hi Masami,
On Mon, 25 Oct 2021 at 11:10, Masami Hiramatsu
wrote:
> Hi Takahiro,
>
> 2021年10月25日(月) 12:12 AKASHI Takahiro :
> >
> > Hi, Masami,
> >
> > On Wed, Oct 20, 2021 at 05:17:12PM +0900, Masami Hiramatsu wrote:
> > > Hello Akashi-san,
> > >
> > > Can you split this patch out from this
*sign* the capsules with an external
> application (like GenerateCapsule provided by edk2 and we can also
> extend uboot's mkeficapsule for that). So we aren't signing anything
> here
>
> Thanks
> /Ilias
>
> /Ilias
> >
> >
> > - Simon
> >
> &
der/efi_capsule_key.S | 8 +
> 7 files changed, 39 insertions(+), 47 deletions(-)
> delete mode 100644 board/emulation/common/qemu_capsule.c
> create mode 100644 lib/efi_loader/efi_capsule_key.S
>
Tested the changes on Qemu arm64 virt platform.
Tested-by: Sughosh Ganu
-sughosh
On Wed, 19 May 2021 at 11:16, Masami Hiramatsu
wrote:
> Ignore the non-implemented lock device failure on writing mtd
> via DFU. Without this fix, DFU write shows an error on such device
> even if it succeeded, because dfu->write_medium returns -EOPNOTSUPP.
>
> Signed-off-by: Masami Hiramatsu
>
Takahiro,
On Fri, 23 Apr 2021 at 12:30, AKASHI Takahiro
wrote:
> Sughosh,
>
> On Fri, Apr 23, 2021 at 11:55:04AM +0530, Sughosh Ganu wrote:
> > Takahiro,
> >
> > On Fri, 23 Apr 2021 at 11:17, AKASHI Takahiro <
> takahiro.aka...@linaro.org>
> >
Takahiro,
On Fri, 23 Apr 2021 at 11:17, AKASHI Takahiro
wrote:
> Heinrich,
>
> I'm currently thinking of improving capsule authentication
> that Sughosh has made, particularly around mkeficapsule command:
>
> 1) Add a signing feature to the command
>This will allow us to create a *signed*
On Sat, 17 Apr 2021 at 23:51, Heinrich Schuchardt
wrote:
> On 4/17/21 1:39 AM, Masami Hiramatsu wrote:
> > Since the EDK2 GenerateCapsule script is out of date and it
> > doesn't generate the supported version capsule file, the document
> > should refer the mkeficapsule in tools.
> >
> >
On Thu, 15 Apr 2021 at 01:08, Simon Glass wrote:
> On Mon, 12 Apr 2021 at 16:06, Sughosh Ganu
> wrote:
> >
> > Define a function which would be used in the scenario where the
> > public key is stored on the platform's dtb. This dtb is concatenated
> > with the
macro for all of such
functions which do not begin by an EFI_ENTRY function call.
Signed-off-by: Sughosh Ganu
---
I have squashed the earlier patch[1] into this one. This patch should
supersede the earlier patch.
[1] -
https://patchwork.ozlabs.org/project/uboot/patch/20210410150948.24240-1
will now be authenticated if the config symbol
is set.
Signed-off-by: Sughosh Ganu
---
Changes since V1:
* As pointed out by Heinrich in the review, remove the extra check of
the env variable 'capsule_authentication_enabled'for authenticating
the capsule. The capsule authentication will now
for EFI_PKEY_DTB_EMBED
* Remove the weak function, and add the functionality to retrieve the
public key under the config symbol CONFIG_EFI_PKEY_DTB_EMBED.
Sughosh Ganu (4):
efi_loader: capsule: Remove the check for
capsule_authentication_enabled environment variable
efi_loader: Kconfig: Add symbols
Add provision for embedding the public key used for capsule
authentication in the platform's dtb. This is done by invoking the
mkeficapsule utility which puts the public key in the efi signature
list(esl) format into the dtb.
Signed-off-by: Sughosh Ganu
---
Changes since V1: None
Makefile
function under a different Kconfig symbol.
Signed-off-by: Sughosh Ganu
---
Changes since V1:
* Remove the weak function, and add the functionality to retrieve the
public key under the config symbol CONFIG_EFI_PKEY_DTB_EMBED.
lib/efi_loader/efi_capsule.c | 43 +++-
1
Add config options EFI_PKEY_DTB_EMBED and EFI_PKEY_FILE which are to
be used for embedding the public key to be used for capsule
authentication into the platform's device tree.
The embedding of the public key would take place during the platform
build process.
Signed-off-by: Sughosh Ganu
, this results in an abort. Since this function is using
u-boot's api's, it should not be called through the EFI_CALL
macro. Fix this issue by calling the function directly, without the
EFI_CALL macro.
Signed-off-by: Sughosh Ganu
---
Changes since V1:
Remove the EFI_CALL macro only for efi_create_event
hi Heinrich,
On Sat, 10 Apr 2021 at 18:24, Heinrich Schuchardt
wrote:
> On 4/10/21 2:09 PM, Sughosh Ganu wrote:
> > The efi_esrt_register function calls efi_create_event and
> > efi_register_protocol_notify functions. These function calls are made
> > throu
dereferences the gd pointer. With the gd pointer being no longer
valid, this results in an abort. Since these functions are using
u-boot's api's, they should not be called through the EFI_CALL
macro. Fix this issue by calling these functions directly, without the
EFI_CALL macro.
Signed-off-by: Sughosh Ganu
hi Simon,
On Fri, 9 Apr 2021 at 05:26, Simon Glass wrote:
> Hi Sughosh,
>
> On Thu, 8 Apr 2021 at 18:53, Sughosh Ganu wrote:
> >
> > hi Simon,
> >
> > On Wed, 7 Apr 2021 at 21:44, Simon Glass wrote:
> >>
> >> Hi,
> >
On Fri, 9 Apr 2021 at 01:23, Heinrich Schuchardt wrote:
> On 4/7/21 1:53 PM, Sughosh Ganu wrote:
> > Define a weak function which would be used in the scenario where the
> > public key is stored on the platform's dtb. This dtb is concatenated
> > with the u-boot binary dur
On Fri, 9 Apr 2021 at 01:22, Heinrich Schuchardt wrote:
> On 4/7/21 1:53 PM, Sughosh Ganu wrote:
> > Define a weak function which checks if the environment variable
> > capsule_authentication_enabled has been set, for enabling capsule
> > authentication. Other platforms m
On Thu, 8 Apr 2021 at 16:51, Heinrich Schuchardt wrote:
> On 08.04.21 12:10, Sughosh Ganu wrote:
> > hi Heinrich,
> >
> > On Thu, 8 Apr 2021 at 14:17, Heinrich Schuchardt > <mailto:xypron.g...@gmx.de>> wrote:
> >
> > On 08.04.21
hi Heinrich,
On Thu, 8 Apr 2021 at 14:17, Heinrich Schuchardt wrote:
> On 08.04.21 08:53, Sughosh Ganu wrote:
> > hi Simon,
> >
> > On Wed, 7 Apr 2021 at 21:44, Simon Glass > <mailto:s...@chromium.org>> wrote:
> >
> > Hi,
> >
’} [-Wformat=]
Signed-off-by: Sughosh Ganu
---
lib/efi_loader/efi_esrt.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lib/efi_loader/efi_esrt.c b/lib/efi_loader/efi_esrt.c
index 947bdb5e95..8815e56e15 100644
--- a/lib/efi_loader/efi_esrt.c
+++ b/lib/efi_loader/efi_esrt.c
hi Simon,
On Wed, 7 Apr 2021 at 21:44, Simon Glass wrote:
> Hi,
>
> On Wed, 7 Apr 2021 at 23:54, Sughosh Ganu wrote:
> >
> > Patch 1 fixes an issue of selection of IMAGE_SIGN_INFO config option
> > when capsule authentication is enabled.
> >
&
Add provision for embedding the public key used for capsule
authentication in the platform's dtb. This is done by invoking the
mkeficapsule utility which puts the public key in the efi signature
list(esl) format into the dtb.
Signed-off-by: Sughosh Ganu
---
Makefile | 10 ++
1 file
function.
Signed-off-by: Sughosh Ganu
---
lib/efi_loader/efi_capsule.c | 38
1 file changed, 34 insertions(+), 4 deletions(-)
diff --git a/lib/efi_loader/efi_capsule.c b/lib/efi_loader/efi_capsule.c
index 1423b675c8..fc5e1c0856 100644
--- a/lib/efi_loader
Define a weak function which checks if the environment variable
capsule_authentication_enabled has been set, for enabling capsule
authentication. Other platforms might have a different mechanism to
determine this, and would then define their own platform specific
function.
Signed-off-by: Sughosh
Add config options EFI_PKEY_DTB_EMBED and EFI_PKEY_FILE which are to
be used for embedding the public key to be used for capsule
authentication into the platform's device tree.
The embedding of the public key would take place during the platform
build process.
Signed-off-by: Sughosh Ganu
Enable building of the crypto helper functions used during capsule
authentication by selecting IMAGE_SIGN_INFO.
Signed-off-by: Sughosh Ganu
---
This was not detected when support for capsule auth was added to the
qemu arm64 platform. This is because the platform includes
CONFIG_FIT_SIGNATURE
during the platform build.
I have tested this functionality on the STM32MP157C DK2 board, and it
works as expected.
[1] - https://lists.denx.de/pipermail/u-boot/2021-March/442867.html
Sughosh Ganu (5):
efi_loader: Kconfig: Select IMAGE_SIGN_INFO when capsule
authentication is enabled
function.
Signed-off-by: Sughosh Ganu
---
lib/efi_loader/efi_capsule.c | 38
1 file changed, 34 insertions(+), 4 deletions(-)
diff --git a/lib/efi_loader/efi_capsule.c b/lib/efi_loader/efi_capsule.c
index 1423b675c8..fc5e1c0856 100644
--- a/lib/efi_loader
Add provision for embedding the public key used for capsule
authentication in the platform's dtb. This is done by invoking the
mkeficapsule utility which puts the public key in the efi signature
list(esl) format into the dtb.
Signed-off-by: Sughosh Ganu
---
Makefile | 10 ++
1 file
Define a weak function which checks if the environment variable
capsule_authentication_enabled has been set, for enabling capsule
authentication. Other platforms might have a different mechanism to
determine this, and would then define their own platform specific
function.
Signed-off-by: Sughosh
Add config options EFI_PKEY_DTB_EMBED and EFI_PKEY_FILE which are to
be used for embedding the public key to be used for capsule
authentication into the platform's device tree.
The embedding of the public key would take place during the platform
build process.
Signed-off-by: Sughosh Ganu
Enable building of the crypto helper functions used during capsule
authentication by selecting IMAGE_SIGN_INFO.
Signed-off-by: Sughosh Ganu
---
This was not detected when support for capsule auth was added to the
qemu arm64 platform. This is because the platform includes
CONFIG_FIT_SIGNATURE
into the
platform's dtb during the platform build.
I have tested this functionality on the STM32MP157C DK2 board.
[1] - https://lists.denx.de/pipermail/u-boot/2021-March/442867.html
Sughosh Ganu (5):
efi_loader: Kconfig: Select IMAGE_SIGN_INFO when capsule
authentication is enabled
efi_loader
;dfu_mtd: Add provision to unlock mtd device")
> Signed-off-by: Patrick Delaunay
> ---
>
Acked-by: Sughosh Ganu
>
> drivers/dfu/dfu_mtd.c | 4 +++-
> 1 file changed, 3 insertions(+), 1 deletion(-)
>
> diff --git a/drivers/dfu/dfu_mtd.c b/drivers/dfu/dfu_mtd
On Tue, 2 Mar 2021 at 22:36, Heinrich Schuchardt wrote:
> On 02.03.21 17:39, Sughosh Ganu wrote:
> >
> >
> > On Tue, 2 Mar 2021 at 21:27, Heinrich Schuchardt > <mailto:xypron.g...@gmx.de>> wrote:
> >
> > On 02.03.21 15:
On Tue, 2 Mar 2021 at 21:27, Heinrich Schuchardt wrote:
> On 02.03.21 15:48, Sughosh Ganu wrote:
> > hi Heinrich,
> >
> > On Tue, 2 Mar 2021 at 16:45, Heinrich Schuchardt > <mailto:xypron.g...@gmx.de>> wrote:
> >
> > On 30.12.20 14:57, Su
hi Heinrich,
On Tue, 2 Mar 2021 at 16:45, Heinrich Schuchardt wrote:
> On 30.12.20 14:57, Sughosh Ganu wrote:
> > Add documentation highlighting the steps for using the uefi capsule
> > update feature for updating the u-boot firmware image.
> >
> >
Miscellaneous fixes in the mkeficapsule utility -- these include a few
resource leak issues flagged by Coverity along with some additional
code improvements suggested by Heinrich during code review.
Signed-off-by: Sughosh Ganu
---
Changes since V1:
* Use a comparison with -1 for file
On Thu, 21 Jan 2021 at 19:14, Heinrich Schuchardt
wrote:
> On 21.01.21 12:36, Sughosh Ganu wrote:
> >
> >
> > On Thu, 21 Jan 2021 at 00:34, Tom Rini > <mailto:tr...@konsulko.com>> wrote:
> >
> > I decided to run Coverity part-way through the mer
Fix the issues flagged by Coverity on resources not being released in
the add_public_key function.
Signed-off-by: Sughosh Ganu
---
tools/mkeficapsule.c | 13 +++--
1 file changed, 11 insertions(+), 2 deletions(-)
diff --git a/tools/mkeficapsule.c b/tools/mkeficapsule.c
index 270943fc90
On Thu, 21 Jan 2021 at 00:34, Tom Rini wrote:
> I decided to run Coverity part-way through the merge window this time
> and here's what's been found so far.
>
> - Forwarded message from scan-ad...@coverity.com -
>
> Date: Mon, 18 Jan 2021 17:53:19 + (UTC)
> From:
hi Heinrich,
On Fri, 1 Jan 2021 at 23:56, Heinrich Schuchardt wrote:
> Hello Sughosh, hello Takahiro,
>
> do you plan to expose the U-Boot firmware in the EFI System Resource
> Table so that Linux fwupd will be able to detect that a capsule update
> is possible?
>
I believe this work would be
Add documentation highlighting the steps for using the uefi capsule
update feature for updating the u-boot firmware image.
Signed-off-by: Sughosh Ganu
---
Changes since V3: None
doc/board/emulation/index.rst | 1 +
doc/board/emulation/qemu_capsule_update.rst | 210
set_image fmp routine to initiate the firmware
update.
Signed-off-by: Sughosh Ganu
---
Changes since V3: None
cmd/efidebug.c | 14 ++
1 file changed, 14 insertions(+)
diff --git a/cmd/efidebug.c b/cmd/efidebug.c
index fa9d7fe757..5fb7b1e3c6 100644
--- a/cmd/efidebug.c
+++ b/cmd
The pkcs7 header parsing functionality is pretty generic, and can be
used by other features like capsule authentication. Make the function
an extern, also changing it's name to efi_parse_pkcs7_header
Signed-off-by: Sughosh Ganu
---
Changes since V3: None
include/efi_loader.h | 4
e platform.
CONFIG_EFI_HAVE_CAPSULE_SUPPORT=y
CONFIG_EFI_CAPSULE_ON_DISK=y
CONFIG_EFI_CAPSULE_FIRMWARE_MANAGEMENT=y
CONFIG_EFI_CAPSULE_FIRMWARE=y
CONFIG_EFI_CAPSULE_FIRMWARE_RAW=y
CONFIG_EFI_CAPSULE_AUTHENTICATE=y
Signed-off-by: Sughosh Ganu
---
Changes since V3: None
lib/efi_loader/efi_firmw
as an efi signature list(esl) file -- this file
contains the x509 certificate which is the root certificate.
Signed-off-by: Sughosh Ganu
---
Changes since V3: None
board/emulation/common/Makefile | 1 +
board/emulation/common/qemu_capsule.c | 48 ++
include/efi_api.h
store even when the
signature database is not stored as an uefi authenticated variable
Signed-off-by: Sughosh Ganu
---
Changes since V3: None
include/efi_loader.h | 2 +
lib/efi_loader/efi_signature.c | 103 +++--
2 files changed, 63 insertions(+), 42
Prior to writing to an mtd device, mtd_erase is called. This call
fails in case the sector being erased is locked. Call mtd_unlock to
unlock the region which is to be erased and later written to. Lock the
region once the write to the region has completed.
Signed-off-by: Sughosh Ganu
---
Changes
When building the capsule using scripts in edk2, a fmp header is
added on top of the binary payload. Add logic to detect presence of
the header. When present, the pointer to the image needs to be
adjusted as per the size of the header to point to the actual binary
payload.
Signed-off-by: Sughosh
-by: Sughosh Ganu
Reviewed-by: Simon Glass
Reviewed-by: Bin Meng
---
Changes since V3: None
This patch had been sent to the mailing list separately[1] and has
been reviewed by Simon Glass and Bin Meng and merged on the x86 tree.
[1] - https://lists.denx.de/pipermail/u-boot/2020-December/434849.html
be subsequently extended for other qemu architectures
which need this variable set.
Signed-off-by: Sughosh Ganu
---
Changes since V3:
* Move the selection of SET_DFU_ALT_INFO config to the board's Kconfig
from lib/efi_loader/Kconfig, using imply.
board/emulation/common/Makefile | 1 +
board/emulation
partitions based on the NOR
flash. This can be subsequently extended for other qemu architectures
which need mtdparts set.
Signed-off-by: Sughosh Ganu
---
Changes since v3:
* Move the selection of SYS_MTDPARTS_RUNTIME config to the board's
Kconfig from lib/efi_loader/Kconfig, using imply.
board
the call to initr_pci.
Signed-off-by: Sughosh Ganu
---
Changes since V3: None
arch/arm/mach-qemu/Kconfig | 2 ++
board/emulation/qemu-arm/qemu-arm.c | 5 +
2 files changed, 7 insertions(+)
diff --git a/arch/arm/mach-qemu/Kconfig b/arch/arm/mach-qemu/Kconfig
index 588d2d3102
from the auth attributes rather than the contents
field.
Check if the auth attributes are present, and if set, use the auth
attributes to compute the hash that would be compared with the
encrypted hash on the pkcs7 message.
Signed-off-by: Sughosh Ganu
---
Changes since V3: None
lib/crypto
command
mkeficapsule -K -D
In the scenario where the esl file is to be embedded in an overlay,
this can be done through the following command
mkeficapsule -O -K -D
This will create a node named 'signature' in the dtb, and the esl file
will be stored as 'capsule-key'
Signed-off-by: Sughosh Ganu
by Heinrich
* Change the documentation to reflect the usage of overlays for
embedding the public key certs at runtime
* Fix the build for 'make htmldocs'
Sughosh Ganu (14):
mkeficapsule: Add support for embedding public key in a dtb
qemu: arm: Initialise virtio devices in board_late_init
crypto
hello Heinrich,
On Mon, 28 Dec 2020 at 20:09, Heinrich Schuchardt
wrote:
> On 12/23/20 8:03 AM, Sughosh Ganu wrote:
> > The capsule update feature is supported on a platform configuration
> > booting in a non-secure mode, i.e with -machine virt,secure=off option
> &
Add documentation highlighting the steps for using the uefi capsule
update feature for updating the u-boot firmware image.
Signed-off-by: Sughosh Ganu
---
Changes since V2:
* Moved the capsule update related documentation for the Qemu
platform to a new file under doc/board/emulation
set_image fmp routine to initiate the firmware
update.
Signed-off-by: Sughosh Ganu
---
Changes since V2: None
cmd/efidebug.c | 14 ++
1 file changed, 14 insertions(+)
diff --git a/cmd/efidebug.c b/cmd/efidebug.c
index fa9d7fe757..5fb7b1e3c6 100644
--- a/cmd/efidebug.c
+++ b/cmd
e platform.
CONFIG_EFI_HAVE_CAPSULE_SUPPORT=y
CONFIG_EFI_CAPSULE_ON_DISK=y
CONFIG_EFI_CAPSULE_FIRMWARE_MANAGEMENT=y
CONFIG_EFI_CAPSULE_FIRMWARE=y
CONFIG_EFI_CAPSULE_FIRMWARE_RAW=y
CONFIG_EFI_CAPSULE_AUTHENTICATE=y
Signed-off-by: Sughosh Ganu
---
Changes since V2: None
lib/efi_loader/efi_firmw
as an efi signature list(esl) file -- this file
contains the x509 certificate which is the root certificate.
Signed-off-by: Sughosh Ganu
---
Changes since V2:
* Move the function for fetching the public key certficate from the
platform's dtb under board/emulation/common directory.
* Move
store even when the
signature database is not stored as an uefi authenticated variable
Signed-off-by: Sughosh Ganu
---
Changes since V2: None
include/efi_loader.h | 2 +
lib/efi_loader/efi_signature.c | 103 +++--
2 files changed, 63 insertions(+), 42
The pkcs7 header parsing functionality is pretty generic, and can be
used by other features like capsule authentication. Make the function
an extern, also changing it's name to efi_parse_pkcs7_header
Signed-off-by: Sughosh Ganu
---
Changes since V2: None
include/efi_loader.h | 4
Prior to writing to an mtd device, mtd_erase is called. This call
fails in case the sector being erased is locked. Call mtd_unlock to
unlock the region which is to be erased and later written to. Lock the
region once the write to the region has completed.
Signed-off-by: Sughosh Ganu
---
Changes
When building the capsule using scripts in edk2, a fmp header is
added on top of the binary payload. Add logic to detect presence of
the header. When present, the pointer to the image needs to be
adjusted as per the size of the header to point to the actual binary
payload.
Signed-off-by: Sughosh
be subsequently extended for other qemu architectures
which need this variable set.
Signed-off-by: Sughosh Ganu
---
Changes since V2:
* Move the functions to populate the dfu_alt_info variable under
board/emulation/common for allowing subsequent re-use by other Qemu
arch based platforms
board
-by: Sughosh Ganu
---
Changes since V2: None
This patch had been sent to the mailing list separately[1] and has
been reviewed by Simon Glass and Bin Meng and merged on the x86 tree.
[1] - https://lists.denx.de/pipermail/u-boot/2020-December/434849.html
arch/x86/include/asm/fsp/fsp_support.h
partitions based on the NOR
flash. This can be subsequently extended for other qemu architectures
which need mtdparts set.
Signed-off-by: Sughosh Ganu
---
Changes since V2:
* Move the functions to populate the mtdparts under
board/emulation/common for allowing subsequent re-use by other Qemu
from the auth attributes rather than the contents
field.
Check if the auth attributes are present, and if set, use the auth
attributes to compute the hash that would be compared with the
encrypted hash on the pkcs7 message.
Signed-off-by: Sughosh Ganu
---
Changes since V2: None
lib/crypto
the call to initr_pci.
Signed-off-by: Sughosh Ganu
---
Changes since V2:
* Enable building of board_late_init for both of the Qemu arm and
arm64 variants
* Move the selection the CONFIG_BOARD_LATE_INIT to mach-qemu Kconfig
file
arch/arm/mach-qemu/Kconfig | 2 ++
board/emulation
command
mkeficapsule -K -D
In the scenario where the esl file is to be embedded in an overlay,
this can be done through the following command
mkeficapsule -O -K -D
This will create a node named 'signature' in the dtb, and the esl file
will be stored as 'capsule-key'
Signed-off-by: Sughosh Ganu
of
using a Kconfig option, as was suggested by Heinrich
* Change the documentation to reflect the usage of overlays for
embedding the public key certs at runtime
* Fix the build for 'make htmldocs'
Sughosh Ganu (14):
mkeficapsule: Add support for embedding public key in a dtb
qemu: arm
On Mon, 21 Dec 2020 at 23:21, Heinrich Schuchardt
wrote:
> On 12/21/20 6:12 PM, Sughosh Ganu wrote:
> > On Mon, 21 Dec 2020 at 18:28, Heinrich Schuchardt
> > wrote:
> >
> >> On 12/21/20 12:43 PM, Sughosh Ganu wrote:
> >>> Add documentation highlig
On Mon, 21 Dec 2020 at 18:21, Heinrich Schuchardt
wrote:
> On 12/21/20 1:19 PM, Heinrich Schuchardt wrote:
> > On 12/21/20 12:43 PM, Sughosh Ganu wrote:
> >> On the qemu arm platform, the virtio devices are initialised in
> >> board_init, which gets
On Mon, 21 Dec 2020 at 18:28, Heinrich Schuchardt
wrote:
> On 12/21/20 12:43 PM, Sughosh Ganu wrote:
> > Add documentation highlighting the steps for using the uefi capsule
> > update feature for updating the u-boot firmware image.
> >
> > Signed-off-by: Sughosh Ga
set_image fmp routine to initiate the firmware
update.
Signed-off-by: Sughosh Ganu
---
Changes since V1: None
cmd/efidebug.c | 14 ++
1 file changed, 14 insertions(+)
diff --git a/cmd/efidebug.c b/cmd/efidebug.c
index fa9d7fe757..5fb7b1e3c6 100644
--- a/cmd/efidebug.c
+++ b/cmd
Add documentation highlighting the steps for using the uefi capsule
update feature for updating the u-boot firmware image.
Signed-off-by: Sughosh Ganu
---
Changes since V1:
* Change the documentation to reflect the usage of overlays for
embedding the public key certs at runtime
* Fix
e platform.
CONFIG_EFI_HAVE_CAPSULE_SUPPORT=y
CONFIG_EFI_CAPSULE_ON_DISK=y
CONFIG_EFI_CAPSULE_FIRMWARE_MANAGEMENT=y
CONFIG_EFI_CAPSULE_FIRMWARE=y
CONFIG_EFI_CAPSULE_FIRMWARE_RAW=y
CONFIG_EFI_CAPSULE_AUTHENTICATE=y
Signed-off-by: Sughosh Ganu
---
Changes since V1: None
lib/efi_loader/efi_firmw
as an efi signature list(esl) file -- this file
contains the x509 certificate which is the root certificate.
Signed-off-by: Sughosh Ganu
---
Changes since V1: None
board/emulation/qemu-arm/qemu-arm.c | 36
include/efi_api.h | 18
include/efi_loader.h
store even when the
signature database is not stored as an uefi authenticated variable
Signed-off-by: Sughosh Ganu
---
Changes since V1: None
include/efi_loader.h | 2 +
lib/efi_loader/efi_signature.c | 103 +++--
2 files changed, 63 insertions(+), 42
The pkcs7 header parsing functionality is pretty generic, and can be
used by other features like capsule authentication. Make the function
an extern, also changing it's name to efi_parse_pkcs7_header
Signed-off-by: Sughosh Ganu
---
Changes since V1: None
include/efi_loader.h | 4
Prior to writing to an mtd device, mtd_erase is called. This call
fails in case the sector being erased is locked. Call mtd_unlock to
unlock the region which is to be erased and later written to. Lock the
region once the write to the region has completed.
Signed-off-by: Sughosh Ganu
---
Changes
When building the capsule using scripts in edk2, a fmp header is
added on top of the binary payload. Add logic to detect presence of
the header. When present, the pointer to the image needs to be
adjusted as per the size of the header to point to the actual binary
payload.
Signed-off-by: Sughosh
-by: Sughosh Ganu
Reviewed-by: Simon Glass
---
Changes since V1: None
This patch had been sent to the mailing list separately[1] and has
been reviewed by Simon Glass.
[1] - https://lists.denx.de/pipermail/u-boot/2020-December/434849.html
arch/x86/include/asm/fsp/fsp_support.h | 3
The dfu framework uses the dfu_alt_info environment variable to get
information that is needed for performing the firmware update. Set the
dfu_alt_info for the platform to reflect the two mtd partitions
created for the u-boot env and the firmware image.
Signed-off-by: Sughosh Ganu
---
Changes
Add support for setting the default values for mtd partitions on the
platform for the nor flash. This would be used for updating the
firmware image using uefi capsule update with the dfu mtd backend
driver.
Signed-off-by: Sughosh Ganu
---
Changes since V1:
* Change MTDPARTS_NOR[01] as config
from the auth attributes rather than the contents
field.
Check if the auth attributes are present, and if set, use the auth
attributes to compute the hash that would be compared with the
encrypted hash on the pkcs7 message.
Signed-off-by: Sughosh Ganu
---
Changes since V1: None
lib/crypto
.
Signed-off-by: Sughosh Ganu
---
Changes since V1:
* The earlier patch was adding a call to pci_init in board_init. Moved
the virtio_init call to board_late_init
board/emulation/qemu-arm/qemu-arm.c | 5 +
configs/qemu_arm64_defconfig| 1 +
2 files changed, 6 insertions(+)
diff --git
command
mkeficapsule -K -D
In the scenario where the esl file is to be embedded in an overlay,
this can be done through the following command
mkeficapsule -O -K -D
This will create a node named 'signature' in the dtb, and the esl file
will be stored as 'capsule-key'
Signed-off-by: Sughosh Ganu
the usage of overlays for
embedding the public key certs at runtime
* Fix the build for 'make htmldocs'
Sughosh Ganu (14):
mkeficapsule: Add support for embedding public key in a dtb
qemu: arm: Initialise virtio in board_late_init
crypto: Fix the logic to calculate hash with authattributes
On Tue, 15 Dec 2020 at 18:25, Heinrich Schuchardt
wrote:
> On 15.12.20 12:10, Sughosh Ganu wrote:
> >
> > On Wed, 9 Dec 2020 at 03:24, Heinrich Schuchardt > <mailto:xypron.g...@gmx.de>> wrote:
> >
> > On 12/8/20 10:19 AM, Sughosh Ganu wrote:
> >
On Wed, 9 Dec 2020 at 03:24, Heinrich Schuchardt wrote:
> On 12/8/20 10:19 AM, Sughosh Ganu wrote:
> >
> > On Tue, 8 Dec 2020 at 14:32, Heinrich Schuchardt > <mailto:xypron.g...@gmx.de>> wrote:
> >
> > On 08.12.20 06:28, Sughosh Ganu wrote:
> >
hi Simon,
On Tue, 15 Dec 2020 at 09:25, Simon Glass wrote:
> Hi Sughosh,
>
> On Sun, 13 Dec 2020 at 23:23, Sughosh Ganu
> wrote:
> >
> > The fsp_types.h header file contains macros for building signatures of
> > different widths. These signature macros are arch
-by: Sughosh Ganu
---
Changes since v1:
Handled review comments from Simon Glass
Build tested for cougarcanyon2 board which builds the
relevant fsp code.
arch/x86/include/asm/fsp/fsp_support.h | 3 ++-
.../x86/include/asm/fsp/fsp_types.h => include/signatures.h | 6 +++---
2 fi
hi Simon,
On Sat, 12 Dec 2020 at 21:10, Simon Glass wrote:
> Hi Sughosh,
>
> On Fri, 11 Dec 2020 at 03:06, Sughosh Ganu
> wrote:
> >
> > The fsp_types.h header file contains macros for building signatures of
> > different widths. These signature macros are arch
-by: Sughosh Ganu
---
Build tested for cougarcanyon2 board which builds the
relevant fsp code.
arch/x86/include/asm/fsp/fsp_support.h | 3 ++-
.../asm/fsp/fsp_types.h => include/signature_types.h| 6 +++---
2 files changed, 5 insertions(+), 4 deletions(-)
rename arch/
1101 - 1200 of 1552 matches
Mail list logo
