@@ -38,8 +38,3 @@ local_conf_header:
# TS PSA API tests commands for crypto, its, ps and iat
CORE_IMAGE_EXTRA_INSTALL += "packagegroup-ts-tests-psa"
-
- capsule: |
- CAPSULE_EXTENSION = "uefi.capsule"
- CAPSULE_FW_VERSION = "6"
- CAPSULE_NAME = "${MACHINE}-v${CAPSULE_FW_VERSION}"
@@ -3,7 +3,7 @@ COMPATIBLE_MACHINE = "corstone1000"
FIRMWARE_BINARIES = "corstone1000-flash-firmware-image-${MACHINE}.wic \
bl1.bin \
es_flashfw.bin \
- ${CAPSULE_NAME}.${CAPSULE_EXTENSION} \
+ corstone1000-flash-firmware-image-${MACHINE}.wic.uefi.capsule \
corstone1000_capsule_cert.crt \
corstone1000_capsule_key.key \
"
@@ -12,12 +12,10 @@ IMAGE_FSTYPES = "wic uefi_capsule"
inherit image
inherit tfm_sign_image
inherit uefi_capsule
-inherit deploy
DEPENDS += "external-system \
trusted-firmware-a \
trusted-firmware-m \
- u-boot \
"
IMAGE_FEATURES = ""
@@ -25,21 +23,9 @@ IMAGE_LINGUAS = ""
PACKAGE_INSTALL = ""
-# The generated ${MACHINE}_image.nopt is used instead of the default wic image
-# for the capsule generation. The uefi.capsule image type doesn't have to
-# depend on the wic because of this.
-#
-# The corstone1000_capsule_cert.crt and corstone1000_capsule_key.key are installed
-# by the U-Boot recipe so this recipe has to depend on that.
-CAPSULE_IMGTYPE = ""
-CAPSULE_CERTIFICATE_PATH = "${DEPLOY_DIR_IMAGE}/corstone1000_capsule_cert.crt"
-CAPSULE_GUID:corstone1000-fvp ?= "989f3a4e-46e0-4cd0-9877-a25c70c01329"
-CAPSULE_GUID:corstone1000-mps3 ?= "df1865d1-90fb-4d59-9c38-c9f2c1bba8cc"
-CAPSULE_IMGLOCATION = "${DEPLOY_DIR_IMAGE}"
-CAPSULE_INDEX = "1"
-CAPSULE_MONOTONIC_COUNT = "1"
-CAPSULE_PRIVATE_KEY_PATH = "${DEPLOY_DIR_IMAGE}/corstone1000_capsule_key.key"
-UEFI_FIRMWARE_BINARY = "${B}/${MACHINE}_image.nopt"
+UEFI_FIRMWARE_BINARY = "${IMAGE_LINK_NAME}.${CAPSULE_IMGTYPE}"
+UEFI_CAPSULE_CONFIG = "${THISDIR}/files/${PN}-capsule-update-image.json"
+CAPSULE_IMGTYPE = "wic"
# TF-A settings for signing host images
TFA_BL2_BINARY = "bl2-corstone1000.bin"
@@ -87,9 +73,3 @@ create_nopt_image() {
}
create_nopt_image[depends] += "mc:firmware:linux-yocto:do_deploy"
do_image_uefi_capsule[prefuncs] += "create_nopt_image"
-
-do_deploy() {
- install -m 0755 ${B}/${MACHINE}_image.nopt ${DEPLOYDIR}
-}
-
-addtask deploy after do_image_uefi_capsule
new file mode 100644
@@ -0,0 +1,11 @@
+{
+ "Payloads": [
+ {
+ "FwVersion": "5",
+ "Guid": "e2bb9c06-70e9-4b14-97a3-5a7913176e3f",
+ "LowestSupportedVersion": "1",
+ "Payload": "$UEFI_FIRMWARE_BINARY",
+ "UpdateImageIndex": "0"
+ }
+ ]
+}
@@ -1,10 +1,13 @@
# This class generates UEFI capsules
# The current class supports generating a capsule with single firmware binary
+DEPENDS += "gettext-native"
+inherit python3native
+
IMAGE_TYPES += "uefi_capsule"
-# u-boot-tools should be installed in the native sysroot directory
-do_image_uefi_capsule[depends] += "u-boot-tools-native:do_populate_sysroot"
+# edk2 base tools should be installed in the native sysroot directory
+do_image_uefi_capsule[depends] += "edk2-basetools-native:do_populate_sysroot"
# By default the wic image is used to create a capsule
CAPSULE_IMGTYPE ?= "wic"
@@ -15,37 +18,37 @@ CAPSULE_IMGLOCATION ?= "${IMGDEPLOYDIR}"
# The generated capsule by default has uefi.capsule extension
CAPSULE_EXTENSION ?= "uefi.capsule"
-# The generated capsule's name by default is the same as UEFI_FIRMWARE_BINARY
-CAPSULE_NAME ?= "${UEFI_FIRMWARE_BINARY}"
-
# The following variables must be set to be able to generate a capsule update
-CAPSULE_CERTIFICATE_PATH ?= ""
-CAPSULE_FW_VERSION ?= ""
-CAPSULE_GUID ?= ""
-CAPSULE_INDEX ?= ""
-CAPSULE_MONOTONIC_COUNT ?= ""
-CAPSULE_PRIVATE_KEY_PATH ?= ""
UEFI_FIRMWARE_BINARY ?= ""
+UEFI_CAPSULE_CONFIG ?= ""
# Check if the required variables are set
python() {
- for var in ["CAPSULE_CERTIFICATE_PATH", "CAPSULE_FW_VERSION", \
- "CAPSULE_GUID", "CAPSULE_INDEX", \
- "CAPSULE_MONOTONIC_COUNT", "CAPSULE_PRIVATE_KEY_PATH", \
- "UEFI_FIRMWARE_BINARY"]:
+ for var in ["UEFI_FIRMWARE_BINARY", "UEFI_CAPSULE_CONFIG"]:
if not d.getVar(var):
raise bb.parse.SkipRecipe(f"{var} not set")
}
IMAGE_CMD:uefi_capsule(){
- mkeficapsule --certificate ${CAPSULE_CERTIFICATE_PATH} \
- --fw-version ${CAPSULE_FW_VERSION} \
- --guid ${CAPSULE_GUID} \
- --index ${CAPSULE_INDEX} \
- --monotonic-count ${CAPSULE_MONOTONIC_COUNT} \
- --private-key ${CAPSULE_PRIVATE_KEY_PATH} \
- ${UEFI_FIRMWARE_BINARY} \
- ${CAPSULE_IMGLOCATION}/${CAPSULE_NAME}.${CAPSULE_EXTENSION}
+
+ # Force the GenerateCapsule script to use python3
+ export PYTHON_COMMAND=${PYTHON}
+
+ # Copy the firmware and the capsule config json to current directory
+ if [ -e ${CAPSULE_IMGLOCATION}/${UEFI_FIRMWARE_BINARY} ]; then
+ cp ${CAPSULE_IMGLOCATION}/${UEFI_FIRMWARE_BINARY} . ;
+ fi
+
+ export UEFI_FIRMWARE_BINARY=${UEFI_FIRMWARE_BINARY}
+ envsubst < ${UEFI_CAPSULE_CONFIG} > ./${MACHINE}-capsule-update-image.json
+
+ ${STAGING_DIR_NATIVE}/usr/bin/edk2-BaseTools/BinWrappers/PosixLike/GenerateCapsule \
+ -e -o ${IMGDEPLOYDIR}/${UEFI_FIRMWARE_BINARY}.${CAPSULE_EXTENSION} -j \
+ ${MACHINE}-capsule-update-image.json
+
+ # Remove the firmware to avoid contamination of IMGDEPLOYDIR
+ rm ${UEFI_FIRMWARE_BINARY}
+
}
# The firmware binary should be created before generating the capsule