[PATCH v11 00/15] Integrate EFI capsule tasks into U-Boot's build flow
Sughosh Ganu
sughosh.ganu at linaro.org
Tue Aug 22 19:39:53 CEST 2023
This patchset aims to bring two capsule related tasks under the U-Boot
build flow.
The first task is related to generation of capsules. The capsules can
be generated as part of U-Boot build, and this is being achieved
through binman, by adding a capsule entry type. The capsules can be
generated by specifying the capsule parameters as properties under the
capsule entry node.
The other task is the embedding of the public key into the platform's
DTB. The public key is in the form of an EFI Signature List(ESL) file
and is used for capsule authentication. This is being achieved by
adding the signature node containing the capsule public key in the
platform's DTB.
Corresponding changes have also been made to the test setup of the EFI
capsule update feature. The ESL public key file was embedded into the
sandbox platform's test.dtb as part of the test setup, post U-Boot
build. This is now no longer needed as the embedding of the ESL
happens as part of the build.
Secondly, the capsules needed for testing the EFI capsule update
feature were being generated through the invocation of the
mkeficapsule tool. This setup has also been changed to introduce
generation of these capsules through binman.
The document has been updated to reflect the above changes.
Changes since V10:
This series clubs two changes together. 1) Capsule generation through
binman, 2) Embedding the capsule public key ESL into the platform's
DTB [1]. This has been done based on feedback from Tom Rini on IRC.
The capsule generation was being done for all sandbox variant
builds till the V10 version. This is now changed so that the capsules
are only generated as part of the EFI capsule update feature
testing. This has been done based on feedback from Tom Rini [2]. These
changes are part of patch 7.
* Remove the sandbox_capsule.dtsi file.
* Remove addition of multiple-images property from sandbox.dts and
test.dts as the capsule generation is moved to the test.
* Add the capsule_gen_binman.dts with binman nodes for capsule
generation.
* Call the binman tool as part of the capsule test setup for
generation of capsules.
* Add an example binman capsule node which shows how a capsule can be
generated through binman.
[1] - https://lists.denx.de/pipermail/u-boot/2023-August/527810.html
[2] - https://lists.denx.de/pipermail/u-boot/2023-August/526987.html
Sughosh Ganu (15):
binman: bintool: Build a tool from a list of commands
nuvoton: npcm845-evb: Add a newline at the end of file
sandbox: capsule: Add keys and certificates needed for capsule update
testing
sandbox: capsule: Enable EFI capsule module on sandbox variants
btool: mkeficapsule: Add a bintool for EFI capsule generation
binman: capsule: Add support for generating EFI capsules
test: capsule: Generate EFI capsules through binman
doc: Add documentation to highlight capsule generation related updates
sandbox: trace: Increase trace buffer size
scripts/Makefile.lib: Collate all dtsi files for inclusion
scripts/Makefile.lib: Add dtsi include files as deps for building DTB
scripts/Makefile.lib: Embed capsule public key in platform's dtb
sandbox: capsule: Add path to the public key ESL file
test: capsule: Remove logic to add public key ESL
doc: capsule: Document the new mechanism to embed ESL file into dtb
.azure-pipelines.yml | 2 +-
.gitlab-ci.yml | 2 +-
arch/arm/dts/nuvoton-npcm845-evb.dts | 2 +-
board/sandbox/capsule_priv_key_bad.key | 28 ++
board/sandbox/capsule_priv_key_good.key | 28 ++
board/sandbox/capsule_pub_esl_good.esl | Bin 0 -> 831 bytes
board/sandbox/capsule_pub_key_bad.crt | 19 ++
board/sandbox/capsule_pub_key_good.crt | 19 ++
configs/sandbox_defconfig | 1 +
configs/sandbox_flattree_defconfig | 1 +
configs/sandbox_noinst_defconfig | 2 +
configs/sandbox_spl_defconfig | 2 +
configs/sandbox_vpl_defconfig | 2 +
doc/develop/uefi/uefi.rst | 59 +++-
include/sandbox_efi_capsule.h | 21 ++
lib/efi_loader/Kconfig | 8 +
lib/efi_loader/capsule_esl.dtsi.in | 11 +
scripts/Makefile.lib | 30 +-
.../test_efi_capsule/capsule_gen_binman.dts | 321 ++++++++++++++++++
test/py/tests/test_efi_capsule/conftest.py | 175 ++--------
test/py/tests/test_efi_capsule/signature.dts | 10 -
.../tests/test_efi_capsule/uboot_bin_env.its | 36 --
test/py/tests/test_trace.py | 2 +-
tools/binman/bintool.py | 19 +-
tools/binman/btool/mkeficapsule.py | 101 ++++++
tools/binman/entries.rst | 64 ++++
tools/binman/etype/efi_capsule.py | 143 ++++++++
tools/binman/ftest.py | 118 +++++++
tools/binman/test/311_capsule.dts | 21 ++
tools/binman/test/312_capsule_signed.dts | 23 ++
tools/binman/test/313_capsule_version.dts | 22 ++
tools/binman/test/314_capsule_signed_ver.dts | 24 ++
tools/binman/test/315_capsule_oemflags.dts | 22 ++
tools/binman/test/316_capsule_missing_key.dts | 22 ++
.../binman/test/317_capsule_missing_index.dts | 20 ++
.../binman/test/318_capsule_missing_guid.dts | 19 ++
36 files changed, 1175 insertions(+), 224 deletions(-)
create mode 100644 board/sandbox/capsule_priv_key_bad.key
create mode 100644 board/sandbox/capsule_priv_key_good.key
create mode 100644 board/sandbox/capsule_pub_esl_good.esl
create mode 100644 board/sandbox/capsule_pub_key_bad.crt
create mode 100644 board/sandbox/capsule_pub_key_good.crt
create mode 100644 include/sandbox_efi_capsule.h
create mode 100644 lib/efi_loader/capsule_esl.dtsi.in
create mode 100644 test/py/tests/test_efi_capsule/capsule_gen_binman.dts
delete mode 100644 test/py/tests/test_efi_capsule/signature.dts
delete mode 100644 test/py/tests/test_efi_capsule/uboot_bin_env.its
create mode 100644 tools/binman/btool/mkeficapsule.py
create mode 100644 tools/binman/etype/efi_capsule.py
create mode 100644 tools/binman/test/311_capsule.dts
create mode 100644 tools/binman/test/312_capsule_signed.dts
create mode 100644 tools/binman/test/313_capsule_version.dts
create mode 100644 tools/binman/test/314_capsule_signed_ver.dts
create mode 100644 tools/binman/test/315_capsule_oemflags.dts
create mode 100644 tools/binman/test/316_capsule_missing_key.dts
create mode 100644 tools/binman/test/317_capsule_missing_index.dts
create mode 100644 tools/binman/test/318_capsule_missing_guid.dts
--
2.34.1
More information about the U-Boot
mailing list