On Sat, Jan 01, 2022 at 11:42:45PM +0100, Heinrich Schuchardt wrote:
On 12/20/21 06:02, AKASHI Takahiro wrote:
The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is.
To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file>
Signed-off-by: AKASHI Takahiro takahiro.akashi@linaro.org Reviewed-by: Simon Glass sjg@chromium.org
doc/develop/uefi/uefi.rst | 4 +- doc/mkeficapsule.1 | 26 +++++++++---- tools/Makefile | 1 + tools/mkeficapsule.c | 78 ++++++++++++++++++++++++++++++--------- 4 files changed, 82 insertions(+), 27 deletions(-)
diff --git a/doc/develop/uefi/uefi.rst b/doc/develop/uefi/uefi.rst index 864d61734bee..54fefd76f0f5 100644 --- a/doc/develop/uefi/uefi.rst +++ b/doc/develop/uefi/uefi.rst @@ -367,8 +367,8 @@ and used by the steps highlighted below. --private-key CRT.key \ --certificate CRT.crt \ --index 1 --instance 0 \
[--fit <FIT image> | --raw <raw image>] \<capsule_file_name>
[--fit | --raw | --guid <guid-string] \<image_blob> <capsule_file_name>
- Insert the signature list into a device tree in the following format::
diff --git a/doc/mkeficapsule.1 b/doc/mkeficapsule.1 index 837e09ab451e..312e8a8b3188 100644 --- a/doc/mkeficapsule.1 +++ b/doc/mkeficapsule.1 @@ -5,7 +5,7 @@ mkeficapsule - Generate EFI capsule file for U-Boot
.SH SYNOPSIS .B mkeficapsule -.RB [\fIoptions\fP] " \fIcapsule-file\fP" +.RB [\fIoptions\fP] " \fIimage-blob\fP \fIcapsule-file\fP"
Don't use escape sequences.
We are discussing this issue in another thread.
.SH "DESCRIPTION" The @@ -21,7 +21,7 @@ Optionally, a capsule file can be signed with a given private key. In this case, the update will be authenticated by verifying the signature before applying.
-\fBmkeficapsule\fP supports two different format of image files: +\fBmkeficapsule\fP takes any type of image files, including: .TP .I raw image format is a single binary blob of any type of firmware. @@ -33,16 +33,28 @@ is the same as used in the new \fIuImage\fP format and allows for multiple binary blobs in a single capsule file. This type of image file can be generated by \fBmkimage\fP.
+.PP +If you want to use other types than above two, you should explicitly +specify a guid for the FMP driver.
- .SH "OPTIONS"
-One of \fB--fit\fP or \fB--raw\fP option must be specified. +One of \fB--fit\fP, \fB--raw\fP or \fB--guid\fP option must be specified.
.TP -.BI "-f, --fit \fIfit-image-file\fP" -Specify a FIT image file +.BI "-f, --fit +Indicate that the blob is a FIT image file
.TP -.BI "-r, --raw \fIraw-image-file\fP" -Specify a raw image file +.BI "-r, --raw +Indicate that the blob is a raw image file
+.TP +.BI "-g, --guid \fIguid-string\fP"
Don't use escape sequences.
+Specify guid for image blob type. The format is:
- xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
+The first three elements are in little endian, while the rest +is in big endian.
.TP .BI "-i, --index \fIindex\fP" diff --git a/tools/Makefile b/tools/Makefile index afca08e2941a..cbf83a252caa 100644 --- a/tools/Makefile +++ b/tools/Makefile @@ -242,6 +242,7 @@ ifeq ($(CONFIG_TOOLS_LIBCRYPTO),y) HOSTLDLIBS_mkeficapsule += \ $(shell pkg-config --libs libssl libcrypto 2> /dev/null || echo "-lssl -lcrypto") endif +HOSTLDLIBS_mkeficapsule += -luuid hostprogs-$(CONFIG_TOOLS_MKEFICAPSULE) += mkeficapsule
# We build some files with extra pedantic flags to try to minimize things diff --git a/tools/mkeficapsule.c b/tools/mkeficapsule.c index 3e6f36430d74..8891496d1564 100644 --- a/tools/mkeficapsule.c +++ b/tools/mkeficapsule.c @@ -14,7 +14,7 @@
#include <sys/stat.h> #include <sys/types.h>
+#include <uuid/uuid.h> #include <linux/kconfig.h> #ifdef CONFIG_TOOLS_LIBCRYPTO #include <openssl/asn1.h> @@ -37,14 +37,15 @@ efi_guid_t efi_guid_image_type_uboot_raw = efi_guid_t efi_guid_cert_type_pkcs7 = EFI_CERT_TYPE_PKCS7_GUID;
#ifdef CONFIG_TOOLS_LIBCRYPTO -static const char *opts_short = "f:r:i:I:v:p:c:m:dh"; +static const char *opts_short = "frg:i:I:v:p:c:m:dh"; #else -static const char *opts_short = "f:r:i:I:v:h"; +static const char *opts_short = "frg:i:I:v:h"; #endif
static struct option options[] = {
- {"fit", required_argument, NULL, 'f'},
- {"raw", required_argument, NULL, 'r'},
- {"fit", no_argument, NULL, 'f'},
- {"raw", no_argument, NULL, 'r'},
- {"guid", required_argument, NULL, 'g'}, {"index", required_argument, NULL, 'i'}, {"instance", required_argument, NULL, 'I'}, #ifdef CONFIG_TOOLS_LIBCRYPTO
@@ -59,11 +60,12 @@ static struct option options[] = {
static void print_usage(void) {
- printf("Usage: %s [options] <output file>\n"
- printf("Usage: %s [options] <image blob> <output file>\n" "Options:\n"
"\t-f, --fit <fit image> new FIT image file\n""\t-r, --raw <raw image> new raw image file\n"
"\t-f, --fit FIT image type\n""\t-r, --raw raw image type\n""\t-g, --guid <guid string> guid for image blob type\n" "\t-i, --index <index> update image index\n" "\t-I, --instance <instance> update hardware instance\n"@@ -563,6 +565,37 @@ err: return ret; }
+/**
- convert_uuid_to_guid() - convert uuid string to guid string
- @buf: String for UUID
This isn't a string (like "00000000-0000-0000-0000-000000000000") but a u8[16].
OK, I will use "binary" if appropriate.
-Takahiro Akashi
Best regards
Heinrich
- UUID and GUID have the same data structure, but their string
- formats are different due to the endianness. See lib/uuid.c.
- Since uuid_parse() can handle only UUID, this function must
- be called to get correct data for GUID when parsing a string.
- The correct data will be returned in @buf.
- */
+void convert_uuid_to_guid(unsigned char *buf) +{
- unsigned char c;
- c = buf[0];
- buf[0] = buf[3];
- buf[3] = c;
- c = buf[1];
- buf[1] = buf[2];
- buf[2] = c;
- c = buf[4];
- buf[4] = buf[5];
- buf[5] = c;
- c = buf[6];
- buf[6] = buf[7];
- buf[7] = c;
+}
- /**
- main - main entry function of mkeficapsule
- @argc: Number of arguments
@@ -577,14 +610,13 @@ err: */ int main(int argc, char **argv) {
- char *file; efi_guid_t *guid;
- unsigned char uuid_buf[16]; unsigned long index, instance; uint64_t mcount; char *privkey_file, *cert_file; int c, idx;
- file = NULL; guid = NULL; index = 0; instance = 0;
@@ -599,21 +631,31 @@ int main(int argc, char **argv)
switch (c) { case 'f':
if (file) {printf("Image already specified\n");
if (guid) {printf("Image type already specified\n"); exit(EXIT_FAILURE); }
file = optarg; guid = &efi_guid_image_type_uboot_fit; break;if (file) {printf("Image already specified\n");
if (guid) {printf("Image type already specified\n"); exit(EXIT_FAILURE); }
file = optarg; guid = &efi_guid_image_type_uboot_raw; break;
case 'g':if (guid) {printf("Image type already specified\n");exit(EXIT_FAILURE);}if (uuid_parse(optarg, uuid_buf)) {printf("Wrong guid format\n");exit(EXIT_FAILURE);}convert_uuid_to_guid(uuid_buf);guid = (efi_guid_t *)uuid_buf;break;@@ -649,14 +691,14 @@ int main(int argc, char **argv) }
/* check necessary parameters */
- if ((argc != optind + 1) || !file ||
- if ((argc != optind + 2) || !guid || ((privkey_file && !cert_file) || (!privkey_file && cert_file))) { print_usage(); exit(EXIT_FAILURE); }
- if (create_fwbin(argv[optind], file, guid, index, instance,
- if (create_fwbin(argv[argc - 1], argv[argc - 2], guid, index, instance, mcount, privkey_file, cert_file) < 0) { printf("Creating firmware capsule failed\n"); exit(EXIT_FAILURE);