mirror of
https://github.com/AsahiLinux/u-boot
synced 2024-11-11 15:37:23 +00:00
6da9271af1
The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
114 lines
2.8 KiB
Groff
114 lines
2.8 KiB
Groff
.\" SPDX-License-Identifier: GPL-2.0+
|
|
.\" Copyright (c) 2021, Linaro Limited
|
|
.\" written by AKASHI Takahiro <takahiro.akashi@linaro.org>
|
|
.TH MAEFICAPSULE 1 "May 2021"
|
|
|
|
.SH NAME
|
|
mkeficapsule \- Generate EFI capsule file for U-Boot
|
|
|
|
.SH SYNOPSIS
|
|
.B mkeficapsule
|
|
.RI [ options ] " " [ image-blob ] " " capsule-file
|
|
|
|
.SH "DESCRIPTION"
|
|
.B mkeficapsule
|
|
command is used to create an EFI capsule file for use with the U-Boot
|
|
EFI capsule update.
|
|
A capsule file may contain various type of firmware blobs which
|
|
are to be applied to the system and must be placed in the specific
|
|
directory on the UEFI system partition.
|
|
An update will be automatically executed at next reboot.
|
|
|
|
Optionally, a capsule file can be signed with a given private key.
|
|
In this case, the update will be authenticated by verifying the signature
|
|
before applying.
|
|
|
|
Additionally, an empty capsule file can be generated for acceptance or
|
|
rejection of firmware images by a governing component like an Operating
|
|
System. The empty capsules do not require an image-blob input file.
|
|
|
|
|
|
.B mkeficapsule
|
|
takes any type of image files when generating non empty capsules, including:
|
|
.TP
|
|
.I raw image
|
|
format is a single binary blob of any type of firmware.
|
|
|
|
.TP
|
|
.I FIT (Flattened Image Tree) image
|
|
format is the same as used in the new uImage format and allows for
|
|
multiple binary blobs in a single capsule file.
|
|
This type of image file can be generated by
|
|
.BR mkimage .
|
|
|
|
.SH "OPTIONS"
|
|
|
|
.TP
|
|
.BI "-g\fR,\fB --guid " guid-string
|
|
Specify guid for image blob type. The format is:
|
|
xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
|
|
|
|
The first three elements are in little endian, while the rest
|
|
is in big endian. The option must be specified for all non empty and
|
|
image acceptance capsules
|
|
|
|
.TP
|
|
.BI "-i\fR,\fB --index " index
|
|
Specify an image index
|
|
|
|
.TP
|
|
.BI "-I\fR,\fB --instance " instance
|
|
Specify a hardware instance
|
|
|
|
.PP
|
|
For generation of firmware accept empty capsule
|
|
.BR --guid
|
|
is mandatory
|
|
.TP
|
|
.BI "-A\fR,\fB --fw-accept "
|
|
Generate a firmware acceptance empty capsule
|
|
|
|
.TP
|
|
.BI "-R\fR,\fB --fw-revert "
|
|
Generate a firmware revert empty capsule
|
|
|
|
.TP
|
|
.BR -h ", " --help
|
|
Print a help message
|
|
|
|
.PP
|
|
With signing,
|
|
.BR --private-key ", " --certificate " and " --monotonic-count
|
|
are all mandatory.
|
|
|
|
.TP
|
|
.BI "-p\fR,\fB --private-key " private-key-file
|
|
Specify signer's private key file in PEM
|
|
|
|
.TP
|
|
.BI "-c\fR,\fB --certificate " certificate-file
|
|
Specify signer's certificate file in EFI certificate list format
|
|
|
|
.TP
|
|
.BI "-m\fR,\fB --monotonic-count " count
|
|
Specify a monotonic count which is set to be monotonically incremented
|
|
at every firmware update.
|
|
|
|
.TP
|
|
.B "-d\fR,\fB --dump_sig"
|
|
Dump signature data into *.p7 file
|
|
|
|
.PP
|
|
.SH FILES
|
|
.TP
|
|
.I /EFI/UpdateCapsule
|
|
The directory in which all capsule files be placed
|
|
|
|
.SH SEE ALSO
|
|
.BR mkimage (1)
|
|
|
|
.SH AUTHORS
|
|
Written by AKASHI Takahiro <takahiro.akashi@linaro.org>
|
|
|
|
.SH HOMEPAGE
|
|
http://www.denx.de/wiki/U-Boot/WebHome
|