meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0006-Platform-Corstone1000-Enable-Signed-Capsule.patch - openbmc/openbmc - Gitiles

 From fa0988fd876400dc1bb451fffc4b167265b40d25 Mon Sep 17 00:00:00 2001
 From: Emekcan Aras <emekcan.aras@arm.com>
 Date: Thu, 14 Sep 2023 12:14:28 +0100
 Subject: [PATCH] Platform: Corstone1000: Enable Signed Capsule

 Enables signed capsule update and adjusts the necessary structs (fmp_payload_header
 , image_auth, etc.) to comply with the new capsule generation tool (mkeficapsule).

 Signed-off-by: Emekcan Aras <emekcan.aras@arm.com>
 Upstream-Status: Pending [Not submitted to upstream yet]
 ---
  .../fw_update_agent/uefi_capsule_parser.c     | 25 +++++++++++--------
  .../fw_update_agent/uefi_capsule_parser.h     |  2 ++
  2 files changed, 17 insertions(+), 10 deletions(-)

 diff --git a/platform/ext/target/arm/corstone1000/fw_update_agent/uefi_capsule_parser.c b/platform/ext/target/arm/corstone1000/fw_update_agent/uefi_capsule_parser.c
 index b72ff1eb91..c706c040ac 100644
 --- a/platform/ext/target/arm/corstone1000/fw_update_agent/uefi_capsule_parser.c
 +++ b/platform/ext/target/arm/corstone1000/fw_update_agent/uefi_capsule_parser.c
 @@ -102,11 +102,9 @@ enum uefi_capsule_error_t uefi_capsule_retrieve_images(void* capsule_ptr,
      }

      capsule_header = (efi_capsule_header_t*)ptr;
 -    ptr += sizeof(efi_capsule_header_t) + sizeof(uint32_t);
 +    ptr += sizeof(efi_capsule_header_t);
      fmp_capsule_header = (efi_firmware_management_capsule_header_t*)ptr;

 -    fmp_payload_header = fmp_capsule_header + sizeof(*fmp_capsule_header);
 -
      total_size = capsule_header->capsule_image_size;
      image_count = fmp_capsule_header->payload_item_count;
      images_info->nr_image = image_count;
 @@ -119,22 +117,20 @@ enum uefi_capsule_error_t uefi_capsule_retrieve_images(void* capsule_ptr,
      }

      for (int i = 0; i < image_count; i++) {
 -
          image_header = (efi_firmware_management_capsule_image_header_t*)(ptr +
                                  fmp_capsule_header->item_offset_list[i]);

          images_info->size[i] = image_header->update_image_size;
 -        images_info->version[i] = fmp_payload_header->fw_version;
 -        FWU_LOG_MSG("%s: image %i version = %u\n\r", __func__, i,
 -                                images_info->version[i]);
 +
  #ifdef AUTHENTICATED_CAPSULE
          image_auth = (efi_firmware_image_authentication_t*)(
                          (char*)image_header +
                          sizeof (efi_firmware_management_capsule_image_header_t)
                       );
          auth_size = sizeof(uint64_t) /* monotonic_count */  +
 -                    image_auth->auth_info.hdr.dwLength /* WIN_CERTIFICATE + cert_data */ +
 -                    sizeof(struct efi_guid) /* cert_type */;
 +                    image_auth->auth_info.hdr.dwLength/* WIN_CERTIFICATE + cert_data + cert_type */;
 +
 +        fmp_payload_header = (fmp_payload_header_t*)((char*)image_auth + auth_size);

          FWU_LOG_MSG("%s: auth size = %u\n\r", __func__, auth_size);

 @@ -143,16 +139,25 @@ enum uefi_capsule_error_t uefi_capsule_retrieve_images(void* capsule_ptr,
          images_info->image[i] = (
                  (char*)image_header +
                  sizeof(efi_firmware_management_capsule_image_header_t) +
 -                auth_size);
 +                auth_size +
 +                sizeof(*fmp_payload_header));
  #else
          images_info->image[i] = (
                  (char*)image_header +
                  sizeof(efi_firmware_management_capsule_image_header_t) +
                  sizeof(*fmp_payload_header));
 +
 +        fmp_payload_header = (fmp_payload_header_t*)((char*)image_header +
 +                sizeof(efi_firmware_management_capsule_image_header_t));
 +
  #endif
          memcpy(&images_info->guid[i], &(image_header->update_image_type_id),
                                                          sizeof(struct efi_guid));

 +        images_info->version[i] = fmp_payload_header->fw_version;
 +        FWU_LOG_MSG("%s: image %i version = %d\n\r", __func__, i,
 +                                images_info->version[i]);
 +
          FWU_LOG_MSG("%s: image %d at %p, size=%u\n\r", __func__, i,
                          images_info->image[i], images_info->size[i]);

 diff --git a/platform/ext/target/arm/corstone1000/fw_update_agent/uefi_capsule_parser.h b/platform/ext/target/arm/corstone1000/fw_update_agent/uefi_capsule_parser.h
 index a890a709e9..a31cd8a3a0 100644
 --- a/platform/ext/target/arm/corstone1000/fw_update_agent/uefi_capsule_parser.h
 +++ b/platform/ext/target/arm/corstone1000/fw_update_agent/uefi_capsule_parser.h
 @@ -12,6 +12,8 @@
  #include "fip_parser/external/uuid.h"
  #include "flash_layout.h"

 +#define AUTHENTICATED_CAPSULE 1
 +
  enum uefi_capsule_error_t {
      UEFI_CAPSULE_PARSER_SUCCESS = 0,
      UEFI_CAPSULE_PARSER_ERROR = (-1)
 --
 2.17.1
	From fa0988fd876400dc1bb451fffc4b167265b40d25 Mon Sep 17 00:00:00 2001
	From: Emekcan Aras <emekcan.aras@arm.com>
	Date: Thu, 14 Sep 2023 12:14:28 +0100
	Subject: [PATCH] Platform: Corstone1000: Enable Signed Capsule

	Enables signed capsule update and adjusts the necessary structs (fmp_payload_header
	, image_auth, etc.) to comply with the new capsule generation tool (mkeficapsule).

	Signed-off-by: Emekcan Aras <emekcan.aras@arm.com>
	Upstream-Status: Pending [Not submitted to upstream yet]
	---
	.../fw_update_agent/uefi_capsule_parser.c \| 25 +++++++++++--------
	.../fw_update_agent/uefi_capsule_parser.h \| 2 ++
	2 files changed, 17 insertions(+), 10 deletions(-)

	diff --git a/platform/ext/target/arm/corstone1000/fw_update_agent/uefi_capsule_parser.c b/platform/ext/target/arm/corstone1000/fw_update_agent/uefi_capsule_parser.c
	index b72ff1eb91..c706c040ac 100644
	--- a/platform/ext/target/arm/corstone1000/fw_update_agent/uefi_capsule_parser.c
	+++ b/platform/ext/target/arm/corstone1000/fw_update_agent/uefi_capsule_parser.c
	@@ -102,11 +102,9 @@ enum uefi_capsule_error_t uefi_capsule_retrieve_images(void* capsule_ptr,
	}

	capsule_header = (efi_capsule_header_t*)ptr;
	- ptr += sizeof(efi_capsule_header_t) + sizeof(uint32_t);
	+ ptr += sizeof(efi_capsule_header_t);
	fmp_capsule_header = (efi_firmware_management_capsule_header_t*)ptr;

	- fmp_payload_header = fmp_capsule_header + sizeof(*fmp_capsule_header);
	-
	total_size = capsule_header->capsule_image_size;
	image_count = fmp_capsule_header->payload_item_count;
	images_info->nr_image = image_count;
	@@ -119,22 +117,20 @@ enum uefi_capsule_error_t uefi_capsule_retrieve_images(void* capsule_ptr,
	}

	for (int i = 0; i < image_count; i++) {
	-
	image_header = (efi_firmware_management_capsule_image_header_t*)(ptr +
	fmp_capsule_header->item_offset_list[i]);

	images_info->size[i] = image_header->update_image_size;
	- images_info->version[i] = fmp_payload_header->fw_version;
	- FWU_LOG_MSG("%s: image %i version = %u\n\r", __func__, i,
	- images_info->version[i]);
	+
	#ifdef AUTHENTICATED_CAPSULE
	image_auth = (efi_firmware_image_authentication_t*)(
	(char*)image_header +
	sizeof (efi_firmware_management_capsule_image_header_t)
	);
	auth_size = sizeof(uint64_t) /* monotonic_count */ +
	- image_auth->auth_info.hdr.dwLength /* WIN_CERTIFICATE + cert_data */ +
	- sizeof(struct efi_guid) /* cert_type */;
	+ image_auth->auth_info.hdr.dwLength/* WIN_CERTIFICATE + cert_data + cert_type */;
	+
	+ fmp_payload_header = (fmp_payload_header_t)((char)image_auth + auth_size);

	FWU_LOG_MSG("%s: auth size = %u\n\r", __func__, auth_size);

	@@ -143,16 +139,25 @@ enum uefi_capsule_error_t uefi_capsule_retrieve_images(void* capsule_ptr,
	images_info->image[i] = (
	(char*)image_header +
	sizeof(efi_firmware_management_capsule_image_header_t) +
	- auth_size);
	+ auth_size +
	+ sizeof(*fmp_payload_header));
	#else
	images_info->image[i] = (
	(char*)image_header +
	sizeof(efi_firmware_management_capsule_image_header_t) +
	sizeof(*fmp_payload_header));
	+
	+ fmp_payload_header = (fmp_payload_header_t)((char)image_header +
	+ sizeof(efi_firmware_management_capsule_image_header_t));
	+
	#endif
	memcpy(&images_info->guid[i], &(image_header->update_image_type_id),
	sizeof(struct efi_guid));

	+ images_info->version[i] = fmp_payload_header->fw_version;
	+ FWU_LOG_MSG("%s: image %i version = %d\n\r", __func__, i,
	+ images_info->version[i]);
	+
	FWU_LOG_MSG("%s: image %d at %p, size=%u\n\r", __func__, i,
	images_info->image[i], images_info->size[i]);

	diff --git a/platform/ext/target/arm/corstone1000/fw_update_agent/uefi_capsule_parser.h b/platform/ext/target/arm/corstone1000/fw_update_agent/uefi_capsule_parser.h
	index a890a709e9..a31cd8a3a0 100644
	--- a/platform/ext/target/arm/corstone1000/fw_update_agent/uefi_capsule_parser.h
	+++ b/platform/ext/target/arm/corstone1000/fw_update_agent/uefi_capsule_parser.h
	@@ -12,6 +12,8 @@
	#include "fip_parser/external/uuid.h"
	#include "flash_layout.h"

	+#define AUTHENTICATED_CAPSULE 1
	+
	enum uefi_capsule_error_t {
	UEFI_CAPSULE_PARSER_SUCCESS = 0,
	UEFI_CAPSULE_PARSER_ERROR = (-1)
	--
	2.17.1