[PATCH v7 08/11] binman: capsule: Add support for generating EFI capsules
Simon Glass
sjg at chromium.org
Sat Aug 5 19:20:02 CEST 2023
Hi Sughosh,
On Sat, 5 Aug 2023 at 09:03, Simon Glass <sjg at chromium.org> wrote:
>
> Hi Sughosh,
>
> On Sat, 5 Aug 2023 at 05:35, Sughosh Ganu <sughosh.ganu at linaro.org> wrote:
> >
> > Add support in binman for generating EFI capsules. The capsule
> > parameters can be specified through the capsule binman entry. Also add
> > test cases in binman for testing capsule generation.
> >
> > Signed-off-by: Sughosh Ganu <sughosh.ganu at linaro.org>
> > ---
> > Changes since V6:
> > * Add macros for the GUID strings in sandbox_efi_capsule.h
> > * Highlight that the private and public keys are mandatory for capsule
> > signing.
> > * Add a URL link to the UEFI spec, as used in the rst files.
> > * Use local vars for private and public keys in BuildSectionData()
> > * Use local vars for input payload and capsule filenames in
> > BuildSectionData().
> > * Drop the ProcessContents() and SetImagePos() as the superclass
> > functions suffice.
> > * Use GUID macro names in the capsule test dts files.
> > * Rename efi_capsule_payload.bin to capsule_input.bin.
> >
> >
> > include/sandbox_efi_capsule.h | 14 ++
>
> Please move this file to a later patch - see below.
>
> Could we have a single header file with all the GUIDs, i.e. sandbox, ARM, etc.
>
> > tools/binman/entries.rst | 62 ++++++++
> > tools/binman/etype/efi_capsule.py | 143 ++++++++++++++++++
> > tools/binman/ftest.py | 121 +++++++++++++++
> > tools/binman/test/307_capsule.dts | 23 +++
> > tools/binman/test/308_capsule_signed.dts | 25 +++
> > tools/binman/test/309_capsule_version.dts | 24 +++
> > tools/binman/test/310_capsule_signed_ver.dts | 26 ++++
> > tools/binman/test/311_capsule_oemflags.dts | 24 +++
> > tools/binman/test/312_capsule_missing_key.dts | 24 +++
> > .../binman/test/313_capsule_missing_index.dts | 22 +++
> > .../binman/test/314_capsule_missing_guid.dts | 19 +++
> > .../test/315_capsule_missing_payload.dts | 19 +++
> > 13 files changed, 546 insertions(+)
> > create mode 100644 include/sandbox_efi_capsule.h
> > create mode 100644 tools/binman/etype/efi_capsule.py
> > create mode 100644 tools/binman/test/307_capsule.dts
> > create mode 100644 tools/binman/test/308_capsule_signed.dts
> > create mode 100644 tools/binman/test/309_capsule_version.dts
> > create mode 100644 tools/binman/test/310_capsule_signed_ver.dts
> > create mode 100644 tools/binman/test/311_capsule_oemflags.dts
> > create mode 100644 tools/binman/test/312_capsule_missing_key.dts
> > create mode 100644 tools/binman/test/313_capsule_missing_index.dts
> > create mode 100644 tools/binman/test/314_capsule_missing_guid.dts
> > create mode 100644 tools/binman/test/315_capsule_missing_payload.dts
> >
[..]
> > diff --git a/tools/binman/test/307_capsule.dts b/tools/binman/test/307_capsule.dts
> > new file mode 100644
> > index 0000000000..86552ff83f
> > --- /dev/null
> > +++ b/tools/binman/test/307_capsule.dts
> > @@ -0,0 +1,23 @@
> > +// SPDX-License-Identifier: GPL-2.0+
> > +
> > +/dts-v1/;
> > +
> > +#include <sandbox_efi_capsule.h>
>
> We can't include sandbox files in binman! I Does it actually matter
> what the GUID value is? Can they all be the same? For now I think it
> is best to have
>
> #define BINMAN_TEST_GUID "xxx"
>
> repeated at the top of each .dts file. Hopefully at some point we can
> figure out a sensible way to provide a decoder ring for this mess, so
> we can use actually names in the binman definition instead of GUIDs.
Oh, having thought about this a bit more, there is a much better way.
In the entry type, allow the image_guid to be a string, like
'binman-test' or 'sandbox-test'. Then binman can have a conversion
function to figure out the GUID to pass to the tool, e.g. in
efi_capsule.py:
TYPE_TO_GUID = {
'binman-test': '09123987987f98712',
'sandbox-test':, '98123987123123987123987',
}
def get_guid(type_str):
'Get the GUID to use for a particular purpose"""
return TYPE_TO_GUID.get(type_str, type_str)
Then you can use these same strings in the sandbox tests, without
needing to include anything.
>
> > +
> > +/ {
> > + #address-cells = <1>;
> > + #size-cells = <1>;
> > +
> > + binman {
> > + efi-capsule {
> > + image-index = <0x1>;
> > + /* Image GUID for testing capsule update */
> > + image-type-id = SANDBOX_UBOOT_IMAGE_GUID;
> > + hardware-instance = <0x0>;
> > +
> > + blob {
> > + filename = "capsule_input.bin";
> > + };
> > + };
> > + };
> > +};
Regards,
Simon
More information about the U-Boot
mailing list