Message ID | 20211116043238.67226-5-takahiro.akashi@linaro.org |
---|---|
State | Superseded |
Headers | show |
Series | efi_loader: capsule: improve capsule authentication support | expand |
On Tue, 16 Nov 2021 at 06:33, AKASHI Takahiro <takahiro.akashi@linaro.org> wrote: > > Add a man page for mkeficapsule command. > > Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> > Reviewed-by: Simon Glass <sjg@chromium.org> > --- > MAINTAINERS | 1 + > doc/mkeficapsule.1 | 95 ++++++++++++++++++++++++++++++++++++++++++++++ > 2 files changed, 96 insertions(+) > create mode 100644 doc/mkeficapsule.1 > > diff --git a/MAINTAINERS b/MAINTAINERS > index 6db5354322fe..813674eb2898 100644 > --- a/MAINTAINERS > +++ b/MAINTAINERS > @@ -722,6 +722,7 @@ S: Maintained > T: git https://source.denx.de/u-boot/custodians/u-boot-efi.git > F: doc/api/efi.rst > F: doc/develop/uefi/* > +F: doc/mkeficapsule.1 > F: doc/usage/bootefi.rst > F: drivers/rtc/emul_rtc.c > F: include/capitalization.h > diff --git a/doc/mkeficapsule.1 b/doc/mkeficapsule.1 > new file mode 100644 > index 000000000000..837e09ab451e > --- /dev/null > +++ b/doc/mkeficapsule.1 > @@ -0,0 +1,95 @@ > +.TH MAEFICAPSULE 1 "May 2021" > + > +.SH NAME > +mkeficapsule \- Generate EFI capsule file for U-Boot > + > +.SH SYNOPSIS > +.B mkeficapsule > +.RB [\fIoptions\fP] " \fIcapsule-file\fP" > + > +.SH "DESCRIPTION" > +The > +\fBmkeficapsule\fP > +command is used to create an EFI capsule file for use with the U-Boot > +EFI capsule update. > +A capsule file may contain various type of firmware blobs which > +are to be applied to the system and must be placed in the specific > +directory on the UEFI system partition. An update will be automatically > +executed at next reboot. > + > +Optionally, a capsule file can be signed with a given private key. > +In this case, the update will be authenticated by verifying the signature > +before applying. > + > +\fBmkeficapsule\fP supports two different format of image files: > +.TP > +.I raw image > +format is a single binary blob of any type of firmware. > + > +.TP > +.I FIT (Flattened Image Tree) image > +format > +is the same as used in the new \fIuImage\fP format and allows for > +multiple binary blobs in a single capsule file. > +This type of image file can be generated by \fBmkimage\fP. > + > +.SH "OPTIONS" > +One of \fB--fit\fP or \fB--raw\fP option must be specified. > + > +.TP > +.BI "-f, --fit \fIfit-image-file\fP" > +Specify a FIT image file > + > +.TP > +.BI "-r, --raw \fIraw-image-file\fP" > +Specify a raw image file > + > +.TP > +.BI "-i, --index \fIindex\fP" > +Specify an image index > + > +.TP > +.BI "-I, --instance \fIinstance\fP" > +Specify a hardware instance > + > +.TP > +.BI "-h, --help" > +Print a help message > + > +.TP 0 > +.B With signing: > + > +\fB--private-key\fP, \fB--certificate\fP and \fB--monotonic-count\fP are > +all mandatory. > + > +.TP > +.BI "-p, --private-key \fIprivate-key-file\fP" > +Specify signer's private key file in PEM > + > +.TP > +.BI "-c, --certificate \fIcertificate-file\fP" > +Specify signer's certificate file in EFI certificate list format > + > +.TP > +.BI "-m, --monotonic-count \fIcount\fP" > +Specify a monotonic count which is set to be monotonically incremented > +at every firmware update. > + > +.TP > +.BI "-d, --dump_sig" > +Dump signature data into *.p7 file > + > +.PP > +.SH FILES > +.TP > +.BI "\fI/EFI/UpdateCapsule\fP" > +The directory in which all capsule files be placed > + > +.SH SEE ALSO > +.B mkimage > + > +.SH AUTHORS > +Written by AKASHI Takahiro <takahiro.akashi@linaro.org> > + > +.SH HOMEPAGE > +http://www.denx.de/wiki/U-Boot/WebHome > -- > 2.33.0 > Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
diff --git a/MAINTAINERS b/MAINTAINERS index 6db5354322fe..813674eb2898 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -722,6 +722,7 @@ S: Maintained T: git https://source.denx.de/u-boot/custodians/u-boot-efi.git F: doc/api/efi.rst F: doc/develop/uefi/* +F: doc/mkeficapsule.1 F: doc/usage/bootefi.rst F: drivers/rtc/emul_rtc.c F: include/capitalization.h diff --git a/doc/mkeficapsule.1 b/doc/mkeficapsule.1 new file mode 100644 index 000000000000..837e09ab451e --- /dev/null +++ b/doc/mkeficapsule.1 @@ -0,0 +1,95 @@ +.TH MAEFICAPSULE 1 "May 2021" + +.SH NAME +mkeficapsule \- Generate EFI capsule file for U-Boot + +.SH SYNOPSIS +.B mkeficapsule +.RB [\fIoptions\fP] " \fIcapsule-file\fP" + +.SH "DESCRIPTION" +The +\fBmkeficapsule\fP +command is used to create an EFI capsule file for use with the U-Boot +EFI capsule update. +A capsule file may contain various type of firmware blobs which +are to be applied to the system and must be placed in the specific +directory on the UEFI system partition. An update will be automatically +executed at next reboot. + +Optionally, a capsule file can be signed with a given private key. +In this case, the update will be authenticated by verifying the signature +before applying. + +\fBmkeficapsule\fP supports two different format of image files: +.TP +.I raw image +format is a single binary blob of any type of firmware. + +.TP +.I FIT (Flattened Image Tree) image +format +is the same as used in the new \fIuImage\fP format and allows for +multiple binary blobs in a single capsule file. +This type of image file can be generated by \fBmkimage\fP. + +.SH "OPTIONS" +One of \fB--fit\fP or \fB--raw\fP option must be specified. + +.TP +.BI "-f, --fit \fIfit-image-file\fP" +Specify a FIT image file + +.TP +.BI "-r, --raw \fIraw-image-file\fP" +Specify a raw image file + +.TP +.BI "-i, --index \fIindex\fP" +Specify an image index + +.TP +.BI "-I, --instance \fIinstance\fP" +Specify a hardware instance + +.TP +.BI "-h, --help" +Print a help message + +.TP 0 +.B With signing: + +\fB--private-key\fP, \fB--certificate\fP and \fB--monotonic-count\fP are +all mandatory. + +.TP +.BI "-p, --private-key \fIprivate-key-file\fP" +Specify signer's private key file in PEM + +.TP +.BI "-c, --certificate \fIcertificate-file\fP" +Specify signer's certificate file in EFI certificate list format + +.TP +.BI "-m, --monotonic-count \fIcount\fP" +Specify a monotonic count which is set to be monotonically incremented +at every firmware update. + +.TP +.BI "-d, --dump_sig" +Dump signature data into *.p7 file + +.PP +.SH FILES +.TP +.BI "\fI/EFI/UpdateCapsule\fP" +The directory in which all capsule files be placed + +.SH SEE ALSO +.B mkimage + +.SH AUTHORS +Written by AKASHI Takahiro <takahiro.akashi@linaro.org> + +.SH HOMEPAGE +http://www.denx.de/wiki/U-Boot/WebHome