[2/3] arm/uefi_capsule: use U-Boot for capsule generation

Message ID	20240416161446.217376-3-bence.balogh@arm.com
State	New
Headers	show Return-Path: <bence.balogh@arm.com> ip: 217.140.110.172, mailfrom: bence.balogh@arm.com) From: bence.balogh@arm.com To: meta-arm@lists.yoctoproject.org Cc: Bence Balogh <bence.balogh@arm.com> Subject: [PATCH 2/3] arm/uefi_capsule: use U-Boot for capsule generation Date: Tue, 16 Apr 2024 18:14:45 +0200 Message-Id: <20240416161446.217376-3-bence.balogh@arm.com> In-Reply-To: <20240416161446.217376-1-bence.balogh@arm.com> References: <20240416161446.217376-1-bence.balogh@arm.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable
Series	Use U-Boot tools for capsule generation \| expand [0/3] Use U-Boot tools for capsule generation [1/3] arm-bsp/corstone1000-flash-firmware-image: add nopt generation [2/3] arm/uefi_capsule: use U-Boot for capsule generation [3/3] arm-bsp/documentation: corstone1000: update capsule generation steps

diff --git a/kas/corstone1000-image-configuration.yml b/kas/corstone1000-image-configuration.yml index 2b285223..01360484 100644 --- a/kas/corstone1000-image-configuration.yml +++ b/kas/corstone1000-image-configuration.yml @@ -38,3 +38,8 @@ local_conf_header: # TS PSA API tests commands for crypto, its, ps and iat CORE_IMAGE_EXTRA_INSTALL += "packagegroup-ts-tests-psa" + + capsule: | + CAPSULE_EXTENSION = "uefi.capsule" + CAPSULE_FW_VERSION = "6" + CAPSULE_NAME = "${MACHINE}-v${CAPSULE_FW_VERSION}" diff --git a/meta-arm-bsp/recipes-bsp/images/corstone1000-firmware-deploy-image.inc b/meta-arm-bsp/recipes-bsp/images/corstone1000-firmware-deploy-image.inc index 2d192745..f959573d 100644 --- a/meta-arm-bsp/recipes-bsp/images/corstone1000-firmware-deploy-image.inc +++ b/meta-arm-bsp/recipes-bsp/images/corstone1000-firmware-deploy-image.inc @@ -3,7 +3,7 @@ COMPATIBLE_MACHINE = "corstone1000" FIRMWARE_BINARIES = "corstone1000-flash-firmware-image-${MACHINE}.wic \ bl1.bin \ es_flashfw.bin \ - corstone1000-flash-firmware-image-${MACHINE}.wic.uefi.capsule \ + ${CAPSULE_NAME}.${CAPSULE_EXTENSION} \ corstone1000_capsule_cert.crt \ corstone1000_capsule_key.key \ " diff --git a/meta-arm-bsp/recipes-bsp/images/corstone1000-flash-firmware-image.bb b/meta-arm-bsp/recipes-bsp/images/corstone1000-flash-firmware-image.bb index 5238d1d3..0f5ae011 100644 --- a/meta-arm-bsp/recipes-bsp/images/corstone1000-flash-firmware-image.bb +++ b/meta-arm-bsp/recipes-bsp/images/corstone1000-flash-firmware-image.bb @@ -12,10 +12,12 @@ IMAGE_FSTYPES = "wic uefi_capsule" inherit image inherit tfm_sign_image inherit uefi_capsule +inherit deploy DEPENDS += "external-system \ trusted-firmware-a \ trusted-firmware-m \ + u-boot \ " IMAGE_FEATURES = "" @@ -23,9 +25,21 @@ IMAGE_LINGUAS = "" PACKAGE_INSTALL = "" -UEFI_FIRMWARE_BINARY = "${IMAGE_LINK_NAME}.${CAPSULE_IMGTYPE}" -UEFI_CAPSULE_CONFIG = "${THISDIR}/files/${PN}-capsule-update-image.json" -CAPSULE_IMGTYPE = "wic" +# The generated ${MACHINE}_image.nopt is used instead of the default wic image +# for the capsule generation. The uefi.capsule image type doesn't have to +# depend on the wic because of this. +# +# The corstone1000_capsule_cert.crt and corstone1000_capsule_key.key are installed +# by the U-Boot recipe so this recipe has to depend on that. +CAPSULE_IMGTYPE = "" +CAPSULE_CERTIFICATE_PATH = "${DEPLOY_DIR_IMAGE}/corstone1000_capsule_cert.crt" +CAPSULE_GUID:corstone1000-fvp ?= "989f3a4e-46e0-4cd0-9877-a25c70c01329" +CAPSULE_GUID:corstone1000-mps3 ?= "df1865d1-90fb-4d59-9c38-c9f2c1bba8cc" +CAPSULE_IMGLOCATION = "${DEPLOY_DIR_IMAGE}" +CAPSULE_INDEX = "1" +CAPSULE_MONOTONIC_COUNT = "1" +CAPSULE_PRIVATE_KEY_PATH = "${DEPLOY_DIR_IMAGE}/corstone1000_capsule_key.key" +UEFI_FIRMWARE_BINARY = "${B}/${MACHINE}_image.nopt" # TF-A settings for signing host images TFA_BL2_BINARY = "bl2-corstone1000.bin" @@ -73,3 +87,9 @@ create_nopt_image() { } create_nopt_image[depends] += "mc:firmware:linux-yocto:do_deploy" do_image_uefi_capsule[prefuncs] += "create_nopt_image" + +do_deploy() { + install -m 0755 ${B}/${MACHINE}_image.nopt ${DEPLOYDIR} +} + +addtask deploy after do_image_uefi_capsule diff --git a/meta-arm-bsp/recipes-bsp/images/files/corstone1000-flash-firmware-image-capsule-update-image.json b/meta-arm-bsp/recipes-bsp/images/files/corstone1000-flash-firmware-image-capsule-update-image.json deleted file mode 100644 index 0f011ff7..00000000 --- a/meta-arm-bsp/recipes-bsp/images/files/corstone1000-flash-firmware-image-capsule-update-image.json +++ /dev/null @@ -1,11 +0,0 @@ -{ - "Payloads": [ - { - "FwVersion": "5", - "Guid": "e2bb9c06-70e9-4b14-97a3-5a7913176e3f", - "LowestSupportedVersion": "1", - "Payload": "$UEFI_FIRMWARE_BINARY", - "UpdateImageIndex": "0" - } - ] -} diff --git a/meta-arm/classes/uefi_capsule.bbclass b/meta-arm/classes/uefi_capsule.bbclass index 690e7af4..a0709c0f 100644 --- a/meta-arm/classes/uefi_capsule.bbclass +++ b/meta-arm/classes/uefi_capsule.bbclass @@ -1,13 +1,10 @@ # This class generates UEFI capsules # The current class supports generating a capsule with single firmware binary -DEPENDS += "gettext-native" -inherit python3native - IMAGE_TYPES += "uefi_capsule" -# edk2 base tools should be installed in the native sysroot directory -do_image_uefi_capsule[depends] += "edk2-basetools-native:do_populate_sysroot" +# u-boot-tools should be installed in the native sysroot directory +do_image_uefi_capsule[depends] += "u-boot-tools-native:do_populate_sysroot" # By default the wic image is used to create a capsule CAPSULE_IMGTYPE ?= "wic" @@ -18,37 +15,37 @@ CAPSULE_IMGLOCATION ?= "${IMGDEPLOYDIR}" # The generated capsule by default has uefi.capsule extension CAPSULE_EXTENSION ?= "uefi.capsule" +# The generated capsule's name by default is the same as UEFI_FIRMWARE_BINARY +CAPSULE_NAME ?= "${UEFI_FIRMWARE_BINARY}" + # The following variables must be set to be able to generate a capsule update +CAPSULE_CERTIFICATE_PATH ?= "" +CAPSULE_FW_VERSION ?= "" +CAPSULE_GUID ?= "" +CAPSULE_INDEX ?= "" +CAPSULE_MONOTONIC_COUNT ?= "" +CAPSULE_PRIVATE_KEY_PATH ?= "" UEFI_FIRMWARE_BINARY ?= "" -UEFI_CAPSULE_CONFIG ?= "" # Check if the required variables are set python() { - for var in ["UEFI_FIRMWARE_BINARY", "UEFI_CAPSULE_CONFIG"]: + for var in ["CAPSULE_CERTIFICATE_PATH", "CAPSULE_FW_VERSION", \ + "CAPSULE_GUID", "CAPSULE_INDEX", \ + "CAPSULE_MONOTONIC_COUNT", "CAPSULE_PRIVATE_KEY_PATH", \ + "UEFI_FIRMWARE_BINARY"]: if not d.getVar(var): raise bb.parse.SkipRecipe(f"{var} not set") } IMAGE_CMD:uefi_capsule(){ - - # Force the GenerateCapsule script to use python3 - export PYTHON_COMMAND=${PYTHON} - - # Copy the firmware and the capsule config json to current directory - if [ -e ${CAPSULE_IMGLOCATION}/${UEFI_FIRMWARE_BINARY} ]; then - cp ${CAPSULE_IMGLOCATION}/${UEFI_FIRMWARE_BINARY} . ; - fi - - export UEFI_FIRMWARE_BINARY=${UEFI_FIRMWARE_BINARY} - envsubst < ${UEFI_CAPSULE_CONFIG} > ./${MACHINE}-capsule-update-image.json - - ${STAGING_DIR_NATIVE}/usr/bin/edk2-BaseTools/BinWrappers/PosixLike/GenerateCapsule \ - -e -o ${IMGDEPLOYDIR}/${UEFI_FIRMWARE_BINARY}.${CAPSULE_EXTENSION} -j \ - ${MACHINE}-capsule-update-image.json - - # Remove the firmware to avoid contamination of IMGDEPLOYDIR - rm ${UEFI_FIRMWARE_BINARY} - + mkeficapsule --certificate ${CAPSULE_CERTIFICATE_PATH} \ + --fw-version ${CAPSULE_FW_VERSION} \ + --guid ${CAPSULE_GUID} \ + --index ${CAPSULE_INDEX} \ + --monotonic-count ${CAPSULE_MONOTONIC_COUNT} \ + --private-key ${CAPSULE_PRIVATE_KEY_PATH} \ + ${UEFI_FIRMWARE_BINARY} \ + ${CAPSULE_IMGLOCATION}/${CAPSULE_NAME}.${CAPSULE_EXTENSION} } # The firmware binary should be created before generating the capsule

[2/3] arm/uefi_capsule: use U-Boot for capsule generation

Commit Message

Patch