From patchwork Mon Apr 10 09:07:31 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Masahisa Kojima X-Patchwork-Id: 672030 Delivered-To: patch@linaro.org Received: by 2002:a05:6000:184:0:0:0:0 with SMTP id p4csp151488wrx; Mon, 10 Apr 2023 02:07:21 -0700 (PDT) X-Google-Smtp-Source: AKy350ahgjMjYaoRC8VO+eom9xNDIJOJInb8xmfAxyTdj+oDr4zcYqqv+CBTOugZSdUmeT8pbgkE X-Received: by 2002:ac8:578b:0:b0:3e4:db72:2fe9 with SMTP id v11-20020ac8578b000000b003e4db722fe9mr15717582qta.36.1681117641734; Mon, 10 Apr 2023 02:07:21 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1681117641; cv=none; d=google.com; s=arc-20160816; b=dkF+A5lsaQDv6c+ltmwpX4F7XurxTsR2kqopXv3vFpkCFylicJ0nWmYJyv7KiRPdlC PMyMuXkpI/K9X4guHVwb6AsEdUQ7BW4Q7zp5wAg4JkwrvYyk2ru9Vx5fRvsBCzQxlqW6 ZB65sw45mW340HscPpxy2rEv5thxB1HfzlCXXkV7jTLqQRoEiJw8Xr5XDF86DjXuUDM0 lh0q7TpoVwTDEPb2kTf6jivN7vu5HrlyZW4pm3NmGj+HeqCek8mmhGV9L/RkqzQ/O8wL 2x9uadjCmCtYgjyUY973wk8H33ShVtAK0ZPsnvsPJzP4pU0iEMVm8przk33vJa4qAp02 LWhQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:references:in-reply-to :message-id:date:subject:cc:to:from:dkim-signature; bh=laqvbMIFVHCxf0D+6WhzWnSYDCqK3CrK04IQP/TDYVw=; b=IsaDQjZUlFXthy3Zf1zb4rKBJf85CgBIqBt0ESchAQGk8hrasV0qOIyGTD5RfirbxL TyHK5U+cxlDndRI3jze9SbZ+U897nlho8Ir/IQISsTDCqPjsMrZ0ROZ84yA1FzfTOi2e r7zSvbicEhMMI4sZqWozXNJ07YpEnOonBRdsVwicemE928ILtn5yppndymWeg5H3+KWS EjUVsR7TDp79naJaGnoIoS4e8obET56gBbSBIULqJv/N2b8uH6if4jP5dCbCpqHv+NsS PgVAtd2a6kOYoeYoPyG6QBiytPF29DrRCI0huXB32si7Tuzkv6JwfSek1n8WT1IaJRxv HEPQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=wAMyYUXN; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 85.214.62.61 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from phobos.denx.de (phobos.denx.de. [85.214.62.61]) by mx.google.com with ESMTPS id h2-20020a05620a244200b0074680b0320esi7368652qkn.520.2023.04.10.02.07.21 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 10 Apr 2023 02:07:21 -0700 (PDT) Received-SPF: pass (google.com: domain of u-boot-bounces@lists.denx.de designates 85.214.62.61 as permitted sender) client-ip=85.214.62.61; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=wAMyYUXN; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 85.214.62.61 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id BB97785798; Mon, 10 Apr 2023 11:06:56 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="wAMyYUXN"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id B095880B9E; Mon, 10 Apr 2023 11:06:44 +0200 (CEST) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-1.7 required=5.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED,SPF_HELO_NONE,SPF_PASS autolearn=no autolearn_force=no version=3.4.2 Received: from mail-pj1-x1036.google.com (mail-pj1-x1036.google.com [IPv6:2607:f8b0:4864:20::1036]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id 44C8B850CF for ; Mon, 10 Apr 2023 11:06:36 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=masahisa.kojima@linaro.org Received: by mail-pj1-x1036.google.com with SMTP id 60-20020a17090a09c200b0023fcc8ce113so6672032pjo.4 for ; Mon, 10 Apr 2023 02:06:36 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1681117594; x=1683709594; h=references:in-reply-to:message-id:date:subject:cc:to:from:from:to :cc:subject:date:message-id:reply-to; bh=laqvbMIFVHCxf0D+6WhzWnSYDCqK3CrK04IQP/TDYVw=; b=wAMyYUXN+FiFjEWRke456ycwYTMDfdgwlIthbVDXKo59EMxckeSuvKKgA691xfKVBS NTdR1LQTWf6wA0me3K1O1AmudVPxVffd2JQbg/I0BB/juWX43Qr92OTDtOlFxLFNEue6 qQAkU48aGCfSzaIvVQpmNM0xFK/WXragmg8+cjXinAmoEoV+1VXpKe2nlY3AQJP+/aeD VQV0oJTyYd9sVHXyUqBuAp7zIwlpAje3g7Xlnn/vxbd1TXmkFmBeqsldkkSBerdBNZ70 a2CthJHeicx2R7vnBZpg4cu15bMPyViw3py3fofuCPl9xX98Yh93AtEtoKT9rJD8QJ6r 1J3g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; t=1681117594; x=1683709594; h=references:in-reply-to:message-id:date:subject:cc:to:from :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=laqvbMIFVHCxf0D+6WhzWnSYDCqK3CrK04IQP/TDYVw=; b=FffuB7+SVOBncSvG/pNfPbitjYN/9Ti/SaPJOBVZ4NbFtiCRO1jOymATlyJAoIH35C Q498Q+9rGteMrVKjK07SdQ4ogXOYaTWIEXY8eKdnEDw6zdYF/wzXy9mE72Be6iCcN7Gy e3vcrsIqmM2F5BrGMkNKKtvKA8ddL5/IRLn1Z4ApAbIT6mvxn80huIi1SIMgE980Rtx5 52+RmPaFs/mxEP6Qs6blbxq9k6EYcBvXQQ8WgwNoIqWMjP//vvsnlrGH3yqL0YrR09j9 hqt02UEpr2SRssz5c/wzQ4aG50xOp0DciEvOU9qPAS6LrVA0pFjmBXJrwLw4pUiMos9W JO9A== X-Gm-Message-State: AAQBX9dxywQeI9q8bnrRtzDFx6oLM226fiBcl+7AkRAYa8qtMdxixRWT Pn4RFBfM9948T6kvd1OttYM4aq0JEHU4c0548zo= X-Received: by 2002:a17:90b:4b90:b0:246:9f27:fa6b with SMTP id lr16-20020a17090b4b9000b002469f27fa6bmr4330696pjb.37.1681117594419; Mon, 10 Apr 2023 02:06:34 -0700 (PDT) Received: from localhost.localdomain ([240d:1a:cf7:5800:82fa:5bff:fe4b:26b1]) by smtp.gmail.com with ESMTPSA id s15-20020a17090a5d0f00b0023f8bdc4a7fsm7189279pji.14.2023.04.10.02.06.32 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 10 Apr 2023 02:06:33 -0700 (PDT) From: Masahisa Kojima To: u-boot@lists.denx.de Cc: Heinrich Schuchardt , Ilias Apalodimas , Takahiro Akashi , Masahisa Kojima , Sughosh Ganu , Etienne Carriere Subject: [PATCH v5 3/4] mkeficapsule: add FMP Payload Header Date: Mon, 10 Apr 2023 18:07:31 +0900 Message-Id: <20230410090732.1676-4-masahisa.kojima@linaro.org> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20230410090732.1676-1-masahisa.kojima@linaro.org> References: <20230410090732.1676-1-masahisa.kojima@linaro.org> X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.39 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.8 at phobos.denx.de X-Virus-Status: Clean Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used in the current versioning support, the value stored in the device tree is used. Signed-off-by: Masahisa Kojima --- Changes in v5: - remove --lsv since we use the lowest_supported_version in the dtb Changes in v3: - remove '-f' option - move some definitions into tools/eficapsule.h - add dependency check of fw_version and lowest_supported_version - remove unexpected modification of existing fprintf() call - add documentation Newly created in v2 doc/mkeficapsule.1 | 10 ++++++++++ tools/eficapsule.h | 30 ++++++++++++++++++++++++++++++ tools/mkeficapsule.c | 37 +++++++++++++++++++++++++++++++++---- 3 files changed, 73 insertions(+), 4 deletions(-) diff --git a/doc/mkeficapsule.1 b/doc/mkeficapsule.1 index 1ca245a10f..c4c2057d5c 100644 --- a/doc/mkeficapsule.1 +++ b/doc/mkeficapsule.1 @@ -61,6 +61,16 @@ Specify an image index .BI "-I\fR,\fB --instance " instance Specify a hardware instance +.PP +FMP Payload Header is inserted right before the payload if +.BR --fw-version +is specified + + +.TP +.BI "-v\fR,\fB --fw-version " firmware-version +Specify a firmware version, 0 if omitted + .PP For generation of firmware accept empty capsule .BR --guid diff --git a/tools/eficapsule.h b/tools/eficapsule.h index 072a4b5598..753fb73313 100644 --- a/tools/eficapsule.h +++ b/tools/eficapsule.h @@ -113,4 +113,34 @@ struct efi_firmware_image_authentication { struct win_certificate_uefi_guid auth_info; } __packed; +/* fmp payload header */ +#define SIGNATURE_16(A, B) ((A) | ((B) << 8)) +#define SIGNATURE_32(A, B, C, D) \ + (SIGNATURE_16(A, B) | (SIGNATURE_16(C, D) << 16)) + +#define FMP_PAYLOAD_HDR_SIGNATURE SIGNATURE_32('M', 'S', 'S', '1') + +/** + * struct fmp_payload_header - EDK2 header for the FMP payload + * + * This structure describes the header which is preprended to the + * FMP payload by the edk2 capsule generation scripts. + * + * @signature: Header signature used to identify the header + * @header_size: Size of the structure + * @fw_version: Firmware versions used + * @lowest_supported_version: Lowest supported version (not used) + */ +struct fmp_payload_header { + uint32_t signature; + uint32_t header_size; + uint32_t fw_version; + uint32_t lowest_supported_version; +}; + +struct fmp_payload_header_params { + bool have_header; + uint32_t fw_version; +}; + #endif /* _EFI_CAPSULE_H */ diff --git a/tools/mkeficapsule.c b/tools/mkeficapsule.c index b71537beee..52be1f122e 100644 --- a/tools/mkeficapsule.c +++ b/tools/mkeficapsule.c @@ -41,6 +41,7 @@ static struct option options[] = { {"guid", required_argument, NULL, 'g'}, {"index", required_argument, NULL, 'i'}, {"instance", required_argument, NULL, 'I'}, + {"fw-version", required_argument, NULL, 'v'}, {"private-key", required_argument, NULL, 'p'}, {"certificate", required_argument, NULL, 'c'}, {"monotonic-count", required_argument, NULL, 'm'}, @@ -60,6 +61,7 @@ static void print_usage(void) "\t-g, --guid guid for image blob type\n" "\t-i, --index update image index\n" "\t-I, --instance update hardware instance\n" + "\t-v, --fw-version firmware version\n" "\t-p, --private-key private key file\n" "\t-c, --certificate signer's certificate file\n" "\t-m, --monotonic-count monotonic count\n" @@ -402,6 +404,7 @@ static void free_sig_data(struct auth_context *ctx) */ static int create_fwbin(char *path, char *bin, efi_guid_t *guid, unsigned long index, unsigned long instance, + struct fmp_payload_header_params *fmp_ph_params, uint64_t mcount, char *privkey_file, char *cert_file, uint16_t oemflags) { @@ -410,10 +413,11 @@ static int create_fwbin(char *path, char *bin, efi_guid_t *guid, struct efi_firmware_management_capsule_image_header image; struct auth_context auth_context; FILE *f; - uint8_t *data; + uint8_t *data, *new_data, *buf; off_t bin_size; uint64_t offset; int ret; + struct fmp_payload_header payload_header; #ifdef DEBUG fprintf(stderr, "For output: %s\n", path); @@ -423,6 +427,7 @@ static int create_fwbin(char *path, char *bin, efi_guid_t *guid, auth_context.sig_size = 0; f = NULL; data = NULL; + new_data = NULL; ret = -1; /* @@ -431,12 +436,30 @@ static int create_fwbin(char *path, char *bin, efi_guid_t *guid, if (read_bin_file(bin, &data, &bin_size)) goto err; + buf = data; + + /* insert fmp payload header right before the payload */ + if (fmp_ph_params->have_header) { + new_data = malloc(bin_size + sizeof(payload_header)); + if (!new_data) + goto err; + + payload_header.signature = FMP_PAYLOAD_HDR_SIGNATURE; + payload_header.header_size = sizeof(payload_header); + payload_header.fw_version = fmp_ph_params->fw_version; + payload_header.lowest_supported_version = 0; /* not used */ + memcpy(new_data, &payload_header, sizeof(payload_header)); + memcpy(new_data + sizeof(payload_header), data, bin_size); + buf = new_data; + bin_size += sizeof(payload_header); + } + /* first, calculate signature to determine its size */ if (privkey_file && cert_file) { auth_context.key_file = privkey_file; auth_context.cert_file = cert_file; auth_context.auth.monotonic_count = mcount; - auth_context.image_data = data; + auth_context.image_data = buf; auth_context.image_size = bin_size; if (create_auth_data(&auth_context)) { @@ -536,7 +559,7 @@ static int create_fwbin(char *path, char *bin, efi_guid_t *guid, /* * firmware binary */ - if (write_capsule_file(f, data, bin_size, "Firmware binary")) + if (write_capsule_file(f, buf, bin_size, "Firmware binary")) goto err; ret = 0; @@ -545,6 +568,7 @@ err: fclose(f); free_sig_data(&auth_context); free(data); + free(new_data); return ret; } @@ -644,6 +668,7 @@ int main(int argc, char **argv) unsigned long oemflags; char *privkey_file, *cert_file; int c, idx; + struct fmp_payload_header_params fmp_ph_params = { 0 }; guid = NULL; index = 0; @@ -679,6 +704,10 @@ int main(int argc, char **argv) case 'I': instance = strtoul(optarg, NULL, 0); break; + case 'v': + fmp_ph_params.fw_version = strtoul(optarg, NULL, 0); + fmp_ph_params.have_header = true; + break; case 'p': if (privkey_file) { fprintf(stderr, @@ -751,7 +780,7 @@ int main(int argc, char **argv) exit(EXIT_FAILURE); } } else if (create_fwbin(argv[argc - 1], argv[argc - 2], guid, - index, instance, mcount, privkey_file, + index, instance, &fmp_ph_params, mcount, privkey_file, cert_file, (uint16_t)oemflags) < 0) { fprintf(stderr, "Creating firmware capsule failed\n"); exit(EXIT_FAILURE);