From: Takahiro Akashi <takahiro.akashi@linaro.org>
To: Masahisa Kojima <masahisa.kojima@linaro.org>
Cc: u-boot@lists.denx.de, Heinrich Schuchardt <xypron.glpk@gmx.de>,
Ilias Apalodimas <ilias.apalodimas@linaro.org>,
Simon Glass <sjg@chromium.org>
Subject: Re: [PATCH v6 7/8] doc: uefi: add firmware versioning documentation
Date: Mon, 22 May 2023 09:35:43 +0900 [thread overview]
Message-ID: <20230522003543.GB10198@laputa> (raw)
In-Reply-To: <20230519103214.1239656-8-masahisa.kojima@linaro.org>
On Fri, May 19, 2023 at 07:32:13PM +0900, Masahisa Kojima wrote:
> This commit describes the procedure to add the firmware version
> into the capsule file.
>
> Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
> ---
> Newly created in v6
>
> doc/develop/uefi/uefi.rst | 29 +++++++++++++++++++++++++++++
> 1 file changed, 29 insertions(+)
>
> diff --git a/doc/develop/uefi/uefi.rst b/doc/develop/uefi/uefi.rst
> index ffe25ca231..efab0fc7b1 100644
> --- a/doc/develop/uefi/uefi.rst
> +++ b/doc/develop/uefi/uefi.rst
> @@ -510,6 +510,35 @@ where signature.dts looks like::
> };
> };
>
> +Enabling Firmware Versioning
> +****************************
> +
> +The UEFI specification does not define the firmware versioning mechanism.
> +EDK II reference implementation inserts the FMP Payload Header right before
> +the payload. It coutains the fw_version and lowest supported version,
> +EDK II reference implementation uses these information to implement the
> +firmware versioning and anti-rollback protection, the firmware version and
> +lowest supported version is stored into EFI non-volatile variable.
> +
> +In U-Boot, the firmware versioning is implemented utilizing
> +the FMP Payload Header same as EDK II reference implementation,
> +reads the FMP Payload Header and stores the firmware version into
> +"FmpStateXXXX" EFI non-volatile variable. XXXX indicates the image index,
> +since FMP protocol handles multiple image indexes.
I suggested that you should use "FmState" with the firmware's own guid
as a vendor guid of the variable.
In theory, UEFI may have different FMP drivers, then "index id" may
have the same value for different firmwares.
> +
> +1. Run the following command to add firmware version into the capsule file
Anyhow, you'd better clearly mention that an user needs to specify
"--fw-version" option and what happens (or not happen) if the option
is not there.
I think all the text here can be simply merged in "Creating a capsule file".
-Takahiro Akashi
> +.. code-block:: console
> +
> + $ mkeficapsule --monotonic-count 1 \
> + --private-key CRT.key \
> + --certificate CRT.crt \
> + --index 1 --instance 0 \
> + --fw-version 5 \
> + [--fit | --raw | --guid <guid-string] \
> + <image_blob> <capsule_file_name>
> +
> Executing the boot manager
> ~~~~~~~~~~~~~~~~~~~~~~~~~~
>
> --
> 2.17.1
>
next prev parent reply other threads:[~2023-05-22 0:35 UTC|newest]
Thread overview: 27+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-05-19 10:32 [PATCH v6 0/8] FMP versioning support Masahisa Kojima
2023-05-19 10:32 ` [PATCH v6 1/8] efi_loader: add the number of image entries in efi_capsule_update_info Masahisa Kojima
2023-05-22 7:34 ` Ilias Apalodimas
2023-05-22 20:42 ` Ilias Apalodimas
2023-05-19 10:32 ` [PATCH v6 2/8] efi_loader: store firmware version into FmpState variable Masahisa Kojima
2023-05-22 21:24 ` Ilias Apalodimas
2023-05-23 1:55 ` Masahisa Kojima
2023-05-28 8:39 ` Heinrich Schuchardt
2023-05-30 0:31 ` Masahisa Kojima
2023-05-19 10:32 ` [PATCH v6 3/8] efi_loader: versioning support in GetImageInfo Masahisa Kojima
2023-05-22 21:29 ` Ilias Apalodimas
2023-05-19 10:32 ` [PATCH v6 4/8] efi_loader: get lowest supported version from device tree Masahisa Kojima
2023-05-22 21:33 ` Ilias Apalodimas
2023-05-19 10:32 ` [PATCH v6 5/8] efi_loader: check lowest supported version Masahisa Kojima
2023-05-22 21:36 ` Ilias Apalodimas
2023-05-23 1:56 ` Masahisa Kojima
2023-05-19 10:32 ` [PATCH v6 6/8] mkeficapsule: add FMP Payload Header Masahisa Kojima
2023-05-22 21:29 ` Ilias Apalodimas
2023-05-19 10:32 ` [PATCH v6 7/8] doc: uefi: add firmware versioning documentation Masahisa Kojima
2023-05-22 0:35 ` Takahiro Akashi [this message]
2023-05-22 4:25 ` Masahisa Kojima
2023-05-19 10:32 ` [PATCH v6 8/8] doc: uefi: add anti-rollback documentation Masahisa Kojima
2023-05-22 0:27 ` Takahiro Akashi
2023-05-22 4:30 ` Masahisa Kojima
2023-05-22 4:32 ` [PATCH v6 0/8] FMP versioning support Masahisa Kojima
2023-05-28 8:54 ` Heinrich Schuchardt
2023-05-30 0:32 ` Masahisa Kojima
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230522003543.GB10198@laputa \
--to=takahiro.akashi@linaro.org \
--cc=ilias.apalodimas@linaro.org \
--cc=masahisa.kojima@linaro.org \
--cc=sjg@chromium.org \
--cc=u-boot@lists.denx.de \
--cc=xypron.glpk@gmx.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.