Re: [PATCH 2/5] mkeficapsule: add support for multiple payloads inside capsule
Hello Takahiro,
Am 17.06.2023 um 02:37 schrieb AKASHI Takahiro:
On Fri, Jun 16, 2023 at 03:32:59PM +0200, Schmidt, Malte wrote:
Hi Sughos,
one other question. Do you know what the advantage of mkeficapsule tool over
the EDK2 GenerateCapsule tool is? It seems like reinventing the wheel
for me.
Simply because I didn't want to have a dependency on EDK2 package
when users use U-Boot as EFI framework.
(In other words, make it self-contained?)
-Takahiro Akashi
thanks for the clarification.
Best Regards
Malte
Best Regards
Malte
Am 16.06.2023 um 14:59 schrieb Schmidt, Malte:
Hi Sughos,
Am 16.06.2023 um 14:32 schrieb Sughosh Ganu:
On Fri, 16 Jun 2023 at 17:56, Sughosh Ganu
wrote:
hi Stefan,
On Fri, 16 Jun 2023 at 17:04, Stefan Herbrechtsmeier
wrote:
From: Malte Schmidt
The UEFI [1] specification allows multiple payloads inside the capsule
body. Add support for this. The command line arguments are kept
backwards-compatible.
[1] https://uefi.org/specs/UEFI/2.10/index.html
I am trying to upstream support for specifying the capsule parameters
for multiple payloads through a config file [1]. This is on similar
lines to the support in the Edk2 GenerateCapule tool where multiple
payloads can be specified through a json file. I think you can base
your changes on my series.
Btw, with the support being added for getting the capsule parameters
through a config file, I believe your changes would be pretty much
simplified. Instead of passing all those parameters through the
command line, they can instead be read from the config file and used
to generate a single capsule file consisting of multiple payloads.
That would be a much simpler implementation.
-sughosh
thanks for the heads up. So your opinion is that we only support multiple
payloads via config files and not the command line? I think it does not
hurt to have both options available.
I plan to rebase my code on yours once it nears the finish line. I still
have a suggsetion for it which I will post in a sec.
Best Regards
Malte
-sughosh
[1] -
https://lore.kernel.org/u-boot/20230613103806.812065-1-sughosh.g...@linaro.org/T/#mc8c0500863bd3a1580c572679370a565f8d7f2c8
Signed-off-by: Malte Schmidt
Signed-off-by: Stefan Herbrechtsmeier
---
tools/eficapsule.h | 5 -
tools/mkeficapsule.c | 636
---
2 files changed, 475 insertions(+), 166 deletions(-)
diff --git a/tools/eficapsule.h b/tools/eficapsule.h
index 753fb73313..001af3217c 100644
--- a/tools/eficapsule.h
+++ b/tools/eficapsule.h
@@ -138,9 +138,4 @@ struct fmp_payload_header {
uint32_t lowest_supported_version;
};
-struct fmp_payload_header_params {
- bool have_header;
- uint32_t fw_version;
-};
-
#endif /* _EFI_CAPSULE_H */
diff --git a/tools/mkeficapsule.c b/tools/mkeficapsule.c
index b8db00b16b..1a4de0f092 100644
--- a/tools/mkeficapsule.c
+++ b/tools/mkeficapsule.c
@@ -29,7 +29,7 @@ static const char *tool_name = "mkeficapsule";
efi_guid_t efi_guid_fm_capsule =
EFI_FIRMWARE_MANAGEMENT_CAPSULE_ID_GUID;
efi_guid_t efi_guid_cert_type_pkcs7 = EFI_CERT_TYPE_PKCS7_GUID;
-static const char *opts_short = "g:i:I:v:p:c:m:o:dhAR";
+static const char *opts_short = "g:i:b:I:v:p:c:m:o:dhAR";
enum {
CAPSULE_NORMAL_BLOB = 0,
@@ -40,6 +40,7 @@ enum {
static struct option options[] = {
{"guid", required_argument, NULL, 'g'},
{"index", required_argument, NULL, 'i'},
+ {"image_blob", required_argument, NULL, 'b'},
{"instance", required_argument, NULL, 'I'},
{"fw-version", required_argument, NULL, 'v'},
{"private-key", required_argument, NULL, 'p'},
@@ -55,21 +56,22 @@ static struct option options[] = {
static void print_usage(void)
{
- fprintf(stderr, "Usage: %s [options] \n"
+ fprintf(stderr, "Usage: %s [options] [] \n"
"Options:\n"
- "\t-g, --guid guid for image blob type\n"
- "\t-i, --index update image index\n"
- "\t-I, --instance
update hardware instance\n"
- "\t-v, --fw-version firmware version\n"
- "\t-p, --private-key private key file\n"
- "\t-c, --certificate signer's certificate file\n"
- "\t-m, --monotonic-count monotonic count\n"
- "\t-d,
--dump_sig dump signature
(*.p7)\n"
- "\t-A, --fw-accept firmware
accept capsule, requires GUID, no image blob\n"
- "\t-R, --fw-revert firmware
revert capsule, takes no GUID, no image blob\n"
- "\t-o, --capoemflag Capsule
OEM Flag, an integer between 0x and 0x\n"
- "\t-h,
--help print a help
message\n",
+ "\t-g, --guid
comma-separated list of guids for image blob types\n"
+ "\t-i, --index
comma-separated list of update image indices\n"
+ "\t-b, --image_blob comma-separated list of image
Re: [PATCH 2/5] mkeficapsule: add support for multiple payloads inside capsule
On Sat, 17 Jun 2023 at 06:26, AKASHI Takahiro
wrote:
>
> On Fri, Jun 16, 2023 at 06:02:52PM +0530, Sughosh Ganu wrote:
> > On Fri, 16 Jun 2023 at 17:56, Sughosh Ganu wrote:
> > >
> > > hi Stefan,
> > >
> > > On Fri, 16 Jun 2023 at 17:04, Stefan Herbrechtsmeier
> > > wrote:
> > > >
> > > > From: Malte Schmidt
> > > >
> > > > The UEFI [1] specification allows multiple payloads inside the capsule
> > > > body. Add support for this. The command line arguments are kept
> > > > backwards-compatible.
> > > >
> > > > [1] https://uefi.org/specs/UEFI/2.10/index.html
> > >
> > > I am trying to upstream support for specifying the capsule parameters
> > > for multiple payloads through a config file [1]. This is on similar
> > > lines to the support in the Edk2 GenerateCapule tool where multiple
> > > payloads can be specified through a json file. I think you can base
> > > your changes on my series.
> >
> > Btw, with the support being added for getting the capsule parameters
> > through a config file, I believe your changes would be pretty much
> > simplified. Instead of passing all those parameters through the
> > command line, they can instead be read from the config file and used
> > to generate a single capsule file consisting of multiple payloads.
> > That would be a much simpler implementation.
>
> As I said in my reply to the patch[0/5], I don't think we have a strong
> reason to support multiple images because there is already a FIT-based
> capsule support.
> That said, if there is a good reason to do so, Sughosh's suggestion
> makes much sense to me.
>
> BTW, sughosh's patch implements yet another key:value format for
> config files. I wondered if we could use a generic (standardized) format,
> like a device tree or yaml, or others.
I chose the key:value pairs primarily because I wanted to keep the
syntax of the config file as similar to the one in EDK2 as possible. I
believe keeping the format simple is better especially when we are not
dealing with multiple values, or an array of u32 cells like in device
tree.
-sughosh
>
> -Takahiro Akashi
>
>
>
> > -sughosh
> >
> > >
> > > -sughosh
> > >
> > > [1] -
> > > https://lore.kernel.org/u-boot/20230613103806.812065-1-sughosh.g...@linaro.org/T/#mc8c0500863bd3a1580c572679370a565f8d7f2c8
> > >
> > > >
> > > > Signed-off-by: Malte Schmidt
> > > > Signed-off-by: Stefan Herbrechtsmeier
> > > >
> > > > ---
> > > >
> > > > tools/eficapsule.h | 5 -
> > > > tools/mkeficapsule.c | 636 ---
> > > > 2 files changed, 475 insertions(+), 166 deletions(-)
> > > >
> > > > diff --git a/tools/eficapsule.h b/tools/eficapsule.h
> > > > index 753fb73313..001af3217c 100644
> > > > --- a/tools/eficapsule.h
> > > > +++ b/tools/eficapsule.h
> > > > @@ -138,9 +138,4 @@ struct fmp_payload_header {
> > > > uint32_t lowest_supported_version;
> > > > };
> > > >
> > > > -struct fmp_payload_header_params {
> > > > - bool have_header;
> > > > - uint32_t fw_version;
> > > > -};
> > > > -
> > > > #endif /* _EFI_CAPSULE_H */
> > > > diff --git a/tools/mkeficapsule.c b/tools/mkeficapsule.c
> > > > index b8db00b16b..1a4de0f092 100644
> > > > --- a/tools/mkeficapsule.c
> > > > +++ b/tools/mkeficapsule.c
> > > > @@ -29,7 +29,7 @@ static const char *tool_name = "mkeficapsule";
> > > > efi_guid_t efi_guid_fm_capsule =
> > > > EFI_FIRMWARE_MANAGEMENT_CAPSULE_ID_GUID;
> > > > efi_guid_t efi_guid_cert_type_pkcs7 = EFI_CERT_TYPE_PKCS7_GUID;
> > > >
> > > > -static const char *opts_short = "g:i:I:v:p:c:m:o:dhAR";
> > > > +static const char *opts_short = "g:i:b:I:v:p:c:m:o:dhAR";
> > > >
> > > > enum {
> > > > CAPSULE_NORMAL_BLOB = 0,
> > > > @@ -40,6 +40,7 @@ enum {
> > > > static struct option options[] = {
> > > > {"guid", required_argument, NULL, 'g'},
> > > > {"index", required_argument, NULL, 'i'},
> > > > + {"image_blob", required_argument, NULL, 'b'},
> > > > {"instance", required_argument, NULL, 'I'},
> > > > {"fw-version", required_argument, NULL, 'v'},
> > > > {"private-key", required_argument, NULL, 'p'},
> > > > @@ -55,21 +56,22 @@ static struct option options[] = {
> > > >
> > > > static void print_usage(void)
> > > > {
> > > > - fprintf(stderr, "Usage: %s [options] > > > file>\n"
> > > > + fprintf(stderr, "Usage: %s [options] [] > > > file>\n"
> > > > "Options:\n"
> > > >
> > > > - "\t-g, --guid guid for image blob
> > > > type\n"
> > > > - "\t-i, --index update image index\n"
> > > > - "\t-I, --instanceupdate hardware
> > > > instance\n"
> > > > - "\t-v, --fw-version firmware version\n"
> > > > - "\t-p, --private-key private key file\n"
> > > > - "\t-c, --certificate signer's
> > > > certificate file\n"
> > > > - "\t-m, --monotonic-count monotonic count\n"
> > > > - "\t-d, --dump_sig
Re: [PATCH 2/5] mkeficapsule: add support for multiple payloads inside capsule
On Fri, Jun 16, 2023 at 06:02:52PM +0530, Sughosh Ganu wrote:
> On Fri, 16 Jun 2023 at 17:56, Sughosh Ganu wrote:
> >
> > hi Stefan,
> >
> > On Fri, 16 Jun 2023 at 17:04, Stefan Herbrechtsmeier
> > wrote:
> > >
> > > From: Malte Schmidt
> > >
> > > The UEFI [1] specification allows multiple payloads inside the capsule
> > > body. Add support for this. The command line arguments are kept
> > > backwards-compatible.
> > >
> > > [1] https://uefi.org/specs/UEFI/2.10/index.html
> >
> > I am trying to upstream support for specifying the capsule parameters
> > for multiple payloads through a config file [1]. This is on similar
> > lines to the support in the Edk2 GenerateCapule tool where multiple
> > payloads can be specified through a json file. I think you can base
> > your changes on my series.
>
> Btw, with the support being added for getting the capsule parameters
> through a config file, I believe your changes would be pretty much
> simplified. Instead of passing all those parameters through the
> command line, they can instead be read from the config file and used
> to generate a single capsule file consisting of multiple payloads.
> That would be a much simpler implementation.
As I said in my reply to the patch[0/5], I don't think we have a strong
reason to support multiple images because there is already a FIT-based
capsule support.
That said, if there is a good reason to do so, Sughosh's suggestion
makes much sense to me.
BTW, sughosh's patch implements yet another key:value format for
config files. I wondered if we could use a generic (standardized) format,
like a device tree or yaml, or others.
-Takahiro Akashi
> -sughosh
>
> >
> > -sughosh
> >
> > [1] -
> > https://lore.kernel.org/u-boot/20230613103806.812065-1-sughosh.g...@linaro.org/T/#mc8c0500863bd3a1580c572679370a565f8d7f2c8
> >
> > >
> > > Signed-off-by: Malte Schmidt
> > > Signed-off-by: Stefan Herbrechtsmeier
> > >
> > > ---
> > >
> > > tools/eficapsule.h | 5 -
> > > tools/mkeficapsule.c | 636 ---
> > > 2 files changed, 475 insertions(+), 166 deletions(-)
> > >
> > > diff --git a/tools/eficapsule.h b/tools/eficapsule.h
> > > index 753fb73313..001af3217c 100644
> > > --- a/tools/eficapsule.h
> > > +++ b/tools/eficapsule.h
> > > @@ -138,9 +138,4 @@ struct fmp_payload_header {
> > > uint32_t lowest_supported_version;
> > > };
> > >
> > > -struct fmp_payload_header_params {
> > > - bool have_header;
> > > - uint32_t fw_version;
> > > -};
> > > -
> > > #endif /* _EFI_CAPSULE_H */
> > > diff --git a/tools/mkeficapsule.c b/tools/mkeficapsule.c
> > > index b8db00b16b..1a4de0f092 100644
> > > --- a/tools/mkeficapsule.c
> > > +++ b/tools/mkeficapsule.c
> > > @@ -29,7 +29,7 @@ static const char *tool_name = "mkeficapsule";
> > > efi_guid_t efi_guid_fm_capsule = EFI_FIRMWARE_MANAGEMENT_CAPSULE_ID_GUID;
> > > efi_guid_t efi_guid_cert_type_pkcs7 = EFI_CERT_TYPE_PKCS7_GUID;
> > >
> > > -static const char *opts_short = "g:i:I:v:p:c:m:o:dhAR";
> > > +static const char *opts_short = "g:i:b:I:v:p:c:m:o:dhAR";
> > >
> > > enum {
> > > CAPSULE_NORMAL_BLOB = 0,
> > > @@ -40,6 +40,7 @@ enum {
> > > static struct option options[] = {
> > > {"guid", required_argument, NULL, 'g'},
> > > {"index", required_argument, NULL, 'i'},
> > > + {"image_blob", required_argument, NULL, 'b'},
> > > {"instance", required_argument, NULL, 'I'},
> > > {"fw-version", required_argument, NULL, 'v'},
> > > {"private-key", required_argument, NULL, 'p'},
> > > @@ -55,21 +56,22 @@ static struct option options[] = {
> > >
> > > static void print_usage(void)
> > > {
> > > - fprintf(stderr, "Usage: %s [options] \n"
> > > + fprintf(stderr, "Usage: %s [options] [] > > file>\n"
> > > "Options:\n"
> > >
> > > - "\t-g, --guid guid for image blob type\n"
> > > - "\t-i, --index update image index\n"
> > > - "\t-I, --instanceupdate hardware instance\n"
> > > - "\t-v, --fw-version firmware version\n"
> > > - "\t-p, --private-key private key file\n"
> > > - "\t-c, --certificate signer's certificate
> > > file\n"
> > > - "\t-m, --monotonic-count monotonic count\n"
> > > - "\t-d, --dump_sig dump signature (*.p7)\n"
> > > - "\t-A, --fw-accept firmware accept capsule, requires
> > > GUID, no image blob\n"
> > > - "\t-R, --fw-revert firmware revert capsule, takes no
> > > GUID, no image blob\n"
> > > - "\t-o, --capoemflag Capsule OEM Flag, an integer between
> > > 0x and 0x\n"
> > > - "\t-h, --help print a help message\n",
> > > + "\t-g, --guidcomma-separated list
> > > of guids for image blob types\n"
> > > + "\t-i, --index comma-separated list
> >
Re: [PATCH 2/5] mkeficapsule: add support for multiple payloads inside capsule
On Fri, Jun 16, 2023 at 03:32:59PM +0200, Schmidt, Malte wrote:
> Hi Sughos,
>
> one other question. Do you know what the advantage of mkeficapsule tool over
> the EDK2 GenerateCapsule tool is? It seems like reinventing the wheel
> for me.
Simply because I didn't want to have a dependency on EDK2 package
when users use U-Boot as EFI framework.
(In other words, make it self-contained?)
-Takahiro Akashi
> Best Regards
> Malte
>
> Am 16.06.2023 um 14:59 schrieb Schmidt, Malte:
> > Hi Sughos,
> >
> > Am 16.06.2023 um 14:32 schrieb Sughosh Ganu:
> > > On Fri, 16 Jun 2023 at 17:56, Sughosh Ganu
> > > wrote:
> > > > hi Stefan,
> > > >
> > > > On Fri, 16 Jun 2023 at 17:04, Stefan Herbrechtsmeier
> > > > wrote:
> > > > > From: Malte Schmidt
> > > > >
> > > > > The UEFI [1] specification allows multiple payloads inside the capsule
> > > > > body. Add support for this. The command line arguments are kept
> > > > > backwards-compatible.
> > > > >
> > > > > [1] https://uefi.org/specs/UEFI/2.10/index.html
> > > > I am trying to upstream support for specifying the capsule parameters
> > > > for multiple payloads through a config file [1]. This is on similar
> > > > lines to the support in the Edk2 GenerateCapule tool where multiple
> > > > payloads can be specified through a json file. I think you can base
> > > > your changes on my series.
> > > Btw, with the support being added for getting the capsule parameters
> > > through a config file, I believe your changes would be pretty much
> > > simplified. Instead of passing all those parameters through the
> > > command line, they can instead be read from the config file and used
> > > to generate a single capsule file consisting of multiple payloads.
> > > That would be a much simpler implementation.
> > >
> > > -sughosh
> > thanks for the heads up. So your opinion is that we only support multiple
> > payloads via config files and not the command line? I think it does not
> > hurt to have both options available.
> >
> > I plan to rebase my code on yours once it nears the finish line. I still
> > have a suggsetion for it which I will post in a sec.
> >
> > Best Regards
> > Malte
> > > > -sughosh
> > > >
> > > > [1] -
> > > > https://lore.kernel.org/u-boot/20230613103806.812065-1-sughosh.g...@linaro.org/T/#mc8c0500863bd3a1580c572679370a565f8d7f2c8
> > > >
> > > > > Signed-off-by: Malte Schmidt
> > > > > Signed-off-by: Stefan Herbrechtsmeier
> > > > >
> > > > > ---
> > > > >
> > > > > tools/eficapsule.h | 5 -
> > > > > tools/mkeficapsule.c | 636
> > > > > ---
> > > > > 2 files changed, 475 insertions(+), 166 deletions(-)
> > > > >
> > > > > diff --git a/tools/eficapsule.h b/tools/eficapsule.h
> > > > > index 753fb73313..001af3217c 100644
> > > > > --- a/tools/eficapsule.h
> > > > > +++ b/tools/eficapsule.h
> > > > > @@ -138,9 +138,4 @@ struct fmp_payload_header {
> > > > > uint32_t lowest_supported_version;
> > > > > };
> > > > >
> > > > > -struct fmp_payload_header_params {
> > > > > - bool have_header;
> > > > > - uint32_t fw_version;
> > > > > -};
> > > > > -
> > > > > #endif /* _EFI_CAPSULE_H */
> > > > > diff --git a/tools/mkeficapsule.c b/tools/mkeficapsule.c
> > > > > index b8db00b16b..1a4de0f092 100644
> > > > > --- a/tools/mkeficapsule.c
> > > > > +++ b/tools/mkeficapsule.c
> > > > > @@ -29,7 +29,7 @@ static const char *tool_name = "mkeficapsule";
> > > > > efi_guid_t efi_guid_fm_capsule =
> > > > > EFI_FIRMWARE_MANAGEMENT_CAPSULE_ID_GUID;
> > > > > efi_guid_t efi_guid_cert_type_pkcs7 = EFI_CERT_TYPE_PKCS7_GUID;
> > > > >
> > > > > -static const char *opts_short = "g:i:I:v:p:c:m:o:dhAR";
> > > > > +static const char *opts_short = "g:i:b:I:v:p:c:m:o:dhAR";
> > > > >
> > > > > enum {
> > > > > CAPSULE_NORMAL_BLOB = 0,
> > > > > @@ -40,6 +40,7 @@ enum {
> > > > > static struct option options[] = {
> > > > > {"guid", required_argument, NULL, 'g'},
> > > > > {"index", required_argument, NULL, 'i'},
> > > > > + {"image_blob", required_argument, NULL, 'b'},
> > > > > {"instance", required_argument, NULL, 'I'},
> > > > > {"fw-version", required_argument, NULL, 'v'},
> > > > > {"private-key", required_argument, NULL, 'p'},
> > > > > @@ -55,21 +56,22 @@ static struct option options[] = {
> > > > >
> > > > > static void print_usage(void)
> > > > > {
> > > > > - fprintf(stderr, "Usage: %s [options] > > > > blob> \n"
> > > > > + fprintf(stderr, "Usage: %s [options] [ > > > > blob>] \n"
> > > > > "Options:\n"
> > > > >
> > > > > - "\t-g, --guid > > > > string> guid for image blob type\n"
> > > > > - "\t-i, --index update image index\n"
> > > > > - "\t-I, --instance
> > > > > update hardware instance\n"
> > > > > - "\t-v, --fw-version firmware version\n"
> > > > > - "\t-p, --private-key > > >
Re: [PATCH 2/5] mkeficapsule: add support for multiple payloads inside capsule
On 6/16/23 13:34, Stefan Herbrechtsmeier wrote:
From: Malte Schmidt
The UEFI [1] specification allows multiple payloads inside the capsule
body. Add support for this. The command line arguments are kept
backwards-compatible.
[1] https://uefi.org/specs/UEFI/2.10/index.html
Signed-off-by: Malte Schmidt
Signed-off-by: Stefan Herbrechtsmeier
---
tools/eficapsule.h | 5 -
tools/mkeficapsule.c | 636 ---
2 files changed, 475 insertions(+), 166 deletions(-)
diff --git a/tools/eficapsule.h b/tools/eficapsule.h
index 753fb73313..001af3217c 100644
--- a/tools/eficapsule.h
+++ b/tools/eficapsule.h
@@ -138,9 +138,4 @@ struct fmp_payload_header {
uint32_t lowest_supported_version;
};
-struct fmp_payload_header_params {
- bool have_header;
- uint32_t fw_version;
-};
-
#endif /* _EFI_CAPSULE_H */
diff --git a/tools/mkeficapsule.c b/tools/mkeficapsule.c
index b8db00b16b..1a4de0f092 100644
--- a/tools/mkeficapsule.c
+++ b/tools/mkeficapsule.c
@@ -29,7 +29,7 @@ static const char *tool_name = "mkeficapsule";
efi_guid_t efi_guid_fm_capsule = EFI_FIRMWARE_MANAGEMENT_CAPSULE_ID_GUID;
efi_guid_t efi_guid_cert_type_pkcs7 = EFI_CERT_TYPE_PKCS7_GUID;
-static const char *opts_short = "g:i:I:v:p:c:m:o:dhAR";
+static const char *opts_short = "g:i:b:I:v:p:c:m:o:dhAR";
enum {
CAPSULE_NORMAL_BLOB = 0,
@@ -40,6 +40,7 @@ enum {
static struct option options[] = {
{"guid", required_argument, NULL, 'g'},
{"index", required_argument, NULL, 'i'},
+ {"image_blob", required_argument, NULL, 'b'},
{"instance", required_argument, NULL, 'I'},
{"fw-version", required_argument, NULL, 'v'},
{"private-key", required_argument, NULL, 'p'},
@@ -55,21 +56,22 @@ static struct option options[] = {
static void print_usage(void)
{
- fprintf(stderr, "Usage: %s [options] \n"
+ fprintf(stderr, "Usage: %s [options] [] \n"
"Options:\n"
- "\t-g, --guid guid for image blob type\n"
- "\t-i, --index update image index\n"
- "\t-I, --instanceupdate hardware instance\n"
- "\t-v, --fw-version firmware version\n"
- "\t-p, --private-key private key file\n"
- "\t-c, --certificate signer's certificate
file\n"
- "\t-m, --monotonic-count monotonic count\n"
- "\t-d, --dump_sig dump signature (*.p7)\n"
- "\t-A, --fw-accept firmware accept capsule, requires GUID, no image
blob\n"
A later patch in the series mentions the lowest supported version. Why
can't we set it?
Best regards
Heinrich
- "\t-R, --fw-revert firmware revert capsule, takes no GUID, no image
blob\n"
- "\t-o, --capoemflag Capsule OEM Flag, an integer between 0x and
0x\n"
- "\t-h, --help print a help message\n",
+ "\t-g, --guidcomma-separated list of guids
for image blob types\n"
+ "\t-i, --index comma-separated list of update
image indices\n"
+ "\t-b, --image_blob comma-separated list of image
blobs\n"
+ "\t-I, --instancecomma-separated list of update
hardware instances\n"
+ "\t-v, --fw-version comma-separated list of firmware
versions\n"
+ "\t-p, --private-key private key
file\n"
+ "\t-c, --certificate signer's
certificate file\n"
+ "\t-m, --monotonic-count comma-separated
list of monotonic counts\n"
+ "\t-d, --dump_sigdump signature
(*.p7)\n"
+ "\t-A, --fw-accept firmware accept capsule, requires GUID, no
image blob\n"
+ "\t-R, --fw-revert firmware revert capsule, takes no GUID, no
image blob\n"
+ "\t-o, --capoemflag capsule OEM Flag, an integer between 0x and
0x\n"
+ "\t-h, --helpprint a help message\n",
tool_name);
}
@@ -336,16 +338,18 @@ static int create_auth_data(struct auth_context *ctx)
* @path: Path to a capsule file
* @signature:Signature data
* @sig_size: Size of signature data
+ * @index: The payload index the signature belongs to
*
* Signature data pointed to by @signature will be saved into
- * a file whose file name is @path with ".p7" suffix.
+ * a file whose file name is @path with "_.p7" suffix.
+ * If index is negative the suffix is ".p7" (for backwards compatibility).
*
* Return:
* * 0 - on success
* * -1 - on failure
*/
static int dump_signature(const char *path, const uint8_t *signature,
- size_t sig_size)
+ size_t sig_size, int index)
{
char *sig_path;
FILE *f;
@@ -356,7 +360,11 @@ static int dump_signature(const char *path, const
Re: [PATCH 2/5] mkeficapsule: add support for multiple payloads inside capsule
Hi Sughos,
one other question. Do you know what the advantage of mkeficapsule tool over
the EDK2 GenerateCapsule tool is? It seems like reinventing the wheel
for me.
Best Regards
Malte
Am 16.06.2023 um 14:59 schrieb Schmidt, Malte:
Hi Sughos,
Am 16.06.2023 um 14:32 schrieb Sughosh Ganu:
On Fri, 16 Jun 2023 at 17:56, Sughosh Ganu
wrote:
hi Stefan,
On Fri, 16 Jun 2023 at 17:04, Stefan Herbrechtsmeier
wrote:
From: Malte Schmidt
The UEFI [1] specification allows multiple payloads inside the capsule
body. Add support for this. The command line arguments are kept
backwards-compatible.
[1] https://uefi.org/specs/UEFI/2.10/index.html
I am trying to upstream support for specifying the capsule parameters
for multiple payloads through a config file [1]. This is on similar
lines to the support in the Edk2 GenerateCapule tool where multiple
payloads can be specified through a json file. I think you can base
your changes on my series.
Btw, with the support being added for getting the capsule parameters
through a config file, I believe your changes would be pretty much
simplified. Instead of passing all those parameters through the
command line, they can instead be read from the config file and used
to generate a single capsule file consisting of multiple payloads.
That would be a much simpler implementation.
-sughosh
thanks for the heads up. So your opinion is that we only support multiple
payloads via config files and not the command line? I think it does not
hurt to have both options available.
I plan to rebase my code on yours once it nears the finish line. I still
have a suggsetion for it which I will post in a sec.
Best Regards
Malte
-sughosh
[1] -
https://lore.kernel.org/u-boot/20230613103806.812065-1-sughosh.g...@linaro.org/T/#mc8c0500863bd3a1580c572679370a565f8d7f2c8
Signed-off-by: Malte Schmidt
Signed-off-by: Stefan Herbrechtsmeier
---
tools/eficapsule.h | 5 -
tools/mkeficapsule.c | 636
---
2 files changed, 475 insertions(+), 166 deletions(-)
diff --git a/tools/eficapsule.h b/tools/eficapsule.h
index 753fb73313..001af3217c 100644
--- a/tools/eficapsule.h
+++ b/tools/eficapsule.h
@@ -138,9 +138,4 @@ struct fmp_payload_header {
uint32_t lowest_supported_version;
};
-struct fmp_payload_header_params {
- bool have_header;
- uint32_t fw_version;
-};
-
#endif /* _EFI_CAPSULE_H */
diff --git a/tools/mkeficapsule.c b/tools/mkeficapsule.c
index b8db00b16b..1a4de0f092 100644
--- a/tools/mkeficapsule.c
+++ b/tools/mkeficapsule.c
@@ -29,7 +29,7 @@ static const char *tool_name = "mkeficapsule";
efi_guid_t efi_guid_fm_capsule =
EFI_FIRMWARE_MANAGEMENT_CAPSULE_ID_GUID;
efi_guid_t efi_guid_cert_type_pkcs7 = EFI_CERT_TYPE_PKCS7_GUID;
-static const char *opts_short = "g:i:I:v:p:c:m:o:dhAR";
+static const char *opts_short = "g:i:b:I:v:p:c:m:o:dhAR";
enum {
CAPSULE_NORMAL_BLOB = 0,
@@ -40,6 +40,7 @@ enum {
static struct option options[] = {
{"guid", required_argument, NULL, 'g'},
{"index", required_argument, NULL, 'i'},
+ {"image_blob", required_argument, NULL, 'b'},
{"instance", required_argument, NULL, 'I'},
{"fw-version", required_argument, NULL, 'v'},
{"private-key", required_argument, NULL, 'p'},
@@ -55,21 +56,22 @@ static struct option options[] = {
static void print_usage(void)
{
- fprintf(stderr, "Usage: %s [options] file>\n"
+ fprintf(stderr, "Usage: %s [options] [] file>\n"
"Options:\n"
- "\t-g, --guid guid for image blob
type\n"
- "\t-i, --index update image index\n"
- "\t-I, --instance update hardware
instance\n"
- "\t-v, --fw-version firmware version\n"
- "\t-p, --private-key private key
file\n"
- "\t-c, --certificate signer's
certificate file\n"
- "\t-m, --monotonic-count monotonic count\n"
- "\t-d, --dump_sig dump signature
(*.p7)\n"
- "\t-A, --fw-accept firmware accept capsule,
requires GUID, no image blob\n"
- "\t-R, --fw-revert firmware revert capsule, takes
no GUID, no image blob\n"
- "\t-o, --capoemflag Capsule OEM Flag, an integer
between 0x and 0x\n"
- "\t-h, --help print a help
message\n",
+ "\t-g, --guid comma-separated list of
guids for image blob types\n"
+ "\t-i, --index comma-separated list of
update image indices\n"
+ "\t-b, --image_blob comma-separated
list of image blobs\n"
+ "\t-I, --instance comma-separated
list of update hardware instances\n"
+ "\t-v, --fw-version comma-separated
list of firmware versions\n"
+ "\t-p, --private-key
private key file\n"
+ "\t-c, --certificate
signer's certificate file\n"
+
Re: [PATCH 2/5] mkeficapsule: add support for multiple payloads inside capsule
Hi Sughos,
Am 16.06.2023 um 14:32 schrieb Sughosh Ganu:
On Fri, 16 Jun 2023 at 17:56, Sughosh Ganu wrote:
hi Stefan,
On Fri, 16 Jun 2023 at 17:04, Stefan Herbrechtsmeier
wrote:
From: Malte Schmidt
The UEFI [1] specification allows multiple payloads inside the capsule
body. Add support for this. The command line arguments are kept
backwards-compatible.
[1] https://uefi.org/specs/UEFI/2.10/index.html
I am trying to upstream support for specifying the capsule parameters
for multiple payloads through a config file [1]. This is on similar
lines to the support in the Edk2 GenerateCapule tool where multiple
payloads can be specified through a json file. I think you can base
your changes on my series.
Btw, with the support being added for getting the capsule parameters
through a config file, I believe your changes would be pretty much
simplified. Instead of passing all those parameters through the
command line, they can instead be read from the config file and used
to generate a single capsule file consisting of multiple payloads.
That would be a much simpler implementation.
-sughosh
thanks for the heads up. So your opinion is that we only support multiple
payloads via config files and not the command line? I think it does not
hurt to have both options available.
I plan to rebase my code on yours once it nears the finish line. I still
have a suggsetion for it which I will post in a sec.
Best Regards
Malte
-sughosh
[1] -
https://lore.kernel.org/u-boot/20230613103806.812065-1-sughosh.g...@linaro.org/T/#mc8c0500863bd3a1580c572679370a565f8d7f2c8
Signed-off-by: Malte Schmidt
Signed-off-by: Stefan Herbrechtsmeier
---
tools/eficapsule.h | 5 -
tools/mkeficapsule.c | 636 ---
2 files changed, 475 insertions(+), 166 deletions(-)
diff --git a/tools/eficapsule.h b/tools/eficapsule.h
index 753fb73313..001af3217c 100644
--- a/tools/eficapsule.h
+++ b/tools/eficapsule.h
@@ -138,9 +138,4 @@ struct fmp_payload_header {
uint32_t lowest_supported_version;
};
-struct fmp_payload_header_params {
- bool have_header;
- uint32_t fw_version;
-};
-
#endif /* _EFI_CAPSULE_H */
diff --git a/tools/mkeficapsule.c b/tools/mkeficapsule.c
index b8db00b16b..1a4de0f092 100644
--- a/tools/mkeficapsule.c
+++ b/tools/mkeficapsule.c
@@ -29,7 +29,7 @@ static const char *tool_name = "mkeficapsule";
efi_guid_t efi_guid_fm_capsule = EFI_FIRMWARE_MANAGEMENT_CAPSULE_ID_GUID;
efi_guid_t efi_guid_cert_type_pkcs7 = EFI_CERT_TYPE_PKCS7_GUID;
-static const char *opts_short = "g:i:I:v:p:c:m:o:dhAR";
+static const char *opts_short = "g:i:b:I:v:p:c:m:o:dhAR";
enum {
CAPSULE_NORMAL_BLOB = 0,
@@ -40,6 +40,7 @@ enum {
static struct option options[] = {
{"guid", required_argument, NULL, 'g'},
{"index", required_argument, NULL, 'i'},
+ {"image_blob", required_argument, NULL, 'b'},
{"instance", required_argument, NULL, 'I'},
{"fw-version", required_argument, NULL, 'v'},
{"private-key", required_argument, NULL, 'p'},
@@ -55,21 +56,22 @@ static struct option options[] = {
static void print_usage(void)
{
- fprintf(stderr, "Usage: %s [options] \n"
+ fprintf(stderr, "Usage: %s [options] [] \n"
"Options:\n"
- "\t-g, --guid guid for image blob type\n"
- "\t-i, --index update image index\n"
- "\t-I, --instanceupdate hardware instance\n"
- "\t-v, --fw-version firmware version\n"
- "\t-p, --private-key private key file\n"
- "\t-c, --certificate signer's certificate
file\n"
- "\t-m, --monotonic-count monotonic count\n"
- "\t-d, --dump_sig dump signature (*.p7)\n"
- "\t-A, --fw-accept firmware accept capsule, requires GUID, no image
blob\n"
- "\t-R, --fw-revert firmware revert capsule, takes no GUID, no image
blob\n"
- "\t-o, --capoemflag Capsule OEM Flag, an integer between 0x and
0x\n"
- "\t-h, --help print a help message\n",
+ "\t-g, --guidcomma-separated list of guids
for image blob types\n"
+ "\t-i, --index comma-separated list of update
image indices\n"
+ "\t-b, --image_blob comma-separated list of image
blobs\n"
+ "\t-I, --instancecomma-separated list of update
hardware instances\n"
+ "\t-v, --fw-version comma-separated list of firmware
versions\n"
+ "\t-p, --private-key private key
file\n"
+ "\t-c, --certificate signer's
certificate file\n"
+ "\t-m, --monotonic-count comma-separated
list of monotonic counts\n"
+ "\t-d, --dump_sigdump signature
(*.p7)\n"
+ "\t-A, --fw-accept firmware accept
Re: [PATCH 2/5] mkeficapsule: add support for multiple payloads inside capsule
On Fri, 16 Jun 2023 at 17:56, Sughosh Ganu wrote:
>
> hi Stefan,
>
> On Fri, 16 Jun 2023 at 17:04, Stefan Herbrechtsmeier
> wrote:
> >
> > From: Malte Schmidt
> >
> > The UEFI [1] specification allows multiple payloads inside the capsule
> > body. Add support for this. The command line arguments are kept
> > backwards-compatible.
> >
> > [1] https://uefi.org/specs/UEFI/2.10/index.html
>
> I am trying to upstream support for specifying the capsule parameters
> for multiple payloads through a config file [1]. This is on similar
> lines to the support in the Edk2 GenerateCapule tool where multiple
> payloads can be specified through a json file. I think you can base
> your changes on my series.
Btw, with the support being added for getting the capsule parameters
through a config file, I believe your changes would be pretty much
simplified. Instead of passing all those parameters through the
command line, they can instead be read from the config file and used
to generate a single capsule file consisting of multiple payloads.
That would be a much simpler implementation.
-sughosh
>
> -sughosh
>
> [1] -
> https://lore.kernel.org/u-boot/20230613103806.812065-1-sughosh.g...@linaro.org/T/#mc8c0500863bd3a1580c572679370a565f8d7f2c8
>
> >
> > Signed-off-by: Malte Schmidt
> > Signed-off-by: Stefan Herbrechtsmeier
> >
> > ---
> >
> > tools/eficapsule.h | 5 -
> > tools/mkeficapsule.c | 636 ---
> > 2 files changed, 475 insertions(+), 166 deletions(-)
> >
> > diff --git a/tools/eficapsule.h b/tools/eficapsule.h
> > index 753fb73313..001af3217c 100644
> > --- a/tools/eficapsule.h
> > +++ b/tools/eficapsule.h
> > @@ -138,9 +138,4 @@ struct fmp_payload_header {
> > uint32_t lowest_supported_version;
> > };
> >
> > -struct fmp_payload_header_params {
> > - bool have_header;
> > - uint32_t fw_version;
> > -};
> > -
> > #endif /* _EFI_CAPSULE_H */
> > diff --git a/tools/mkeficapsule.c b/tools/mkeficapsule.c
> > index b8db00b16b..1a4de0f092 100644
> > --- a/tools/mkeficapsule.c
> > +++ b/tools/mkeficapsule.c
> > @@ -29,7 +29,7 @@ static const char *tool_name = "mkeficapsule";
> > efi_guid_t efi_guid_fm_capsule = EFI_FIRMWARE_MANAGEMENT_CAPSULE_ID_GUID;
> > efi_guid_t efi_guid_cert_type_pkcs7 = EFI_CERT_TYPE_PKCS7_GUID;
> >
> > -static const char *opts_short = "g:i:I:v:p:c:m:o:dhAR";
> > +static const char *opts_short = "g:i:b:I:v:p:c:m:o:dhAR";
> >
> > enum {
> > CAPSULE_NORMAL_BLOB = 0,
> > @@ -40,6 +40,7 @@ enum {
> > static struct option options[] = {
> > {"guid", required_argument, NULL, 'g'},
> > {"index", required_argument, NULL, 'i'},
> > + {"image_blob", required_argument, NULL, 'b'},
> > {"instance", required_argument, NULL, 'I'},
> > {"fw-version", required_argument, NULL, 'v'},
> > {"private-key", required_argument, NULL, 'p'},
> > @@ -55,21 +56,22 @@ static struct option options[] = {
> >
> > static void print_usage(void)
> > {
> > - fprintf(stderr, "Usage: %s [options] \n"
> > + fprintf(stderr, "Usage: %s [options] [] \n"
> > "Options:\n"
> >
> > - "\t-g, --guid guid for image blob type\n"
> > - "\t-i, --index update image index\n"
> > - "\t-I, --instanceupdate hardware instance\n"
> > - "\t-v, --fw-version firmware version\n"
> > - "\t-p, --private-key private key file\n"
> > - "\t-c, --certificate signer's certificate
> > file\n"
> > - "\t-m, --monotonic-count monotonic count\n"
> > - "\t-d, --dump_sig dump signature (*.p7)\n"
> > - "\t-A, --fw-accept firmware accept capsule, requires GUID,
> > no image blob\n"
> > - "\t-R, --fw-revert firmware revert capsule, takes no GUID,
> > no image blob\n"
> > - "\t-o, --capoemflag Capsule OEM Flag, an integer between
> > 0x and 0x\n"
> > - "\t-h, --help print a help message\n",
> > + "\t-g, --guidcomma-separated list of
> > guids for image blob types\n"
> > + "\t-i, --index comma-separated list of
> > update image indices\n"
> > + "\t-b, --image_blob comma-separated list of
> > image blobs\n"
> > + "\t-I, --instancecomma-separated list of
> > update hardware instances\n"
> > + "\t-v, --fw-version comma-separated list of
> > firmware versions\n"
> > + "\t-p, --private-key private
> > key file\n"
> > + "\t-c, --certificate signer's
> > certificate file\n"
> > + "\t-m, --monotonic-count
> > comma-separated list of monotonic counts\n"
> > + "\t-d, --dump_sigdump
> > signature (*.p7)\n"
> > + "\t-A, --fw-accept firmware accept
Re: [PATCH 2/5] mkeficapsule: add support for multiple payloads inside capsule
hi Stefan,
On Fri, 16 Jun 2023 at 17:04, Stefan Herbrechtsmeier
wrote:
>
> From: Malte Schmidt
>
> The UEFI [1] specification allows multiple payloads inside the capsule
> body. Add support for this. The command line arguments are kept
> backwards-compatible.
>
> [1] https://uefi.org/specs/UEFI/2.10/index.html
I am trying to upstream support for specifying the capsule parameters
for multiple payloads through a config file [1]. This is on similar
lines to the support in the Edk2 GenerateCapule tool where multiple
payloads can be specified through a json file. I think you can base
your changes on my series.
-sughosh
[1] -
https://lore.kernel.org/u-boot/20230613103806.812065-1-sughosh.g...@linaro.org/T/#mc8c0500863bd3a1580c572679370a565f8d7f2c8
>
> Signed-off-by: Malte Schmidt
> Signed-off-by: Stefan Herbrechtsmeier
> ---
>
> tools/eficapsule.h | 5 -
> tools/mkeficapsule.c | 636 ---
> 2 files changed, 475 insertions(+), 166 deletions(-)
>
> diff --git a/tools/eficapsule.h b/tools/eficapsule.h
> index 753fb73313..001af3217c 100644
> --- a/tools/eficapsule.h
> +++ b/tools/eficapsule.h
> @@ -138,9 +138,4 @@ struct fmp_payload_header {
> uint32_t lowest_supported_version;
> };
>
> -struct fmp_payload_header_params {
> - bool have_header;
> - uint32_t fw_version;
> -};
> -
> #endif /* _EFI_CAPSULE_H */
> diff --git a/tools/mkeficapsule.c b/tools/mkeficapsule.c
> index b8db00b16b..1a4de0f092 100644
> --- a/tools/mkeficapsule.c
> +++ b/tools/mkeficapsule.c
> @@ -29,7 +29,7 @@ static const char *tool_name = "mkeficapsule";
> efi_guid_t efi_guid_fm_capsule = EFI_FIRMWARE_MANAGEMENT_CAPSULE_ID_GUID;
> efi_guid_t efi_guid_cert_type_pkcs7 = EFI_CERT_TYPE_PKCS7_GUID;
>
> -static const char *opts_short = "g:i:I:v:p:c:m:o:dhAR";
> +static const char *opts_short = "g:i:b:I:v:p:c:m:o:dhAR";
>
> enum {
> CAPSULE_NORMAL_BLOB = 0,
> @@ -40,6 +40,7 @@ enum {
> static struct option options[] = {
> {"guid", required_argument, NULL, 'g'},
> {"index", required_argument, NULL, 'i'},
> + {"image_blob", required_argument, NULL, 'b'},
> {"instance", required_argument, NULL, 'I'},
> {"fw-version", required_argument, NULL, 'v'},
> {"private-key", required_argument, NULL, 'p'},
> @@ -55,21 +56,22 @@ static struct option options[] = {
>
> static void print_usage(void)
> {
> - fprintf(stderr, "Usage: %s [options] \n"
> + fprintf(stderr, "Usage: %s [options] [] \n"
> "Options:\n"
>
> - "\t-g, --guid guid for image blob type\n"
> - "\t-i, --index update image index\n"
> - "\t-I, --instanceupdate hardware instance\n"
> - "\t-v, --fw-version firmware version\n"
> - "\t-p, --private-key private key file\n"
> - "\t-c, --certificate signer's certificate
> file\n"
> - "\t-m, --monotonic-count monotonic count\n"
> - "\t-d, --dump_sig dump signature (*.p7)\n"
> - "\t-A, --fw-accept firmware accept capsule, requires GUID,
> no image blob\n"
> - "\t-R, --fw-revert firmware revert capsule, takes no GUID,
> no image blob\n"
> - "\t-o, --capoemflag Capsule OEM Flag, an integer between
> 0x and 0x\n"
> - "\t-h, --help print a help message\n",
> + "\t-g, --guidcomma-separated list of
> guids for image blob types\n"
> + "\t-i, --index comma-separated list of
> update image indices\n"
> + "\t-b, --image_blob comma-separated list of
> image blobs\n"
> + "\t-I, --instancecomma-separated list of
> update hardware instances\n"
> + "\t-v, --fw-version comma-separated list of
> firmware versions\n"
> + "\t-p, --private-key private key
> file\n"
> + "\t-c, --certificate signer's
> certificate file\n"
> + "\t-m, --monotonic-count
> comma-separated list of monotonic counts\n"
> + "\t-d, --dump_sigdump
> signature (*.p7)\n"
> + "\t-A, --fw-accept firmware accept capsule, requires GUID,
> no image blob\n"
> + "\t-R, --fw-revert firmware revert capsule, takes no GUID,
> no image blob\n"
> + "\t-o, --capoemflag capsule OEM Flag, an integer between
> 0x and 0x\n"
> + "\t-h, --helpprint a help message\n",
> tool_name);
> }
>
> @@ -336,16 +338,18 @@ static int create_auth_data(struct auth_context *ctx)
> * @path: Path to a capsule file
> * @signature: Signature data
> * @sig_size: Size of signature data
> + * @index: The payload index the signature belongs to
> *
> * Signature data pointed to by @signature will be saved into
> - *
[PATCH 2/5] mkeficapsule: add support for multiple payloads inside capsule
From: Malte Schmidt
The UEFI [1] specification allows multiple payloads inside the capsule
body. Add support for this. The command line arguments are kept
backwards-compatible.
[1] https://uefi.org/specs/UEFI/2.10/index.html
Signed-off-by: Malte Schmidt
Signed-off-by: Stefan Herbrechtsmeier
---
tools/eficapsule.h | 5 -
tools/mkeficapsule.c | 636 ---
2 files changed, 475 insertions(+), 166 deletions(-)
diff --git a/tools/eficapsule.h b/tools/eficapsule.h
index 753fb73313..001af3217c 100644
--- a/tools/eficapsule.h
+++ b/tools/eficapsule.h
@@ -138,9 +138,4 @@ struct fmp_payload_header {
uint32_t lowest_supported_version;
};
-struct fmp_payload_header_params {
- bool have_header;
- uint32_t fw_version;
-};
-
#endif /* _EFI_CAPSULE_H */
diff --git a/tools/mkeficapsule.c b/tools/mkeficapsule.c
index b8db00b16b..1a4de0f092 100644
--- a/tools/mkeficapsule.c
+++ b/tools/mkeficapsule.c
@@ -29,7 +29,7 @@ static const char *tool_name = "mkeficapsule";
efi_guid_t efi_guid_fm_capsule = EFI_FIRMWARE_MANAGEMENT_CAPSULE_ID_GUID;
efi_guid_t efi_guid_cert_type_pkcs7 = EFI_CERT_TYPE_PKCS7_GUID;
-static const char *opts_short = "g:i:I:v:p:c:m:o:dhAR";
+static const char *opts_short = "g:i:b:I:v:p:c:m:o:dhAR";
enum {
CAPSULE_NORMAL_BLOB = 0,
@@ -40,6 +40,7 @@ enum {
static struct option options[] = {
{"guid", required_argument, NULL, 'g'},
{"index", required_argument, NULL, 'i'},
+ {"image_blob", required_argument, NULL, 'b'},
{"instance", required_argument, NULL, 'I'},
{"fw-version", required_argument, NULL, 'v'},
{"private-key", required_argument, NULL, 'p'},
@@ -55,21 +56,22 @@ static struct option options[] = {
static void print_usage(void)
{
- fprintf(stderr, "Usage: %s [options] \n"
+ fprintf(stderr, "Usage: %s [options] [] \n"
"Options:\n"
- "\t-g, --guid guid for image blob type\n"
- "\t-i, --index update image index\n"
- "\t-I, --instanceupdate hardware instance\n"
- "\t-v, --fw-version firmware version\n"
- "\t-p, --private-key private key file\n"
- "\t-c, --certificate signer's certificate
file\n"
- "\t-m, --monotonic-count monotonic count\n"
- "\t-d, --dump_sig dump signature (*.p7)\n"
- "\t-A, --fw-accept firmware accept capsule, requires GUID, no
image blob\n"
- "\t-R, --fw-revert firmware revert capsule, takes no GUID, no
image blob\n"
- "\t-o, --capoemflag Capsule OEM Flag, an integer between 0x
and 0x\n"
- "\t-h, --help print a help message\n",
+ "\t-g, --guidcomma-separated list of
guids for image blob types\n"
+ "\t-i, --index comma-separated list of
update image indices\n"
+ "\t-b, --image_blob comma-separated list of
image blobs\n"
+ "\t-I, --instancecomma-separated list of
update hardware instances\n"
+ "\t-v, --fw-version comma-separated list of
firmware versions\n"
+ "\t-p, --private-key private key
file\n"
+ "\t-c, --certificate signer's
certificate file\n"
+ "\t-m, --monotonic-count
comma-separated list of monotonic counts\n"
+ "\t-d, --dump_sigdump signature
(*.p7)\n"
+ "\t-A, --fw-accept firmware accept capsule, requires GUID, no
image blob\n"
+ "\t-R, --fw-revert firmware revert capsule, takes no GUID, no
image blob\n"
+ "\t-o, --capoemflag capsule OEM Flag, an integer between
0x and 0x\n"
+ "\t-h, --helpprint a help message\n",
tool_name);
}
@@ -336,16 +338,18 @@ static int create_auth_data(struct auth_context *ctx)
* @path: Path to a capsule file
* @signature: Signature data
* @sig_size: Size of signature data
+ * @index: The payload index the signature belongs to
*
* Signature data pointed to by @signature will be saved into
- * a file whose file name is @path with ".p7" suffix.
+ * a file whose file name is @path with "_.p7" suffix.
+ * If index is negative the suffix is ".p7" (for backwards compatibility).
*
* Return:
* * 0 - on success
* * -1 - on failure
*/
static int dump_signature(const char *path, const uint8_t *signature,
- size_t sig_size)
+ size_t sig_size, int index)
{
char *sig_path;
FILE *f;
@@ -356,7 +360,11 @@ static int dump_signature(const char *path, const uint8_t
*signature,
if (!sig_path)
return ret;
- sprintf(sig_path, "%s.p7", path);
+ if (index < 0)
+ sprintf(sig_path, "%s.p7", path);
+
