Re: [PATCH v4 8/8] doc: uefi: Update the capsule update related documentation

2022-03-31 Thread Ilias Apalodimas 
On Thu, Mar 31, 2022 at 06:57:50PM +0530, Sughosh Ganu wrote:
> Update the capsule update functionality related documentation to
> refect the additional definitions that need to be made per platform
> for supporting the capsule update feature.
> 
> Signed-off-by: Sughosh Ganu 
> ---
> 
> Changes since V3:
> * Rephrase the commit message to indicate that the doc changes are not
>   just limited to adding the GUID values, but other info as well.
> * Elaborate with an example on the relation between the dfu alt number
>   and the image index 
> 
>  doc/develop/uefi/uefi.rst | 24 ++--
>  1 file changed, 22 insertions(+), 2 deletions(-)
> 
> diff --git a/doc/develop/uefi/uefi.rst b/doc/develop/uefi/uefi.rst
> index fe337c88bd..d886635cc3 100644
> --- a/doc/develop/uefi/uefi.rst
> +++ b/doc/develop/uefi/uefi.rst
> @@ -312,8 +312,8 @@ Run the following command
>  .. code-block:: console
>  
>  $ mkeficapsule \
> -  --index 1 --instance 0 \
> -  [--fit  | --raw ] \
> +  --index  --instance 0 \
> +  --guid  \
>
>  
>  Performing the update
> @@ -333,6 +333,26 @@ won't be taken over across the reboot. If this is the 
> case, you can skip
>  this feature check with the Kconfig option (CONFIG_EFI_IGNORE_OSINDICATIONS)
>  set.
>  
> +A few things need to be defined in the board file for performing the
> +capsule upadte. The first is defining the function set_dfu_alt_info in

s/upadte/update/

> +the board file. This function sets the environment variable
> +dfu_alt_info. Instead of taking the variable from the environment, the
> +capsule update feature requires that the variable be set through the

I think we should also mention that allowing a user to change the location
of the firmware updates in flash is not a good security practice.  
Having that baked in the firmware (as long as a prior stage boot loader 
verifies it)
is a better approach.

Thanks
/Ilias
> +board function, since that is more robust. Secondly, define GUID
> +values and image index of the images that are to be updated through
> +the capsule update feature in the board file. Both the values are to
> +be defined as part of the fw_images array. These GUID values would be
> +used by the Firmware Management Protocol(FMP) to populate the image
> +descriptor array and also displayed as part of the ESRT table. The
> +image index values defined in the array should be one greater than the
> +dfu alt number that corresponds to the firmware image. So, if the dfu
> +alt number for an image is 2, the value of image index in the
> +fw_images array for that image should be 3. The dfu alt number can be
> +obtained by running the following command::
> +
> +dfu list
> +
> +
>  Finally, the capsule update can be initiated by rebooting the board.
>  
>  Enabling Capsule Authentication
> -- 
> 2.25.1
>

[PATCH v4 8/8] doc: uefi: Update the capsule update related documentation

2022-03-31 Thread Sughosh Ganu 
Update the capsule update functionality related documentation to
refect the additional definitions that need to be made per platform
for supporting the capsule update feature.

Signed-off-by: Sughosh Ganu 
---

Changes since V3:
* Rephrase the commit message to indicate that the doc changes are not
  just limited to adding the GUID values, but other info as well.
* Elaborate with an example on the relation between the dfu alt number
  and the image index 

 doc/develop/uefi/uefi.rst | 24 ++--
 1 file changed, 22 insertions(+), 2 deletions(-)

diff --git a/doc/develop/uefi/uefi.rst b/doc/develop/uefi/uefi.rst
index fe337c88bd..d886635cc3 100644
--- a/doc/develop/uefi/uefi.rst
+++ b/doc/develop/uefi/uefi.rst
@@ -312,8 +312,8 @@ Run the following command
 .. code-block:: console
 
 $ mkeficapsule \
-  --index 1 --instance 0 \
-  [--fit  | --raw ] \
+  --index  --instance 0 \
+  --guid  \
   
 
 Performing the update
@@ -333,6 +333,26 @@ won't be taken over across the reboot. If this is the 
case, you can skip
 this feature check with the Kconfig option (CONFIG_EFI_IGNORE_OSINDICATIONS)
 set.
 
+A few things need to be defined in the board file for performing the
+capsule upadte. The first is defining the function set_dfu_alt_info in
+the board file. This function sets the environment variable
+dfu_alt_info. Instead of taking the variable from the environment, the
+capsule update feature requires that the variable be set through the
+board function, since that is more robust. Secondly, define GUID
+values and image index of the images that are to be updated through
+the capsule update feature in the board file. Both the values are to
+be defined as part of the fw_images array. These GUID values would be
+used by the Firmware Management Protocol(FMP) to populate the image
+descriptor array and also displayed as part of the ESRT table. The
+image index values defined in the array should be one greater than the
+dfu alt number that corresponds to the firmware image. So, if the dfu
+alt number for an image is 2, the value of image index in the
+fw_images array for that image should be 3. The dfu alt number can be
+obtained by running the following command::
+
+dfu list
+
+
 Finally, the capsule update can be initiated by rebooting the board.
 
 Enabling Capsule Authentication
-- 
2.25.1