This patchset aims to bring two capsule related tasks under the u-boot build flow.
One is the embedding of the public key into the platform's dtb as part of dtb' build. The public key is in the form of an EFI Signature List(ESL) file and is used for capsule authentication. This is achieved at the time of the dtb generation, with the path to the ESL file being provided through a Kconfig symbol(CONFIG_EFI_CAPSULE_ESL_FILE).
Changes have also been made to the test flow so that the keys used for signing the capsule, and the ESL file, are generated prior to invoking the u-boot's build, which enables embedding the ESL file into the dtb as part of the u-boot build flow.
The other task is to add a make target for generating capsules. This is being achieved by adding support for parsing a config file to get the capsule generation parameters. Multiple payloads can be specified, resulting in generation of multiple capsules with a single invocation of the command. The path to the config file is to be specified through a Kconfig symbol(CONFIG_EFI_CAPSULE_CFG_FILE).
Changes have also been made to the efi capsule test setup, whereby, with the above config symbol having been populated, the capsule files are generated through the make capsule command. The requisite config file has been placed under the test/py/tests/test_efi_capsule/ directory, which results in generation of the same set of capsule files.
Currently, the capsule authentication feature is tested on the sandbox and sandbox_flattree variants. The capsule generation through config file is enabled for the sandbox variant, with the sandbox_flattree variant generating capsules through the command-line parameters.
The document has been updated to reflect the above changes.
Sughosh Ganu (7): capsule: authenticate: Embed capsule public key in platform's dtb test: py: Generate capsule keys prior to building u-boot doc: capsule: Document the new mechanism to embed ESL file into dtb tools: mkeficapsule: Add support for parsing capsule params from config file Makefile: Add a target for building capsules test: efi_capsule: Test capsule generation from config file doc: Add documentation to describe capsule config file format
Makefile | 9 + configs/sandbox_defconfig | 2 + configs/sandbox_flattree_defconfig | 1 + doc/develop/uefi/uefi.rst | 83 ++++- lib/efi_loader/Kconfig | 11 + scripts/Makefile.lib | 8 + scripts/embed_capsule_key.sh | 25 ++ test/py/conftest.py | 64 ++++ test/py/tests/test_efi_capsule/conftest.py | 144 ++++---- .../test_efi_capsule/sandbox_capsule_cfg.txt | 75 ++++ test/py/tests/test_efi_capsule/signature.dts | 10 - tools/Kconfig | 9 + tools/Makefile | 1 + tools/eficapsule.h | 110 ++++++ tools/mkeficapsule.c | 106 ++++-- tools/mkeficapsule_parse.c | 345 ++++++++++++++++++ 16 files changed, 866 insertions(+), 137 deletions(-) create mode 100755 scripts/embed_capsule_key.sh create mode 100644 test/py/tests/test_efi_capsule/sandbox_capsule_cfg.txt delete mode 100644 test/py/tests/test_efi_capsule/signature.dts create mode 100644 tools/mkeficapsule_parse.c