildconfigspec('cmd_memory') +@pytest.mark.buildconfigspec('cmd_nvedit_efi') +@pytest.mark.buildconfigspec('cmd_sf') +@pytest.mark.slow +class TestEfiCapsuleFirmwareSigned(object): + def test_efi_capsule_auth1( + self, u_boot_config, u_boot_console, efi_capsule_data): + """ + Test Case 1 - Update U-Boot on SPI Flash, raw image format + 0x100000-0x150000: U-Boot binary (but dummy) + + If the capsule is properly signed, the authentication + should pass and the firmware be updated. + """ + disk_img = efi_capsule_data + with u_boot_console.log.section('Test Case 1-a, before reboot'): + output = u_boot_console.run_command_list([ + 'host bind 0 %s' % disk_img, + 'efidebug boot add -b 1 TEST host 0:1 /helloworld.efi', + 'efidebug boot order 1', + 'env set -e -nv -bs -rt OsIndications =0x0000000000000004', + 'env set dfu_alt_info "sf 0:0=u-boot-bin raw 0x100000 0x50000;u-boot-env raw 0x150000 0x200000"', + 'env save']) + + # initialize content + output = u_boot_console.run_command_list([ + 'sf probe 0:0', + 'fatload host 0:1 4000000 %s/u-boot.bin.old' % CAPSULE_DATA_DIR, + 'sf write 4000000 100000 10', + 'sf read 5000000 100000 10', + 'md.b 5000000 10']) + assert 'Old' in ''.join(output) + + # place a capsule file + output = u_boot_console.run_command_list([ + 'fatload host 0:1 4000000 %s/Test03' % CAPSULE_DATA_DIR, + 'fatwrite host 0:1 4000000 %s/Test03 $filesize' % CAPSULE_INSTALL_DIR, + 'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR]) + assert 'Test03' in ''.join(output) + + # reboot + u_boot_console.restart_uboot() + + capsule_early = u_boot_config.buildconfig.get( + 'config_efi_capsule_on_disk_early') + with u_boot_console.log.section('Test Case 1-b, after reboot'): + if not capsule_early: + # make sure that dfu_alt_info exists even persistent variables + # are not available. + output = u_boot_console.run_command_list([ + 'env set dfu_alt_info "sf 0:0=u-boot-bin raw 0x100000 0x50000;u-boot-env raw 0x150000 0x200000"', + 'host bind 0 %s' % disk_img, + 'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR]) + assert 'Test03' in ''.join(output) + + # need to run uefi command to initiate capsule handling + output = u_boot_console.run_command( + 'env print -e Capsule0000') + + output = u_boot_console.run_command_list([ + 'host bind 0 %s' % disk_img, + 'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR]) + assert 'Test03' not in ''.join(output) + + output = u_boot_console.run_command_list([ + 'sf probe 0:0', + 'sf read 4000000 100000 10', + 'md.b 4000000 10']) + assert 'u-boot:New' in ''.join(output) + + def test_efi_capsule_auth2( + self, u_boot_config, u_boot_console, efi_capsule_data): + """ + Test Case 2 - Update U-Boot on SPI Flash, raw image format + 0x100000-0x150000: U-Boot binary (but dummy) + + If the capsule is signed but with an invalid key, + the authentication should fail and the firmware + not be updated. + """ + disk_img = efi_capsule_data + with u_boot_console.log.section('Test Case 2-a, before reboot'): + output = u_boot_console.run_command_list([ + 'host bind 0 %s' % disk_img, + 'efidebug boot add -b 1 TEST host 0:1 /helloworld.efi', + 'efidebug boot order 1', + 'env set -e -nv -bs -rt OsIndications =0x0000000000000004', + 'env set dfu_alt_info "sf 0:0=u-boot-bin raw 0x100000 0x50000;u-boot-env raw 0x150000 0x200000"', + 'env save']) + + # initialize content + output = u_boot_console.run_command_list([ + 'sf probe 0:0', + 'fatload host 0:1 4000000 %s/u-boot.bin.old' % CAPSULE_DATA_DIR, + 'sf write 4000000 100000 10', + 'sf read 5000000 100000 10', + 'md.b 5000000 10']) + assert 'Old' in ''.join(output) + + # place a capsule file + output = u_boot_console.run_command_list([ + 'fatload host 0:1 4000000 %s/Test04' % CAPSULE_DATA_DIR, + 'fatwrite host 0:1 4000000 %s/Test04 $filesize' % CAPSULE_INSTALL_DIR, + 'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR]) + assert 'Test04' in ''.join(output) + + # reboot + u_boot_console.restart_uboot() + + capsule_early = u_boot_config.buildconfig.get( + 'config_efi_capsule_on_disk_early') + with u_boot_console.log.section('Test Case 2-b, after reboot'): + if not capsule_early: + # make sure that dfu_alt_info exists even persistent variables + # are not available. + output = u_boot_console.run_command_list([ + 'env set dfu_alt_info "sf 0:0=u-boot-bin raw 0x100000 0x50000;u-boot-env raw 0x150000 0x200000"', + 'host bind 0 %s' % disk_img, + 'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR]) + assert 'Test04' in ''.join(output) + + # need to run uefi command to initiate capsule handling + output = u_boot_console.run_command( + 'env print -e Capsule0000') + + # deleted any way + output = u_boot_console.run_command_list([ + 'host bind 0 %s' % disk_img, + 'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR]) + assert 'Test04' not in ''.join(output) + + # TODO: check CapsuleStatus in CapsuleXXXX + + output = u_boot_console.run_command_list([ + 'sf probe 0:0', + 'sf read 4000000 100000 10', + 'md.b 4000000 10']) + assert 'u-boot:Old' in ''.join(output) + + def test_efi_capsule_auth3( + self, u_boot_config, u_boot_console, efi_capsule_data): + """ + Test Case 3 - Update U-Boot on SPI Flash, raw image format + 0x100000-0x150000: U-Boot binary (but dummy) + + If the capsule is not signed, the authentication + should fail and the firmware not be updated. + """ + disk_img = efi_capsule_data + with u_boot_console.log.section('Test Case 3-a, before reboot'): + output = u_boot_console.run_command_list([ + 'host bind 0 %s' % disk_img, + 'efidebug boot add -b 1 TEST host 0:1 /helloworld.efi', + 'efidebug boot order 1', + 'env set -e -nv -bs -rt OsIndications =0x0000000000000004', + 'env set dfu_alt_info "sf 0:0=u-boot-bin raw 0x100000 0x50000;u-boot-env raw 0x150000 0x200000"', + 'env save']) + + # initialize content + output = u_boot_console.run_command_list([ + 'sf probe 0:0', + 'fatload host 0:1 4000000 %s/u-boot.bin.old' % CAPSULE_DATA_DIR, + 'sf write 4000000 100000 10', + 'sf read 5000000 100000 10', + 'md.b 5000000 10']) + assert 'Old' in ''.join(output) + + # place a capsule file + output = u_boot_console.run_command_list([ + 'fatload host 0:1 4000000 %s/Test02' % CAPSULE_DATA_DIR, + 'fatwrite host 0:1 4000000 %s/Test02 $filesize' % CAPSULE_INSTALL_DIR, + 'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR]) + assert 'Test02' in ''.join(output) + + # reboot + u_boot_console.restart_uboot() + + capsule_early = u_boot_config.buildconfig.get( + 'config_efi_capsule_on_disk_early') + with u_boot_console.log.section('Test Case 3-b, after reboot'): + if not capsule_early: + # make sure that dfu_alt_info exists even persistent variables + # are not available. + output = u_boot_console.run_command_list([ + 'env set dfu_alt_info "sf 0:0=u-boot-bin raw 0x100000 0x50000;u-boot-env raw 0x150000 0x200000"', + 'host bind 0 %s' % disk_img, + 'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR]) + assert 'Test02' in ''.join(output) + + # need to run uefi command to initiate capsule handling + output = u_boot_console.run_command( + 'env print -e Capsule0000') + + # deleted any way + output = u_boot_console.run_command_list([ + 'host bind 0 %s' % disk_img, + 'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR]) + assert 'Test02' not in ''.join(output) + + # TODO: check CapsuleStatus in CapsuleXXXX + + output = u_boot_console.run_command_list([ + 'sf probe 0:0', + 'sf read 4000000 100000 10', + 'md.b 4000000 10']) + assert 'u-boot:Old' in ''.join(output) From patchwork Tue Jul 27 09:10:51 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: AKASHI Takahiro X-Patchwork-Id: 486672 Delivered-To: patch@linaro.org Received: by 2002:a05:6638:1185:0:0:0:0 with SMTP id f5csp38420jas; Tue, 27 Jul 2021 02:14:03 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwf8tB5TTwqHt95csv5TDef/SlLnXRQyaV2nONG9mAGnUPYyjecvWksge0JVzXhJsrcyutM X-Received: by 2002:a17:906:9251:: with SMTP id c17mr8688215ejx.516.1627377243616; Tue, 27 Jul 2021 02:14:03 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1627377243; cv=none; d=google.com; s=arc-20160816; b=M0V1hvwf4w6L1NDAJc/aAd+7EOCDblnvya3mrk4NiLKkIhGaWNOhQXO5HBiJlXXcdn 9LTSfDRRtBn5H7S+trzXiZeh2rzFFzLyqS96GlTzCL5LSml3iEJb43hYZfWvoGCTdG0E h6COs2D3DomokAo6QTJZHHMNhbk6blh7lF4dOj0FylPbekPh67HrGGtQa8HSZo5PVwlR hBLIfczj1Tz1VrNuIna9UdvqvB4CAUCi2+pkWxoH3UpuU/qoA0b2myr/Lw0UdYscQXB8 F76QJAJ2AuiAuLXGRpg4TPhNa5u59l0PfatdzrIqoqXzRUykTnIlCdk5Oaj7DuRS0yrD NdEg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:content-transfer-encoding :mime-version:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=iCE8RN9OP8CisawyO8BJN/k1POZDFOxFPGmQ5okqFnE=; b=NtqcgtsTVlM7byY62DRuD331hDGLJx5DVVh/6Ew/sP+ZmXt4/6/7uhEMmGTIHZFZW+ 9rzVGAysnmLMVT7qHRJ4nWNGhXmnK36MSOrv40gio70vRJjsmLjauP2qEuVV5gWRLjYi QTp8JKAbRF7UX41j74K5x32RohRFYiIUfEJRaXOHdikMYe00wXqxM61YBpde/rQX+Ghw FVTFplsT8ga6H3IiteOfIIxkax0e5l+N7CAFJ2Da9a9VlhbKqRvNs+SVQHn/CIF6Dcnf 3wrFb/sRcOrUDYdDXTvUFpht5khlorVmLTdDCE967N1AwgnLh/UFQIuqGepBrTTJYx1T 8bpw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=KGOF5lpx; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 85.214.62.61 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from phobos.denx.de (phobos.denx.de. [85.214.62.61]) by mx.google.com with ESMTPS id e22si2467013edu.306.2021.07.27.02.14.03 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 27 Jul 2021 02:14:03 -0700 (PDT) Received-SPF: pass (google.com: domain of u-boot-bounces@lists.denx.de designates 85.214.62.61 as permitted sender) client-ip=85.214.62.61; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=KGOF5lpx; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 85.214.62.61 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id BA21783460; Tue, 27 Jul 2021 11:13:45 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="KGOF5lpx"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id 5E9618344E; Tue, 27 Jul 2021 11:12:53 +0200 (CEST) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, SPF_HELO_NONE, UPPERCASE_75_100 autolearn=no autolearn_force=no version=3.4.2 Received: from mail-pl1-x62c.google.com (mail-pl1-x62c.google.com [IPv6:2607:f8b0:4864:20::62c]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id 480BB83450 for ; Tue, 27 Jul 2021 11:12:41 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=takahiro.akashi@linaro.org Received: by mail-pl1-x62c.google.com with SMTP id c11so14988143plg.11 for ; Tue, 27 Jul 2021 02:12:41 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=iCE8RN9OP8CisawyO8BJN/k1POZDFOxFPGmQ5okqFnE=; b=KGOF5lpxGayfAHOAzlivZhmkMFibzdxCRi3mz15worGnkwe27oHRrREBQ1Ekt/ZWwT kp4fmCZTEgCb71dycz9ZBYwbyxTUs2q7TS2pH4pm/Ar+Fq3V+ooN6njRxck/HdfJHoD2 ch7ZNUinHcwD7hC/keJsnNJYTks5JNuhtaCZkI1Jp5ONlrmgmg9FwCEhh/MYPsie24Gs oHSRTRjIfI0QOwfqFomnGrEebFANbqRz1A+QAXwZTGIL45fNnvwQqQSsiWgiByJvWe1x uXXSO7JgABNj5ms8hsUR3rlcRTU5WXkpUYEDyYjnG7Mz0m7nJopq/u5US+6XFuG7wsRN 5STw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=iCE8RN9OP8CisawyO8BJN/k1POZDFOxFPGmQ5okqFnE=; b=cQDXMSK0sQezgsIQ36pJ5TkhhKXIw9BeVCpukaadvfNWmCxIW8ni+zQJG/Yx+FLrhj pH85PdLF5LAyY20Q5LXwPXd9qiANhg0MKgWC363HesdUVYxVQG4Md5DUbjW8j0gBaXsy UZvjql8mYzaB0RICKIEpvtm19Rp6eT5btqYJJh+nJZoLEKIptR7J6OyAzJ7ti+4Ig8aC yoh94ZMkd0BIPrn5DQBLQd2Stb/yP3q3KOVKhR2gwvsTYG2bHhzaoMku2hZtN15+p7ZU ZHLUi6495LZlZpf91c0h7BZZN/unlWzuGl6EOki/4aen+LT0CHter5coXbbeGNMWAeeg Q1Ew== X-Gm-Message-State: AOAM533H0Xs7SgK8xO82JhQxciqQi9fH2fyTSssAclh7WvWlOSUZkNTs sxBnS+JHxH1l1e4vp6iFG2PCdA== X-Received: by 2002:a17:90b:33c8:: with SMTP id lk8mr3311506pjb.0.1627377159586; Tue, 27 Jul 2021 02:12:39 -0700 (PDT) Received: from localhost.localdomain (pdb6272ed.tkyea130.ap.so-net.ne.jp. [219.98.114.237]) by smtp.gmail.com with ESMTPSA id q13sm2008218pjq.10.2021.07.27.02.12.35 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 27 Jul 2021 02:12:39 -0700 (PDT) From: AKASHI Takahiro To: xypron.glpk@gmx.de, agraf@csgraf.de, trini@konsulko.com, sjg@chromium.org Cc: ilias.apalodimas@linaro.org, sughosh.ganu@linaro.org, masami.hiramatsu@linaro.org, u-boot@lists.denx.de, AKASHI Takahiro Subject: [PATCH v2 6/9] sandbox: add config for efi capsule authentication test Date: Tue, 27 Jul 2021 18:10:51 +0900 Message-Id: <20210727091054.512050-7-takahiro.akashi@linaro.org> X-Mailer: git-send-email 2.31.0 In-Reply-To: <20210727091054.512050-1-takahiro.akashi@linaro.org> References: <20210727091054.512050-1-takahiro.akashi@linaro.org> MIME-Version: 1.0 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.34 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.2 at phobos.denx.de X-Virus-Status: Clean This new configuration, which was derived from sandbox_defconfig, will be used solely to run efi capsule authentication test as the test requires a public key (esl file) to be embedded in U-Boot binary. Signed-off-by: AKASHI Takahiro --- configs/sandbox_capsule_auth_defconfig | 307 +++++++++++++++++++++++++ 1 file changed, 307 insertions(+) create mode 100644 configs/sandbox_capsule_auth_defconfig -- 2.31.0 diff --git a/configs/sandbox_capsule_auth_defconfig b/configs/sandbox_capsule_auth_defconfig new file mode 100644 index 000000000000..8e0ffb1a6995 --- /dev/null +++ b/configs/sandbox_capsule_auth_defconfig @@ -0,0 +1,307 @@ +CONFIG_SYS_TEXT_BASE=0 +CONFIG_NR_DRAM_BANKS=1 +CONFIG_SYS_MEMTEST_START=0x00100000 +CONFIG_SYS_MEMTEST_END=0x00101000 +CONFIG_ENV_SIZE=0x2000 +CONFIG_DEFAULT_DEVICE_TREE="sandbox" +CONFIG_PRE_CON_BUF_ADDR=0xf0000 +CONFIG_BOOTSTAGE_STASH_ADDR=0x0 +CONFIG_DEBUG_UART=y +CONFIG_DISTRO_DEFAULTS=y +CONFIG_FIT=y +CONFIG_FIT_SIGNATURE=y +CONFIG_FIT_RSASSA_PSS=y +CONFIG_FIT_CIPHER=y +CONFIG_FIT_VERBOSE=y +CONFIG_BOOTSTAGE=y +CONFIG_BOOTSTAGE_REPORT=y +CONFIG_BOOTSTAGE_FDT=y +CONFIG_BOOTSTAGE_STASH=y +CONFIG_BOOTSTAGE_STASH_SIZE=0x4096 +CONFIG_CONSOLE_RECORD=y +CONFIG_CONSOLE_RECORD_OUT_SIZE=0x1000 +CONFIG_PRE_CONSOLE_BUFFER=y +CONFIG_LOG=y +CONFIG_DISPLAY_BOARDINFO_LATE=y +CONFIG_MISC_INIT_F=y +CONFIG_STACKPROTECTOR=y +CONFIG_ANDROID_AB=y +CONFIG_CMD_CPU=y +CONFIG_CMD_LICENSE=y +CONFIG_CMD_BOOTZ=y +CONFIG_CMD_BOOTEFI_HELLO=y +CONFIG_CMD_ABOOTIMG=y +# CONFIG_CMD_ELF is not set +CONFIG_CMD_ASKENV=y +CONFIG_CMD_GREPENV=y +CONFIG_CMD_ERASEENV=y +CONFIG_CMD_ENV_CALLBACK=y +CONFIG_CMD_ENV_FLAGS=y +CONFIG_CMD_NVEDIT_EFI=y +CONFIG_CMD_NVEDIT_INFO=y +CONFIG_CMD_NVEDIT_LOAD=y +CONFIG_CMD_NVEDIT_SELECT=y +CONFIG_LOOPW=y +CONFIG_CMD_MD5SUM=y +CONFIG_CMD_MEMINFO=y +CONFIG_CMD_MEM_SEARCH=y +CONFIG_CMD_MX_CYCLIC=y +CONFIG_CMD_MEMTEST=y +CONFIG_CMD_BIND=y +CONFIG_CMD_DEMO=y +CONFIG_CMD_GPIO=y +CONFIG_CMD_PWM=y +CONFIG_CMD_GPT=y +CONFIG_CMD_GPT_RENAME=y +CONFIG_CMD_IDE=y +CONFIG_CMD_I2C=y +CONFIG_CMD_LSBLK=y +CONFIG_CMD_MUX=y +CONFIG_CMD_OSD=y +CONFIG_CMD_PCI=y +CONFIG_CMD_READ=y +CONFIG_CMD_REMOTEPROC=y +CONFIG_CMD_SPI=y +CONFIG_CMD_USB=y +CONFIG_CMD_AXI=y +CONFIG_CMD_AB_SELECT=y +CONFIG_BOOTP_DNS2=y +CONFIG_CMD_PCAP=y +CONFIG_CMD_TFTPPUT=y +CONFIG_CMD_TFTPSRV=y +CONFIG_CMD_RARP=y +CONFIG_CMD_CDP=y +CONFIG_CMD_SNTP=y +CONFIG_CMD_DNS=y +CONFIG_CMD_LINK_LOCAL=y +CONFIG_CMD_ETHSW=y +CONFIG_CMD_BMP=y +CONFIG_CMD_BOOTCOUNT=y +CONFIG_CMD_EFIDEBUG=y +CONFIG_CMD_RTC=y +CONFIG_CMD_TIME=y +CONFIG_CMD_TIMER=y +CONFIG_CMD_SOUND=y +CONFIG_CMD_QFW=y +CONFIG_CMD_PSTORE=y +CONFIG_CMD_PSTORE_MEM_ADDR=0x3000000 +CONFIG_CMD_BOOTSTAGE=y +CONFIG_CMD_PMIC=y +CONFIG_CMD_REGULATOR=y +CONFIG_CMD_AES=y +CONFIG_CMD_TPM=y +CONFIG_CMD_TPM_TEST=y +CONFIG_CMD_BTRFS=y +CONFIG_CMD_CBFS=y +CONFIG_CMD_CRAMFS=y +CONFIG_CMD_EXT4_WRITE=y +CONFIG_CMD_SQUASHFS=y +CONFIG_CMD_MTDPARTS=y +CONFIG_CMD_STACKPROTECTOR_TEST=y +CONFIG_MAC_PARTITION=y +CONFIG_AMIGA_PARTITION=y +CONFIG_OF_CONTROL=y +CONFIG_OF_LIVE=y +CONFIG_OF_HOSTFILE=y +CONFIG_ENV_IS_NOWHERE=y +CONFIG_ENV_IS_IN_EXT4=y +CONFIG_ENV_EXT4_INTERFACE="host" +CONFIG_ENV_EXT4_DEVICE_AND_PART="0:0" +CONFIG_ENV_IMPORT_FDT=y +CONFIG_BOOTP_SEND_HOSTNAME=y +CONFIG_NETCONSOLE=y +CONFIG_IP_DEFRAG=y +CONFIG_DM_DMA=y +CONFIG_REGMAP=y +CONFIG_SYSCON=y +CONFIG_DEVRES=y +CONFIG_DEBUG_DEVRES=y +CONFIG_SIMPLE_PM_BUS=y +CONFIG_ADC=y +CONFIG_ADC_SANDBOX=y +CONFIG_AXI=y +CONFIG_AXI_SANDBOX=y +CONFIG_BOOTCOUNT_LIMIT=y +CONFIG_DM_BOOTCOUNT=y +CONFIG_DM_BOOTCOUNT_RTC=y +CONFIG_DM_BOOTCOUNT_I2C_EEPROM=y +CONFIG_BUTTON=y +CONFIG_BUTTON_ADC=y +CONFIG_BUTTON_GPIO=y +CONFIG_CLK=y +CONFIG_CLK_COMPOSITE_CCF=y +CONFIG_CLK_SCMI=y +CONFIG_CLK_K210=y +CONFIG_CLK_K210_SET_RATE=y +CONFIG_SANDBOX_CLK_CCF=y +CONFIG_CPU=y +CONFIG_DM_DEMO=y +CONFIG_DM_DEMO_SIMPLE=y +CONFIG_DM_DEMO_SHAPE=y +CONFIG_DFU_SF=y +CONFIG_DMA=y +CONFIG_DMA_CHANNELS=y +CONFIG_SANDBOX_DMA=y +CONFIG_FASTBOOT_FLASH=y +CONFIG_FASTBOOT_FLASH_MMC_DEV=0 +CONFIG_GPIO_HOG=y +CONFIG_DM_GPIO_LOOKUP_LABEL=y +CONFIG_PM8916_GPIO=y +CONFIG_SANDBOX_GPIO=y +CONFIG_DM_HWSPINLOCK=y +CONFIG_HWSPINLOCK_SANDBOX=y +CONFIG_I2C_CROS_EC_TUNNEL=y +CONFIG_I2C_CROS_EC_LDO=y +CONFIG_DM_I2C_GPIO=y +CONFIG_SYS_I2C_SANDBOX=y +CONFIG_I2C_MUX=y +CONFIG_SPL_I2C_MUX=y +CONFIG_I2C_ARB_GPIO_CHALLENGE=y +CONFIG_CROS_EC_KEYB=y +CONFIG_I8042_KEYB=y +CONFIG_LED=y +CONFIG_LED_BLINK=y +CONFIG_LED_GPIO=y +CONFIG_DM_MAILBOX=y +CONFIG_SANDBOX_MBOX=y +CONFIG_MISC=y +CONFIG_CROS_EC=y +CONFIG_CROS_EC_I2C=y +CONFIG_CROS_EC_LPC=y +CONFIG_CROS_EC_SANDBOX=y +CONFIG_CROS_EC_SPI=y +CONFIG_P2SB=y +CONFIG_PWRSEQ=y +CONFIG_SPL_PWRSEQ=y +CONFIG_I2C_EEPROM=y +CONFIG_MMC_PCI=y +CONFIG_MMC_SANDBOX=y +CONFIG_MMC_SDHCI=y +CONFIG_MTD=y +CONFIG_SPI_FLASH_SANDBOX=y +CONFIG_SPI_FLASH_ATMEL=y +CONFIG_SPI_FLASH_EON=y +CONFIG_SPI_FLASH_GIGADEVICE=y +CONFIG_SPI_FLASH_MACRONIX=y +CONFIG_SPI_FLASH_SPANSION=y +CONFIG_SPI_FLASH_STMICRO=y +CONFIG_SPI_FLASH_SST=y +CONFIG_SPI_FLASH_WINBOND=y +CONFIG_MULTIPLEXER=y +CONFIG_MUX_MMIO=y +CONFIG_DM_ETH=y +CONFIG_NVME=y +CONFIG_PCI=y +CONFIG_DM_PCI=y +CONFIG_PCI_REGION_MULTI_ENTRY=y +CONFIG_PCI_SANDBOX=y +CONFIG_PHY=y +CONFIG_PHY_SANDBOX=y +CONFIG_PINCTRL=y +CONFIG_PINCONF=y +CONFIG_PINCTRL_SANDBOX=y +CONFIG_PINCTRL_SINGLE=y +CONFIG_POWER_DOMAIN=y +CONFIG_SANDBOX_POWER_DOMAIN=y +CONFIG_DM_PMIC=y +CONFIG_PMIC_ACT8846=y +CONFIG_DM_PMIC_PFUZE100=y +CONFIG_DM_PMIC_MAX77686=y +CONFIG_DM_PMIC_MC34708=y +CONFIG_PMIC_PM8916=y +CONFIG_PMIC_RK8XX=y +CONFIG_PMIC_S2MPS11=y +CONFIG_DM_PMIC_SANDBOX=y +CONFIG_PMIC_S5M8767=y +CONFIG_PMIC_TPS65090=y +CONFIG_DM_REGULATOR=y +CONFIG_REGULATOR_ACT8846=y +CONFIG_DM_REGULATOR_PFUZE100=y +CONFIG_DM_REGULATOR_MAX77686=y +CONFIG_DM_REGULATOR_FIXED=y +CONFIG_REGULATOR_RK8XX=y +CONFIG_REGULATOR_S5M8767=y +CONFIG_DM_REGULATOR_SANDBOX=y +CONFIG_REGULATOR_TPS65090=y +CONFIG_DM_REGULATOR_SCMI=y +CONFIG_DM_PWM=y +CONFIG_PWM_CROS_EC=y +CONFIG_PWM_SANDBOX=y +CONFIG_RAM=y +CONFIG_REMOTEPROC_SANDBOX=y +CONFIG_DM_RESET=y +CONFIG_SANDBOX_RESET=y +CONFIG_RESET_SYSCON=y +CONFIG_RESET_SCMI=y +CONFIG_DM_RNG=y +CONFIG_DM_RTC=y +CONFIG_RTC_RV8803=y +CONFIG_SANDBOX_SERIAL=y +CONFIG_SMEM=y +CONFIG_SANDBOX_SMEM=y +CONFIG_SOUND=y +CONFIG_SOUND_DA7219=y +CONFIG_SOUND_MAX98357A=y +CONFIG_SOUND_SANDBOX=y +CONFIG_SOC_DEVICE=y +CONFIG_SANDBOX_SPI=y +CONFIG_SPMI=y +CONFIG_SPMI_SANDBOX=y +CONFIG_SYSINFO=y +CONFIG_SYSINFO_SANDBOX=y +CONFIG_SYSINFO_GPIO=y +CONFIG_SYSRESET=y +CONFIG_TIMER=y +CONFIG_TIMER_EARLY=y +CONFIG_SANDBOX_TIMER=y +CONFIG_USB=y +CONFIG_DM_USB=y +CONFIG_USB_EMUL=y +CONFIG_USB_KEYBOARD=y +CONFIG_DM_VIDEO=y +CONFIG_VIDEO_COPY=y +CONFIG_CONSOLE_ROTATION=y +CONFIG_CONSOLE_TRUETYPE=y +CONFIG_CONSOLE_TRUETYPE_CANTORAONE=y +CONFIG_VIDEO_SANDBOX_SDL=y +CONFIG_VIDEO_DSI_HOST_SANDBOX=y +CONFIG_OSD=y +CONFIG_SANDBOX_OSD=y +CONFIG_SPLASH_SCREEN_ALIGN=y +CONFIG_VIDEO_BMP_RLE8=y +CONFIG_W1=y +CONFIG_W1_GPIO=y +CONFIG_W1_EEPROM=y +CONFIG_W1_EEPROM_SANDBOX=y +CONFIG_WDT=y +CONFIG_WDT_SANDBOX=y +CONFIG_FS_CBFS=y +CONFIG_FS_CRAMFS=y +CONFIG_CMD_DHRYSTONE=y +CONFIG_TPM=y +CONFIG_LZ4=y +CONFIG_ERRNO_STR=y +CONFIG_EFI_RUNTIME_UPDATE_CAPSULE=y +CONFIG_EFI_CAPSULE_ON_DISK=y +CONFIG_EFI_CAPSULE_FIRMWARE_FIT=y +CONFIG_EFI_CAPSULE_FIRMWARE_RAW=y +CONFIG_EFI_CAPSULE_AUTHENTICATE=y +CONFIG_EFI_CAPSULE_KEY_PATH="../test/py/tests/test_efi_capsule/SIGNER.esl" +CONFIG_EFI_SECURE_BOOT=y +CONFIG_TEST_FDTDEC=y +CONFIG_CRYPT_PW=y +CONFIG_CRYPT_PW_SHA256=y +CONFIG_CRYPT_PW_SHA512=y +CONFIG_AUTOBOOT_KEYED=y +CONFIG_AUTOBOOT_PROMPT="Enter password \"a\" in %d seconds to stop autoboot\n" +CONFIG_AUTOBOOT_ENCRYPTION=y +CONFIG_AUTOBOOT_STOP_STR_ENABLE=y +CONFIG_AUTOBOOT_STOP_STR_CRYPT="$5$rounds=640000$HrpE65IkB8CM5nCL$BKT3QdF98Bo8fJpTr9tjZLZQyzqPASBY20xuK5Rent9" +CONFIG_AUTOBOOT_NEVER_TIMEOUT=y +CONFIG_AUTOBOOT_SHA256_FALLBACK=y +CONFIG_UNIT_TEST=y +CONFIG_UT_TIME=y +CONFIG_UT_DM=y +CONFIG_DM_REBOOT_MODE=y +CONFIG_DM_REBOOT_MODE_GPIO=y +CONFIG_DM_REBOOT_MODE_RTC=y From patchwork Tue Jul 27 09:10:52 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: AKASHI Takahiro X-Patchwork-Id: 486673 Delivered-To: patch@linaro.org Received: by 2002:a05:6638:1185:0:0:0:0 with SMTP id f5csp38590jas; Tue, 27 Jul 2021 02:14:19 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxWBry1wJC4y5S5CVcmGpqug5FuT+0IpDR3V+rPuQBDj1mm8T37hSgeMTf0Br+yk6gXmQ+o X-Received: by 2002:a05:6402:33a:: with SMTP id q26mr26313355edw.369.1627377258984; Tue, 27 Jul 2021 02:14:18 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1627377258; cv=none; d=google.com; s=arc-20160816; b=HhHfCoi5OcXFzevB4JTzWXQ5byt/xYQ1MhhrlAviu3j6ZgXrQGAk9DwRxSOkddS56W vH8GVVq0q9ypy9nh9GfJrIA3TunNhb48y3RNLeoLRS6ofnFN+FRrPfHgTWLFwUvtiwTa Qdw5yy6A2gy1Q57cGaRPuUJ1HqprdVGYfH65uSpgk84QfmB/A17ODif404IszBOXpI4X IDZ7WaPT9Fx6IDgTYzr3VgRz/Q3+47iGYMUT+tV4fuytlEKvMbpejLUayUnIMDywRdzM /B04dO4n8hyXsG+2xGJncZwysR2cNFIecECa6yzBjQX6U4CTEkZvIl8JNbNSfZk/IH7g hmog== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:content-transfer-encoding :mime-version:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=bTU/SvLx9U6vAbJNcUH+Zm4ORiTlon+WF+jOIekZaIM=; b=oPVp4iEdQXx6NCI7RY9E6nD/XPTGmAN3xLIIkL+0SrqEe3mH7JoZomVzeucEB/2vaK Xa3Eea8+rs02vNNRKP7GscmqU1KBfZT6Ee48FfUvO8JcmHR6xeE4+UglFe03e9cQDvRx EyH1kxb8pBVzZcAVvMnGwdgONkZl/rTkxWeYGMCqKhMPo02o5w3eG0F8qOuR4tjR5W2V 76FxNlsjYeu+amvlmvT3J0NSa5hEefwScg8UwZ4EzOBDiy1Yeq0ScWK9p/8Tiy2dwsrX FqIvl41Gc0e/hjJdwPgV3WQz7u6WO2gvtOUbWUm7N2EAMvE6vRxlwxk8ZJ42fAVHtlPY pl+w== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=qSfRvKBu; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 85.214.62.61 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from phobos.denx.de (phobos.denx.de. [85.214.62.61]) by mx.google.com with ESMTPS id q5si2402310edh.492.2021.07.27.02.14.18 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 27 Jul 2021 02:14:18 -0700 (PDT) Received-SPF: pass (google.com: domain of u-boot-bounces@lists.denx.de designates 85.214.62.61 as permitted sender) client-ip=85.214.62.61; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=qSfRvKBu; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 85.214.62.61 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 1BA068345D; Tue, 27 Jul 2021 11:14:17 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="qSfRvKBu"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id F05E08345F; Tue, 27 Jul 2021 11:12:51 +0200 (CEST) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,SPF_HELO_NONE autolearn=ham autolearn_force=no version=3.4.2 Received: from mail-pj1-x1030.google.com (mail-pj1-x1030.google.com [IPv6:2607:f8b0:4864:20::1030]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id D5B7A83448 for ; Tue, 27 Jul 2021 11:12:44 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=takahiro.akashi@linaro.org Received: by mail-pj1-x1030.google.com with SMTP id pf12-20020a17090b1d8cb0290175c085e7a5so3281566pjb.0 for ; Tue, 27 Jul 2021 02:12:44 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=bTU/SvLx9U6vAbJNcUH+Zm4ORiTlon+WF+jOIekZaIM=; b=qSfRvKBuvQxwD5NzIYSCkYTcydZNBSSVLzdPhnrGgT8Yh7zhkyE4OXGzsSPJLO3GJb 2ry0B3EIzuowhpzbcW0jbJfBhQZmdhlU3XhtuItAd/wnOTBHt6PC/BSAEzRN71hVxwtE /HToDaeXDt8rhLvSG9UEbHB5lXX7dfnalIHf5ISa065ythqJ+Y+Zi9jefoSW7nf/GKnN YmiVcnkaAW+9TG0liJEVcaPdPa+1Owvx2EvXYVsLLI3TlSkwF5NLXfO7jJaYZFEwUxXV Z7tJIpyyev/BFrqXejZ8pmbtgU93tDUDLb81jQ3NCTbPoQxJyFXAQbWMk/w5oNhhdkcB er5w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=bTU/SvLx9U6vAbJNcUH+Zm4ORiTlon+WF+jOIekZaIM=; b=rh3Dx0gLVzDKLiTlTPf8eE6REOKEdoRsxr7TyuWVdlNdars89ZFSxIjIpBp2n2sJ/V ZqlKdXLSdYOfjrHIb/h2l5eYinhbresw63mTyACezH3aGNEpeOYeCQVQ4AE0bdXyGI++ sQl4GFBLu3cPtKyTRdliR/qrhyw7aR3aPt0d6dRk9+cs18+4E5NpE7bmMD5HgJ/9nLz9 /n4xmzCDA+p6mT772Odu1VS+QmKhv7YuoElzbHdXr+b+2R/Tilh2HhDtIWHS9nTWE1FG YzWIn2wqbklDnG1xwX7FaHi7DkDB3+5IvWqeSK8q3Lbj+JE3FuMp0qKu5fOF8e/j1kxN /tZg== X-Gm-Message-State: AOAM531K3IsEMY+wUPsr0fv8CTvWdeLb0w74FeZOyViU54/Y9kmGiBaS sXBlQJw4NFOvSbhHdnKfyIOayg== X-Received: by 2002:a17:903:2c2:b029:101:9c88:d928 with SMTP id s2-20020a17090302c2b02901019c88d928mr18051986plk.62.1627377163100; Tue, 27 Jul 2021 02:12:43 -0700 (PDT) Received: from localhost.localdomain (pdb6272ed.tkyea130.ap.so-net.ne.jp. [219.98.114.237]) by smtp.gmail.com with ESMTPSA id q13sm2008218pjq.10.2021.07.27.02.12.39 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 27 Jul 2021 02:12:42 -0700 (PDT) From: AKASHI Takahiro To: xypron.glpk@gmx.de, agraf@csgraf.de, trini@konsulko.com, sjg@chromium.org Cc: ilias.apalodimas@linaro.org, sughosh.ganu@linaro.org, masami.hiramatsu@linaro.org, u-boot@lists.denx.de, AKASHI Takahiro Subject: [PATCH v2 7/9] GitLab: add a test rule for efi capsule authentication test Date: Tue, 27 Jul 2021 18:10:52 +0900 Message-Id: <20210727091054.512050-8-takahiro.akashi@linaro.org> X-Mailer: git-send-email 2.31.0 In-Reply-To: <20210727091054.512050-1-takahiro.akashi@linaro.org> References: <20210727091054.512050-1-takahiro.akashi@linaro.org> MIME-Version: 1.0 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.34 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.2 at phobos.denx.de X-Virus-Status: Clean To run efi capsule authentication test in CI loop, U-Boot binary must be compiled with an appropriate public key (esl file). Add a rule to build this binary with sandbox_capsule_auth_defconfig and run the test. Signed-off-by: AKASHI Takahiro --- .gitlab-ci.yml | 6 ++++++ 1 file changed, 6 insertions(+) -- 2.31.0 diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 86026a15f9da..ed67314fa4ca 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -193,6 +193,12 @@ sandbox_noinst_test.py: TEST_PY_TEST_SPEC: "test_ofplatdata or test_handoff or test_spl" <<: *buildman_and_testpy_dfn +sandbox_capsule_auth test.py: + variables: + TEST_PY_BD: "sandbox_capsule_auth" + TEST_PY_TEST_SPEC: "test_efi_capsule_signed" + <<: *buildman_and_testpy_dfn + evb-ast2500 test.py: variables: TEST_PY_BD: "evb-ast2500" From patchwork Tue Jul 27 09:10:53 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: AKASHI Takahiro X-Patchwork-Id: 486674 Delivered-To: patch@linaro.org Received: by 2002:a05:6638:1185:0:0:0:0 with SMTP id f5csp38701jas; Tue, 27 Jul 2021 02:14:30 -0700 (PDT) X-Google-Smtp-Source: ABdhPJx+fd+dge5CyvDYUlW01JaEdO6J1zHAr9vmIZAywH02J2trcHABdIBmYvAS2fQYgcvGTrix X-Received: by 2002:a17:907:2108:: with SMTP id qn8mr12209784ejb.549.1627377270695; Tue, 27 Jul 2021 02:14:30 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1627377270; cv=none; d=google.com; s=arc-20160816; b=j9JDO4JOWXVi5ITJNJtBdm0H2hOp7bshhiK/iL0kEjLTEJW0rkD3Gl6eV5R8cJM9ju vcPxHwalBowc1RX4pWFbaTpCQVwJ+uqyWon3RxGmw1p8K8o4lYRfPKTaXd2q22xj9KJK l/s6/avDMGLCuBtV3NEh2/Rz95Tj0OrsQbD0i8f9QpkA1xtSobDY7LEYWQYklG2iPcWj pbnphbXKoVefR6i/NAXF2daoGBVAgCbajHEG6v+hLDaue7oDrA1tuNgcUjIIsgm23k7s JItFy2DM3QtLpIEA9I8bQEKwMbaRt13gdGf4dnX7sC7NQ79nQurDzYb9NCkYrvl2vss/ mu2w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:content-transfer-encoding :mime-version:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=Iws4seB+60+QBneH9q4dhQId6g32wYBbdJJ9x1Ckes4=; b=0XSfjkHnT/vazrJGHYtawmj6dIMQ/mFmQc/KavwIwqGRvmgliuW+0oAZwjtPNmBQT+ 5TsJWSgVxKpiuc7LbeuYbafGFJlRsUzQHD5QZGrcMYSkk81ivIOuFHKAT7gauKOe8ksa 4IxLwI1w5hTps6kc5knKzn2xLRe5E8T97PEb9H0v/ISdJdbMPlzSJZSMP8zrsKjYhogY G+aSKEjuLoMoirL1D/aeug4m+8j3QhGxZg6SLro1Bx2JIJ+P4WXKIjrnWsD/j2wyqJQg 6kKk6frgnwztogM5N7pC3lLawM1LKnwUGLs6fTVxWdlqIU3dYXVzFFLmFLG2cil4rMvs aPfA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=mqA5mv84; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 85.214.62.61 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from phobos.denx.de (phobos.denx.de. [85.214.62.61]) by mx.google.com with ESMTPS id u15si2612693edt.211.2021.07.27.02.14.30 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 27 Jul 2021 02:14:30 -0700 (PDT) Received-SPF: pass (google.com: domain of u-boot-bounces@lists.denx.de designates 85.214.62.61 as permitted sender) client-ip=85.214.62.61; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=mqA5mv84; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 85.214.62.61 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 6946A83462; Tue, 27 Jul 2021 11:14:24 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="mqA5mv84"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id B261883464; Tue, 27 Jul 2021 11:13:11 +0200 (CEST) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,SPF_HELO_NONE autolearn=ham autolearn_force=no version=3.4.2 Received: from mail-pj1-x102c.google.com (mail-pj1-x102c.google.com [IPv6:2607:f8b0:4864:20::102c]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id 149128345D for ; Tue, 27 Jul 2021 11:12:57 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=takahiro.akashi@linaro.org Received: by mail-pj1-x102c.google.com with SMTP id mz5-20020a17090b3785b0290176ecf64922so3200478pjb.3 for ; Tue, 27 Jul 2021 02:12:56 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=Iws4seB+60+QBneH9q4dhQId6g32wYBbdJJ9x1Ckes4=; b=mqA5mv840ejfYCY2+MYWhdDUaNhG7tAhgQE7568gyruEFDc0KOfBK0Fs/LXzBS6Vzd p/JeEs+/MpOpkLpa4jx6hjbTlTc2CfLNhsRMvxTCZ0T/tNDeqMwpPFWbMOQoDSvZ9rDo Wz85eNincizOa7R21lQPcWfivm1xTfhWQf/P632jo+ISSrl8FWR8Npg8Td8vvBR/oDrz AdBTDCbEv7HkTrHNY7x3d4X9H0yBPROQnY3OLn7QnR4ElR28lKzO+/zteoVE4hHscppo CVs5SzPM54VtdlBWOwTfVZkPzp2iOqESXVeJa8YzGiFGAWBv36iA5ZTWeeJ5vxUHztk5 rLBA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=Iws4seB+60+QBneH9q4dhQId6g32wYBbdJJ9x1Ckes4=; b=pv8Kf9+enXzYIymSynAJElaZObbo5hWB+F4L0LfqD146i8INf0b1j7NwHEMdVQ1/4P y6N+7vVShTv91Y/FsrapKJmia3pEf58OsNfpJxRNk3RsK6JFD3lWEZctjgk+97zo6t4X nUCVgvz2HiwcCdnOq7TJKjMUMm+9QC7Tb3PnNlRBfCnmsRxLNKuTnlVsxN0VjOd8m7zI ztXZPVQOrWt5z0FpMG7sxba8+aQOSj/GFdTxrSZlRdfzUQD+pVSC3/0nECyVGk3FYDj6 0chn2jAIu0uu3smVHuatzKeytm5ZJSW68CAsWUQ9ZKt7WiC2qAV7wJmPlaIZHcYnTvx4 BBtw== X-Gm-Message-State: AOAM530NYgWLQx0UoIvF7Cakzj023MwO7pCia6c1aGhYN789yIlQ9/Ky /ywlTC31gVg5nLKKLo3dKLhrbA== X-Received: by 2002:a63:411:: with SMTP id 17mr22191831pge.125.1627377175467; Tue, 27 Jul 2021 02:12:55 -0700 (PDT) Received: from localhost.localdomain (pdb6272ed.tkyea130.ap.so-net.ne.jp. [219.98.114.237]) by smtp.gmail.com with ESMTPSA id q13sm2008218pjq.10.2021.07.27.02.12.43 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 27 Jul 2021 02:12:55 -0700 (PDT) From: AKASHI Takahiro To: xypron.glpk@gmx.de, agraf@csgraf.de, trini@konsulko.com, sjg@chromium.org Cc: ilias.apalodimas@linaro.org, sughosh.ganu@linaro.org, masami.hiramatsu@linaro.org, u-boot@lists.denx.de, AKASHI Takahiro Subject: [PATCH v2 8/9] tools: mkeficapsule: allow for specifying GUID explicitly Date: Tue, 27 Jul 2021 18:10:53 +0900 Message-Id: <20210727091054.512050-9-takahiro.akashi@linaro.org> X-Mailer: git-send-email 2.31.0 In-Reply-To: <20210727091054.512050-1-takahiro.akashi@linaro.org> References: <20210727091054.512050-1-takahiro.akashi@linaro.org> MIME-Version: 1.0 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.34 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.2 at phobos.denx.de X-Virus-Status: Clean The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit | --raw ] NEW: [--fit | --raw | --guid ] Signed-off-by: AKASHI Takahiro --- doc/mkeficapsule.1 | 19 ++++++++++++------ tools/mkeficapsule.c | 46 +++++++++++++++++++++++++++----------------- 2 files changed, 41 insertions(+), 24 deletions(-) -- 2.31.0 diff --git a/doc/mkeficapsule.1 b/doc/mkeficapsule.1 index 7c2341160ea4..ab2aa3719744 100644 --- a/doc/mkeficapsule.1 +++ b/doc/mkeficapsule.1 @@ -5,7 +5,7 @@ mkeficapsule \- Generate EFI capsule file for U-Boot .SH SYNOPSIS .B mkeficapsule -.RB [\fIoptions\fP] " \fIcapsule-file\fP" +.RB [\fIoptions\fP] " \fIimage-blob\fP \fIcapsule-file\fP" .SH "DESCRIPTION" The @@ -21,7 +21,7 @@ Optionally, a capsule file can be signed with a given private key. In this case, the update will be authenticated by verifying the signature before applying. -\fBmkeficapsule\fP supports two different format of image files: +\fBmkeficapsule\fP takes any type of image files, including: .TP .I raw image format is a single binary blob of any type of firmware. @@ -33,15 +33,22 @@ is the same as used in the new \fIuImage\fP format and allows for multiple binary blobs in a single capsule file. This type of image file can be generated by \fBmkimage\fP. +If you want to use other types than above two, you should explicitly +specify a guid for the FMP driver. + .SH "OPTIONS" .TP -.BI "-f, --fit \fIfit-image-file\fP" -Specify a FIT image file +.BI "-f, --fit +Indicate that the blob is a FIT image file + +.TP +.BI "-r, --raw +Indicate that the blob is a raw image file .TP -.BI "-r, --raw \fIraw-image-file\fP" -Specify a raw image file +.BI "-g, --guid \fIguid-string\fP" +Specify guid for image blob type .TP .BI "-i, --index \fIindex\fP" diff --git a/tools/mkeficapsule.c b/tools/mkeficapsule.c index 798706c7b5f7..8ac1811c68bd 100644 --- a/tools/mkeficapsule.c +++ b/tools/mkeficapsule.c @@ -14,7 +14,7 @@ #include #include - +#include #include #ifdef CONFIG_TOOLS_LIBCRYPTO #include @@ -51,14 +51,15 @@ efi_guid_t efi_guid_image_type_uboot_raw = efi_guid_t efi_guid_cert_type_pkcs7 = EFI_CERT_TYPE_PKCS7_GUID; #ifdef CONFIG_TOOLS_LIBCRYPTO -static const char *opts_short = "f:r:i:I:v:p:c:m:dh"; +static const char *opts_short = "frg:i:I:v:p:c:m:dh"; #else -static const char *opts_short = "f:r:i:I:v:h"; +static const char *opts_short = "frg:i:I:v:h"; #endif static struct option options[] = { - {"fit", required_argument, NULL, 'f'}, - {"raw", required_argument, NULL, 'r'}, + {"fit", no_argument, NULL, 'f'}, + {"raw", no_argument, NULL, 'r'}, + {"guid", required_argument, NULL, 'g'}, {"index", required_argument, NULL, 'i'}, {"instance", required_argument, NULL, 'I'}, #ifdef CONFIG_TOOLS_LIBCRYPTO @@ -73,11 +74,12 @@ static struct option options[] = { static void print_usage(void) { - printf("Usage: %s [options] \n" + printf("Usage: %s [options] \n" "Options:\n" - "\t-f, --fit new FIT image file\n" - "\t-r, --raw new raw image file\n" + "\t-f, --fit FIT image type\n" + "\t-r, --raw raw image type\n" + "\t-g, --guid guid for image blob type\n" "\t-i, --index update image index\n" "\t-I, --instance update hardware instance\n" #ifdef CONFIG_TOOLS_LIBCRYPTO @@ -427,14 +429,13 @@ err_1: int main(int argc, char **argv) { - char *file; efi_guid_t *guid; + unsigned char uuid_buf[16]; unsigned long index, instance; uint64_t mcount; char *privkey_file, *cert_file; int c, idx; - file = NULL; guid = NULL; index = 0; instance = 0; @@ -449,21 +450,30 @@ int main(int argc, char **argv) switch (c) { case 'f': - if (file) { - printf("Image already specified\n"); + if (guid) { + printf("Image type already specified\n"); return -1; } - file = optarg; guid = &efi_guid_image_type_uboot_fit; break; case 'r': - if (file) { - printf("Image already specified\n"); + if (guid) { + printf("Image type already specified\n"); return -1; } - file = optarg; guid = &efi_guid_image_type_uboot_raw; break; + case 'g': + if (guid) { + printf("Image type already specified\n"); + return -1; + } + if (uuid_parse(optarg, uuid_buf)) { + printf("Wrong guid format\n"); + return -1; + } + guid = (efi_guid_t *)uuid_buf; + break; case 'i': index = strtoul(optarg, NULL, 0); break; @@ -499,14 +509,14 @@ int main(int argc, char **argv) } /* check necessary parameters */ - if ((argc != optind + 1) || !file || + if ((argc != optind + 2) || !guid || ((privkey_file && !cert_file) || (!privkey_file && cert_file))) { print_usage(); exit(EXIT_FAILURE); } - if (create_fwbin(argv[optind], file, guid, index, instance, + if (create_fwbin(argv[argc - 1], argv[argc - 2], guid, index, instance, mcount, privkey_file, cert_file) < 0) { printf("Creating firmware capsule failed\n"); exit(EXIT_FAILURE); From patchwork Tue Jul 27 09:10:54 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: AKASHI Takahiro X-Patchwork-Id: 486675 Delivered-To: patch@linaro.org Received: by 2002:a05:6638:1185:0:0:0:0 with SMTP id f5csp38835jas; Tue, 27 Jul 2021 02:14:44 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwcT1UT2lJrlqlqiioRe9/Zt4jhP7qfxN8VFy0FG5mmmWvM5/O0nRiL8oC9WGfrjsoftA/I X-Received: by 2002:a17:906:4784:: with SMTP id cw4mr20659345ejc.160.1627377284027; Tue, 27 Jul 2021 02:14:44 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1627377284; cv=none; d=google.com; s=arc-20160816; b=RAotwIUpSEt2iNh0ytJTs5Xy6FH3bd4mY4Dc8CQ2Yi2PepurIowRZrXczn2MfW+uEi NtC4vwg2qw2FYdEFWrVlZueBt7O53hZh+gsLouJbrqeGZidoquLN2qk40tepC+vNF7Hd BoNaUIizd1y+u2EH8/ILMvClGRSXJ6XvaEk0vPnY8M7w9PhTateIglGn+IniLa/VT79b 6dfiVu8HDLobvglKGJckJJg8GQvO4JksVFWZV8zgSb48gzT1sBHegi4Xu/2LvAFRKyx6 E3914XLY3h5cUnMiQMPfHeyBFbXAagZZfEY5hrdMBB3G5/tGPCiQXBpXppI5u3P4AFWr 7Umg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:content-transfer-encoding :mime-version:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=6HIrPXIjVXjdkRV02nKK25HxwrHlFfbcW9p38hEGMe8=; b=y542Arz2QdQT/jgLu5sSbugf4SmtYm80iDzjPbJHYFnHXf+pKQenRyYSOIQCW34HHy 9mRT5ptJm7AyT80+DxWVINd/FyfG95bpsRjbx6ccD/zBSq2AZ/disKPMlYs8u5SkxNFf TxSniWXYXWhQnh5Ob7RY9116tXbO1t9DwGTRr9xm5gyxSxYPqQsZgKS+bXMMFnxuf88X 5B/o6dJxLTgy0fjuoeZRlHhaGDOi53dB5+TWvs+50sdK+goLE59JqLZZI5yq6pVCYF/g 7Yp0Axzd3625z4+RuLy0ttMqmY/xERPAbzmP2aUUzvPKY4TBsaVffLaBYbbmLThyT84I G6vg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=s9ixMZ+4; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from phobos.denx.de (phobos.denx.de. [2a01:238:438b:c500:173d:9f52:ddab:ee01]) by mx.google.com with ESMTPS id dd21si2378427edb.514.2021.07.27.02.14.43 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 27 Jul 2021 02:14:44 -0700 (PDT) Received-SPF: pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) client-ip=2a01:238:438b:c500:173d:9f52:ddab:ee01; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=s9ixMZ+4; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 00B4083475; Tue, 27 Jul 2021 11:14:32 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="s9ixMZ+4"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id 5A45D83455; Tue, 27 Jul 2021 11:13:13 +0200 (CEST) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,SPF_HELO_NONE autolearn=ham autolearn_force=no version=3.4.2 Received: from mail-pl1-x62f.google.com (mail-pl1-x62f.google.com [IPv6:2607:f8b0:4864:20::62f]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id A786183454 for ; Tue, 27 Jul 2021 11:13:03 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=takahiro.akashi@linaro.org Received: by mail-pl1-x62f.google.com with SMTP id n10so15172169plf.4 for ; Tue, 27 Jul 2021 02:13:03 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=6HIrPXIjVXjdkRV02nKK25HxwrHlFfbcW9p38hEGMe8=; b=s9ixMZ+4/L5gkkJmsVQnQjMNsnoYuJqYSmmnp5N4tm7bH0McK6FqNB5+odbssdOoBv 2Szn+Lxe/Vy7+VnFhAlkRvOX+owT1oC+Mcdva99zAG49REwHYWt8EY3HZWLCmrXR767C Q/GsvS/BIfFZiIPwlZmJPc6YqIPBzoWI8OZ0gNE8URiS2sO37oz98smfAp/g59ZyhGEU McIvasw3WjoelV8go3IMKVg79BXXikf50cnMFBRCAgm0gmerTZH6YQCizOxTEmBqIzyU 7DwHsZ15FNZyzNO1VSbqPN+el4fv0lSLmcC71tFtJI4p1zvXVUTdvwRRl+AKMVzkq023 6D+g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=6HIrPXIjVXjdkRV02nKK25HxwrHlFfbcW9p38hEGMe8=; b=WAuiPH5mLqWeC+MUxgYESfvUjgUmBMpv7TRzyH7oJG/viANO1NSBw1gNXkaZMMoXcy v6kO9y7gPB6Oyrl6J61L8Zr9uHBdM8//tmRMZ8f2eiuEq4Nxhi72m1fFGJztiTF4mFFU 2tV66VNbIVijExK9W/RLVsHc+FxqwlUuLoxw0E2KaRwpnGGpIeRNcOlLSuNVdK0+3So7 3nsGbsleWWeJDvHZkGRGUMXxzBfRyxK3ln0UG6G0BKfLSnGK38d8b5/lMqp0hPkgwggb vbEiw8gI7fRhc+yqKfaRpzdG28gk3LZBYmeYYtiyEaowRu/CIUDAT4wbPtm4pi3cQs2I aeWA== X-Gm-Message-State: AOAM533yrIf8vpPpM6me9Z0g8AAc6qosxSNbiv1RpqCx6//zU9Tg61Zz QditboJGk2ds8W3I6nLA7g8Slg== X-Received: by 2002:a17:90b:189:: with SMTP id t9mr347134pjs.1.1627377181942; Tue, 27 Jul 2021 02:13:01 -0700 (PDT) Received: from localhost.localdomain (pdb6272ed.tkyea130.ap.so-net.ne.jp. [219.98.114.237]) by smtp.gmail.com with ESMTPSA id q13sm2008218pjq.10.2021.07.27.02.12.56 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 27 Jul 2021 02:13:01 -0700 (PDT) From: AKASHI Takahiro To: xypron.glpk@gmx.de, agraf@csgraf.de, trini@konsulko.com, sjg@chromium.org Cc: ilias.apalodimas@linaro.org, sughosh.ganu@linaro.org, masami.hiramatsu@linaro.org, u-boot@lists.denx.de, AKASHI Takahiro Subject: [PATCH v2 9/9] test/py: efi_capsule: align with the syntax change of mkeficapsule Date: Tue, 27 Jul 2021 18:10:54 +0900 Message-Id: <20210727091054.512050-10-takahiro.akashi@linaro.org> X-Mailer: git-send-email 2.31.0 In-Reply-To: <20210727091054.512050-1-takahiro.akashi@linaro.org> References: <20210727091054.512050-1-takahiro.akashi@linaro.org> MIME-Version: 1.0 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.34 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.2 at phobos.denx.de X-Virus-Status: Clean Modify command line arguments at mkeficapsule as the syntax was a bit modified in the previous commit. Signed-off-by: AKASHI Takahiro --- test/py/tests/test_efi_capsule/conftest.py | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) -- 2.31.0 diff --git a/test/py/tests/test_efi_capsule/conftest.py b/test/py/tests/test_efi_capsule/conftest.py index 35cfa5513703..86ace308b3cb 100644 --- a/test/py/tests/test_efi_capsule/conftest.py +++ b/test/py/tests/test_efi_capsule/conftest.py @@ -66,10 +66,10 @@ def efi_capsule_data(request, u_boot_config): check_call('cd %s; %s/tools/mkimage -f uboot_bin_env.its uboot_bin_env.itb' % (data_dir, u_boot_config.build_dir), shell=True) - check_call('cd %s; %s/tools/mkeficapsule --fit uboot_bin_env.itb --index 1 Test01' % + check_call('cd %s; %s/tools/mkeficapsule --index 1 --fit uboot_bin_env.itb Test01' % (data_dir, u_boot_config.build_dir), shell=True) - check_call('cd %s; %s/tools/mkeficapsule --raw u-boot.bin.new --index 1 Test02' % + check_call('cd %s; %s/tools/mkeficapsule --index 1 --raw u-boot.bin.new Test02' % (data_dir, u_boot_config.build_dir), shell=True) if capsule_auth_enabled: @@ -78,11 +78,11 @@ def efi_capsule_data(request, u_boot_config): (u_boot_config.source_dir, data_dir), shell=True) # firmware signed with proper key - check_call('cd %s; %s/tools/mkeficapsule --raw u-boot.bin.new --index 1 --monotonic-count 1 --private-key SIGNER.key --certificate SIGNER.crt Test03' % + check_call('cd %s; %s/tools/mkeficapsule --index 1 --monotonic-count 1 --private-key SIGNER.key --certificate SIGNER.crt --raw u-boot.bin.new Test03' % (data_dir, u_boot_config.build_dir), shell=True) # firmware signed with *mal* key - check_call('cd %s; %s/tools/mkeficapsule --raw u-boot.bin.new --index 1 --monotonic-count 1 --private-key SIGNER2.key --certificate SIGNER2.crt Test04' % + check_call('cd %s; %s/tools/mkeficapsule --index 1 --monotonic-count 1 --private-key SIGNER2.key --certificate SIGNER2.crt --raw u-boot.bin.new Test04' % (data_dir, u_boot_config.build_dir), shell=True)