aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorTom Rini <trini@konsulko.com>2023-06-08 11:19:27 -0400
committerTom Rini <trini@konsulko.com>2023-06-08 11:19:27 -0400
commit3aa4fb12f4abd31bce7fe6294dd47fd0966a791a (patch)
tree822ad0a8d6e6405df9c444f49ad7c57ecbf7a732
parentac6096fe9c4d99f1dc37db95f213e08a48b11e70 (diff)
parentb6f954e5b09545d18a150e4a4431a648e41ff287 (diff)
Merge tag 'efi-next-20230608' of https://source.denx.de/u-boot/custodians/u-boot-efi into next
Pull request efi-next-20230608 UEFI: * Support for firmware versions in capsule updates
Diffstat
-rw-r--r--arch/arm/mach-rockchip/board.c4
-rw-r--r--board/advantech/imx8mp_rsb3720a1/imx8mp_rsb3720a1.c2
-rw-r--r--board/compulab/imx8mm-cl-iot-gate/imx8mm-cl-iot-gate.c2
-rw-r--r--board/emulation/qemu-arm/qemu-arm.c2
-rw-r--r--board/kontron/pitx_imx8m/pitx_imx8m.c2
-rw-r--r--board/kontron/sl-mx8mm/sl-mx8mm.c2
-rw-r--r--board/kontron/sl28/sl28.c2
-rw-r--r--board/rockchip/evb_rk3399/evb-rk3399.c2
-rw-r--r--board/sandbox/sandbox.c2
-rw-r--r--board/socionext/developerbox/developerbox.c2
-rw-r--r--board/st/stm32mp1/stm32mp1.c2
-rw-r--r--board/xilinx/common/board.c2
-rw-r--r--doc/develop/uefi/uefi.rst66
-rw-r--r--doc/device-tree-bindings/firmware/firmware-version.txt22
-rw-r--r--doc/mkeficapsule.110
-rw-r--r--include/efi_loader.h3
-rw-r--r--lib/efi_loader/efi_firmware.c276
-rw-r--r--lib/fwu_updates/fwu.c2
-rw-r--r--test/py/tests/test_efi_capsule/capsule_common.py142
-rw-r--r--test/py/tests/test_efi_capsule/conftest.py82
-rw-r--r--test/py/tests/test_efi_capsule/test_capsule_firmware_fit.py213
-rw-r--r--test/py/tests/test_efi_capsule/test_capsule_firmware_raw.py301
-rw-r--r--test/py/tests/test_efi_capsule/test_capsule_firmware_signed_fit.py269
-rw-r--r--test/py/tests/test_efi_capsule/test_capsule_firmware_signed_raw.py276
-rw-r--r--test/py/tests/test_efi_capsule/version.dts24
-rw-r--r--tools/eficapsule.h30
-rw-r--r--tools/mkeficapsule.c37
27 files changed, 1102 insertions, 677 deletions
diff --git a/arch/arm/mach-rockchip/board.c b/arch/arm/mach-rockchip/board.c
index f1f70c81d0..8daa74b3eb 100644
--- a/arch/arm/mach-rockchip/board.c
+++ b/arch/arm/mach-rockchip/board.c
@@ -41,7 +41,7 @@ static bool updatable_image(struct disk_partition *info)
uuid_str_to_bin(info->type_guid, image_type_guid.b,
UUID_STR_FORMAT_GUID);
- for (i = 0; i < num_image_type_guids; i++) {
+ for (i = 0; i < update_info.num_images; i++) {
if (!guidcmp(&fw_images[i].image_type_id, &image_type_guid)) {
ret = true;
break;
@@ -59,7 +59,7 @@ static void set_image_index(struct disk_partition *info, int index)
uuid_str_to_bin(info->type_guid, image_type_guid.b,
UUID_STR_FORMAT_GUID);
- for (i = 0; i < num_image_type_guids; i++) {
+ for (i = 0; i < update_info.num_images; i++) {
if (!guidcmp(&fw_images[i].image_type_id, &image_type_guid)) {
fw_images[i].image_index = index;
break;
diff --git a/board/advantech/imx8mp_rsb3720a1/imx8mp_rsb3720a1.c b/board/advantech/imx8mp_rsb3720a1/imx8mp_rsb3720a1.c
index 466174679e..b79a2380aa 100644
--- a/board/advantech/imx8mp_rsb3720a1/imx8mp_rsb3720a1.c
+++ b/board/advantech/imx8mp_rsb3720a1/imx8mp_rsb3720a1.c
@@ -54,10 +54,10 @@ struct efi_fw_image fw_images[] = {
struct efi_capsule_update_info update_info = {
.dfu_string = "mmc 2=flash-bin raw 0 0x1B00 mmcpart 1",
+ .num_images = ARRAY_SIZE(fw_images),
.images = fw_images,
};
-u8 num_image_type_guids = ARRAY_SIZE(fw_images);
#endif /* EFI_HAVE_CAPSULE_SUPPORT */
diff --git a/board/compulab/imx8mm-cl-iot-gate/imx8mm-cl-iot-gate.c b/board/compulab/imx8mm-cl-iot-gate/imx8mm-cl-iot-gate.c
index b373e45df9..af070ec315 100644
--- a/board/compulab/imx8mm-cl-iot-gate/imx8mm-cl-iot-gate.c
+++ b/board/compulab/imx8mm-cl-iot-gate/imx8mm-cl-iot-gate.c
@@ -50,10 +50,10 @@ struct efi_fw_image fw_images[] = {
struct efi_capsule_update_info update_info = {
.dfu_string = "mmc 2=flash-bin raw 0x42 0x1D00 mmcpart 1",
+ .num_images = ARRAY_SIZE(fw_images),
.images = fw_images,
};
-u8 num_image_type_guids = ARRAY_SIZE(fw_images);
#endif /* EFI_HAVE_CAPSULE_SUPPORT */
int board_phys_sdram_size(phys_size_t *size)
diff --git a/board/emulation/qemu-arm/qemu-arm.c b/board/emulation/qemu-arm/qemu-arm.c
index 34ed3e8ae6..dfea0d92a3 100644
--- a/board/emulation/qemu-arm/qemu-arm.c
+++ b/board/emulation/qemu-arm/qemu-arm.c
@@ -47,10 +47,10 @@ struct efi_fw_image fw_images[] = {
};
struct efi_capsule_update_info update_info = {
+ .num_images = ARRAY_SIZE(fw_images)
.images = fw_images,
};
-u8 num_image_type_guids = ARRAY_SIZE(fw_images);
#endif /* EFI_HAVE_CAPSULE_SUPPORT */
static struct mm_region qemu_arm64_mem_map[] = {
diff --git a/board/kontron/pitx_imx8m/pitx_imx8m.c b/board/kontron/pitx_imx8m/pitx_imx8m.c
index fcda86bc1b..4548e7c1df 100644
--- a/board/kontron/pitx_imx8m/pitx_imx8m.c
+++ b/board/kontron/pitx_imx8m/pitx_imx8m.c
@@ -43,10 +43,10 @@ struct efi_fw_image fw_images[] = {
struct efi_capsule_update_info update_info = {
.dfu_string = "mmc 0=flash-bin raw 0x42 0x1000 mmcpart 1",
+ .num_images = ARRAY_SIZE(fw_images),
.images = fw_images,
};
-u8 num_image_type_guids = ARRAY_SIZE(fw_images);
#endif /* EFI_HAVE_CAPSULE_SUPPORT */
int board_early_init_f(void)
diff --git a/board/kontron/sl-mx8mm/sl-mx8mm.c b/board/kontron/sl-mx8mm/sl-mx8mm.c
index 250195694b..ddb509eb66 100644
--- a/board/kontron/sl-mx8mm/sl-mx8mm.c
+++ b/board/kontron/sl-mx8mm/sl-mx8mm.c
@@ -29,10 +29,10 @@ struct efi_fw_image fw_images[] = {
struct efi_capsule_update_info update_info = {
.dfu_string = "sf 0:0=flash-bin raw 0x400 0x1f0000",
+ .num_images = ARRAY_SIZE(fw_images),
.images = fw_images,
};
-u8 num_image_type_guids = ARRAY_SIZE(fw_images);
#endif /* EFI_HAVE_CAPSULE_SUPPORT */
int board_phys_sdram_size(phys_size_t *size)
diff --git a/board/kontron/sl28/sl28.c b/board/kontron/sl28/sl28.c
index 89948e087f..4ab221c12b 100644
--- a/board/kontron/sl28/sl28.c
+++ b/board/kontron/sl28/sl28.c
@@ -40,10 +40,10 @@ struct efi_fw_image fw_images[] = {
struct efi_capsule_update_info update_info = {
.dfu_string = "sf 0:0=u-boot-bin raw 0x210000 0x1d0000;"
"u-boot-env raw 0x3e0000 0x20000",
+ .num_images = ARRAY_SIZE(fw_images),
.images = fw_images,
};
-u8 num_image_type_guids = ARRAY_SIZE(fw_images);
#endif /* EFI_HAVE_CAPSULE_SUPPORT */
int board_early_init_f(void)
diff --git a/board/rockchip/evb_rk3399/evb-rk3399.c b/board/rockchip/evb_rk3399/evb-rk3399.c
index c99ffdd75e..3c773d0930 100644
--- a/board/rockchip/evb_rk3399/evb-rk3399.c
+++ b/board/rockchip/evb_rk3399/evb-rk3399.c
@@ -18,10 +18,10 @@
static struct efi_fw_image fw_images[ROCKPI4_UPDATABLE_IMAGES] = {0};
struct efi_capsule_update_info update_info = {
+ .num_images = ROCKPI4_UPDATABLE_IMAGES,
.images = fw_images,
};
-u8 num_image_type_guids = ROCKPI4_UPDATABLE_IMAGES;
#endif
#ifndef CONFIG_SPL_BUILD
diff --git a/board/sandbox/sandbox.c b/board/sandbox/sandbox.c
index 2e44bdf0df..c7b6cb78ff 100644
--- a/board/sandbox/sandbox.c
+++ b/board/sandbox/sandbox.c
@@ -67,10 +67,10 @@ struct efi_fw_image fw_images[] = {
struct efi_capsule_update_info update_info = {
.dfu_string = "sf 0:0=u-boot-bin raw 0x100000 0x50000;"
"u-boot-env raw 0x150000 0x200000",
+ .num_images = ARRAY_SIZE(fw_images),
.images = fw_images,
};
-u8 num_image_type_guids = ARRAY_SIZE(fw_images);
#endif /* EFI_HAVE_CAPSULE_SUPPORT */
#if !CONFIG_IS_ENABLED(OF_PLATDATA)
diff --git a/board/socionext/developerbox/developerbox.c b/board/socionext/developerbox/developerbox.c
index 16e14d4f7f..d92e1d0962 100644
--- a/board/socionext/developerbox/developerbox.c
+++ b/board/socionext/developerbox/developerbox.c
@@ -41,10 +41,10 @@ struct efi_capsule_update_info update_info = {
.dfu_string = "mtd nor1=u-boot.bin raw 200000 100000;"
"fip.bin raw 180000 78000;"
"optee.bin raw 500000 100000",
+ .num_images = ARRAY_SIZE(fw_images),
.images = fw_images,
};
-u8 num_image_type_guids = ARRAY_SIZE(fw_images);
#endif /* EFI_HAVE_CAPSULE_SUPPORT */
static struct mm_region sc2a11_mem_map[] = {
diff --git a/board/st/stm32mp1/stm32mp1.c b/board/st/stm32mp1/stm32mp1.c
index 1a1b1844c8..5b28ccd32e 100644
--- a/board/st/stm32mp1/stm32mp1.c
+++ b/board/st/stm32mp1/stm32mp1.c
@@ -92,10 +92,10 @@
struct efi_fw_image fw_images[1];
struct efi_capsule_update_info update_info = {
+ .num_images = ARRAY_SIZE(fw_images),
.images = fw_images,
};
-u8 num_image_type_guids = ARRAY_SIZE(fw_images);
#endif /* EFI_HAVE_CAPSULE_SUPPORT */
int board_early_init_f(void)
diff --git a/board/xilinx/common/board.c b/board/xilinx/common/board.c
index d071ebfb9c..0328d68e75 100644
--- a/board/xilinx/common/board.c
+++ b/board/xilinx/common/board.c
@@ -52,10 +52,10 @@ struct efi_fw_image fw_images[] = {
};
struct efi_capsule_update_info update_info = {
+ .num_images = ARRAY_SIZE(fw_images),
.images = fw_images,
};
-u8 num_image_type_guids = ARRAY_SIZE(fw_images);
#endif /* EFI_HAVE_CAPSULE_SUPPORT */
#define EEPROM_HEADER_MAGIC 0xdaaddeed
diff --git a/doc/develop/uefi/uefi.rst b/doc/develop/uefi/uefi.rst
index ffe25ca231..ffd13cebe9 100644
--- a/doc/develop/uefi/uefi.rst
+++ b/doc/develop/uefi/uefi.rst
@@ -318,6 +318,33 @@ Run the following command
--guid <image GUID> \
<capsule_file_name>
+The UEFI specification does not define the firmware versioning mechanism.
+EDK II reference implementation inserts the FMP Payload Header right before
+the payload. It coutains the fw_version and lowest supported version,
+EDK II reference implementation uses these information to implement the
+firmware versioning and anti-rollback protection, the firmware version and
+lowest supported version is stored into EFI non-volatile variable.
+
+In U-Boot, the firmware versioning is implemented utilizing
+the FMP Payload Header same as EDK II reference implementation,
+reads the FMP Payload Header and stores the firmware version into
+"FmpStateXXXX" EFI non-volatile variable. XXXX indicates the image index,
+since FMP protocol handles multiple image indexes.
+
+To add the fw_version into the FMP Payload Header,
+add --fw-version option in mkeficapsule tool.
+
+.. code-block:: console
+
+ $ mkeficapsule \
+ --index <index> --instance 0 \
+ --guid <image GUID> \
+ --fw-version 5 \
+ <capsule_file_name>
+
+If the --fw-version option is not set, FMP Payload Header is not inserted
+and fw_version is set as 0.
+
Performing the update
*********************
@@ -510,6 +537,45 @@ where signature.dts looks like::
};
};
+Anti-rollback Protection
+************************
+
+Anti-rollback prevents unintentional installation of outdated firmware.
+To enable anti-rollback, you must add the lowest-supported-version property
+to dtb and specify --fw-version when creating a capsule file with the
+mkeficapsule tool.
+When executing capsule update, U-Boot checks if fw_version is greater than
+or equal to lowest-supported-version. If fw_version is less than
+lowest-supported-version, the update will fail.
+For example, if lowest-supported-version is set to 7 and you run capsule
+update using a capsule file with --fw-version of 5, the update will fail.
+When the --fw-version in the capsule file is updated, lowest-supported-version
+in the dtb might be updated accordingly.
+
+To insert the lowest supported version into a dtb
+
+.. code-block:: console
+
+ $ dtc -@ -I dts -O dtb -o version.dtbo version.dts
+ $ fdtoverlay -i orig.dtb -o new.dtb -v version.dtbo
+
+where version.dts looks like::
+
+ /dts-v1/;
+ /plugin/;
+ &{/} {
+ firmware-version {
+ image1 {
+ image-type-id = "09D7CF52-0720-4710-91D1-08469B7FE9C8";
+ image-index = <1>;
+ lowest-supported-version = <3>;
+ };
+ };
+ };
+
+The properties of image-type-id and image-index must match the value
+defined in the efi_fw_image array as image_type_id and image_index.
+
Executing the boot manager
~~~~~~~~~~~~~~~~~~~~~~~~~~
diff --git a/doc/device-tree-bindings/firmware/firmware-version.txt b/doc/device-tree-bindings/firmware/firmware-version.txt
new file mode 100644
index 0000000000..ee90ce3117
--- /dev/null
+++ b/doc/device-tree-bindings/firmware/firmware-version.txt
@@ -0,0 +1,22 @@
+firmware-version bindings
+-------------------------------
+
+Required properties:
+- image-type-id : guid for image blob type
+- image-index : image index
+- lowest-supported-version : lowest supported version
+
+Example:
+
+ firmware-version {
+ image1 {
+ image-type-id = "09D7CF52-0720-4710-91D1-08469B7FE9C8";
+ image-index = <1>;
+ lowest-supported-version = <3>;
+ };
+ image2 {
+ image-type-id = "5A7021F5-FEF2-48B4-AABA-832E777418C0";
+ image-index = <2>;
+ lowest-supported-version = <7>;
+ };
+ };
diff --git a/doc/mkeficapsule.1 b/doc/mkeficapsule.1
index 1ca245a10f..c4c2057d5c 100644
--- a/doc/mkeficapsule.1
+++ b/doc/mkeficapsule.1
@@ -62,6 +62,16 @@ Specify an image index
Specify a hardware instance
.PP
+FMP Payload Header is inserted right before the payload if
+.BR --fw-version
+is specified
+
+
+.TP
+.BI "-v\fR,\fB --fw-version " firmware-version
+Specify a firmware version, 0 if omitted
+
+.PP
For generation of firmware accept empty capsule
.BR --guid
is mandatory
diff --git a/include/efi_loader.h b/include/efi_loader.h
index b395eef9e7..941d63467c 100644
--- a/include/efi_loader.h
+++ b/include/efi_loader.h
@@ -1078,15 +1078,16 @@ struct efi_fw_image {
* platforms which enable capsule updates
*
* @dfu_string: String used to populate dfu_alt_info
+ * @num_images: The number of images array entries
* @images: Pointer to an array of updatable images
*/
struct efi_capsule_update_info {
const char *dfu_string;
+ int num_images;
struct efi_fw_image *images;
};
extern struct efi_capsule_update_info update_info;
-extern u8 num_image_type_guids;
/**
* Install the ESRT system table.
diff --git a/lib/efi_loader/efi_firmware.c b/lib/efi_loader/efi_firmware.c
index 93e2b01c07..b557738370 100644
--- a/lib/efi_loader/efi_firmware.c
+++ b/lib/efi_loader/efi_firmware.c
@@ -10,6 +10,7 @@
#include <charset.h>
#include <dfu.h>
#include <efi_loader.h>
+#include <efi_variable.h>
#include <fwu.h>
#include <image.h>
#include <signatures.h>
@@ -36,11 +37,52 @@ struct fmp_payload_header {
u32 lowest_supported_version;
};
+/**
+ * struct fmp_state - fmp firmware update state
+ *
+ * This structure describes the state of the firmware update
+ * through FMP protocol.
+ *
+ * @fw_version: Firmware versions used
+ * @lowest_supported_version: Lowest supported version
+ * @last_attempt_version: Last attempt version
+ * @last_attempt_status: Last attempt status
+ */
+struct fmp_state {
+ u32 fw_version;
+ u32 lowest_supported_version; /* not used */
+ u32 last_attempt_version; /* not used */
+ u32 last_attempt_status; /* not used */
+};
+
__weak void set_dfu_alt_info(char *interface, char *devstr)
{
env_set("dfu_alt_info", update_info.dfu_string);
}
+/**
+ * efi_firmware_get_image_type_id - get image_type_id
+ * @image_index: image index
+ *
+ * Return the image_type_id identified by the image index.
+ *
+ * Return: pointer to the image_type_id, NULL if image_index is invalid
+ */
+static
+efi_guid_t *efi_firmware_get_image_type_id(u8 image_index)
+{
+ int i;
+ struct efi_fw_image *fw_array;
+
+ fw_array = update_info.images;
+ for (i = 0; i < update_info.num_images; i++) {
+ if (fw_array[i].image_index == image_index)
+ return &fw_array[i].image_type_id;
+ }
+
+ return NULL;
+}
+
/* Place holder; not supported */
static
efi_status_t EFIAPI efi_firmware_get_image_unsupported(
@@ -103,6 +145,87 @@ efi_status_t EFIAPI efi_firmware_set_package_info_unsupported(
}
/**
+ * efi_firmware_get_lsv_from_dtb - get lowest supported version from dtb
+ * @image_index: Image index
+ * @image_type_id: Image type id
+ * @lsv: Pointer to store the lowest supported version
+ *
+ * Read the firmware version information from dtb.
+ */
+static void efi_firmware_get_lsv_from_dtb(u8 image_index,
+ efi_guid_t *image_type_id, u32 *lsv)
+{
+ const void *fdt = gd->fdt_blob;
+ const fdt32_t *val;
+ const char *guid_str;
+ int len, offset, index;
+ int parent;
+
+ *lsv = 0;
+
+ parent = fdt_subnode_offset(fdt, 0, "firmware-version");
+ if (parent < 0)
+ return;
+
+ fdt_for_each_subnode(offset, fdt, parent) {
+ efi_guid_t guid;
+
+ guid_str = fdt_getprop(fdt, offset, "image-type-id", &len);
+ if (!guid_str)
+ continue;
+ uuid_str_to_bin(guid_str, guid.b, UUID_STR_FORMAT_GUID);
+
+ val = fdt_getprop(fdt, offset, "image-index", &len);
+ if (!val)
+ continue;
+ index = fdt32_to_cpu(*val);
+
+ if (!guidcmp(&guid, image_type_id) && index == image_index) {
+ val = fdt_getprop(fdt, offset,
+ "lowest-supported-version", &len);
+ if (val)
+ *lsv = fdt32_to_cpu(*val);
+ }
+ }
+}
+
+/**
+ * efi_firmware_fill_version_info - fill the version information
+ * @image_info: Image information
+ * @fw_array: Pointer to size of new image
+ *
+ * Fill the version information into image_info strucrure.
+ *
+ */
+static
+void efi_firmware_fill_version_info(struct efi_firmware_image_descriptor *image_info,
+ struct efi_fw_image *fw_array)
+{
+ u16 varname[13]; /* u"FmpStateXXXX" */
+ efi_status_t ret;
+ efi_uintn_t size;
+ struct fmp_state var_state = { 0 };
+
+ efi_create_indexed_name(varname, sizeof(varname), "FmpState",
+ fw_array->image_index);
+ size = sizeof(var_state);
+ ret = efi_get_variable_int(varname, &fw_array->image_type_id,
+ NULL, &size, &var_state, NULL);
+ if (ret == EFI_SUCCESS)
+ image_info->version = var_state.fw_version;
+ else
+ image_info->version = 0;
+
+ efi_firmware_get_lsv_from_dtb(fw_array->image_index,
+ &fw_array->image_type_id,
+ &image_info->lowest_supported_image_version);
+
+ image_info->version_name = NULL; /* not supported */
+ image_info->last_attempt_version = 0;
+ image_info->last_attempt_status = LAST_ATTEMPT_STATUS_SUCCESS;
+}
+
+/**
* efi_fill_image_desc_array - populate image descriptor array
* @image_info_size: Size of @image_info
* @image_info: Image information
@@ -131,7 +254,7 @@ static efi_status_t efi_fill_image_desc_array(
struct efi_fw_image *fw_array;
int i;
- total_size = sizeof(*image_info) * num_image_type_guids;
+ total_size = sizeof(*image_info) * update_info.num_images;
if (*image_info_size < total_size) {
*image_info_size = total_size;
@@ -141,21 +264,20 @@ static efi_status_t efi_fill_image_desc_array(
*image_info_size = total_size;
fw_array = update_info.images;
- *descriptor_count = num_image_type_guids;
+ *descriptor_count = update_info.num_images;
*descriptor_version = EFI_FIRMWARE_IMAGE_DESCRIPTOR_VERSION;
*descriptor_size = sizeof(*image_info);
*package_version = 0xffffffff; /* not supported */
*package_version_name = NULL; /* not supported */
- for (i = 0; i < num_image_type_guids; i++) {
+ for (i = 0; i < update_info.num_images; i++) {
image_info[i].image_index = fw_array[i].image_index;
image_info[i].image_type_id = fw_array[i].image_type_id;
image_info[i].image_id = fw_array[i].image_index;
-
image_info[i].image_id_name = fw_array[i].fw_name;
- image_info[i].version = 0; /* not supported */
- image_info[i].version_name = NULL; /* not supported */
+ efi_firmware_fill_version_info(&image_info[i], &fw_array[i]);
+
image_info[i].size = 0;
image_info[i].attributes_supported =
IMAGE_ATTRIBUTE_IMAGE_UPDATABLE |
@@ -168,9 +290,6 @@ static efi_status_t efi_fill_image_desc_array(
image_info[0].attributes_setting |=
IMAGE_ATTRIBUTE_AUTHENTICATION_REQUIRED;
- image_info[i].lowest_supported_image_version = 0;
- image_info[i].last_attempt_version = 0;
- image_info[i].last_attempt_status = LAST_ATTEMPT_STATUS_SUCCESS;
image_info[i].hardware_instance = 1;
image_info[i].dependencies = NULL;
}
@@ -194,8 +313,6 @@ efi_status_t efi_firmware_capsule_authenticate(const void **p_image,
{
const void *image = *p_image;
efi_uintn_t image_size = *p_image_size;
- u32 fmp_hdr_signature;
- struct fmp_payload_header *header;
void *capsule_payload;
efi_status_t status;
efi_uintn_t capsule_payload_size;
@@ -222,27 +339,122 @@ efi_status_t efi_firmware_capsule_authenticate(const void **p_image,
debug("Updating capsule without authenticating.\n");
}
- fmp_hdr_signature = FMP_PAYLOAD_HDR_SIGNATURE;
- header = (void *)image;
-
- if (!memcmp(&header->signature, &fmp_hdr_signature,
- sizeof(fmp_hdr_signature))) {
- /*
- * When building the capsule with the scripts in
- * edk2, a FMP header is inserted above the capsule
- * payload. Compensate for this header to get the
- * actual payload that is to be updated.
- */
- image += header->header_size;
- image_size -= header->header_size;
- }
-
*p_image = image;
*p_image_size = image_size;
return EFI_SUCCESS;
}
/**
+ * efi_firmware_set_fmp_state_var - set FmpStateXXXX variable
+ * @state: Pointer to fmp state
+ * @image_index: image index
+ *
+ * Update the FmpStateXXXX variable with the firmware update state.
+ *
+ * Return: status code
+ */
+static
+efi_status_t efi_firmware_set_fmp_state_var(struct fmp_state *state, u8 image_index)
+{
+ u16 varname[13]; /* u"FmpStateXXXX" */
+ efi_status_t ret;
+ efi_guid_t *image_type_id;
+ struct fmp_state var_state = { 0 };
+
+ image_type_id = efi_firmware_get_image_type_id(image_index);
+ if (!image_type_id)
+ return EFI_INVALID_PARAMETER;
+
+ efi_create_indexed_name(varname, sizeof(varname), "FmpState",
+ image_index);
+
+ /*
+ * Only the fw_version is set here.
+ * lowest_supported_version in FmpState variable is ignored since
+ * it can be tampered if the file based EFI variable storage is used.
+ */
+ var_state.fw_version = state->fw_version;
+
+ ret = efi_set_variable_int(varname, image_type_id,
+ EFI_VARIABLE_READ_ONLY |
+ EFI_VARIABLE_NON_VOLATILE |
+ EFI_VARIABLE_BOOTSERVICE_ACCESS |
+ EFI_VARIABLE_RUNTIME_ACCESS,
+ sizeof(var_state), &var_state, false);
+
+ return ret;
+}
+
+/**
+ * efi_firmware_get_fw_version - get fw_version from FMP payload header
+ * @p_image: Pointer to new image
+ * @p_image_size: Pointer to size of new image
+ * @state: Pointer to fmp state
+ *
+ * Parse the FMP payload header and fill the fmp_state structure.
+ * If no FMP payload header is found, fmp_state structure is not updated.
+ *
+ */
+static void efi_firmware_get_fw_version(const void **p_image,
+ efi_uintn_t *p_image_size,
+ struct fmp_state *state)
+{
+ const struct fmp_payload_header *header;
+ u32 fmp_hdr_signature = FMP_PAYLOAD_HDR_SIGNATURE;
+
+ header = *p_image;
+ if (header->signature == fmp_hdr_signature) {
+ /* FMP header is inserted above the capsule payload */
+ state->fw_version = header->fw_version;
+
+ *p_image += header->header_size;
+ *p_image_size -= header->header_size;
+ }
+}
+
+/**
+ * efi_firmware_verify_image - verify image
+ * @p_image: Pointer to new image
+ * @p_image_size: Pointer to size of new image
+ * @image_index: Image index
+ * @state: Pointer to fmp state
+ *
+ * Verify the capsule authentication and check if the fw_version
+ * is equal or greater than the lowest supported version.
+ *
+ * Return: status code
+ */
+static
+efi_status_t efi_firmware_verify_image(const void **p_image,
+ efi_uintn_t *p_image_size,
+ u8 image_index,
+ struct fmp_state *state)
+{
+ u32 lsv;
+ efi_status_t ret;
+ efi_guid_t *image_type_id;
+
+ ret = efi_firmware_capsule_authenticate(p_image, p_image_size);
+ if (ret != EFI_SUCCESS)
+ return ret;
+
+ efi_firmware_get_fw_version(p_image, p_image_size, state);
+
+ image_type_id = efi_firmware_get_image_type_id(image_index);
+ if (!image_type_id)
+ return EFI_INVALID_PARAMETER;
+
+ efi_firmware_get_lsv_from_dtb(image_index, image_type_id, &lsv);
+ if (state->fw_version < lsv) {
+ log_err("Firmware version %u too low. Expecting >= %u. Aborting update\n",
+ state->fw_version, lsv);
+ return EFI_INVALID_PARAMETER;
+ }
+
+ return ret;
+}
+
+/**
* efi_firmware_get_image_info - return information about the current
* firmware image
* @this: Protocol instance
@@ -331,6 +543,7 @@ efi_status_t EFIAPI efi_firmware_fit_set_image(
u16 **abort_reason)
{
efi_status_t status;
+ struct fmp_state state = { 0 };
EFI_ENTRY("%p %d %p %zu %p %p %p\n", this, image_index, image,
image_size, vendor_code, progress, abort_reason);
@@ -338,13 +551,16 @@ efi_status_t EFIAPI efi_firmware_fit_set_image(
if (!image || image_index != 1)
return EFI_EXIT(EFI_INVALID_PARAMETER);
- status = efi_firmware_capsule_authenticate(&image, &image_size);
+ status = efi_firmware_verify_image(&image, &image_size, image_index,
+ &state);
if (status != EFI_SUCCESS)
return EFI_EXIT(status);
if (fit_update(image))
return EFI_EXIT(EFI_DEVICE_ERROR);
+ efi_firmware_set_fmp_state_var(&state, image_index);
+
return EFI_EXIT(EFI_SUCCESS);
}
@@ -392,6 +608,7 @@ efi_status_t EFIAPI efi_firmware_raw_set_image(
{
int ret;
efi_status_t status;
+ struct fmp_state state = { 0 };
EFI_ENTRY("%p %d %p %zu %p %p %p\n", this, image_index, image,
image_size, vendor_code, progress, abort_reason);
@@ -399,7 +616,8 @@ efi_status_t EFIAPI efi_firmware_raw_set_image(
if (!image)
return EFI_EXIT(EFI_INVALID_PARAMETER);
- status = efi_firmware_capsule_authenticate(&image, &image_size);
+ status = efi_firmware_verify_image(&image, &image_size, image_index,
+ &state);
if (status != EFI_SUCCESS)
return EFI_EXIT(status);
@@ -419,6 +637,8 @@ efi_status_t EFIAPI efi_firmware_raw_set_image(
NULL, NULL))
return EFI_EXIT(EFI_DEVICE_ERROR);
+ efi_firmware_set_fmp_state_var(&state, image_index);
+
return EFI_EXIT(EFI_SUCCESS);
}
diff --git a/lib/fwu_updates/fwu.c b/lib/fwu_updates/fwu.c
index 5313d07302..3b1785e7b1 100644
--- a/lib/fwu_updates/fwu.c
+++ b/lib/fwu_updates/fwu.c
@@ -151,7 +151,7 @@ static int fwu_get_image_type_id(u8 *image_index, efi_guid_t *image_type_id)
index = *image_index;
image = update_info.images;
- for (i = 0; i < num_image_type_guids; i++) {
+ for (i = 0; i < update_info.num_images; i++) {
if (index == image[i].image_index) {
guidcpy(image_type_id, &image[i].image_type_id);
return 0;
diff --git a/test/py/tests/test_efi_capsule/capsule_common.py b/test/py/tests/test_efi_capsule/capsule_common.py
new file mode 100644
index 0000000000..9eef6767a6
--- /dev/null
+++ b/test/py/tests/test_efi_capsule/capsule_common.py
@@ -0,0 +1,142 @@
+# SPDX-License-Identifier: GPL-2.0+
+# Copyright (c) 2023, Linaro Limited
+
+
+"""Common function for UEFI capsule test."""
+
+from capsule_defs import CAPSULE_DATA_DIR, CAPSULE_INSTALL_DIR
+
+def setup(u_boot_console, disk_img, osindications):
+ """setup the test
+
+ Args:
+ u_boot_console -- A console connection to U-Boot.
+ disk_img -- A path to disk image to be used for testing.
+ osindications -- String of osindications value.
+ """
+ u_boot_console.run_command_list([
+ f'host bind 0 {disk_img}',
+ 'printenv -e PlatformLangCodes', # workaround for terminal size determination
+ 'efidebug boot add -b 1 TEST host 0:1 /helloworld.efi',
+ 'efidebug boot order 1',
+ 'env set dfu_alt_info "sf 0:0=u-boot-bin raw 0x100000 0x50000;'
+ 'u-boot-env raw 0x150000 0x200000"'])
+
+ if osindications is None:
+ u_boot_console.run_command('env set -e OsIndications')
+ else:
+ u_boot_console.run_command(f'env set -e -nv -bs -rt OsIndications ={osindications}')
+
+ u_boot_console.run_command('env save')
+
+def init_content(u_boot_console, target, filename, expected):
+ """initialize test content
+
+ Args:
+ u_boot_console -- A console connection to U-Boot.
+ target -- Target address to place the content.
+ filename -- File name of the content.
+ expected -- Expected string of the content.
+ """
+ output = u_boot_console.run_command_list([
+ 'sf probe 0:0',
+ f'fatload host 0:1 4000000 {CAPSULE_DATA_DIR}/{filename}',
+ f'sf write 4000000 {target} 10',
+ 'sf read 5000000 100000 10',
+ 'md.b 5000000 10'])
+ assert expected in ''.join(output)
+
+def place_capsule_file(u_boot_console, filenames):
+ """place the capsule file
+
+ Args:
+ u_boot_console -- A console connection to U-Boot.
+ filenames -- File name array of the target capsule files.
+ """
+ for name in filenames:
+ u_boot_console.run_command_list([
+ f'fatload host 0:1 4000000 {CAPSULE_DATA_DIR}/{name}',
+ f'fatwrite host 0:1 4000000 {CAPSULE_INSTALL_DIR}/{name} $filesize'])
+
+ output = u_boot_console.run_command(f'fatls host 0:1 {CAPSULE_INSTALL_DIR}')
+ for name in filenames:
+ assert name in ''.join(output)
+
+def exec_manual_update(u_boot_console, disk_img, filenames, need_reboot = True):
+ """execute capsule update manually
+
+ Args:
+ u_boot_console -- A console connection to U-Boot.
+ disk_img -- A path to disk image to be used for testing.
+ filenames -- File name array of the target capsule files.
+ need_reboot -- Flag indicates whether system reboot is required.
+ """
+ # make sure that dfu_alt_info exists even persistent variables
+ # are not available.
+ output = u_boot_console.run_command_list([
+ 'env set dfu_alt_info '
+ '"sf 0:0=u-boot-bin raw 0x100000 0x50000;'
+ 'u-boot-env raw 0x150000 0x200000"',
+ f'host bind 0 {disk_img}',
+ f'fatls host 0:1 {CAPSULE_INSTALL_DIR}'])
+ for name in filenames:
+ assert name in ''.join(output)
+
+ # need to run uefi command to initiate capsule handling
+ u_boot_console.run_command(
+ 'env print -e Capsule0000', wait_for_reboot = need_reboot)
+
+def check_file_removed(u_boot_console, disk_img, filenames):
+ """check files are removed
+
+ Args:
+ u_boot_console -- A console connection to U-Boot.
+ disk_img -- A path to disk image to be used for testing.
+ filenames -- File name array of the target capsule files.
+ """
+ output = u_boot_console.run_command_list([
+ f'host bind 0 {disk_img}',
+ f'fatls host 0:1 {CAPSULE_INSTALL_DIR}'])
+ for name in filenames:
+ assert name not in ''.join(output)
+
+def check_file_exist(u_boot_console, disk_img, filenames):
+ """check files exist
+
+ Args:
+ u_boot_console -- A console connection to U-Boot.
+ disk_img -- A path to disk image to be used for testing.
+ filenames -- File name array of the target capsule files.
+ """
+ output = u_boot_console.run_command_list([
+ f'host bind 0 {disk_img}',
+ f'fatls host 0:1 {CAPSULE_INSTALL_DIR}'])
+ for name in filenames:
+ assert name in ''.join(output)
+
+def verify_content(u_boot_console, target, expected):
+ """verify the content
+
+ Args:
+ u_boot_console -- A console connection to U-Boot.
+ target -- Target address to verify.
+ expected -- Expected string of the content.
+ """
+ output = u_boot_console.run_command_list([
+ 'sf probe 0:0',
+ f'sf read 4000000 {target} 10',
+ 'md.b 4000000 10'])
+ assert expected in ''.join(output)
+
+def do_reboot_dtb_specified(u_boot_config, u_boot_console, dtb_filename):
+ """do reboot with specified DTB
+
+ Args:
+ u_boot_config -- U-boot configuration.
+ u_boot_console -- A console connection to U-Boot.
+ dtb_filename -- DTB file name.
+ """
+ mnt_point = u_boot_config.persistent_data_dir + '/test_efi_capsule'
+ u_boot_console.config.dtb = mnt_point + CAPSULE_DATA_DIR \
+ + f'/{dtb_filename}'
+ u_boot_console.restart_uboot()
diff --git a/test/py/tests/test_efi_capsule/conftest.py b/test/py/tests/test_efi_capsule/conftest.py
index a337e62936..d0e20df01e 100644
--- a/test/py/tests/test_efi_capsule/conftest.py
+++ b/test/py/tests/test_efi_capsule/conftest.py
@@ -62,6 +62,23 @@ def efi_capsule_data(request, u_boot_config):
'-out SIGNER2.crt -nodes -days 365'
% data_dir, shell=True)
+ # Update dtb to add the version information
+ check_call('cd %s; '
+ 'cp %s/test/py/tests/test_efi_capsule/version.dts .'
+ % (data_dir, u_boot_config.source_dir), shell=True)
+ if capsule_auth_enabled:
+ check_call('cd %s; '
+ 'dtc -@ -I dts -O dtb -o version.dtbo version.dts; '
+ 'fdtoverlay -i test_sig.dtb '
+ '-o test_ver.dtb version.dtbo'
+ % (data_dir), shell=True)
+ else:
+ check_call('cd %s; '
+ 'dtc -@ -I dts -O dtb -o version.dtbo version.dts; '
+ 'fdtoverlay -i %s/arch/sandbox/dts/test.dtb '
+ '-o test_ver.dtb version.dtbo'
+ % (data_dir, u_boot_config.build_dir), shell=True)
+
# Create capsule files
# two regions: one for u-boot.bin and the other for u-boot.env
check_call('cd %s; echo -n u-boot:Old > u-boot.bin.old; echo -n u-boot:New > u-boot.bin.new; echo -n u-boot-env:Old > u-boot.env.old; echo -n u-boot-env:New > u-boot.env.new' % data_dir,
@@ -87,6 +104,26 @@ def efi_capsule_data(request, u_boot_config):
check_call('cd %s; %s/tools/mkeficapsule --index 1 --guid 058B7D83-50D5-4C47-A195-60D86AD341C4 uboot_bin_env.itb Test05' %
(data_dir, u_boot_config.build_dir),
shell=True)
+ check_call('cd %s; %s/tools/mkeficapsule --index 1 --fw-version 5 '
+ '--guid 09D7CF52-0720-4710-91D1-08469B7FE9C8 u-boot.bin.new Test101' %
+ (data_dir, u_boot_config.build_dir),
+ shell=True)
+ check_call('cd %s; %s/tools/mkeficapsule --index 2 --fw-version 10 '
+ '--guid 5A7021F5-FEF2-48B4-AABA-832E777418C0 u-boot.env.new Test102' %
+ (data_dir, u_boot_config.build_dir),
+ shell=True)
+ check_call('cd %s; %s/tools/mkeficapsule --index 1 --fw-version 2 '
+ '--guid 09D7CF52-0720-4710-91D1-08469B7FE9C8 u-boot.bin.new Test103' %
+ (data_dir, u_boot_config.build_dir),
+ shell=True)
+ check_call('cd %s; %s/tools/mkeficapsule --index 1 --fw-version 5 '
+ '--guid 3673B45D-6A7C-46F3-9E60-ADABB03F7937 uboot_bin_env.itb Test104' %
+ (data_dir, u_boot_config.build_dir),
+ shell=True)
+ check_call('cd %s; %s/tools/mkeficapsule --index 1 --fw-version 2 '
+ '--guid 3673B45D-6A7C-46F3-9E60-ADABB03F7937 uboot_bin_env.itb Test105' %
+ (data_dir, u_boot_config.build_dir),
+ shell=True)
if capsule_auth_enabled:
# raw firmware signed with proper key
@@ -123,6 +160,51 @@ def efi_capsule_data(request, u_boot_config):
'uboot_bin_env.itb Test14'
% (data_dir, u_boot_config.build_dir),
shell=True)
+ # raw firmware signed with proper key with version information
+ check_call('cd %s; '
+ '%s/tools/mkeficapsule --index 1 --monotonic-count 1 '
+ '--fw-version 5 '
+ '--private-key SIGNER.key --certificate SIGNER.crt '
+ '--guid 09D7CF52-0720-4710-91D1-08469B7FE9C8 '
+ 'u-boot.bin.new Test111'
+ % (data_dir, u_boot_config.build_dir),
+ shell=True)
+ # raw firmware signed with proper key with version information
+ check_call('cd %s; '
+ '%s/tools/mkeficapsule --index 2 --monotonic-count 1 '
+ '--fw-version 10 '
+ '--private-key SIGNER.key --certificate SIGNER.crt '
+ '--guid 5A7021F5-FEF2-48B4-AABA-832E777418C0 '
+ 'u-boot.env.new Test112'
+ % (data_dir, u_boot_config.build_dir),
+ shell=True)
+ # raw firmware signed with proper key with lower version information
+ check_call('cd %s; '
+ '%s/tools/mkeficapsule --index 1 --monotonic-count 1 '
+ '--fw-version 2 '
+ '--private-key SIGNER.key --certificate SIGNER.crt '
+ '--guid 09D7CF52-0720-4710-91D1-08469B7FE9C8 '
+ 'u-boot.bin.new Test113'
+ % (data_dir, u_boot_config.build_dir),
+ shell=True)
+ # FIT firmware signed with proper key with version information
+ check_call('cd %s; '
+ '%s/tools/mkeficapsule --index 1 --monotonic-count 1 '
+ '--fw-version 5 '
+ '--private-key SIGNER.key --certificate SIGNER.crt '
+ '--guid 3673B45D-6A7C-46F3-9E60-ADABB03F7937 '
+ 'uboot_bin_env.itb Test114'
+ % (data_dir, u_boot_config.build_dir),
+ shell=True)
+ # FIT firmware signed with proper key with lower version information
+ check_call('cd %s; '
+ '%s/tools/mkeficapsule --index 1 --monotonic-count 1 '
+ '--fw-version 2 '
+ '--private-key SIGNER.key --certificate SIGNER.crt '
+ '--guid 3673B45D-6A7C-46F3-9E60-ADABB03F7937 '
+ 'uboot_bin_env.itb Test115'
+ % (data_dir, u_boot_config.build_dir),
+ shell=True)
# Create a disk image with EFI system partition
check_call('virt-make-fs --partition=gpt --size=+1M --type=vfat %s %s' %
diff --git a/test/py/tests/test_efi_capsule/test_capsule_firmware_fit.py b/test/py/tests/test_efi_capsule/test_capsule_firmware_fit.py
index 9ee152818d..a3094c33f4 100644
--- a/test/py/tests/test_efi_capsule/test_capsule_firmware_fit.py
+++ b/test/py/tests/test_efi_capsule/test_capsule_firmware_fit.py
@@ -7,8 +7,15 @@ This test verifies capsule-on-disk firmware update for FIT images
"""
import pytest
-from capsule_defs import CAPSULE_DATA_DIR, CAPSULE_INSTALL_DIR
-
+from capsule_common import (
+ setup,
+ init_content,
+ place_capsule_file,
+ exec_manual_update,
+ check_file_removed,
+ verify_content,
+ do_reboot_dtb_specified
+)
@pytest.mark.boardspec('sandbox_flattree')
@pytest.mark.buildconfigspec('efi_capsule_firmware_fit')
@@ -40,37 +47,12 @@ class TestEfiCapsuleFirmwareFit():
u_boot_console.restart_uboot()
disk_img = efi_capsule_data
+ capsule_files = ['Test05']
with u_boot_console.log.section('Test Case 1-a, before reboot'):
- output = u_boot_console.run_command_list([
- 'host bind 0 %s' % disk_img,
- 'efidebug boot add -b 1 TEST host 0:1 /helloworld.efi -s ""',
- 'efidebug boot order 1',
- 'env set -e -nv -bs -rt OsIndications =0x0000000000000004',
- 'env set dfu_alt_info "sf 0:0=u-boot-bin raw 0x100000 0x50000;u-boot-env raw 0x150000 0x200000"',
- 'env save'])
-
- # initialize contents
- output = u_boot_console.run_command_list([
- 'sf probe 0:0',
- 'fatload host 0:1 4000000 %s/u-boot.bin.old' % CAPSULE_DATA_DIR,
- 'sf write 4000000 100000 10',
- 'sf read 5000000 100000 10',
- 'md.b 5000000 10'])
- assert 'Old' in ''.join(output)
- output = u_boot_console.run_command_list([
- 'sf probe 0:0',
- 'fatload host 0:1 4000000 %s/u-boot.env.old' % CAPSULE_DATA_DIR,
- 'sf write 4000000 150000 10',
- 'sf read 5000000 150000 10',
- 'md.b 5000000 10'])
- assert 'Old' in ''.join(output)
-
- # place a capsule file
- output = u_boot_console.run_command_list([
- 'fatload host 0:1 4000000 %s/Test05' % CAPSULE_DATA_DIR,
- 'fatwrite host 0:1 4000000 %s/Test05 $filesize' % CAPSULE_INSTALL_DIR,
- 'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR])
- assert 'Test05' in ''.join(output)
+ setup(u_boot_console, disk_img, '0x0000000000000004')
+ init_content(u_boot_console, '100000', 'u-boot.bin.old', 'Old')
+ init_content(u_boot_console, '150000', 'u-boot.env.old', 'Old')
+ place_capsule_file(u_boot_console, capsule_files)
capsule_early = u_boot_config.buildconfig.get(
'config_efi_capsule_on_disk_early')
@@ -80,28 +62,13 @@ class TestEfiCapsuleFirmwareFit():
with u_boot_console.log.section('Test Case 1-b, after reboot'):
if not capsule_early:
- # make sure that dfu_alt_info exists even persistent variables
- # are not available.
- output = u_boot_console.run_command_list([
- 'env set dfu_alt_info "sf 0:0=u-boot-bin raw 0x100000 0x50000;u-boot-env raw 0x150000 0x200000"',
- 'host bind 0 %s' % disk_img,
- 'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR])
- assert 'Test05' in ''.join(output)
-
- # need to run uefi command to initiate capsule handling
- output = u_boot_console.run_command(
- 'env print -e Capsule0000', wait_for_reboot = True)
+ exec_manual_update(u_boot_console, disk_img, capsule_files)
- output = u_boot_console.run_command_list([
- 'sf probe 0:0',
- 'sf read 4000000 100000 10',
- 'md.b 4000000 10'])
- assert 'u-boot:Old' in ''.join(output)
+ # deleted anyway
+ check_file_removed(u_boot_console, disk_img, capsule_files)
- output = u_boot_console.run_command_list([
- 'sf read 4000000 150000 10',
- 'md.b 4000000 10'])
- assert 'u-boot-env:Old' in ''.join(output)
+ verify_content(u_boot_console, '100000', 'u-boot:Old')
+ verify_content(u_boot_console, '150000', 'u-boot-env:Old')
def test_efi_capsule_fw2(
self, u_boot_config, u_boot_console, efi_capsule_data):
@@ -112,38 +79,12 @@ class TestEfiCapsuleFirmwareFit():
"""
disk_img = efi_capsule_data
+ capsule_files = ['Test04']
with u_boot_console.log.section('Test Case 2-a, before reboot'):
- output = u_boot_console.run_command_list([
- 'host bind 0 %s' % disk_img,
- 'printenv -e PlatformLangCodes', # workaround for terminal size determination
- 'efidebug boot add -b 1 TEST host 0:1 /helloworld.efi -s ""',
- 'efidebug boot order 1',
- 'env set -e -nv -bs -rt OsIndications =0x0000000000000004',
- 'env set dfu_alt_info "sf 0:0=u-boot-bin raw 0x100000 0x50000;u-boot-env raw 0x150000 0x200000"',
- 'env save'])
-
- # initialize contents
- output = u_boot_console.run_command_list([
- 'sf probe 0:0',
- 'fatload host 0:1 4000000 %s/u-boot.bin.old' % CAPSULE_DATA_DIR,
- 'sf write 4000000 100000 10',
- 'sf read 5000000 100000 10',
- 'md.b 5000000 10'])
- assert 'Old' in ''.join(output)
- output = u_boot_console.run_command_list([
- 'sf probe 0:0',
- 'fatload host 0:1 4000000 %s/u-boot.env.old' % CAPSULE_DATA_DIR,
- 'sf write 4000000 150000 10',
- 'sf read 5000000 150000 10',
- 'md.b 5000000 10'])
- assert 'Old' in ''.join(output)
-
- # place a capsule file
- output = u_boot_console.run_command_list([
- 'fatload host 0:1 4000000 %s/Test04' % CAPSULE_DATA_DIR,
- 'fatwrite host 0:1 4000000 %s/Test04 $filesize' % CAPSULE_INSTALL_DIR,
- 'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR])
- assert 'Test04' in ''.join(output)
+ setup(u_boot_console, disk_img, '0x0000000000000004')
+ init_content(u_boot_console, '100000', 'u-boot.bin.old', 'Old')
+ init_content(u_boot_console, '150000', 'u-boot.env.old', 'Old')
+ place_capsule_file(u_boot_console, capsule_files)
capsule_early = u_boot_config.buildconfig.get(
'config_efi_capsule_on_disk_early')
@@ -155,36 +96,88 @@ class TestEfiCapsuleFirmwareFit():
with u_boot_console.log.section('Test Case 2-b, after reboot'):
if not capsule_early:
- # make sure that dfu_alt_info exists even persistent variables
- # are not available.
- output = u_boot_console.run_command_list([
- 'env set dfu_alt_info "sf 0:0=u-boot-bin raw 0x100000 0x50000;u-boot-env raw 0x150000 0x200000"',
- 'host bind 0 %s' % disk_img,
- 'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR])
- assert 'Test04' in ''.join(output)
-
- # need to run uefi command to initiate capsule handling
- output = u_boot_console.run_command(
- 'env print -e Capsule0000', wait_for_reboot = True)
+ exec_manual_update(u_boot_console, disk_img, capsule_files)
- output = u_boot_console.run_command_list([
- 'host bind 0 %s' % disk_img,
- 'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR])
- assert 'Test04' not in ''.join(output)
+ check_file_removed(u_boot_console, disk_img, capsule_files)
- output = u_boot_console.run_command_list([
- 'sf probe 0:0',
- 'sf read 4000000 100000 10',
- 'md.b 4000000 10'])
- if capsule_auth:
- assert 'u-boot:Old' in ''.join(output)
- else:
- assert 'u-boot:New' in ''.join(output)
+ expected = 'u-boot:Old' if capsule_auth else 'u-boot:New'
+ verify_content(u_boot_console, '100000', expected)
+
+ expected = 'u-boot-env:Old' if capsule_auth else 'u-boot-env:New'
+ verify_content(u_boot_console, '150000', expected)
+
+ def test_efi_capsule_fw3(
+ self, u_boot_config, u_boot_console, efi_capsule_data):
+ """ Test Case 3
+ Update U-Boot on SPI Flash, raw image format with fw_version and lowest_supported_version
+ 0x100000-0x150000: U-Boot binary (but dummy)
+ 0x150000-0x200000: U-Boot environment (but dummy)
+ """
+ disk_img = efi_capsule_data
+ capsule_files = ['Test104']
+ with u_boot_console.log.section('Test Case 3-a, before reboot'):
+ setup(u_boot_console, disk_img, '0x0000000000000004')
+ init_content(u_boot_console, '100000', 'u-boot.bin.old', 'Old')
+ init_content(u_boot_console, '150000', 'u-boot.env.old', 'Old')
+ place_capsule_file(u_boot_console, capsule_files)
+
+ # reboot
+ do_reboot_dtb_specified(u_boot_config, u_boot_console, 'test_ver.dtb')
+ capsule_early = u_boot_config.buildconfig.get(
+ 'config_efi_capsule_on_disk_early')
+ capsule_auth = u_boot_config.buildconfig.get(
+ 'config_efi_capsule_authenticate')
+ with u_boot_console.log.section('Test Case 3-b, after reboot'):
+ if not capsule_early:
+ exec_manual_update(u_boot_console, disk_img, capsule_files)
+
+ # deleted anyway
+ check_file_removed(u_boot_console, disk_img, capsule_files)
+
+ # make sure the dfu_alt_info exists because it is required for making ESRT.
output = u_boot_console.run_command_list([
- 'sf read 4000000 150000 10',
- 'md.b 4000000 10'])
+ 'env set dfu_alt_info "sf 0:0=u-boot-bin raw 0x100000 0x50000;'
+ 'u-boot-env raw 0x150000 0x200000"',
+ 'efidebug capsule esrt'])
+
if capsule_auth:
- assert 'u-boot-env:Old' in ''.join(output)
+ # capsule authentication failed
+ verify_content(u_boot_console, '100000', 'u-boot:Old')
+ verify_content(u_boot_console, '150000', 'u-boot-env:Old')
else:
- assert 'u-boot-env:New' in ''.join(output)
+ # ensure that SANDBOX_UBOOT_IMAGE_GUID is in the ESRT.
+ assert '3673B45D-6A7C-46F3-9E60-ADABB03F7937' in ''.join(output)
+ assert 'ESRT: fw_version=5' in ''.join(output)
+ assert 'ESRT: lowest_supported_fw_version=3' in ''.join(output)
+
+ verify_content(u_boot_console, '100000', 'u-boot:New')
+ verify_content(u_boot_console, '150000', 'u-boot-env:New')
+
+ def test_efi_capsule_fw4(
+ self, u_boot_config, u_boot_console, efi_capsule_data):
+ """ Test Case 4
+ Update U-Boot on SPI Flash, raw image format with fw_version and lowest_supported_version
+ but fw_version is lower than lowest_supported_version
+ No update should happen
+ 0x100000-0x150000: U-Boot binary (but dummy)
+ """
+ disk_img = efi_capsule_data
+ capsule_files = ['Test105']
+ with u_boot_console.log.section('Test Case 4-a, before reboot'):
+ setup(u_boot_console, disk_img, '0x0000000000000004')
+ init_content(u_boot_console, '100000', 'u-boot.bin.old', 'Old')
+ place_capsule_file(u_boot_console, capsule_files)
+
+ # reboot
+ do_reboot_dtb_specified(u_boot_config, u_boot_console, 'test_ver.dtb')
+
+ capsule_early = u_boot_config.buildconfig.get(
+ 'config_efi_capsule_on_disk_early')
+ with u_boot_console.log.section('Test Case 4-b, after reboot'):
+ if not capsule_early:
+ exec_manual_update(u_boot_console, disk_img, capsule_files)
+
+ check_file_removed(u_boot_console, disk_img, capsule_files)
+
+ verify_content(u_boot_console, '100000', 'u-boot:Old')
diff --git a/test/py/tests/test_efi_capsule/test_capsule_firmware_raw.py b/test/py/tests/test_efi_capsule/test_capsule_firmware_raw.py
index 92bfb14932..80d791e3de 100644
--- a/test/py/tests/test_efi_capsule/test_capsule_firmware_raw.py
+++ b/test/py/tests/test_efi_capsule/test_capsule_firmware_raw.py
@@ -7,7 +7,16 @@ This test verifies capsule-on-disk firmware update for raw images
"""
import pytest
-from capsule_defs import CAPSULE_DATA_DIR, CAPSULE_INSTALL_DIR
+from capsule_common import (
+ setup,
+ init_content,
+ place_capsule_file,
+ exec_manual_update,
+ check_file_removed,
+ check_file_exist,
+ verify_content,
+ do_reboot_dtb_specified
+)
@pytest.mark.boardspec('sandbox')
@pytest.mark.buildconfigspec('efi_capsule_firmware_raw')
@@ -40,37 +49,12 @@ class TestEfiCapsuleFirmwareRaw:
u_boot_console.restart_uboot()
disk_img = efi_capsule_data
+ capsule_files = ['Test03']
with u_boot_console.log.section('Test Case 1-a, before reboot'):
- output = u_boot_console.run_command_list([
- 'host bind 0 %s' % disk_img,
- 'efidebug boot add -b 1 TEST host 0:1 /helloworld.efi -s ""',
- 'efidebug boot order 1',
- 'env set -e -nv -bs -rt OsIndications =0x0000000000000004',
- 'env set dfu_alt_info "sf 0:0=u-boot-bin raw 0x100000 0x50000;u-boot-env raw 0x150000 0x200000"',
- 'env save'])
-
- # initialize contents
- output = u_boot_console.run_command_list([
- 'sf probe 0:0',
- 'fatload host 0:1 4000000 %s/u-boot.bin.old' % CAPSULE_DATA_DIR,
- 'sf write 4000000 100000 10',
- 'sf read 5000000 100000 10',
- 'md.b 5000000 10'])
- assert 'Old' in ''.join(output)
- output = u_boot_console.run_command_list([
- 'sf probe 0:0',
- 'fatload host 0:1 4000000 %s/u-boot.env.old' % CAPSULE_DATA_DIR,
- 'sf write 4000000 150000 10',
- 'sf read 5000000 150000 10',
- 'md.b 5000000 10'])
- assert 'Old' in ''.join(output)
-
- # place a capsule file
- output = u_boot_console.run_command_list([
- 'fatload host 0:1 4000000 %s/Test03' % CAPSULE_DATA_DIR,
- 'fatwrite host 0:1 4000000 %s/Test03 $filesize' % CAPSULE_INSTALL_DIR,
- 'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR])
- assert 'Test03' in ''.join(output)
+ setup(u_boot_console, disk_img, '0x0000000000000004')
+ init_content(u_boot_console, '100000', 'u-boot.bin.old', 'Old')
+ init_content(u_boot_console, '150000', 'u-boot.env.old', 'Old')
+ place_capsule_file(u_boot_console, capsule_files)
# reboot
u_boot_console.restart_uboot()
@@ -80,28 +64,13 @@ class TestEfiCapsuleFirmwareRaw:
with u_boot_console.log.section('Test Case 1-b, after reboot'):
if not capsule_early:
- # make sure that dfu_alt_info exists even persistent variables
- # are not available.
- output = u_boot_console.run_command_list([
- 'env set dfu_alt_info "sf 0:0=u-boot-bin raw 0x100000 0x50000;u-boot-env raw 0x150000 0x200000"',
- 'host bind 0 %s' % disk_img,
- 'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR])
- assert 'Test03' in ''.join(output)
-
- # need to run uefi command to initiate capsule handling
- output = u_boot_console.run_command(
- 'env print -e Capsule0000', wait_for_reboot = True)
+ exec_manual_update(u_boot_console, disk_img, capsule_files)
- output = u_boot_console.run_command_list([
- 'sf probe 0:0',
- 'sf read 4000000 100000 10',
- 'md.b 4000000 10'])
- assert 'u-boot:Old' in ''.join(output)
+ # deleted anyway
+ check_file_removed(u_boot_console, disk_img, capsule_files)
- output = u_boot_console.run_command_list([
- 'sf read 4000000 150000 10',
- 'md.b 4000000 10'])
- assert 'u-boot-env:Old' in ''.join(output)
+ verify_content(u_boot_console, '100000', 'u-boot:Old')
+ verify_content(u_boot_console, '150000', 'u-boot-env:Old')
def test_efi_capsule_fw2(
self, u_boot_config, u_boot_console, efi_capsule_data):
@@ -112,44 +81,12 @@ class TestEfiCapsuleFirmwareRaw:
0x150000-0x200000: U-Boot environment (but dummy)
"""
disk_img = efi_capsule_data
+ capsule_files = ['Test01', 'Test02']
with u_boot_console.log.section('Test Case 2-a, before reboot'):
- output = u_boot_console.run_command_list([
- 'host bind 0 %s' % disk_img,
- 'printenv -e PlatformLangCodes', # workaround for terminal size determination
- 'efidebug boot add -b 1 TEST host 0:1 /helloworld.efi -s ""',
- 'efidebug boot order 1',
- 'env set -e OsIndications',
- 'env set dfu_alt_info "sf 0:0=u-boot-bin raw 0x100000 0x50000;u-boot-env raw 0x150000 0x200000"',
- 'env save'])
-
- # initialize contents
- output = u_boot_console.run_command_list([
- 'sf probe 0:0',
- 'fatload host 0:1 4000000 %s/u-boot.bin.old' % CAPSULE_DATA_DIR,
- 'sf write 4000000 100000 10',
- 'sf read 5000000 100000 10',
- 'md.b 5000000 10'])
- assert 'Old' in ''.join(output)
- output = u_boot_console.run_command_list([
- 'sf probe 0:0',
- 'fatload host 0:1 4000000 %s/u-boot.env.old' % CAPSULE_DATA_DIR,
- 'sf write 4000000 150000 10',
- 'sf read 5000000 150000 10',
- 'md.b 5000000 10'])
- assert 'Old' in ''.join(output)
-
- # place the capsule files
- output = u_boot_console.run_command_list([
- 'fatload host 0:1 4000000 %s/Test01' % CAPSULE_DATA_DIR,
- 'fatwrite host 0:1 4000000 %s/Test01 $filesize' % CAPSULE_INSTALL_DIR,
- 'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR])
- assert 'Test01' in ''.join(output)
-
- output = u_boot_console.run_command_list([
- 'fatload host 0:1 4000000 %s/Test02' % CAPSULE_DATA_DIR,
- 'fatwrite host 0:1 4000000 %s/Test02 $filesize' % CAPSULE_INSTALL_DIR,
- 'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR])
- assert 'Test02' in ''.join(output)
+ setup(u_boot_console, disk_img, None)
+ init_content(u_boot_console, '100000', 'u-boot.bin.old', 'Old')
+ init_content(u_boot_console, '150000', 'u-boot.env.old', 'Old')
+ place_capsule_file(u_boot_console, capsule_files)
# reboot
u_boot_console.restart_uboot()
@@ -158,35 +95,12 @@ class TestEfiCapsuleFirmwareRaw:
'config_efi_capsule_on_disk_early')
with u_boot_console.log.section('Test Case 2-b, after reboot'):
if not capsule_early:
- # make sure that dfu_alt_info exists even persistent variables
- # are not available.
- output = u_boot_console.run_command_list([
- 'env set dfu_alt_info "sf 0:0=u-boot-bin raw 0x100000 0x50000;u-boot-env raw 0x150000 0x200000"',
- 'host bind 0 %s' % disk_img,
- 'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR])
- assert 'Test01' in ''.join(output)
- assert 'Test02' in ''.join(output)
-
- # need to run uefi command to initiate capsule handling
- output = u_boot_console.run_command(
- 'env print -e Capsule0000')
-
- output = u_boot_console.run_command_list([
- 'host bind 0 %s' % disk_img,
- 'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR])
- assert 'Test01' in ''.join(output)
- assert 'Test02' in ''.join(output)
+ exec_manual_update(u_boot_console, disk_img, capsule_files, False)
- output = u_boot_console.run_command_list([
- 'sf probe 0:0',
- 'sf read 4000000 100000 10',
- 'md.b 4000000 10'])
- assert 'u-boot:Old' in ''.join(output)
+ check_file_exist(u_boot_console, disk_img, capsule_files)
- output = u_boot_console.run_command_list([
- 'sf read 4000000 150000 10',
- 'md.b 4000000 10'])
- assert 'u-boot-env:Old' in ''.join(output)
+ verify_content(u_boot_console, '100000', 'u-boot:Old')
+ verify_content(u_boot_console, '150000', 'u-boot-env:Old')
def test_efi_capsule_fw3(
self, u_boot_config, u_boot_console, efi_capsule_data):
@@ -195,45 +109,12 @@ class TestEfiCapsuleFirmwareRaw:
0x100000-0x150000: U-Boot binary (but dummy)
"""
disk_img = efi_capsule_data
+ capsule_files = ['Test01', 'Test02']
with u_boot_console.log.section('Test Case 3-a, before reboot'):
- output = u_boot_console.run_command_list([
- 'host bind 0 %s' % disk_img,
- 'printenv -e PlatformLangCodes', # workaround for terminal size determination
- 'efidebug boot add -b 1 TEST host 0:1 /helloworld.efi -s ""',
- 'efidebug boot order 1',
- 'env set -e -nv -bs -rt OsIndications =0x0000000000000004',
- 'env set dfu_alt_info "sf 0:0=u-boot-bin raw 0x100000 0x50000;u-boot-env raw 0x150000 0x200000"',
- 'env save'])
-
- # initialize contents
- output = u_boot_console.run_command_list([
- 'sf probe 0:0',
- 'fatload host 0:1 4000000 %s/u-boot.bin.old' % CAPSULE_DATA_DIR,
- 'sf write 4000000 100000 10',
- 'sf read 5000000 100000 10',
- 'md.b 5000000 10'])
- assert 'Old' in ''.join(output)
-
- output = u_boot_console.run_command_list([
- 'sf probe 0:0',
- 'fatload host 0:1 4000000 %s/u-boot.env.old' % CAPSULE_DATA_DIR,
- 'sf write 4000000 150000 10',
- 'sf read 5000000 100000 10',
- 'md.b 5000000 10'])
- assert 'Old' in ''.join(output)
-
- # place the capsule files
- output = u_boot_console.run_command_list([
- 'fatload host 0:1 4000000 %s/Test01' % CAPSULE_DATA_DIR,
- 'fatwrite host 0:1 4000000 %s/Test01 $filesize' % CAPSULE_INSTALL_DIR,
- 'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR])
- assert 'Test01' in ''.join(output)
-
- output = u_boot_console.run_command_list([
- 'fatload host 0:1 4000000 %s/Test02' % CAPSULE_DATA_DIR,
- 'fatwrite host 0:1 4000000 %s/Test02 $filesize' % CAPSULE_INSTALL_DIR,
- 'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR])
- assert 'Test02' in ''.join(output)
+ setup(u_boot_console, disk_img, '0x0000000000000004')
+ init_content(u_boot_console, '100000', 'u-boot.bin.old', 'Old')
+ init_content(u_boot_console, '150000', 'u-boot.env.old', 'Old')
+ place_capsule_file(u_boot_console, capsule_files)
capsule_early = u_boot_config.buildconfig.get(
'config_efi_capsule_on_disk_early')
@@ -245,18 +126,7 @@ class TestEfiCapsuleFirmwareRaw:
with u_boot_console.log.section('Test Case 3-b, after reboot'):
if not capsule_early:
- # make sure that dfu_alt_info exists even persistent variables
- # are not available.
- output = u_boot_console.run_command_list([
- 'env set dfu_alt_info "sf 0:0=u-boot-bin raw 0x100000 0x50000;u-boot-env raw 0x150000 0x200000"',
- 'host bind 0 %s' % disk_img,
- 'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR])
- assert 'Test01' in ''.join(output)
- assert 'Test02' in ''.join(output)
-
- # need to run uefi command to initiate capsule handling
- output = u_boot_console.run_command(
- 'env print -e Capsule0000', wait_for_reboot = True)
+ exec_manual_update(u_boot_console, disk_img, capsule_files)
# make sure the dfu_alt_info exists because it is required for making ESRT.
output = u_boot_console.run_command_list([
@@ -269,26 +139,91 @@ class TestEfiCapsuleFirmwareRaw:
# ensure that SANDBOX_UBOOT_IMAGE_GUID is in the ESRT.
assert '09D7CF52-0720-4710-91D1-08469B7FE9C8' in ''.join(output)
- output = u_boot_console.run_command_list([
- 'host bind 0 %s' % disk_img,
- 'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR])
- assert 'Test01' not in ''.join(output)
- assert 'Test02' not in ''.join(output)
+ check_file_removed(u_boot_console, disk_img, capsule_files)
- output = u_boot_console.run_command_list([
- 'sf probe 0:0',
- 'sf read 4000000 100000 10',
- 'md.b 4000000 10'])
- if capsule_auth:
- assert 'u-boot:Old' in ''.join(output)
- else:
- assert 'u-boot:New' in ''.join(output)
+ expected = 'u-boot:Old' if capsule_auth else 'u-boot:New'
+ verify_content(u_boot_console, '100000', expected)
+
+ expected = 'u-boot-env:Old' if capsule_auth else 'u-boot-env:New'
+ verify_content(u_boot_console, '150000', expected)
+ def test_efi_capsule_fw4(
+ self, u_boot_config, u_boot_console, efi_capsule_data):
+ """ Test Case 4
+ Update U-Boot on SPI Flash, raw image format with fw_version and lowest_supported_version
+ 0x100000-0x150000: U-Boot binary (but dummy)
+ 0x150000-0x200000: U-Boot environment (but dummy)
+ """
+ disk_img = efi_capsule_data
+ capsule_files = ['Test101', 'Test102']
+ with u_boot_console.log.section('Test Case 4-a, before reboot'):
+ setup(u_boot_console, disk_img, '0x0000000000000004')
+ init_content(u_boot_console, '100000', 'u-boot.bin.old', 'Old')
+ init_content(u_boot_console, '150000', 'u-boot.env.old', 'Old')
+ place_capsule_file(u_boot_console, capsule_files)
+
+ # reboot
+ do_reboot_dtb_specified(u_boot_config, u_boot_console, 'test_ver.dtb')
+
+ capsule_early = u_boot_config.buildconfig.get(
+ 'config_efi_capsule_on_disk_early')
+ capsule_auth = u_boot_config.buildconfig.get(
+ 'config_efi_capsule_authenticate')
+ with u_boot_console.log.section('Test Case 4-b, after reboot'):
+ if not capsule_early:
+ exec_manual_update(u_boot_console, disk_img, capsule_files)
+
+ # deleted anyway
+ check_file_removed(u_boot_console, disk_img, capsule_files)
+
+ # make sure the dfu_alt_info exists because it is required for making ESRT.
output = u_boot_console.run_command_list([
- 'sf probe 0:0',
- 'sf read 4000000 150000 10',
- 'md.b 4000000 10'])
+ 'env set dfu_alt_info "sf 0:0=u-boot-bin raw 0x100000 0x50000'
+ 'u-boot-env raw 0x150000 0x200000"',
+ 'efidebug capsule esrt'])
+
if capsule_auth:
- assert 'u-boot-env:Old' in ''.join(output)
+ # capsule authentication failed
+ verify_content(u_boot_console, '100000', 'u-boot:Old')
+ verify_content(u_boot_console, '150000', 'u-boot-env:Old')
else:
- assert 'u-boot-env:New' in ''.join(output)
+ # ensure that SANDBOX_UBOOT_IMAGE_GUID is in the ESRT.
+ assert '09D7CF52-0720-4710-91D1-08469B7FE9C8' in ''.join(output)
+ assert 'ESRT: fw_version=5' in ''.join(output)
+ assert 'ESRT: lowest_supported_fw_version=3' in ''.join(output)
+
+ # ensure that SANDBOX_UBOOT_ENV_IMAGE_GUID is in the ESRT.
+ assert '5A7021F5-FEF2-48B4-AABA-832E777418C0' in ''.join(output)
+ assert 'ESRT: fw_version=10' in ''.join(output)
+ assert 'ESRT: lowest_supported_fw_version=7' in ''.join(output)
+
+ verify_content(u_boot_console, '100000', 'u-boot:New')
+ verify_content(u_boot_console, '150000', 'u-boot-env:New')
+
+ def test_efi_capsule_fw5(
+ self, u_boot_config, u_boot_console, efi_capsule_data):
+ """ Test Case 5
+ Update U-Boot on SPI Flash, raw image format with fw_version and lowest_supported_version
+ but fw_version is lower than lowest_supported_version
+ No update should happen
+ 0x100000-0x150000: U-Boot binary (but dummy)
+ """
+ disk_img = efi_capsule_data
+ capsule_files = ['Test103']
+ with u_boot_console.log.section('Test Case 5-a, before reboot'):
+ setup(u_boot_console, disk_img, '0x0000000000000004')
+ init_content(u_boot_console, '100000', 'u-boot.bin.old', 'Old')
+ place_capsule_file(u_boot_console, capsule_files)
+
+ # reboot
+ do_reboot_dtb_specified(u_boot_config, u_boot_console, 'test_ver.dtb')
+
+ capsule_early = u_boot_config.buildconfig.get(
+ 'config_efi_capsule_on_disk_early')
+ with u_boot_console.log.section('Test Case 5-b, after reboot'):
+ if not capsule_early:
+ exec_manual_update(u_boot_console, disk_img, capsule_files)
+
+ check_file_removed(u_boot_console, disk_img, capsule_files)
+
+ verify_content(u_boot_console, '100000', 'u-boot:Old')
diff --git a/test/py/tests/test_efi_capsule/test_capsule_firmware_signed_fit.py b/test/py/tests/test_efi_capsule/test_capsule_firmware_signed_fit.py
index ba8429e83c..94d6c3eef0 100644
--- a/test/py/tests/test_efi_capsule/test_capsule_firmware_signed_fit.py
+++ b/test/py/tests/test_efi_capsule/test_capsule_firmware_signed_fit.py
@@ -10,7 +10,15 @@ with signed capsule files containing FIT images
"""
import pytest
-from capsule_defs import CAPSULE_DATA_DIR, CAPSULE_INSTALL_DIR
+from capsule_common import (
+ setup,
+ init_content,
+ place_capsule_file,
+ exec_manual_update,
+ check_file_removed,
+ verify_content,
+ do_reboot_dtb_specified
+)
@pytest.mark.boardspec('sandbox_flattree')
@pytest.mark.buildconfigspec('efi_capsule_firmware_fit')
@@ -37,70 +45,23 @@ class TestEfiCapsuleFirmwareSignedFit():
should pass and the firmware be updated.
"""
disk_img = efi_capsule_data
+ capsule_files = ['Test13']
with u_boot_console.log.section('Test Case 1-a, before reboot'):
- output = u_boot_console.run_command_list([
- 'host bind 0 %s' % disk_img,
- 'printenv -e PlatformLangCodes', # workaround for terminal size determination
- 'efidebug boot add -b 1 TEST host 0:1 /helloworld.efi',
- 'efidebug boot order 1',
- 'env set -e -nv -bs -rt OsIndications =0x0000000000000004',
- 'env set dfu_alt_info '
- '"sf 0:0=u-boot-bin raw 0x100000 '
- '0x50000;u-boot-env raw 0x150000 0x200000"',
- 'env save'])
-
- # initialize content
- output = u_boot_console.run_command_list([
- 'sf probe 0:0',
- 'fatload host 0:1 4000000 %s/u-boot.bin.old'
- % CAPSULE_DATA_DIR,
- 'sf write 4000000 100000 10',
- 'sf read 5000000 100000 10',
- 'md.b 5000000 10'])
- assert 'Old' in ''.join(output)
-
- # place a capsule file
- output = u_boot_console.run_command_list([
- 'fatload host 0:1 4000000 %s/Test13' % CAPSULE_DATA_DIR,
- 'fatwrite host 0:1 4000000 %s/Test13 $filesize'
- % CAPSULE_INSTALL_DIR,
- 'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR])
- assert 'Test13' in ''.join(output)
-
- # reboot
- mnt_point = u_boot_config.persistent_data_dir + '/test_efi_capsule'
- u_boot_console.config.dtb = mnt_point + CAPSULE_DATA_DIR \
- + '/test_sig.dtb'
- u_boot_console.restart_uboot()
+ setup(u_boot_console, disk_img, '0x0000000000000004')
+ init_content(u_boot_console, '100000', 'u-boot.bin.old', 'Old')
+ place_capsule_file(u_boot_console, capsule_files)
+
+ do_reboot_dtb_specified(u_boot_config, u_boot_console, 'test_sig.dtb')
capsule_early = u_boot_config.buildconfig.get(
'config_efi_capsule_on_disk_early')
with u_boot_console.log.section('Test Case 1-b, after reboot'):
if not capsule_early:
- # make sure that dfu_alt_info exists even persistent variables
- # are not available.
- output = u_boot_console.run_command_list([
- 'env set dfu_alt_info '
- '"sf 0:0=u-boot-bin raw 0x100000 '
- '0x50000;u-boot-env raw 0x150000 0x200000"',
- 'host bind 0 %s' % disk_img,
- 'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR])
- assert 'Test13' in ''.join(output)
-
- # need to run uefi command to initiate capsule handling
- output = u_boot_console.run_command(
- 'env print -e Capsule0000', wait_for_reboot = True)
+ exec_manual_update(u_boot_console, disk_img, capsule_files)
- output = u_boot_console.run_command_list([
- 'host bind 0 %s' % disk_img,
- 'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR])
- assert 'Test13' not in ''.join(output)
+ check_file_removed(u_boot_console, disk_img, capsule_files)
- output = u_boot_console.run_command_list([
- 'sf probe 0:0',
- 'sf read 4000000 100000 10',
- 'md.b 4000000 10'])
- assert 'u-boot:New' in ''.join(output)
+ verify_content(u_boot_console, '100000', 'u-boot:New')
def test_efi_capsule_auth2(
self, u_boot_config, u_boot_console, efi_capsule_data):
@@ -113,73 +74,26 @@ class TestEfiCapsuleFirmwareSignedFit():
not be updated.
"""
disk_img = efi_capsule_data
+ capsule_files = ['Test14']
with u_boot_console.log.section('Test Case 2-a, before reboot'):
- output = u_boot_console.run_command_list([
- 'host bind 0 %s' % disk_img,
- 'printenv -e PlatformLangCodes', # workaround for terminal size determination
- 'efidebug boot add -b 1 TEST host 0:1 /helloworld.efi',
- 'efidebug boot order 1',
- 'env set -e -nv -bs -rt OsIndications =0x0000000000000004',
- 'env set dfu_alt_info '
- '"sf 0:0=u-boot-bin raw 0x100000 '
- '0x50000;u-boot-env raw 0x150000 0x200000"',
- 'env save'])
-
- # initialize content
- output = u_boot_console.run_command_list([
- 'sf probe 0:0',
- 'fatload host 0:1 4000000 %s/u-boot.bin.old'
- % CAPSULE_DATA_DIR,
- 'sf write 4000000 100000 10',
- 'sf read 5000000 100000 10',
- 'md.b 5000000 10'])
- assert 'Old' in ''.join(output)
-
- # place a capsule file
- output = u_boot_console.run_command_list([
- 'fatload host 0:1 4000000 %s/Test14' % CAPSULE_DATA_DIR,
- 'fatwrite host 0:1 4000000 %s/Test14 $filesize'
- % CAPSULE_INSTALL_DIR,
- 'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR])
- assert 'Test14' in ''.join(output)
-
- # reboot
- mnt_point = u_boot_config.persistent_data_dir + '/test_efi_capsule'
- u_boot_console.config.dtb = mnt_point + CAPSULE_DATA_DIR \
- + '/test_sig.dtb'
- u_boot_console.restart_uboot()
+ setup(u_boot_console, disk_img, '0x0000000000000004')
+ init_content(u_boot_console, '100000', 'u-boot.bin.old', 'Old')
+ place_capsule_file(u_boot_console, capsule_files)
+
+ do_reboot_dtb_specified(u_boot_config, u_boot_console, 'test_sig.dtb')
capsule_early = u_boot_config.buildconfig.get(
'config_efi_capsule_on_disk_early')
with u_boot_console.log.section('Test Case 2-b, after reboot'):
if not capsule_early:
- # make sure that dfu_alt_info exists even persistent variables
- # are not available.
- output = u_boot_console.run_command_list([
- 'env set dfu_alt_info '
- '"sf 0:0=u-boot-bin raw 0x100000 '
- '0x50000;u-boot-env raw 0x150000 0x200000"',
- 'host bind 0 %s' % disk_img,
- 'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR])
- assert 'Test14' in ''.join(output)
-
- # need to run uefi command to initiate capsule handling
- output = u_boot_console.run_command(
- 'env print -e Capsule0000', wait_for_reboot = True)
+ exec_manual_update(u_boot_console, disk_img, capsule_files)
# deleted any way
- output = u_boot_console.run_command_list([
- 'host bind 0 %s' % disk_img,
- 'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR])
- assert 'Test14' not in ''.join(output)
+ check_file_removed(u_boot_console, disk_img, capsule_files)
# TODO: check CapsuleStatus in CapsuleXXXX
- output = u_boot_console.run_command_list([
- 'sf probe 0:0',
- 'sf read 4000000 100000 10',
- 'md.b 4000000 10'])
- assert 'u-boot:Old' in ''.join(output)
+ verify_content(u_boot_console, '100000', 'u-boot:Old')
def test_efi_capsule_auth3(
self, u_boot_config, u_boot_console, efi_capsule_data):
@@ -191,70 +105,89 @@ class TestEfiCapsuleFirmwareSignedFit():
should fail and the firmware not be updated.
"""
disk_img = efi_capsule_data
+ capsule_files = ['Test02']
with u_boot_console.log.section('Test Case 3-a, before reboot'):
- output = u_boot_console.run_command_list([
- 'host bind 0 %s' % disk_img,
- 'printenv -e PlatformLangCodes', # workaround for terminal size determination
- 'efidebug boot add -b 1 TEST host 0:1 /helloworld.efi',
- 'efidebug boot order 1',
- 'env set -e -nv -bs -rt OsIndications =0x0000000000000004',
- 'env set dfu_alt_info '
- '"sf 0:0=u-boot-bin raw 0x100000 '
- '0x50000;u-boot-env raw 0x150000 0x200000"',
- 'env save'])
-
- # initialize content
- output = u_boot_console.run_command_list([
- 'sf probe 0:0',
- 'fatload host 0:1 4000000 %s/u-boot.bin.old'
- % CAPSULE_DATA_DIR,
- 'sf write 4000000 100000 10',
- 'sf read 5000000 100000 10',
- 'md.b 5000000 10'])
- assert 'Old' in ''.join(output)
-
- # place a capsule file
- output = u_boot_console.run_command_list([
- 'fatload host 0:1 4000000 %s/Test02' % CAPSULE_DATA_DIR,
- 'fatwrite host 0:1 4000000 %s/Test02 $filesize'
- % CAPSULE_INSTALL_DIR,
- 'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR])
- assert 'Test02' in ''.join(output)
-
- # reboot
- mnt_point = u_boot_config.persistent_data_dir + '/test_efi_capsule'
- u_boot_console.config.dtb = mnt_point + CAPSULE_DATA_DIR \
- + '/test_sig.dtb'
- u_boot_console.restart_uboot()
+ setup(u_boot_console, disk_img, '0x0000000000000004')
+ init_content(u_boot_console, '100000', 'u-boot.bin.old', 'Old')
+ place_capsule_file(u_boot_console, capsule_files)
+
+ do_reboot_dtb_specified(u_boot_config, u_boot_console, 'test_sig.dtb')
capsule_early = u_boot_config.buildconfig.get(
'config_efi_capsule_on_disk_early')
with u_boot_console.log.section('Test Case 3-b, after reboot'):
if not capsule_early:
- # make sure that dfu_alt_info exists even persistent variables
- # are not available.
- output = u_boot_console.run_command_list([
- 'env set dfu_alt_info '
- '"sf 0:0=u-boot-bin raw 0x100000 '
- '0x50000;u-boot-env raw 0x150000 0x200000"',
- 'host bind 0 %s' % disk_img,
- 'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR])
- assert 'Test02' in ''.join(output)
-
- # need to run uefi command to initiate capsule handling
- output = u_boot_console.run_command(
- 'env print -e Capsule0000', wait_for_reboot = True)
+ exec_manual_update(u_boot_console, disk_img, capsule_files)
# deleted any way
- output = u_boot_console.run_command_list([
- 'host bind 0 %s' % disk_img,
- 'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR])
- assert 'Test02' not in ''.join(output)
+ check_file_removed(u_boot_console, disk_img, capsule_files)
# TODO: check CapsuleStatus in CapsuleXXXX
+ verify_content(u_boot_console, '100000', 'u-boot:Old')
+
+ def test_efi_capsule_auth4(
+ self, u_boot_config, u_boot_console, efi_capsule_data):
+ """Test Case 4 - Update U-Boot on SPI Flash, raw image format with version information
+ 0x100000-0x150000: U-Boot binary (but dummy)
+
+ If the capsule is properly signed, the authentication
+ should pass and the firmware be updated.
+ """
+ disk_img = efi_capsule_data
+ capsule_files = ['Test114']
+ with u_boot_console.log.section('Test Case 4-a, before reboot'):
+ setup(u_boot_console, disk_img, '0x0000000000000004')
+ init_content(u_boot_console, '100000', 'u-boot.bin.old', 'Old')
+ place_capsule_file(u_boot_console, capsule_files)
+
+ do_reboot_dtb_specified(u_boot_config, u_boot_console, 'test_ver.dtb')
+
+ capsule_early = u_boot_config.buildconfig.get(
+ 'config_efi_capsule_on_disk_early')
+ with u_boot_console.log.section('Test Case 4-b, after reboot'):
+ if not capsule_early:
+ exec_manual_update(u_boot_console, disk_img, capsule_files)
+
+ check_file_removed(u_boot_console, disk_img, capsule_files)
+
output = u_boot_console.run_command_list([
- 'sf probe 0:0',
- 'sf read 4000000 100000 10',
- 'md.b 4000000 10'])
- assert 'u-boot:Old' in ''.join(output)
+ 'env set dfu_alt_info "sf 0:0=u-boot-bin raw 0x100000 0x50000;'
+ 'u-boot-env raw 0x150000 0x200000"',
+ 'efidebug capsule esrt'])
+
+ # ensure that SANDBOX_UBOOT_IMAGE_GUID is in the ESRT.
+ assert '3673B45D-6A7C-46F3-9E60-ADABB03F7937' in ''.join(output)
+ assert 'ESRT: fw_version=5' in ''.join(output)
+ assert 'ESRT: lowest_supported_fw_version=3' in ''.join(output)
+
+ verify_content(u_boot_console, '100000', 'u-boot:New')
+ verify_content(u_boot_console, '150000', 'u-boot-env:New')
+
+ def test_efi_capsule_auth5(
+ self, u_boot_config, u_boot_console, efi_capsule_data):
+ """Test Case 5 - Update U-Boot on SPI Flash, raw image format with version information
+ 0x100000-0x150000: U-Boot binary (but dummy)
+
+ If the capsule is signed but fw_version is lower than lowest
+ supported version, the authentication should fail and the firmware
+ not be updated.
+ """
+ disk_img = efi_capsule_data
+ capsule_files = ['Test115']
+ with u_boot_console.log.section('Test Case 5-a, before reboot'):
+ setup(u_boot_console, disk_img, '0x0000000000000004')
+ init_content(u_boot_console, '100000', 'u-boot.bin.old', 'Old')
+ place_capsule_file(u_boot_console, capsule_files)
+
+ do_reboot_dtb_specified(u_boot_config, u_boot_console, 'test_ver.dtb')
+
+ capsule_early = u_boot_config.buildconfig.get(
+ 'config_efi_capsule_on_disk_early')
+ with u_boot_console.log.section('Test Case 5-b, after reboot'):
+ if not capsule_early:
+ exec_manual_update(u_boot_console, disk_img, capsule_files)
+
+ check_file_removed(u_boot_console, disk_img, capsule_files)
+
+ verify_content(u_boot_console, '100000', 'u-boot:Old')
diff --git a/test/py/tests/test_efi_capsule/test_capsule_firmware_signed_raw.py b/test/py/tests/test_efi_capsule/test_capsule_firmware_signed_raw.py
index 710d9925a3..ad2b1c6324 100644
--- a/test/py/tests/test_efi_capsule/test_capsule_firmware_signed_raw.py
+++ b/test/py/tests/test_efi_capsule/test_capsule_firmware_signed_raw.py
@@ -8,7 +8,15 @@ with signed capsule files containing raw images
"""
import pytest
-from capsule_defs import CAPSULE_DATA_DIR, CAPSULE_INSTALL_DIR
+from capsule_common import (
+ setup,
+ init_content,
+ place_capsule_file,
+ exec_manual_update,
+ check_file_removed,
+ verify_content,
+ do_reboot_dtb_specified
+)
@pytest.mark.boardspec('sandbox')
@pytest.mark.buildconfigspec('efi_capsule_firmware_raw')
@@ -34,69 +42,23 @@ class TestEfiCapsuleFirmwareSignedRaw():
should pass and the firmware be updated.
"""
disk_img = efi_capsule_data
+ capsule_files = ['Test11']
with u_boot_console.log.section('Test Case 1-a, before reboot'):
- output = u_boot_console.run_command_list([
- 'host bind 0 %s' % disk_img,
- 'efidebug boot add -b 1 TEST host 0:1 /helloworld.efi',
- 'efidebug boot order 1',
- 'env set -e -nv -bs -rt OsIndications =0x0000000000000004',
- 'env set dfu_alt_info '
- '"sf 0:0=u-boot-bin raw 0x100000 '
- '0x50000;u-boot-env raw 0x150000 0x200000"',
- 'env save'])
-
- # initialize content
- output = u_boot_console.run_command_list([
- 'sf probe 0:0',
- 'fatload host 0:1 4000000 %s/u-boot.bin.old'
- % CAPSULE_DATA_DIR,
- 'sf write 4000000 100000 10',
- 'sf read 5000000 100000 10',
- 'md.b 5000000 10'])
- assert 'Old' in ''.join(output)
-
- # place a capsule file
- output = u_boot_console.run_command_list([
- 'fatload host 0:1 4000000 %s/Test11' % CAPSULE_DATA_DIR,
- 'fatwrite host 0:1 4000000 %s/Test11 $filesize'
- % CAPSULE_INSTALL_DIR,
- 'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR])
- assert 'Test11' in ''.join(output)
-
- # reboot
- mnt_point = u_boot_config.persistent_data_dir + '/test_efi_capsule'
- u_boot_console.config.dtb = mnt_point + CAPSULE_DATA_DIR \
- + '/test_sig.dtb'
- u_boot_console.restart_uboot()
+ setup(u_boot_console, disk_img, '0x0000000000000004')
+ init_content(u_boot_console, '100000', 'u-boot.bin.old', 'Old')
+ place_capsule_file(u_boot_console, capsule_files)
+
+ do_reboot_dtb_specified(u_boot_config, u_boot_console, 'test_sig.dtb')
capsule_early = u_boot_config.buildconfig.get(
'config_efi_capsule_on_disk_early')
with u_boot_console.log.section('Test Case 1-b, after reboot'):
if not capsule_early:
- # make sure that dfu_alt_info exists even persistent variables
- # are not available.
- output = u_boot_console.run_command_list([
- 'env set dfu_alt_info '
- '"sf 0:0=u-boot-bin raw 0x100000 '
- '0x50000;u-boot-env raw 0x150000 0x200000"',
- 'host bind 0 %s' % disk_img,
- 'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR])
- assert 'Test11' in ''.join(output)
-
- # need to run uefi command to initiate capsule handling
- output = u_boot_console.run_command(
- 'env print -e Capsule0000', wait_for_reboot = True)
+ exec_manual_update(u_boot_console, disk_img, capsule_files)
- output = u_boot_console.run_command_list([
- 'host bind 0 %s' % disk_img,
- 'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR])
- assert 'Test11' not in ''.join(output)
+ check_file_removed(u_boot_console, disk_img, capsule_files)
- output = u_boot_console.run_command_list([
- 'sf probe 0:0',
- 'sf read 4000000 100000 10',
- 'md.b 4000000 10'])
- assert 'u-boot:New' in ''.join(output)
+ verify_content(u_boot_console, '100000', 'u-boot:New')
def test_efi_capsule_auth2(
self, u_boot_config, u_boot_console, efi_capsule_data):
@@ -108,73 +70,25 @@ class TestEfiCapsuleFirmwareSignedRaw():
not be updated.
"""
disk_img = efi_capsule_data
+ capsule_files = ['Test12']
with u_boot_console.log.section('Test Case 2-a, before reboot'):
- output = u_boot_console.run_command_list([
- 'host bind 0 %s' % disk_img,
- 'printenv -e PlatformLangCodes', # workaround for terminal size determination
- 'efidebug boot add -b 1 TEST host 0:1 /helloworld.efi',
- 'efidebug boot order 1',
- 'env set -e -nv -bs -rt OsIndications =0x0000000000000004',
- 'env set dfu_alt_info '
- '"sf 0:0=u-boot-bin raw 0x100000 '
- '0x50000;u-boot-env raw 0x150000 0x200000"',
- 'env save'])
-
- # initialize content
- output = u_boot_console.run_command_list([
- 'sf probe 0:0',
- 'fatload host 0:1 4000000 %s/u-boot.bin.old'
- % CAPSULE_DATA_DIR,
- 'sf write 4000000 100000 10',
- 'sf read 5000000 100000 10',
- 'md.b 5000000 10'])
- assert 'Old' in ''.join(output)
-
- # place a capsule file
- output = u_boot_console.run_command_list([
- 'fatload host 0:1 4000000 %s/Test12' % CAPSULE_DATA_DIR,
- 'fatwrite host 0:1 4000000 %s/Test12 $filesize'
- % CAPSULE_INSTALL_DIR,
- 'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR])
- assert 'Test12' in ''.join(output)
-
- # reboot
- mnt_point = u_boot_config.persistent_data_dir + '/test_efi_capsule'
- u_boot_console.config.dtb = mnt_point + CAPSULE_DATA_DIR \
- + '/test_sig.dtb'
- u_boot_console.restart_uboot()
+ setup(u_boot_console, disk_img, '0x0000000000000004')
+ init_content(u_boot_console, '100000', 'u-boot.bin.old', 'Old')
+ place_capsule_file(u_boot_console, capsule_files)
+
+ do_reboot_dtb_specified(u_boot_config, u_boot_console, 'test_sig.dtb')
capsule_early = u_boot_config.buildconfig.get(
'config_efi_capsule_on_disk_early')
with u_boot_console.log.section('Test Case 2-b, after reboot'):
if not capsule_early:
- # make sure that dfu_alt_info exists even persistent variables
- # are not available.
- output = u_boot_console.run_command_list([
- 'env set dfu_alt_info '
- '"sf 0:0=u-boot-bin raw 0x100000 '
- '0x50000;u-boot-env raw 0x150000 0x200000"',
- 'host bind 0 %s' % disk_img,
- 'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR])
- assert 'Test12' in ''.join(output)
-
- # need to run uefi command to initiate capsule handling
- output = u_boot_console.run_command(
- 'env print -e Capsule0000', wait_for_reboot = True)
-
- # deleted any way
- output = u_boot_console.run_command_list([
- 'host bind 0 %s' % disk_img,
- 'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR])
- assert 'Test12' not in ''.join(output)
+ exec_manual_update(u_boot_console, disk_img, capsule_files)
+
+ check_file_removed(u_boot_console, disk_img, capsule_files)
# TODO: check CapsuleStatus in CapsuleXXXX
- output = u_boot_console.run_command_list([
- 'sf probe 0:0',
- 'sf read 4000000 100000 10',
- 'md.b 4000000 10'])
- assert 'u-boot:Old' in ''.join(output)
+ verify_content(u_boot_console, '100000', 'u-boot:Old')
def test_efi_capsule_auth3(
self, u_boot_config, u_boot_console, efi_capsule_data):
@@ -185,70 +99,94 @@ class TestEfiCapsuleFirmwareSignedRaw():
should fail and the firmware not be updated.
"""
disk_img = efi_capsule_data
+ capsule_files = ['Test02']
with u_boot_console.log.section('Test Case 3-a, before reboot'):
- output = u_boot_console.run_command_list([
- 'host bind 0 %s' % disk_img,
- 'printenv -e PlatformLangCodes', # workaround for terminal size determination
- 'efidebug boot add -b 1 TEST host 0:1 /helloworld.efi',
- 'efidebug boot order 1',
- 'env set -e -nv -bs -rt OsIndications =0x0000000000000004',
- 'env set dfu_alt_info '
- '"sf 0:0=u-boot-bin raw 0x100000 '
- '0x50000;u-boot-env raw 0x150000 0x200000"',
- 'env save'])
-
- # initialize content
- output = u_boot_console.run_command_list([
- 'sf probe 0:0',
- 'fatload host 0:1 4000000 %s/u-boot.bin.old'
- % CAPSULE_DATA_DIR,
- 'sf write 4000000 100000 10',
- 'sf read 5000000 100000 10',
- 'md.b 5000000 10'])
- assert 'Old' in ''.join(output)
-
- # place a capsule file
- output = u_boot_console.run_command_list([
- 'fatload host 0:1 4000000 %s/Test02' % CAPSULE_DATA_DIR,
- 'fatwrite host 0:1 4000000 %s/Test02 $filesize'
- % CAPSULE_INSTALL_DIR,
- 'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR])
- assert 'Test02' in ''.join(output)
-
- # reboot
- mnt_point = u_boot_config.persistent_data_dir + '/test_efi_capsule'
- u_boot_console.config.dtb = mnt_point + CAPSULE_DATA_DIR \
- + '/test_sig.dtb'
- u_boot_console.restart_uboot()
+ setup(u_boot_console, disk_img, '0x0000000000000004')
+ init_content(u_boot_console, '100000', 'u-boot.bin.old', 'Old')
+ place_capsule_file(u_boot_console, capsule_files)
+
+ do_reboot_dtb_specified(u_boot_config, u_boot_console, 'test_sig.dtb')
capsule_early = u_boot_config.buildconfig.get(
'config_efi_capsule_on_disk_early')
with u_boot_console.log.section('Test Case 3-b, after reboot'):
if not capsule_early:
- # make sure that dfu_alt_info exists even persistent variables
- # are not available.
- output = u_boot_console.run_command_list([
- 'env set dfu_alt_info '
- '"sf 0:0=u-boot-bin raw 0x100000 '
- '0x50000;u-boot-env raw 0x150000 0x200000"',
- 'host bind 0 %s' % disk_img,
- 'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR])
- assert 'Test02' in ''.join(output)
-
- # need to run uefi command to initiate capsule handling
- output = u_boot_console.run_command(
- 'env print -e Capsule0000', wait_for_reboot = True)
+ exec_manual_update(u_boot_console, disk_img, capsule_files)
# deleted anyway
- output = u_boot_console.run_command_list([
- 'host bind 0 %s' % disk_img,
- 'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR])
- assert 'Test02' not in ''.join(output)
+ check_file_removed(u_boot_console, disk_img, capsule_files)
# TODO: check CapsuleStatus in CapsuleXXXX
+ verify_content(u_boot_console, '100000', 'u-boot:Old')
+
+ def test_efi_capsule_auth4(
+ self, u_boot_config, u_boot_console, efi_capsule_data):
+ """Test Case 4 - Update U-Boot on SPI Flash, raw image format with version information
+ 0x100000-0x150000: U-Boot binary (but dummy)
+
+ If the capsule is properly signed, the authentication
+ should pass and the firmware be updated.
+ """
+ disk_img = efi_capsule_data
+ capsule_files = ['Test111', 'Test112']
+ with u_boot_console.log.section('Test Case 4-a, before reboot'):
+ setup(u_boot_console, disk_img, '0x0000000000000004')
+ init_content(u_boot_console, '100000', 'u-boot.bin.old', 'Old')
+ place_capsule_file(u_boot_console, capsule_files)
+
+ do_reboot_dtb_specified(u_boot_config, u_boot_console, 'test_ver.dtb')
+
+ capsule_early = u_boot_config.buildconfig.get(
+ 'config_efi_capsule_on_disk_early')
+ with u_boot_console.log.section('Test Case 4-b, after reboot'):
+ if not capsule_early:
+ exec_manual_update(u_boot_console, disk_img, capsule_files)
+
+ check_file_removed(u_boot_console, disk_img, capsule_files)
+
output = u_boot_console.run_command_list([
- 'sf probe 0:0',
- 'sf read 4000000 100000 10',
- 'md.b 4000000 10'])
- assert 'u-boot:Old' in ''.join(output)
+ 'env set dfu_alt_info "sf 0:0=u-boot-bin raw 0x100000 0x50000;'
+ 'u-boot-env raw 0x150000 0x200000"',
+ 'efidebug capsule esrt'])
+
+ # ensure that SANDBOX_UBOOT_IMAGE_GUID is in the ESRT.
+ assert '09D7CF52-0720-4710-91D1-08469B7FE9C8' in ''.join(output)
+ assert 'ESRT: fw_version=5' in ''.join(output)
+ assert 'ESRT: lowest_supported_fw_version=3' in ''.join(output)
+
+ # ensure that SANDBOX_UBOOT_ENV_IMAGE_GUID is in the ESRT.
+ assert '5A7021F5-FEF2-48B4-AABA-832E777418C0' in ''.join(output)
+ assert 'ESRT: fw_version=10' in ''.join(output)
+ assert 'ESRT: lowest_supported_fw_version=7' in ''.join(output)
+
+ verify_content(u_boot_console, '100000', 'u-boot:New')
+ verify_content(u_boot_console, '150000', 'u-boot-env:New')
+
+ def test_efi_capsule_auth5(
+ self, u_boot_config, u_boot_console, efi_capsule_data):
+ """Test Case 5 - Update U-Boot on SPI Flash, raw image format with version information
+ 0x100000-0x150000: U-Boot binary (but dummy)
+
+ If the capsule is signed but fw_version is lower than lowest
+ supported version, the authentication should fail and the firmware
+ not be updated.
+ """
+ disk_img = efi_capsule_data
+ capsule_files = ['Test113']
+ with u_boot_console.log.section('Test Case 5-a, before reboot'):
+ setup(u_boot_console, disk_img, '0x0000000000000004')
+ init_content(u_boot_console, '100000', 'u-boot.bin.old', 'Old')
+ place_capsule_file(u_boot_console, capsule_files)
+
+ do_reboot_dtb_specified(u_boot_config, u_boot_console, 'test_ver.dtb')
+
+ capsule_early = u_boot_config.buildconfig.get(
+ 'config_efi_capsule_on_disk_early')
+ with u_boot_console.log.section('Test Case 5-b, after reboot'):
+ if not capsule_early:
+ exec_manual_update(u_boot_console, disk_img, capsule_files)
+
+ check_file_removed(u_boot_console, disk_img, capsule_files)
+
+ verify_content(u_boot_console, '100000', 'u-boot:Old')
diff --git a/test/py/tests/test_efi_capsule/version.dts b/test/py/tests/test_efi_capsule/version.dts
new file mode 100644
index 0000000000..07850cc606
--- /dev/null
+++ b/test/py/tests/test_efi_capsule/version.dts
@@ -0,0 +1,24 @@
+// SPDX-License-Identifier: GPL-2.0+
+
+/dts-v1/;
+/plugin/;
+
+&{/} {
+ firmware-version {
+ image1 {
+ lowest-supported-version = <3>;
+ image-index = <1>;
+ image-type-id = "09D7CF52-0720-4710-91D1-08469B7FE9C8";
+ };
+ image2 {
+ lowest-supported-version = <7>;
+ image-index = <2>;
+ image-type-id = "5A7021F5-FEF2-48B4-AABA-832E777418C0";
+ };
+ image3 {
+ lowest-supported-version = <3>;
+ image-index = <1>;
+ image-type-id = "3673B45D-6A7C-46F3-9E60-ADABB03F7937";
+ };
+ };
+};
diff --git a/tools/eficapsule.h b/tools/eficapsule.h
index 072a4b5598..753fb73313 100644
--- a/tools/eficapsule.h
+++ b/tools/eficapsule.h
@@ -113,4 +113,34 @@ struct efi_firmware_image_authentication {
struct win_certificate_uefi_guid auth_info;
} __packed;
+/* fmp payload header */
+#define SIGNATURE_16(A, B) ((A) | ((B) << 8))
+#define SIGNATURE_32(A, B, C, D) \
+ (SIGNATURE_16(A, B) | (SIGNATURE_16(C, D) << 16))
+
+#define FMP_PAYLOAD_HDR_SIGNATURE SIGNATURE_32('M', 'S', 'S', '1')
+
+/**
+ * struct fmp_payload_header - EDK2 header for the FMP payload
+ *
+ * This structure describes the header which is preprended to the
+ * FMP payload by the edk2 capsule generation scripts.
+ *
+ * @signature: Header signature used to identify the header
+ * @header_size: Size of the structure
+ * @fw_version: Firmware versions used
+ * @lowest_supported_version: Lowest supported version (not used)
+ */
+struct fmp_payload_header {
+ uint32_t signature;
+ uint32_t header_size;
+ uint32_t fw_version;
+ uint32_t lowest_supported_version;
+};
+
+struct fmp_payload_header_params {
+ bool have_header;
+ uint32_t fw_version;
+};
+
#endif /* _EFI_CAPSULE_H */
diff --git a/tools/mkeficapsule.c b/tools/mkeficapsule.c
index b71537beee..52be1f122e 100644
--- a/tools/mkeficapsule.c
+++ b/tools/mkeficapsule.c
@@ -41,6 +41,7 @@ static struct option options[] = {
{"guid", required_argument, NULL, 'g'},
{"index", required_argument, NULL, 'i'},
{"instance", required_argument, NULL, 'I'},
+ {"fw-version", required_argument, NULL, 'v'},
{"private-key", required_argument, NULL, 'p'},
{"certificate", required_argument, NULL, 'c'},
{"monotonic-count", required_argument, NULL, 'm'},
@@ -60,6 +61,7 @@ static void print_usage(void)
"\t-g, --guid <guid string> guid for image blob type\n"
"\t-i, --index <index> update image index\n"
"\t-I, --instance <instance> update hardware instance\n"
+ "\t-v, --fw-version <version> firmware version\n"
"\t-p, --private-key <privkey file> private key file\n"
"\t-c, --certificate <cert file> signer's certificate file\n"
"\t-m, --monotonic-count <count> monotonic count\n"
@@ -402,6 +404,7 @@ static void free_sig_data(struct auth_context *ctx)
*/
static int create_fwbin(char *path, char *bin, efi_guid_t *guid,
unsigned long index, unsigned long instance,
+ struct fmp_payload_header_params *fmp_ph_params,
uint64_t mcount, char *privkey_file, char *cert_file,
uint16_t oemflags)
{
@@ -410,10 +413,11 @@ static int create_fwbin(char *path, char *bin, efi_guid_t *guid,
struct efi_firmware_management_capsule_image_header image;
struct auth_context auth_context;
FILE *f;
- uint8_t *data;
+ uint8_t *data, *new_data, *buf;
off_t bin_size;
uint64_t offset;
int ret;
+ struct fmp_payload_header payload_header;
#ifdef DEBUG
fprintf(stderr, "For output: %s\n", path);
@@ -423,6 +427,7 @@ static int create_fwbin(char *path, char *bin, efi_guid_t *guid,
auth_context.sig_size = 0;
f = NULL;
data = NULL;
+ new_data = NULL;
ret = -1;
/*
@@ -431,12 +436,30 @@ static int create_fwbin(char *path, char *bin, efi_guid_t *guid,
if (read_bin_file(bin, &data, &bin_size))
goto err;
+ buf = data;
+
+ /* insert fmp payload header right before the payload */
+ if (fmp_ph_params->have_header) {
+ new_data = malloc(bin_size + sizeof(payload_header));
+ if (!new_data)
+ goto err;
+
+ payload_header.signature = FMP_PAYLOAD_HDR_SIGNATURE;
+ payload_header.header_size = sizeof(payload_header);
+ payload_header.fw_version = fmp_ph_params->fw_version;
+ payload_header.lowest_supported_version = 0; /* not used */
+ memcpy(new_data, &payload_header, sizeof(payload_header));
+ memcpy(new_data + sizeof(payload_header), data, bin_size);
+ buf = new_data;
+ bin_size += sizeof(payload_header);
+ }
+
/* first, calculate signature to determine its size */
if (privkey_file && cert_file) {
auth_context.key_file = privkey_file;
auth_context.cert_file = cert_file;
auth_context.auth.monotonic_count = mcount;
- auth_context.image_data = data;
+ auth_context.image_data = buf;
auth_context.image_size = bin_size;
if (create_auth_data(&auth_context)) {
@@ -536,7 +559,7 @@ static int create_fwbin(char *path, char *bin, efi_guid_t *guid,
/*
* firmware binary
*/
- if (write_capsule_file(f, data, bin_size, "Firmware binary"))
+ if (write_capsule_file(f, buf, bin_size, "Firmware binary"))
goto err;
ret = 0;
@@ -545,6 +568,7 @@ err:
fclose(f);
free_sig_data(&auth_context);
free(data);
+ free(new_data);
return ret;
}
@@ -644,6 +668,7 @@ int main(int argc, char **argv)
unsigned long oemflags;
char *privkey_file, *cert_file;
int c, idx;
+ struct fmp_payload_header_params fmp_ph_params = { 0 };
guid = NULL;
index = 0;
@@ -679,6 +704,10 @@ int main(int argc, char **argv)
case 'I':
instance = strtoul(optarg, NULL, 0);
break;
+ case 'v':
+ fmp_ph_params.fw_version = strtoul(optarg, NULL, 0);
+ fmp_ph_params.have_header = true;
+ break;
case 'p':
if (privkey_file) {
fprintf(stderr,
@@ -751,7 +780,7 @@ int main(int argc, char **argv)
exit(EXIT_FAILURE);
}
} else if (create_fwbin(argv[argc - 1], argv[argc - 2], guid,
- index, instance, mcount, privkey_file,
+ index, instance, &fmp_ph_params, mcount, privkey_file,
cert_file, (uint16_t)oemflags) < 0) {
fprintf(stderr, "Creating firmware capsule failed\n");
exit(EXIT_FAILURE);
generated by cgit v1.2.3 (git 2.39.1) at 2025-05-22 15:15:21 +0000