Re: [PATCH 2/5] mkeficapsule: add support for multiple payloads inside capsule
Hello Takahiro, Am 17.06.2023 um 02:37 schrieb AKASHI Takahiro: On Fri, Jun 16, 2023 at 03:32:59PM +0200, Schmidt, Malte wrote: Hi Sughos, one other question. Do you know what the advantage of mkeficapsule tool over the EDK2 GenerateCapsule tool is? It seems like reinventing the wheel for me. Simply because I didn't want to have a dependency on EDK2 package when users use U-Boot as EFI framework. (In other words, make it self-contained?) -Takahiro Akashi thanks for the clarification. Best Regards Malte Best Regards Malte Am 16.06.2023 um 14:59 schrieb Schmidt, Malte: Hi Sughos, Am 16.06.2023 um 14:32 schrieb Sughosh Ganu: On Fri, 16 Jun 2023 at 17:56, Sughosh Ganu wrote: hi Stefan, On Fri, 16 Jun 2023 at 17:04, Stefan Herbrechtsmeier wrote: From: Malte Schmidt The UEFI [1] specification allows multiple payloads inside the capsule body. Add support for this. The command line arguments are kept backwards-compatible. [1] https://uefi.org/specs/UEFI/2.10/index.html I am trying to upstream support for specifying the capsule parameters for multiple payloads through a config file [1]. This is on similar lines to the support in the Edk2 GenerateCapule tool where multiple payloads can be specified through a json file. I think you can base your changes on my series. Btw, with the support being added for getting the capsule parameters through a config file, I believe your changes would be pretty much simplified. Instead of passing all those parameters through the command line, they can instead be read from the config file and used to generate a single capsule file consisting of multiple payloads. That would be a much simpler implementation. -sughosh thanks for the heads up. So your opinion is that we only support multiple payloads via config files and not the command line? I think it does not hurt to have both options available. I plan to rebase my code on yours once it nears the finish line. I still have a suggsetion for it which I will post in a sec. Best Regards Malte -sughosh [1] - https://lore.kernel.org/u-boot/20230613103806.812065-1-sughosh.g...@linaro.org/T/#mc8c0500863bd3a1580c572679370a565f8d7f2c8 Signed-off-by: Malte Schmidt Signed-off-by: Stefan Herbrechtsmeier --- tools/eficapsule.h | 5 - tools/mkeficapsule.c | 636 --- 2 files changed, 475 insertions(+), 166 deletions(-) diff --git a/tools/eficapsule.h b/tools/eficapsule.h index 753fb73313..001af3217c 100644 --- a/tools/eficapsule.h +++ b/tools/eficapsule.h @@ -138,9 +138,4 @@ struct fmp_payload_header { uint32_t lowest_supported_version; }; -struct fmp_payload_header_params { - bool have_header; - uint32_t fw_version; -}; - #endif /* _EFI_CAPSULE_H */ diff --git a/tools/mkeficapsule.c b/tools/mkeficapsule.c index b8db00b16b..1a4de0f092 100644 --- a/tools/mkeficapsule.c +++ b/tools/mkeficapsule.c @@ -29,7 +29,7 @@ static const char *tool_name = "mkeficapsule"; efi_guid_t efi_guid_fm_capsule = EFI_FIRMWARE_MANAGEMENT_CAPSULE_ID_GUID; efi_guid_t efi_guid_cert_type_pkcs7 = EFI_CERT_TYPE_PKCS7_GUID; -static const char *opts_short = "g:i:I:v:p:c:m:o:dhAR"; +static const char *opts_short = "g:i:b:I:v:p:c:m:o:dhAR"; enum { CAPSULE_NORMAL_BLOB = 0, @@ -40,6 +40,7 @@ enum { static struct option options[] = { {"guid", required_argument, NULL, 'g'}, {"index", required_argument, NULL, 'i'}, + {"image_blob", required_argument, NULL, 'b'}, {"instance", required_argument, NULL, 'I'}, {"fw-version", required_argument, NULL, 'v'}, {"private-key", required_argument, NULL, 'p'}, @@ -55,21 +56,22 @@ static struct option options[] = { static void print_usage(void) { - fprintf(stderr, "Usage: %s [options] \n" + fprintf(stderr, "Usage: %s [options] [] \n" "Options:\n" - "\t-g, --guid guid for image blob type\n" - "\t-i, --index update image index\n" - "\t-I, --instance update hardware instance\n" - "\t-v, --fw-version firmware version\n" - "\t-p, --private-key private key file\n" - "\t-c, --certificate signer's certificate file\n" - "\t-m, --monotonic-count monotonic count\n" - "\t-d, --dump_sig dump signature (*.p7)\n" - "\t-A, --fw-accept firmware accept capsule, requires GUID, no image blob\n" - "\t-R, --fw-revert firmware revert capsule, takes no GUID, no image blob\n" - "\t-o, --capoemflag Capsule OEM Flag, an integer between 0x and 0x\n" - "\t-h, --help print a help message\n", + "\t-g, --guid comma-separated list of guids for image blob types\n" + "\t-i, --index comma-separated list of update image indices\n" + "\t-b, --image_blob comma-separated list of image
Re: [PATCH 2/5] mkeficapsule: add support for multiple payloads inside capsule
On Sat, 17 Jun 2023 at 06:26, AKASHI Takahiro wrote: > > On Fri, Jun 16, 2023 at 06:02:52PM +0530, Sughosh Ganu wrote: > > On Fri, 16 Jun 2023 at 17:56, Sughosh Ganu wrote: > > > > > > hi Stefan, > > > > > > On Fri, 16 Jun 2023 at 17:04, Stefan Herbrechtsmeier > > > wrote: > > > > > > > > From: Malte Schmidt > > > > > > > > The UEFI [1] specification allows multiple payloads inside the capsule > > > > body. Add support for this. The command line arguments are kept > > > > backwards-compatible. > > > > > > > > [1] https://uefi.org/specs/UEFI/2.10/index.html > > > > > > I am trying to upstream support for specifying the capsule parameters > > > for multiple payloads through a config file [1]. This is on similar > > > lines to the support in the Edk2 GenerateCapule tool where multiple > > > payloads can be specified through a json file. I think you can base > > > your changes on my series. > > > > Btw, with the support being added for getting the capsule parameters > > through a config file, I believe your changes would be pretty much > > simplified. Instead of passing all those parameters through the > > command line, they can instead be read from the config file and used > > to generate a single capsule file consisting of multiple payloads. > > That would be a much simpler implementation. > > As I said in my reply to the patch[0/5], I don't think we have a strong > reason to support multiple images because there is already a FIT-based > capsule support. > That said, if there is a good reason to do so, Sughosh's suggestion > makes much sense to me. > > BTW, sughosh's patch implements yet another key:value format for > config files. I wondered if we could use a generic (standardized) format, > like a device tree or yaml, or others. I chose the key:value pairs primarily because I wanted to keep the syntax of the config file as similar to the one in EDK2 as possible. I believe keeping the format simple is better especially when we are not dealing with multiple values, or an array of u32 cells like in device tree. -sughosh > > -Takahiro Akashi > > > > > -sughosh > > > > > > > > -sughosh > > > > > > [1] - > > > https://lore.kernel.org/u-boot/20230613103806.812065-1-sughosh.g...@linaro.org/T/#mc8c0500863bd3a1580c572679370a565f8d7f2c8 > > > > > > > > > > > Signed-off-by: Malte Schmidt > > > > Signed-off-by: Stefan Herbrechtsmeier > > > > > > > > --- > > > > > > > > tools/eficapsule.h | 5 - > > > > tools/mkeficapsule.c | 636 --- > > > > 2 files changed, 475 insertions(+), 166 deletions(-) > > > > > > > > diff --git a/tools/eficapsule.h b/tools/eficapsule.h > > > > index 753fb73313..001af3217c 100644 > > > > --- a/tools/eficapsule.h > > > > +++ b/tools/eficapsule.h > > > > @@ -138,9 +138,4 @@ struct fmp_payload_header { > > > > uint32_t lowest_supported_version; > > > > }; > > > > > > > > -struct fmp_payload_header_params { > > > > - bool have_header; > > > > - uint32_t fw_version; > > > > -}; > > > > - > > > > #endif /* _EFI_CAPSULE_H */ > > > > diff --git a/tools/mkeficapsule.c b/tools/mkeficapsule.c > > > > index b8db00b16b..1a4de0f092 100644 > > > > --- a/tools/mkeficapsule.c > > > > +++ b/tools/mkeficapsule.c > > > > @@ -29,7 +29,7 @@ static const char *tool_name = "mkeficapsule"; > > > > efi_guid_t efi_guid_fm_capsule = > > > > EFI_FIRMWARE_MANAGEMENT_CAPSULE_ID_GUID; > > > > efi_guid_t efi_guid_cert_type_pkcs7 = EFI_CERT_TYPE_PKCS7_GUID; > > > > > > > > -static const char *opts_short = "g:i:I:v:p:c:m:o:dhAR"; > > > > +static const char *opts_short = "g:i:b:I:v:p:c:m:o:dhAR"; > > > > > > > > enum { > > > > CAPSULE_NORMAL_BLOB = 0, > > > > @@ -40,6 +40,7 @@ enum { > > > > static struct option options[] = { > > > > {"guid", required_argument, NULL, 'g'}, > > > > {"index", required_argument, NULL, 'i'}, > > > > + {"image_blob", required_argument, NULL, 'b'}, > > > > {"instance", required_argument, NULL, 'I'}, > > > > {"fw-version", required_argument, NULL, 'v'}, > > > > {"private-key", required_argument, NULL, 'p'}, > > > > @@ -55,21 +56,22 @@ static struct option options[] = { > > > > > > > > static void print_usage(void) > > > > { > > > > - fprintf(stderr, "Usage: %s [options] > > > file>\n" > > > > + fprintf(stderr, "Usage: %s [options] [] > > > file>\n" > > > > "Options:\n" > > > > > > > > - "\t-g, --guid guid for image blob > > > > type\n" > > > > - "\t-i, --index update image index\n" > > > > - "\t-I, --instanceupdate hardware > > > > instance\n" > > > > - "\t-v, --fw-version firmware version\n" > > > > - "\t-p, --private-key private key file\n" > > > > - "\t-c, --certificate signer's > > > > certificate file\n" > > > > - "\t-m, --monotonic-count monotonic count\n" > > > > - "\t-d, --dump_sig
Re: [PATCH 2/5] mkeficapsule: add support for multiple payloads inside capsule
On Fri, Jun 16, 2023 at 06:02:52PM +0530, Sughosh Ganu wrote: > On Fri, 16 Jun 2023 at 17:56, Sughosh Ganu wrote: > > > > hi Stefan, > > > > On Fri, 16 Jun 2023 at 17:04, Stefan Herbrechtsmeier > > wrote: > > > > > > From: Malte Schmidt > > > > > > The UEFI [1] specification allows multiple payloads inside the capsule > > > body. Add support for this. The command line arguments are kept > > > backwards-compatible. > > > > > > [1] https://uefi.org/specs/UEFI/2.10/index.html > > > > I am trying to upstream support for specifying the capsule parameters > > for multiple payloads through a config file [1]. This is on similar > > lines to the support in the Edk2 GenerateCapule tool where multiple > > payloads can be specified through a json file. I think you can base > > your changes on my series. > > Btw, with the support being added for getting the capsule parameters > through a config file, I believe your changes would be pretty much > simplified. Instead of passing all those parameters through the > command line, they can instead be read from the config file and used > to generate a single capsule file consisting of multiple payloads. > That would be a much simpler implementation. As I said in my reply to the patch[0/5], I don't think we have a strong reason to support multiple images because there is already a FIT-based capsule support. That said, if there is a good reason to do so, Sughosh's suggestion makes much sense to me. BTW, sughosh's patch implements yet another key:value format for config files. I wondered if we could use a generic (standardized) format, like a device tree or yaml, or others. -Takahiro Akashi > -sughosh > > > > > -sughosh > > > > [1] - > > https://lore.kernel.org/u-boot/20230613103806.812065-1-sughosh.g...@linaro.org/T/#mc8c0500863bd3a1580c572679370a565f8d7f2c8 > > > > > > > > Signed-off-by: Malte Schmidt > > > Signed-off-by: Stefan Herbrechtsmeier > > > > > > --- > > > > > > tools/eficapsule.h | 5 - > > > tools/mkeficapsule.c | 636 --- > > > 2 files changed, 475 insertions(+), 166 deletions(-) > > > > > > diff --git a/tools/eficapsule.h b/tools/eficapsule.h > > > index 753fb73313..001af3217c 100644 > > > --- a/tools/eficapsule.h > > > +++ b/tools/eficapsule.h > > > @@ -138,9 +138,4 @@ struct fmp_payload_header { > > > uint32_t lowest_supported_version; > > > }; > > > > > > -struct fmp_payload_header_params { > > > - bool have_header; > > > - uint32_t fw_version; > > > -}; > > > - > > > #endif /* _EFI_CAPSULE_H */ > > > diff --git a/tools/mkeficapsule.c b/tools/mkeficapsule.c > > > index b8db00b16b..1a4de0f092 100644 > > > --- a/tools/mkeficapsule.c > > > +++ b/tools/mkeficapsule.c > > > @@ -29,7 +29,7 @@ static const char *tool_name = "mkeficapsule"; > > > efi_guid_t efi_guid_fm_capsule = EFI_FIRMWARE_MANAGEMENT_CAPSULE_ID_GUID; > > > efi_guid_t efi_guid_cert_type_pkcs7 = EFI_CERT_TYPE_PKCS7_GUID; > > > > > > -static const char *opts_short = "g:i:I:v:p:c:m:o:dhAR"; > > > +static const char *opts_short = "g:i:b:I:v:p:c:m:o:dhAR"; > > > > > > enum { > > > CAPSULE_NORMAL_BLOB = 0, > > > @@ -40,6 +40,7 @@ enum { > > > static struct option options[] = { > > > {"guid", required_argument, NULL, 'g'}, > > > {"index", required_argument, NULL, 'i'}, > > > + {"image_blob", required_argument, NULL, 'b'}, > > > {"instance", required_argument, NULL, 'I'}, > > > {"fw-version", required_argument, NULL, 'v'}, > > > {"private-key", required_argument, NULL, 'p'}, > > > @@ -55,21 +56,22 @@ static struct option options[] = { > > > > > > static void print_usage(void) > > > { > > > - fprintf(stderr, "Usage: %s [options] \n" > > > + fprintf(stderr, "Usage: %s [options] [] > > file>\n" > > > "Options:\n" > > > > > > - "\t-g, --guid guid for image blob type\n" > > > - "\t-i, --index update image index\n" > > > - "\t-I, --instanceupdate hardware instance\n" > > > - "\t-v, --fw-version firmware version\n" > > > - "\t-p, --private-key private key file\n" > > > - "\t-c, --certificate signer's certificate > > > file\n" > > > - "\t-m, --monotonic-count monotonic count\n" > > > - "\t-d, --dump_sig dump signature (*.p7)\n" > > > - "\t-A, --fw-accept firmware accept capsule, requires > > > GUID, no image blob\n" > > > - "\t-R, --fw-revert firmware revert capsule, takes no > > > GUID, no image blob\n" > > > - "\t-o, --capoemflag Capsule OEM Flag, an integer between > > > 0x and 0x\n" > > > - "\t-h, --help print a help message\n", > > > + "\t-g, --guidcomma-separated list > > > of guids for image blob types\n" > > > + "\t-i, --index comma-separated list > >
Re: [PATCH 2/5] mkeficapsule: add support for multiple payloads inside capsule
On Fri, Jun 16, 2023 at 03:32:59PM +0200, Schmidt, Malte wrote: > Hi Sughos, > > one other question. Do you know what the advantage of mkeficapsule tool over > the EDK2 GenerateCapsule tool is? It seems like reinventing the wheel > for me. Simply because I didn't want to have a dependency on EDK2 package when users use U-Boot as EFI framework. (In other words, make it self-contained?) -Takahiro Akashi > Best Regards > Malte > > Am 16.06.2023 um 14:59 schrieb Schmidt, Malte: > > Hi Sughos, > > > > Am 16.06.2023 um 14:32 schrieb Sughosh Ganu: > > > On Fri, 16 Jun 2023 at 17:56, Sughosh Ganu > > > wrote: > > > > hi Stefan, > > > > > > > > On Fri, 16 Jun 2023 at 17:04, Stefan Herbrechtsmeier > > > > wrote: > > > > > From: Malte Schmidt > > > > > > > > > > The UEFI [1] specification allows multiple payloads inside the capsule > > > > > body. Add support for this. The command line arguments are kept > > > > > backwards-compatible. > > > > > > > > > > [1] https://uefi.org/specs/UEFI/2.10/index.html > > > > I am trying to upstream support for specifying the capsule parameters > > > > for multiple payloads through a config file [1]. This is on similar > > > > lines to the support in the Edk2 GenerateCapule tool where multiple > > > > payloads can be specified through a json file. I think you can base > > > > your changes on my series. > > > Btw, with the support being added for getting the capsule parameters > > > through a config file, I believe your changes would be pretty much > > > simplified. Instead of passing all those parameters through the > > > command line, they can instead be read from the config file and used > > > to generate a single capsule file consisting of multiple payloads. > > > That would be a much simpler implementation. > > > > > > -sughosh > > thanks for the heads up. So your opinion is that we only support multiple > > payloads via config files and not the command line? I think it does not > > hurt to have both options available. > > > > I plan to rebase my code on yours once it nears the finish line. I still > > have a suggsetion for it which I will post in a sec. > > > > Best Regards > > Malte > > > > -sughosh > > > > > > > > [1] - > > > > https://lore.kernel.org/u-boot/20230613103806.812065-1-sughosh.g...@linaro.org/T/#mc8c0500863bd3a1580c572679370a565f8d7f2c8 > > > > > > > > > Signed-off-by: Malte Schmidt > > > > > Signed-off-by: Stefan Herbrechtsmeier > > > > > > > > > > --- > > > > > > > > > > tools/eficapsule.h | 5 - > > > > > tools/mkeficapsule.c | 636 > > > > > --- > > > > > 2 files changed, 475 insertions(+), 166 deletions(-) > > > > > > > > > > diff --git a/tools/eficapsule.h b/tools/eficapsule.h > > > > > index 753fb73313..001af3217c 100644 > > > > > --- a/tools/eficapsule.h > > > > > +++ b/tools/eficapsule.h > > > > > @@ -138,9 +138,4 @@ struct fmp_payload_header { > > > > > uint32_t lowest_supported_version; > > > > > }; > > > > > > > > > > -struct fmp_payload_header_params { > > > > > - bool have_header; > > > > > - uint32_t fw_version; > > > > > -}; > > > > > - > > > > > #endif /* _EFI_CAPSULE_H */ > > > > > diff --git a/tools/mkeficapsule.c b/tools/mkeficapsule.c > > > > > index b8db00b16b..1a4de0f092 100644 > > > > > --- a/tools/mkeficapsule.c > > > > > +++ b/tools/mkeficapsule.c > > > > > @@ -29,7 +29,7 @@ static const char *tool_name = "mkeficapsule"; > > > > > efi_guid_t efi_guid_fm_capsule = > > > > > EFI_FIRMWARE_MANAGEMENT_CAPSULE_ID_GUID; > > > > > efi_guid_t efi_guid_cert_type_pkcs7 = EFI_CERT_TYPE_PKCS7_GUID; > > > > > > > > > > -static const char *opts_short = "g:i:I:v:p:c:m:o:dhAR"; > > > > > +static const char *opts_short = "g:i:b:I:v:p:c:m:o:dhAR"; > > > > > > > > > > enum { > > > > > CAPSULE_NORMAL_BLOB = 0, > > > > > @@ -40,6 +40,7 @@ enum { > > > > > static struct option options[] = { > > > > > {"guid", required_argument, NULL, 'g'}, > > > > > {"index", required_argument, NULL, 'i'}, > > > > > + {"image_blob", required_argument, NULL, 'b'}, > > > > > {"instance", required_argument, NULL, 'I'}, > > > > > {"fw-version", required_argument, NULL, 'v'}, > > > > > {"private-key", required_argument, NULL, 'p'}, > > > > > @@ -55,21 +56,22 @@ static struct option options[] = { > > > > > > > > > > static void print_usage(void) > > > > > { > > > > > - fprintf(stderr, "Usage: %s [options] > > > > blob> \n" > > > > > + fprintf(stderr, "Usage: %s [options] [ > > > > blob>] \n" > > > > > "Options:\n" > > > > > > > > > > - "\t-g, --guid > > > > string> guid for image blob type\n" > > > > > - "\t-i, --index update image index\n" > > > > > - "\t-I, --instance > > > > > update hardware instance\n" > > > > > - "\t-v, --fw-version firmware version\n" > > > > > - "\t-p, --private-key > > >
Re: [PATCH 2/5] mkeficapsule: add support for multiple payloads inside capsule
On 6/16/23 13:34, Stefan Herbrechtsmeier wrote: From: Malte Schmidt The UEFI [1] specification allows multiple payloads inside the capsule body. Add support for this. The command line arguments are kept backwards-compatible. [1] https://uefi.org/specs/UEFI/2.10/index.html Signed-off-by: Malte Schmidt Signed-off-by: Stefan Herbrechtsmeier --- tools/eficapsule.h | 5 - tools/mkeficapsule.c | 636 --- 2 files changed, 475 insertions(+), 166 deletions(-) diff --git a/tools/eficapsule.h b/tools/eficapsule.h index 753fb73313..001af3217c 100644 --- a/tools/eficapsule.h +++ b/tools/eficapsule.h @@ -138,9 +138,4 @@ struct fmp_payload_header { uint32_t lowest_supported_version; }; -struct fmp_payload_header_params { - bool have_header; - uint32_t fw_version; -}; - #endif /* _EFI_CAPSULE_H */ diff --git a/tools/mkeficapsule.c b/tools/mkeficapsule.c index b8db00b16b..1a4de0f092 100644 --- a/tools/mkeficapsule.c +++ b/tools/mkeficapsule.c @@ -29,7 +29,7 @@ static const char *tool_name = "mkeficapsule"; efi_guid_t efi_guid_fm_capsule = EFI_FIRMWARE_MANAGEMENT_CAPSULE_ID_GUID; efi_guid_t efi_guid_cert_type_pkcs7 = EFI_CERT_TYPE_PKCS7_GUID; -static const char *opts_short = "g:i:I:v:p:c:m:o:dhAR"; +static const char *opts_short = "g:i:b:I:v:p:c:m:o:dhAR"; enum { CAPSULE_NORMAL_BLOB = 0, @@ -40,6 +40,7 @@ enum { static struct option options[] = { {"guid", required_argument, NULL, 'g'}, {"index", required_argument, NULL, 'i'}, + {"image_blob", required_argument, NULL, 'b'}, {"instance", required_argument, NULL, 'I'}, {"fw-version", required_argument, NULL, 'v'}, {"private-key", required_argument, NULL, 'p'}, @@ -55,21 +56,22 @@ static struct option options[] = { static void print_usage(void) { - fprintf(stderr, "Usage: %s [options] \n" + fprintf(stderr, "Usage: %s [options] [] \n" "Options:\n" - "\t-g, --guid guid for image blob type\n" - "\t-i, --index update image index\n" - "\t-I, --instanceupdate hardware instance\n" - "\t-v, --fw-version firmware version\n" - "\t-p, --private-key private key file\n" - "\t-c, --certificate signer's certificate file\n" - "\t-m, --monotonic-count monotonic count\n" - "\t-d, --dump_sig dump signature (*.p7)\n" - "\t-A, --fw-accept firmware accept capsule, requires GUID, no image blob\n" A later patch in the series mentions the lowest supported version. Why can't we set it? Best regards Heinrich - "\t-R, --fw-revert firmware revert capsule, takes no GUID, no image blob\n" - "\t-o, --capoemflag Capsule OEM Flag, an integer between 0x and 0x\n" - "\t-h, --help print a help message\n", + "\t-g, --guidcomma-separated list of guids for image blob types\n" + "\t-i, --index comma-separated list of update image indices\n" + "\t-b, --image_blob comma-separated list of image blobs\n" + "\t-I, --instancecomma-separated list of update hardware instances\n" + "\t-v, --fw-version comma-separated list of firmware versions\n" + "\t-p, --private-key private key file\n" + "\t-c, --certificate signer's certificate file\n" + "\t-m, --monotonic-count comma-separated list of monotonic counts\n" + "\t-d, --dump_sigdump signature (*.p7)\n" + "\t-A, --fw-accept firmware accept capsule, requires GUID, no image blob\n" + "\t-R, --fw-revert firmware revert capsule, takes no GUID, no image blob\n" + "\t-o, --capoemflag capsule OEM Flag, an integer between 0x and 0x\n" + "\t-h, --helpprint a help message\n", tool_name); } @@ -336,16 +338,18 @@ static int create_auth_data(struct auth_context *ctx) * @path: Path to a capsule file * @signature:Signature data * @sig_size: Size of signature data + * @index: The payload index the signature belongs to * * Signature data pointed to by @signature will be saved into - * a file whose file name is @path with ".p7" suffix. + * a file whose file name is @path with "_.p7" suffix. + * If index is negative the suffix is ".p7" (for backwards compatibility). * * Return: * * 0 - on success * * -1 - on failure */ static int dump_signature(const char *path, const uint8_t *signature, - size_t sig_size) + size_t sig_size, int index) { char *sig_path; FILE *f; @@ -356,7 +360,11 @@ static int dump_signature(const char *path, const
Re: [PATCH 2/5] mkeficapsule: add support for multiple payloads inside capsule
Hi Sughos, one other question. Do you know what the advantage of mkeficapsule tool over the EDK2 GenerateCapsule tool is? It seems like reinventing the wheel for me. Best Regards Malte Am 16.06.2023 um 14:59 schrieb Schmidt, Malte: Hi Sughos, Am 16.06.2023 um 14:32 schrieb Sughosh Ganu: On Fri, 16 Jun 2023 at 17:56, Sughosh Ganu wrote: hi Stefan, On Fri, 16 Jun 2023 at 17:04, Stefan Herbrechtsmeier wrote: From: Malte Schmidt The UEFI [1] specification allows multiple payloads inside the capsule body. Add support for this. The command line arguments are kept backwards-compatible. [1] https://uefi.org/specs/UEFI/2.10/index.html I am trying to upstream support for specifying the capsule parameters for multiple payloads through a config file [1]. This is on similar lines to the support in the Edk2 GenerateCapule tool where multiple payloads can be specified through a json file. I think you can base your changes on my series. Btw, with the support being added for getting the capsule parameters through a config file, I believe your changes would be pretty much simplified. Instead of passing all those parameters through the command line, they can instead be read from the config file and used to generate a single capsule file consisting of multiple payloads. That would be a much simpler implementation. -sughosh thanks for the heads up. So your opinion is that we only support multiple payloads via config files and not the command line? I think it does not hurt to have both options available. I plan to rebase my code on yours once it nears the finish line. I still have a suggsetion for it which I will post in a sec. Best Regards Malte -sughosh [1] - https://lore.kernel.org/u-boot/20230613103806.812065-1-sughosh.g...@linaro.org/T/#mc8c0500863bd3a1580c572679370a565f8d7f2c8 Signed-off-by: Malte Schmidt Signed-off-by: Stefan Herbrechtsmeier --- tools/eficapsule.h | 5 - tools/mkeficapsule.c | 636 --- 2 files changed, 475 insertions(+), 166 deletions(-) diff --git a/tools/eficapsule.h b/tools/eficapsule.h index 753fb73313..001af3217c 100644 --- a/tools/eficapsule.h +++ b/tools/eficapsule.h @@ -138,9 +138,4 @@ struct fmp_payload_header { uint32_t lowest_supported_version; }; -struct fmp_payload_header_params { - bool have_header; - uint32_t fw_version; -}; - #endif /* _EFI_CAPSULE_H */ diff --git a/tools/mkeficapsule.c b/tools/mkeficapsule.c index b8db00b16b..1a4de0f092 100644 --- a/tools/mkeficapsule.c +++ b/tools/mkeficapsule.c @@ -29,7 +29,7 @@ static const char *tool_name = "mkeficapsule"; efi_guid_t efi_guid_fm_capsule = EFI_FIRMWARE_MANAGEMENT_CAPSULE_ID_GUID; efi_guid_t efi_guid_cert_type_pkcs7 = EFI_CERT_TYPE_PKCS7_GUID; -static const char *opts_short = "g:i:I:v:p:c:m:o:dhAR"; +static const char *opts_short = "g:i:b:I:v:p:c:m:o:dhAR"; enum { CAPSULE_NORMAL_BLOB = 0, @@ -40,6 +40,7 @@ enum { static struct option options[] = { {"guid", required_argument, NULL, 'g'}, {"index", required_argument, NULL, 'i'}, + {"image_blob", required_argument, NULL, 'b'}, {"instance", required_argument, NULL, 'I'}, {"fw-version", required_argument, NULL, 'v'}, {"private-key", required_argument, NULL, 'p'}, @@ -55,21 +56,22 @@ static struct option options[] = { static void print_usage(void) { - fprintf(stderr, "Usage: %s [options] file>\n" + fprintf(stderr, "Usage: %s [options] [] file>\n" "Options:\n" - "\t-g, --guid guid for image blob type\n" - "\t-i, --index update image index\n" - "\t-I, --instance update hardware instance\n" - "\t-v, --fw-version firmware version\n" - "\t-p, --private-key private key file\n" - "\t-c, --certificate signer's certificate file\n" - "\t-m, --monotonic-count monotonic count\n" - "\t-d, --dump_sig dump signature (*.p7)\n" - "\t-A, --fw-accept firmware accept capsule, requires GUID, no image blob\n" - "\t-R, --fw-revert firmware revert capsule, takes no GUID, no image blob\n" - "\t-o, --capoemflag Capsule OEM Flag, an integer between 0x and 0x\n" - "\t-h, --help print a help message\n", + "\t-g, --guid comma-separated list of guids for image blob types\n" + "\t-i, --index comma-separated list of update image indices\n" + "\t-b, --image_blob comma-separated list of image blobs\n" + "\t-I, --instance comma-separated list of update hardware instances\n" + "\t-v, --fw-version comma-separated list of firmware versions\n" + "\t-p, --private-key private key file\n" + "\t-c, --certificate signer's certificate file\n" +
Re: [PATCH 2/5] mkeficapsule: add support for multiple payloads inside capsule
Hi Sughos, Am 16.06.2023 um 14:32 schrieb Sughosh Ganu: On Fri, 16 Jun 2023 at 17:56, Sughosh Ganu wrote: hi Stefan, On Fri, 16 Jun 2023 at 17:04, Stefan Herbrechtsmeier wrote: From: Malte Schmidt The UEFI [1] specification allows multiple payloads inside the capsule body. Add support for this. The command line arguments are kept backwards-compatible. [1] https://uefi.org/specs/UEFI/2.10/index.html I am trying to upstream support for specifying the capsule parameters for multiple payloads through a config file [1]. This is on similar lines to the support in the Edk2 GenerateCapule tool where multiple payloads can be specified through a json file. I think you can base your changes on my series. Btw, with the support being added for getting the capsule parameters through a config file, I believe your changes would be pretty much simplified. Instead of passing all those parameters through the command line, they can instead be read from the config file and used to generate a single capsule file consisting of multiple payloads. That would be a much simpler implementation. -sughosh thanks for the heads up. So your opinion is that we only support multiple payloads via config files and not the command line? I think it does not hurt to have both options available. I plan to rebase my code on yours once it nears the finish line. I still have a suggsetion for it which I will post in a sec. Best Regards Malte -sughosh [1] - https://lore.kernel.org/u-boot/20230613103806.812065-1-sughosh.g...@linaro.org/T/#mc8c0500863bd3a1580c572679370a565f8d7f2c8 Signed-off-by: Malte Schmidt Signed-off-by: Stefan Herbrechtsmeier --- tools/eficapsule.h | 5 - tools/mkeficapsule.c | 636 --- 2 files changed, 475 insertions(+), 166 deletions(-) diff --git a/tools/eficapsule.h b/tools/eficapsule.h index 753fb73313..001af3217c 100644 --- a/tools/eficapsule.h +++ b/tools/eficapsule.h @@ -138,9 +138,4 @@ struct fmp_payload_header { uint32_t lowest_supported_version; }; -struct fmp_payload_header_params { - bool have_header; - uint32_t fw_version; -}; - #endif /* _EFI_CAPSULE_H */ diff --git a/tools/mkeficapsule.c b/tools/mkeficapsule.c index b8db00b16b..1a4de0f092 100644 --- a/tools/mkeficapsule.c +++ b/tools/mkeficapsule.c @@ -29,7 +29,7 @@ static const char *tool_name = "mkeficapsule"; efi_guid_t efi_guid_fm_capsule = EFI_FIRMWARE_MANAGEMENT_CAPSULE_ID_GUID; efi_guid_t efi_guid_cert_type_pkcs7 = EFI_CERT_TYPE_PKCS7_GUID; -static const char *opts_short = "g:i:I:v:p:c:m:o:dhAR"; +static const char *opts_short = "g:i:b:I:v:p:c:m:o:dhAR"; enum { CAPSULE_NORMAL_BLOB = 0, @@ -40,6 +40,7 @@ enum { static struct option options[] = { {"guid", required_argument, NULL, 'g'}, {"index", required_argument, NULL, 'i'}, + {"image_blob", required_argument, NULL, 'b'}, {"instance", required_argument, NULL, 'I'}, {"fw-version", required_argument, NULL, 'v'}, {"private-key", required_argument, NULL, 'p'}, @@ -55,21 +56,22 @@ static struct option options[] = { static void print_usage(void) { - fprintf(stderr, "Usage: %s [options] \n" + fprintf(stderr, "Usage: %s [options] [] \n" "Options:\n" - "\t-g, --guid guid for image blob type\n" - "\t-i, --index update image index\n" - "\t-I, --instanceupdate hardware instance\n" - "\t-v, --fw-version firmware version\n" - "\t-p, --private-key private key file\n" - "\t-c, --certificate signer's certificate file\n" - "\t-m, --monotonic-count monotonic count\n" - "\t-d, --dump_sig dump signature (*.p7)\n" - "\t-A, --fw-accept firmware accept capsule, requires GUID, no image blob\n" - "\t-R, --fw-revert firmware revert capsule, takes no GUID, no image blob\n" - "\t-o, --capoemflag Capsule OEM Flag, an integer between 0x and 0x\n" - "\t-h, --help print a help message\n", + "\t-g, --guidcomma-separated list of guids for image blob types\n" + "\t-i, --index comma-separated list of update image indices\n" + "\t-b, --image_blob comma-separated list of image blobs\n" + "\t-I, --instancecomma-separated list of update hardware instances\n" + "\t-v, --fw-version comma-separated list of firmware versions\n" + "\t-p, --private-key private key file\n" + "\t-c, --certificate signer's certificate file\n" + "\t-m, --monotonic-count comma-separated list of monotonic counts\n" + "\t-d, --dump_sigdump signature (*.p7)\n" + "\t-A, --fw-accept firmware accept
Re: [PATCH 2/5] mkeficapsule: add support for multiple payloads inside capsule
On Fri, 16 Jun 2023 at 17:56, Sughosh Ganu wrote: > > hi Stefan, > > On Fri, 16 Jun 2023 at 17:04, Stefan Herbrechtsmeier > wrote: > > > > From: Malte Schmidt > > > > The UEFI [1] specification allows multiple payloads inside the capsule > > body. Add support for this. The command line arguments are kept > > backwards-compatible. > > > > [1] https://uefi.org/specs/UEFI/2.10/index.html > > I am trying to upstream support for specifying the capsule parameters > for multiple payloads through a config file [1]. This is on similar > lines to the support in the Edk2 GenerateCapule tool where multiple > payloads can be specified through a json file. I think you can base > your changes on my series. Btw, with the support being added for getting the capsule parameters through a config file, I believe your changes would be pretty much simplified. Instead of passing all those parameters through the command line, they can instead be read from the config file and used to generate a single capsule file consisting of multiple payloads. That would be a much simpler implementation. -sughosh > > -sughosh > > [1] - > https://lore.kernel.org/u-boot/20230613103806.812065-1-sughosh.g...@linaro.org/T/#mc8c0500863bd3a1580c572679370a565f8d7f2c8 > > > > > Signed-off-by: Malte Schmidt > > Signed-off-by: Stefan Herbrechtsmeier > > > > --- > > > > tools/eficapsule.h | 5 - > > tools/mkeficapsule.c | 636 --- > > 2 files changed, 475 insertions(+), 166 deletions(-) > > > > diff --git a/tools/eficapsule.h b/tools/eficapsule.h > > index 753fb73313..001af3217c 100644 > > --- a/tools/eficapsule.h > > +++ b/tools/eficapsule.h > > @@ -138,9 +138,4 @@ struct fmp_payload_header { > > uint32_t lowest_supported_version; > > }; > > > > -struct fmp_payload_header_params { > > - bool have_header; > > - uint32_t fw_version; > > -}; > > - > > #endif /* _EFI_CAPSULE_H */ > > diff --git a/tools/mkeficapsule.c b/tools/mkeficapsule.c > > index b8db00b16b..1a4de0f092 100644 > > --- a/tools/mkeficapsule.c > > +++ b/tools/mkeficapsule.c > > @@ -29,7 +29,7 @@ static const char *tool_name = "mkeficapsule"; > > efi_guid_t efi_guid_fm_capsule = EFI_FIRMWARE_MANAGEMENT_CAPSULE_ID_GUID; > > efi_guid_t efi_guid_cert_type_pkcs7 = EFI_CERT_TYPE_PKCS7_GUID; > > > > -static const char *opts_short = "g:i:I:v:p:c:m:o:dhAR"; > > +static const char *opts_short = "g:i:b:I:v:p:c:m:o:dhAR"; > > > > enum { > > CAPSULE_NORMAL_BLOB = 0, > > @@ -40,6 +40,7 @@ enum { > > static struct option options[] = { > > {"guid", required_argument, NULL, 'g'}, > > {"index", required_argument, NULL, 'i'}, > > + {"image_blob", required_argument, NULL, 'b'}, > > {"instance", required_argument, NULL, 'I'}, > > {"fw-version", required_argument, NULL, 'v'}, > > {"private-key", required_argument, NULL, 'p'}, > > @@ -55,21 +56,22 @@ static struct option options[] = { > > > > static void print_usage(void) > > { > > - fprintf(stderr, "Usage: %s [options] \n" > > + fprintf(stderr, "Usage: %s [options] [] \n" > > "Options:\n" > > > > - "\t-g, --guid guid for image blob type\n" > > - "\t-i, --index update image index\n" > > - "\t-I, --instanceupdate hardware instance\n" > > - "\t-v, --fw-version firmware version\n" > > - "\t-p, --private-key private key file\n" > > - "\t-c, --certificate signer's certificate > > file\n" > > - "\t-m, --monotonic-count monotonic count\n" > > - "\t-d, --dump_sig dump signature (*.p7)\n" > > - "\t-A, --fw-accept firmware accept capsule, requires GUID, > > no image blob\n" > > - "\t-R, --fw-revert firmware revert capsule, takes no GUID, > > no image blob\n" > > - "\t-o, --capoemflag Capsule OEM Flag, an integer between > > 0x and 0x\n" > > - "\t-h, --help print a help message\n", > > + "\t-g, --guidcomma-separated list of > > guids for image blob types\n" > > + "\t-i, --index comma-separated list of > > update image indices\n" > > + "\t-b, --image_blob comma-separated list of > > image blobs\n" > > + "\t-I, --instancecomma-separated list of > > update hardware instances\n" > > + "\t-v, --fw-version comma-separated list of > > firmware versions\n" > > + "\t-p, --private-key private > > key file\n" > > + "\t-c, --certificate signer's > > certificate file\n" > > + "\t-m, --monotonic-count > > comma-separated list of monotonic counts\n" > > + "\t-d, --dump_sigdump > > signature (*.p7)\n" > > + "\t-A, --fw-accept firmware accept
Re: [PATCH 2/5] mkeficapsule: add support for multiple payloads inside capsule
hi Stefan, On Fri, 16 Jun 2023 at 17:04, Stefan Herbrechtsmeier wrote: > > From: Malte Schmidt > > The UEFI [1] specification allows multiple payloads inside the capsule > body. Add support for this. The command line arguments are kept > backwards-compatible. > > [1] https://uefi.org/specs/UEFI/2.10/index.html I am trying to upstream support for specifying the capsule parameters for multiple payloads through a config file [1]. This is on similar lines to the support in the Edk2 GenerateCapule tool where multiple payloads can be specified through a json file. I think you can base your changes on my series. -sughosh [1] - https://lore.kernel.org/u-boot/20230613103806.812065-1-sughosh.g...@linaro.org/T/#mc8c0500863bd3a1580c572679370a565f8d7f2c8 > > Signed-off-by: Malte Schmidt > Signed-off-by: Stefan Herbrechtsmeier > --- > > tools/eficapsule.h | 5 - > tools/mkeficapsule.c | 636 --- > 2 files changed, 475 insertions(+), 166 deletions(-) > > diff --git a/tools/eficapsule.h b/tools/eficapsule.h > index 753fb73313..001af3217c 100644 > --- a/tools/eficapsule.h > +++ b/tools/eficapsule.h > @@ -138,9 +138,4 @@ struct fmp_payload_header { > uint32_t lowest_supported_version; > }; > > -struct fmp_payload_header_params { > - bool have_header; > - uint32_t fw_version; > -}; > - > #endif /* _EFI_CAPSULE_H */ > diff --git a/tools/mkeficapsule.c b/tools/mkeficapsule.c > index b8db00b16b..1a4de0f092 100644 > --- a/tools/mkeficapsule.c > +++ b/tools/mkeficapsule.c > @@ -29,7 +29,7 @@ static const char *tool_name = "mkeficapsule"; > efi_guid_t efi_guid_fm_capsule = EFI_FIRMWARE_MANAGEMENT_CAPSULE_ID_GUID; > efi_guid_t efi_guid_cert_type_pkcs7 = EFI_CERT_TYPE_PKCS7_GUID; > > -static const char *opts_short = "g:i:I:v:p:c:m:o:dhAR"; > +static const char *opts_short = "g:i:b:I:v:p:c:m:o:dhAR"; > > enum { > CAPSULE_NORMAL_BLOB = 0, > @@ -40,6 +40,7 @@ enum { > static struct option options[] = { > {"guid", required_argument, NULL, 'g'}, > {"index", required_argument, NULL, 'i'}, > + {"image_blob", required_argument, NULL, 'b'}, > {"instance", required_argument, NULL, 'I'}, > {"fw-version", required_argument, NULL, 'v'}, > {"private-key", required_argument, NULL, 'p'}, > @@ -55,21 +56,22 @@ static struct option options[] = { > > static void print_usage(void) > { > - fprintf(stderr, "Usage: %s [options] \n" > + fprintf(stderr, "Usage: %s [options] [] \n" > "Options:\n" > > - "\t-g, --guid guid for image blob type\n" > - "\t-i, --index update image index\n" > - "\t-I, --instanceupdate hardware instance\n" > - "\t-v, --fw-version firmware version\n" > - "\t-p, --private-key private key file\n" > - "\t-c, --certificate signer's certificate > file\n" > - "\t-m, --monotonic-count monotonic count\n" > - "\t-d, --dump_sig dump signature (*.p7)\n" > - "\t-A, --fw-accept firmware accept capsule, requires GUID, > no image blob\n" > - "\t-R, --fw-revert firmware revert capsule, takes no GUID, > no image blob\n" > - "\t-o, --capoemflag Capsule OEM Flag, an integer between > 0x and 0x\n" > - "\t-h, --help print a help message\n", > + "\t-g, --guidcomma-separated list of > guids for image blob types\n" > + "\t-i, --index comma-separated list of > update image indices\n" > + "\t-b, --image_blob comma-separated list of > image blobs\n" > + "\t-I, --instancecomma-separated list of > update hardware instances\n" > + "\t-v, --fw-version comma-separated list of > firmware versions\n" > + "\t-p, --private-key private key > file\n" > + "\t-c, --certificate signer's > certificate file\n" > + "\t-m, --monotonic-count > comma-separated list of monotonic counts\n" > + "\t-d, --dump_sigdump > signature (*.p7)\n" > + "\t-A, --fw-accept firmware accept capsule, requires GUID, > no image blob\n" > + "\t-R, --fw-revert firmware revert capsule, takes no GUID, > no image blob\n" > + "\t-o, --capoemflag capsule OEM Flag, an integer between > 0x and 0x\n" > + "\t-h, --helpprint a help message\n", > tool_name); > } > > @@ -336,16 +338,18 @@ static int create_auth_data(struct auth_context *ctx) > * @path: Path to a capsule file > * @signature: Signature data > * @sig_size: Size of signature data > + * @index: The payload index the signature belongs to > * > * Signature data pointed to by @signature will be saved into > - *
[PATCH 2/5] mkeficapsule: add support for multiple payloads inside capsule
From: Malte Schmidt The UEFI [1] specification allows multiple payloads inside the capsule body. Add support for this. The command line arguments are kept backwards-compatible. [1] https://uefi.org/specs/UEFI/2.10/index.html Signed-off-by: Malte Schmidt Signed-off-by: Stefan Herbrechtsmeier --- tools/eficapsule.h | 5 - tools/mkeficapsule.c | 636 --- 2 files changed, 475 insertions(+), 166 deletions(-) diff --git a/tools/eficapsule.h b/tools/eficapsule.h index 753fb73313..001af3217c 100644 --- a/tools/eficapsule.h +++ b/tools/eficapsule.h @@ -138,9 +138,4 @@ struct fmp_payload_header { uint32_t lowest_supported_version; }; -struct fmp_payload_header_params { - bool have_header; - uint32_t fw_version; -}; - #endif /* _EFI_CAPSULE_H */ diff --git a/tools/mkeficapsule.c b/tools/mkeficapsule.c index b8db00b16b..1a4de0f092 100644 --- a/tools/mkeficapsule.c +++ b/tools/mkeficapsule.c @@ -29,7 +29,7 @@ static const char *tool_name = "mkeficapsule"; efi_guid_t efi_guid_fm_capsule = EFI_FIRMWARE_MANAGEMENT_CAPSULE_ID_GUID; efi_guid_t efi_guid_cert_type_pkcs7 = EFI_CERT_TYPE_PKCS7_GUID; -static const char *opts_short = "g:i:I:v:p:c:m:o:dhAR"; +static const char *opts_short = "g:i:b:I:v:p:c:m:o:dhAR"; enum { CAPSULE_NORMAL_BLOB = 0, @@ -40,6 +40,7 @@ enum { static struct option options[] = { {"guid", required_argument, NULL, 'g'}, {"index", required_argument, NULL, 'i'}, + {"image_blob", required_argument, NULL, 'b'}, {"instance", required_argument, NULL, 'I'}, {"fw-version", required_argument, NULL, 'v'}, {"private-key", required_argument, NULL, 'p'}, @@ -55,21 +56,22 @@ static struct option options[] = { static void print_usage(void) { - fprintf(stderr, "Usage: %s [options] \n" + fprintf(stderr, "Usage: %s [options] [] \n" "Options:\n" - "\t-g, --guid guid for image blob type\n" - "\t-i, --index update image index\n" - "\t-I, --instanceupdate hardware instance\n" - "\t-v, --fw-version firmware version\n" - "\t-p, --private-key private key file\n" - "\t-c, --certificate signer's certificate file\n" - "\t-m, --monotonic-count monotonic count\n" - "\t-d, --dump_sig dump signature (*.p7)\n" - "\t-A, --fw-accept firmware accept capsule, requires GUID, no image blob\n" - "\t-R, --fw-revert firmware revert capsule, takes no GUID, no image blob\n" - "\t-o, --capoemflag Capsule OEM Flag, an integer between 0x and 0x\n" - "\t-h, --help print a help message\n", + "\t-g, --guidcomma-separated list of guids for image blob types\n" + "\t-i, --index comma-separated list of update image indices\n" + "\t-b, --image_blob comma-separated list of image blobs\n" + "\t-I, --instancecomma-separated list of update hardware instances\n" + "\t-v, --fw-version comma-separated list of firmware versions\n" + "\t-p, --private-key private key file\n" + "\t-c, --certificate signer's certificate file\n" + "\t-m, --monotonic-count comma-separated list of monotonic counts\n" + "\t-d, --dump_sigdump signature (*.p7)\n" + "\t-A, --fw-accept firmware accept capsule, requires GUID, no image blob\n" + "\t-R, --fw-revert firmware revert capsule, takes no GUID, no image blob\n" + "\t-o, --capoemflag capsule OEM Flag, an integer between 0x and 0x\n" + "\t-h, --helpprint a help message\n", tool_name); } @@ -336,16 +338,18 @@ static int create_auth_data(struct auth_context *ctx) * @path: Path to a capsule file * @signature: Signature data * @sig_size: Size of signature data + * @index: The payload index the signature belongs to * * Signature data pointed to by @signature will be saved into - * a file whose file name is @path with ".p7" suffix. + * a file whose file name is @path with "_.p7" suffix. + * If index is negative the suffix is ".p7" (for backwards compatibility). * * Return: * * 0 - on success * * -1 - on failure */ static int dump_signature(const char *path, const uint8_t *signature, - size_t sig_size) + size_t sig_size, int index) { char *sig_path; FILE *f; @@ -356,7 +360,11 @@ static int dump_signature(const char *path, const uint8_t *signature, if (!sig_path) return ret; - sprintf(sig_path, "%s.p7", path); + if (index < 0) + sprintf(sig_path, "%s.p7", path); +