blob: 61179747ffad34f154b76ad3c25a26b0e28bc68a [file] [log] [blame]
# SPDX-License-Identifier: GPL-2.0+
# Copyright 2023 Linaro Limited
#
"""Bintool implementation for mkeficapsule tool
mkeficapsule is a tool used for generating EFI capsules.
The following are the commandline options to be provided
to the tool
Usage: mkeficapsule [options] <image blob> <output file>
Options:
-g, --guid <guid string> guid for image blob type
-i, --index <index> update image index
-I, --instance <instance> update hardware instance
-v, --fw-version <version> firmware version
-p, --private-key <privkey file> private key file
-c, --certificate <cert file> signer's certificate file
-m, --monotonic-count <count> monotonic count
-d, --dump_sig dump signature (*.p7)
-A, --fw-accept firmware accept capsule, requires GUID, no image blob
-R, --fw-revert firmware revert capsule, takes no GUID, no image blob
-o, --capoemflag Capsule OEM Flag, an integer between 0x0000 and 0xffff
-h, --help print a help message
"""
from binman import bintool
class Bintoolmkeficapsule(bintool.Bintool):
"""Handles the 'mkeficapsule' tool
This bintool is used for generating the EFI capsules. The
capsule generation parameters can either be specified through
commandline, or through a config file.
"""
def __init__(self, name):
super().__init__(name, 'mkeficapsule tool for generating capsules')
def generate_capsule(self, image_index, image_guid, hardware_instance,
payload, output_fname, priv_key, pub_key,
monotonic_count=0, version=0, oemflags=0):
"""Generate a capsule through commandline-provided parameters
Args:
image_index (int): Unique number for identifying payload image
image_guid (str): GUID used for identifying the image
hardware_instance (int): Optional unique hardware instance of
a device in the system. 0 if not being used
payload (str): Path to the input payload image
output_fname (str): Path to the output capsule file
priv_key (str): Path to the private key
pub_key(str): Path to the public key
monotonic_count (int): Count used when signing an image
version (int): Image version (Optional)
oemflags (int): Optional 16 bit OEM flags
Returns:
str: Tool output
"""
args = [
f'--index={image_index}',
f'--guid={image_guid}',
f'--instance={hardware_instance}'
]
if version:
args += [f'--fw-version={version}']
if oemflags:
args += [f'--capoemflag={oemflags}']
if priv_key and pub_key:
args += [
f'--monotonic-count={monotonic_count}',
f'--private-key={priv_key}',
f'--certificate={pub_key}'
]
args += [
payload,
output_fname
]
return self.run_cmd(*args)
def fetch(self, method):
"""Fetch handler for mkeficapsule
This builds the tool from source
Returns:
tuple:
str: Filename of fetched file to copy to a suitable directory
str: Name of temp directory to remove, or None
"""
if method != bintool.FETCH_BUILD:
return None
cmd = ['tools-only_defconfig', 'tools']
result = self.build_from_git(
'https://source.denx.de/u-boot/u-boot.git',
cmd,
'tools/mkeficapsule')
return result