[PATCH 5/5] doc: uefi: clarify capsule concept
Stefan Herbrechtsmeier
stefan.herbrechtsmeier-oss at weidmueller.com
Fri Jun 16 13:34:26 CEST 2023
From: Malte Schmidt <malte.schmidt at weidmueller.com>
There seems to be some misused or inaccurate namings regarding the capsule
concept. Set the naming straight and add a table showing the naming
conventions. This table is based on the images found in chapter 23 of the
UEFI 2.10 specifications [1]. The table should help to build a common
understanding between the authors and readers of the documentation.
[1] https://uefi.org/specs/UEFI/2.10/index.html
Signed-off-by: Malte Schmidt <malte.schmidt at weidmueller.com>
Signed-off-by: Stefan Herbrechtsmeier <stefan.herbrechtsmeier at weidmueller.com>
---
doc/develop/uefi/uefi.rst | 42 ++++++++++++++++++++++++++++++++++++---
1 file changed, 39 insertions(+), 3 deletions(-)
diff --git a/doc/develop/uefi/uefi.rst b/doc/develop/uefi/uefi.rst
index b513934d31..56188c5b10 100644
--- a/doc/develop/uefi/uefi.rst
+++ b/doc/develop/uefi/uefi.rst
@@ -300,6 +300,42 @@ not present are ignored when determining the active boot option.
Please note that capsules will be applied in the alphabetic order of
capsule file names.
+Structure of a capsule file
+***************************
+
+The strucutre of a firmware management capsule as defined in [1] is shown
+below. The tools/mkeficapsule program supports creating firmware management
+capsules with multiple payloads and optionally with firmware image
+authentication.
+
+.. code-block:: text
+
+ +-------------------------------------------------------------------------+
+ | EFI_CAPSULE_HEADER |
+ +--------------+----------------------------------------------------------+
+ | Capsule Body | EFI_FIRMWARE_MANAGEMENT_CAPSULE_HEADER |
+ | +----------------------------------------------------------+
+ | | Optional Driver 1 |
+ | +----------------------------------------------------------+
+ | | Optional Driver 2 |
+ | +----------------------------------------------------------+
+ | | ... |
+ | +-----------+----------------------------------------------+
+ | | Payload 1 | EFI_FIRMWARE_MANAGEMENT_CAPSULE_IMAGE_HEADER |
+ | | +----------------------------------------------+
+ | | | Firmware Image Authentication (optional) |
+ | | +----------------------------------------------+
+ | | | Dependency Expression (optional) |
+ | | +----------------------------------------------+
+ | | | Firmware Image |
+ | +-----------+----------------------------------------------+
+ | | Payload 2 |
+ | +----------------------------------------------------------+
+ | | ... |
+ | +----------------------------------------------------------+
+ | | Payload n |
+ +--------------+----------------------------------------------------------+
+
Creating a capsule file
***********************
@@ -482,9 +518,9 @@ following command can be issued
Enabling Capsule Authentication
*******************************
-The UEFI specification defines a way of authenticating the capsule to
-be updated by verifying the capsule signature. The capsule signature
-is computed and prepended to the capsule payload at the time of
+The UEFI specification defines a way of authenticating the capsule payload
+to be updated by verifying the signature of each capsule payload. The payload
+signature is computed and prepended to the capsule payload at the time of
capsule generation. This signature is then verified by using the
public key stored as part of the X509 certificate. This certificate is
in the form of an efi signature list (esl) file, which is embedded in
--
2.30.2
More information about the U-Boot
mailing list