From: Ilias Apalodimas <ilias.apalodimas@linaro.org>
To: Sughosh Ganu <sughosh.ganu@linaro.org>
Cc: u-boot@lists.denx.de, Heinrich Schuchardt <xypron.glpk@gmx.de>,
Takahiro Akashi <takahiro.akashi@linaro.org>,
Patrick Delaunay <patrick.delaunay@foss.st.com>,
Patrice Chotard <patrice.chotard@foss.st.com>,
Simon Glass <sjg@chromium.org>, Bin Meng <bmeng.cn@gmail.com>,
Tom Rini <trini@konsulko.com>,
Etienne Carriere <etienne.carriere@linaro.org>,
Michal Simek <monstr@monstr.eu>,
Jassi Brar <jaswinder.singh@linaro.org>
Subject: Re: [PATCH v7 12/13] mkeficapsule: Add support for setting OEM flags in capsule header
Date: Fri, 15 Jul 2022 19:40:47 +0300 [thread overview]
Message-ID: <CAC_iWjL4zLoKKB4E5kBxxDPDp9gt7uwrLcvsqw9tR1QgXFJ=kQ@mail.gmail.com> (raw)
In-Reply-To: <20220714183913.118505-13-sughosh.ganu@linaro.org>
Hi Sughosh,
On Thu, 14 Jul 2022 at 21:40, Sughosh Ganu <sughosh.ganu@linaro.org> wrote:
>
> Add support for setting OEM flags in the capsule header. As per the
> UEFI specification, bits 0-15 of the flags member of the capsule
> header can be defined per capsule GUID.
>
> The oemflags will be used for the FWU Multi Bank update feature, as
> specified by the Dependable Boot specification[1]. Bit
> 15 of the flags member will be used to determine if the
> acceptance/rejection of the updated images is to be done by the
> firmware or an external component like the OS.
Have we documented bit15 in the documentation? If not please add it.
>
> [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf
>
> Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
> ---
> Changes since V6: None
>
> doc/mkeficapsule.1 | 4 ++++
> tools/mkeficapsule.c | 17 ++++++++++++++---
> 2 files changed, 18 insertions(+), 3 deletions(-)
>
> diff --git a/doc/mkeficapsule.1 b/doc/mkeficapsule.1
> index 77ca061efd..6fb2dd0810 100644
> --- a/doc/mkeficapsule.1
> +++ b/doc/mkeficapsule.1
> @@ -72,6 +72,10 @@ Generate a firmware acceptance empty capsule
> .BI "-R\fR,\fB --fw-revert "
> Generate a firmware revert empty capsule
>
> +.TP
> +.BI "-o\fR,\fB --capoemflag "
> +Capsule OEM flag, value between 0x0000 to 0xffff
> +
> .TP
> .BR -h ", " --help
> Print a help message
> diff --git a/tools/mkeficapsule.c b/tools/mkeficapsule.c
> index 244c80e1f7..237c1218fd 100644
> --- a/tools/mkeficapsule.c
> +++ b/tools/mkeficapsule.c
> @@ -29,7 +29,7 @@ static const char *tool_name = "mkeficapsule";
> efi_guid_t efi_guid_fm_capsule = EFI_FIRMWARE_MANAGEMENT_CAPSULE_ID_GUID;
> efi_guid_t efi_guid_cert_type_pkcs7 = EFI_CERT_TYPE_PKCS7_GUID;
>
> -static const char *opts_short = "g:i:I:v:p:c:m:dhAR";
> +static const char *opts_short = "g:i:I:v:p:c:m:o:dhAR";
>
> enum {
> CAPSULE_NORMAL_BLOB = 0,
> @@ -47,6 +47,7 @@ static struct option options[] = {
> {"dump-sig", no_argument, NULL, 'd'},
> {"fw-accept", no_argument, NULL, 'A'},
> {"fw-revert", no_argument, NULL, 'R'},
> + {"capoemflag", required_argument, NULL, 'o'},
> {"help", no_argument, NULL, 'h'},
> {NULL, 0, NULL, 0},
> };
> @@ -65,6 +66,7 @@ static void print_usage(void)
> "\t-d, --dump_sig dump signature (*.p7)\n"
> "\t-A, --fw-accept firmware accept capsule, requires GUID, no image blob\n"
> "\t-R, --fw-revert firmware revert capsule, takes no GUID, no image blob\n"
> + "\t-o, --capoemflag Capsule OEM Flag, an integer between 0x0000 and 0xffff\n"
> "\t-h, --help print a help message\n",
> tool_name);
> }
> @@ -387,6 +389,7 @@ static void free_sig_data(struct auth_context *ctx)
> * @mcount: Monotonic count in authentication information
> * @private_file: Path to a private key file
> * @cert_file: Path to a certificate file
> + * @oemflags: Capsule OEM Flags, bits 0-15
> *
> * This function actually does the job of creating an uefi capsule file.
> * All the arguments must be supplied.
> @@ -399,7 +402,8 @@ static void free_sig_data(struct auth_context *ctx)
> */
> static int create_fwbin(char *path, char *bin, efi_guid_t *guid,
> unsigned long index, unsigned long instance,
> - uint64_t mcount, char *privkey_file, char *cert_file)
> + uint64_t mcount, char *privkey_file, char *cert_file,
> + uint16_t oemflags)
> {
> struct efi_capsule_header header;
> struct efi_firmware_management_capsule_header capsule;
> @@ -464,6 +468,8 @@ static int create_fwbin(char *path, char *bin, efi_guid_t *guid,
> header.header_size = sizeof(header);
> /* TODO: The current implementation ignores flags */
> header.flags = CAPSULE_FLAGS_PERSIST_ACROSS_RESET;
> + if (oemflags)
> + header.flags |= oemflags;
> header.capsule_image_size = sizeof(header)
> + sizeof(capsule) + sizeof(uint64_t)
> + sizeof(image)
> @@ -635,6 +641,7 @@ int main(int argc, char **argv)
> unsigned char uuid_buf[16];
> unsigned long index, instance;
> uint64_t mcount;
> + uint16_t oemflags;
> char *privkey_file, *cert_file;
> int c, idx;
>
> @@ -646,6 +653,7 @@ int main(int argc, char **argv)
> cert_file = NULL;
> dump_sig = 0;
> capsule_type = CAPSULE_NORMAL_BLOB;
> + oemflags = 0;
> for (;;) {
> c = getopt_long(argc, argv, opts_short, options, &idx);
> if (c == -1)
> @@ -699,6 +707,9 @@ int main(int argc, char **argv)
> case 'R':
> capsule_type |= CAPSULE_REVERT;
> break;
> + case 'o':
> + oemflags = strtoul(optarg, NULL, 0);
> + break;
> default:
> print_usage();
> exit(EXIT_SUCCESS);
> @@ -732,7 +743,7 @@ int main(int argc, char **argv)
> }
> } else if (create_fwbin(argv[argc - 1], argv[argc - 2], guid,
> index, instance, mcount, privkey_file,
> - cert_file) < 0) {
> + cert_file, oemflags) < 0) {
> fprintf(stderr, "Creating firmware capsule failed\n");
> exit(EXIT_FAILURE);
> }
> --
> 2.34.1
>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
next prev parent reply other threads:[~2022-07-15 16:41 UTC|newest]
Thread overview: 51+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-07-14 18:39 [PATCH v7 00/13] FWU: Add FWU Multi Bank Update feature support Sughosh Ganu
2022-07-14 18:39 ` [PATCH v7 01/13] dt/bindings: Add bindings for FWU Metadata storage device Sughosh Ganu
2022-07-15 6:05 ` Heinrich Schuchardt
2022-07-16 21:13 ` Jassi Brar
2022-07-18 5:32 ` Sughosh Ganu
2022-07-14 18:39 ` [PATCH v7 02/13] FWU: Add FWU metadata structure and driver for accessing metadata Sughosh Ganu
2022-07-15 10:13 ` Ilias Apalodimas
2022-07-14 18:39 ` [PATCH v7 03/13] FWU: Add FWU metadata access driver for GPT partitioned block devices Sughosh Ganu
2022-07-14 18:39 ` [PATCH v7 04/13] stm32mp1: dk2: Add a node for the FWU metadata device Sughosh Ganu
2022-07-15 6:17 ` Ilias Apalodimas
2022-07-14 18:39 ` [PATCH v7 05/13] stm32mp1: dk2: Add image information for capsule updates Sughosh Ganu
2022-07-15 6:35 ` Ilias Apalodimas
2022-07-14 18:39 ` [PATCH v7 06/13] FWU: stm32mp1: Add helper functions for accessing FWU metadata Sughosh Ganu
2022-07-15 7:52 ` Ilias Apalodimas
2022-07-22 3:39 ` Jassi Brar
2022-07-22 16:08 ` Sughosh Ganu
2022-07-14 18:39 ` [PATCH v7 07/13] FWU: STM32MP1: Add support to read boot index from backup register Sughosh Ganu
2022-07-15 6:17 ` Ilias Apalodimas
2022-07-14 18:39 ` [PATCH v7 08/13] FWU: Add boot time checks as highlighted by the FWU specification Sughosh Ganu
2022-07-15 7:02 ` Ilias Apalodimas
2022-07-20 7:35 ` Ilias Apalodimas
2022-07-27 11:04 ` Sughosh Ganu
2022-07-14 18:39 ` [PATCH v7 09/13] FWU: Add support for the FWU Multi Bank Update feature Sughosh Ganu
2022-07-15 11:58 ` Ilias Apalodimas
2022-07-14 18:39 ` [PATCH v7 10/13] FWU: cmd: Add a command to read FWU metadata Sughosh Ganu
2022-07-15 10:23 ` Ilias Apalodimas
2022-07-14 18:39 ` [PATCH v7 11/13] mkeficapsule: Add support for generating empty capsules Sughosh Ganu
2022-07-15 13:52 ` Ilias Apalodimas
2022-07-14 18:39 ` [PATCH v7 12/13] mkeficapsule: Add support for setting OEM flags in capsule header Sughosh Ganu
2022-07-15 16:40 ` Ilias Apalodimas [this message]
2022-07-18 5:35 ` Sughosh Ganu
2022-07-14 18:39 ` [PATCH v7 13/13] FWU: doc: Add documentation for the FWU feature Sughosh Ganu
2022-07-15 14:25 ` Heinrich Schuchardt
2022-07-22 17:42 ` [PATCH 0/5] FWU: Add support for mtd backed feature on DeveloperBox jassisinghbrar
2022-07-22 17:43 ` jassisinghbrar
2022-07-22 17:43 ` [PATCH 1/5] dt/bindings: Add bindings for FWU Metadata mtd storage jassisinghbrar
2022-07-25 7:04 ` Sughosh Ganu
2022-07-22 17:43 ` [PATCH 2/5] FWU: Add FWU metadata access driver for MTD storage regions jassisinghbrar
2022-09-01 6:45 ` Heinrich Schuchardt
2022-07-22 17:43 ` [PATCH 3/5] FWU: mtd: Add helper functions for accessing FWU metadata jassisinghbrar
2022-09-01 7:01 ` Heinrich Schuchardt
2022-07-22 17:43 ` [PATCH 4/5] dt: fwu: developerbox: enable fwu banks and mdata regions jassisinghbrar
2022-07-22 17:43 ` [PATCH 5/5] fwu: DeveloperBox: add support for FWU jassisinghbrar
2022-09-01 7:07 ` Heinrich Schuchardt
2022-09-01 7:22 ` Heinrich Schuchardt
2022-09-26 18:10 ` Jassi Brar
2022-07-25 7:18 ` [PATCH 0/5] FWU: Add support for mtd backed feature on DeveloperBox Sughosh Ganu
2022-07-25 13:31 ` Jassi Brar
2022-08-21 6:56 ` Heinrich Schuchardt
2022-08-21 7:16 ` Heinrich Schuchardt
2022-08-22 4:45 ` Sughosh Ganu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAC_iWjL4zLoKKB4E5kBxxDPDp9gt7uwrLcvsqw9tR1QgXFJ=kQ@mail.gmail.com' \
--to=ilias.apalodimas@linaro.org \
--cc=bmeng.cn@gmail.com \
--cc=etienne.carriere@linaro.org \
--cc=jaswinder.singh@linaro.org \
--cc=monstr@monstr.eu \
--cc=patrice.chotard@foss.st.com \
--cc=patrick.delaunay@foss.st.com \
--cc=sjg@chromium.org \
--cc=sughosh.ganu@linaro.org \
--cc=takahiro.akashi@linaro.org \
--cc=trini@konsulko.com \
--cc=u-boot@lists.denx.de \
--cc=xypron.glpk@gmx.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).