Hi Sughosh,
On Sat, 5 Aug 2023 at 05:35, Sughosh Ganu sughosh.ganu@linaro.org wrote:
Add a bintool for generating EFI capsules. This calls the mkeficapsule tool which generates the capsules.
Signed-off-by: Sughosh Ganu sughosh.ganu@linaro.org
Changes since V6:
- Split the changes for mkeficapsule btool into a separate patch, as suggested by Simon Glass.
- Use the word commandline consistently, as suggested by Simon Glass.
tools/binman/btool/mkeficapsule.py | 101 +++++++++++++++++++++++++++++ 1 file changed, 101 insertions(+) create mode 100644 tools/binman/btool/mkeficapsule.py
Reviewed-by: Simon Glass sjg@chromium.org
diff --git a/tools/binman/btool/mkeficapsule.py b/tools/binman/btool/mkeficapsule.py new file mode 100644 index 0000000000..61179747ff --- /dev/null +++ b/tools/binman/btool/mkeficapsule.py @@ -0,0 +1,101 @@ +# SPDX-License-Identifier: GPL-2.0+ +# Copyright 2023 Linaro Limited +# +"""Bintool implementation for mkeficapsule tool
+mkeficapsule is a tool used for generating EFI capsules.
+The following are the commandline options to be provided +to the tool +Usage: mkeficapsule [options] <image blob> <output file> +Options:
-g, --guid <guid string> guid for image blob type-i, --index <index> update image index-I, --instance <instance> update hardware instance-v, --fw-version <version> firmware version-p, --private-key <privkey file> private key file-c, --certificate <cert file> signer's certificate file-m, --monotonic-count <count> monotonic count-d, --dump_sig dump signature (*.p7)-A, --fw-accept firmware accept capsule, requires GUID, no image blob-R, --fw-revert firmware revert capsule, takes no GUID, no image blob-o, --capoemflag Capsule OEM Flag, an integer between 0x0000 and 0xffff-h, --help print a help message+"""
+from binman import bintool
+class Bintoolmkeficapsule(bintool.Bintool):
- """Handles the 'mkeficapsule' tool
- This bintool is used for generating the EFI capsules. The
- capsule generation parameters can either be specified through
- commandline, or through a config file.
- """
- def __init__(self, name):
super().__init__(name, 'mkeficapsule tool for generating capsules')- def generate_capsule(self, image_index, image_guid, hardware_instance,
payload, output_fname, priv_key, pub_key,monotonic_count=0, version=0, oemflags=0):"""Generate a capsule through commandline-provided parametersArgs:image_index (int): Unique number for identifying payload imageimage_guid (str): GUID used for identifying the image
I wonder what we can do about this, so that we don't have to speak in GUIDs? Is there a registry somewhere of what all these things are? It would be nice if you could provide a string like 'u-boot-sandbox' and the capsule tool would know what that means.
hardware_instance (int): Optional unique hardware instance ofa device in the system. 0 if not being usedpayload (str): Path to the input payload imageoutput_fname (str): Path to the output capsule filepriv_key (str): Path to the private keypub_key(str): Path to the public keymonotonic_count (int): Count used when signing an imageversion (int): Image version (Optional)oemflags (int): Optional 16 bit OEM flagsReturns:str: Tool output"""args = [f'--index={image_index}',f'--guid={image_guid}',f'--instance={hardware_instance}']if version:args += [f'--fw-version={version}']if oemflags:args += [f'--capoemflag={oemflags}']if priv_key and pub_key:args += [f'--monotonic-count={monotonic_count}',f'--private-key={priv_key}',f'--certificate={pub_key}']
It almost seems worth adding two methods in this class, one to build with keys and one to not. Anyway, we can leave it for now.
args += [payload,output_fname]return self.run_cmd(*args)- def fetch(self, method):
"""Fetch handler for mkeficapsuleThis builds the tool from sourceReturns:tuple:str: Filename of fetched file to copy to a suitable directorystr: Name of temp directory to remove, or None"""if method != bintool.FETCH_BUILD:return Nonecmd = ['tools-only_defconfig', 'tools']result = self.build_from_git('https://source.denx.de/u-boot/u-boot.git',cmd,'tools/mkeficapsule')return result-- 2.34.1
Regards, Simon