[PATCH v4 12/12] sandbox: capsule: Generate capsule related files through binman
Simon Glass
sjg at chromium.org
Sun Jul 16 01:40:43 CEST 2023
Hi Sughosh,
On Sat, 15 Jul 2023 at 07:46, Sughosh Ganu <sughosh.ganu at linaro.org> wrote:
>
> The EFI capsule files can now be generated as part of u-boot
> build. This is done through binman. Add capsule entry nodes in the
> u-boot.dtsi for the sandbox architecture for generating the
> capsules. Remove the corresponding generation of capsules from the
> capsule update conftest file.
>
> The capsules are generated through the config file for the sandbox
> variant, and through explicit parameters for the sandbox_flattree
> variant.
>
> Also generate the FIT image used for testing the capsule update
> feature on the sandbox_flattree variant through binman. Remove the now
> superfluous its file which was used for generating this FIT image.
>
> Signed-off-by: Sughosh Ganu <sughosh.ganu at linaro.org>
> ---
> Changes since V3:
> * Use blob nodes instead of incbin for including the binaries in FIT
> image.
> * Enable generation of capsules with versioning support.
>
> arch/sandbox/dts/u-boot.dtsi | 265 ++++++++++++++++++
> test/py/tests/test_efi_capsule/conftest.py | 127 ---------
> .../tests/test_efi_capsule/uboot_bin_env.its | 36 ---
> 3 files changed, 265 insertions(+), 163 deletions(-)
> delete mode 100644 test/py/tests/test_efi_capsule/uboot_bin_env.its
>
> diff --git a/arch/sandbox/dts/u-boot.dtsi b/arch/sandbox/dts/u-boot.dtsi
> index 60bd004937..7b0250ac81 100644
> --- a/arch/sandbox/dts/u-boot.dtsi
> +++ b/arch/sandbox/dts/u-boot.dtsi
> @@ -13,5 +13,270 @@
> capsule-key = /incbin/(CONFIG_EFI_CAPSULE_ESL_FILE);
> };
> #endif
> +
> + binman: binman {
> + multiple-images;
> + };
> +};
> +
> +&binman {
> + itb {
> + filename = "/tmp/capsules/uboot_bin_env.itb";
> +
> + fit {
> + description = "Automatic U-Boot environment update";
> + #address-cells = <2>;
> +
> + images {
> + u-boot-bin {
> + description = "U-Boot binary on SPI Flash";
> + compression = "none";
> + type = "firmware";
> + arch = "sandbox";
> + load = <0>;
> + blob {
> + filename = "/tmp/capsules/u-boot.bin.new";
> + };
> +
> + hash-1 {
> + algo = "sha1";
> + };
> + };
> + u-boot-env {
> + description = "U-Boot environment on SPI Flash";
> + compression = "none";
> + type = "firmware";
> + arch = "sandbox";
> + load = <0>;
> + blob {
> + filename = "/tmp/capsules/u-boot.env.new";
> + };
> +
> + hash-1 {
> + algo = "sha1";
> + };
> + };
> + };
> + };
> + };
> +
> +#ifdef CONFIG_EFI_USE_CAPSULE_CFG_FILE
> + capsule1 {
> + capsule {
> + cfg-file = CONFIG_EFI_CAPSULE_CFG_FILE;
> + };
> + };
> +#else
> + capsule2 {
> + capsule {
> + image-index = <0x1>;
> + image-type-id = "09D7CF52-0720-4710-91D1-08469B7FE9C8";
We seem to have a persistent problem with these appearing in the source code.
Perhaps you could add them to a header file and use
GUID_MEANINGFUL_NAME here instead (also below).
In general, GUIDs should not be open-coded.
> + filename = "/tmp/capsules/u-boot.bin.new";
> + capsule = "/tmp/capsules/Test01";
There is something odd here. You should not need to specify an
absolute pathname and should not use /tmp
> + };
> + };
> +
> + capsule3 {
> + capsule {
> + image-index = <0x2>;
> + image-type-id = "5A7021F5-FEF2-48B4-AABA-832E777418C0";
> + filename = "/tmp/capsules/u-boot.env.new";
> + capsule = "/tmp/capsules/Test02";
> + };
> + };
> +
> + capsule4 {
> + capsule {
> + image-index = <0x1>;
> + image-type-id = "058B7D83-50D5-4C47-A195-60D86AD341C4";
> + filename = "/tmp/capsules/u-boot.bin.new";
> + capsule = "/tmp/capsules/Test03";
> + };
> + };
> +
> + capsule5 {
> + capsule {
> + image-index = <0x1>;
> + image-type-id = "3673B45D-6A7C-46F3-9E60-ADABB03F7937";
> + filename = "/tmp/capsules/uboot_bin_env.itb";
> + capsule = "/tmp/capsules/Test04";
> + };
> + };
> +
> + capsule6 {
> + capsule {
> + image-index = <0x1>;
> + image-type-id = "058B7D83-50D5-4C47-A195-60D86AD341C4";
> + filename = "/tmp/capsules/uboot_bin_env.itb";
> + capsule = "/tmp/capsules/Test05";
> + };
> + };
> +
> + capsule7 {
> + capsule {
> + image-index = <0x1>;
> + fw-version = <0x5>;
> + image-type-id = "09D7CF52-0720-4710-91D1-08469B7FE9C8";
> + filename = "/tmp/capsules/u-boot.bin.new";
> + capsule = "/tmp/capsules/Test101";
> + };
> + };
> +
> + capsule8 {
> + capsule {
> + image-index = <0x2>;
> + fw-version = <0xa>;
> + image-type-id = "5A7021F5-FEF2-48B4-AABA-832E777418C0";
> + filename = "/tmp/capsules/u-boot.env.new";
> + capsule = "/tmp/capsules/Test102";
> + };
> + };
> +
> + capsule9 {
> + capsule {
> + image-index = <0x1>;
> + fw-version = <0x2>;
> + image-type-id = "09D7CF52-0720-4710-91D1-08469B7FE9C8";
> + filename = "/tmp/capsules/u-boot.bin.new";
> + capsule = "/tmp/capsules/Test103";
> + };
> + };
> +
> + capsule10 {
> + capsule {
> + image-index = <0x1>;
> + fw-version = <0x5>;
> + image-type-id = "3673B45D-6A7C-46F3-9E60-ADABB03F7937";
> + filename = "/tmp/capsules/uboot_bin_env.itb";
> + capsule = "/tmp/capsules/Test104";
> + };
> + };
> +
> + capsule11 {
> + capsule {
> + image-index = <0x1>;
> + fw-version = <0x2>;
> + image-type-id = "3673B45D-6A7C-46F3-9E60-ADABB03F7937";
> + filename = "/tmp/capsules/uboot_bin_env.itb";
> + capsule = "/tmp/capsules/Test105";
> + };
> + };
> +
> +#ifdef CONFIG_EFI_CAPSULE_AUTHENTICATE
> + capsule12 {
> + capsule {
> + image-index = <0x1>;
> + image-type-id = "09D7CF52-0720-4710-91D1-08469B7FE9C8";
> + private-key = "/tmp/capsules/SIGNER.key";
> + pub-key-cert = "/tmp/capsules/SIGNER.crt";
> + monotonic-count = <0x1>;
> + filename = "/tmp/capsules/u-boot.bin.new";
> + capsule = "/tmp/capsules/Test11";
> + };
> + };
> +
> + capsule13 {
> + capsule {
> + image-index = <0x1>;
> + image-type-id = "09D7CF52-0720-4710-91D1-08469B7FE9C8";
> + private-key = "/tmp/capsules/SIGNER2.key";
> + pub-key-cert = "/tmp/capsules/SIGNER2.crt";
> + monotonic-count = <0x1>;
> + filename = "/tmp/capsules/u-boot.bin.new";
> + capsule = "/tmp/capsules/Test12";
> + };
> + };
> +
> + capsule14 {
> + capsule {
> + image-index = <0x1>;
> + image-type-id = "3673B45D-6A7C-46F3-9E60-ADABB03F7937";
> + private-key = "/tmp/capsules/SIGNER.key";
> + pub-key-cert = "/tmp/capsules/SIGNER.crt";
> + monotonic-count = <0x1>;
> + filename = "/tmp/capsules/uboot_bin_env.itb";
> + capsule = "/tmp/capsules/Test13";
> + };
> + };
> +
> + capsule15 {
> + capsule {
> + image-index = <0x1>;
> + image-type-id = "3673B45D-6A7C-46F3-9E60-ADABB03F7937";
> + private-key = "/tmp/capsules/SIGNER2.key";
> + pub-key-cert = "/tmp/capsules/SIGNER2.crt";
> + monotonic-count = <0x1>;
> + filename = "/tmp/capsules/uboot_bin_env.itb";
> + capsule = "/tmp/capsules/Test14";
> + };
> + };
> +
> + capsule16 {
> + capsule {
> + image-index = <0x1>;
> + fw-version = <0x5>;
> + image-type-id = "09D7CF52-0720-4710-91D1-08469B7FE9C8";
> + private-key = "/tmp/capsules/SIGNER.key";
> + pub-key-cert = "/tmp/capsules/SIGNER.crt";
> + monotonic-count = <0x1>;
> + filename = "/tmp/capsules/u-boot.bin.new";
> + capsule = "/tmp/capsules/Test111";
> + };
> + };
> +
> + capsule17 {
> + capsule {
> + image-index = <0x2>;
> + fw-version = <0xa>;
> + image-type-id = "5A7021F5-FEF2-48B4-AABA-832E777418C0";
> + private-key = "/tmp/capsules/SIGNER.key";
> + pub-key-cert = "/tmp/capsules/SIGNER.crt";
> + monotonic-count = <0x1>;
> + filename = "/tmp/capsules/u-boot.env.new";
> + capsule = "/tmp/capsules/Test112";
> + };
> + };
> +
> + capsule18 {
> + capsule {
> + image-index = <0x1>;
> + fw-version = <0x2>;
> + image-type-id = "09D7CF52-0720-4710-91D1-08469B7FE9C8";
> + private-key = "/tmp/capsules/SIGNER.key";
> + pub-key-cert = "/tmp/capsules/SIGNER.crt";
> + monotonic-count = <0x1>;
> + filename = "/tmp/capsules/u-boot.bin.new";
> + capsule = "/tmp/capsules/Test113";
> + };
> + };
> +
> + capsule19 {
> + capsule {
> + image-index = <0x1>;
> + fw-version = <0x5>;
> + image-type-id = "3673B45D-6A7C-46F3-9E60-ADABB03F7937";
> + private-key = "/tmp/capsules/SIGNER.key";
> + pub-key-cert = "/tmp/capsules/SIGNER.crt";
> + monotonic-count = <0x1>;
> + filename = "/tmp/capsules/uboot_bin_env.itb";
> + capsule = "/tmp/capsules/Test114";
> + };
> + };
> +
> + capsule20 {
> + capsule {
> + image-index = <0x1>;
> + fw-version = <0x2>;
> + image-type-id = "3673B45D-6A7C-46F3-9E60-ADABB03F7937";
> + private-key = "/tmp/capsules/SIGNER.key";
> + pub-key-cert = "/tmp/capsules/SIGNER.crt";
> + monotonic-count = <0x1>;
> + filename = "/tmp/capsules/uboot_bin_env.itb";
> + capsule = "/tmp/capsules/Test115";
> + };
> + };
> +
> +#endif /* CONFIG_EFI_CAPSULE_AUTHENTICATE */
> +#endif /* CONFIG_EFI_USE_CAPSULE_CFG_FILE */
> };
> #endif /* CONFIG_EFI_HAVE_CAPSULE_SUPPORT */
> diff --git a/test/py/tests/test_efi_capsule/conftest.py b/test/py/tests/test_efi_capsule/conftest.py
> index 99b502902e..ca44249a38 100644
> --- a/test/py/tests/test_efi_capsule/conftest.py
> +++ b/test/py/tests/test_efi_capsule/conftest.py
> @@ -56,133 +56,6 @@ def efi_capsule_data(request, u_boot_config):
> '-o test_ver.dtb version.dtbo'
> % (data_dir, u_boot_config.build_dir), shell=True)
>
> - # Create capsule files
> - # two regions: one for u-boot.bin and the other for u-boot.env
> - check_call('cd %s; echo -n u-boot:Old > u-boot.bin.old; echo -n u-boot:New > u-boot.bin.new; echo -n u-boot-env:Old > u-boot.env.old; echo -n u-boot-env:New > u-boot.env.new' % data_dir,
> - shell=True)
> - check_call('sed -e \"s?BINFILE1?u-boot.bin.new?\" -e \"s?BINFILE2?u-boot.env.new?\" %s/test/py/tests/test_efi_capsule/uboot_bin_env.its > %s/uboot_bin_env.its' %
> - (u_boot_config.source_dir, data_dir),
> - shell=True)
> - check_call('cd %s; %s/tools/mkimage -f uboot_bin_env.its uboot_bin_env.itb' %
> - (data_dir, u_boot_config.build_dir),
> - shell=True)
> - check_call('cd %s; %s/tools/mkeficapsule --index 1 --guid 09D7CF52-0720-4710-91D1-08469B7FE9C8 u-boot.bin.new Test01' %
> - (data_dir, u_boot_config.build_dir),
> - shell=True)
> - check_call('cd %s; %s/tools/mkeficapsule --index 2 --guid 5A7021F5-FEF2-48B4-AABA-832E777418C0 u-boot.env.new Test02' %
> - (data_dir, u_boot_config.build_dir),
> - shell=True)
> - check_call('cd %s; %s/tools/mkeficapsule --index 1 --guid 058B7D83-50D5-4C47-A195-60D86AD341C4 u-boot.bin.new Test03' %
> - (data_dir, u_boot_config.build_dir),
> - shell=True)
> - check_call('cd %s; %s/tools/mkeficapsule --index 1 --guid 3673B45D-6A7C-46F3-9E60-ADABB03F7937 uboot_bin_env.itb Test04' %
> - (data_dir, u_boot_config.build_dir),
> - shell=True)
> - check_call('cd %s; %s/tools/mkeficapsule --index 1 --guid 058B7D83-50D5-4C47-A195-60D86AD341C4 uboot_bin_env.itb Test05' %
> - (data_dir, u_boot_config.build_dir),
> - shell=True)
> - check_call('cd %s; %s/tools/mkeficapsule --index 1 --fw-version 5 '
> - '--guid 09D7CF52-0720-4710-91D1-08469B7FE9C8 u-boot.bin.new Test101' %
> - (data_dir, u_boot_config.build_dir),
> - shell=True)
> - check_call('cd %s; %s/tools/mkeficapsule --index 2 --fw-version 10 '
> - '--guid 5A7021F5-FEF2-48B4-AABA-832E777418C0 u-boot.env.new Test102' %
> - (data_dir, u_boot_config.build_dir),
> - shell=True)
> - check_call('cd %s; %s/tools/mkeficapsule --index 1 --fw-version 2 '
> - '--guid 09D7CF52-0720-4710-91D1-08469B7FE9C8 u-boot.bin.new Test103' %
> - (data_dir, u_boot_config.build_dir),
> - shell=True)
> - check_call('cd %s; %s/tools/mkeficapsule --index 1 --fw-version 5 '
> - '--guid 3673B45D-6A7C-46F3-9E60-ADABB03F7937 uboot_bin_env.itb Test104' %
> - (data_dir, u_boot_config.build_dir),
> - shell=True)
> - check_call('cd %s; %s/tools/mkeficapsule --index 1 --fw-version 2 '
> - '--guid 3673B45D-6A7C-46F3-9E60-ADABB03F7937 uboot_bin_env.itb Test105' %
> - (data_dir, u_boot_config.build_dir),
> - shell=True)
> -
> - if capsule_auth_enabled:
> - # raw firmware signed with proper key
> - check_call('cd %s; '
> - '%s/tools/mkeficapsule --index 1 --monotonic-count 1 '
> - '--private-key SIGNER.key --certificate SIGNER.crt '
> - '--guid 09D7CF52-0720-4710-91D1-08469B7FE9C8 '
> - 'u-boot.bin.new Test11'
> - % (data_dir, u_boot_config.build_dir),
> - shell=True)
> - # raw firmware signed with *mal* key
> - check_call('cd %s; '
> - '%s/tools/mkeficapsule --index 1 --monotonic-count 1 '
> - '--private-key SIGNER2.key '
> - '--certificate SIGNER2.crt '
> - '--guid 09D7CF52-0720-4710-91D1-08469B7FE9C8 '
> - 'u-boot.bin.new Test12'
> - % (data_dir, u_boot_config.build_dir),
> - shell=True)
> - # FIT firmware signed with proper key
> - check_call('cd %s; '
> - '%s/tools/mkeficapsule --index 1 --monotonic-count 1 '
> - '--private-key SIGNER.key --certificate SIGNER.crt '
> - '--guid 3673B45D-6A7C-46F3-9E60-ADABB03F7937 '
> - 'uboot_bin_env.itb Test13'
> - % (data_dir, u_boot_config.build_dir),
> - shell=True)
> - # FIT firmware signed with *mal* key
> - check_call('cd %s; '
> - '%s/tools/mkeficapsule --index 1 --monotonic-count 1 '
> - '--private-key SIGNER2.key '
> - '--certificate SIGNER2.crt '
> - '--guid 3673B45D-6A7C-46F3-9E60-ADABB03F7937 '
> - 'uboot_bin_env.itb Test14'
> - % (data_dir, u_boot_config.build_dir),
> - shell=True)
> - # raw firmware signed with proper key with version information
> - check_call('cd %s; '
> - '%s/tools/mkeficapsule --index 1 --monotonic-count 1 '
> - '--fw-version 5 '
> - '--private-key SIGNER.key --certificate SIGNER.crt '
> - '--guid 09D7CF52-0720-4710-91D1-08469B7FE9C8 '
> - 'u-boot.bin.new Test111'
> - % (data_dir, u_boot_config.build_dir),
> - shell=True)
> - # raw firmware signed with proper key with version information
> - check_call('cd %s; '
> - '%s/tools/mkeficapsule --index 2 --monotonic-count 1 '
> - '--fw-version 10 '
> - '--private-key SIGNER.key --certificate SIGNER.crt '
> - '--guid 5A7021F5-FEF2-48B4-AABA-832E777418C0 '
> - 'u-boot.env.new Test112'
> - % (data_dir, u_boot_config.build_dir),
> - shell=True)
> - # raw firmware signed with proper key with lower version information
> - check_call('cd %s; '
> - '%s/tools/mkeficapsule --index 1 --monotonic-count 1 '
> - '--fw-version 2 '
> - '--private-key SIGNER.key --certificate SIGNER.crt '
> - '--guid 09D7CF52-0720-4710-91D1-08469B7FE9C8 '
> - 'u-boot.bin.new Test113'
> - % (data_dir, u_boot_config.build_dir),
> - shell=True)
> - # FIT firmware signed with proper key with version information
> - check_call('cd %s; '
> - '%s/tools/mkeficapsule --index 1 --monotonic-count 1 '
> - '--fw-version 5 '
> - '--private-key SIGNER.key --certificate SIGNER.crt '
> - '--guid 3673B45D-6A7C-46F3-9E60-ADABB03F7937 '
> - 'uboot_bin_env.itb Test114'
> - % (data_dir, u_boot_config.build_dir),
> - shell=True)
> - # FIT firmware signed with proper key with lower version information
> - check_call('cd %s; '
> - '%s/tools/mkeficapsule --index 1 --monotonic-count 1 '
> - '--fw-version 2 '
> - '--private-key SIGNER.key --certificate SIGNER.crt '
> - '--guid 3673B45D-6A7C-46F3-9E60-ADABB03F7937 '
> - 'uboot_bin_env.itb Test115'
> - % (data_dir, u_boot_config.build_dir),
> - shell=True)
> -
> # Create a disk image with EFI system partition
> check_call('virt-make-fs --partition=gpt --size=+1M --type=vfat %s %s' %
> (mnt_point, image_path), shell=True)
> diff --git a/test/py/tests/test_efi_capsule/uboot_bin_env.its b/test/py/tests/test_efi_capsule/uboot_bin_env.its
> deleted file mode 100644
> index fc65907481..0000000000
> --- a/test/py/tests/test_efi_capsule/uboot_bin_env.its
> +++ /dev/null
> @@ -1,36 +0,0 @@
> -/*
> - * Automatic software update for U-Boot
> - * Make sure the flashing addresses ('load' prop) is correct for your board!
> - */
> -
> -/dts-v1/;
> -
> -/ {
> - description = "Automatic U-Boot environment update";
> - #address-cells = <2>;
> -
> - images {
> - u-boot-bin {
> - description = "U-Boot binary on SPI Flash";
> - data = /incbin/("BINFILE1");
> - compression = "none";
> - type = "firmware";
> - arch = "sandbox";
> - load = <0>;
> - hash-1 {
> - algo = "sha1";
> - };
> - };
> - u-boot-env {
> - description = "U-Boot environment on SPI Flash";
> - data = /incbin/("BINFILE2");
> - compression = "none";
> - type = "firmware";
> - arch = "sandbox";
> - load = <0>;
> - hash-1 {
> - algo = "sha1";
> - };
> - };
> - };
> -};
> --
> 2.34.1
>
REgards,
Simon
More information about the U-Boot
mailing list