From: AKASHI Takahiro <takahiro.akashi@linaro.org>
To: Sughosh Ganu <sughosh.ganu@linaro.org>
Cc: u-boot@lists.denx.de, Heinrich Schuchardt <xypron.glpk@gmx.de>,
Masami Hiramatsu <masami.hiramatsu@linaro.org>,
Patrick Delaunay <patrick.delaunay@foss.st.com>,
Patrice Chotard <patrice.chotard@foss.st.com>,
Alexander Graf <agraf@csgraf.de>, Simon Glass <sjg@chromium.org>,
Bin Meng <bmeng.cn@gmail.com>,
Ilias Apalodimas <ilias.apalodimas@linaro.org>,
Jose Marinho <jose.marinho@arm.com>,
Grant Likely <grant.likely@arm.com>,
Tom Rini <trini@konsulko.com>,
Etienne Carriere <etienne.carriere@linaro.org>
Subject: Re: [PATCH v4 10/11] mkeficapsule: Add support for generating empty capsules
Date: Wed, 9 Feb 2022 12:05:06 +0900 [thread overview]
Message-ID: <20220209030506.GA26765@laputa> (raw)
In-Reply-To: <20220207182001.31270-11-sughosh.ganu@linaro.org>
Hi Sughosh,
On Mon, Feb 07, 2022 at 11:50:00PM +0530, Sughosh Ganu wrote:
> The Dependable Boot specification describes the structure of the
What is this specification? Please specify the link to the doc.
> firmware accept and revert capsules. These are empty capsules which
> are used for signalling the acceptance or rejection of the updated
> firmware by the OS. Add support for generating these empty capsules.
>
> Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
> ---
>
> Changes since V3:
> * Add related documentation for empty capsules in the mkeficapsule man
> page.
> * Add separate usage for empty capsules, with corresponding valid
> options.
> * Use ternary operators where possible.
> * Put a exclusivity check for the empty capsule options.
>
> doc/mkeficapsule.1 | 23 +++++++-
> tools/eficapsule.h | 8 +++
> tools/mkeficapsule.c | 131 ++++++++++++++++++++++++++++++++++++-------
> 3 files changed, 139 insertions(+), 23 deletions(-)
>
> diff --git a/doc/mkeficapsule.1 b/doc/mkeficapsule.1
> index 8babb27ee8..75fc15906a 100644
> --- a/doc/mkeficapsule.1
> +++ b/doc/mkeficapsule.1
> @@ -8,7 +8,7 @@ mkeficapsule \- Generate EFI capsule file for U-Boot
>
> .SH SYNOPSIS
> .B mkeficapsule
> -.RI [ options "] " image-blob " " capsule-file
> +.RI [ options ] " " [ image-blob ] " " capsule-file
With this formatting, "capsule-file" will get italic.
=> .RI [ options "] [" image-blob "] " capsule-file
Right?
Furthermore, I think we can describe the command syntax of the two
different cases (normal or empty capsule) more specifically.
>
> .SH "DESCRIPTION"
> .B mkeficapsule
> @@ -23,8 +23,13 @@ Optionally, a capsule file can be signed with a given private key.
> In this case, the update will be authenticated by verifying the signature
> before applying.
>
> +Additionally, an empty capsule file can be generated for acceptance or
> +rejection of firmware images by a governing component like an Operating
> +System. The empty capsules do not require an image-blob input file.
> +
> +
> .B mkeficapsule
> -takes any type of image files, including:
> +takes any type of image files when generating non empty capsules, including:
> .TP
> .I raw image
> format is a single binary blob of any type of firmware.
> @@ -43,7 +48,7 @@ specify a guid for the FMP driver.
> .SH "OPTIONS"
> One of
> .BR --fit ", " --raw " or " --guid
> -option must be specified.
> +option must be specified for non empty capsules.
>
> .TP
> .BR -f ", " --fit
> @@ -69,6 +74,18 @@ Specify an image index
> .BI "-I\fR,\fB --instance " instance
> Specify a hardware instance
>
> +.PP
> +For generation of firmware accept empty capsule
> +.BR --guid
> +is mandatory
I don't still understand why we need GUID for accept empty capsule.
We should have only one choice, whether all the new firmware be
permanently applied or completely reverted.
That's A/B update, isn't it?
> +.TP
> +.BI "-A\fR,\fB --fw-accept "
> +Generate a firmware acceptance empty capsule
> +
> +.TP
> +.BI "-R\fR,\fB --fw-revert "
> +Generate a firmware revert empty capsule
> +
> .TP
> .BR -h ", " --help
> Print a help message
> diff --git a/tools/eficapsule.h b/tools/eficapsule.h
> index 8c1560bb06..6001952bdc 100644
> --- a/tools/eficapsule.h
> +++ b/tools/eficapsule.h
> @@ -50,6 +50,14 @@ typedef struct {
> EFI_GUID(0x4aafd29d, 0x68df, 0x49ee, 0x8a, 0xa9, \
> 0x34, 0x7d, 0x37, 0x56, 0x65, 0xa7)
>
> +#define FW_ACCEPT_OS_GUID \
> + EFI_GUID(0x0c996046, 0xbcc0, 0x4d04, 0x85, 0xec, \
> + 0xe1, 0xfc, 0xed, 0xf1, 0xc6, 0xf8)
> +
> +#define FW_REVERT_OS_GUID \
> + EFI_GUID(0xacd58b4b, 0xc0e8, 0x475f, 0x99, 0xb5, \
> + 0x6b, 0x3f, 0x7e, 0x07, 0xaa, 0xf0)
> +
> /* flags */
> #define CAPSULE_FLAGS_PERSIST_ACROSS_RESET 0x00010000
>
> diff --git a/tools/mkeficapsule.c b/tools/mkeficapsule.c
> index 161affdd15..e5dbec3a92 100644
> --- a/tools/mkeficapsule.c
> +++ b/tools/mkeficapsule.c
> @@ -29,6 +29,7 @@
> #include "eficapsule.h"
>
> static const char *tool_name = "mkeficapsule";
> +unsigned char accept_fw_capsule, revert_fw_capsule, empty_capsule;
Bool? but those variables are redundant.
As Ilias suggested, introducing a new enum type here can
simplify the code in the following code.
enum {
CAPSULE_NORMAL_BLOB = 0,
CAPSULE_ACCEPT,
CAPSULE_REVERT,
} capsule_type;
>
> efi_guid_t efi_guid_fm_capsule = EFI_FIRMWARE_MANAGEMENT_CAPSULE_ID_GUID;
> efi_guid_t efi_guid_image_type_uboot_fit =
> @@ -38,9 +39,9 @@ efi_guid_t efi_guid_image_type_uboot_raw =
> efi_guid_t efi_guid_cert_type_pkcs7 = EFI_CERT_TYPE_PKCS7_GUID;
>
> #ifdef CONFIG_TOOLS_LIBCRYPTO
Please rebase your patch to my v10 or later.
I have already removed the dependency on openssl library.
> -static const char *opts_short = "frg:i:I:v:p:c:m:dh";
> +static const char *opts_short = "frg:i:I:v:p:c:m:dhAR";
> #else
> -static const char *opts_short = "frg:i:I:v:h";
> +static const char *opts_short = "frg:i:I:v:hAR";
> #endif
>
> static struct option options[] = {
> @@ -55,28 +56,50 @@ static struct option options[] = {
> {"monotonic-count", required_argument, NULL, 'm'},
> {"dump-sig", no_argument, NULL, 'd'},
> #endif
> + {"fw-accept", no_argument, NULL, 'A'},
> + {"fw-revert", no_argument, NULL, 'R'},
> {"help", no_argument, NULL, 'h'},
> {NULL, 0, NULL, 0},
> };
>
> static void print_usage(void)
> {
> - fprintf(stderr, "Usage: %s [options] <image blob> <output file>\n"
> - "Options:\n"
> -
> - "\t-f, --fit FIT image type\n"
> - "\t-r, --raw raw image type\n"
> - "\t-g, --guid <guid string> guid for image blob type\n"
> - "\t-i, --index <index> update image index\n"
> - "\t-I, --instance <instance> update hardware instance\n"
> + if (empty_capsule) {
> + if (accept_fw_capsule) {
> + fprintf(stderr, "Usage: %s [options] <output file>\n",
> + tool_name);
> + fprintf(stderr, "Options:\n"
> + "\t-A, --fw-accept firmware accept capsule\n"
> + "\t-g, --guid <guid string> guid for image blob type\n"
While I doubt the necessity of "--guid,"
why not accept "-f" or "-r" as a guid of image blob type?
(It seems that your actual code does.)
> + "\t-h, --help print a help message\n"
> + );
> + } else {
> + fprintf(stderr, "Usage: %s [options] <output file>\n",
> + tool_name);
> + fprintf(stderr, "Options:\n"
> + "\t-R, --fw-revert firmware revert capsule\n"
> + "\t-h, --help print a help message\n"
> + );
> + }
> + } else {
> + fprintf(stderr, "Usage: %s [options] <image blob> <output file>\n",
> + tool_name);
> + fprintf(stderr, "Options:\n"
> + "\t-f, --fit FIT image type\n"
> + "\t-r, --raw raw image type\n"
> + "\t-g, --guid <guid string> guid for image blob type\n"
> + "\t-i, --index <index> update image index\n"
> + "\t-I, --instance <instance> update hardware instance\n"
> #ifdef CONFIG_TOOLS_LIBCRYPTO
> - "\t-p, --private-key <privkey file> private key file\n"
> - "\t-c, --certificate <cert file> signer's certificate file\n"
> - "\t-m, --monotonic-count <count> monotonic count\n"
> - "\t-d, --dump_sig dump signature (*.p7)\n"
> + "\t-p, --private-key <privkey file> private key file\n"
> + "\t-c, --certificate <cert file> signer's certificate file\n"
> + "\t-m, --monotonic-count <count> monotonic count\n"
> + "\t-d, --dump_sig dump signature (*.p7)\n"
> #endif
> - "\t-h, --help print a help message\n",
> - tool_name);
> + "\t-A, --fw-accept firmware accept capsule\n"
> + "\t-R, --fw-revert firmware revert capsule\n"
> + "\t-h, --help print a help message\n");
> + }
> }
>
> /**
> @@ -598,6 +621,50 @@ void convert_uuid_to_guid(unsigned char *buf)
> buf[7] = c;
> }
>
> +static int create_empty_capsule(char *path, efi_guid_t *guid, bool fw_accept)
> +{
> + struct efi_capsule_header header;
> + FILE *f = NULL;
> + int ret = -1;
> + efi_guid_t fw_accept_guid = FW_ACCEPT_OS_GUID;
> + efi_guid_t fw_revert_guid = FW_REVERT_OS_GUID;
> + efi_guid_t payload, capsule_guid;
> +
> + f = fopen(path, "w");
> + if (!f) {
> + fprintf(stderr, "cannot open %s\n", path);
> + goto err;
> + }
> +
> + capsule_guid = fw_accept ? fw_accept_guid : fw_revert_guid;
> +
> + memcpy(&header.capsule_guid, &capsule_guid, sizeof(efi_guid_t));
> + header.header_size = sizeof(header);
> + header.flags = 0;
> +
> + header.capsule_image_size = fw_accept ?
> + sizeof(header) + sizeof(efi_guid_t) : sizeof(header);
> +
> + if (write_capsule_file(f, &header, sizeof(header),
> + "Capsule header"))
> + goto err;
> +
> + if (fw_accept) {
> + memcpy(&payload, guid, sizeof(efi_guid_t));
> + if (write_capsule_file(f, &payload, sizeof(payload),
> + "FW Accept Capsule Payload"))
> + goto err;
> + }
> +
> + ret = 0;
> +
> +err:
> + if (f)
> + fclose(f);
> +
> + return ret;
> +}
> +
> /**
> * main - main entry function of mkeficapsule
> * @argc: Number of arguments
> @@ -625,6 +692,8 @@ int main(int argc, char **argv)
> mcount = 0;
> privkey_file = NULL;
> cert_file = NULL;
> + accept_fw_capsule = 0;
> + revert_fw_capsule = 0;
> dump_sig = 0;
> for (;;) {
> c = getopt_long(argc, argv, opts_short, options, &idx);
> @@ -691,22 +760,44 @@ int main(int argc, char **argv)
> dump_sig = 1;
> break;
> #endif /* CONFIG_TOOLS_LIBCRYPTO */
> + case 'A':
> + accept_fw_capsule = 1;
> + break;
> + case 'R':
> + revert_fw_capsule = 1;
> + break;
> case 'h':
> print_usage();
> exit(EXIT_SUCCESS);
> }
> }
>
> + if (accept_fw_capsule && revert_fw_capsule) {
> + fprintf(stderr,
> + "Select either of Accept or Revert capsule generation\n");
> + exit(EXIT_FAILURE);
> + }
> +
> + empty_capsule = (accept_fw_capsule || revert_fw_capsule);
> +
> /* check necessary parameters */
> - if ((argc != optind + 2) || !guid ||
> - ((privkey_file && !cert_file) ||
> + if ((!empty_capsule && argc != optind + 2) ||
> + (empty_capsule && argc != optind + 1) ||
> + (!revert_fw_capsule && !guid) || ((privkey_file && !cert_file) ||
> (!privkey_file && cert_file))) {
Well, the error condition looks complicated due to mixing two cases
and can be hard to maintain in the future. How about
if (!empty_capsule &&
((argc != optind + 2) || !guid ||
((privkey_file && !cert_file) ||
(!privkey_file && cert_file))) ||
empty_capsule &&
((argc != optind + 1) ||
(accept_fw_capsule && revert_fw_capsule) ||
(accept_fw_capsule && !guid)) # arguable as mentioned above
(revert_fw_capsule && guid))
...
> print_usage();
> exit(EXIT_FAILURE);
> }
>
> - if (create_fwbin(argv[argc - 1], argv[argc - 2], guid, index, instance,
> - mcount, privkey_file, cert_file) < 0) {
> + if (empty_capsule) {
> + if (create_empty_capsule(argv[argc - 1], guid,
> + accept_fw_capsule ? 1 : 0) < 0) {
The third argument can be simplified to "accept_fw_capsule".
-Takahiro Akashi
> + fprintf(stderr, "Creating empty capsule failed\n");
> + exit(EXIT_FAILURE);
> + }
> + } else if (create_fwbin(argv[argc - 1], argv[argc - 2], guid,
> + index, instance, mcount, privkey_file,
> + cert_file) < 0) {
> fprintf(stderr, "Creating firmware capsule failed\n");
> exit(EXIT_FAILURE);
> }
> --
> 2.17.1
>
next prev parent reply other threads:[~2022-02-09 3:05 UTC|newest]
Thread overview: 64+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-02-07 18:19 [PATCH v4 00/11] FWU: Add support for FWU Multi Bank Update feature Sughosh Ganu
2022-02-07 18:19 ` [PATCH v4 01/11] FWU: Add FWU metadata structure and driver for accessing metadata Sughosh Ganu
2022-02-08 9:33 ` Masami Hiramatsu
2022-02-08 10:24 ` Sughosh Ganu
2022-02-08 11:23 ` Masami Hiramatsu
2022-02-08 10:56 ` Michal Simek
2022-02-08 11:35 ` Sughosh Ganu
2022-02-08 11:39 ` Michal Simek
2022-02-08 13:36 ` Masami Hiramatsu
2022-02-08 13:45 ` Michal Simek
2022-02-08 14:14 ` Masami Hiramatsu
2022-02-08 14:27 ` Michal Simek
2022-02-08 23:39 ` Masami Hiramatsu
2022-02-09 7:21 ` Michal Simek
2022-02-08 11:31 ` Michal Simek
2022-02-08 11:38 ` Sughosh Ganu
2022-02-08 11:44 ` Michal Simek
2022-02-08 11:54 ` Sughosh Ganu
2022-02-08 11:59 ` Michal Simek
2022-02-08 12:07 ` Sughosh Ganu
2022-02-08 12:14 ` Michal Simek
2022-02-08 12:49 ` Sughosh Ganu
2022-02-07 18:19 ` [PATCH v4 02/11] FWU: Add FWU metadata access driver for GPT partitioned block devices Sughosh Ganu
2022-02-09 4:56 ` Masami Hiramatsu
2022-02-09 9:03 ` Sughosh Ganu
2022-02-09 11:47 ` Masami Hiramatsu
2022-02-09 18:40 ` Sughosh Ganu
2022-02-10 1:43 ` Masami Hiramatsu
2022-02-10 3:14 ` Masami Hiramatsu
2022-02-10 12:25 ` Sughosh Ganu
2022-02-11 1:58 ` Masami Hiramatsu
2022-02-07 18:19 ` [PATCH v4 03/11] FWU: stm32mp1: Add helper functions for accessing FWU metadata Sughosh Ganu
2022-02-07 18:19 ` [PATCH v4 04/11] FWU: STM32MP1: Add support to read boot index from backup register Sughosh Ganu
2022-02-07 18:19 ` [PATCH v4 05/11] EFI: FMP: Add provision to update image's ImageTypeId in image descriptor Sughosh Ganu
2022-02-10 2:48 ` AKASHI Takahiro
2022-02-10 7:18 ` Sughosh Ganu
2022-02-10 7:58 ` AKASHI Takahiro
2022-02-10 10:10 ` Sughosh Ganu
2022-02-14 3:24 ` AKASHI Takahiro
2022-02-14 5:42 ` Sughosh Ganu
2022-02-15 1:51 ` AKASHI Takahiro
2022-02-15 6:38 ` Sughosh Ganu
2022-02-15 14:40 ` Ilias Apalodimas
2022-02-15 17:19 ` Sughosh Ganu
2022-02-17 8:22 ` Ilias Apalodimas
2022-02-17 10:10 ` Sughosh Ganu
2022-02-26 6:54 ` Heinrich Schuchardt
2022-02-26 9:54 ` Sughosh Ganu
2022-03-08 13:13 ` AKASHI Takahiro
2022-03-09 8:31 ` Ilias Apalodimas
2022-02-07 18:19 ` [PATCH v4 06/11] stm32mp1: Populate ImageTypeId values in EFI_FIRMWARE_IMAGE_DESCRIPTOR array Sughosh Ganu
2022-02-07 18:19 ` [PATCH v4 07/11] FWU: Add boot time checks as highlighted by the FWU specification Sughosh Ganu
2022-02-08 10:53 ` Michal Simek
2022-02-11 10:46 ` Sughosh Ganu
2022-02-07 18:19 ` [PATCH v4 08/11] FWU: Add support for FWU Multi Bank Update feature Sughosh Ganu
2022-02-07 18:19 ` [PATCH v4 09/11] FWU: cmd: Add a command to read FWU metadata Sughosh Ganu
2022-02-07 18:20 ` [PATCH v4 10/11] mkeficapsule: Add support for generating empty capsules Sughosh Ganu
2022-02-09 3:05 ` AKASHI Takahiro [this message]
2022-02-10 1:27 ` AKASHI Takahiro
2022-02-11 13:27 ` Sughosh Ganu
2022-02-11 13:25 ` Sughosh Ganu
2022-02-07 18:20 ` [PATCH v4 11/11] FWU: doc: Add documentation for the FWU feature Sughosh Ganu
2022-02-08 11:05 ` [PATCH v4 00/11] FWU: Add support for FWU Multi Bank Update feature Michal Simek
2022-02-08 12:09 ` Sughosh Ganu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220209030506.GA26765@laputa \
--to=takahiro.akashi@linaro.org \
--cc=agraf@csgraf.de \
--cc=bmeng.cn@gmail.com \
--cc=etienne.carriere@linaro.org \
--cc=grant.likely@arm.com \
--cc=ilias.apalodimas@linaro.org \
--cc=jose.marinho@arm.com \
--cc=masami.hiramatsu@linaro.org \
--cc=patrice.chotard@foss.st.com \
--cc=patrick.delaunay@foss.st.com \
--cc=sjg@chromium.org \
--cc=sughosh.ganu@linaro.org \
--cc=trini@konsulko.com \
--cc=u-boot@lists.denx.de \
--cc=xypron.glpk@gmx.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.