1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
|
# SPDX-License-Identifier: GPL-2.0+
# Copyright 2023 Linaro Limited
#
"""Bintool implementation for mkeficapsule tool
mkeficapsule is a tool used for generating EFI capsules.
The following are the commandline options to be provided
to the tool
Usage: mkeficapsule [options] <image blob> <output file>
Options:
-g, --guid <guid string> guid for image blob type
-i, --index <index> update image index
-I, --instance <instance> update hardware instance
-v, --fw-version <version> firmware version
-p, --private-key <privkey file> private key file
-c, --certificate <cert file> signer's certificate file
-m, --monotonic-count <count> monotonic count
-d, --dump_sig dump signature (*.p7)
-A, --fw-accept firmware accept capsule, requires GUID, no image blob
-R, --fw-revert firmware revert capsule, takes no GUID, no image blob
-o, --capoemflag Capsule OEM Flag, an integer between 0x0000 and 0xffff
-h, --help print a help message
"""
from binman import bintool
class Bintoolmkeficapsule(bintool.Bintool):
"""Handles the 'mkeficapsule' tool
This bintool is used for generating the EFI capsules. The
capsule generation parameters can either be specified through
commandline, or through a config file.
"""
def __init__(self, name):
super().__init__(name, 'mkeficapsule tool for generating capsules',
r'mkeficapsule version (.*)')
def generate_capsule(self, image_index, image_guid, hardware_instance,
payload, output_fname, priv_key, pub_key,
monotonic_count=0, version=0, oemflags=0):
"""Generate a capsule through commandline-provided parameters
Args:
image_index (int): Unique number for identifying payload image
image_guid (str): GUID used for identifying the image
hardware_instance (int): Optional unique hardware instance of
a device in the system. 0 if not being used
payload (str): Path to the input payload image
output_fname (str): Path to the output capsule file
priv_key (str): Path to the private key
pub_key(str): Path to the public key
monotonic_count (int): Count used when signing an image
version (int): Image version (Optional)
oemflags (int): Optional 16 bit OEM flags
Returns:
str: Tool output
"""
args = [
f'--index={image_index}',
f'--guid={image_guid}',
f'--instance={hardware_instance}'
]
if version:
args += [f'--fw-version={version}']
if oemflags:
args += [f'--capoemflag={oemflags}']
if priv_key and pub_key:
args += [
f'--monotonic-count={monotonic_count}',
f'--private-key={priv_key}',
f'--certificate={pub_key}'
]
args += [
payload,
output_fname
]
return self.run_cmd(*args)
def generate_empty_capsule(self, image_guid, output_fname,
accept=True):
"""Generate empty capsules for FWU A/B updates
Args:
image_guid (str): GUID used for identifying the image
in case of an accept capsule
output_fname (str): Path to the output capsule file
accept (bool): Generate an accept capsule,
else a revert capsule
Returns:
str: Tool output
"""
if accept:
args = [
f'--guid={image_guid}',
'--fw-accept'
]
else:
args = [ '--fw-revert' ]
args += [ output_fname ]
return self.run_cmd(*args)
def fetch(self, method):
"""Fetch handler for mkeficapsule
This builds the tool from source
Returns:
tuple:
str: Filename of fetched file to copy to a suitable directory
str: Name of temp directory to remove, or None
"""
if method != bintool.FETCH_BUILD:
return None
cmd = ['tools-only_defconfig', 'tools']
result = self.build_from_git(
'https://source.denx.de/u-boot/u-boot.git',
cmd,
'tools/mkeficapsule')
return result
|
