[PATCH v4 12/12] sandbox: capsule: Generate capsule related files through binman
Sughosh Ganu
sughosh.ganu at linaro.org
Mon Jul 17 13:18:22 CEST 2023
hi Simon,
On Sun, 16 Jul 2023 at 05:12, Simon Glass <sjg at chromium.org> wrote:
>
> Hi Sughosh,
>
> On Sat, 15 Jul 2023 at 07:46, Sughosh Ganu <sughosh.ganu at linaro.org> wrote:
> >
> > The EFI capsule files can now be generated as part of u-boot
> > build. This is done through binman. Add capsule entry nodes in the
> > u-boot.dtsi for the sandbox architecture for generating the
> > capsules. Remove the corresponding generation of capsules from the
> > capsule update conftest file.
> >
> > The capsules are generated through the config file for the sandbox
> > variant, and through explicit parameters for the sandbox_flattree
> > variant.
> >
> > Also generate the FIT image used for testing the capsule update
> > feature on the sandbox_flattree variant through binman. Remove the now
> > superfluous its file which was used for generating this FIT image.
> >
> > Signed-off-by: Sughosh Ganu <sughosh.ganu at linaro.org>
> > ---
> > Changes since V3:
> > * Use blob nodes instead of incbin for including the binaries in FIT
> > image.
> > * Enable generation of capsules with versioning support.
> >
> > arch/sandbox/dts/u-boot.dtsi | 265 ++++++++++++++++++
> > test/py/tests/test_efi_capsule/conftest.py | 127 ---------
> > .../tests/test_efi_capsule/uboot_bin_env.its | 36 ---
> > 3 files changed, 265 insertions(+), 163 deletions(-)
> > delete mode 100644 test/py/tests/test_efi_capsule/uboot_bin_env.its
> >
> > diff --git a/arch/sandbox/dts/u-boot.dtsi b/arch/sandbox/dts/u-boot.dtsi
> > index 60bd004937..7b0250ac81 100644
> > --- a/arch/sandbox/dts/u-boot.dtsi
> > +++ b/arch/sandbox/dts/u-boot.dtsi
> > @@ -13,5 +13,270 @@
> > capsule-key = /incbin/(CONFIG_EFI_CAPSULE_ESL_FILE);
> > };
> > #endif
> > +
> > + binman: binman {
> > + multiple-images;
> > + };
> > +};
> > +
> > +&binman {
> > + itb {
> > + filename = "/tmp/capsules/uboot_bin_env.itb";
> > +
> > + fit {
> > + description = "Automatic U-Boot environment update";
> > + #address-cells = <2>;
> > +
> > + images {
> > + u-boot-bin {
> > + description = "U-Boot binary on SPI Flash";
> > + compression = "none";
> > + type = "firmware";
> > + arch = "sandbox";
> > + load = <0>;
> > + blob {
> > + filename = "/tmp/capsules/u-boot.bin.new";
> > + };
> > +
> > + hash-1 {
> > + algo = "sha1";
> > + };
> > + };
> > + u-boot-env {
> > + description = "U-Boot environment on SPI Flash";
> > + compression = "none";
> > + type = "firmware";
> > + arch = "sandbox";
> > + load = <0>;
> > + blob {
> > + filename = "/tmp/capsules/u-boot.env.new";
> > + };
> > +
> > + hash-1 {
> > + algo = "sha1";
> > + };
> > + };
> > + };
> > + };
> > + };
> > +
> > +#ifdef CONFIG_EFI_USE_CAPSULE_CFG_FILE
> > + capsule1 {
> > + capsule {
> > + cfg-file = CONFIG_EFI_CAPSULE_CFG_FILE;
> > + };
> > + };
> > +#else
> > + capsule2 {
> > + capsule {
> > + image-index = <0x1>;
> > + image-type-id = "09D7CF52-0720-4710-91D1-08469B7FE9C8";
>
> We seem to have a persistent problem with these appearing in the source code.
>
> Perhaps you could add them to a header file and use
> GUID_MEANINGFUL_NAME here instead (also below).
>
> In general, GUIDs should not be open-coded.
Okay. Will it be okay if I add these to a sandbox_capule.h. Earlier, I
had similar GUID macros in the sandbox config header, and you had
asked me to move them to the board file.
>
>
> > + filename = "/tmp/capsules/u-boot.bin.new";
> > + capsule = "/tmp/capsules/Test01";
>
> There is something odd here. You should not need to specify an
> absolute pathname and should not use /tmp
The /tmp/capsules/ directory is being used for collating all the
capsule testing related files. Both the input files as well as the
output capsule files are being put under this directory. Do you see
any issue with using this directory for the capsule files?
-sughosh
>
>
> > + };
> > + };
> > +
> > + capsule3 {
> > + capsule {
> > + image-index = <0x2>;
> > + image-type-id = "5A7021F5-FEF2-48B4-AABA-832E777418C0";
> > + filename = "/tmp/capsules/u-boot.env.new";
> > + capsule = "/tmp/capsules/Test02";
> > + };
> > + };
> > +
> > + capsule4 {
> > + capsule {
> > + image-index = <0x1>;
> > + image-type-id = "058B7D83-50D5-4C47-A195-60D86AD341C4";
> > + filename = "/tmp/capsules/u-boot.bin.new";
> > + capsule = "/tmp/capsules/Test03";
> > + };
> > + };
> > +
> > + capsule5 {
> > + capsule {
> > + image-index = <0x1>;
> > + image-type-id = "3673B45D-6A7C-46F3-9E60-ADABB03F7937";
> > + filename = "/tmp/capsules/uboot_bin_env.itb";
> > + capsule = "/tmp/capsules/Test04";
> > + };
> > + };
> > +
> > + capsule6 {
> > + capsule {
> > + image-index = <0x1>;
> > + image-type-id = "058B7D83-50D5-4C47-A195-60D86AD341C4";
> > + filename = "/tmp/capsules/uboot_bin_env.itb";
> > + capsule = "/tmp/capsules/Test05";
> > + };
> > + };
> > +
> > + capsule7 {
> > + capsule {
> > + image-index = <0x1>;
> > + fw-version = <0x5>;
> > + image-type-id = "09D7CF52-0720-4710-91D1-08469B7FE9C8";
> > + filename = "/tmp/capsules/u-boot.bin.new";
> > + capsule = "/tmp/capsules/Test101";
> > + };
> > + };
> > +
> > + capsule8 {
> > + capsule {
> > + image-index = <0x2>;
> > + fw-version = <0xa>;
> > + image-type-id = "5A7021F5-FEF2-48B4-AABA-832E777418C0";
> > + filename = "/tmp/capsules/u-boot.env.new";
> > + capsule = "/tmp/capsules/Test102";
> > + };
> > + };
> > +
> > + capsule9 {
> > + capsule {
> > + image-index = <0x1>;
> > + fw-version = <0x2>;
> > + image-type-id = "09D7CF52-0720-4710-91D1-08469B7FE9C8";
> > + filename = "/tmp/capsules/u-boot.bin.new";
> > + capsule = "/tmp/capsules/Test103";
> > + };
> > + };
> > +
> > + capsule10 {
> > + capsule {
> > + image-index = <0x1>;
> > + fw-version = <0x5>;
> > + image-type-id = "3673B45D-6A7C-46F3-9E60-ADABB03F7937";
> > + filename = "/tmp/capsules/uboot_bin_env.itb";
> > + capsule = "/tmp/capsules/Test104";
> > + };
> > + };
> > +
> > + capsule11 {
> > + capsule {
> > + image-index = <0x1>;
> > + fw-version = <0x2>;
> > + image-type-id = "3673B45D-6A7C-46F3-9E60-ADABB03F7937";
> > + filename = "/tmp/capsules/uboot_bin_env.itb";
> > + capsule = "/tmp/capsules/Test105";
> > + };
> > + };
> > +
> > +#ifdef CONFIG_EFI_CAPSULE_AUTHENTICATE
> > + capsule12 {
> > + capsule {
> > + image-index = <0x1>;
> > + image-type-id = "09D7CF52-0720-4710-91D1-08469B7FE9C8";
> > + private-key = "/tmp/capsules/SIGNER.key";
> > + pub-key-cert = "/tmp/capsules/SIGNER.crt";
> > + monotonic-count = <0x1>;
> > + filename = "/tmp/capsules/u-boot.bin.new";
> > + capsule = "/tmp/capsules/Test11";
> > + };
> > + };
> > +
> > + capsule13 {
> > + capsule {
> > + image-index = <0x1>;
> > + image-type-id = "09D7CF52-0720-4710-91D1-08469B7FE9C8";
> > + private-key = "/tmp/capsules/SIGNER2.key";
> > + pub-key-cert = "/tmp/capsules/SIGNER2.crt";
> > + monotonic-count = <0x1>;
> > + filename = "/tmp/capsules/u-boot.bin.new";
> > + capsule = "/tmp/capsules/Test12";
> > + };
> > + };
> > +
> > + capsule14 {
> > + capsule {
> > + image-index = <0x1>;
> > + image-type-id = "3673B45D-6A7C-46F3-9E60-ADABB03F7937";
> > + private-key = "/tmp/capsules/SIGNER.key";
> > + pub-key-cert = "/tmp/capsules/SIGNER.crt";
> > + monotonic-count = <0x1>;
> > + filename = "/tmp/capsules/uboot_bin_env.itb";
> > + capsule = "/tmp/capsules/Test13";
> > + };
> > + };
> > +
> > + capsule15 {
> > + capsule {
> > + image-index = <0x1>;
> > + image-type-id = "3673B45D-6A7C-46F3-9E60-ADABB03F7937";
> > + private-key = "/tmp/capsules/SIGNER2.key";
> > + pub-key-cert = "/tmp/capsules/SIGNER2.crt";
> > + monotonic-count = <0x1>;
> > + filename = "/tmp/capsules/uboot_bin_env.itb";
> > + capsule = "/tmp/capsules/Test14";
> > + };
> > + };
> > +
> > + capsule16 {
> > + capsule {
> > + image-index = <0x1>;
> > + fw-version = <0x5>;
> > + image-type-id = "09D7CF52-0720-4710-91D1-08469B7FE9C8";
> > + private-key = "/tmp/capsules/SIGNER.key";
> > + pub-key-cert = "/tmp/capsules/SIGNER.crt";
> > + monotonic-count = <0x1>;
> > + filename = "/tmp/capsules/u-boot.bin.new";
> > + capsule = "/tmp/capsules/Test111";
> > + };
> > + };
> > +
> > + capsule17 {
> > + capsule {
> > + image-index = <0x2>;
> > + fw-version = <0xa>;
> > + image-type-id = "5A7021F5-FEF2-48B4-AABA-832E777418C0";
> > + private-key = "/tmp/capsules/SIGNER.key";
> > + pub-key-cert = "/tmp/capsules/SIGNER.crt";
> > + monotonic-count = <0x1>;
> > + filename = "/tmp/capsules/u-boot.env.new";
> > + capsule = "/tmp/capsules/Test112";
> > + };
> > + };
> > +
> > + capsule18 {
> > + capsule {
> > + image-index = <0x1>;
> > + fw-version = <0x2>;
> > + image-type-id = "09D7CF52-0720-4710-91D1-08469B7FE9C8";
> > + private-key = "/tmp/capsules/SIGNER.key";
> > + pub-key-cert = "/tmp/capsules/SIGNER.crt";
> > + monotonic-count = <0x1>;
> > + filename = "/tmp/capsules/u-boot.bin.new";
> > + capsule = "/tmp/capsules/Test113";
> > + };
> > + };
> > +
> > + capsule19 {
> > + capsule {
> > + image-index = <0x1>;
> > + fw-version = <0x5>;
> > + image-type-id = "3673B45D-6A7C-46F3-9E60-ADABB03F7937";
> > + private-key = "/tmp/capsules/SIGNER.key";
> > + pub-key-cert = "/tmp/capsules/SIGNER.crt";
> > + monotonic-count = <0x1>;
> > + filename = "/tmp/capsules/uboot_bin_env.itb";
> > + capsule = "/tmp/capsules/Test114";
> > + };
> > + };
> > +
> > + capsule20 {
> > + capsule {
> > + image-index = <0x1>;
> > + fw-version = <0x2>;
> > + image-type-id = "3673B45D-6A7C-46F3-9E60-ADABB03F7937";
> > + private-key = "/tmp/capsules/SIGNER.key";
> > + pub-key-cert = "/tmp/capsules/SIGNER.crt";
> > + monotonic-count = <0x1>;
> > + filename = "/tmp/capsules/uboot_bin_env.itb";
> > + capsule = "/tmp/capsules/Test115";
> > + };
> > + };
> > +
> > +#endif /* CONFIG_EFI_CAPSULE_AUTHENTICATE */
> > +#endif /* CONFIG_EFI_USE_CAPSULE_CFG_FILE */
> > };
> > #endif /* CONFIG_EFI_HAVE_CAPSULE_SUPPORT */
> > diff --git a/test/py/tests/test_efi_capsule/conftest.py b/test/py/tests/test_efi_capsule/conftest.py
> > index 99b502902e..ca44249a38 100644
> > --- a/test/py/tests/test_efi_capsule/conftest.py
> > +++ b/test/py/tests/test_efi_capsule/conftest.py
> > @@ -56,133 +56,6 @@ def efi_capsule_data(request, u_boot_config):
> > '-o test_ver.dtb version.dtbo'
> > % (data_dir, u_boot_config.build_dir), shell=True)
> >
> > - # Create capsule files
> > - # two regions: one for u-boot.bin and the other for u-boot.env
> > - check_call('cd %s; echo -n u-boot:Old > u-boot.bin.old; echo -n u-boot:New > u-boot.bin.new; echo -n u-boot-env:Old > u-boot.env.old; echo -n u-boot-env:New > u-boot.env.new' % data_dir,
> > - shell=True)
> > - check_call('sed -e \"s?BINFILE1?u-boot.bin.new?\" -e \"s?BINFILE2?u-boot.env.new?\" %s/test/py/tests/test_efi_capsule/uboot_bin_env.its > %s/uboot_bin_env.its' %
> > - (u_boot_config.source_dir, data_dir),
> > - shell=True)
> > - check_call('cd %s; %s/tools/mkimage -f uboot_bin_env.its uboot_bin_env.itb' %
> > - (data_dir, u_boot_config.build_dir),
> > - shell=True)
> > - check_call('cd %s; %s/tools/mkeficapsule --index 1 --guid 09D7CF52-0720-4710-91D1-08469B7FE9C8 u-boot.bin.new Test01' %
> > - (data_dir, u_boot_config.build_dir),
> > - shell=True)
> > - check_call('cd %s; %s/tools/mkeficapsule --index 2 --guid 5A7021F5-FEF2-48B4-AABA-832E777418C0 u-boot.env.new Test02' %
> > - (data_dir, u_boot_config.build_dir),
> > - shell=True)
> > - check_call('cd %s; %s/tools/mkeficapsule --index 1 --guid 058B7D83-50D5-4C47-A195-60D86AD341C4 u-boot.bin.new Test03' %
> > - (data_dir, u_boot_config.build_dir),
> > - shell=True)
> > - check_call('cd %s; %s/tools/mkeficapsule --index 1 --guid 3673B45D-6A7C-46F3-9E60-ADABB03F7937 uboot_bin_env.itb Test04' %
> > - (data_dir, u_boot_config.build_dir),
> > - shell=True)
> > - check_call('cd %s; %s/tools/mkeficapsule --index 1 --guid 058B7D83-50D5-4C47-A195-60D86AD341C4 uboot_bin_env.itb Test05' %
> > - (data_dir, u_boot_config.build_dir),
> > - shell=True)
> > - check_call('cd %s; %s/tools/mkeficapsule --index 1 --fw-version 5 '
> > - '--guid 09D7CF52-0720-4710-91D1-08469B7FE9C8 u-boot.bin.new Test101' %
> > - (data_dir, u_boot_config.build_dir),
> > - shell=True)
> > - check_call('cd %s; %s/tools/mkeficapsule --index 2 --fw-version 10 '
> > - '--guid 5A7021F5-FEF2-48B4-AABA-832E777418C0 u-boot.env.new Test102' %
> > - (data_dir, u_boot_config.build_dir),
> > - shell=True)
> > - check_call('cd %s; %s/tools/mkeficapsule --index 1 --fw-version 2 '
> > - '--guid 09D7CF52-0720-4710-91D1-08469B7FE9C8 u-boot.bin.new Test103' %
> > - (data_dir, u_boot_config.build_dir),
> > - shell=True)
> > - check_call('cd %s; %s/tools/mkeficapsule --index 1 --fw-version 5 '
> > - '--guid 3673B45D-6A7C-46F3-9E60-ADABB03F7937 uboot_bin_env.itb Test104' %
> > - (data_dir, u_boot_config.build_dir),
> > - shell=True)
> > - check_call('cd %s; %s/tools/mkeficapsule --index 1 --fw-version 2 '
> > - '--guid 3673B45D-6A7C-46F3-9E60-ADABB03F7937 uboot_bin_env.itb Test105' %
> > - (data_dir, u_boot_config.build_dir),
> > - shell=True)
> > -
> > - if capsule_auth_enabled:
> > - # raw firmware signed with proper key
> > - check_call('cd %s; '
> > - '%s/tools/mkeficapsule --index 1 --monotonic-count 1 '
> > - '--private-key SIGNER.key --certificate SIGNER.crt '
> > - '--guid 09D7CF52-0720-4710-91D1-08469B7FE9C8 '
> > - 'u-boot.bin.new Test11'
> > - % (data_dir, u_boot_config.build_dir),
> > - shell=True)
> > - # raw firmware signed with *mal* key
> > - check_call('cd %s; '
> > - '%s/tools/mkeficapsule --index 1 --monotonic-count 1 '
> > - '--private-key SIGNER2.key '
> > - '--certificate SIGNER2.crt '
> > - '--guid 09D7CF52-0720-4710-91D1-08469B7FE9C8 '
> > - 'u-boot.bin.new Test12'
> > - % (data_dir, u_boot_config.build_dir),
> > - shell=True)
> > - # FIT firmware signed with proper key
> > - check_call('cd %s; '
> > - '%s/tools/mkeficapsule --index 1 --monotonic-count 1 '
> > - '--private-key SIGNER.key --certificate SIGNER.crt '
> > - '--guid 3673B45D-6A7C-46F3-9E60-ADABB03F7937 '
> > - 'uboot_bin_env.itb Test13'
> > - % (data_dir, u_boot_config.build_dir),
> > - shell=True)
> > - # FIT firmware signed with *mal* key
> > - check_call('cd %s; '
> > - '%s/tools/mkeficapsule --index 1 --monotonic-count 1 '
> > - '--private-key SIGNER2.key '
> > - '--certificate SIGNER2.crt '
> > - '--guid 3673B45D-6A7C-46F3-9E60-ADABB03F7937 '
> > - 'uboot_bin_env.itb Test14'
> > - % (data_dir, u_boot_config.build_dir),
> > - shell=True)
> > - # raw firmware signed with proper key with version information
> > - check_call('cd %s; '
> > - '%s/tools/mkeficapsule --index 1 --monotonic-count 1 '
> > - '--fw-version 5 '
> > - '--private-key SIGNER.key --certificate SIGNER.crt '
> > - '--guid 09D7CF52-0720-4710-91D1-08469B7FE9C8 '
> > - 'u-boot.bin.new Test111'
> > - % (data_dir, u_boot_config.build_dir),
> > - shell=True)
> > - # raw firmware signed with proper key with version information
> > - check_call('cd %s; '
> > - '%s/tools/mkeficapsule --index 2 --monotonic-count 1 '
> > - '--fw-version 10 '
> > - '--private-key SIGNER.key --certificate SIGNER.crt '
> > - '--guid 5A7021F5-FEF2-48B4-AABA-832E777418C0 '
> > - 'u-boot.env.new Test112'
> > - % (data_dir, u_boot_config.build_dir),
> > - shell=True)
> > - # raw firmware signed with proper key with lower version information
> > - check_call('cd %s; '
> > - '%s/tools/mkeficapsule --index 1 --monotonic-count 1 '
> > - '--fw-version 2 '
> > - '--private-key SIGNER.key --certificate SIGNER.crt '
> > - '--guid 09D7CF52-0720-4710-91D1-08469B7FE9C8 '
> > - 'u-boot.bin.new Test113'
> > - % (data_dir, u_boot_config.build_dir),
> > - shell=True)
> > - # FIT firmware signed with proper key with version information
> > - check_call('cd %s; '
> > - '%s/tools/mkeficapsule --index 1 --monotonic-count 1 '
> > - '--fw-version 5 '
> > - '--private-key SIGNER.key --certificate SIGNER.crt '
> > - '--guid 3673B45D-6A7C-46F3-9E60-ADABB03F7937 '
> > - 'uboot_bin_env.itb Test114'
> > - % (data_dir, u_boot_config.build_dir),
> > - shell=True)
> > - # FIT firmware signed with proper key with lower version information
> > - check_call('cd %s; '
> > - '%s/tools/mkeficapsule --index 1 --monotonic-count 1 '
> > - '--fw-version 2 '
> > - '--private-key SIGNER.key --certificate SIGNER.crt '
> > - '--guid 3673B45D-6A7C-46F3-9E60-ADABB03F7937 '
> > - 'uboot_bin_env.itb Test115'
> > - % (data_dir, u_boot_config.build_dir),
> > - shell=True)
> > -
> > # Create a disk image with EFI system partition
> > check_call('virt-make-fs --partition=gpt --size=+1M --type=vfat %s %s' %
> > (mnt_point, image_path), shell=True)
> > diff --git a/test/py/tests/test_efi_capsule/uboot_bin_env.its b/test/py/tests/test_efi_capsule/uboot_bin_env.its
> > deleted file mode 100644
> > index fc65907481..0000000000
> > --- a/test/py/tests/test_efi_capsule/uboot_bin_env.its
> > +++ /dev/null
> > @@ -1,36 +0,0 @@
> > -/*
> > - * Automatic software update for U-Boot
> > - * Make sure the flashing addresses ('load' prop) is correct for your board!
> > - */
> > -
> > -/dts-v1/;
> > -
> > -/ {
> > - description = "Automatic U-Boot environment update";
> > - #address-cells = <2>;
> > -
> > - images {
> > - u-boot-bin {
> > - description = "U-Boot binary on SPI Flash";
> > - data = /incbin/("BINFILE1");
> > - compression = "none";
> > - type = "firmware";
> > - arch = "sandbox";
> > - load = <0>;
> > - hash-1 {
> > - algo = "sha1";
> > - };
> > - };
> > - u-boot-env {
> > - description = "U-Boot environment on SPI Flash";
> > - data = /incbin/("BINFILE2");
> > - compression = "none";
> > - type = "firmware";
> > - arch = "sandbox";
> > - load = <0>;
> > - hash-1 {
> > - algo = "sha1";
> > - };
> > - };
> > - };
> > -};
> > --
> > 2.34.1
> >
>
> REgards,
> Simon
More information about the U-Boot
mailing list