This patchset aims to bring two capsule related tasks under the U-Boot build flow.
The first task is related to generation of capsules. The capsules can be generated as part of U-Boot build, and this is being achieved through binman, by adding a capsule entry type. The capsules can be generated by specifying the capsule parameters as properties under the capsule entry node. The other task is the embedding of the public key into the platform's DTB. The public key is in the form of an EFI Signature List(ESL) file and is used for capsule authentication. This is being achieved by adding the signature node containing the capsule public key in the platform's DTB. Corresponding changes have also been made to the test setup of the EFI capsule update feature. The ESL public key file was embedded into the sandbox platform's test.dtb as part of the test setup, post U-Boot build. This is now no longer needed as the embedding of the ESL happens as part of the build. Secondly, the capsules needed for testing the EFI capsule update feature were being generated through the invocation of the mkeficapsule tool. This setup has also been changed to introduce generation of these capsules through binman. The document has been updated to reflect the above changes. Changes since V10: This series clubs two changes together. 1) Capsule generation through binman, 2) Embedding the capsule public key ESL into the platform's DTB [1]. This has been done based on feedback from Tom Rini on IRC. The capsule generation was being done for all sandbox variant builds till the V10 version. This is now changed so that the capsules are only generated as part of the EFI capsule update feature testing. This has been done based on feedback from Tom Rini [2]. These changes are part of patch 7. * Remove the sandbox_capsule.dtsi file. * Remove addition of multiple-images property from sandbox.dts and test.dts as the capsule generation is moved to the test. * Add the capsule_gen_binman.dts with binman nodes for capsule generation. * Call the binman tool as part of the capsule test setup for generation of capsules. * Add an example binman capsule node which shows how a capsule can be generated through binman. [1] - https://lists.denx.de/pipermail/u-boot/2023-August/527810.html [2] - https://lists.denx.de/pipermail/u-boot/2023-August/526987.html Sughosh Ganu (15): binman: bintool: Build a tool from a list of commands nuvoton: npcm845-evb: Add a newline at the end of file sandbox: capsule: Add keys and certificates needed for capsule update testing sandbox: capsule: Enable EFI capsule module on sandbox variants btool: mkeficapsule: Add a bintool for EFI capsule generation binman: capsule: Add support for generating EFI capsules test: capsule: Generate EFI capsules through binman doc: Add documentation to highlight capsule generation related updates sandbox: trace: Increase trace buffer size scripts/Makefile.lib: Collate all dtsi files for inclusion scripts/Makefile.lib: Add dtsi include files as deps for building DTB scripts/Makefile.lib: Embed capsule public key in platform's dtb sandbox: capsule: Add path to the public key ESL file test: capsule: Remove logic to add public key ESL doc: capsule: Document the new mechanism to embed ESL file into dtb .azure-pipelines.yml | 2 +- .gitlab-ci.yml | 2 +- arch/arm/dts/nuvoton-npcm845-evb.dts | 2 +- board/sandbox/capsule_priv_key_bad.key | 28 ++ board/sandbox/capsule_priv_key_good.key | 28 ++ board/sandbox/capsule_pub_esl_good.esl | Bin 0 -> 831 bytes board/sandbox/capsule_pub_key_bad.crt | 19 ++ board/sandbox/capsule_pub_key_good.crt | 19 ++ configs/sandbox_defconfig | 1 + configs/sandbox_flattree_defconfig | 1 + configs/sandbox_noinst_defconfig | 2 + configs/sandbox_spl_defconfig | 2 + configs/sandbox_vpl_defconfig | 2 + doc/develop/uefi/uefi.rst | 59 +++- include/sandbox_efi_capsule.h | 21 ++ lib/efi_loader/Kconfig | 8 + lib/efi_loader/capsule_esl.dtsi.in | 11 + scripts/Makefile.lib | 30 +- .../test_efi_capsule/capsule_gen_binman.dts | 321 ++++++++++++++++++ test/py/tests/test_efi_capsule/conftest.py | 175 ++-------- test/py/tests/test_efi_capsule/signature.dts | 10 - .../tests/test_efi_capsule/uboot_bin_env.its | 36 -- test/py/tests/test_trace.py | 2 +- tools/binman/bintool.py | 19 +- tools/binman/btool/mkeficapsule.py | 101 ++++++ tools/binman/entries.rst | 64 ++++ tools/binman/etype/efi_capsule.py | 143 ++++++++ tools/binman/ftest.py | 118 +++++++ tools/binman/test/311_capsule.dts | 21 ++ tools/binman/test/312_capsule_signed.dts | 23 ++ tools/binman/test/313_capsule_version.dts | 22 ++ tools/binman/test/314_capsule_signed_ver.dts | 24 ++ tools/binman/test/315_capsule_oemflags.dts | 22 ++ tools/binman/test/316_capsule_missing_key.dts | 22 ++ .../binman/test/317_capsule_missing_index.dts | 20 ++ .../binman/test/318_capsule_missing_guid.dts | 19 ++ 36 files changed, 1175 insertions(+), 224 deletions(-) create mode 100644 board/sandbox/capsule_priv_key_bad.key create mode 100644 board/sandbox/capsule_priv_key_good.key create mode 100644 board/sandbox/capsule_pub_esl_good.esl create mode 100644 board/sandbox/capsule_pub_key_bad.crt create mode 100644 board/sandbox/capsule_pub_key_good.crt create mode 100644 include/sandbox_efi_capsule.h create mode 100644 lib/efi_loader/capsule_esl.dtsi.in create mode 100644 test/py/tests/test_efi_capsule/capsule_gen_binman.dts delete mode 100644 test/py/tests/test_efi_capsule/signature.dts delete mode 100644 test/py/tests/test_efi_capsule/uboot_bin_env.its create mode 100644 tools/binman/btool/mkeficapsule.py create mode 100644 tools/binman/etype/efi_capsule.py create mode 100644 tools/binman/test/311_capsule.dts create mode 100644 tools/binman/test/312_capsule_signed.dts create mode 100644 tools/binman/test/313_capsule_version.dts create mode 100644 tools/binman/test/314_capsule_signed_ver.dts create mode 100644 tools/binman/test/315_capsule_oemflags.dts create mode 100644 tools/binman/test/316_capsule_missing_key.dts create mode 100644 tools/binman/test/317_capsule_missing_index.dts create mode 100644 tools/binman/test/318_capsule_missing_guid.dts -- 2.34.1
