| Sughosh Ganu | b29136b | 2023-08-22 23:09:58 +0530 | [diff] [blame] | 1 | # SPDX-License-Identifier: GPL-2.0+ |
| 2 | # Copyright 2023 Linaro Limited |
| 3 | # |
| 4 | """Bintool implementation for mkeficapsule tool |
| 5 | |
| 6 | mkeficapsule is a tool used for generating EFI capsules. |
| 7 | |
| 8 | The following are the commandline options to be provided |
| 9 | to the tool |
| 10 | Usage: mkeficapsule [options] <image blob> <output file> |
| 11 | Options: |
| 12 | -g, --guid <guid string> guid for image blob type |
| 13 | -i, --index <index> update image index |
| 14 | -I, --instance <instance> update hardware instance |
| 15 | -v, --fw-version <version> firmware version |
| 16 | -p, --private-key <privkey file> private key file |
| 17 | -c, --certificate <cert file> signer's certificate file |
| 18 | -m, --monotonic-count <count> monotonic count |
| 19 | -d, --dump_sig dump signature (*.p7) |
| 20 | -A, --fw-accept firmware accept capsule, requires GUID, no image blob |
| 21 | -R, --fw-revert firmware revert capsule, takes no GUID, no image blob |
| 22 | -o, --capoemflag Capsule OEM Flag, an integer between 0x0000 and 0xffff |
| 23 | -h, --help print a help message |
| 24 | """ |
| 25 | |
| 26 | from binman import bintool |
| 27 | |
| 28 | class Bintoolmkeficapsule(bintool.Bintool): |
| 29 | """Handles the 'mkeficapsule' tool |
| 30 | |
| 31 | This bintool is used for generating the EFI capsules. The |
| 32 | capsule generation parameters can either be specified through |
| 33 | commandline, or through a config file. |
| 34 | """ |
| 35 | def __init__(self, name): |
| 36 | super().__init__(name, 'mkeficapsule tool for generating capsules') |
| 37 | |
| 38 | def generate_capsule(self, image_index, image_guid, hardware_instance, |
| 39 | payload, output_fname, priv_key, pub_key, |
| 40 | monotonic_count=0, version=0, oemflags=0): |
| 41 | """Generate a capsule through commandline-provided parameters |
| 42 | |
| 43 | Args: |
| 44 | image_index (int): Unique number for identifying payload image |
| 45 | image_guid (str): GUID used for identifying the image |
| 46 | hardware_instance (int): Optional unique hardware instance of |
| 47 | a device in the system. 0 if not being used |
| 48 | payload (str): Path to the input payload image |
| 49 | output_fname (str): Path to the output capsule file |
| 50 | priv_key (str): Path to the private key |
| 51 | pub_key(str): Path to the public key |
| 52 | monotonic_count (int): Count used when signing an image |
| 53 | version (int): Image version (Optional) |
| 54 | oemflags (int): Optional 16 bit OEM flags |
| 55 | |
| 56 | Returns: |
| 57 | str: Tool output |
| 58 | """ |
| 59 | args = [ |
| 60 | f'--index={image_index}', |
| 61 | f'--guid={image_guid}', |
| 62 | f'--instance={hardware_instance}' |
| 63 | ] |
| 64 | |
| 65 | if version: |
| 66 | args += [f'--fw-version={version}'] |
| 67 | if oemflags: |
| 68 | args += [f'--capoemflag={oemflags}'] |
| 69 | if priv_key and pub_key: |
| 70 | args += [ |
| 71 | f'--monotonic-count={monotonic_count}', |
| 72 | f'--private-key={priv_key}', |
| 73 | f'--certificate={pub_key}' |
| 74 | ] |
| 75 | |
| 76 | args += [ |
| 77 | payload, |
| 78 | output_fname |
| 79 | ] |
| 80 | |
| 81 | return self.run_cmd(*args) |
| 82 | |
| Sughosh Ganu | f7970c2 | 2023-10-10 14:40:58 +0530 | [diff] [blame] | 83 | def generate_empty_capsule(self, image_guid, output_fname, |
| 84 | accept=True): |
| 85 | """Generate empty capsules for FWU A/B updates |
| 86 | |
| 87 | Args: |
| 88 | image_guid (str): GUID used for identifying the image |
| 89 | in case of an accept capsule |
| 90 | output_fname (str): Path to the output capsule file |
| 91 | accept (bool): Generate an accept capsule, |
| 92 | else a revert capsule |
| 93 | |
| 94 | Returns: |
| 95 | str: Tool output |
| 96 | """ |
| 97 | if accept: |
| 98 | args = [ |
| 99 | f'--guid={image_guid}', |
| 100 | '--fw-accept' |
| 101 | ] |
| 102 | else: |
| 103 | args = [ '--fw-revert' ] |
| 104 | |
| 105 | args += [ output_fname ] |
| 106 | |
| 107 | return self.run_cmd(*args) |
| 108 | |
| Sughosh Ganu | b29136b | 2023-08-22 23:09:58 +0530 | [diff] [blame] | 109 | def fetch(self, method): |
| 110 | """Fetch handler for mkeficapsule |
| 111 | |
| 112 | This builds the tool from source |
| 113 | |
| 114 | Returns: |
| 115 | tuple: |
| 116 | str: Filename of fetched file to copy to a suitable directory |
| 117 | str: Name of temp directory to remove, or None |
| 118 | """ |
| 119 | if method != bintool.FETCH_BUILD: |
| 120 | return None |
| 121 | |
| 122 | cmd = ['tools-only_defconfig', 'tools'] |
| 123 | result = self.build_from_git( |
| 124 | 'https://source.denx.de/u-boot/u-boot.git', |
| 125 | cmd, |
| 126 | 'tools/mkeficapsule') |
| 127 | return result |