| Message ID | 20220331132750.1532722-9-sughosh.ganu@linaro.org |
|---|---|
| State | New |
| Headers | show |
| Series | efi: capsule: Capsule Update fixes and enhancements | expand |
On Thu, Mar 31, 2022 at 06:57:50PM +0530, Sughosh Ganu wrote: > Update the capsule update functionality related documentation to > refect the additional definitions that need to be made per platform > for supporting the capsule update feature. > > Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> > --- > > Changes since V3: > * Rephrase the commit message to indicate that the doc changes are not > just limited to adding the GUID values, but other info as well. > * Elaborate with an example on the relation between the dfu alt number > and the image index > > doc/develop/uefi/uefi.rst | 24 ++++++++++++++++++++++-- > 1 file changed, 22 insertions(+), 2 deletions(-) > > diff --git a/doc/develop/uefi/uefi.rst b/doc/develop/uefi/uefi.rst > index fe337c88bd..d886635cc3 100644 > --- a/doc/develop/uefi/uefi.rst > +++ b/doc/develop/uefi/uefi.rst > @@ -312,8 +312,8 @@ Run the following command > .. code-block:: console > > $ mkeficapsule \ > - --index 1 --instance 0 \ > - [--fit <FIT image> | --raw <raw image>] \ > + --index <index> --instance 0 \ > + --guid <image GUID> \ > <capsule_file_name> > > Performing the update > @@ -333,6 +333,26 @@ won't be taken over across the reboot. If this is the case, you can skip > this feature check with the Kconfig option (CONFIG_EFI_IGNORE_OSINDICATIONS) > set. > > +A few things need to be defined in the board file for performing the > +capsule upadte. The first is defining the function set_dfu_alt_info in s/upadte/update/ > +the board file. This function sets the environment variable > +dfu_alt_info. Instead of taking the variable from the environment, the > +capsule update feature requires that the variable be set through the I think we should also mention that allowing a user to change the location of the firmware updates in flash is not a good security practice. Having that baked in the firmware (as long as a prior stage boot loader verifies it) is a better approach. Thanks /Ilias > +board function, since that is more robust. Secondly, define GUID > +values and image index of the images that are to be updated through > +the capsule update feature in the board file. Both the values are to > +be defined as part of the fw_images array. These GUID values would be > +used by the Firmware Management Protocol(FMP) to populate the image > +descriptor array and also displayed as part of the ESRT table. The > +image index values defined in the array should be one greater than the > +dfu alt number that corresponds to the firmware image. So, if the dfu > +alt number for an image is 2, the value of image index in the > +fw_images array for that image should be 3. The dfu alt number can be > +obtained by running the following command:: > + > + dfu list > + > + > Finally, the capsule update can be initiated by rebooting the board. > > Enabling Capsule Authentication > -- > 2.25.1 >
diff --git a/doc/develop/uefi/uefi.rst b/doc/develop/uefi/uefi.rst index fe337c88bd..d886635cc3 100644 --- a/doc/develop/uefi/uefi.rst +++ b/doc/develop/uefi/uefi.rst @@ -312,8 +312,8 @@ Run the following command .. code-block:: console $ mkeficapsule \ - --index 1 --instance 0 \ - [--fit <FIT image> | --raw <raw image>] \ + --index <index> --instance 0 \ + --guid <image GUID> \ <capsule_file_name> Performing the update @@ -333,6 +333,26 @@ won't be taken over across the reboot. If this is the case, you can skip this feature check with the Kconfig option (CONFIG_EFI_IGNORE_OSINDICATIONS) set. +A few things need to be defined in the board file for performing the +capsule upadte. The first is defining the function set_dfu_alt_info in +the board file. This function sets the environment variable +dfu_alt_info. Instead of taking the variable from the environment, the +capsule update feature requires that the variable be set through the +board function, since that is more robust. Secondly, define GUID +values and image index of the images that are to be updated through +the capsule update feature in the board file. Both the values are to +be defined as part of the fw_images array. These GUID values would be +used by the Firmware Management Protocol(FMP) to populate the image +descriptor array and also displayed as part of the ESRT table. The +image index values defined in the array should be one greater than the +dfu alt number that corresponds to the firmware image. So, if the dfu +alt number for an image is 2, the value of image index in the +fw_images array for that image should be 3. The dfu alt number can be +obtained by running the following command:: + + dfu list + + Finally, the capsule update can be initiated by rebooting the board. Enabling Capsule Authentication
Update the capsule update functionality related documentation to refect the additional definitions that need to be made per platform for supporting the capsule update feature. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> --- Changes since V3: * Rephrase the commit message to indicate that the doc changes are not just limited to adding the GUID values, but other info as well. * Elaborate with an example on the relation between the dfu alt number and the image index doc/develop/uefi/uefi.rst | 24 ++++++++++++++++++++++-- 1 file changed, 22 insertions(+), 2 deletions(-)