From mboxrd@z Thu Jan  1 00:00:00 1970
From: AKASHI Takahiro <takahiro.akashi@linaro.org>
Date: Wed, 25 Nov 2020 14:17:31 +0900
Subject: [PATCH v9 08/11] tools: add mkeficapsule command for UEFI
 capsule update
In-Reply-To: <9a55236d-87a8-6ef2-2142-e826e1952ff1@gmx.de>
References: <20201117002805.13902-1-takahiro.akashi@linaro.org>
 <20201117002805.13902-9-takahiro.akashi@linaro.org>
 <9a55236d-87a8-6ef2-2142-e826e1952ff1@gmx.de>
Message-ID: <20201125051731.GG8300@laputa>
List-Id: <u-boot.lists.denx.de>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
To: u-boot@lists.denx.de

Sughosh,

On Tue, Nov 24, 2020 at 09:23:50PM +0100, Heinrich Schuchardt wrote:
> On 11/17/20 1:28 AM, AKASHI Takahiro wrote:
> > This is a utility mainly for test purpose.
> >    mkeficapsule -f: create a test capsule file for FIT image firmware
> > 
> > Having said that, you will be able to customize the code to fit
> > your specific requirements for your platform.
> > 
> > Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
> > ---
> >   tools/Makefile       |   2 +
> >   tools/mkeficapsule.c | 238 +++++++++++++++++++++++++++++++++++++++++++
> >   2 files changed, 240 insertions(+)
> >   create mode 100644 tools/mkeficapsule.c
> > 
> > diff --git a/tools/Makefile b/tools/Makefile
> > index 51123fd92983..66d9376803e3 100644
> > --- a/tools/Makefile
> > +++ b/tools/Makefile
> > @@ -218,6 +218,8 @@ hostprogs-$(CONFIG_MIPS) += mips-relocs
> >   hostprogs-$(CONFIG_ASN1_COMPILER)	+= asn1_compiler
> >   HOSTCFLAGS_asn1_compiler.o = -idirafter $(srctree)/include
> > 
> > +hostprogs-$(CONFIG_EFI_HAVE_CAPSULE_SUPPORT) += mkeficapsule
> > +
> >   # We build some files with extra pedantic flags to try to minimize things
> >   # that won't build on some weird host compiler -- though there are lots of
> >   # exceptions for files that aren't complaint.
> > diff --git a/tools/mkeficapsule.c b/tools/mkeficapsule.c
> > new file mode 100644
> > index 000000000000..db95426457cc
> > --- /dev/null
> > +++ b/tools/mkeficapsule.c
> > @@ -0,0 +1,238 @@
> > +// SPDX-License-Identifier: GPL-2.0
> > +/*
> > + * Copyright 2018 Linaro Limited
> > + *		Author: AKASHI Takahiro
> > + */
> > +
> > +#include <getopt.h>
> > +#include <malloc.h>
> > +#include <stdbool.h>
> > +#include <stdio.h>
> > +#include <stdlib.h>
> > +#include <string.h>
> > +#include <linux/types.h>
> > +#include <sys/stat.h>
> > +#include <sys/types.h>
> > +
> > +typedef __u8 u8;
> > +typedef __u16 u16;
> > +typedef __u32 u32;
> > +typedef __u64 u64;
> > +typedef __s16 s16;
> > +typedef __s32 s32;
> > +
> > +#define aligned_u64 __aligned_u64
> > +
> > +#ifndef __packed
> > +#define __packed __attribute__((packed))
> > +#endif
> > +
> > +#include <efi.h>
> > +#include <efi_api.h>
> > +
> > +static const char *tool_name = "mkeficapsule";
> > +
> > +efi_guid_t efi_guid_fm_capsule = EFI_FIRMWARE_MANAGEMENT_CAPSULE_ID_GUID;
> > +efi_guid_t efi_guid_image_type_uboot_fit =
> > +		EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID;
> > +efi_guid_t efi_guid_image_type_uboot_raw =
> > +		EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID;
> > +
> > +static struct option options[] = {
> > +	{"fit", required_argument, NULL, 'f'},
> > +	{"raw", required_argument, NULL, 'r'},
> > +	{"index", required_argument, NULL, 'i'},
> > +	{"instance", required_argument, NULL, 'I'},
> > +	{"version", required_argument, NULL, 'v'},
> > +	{"help", no_argument, NULL, 'h'},
> > +	{NULL, 0, NULL, 0},
> > +};
> > +
> > +static void print_usage(void)
> > +{
> > +	printf("Usage: %s [options] <output file>\n"
> > +	       "Options:\n"
> > +	       "\t--fit <fit image>      new FIT image file\n"
> > +	       "\t--raw <raw image>      new raw image file\n"
> > +	       "\t--index <index>        update image index\n"
> > +	       "\t--instance <instance>  update hardware instance\n"
> > +	       "\t--version <version>    firmware version\n"
> > +	       "\t--help                 print a help message\n",
> > +	       tool_name);
> > +}
> > +
> > +static int create_fwbin(char *path, char *bin, efi_guid_t *guid,
> > +			unsigned long version, unsigned long index,
> > +			unsigned long instance)
> > +{
> > +	struct efi_capsule_header header;
> > +	struct efi_firmware_management_capsule_header capsule;
> > +	struct efi_firmware_management_capsule_image_header image;
> > +	FILE *f, *g;
> > +	struct stat bin_stat;
> > +	u8 *data;
> > +	size_t size;
> > +
> > +#ifdef DEBUG
> > +	printf("For output: %s\n", path);
> > +	printf("\tbin: %s\n\ttype: %pUl\n" bin, guid);
> > +	printf("\tversion: %ld\n\tindex: %ld\n\tinstance: %ld\n",
> > +	       version, index, instance);
> > +#endif
> > +
> > +	g = fopen(bin, "r");
> > +	if (!g) {
> > +		printf("cannot open %s\n", bin);
> > +		return -1;
> > +	}
> > +	if (stat(bin, &bin_stat) < 0) {
> > +		printf("cannot determine the size of %s\n", bin);
> > +		goto err_1;
> > +	}
> > +	data = malloc(bin_stat.st_size);
> > +	if (!data) {
> > +		printf("cannot allocate memory: %lx\n", bin_stat.st_size);
> > +		goto err_1;
> > +	}
> > +	f = fopen(path, "w");
> > +	if (!f) {
> > +		printf("cannot open %s\n", path);
> > +		goto err_2;
> > +	}
> > +	header.capsule_guid = efi_guid_fm_capsule;
> > +	header.header_size = sizeof(header);
> > +	header.flags = CAPSULE_FLAGS_PERSIST_ACROSS_RESET; /* TODO */
> > +	header.capsule_image_size = sizeof(header)
> > +					+ sizeof(capsule) + sizeof(u64)
> > +					+ sizeof(image)
> > +					+ bin_stat.st_size;
> > +
> > +	size = fwrite(&header, 1, sizeof(header), f);
> > +	if (size < sizeof(header)) {
> > +		printf("write failed (%lx)\n", size);
> > +		goto err_3;
> > +	}
> > +
> > +	capsule.version = 0x00000001;
> > +	capsule.embedded_driver_count = 0;
> > +	capsule.payload_item_count = 1;
> > +	capsule.item_offset_list[0] = sizeof(capsule) + sizeof(u64);
> 
> With the complete series applied, building sandbox_defconfig:
> 
> tools/mkeficapsule.c: In function ?main?:
> tools/mkeficapsule.c:120:26: warning: array subscript 0 is outside array
> bounds of ?u64[]? {aka ?long long unsigned int[]?} [-Warray-bounds]
>   120 |  capsule.item_offset_list[0] = sizeof(capsule) + sizeof(u64);
>       |  ~~~~~~~~~~~~~~~~~~~~~~~~^~~
> 
> Please, ensure that the code compiles without warnings.
> 
> I have been using GCC 10.2 as supplied by Debian Bullseye on an ARM64
> system.
> 
> Best regards
> 
> Heinrich
> 
> > +	size = fwrite(&capsule, 1, sizeof(capsule) + sizeof(u64), f);
> > +	if (size < (sizeof(capsule) + sizeof(u64))) {
> > +		printf("write failed (%lx)\n", size);
> > +		goto err_3;
> > +	}
> > +
> > +	image.version = version;

After some cleanup works, I found that the version was wrongly
set here. The value of 'version' in this structure must be the
one of this structure's layout, not the one for firmware itself.
So I decided to remove "--version" option from the command.
(Note U-Boot has no notion of "firmware version" anyway.)

I hope that this change won't hinder your effort in extending
this command for capsule authentication.

Thanks,
-Takahiro Akashi



> > +	memcpy(&image.update_image_type_id, guid, sizeof(*guid));
> > +	image.update_image_index = index;
> > +	image.update_image_size = bin_stat.st_size;
> > +	image.update_vendor_code_size = 0; /* none */
> > +	image.update_hardware_instance = instance;
> > +	image.image_capsule_support = 0;
> > +
> > +	size = fwrite(&image, 1, sizeof(image), f);
> > +	if (size < sizeof(image)) {
> > +		printf("write failed (%lx)\n", size);
> > +		goto err_3;
> > +	}
> > +	size = fread(data, 1, bin_stat.st_size, g);
> > +	if (size < bin_stat.st_size) {
> > +		printf("read failed (%lx)\n", size);
> > +		goto err_3;
> > +	}
> > +	size = fwrite(data, 1, bin_stat.st_size, f);
> > +	if (size < bin_stat.st_size) {
> > +		printf("write failed (%lx)\n", size);
> > +		goto err_3;
> > +	}
> > +
> > +	fclose(f);
> > +	fclose(g);
> > +	free(data);
> > +
> > +	return 0;
> > +
> > +err_3:
> > +	fclose(f);
> > +err_2:
> > +	free(data);
> > +err_1:
> > +	fclose(g);
> > +
> > +	return -1;
> > +}
> > +
> > +/*
> > + * Usage:
> > + *   $ mkeficapsule -f <firmware binary> <output file>
> > + */
> > +int main(int argc, char **argv)
> > +{
> > +	char *file;
> > +	efi_guid_t *guid;
> > +	unsigned long index, instance, version;
> > +	int c, idx;
> > +
> > +	file = NULL;
> > +	guid = NULL;
> > +	index = 0;
> > +	instance = 0;
> > +	version = 0;
> > +	for (;;) {
> > +		c = getopt_long(argc, argv, "f:r:i:I:v:h", options, &idx);
> > +		if (c == -1)
> > +			break;
> > +
> > +		switch (c) {
> > +		case 'f':
> > +			if (file) {
> > +				printf("Image already specified\n");
> > +				return -1;
> > +			}
> > +			file = optarg;
> > +			guid = &efi_guid_image_type_uboot_fit;
> > +			break;
> > +		case 'r':
> > +			if (file) {
> > +				printf("Image already specified\n");
> > +				return -1;
> > +			}
> > +			file = optarg;
> > +			guid = &efi_guid_image_type_uboot_raw;
> > +			break;
> > +		case 'i':
> > +			index = strtoul(optarg, NULL, 0);
> > +			break;
> > +		case 'I':
> > +			instance = strtoul(optarg, NULL, 0);
> > +			break;
> > +		case 'v':
> > +			version = strtoul(optarg, NULL, 0);
> > +			break;
> > +		case 'h':
> > +			print_usage();
> > +			return 0;
> > +		}
> > +	}
> > +
> > +	/* need a output file */
> > +	if (argc != optind + 1) {
> > +		print_usage();
> > +		return -1;
> > +	}
> > +
> > +	/* need a fit image file or raw image file */
> > +	if (!file) {
> > +		print_usage();
> > +		return -1;
> > +	}
> > +
> > +	if (create_fwbin(argv[optind], file, guid, version, index, instance)
> > +			< 0) {
> > +		printf("Creating firmware capsule failed\n");
> > +		return -1;
> > +	}
> > +
> > +	return 0;
> > +}
> > 
>