From patchwork Sat Aug 12 15:30:14 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sughosh Ganu X-Patchwork-Id: 713193 Delivered-To: patch@linaro.org Received: by 2002:a5d:4012:0:b0:317:ecd7:513f with SMTP id n18csp428142wrp; Sat, 12 Aug 2023 08:30:46 -0700 (PDT) X-Google-Smtp-Source: AGHT+IHUPZ/RemjGeoF4Pq5qfjYnsaQCvEUd5PZ9O0KijuaZvX4thgiWA6kFPDS7nwtcPsyhYXOC X-Received: by 2002:adf:facf:0:b0:313:f347:eea0 with SMTP id a15-20020adffacf000000b00313f347eea0mr3288575wrs.60.1691854246399; Sat, 12 Aug 2023 08:30:46 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1691854246; cv=none; d=google.com; s=arc-20160816; b=flWOAHYcdje0lIVTMdkU43L33zLRTiElDwbHMqIJiqRcCGAijSIrKT7Th+XsOhOY8X Wz8d9Ssf8RjOfivK7rbtH87dFXNrJVC4opVIA/7vCeqbLMiMLXQLgUAvnIQVO5tW4pRV N6pMtzG+DicI/MKjE1wd8D9bzdHelKaQko+YXEUTILIOu8me6N7dGdC/S+8S2NYflv/i hV+M3jtlwXXiiu8pJfjftYrM4Ze3l0jvcawhDIQZg6Xtc46HBUH+kjXYwdFHtRzgVuij PNlFn9v8qlTyzN+APDstPJNCsO89RDgjGNNVVkoxKcd8IgQEeNE2v1M42Dnb6I6YMeoT JIQA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:content-transfer-encoding :mime-version:message-id:date:subject:cc:to:from; bh=EdiDI9/tmXVxSdbfyKZhyBzhmHeI1s8oBAPSq0LT/2w=; fh=+VHZcQFytvjm817rO59VUXPZcjow18EhayO47FzvDvY=; b=zufMq1y5CovskKe7d6Smq1N5Ce070PmvIGt6PlnIW1vozyTu/LowRVBWBQcO/tt4+z 1NttkIKPNm+OI4DD+MYmz268Fd9ui6CYcRl0w4LNnfHtUeekyCoqDrh2DcTpLHfHGxA2 SCxrhOr2rH8FVhMREUBWu5QtOkZ81502dpeNRCyRC4NeeO/mfLHnDYHRFIvia3+spgaR CCeec+mj93+oyVbL/PRlhPvraCmG+zbH5HF7JJnHFk3YpkRaWmk4aEYsJtS8lNVJvgUC Gp3vGCjV4F/PYq5z2QjR+5KKjwwhitLPjSmyjFLnBC4ysxIcsV2fmBF03UqjSV5Si6ik lE9A== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from phobos.denx.de (phobos.denx.de. [2a01:238:438b:c500:173d:9f52:ddab:ee01]) by mx.google.com with ESMTPS id y14-20020adffa4e000000b0031434936f3csi3342351wrr.44.2023.08.12.08.30.45 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 12 Aug 2023 08:30:46 -0700 (PDT) Received-SPF: pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) client-ip=2a01:238:438b:c500:173d:9f52:ddab:ee01; Authentication-Results: mx.google.com; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 1B6A486281; Sat, 12 Aug 2023 17:30:45 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=fail (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Received: by phobos.denx.de (Postfix, from userid 109) id 7F76E862EB; Sat, 12 Aug 2023 17:30:44 +0200 (CEST) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-1.2 required=5.0 tests=BAYES_00,SPF_HELO_NONE, SPF_SOFTFAIL autolearn=no autolearn_force=no version=3.4.2 Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by phobos.denx.de (Postfix) with ESMTP id 4D8DE861E1 for ; Sat, 12 Aug 2023 17:30:42 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=fail (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=fail smtp.mailfrom=sughosh.ganu@linaro.org Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 643721042; Sat, 12 Aug 2023 08:31:23 -0700 (PDT) Received: from a076522.blr.arm.com (a076522.blr.arm.com [10.162.46.7]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id C7ED53F6C4; Sat, 12 Aug 2023 08:30:38 -0700 (PDT) From: Sughosh Ganu To: u-boot@lists.denx.de Cc: Heinrich Schuchardt , Ilias Apalodimas , Simon Glass , Takahiro Akashi , Malte Schmidt , Michal Simek , Tom Rini Subject: [PATCH v10 00/10] Enable EFI capsule generation through binman Date: Sat, 12 Aug 2023 21:00:14 +0530 Message-Id: <20230812153024.334563-1-sughosh.ganu@linaro.org> X-Mailer: git-send-email 2.34.1 MIME-Version: 1.0 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.39 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.8 at phobos.denx.de X-Virus-Status: Clean This patch series adds support for generation of EFI capsules as part of U-Boot build flow. The capsules can be generated as part of U-Boot build, and this is being achieved through binman, by adding a capsule entry type. The parameters needed for capsule generation are specified as properties under the capsule entry node. Changes have also been made to the efi capsule update feature testing setup on the sandbox variants. Currently, the capsule files and the keys for testing capsule authentication are generated after U-Boot has been built. As part of this patch series, the private and public keys along with the EFI Signature List(ESL) needed for testing the capsule update functionality on the sandbox plaform are placed in the board directory. The test logic has been changed so that the capsules which were generated as part of the test setup are now being generated as part of the build for sandbox platform. The document has been updated to reflect the above changes. Changes since V9: * s/u-boot/U-Boot/ * Add a link to the binman capsule entry type documentation as suggested by Simon Glass. Sughosh Ganu (10): binman: bintool: Build a tool from a list of commands nuvoton: npcm845-evb: Add a newline at the end of file sandbox: capsule: Add keys and certificates needed for capsule update testing sandbox: capsule: Enable EFI capsule module on sandbox variants btool: mkeficapsule: Add a bintool for EFI capsule generation binman: capsule: Add support for generating EFI capsules sandbox: binman: Add support for generating multiple images sandbox: capsule: Generate capsule related files through binman doc: Add documentation to highlight capsule generation related updates sandbox: trace: Increase trace buffer size .azure-pipelines.yml | 2 +- .gitlab-ci.yml | 2 +- arch/arm/dts/nuvoton-npcm845-evb.dts | 2 +- arch/sandbox/dts/sandbox.dts | 3 + arch/sandbox/dts/sandbox_capsule.dtsi | 315 ++++++++++++++++++ arch/sandbox/dts/sandbox_vpl.dtsi | 5 + arch/sandbox/dts/test.dts | 3 + board/sandbox/capsule_priv_key_bad.key | 28 ++ board/sandbox/capsule_priv_key_good.key | 28 ++ board/sandbox/capsule_pub_esl_good.esl | Bin 0 -> 831 bytes board/sandbox/capsule_pub_key_bad.crt | 19 ++ board/sandbox/capsule_pub_key_good.crt | 19 ++ configs/sandbox_noinst_defconfig | 2 + configs/sandbox_spl_defconfig | 2 + configs/sandbox_vpl_defconfig | 2 + doc/develop/uefi/uefi.rst | 17 + include/sandbox_efi_capsule.h | 21 ++ test/py/tests/test_efi_capsule/conftest.py | 155 +-------- .../tests/test_efi_capsule/uboot_bin_env.its | 36 -- test/py/tests/test_trace.py | 2 +- tools/binman/bintool.py | 19 +- tools/binman/btool/mkeficapsule.py | 101 ++++++ tools/binman/entries.rst | 64 ++++ tools/binman/etype/efi_capsule.py | 143 ++++++++ tools/binman/ftest.py | 118 +++++++ tools/binman/test/311_capsule.dts | 21 ++ tools/binman/test/312_capsule_signed.dts | 23 ++ tools/binman/test/313_capsule_version.dts | 22 ++ tools/binman/test/314_capsule_signed_ver.dts | 24 ++ tools/binman/test/315_capsule_oemflags.dts | 22 ++ tools/binman/test/316_capsule_missing_key.dts | 22 ++ .../binman/test/317_capsule_missing_index.dts | 20 ++ .../binman/test/318_capsule_missing_guid.dts | 19 ++ 33 files changed, 1094 insertions(+), 187 deletions(-) create mode 100644 arch/sandbox/dts/sandbox_capsule.dtsi create mode 100644 board/sandbox/capsule_priv_key_bad.key create mode 100644 board/sandbox/capsule_priv_key_good.key create mode 100644 board/sandbox/capsule_pub_esl_good.esl create mode 100644 board/sandbox/capsule_pub_key_bad.crt create mode 100644 board/sandbox/capsule_pub_key_good.crt create mode 100644 include/sandbox_efi_capsule.h delete mode 100644 test/py/tests/test_efi_capsule/uboot_bin_env.its create mode 100644 tools/binman/btool/mkeficapsule.py create mode 100644 tools/binman/etype/efi_capsule.py create mode 100644 tools/binman/test/311_capsule.dts create mode 100644 tools/binman/test/312_capsule_signed.dts create mode 100644 tools/binman/test/313_capsule_version.dts create mode 100644 tools/binman/test/314_capsule_signed_ver.dts create mode 100644 tools/binman/test/315_capsule_oemflags.dts create mode 100644 tools/binman/test/316_capsule_missing_key.dts create mode 100644 tools/binman/test/317_capsule_missing_index.dts create mode 100644 tools/binman/test/318_capsule_missing_guid.dts