This commit describes the procedure to add the firmware version into the capsule file.
Signed-off-by: Masahisa Kojima masahisa.kojima@linaro.org --- Newly created in v6
doc/develop/uefi/uefi.rst | 29 +++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+)
diff --git a/doc/develop/uefi/uefi.rst b/doc/develop/uefi/uefi.rst index ffe25ca231..efab0fc7b1 100644 --- a/doc/develop/uefi/uefi.rst +++ b/doc/develop/uefi/uefi.rst @@ -510,6 +510,35 @@ where signature.dts looks like:: }; };
+Enabling Firmware Versioning +**************************** + +The UEFI specification does not define the firmware versioning mechanism. +EDK II reference implementation inserts the FMP Payload Header right before +the payload. It coutains the fw_version and lowest supported version, +EDK II reference implementation uses these information to implement the +firmware versioning and anti-rollback protection, the firmware version and +lowest supported version is stored into EFI non-volatile variable. + +In U-Boot, the firmware versioning is implemented utilizing +the FMP Payload Header same as EDK II reference implementation, +reads the FMP Payload Header and stores the firmware version into +"FmpStateXXXX" EFI non-volatile variable. XXXX indicates the image index, +since FMP protocol handles multiple image indexes. + + +1. Run the following command to add firmware version into the capsule file + +.. code-block:: console + + $ mkeficapsule --monotonic-count 1 \ + --private-key CRT.key \ + --certificate CRT.crt \ + --index 1 --instance 0 \ + --fw-version 5 \ + [--fit | --raw | --guid <guid-string] \ + <image_blob> <capsule_file_name> + Executing the boot manager ~~~~~~~~~~~~~~~~~~~~~~~~~~