mbox series

[0/7] Integrate EFI capsule tasks into u-boot's build flow

Message ID 20230613103806.812065-1-sughosh.ganu@linaro.org
Headers show
Series Integrate EFI capsule tasks into u-boot's build flow | expand

Message

Sughosh Ganu June 13, 2023, 10:37 a.m. UTC
This patchset aims to bring two capsule related tasks under the u-boot
build flow.

One is the embedding of the public key into the platform's dtb as part
of dtb' build. The public key is in the form of an EFI Signature
List(ESL) file and is used for capsule authentication. This is
achieved at the time of the dtb generation, with the path to the ESL
file being provided through a Kconfig
symbol(CONFIG_EFI_CAPSULE_ESL_FILE).

Changes have also been made to the test flow so that the keys used for
signing the capsule, and the ESL file, are generated prior to invoking
the u-boot's build, which enables embedding the ESL file into the dtb
as part of the u-boot build flow.

The other task is to add a make target for generating capsules. This
is being achieved by adding support for parsing a config file to get
the capsule generation parameters. Multiple payloads can be specified,
resulting in generation of multiple capsules with a single invocation
of the command. The path to the config file is to be specified through
a Kconfig symbol(CONFIG_EFI_CAPSULE_CFG_FILE).

Changes have also been made to the efi capsule test setup, whereby,
with the above config symbol having been populated, the capsule files
are generated through the make capsule command. The requisite config
file has been placed under the test/py/tests/test_efi_capsule/
directory, which results in generation of the same set of capsule
files.

Currently, the capsule authentication feature is tested on the sandbox
and sandbox_flattree variants. The capsule generation through config
file is enabled for the sandbox variant, with the sandbox_flattree
variant generating capsules through the command-line parameters.

The document has been updated to reflect the above changes.

Sughosh Ganu (7):
  capsule: authenticate: Embed capsule public key in platform's dtb
  test: py: Generate capsule keys prior to building u-boot
  doc: capsule: Document the new mechanism to embed ESL file into dtb
  tools: mkeficapsule: Add support for parsing capsule params from
    config file
  Makefile: Add a target for building capsules
  test: efi_capsule: Test capsule generation from config file
  doc: Add documentation to describe capsule config file format

 Makefile                                      |   9 +
 configs/sandbox_defconfig                     |   2 +
 configs/sandbox_flattree_defconfig            |   1 +
 doc/develop/uefi/uefi.rst                     |  83 ++++-
 lib/efi_loader/Kconfig                        |  11 +
 scripts/Makefile.lib                          |   8 +
 scripts/embed_capsule_key.sh                  |  25 ++
 test/py/conftest.py                           |  64 ++++
 test/py/tests/test_efi_capsule/conftest.py    | 144 ++++----
 .../test_efi_capsule/sandbox_capsule_cfg.txt  |  75 ++++
 test/py/tests/test_efi_capsule/signature.dts  |  10 -
 tools/Kconfig                                 |   9 +
 tools/Makefile                                |   1 +
 tools/eficapsule.h                            | 110 ++++++
 tools/mkeficapsule.c                          | 106 ++++--
 tools/mkeficapsule_parse.c                    | 345 ++++++++++++++++++
 16 files changed, 866 insertions(+), 137 deletions(-)
 create mode 100755 scripts/embed_capsule_key.sh
 create mode 100644 test/py/tests/test_efi_capsule/sandbox_capsule_cfg.txt
 delete mode 100644 test/py/tests/test_efi_capsule/signature.dts
 create mode 100644 tools/mkeficapsule_parse.c