Message ID | 20241008002221.261923-1-javier.tia@linaro.org |
---|---|
State | New |
Headers | show |
Series | [v0] arm/uefi-secureboot: Add uefi capsule update support | expand |
Hi, Reviving this patch in case it has been lost under the cracks. A copy at: https://lore.kernel.org/yocto-meta-arm/20241008002221.261923-1-javier.tia@linaro.org/T/#u Thanks, On 10/7/24 6:22 PM, Javier Tia wrote: > UEFI capsule update is a mechanism that allows firmware updates to be > delivered and applied in a standardized way. It is part of the UEFI > specification and provides a way to update system firmware components > like the BIOS, UEFI drivers, or other platform firmware. > > Signed-off-by: Javier Tia <javier.tia@linaro.org> > --- > ci/uefi-secureboot.yml | 4 ++-- > meta-arm/recipes-bsp/u-boot/u-boot-uefi-capsule-update.inc | 3 +++ > meta-arm/recipes-bsp/u-boot/u-boot-uefi-secureboot.inc | 1 + > meta-arm/recipes-bsp/u-boot/u-boot/uefi-capsule-update.cfg | 5 +++++ > 4 files changed, 11 insertions(+), 2 deletions(-) > create mode 100644 meta-arm/recipes-bsp/u-boot/u-boot-uefi-capsule-update.inc > create mode 100644 meta-arm/recipes-bsp/u-boot/u-boot/uefi-capsule-update.cfg > > diff --git a/ci/uefi-secureboot.yml b/ci/uefi-secureboot.yml > index 4e9572cc..e8aa6004 100644 > --- a/ci/uefi-secureboot.yml > +++ b/ci/uefi-secureboot.yml > @@ -23,7 +23,7 @@ local_conf_header: > WKS_FILE = "efi-disk.wks.in" > KERNEL_IMAGETYPE = "Image" > > - MACHINE_FEATURES:append = " efi uefi-secureboot uefi-http-boot" > + MACHINE_FEATURES:append = " efi uefi-secureboot uefi-http-boot uefi-capsule-updates" > > EFI_PROVIDER = "systemd-boot" > > @@ -34,4 +34,4 @@ local_conf_header: > > IMAGE_INSTALL:append = " systemd systemd-boot util-linux coreutils" > > - TEST_SUITES:append = " uefi_secureboot" > \ No newline at end of file > + TEST_SUITES:append = " uefi_secureboot" > diff --git a/meta-arm/recipes-bsp/u-boot/u-boot-uefi-capsule-update.inc b/meta-arm/recipes-bsp/u-boot/u-boot-uefi-capsule-update.inc > new file mode 100644 > index 00000000..6b6913ad > --- /dev/null > +++ b/meta-arm/recipes-bsp/u-boot/u-boot-uefi-capsule-update.inc > @@ -0,0 +1,3 @@ > +FILESEXTRAPATHS:prepend := "${THISDIR}/${PN}:" > + > +SRC_URI += "file://uefi-capsule-update.cfg" > diff --git a/meta-arm/recipes-bsp/u-boot/u-boot-uefi-secureboot.inc b/meta-arm/recipes-bsp/u-boot/u-boot-uefi-secureboot.inc > index 48c2de86..cb2fed15 100644 > --- a/meta-arm/recipes-bsp/u-boot/u-boot-uefi-secureboot.inc > +++ b/meta-arm/recipes-bsp/u-boot/u-boot-uefi-secureboot.inc > @@ -5,6 +5,7 @@ SRC_URI += "file://uefi-secureboot.cfg" > inherit sbsign > > require ${@bb.utils.contains('MACHINE_FEATURES', 'uefi-http-boot', 'u-boot-uefi-http-boot.inc', '', d)} > +require ${@bb.utils.contains('MACHINE_FEATURES', 'uefi-capsule-update', 'u-boot-capsule-update.inc', '', d)} > > DEPENDS += 'python3-pyopenssl-native' > > diff --git a/meta-arm/recipes-bsp/u-boot/u-boot/uefi-capsule-update.cfg b/meta-arm/recipes-bsp/u-boot/u-boot/uefi-capsule-update.cfg > new file mode 100644 > index 00000000..8cc4a453 > --- /dev/null > +++ b/meta-arm/recipes-bsp/u-boot/u-boot/uefi-capsule-update.cfg > @@ -0,0 +1,5 @@ > +CONFIG_EFI_RUNTIME_UPDATE_CAPSULE=y > +CONFIG_EFI_CAPSULE_ON_DISK=y > +CONFIG_EFI_IGNORE_OSINDICATIONS=y > +CONFIG_EFI_CAPSULE_ON_DISK_EARLY=y > +CONFIG_EFI_CAPSULE_FIRMWARE_RAW=y > \ No newline at end of file Resending the email in case it Thanks, ยป Javier Tia
diff --git a/ci/uefi-secureboot.yml b/ci/uefi-secureboot.yml index 4e9572cc..e8aa6004 100644 --- a/ci/uefi-secureboot.yml +++ b/ci/uefi-secureboot.yml @@ -23,7 +23,7 @@ local_conf_header: WKS_FILE = "efi-disk.wks.in" KERNEL_IMAGETYPE = "Image" - MACHINE_FEATURES:append = " efi uefi-secureboot uefi-http-boot" + MACHINE_FEATURES:append = " efi uefi-secureboot uefi-http-boot uefi-capsule-updates" EFI_PROVIDER = "systemd-boot" @@ -34,4 +34,4 @@ local_conf_header: IMAGE_INSTALL:append = " systemd systemd-boot util-linux coreutils" - TEST_SUITES:append = " uefi_secureboot" \ No newline at end of file + TEST_SUITES:append = " uefi_secureboot" diff --git a/meta-arm/recipes-bsp/u-boot/u-boot-uefi-capsule-update.inc b/meta-arm/recipes-bsp/u-boot/u-boot-uefi-capsule-update.inc new file mode 100644 index 00000000..6b6913ad --- /dev/null +++ b/meta-arm/recipes-bsp/u-boot/u-boot-uefi-capsule-update.inc @@ -0,0 +1,3 @@ +FILESEXTRAPATHS:prepend := "${THISDIR}/${PN}:" + +SRC_URI += "file://uefi-capsule-update.cfg" diff --git a/meta-arm/recipes-bsp/u-boot/u-boot-uefi-secureboot.inc b/meta-arm/recipes-bsp/u-boot/u-boot-uefi-secureboot.inc index 48c2de86..cb2fed15 100644 --- a/meta-arm/recipes-bsp/u-boot/u-boot-uefi-secureboot.inc +++ b/meta-arm/recipes-bsp/u-boot/u-boot-uefi-secureboot.inc @@ -5,6 +5,7 @@ SRC_URI += "file://uefi-secureboot.cfg" inherit sbsign require ${@bb.utils.contains('MACHINE_FEATURES', 'uefi-http-boot', 'u-boot-uefi-http-boot.inc', '', d)} +require ${@bb.utils.contains('MACHINE_FEATURES', 'uefi-capsule-update', 'u-boot-capsule-update.inc', '', d)} DEPENDS += 'python3-pyopenssl-native' diff --git a/meta-arm/recipes-bsp/u-boot/u-boot/uefi-capsule-update.cfg b/meta-arm/recipes-bsp/u-boot/u-boot/uefi-capsule-update.cfg new file mode 100644 index 00000000..8cc4a453 --- /dev/null +++ b/meta-arm/recipes-bsp/u-boot/u-boot/uefi-capsule-update.cfg @@ -0,0 +1,5 @@ +CONFIG_EFI_RUNTIME_UPDATE_CAPSULE=y +CONFIG_EFI_CAPSULE_ON_DISK=y +CONFIG_EFI_IGNORE_OSINDICATIONS=y +CONFIG_EFI_CAPSULE_ON_DISK_EARLY=y +CONFIG_EFI_CAPSULE_FIRMWARE_RAW=y \ No newline at end of file
UEFI capsule update is a mechanism that allows firmware updates to be delivered and applied in a standardized way. It is part of the UEFI specification and provides a way to update system firmware components like the BIOS, UEFI drivers, or other platform firmware. Signed-off-by: Javier Tia <javier.tia@linaro.org> --- ci/uefi-secureboot.yml | 4 ++-- meta-arm/recipes-bsp/u-boot/u-boot-uefi-capsule-update.inc | 3 +++ meta-arm/recipes-bsp/u-boot/u-boot-uefi-secureboot.inc | 1 + meta-arm/recipes-bsp/u-boot/u-boot/uefi-capsule-update.cfg | 5 +++++ 4 files changed, 11 insertions(+), 2 deletions(-) create mode 100644 meta-arm/recipes-bsp/u-boot/u-boot-uefi-capsule-update.inc create mode 100644 meta-arm/recipes-bsp/u-boot/u-boot/uefi-capsule-update.cfg