[PATCH v7 00/17] efi_loader: add capsule update support

Heinrich Schuchardt xypron.glpk at gmx.de
Fri Oct 30 08:59:03 CET 2020


On 10/30/20 8:54 AM, Heinrich Schuchardt wrote:
> On 10/29/20 5:47 AM, AKASHI Takahiro wrote:
>> Summary
>> =======
>> 'UpdateCapsule' is one of runtime services defined in UEFI specification
>> and its aim is to allow a caller (OS) to pass information to the
>> firmware,
>> i.e. U-Boot. This is mostly used to update firmware binary on devices by
>> instructions from OS.
>>
>> While 'UpdateCapsule' is a runtime services function, it is, at least
>> initially, supported only before exiting boot services alike other
>> runtime
>> functions, [Get/]SetVariable. This is because modifying storage which may
>> be shared with OS must be carefully designed and there is no general
>> assumption that we can do it.
>>
>> Therefore, we practically support only "capsule on disk"; any capsule can
>> be handed over to UEFI subsystem as a file on a specific file system.
>>
>> In this patch series, all the related definitions and structures are
>> given
>> as UEFI specification describes, and basic framework for capsule support
>> is provided. Currently supported is
>>   * firmware update (Firmware Management Protocol or simply FMP)
>>
>> Most of functionality of firmware update is provided by FMP driver and
>> it can be, by nature, system/platform-specific. So you can and should
>> implement your own FMP driver(s) based on your system requirements.
>> Under the current implementation, we provide two basic but generic
>> drivers with two formats:
>>    * FIT image format (as used in TFTP update and dfu)
>>    * raw image format
>>
>> It's totally up to users which one, or both, should be used on users'
>> system depending on user requirements.
>
> Gitlab CI fails:
>
> https://gitlab.denx.de/u-boot/custodians/u-boot-efi/-/jobs/172745
> https://gitlab.denx.de/u-boot/custodians/u-boot-efi/-/jobs/172744
>
>              # Create signature database
>              # PK
>              check_call('cd %s; openssl req -x509 -sha256 -newkey
> rsa:2048 -subj /CN=TEST_PK/ -keyout PK.key -out PK.crt -nodes -days 365'
>                         % mnt_point, shell=True)
>              check_call('cd %s; %scert-to-efi-sig-list -g %s PK.crt
> PK.esl; %ssign-efi-sig-list -t "2020-04-01" -c PK.crt -k PK.key PK
> PK.esl PK.auth'
>  >                      % (mnt_point, EFITOOLS_PATH, GUID, EFITOOLS_PATH),
>                         shell=True)
> E                      NameError: name 'EFITOOLS_PATH' is not defined
> test/py/tests/test_efi_secboot/conftest.py:50: NameError
>
>
> To get the series merged, please, provide the necessary patches for
> .azure-pipelines.yml, .gitlab-ci.yml, .travis.yml.
>
> Possibly you will have to adjust
> https://gitlab.denx.de/u-boot/gitlab-ci-runner
>
> Best regards
>
> Heinrich
>

Hello Lukasz,

I would like to get at least get the DFU part merged. So I suggest to
add the DFU patches to my next pull request for Tom.

Is that fine with you?

Best regards

Heinrich


More information about the U-Boot mailing list