Add support to dump the contents of capsule headers. This is useful as
a debug feature for checking the contents of the capsule headers, and
can also be used in capsule verification.
Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
The data type of item_offset_list shall be UINT64 according to the UEFI [1]
specifications.
In include/efi_api.h the correct data type is used. The bug was probably
never noticed because of little endianness.
[1] https://uefi.org/specs/UEFI/2.10/index.html
Signed-off-by: Malte Schmidt <malte.schmidt@weidmueller.com>
Signed-off-by: Stefan Herbrechtsmeier <stefan.herbrechtsmeier@weidmueller.com>
Current mkeficapsule tool does not provide firmware
version management. EDK II reference implementation inserts
the FMP Payload Header right before the payload.
It coutains the fw_version and lowest supported version.
This commit adds a new parameters required to generate
the FMP Payload Header for mkeficapsule tool.
'-v' indicates the firmware version.
When mkeficapsule tool is invoked without '-v' option,
FMP Payload Header is not inserted, the behavior is same as
current implementation.
The lowest supported version included in the FMP Payload Header
is not used, the value stored in the device tree is used instead.
Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
The Dependable Boot specification[1] describes the structure of the
firmware accept and revert capsules. These are empty capsules which
are used for signalling the acceptance or rejection of the updated
firmware by the OS. Add support for generating these empty capsules.
[1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf
Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
While building a capsule, the GUID value of that specific image is to
be passed through the --guid command option to the mkeficapsule
tool instead of using one of --raw or --fit options, where the GUID
value passed through the command line option is the image GUID.
This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and
EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the
--raw and --fit command line options as well. Also modify the
mkeficapsule man page to reflect this change.
Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
With this enhancement, mkeficapsule will be able to sign a capsule
file when it is created. A signature added will be used later
in the verification at FMP's SetImage() call.
To do that, we need specify additional command parameters:
-monotonic-cout <count> : monotonic count
-private-key <private key file> : private key file
-certificate <certificate file> : certificate file
Only when all of those parameters are given, a signature will be added
to a capsule file.
Users are expected to maintain and increment the monotonic count at
every time of the update for each firmware image.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
