From patchwork Tue Aug 1 17:40:10 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sughosh Ganu X-Patchwork-Id: 708738 Delivered-To: patch@linaro.org Received: by 2002:a5d:55c5:0:b0:317:2194:b2bc with SMTP id i5csp472818wrw; Tue, 1 Aug 2023 10:40:53 -0700 (PDT) X-Google-Smtp-Source: APBJJlFTfy3v+CuFY1MS/Ku+wZrt+sCeMf0bf1BJ9EYU93R55qjBIbJ/Vntkz/9itSY+c1xKI4aQ X-Received: by 2002:a05:6000:1082:b0:313:f957:fc0c with SMTP id y2-20020a056000108200b00313f957fc0cmr2936775wrw.47.1690911653008; Tue, 01 Aug 2023 10:40:53 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1690911652; cv=none; d=google.com; s=arc-20160816; b=GQsF+VYJs9uLUa8kdnf+5hYzo7pDGDzJagm38Qj4wz9+ti6r1cnUSZrfhZqUv3555Z PMw7qHo5bhPLe6p1Cy1f/teoA3qsqDideygTkGQFPMmSZ2LnTAnmWvkHX74AjXa++0Za yBpzNfuzkddtDcKQqaTFwzXQLG7hmgGp8JlwEdqMFO7eHHyzdDmdBRtR6GVX3/0ztwLH 2SJg6tuKUe+8Rbf0bhUDX6QGYnszUNvBZ4U2g/lS4HYYMo8CGzhed4ge1tSw+lpwjEd1 lTMjQsdhuFe8KmVVTa/T3/nNVwlP9w7kcTbgAv9IV3BPlsKZ7/5osXOuhvwg6yp8PUWM vJ7g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:content-transfer-encoding :mime-version:references:in-reply-to:message-id:date:subject:cc:to :from; bh=oUe1jCr6OyqmAjtFGYJddTK5ueGQ3NRl9nv9QsWGZqo=; fh=pvWoYJ8DnC9IyTD46q2s71hlWpPSBdE/YYp0/eyIYcc=; b=Te2X2OKx4u0qMKsYC1fptO1ErC32RLQpEAmAHbSWJ9IAAO8nQkfWUWJtxO/utNR+TH DZvSowJuh/vGHadi39QoCk7GrfZlHNVu0bpHFlitEwn49ekB8OyIyTmG6uNiXBsYgi3h g4AbdZ2KwGt3s+X/pbEtnIJuu+ombqOc3QNRsyUwnNk/H0PW5lg1Y/3ID2NWnxZEQAtm ZjXgvbQq5cYPdr4FU2+nhgVNGPX6L22pmL2oMJyDXOYPRMxXXgoIaGZJGINIb4Wb+bGv 9GGF7QKs22wsGPgiRkpwGK6A7FU3A3wW0nE3qJU9fV5UfRDHIGXTxMHtktMYQj4FUwzZ IjUQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from phobos.denx.de (phobos.denx.de. [2a01:238:438b:c500:173d:9f52:ddab:ee01]) by mx.google.com with ESMTPS id t15-20020a5d49cf000000b003179e275374si2803305wrs.114.2023.08.01.10.40.52 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 01 Aug 2023 10:40:52 -0700 (PDT) Received-SPF: pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) client-ip=2a01:238:438b:c500:173d:9f52:ddab:ee01; Authentication-Results: mx.google.com; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 0EB5D86C54; Tue, 1 Aug 2023 19:40:45 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=fail (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Received: by phobos.denx.de (Postfix, from userid 109) id 2D5CB86CA3; Tue, 1 Aug 2023 19:40:44 +0200 (CEST) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-1.2 required=5.0 tests=BAYES_00,SPF_HELO_NONE, SPF_SOFTFAIL,T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=3.4.2 Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by phobos.denx.de (Postfix) with ESMTP id 1471586B09 for ; Tue, 1 Aug 2023 19:40:42 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=fail (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=fail smtp.mailfrom=sughosh.ganu@linaro.org Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id EF93AD75; Tue, 1 Aug 2023 10:41:24 -0700 (PDT) Received: from a076522.blr.arm.com (unknown [10.162.46.7]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id A0CBC3F59C; Tue, 1 Aug 2023 10:40:38 -0700 (PDT) From: Sughosh Ganu To: u-boot@lists.denx.de Cc: Heinrich Schuchardt , Ilias Apalodimas , Simon Glass , Takahiro Akashi , Malte Schmidt , Michal Simek , Tom Rini , Sughosh Ganu Subject: [PATCH v6 1/9] binman: bintool: Build a tool from a list of commands Date: Tue, 1 Aug 2023 23:10:10 +0530 Message-Id: <20230801174018.1342555-2-sughosh.ganu@linaro.org> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20230801174018.1342555-1-sughosh.ganu@linaro.org> References: <20230801174018.1342555-1-sughosh.ganu@linaro.org> MIME-Version: 1.0 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.39 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.8 at phobos.denx.de X-Virus-Status: Clean Add support to build a tool from source with a list of commands. This is useful when a tool can be built with multiple commands instead of a single command. Signed-off-by: Sughosh Ganu Reviewed-by: Simon Glass --- Changes since V5: None tools/binman/bintool.py | 19 +++++++++++-------- 1 file changed, 11 insertions(+), 8 deletions(-) diff --git a/tools/binman/bintool.py b/tools/binman/bintool.py index 0b0f56dbbb..3c4ad1adbb 100644 --- a/tools/binman/bintool.py +++ b/tools/binman/bintool.py @@ -328,7 +328,7 @@ class Bintool: return result.stdout @classmethod - def build_from_git(cls, git_repo, make_target, bintool_path, flags=None): + def build_from_git(cls, git_repo, make_targets, bintool_path, flags=None): """Build a bintool from a git repo This clones the repo in a temporary directory, builds it with 'make', @@ -336,7 +336,8 @@ class Bintool: Args: git_repo (str): URL of git repo - make_target (str): Target to pass to 'make' to build the tool + make_targets (list of str): List of targets to pass to 'make' to build + the tool bintool_path (str): Relative path of the tool in the repo, after build is complete flags (list of str): Flags or variables to pass to make, or None @@ -350,12 +351,14 @@ class Bintool: tmpdir = tempfile.mkdtemp(prefix='binmanf.') print(f"- clone git repo '{git_repo}' to '{tmpdir}'") tools.run('git', 'clone', '--depth', '1', git_repo, tmpdir) - print(f"- build target '{make_target}'") - cmd = ['make', '-C', tmpdir, '-j', f'{multiprocessing.cpu_count()}', - make_target] - if flags: - cmd += flags - tools.run(*cmd) + for target in make_targets: + print(f"- build target '{target}'") + cmd = ['make', '-C', tmpdir, '-j', f'{multiprocessing.cpu_count()}', + target] + if flags: + cmd += flags + tools.run(*cmd) + fname = os.path.join(tmpdir, bintool_path) if not os.path.exists(fname): print(f"- File '{fname}' was not produced") From patchwork Tue Aug 1 17:40:11 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sughosh Ganu X-Patchwork-Id: 708739 Delivered-To: patch@linaro.org Received: by 2002:a5d:55c5:0:b0:317:2194:b2bc with SMTP id i5csp472876wrw; Tue, 1 Aug 2023 10:41:02 -0700 (PDT) X-Google-Smtp-Source: APBJJlHw3EcuT102E0rLiesrtLPtbTn14zD49Rmxx2g0v+AwrvpK7kLm3w5+nqNTdcRXY7LODETm X-Received: by 2002:adf:f849:0:b0:317:3f70:9dc4 with SMTP id d9-20020adff849000000b003173f709dc4mr2992860wrq.31.1690911662655; Tue, 01 Aug 2023 10:41:02 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1690911662; cv=none; d=google.com; s=arc-20160816; b=NY9jES0QWEKuXvN3UoCRfw1qfnwtg3xI9Y4IweKYFwPCR/JN0goeTqoxeVyt3Hiqf3 JkTqhYnbi/uBK5Lmkzh2MJkClAa1G7KMd90xyjcQgDxDjq8kDHkDuVIBWGrPTWiHTRaZ l/92WlsVq283L00waVdEfoY1egpflmAJ4ypb0Dw3/WANWWCfPBFabRd80j21phuAVtg3 BCb8pRIItRZ1Yud60mZq49WukbLusL0zf3dsDZUvf9TGbkY74UXQfcPl7QhZX77xS+1o jkGxwMjRSov4kDwtmbLs5HKc7BpiUgh613Nd+dlNNWMEsmyFZLkVrL4zFNT7faFsjV5X 0kjA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:content-transfer-encoding :mime-version:references:in-reply-to:message-id:date:subject:cc:to :from; bh=ETBrc1VW3SzxnZ2pU5OHRpWQdgXsSGEGyjmyJVO7FZ0=; fh=pvWoYJ8DnC9IyTD46q2s71hlWpPSBdE/YYp0/eyIYcc=; b=pBzczGsJPxxaYJbFWgk+Ka1vR+WnnvvOLwMSIgMY7+qGVLPVIZPeL/PlLdIRY1LqVC 81GnEFBI4pVl1QSdu8TE8M40TKtwCNxiUKdyoKxLFvf0sB6qt78evkQe7B6HsLF7iMl4 J53jS8QxrhLsCevkNgPf4G3kXn6EU98vmtS96yM/M57VG6v9h2ijWlhIYgy5EVSLbRoR RRa0eX7vEm8/oU2jobQlIbq7bZqRPlRMdzas1RPml9JpFnvRnymGAl/dXuKrWJZ1ziXM UGzFTYrl9bl3pAM827jbgwxmYIBThKs3hI53aArnUAnppG+85dXHYVvhJnFSy6Yy+osU rKpA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 85.214.62.61 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from phobos.denx.de (phobos.denx.de. [85.214.62.61]) by mx.google.com with ESMTPS id v8-20020adfebc8000000b003110500a5dcsi6003322wrn.82.2023.08.01.10.41.02 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 01 Aug 2023 10:41:02 -0700 (PDT) Received-SPF: pass (google.com: domain of u-boot-bounces@lists.denx.de designates 85.214.62.61 as permitted sender) client-ip=85.214.62.61; Authentication-Results: mx.google.com; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 85.214.62.61 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id D81B286CA6; Tue, 1 Aug 2023 19:40:47 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=fail (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Received: by phobos.denx.de (Postfix, from userid 109) id 5C83286B09; Tue, 1 Aug 2023 19:40:47 +0200 (CEST) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-1.2 required=5.0 tests=BAYES_00,SPF_HELO_NONE, SPF_SOFTFAIL,T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=3.4.2 Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by phobos.denx.de (Postfix) with ESMTP id 4852586CA6 for ; Tue, 1 Aug 2023 19:40:45 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=fail (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=fail smtp.mailfrom=sughosh.ganu@linaro.org Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 2A9C61063; Tue, 1 Aug 2023 10:41:28 -0700 (PDT) Received: from a076522.blr.arm.com (unknown [10.162.46.7]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id CF5783F59C; Tue, 1 Aug 2023 10:40:41 -0700 (PDT) From: Sughosh Ganu To: u-boot@lists.denx.de Cc: Heinrich Schuchardt , Ilias Apalodimas , Simon Glass , Takahiro Akashi , Malte Schmidt , Michal Simek , Tom Rini , Sughosh Ganu Subject: [PATCH v6 2/9] nuvoton: npcm845-evb: Add a newline at the end of file Date: Tue, 1 Aug 2023 23:10:11 +0530 Message-Id: <20230801174018.1342555-3-sughosh.ganu@linaro.org> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20230801174018.1342555-1-sughosh.ganu@linaro.org> References: <20230801174018.1342555-1-sughosh.ganu@linaro.org> MIME-Version: 1.0 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.39 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.8 at phobos.denx.de X-Virus-Status: Clean Add a newline at the end of the dts, without which the build fails when including the u-boot.dtsi file. Signed-off-by: Sughosh Ganu Reviewed-by: Simon Glass Reviewed-by: Ilias Apalodimas --- Changes since V5: None arch/arm/dts/nuvoton-npcm845-evb.dts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/arm/dts/nuvoton-npcm845-evb.dts b/arch/arm/dts/nuvoton-npcm845-evb.dts index 3cab7807e3..a93666cb41 100644 --- a/arch/arm/dts/nuvoton-npcm845-evb.dts +++ b/arch/arm/dts/nuvoton-npcm845-evb.dts @@ -354,4 +354,4 @@ &r1en_pins &r1oen_pins >; -}; \ No newline at end of file +}; From patchwork Tue Aug 1 17:40:12 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sughosh Ganu X-Patchwork-Id: 708740 Delivered-To: patch@linaro.org Received: by 2002:a5d:55c5:0:b0:317:2194:b2bc with SMTP id i5csp472931wrw; Tue, 1 Aug 2023 10:41:12 -0700 (PDT) X-Google-Smtp-Source: APBJJlGElsXJUje8GF8vwdDy31r+DiYoH1lJiuXHALNFiYpBDkuTYwTI0CuT/bwALCV9KU1m3xKz X-Received: by 2002:a7b:cbd8:0:b0:3fb:40ff:1cba with SMTP id n24-20020a7bcbd8000000b003fb40ff1cbamr2883414wmi.6.1690911672647; Tue, 01 Aug 2023 10:41:12 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1690911672; cv=none; d=google.com; s=arc-20160816; b=IRkifd8b/YD653EpFEBrIb56y7JsO0X4oD1ECDkMJvV2WvYc1ZvYfQZRzyCsEg/7f3 qKOZCgUddvr/dVAwNnIsoCYVgw5BwGw7i1iQqK15LRf6Zf79ICXUEA+gLJuHLMIUBmj4 19BmdCmaZgsf5F4PCv31/T0VihLgYKITEWOVD4WfW7Vhatr1Y+ABAWG8Fw5mzs78dEHc RwwuITdS2Nh0HPr/p2BxnA5uXCaA5PykJfyt453ucYyu0xSCbxOOajyTvWbTSN9vQ7mk PfnQgPP3KlWsAeZ1OqP5kDdooyo7F6ioiG3c/nD33optz0aF10IGEjBrpwh3fpE1KjKi oADQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:content-transfer-encoding :mime-version:references:in-reply-to:message-id:date:subject:cc:to :from; bh=5wslOK67md33IyZT007tZh5tEYPQZjMPCs94cEUA4AY=; fh=pvWoYJ8DnC9IyTD46q2s71hlWpPSBdE/YYp0/eyIYcc=; b=WsouLLUZzLX6uumjSfR5wz/3vuNOc9b/0snVWnf6lMw2b8aslqVCCllXl9Zjsq/3HU GiaEQcv1I4QJdUwkMsUA9CwVB6QI6mweESF1MlBuAu56FbVdaPmOWY4SXRRW/S1dlNqT L9p/Y8VA6cN1JibEX8keY5j4YZI++OmcOHGraINIWJLHL2db28cRMMHkAVl3o3CkdWDE v0ztOZrNM7eSlU6fhBBQbc5eS08fbvD8V9hVIj19mhcrh8+PUwlMjN32r5EfXGxSCVk4 QdEc2cF04ZLrWWIwTsEn/RmzvadFpVM3jL4CQIqRXyCBR99LYZ8cWqQgKm35+/cix/ca nx8Q== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from phobos.denx.de (phobos.denx.de. [2a01:238:438b:c500:173d:9f52:ddab:ee01]) by mx.google.com with ESMTPS id du12-20020a05600c634c00b003fe1fee6a86si2947197wmb.74.2023.08.01.10.41.12 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 01 Aug 2023 10:41:12 -0700 (PDT) Received-SPF: pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) client-ip=2a01:238:438b:c500:173d:9f52:ddab:ee01; Authentication-Results: mx.google.com; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 82F9086CAC; Tue, 1 Aug 2023 19:40:52 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=fail (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Received: by phobos.denx.de (Postfix, from userid 109) id 2FC1A86B09; Tue, 1 Aug 2023 19:40:51 +0200 (CEST) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-1.2 required=5.0 tests=BAYES_00,SPF_HELO_NONE, SPF_SOFTFAIL,T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=3.4.2 Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by phobos.denx.de (Postfix) with ESMTP id 704F586CB5 for ; Tue, 1 Aug 2023 19:40:48 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=fail (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=fail smtp.mailfrom=sughosh.ganu@linaro.org Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 597C4D75; Tue, 1 Aug 2023 10:41:31 -0700 (PDT) Received: from a076522.blr.arm.com (unknown [10.162.46.7]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id 0A5D53F59C; Tue, 1 Aug 2023 10:40:44 -0700 (PDT) From: Sughosh Ganu To: u-boot@lists.denx.de Cc: Heinrich Schuchardt , Ilias Apalodimas , Simon Glass , Takahiro Akashi , Malte Schmidt , Michal Simek , Tom Rini , Sughosh Ganu Subject: [PATCH v6 3/9] capsule: authenticate: Add capsule public key in platform's dtb Date: Tue, 1 Aug 2023 23:10:12 +0530 Message-Id: <20230801174018.1342555-4-sughosh.ganu@linaro.org> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20230801174018.1342555-1-sughosh.ganu@linaro.org> References: <20230801174018.1342555-1-sughosh.ganu@linaro.org> MIME-Version: 1.0 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.39 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.8 at phobos.denx.de X-Virus-Status: Clean The EFI capsule authentication logic in u-boot expects the public key in the form of an EFI Signature List(ESL) to be provided as part of the platform's dtb. Currently, the embedding of the ESL file into the dtb needs to be done manually. Add a signature node in the u-boot dtsi file and include the public key through the capsule-key property. This file is per architecture, and is currently being added for sandbox and arm architectures. It will have to be added for other architectures which need to enable capsule authentication support. The path to the ESL file is specified through the CONFIG_EFI_CAPSULE_ESL_FILE symbol. Signed-off-by: Sughosh Ganu --- Changes since V5: * None arch/arm/dts/u-boot.dtsi | 14 ++++++++++++++ arch/sandbox/dts/u-boot.dtsi | 17 +++++++++++++++++ lib/efi_loader/Kconfig | 9 +++++++++ 3 files changed, 40 insertions(+) create mode 100644 arch/arm/dts/u-boot.dtsi create mode 100644 arch/sandbox/dts/u-boot.dtsi diff --git a/arch/arm/dts/u-boot.dtsi b/arch/arm/dts/u-boot.dtsi new file mode 100644 index 0000000000..4f31da4521 --- /dev/null +++ b/arch/arm/dts/u-boot.dtsi @@ -0,0 +1,14 @@ +// SPDX-License-Identifier: GPL-2.0+ +/** + * Devicetree file with miscellaneous nodes that will be included + * at build time into the DTB. Currently being used for including + * capsule related information. + */ + +#ifdef CONFIG_EFI_CAPSULE_AUTHENTICATE +/ { + signature { + capsule-key = /incbin/(CONFIG_EFI_CAPSULE_ESL_FILE); + }; +}; +#endif /* CONFIG_EFI_CAPSULE_AUTHENTICATE */ diff --git a/arch/sandbox/dts/u-boot.dtsi b/arch/sandbox/dts/u-boot.dtsi new file mode 100644 index 0000000000..60bd004937 --- /dev/null +++ b/arch/sandbox/dts/u-boot.dtsi @@ -0,0 +1,17 @@ +// SPDX-License-Identifier: GPL-2.0+ +/* + * Devicetree file with miscellaneous nodes that will be included + * at build time into the DTB. Currently being used for including + * capsule related information. + * + */ + +#ifdef CONFIG_EFI_HAVE_CAPSULE_SUPPORT +/ { +#ifdef CONFIG_EFI_CAPSULE_AUTHENTICATE + signature { + capsule-key = /incbin/(CONFIG_EFI_CAPSULE_ESL_FILE); + }; +#endif +}; +#endif /* CONFIG_EFI_HAVE_CAPSULE_SUPPORT */ diff --git a/lib/efi_loader/Kconfig b/lib/efi_loader/Kconfig index a22e47616f..0d559ff3a1 100644 --- a/lib/efi_loader/Kconfig +++ b/lib/efi_loader/Kconfig @@ -235,6 +235,15 @@ config EFI_CAPSULE_MAX Select the max capsule index value used for capsule report variables. This value is used to create CapsuleMax variable. +config EFI_CAPSULE_ESL_FILE + string "Path to the EFI Signature List File" + default "" + depends on EFI_CAPSULE_AUTHENTICATE + help + Provides the absolute path to the EFI Signature List file which + will be embedded in the platform's device tree and used for + capsule authentication at the time of capsule update. + config EFI_DEVICE_PATH_TO_TEXT bool "Device path to text protocol" default y From patchwork Tue Aug 1 17:40:13 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sughosh Ganu X-Patchwork-Id: 708741 Delivered-To: patch@linaro.org Received: by 2002:a5d:55c5:0:b0:317:2194:b2bc with SMTP id i5csp473014wrw; Tue, 1 Aug 2023 10:41:24 -0700 (PDT) X-Google-Smtp-Source: APBJJlFLyxWptyMxT354n0O75oGF3PDrev23xZx2hj+8dUorlwW9dILXIypMeHNi6Hmm4hUxKSBE X-Received: by 2002:adf:ecc8:0:b0:313:f5e9:13ec with SMTP id s8-20020adfecc8000000b00313f5e913ecmr3148007wro.68.1690911683929; Tue, 01 Aug 2023 10:41:23 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1690911683; cv=none; d=google.com; s=arc-20160816; b=ILsHywbdrgDhCIODjPeVA61wGCJc2Wqc+uNWBkykcNLai3BS/W7xwIbHnEezGYMLKH E85i+EK79/iNBRL5e3kZbOPoAB9mURV412tEl3CUJCCVSo8kAMl346kPz0KEYU3QyJJR 6SY/gZ2wtb7vT7olgW+/o9/R6Tk9/VYBcYwtus+cJ6q83Q/AKGXElgJpxcsqV8kHkJZt s/LHOSqZlrpfv0fFwqaFlbOYPvJIJkyzUIbt+w2j6uGB3nsO4TiH0qv/g2uVnmxOI41+ Oemg17pUjUtdGcpuQDr7/8gTwvgaWeoJTcUbTGiPFkPBbaYwUlxs3IDXVWifRTYEhXNv vP5g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:content-transfer-encoding :mime-version:references:in-reply-to:message-id:date:subject:cc:to :from; bh=ad7jx8Wd9Q6yjPOILr7qx/SVjxaGCt7EakK16++eVzQ=; fh=pvWoYJ8DnC9IyTD46q2s71hlWpPSBdE/YYp0/eyIYcc=; b=EdC5bzynip+JLoAog88MlSL5hcRwYrMRCY4hjOTw0gN4I2bO4Hfu+OygEtQAorrzfw bIbo3D8UvYo1NMo9hv1WOuPigjNB/cEXmikXpn7NPmvCtfL7pQd9NsnU0T+v+M6t7N3L ZlZ6KdfVhF99sk/BvxLVyNU/X0F0x8KrcIw7f1b4tDIzsLMTt1ldstiW9znK6bgJjlz8 xGvQHbbBG4NUuwDkmJKgJcgC1YMdMKk1/+FUWw7G3cEkOaM1/qlrwiefZM9Mjygi2LIB yIPLbTKB03DfAFEFA/ddZhICsZW+emb3AiX8PfuwsgQccbgpmtgAGWG6qvqnWE+fISjU S2kw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from phobos.denx.de (phobos.denx.de. [2a01:238:438b:c500:173d:9f52:ddab:ee01]) by mx.google.com with ESMTPS id a6-20020a5d5706000000b003093bde6e84si4912270wrv.540.2023.08.01.10.41.23 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 01 Aug 2023 10:41:23 -0700 (PDT) Received-SPF: pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) client-ip=2a01:238:438b:c500:173d:9f52:ddab:ee01; Authentication-Results: mx.google.com; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 360A186C8E; Tue, 1 Aug 2023 19:40:54 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=fail (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Received: by phobos.denx.de (Postfix, from userid 109) id 85BDE86CB1; Tue, 1 Aug 2023 19:40:53 +0200 (CEST) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-1.2 required=5.0 tests=BAYES_00,SPF_HELO_NONE, SPF_SOFTFAIL,T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=3.4.2 Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by phobos.denx.de (Postfix) with ESMTP id 70FD886B09 for ; Tue, 1 Aug 2023 19:40:51 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=fail (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=fail smtp.mailfrom=sughosh.ganu@linaro.org Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 8807AD75; Tue, 1 Aug 2023 10:41:34 -0700 (PDT) Received: from a076522.blr.arm.com (unknown [10.162.46.7]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id 3907D3F59C; Tue, 1 Aug 2023 10:40:47 -0700 (PDT) From: Sughosh Ganu To: u-boot@lists.denx.de Cc: Heinrich Schuchardt , Ilias Apalodimas , Simon Glass , Takahiro Akashi , Malte Schmidt , Michal Simek , Tom Rini , Sughosh Ganu Subject: [PATCH v6 4/9] doc: capsule: Document the new mechanism to embed ESL file into dtb Date: Tue, 1 Aug 2023 23:10:13 +0530 Message-Id: <20230801174018.1342555-5-sughosh.ganu@linaro.org> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20230801174018.1342555-1-sughosh.ganu@linaro.org> References: <20230801174018.1342555-1-sughosh.ganu@linaro.org> MIME-Version: 1.0 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.39 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.8 at phobos.denx.de X-Virus-Status: Clean Update the document to specify how the EFI Signature List(ESL) file can be embedded into the platform's dtb as part of the u-boot build. Signed-off-by: Sughosh Ganu Reviewed-by: Simon Glass --- Changes since V5: None doc/develop/uefi/uefi.rst | 22 +++++++++------------- 1 file changed, 9 insertions(+), 13 deletions(-) diff --git a/doc/develop/uefi/uefi.rst b/doc/develop/uefi/uefi.rst index a7a41f2fac..b2854b52a6 100644 --- a/doc/develop/uefi/uefi.rst +++ b/doc/develop/uefi/uefi.rst @@ -522,20 +522,16 @@ and used by the steps highlighted below. ... } -You can do step-4 manually with +You can perform step-4 by defining the Kconfig symbol +CONFIG_EFI_CAPSULE_ESL_FILE. Once this has been done, the signature +node can be added to the u-boot.dtsi file. For reference, check the +u-boot.dtsi file for the sandbox architecture. If this node has not +been added to the architecture's u-boot.dtsi file, this needs to be +done. The node has currently been added for the sandbox and arm +architectures' in the u-boot.dtsi file. Once the u-boot.dtsi file has +been added with the signature node, the esl file will automatically +get embedded into the platform's dtb as part of u-boot build. -.. code-block:: console - - $ dtc -@ -I dts -O dtb -o signature.dtbo signature.dts - $ fdtoverlay -i orig.dtb -o new.dtb -v signature.dtbo - -where signature.dts looks like:: - - &{/} { - signature { - capsule-key = /incbin/("CRT.esl"); - }; - }; Anti-rollback Protection ************************ From patchwork Tue Aug 1 17:40:14 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sughosh Ganu X-Patchwork-Id: 708742 Delivered-To: patch@linaro.org Received: by 2002:a5d:55c5:0:b0:317:2194:b2bc with SMTP id i5csp473083wrw; Tue, 1 Aug 2023 10:41:35 -0700 (PDT) X-Google-Smtp-Source: APBJJlFev86Lm5kDmCl2RX1OjJQ6Px4rg8nYZooUm9YYJ4HUAwoQFwq+KBa0tKbnvZzEToAwbaVg X-Received: by 2002:adf:e90a:0:b0:317:5b99:d3d7 with SMTP id f10-20020adfe90a000000b003175b99d3d7mr3016983wrm.34.1690911695308; Tue, 01 Aug 2023 10:41:35 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1690911695; cv=none; d=google.com; s=arc-20160816; b=pSsoFk45OpuVsPMB2A5TduZGGtqo+/1KIpwX1kMsHGwkP3a22/t++PC9DcI1ko2tPd Awq0paa0JDY6FTx4ARWD+FKmoXK3ekSpYQlcPnT8DFKzEmyD3e3NzzyQoF54JU+mqZDN DXH4hMZJ+GJGjU6yUOWUx9DQi3/UWJ2+Ax5JwcVBRNLahxPqMgRiunTBRM6oLp2PXwsG 7rUty4Si872yi2p499Vqt2olgIIvWdUy7sdL1w0JJk6t4Ozd71HXDm4M1Agfm8DCu8qT iwNYdTqKQtZ/QPFZsZ68i6HiR6CsrC1OZK5ln7pSjwi1AapBH0m4OKtckZZ+ZeLueDGB BdtA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:content-transfer-encoding :mime-version:references:in-reply-to:message-id:date:subject:cc:to :from; bh=ANHv8IahuW3jh+BRms4OhCLLYzmrZrHbagucWVTvsAc=; fh=pvWoYJ8DnC9IyTD46q2s71hlWpPSBdE/YYp0/eyIYcc=; b=XpobAY5fVRIOk9vq62o+QX31e1FImq8GrPbWaXk063vlYbjofzvZOVhBvqHS3yEhYO pNLV6Q8+yo5LbDe0BsAuMGDsndh+dEu6kGEYV9PtX6wz5M1SkGrfHGR/vxAWKSsoXgGq ElBgR8AdjerhZqXO5tCEpmMkox2EvFdpQ+G0lZDpbx650jbNuPXZf97HipyT+En8TZCN zJ2gKgUJqkGOrxrUY+47uDZkKR/fnhJGAGRHti8CUZOWCiSp/pnmoJU1lr8KrUqKsqd0 1o/+HMQOIcdgLH7Obi2np9RCrWDaJhfPlOQP07O768i9drI9PE3FQaaAjgdBAuV9fEhT GiQg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from phobos.denx.de (phobos.denx.de. [2a01:238:438b:c500:173d:9f52:ddab:ee01]) by mx.google.com with ESMTPS id f17-20020adff591000000b0031761aa1338si6000099wro.244.2023.08.01.10.41.34 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 01 Aug 2023 10:41:35 -0700 (PDT) Received-SPF: pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) client-ip=2a01:238:438b:c500:173d:9f52:ddab:ee01; Authentication-Results: mx.google.com; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 09F4986CBF; Tue, 1 Aug 2023 19:40:58 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=fail (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Received: by phobos.denx.de (Postfix, from userid 109) id 68B7786CBB; Tue, 1 Aug 2023 19:40:57 +0200 (CEST) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-1.2 required=5.0 tests=BAYES_00,SPF_HELO_NONE, SPF_SOFTFAIL,T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=3.4.2 Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by phobos.denx.de (Postfix) with ESMTP id D24FA86CB8 for ; Tue, 1 Aug 2023 19:40:54 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=fail (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=fail smtp.mailfrom=sughosh.ganu@linaro.org Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id F1AB9D75; Tue, 1 Aug 2023 10:41:37 -0700 (PDT) Received: from a076522.blr.arm.com (unknown [10.162.46.7]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id 67A2F3F59C; Tue, 1 Aug 2023 10:40:51 -0700 (PDT) From: Sughosh Ganu To: u-boot@lists.denx.de Cc: Heinrich Schuchardt , Ilias Apalodimas , Simon Glass , Takahiro Akashi , Malte Schmidt , Michal Simek , Tom Rini , Sughosh Ganu Subject: [PATCH v6 5/9] test: capsule: Add files needed for testing EFI capsule updates Date: Tue, 1 Aug 2023 23:10:14 +0530 Message-Id: <20230801174018.1342555-6-sughosh.ganu@linaro.org> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20230801174018.1342555-1-sughosh.ganu@linaro.org> References: <20230801174018.1342555-1-sughosh.ganu@linaro.org> MIME-Version: 1.0 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.39 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.8 at phobos.denx.de X-Virus-Status: Clean Add the files that would be needed for testing the EFI capsule update functionality. These include the keys needed for signing and authenticating the capsules with the capsule authentication functionality enabled. This includes the public key in form of the EFI Signature List(ESL) file which will be embedded in the platform's DTB. Signed-off-by: Sughosh Ganu --- Changes since V5: * Get rid of the logic of keeping the files under the /tmp/capsules/ directory from earlier versions. * New patch which introduces the input files and certs needed for EFI capsule update testing in the tree. * The capsule input files and certs are put under the test/py/tests/test_efi_capsule/test_files/ directory. .../test_efi_capsule/test_files/SIGNER.crt | 19 ++++++++++++ .../test_efi_capsule/test_files/SIGNER.esl | Bin 0 -> 829 bytes .../test_efi_capsule/test_files/SIGNER.key | 28 ++++++++++++++++++ .../test_efi_capsule/test_files/SIGNER2.crt | 19 ++++++++++++ .../test_efi_capsule/test_files/SIGNER2.key | 28 ++++++++++++++++++ .../test_files/u-boot.bin.new | 1 + .../test_files/u-boot.bin.old | 1 + .../test_files/u-boot.env.new | 1 + .../test_files/u-boot.env.old | 1 + 9 files changed, 98 insertions(+) create mode 100644 test/py/tests/test_efi_capsule/test_files/SIGNER.crt create mode 100644 test/py/tests/test_efi_capsule/test_files/SIGNER.esl create mode 100644 test/py/tests/test_efi_capsule/test_files/SIGNER.key create mode 100644 test/py/tests/test_efi_capsule/test_files/SIGNER2.crt create mode 100644 test/py/tests/test_efi_capsule/test_files/SIGNER2.key create mode 100644 test/py/tests/test_efi_capsule/test_files/u-boot.bin.new create mode 100644 test/py/tests/test_efi_capsule/test_files/u-boot.bin.old create mode 100644 test/py/tests/test_efi_capsule/test_files/u-boot.env.new create mode 100644 test/py/tests/test_efi_capsule/test_files/u-boot.env.old diff --git a/test/py/tests/test_efi_capsule/test_files/SIGNER.crt b/test/py/tests/test_efi_capsule/test_files/SIGNER.crt new file mode 100644 index 0000000000..722a4e2483 --- /dev/null +++ b/test/py/tests/test_efi_capsule/test_files/SIGNER.crt @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDDTCCAfWgAwIBAgIUGGjxXEUS+sBJaSOBz4u0MJRWdcowDQYJKoZIhvcNAQEL +BQAwFjEUMBIGA1UEAwwLVEVTVF9TSUdORVIwHhcNMjMwNzI3MDY1NjQzWhcNMzMw +NzI0MDY1NjQzWjAWMRQwEgYDVQQDDAtURVNUX1NJR05FUjCCASIwDQYJKoZIhvcN +AQEBBQADggEPADCCAQoCggEBAMUEYpFf8i/zLX6/4bhUAIrLWCxaLCqGscZ85DSU +SagMu+9DpCDrJSzgZQFj2+YSc4JSoBDs9u/JN+HNH+hK255Slzf8+Pl2YeRjTyCA +7k6u0s2nFpLJkMPBzqyrEYP+fNrGsTtIlvutef2MPs8WfgyzB5CSRx/K40PirQHE +Lt5HfLJ8WOvPAbdZ4z+PDm5LrZReewJOYHVKQepAY8z3Dsy3ZBnXGI/1ZYgMfTU0 +sBCfTtEBJb+ja+eKepw93IuxPLdN1ZXW1YUiBTs7h+BUAJr+Qjt/zvWl2ms1+sQf +dHtsMa+WmTLu0XHCGOEfgX/fdTWv1GaelMTxl9Lzqug/+8cCAwEAAaNTMFEwHQYD +VR0OBBYEFLH9hYGrnXfQ/CfAMaMAh64xJxTCMB8GA1UdIwQYMBaAFLH9hYGrnXfQ +/CfAMaMAh64xJxTCMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEB +ACSmt+2O8mNT5K232P2BOPt3r2v3M+HZFsjb54s+wSiY5tS1KBFJbMehGKhwNZRz +uEIp1RJnsh9Kg8Cnzh2Hpgwnycx2sipbTXN0Frz8QuC3zbAqhrcalaKFOuSXbY6O +mBBJDJENj+d57yzHxT3XvSmAu62UMf2hwJqIqQfA7+wrV2VGEbrY4O9KY6O4Mj2f +vS9WjN3840xQCqsohwbU9u9GpHYb6eFQ+jiit/yqYVlJCSDN812Fv1TYOPzLqG8L +VCCqqpPRJX0E13kPAafoNK5UA2OKglgosvufWzwJ3Mn0Al8BQnv5rRnBoTxJLDef +n+uX7jeUW6LfIH5s8cMrA2Y= +-----END CERTIFICATE----- diff --git a/test/py/tests/test_efi_capsule/test_files/SIGNER.esl b/test/py/tests/test_efi_capsule/test_files/SIGNER.esl new file mode 100644 index 0000000000000000000000000000000000000000..3d584cd44a22e0b9c5414f54a3a5bc24504f0a71 GIT binary patch literal 829 zcmZ1&d0^?2Da*aux2_hA(f&|m%gg`ZcJn3lsqe}#s3e(NrsT`o51o;%XmcZo_o!vnuyou8MjA1w(sZ5^Ikh8uA0d& zq14Oql|%BG?|f&rr$}Cx=>MA9!BcB$vO!?J-$h2%{fo1ocU8@?z0V^I9<4nwq42+9|4FU~hfuSzT$0Eievhih`*nu$%40c8am1W!C_I*kYezJD^jlYc+zsuKW ze>Z-3Q|!d;=iPP(HD)}!vQ%G+4f~T>L<^X zZPJSNEiMt;^T+AI_Olzb+O|tgUDRszWO{C2-wXjyo{7Bu&nw^S96xG%eXnN2?zK}4 z|1LZ*t79emf%k8;!&BV^cinjK-Ya?W4kO$7d-cP5?*4h~6Tr1vqn+)_xA$&K%A{XD z4ESZSX#1a4iIJY13THpZw(bwPVe#kmihS-6g;lF2UsSDSxn9Z7xcr65x)A2%uBHf$ wO~21F`GqN-(W(09TFHY8Z9H|%=g)sV{hj%g=tcJx>T*6F)@Duv0DX*DtN;K2 literal 0 HcmV?d00001 diff --git a/test/py/tests/test_efi_capsule/test_files/SIGNER.key b/test/py/tests/test_efi_capsule/test_files/SIGNER.key new file mode 100644 index 0000000000..e124cd35f0 --- /dev/null +++ b/test/py/tests/test_efi_capsule/test_files/SIGNER.key @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDFBGKRX/Iv8y1+ +v+G4VACKy1gsWiwqhrHGfOQ0lEmoDLvvQ6Qg6yUs4GUBY9vmEnOCUqAQ7PbvyTfh +zR/oStueUpc3/Pj5dmHkY08ggO5OrtLNpxaSyZDDwc6sqxGD/nzaxrE7SJb7rXn9 +jD7PFn4MsweQkkcfyuND4q0BxC7eR3yyfFjrzwG3WeM/jw5uS62UXnsCTmB1SkHq +QGPM9w7Mt2QZ1xiP9WWIDH01NLAQn07RASW/o2vninqcPdyLsTy3TdWV1tWFIgU7 +O4fgVACa/kI7f871pdprNfrEH3R7bDGvlpky7tFxwhjhH4F/33U1r9RmnpTE8ZfS +86roP/vHAgMBAAECggEAMvsIAIM52cOM1bwUTgzamQ+2UL/Cpvx0ux5tNNfcWXJ2 +HRs9ONFwLLUiHeJ3sAi9QA9eYRLYcUL5xWG9bHAWdVj8zV2WFYNXIHC8NHZ4c/7U +CKhAdJpY7fbUIqUfoq6zIy+ABA2sGBMTOpNUW2UAGAwpnHTll6n59gKNbyQTVqvn +swoHqutRaveshZeiCvOTEjoMUaBkMG5FWmsOI8qRrzJZx+K6A4hJxMQOnNN75wa/ +RtTf91Howw9/mxDzHjT42LTfWKPrJ0H3zoIG+4cgS7cRftNKi8L5OZnw6LvyJb6l +wHJWPFklCDTQMq/NNMldgqtN5JuRDyUi8a24LcKI9QKBgQDiKkTr2wrzMXIEud14 +7x/0OY8fOwstKdkaeZ9VxsQg7AurVheEbjNYZXiragakg2vk5AWFJrwyv1RTlBnT +IvvFIIshNiy3Oz6WJBG4WOwsGVrr47T2T3atiB/N8NBfb2jwHahMzjXZIvCA+FaE +XJ9xfqH3uNAEamdI7Li7fFs8iwKBgQDfAcVeF2KxLLYoyfgWFoabchXx+FumjYgO +tdv46kyKFWofss+W0KMIXx8KjDETbm0RL0IY1NW9wghTuLi581ie0eMTkwnlXDSG +5Y+6sEKo3+9qkp+ZX/V62PhSwCt3O959nJZJsjICRfW73/Blz01LUiRxuEithdq2 +xoTvt1S5NQKBgH2kbdV5QoQIHAd0Gg1tCptqvo/jBTp53RpQJqxIV/zSJUlx8m6n +qe6ZsIfJxxbty6rE4iwucK7gi8BCrnYVITlJ8wDoT78bMpHGR/HZtJprG4+gWI/d +ZVjSHpkSBzB9fBao4y6IAHI4btO3Ipk1u34Zk3FDQoyxb9+bYqUFWMoxAoGBAJd0 +H3PYlAlaIViwWlG9+KtHnwnXr3787iN3dS6nCVZaVtmyWfPGPIMp/u3t6kKVI3Oh +UdWFbqhSR898S9DWKSCr0PlxSi5AIdhfve5/WLZSZ8pMTCIhHpnRE004AA0ZVvCe +UR8562bJ1qtC2oR6drcp0WB+VLWsi67IQm5/ZwXlAoGBAM09vlTKsVeKpMGly34m +GkzapC921p7SHddAALhTt3vfUFnVkIYrmyWCtHmuTTQljm5ZQlS/YE4664j5VaJb +7yeQKFhPi9B848+WVdnEJspmz11BZorS0TMhYn3/eArXKalLMhhRq0HqWJjc+8vu +M1o40Gn1NdsvzQgiwi0JwAwS +-----END PRIVATE KEY----- diff --git a/test/py/tests/test_efi_capsule/test_files/SIGNER2.crt b/test/py/tests/test_efi_capsule/test_files/SIGNER2.crt new file mode 100644 index 0000000000..25da91a873 --- /dev/null +++ b/test/py/tests/test_efi_capsule/test_files/SIGNER2.crt @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDDTCCAfWgAwIBAgIUA+466jn5wSD1ufVxtNZUYbC2eyUwDQYJKoZIhvcNAQEL +BQAwFjEUMBIGA1UEAwwLVEVTVF9TSUdORVIwHhcNMjMwNzI3MDY1NjU5WhcNMzMw +NzI0MDY1NjU5WjAWMRQwEgYDVQQDDAtURVNUX1NJR05FUjCCASIwDQYJKoZIhvcN +AQEBBQADggEPADCCAQoCggEBAJvgRltjaxviomhFdY2V0hrLw9MxsxvuCGhEW7H0 +Xh7wg/7qufBVO7hY/f0H3+Q1TEKRH2/j6sio2l+2CC+Pf4e4KxWJl1pLe3RgjtMB +zfuRkEqoF4rQyYRBL47P8fqSCvSdap+olj2O7K0iiYgrsJjLeq7zpOFRTu3Mxy6a +ePw3by8OqLVLlkpEXuC2nZIpUCvaBtp2hi0qbbnaPOnEn4HH9d7l8C9NvIGd7IXf +knW0+NJna7aMgjfI+Em+ZIfHed+s2mXgG5dzgMK+iPWjuePFGTRhXsJAG1jw4lVn +haYJ0LgGdwSSoxx/cES/kGzRKik0zFACT9ke1u+jLQC17KMCAwEAAaNTMFEwHQYD +VR0OBBYEFK8pSvdztiocjuXQ6M37rgtQQjTfMB8GA1UdIwQYMBaAFK8pSvdztioc +juXQ6M37rgtQQjTfMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEB +ABWO4IiahT5yukHgOwHIr7yj0OeBuH8dVlM8KCWUk1Vr6+vJNkHClvWbsiLuT7ns +o1M27aCeagHWdtB1OmtaHKiFz+UpxIeVV1Ti6+1oshqg71xVCr6BY8+PzZiEj0r7 +auC1PEr4UtizmVAAyodf8lUaHGmU6zLzcCr9RtPhr9/5gq86V0IsXNn3p74CVf3k +E8++FpNNBm43tmsWWKV4n4GyJHPNm1W/8P6HnFx4RKHuyNyUngA5axUFX/CvJ4jC +RmE4Rxb2lncOumXx0/N4iC9SpfL78IcVxOyIpErnx3GLSvsEt5+TfLnLd9Y4IiOV +mFrCCJRGrqGwmlZoDwKf2ZA= +-----END CERTIFICATE----- diff --git a/test/py/tests/test_efi_capsule/test_files/SIGNER2.key b/test/py/tests/test_efi_capsule/test_files/SIGNER2.key new file mode 100644 index 0000000000..73b7d7d26f --- /dev/null +++ b/test/py/tests/test_efi_capsule/test_files/SIGNER2.key @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQCb4EZbY2sb4qJo +RXWNldIay8PTMbMb7ghoRFux9F4e8IP+6rnwVTu4WP39B9/kNUxCkR9v4+rIqNpf +tggvj3+HuCsViZdaS3t0YI7TAc37kZBKqBeK0MmEQS+Oz/H6kgr0nWqfqJY9juyt +IomIK7CYy3qu86ThUU7tzMcumnj8N28vDqi1S5ZKRF7gtp2SKVAr2gbadoYtKm25 +2jzpxJ+Bx/Xe5fAvTbyBneyF35J1tPjSZ2u2jII3yPhJvmSHx3nfrNpl4BuXc4DC +voj1o7njxRk0YV7CQBtY8OJVZ4WmCdC4BncEkqMcf3BEv5Bs0SopNMxQAk/ZHtbv +oy0AteyjAgMBAAECggEAA2Rypr63qbz/2gzk8MAzErIFLYP8r2qgFGpxPaK69HZs +kPz/ySfs64ER6gW+JpCblV+xYCiE+nmX4xLEA9deKBCAhr2RvzChKH7veZuMJZT2 +uUE5d4pxHRrXRtOzIvs2fmz5avpRM4uR20TDDhhRUn0r/g6MZvqNIRmRt8U7eKKD +524QheUKxgnz6GjWbAowHpi5XCnpl8nw4AjjOoxnquGkxgjSGo3BgRBWin4Uj051 +UVpQejTN05QKacoNpvC+hrsAcU1N75Lm1vPlkbK2EIk/flcm//WiK4TvKtNmHnxl +L9ZL/LNSwX/9Hczox+b5Z+JR7I/l8/jA+TVOO4KUXQKBgQDU2u02wiszmh9dkgB7 +tUTmPmOOmKbuHslv5KBT3zVtJKjVkJHzKKkQqnQ2NcWUYz2QhZrPz26UblDigy3e +Gf93GXJHJCgfLwNzrJrGE4zttBX4qmST1huueerTVuncVsTJhHhOiw8yV3RKNslc +PGHqTlpCw0lpA5hYXQxxerx/bwKBgQC7eLKMrrHq/iBP6S+1w0u7nTmYmj+QkkbP +o0Oghc5Roe8s/+BEbgi5VZEhemcEqV/fXl13WxqMdIrg8p3DgkLf4wyT9L82Yrkr +yWKc9XWEy+NQ7isAv3r3w/TdxLh4fgp8IVvBF3DV8QJsN6I1Q5f9vW5uilTDm0Ng +cZ7/3lnMDQKBgQCN8PwU8wCKJbHa3PzTgfrTKzGKqsNOsVsU8bn0lDl1cefgmsqp +AylSwshCSjNak58/W8jz4VjVRIdNtbqFjIKuMlrhk/vpZ5l+rtB7XBgzf07ThxUQ +/Mty2zw7+I5076vE0kDD57mXkXgr8ULv7hhBfkR0lvPCQrJ54nrkxbsjowKBgQC5 +g84Eg1dS+NlW2qW406Lc7NAzH+jpEqd6D9D7R44MoBeDy03NyaleZbtxiqPpLAbQ +jpwlYYUbGrTXt57A+uVckl0/CMIzemxNVUL9mbUKjYzL6HOrkNCJ4GMvFd2Kdwe/ +IG+g26ZwP8gq+L7OwK3mjY97We5ZhwqcpLM39nub/QKBgQCTYW0YizRU8cNnC1Qv ++5SpSNjS04OLjKto1hOPzHnJMj5A2lp9ZObzjrMbyAxbzQMcwUe/V4PKiaNwypPE +uLWkoH9QrS9qV4b5qbtCn3PAyJODscFkn+VFxgGizZvd48Ze5V2U4JwS13QMYMCe +VHiogc9HvLI5XzE/YAfE4C7hKA== +-----END PRIVATE KEY----- diff --git a/test/py/tests/test_efi_capsule/test_files/u-boot.bin.new b/test/py/tests/test_efi_capsule/test_files/u-boot.bin.new new file mode 100644 index 0000000000..798bfcb5e9 --- /dev/null +++ b/test/py/tests/test_efi_capsule/test_files/u-boot.bin.new @@ -0,0 +1 @@ +u-boot:New \ No newline at end of file diff --git a/test/py/tests/test_efi_capsule/test_files/u-boot.bin.old b/test/py/tests/test_efi_capsule/test_files/u-boot.bin.old new file mode 100644 index 0000000000..cd6427b0f7 --- /dev/null +++ b/test/py/tests/test_efi_capsule/test_files/u-boot.bin.old @@ -0,0 +1 @@ +u-boot:Old \ No newline at end of file diff --git a/test/py/tests/test_efi_capsule/test_files/u-boot.env.new b/test/py/tests/test_efi_capsule/test_files/u-boot.env.new new file mode 100644 index 0000000000..b2c4bd4cee --- /dev/null +++ b/test/py/tests/test_efi_capsule/test_files/u-boot.env.new @@ -0,0 +1 @@ +u-boot-env:New \ No newline at end of file diff --git a/test/py/tests/test_efi_capsule/test_files/u-boot.env.old b/test/py/tests/test_efi_capsule/test_files/u-boot.env.old new file mode 100644 index 0000000000..04ad4c0ad4 --- /dev/null +++ b/test/py/tests/test_efi_capsule/test_files/u-boot.env.old @@ -0,0 +1 @@ +u-boot-env:Old \ No newline at end of file From patchwork Tue Aug 1 17:40:15 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sughosh Ganu X-Patchwork-Id: 708743 Delivered-To: patch@linaro.org Received: by 2002:a5d:55c5:0:b0:317:2194:b2bc with SMTP id i5csp473162wrw; Tue, 1 Aug 2023 10:41:47 -0700 (PDT) X-Google-Smtp-Source: APBJJlFd/uil7EZRmcegVDD5akmB8I+8pgIrpbzDD3yj6GoEdpGdTRU+tcCttOQXNySkN9F1p12q X-Received: by 2002:adf:f7cd:0:b0:313:f7a1:3d92 with SMTP id a13-20020adff7cd000000b00313f7a13d92mr2927082wrq.66.1690911707027; Tue, 01 Aug 2023 10:41:47 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1690911707; cv=none; d=google.com; s=arc-20160816; b=Lk3CwqI22Kz/fGOV2bvoEZmGPdhrf0t0BE/5V6Bu1sqk/eUfjkznVy/NgM6w6mgiUz gedVsP09XCPiL0mCq5o5sEkDh2U1N1gm3fT1V57fAYwgZcZpdKL8ghEIOB0+ENG5wlmo g5NDtL/V/erFXUhKYh2ItDXN+yXna/kL+O7DwXCXFJFtMcxZngQ69ivaN09Fgm8HdZxL ivKxd/U1xx8xOFNEAEeQIywYj/46LuQcOY8MIxHc+p4RwL38be2Nxd+hilIuOETibqGm fiIymbpzXCTd5JRhpxWpMYyL59/QcB3XpkScqaQB6TCXQ5Tyq8m0uN0y8H2F602wbFAP ga1A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:content-transfer-encoding :mime-version:references:in-reply-to:message-id:date:subject:cc:to :from; bh=n6KdIL2BC1y02aEjnF6d2OyxyIQCCvs/hhBqnA+fRy0=; fh=pvWoYJ8DnC9IyTD46q2s71hlWpPSBdE/YYp0/eyIYcc=; b=eP+E+cakglRZl9Lld4PrhlepC14mIdcQjzYqTzEAqLRizVoIaV7OUdPBy+fQ3sa5p/ 64shUHhU78LSbQ9lt2BFAZy1opeYoFor4+ZbFqfP+fn7jT3PjxZ//jCKQx85tjtfGUDN HBrjmcVVYdnLdBO37qm9oSI79e0lSuCJVq+ECgu2tiwi4vU5DEjMmIGpvH62yZaz30BD AlW6sN4asITONqOWzQ9i205wH/FYtANRWkJihmfF2RuCiaAAi4ekJ89hpe3zHpdh4NXp 1Oa2klPGMSDfGE2P9+44x/oPH/jy9YnSWUmiReFDDV39ZIDbAcyfxgfg9xK1f5xXrBZt Jqyg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 85.214.62.61 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from phobos.denx.de (phobos.denx.de. [85.214.62.61]) by mx.google.com with ESMTPS id f2-20020a7bc8c2000000b003fe13fe4e73si4694061wml.201.2023.08.01.10.41.46 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 01 Aug 2023 10:41:46 -0700 (PDT) Received-SPF: pass (google.com: domain of u-boot-bounces@lists.denx.de designates 85.214.62.61 as permitted sender) client-ip=85.214.62.61; Authentication-Results: mx.google.com; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 85.214.62.61 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id AE55886CBD; Tue, 1 Aug 2023 19:41:03 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=fail (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Received: by phobos.denx.de (Postfix, from userid 109) id 5946C86C96; Tue, 1 Aug 2023 19:41:02 +0200 (CEST) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-1.2 required=5.0 tests=BAYES_00,SPF_HELO_NONE, SPF_SOFTFAIL,T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=3.4.2 Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by phobos.denx.de (Postfix) with ESMTP id 611A086C9A for ; Tue, 1 Aug 2023 19:40:58 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=fail (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=fail smtp.mailfrom=sughosh.ganu@linaro.org Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 67D36D75; Tue, 1 Aug 2023 10:41:41 -0700 (PDT) Received: from a076522.blr.arm.com (unknown [10.162.46.7]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id D173B3F59C; Tue, 1 Aug 2023 10:40:54 -0700 (PDT) From: Sughosh Ganu To: u-boot@lists.denx.de Cc: Heinrich Schuchardt , Ilias Apalodimas , Simon Glass , Takahiro Akashi , Malte Schmidt , Michal Simek , Tom Rini , Sughosh Ganu Subject: [PATCH v6 6/9] binman: capsule: Add support for generating EFI capsules Date: Tue, 1 Aug 2023 23:10:15 +0530 Message-Id: <20230801174018.1342555-7-sughosh.ganu@linaro.org> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20230801174018.1342555-1-sughosh.ganu@linaro.org> References: <20230801174018.1342555-1-sughosh.ganu@linaro.org> MIME-Version: 1.0 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.39 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.8 at phobos.denx.de X-Virus-Status: Clean Add support in binman for generating EFI capsules. The capsule parameters can be specified through the capsule binman entry. Also add test cases in binman for testing capsule generation. Signed-off-by: Sughosh Ganu --- Changes since V5: * Add support for the oemflag parameter used in FWU A/B updates. This was missed in the earlier version. * Use a single function, generate_capsule in the mkeficapsule bintool, instead of the multiple functions in earlier version. * Remove the logic for generating capsules from config file as suggested by Simon. * Use required_props for image index and GUID parameters. * Use a subnode for the capsule payload instead of using a filename for the payload, as suggested by Simon. * Add a capsule generation test with oemflag parameter being passed. configs/sandbox_spl_defconfig | 1 + tools/binman/btool/mkeficapsule.py | 101 +++++++++++ tools/binman/entries.rst | 64 +++++++ tools/binman/etype/efi_capsule.py | 160 ++++++++++++++++++ tools/binman/ftest.py | 122 +++++++++++++ tools/binman/test/307_capsule.dts | 21 +++ tools/binman/test/308_capsule_signed.dts | 23 +++ tools/binman/test/309_capsule_version.dts | 22 +++ tools/binman/test/310_capsule_signed_ver.dts | 24 +++ tools/binman/test/311_capsule_oemflags.dts | 22 +++ tools/binman/test/312_capsule_missing_key.dts | 22 +++ .../binman/test/313_capsule_missing_index.dts | 20 +++ .../binman/test/314_capsule_missing_guid.dts | 19 +++ .../test/315_capsule_missing_payload.dts | 17 ++ 14 files changed, 638 insertions(+) create mode 100644 tools/binman/btool/mkeficapsule.py create mode 100644 tools/binman/etype/efi_capsule.py create mode 100644 tools/binman/test/307_capsule.dts create mode 100644 tools/binman/test/308_capsule_signed.dts create mode 100644 tools/binman/test/309_capsule_version.dts create mode 100644 tools/binman/test/310_capsule_signed_ver.dts create mode 100644 tools/binman/test/311_capsule_oemflags.dts create mode 100644 tools/binman/test/312_capsule_missing_key.dts create mode 100644 tools/binman/test/313_capsule_missing_index.dts create mode 100644 tools/binman/test/314_capsule_missing_guid.dts create mode 100644 tools/binman/test/315_capsule_missing_payload.dts diff --git a/configs/sandbox_spl_defconfig b/configs/sandbox_spl_defconfig index 8d50162b27..65223475ab 100644 --- a/configs/sandbox_spl_defconfig +++ b/configs/sandbox_spl_defconfig @@ -249,3 +249,4 @@ CONFIG_UNIT_TEST=y CONFIG_SPL_UNIT_TEST=y CONFIG_UT_TIME=y CONFIG_UT_DM=y +CONFIG_TOOLS_MKEFICAPSULE=y diff --git a/tools/binman/btool/mkeficapsule.py b/tools/binman/btool/mkeficapsule.py new file mode 100644 index 0000000000..da1d5de873 --- /dev/null +++ b/tools/binman/btool/mkeficapsule.py @@ -0,0 +1,101 @@ +# SPDX-License-Identifier: GPL-2.0+ +# Copyright 2023 Linaro Limited +# +"""Bintool implementation for mkeficapsule tool + +mkeficapsule is a tool used for generating EFI capsules. + +The following are the command-line options to be provided +to the tool +Usage: mkeficapsule [options] +Options: + -g, --guid guid for image blob type + -i, --index update image index + -I, --instance update hardware instance + -v, --fw-version firmware version + -p, --private-key private key file + -c, --certificate signer's certificate file + -m, --monotonic-count monotonic count + -d, --dump_sig dump signature (*.p7) + -A, --fw-accept firmware accept capsule, requires GUID, no image blob + -R, --fw-revert firmware revert capsule, takes no GUID, no image blob + -o, --capoemflag Capsule OEM Flag, an integer between 0x0000 and 0xffff + -h, --help print a help message +""" + +from binman import bintool + +class Bintoolmkeficapsule(bintool.Bintool): + """Handles the 'mkeficapsule' tool + + This bintool is used for generating the EFI capsules. The + capsule generation parameters can either be specified through + command-line, or through a config file. + """ + def __init__(self, name): + super().__init__(name, 'mkeficapsule tool for generating capsules') + + def generate_capsule(self, image_index, image_guid, hardware_instance, + payload, output_fname, priv_key, pub_key, + monotonic_count=0, version=0, oemflags=0): + """Generate a capsule through commandline provided parameters + + Args: + image_index (int): Unique number for identifying payload image + image_guid (str): GUID used for identifying the image + hardware_instance (int): Optional unique hardware instance of + a device in the system. 0 if not being used + payload (str): Path to the input payload image + output_fname (str): Path to the output capsule file + priv_key (str): Path to the private key + pub_key(str): Path to the public key + monotonic_count (int): Count used when signing an image + version (int): Image version (Optional) + oemflags (int): Optional 16 bit OEM flags + + Returns: + str: Tool output + """ + args = [ + f'--index={image_index}', + f'--guid={image_guid}', + f'--instance={hardware_instance}' + ] + + if version: + args += [f'--fw-version={version}'] + if oemflags: + args += [f'--capoemflag={oemflags}'] + if priv_key and pub_key: + args += [ + f'--monotonic-count={monotonic_count}', + f'--private-key={priv_key}', + f'--certificate={pub_key}' + ] + + args += [ + payload, + output_fname + ] + + return self.run_cmd(*args) + + def fetch(self, method): + """Fetch handler for mkeficapsule + + This builds the tool from source + + Returns: + tuple: + str: Filename of fetched file to copy to a suitable directory + str: Name of temp directory to remove, or None + """ + if method != bintool.FETCH_BUILD: + return None + + cmd = ['tools-only_defconfig', 'tools'] + result = self.build_from_git( + 'https://source.denx.de/u-boot/u-boot.git', + cmd, + 'tools/mkeficapsule') + return result diff --git a/tools/binman/entries.rst b/tools/binman/entries.rst index f2376932be..cfe699361c 100644 --- a/tools/binman/entries.rst +++ b/tools/binman/entries.rst @@ -468,6 +468,70 @@ updating the EC on startup via software sync. +.. _etype_efi_capsule: + +Entry: capsule: Entry for generating EFI Capsule files +------------------------------------------------------ + +This is an entry for generating EFI capsules. + + This is an entry for generating EFI capsules. + + The parameters needed for generation of the capsules can + either be provided as properties in the entry. + +Properties / Entry arguments: + - image-index: Unique number for identifying corresponding + payload image. Number between 1 and descriptor count, i.e. + the total number of firmware images that can be updated. + - image-type-id: Image GUID which will be used for identifying the + updatable image on the board. + - hardware-instance: Optional number for identifying unique + hardware instance of a device in the system. Default value of 0 + for images where value is not to be used. + - fw-version: Optional value of image version that can be put on + the capsule through the Firmware Management Protocol(FMP) header. + - monotonic-count: Count used when signing an image. + - private-key: Path to PEM formatted .key private key file. + - pub-key-cert: Path to PEM formatted .crt public key certificate + file. + - capoemflags - Optional OEM flags to be passed through capsule header. + - filename: Optional path to the output capsule file. A capsule is a + continuous set of data as defined by the EFI specification. Refer + to the specification for more details. + + For more details on the description of the capsule format, and the capsule + update functionality, refer Section 8.5 and Chapter 23 in the UEFI + specification. + https://uefi.org/sites/default/files/resources/UEFI_Spec_2_10_Aug29.pdf + + The capsule parameters like image index and image GUID are passed as + properties in the entry. The payload to be used in the capsule is to be + provided as a subnode of the capsule entry. + +A typical capsule entry node would then look something like this:: + + capsule { + type = "efi-capsule"; + image-index = <0x1>; + /* Image GUID for testing capsule update */ + image-type-id = "09D7CF52-0720-4710-91D1-08469B7FE9C8"; + hardware-instance = <0x0>; + private-key = "tools/binman/test/key.key"; + pub-key-cert = "tools/binman/test/key.pem"; + filename = "test.capsule"; + + u-boot { + }; + }; + +In the above example, the capsule payload is the u-boot image. The +capsule entry would read the contents of the payload and put them +into the capsule. Any external file can also be specified as the +payload using the blob-ext subnode. + + + .. _etype_encrypted: Entry: encrypted: Externally built encrypted binary blob diff --git a/tools/binman/etype/efi_capsule.py b/tools/binman/etype/efi_capsule.py new file mode 100644 index 0000000000..b8a269e247 --- /dev/null +++ b/tools/binman/etype/efi_capsule.py @@ -0,0 +1,160 @@ +# SPDX-License-Identifier: GPL-2.0+ +# Copyright (c) 2023 Linaro Limited +# +# Entry-type module for producing a EFI capsule +# + +from collections import OrderedDict +import os + +from binman.entry import Entry +from binman.etype.section import Entry_section +from dtoc import fdt_util +from u_boot_pylib import tools + +class Entry_efi_capsule(Entry_section): + """Entry for generating EFI capsules + + This is an entry for generating EFI capsules. + + The parameters needed for generation of the capsules can + either be provided as properties in the entry. + + Properties / Entry arguments: + - image-index: Unique number for identifying corresponding + payload image. Number between 1 and descriptor count, i.e. + the total number of firmware images that can be updated. + - image-type-id: Image GUID which will be used for identifying the + updatable image on the board. + - hardware-instance: Optional number for identifying unique + hardware instance of a device in the system. Default value of 0 + for images where value is not to be used. + - fw-version: Optional value of image version that can be put on + the capsule through the Firmware Management Protocol(FMP) header. + - monotonic-count: Count used when signing an image. + - private-key: Path to PEM formatted .key private key file. + - pub-key-cert: Path to PEM formatted .crt public key certificate + file. + - capoemflags - Optional OEM flags to be passed through capsule header. + - filename: Optional path to the output capsule file. A capsule is a + continuous set of data as defined by the EFI specification. Refer + to the specification for more details. + + For more details on the description of the capsule format, and the capsule + update functionality, refer Section 8.5 and Chapter 23 in the UEFI + specification. + https://uefi.org/sites/default/files/resources/UEFI_Spec_2_10_Aug29.pdf + + The capsule parameters like image index and image GUID are passed as + properties in the entry. The payload to be used in the capsule is to be + provided as a subnode of the capsule entry. + + A typical capsule entry node would then look something like this + + capsule { + type = "efi-capsule"; + image-index = <0x1>; + /* Image GUID for testing capsule update */ + image-type-id = "09D7CF52-0720-4710-91D1-08469B7FE9C8"; + hardware-instance = <0x0>; + private-key = "tools/binman/test/key.key"; + pub-key-cert = "tools/binman/test/key.pem"; + capoemflags = <0x8000>; + + u-boot { + }; + }; + + In the above example, the capsule payload is the u-boot image. The + capsule entry would read the contents of the payload and put them + into the capsule. Any external file can also be specified as the + payload using the blob-ext subnode. + """ + def __init__(self, section, etype, node): + super().__init__(section, etype, node) + self.required_props = ['image-index', 'image-type-id'] + self.image_index = 0 + self.image_guid = '' + self.hardware_instance = 0 + self.monotonic_count = 0 + self.fw_version = 0 + self.capoemflags = 0 + self.private_key = '' + self.pub_key_cert = '' + self.auth = 0 + self.capsule_fname = '' + self._entries = OrderedDict() + + def ReadNode(self): + self.ReadEntries() + super().ReadNode() + + self.image_index = fdt_util.GetInt(self._node, 'image-index') + self.image_guid = fdt_util.GetString(self._node, 'image-type-id') + self.fw_version = fdt_util.GetInt(self._node, 'fw-version') + self.hardware_instance = fdt_util.GetInt(self._node, 'hardware-instance') + self.monotonic_count = fdt_util.GetInt(self._node, 'monotonic-count') + self.capoemflags = fdt_util.GetInt(self._node, 'capoemflags') + + self.private_key = fdt_util.GetString(self._node, 'private-key') + self.pub_key_cert = fdt_util.GetString(self._node, 'pub-key-cert') + if ((self.private_key and not self.pub_key_cert) or (self.pub_key_cert and not self.private_key)): + self.Raise('Both private key and public key certificate need to be provided') + elif not (self.private_key and self.pub_key_cert): + self.auth = 0 + else: + self.auth = 1 + + def ReadEntries(self): + """Read the subnode to get the payload for this capsule""" + # We can have a single payload per capsule + if len(self._node.subnodes) != 1: + self.Raise('The capsule entry expects a single subnode for payload') + + for node in self._node.subnodes: + entry = Entry.Create(self, node) + entry.ReadNode() + self._entries[entry.name] = entry + + def _GenCapsule(self): + return self.mkeficapsule.generate_capsule(self.image_index, + self.image_guid, + self.hardware_instance, + self.payload, + self.capsule_fname, + self.private_key, + self.pub_key_cert, + self.monotonic_count, + self.fw_version, + self.capoemflags) + + def BuildSectionData(self, required): + if self.auth: + if not os.path.isabs(self.private_key): + self.private_key = tools.get_input_filename(self.private_key) + if not os.path.isabs(self.pub_key_cert): + self.pub_key_cert = tools.get_input_filename(self.pub_key_cert) + data, self.payload, _ = self.collect_contents_to_file( + self._entries.values(), 'capsule_payload') + outfile = self._filename if self._filename else self._node.name + self.capsule_fname = tools.get_output_filename(outfile) + if self._GenCapsule() is not None: + os.remove(self.payload) + return tools.read_file(self.capsule_fname) + + def ProcessContents(self): + ok = super().ProcessContents() + data = self.BuildSectionData(True) + ok2 = self.ProcessContentsUpdate(data) + return ok and ok2 + + def SetImagePos(self, image_pos): + upto = 0 + for entry in self.GetEntries().values(): + entry.SetOffsetSize(upto, None) + upto += entry.size + + super().SetImagePos(image_pos) + + def AddBintools(self, btools): + self.mkeficapsule = self.AddBintool(btools, 'mkeficapsule') diff --git a/tools/binman/ftest.py b/tools/binman/ftest.py index 1cfa349d38..7e7926b607 100644 --- a/tools/binman/ftest.py +++ b/tools/binman/ftest.py @@ -48,6 +48,7 @@ U_BOOT_VPL_DATA = b'vpl76543210fedcbazywxyz_' BLOB_DATA = b'89' ME_DATA = b'0abcd' VGA_DATA = b'vga' +EFI_CAPSULE_DATA = b'efi' U_BOOT_DTB_DATA = b'udtb' U_BOOT_SPL_DTB_DATA = b'spldtb' U_BOOT_TPL_DTB_DATA = b'tpldtb' @@ -119,6 +120,11 @@ COMP_BINTOOLS = ['bzip2', 'gzip', 'lz4', 'lzma_alone', 'lzop', 'xz', 'zstd'] TEE_ADDR = 0x5678 +# Firmware Management Protocol(FMP) GUID +FW_MGMT_GUID = 'edd5cb6d2de8444cbda17194199ad92a' +# Image GUID specified in the DTS +CAPSULE_IMAGE_GUID = '52cfd7092007104791d108469b7fe9c8' + class TestFunctional(unittest.TestCase): """Functional tests for binman @@ -215,6 +221,7 @@ class TestFunctional(unittest.TestCase): TestFunctional._MakeInputFile('scp.bin', SCP_DATA) TestFunctional._MakeInputFile('rockchip-tpl.bin', ROCKCHIP_TPL_DATA) TestFunctional._MakeInputFile('ti_unsecure.bin', TI_UNSECURE_DATA) + TestFunctional._MakeInputFile('efi_capsule_payload.bin', EFI_CAPSULE_DATA) # Add a few .dtb files for testing TestFunctional._MakeInputFile('%s/test-fdt1.dtb' % TEST_FDT_SUBDIR, @@ -7087,5 +7094,120 @@ fdt fdtmap Extract the devicetree blob from the fdtmap self.assertEqual(fdt_util.GetString(key_node, "key-name-hint"), "key") + def _CheckCapsule(self, data, signed_capsule=False, version_check=False, + capoemflags=False): + fmp_signature = "4d535331" # 'M', 'S', 'S', '1' + fmp_size = "10" + fmp_fw_version = "02" + oemflag = "0080" + + payload_data = EFI_CAPSULE_DATA + + # Firmware Management Protocol(FMP) GUID - offset(0 - 32) + self.assertEqual(FW_MGMT_GUID, data.hex()[:32]) + # Image GUID - offset(96 - 128) + self.assertEqual(CAPSULE_IMAGE_GUID, data.hex()[96:128]) + + if capoemflags: + # OEM Flags - offset(40 - 44) + self.assertEqual(oemflag, data.hex()[40:44]) + if signed_capsule and version_check: + # FMP header signature - offset(4770 - 4778) + self.assertEqual(fmp_signature, data.hex()[4770:4778]) + # FMP header size - offset(4778 - 4780) + self.assertEqual(fmp_size, data.hex()[4778:4780]) + # firmware version - offset(4786 - 4788) + self.assertEqual(fmp_fw_version, data.hex()[4786:4788]) + # payload offset signed capsule(4802 - 4808) + self.assertEqual(payload_data.hex(), data.hex()[4802:4808]) + elif signed_capsule: + # payload offset signed capsule(4770 - 4776) + self.assertEqual(payload_data.hex(), data.hex()[4770:4776]) + elif version_check: + # FMP header signature - offset(184 - 192) + self.assertEqual(fmp_signature, data.hex()[184:192]) + # FMP header size - offset(192 - 194) + self.assertEqual(fmp_size, data.hex()[192:194]) + # firmware version - offset(200 - 202) + self.assertEqual(fmp_fw_version, data.hex()[200:202]) + # payload offset for non-signed capsule with version header(216 - 222) + self.assertEqual(payload_data.hex(), data.hex()[216:222]) + else: + # payload offset for non-signed capsule with no version header(184 - 190) + self.assertEqual(payload_data.hex(), data.hex()[184:190]) + + def testCapsuleGen(self): + """Test generation of EFI capsule""" + data = self._DoReadFile('307_capsule.dts') + + self._CheckCapsule(data) + + def testSignedCapsuleGen(self): + """Test generation of EFI capsule""" + data = tools.read_file(self.TestFile("key.key")) + self._MakeInputFile("key.key", data) + data = tools.read_file(self.TestFile("key.pem")) + self._MakeInputFile("key.crt", data) + + data = self._DoReadFile('308_capsule_signed.dts') + + self._CheckCapsule(data, signed_capsule=True) + + def testCapsuleGenVersionSupport(self): + """Test generation of EFI capsule with version support""" + data = self._DoReadFile('309_capsule_version.dts') + + self._CheckCapsule(data, version_check=True) + + def testCapsuleGenSignedVer(self): + """Test generation of signed EFI capsule with version information""" + data = tools.read_file(self.TestFile("key.key")) + self._MakeInputFile("key.key", data) + data = tools.read_file(self.TestFile("key.pem")) + self._MakeInputFile("key.crt", data) + + data = self._DoReadFile('310_capsule_signed_ver.dts') + + self._CheckCapsule(data, signed_capsule=True, version_check=True) + + def testCapsuleGenCapOemFlags(self): + """Test generation of EFI capsule with OEM Flags set""" + data = self._DoReadFile('311_capsule_oemflags.dts') + + self._CheckCapsule(data, capoemflags=True) + + + def testCapsuleGenKeyMissing(self): + """Test that binman errors out on missing key""" + with self.assertRaises(ValueError) as e: + self._DoReadFile('312_capsule_missing_key.dts') + + self.assertIn("Both private key and public key certificate need to be provided", + str(e.exception)) + + def testCapsuleGenIndexMissing(self): + """Test that binman errors out on missing image index""" + with self.assertRaises(ValueError) as e: + self._DoReadFile('313_capsule_missing_index.dts') + + self.assertIn("entry is missing properties: image-index", + str(e.exception)) + + def testCapsuleGenGuidMissing(self): + """Test that binman errors out on missing image GUID""" + with self.assertRaises(ValueError) as e: + self._DoReadFile('314_capsule_missing_guid.dts') + + self.assertIn("entry is missing properties: image-type-id", + str(e.exception)) + + def testCapsuleGenPayloadMissing(self): + """Test that binman errors out on missing input(payload)image""" + with self.assertRaises(ValueError) as e: + self._DoReadFile('315_capsule_missing_payload.dts') + + self.assertIn("The capsule entry expects a single subnode for payload", + str(e.exception)) + if __name__ == "__main__": unittest.main() diff --git a/tools/binman/test/307_capsule.dts b/tools/binman/test/307_capsule.dts new file mode 100644 index 0000000000..dd5b6f1c11 --- /dev/null +++ b/tools/binman/test/307_capsule.dts @@ -0,0 +1,21 @@ +// SPDX-License-Identifier: GPL-2.0+ + +/dts-v1/; + +/ { + #address-cells = <1>; + #size-cells = <1>; + + binman { + efi-capsule { + image-index = <0x1>; + /* Image GUID for testing capsule update */ + image-type-id = "09D7CF52-0720-4710-91D1-08469B7FE9C8"; + hardware-instance = <0x0>; + + blob-ext { + filename = "efi_capsule_payload.bin"; + }; + }; + }; +}; diff --git a/tools/binman/test/308_capsule_signed.dts b/tools/binman/test/308_capsule_signed.dts new file mode 100644 index 0000000000..2765dd4140 --- /dev/null +++ b/tools/binman/test/308_capsule_signed.dts @@ -0,0 +1,23 @@ +// SPDX-License-Identifier: GPL-2.0+ + +/dts-v1/; + +/ { + #address-cells = <1>; + #size-cells = <1>; + + binman { + efi-capsule { + image-index = <0x1>; + /* Image GUID for testing capsule update */ + image-type-id = "09D7CF52-0720-4710-91D1-08469B7FE9C8"; + hardware-instance = <0x0>; + private-key = "key.key"; + pub-key-cert = "key.crt"; + + blob-ext { + filename = "efi_capsule_payload.bin"; + }; + }; + }; +}; diff --git a/tools/binman/test/309_capsule_version.dts b/tools/binman/test/309_capsule_version.dts new file mode 100644 index 0000000000..21d6e2bd26 --- /dev/null +++ b/tools/binman/test/309_capsule_version.dts @@ -0,0 +1,22 @@ +// SPDX-License-Identifier: GPL-2.0+ + +/dts-v1/; + +/ { + #address-cells = <1>; + #size-cells = <1>; + + binman { + efi-capsule { + image-index = <0x1>; + fw-version = <0x2>; + /* Image GUID for testing capsule update */ + image-type-id = "09D7CF52-0720-4710-91D1-08469B7FE9C8"; + hardware-instance = <0x0>; + + blob-ext { + filename = "efi_capsule_payload.bin"; + }; + }; + }; +}; diff --git a/tools/binman/test/310_capsule_signed_ver.dts b/tools/binman/test/310_capsule_signed_ver.dts new file mode 100644 index 0000000000..f3606e6520 --- /dev/null +++ b/tools/binman/test/310_capsule_signed_ver.dts @@ -0,0 +1,24 @@ +// SPDX-License-Identifier: GPL-2.0+ + +/dts-v1/; + +/ { + #address-cells = <1>; + #size-cells = <1>; + + binman { + efi-capsule { + image-index = <0x1>; + fw-version = <0x2>; + /* Image GUID for testing capsule update */ + image-type-id = "09D7CF52-0720-4710-91D1-08469B7FE9C8"; + hardware-instance = <0x0>; + private-key = "key.key"; + pub-key-cert = "key.crt"; + + blob-ext { + filename = "efi_capsule_payload.bin"; + }; + }; + }; +}; diff --git a/tools/binman/test/311_capsule_oemflags.dts b/tools/binman/test/311_capsule_oemflags.dts new file mode 100644 index 0000000000..9f535f8712 --- /dev/null +++ b/tools/binman/test/311_capsule_oemflags.dts @@ -0,0 +1,22 @@ +// SPDX-License-Identifier: GPL-2.0+ + +/dts-v1/; + +/ { + #address-cells = <1>; + #size-cells = <1>; + + binman { + efi-capsule { + image-index = <0x1>; + /* Image GUID for testing capsule update */ + image-type-id = "09D7CF52-0720-4710-91D1-08469B7FE9C8"; + hardware-instance = <0x0>; + capoemflags = <0x8000>; + + blob-ext { + filename = "efi_capsule_payload.bin"; + }; + }; + }; +}; diff --git a/tools/binman/test/312_capsule_missing_key.dts b/tools/binman/test/312_capsule_missing_key.dts new file mode 100644 index 0000000000..6a6fc59b6d --- /dev/null +++ b/tools/binman/test/312_capsule_missing_key.dts @@ -0,0 +1,22 @@ +// SPDX-License-Identifier: GPL-2.0+ + +/dts-v1/; + +/ { + #address-cells = <1>; + #size-cells = <1>; + + binman { + efi-capsule { + image-index = <0x1>; + /* Image GUID for testing capsule update */ + image-type-id = "09D7CF52-0720-4710-91D1-08469B7FE9C8"; + hardware-instance = <0x0>; + private-key = "tools/binman/test/key.key"; + + blob-ext { + filename = "efi_capsule_payload.bin"; + }; + }; + }; +}; diff --git a/tools/binman/test/313_capsule_missing_index.dts b/tools/binman/test/313_capsule_missing_index.dts new file mode 100644 index 0000000000..7806521135 --- /dev/null +++ b/tools/binman/test/313_capsule_missing_index.dts @@ -0,0 +1,20 @@ +// SPDX-License-Identifier: GPL-2.0+ + +/dts-v1/; + +/ { + #address-cells = <1>; + #size-cells = <1>; + + binman { + efi-capsule { + /* Image GUID for testing capsule update */ + image-type-id = "09D7CF52-0720-4710-91D1-08469B7FE9C8"; + hardware-instance = <0x0>; + + blob-ext { + filename = "efi_capsule_payload.bin"; + }; + }; + }; +}; diff --git a/tools/binman/test/314_capsule_missing_guid.dts b/tools/binman/test/314_capsule_missing_guid.dts new file mode 100644 index 0000000000..599562bef6 --- /dev/null +++ b/tools/binman/test/314_capsule_missing_guid.dts @@ -0,0 +1,19 @@ +// SPDX-License-Identifier: GPL-2.0+ + +/dts-v1/; + +/ { + #address-cells = <1>; + #size-cells = <1>; + + binman { + efi-capsule { + image-index = <0x1>; + hardware-instance = <0x0>; + + blob-ext { + filename = "efi_capsule_payload.bin"; + }; + }; + }; +}; diff --git a/tools/binman/test/315_capsule_missing_payload.dts b/tools/binman/test/315_capsule_missing_payload.dts new file mode 100644 index 0000000000..86da9cd309 --- /dev/null +++ b/tools/binman/test/315_capsule_missing_payload.dts @@ -0,0 +1,17 @@ +// SPDX-License-Identifier: GPL-2.0+ + +/dts-v1/; + +/ { + #address-cells = <1>; + #size-cells = <1>; + + binman { + efi-capsule { + image-index = <0x1>; + /* Image GUID for testing capsule update */ + image-type-id = "09D7CF52-0720-4710-91D1-08469B7FE9C8"; + hardware-instance = <0x0>; + }; + }; +}; From patchwork Tue Aug 1 17:40:16 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sughosh Ganu X-Patchwork-Id: 708744 Delivered-To: patch@linaro.org Received: by 2002:a5d:55c5:0:b0:317:2194:b2bc with SMTP id i5csp473230wrw; Tue, 1 Aug 2023 10:41:58 -0700 (PDT) X-Google-Smtp-Source: APBJJlFCHw7qnnFFAgF1kOStRZsxpWnKGZv6OfEOch1yT0xcl+1mExwlDZuJK8d8wDeqlYKuuBU4 X-Received: by 2002:adf:dd89:0:b0:316:f4b9:a952 with SMTP id x9-20020adfdd89000000b00316f4b9a952mr2695255wrl.31.1690911718197; Tue, 01 Aug 2023 10:41:58 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1690911718; cv=none; d=google.com; s=arc-20160816; b=K+tRJ/yc4db+lv9qi36wdzB30FFWMYE2G7YwDjRbz/Z4aJ/MTkhr+Z7uXfqv33VM9e WflMcl9A3y1KhVVBnjEMeD5xf9hbaCHfGSunPuw6M0wURY1p5MxdxjB955REGyrVNXEu /Ib1B2fnAwFiZVpmsRUfC/MjbXeHlwlpjkcdPlSDl0WOC1/gVrCc9nORJZxsbq4rbyEp 8GF8yJYywIpVAEPZacCGB2q7rZMSvmkpvP+rMRQZtNTN9syQD+ld9ltACqb59QWFmfhi h6E9hIiljQ6p74nfF8QOB9EvXckiLZP7sSpm50bXlDXgQZsA4oZp77vXxpZ5a1s1LDMR RbNA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:content-transfer-encoding :mime-version:references:in-reply-to:message-id:date:subject:cc:to :from; bh=P8D4HtLLj27DtP87D9qfe4aXUhnwEblt7dT2U/bJFMU=; fh=pvWoYJ8DnC9IyTD46q2s71hlWpPSBdE/YYp0/eyIYcc=; b=mh4Uby+++VTPU0F5pFgLWwgGGITUhK+/3MrRm4F1BKZR6yZx1LzldZXcerps56DUJp 7EhYhtqfS8GvecCVDrRkmx2QEDTsfnqMedvv3tpHvI1snZQy8y0D3GA9ZrVE4gvpp8ch 4sukoKQq+UvJXlyP2d553Hlq1fYM5Pw2XgyK8y08ccOj8pEgI7gOOrtr4Mv7BLsyMjvO bZRA6BbF10mEpiP7E7iqOcmp573sXfMty842jx28b+anwWpnDlknDxo1uA92MdW3iyni Y3OxSN2IVgceH9MrTLPt8qQ5scwcvkVcScKvkmj3C9lfyiNDx7u8RMlOx/8GVflkGpj2 fSRw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from phobos.denx.de (phobos.denx.de. [2a01:238:438b:c500:173d:9f52:ddab:ee01]) by mx.google.com with ESMTPS id m6-20020a5d4a06000000b003141238d67dsi5991462wrq.335.2023.08.01.10.41.57 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 01 Aug 2023 10:41:58 -0700 (PDT) Received-SPF: pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) client-ip=2a01:238:438b:c500:173d:9f52:ddab:ee01; Authentication-Results: mx.google.com; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 7D8D186CD3; Tue, 1 Aug 2023 19:41:05 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=fail (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Received: by phobos.denx.de (Postfix, from userid 109) id B498A86B09; Tue, 1 Aug 2023 19:41:03 +0200 (CEST) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-1.2 required=5.0 tests=BAYES_00,SPF_HELO_NONE, SPF_SOFTFAIL,T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=3.4.2 Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by phobos.denx.de (Postfix) with ESMTP id 7170586B09 for ; Tue, 1 Aug 2023 19:41:01 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=fail (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=fail smtp.mailfrom=sughosh.ganu@linaro.org Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 9648ED75; Tue, 1 Aug 2023 10:41:44 -0700 (PDT) Received: from a076522.blr.arm.com (unknown [10.162.46.7]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id 4758B3F59C; Tue, 1 Aug 2023 10:40:58 -0700 (PDT) From: Sughosh Ganu To: u-boot@lists.denx.de Cc: Heinrich Schuchardt , Ilias Apalodimas , Simon Glass , Takahiro Akashi , Malte Schmidt , Michal Simek , Tom Rini , Sughosh Ganu Subject: [PATCH v6 7/9] doc: Add documentation to highlight capsule generation related updates Date: Tue, 1 Aug 2023 23:10:16 +0530 Message-Id: <20230801174018.1342555-8-sughosh.ganu@linaro.org> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20230801174018.1342555-1-sughosh.ganu@linaro.org> References: <20230801174018.1342555-1-sughosh.ganu@linaro.org> MIME-Version: 1.0 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.39 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.8 at phobos.denx.de X-Virus-Status: Clean The EFI capsules can now be generated as part of u-boot build, through binman. Highlight these changes in the documentation. Signed-off-by: Sughosh Ganu --- Changes since V5: * Remove the documentation for generating the capsule through config file, as that functionality is not added through this series. doc/develop/uefi/uefi.rst | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/doc/develop/uefi/uefi.rst b/doc/develop/uefi/uefi.rst index b2854b52a6..3150d6fb9c 100644 --- a/doc/develop/uefi/uefi.rst +++ b/doc/develop/uefi/uefi.rst @@ -318,6 +318,9 @@ Run the following command --guid \ +Capsule with firmware version +***************************** + The UEFI specification does not define the firmware versioning mechanism. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version, @@ -345,6 +348,21 @@ add --fw-version option in mkeficapsule tool. If the --fw-version option is not set, FMP Payload Header is not inserted and fw_version is set as 0. + +Capsule Generation through binman +********************************* + +Support has also been added to generate capsules during u-boot build +through binman. This requires the platform's DTB to be populated with +the capsule entry nodes for binman. The capsules then can be generated +by specifying the capsule parameters either through a config file, or +by specifying them as properties in the capsule entry node. + +Check the arch/sandbox/dts/u-boot.dtsi file for the sandbox platform +as reference for how to generate capsules through binman as part of +u-boot build. + + Performing the update ********************* From patchwork Tue Aug 1 17:40:17 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sughosh Ganu X-Patchwork-Id: 708745 Delivered-To: patch@linaro.org Received: by 2002:a5d:55c5:0:b0:317:2194:b2bc with SMTP id i5csp473317wrw; Tue, 1 Aug 2023 10:42:07 -0700 (PDT) X-Google-Smtp-Source: APBJJlH93CUSb3Ye3nPu5Wt3rAdFicwx6v25Hj4d9hw87IxVAzy7DGMZoPVZ+soC5GeiEsYN0s54 X-Received: by 2002:a5d:6ac7:0:b0:306:2e62:8d2e with SMTP id u7-20020a5d6ac7000000b003062e628d2emr3321795wrw.1.1690911727206; Tue, 01 Aug 2023 10:42:07 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1690911727; cv=none; d=google.com; s=arc-20160816; b=x1apMC8jjiKaabn4lFNF+amxdJnQt4SjxTiTSHRq87UVsk05G+rXrXL1tb633nWqI9 Nk1dnnTvjVdqB02Flh1FVwf3UqM3BjFK+7IQU8v9HtWRw+Z3EfCCDy234v+pGHF08noK BXo0zzLQ/7rnwZyvqRkodhLW9+mm52V5q5cXTos+B0nIBZiu+PsbXZRJ0IPMx+eK//5v kqNE+K6HmA8e0LP88B5t301Qle8wuUFJMWdqwqrPXeSDC004b7d7d3HZRS7SwEliIIrX b9iWgpW2kb2ECPUibK0Nc8jbP0wBka2t7XeZwGymM6TH88H3vPzGFYB0w40Bd2HLfDh8 WZNg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:content-transfer-encoding :mime-version:references:in-reply-to:message-id:date:subject:cc:to :from; bh=LYrC4YjzEdQImxt9oKmo1mcKkYvsv+GHisFPVLDpBEo=; fh=pvWoYJ8DnC9IyTD46q2s71hlWpPSBdE/YYp0/eyIYcc=; b=O80dp3OHHRF5N+0p/9ukAmIfeRzLZcOmDNUchcuE7y7XWH13zaLN7C347Fk1yz9kF2 d9IC3xJqNpb+eA9OdTjqmVQEln/nIZu8bXnEA0NK/Z3M9cexUO7WNVAHfVMdTjoqaaNW CHB8l1PFoI1+CwnEPob7y4XXr+qZA+ICCQg7Vzd+89oTaE5wDFMKmnAXSz90uanGjbeB 3Si/layw0Xig+BgrCgS8MloPACgyDS96pv2LGU1wNHOzSh0A9SSGxcEscg7YjSd2VDs9 VyQ/RUJAWeI5MlmVHhVsCVaFuE2eo035wZuURnRcjH+Ju4pt2nbpaElS04q5rN7VQdFh 76aQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from phobos.denx.de (phobos.denx.de. [2a01:238:438b:c500:173d:9f52:ddab:ee01]) by mx.google.com with ESMTPS id l5-20020a5d6745000000b003077f3e02c7si6186666wrw.507.2023.08.01.10.42.06 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 01 Aug 2023 10:42:07 -0700 (PDT) Received-SPF: pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) client-ip=2a01:238:438b:c500:173d:9f52:ddab:ee01; Authentication-Results: mx.google.com; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 4586D86CC9; Tue, 1 Aug 2023 19:41:08 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=fail (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Received: by phobos.denx.de (Postfix, from userid 109) id 399DA86CDD; Tue, 1 Aug 2023 19:41:07 +0200 (CEST) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-1.2 required=5.0 tests=BAYES_00,SPF_HELO_NONE, SPF_SOFTFAIL,T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=3.4.2 Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by phobos.denx.de (Postfix) with ESMTP id D65B986CC5 for ; Tue, 1 Aug 2023 19:41:04 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=fail (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=fail smtp.mailfrom=sughosh.ganu@linaro.org Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id C46F5D75; Tue, 1 Aug 2023 10:41:47 -0700 (PDT) Received: from a076522.blr.arm.com (unknown [10.162.46.7]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id 7595D3F59C; Tue, 1 Aug 2023 10:41:01 -0700 (PDT) From: Sughosh Ganu To: u-boot@lists.denx.de Cc: Heinrich Schuchardt , Ilias Apalodimas , Simon Glass , Takahiro Akashi , Malte Schmidt , Michal Simek , Tom Rini , Sughosh Ganu Subject: [PATCH v6 8/9] test: capsule: Remove public key embed logic from capsule update test Date: Tue, 1 Aug 2023 23:10:17 +0530 Message-Id: <20230801174018.1342555-9-sughosh.ganu@linaro.org> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20230801174018.1342555-1-sughosh.ganu@linaro.org> References: <20230801174018.1342555-1-sughosh.ganu@linaro.org> MIME-Version: 1.0 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.39 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.8 at phobos.denx.de X-Virus-Status: Clean The embedding of the public key EFI Signature List(ESL) file into the platform's DTB is now done at the time of u-boot build. Remove this logic from the capsule update test' configuration. Include the public key for the sandbox and sandbox_flattree variant as part of the build. Signed-off-by: Sughosh Ganu --- Changes since V5: * Use the public key ESL file from the tree instead of the /tmp/capsules/ directory being used in previous version. configs/sandbox_defconfig | 1 + configs/sandbox_flattree_defconfig | 1 + test/py/tests/test_efi_capsule/conftest.py | 37 ++++---------------- test/py/tests/test_efi_capsule/signature.dts | 10 ------ 4 files changed, 9 insertions(+), 40 deletions(-) delete mode 100644 test/py/tests/test_efi_capsule/signature.dts diff --git a/configs/sandbox_defconfig b/configs/sandbox_defconfig index b6c4f735f2..3d9e59a11d 100644 --- a/configs/sandbox_defconfig +++ b/configs/sandbox_defconfig @@ -341,6 +341,7 @@ CONFIG_EFI_RUNTIME_UPDATE_CAPSULE=y CONFIG_EFI_CAPSULE_ON_DISK=y CONFIG_EFI_CAPSULE_FIRMWARE_RAW=y CONFIG_EFI_CAPSULE_AUTHENTICATE=y +CONFIG_EFI_CAPSULE_ESL_FILE="../../../test/py/tests/test_efi_capsule/test_files/SIGNER.esl" CONFIG_EFI_SECURE_BOOT=y CONFIG_TEST_FDTDEC=y CONFIG_UNIT_TEST=y diff --git a/configs/sandbox_flattree_defconfig b/configs/sandbox_flattree_defconfig index 8aa295686d..325e162ad9 100644 --- a/configs/sandbox_flattree_defconfig +++ b/configs/sandbox_flattree_defconfig @@ -227,6 +227,7 @@ CONFIG_EFI_RUNTIME_UPDATE_CAPSULE=y CONFIG_EFI_CAPSULE_ON_DISK=y CONFIG_EFI_CAPSULE_FIRMWARE_FIT=y CONFIG_EFI_CAPSULE_AUTHENTICATE=y +CONFIG_EFI_CAPSULE_ESL_FILE="../../../test/py/tests/test_efi_capsule/test_files/SIGNER.esl" CONFIG_UNIT_TEST=y CONFIG_UT_TIME=y CONFIG_UT_DM=y diff --git a/test/py/tests/test_efi_capsule/conftest.py b/test/py/tests/test_efi_capsule/conftest.py index 054be1ee97..bee3050282 100644 --- a/test/py/tests/test_efi_capsule/conftest.py +++ b/test/py/tests/test_efi_capsule/conftest.py @@ -25,48 +25,25 @@ def efi_capsule_data(request, u_boot_config): image_path = u_boot_config.persistent_data_dir + '/test_efi_capsule.img' try: + capsules_path_dir = u_boot_config.source_dir + '/test/py/tests/test_efi_capsule/test_files/' # Create a target device check_call('dd if=/dev/zero of=./spi.bin bs=1MiB count=16', shell=True) check_call('rm -rf %s' % mnt_point, shell=True) check_call('mkdir -p %s' % data_dir, shell=True) check_call('mkdir -p %s' % install_dir, shell=True) - - capsule_auth_enabled = u_boot_config.buildconfig.get( - 'config_efi_capsule_authenticate') - if capsule_auth_enabled: - # Create private key (SIGNER.key) and certificate (SIGNER.crt) - check_call('cd %s; ' - 'openssl req -x509 -sha256 -newkey rsa:2048 ' - '-subj /CN=TEST_SIGNER/ -keyout SIGNER.key ' - '-out SIGNER.crt -nodes -days 365' - % data_dir, shell=True) - check_call('cd %s; %scert-to-efi-sig-list SIGNER.crt SIGNER.esl' - % (data_dir, EFITOOLS_PATH), shell=True) - - # Update dtb adding capsule certificate - check_call('cd %s; ' - 'cp %s/test/py/tests/test_efi_capsule/signature.dts .' - % (data_dir, u_boot_config.source_dir), shell=True) - check_call('cd %s; ' - 'dtc -@ -I dts -O dtb -o signature.dtbo signature.dts; ' - 'fdtoverlay -i %s/arch/sandbox/dts/test.dtb ' - '-o test_sig.dtb signature.dtbo' - % (data_dir, u_boot_config.build_dir), shell=True) - - # Create *malicious* private key (SIGNER2.key) and certificate - # (SIGNER2.crt) - check_call('cd %s; ' - 'openssl req -x509 -sha256 -newkey rsa:2048 ' - '-subj /CN=TEST_SIGNER/ -keyout SIGNER2.key ' - '-out SIGNER2.crt -nodes -days 365' - % data_dir, shell=True) + check_call('cp %s/* %s ' % (capsules_path_dir, data_dir), shell=True) # Update dtb to add the version information check_call('cd %s; ' 'cp %s/test/py/tests/test_efi_capsule/version.dts .' % (data_dir, u_boot_config.source_dir), shell=True) + + capsule_auth_enabled = u_boot_config.buildconfig.get( + 'config_efi_capsule_authenticate') if capsule_auth_enabled: + check_call('cp %s/arch/sandbox/dts/test.dtb %s/test_sig.dtb' % + (u_boot_config.build_dir, data_dir), shell=True) check_call('cd %s; ' 'dtc -@ -I dts -O dtb -o version.dtbo version.dts; ' 'fdtoverlay -i test_sig.dtb ' diff --git a/test/py/tests/test_efi_capsule/signature.dts b/test/py/tests/test_efi_capsule/signature.dts deleted file mode 100644 index 078cfc76c9..0000000000 --- a/test/py/tests/test_efi_capsule/signature.dts +++ /dev/null @@ -1,10 +0,0 @@ -// SPDX-License-Identifier: GPL-2.0+ - -/dts-v1/; -/plugin/; - -&{/} { - signature { - capsule-key = /incbin/("SIGNER.esl"); - }; -}; From patchwork Tue Aug 1 17:40:18 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sughosh Ganu X-Patchwork-Id: 708746 Delivered-To: patch@linaro.org Received: by 2002:a5d:55c5:0:b0:317:2194:b2bc with SMTP id i5csp473389wrw; Tue, 1 Aug 2023 10:42:16 -0700 (PDT) X-Google-Smtp-Source: APBJJlHgGxLFt5UfO7zHN56NNKxAvBbCVgGor6MqS4AYdv2CzbcxeASUdk/t/TjHyakvh8w52oon X-Received: by 2002:a7b:c84f:0:b0:3fb:739d:27b2 with SMTP id c15-20020a7bc84f000000b003fb739d27b2mr2913361wml.8.1690911736222; Tue, 01 Aug 2023 10:42:16 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1690911736; cv=none; d=google.com; s=arc-20160816; b=jmaNCtHdJbUebCcCYgFIT/gs12HT2OlSgnxlBuBe1GQRkin0NpOazDIF2PIn8ZHUsc YD5zwmPYB58DjRkp0+OIRGADf0aOcN3d0dAvSlO+7vbFZZnYXzORLGfEDwOBPF05FCp9 FSqq3zE1UdRMGGs1gbz4rZX6jayy0yzSraIluBIEueuTk/Bzdxl/RFXUZkWA9458Gx/v 6fzquKYDetsDBoiO8RnQrWMkeAwFhskisGNpfOPAp3pEHtR6sOlmWMBE8uODXdYLW9Im u7W1gM7SlH69WerTlDBTd5fdHF6fhgg5i1UqcnPfOZSxxh1qt7gCyVGk9GdXkaerGJQf Q9fA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:content-transfer-encoding :mime-version:references:in-reply-to:message-id:date:subject:cc:to :from; bh=MVvyjuHUd065uOok6zw8YKOWufTr/CYxR1SndI7YnnY=; fh=pvWoYJ8DnC9IyTD46q2s71hlWpPSBdE/YYp0/eyIYcc=; b=Hi3J5mT4co81HWkT3XBYhe3OIJeFTdT0HX8wIg7QbfTAYD09D1qckDehFx8Spu1E9S 11ToetrF9hyGWkQz31sMS+v4v6tX4xQm2M5xyy7niOyYlwUij0svh/+bMbFCfo6sSf4G LBx93S+EI3uIBai9f4MTXi7HWU2hAxn7OIac/jjYeurnppHV0qQ9LRtVRtl80bRfm4Yy 64mMzFaKNTBLbK4/do9qlxubXaUW/Sc0fJOgVx2IJGzTPv3TbXr40xgXLMXIRr7JN7HT cW0be4xdcpIXaT6agATobyaukt4s0jWMEkwtLxZaW4Xiyj/eXFjhdOZrh04ADL7OvJIT 0ZTA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 85.214.62.61 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from phobos.denx.de (phobos.denx.de. [85.214.62.61]) by mx.google.com with ESMTPS id b7-20020a05600c11c700b003fbd426d0c8si6865390wmi.165.2023.08.01.10.42.15 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 01 Aug 2023 10:42:16 -0700 (PDT) Received-SPF: pass (google.com: domain of u-boot-bounces@lists.denx.de designates 85.214.62.61 as permitted sender) client-ip=85.214.62.61; Authentication-Results: mx.google.com; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 85.214.62.61 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id EFEB486C9A; Tue, 1 Aug 2023 19:41:11 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=fail (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Received: by phobos.denx.de (Postfix, from userid 109) id CE79A86C9A; Tue, 1 Aug 2023 19:41:10 +0200 (CEST) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-1.2 required=5.0 tests=BAYES_00,SPF_HELO_NONE, SPF_SOFTFAIL,T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=3.4.2 Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by phobos.denx.de (Postfix) with ESMTP id DB3CD86CC5 for ; Tue, 1 Aug 2023 19:41:07 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=fail (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=fail smtp.mailfrom=sughosh.ganu@linaro.org Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id F3460D75; Tue, 1 Aug 2023 10:41:50 -0700 (PDT) Received: from a076522.blr.arm.com (unknown [10.162.46.7]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id A44DE3F59C; Tue, 1 Aug 2023 10:41:04 -0700 (PDT) From: Sughosh Ganu To: u-boot@lists.denx.de Cc: Heinrich Schuchardt , Ilias Apalodimas , Simon Glass , Takahiro Akashi , Malte Schmidt , Michal Simek , Tom Rini , Sughosh Ganu Subject: [PATCH v6 9/9] sandbox: capsule: Generate capsule related files through binman Date: Tue, 1 Aug 2023 23:10:18 +0530 Message-Id: <20230801174018.1342555-10-sughosh.ganu@linaro.org> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20230801174018.1342555-1-sughosh.ganu@linaro.org> References: <20230801174018.1342555-1-sughosh.ganu@linaro.org> MIME-Version: 1.0 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.39 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.8 at phobos.denx.de X-Virus-Status: Clean The EFI capsule files can now be generated as part of u-boot build. This is done through binman. Add capsule entry nodes in the u-boot.dtsi for the sandbox architecture for generating the capsules. Remove the corresponding generation of capsules from the capsule update conftest file. The capsules are generated through the config file for the sandbox variant, and through explicit parameters for the sandbox_flattree variant. Also generate the FIT image used for testing the capsule update feature on the sandbox_flattree variant through binman. Remove the now superfluous its file which was used for generating this FIT image. Signed-off-by: Sughosh Ganu --- Changes since V5: * Use the public key ESL file and other input files from the tree instead of the /tmp/capsules/ directory being used in previous version. * Use macros for other input files and certs. arch/sandbox/dts/u-boot.dtsi | 347 ++++++++++++++++++ test/py/tests/test_efi_capsule/conftest.py | 128 +------ .../tests/test_efi_capsule/uboot_bin_env.its | 36 -- 3 files changed, 348 insertions(+), 163 deletions(-) delete mode 100644 test/py/tests/test_efi_capsule/uboot_bin_env.its diff --git a/arch/sandbox/dts/u-boot.dtsi b/arch/sandbox/dts/u-boot.dtsi index 60bd004937..ae798660de 100644 --- a/arch/sandbox/dts/u-boot.dtsi +++ b/arch/sandbox/dts/u-boot.dtsi @@ -7,11 +7,358 @@ */ #ifdef CONFIG_EFI_HAVE_CAPSULE_SUPPORT + +#define SANDBOX_UBOOT_IMAGE_GUID "09d7cf52-0720-4710-91d1-08469b7fe9c8" +#define SANDBOX_UBOOT_ENV_IMAGE_GUID "5a7021f5-fef2-48b4-aaba-832e777418c0" +#define SANDBOX_FIT_IMAGE_GUID "3673b45d-6a7c-46f3-9e60-adabb03f7937" +#define SANDBOX_INCORRECT_GUID "058b7d83-50d5-4c47-a195-60d86ad341c4" + +#define UBOOT_BIN_IMAGE "test/py/tests/test_efi_capsule/test_files/u-boot.bin.new" +#define UBOOT_ENV_IMAGE "test/py/tests/test_efi_capsule/test_files/u-boot.env.new" +#define UBOOT_FIT_IMAGE "u-boot_bin_env.itb" + +#define CAPSULE_PRIV_KEY "test/py/tests/test_efi_capsule/test_files/SIGNER.key" +#define CAPSULE_PUB_KEY "test/py/tests/test_efi_capsule/test_files/SIGNER.crt" +#define CAPSULE_INVAL_KEY "test/py/tests/test_efi_capsule/test_files/SIGNER2.key" +#define CAPSULE_INVAL_PUB_KEY "test/py/tests/test_efi_capsule/test_files/SIGNER2.crt" + / { #ifdef CONFIG_EFI_CAPSULE_AUTHENTICATE signature { capsule-key = /incbin/(CONFIG_EFI_CAPSULE_ESL_FILE); }; #endif + + binman: binman { + multiple-images; + }; +}; + +&binman { + itb { + filename = UBOOT_FIT_IMAGE; + + fit { + description = "Automatic U-Boot environment update"; + #address-cells = <2>; + + images { + u-boot-bin { + description = "U-Boot binary on SPI Flash"; + compression = "none"; + type = "firmware"; + arch = "sandbox"; + load = <0>; + blob { + filename = UBOOT_BIN_IMAGE; + }; + + hash-1 { + algo = "sha1"; + }; + }; + u-boot-env { + description = "U-Boot environment on SPI Flash"; + compression = "none"; + type = "firmware"; + arch = "sandbox"; + load = <0>; + blob { + filename = UBOOT_ENV_IMAGE; + }; + + hash-1 { + algo = "sha1"; + }; + }; + }; + }; + }; + + capsule1 { + filename = "Test01"; + capsule { + type = "efi-capsule"; + image-index = <0x1>; + image-type-id = SANDBOX_UBOOT_IMAGE_GUID; + + blob-ext { + filename = UBOOT_BIN_IMAGE; + }; + }; + }; + + capsule2 { + filename = "Test02"; + capsule { + type = "efi-capsule"; + image-index = <0x2>; + image-type-id = SANDBOX_UBOOT_ENV_IMAGE_GUID; + + blob-ext { + filename = UBOOT_ENV_IMAGE; + }; + }; + }; + + capsule3 { + filename = "Test03"; + capsule { + type = "efi-capsule"; + image-index = <0x1>; + image-type-id = SANDBOX_INCORRECT_GUID; + + blob-ext { + filename = UBOOT_BIN_IMAGE; + }; + }; + }; + + capsule4 { + filename = "Test04"; + capsule { + type = "efi-capsule"; + image-index = <0x1>; + image-type-id = SANDBOX_FIT_IMAGE_GUID; + + blob-ext { + filename = UBOOT_FIT_IMAGE; + }; + }; + }; + + capsule5 { + filename = "Test05"; + capsule { + type = "efi-capsule"; + image-index = <0x1>; + image-type-id = SANDBOX_INCORRECT_GUID; + + blob-ext { + filename = UBOOT_FIT_IMAGE; + }; + }; + }; + + capsule6 { + filename = "Test101"; + capsule { + type = "efi-capsule"; + image-index = <0x1>; + fw-version = <0x5>; + image-type-id = SANDBOX_UBOOT_IMAGE_GUID; + + blob-ext { + filename = UBOOT_BIN_IMAGE; + }; + }; + }; + + capsule7 { + filename = "Test102"; + capsule { + type = "efi-capsule"; + image-index = <0x2>; + fw-version = <0xa>; + image-type-id = SANDBOX_UBOOT_ENV_IMAGE_GUID; + + blob-ext { + filename = UBOOT_ENV_IMAGE; + }; + }; + }; + + capsule8 { + filename = "Test103"; + capsule { + type = "efi-capsule"; + image-index = <0x1>; + fw-version = <0x2>; + image-type-id = SANDBOX_UBOOT_IMAGE_GUID; + + blob-ext { + filename = UBOOT_BIN_IMAGE; + }; + }; + }; + + capsule9 { + filename = "Test104"; + capsule { + type = "efi-capsule"; + image-index = <0x1>; + fw-version = <0x5>; + image-type-id = SANDBOX_FIT_IMAGE_GUID; + + blob-ext { + filename = UBOOT_FIT_IMAGE; + }; + }; + }; + + capsule10 { + filename = "Test105"; + capsule { + type = "efi-capsule"; + image-index = <0x1>; + fw-version = <0x2>; + image-type-id = SANDBOX_FIT_IMAGE_GUID; + + blob-ext { + filename = UBOOT_FIT_IMAGE; + }; + }; + }; + +#ifdef CONFIG_EFI_CAPSULE_AUTHENTICATE + capsule11 { + filename = "Test11"; + capsule { + type = "efi-capsule"; + image-index = <0x1>; + image-type-id = SANDBOX_UBOOT_IMAGE_GUID; + private-key = CAPSULE_PRIV_KEY; + pub-key-cert = CAPSULE_PUB_KEY; + monotonic-count = <0x1>; + + blob-ext { + filename = UBOOT_BIN_IMAGE; + }; + }; + }; + + capsule12 { + filename = "Test12"; + capsule { + type = "efi-capsule"; + image-index = <0x1>; + image-type-id = SANDBOX_UBOOT_IMAGE_GUID; + private-key = CAPSULE_INVAL_KEY; + pub-key-cert = CAPSULE_INVAL_PUB_KEY; + monotonic-count = <0x1>; + + blob-ext { + filename = UBOOT_BIN_IMAGE; + }; + }; + }; + + capsule13 { + filename = "Test13"; + capsule { + type = "efi-capsule"; + image-index = <0x1>; + image-type-id = SANDBOX_FIT_IMAGE_GUID; + private-key = CAPSULE_PRIV_KEY; + pub-key-cert = CAPSULE_PUB_KEY; + monotonic-count = <0x1>; + + blob-ext { + filename = UBOOT_FIT_IMAGE; + }; + }; + }; + + capsule14 { + filename = "Test14"; + capsule { + type = "efi-capsule"; + image-index = <0x1>; + image-type-id = SANDBOX_FIT_IMAGE_GUID; + private-key = CAPSULE_INVAL_KEY; + pub-key-cert = CAPSULE_INVAL_PUB_KEY; + monotonic-count = <0x1>; + + blob-ext { + filename = UBOOT_FIT_IMAGE; + }; + }; + }; + + capsule15 { + filename = "Test111"; + capsule { + type = "efi-capsule"; + image-index = <0x1>; + fw-version = <0x5>; + image-type-id = SANDBOX_UBOOT_IMAGE_GUID; + private-key = CAPSULE_PRIV_KEY; + pub-key-cert = CAPSULE_PUB_KEY; + monotonic-count = <0x1>; + + blob-ext { + filename = UBOOT_BIN_IMAGE; + }; + }; + }; + + capsule16 { + filename = "Test112"; + capsule { + type = "efi-capsule"; + image-index = <0x2>; + fw-version = <0xa>; + image-type-id = SANDBOX_UBOOT_ENV_IMAGE_GUID; + private-key = CAPSULE_PRIV_KEY; + pub-key-cert = CAPSULE_PUB_KEY; + monotonic-count = <0x1>; + + blob-ext { + filename = UBOOT_ENV_IMAGE; + }; + }; + }; + + capsule17 { + filename = "Test113"; + capsule { + type = "efi-capsule"; + image-index = <0x1>; + fw-version = <0x2>; + image-type-id = SANDBOX_UBOOT_IMAGE_GUID; + private-key = CAPSULE_PRIV_KEY; + pub-key-cert = CAPSULE_PUB_KEY; + monotonic-count = <0x1>; + + blob-ext { + filename = UBOOT_BIN_IMAGE; + }; + }; + }; + + capsule18 { + filename = "Test114"; + capsule { + type = "efi-capsule"; + image-index = <0x1>; + fw-version = <0x5>; + image-type-id = SANDBOX_FIT_IMAGE_GUID; + private-key = CAPSULE_PRIV_KEY; + pub-key-cert = CAPSULE_PUB_KEY; + monotonic-count = <0x1>; + + blob-ext { + filename = UBOOT_FIT_IMAGE; + }; + }; + }; + + capsule19 { + filename = "Test115"; + capsule { + type = "efi-capsule"; + image-index = <0x1>; + fw-version = <0x2>; + image-type-id = SANDBOX_FIT_IMAGE_GUID; + private-key = CAPSULE_PRIV_KEY; + pub-key-cert = CAPSULE_PUB_KEY; + monotonic-count = <0x1>; + + blob-ext { + filename = UBOOT_FIT_IMAGE; + }; + }; + }; +#endif /* CONFIG_EFI_CAPSULE_AUTHENTICATE */ }; #endif /* CONFIG_EFI_HAVE_CAPSULE_SUPPORT */ diff --git a/test/py/tests/test_efi_capsule/conftest.py b/test/py/tests/test_efi_capsule/conftest.py index bee3050282..bc0f188609 100644 --- a/test/py/tests/test_efi_capsule/conftest.py +++ b/test/py/tests/test_efi_capsule/conftest.py @@ -33,6 +33,7 @@ def efi_capsule_data(request, u_boot_config): check_call('mkdir -p %s' % data_dir, shell=True) check_call('mkdir -p %s' % install_dir, shell=True) check_call('cp %s/* %s ' % (capsules_path_dir, data_dir), shell=True) + check_call('cp %s/Test* %s ' % (u_boot_config.build_dir, data_dir), shell=True) # Update dtb to add the version information check_call('cd %s; ' @@ -56,133 +57,6 @@ def efi_capsule_data(request, u_boot_config): '-o test_ver.dtb version.dtbo' % (data_dir, u_boot_config.build_dir), shell=True) - # Create capsule files - # two regions: one for u-boot.bin and the other for u-boot.env - check_call('cd %s; echo -n u-boot:Old > u-boot.bin.old; echo -n u-boot:New > u-boot.bin.new; echo -n u-boot-env:Old > u-boot.env.old; echo -n u-boot-env:New > u-boot.env.new' % data_dir, - shell=True) - check_call('sed -e \"s?BINFILE1?u-boot.bin.new?\" -e \"s?BINFILE2?u-boot.env.new?\" %s/test/py/tests/test_efi_capsule/uboot_bin_env.its > %s/uboot_bin_env.its' % - (u_boot_config.source_dir, data_dir), - shell=True) - check_call('cd %s; %s/tools/mkimage -f uboot_bin_env.its uboot_bin_env.itb' % - (data_dir, u_boot_config.build_dir), - shell=True) - check_call('cd %s; %s/tools/mkeficapsule --index 1 --guid 09D7CF52-0720-4710-91D1-08469B7FE9C8 u-boot.bin.new Test01' % - (data_dir, u_boot_config.build_dir), - shell=True) - check_call('cd %s; %s/tools/mkeficapsule --index 2 --guid 5A7021F5-FEF2-48B4-AABA-832E777418C0 u-boot.env.new Test02' % - (data_dir, u_boot_config.build_dir), - shell=True) - check_call('cd %s; %s/tools/mkeficapsule --index 1 --guid 058B7D83-50D5-4C47-A195-60D86AD341C4 u-boot.bin.new Test03' % - (data_dir, u_boot_config.build_dir), - shell=True) - check_call('cd %s; %s/tools/mkeficapsule --index 1 --guid 3673B45D-6A7C-46F3-9E60-ADABB03F7937 uboot_bin_env.itb Test04' % - (data_dir, u_boot_config.build_dir), - shell=True) - check_call('cd %s; %s/tools/mkeficapsule --index 1 --guid 058B7D83-50D5-4C47-A195-60D86AD341C4 uboot_bin_env.itb Test05' % - (data_dir, u_boot_config.build_dir), - shell=True) - check_call('cd %s; %s/tools/mkeficapsule --index 1 --fw-version 5 ' - '--guid 09D7CF52-0720-4710-91D1-08469B7FE9C8 u-boot.bin.new Test101' % - (data_dir, u_boot_config.build_dir), - shell=True) - check_call('cd %s; %s/tools/mkeficapsule --index 2 --fw-version 10 ' - '--guid 5A7021F5-FEF2-48B4-AABA-832E777418C0 u-boot.env.new Test102' % - (data_dir, u_boot_config.build_dir), - shell=True) - check_call('cd %s; %s/tools/mkeficapsule --index 1 --fw-version 2 ' - '--guid 09D7CF52-0720-4710-91D1-08469B7FE9C8 u-boot.bin.new Test103' % - (data_dir, u_boot_config.build_dir), - shell=True) - check_call('cd %s; %s/tools/mkeficapsule --index 1 --fw-version 5 ' - '--guid 3673B45D-6A7C-46F3-9E60-ADABB03F7937 uboot_bin_env.itb Test104' % - (data_dir, u_boot_config.build_dir), - shell=True) - check_call('cd %s; %s/tools/mkeficapsule --index 1 --fw-version 2 ' - '--guid 3673B45D-6A7C-46F3-9E60-ADABB03F7937 uboot_bin_env.itb Test105' % - (data_dir, u_boot_config.build_dir), - shell=True) - - if capsule_auth_enabled: - # raw firmware signed with proper key - check_call('cd %s; ' - '%s/tools/mkeficapsule --index 1 --monotonic-count 1 ' - '--private-key SIGNER.key --certificate SIGNER.crt ' - '--guid 09D7CF52-0720-4710-91D1-08469B7FE9C8 ' - 'u-boot.bin.new Test11' - % (data_dir, u_boot_config.build_dir), - shell=True) - # raw firmware signed with *mal* key - check_call('cd %s; ' - '%s/tools/mkeficapsule --index 1 --monotonic-count 1 ' - '--private-key SIGNER2.key ' - '--certificate SIGNER2.crt ' - '--guid 09D7CF52-0720-4710-91D1-08469B7FE9C8 ' - 'u-boot.bin.new Test12' - % (data_dir, u_boot_config.build_dir), - shell=True) - # FIT firmware signed with proper key - check_call('cd %s; ' - '%s/tools/mkeficapsule --index 1 --monotonic-count 1 ' - '--private-key SIGNER.key --certificate SIGNER.crt ' - '--guid 3673B45D-6A7C-46F3-9E60-ADABB03F7937 ' - 'uboot_bin_env.itb Test13' - % (data_dir, u_boot_config.build_dir), - shell=True) - # FIT firmware signed with *mal* key - check_call('cd %s; ' - '%s/tools/mkeficapsule --index 1 --monotonic-count 1 ' - '--private-key SIGNER2.key ' - '--certificate SIGNER2.crt ' - '--guid 3673B45D-6A7C-46F3-9E60-ADABB03F7937 ' - 'uboot_bin_env.itb Test14' - % (data_dir, u_boot_config.build_dir), - shell=True) - # raw firmware signed with proper key with version information - check_call('cd %s; ' - '%s/tools/mkeficapsule --index 1 --monotonic-count 1 ' - '--fw-version 5 ' - '--private-key SIGNER.key --certificate SIGNER.crt ' - '--guid 09D7CF52-0720-4710-91D1-08469B7FE9C8 ' - 'u-boot.bin.new Test111' - % (data_dir, u_boot_config.build_dir), - shell=True) - # raw firmware signed with proper key with version information - check_call('cd %s; ' - '%s/tools/mkeficapsule --index 2 --monotonic-count 1 ' - '--fw-version 10 ' - '--private-key SIGNER.key --certificate SIGNER.crt ' - '--guid 5A7021F5-FEF2-48B4-AABA-832E777418C0 ' - 'u-boot.env.new Test112' - % (data_dir, u_boot_config.build_dir), - shell=True) - # raw firmware signed with proper key with lower version information - check_call('cd %s; ' - '%s/tools/mkeficapsule --index 1 --monotonic-count 1 ' - '--fw-version 2 ' - '--private-key SIGNER.key --certificate SIGNER.crt ' - '--guid 09D7CF52-0720-4710-91D1-08469B7FE9C8 ' - 'u-boot.bin.new Test113' - % (data_dir, u_boot_config.build_dir), - shell=True) - # FIT firmware signed with proper key with version information - check_call('cd %s; ' - '%s/tools/mkeficapsule --index 1 --monotonic-count 1 ' - '--fw-version 5 ' - '--private-key SIGNER.key --certificate SIGNER.crt ' - '--guid 3673B45D-6A7C-46F3-9E60-ADABB03F7937 ' - 'uboot_bin_env.itb Test114' - % (data_dir, u_boot_config.build_dir), - shell=True) - # FIT firmware signed with proper key with lower version information - check_call('cd %s; ' - '%s/tools/mkeficapsule --index 1 --monotonic-count 1 ' - '--fw-version 2 ' - '--private-key SIGNER.key --certificate SIGNER.crt ' - '--guid 3673B45D-6A7C-46F3-9E60-ADABB03F7937 ' - 'uboot_bin_env.itb Test115' - % (data_dir, u_boot_config.build_dir), - shell=True) - # Create a disk image with EFI system partition check_call('virt-make-fs --partition=gpt --size=+1M --type=vfat %s %s' % (mnt_point, image_path), shell=True) diff --git a/test/py/tests/test_efi_capsule/uboot_bin_env.its b/test/py/tests/test_efi_capsule/uboot_bin_env.its deleted file mode 100644 index fc65907481..0000000000 --- a/test/py/tests/test_efi_capsule/uboot_bin_env.its +++ /dev/null @@ -1,36 +0,0 @@ -/* - * Automatic software update for U-Boot - * Make sure the flashing addresses ('load' prop) is correct for your board! - */ - -/dts-v1/; - -/ { - description = "Automatic U-Boot environment update"; - #address-cells = <2>; - - images { - u-boot-bin { - description = "U-Boot binary on SPI Flash"; - data = /incbin/("BINFILE1"); - compression = "none"; - type = "firmware"; - arch = "sandbox"; - load = <0>; - hash-1 { - algo = "sha1"; - }; - }; - u-boot-env { - description = "U-Boot environment on SPI Flash"; - data = /incbin/("BINFILE2"); - compression = "none"; - type = "firmware"; - arch = "sandbox"; - load = <0>; - hash-1 { - algo = "sha1"; - }; - }; - }; -};