From patchwork Sat Aug 12 05:57:15 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sughosh Ganu X-Patchwork-Id: 713182 Delivered-To: patch@linaro.org Received: by 2002:a5d:4012:0:b0:317:ecd7:513f with SMTP id n18csp240320wrp; Fri, 11 Aug 2023 22:57:49 -0700 (PDT) X-Google-Smtp-Source: AGHT+IE5T39DV0dexrVXbRg/KrgxMSNR8ZviBn5DHaXciPiI/AtWpB/94xE0mWAJmG1hfcfq9yTr X-Received: by 2002:a5d:4531:0:b0:317:6704:72c with SMTP id j17-20020a5d4531000000b003176704072cmr2752586wra.52.1691819869366; Fri, 11 Aug 2023 22:57:49 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1691819869; cv=none; d=google.com; s=arc-20160816; b=mLWplg0YTd1qCjDCZLiAAeoVbyS02Qt4Xkhpu+LPi6q8SXF6r8qg8mHdu9ZMP4Tcxr oHw2Y80CtbalRtBRceFVDh3JVlWMuxSB4KqROW1BGQd01WHR1/bnsN3ZnzedXyNu837N J4PLq8BrETqY9RFnkr8QrKlK+jTfhWwXMRIUaY7IGYcQjF1U0KpwIjOUWsMDDDSeIUVa VXUUYj//MRk1+tZ3Hi6WzCrBS+KBq4m+H8uK3VRtYI0SOLYqQE3c+aZgQ3z1Qvxu7NG+ J19DH3grK3I97xM6SmRGOJd0SLMlliKdWP3AHx9iJfoYfrYJAvudjgXgauEacq1XvoJb Y0Dw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:content-transfer-encoding :mime-version:message-id:date:subject:cc:to:from; bh=hs9GYXa1Px6TMaBCHq8HzFETJv64/2k5Zwh30sGYqqo=; fh=+VHZcQFytvjm817rO59VUXPZcjow18EhayO47FzvDvY=; b=LK2kF28q2k6Gnn+8kLnQrxIBqP0phrHVyGsiMIhWKG8KQHIzrEtV13nkpe3zevkpGf mb59axv5Se7l1+eSLUXS/BgSsam8pyciqMpucmwrzeiKmmEKS0jjhMOZVk51X3ZKFmM6 AHG81ms/BPgXK0Y8l/j2Hv9yAIjtqRECTElwIxpOWhN1BHq6FXFhytV1s1u4ihMhVy6J tHX92h0IJ/DTp6clICk/ARC/Fz08QD6RJ+CtF/6jki4SfLoLVdFQUONh4fmGdnNM1t9r ffJv90AD4RPYlgd+msmYpZVrEnjVsf+cuv9fqjELXzR+T5ETVJPx5s3kUxOT+vHZrwqc e5TQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 85.214.62.61 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from phobos.denx.de (phobos.denx.de. [85.214.62.61]) by mx.google.com with ESMTPS id m6-20020adffa06000000b003176f5ad2e2si3024106wrr.772.2023.08.11.22.57.48 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 11 Aug 2023 22:57:49 -0700 (PDT) Received-SPF: pass (google.com: domain of u-boot-bounces@lists.denx.de designates 85.214.62.61 as permitted sender) client-ip=85.214.62.61; Authentication-Results: mx.google.com; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 85.214.62.61 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 221A08694A; Sat, 12 Aug 2023 07:57:48 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=fail (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Received: by phobos.denx.de (Postfix, from userid 109) id 6CA9A8694B; Sat, 12 Aug 2023 07:57:47 +0200 (CEST) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-1.2 required=5.0 tests=BAYES_00,SPF_HELO_NONE, SPF_SOFTFAIL autolearn=no autolearn_force=no version=3.4.2 Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by phobos.denx.de (Postfix) with ESMTP id 4315686952 for ; Sat, 12 Aug 2023 07:57:45 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=fail (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=fail smtp.mailfrom=sughosh.ganu@linaro.org Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 923BA1042; Fri, 11 Aug 2023 22:58:26 -0700 (PDT) Received: from a076522.blr.arm.com (unknown [10.162.46.7]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id 10FF53F64C; Fri, 11 Aug 2023 22:57:41 -0700 (PDT) From: Sughosh Ganu To: u-boot@lists.denx.de Cc: Heinrich Schuchardt , Ilias Apalodimas , Simon Glass , Takahiro Akashi , Malte Schmidt , Michal Simek , Tom Rini Subject: [PATCH v9 00/10] Enable EFI capsule generation through binman Date: Sat, 12 Aug 2023 11:27:15 +0530 Message-Id: <20230812055725.252424-1-sughosh.ganu@linaro.org> X-Mailer: git-send-email 2.34.1 MIME-Version: 1.0 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.39 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.8 at phobos.denx.de X-Virus-Status: Clean This patch series adds support for generation of EFI capsules as part of u-boot build flow. The capsules can be generated as part of u-boot build, and this is being achieved through binman, by adding a capsule entry type. The parameters needed for capsule generation are specified as properties under the capsule entry node. Changes have also been made to the efi capsule update feature testing setup on the sandbox variants. Currently, the capsule files and the keys for testing capsule authentication are generated after u-boot has been built. As part of this patch series, the private and public keys along with the EFI Signature List(ESL) needed for testing the capsule update functionality on the sandbox plaform are placed in the board directory. The test logic has been changed so that the capsules which were generated as part of the test setup are now being generated as part of the build for sandbox platform. The document has been updated to reflect the above changes. Changes since V8: The following are changes per individual patches * New patch based on suggestions from Simon Glass. * Move the 'multiple-images' property to top level dts files. * Get sandbox_vpl's binman node to generate an image, with the above change. * New patch to build the capsule code for all sandbox variants. * Remove the type property by renaming the capsule nodes as 'efi-capsule'. * Remove mention of capsule generation through config file. Sughosh Ganu (10): binman: bintool: Build a tool from a list of commands nuvoton: npcm845-evb: Add a newline at the end of file sandbox: capsule: Add keys and certificates needed for capsule update testing sandbox: capsule: Enable EFI capsule module on sandbox variants btool: mkeficapsule: Add a bintool for EFI capsule generation binman: capsule: Add support for generating EFI capsules sandbox: binman: Add support for generating multiple images sandbox: capsule: Generate capsule related files through binman doc: Add documentation to highlight capsule generation related updates sandbox: trace: Increase trace buffer size .azure-pipelines.yml | 2 +- .gitlab-ci.yml | 2 +- arch/arm/dts/nuvoton-npcm845-evb.dts | 2 +- arch/sandbox/dts/sandbox.dts | 3 + arch/sandbox/dts/sandbox_capsule.dtsi | 315 ++++++++++++++++++ arch/sandbox/dts/sandbox_vpl.dtsi | 5 + arch/sandbox/dts/test.dts | 3 + board/sandbox/capsule_priv_key_bad.key | 28 ++ board/sandbox/capsule_priv_key_good.key | 28 ++ board/sandbox/capsule_pub_esl_good.esl | Bin 0 -> 831 bytes board/sandbox/capsule_pub_key_bad.crt | 19 ++ board/sandbox/capsule_pub_key_good.crt | 19 ++ configs/sandbox_noinst_defconfig | 2 + configs/sandbox_spl_defconfig | 2 + configs/sandbox_vpl_defconfig | 2 + doc/develop/uefi/uefi.rst | 16 + include/sandbox_efi_capsule.h | 21 ++ test/py/tests/test_efi_capsule/conftest.py | 155 +-------- .../tests/test_efi_capsule/uboot_bin_env.its | 36 -- test/py/tests/test_trace.py | 2 +- tools/binman/bintool.py | 19 +- tools/binman/btool/mkeficapsule.py | 101 ++++++ tools/binman/entries.rst | 64 ++++ tools/binman/etype/efi_capsule.py | 143 ++++++++ tools/binman/ftest.py | 118 +++++++ tools/binman/test/311_capsule.dts | 21 ++ tools/binman/test/312_capsule_signed.dts | 23 ++ tools/binman/test/313_capsule_version.dts | 22 ++ tools/binman/test/314_capsule_signed_ver.dts | 24 ++ tools/binman/test/315_capsule_oemflags.dts | 22 ++ tools/binman/test/316_capsule_missing_key.dts | 22 ++ .../binman/test/317_capsule_missing_index.dts | 20 ++ .../binman/test/318_capsule_missing_guid.dts | 19 ++ 33 files changed, 1093 insertions(+), 187 deletions(-) create mode 100644 arch/sandbox/dts/sandbox_capsule.dtsi create mode 100644 board/sandbox/capsule_priv_key_bad.key create mode 100644 board/sandbox/capsule_priv_key_good.key create mode 100644 board/sandbox/capsule_pub_esl_good.esl create mode 100644 board/sandbox/capsule_pub_key_bad.crt create mode 100644 board/sandbox/capsule_pub_key_good.crt create mode 100644 include/sandbox_efi_capsule.h delete mode 100644 test/py/tests/test_efi_capsule/uboot_bin_env.its create mode 100644 tools/binman/btool/mkeficapsule.py create mode 100644 tools/binman/etype/efi_capsule.py create mode 100644 tools/binman/test/311_capsule.dts create mode 100644 tools/binman/test/312_capsule_signed.dts create mode 100644 tools/binman/test/313_capsule_version.dts create mode 100644 tools/binman/test/314_capsule_signed_ver.dts create mode 100644 tools/binman/test/315_capsule_oemflags.dts create mode 100644 tools/binman/test/316_capsule_missing_key.dts create mode 100644 tools/binman/test/317_capsule_missing_index.dts create mode 100644 tools/binman/test/318_capsule_missing_guid.dts