On Thu, Mar 31, 2022 at 06:57:50PM +0530, Sughosh Ganu wrote:
Update the capsule update functionality related documentation to refect the additional definitions that need to be made per platform for supporting the capsule update feature.
Signed-off-by: Sughosh Ganu sughosh.ganu@linaro.org
Changes since V3:
- Rephrase the commit message to indicate that the doc changes are not just limited to adding the GUID values, but other info as well.
- Elaborate with an example on the relation between the dfu alt number and the image index
doc/develop/uefi/uefi.rst | 24 ++++++++++++++++++++++-- 1 file changed, 22 insertions(+), 2 deletions(-)
diff --git a/doc/develop/uefi/uefi.rst b/doc/develop/uefi/uefi.rst index fe337c88bd..d886635cc3 100644 --- a/doc/develop/uefi/uefi.rst +++ b/doc/develop/uefi/uefi.rst @@ -312,8 +312,8 @@ Run the following command .. code-block:: console
$ mkeficapsule \
--index 1 --instance 0 \[--fit <FIT image> | --raw <raw image>] \
--index <index> --instance 0 \--guid <image GUID> \ <capsule_file_name>Performing the update @@ -333,6 +333,26 @@ won't be taken over across the reboot. If this is the case, you can skip this feature check with the Kconfig option (CONFIG_EFI_IGNORE_OSINDICATIONS) set.
+A few things need to be defined in the board file for performing the +capsule upadte. The first is defining the function set_dfu_alt_info in
s/upadte/update/
+the board file. This function sets the environment variable +dfu_alt_info. Instead of taking the variable from the environment, the +capsule update feature requires that the variable be set through the
I think we should also mention that allowing a user to change the location of the firmware updates in flash is not a good security practice. Having that baked in the firmware (as long as a prior stage boot loader verifies it) is a better approach.
Thanks /Ilias
+board function, since that is more robust. Secondly, define GUID +values and image index of the images that are to be updated through +the capsule update feature in the board file. Both the values are to +be defined as part of the fw_images array. These GUID values would be +used by the Firmware Management Protocol(FMP) to populate the image +descriptor array and also displayed as part of the ESRT table. The +image index values defined in the array should be one greater than the +dfu alt number that corresponds to the firmware image. So, if the dfu +alt number for an image is 2, the value of image index in the +fw_images array for that image should be 3. The dfu alt number can be +obtained by running the following command::
- dfu list
Finally, the capsule update can be initiated by rebooting the board.
Enabling Capsule Authentication
2.25.1