[v3,0/5] efi_loader: capsule: improve capsule authentication support

Message ID	20210831024659.53464-1-takahiro.akashi@linaro.org
Headers	show Delivered-To: patch@linaro.org Received-SPF: pass (google.com: domain of u-boot-bounces@lists.denx.de designates 85.214.62.61 as permitted sender) client-ip=85.214.62.61; From: AKASHI Takahiro <takahiro.akashi@linaro.org> To: xypron.glpk@gmx.de, agraf@csgraf.de Cc: ilias.apalodimas@linaro.org, sughosh.ganu@linaro.org, masami.hiramatsu@linaro.org, u-boot@lists.denx.de, AKASHI Takahiro <takahiro.akashi@linaro.org> Subject: [PATCH v3 0/5] efi_loader: capsule: improve capsule authentication support Date: Tue, 31 Aug 2021 11:46:54 +0900 Message-Id: <20210831024659.53464-1-takahiro.akashi@linaro.org> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Precedence: list Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" <u-boot-bounces@lists.denx.de>
Series	efi_loader: capsule: improve capsule authentication support \| expand [v3,0/5] efi_loader: capsule: improve capsule authentication support [v3,1/5] tools: mkeficapsule: add firmwware image signing [v3,2/5] tools: mkeficapsule: add man page [v3,3/5] doc: update UEFI document for usage of mkeficapsule [v3,4/5] tools: mkeficapsule: allow for specifying GUID explicitly [v3,5/5] test/py: efi_capsule: align with the syntax change of mkeficapsule

Message ID

20210831024659.53464-1-takahiro.akashi@linaro.org

Headers

Received-SPF: pass (google.com: domain of u-boot-bounces@lists.denx.de
	designates 85.214.62.61 as permitted sender)
	client-ip=85.214.62.61; 
From: AKASHI Takahiro <takahiro.akashi@linaro.org>
To: xypron.glpk@gmx.de,
	agraf@csgraf.de
Cc: ilias.apalodimas@linaro.org, sughosh.ganu@linaro.org,
	masami.hiramatsu@linaro.org, u-boot@lists.denx.de,
	AKASHI Takahiro <takahiro.akashi@linaro.org>
Subject: [PATCH v3 0/5] efi_loader: capsule: improve capsule authentication
	support
Date: Tue, 31 Aug 2021 11:46:54 +0900
Message-Id: <20210831024659.53464-1-takahiro.akashi@linaro.org>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Precedence: list
Errors-To: u-boot-bounces@lists.denx.de
Sender: "U-Boot" <u-boot-bounces@lists.denx.de>

Series

efi_loader: capsule: improve capsule authentication support | expand

Message

AKASHI Takahiro Aug. 31, 2021, 2:46 a.m. UTC

# This patch set is basically the same as v2, but removed authentication-
# related pytest because the discussion about where to save a public
# key is still going on. The command, mkeficapule, is independent from
# the result.

As I proposed and discussed in [1] and [2], I have made a couple of
improvements on the current implementation of capsule update in this
patch set.

* add signing feature to mkeficapsule
* add "--guid" option to mkeficapsule
* add man page of mkeficapsule

[1] https://lists.denx.de/pipermail/u-boot/2021-April/447918.html
[2] https://lists.denx.de/pipermail/u-boot/2021-July/455292.html

Prerequisite patches
====================
None

Test
====
* locally passed the pytest which is included in this patch series
  on sandbox built.

Todo
====
* add capsule authentication pytest

Changes
=======
v3 (Aug 31, 2021)
* rebased on v2021.10-rc3
* remove pytest-related patches
* add function descriptions in mkeficapsule.c
* correct format specifiers in printf()
* let main() return 0 or -1 only
* update doc/develop/uefi/uefi.rst for syntax change of mkeficapsule

v2 (July 28, 2021)
* rebased on v2021.10-rc*
* removed dependency on target's configuration
* removed fdtsig.sh and others
* add man page
* update the UEFI document
* add dedicate defconfig for testing on sandbox
* add gitlab CI support
* add "--guid" option to mkeficapsule
  (yet rather RFC)

Initial release (May 12, 2021)
* based on v2021.07-rc2

AKASHI Takahiro (5):
  tools: mkeficapsule: add firmwware image signing
  tools: mkeficapsule: add man page
  doc: update UEFI document for usage of mkeficapsule
  tools: mkeficapsule: allow for specifying GUID explicitly
  test/py: efi_capsule: align with the syntax change of mkeficapsule

 MAINTAINERS                                |   1 +
 doc/develop/uefi/uefi.rst                  |  31 +-
 doc/mkeficapsule.1                         |  98 +++++
 test/py/tests/test_efi_capsule/conftest.py |   4 +-
 tools/Kconfig                              |   7 +
 tools/Makefile                             |   8 +-
 tools/mkeficapsule.c                       | 471 +++++++++++++++++++--
 7 files changed, 554 insertions(+), 66 deletions(-)
 create mode 100644 doc/mkeficapsule.1

-- 
2.33.0

Comments

Heinrich Schuchardt Aug. 31, 2021, 6:13 a.m. UTC | #1

On 8/31/21 4:46 AM, AKASHI Takahiro wrote:
> # This patch set is basically the same as v2, but removed authentication-

> # related pytest because the discussion about where to save a public

> # key is still going on. The command, mkeficapule, is independent from

> # the result.

>

> As I proposed and discussed in [1] and [2], I have made a couple of

> improvements on the current implementation of capsule update in this

> patch set.

>

> * add signing feature to mkeficapsule

> * add "--guid" option to mkeficapsule

> * add man page of mkeficapsule


Thanks a lot for getting around the requirement to use an EDK II tool.

My main concern is that there should be only mkeficapsule version.

If signed and unsigned capsules are of interest, mkeficapsule should
support both.

Best regards

Heinrich

>

> [1] https://lists.denx.de/pipermail/u-boot/2021-April/447918.html

> [2] https://lists.denx.de/pipermail/u-boot/2021-July/455292.html

>

> Prerequisite patches

> ====================

> None

>

> Test

> ====

> * locally passed the pytest which is included in this patch series

>    on sandbox built.

>

> Todo

> ====

> * add capsule authentication pytest

>

> Changes

> =======

> v3 (Aug 31, 2021)

> * rebased on v2021.10-rc3

> * remove pytest-related patches

> * add function descriptions in mkeficapsule.c

> * correct format specifiers in printf()

> * let main() return 0 or -1 only

> * update doc/develop/uefi/uefi.rst for syntax change of mkeficapsule

>

> v2 (July 28, 2021)

> * rebased on v2021.10-rc*

> * removed dependency on target's configuration

> * removed fdtsig.sh and others

> * add man page

> * update the UEFI document

> * add dedicate defconfig for testing on sandbox

> * add gitlab CI support

> * add "--guid" option to mkeficapsule

>    (yet rather RFC)

>

> Initial release (May 12, 2021)

> * based on v2021.07-rc2

>

> AKASHI Takahiro (5):

>    tools: mkeficapsule: add firmwware image signing

>    tools: mkeficapsule: add man page

>    doc: update UEFI document for usage of mkeficapsule

>    tools: mkeficapsule: allow for specifying GUID explicitly

>    test/py: efi_capsule: align with the syntax change of mkeficapsule

>

>   MAINTAINERS                                |   1 +

>   doc/develop/uefi/uefi.rst                  |  31 +-

>   doc/mkeficapsule.1                         |  98 +++++

>   test/py/tests/test_efi_capsule/conftest.py |   4 +-

>   tools/Kconfig                              |   7 +

>   tools/Makefile                             |   8 +-

>   tools/mkeficapsule.c                       | 471 +++++++++++++++++++--

>   7 files changed, 554 insertions(+), 66 deletions(-)

>   create mode 100644 doc/mkeficapsule.1

>