From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <u-boot-bounces@lists.denx.de>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from phobos.denx.de (phobos.denx.de [85.214.62.61])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.lore.kernel.org (Postfix) with ESMTPS id 05A79C6FA82
	for <u-boot@archiver.kernel.org>; Thu, 22 Sep 2022 13:26:47 +0000 (UTC)
Received: from h2850616.stratoserver.net (localhost [IPv6:::1])
	by phobos.denx.de (Postfix) with ESMTP id 7443984CB6;
	Thu, 22 Sep 2022 15:26:45 +0200 (CEST)
Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org
Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de
Authentication-Results: phobos.denx.de;
	dkim=pass (2048-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="A+ajlU6n";
	dkim-atps=neutral
Received: by phobos.denx.de (Postfix, from userid 109)
 id D987084CBF; Thu, 22 Sep 2022 15:26:43 +0200 (CEST)
Received: from mail-wr1-x432.google.com (mail-wr1-x432.google.com
 [IPv6:2a00:1450:4864:20::432])
 (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits))
 (No client certificate requested)
 by phobos.denx.de (Postfix) with ESMTPS id 0181B84C17
 for <u-boot@lists.denx.de>; Thu, 22 Sep 2022 15:26:41 +0200 (CEST)
Authentication-Results: phobos.denx.de;
 dmarc=pass (p=none dis=none) header.from=linaro.org
Authentication-Results: phobos.denx.de;
 spf=pass smtp.mailfrom=ilias.apalodimas@linaro.org
Received: by mail-wr1-x432.google.com with SMTP id bq9so15579501wrb.4
 for <u-boot@lists.denx.de>; Thu, 22 Sep 2022 06:26:40 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google;
 h=in-reply-to:content-disposition:mime-version:references:message-id
 :subject:cc:to:from:date:from:to:cc:subject:date;
 bh=KeMQ12A6C3rwj87xr2qLZ6BjzQ8P5H+mVMdu2zw+KMI=;
 b=A+ajlU6nTd/qIa7gWUZ2d8dqAXqAMzWXDPb7NttEMJV/6wqPYEAcHAllXl4AkY92Hl
 uZh4YKk9kYgl09Y4r8okmT5gyzBUyIomHwF+GZPXG9tE3aKR7IC64gfo6/FAA8cpvxPn
 kJA9gqtClaT7tyJBXbZmbbSIt0g0/zRlNH3wsKzSw7RhK/uCPsu7bEJR5cXz74tWUty4
 EECM8TO8ZrO7xlLHk1cVPwuTlhnRdV6tYfyW5c4kEpQnabGpzI5nB8huTCB15rgTsNmI
 ZK2UfpFEtDl5oFZdWg9xKKJvWQxqJ2l7DDvaTj3tL4t8hGd9QEHxU347JKZ05JPwk3MA
 83Rw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20210112;
 h=in-reply-to:content-disposition:mime-version:references:message-id
 :subject:cc:to:from:date:x-gm-message-state:from:to:cc:subject:date;
 bh=KeMQ12A6C3rwj87xr2qLZ6BjzQ8P5H+mVMdu2zw+KMI=;
 b=RGEOSWi1i8a7/OtSH6LynU3cyRhQABEt6MKSGFqD7yyYm0xGv/OkR72VRmV7S28npB
 FDOYvWaLULj7m0S4pSpH84E38/n0Hpku6AmgEGTMSPgofj7i6bYHZyhBiIJDcg0w4KJ1
 /D610TKL1YkV0voai+vR+mNkNSVWl3OpeiZUX+reDpubGbcfhGN+eDxFiZpkf+JsNmhP
 UEtsIhH6IN9/j9Ofe0b2yNhvrfbEJv3gVuAHovrdN4/Gue+Bj/38O1oj65ED4zyTQw9d
 iuB9R+pgnsZKv0ANCx/CA0QrLY3QfFnznyENkmSw2I39lo+QOiSjIzinqYNGpvxssaFr
 uhcA==
X-Gm-Message-State: ACrzQf2XOhYcRnE34i7MfpNfP/ysLZ0UpRhyPwujADPp7fS+mCZHvb0E
 Vn9EIo3QCY064N7HRHKJU5ai6A==
X-Google-Smtp-Source: AMsMyM5D/0SXIyYXRt/eECyiX4O/wuvCH7Cx6TclaZyV0KyGNCXBO/ijdU1XO++D+NcTUVnmk+0DmA==
X-Received: by 2002:a05:6000:1808:b0:22b:1942:4bc1 with SMTP id
 m8-20020a056000180800b0022b19424bc1mr2033415wrh.682.1663853200500; 
 Thu, 22 Sep 2022 06:26:40 -0700 (PDT)
Received: from hades ([46.103.15.185]) by smtp.gmail.com with ESMTPSA id
 g14-20020a05600c4ece00b003b477532e66sm10386584wmq.2.2022.09.22.06.26.38
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Thu, 22 Sep 2022 06:26:39 -0700 (PDT)
Date: Thu, 22 Sep 2022 16:26:37 +0300
From: Ilias Apalodimas <ilias.apalodimas@linaro.org>
To: Sughosh Ganu <sughosh.ganu@linaro.org>
Cc: u-boot@lists.denx.de, Heinrich Schuchardt <xypron.glpk@gmx.de>,
 Takahiro Akashi <takahiro.akashi@linaro.org>,
 Patrick Delaunay <patrick.delaunay@foss.st.com>,
 Patrice Chotard <patrice.chotard@foss.st.com>,
 Simon Glass <sjg@chromium.org>, Bin Meng <bmeng.cn@gmail.com>,
 Tom Rini <trini@konsulko.com>,
 Etienne Carriere <etienne.carriere@linaro.org>,
 Michal Simek <monstr@monstr.eu>, Jassi Brar <jaswinder.singh@linaro.org>
Subject: Re: [PATCH v9 13/15] mkeficapsule: Add support for generating empty
 capsules
Message-ID: <YyxijWbDxV2Zn5Hy@hades>
References: <20220826095716.1676150-1-sughosh.ganu@linaro.org>
 <20220826095716.1676150-14-sughosh.ganu@linaro.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20220826095716.1676150-14-sughosh.ganu@linaro.org>
X-BeenThere: u-boot@lists.denx.de
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: U-Boot discussion <u-boot.lists.denx.de>
List-Unsubscribe: <https://lists.denx.de/options/u-boot>,
 <mailto:u-boot-request@lists.denx.de?subject=unsubscribe>
List-Archive: <https://lists.denx.de/pipermail/u-boot/>
List-Post: <mailto:u-boot@lists.denx.de>
List-Help: <mailto:u-boot-request@lists.denx.de?subject=help>
List-Subscribe: <https://lists.denx.de/listinfo/u-boot>,
 <mailto:u-boot-request@lists.denx.de?subject=subscribe>
Errors-To: u-boot-bounces@lists.denx.de
Sender: "U-Boot" <u-boot-bounces@lists.denx.de>
X-Virus-Scanned: clamav-milter 0.103.6 at phobos.denx.de
X-Virus-Status: Clean

On Fri, Aug 26, 2022 at 03:27:14PM +0530, Sughosh Ganu wrote:
> The Dependable Boot specification[1] describes the structure of the
> firmware accept and revert capsules. These are empty capsules which
> are used for signalling the acceptance or rejection of the updated
> firmware by the OS. Add support for generating these empty capsules.
> 
> [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf
> 
> Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
> ---
> Changes since V8: None
> 
>  doc/mkeficapsule.1   | 29 +++++++++----
>  tools/eficapsule.h   |  8 ++++
>  tools/mkeficapsule.c | 96 ++++++++++++++++++++++++++++++++++++++++----
>  3 files changed, 119 insertions(+), 14 deletions(-)
> 
> diff --git a/doc/mkeficapsule.1 b/doc/mkeficapsule.1
> index 09bdc24295..77ca061efd 100644
> --- a/doc/mkeficapsule.1
> +++ b/doc/mkeficapsule.1
> @@ -8,7 +8,7 @@ mkeficapsule \- Generate EFI capsule file for U-Boot
>  
>  .SH SYNOPSIS
>  .B mkeficapsule
> -.RI [ options "] " image-blob " " capsule-file
> +.RI [ options ] " " [ image-blob ] " " capsule-file
>  
>  .SH "DESCRIPTION"
>  .B mkeficapsule
> @@ -23,8 +23,13 @@ Optionally, a capsule file can be signed with a given private key.
>  In this case, the update will be authenticated by verifying the signature
>  before applying.
>  
> +Additionally, an empty capsule file can be generated for acceptance or
> +rejection of firmware images by a governing component like an Operating
> +System. The empty capsules do not require an image-blob input file.
> +
> +
>  .B mkeficapsule
> -takes any type of image files, including:
> +takes any type of image files when generating non empty capsules, including:
>  .TP
>  .I raw image
>  format is a single binary blob of any type of firmware.
> @@ -36,18 +41,16 @@ multiple binary blobs in a single capsule file.
>  This type of image file can be generated by
>  .BR mkimage .
>  
> -.PP
> -If you want to use other types than above two, you should explicitly
> -specify a guid for the FMP driver.
> -
>  .SH "OPTIONS"
> +
>  .TP
>  .BI "-g\fR,\fB --guid " guid-string
>  Specify guid for image blob type. The format is:
>      xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
>  
>  The first three elements are in little endian, while the rest
> -is in big endian.
> +is in big endian. The option must be specified for all non empty and
> +image acceptance capsules
>  
>  .TP
>  .BI "-i\fR,\fB --index " index
> @@ -57,6 +60,18 @@ Specify an image index
>  .BI "-I\fR,\fB --instance " instance
>  Specify a hardware instance
>  
> +.PP
> +For generation of firmware accept empty capsule
> +.BR --guid
> +is mandatory
> +.TP
> +.BI "-A\fR,\fB --fw-accept "
> +Generate a firmware acceptance empty capsule
> +
> +.TP
> +.BI "-R\fR,\fB --fw-revert "
> +Generate a firmware revert empty capsule
> +
>  .TP
>  .BR -h ", " --help
>  Print a help message
> diff --git a/tools/eficapsule.h b/tools/eficapsule.h
> index d63b831443..072a4b5598 100644
> --- a/tools/eficapsule.h
> +++ b/tools/eficapsule.h
> @@ -41,6 +41,14 @@ typedef struct {
>  	EFI_GUID(0x4aafd29d, 0x68df, 0x49ee, 0x8a, 0xa9, \
>  		 0x34, 0x7d, 0x37, 0x56, 0x65, 0xa7)
>  
> +#define FW_ACCEPT_OS_GUID \
> +	EFI_GUID(0x0c996046, 0xbcc0, 0x4d04, 0x85, 0xec, \
> +		 0xe1, 0xfc, 0xed, 0xf1, 0xc6, 0xf8)
> +
> +#define FW_REVERT_OS_GUID \
> +	EFI_GUID(0xacd58b4b, 0xc0e8, 0x475f, 0x99, 0xb5, \
> +		 0x6b, 0x3f, 0x7e, 0x07, 0xaa, 0xf0)
> +
>  /* flags */
>  #define CAPSULE_FLAGS_PERSIST_ACROSS_RESET      0x00010000
>  
> diff --git a/tools/mkeficapsule.c b/tools/mkeficapsule.c
> index 5f74d23b9e..25bfb39e5b 100644
> --- a/tools/mkeficapsule.c
> +++ b/tools/mkeficapsule.c
> @@ -29,7 +29,13 @@ static const char *tool_name = "mkeficapsule";
>  efi_guid_t efi_guid_fm_capsule = EFI_FIRMWARE_MANAGEMENT_CAPSULE_ID_GUID;
>  efi_guid_t efi_guid_cert_type_pkcs7 = EFI_CERT_TYPE_PKCS7_GUID;
>  
> -static const char *opts_short = "g:i:I:v:p:c:m:dh";
> +static const char *opts_short = "g:i:I:v:p:c:m:dhAR";
> +
> +enum {
> +	CAPSULE_NORMAL_BLOB = 0,
> +	CAPSULE_ACCEPT,
> +	CAPSULE_REVERT,
> +} capsule_type;
>  
>  static struct option options[] = {
>  	{"guid", required_argument, NULL, 'g'},
> @@ -39,6 +45,8 @@ static struct option options[] = {
>  	{"certificate", required_argument, NULL, 'c'},
>  	{"monotonic-count", required_argument, NULL, 'm'},
>  	{"dump-sig", no_argument, NULL, 'd'},
> +	{"fw-accept", no_argument, NULL, 'A'},
> +	{"fw-revert", no_argument, NULL, 'R'},
>  	{"help", no_argument, NULL, 'h'},
>  	{NULL, 0, NULL, 0},
>  };
> @@ -55,6 +63,8 @@ static void print_usage(void)
>  		"\t-c, --certificate <cert file>     signer's certificate file\n"
>  		"\t-m, --monotonic-count <count>     monotonic count\n"
>  		"\t-d, --dump_sig              dump signature (*.p7)\n"
> +		"\t-A, --fw-accept  firmware accept capsule, requires GUID, no image blob\n"
> +		"\t-R, --fw-revert  firmware revert capsule, takes no GUID, no image blob\n"
>  		"\t-h, --help                  print a help message\n",
>  		tool_name);
>  }
> @@ -564,6 +574,49 @@ void convert_uuid_to_guid(unsigned char *buf)
>  	buf[7] = c;
>  }
>  
> +static int create_empty_capsule(char *path, efi_guid_t *guid, bool fw_accept)
> +{
> +	struct efi_capsule_header header = { 0 };
> +	FILE *f = NULL;
> +	int ret = -1;
> +	efi_guid_t fw_accept_guid = FW_ACCEPT_OS_GUID;
> +	efi_guid_t fw_revert_guid = FW_REVERT_OS_GUID;
> +	efi_guid_t capsule_guid;
> +
> +	f = fopen(path, "w");
> +	if (!f) {
> +		fprintf(stderr, "cannot open %s\n", path);
> +		goto err;
> +	}
> +
> +	capsule_guid = fw_accept ? fw_accept_guid : fw_revert_guid;
> +
> +	memcpy(&header.capsule_guid, &capsule_guid, sizeof(efi_guid_t));
> +	header.header_size = sizeof(header);
> +	header.flags = 0;
> +
> +	header.capsule_image_size = fw_accept ?
> +		sizeof(header) + sizeof(efi_guid_t) : sizeof(header);
> +
> +	if (write_capsule_file(f, &header, sizeof(header),
> +			       "Capsule header"))
> +		goto err;
> +
> +	if (fw_accept) {
> +		if (write_capsule_file(f, guid, sizeof(*guid),
> +				       "FW Accept Capsule Payload"))
> +			goto err;
> +	}
> +
> +	ret = 0;
> +
> +err:
> +	if (f)
> +		fclose(f);
> +
> +	return ret;
> +}
> +
>  /**
>   * main - main entry function of mkeficapsule
>   * @argc:	Number of arguments
> @@ -592,6 +645,7 @@ int main(int argc, char **argv)
>  	privkey_file = NULL;
>  	cert_file = NULL;
>  	dump_sig = 0;
> +	capsule_type = CAPSULE_NORMAL_BLOB;
>  	for (;;) {
>  		c = getopt_long(argc, argv, opts_short, options, &idx);
>  		if (c == -1)
> @@ -639,22 +693,50 @@ int main(int argc, char **argv)
>  		case 'd':
>  			dump_sig = 1;
>  			break;
> -		case 'h':
> +		case 'A':
> +			if (capsule_type) {
> +				fprintf(stderr,
> +					"Select either of Accept or Revert capsule generation\n");
> +				exit(1);
> +			}
> +			capsule_type = CAPSULE_ACCEPT;
> +			break;
> +		case 'R':
> +			if (capsule_type) {
> +				fprintf(stderr,
> +					"Select either of Accept or Revert capsule generation\n");
> +				exit(1);
> +			}
> +			capsule_type = CAPSULE_REVERT;
> +			break;
> +		default:
>  			print_usage();
>  			exit(EXIT_SUCCESS);
>  		}
>  	}
>  
>  	/* check necessary parameters */
> -	if ((argc != optind + 2) || !guid ||
> -	    ((privkey_file && !cert_file) ||
> -	     (!privkey_file && cert_file))) {
> +	if ((capsule_type == CAPSULE_NORMAL_BLOB &&
> +	    ((argc != optind + 2) || !guid ||
> +	     ((privkey_file && !cert_file) ||
> +	      (!privkey_file && cert_file)))) ||
> +	    (capsule_type != CAPSULE_NORMAL_BLOB &&
> +	    ((argc != optind + 1) ||
> +	     ((capsule_type == CAPSULE_ACCEPT) && !guid) ||
> +	     ((capsule_type == CAPSULE_REVERT) && guid)))) {
>  		print_usage();
>  		exit(EXIT_FAILURE);
>  	}
>  
> -	if (create_fwbin(argv[argc - 1], argv[argc - 2], guid, index, instance,
> -			 mcount, privkey_file, cert_file) < 0) {
> +	if (capsule_type != CAPSULE_NORMAL_BLOB) {
> +		if (create_empty_capsule(argv[argc - 1], guid,
> +					 capsule_type == CAPSULE_ACCEPT) < 0) {
> +			fprintf(stderr, "Creating empty capsule failed\n");
> +			exit(EXIT_FAILURE);
> +		}
> +	} else 	if (create_fwbin(argv[argc - 1], argv[argc - 2], guid,
> +				 index, instance, mcount, privkey_file,
> +				 cert_file) < 0) {
>  		fprintf(stderr, "Creating firmware capsule failed\n");
>  		exit(EXIT_FAILURE);
>  	}
> -- 
> 2.34.1
> 
Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>