[PATCH v4 8/8] doc: uefi: Update the capsule update related documentation

Ilias Apalodimas ilias.apalodimas at linaro.org
Thu Mar 31 20:14:55 CEST 2022


On Thu, Mar 31, 2022 at 06:57:50PM +0530, Sughosh Ganu wrote:
> Update the capsule update functionality related documentation to
> refect the additional definitions that need to be made per platform
> for supporting the capsule update feature.
> 
> Signed-off-by: Sughosh Ganu <sughosh.ganu at linaro.org>
> ---
> 
> Changes since V3:
> * Rephrase the commit message to indicate that the doc changes are not
>   just limited to adding the GUID values, but other info as well.
> * Elaborate with an example on the relation between the dfu alt number
>   and the image index 
> 
>  doc/develop/uefi/uefi.rst | 24 ++++++++++++++++++++++--
>  1 file changed, 22 insertions(+), 2 deletions(-)
> 
> diff --git a/doc/develop/uefi/uefi.rst b/doc/develop/uefi/uefi.rst
> index fe337c88bd..d886635cc3 100644
> --- a/doc/develop/uefi/uefi.rst
> +++ b/doc/develop/uefi/uefi.rst
> @@ -312,8 +312,8 @@ Run the following command
>  .. code-block:: console
>  
>      $ mkeficapsule \
> -      --index 1 --instance 0 \
> -      [--fit <FIT image> | --raw <raw image>] \
> +      --index <index> --instance 0 \
> +      --guid <image GUID> \
>        <capsule_file_name>
>  
>  Performing the update
> @@ -333,6 +333,26 @@ won't be taken over across the reboot. If this is the case, you can skip
>  this feature check with the Kconfig option (CONFIG_EFI_IGNORE_OSINDICATIONS)
>  set.
>  
> +A few things need to be defined in the board file for performing the
> +capsule upadte. The first is defining the function set_dfu_alt_info in

s/upadte/update/

> +the board file. This function sets the environment variable
> +dfu_alt_info. Instead of taking the variable from the environment, the
> +capsule update feature requires that the variable be set through the

I think we should also mention that allowing a user to change the location
of the firmware updates in flash is not a good security practice.  
Having that baked in the firmware (as long as a prior stage boot loader verifies it)
is a better approach.

Thanks
/Ilias
> +board function, since that is more robust. Secondly, define GUID
> +values and image index of the images that are to be updated through
> +the capsule update feature in the board file. Both the values are to
> +be defined as part of the fw_images array. These GUID values would be
> +used by the Firmware Management Protocol(FMP) to populate the image
> +descriptor array and also displayed as part of the ESRT table. The
> +image index values defined in the array should be one greater than the
> +dfu alt number that corresponds to the firmware image. So, if the dfu
> +alt number for an image is 2, the value of image index in the
> +fw_images array for that image should be 3. The dfu alt number can be
> +obtained by running the following command::
> +
> +    dfu list
> +
> +
>  Finally, the capsule update can be initiated by rebooting the board.
>  
>  Enabling Capsule Authentication
> -- 
> 2.25.1
> 


More information about the U-Boot mailing list