From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from phobos.denx.de (phobos.denx.de [85.214.62.61]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 759CEC7EE29 for ; Mon, 22 May 2023 21:29:47 +0000 (UTC) Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id DD67C8537D; Mon, 22 May 2023 23:29:45 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="mAywzsBn"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id 76A2E854CF; Mon, 22 May 2023 23:29:44 +0200 (CEST) Received: from mail-wr1-x42a.google.com (mail-wr1-x42a.google.com [IPv6:2a00:1450:4864:20::42a]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id E4B91847D9 for ; Mon, 22 May 2023 23:29:41 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=ilias.apalodimas@linaro.org Received: by mail-wr1-x42a.google.com with SMTP id ffacd0b85a97d-30796c0cbcaso6604628f8f.1 for ; Mon, 22 May 2023 14:29:41 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1684790981; x=1687382981; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:from:to:cc:subject:date:message-id:reply-to; bh=0odumh0AOLxJcPCGHNvJmg6VN8cHeLbBnJ9+FBiVKEQ=; b=mAywzsBnWO1E/B8bdiMRolMrfyCzmorUdO8/EqAjv9G15jDpXFTwwTU5e0iUBh7Jun t/VtoHn/Ay7+7BT1hA/okdZWq2H3CdfjH0BDGx525tBrlS0ysTmvSVJAE5JyuzW1uhCP lZR9JMoV4suiP3AJQuiYHGl6oRw1EaNyvEzljFzZREZDwJURrlZNKKUWqQqo8fnoiKbv gK3mFt7MuSnOSga0Ttae2oIZkAMNa8zu9k+UFboreDGvn8tdt3+gL1voffxHuHaI2icI 5X1nh3fEl1d4gPWvazW1TNdeWN8XIIxziEiJYglFvtyidBv8Y4F0EScVEcAEgmk/x4XY HdZw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1684790981; x=1687382981; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=0odumh0AOLxJcPCGHNvJmg6VN8cHeLbBnJ9+FBiVKEQ=; b=fQWTIUc38Ej77QhuPRZbLMW+bqShGUTogBFYL8Z0RgdZ+j5HXOkferZBGAWnwoqcQp U13riGvPjlDazPbBiEBAwXQ2qDaLk8xGQ+IBMN1LtFwfhAcWanMn2nYUdqEFyIHZ3Ivz v3OmJ7Lfu9tcQQnU4EoIP2TIm7FSU6aYuwdpG/7axMP9TkHvhd8GZi7nEmlaP09aHqXZ WAAPPRMX4Y/BRocjLMSA9YPdsYPVapA8kDcNBgRFkzc1xx2LPXweIPKouFt7p4h+q0kz HTq/hSHuk9uyVkl7R/d1mlo0mG0Hw2Upcs4tny7cFozF8ThumCA7Gxa7ByXD9ta3FN8c IMLg== X-Gm-Message-State: AC+VfDxpPxItlhUWSrx96Dn2ePwP5yg1+Xyl7qIUbkNtO6pXaj+hflLR kzkfN9XMz2R6aCh7azSo9Wgkrw== X-Google-Smtp-Source: ACHHUZ7SEteEpEOL6Vqd9D9nSNrvSW8e12r4MSsJjHJeSYO3J+a/5suSaWsvbLS0vvpMzAWkvjsShQ== X-Received: by 2002:a5d:4cd1:0:b0:2f6:bf04:c8cc with SMTP id c17-20020a5d4cd1000000b002f6bf04c8ccmr7843838wrt.55.1684790981436; Mon, 22 May 2023 14:29:41 -0700 (PDT) Received: from hera (ppp176092130041.access.hol.gr. [176.92.130.41]) by smtp.gmail.com with ESMTPSA id j15-20020a5d464f000000b00307d58b3da9sm8913536wrs.25.2023.05.22.14.29.40 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 22 May 2023 14:29:41 -0700 (PDT) Date: Tue, 23 May 2023 00:29:39 +0300 From: Ilias Apalodimas To: Masahisa Kojima Cc: u-boot@lists.denx.de, Heinrich Schuchardt , Simon Glass , Takahiro Akashi , Sughosh Ganu , Etienne Carriere Subject: Re: [PATCH v6 6/8] mkeficapsule: add FMP Payload Header Message-ID: References: <20230519103214.1239656-1-masahisa.kojima@linaro.org> <20230519103214.1239656-7-masahisa.kojima@linaro.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20230519103214.1239656-7-masahisa.kojima@linaro.org> X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.39 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.8 at phobos.denx.de X-Virus-Status: Clean On Fri, May 19, 2023 at 07:32:12PM +0900, Masahisa Kojima wrote: > Current mkeficapsule tool does not provide firmware > version management. EDK II reference implementation inserts > the FMP Payload Header right before the payload. > It coutains the fw_version and lowest supported version. > > This commit adds a new parameters required to generate > the FMP Payload Header for mkeficapsule tool. > '-v' indicates the firmware version. > > When mkeficapsule tool is invoked without '-v' option, > FMP Payload Header is not inserted, the behavior is same as > current implementation. > > The lowest supported version included in the FMP Payload Header > is not used, the value stored in the device tree is used instead. > > Signed-off-by: Masahisa Kojima > --- > No update since v5 > > Changes in v5: > - remove --lsv since we use the lowest_supported_version in the dtb > > Changes in v3: > - remove '-f' option > - move some definitions into tools/eficapsule.h > - add dependency check of fw_version and lowest_supported_version > - remove unexpected modification of existing fprintf() call > - add documentation > > Newly created in v2 > > doc/mkeficapsule.1 | 10 ++++++++++ > tools/eficapsule.h | 30 ++++++++++++++++++++++++++++++ > tools/mkeficapsule.c | 37 +++++++++++++++++++++++++++++++++---- > 3 files changed, 73 insertions(+), 4 deletions(-) > > diff --git a/doc/mkeficapsule.1 b/doc/mkeficapsule.1 > index 1ca245a10f..c4c2057d5c 100644 > --- a/doc/mkeficapsule.1 > +++ b/doc/mkeficapsule.1 > @@ -61,6 +61,16 @@ Specify an image index > .BI "-I\fR,\fB --instance " instance > Specify a hardware instance > > +.PP > +FMP Payload Header is inserted right before the payload if > +.BR --fw-version > +is specified > + > + > +.TP > +.BI "-v\fR,\fB --fw-version " firmware-version > +Specify a firmware version, 0 if omitted > + > .PP > For generation of firmware accept empty capsule > .BR --guid > diff --git a/tools/eficapsule.h b/tools/eficapsule.h > index 072a4b5598..753fb73313 100644 > --- a/tools/eficapsule.h > +++ b/tools/eficapsule.h > @@ -113,4 +113,34 @@ struct efi_firmware_image_authentication { > struct win_certificate_uefi_guid auth_info; > } __packed; > > +/* fmp payload header */ > +#define SIGNATURE_16(A, B) ((A) | ((B) << 8)) > +#define SIGNATURE_32(A, B, C, D) \ > + (SIGNATURE_16(A, B) | (SIGNATURE_16(C, D) << 16)) > + > +#define FMP_PAYLOAD_HDR_SIGNATURE SIGNATURE_32('M', 'S', 'S', '1') > + > +/** > + * struct fmp_payload_header - EDK2 header for the FMP payload > + * > + * This structure describes the header which is preprended to the > + * FMP payload by the edk2 capsule generation scripts. > + * > + * @signature: Header signature used to identify the header > + * @header_size: Size of the structure > + * @fw_version: Firmware versions used > + * @lowest_supported_version: Lowest supported version (not used) > + */ > +struct fmp_payload_header { > + uint32_t signature; > + uint32_t header_size; > + uint32_t fw_version; > + uint32_t lowest_supported_version; > +}; > + > +struct fmp_payload_header_params { > + bool have_header; > + uint32_t fw_version; > +}; > + > #endif /* _EFI_CAPSULE_H */ > diff --git a/tools/mkeficapsule.c b/tools/mkeficapsule.c > index b71537beee..52be1f122e 100644 > --- a/tools/mkeficapsule.c > +++ b/tools/mkeficapsule.c > @@ -41,6 +41,7 @@ static struct option options[] = { > {"guid", required_argument, NULL, 'g'}, > {"index", required_argument, NULL, 'i'}, > {"instance", required_argument, NULL, 'I'}, > + {"fw-version", required_argument, NULL, 'v'}, > {"private-key", required_argument, NULL, 'p'}, > {"certificate", required_argument, NULL, 'c'}, > {"monotonic-count", required_argument, NULL, 'm'}, > @@ -60,6 +61,7 @@ static void print_usage(void) > "\t-g, --guid guid for image blob type\n" > "\t-i, --index update image index\n" > "\t-I, --instance update hardware instance\n" > + "\t-v, --fw-version firmware version\n" > "\t-p, --private-key private key file\n" > "\t-c, --certificate signer's certificate file\n" > "\t-m, --monotonic-count monotonic count\n" > @@ -402,6 +404,7 @@ static void free_sig_data(struct auth_context *ctx) > */ > static int create_fwbin(char *path, char *bin, efi_guid_t *guid, > unsigned long index, unsigned long instance, > + struct fmp_payload_header_params *fmp_ph_params, > uint64_t mcount, char *privkey_file, char *cert_file, > uint16_t oemflags) > { > @@ -410,10 +413,11 @@ static int create_fwbin(char *path, char *bin, efi_guid_t *guid, > struct efi_firmware_management_capsule_image_header image; > struct auth_context auth_context; > FILE *f; > - uint8_t *data; > + uint8_t *data, *new_data, *buf; > off_t bin_size; > uint64_t offset; > int ret; > + struct fmp_payload_header payload_header; > > #ifdef DEBUG > fprintf(stderr, "For output: %s\n", path); > @@ -423,6 +427,7 @@ static int create_fwbin(char *path, char *bin, efi_guid_t *guid, > auth_context.sig_size = 0; > f = NULL; > data = NULL; > + new_data = NULL; > ret = -1; > > /* > @@ -431,12 +436,30 @@ static int create_fwbin(char *path, char *bin, efi_guid_t *guid, > if (read_bin_file(bin, &data, &bin_size)) > goto err; > > + buf = data; > + > + /* insert fmp payload header right before the payload */ > + if (fmp_ph_params->have_header) { > + new_data = malloc(bin_size + sizeof(payload_header)); > + if (!new_data) > + goto err; > + > + payload_header.signature = FMP_PAYLOAD_HDR_SIGNATURE; > + payload_header.header_size = sizeof(payload_header); > + payload_header.fw_version = fmp_ph_params->fw_version; > + payload_header.lowest_supported_version = 0; /* not used */ > + memcpy(new_data, &payload_header, sizeof(payload_header)); > + memcpy(new_data + sizeof(payload_header), data, bin_size); > + buf = new_data; > + bin_size += sizeof(payload_header); > + } > + > /* first, calculate signature to determine its size */ > if (privkey_file && cert_file) { > auth_context.key_file = privkey_file; > auth_context.cert_file = cert_file; > auth_context.auth.monotonic_count = mcount; > - auth_context.image_data = data; > + auth_context.image_data = buf; > auth_context.image_size = bin_size; > > if (create_auth_data(&auth_context)) { > @@ -536,7 +559,7 @@ static int create_fwbin(char *path, char *bin, efi_guid_t *guid, > /* > * firmware binary > */ > - if (write_capsule_file(f, data, bin_size, "Firmware binary")) > + if (write_capsule_file(f, buf, bin_size, "Firmware binary")) > goto err; > > ret = 0; > @@ -545,6 +568,7 @@ err: > fclose(f); > free_sig_data(&auth_context); > free(data); > + free(new_data); > > return ret; > } > @@ -644,6 +668,7 @@ int main(int argc, char **argv) > unsigned long oemflags; > char *privkey_file, *cert_file; > int c, idx; > + struct fmp_payload_header_params fmp_ph_params = { 0 }; > > guid = NULL; > index = 0; > @@ -679,6 +704,10 @@ int main(int argc, char **argv) > case 'I': > instance = strtoul(optarg, NULL, 0); > break; > + case 'v': > + fmp_ph_params.fw_version = strtoul(optarg, NULL, 0); > + fmp_ph_params.have_header = true; > + break; > case 'p': > if (privkey_file) { > fprintf(stderr, > @@ -751,7 +780,7 @@ int main(int argc, char **argv) > exit(EXIT_FAILURE); > } > } else if (create_fwbin(argv[argc - 1], argv[argc - 2], guid, > - index, instance, mcount, privkey_file, > + index, instance, &fmp_ph_params, mcount, privkey_file, > cert_file, (uint16_t)oemflags) < 0) { > fprintf(stderr, "Creating firmware capsule failed\n"); > exit(EXIT_FAILURE); > -- > 2.17.1 > Acked-by: Ilias Apalodimas