blob: 49f5b7849e48f2fdcf3c2238ac1fe7163a5e6ea4 [file] [log] [blame]
AKASHI Takahirofab430b2020-11-30 18:12:15 +09001// SPDX-License-Identifier: GPL-2.0
2/*
3 * Copyright 2018 Linaro Limited
4 * Author: AKASHI Takahiro
5 */
6
7#include <getopt.h>
Heinrich Schuchardt2a12caf2024-08-14 14:33:44 +02008#include <inttypes.h>
AKASHI Takahiro16abff22022-02-09 19:10:35 +09009#include <pe.h>
AKASHI Takahirofab430b2020-11-30 18:12:15 +090010#include <stdbool.h>
AKASHI Takahiro9e637862022-01-18 13:39:45 +090011#include <stdint.h>
AKASHI Takahirofab430b2020-11-30 18:12:15 +090012#include <stdio.h>
13#include <stdlib.h>
14#include <string.h>
15#include <linux/types.h>
Sughosh Ganu322c8132020-12-30 19:26:59 +053016
AKASHI Takahirofab430b2020-11-30 18:12:15 +090017#include <sys/stat.h>
18#include <sys/types.h>
AKASHI Takahirofab430b2020-11-30 18:12:15 +090019
AKASHI Takahiro16abff22022-02-09 19:10:35 +090020#include <gnutls/gnutls.h>
21#include <gnutls/pkcs7.h>
22#include <gnutls/abstract.h>
AKASHI Takahirofab430b2020-11-30 18:12:15 +090023
Simon Glass84362822024-07-31 08:49:00 -060024#include <version.h>
Caleb Connolly75583852024-08-30 13:34:39 +010025#include <libfdt.h>
Caleb Connollyf102e0d2024-08-30 13:34:38 +010026#include <u-boot/uuid.h>
Simon Glass84362822024-07-31 08:49:00 -060027
AKASHI Takahiro16abff22022-02-09 19:10:35 +090028#include "eficapsule.h"
AKASHI Takahirofab430b2020-11-30 18:12:15 +090029
Caleb Connolly75583852024-08-30 13:34:39 +010030// Matches CONFIG_EFI_CAPSULE_NAMESPACE_GUID
31#define DEFAULT_NAMESPACE_GUID "8c9f137e-91dc-427b-b2d6-b420faebaf2a"
32
AKASHI Takahirofab430b2020-11-30 18:12:15 +090033static const char *tool_name = "mkeficapsule";
34
35efi_guid_t efi_guid_fm_capsule = EFI_FIRMWARE_MANAGEMENT_CAPSULE_ID_GUID;
AKASHI Takahiro16abff22022-02-09 19:10:35 +090036efi_guid_t efi_guid_cert_type_pkcs7 = EFI_CERT_TYPE_PKCS7_GUID;
37
Simon Glass84362822024-07-31 08:49:00 -060038static const char *opts_short = "g:i:I:v:p:c:m:o:dhARDV";
Sughosh Ganu6da92712022-10-21 18:16:06 +053039
40enum {
41 CAPSULE_NORMAL_BLOB = 0,
42 CAPSULE_ACCEPT,
43 CAPSULE_REVERT,
44} capsule_type;
AKASHI Takahirofab430b2020-11-30 18:12:15 +090045
46static struct option options[] = {
AKASHI Takahirod9612f42022-02-09 19:10:39 +090047 {"guid", required_argument, NULL, 'g'},
AKASHI Takahirofab430b2020-11-30 18:12:15 +090048 {"index", required_argument, NULL, 'i'},
49 {"instance", required_argument, NULL, 'I'},
Masahisa Kojima000806f2023-06-07 14:41:56 +090050 {"fw-version", required_argument, NULL, 'v'},
AKASHI Takahiro16abff22022-02-09 19:10:35 +090051 {"private-key", required_argument, NULL, 'p'},
52 {"certificate", required_argument, NULL, 'c'},
53 {"monotonic-count", required_argument, NULL, 'm'},
54 {"dump-sig", no_argument, NULL, 'd'},
Sughosh Ganu6da92712022-10-21 18:16:06 +053055 {"fw-accept", no_argument, NULL, 'A'},
56 {"fw-revert", no_argument, NULL, 'R'},
Sughosh Ganuf65ee992022-10-21 18:16:07 +053057 {"capoemflag", required_argument, NULL, 'o'},
Sughosh Ganu69840772023-10-10 14:40:54 +053058 {"dump-capsule", no_argument, NULL, 'D'},
AKASHI Takahirofab430b2020-11-30 18:12:15 +090059 {"help", no_argument, NULL, 'h'},
60 {NULL, 0, NULL, 0},
61};
62
Caleb Connolly75583852024-08-30 13:34:39 +010063static void print_usage_guidgen(void)
AKASHI Takahirofab430b2020-11-30 18:12:15 +090064{
Caleb Connolly75583852024-08-30 13:34:39 +010065 fprintf(stderr, "%s guidgen [GUID] DTB IMAGE_NAME...\n"
66 "Options:\n"
67
68 "\tGUID Namespace GUID (default: %s)\n"
69 "\tDTB Device Tree Blob\n"
70 "\tIMAGE_NAME... One or more names of fw_images to generate GUIDs for\n",
71 tool_name, DEFAULT_NAMESPACE_GUID);
72}
73
74static void print_usage_mkeficapsule(void)
75{
76 fprintf(stderr, "Usage:\n\n%s [options] <image blob> <output file>\n"
AKASHI Takahiro9e637862022-01-18 13:39:45 +090077 "Options:\n"
Sughosh Ganu322c8132020-12-30 19:26:59 +053078
AKASHI Takahirod9612f42022-02-09 19:10:39 +090079 "\t-g, --guid <guid string> guid for image blob type\n"
AKASHI Takahiro9e637862022-01-18 13:39:45 +090080 "\t-i, --index <index> update image index\n"
81 "\t-I, --instance <instance> update hardware instance\n"
Masahisa Kojima000806f2023-06-07 14:41:56 +090082 "\t-v, --fw-version <version> firmware version\n"
AKASHI Takahiro16abff22022-02-09 19:10:35 +090083 "\t-p, --private-key <privkey file> private key file\n"
84 "\t-c, --certificate <cert file> signer's certificate file\n"
85 "\t-m, --monotonic-count <count> monotonic count\n"
86 "\t-d, --dump_sig dump signature (*.p7)\n"
Sughosh Ganu6da92712022-10-21 18:16:06 +053087 "\t-A, --fw-accept firmware accept capsule, requires GUID, no image blob\n"
88 "\t-R, --fw-revert firmware revert capsule, takes no GUID, no image blob\n"
Sughosh Ganuf65ee992022-10-21 18:16:07 +053089 "\t-o, --capoemflag Capsule OEM Flag, an integer between 0x0000 and 0xffff\n"
Sughosh Ganu69840772023-10-10 14:40:54 +053090 "\t-D, --dump-capsule dump the contents of the capsule headers\n"
Simon Glass84362822024-07-31 08:49:00 -060091 "\t-V, --version show version number\n"
Caleb Connolly75583852024-08-30 13:34:39 +010092 "\t-h, --help print a help message\n\n",
AKASHI Takahiro9e637862022-01-18 13:39:45 +090093 tool_name);
Caleb Connolly75583852024-08-30 13:34:39 +010094 print_usage_guidgen();
AKASHI Takahirofab430b2020-11-30 18:12:15 +090095}
96
AKASHI Takahiro9e637862022-01-18 13:39:45 +090097/**
AKASHI Takahiro16abff22022-02-09 19:10:35 +090098 * auth_context - authentication context
99 * @key_file: Path to a private key file
100 * @cert_file: Path to a certificate file
101 * @image_data: Pointer to firmware data
102 * @image_size: Size of firmware data
103 * @auth: Authentication header
104 * @sig_data: Signature data
105 * @sig_size: Size of signature data
106 *
107 * Data structure used in create_auth_data(). @key_file through
108 * @image_size are input parameters. @auth, @sig_data and @sig_size
109 * are filled in by create_auth_data().
110 */
111struct auth_context {
112 char *key_file;
113 char *cert_file;
114 uint8_t *image_data;
115 size_t image_size;
116 struct efi_firmware_image_authentication auth;
117 uint8_t *sig_data;
118 size_t sig_size;
119};
120
121static int dump_sig;
122
123/**
AKASHI Takahiro9e637862022-01-18 13:39:45 +0900124 * read_bin_file - read a firmware binary file
125 * @bin: Path to a firmware binary file
126 * @data: Pointer to pointer of allocated buffer
127 * @bin_size: Size of allocated buffer
128 *
129 * Read out a content of binary, @bin, into @data.
130 * A caller should free @data.
131 *
132 * Return:
133 * * 0 - on success
134 * * -1 - on failure
135 */
AKASHI Takahiro16abff22022-02-09 19:10:35 +0900136static int read_bin_file(char *bin, uint8_t **data, off_t *bin_size)
AKASHI Takahirofab430b2020-11-30 18:12:15 +0900137{
AKASHI Takahiro9e637862022-01-18 13:39:45 +0900138 FILE *g;
AKASHI Takahirofab430b2020-11-30 18:12:15 +0900139 struct stat bin_stat;
AKASHI Takahiro9e637862022-01-18 13:39:45 +0900140 void *buf;
AKASHI Takahirofab430b2020-11-30 18:12:15 +0900141 size_t size;
AKASHI Takahiro9e637862022-01-18 13:39:45 +0900142 int ret = 0;
AKASHI Takahirofab430b2020-11-30 18:12:15 +0900143
144 g = fopen(bin, "r");
145 if (!g) {
AKASHI Takahirodf1ce602022-01-18 13:39:44 +0900146 fprintf(stderr, "cannot open %s\n", bin);
AKASHI Takahirofab430b2020-11-30 18:12:15 +0900147 return -1;
148 }
149 if (stat(bin, &bin_stat) < 0) {
AKASHI Takahirodf1ce602022-01-18 13:39:44 +0900150 fprintf(stderr, "cannot determine the size of %s\n", bin);
AKASHI Takahiro9e637862022-01-18 13:39:45 +0900151 ret = -1;
152 goto err;
AKASHI Takahirofab430b2020-11-30 18:12:15 +0900153 }
AKASHI Takahiro9e637862022-01-18 13:39:45 +0900154 if (bin_stat.st_size > SIZE_MAX) {
155 fprintf(stderr, "file size is too large for malloc: %s\n", bin);
156 ret = -1;
157 goto err;
158 }
159 buf = malloc(bin_stat.st_size);
160 if (!buf) {
AKASHI Takahirodf1ce602022-01-18 13:39:44 +0900161 fprintf(stderr, "cannot allocate memory: %zx\n",
162 (size_t)bin_stat.st_size);
AKASHI Takahiro9e637862022-01-18 13:39:45 +0900163 ret = -1;
164 goto err;
AKASHI Takahirofab430b2020-11-30 18:12:15 +0900165 }
AKASHI Takahiro9e637862022-01-18 13:39:45 +0900166
167 size = fread(buf, 1, bin_stat.st_size, g);
168 if (size < bin_stat.st_size) {
169 fprintf(stderr, "read failed (%zx)\n", size);
170 ret = -1;
171 goto err;
172 }
173
174 *data = buf;
175 *bin_size = bin_stat.st_size;
176err:
177 fclose(g);
178
179 return ret;
180}
181
182/**
183 * write_capsule_file - write a capsule file
184 * @bin: FILE stream
185 * @data: Pointer to data
186 * @bin_size: Size of data
187 *
188 * Write out data, @data, with the size @bin_size.
189 *
190 * Return:
191 * * 0 - on success
192 * * -1 - on failure
193 */
194static int write_capsule_file(FILE *f, void *data, size_t size, const char *msg)
195{
196 size_t size_written;
197
198 size_written = fwrite(data, 1, size, f);
199 if (size_written < size) {
200 fprintf(stderr, "%s: write failed (%zx != %zx)\n", msg,
201 size_written, size);
202 return -1;
203 }
204
205 return 0;
206}
207
208/**
AKASHI Takahiro16abff22022-02-09 19:10:35 +0900209 * create_auth_data - compose authentication data in capsule
210 * @auth_context: Pointer to authentication context
211 *
212 * Fill up an authentication header (.auth) and signature data (.sig_data)
213 * in @auth_context, using library functions from openssl.
214 * All the parameters in @auth_context must be filled in by a caller.
215 *
216 * Return:
217 * * 0 - on success
218 * * -1 - on failure
219 */
220static int create_auth_data(struct auth_context *ctx)
221{
222 gnutls_datum_t cert;
223 gnutls_datum_t key;
224 off_t file_size;
225 gnutls_privkey_t pkey;
226 gnutls_x509_crt_t x509;
227 gnutls_pkcs7_t pkcs7;
228 gnutls_datum_t data;
229 gnutls_datum_t signature;
230 int ret;
231
232 ret = read_bin_file(ctx->cert_file, &cert.data, &file_size);
233 if (ret < 0)
234 return -1;
235 if (file_size > UINT_MAX)
236 return -1;
237 cert.size = file_size;
238
239 ret = read_bin_file(ctx->key_file, &key.data, &file_size);
240 if (ret < 0)
241 return -1;
AKASHI Takahiro16abff22022-02-09 19:10:35 +0900242 if (file_size > UINT_MAX)
243 return -1;
244 key.size = file_size;
245
246 /*
247 * For debugging,
248 * gnutls_global_set_time_function(mytime);
249 * gnutls_global_set_log_function(tls_log_func);
250 * gnutls_global_set_log_level(6);
251 */
252
253 ret = gnutls_privkey_init(&pkey);
254 if (ret < 0) {
255 fprintf(stderr, "error in gnutls_privkey_init(): %s\n",
256 gnutls_strerror(ret));
257 return -1;
258 }
259
260 ret = gnutls_x509_crt_init(&x509);
261 if (ret < 0) {
262 fprintf(stderr, "error in gnutls_x509_crt_init(): %s\n",
263 gnutls_strerror(ret));
264 return -1;
265 }
266
267 /* load a private key */
268 ret = gnutls_privkey_import_x509_raw(pkey, &key, GNUTLS_X509_FMT_PEM,
269 0, 0);
270 if (ret < 0) {
271 fprintf(stderr,
272 "error in gnutls_privkey_import_x509_raw(): %s\n",
273 gnutls_strerror(ret));
274 return -1;
275 }
276
277 /* load x509 certificate */
278 ret = gnutls_x509_crt_import(x509, &cert, GNUTLS_X509_FMT_PEM);
279 if (ret < 0) {
280 fprintf(stderr, "error in gnutls_x509_crt_import(): %s\n",
281 gnutls_strerror(ret));
282 return -1;
283 }
284
285 /* generate a PKCS #7 structure */
286 ret = gnutls_pkcs7_init(&pkcs7);
287 if (ret < 0) {
288 fprintf(stderr, "error in gnutls_pkcs7_init(): %s\n",
289 gnutls_strerror(ret));
290 return -1;
291 }
292
293 /* sign */
294 /*
295 * Data should have
296 * * firmware image
297 * * monotonic count
298 * in this order!
299 * See EDK2's FmpAuthenticatedHandlerRsa2048Sha256()
300 */
301 data.size = ctx->image_size + sizeof(ctx->auth.monotonic_count);
302 data.data = malloc(data.size);
303 if (!data.data) {
304 fprintf(stderr, "allocating memory (0x%x) failed\n", data.size);
305 return -1;
306 }
307 memcpy(data.data, ctx->image_data, ctx->image_size);
308 memcpy(data.data + ctx->image_size, &ctx->auth.monotonic_count,
309 sizeof(ctx->auth.monotonic_count));
310
311 ret = gnutls_pkcs7_sign(pkcs7, x509, pkey, &data, NULL, NULL,
312 GNUTLS_DIG_SHA256,
313 /* GNUTLS_PKCS7_EMBED_DATA? */
314 GNUTLS_PKCS7_INCLUDE_CERT |
315 GNUTLS_PKCS7_INCLUDE_TIME);
316 if (ret < 0) {
317 fprintf(stderr, "error in gnutls_pkcs7)sign(): %s\n",
318 gnutls_strerror(ret));
319 return -1;
320 }
321
322 /* export */
323 ret = gnutls_pkcs7_export2(pkcs7, GNUTLS_X509_FMT_DER, &signature);
324 if (ret < 0) {
325 fprintf(stderr, "error in gnutls_pkcs7_export2: %s\n",
326 gnutls_strerror(ret));
327 return -1;
328 }
329 ctx->sig_data = signature.data;
330 ctx->sig_size = signature.size;
331
332 /* fill auth_info */
333 ctx->auth.auth_info.hdr.dwLength = sizeof(ctx->auth.auth_info)
334 + ctx->sig_size;
335 ctx->auth.auth_info.hdr.wRevision = WIN_CERT_REVISION_2_0;
336 ctx->auth.auth_info.hdr.wCertificateType = WIN_CERT_TYPE_EFI_GUID;
337 memcpy(&ctx->auth.auth_info.cert_type, &efi_guid_cert_type_pkcs7,
338 sizeof(efi_guid_cert_type_pkcs7));
339
340 /*
341 * For better clean-ups,
342 * gnutls_pkcs7_deinit(pkcs7);
343 * gnutls_privkey_deinit(pkey);
344 * gnutls_x509_crt_deinit(x509);
345 * free(cert.data);
346 * free(key.data);
347 * if error
348 * gnutls_free(signature.data);
349 */
350
351 return 0;
352}
353
354/**
355 * dump_signature - dump out a signature
356 * @path: Path to a capsule file
357 * @signature: Signature data
358 * @sig_size: Size of signature data
359 *
360 * Signature data pointed to by @signature will be saved into
361 * a file whose file name is @path with ".p7" suffix.
362 *
363 * Return:
364 * * 0 - on success
365 * * -1 - on failure
366 */
367static int dump_signature(const char *path, uint8_t *signature, size_t sig_size)
368{
369 char *sig_path;
370 FILE *f;
371 size_t size;
372 int ret = -1;
373
374 sig_path = malloc(strlen(path) + 3 + 1);
375 if (!sig_path)
376 return ret;
377
378 sprintf(sig_path, "%s.p7", path);
379 f = fopen(sig_path, "w");
380 if (!f)
381 goto err;
382
383 size = fwrite(signature, 1, sig_size, f);
384 if (size == sig_size)
385 ret = 0;
386
387 fclose(f);
388err:
389 free(sig_path);
390 return ret;
391}
392
393/**
394 * free_sig_data - free out signature data
395 * @ctx: Pointer to authentication context
396 *
397 * Free signature data allocated in create_auth_data().
398 */
399static void free_sig_data(struct auth_context *ctx)
400{
401 if (ctx->sig_size)
402 gnutls_free(ctx->sig_data);
403}
404
405/**
AKASHI Takahiro9e637862022-01-18 13:39:45 +0900406 * create_fwbin - create an uefi capsule file
407 * @path: Path to a created capsule file
408 * @bin: Path to a firmware binary to encapsulate
409 * @guid: GUID of related FMP driver
410 * @index: Index number in capsule
411 * @instance: Instance number in capsule
412 * @mcount: Monotonic count in authentication information
413 * @private_file: Path to a private key file
414 * @cert_file: Path to a certificate file
Sughosh Ganuf65ee992022-10-21 18:16:07 +0530415 * @oemflags: Capsule OEM Flags, bits 0-15
AKASHI Takahiro9e637862022-01-18 13:39:45 +0900416 *
417 * This function actually does the job of creating an uefi capsule file.
418 * All the arguments must be supplied.
419 * If either @private_file ror @cert_file is NULL, the capsule file
420 * won't be signed.
421 *
422 * Return:
423 * * 0 - on success
424 * * -1 - on failure
425 */
426static int create_fwbin(char *path, char *bin, efi_guid_t *guid,
AKASHI Takahiro16abff22022-02-09 19:10:35 +0900427 unsigned long index, unsigned long instance,
Masahisa Kojima000806f2023-06-07 14:41:56 +0900428 struct fmp_payload_header_params *fmp_ph_params,
Sughosh Ganuf65ee992022-10-21 18:16:07 +0530429 uint64_t mcount, char *privkey_file, char *cert_file,
430 uint16_t oemflags)
AKASHI Takahiro9e637862022-01-18 13:39:45 +0900431{
432 struct efi_capsule_header header;
433 struct efi_firmware_management_capsule_header capsule;
434 struct efi_firmware_management_capsule_image_header image;
AKASHI Takahiro16abff22022-02-09 19:10:35 +0900435 struct auth_context auth_context;
AKASHI Takahiro9e637862022-01-18 13:39:45 +0900436 FILE *f;
Masahisa Kojima000806f2023-06-07 14:41:56 +0900437 uint8_t *data, *new_data, *buf;
AKASHI Takahiro9e637862022-01-18 13:39:45 +0900438 off_t bin_size;
AKASHI Takahiro16abff22022-02-09 19:10:35 +0900439 uint64_t offset;
AKASHI Takahiro9e637862022-01-18 13:39:45 +0900440 int ret;
Masahisa Kojima000806f2023-06-07 14:41:56 +0900441 struct fmp_payload_header payload_header;
AKASHI Takahiro9e637862022-01-18 13:39:45 +0900442
443#ifdef DEBUG
AKASHI Takahiro16abff22022-02-09 19:10:35 +0900444 fprintf(stderr, "For output: %s\n", path);
445 fprintf(stderr, "\tbin: %s\n\ttype: %pUl\n", bin, guid);
446 fprintf(stderr, "\tindex: %lu\n\tinstance: %lu\n", index, instance);
AKASHI Takahiro9e637862022-01-18 13:39:45 +0900447#endif
AKASHI Takahiro16abff22022-02-09 19:10:35 +0900448 auth_context.sig_size = 0;
AKASHI Takahiro9e637862022-01-18 13:39:45 +0900449 f = NULL;
450 data = NULL;
Masahisa Kojima000806f2023-06-07 14:41:56 +0900451 new_data = NULL;
AKASHI Takahiro9e637862022-01-18 13:39:45 +0900452 ret = -1;
453
454 /*
455 * read a firmware binary
456 */
457 if (read_bin_file(bin, &data, &bin_size))
458 goto err;
459
Masahisa Kojima000806f2023-06-07 14:41:56 +0900460 buf = data;
461
462 /* insert fmp payload header right before the payload */
463 if (fmp_ph_params->have_header) {
464 new_data = malloc(bin_size + sizeof(payload_header));
465 if (!new_data)
466 goto err;
467
468 payload_header.signature = FMP_PAYLOAD_HDR_SIGNATURE;
469 payload_header.header_size = sizeof(payload_header);
470 payload_header.fw_version = fmp_ph_params->fw_version;
471 payload_header.lowest_supported_version = 0; /* not used */
472 memcpy(new_data, &payload_header, sizeof(payload_header));
473 memcpy(new_data + sizeof(payload_header), data, bin_size);
474 buf = new_data;
475 bin_size += sizeof(payload_header);
476 }
477
AKASHI Takahiro16abff22022-02-09 19:10:35 +0900478 /* first, calculate signature to determine its size */
479 if (privkey_file && cert_file) {
480 auth_context.key_file = privkey_file;
481 auth_context.cert_file = cert_file;
482 auth_context.auth.monotonic_count = mcount;
Masahisa Kojima000806f2023-06-07 14:41:56 +0900483 auth_context.image_data = buf;
AKASHI Takahiro16abff22022-02-09 19:10:35 +0900484 auth_context.image_size = bin_size;
485
486 if (create_auth_data(&auth_context)) {
487 fprintf(stderr, "Signing firmware image failed\n");
488 goto err;
489 }
490
491 if (dump_sig &&
492 dump_signature(path, auth_context.sig_data,
493 auth_context.sig_size)) {
494 fprintf(stderr, "Creating signature file failed\n");
495 goto err;
496 }
497 }
498
AKASHI Takahiro9e637862022-01-18 13:39:45 +0900499 /*
500 * write a capsule file
501 */
AKASHI Takahirofab430b2020-11-30 18:12:15 +0900502 f = fopen(path, "w");
503 if (!f) {
AKASHI Takahirodf1ce602022-01-18 13:39:44 +0900504 fprintf(stderr, "cannot open %s\n", path);
AKASHI Takahiro9e637862022-01-18 13:39:45 +0900505 goto err;
AKASHI Takahirofab430b2020-11-30 18:12:15 +0900506 }
AKASHI Takahiro9e637862022-01-18 13:39:45 +0900507
508 /*
509 * capsule file header
510 */
AKASHI Takahirofab430b2020-11-30 18:12:15 +0900511 header.capsule_guid = efi_guid_fm_capsule;
512 header.header_size = sizeof(header);
AKASHI Takahiro450596f2020-11-30 18:12:16 +0900513 /* TODO: The current implementation ignores flags */
514 header.flags = CAPSULE_FLAGS_PERSIST_ACROSS_RESET;
Sughosh Ganuf65ee992022-10-21 18:16:07 +0530515 if (oemflags)
516 header.flags |= oemflags;
AKASHI Takahirofab430b2020-11-30 18:12:15 +0900517 header.capsule_image_size = sizeof(header)
AKASHI Takahiro16abff22022-02-09 19:10:35 +0900518 + sizeof(capsule) + sizeof(uint64_t)
AKASHI Takahirofab430b2020-11-30 18:12:15 +0900519 + sizeof(image)
AKASHI Takahiro9e637862022-01-18 13:39:45 +0900520 + bin_size;
AKASHI Takahiro16abff22022-02-09 19:10:35 +0900521 if (auth_context.sig_size)
522 header.capsule_image_size += sizeof(auth_context.auth)
523 + auth_context.sig_size;
AKASHI Takahiro9e637862022-01-18 13:39:45 +0900524 if (write_capsule_file(f, &header, sizeof(header),
525 "Capsule header"))
526 goto err;
AKASHI Takahirofab430b2020-11-30 18:12:15 +0900527
AKASHI Takahiro9e637862022-01-18 13:39:45 +0900528 /*
529 * firmware capsule header
530 * This capsule has only one firmware capsule image.
531 */
AKASHI Takahirofab430b2020-11-30 18:12:15 +0900532 capsule.version = 0x00000001;
533 capsule.embedded_driver_count = 0;
534 capsule.payload_item_count = 1;
AKASHI Takahiro9e637862022-01-18 13:39:45 +0900535 if (write_capsule_file(f, &capsule, sizeof(capsule),
536 "Firmware capsule header"))
537 goto err;
AKASHI Takahirofab430b2020-11-30 18:12:15 +0900538
AKASHI Takahiro16abff22022-02-09 19:10:35 +0900539 offset = sizeof(capsule) + sizeof(uint64_t);
AKASHI Takahiro9e637862022-01-18 13:39:45 +0900540 if (write_capsule_file(f, &offset, sizeof(offset),
541 "Offset to capsule image"))
542 goto err;
543
544 /*
545 * firmware capsule image header
546 */
AKASHI Takahirofab430b2020-11-30 18:12:15 +0900547 image.version = 0x00000003;
548 memcpy(&image.update_image_type_id, guid, sizeof(*guid));
549 image.update_image_index = index;
AKASHI Takahirof7cd8b72021-01-22 10:43:49 +0900550 image.reserved[0] = 0;
551 image.reserved[1] = 0;
552 image.reserved[2] = 0;
AKASHI Takahiro9e637862022-01-18 13:39:45 +0900553 image.update_image_size = bin_size;
AKASHI Takahiro16abff22022-02-09 19:10:35 +0900554 if (auth_context.sig_size)
555 image.update_image_size += sizeof(auth_context.auth)
556 + auth_context.sig_size;
AKASHI Takahirofab430b2020-11-30 18:12:15 +0900557 image.update_vendor_code_size = 0; /* none */
558 image.update_hardware_instance = instance;
559 image.image_capsule_support = 0;
AKASHI Takahiro16abff22022-02-09 19:10:35 +0900560 if (auth_context.sig_size)
561 image.image_capsule_support |= CAPSULE_SUPPORT_AUTHENTICATION;
AKASHI Takahiro9e637862022-01-18 13:39:45 +0900562 if (write_capsule_file(f, &image, sizeof(image),
563 "Firmware capsule image header"))
564 goto err;
AKASHI Takahirofab430b2020-11-30 18:12:15 +0900565
AKASHI Takahiro9e637862022-01-18 13:39:45 +0900566 /*
AKASHI Takahiro16abff22022-02-09 19:10:35 +0900567 * signature
568 */
569 if (auth_context.sig_size) {
570 if (write_capsule_file(f, &auth_context.auth,
571 sizeof(auth_context.auth),
572 "Authentication header"))
573 goto err;
574
575 if (write_capsule_file(f, auth_context.sig_data,
576 auth_context.sig_size, "Signature"))
577 goto err;
578 }
579
580 /*
AKASHI Takahiro9e637862022-01-18 13:39:45 +0900581 * firmware binary
582 */
Masahisa Kojima000806f2023-06-07 14:41:56 +0900583 if (write_capsule_file(f, buf, bin_size, "Firmware binary"))
AKASHI Takahiro9e637862022-01-18 13:39:45 +0900584 goto err;
AKASHI Takahirofab430b2020-11-30 18:12:15 +0900585
AKASHI Takahiro9e637862022-01-18 13:39:45 +0900586 ret = 0;
587err:
588 if (f)
589 fclose(f);
AKASHI Takahiro16abff22022-02-09 19:10:35 +0900590 free_sig_data(&auth_context);
AKASHI Takahirofab430b2020-11-30 18:12:15 +0900591 free(data);
Masahisa Kojima000806f2023-06-07 14:41:56 +0900592 free(new_data);
AKASHI Takahirofab430b2020-11-30 18:12:15 +0900593
AKASHI Takahiro9e637862022-01-18 13:39:45 +0900594 return ret;
AKASHI Takahirofab430b2020-11-30 18:12:15 +0900595}
596
Sughosh Ganu6da92712022-10-21 18:16:06 +0530597static int create_empty_capsule(char *path, efi_guid_t *guid, bool fw_accept)
598{
599 struct efi_capsule_header header = { 0 };
600 FILE *f = NULL;
601 int ret = -1;
602 efi_guid_t fw_accept_guid = FW_ACCEPT_OS_GUID;
603 efi_guid_t fw_revert_guid = FW_REVERT_OS_GUID;
604 efi_guid_t capsule_guid;
605
606 f = fopen(path, "w");
607 if (!f) {
608 fprintf(stderr, "cannot open %s\n", path);
609 goto err;
610 }
611
612 capsule_guid = fw_accept ? fw_accept_guid : fw_revert_guid;
613
614 memcpy(&header.capsule_guid, &capsule_guid, sizeof(efi_guid_t));
615 header.header_size = sizeof(header);
616 header.flags = 0;
617
618 header.capsule_image_size = fw_accept ?
619 sizeof(header) + sizeof(efi_guid_t) : sizeof(header);
620
621 if (write_capsule_file(f, &header, sizeof(header),
622 "Capsule header"))
623 goto err;
624
625 if (fw_accept) {
626 if (write_capsule_file(f, guid, sizeof(*guid),
627 "FW Accept Capsule Payload"))
628 goto err;
629 }
630
631 ret = 0;
632
633err:
634 if (f)
635 fclose(f);
636
637 return ret;
638}
639
Sughosh Ganu69840772023-10-10 14:40:54 +0530640static void print_guid(void *ptr)
641{
Caleb Connollyf102e0d2024-08-30 13:34:38 +0100642 static char buf[37] = { 0 };
Sughosh Ganu69840772023-10-10 14:40:54 +0530643
Caleb Connollyf102e0d2024-08-30 13:34:38 +0100644 uuid_bin_to_str(ptr, buf, UUID_STR_FORMAT_GUID | UUID_STR_UPPER_CASE);
645 printf("%s\n", buf);
Sughosh Ganu69840772023-10-10 14:40:54 +0530646}
647
648static uint32_t dump_fmp_payload_header(
649 struct fmp_payload_header *fmp_payload_hdr)
650{
651 if (fmp_payload_hdr->signature == FMP_PAYLOAD_HDR_SIGNATURE) {
652 printf("--------\n");
653 printf("FMP_PAYLOAD_HDR.SIGNATURE\t\t\t: %08X\n",
654 FMP_PAYLOAD_HDR_SIGNATURE);
655 printf("FMP_PAYLOAD_HDR.HEADER_SIZE\t\t\t: %08X\n",
656 fmp_payload_hdr->header_size);
657 printf("FMP_PAYLOAD_HDR.FW_VERSION\t\t\t: %08X\n",
658 fmp_payload_hdr->fw_version);
659 printf("FMP_PAYLOAD_HDR.LOWEST_SUPPORTED_VERSION\t: %08X\n",
660 fmp_payload_hdr->lowest_supported_version);
661 return fmp_payload_hdr->header_size;
662 }
663
664 return 0;
665}
666
667static void dump_capsule_auth_header(
668 struct efi_firmware_image_authentication *capsule_auth_hdr)
669{
Heinrich Schuchardt2a12caf2024-08-14 14:33:44 +0200670 printf("EFI_FIRMWARE_IMAGE_AUTH.MONOTONIC_COUNT\t\t: %08" PRIX64 "\n",
Sughosh Ganu69840772023-10-10 14:40:54 +0530671 capsule_auth_hdr->monotonic_count);
672 printf("EFI_FIRMWARE_IMAGE_AUTH.AUTH_INFO.HDR.dwLENGTH\t: %08X\n",
673 capsule_auth_hdr->auth_info.hdr.dwLength);
674 printf("EFI_FIRMWARE_IMAGE_AUTH.AUTH_INFO.HDR.wREVISION\t: %08X\n",
675 capsule_auth_hdr->auth_info.hdr.wRevision);
676 printf("EFI_FIRMWARE_IMAGE_AUTH.AUTH_INFO.HDR.wCERTTYPE\t: %08X\n",
677 capsule_auth_hdr->auth_info.hdr.wCertificateType);
678 printf("EFI_FIRMWARE_IMAGE_AUTH.AUTH_INFO.CERT_TYPE\t: ");
679 print_guid(&capsule_auth_hdr->auth_info.cert_type);
680}
681
682static void dump_fmp_capsule_image_header(
683 struct efi_firmware_management_capsule_image_header *image_hdr)
684{
685 void *capsule_auth_hdr;
686 void *fmp_payload_hdr;
687 uint64_t signature_size = 0;
688 uint32_t payload_size = 0;
689 uint32_t fmp_payload_hdr_size = 0;
690 struct efi_firmware_image_authentication *auth_hdr;
691
692 printf("--------\n");
693 printf("FMP_CAPSULE_IMAGE_HDR.VERSION\t\t\t: %08X\n",
694 image_hdr->version);
695 printf("FMP_CAPSULE_IMAGE_HDR.UPDATE_IMAGE_TYPE_ID\t: ");
696 print_guid(&image_hdr->update_image_type_id);
697 printf("FMP_CAPSULE_IMAGE_HDR.UPDATE_IMAGE_INDEX\t: %08X\n",
698 image_hdr->update_image_index);
699 printf("FMP_CAPSULE_IMAGE_HDR.UPDATE_IMAGE_SIZE\t\t: %08X\n",
700 image_hdr->update_image_size);
701 printf("FMP_CAPSULE_IMAGE_HDR.UPDATE_VENDOR_CODE_SIZE\t: %08X\n",
702 image_hdr->update_vendor_code_size);
Heinrich Schuchardt2a12caf2024-08-14 14:33:44 +0200703 printf("FMP_CAPSULE_IMAGE_HDR.UPDATE_HARDWARE_INSTANCE\t: %08" PRIX64 "\n",
Sughosh Ganu69840772023-10-10 14:40:54 +0530704 image_hdr->update_hardware_instance);
Heinrich Schuchardt2a12caf2024-08-14 14:33:44 +0200705 printf("FMP_CAPSULE_IMAGE_HDR.IMAGE_CAPSULE_SUPPORT\t: %08" PRIX64 "\n",
Sughosh Ganu69840772023-10-10 14:40:54 +0530706 image_hdr->image_capsule_support);
707
708 printf("--------\n");
709 if (image_hdr->image_capsule_support & CAPSULE_SUPPORT_AUTHENTICATION) {
710 capsule_auth_hdr = (char *)image_hdr + sizeof(*image_hdr);
711 dump_capsule_auth_header(capsule_auth_hdr);
712
713 auth_hdr = capsule_auth_hdr;
714 signature_size = sizeof(auth_hdr->monotonic_count) +
715 auth_hdr->auth_info.hdr.dwLength;
716 fmp_payload_hdr = (char *)capsule_auth_hdr + signature_size;
717 } else {
718 printf("Capsule Authentication Not Enabled\n");
719 fmp_payload_hdr = (char *)image_hdr + sizeof(*image_hdr);
720 }
721
722 fmp_payload_hdr_size = dump_fmp_payload_header(fmp_payload_hdr);
723
724 payload_size = image_hdr->update_image_size - signature_size -
725 fmp_payload_hdr_size;
726 printf("--------\n");
727 printf("Payload Image Size\t\t\t\t: %08X\n", payload_size);
728}
729
730static void dump_fmp_header(
731 struct efi_firmware_management_capsule_header *fmp_hdr)
732{
733 int i;
734 void *capsule_image_hdr;
735
736 printf("EFI_FMP_HDR.VERSION\t\t\t\t: %08X\n", fmp_hdr->version);
737 printf("EFI_FMP_HDR.EMBEDDED_DRIVER_COUNT\t\t: %08X\n",
738 fmp_hdr->embedded_driver_count);
739 printf("EFI_FMP_HDR.PAYLOAD_ITEM_COUNT\t\t\t: %08X\n",
740 fmp_hdr->payload_item_count);
741
742 /*
743 * We currently don't support Embedded Drivers.
744 * Only worry about the payload items.
745 */
746 for (i = 0; i < fmp_hdr->payload_item_count; i++) {
747 capsule_image_hdr = (char *)fmp_hdr +
748 fmp_hdr->item_offset_list[i];
749 dump_fmp_capsule_image_header(capsule_image_hdr);
750 }
751}
752
753static void dump_capsule_header(struct efi_capsule_header *capsule_hdr)
754{
755 printf("EFI_CAPSULE_HDR.CAPSULE_GUID\t\t\t: ");
756 print_guid((void *)&capsule_hdr->capsule_guid);
757 printf("EFI_CAPSULE_HDR.HEADER_SIZE\t\t\t: %08X\n",
758 capsule_hdr->header_size);
759 printf("EFI_CAPSULE_HDR.FLAGS\t\t\t\t: %08X\n", capsule_hdr->flags);
760 printf("EFI_CAPSULE_HDR.CAPSULE_IMAGE_SIZE\t\t: %08X\n",
761 capsule_hdr->capsule_image_size);
762}
763
764static void normal_capsule_dump(void *capsule_buf)
765{
766 void *fmp_hdr;
767 struct efi_capsule_header *hdr = capsule_buf;
768
769 dump_capsule_header(hdr);
770 printf("--------\n");
771
772 fmp_hdr = (char *)capsule_buf + sizeof(*hdr);
773 dump_fmp_header(fmp_hdr);
774}
775
776static void empty_capsule_dump(void *capsule_buf)
777{
778 efi_guid_t *accept_image_guid;
779 struct efi_capsule_header *hdr = capsule_buf;
780 efi_guid_t efi_empty_accept_capsule = FW_ACCEPT_OS_GUID;
781
782 dump_capsule_header(hdr);
783
784 if (!memcmp(&efi_empty_accept_capsule, &hdr->capsule_guid,
785 sizeof(efi_guid_t))) {
786 accept_image_guid = (void *)(char *)capsule_buf +
787 sizeof(struct efi_capsule_header);
788 printf("--------\n");
789 printf("ACCEPT_IMAGE_GUID\t\t\t\t: ");
790 print_guid(accept_image_guid);
791 }
792}
793
794static void dump_capsule_contents(char *capsule_file)
795{
796 int fd;
797 char *ptr;
798 efi_guid_t efi_fmp_guid = EFI_FIRMWARE_MANAGEMENT_CAPSULE_ID_GUID;
799 efi_guid_t efi_empty_accept_capsule = FW_ACCEPT_OS_GUID;
800 efi_guid_t efi_empty_revert_capsule = FW_REVERT_OS_GUID;
801 struct stat sbuf;
802
803 if (!capsule_file) {
804 fprintf(stderr, "No capsule file provided\n");
805 exit(EXIT_FAILURE);
806 }
807
808 if ((fd = open(capsule_file, O_RDONLY)) < 0) {
809 fprintf(stderr, "Error opening capsule file: %s\n",
810 capsule_file);
811 exit(EXIT_FAILURE);
812 }
813
814 if (fstat(fd, &sbuf) < 0) {
815 fprintf(stderr, "Can't stat capsule file: %s\n", capsule_file);
816 exit(EXIT_FAILURE);
817 }
818
819 if ((ptr = mmap(0, sbuf.st_size, PROT_READ, MAP_SHARED, fd, 0))
820 == MAP_FAILED) {
821 fprintf(stderr, "Can't mmap capsule file: %s\n", capsule_file);
822 exit(EXIT_FAILURE);
823 }
824
825 if (!memcmp(&efi_fmp_guid, ptr, sizeof(efi_guid_t))) {
826 normal_capsule_dump(ptr);
827 } else if (!memcmp(&efi_empty_accept_capsule, ptr,
828 sizeof(efi_guid_t)) ||
829 !memcmp(&efi_empty_revert_capsule, ptr,
830 sizeof(efi_guid_t))) {
831 empty_capsule_dump(ptr);
832 } else {
833 fprintf(stderr, "Unable to decode the capsule file: %s\n",
834 capsule_file);
835 exit(EXIT_FAILURE);
836 }
837}
838
Caleb Connolly75583852024-08-30 13:34:39 +0100839static struct fdt_header *load_dtb(const char *path)
840{
841 struct fdt_header *dtb;
842 ssize_t dtb_size;
843 FILE *f;
844
845 /* Open and parse DTB */
846 f = fopen(path, "r");
847 if (!f) {
848 fprintf(stderr, "Cannot open %s\n", path);
849 return NULL;
850 }
851
852 if (fseek(f, 0, SEEK_END)) {
853 fprintf(stderr, "Cannot seek to the end of %s: %s\n",
854 path, strerror(errno));
855 return NULL;
856 }
857
858 dtb_size = ftell(f);
859 if (dtb_size < 0) {
860 fprintf(stderr, "Cannot ftell %s: %s\n",
861 path, strerror(errno));
862 return NULL;
863 }
864
865 fseek(f, 0, SEEK_SET);
866
867 dtb = malloc(dtb_size);
868 if (!dtb) {
869 fprintf(stderr, "Can't allocated %ld\n", dtb_size);
870 return NULL;
871 }
872
873 if (fread(dtb, dtb_size, 1, f) != 1) {
874 fprintf(stderr, "Can't read %ld bytes from %s\n",
875 dtb_size, path);
876 free(dtb);
877 return NULL;
878 }
879
880 fclose(f);
881
882 return dtb;
883}
884
885#define MAX_IMAGE_NAME_LEN 128
886static int genguid(int argc, char **argv)
887{
888 int idx = 2, ret;
889 unsigned char namespace[16];
890 struct efi_guid image_type_id;
891 const char *dtb_path;
892 struct fdt_header *dtb;
893 const char *compatible;
894 int compatlen, namelen;
895 uint16_t fw_image[MAX_IMAGE_NAME_LEN];
896
897 if (argc < 2) {
898 fprintf(stderr, "Usage: ");
899 print_usage_guidgen();
900 return -1;
901 }
902
903 if (uuid_str_to_bin(argv[1], namespace, UUID_STR_FORMAT_GUID)) {
904 uuid_str_to_bin(DEFAULT_NAMESPACE_GUID, namespace, UUID_STR_FORMAT_GUID);
905 dtb_path = argv[1];
906 } else {
907 dtb_path = argv[2];
908 idx = 3;
909 }
910
911 if (idx == argc) {
912 fprintf(stderr, "Usage: ");
913 print_usage_guidgen();
914 return -1;
915 }
916
917 dtb = load_dtb(dtb_path);
918 if (!dtb)
919 return -1;
920
921 ret = fdt_check_header(dtb);
922 if (ret) {
923 fprintf(stderr, "Invalid DTB header: %d\n", ret);
924 return -1;
925 }
926
927 compatible = fdt_getprop(dtb, 0, "compatible", &compatlen);
928 if (!compatible) {
929 fprintf(stderr, "No compatible string found in DTB\n");
930 return -1;
931 }
932 if (strnlen(compatible, compatlen) >= compatlen) {
933 fprintf(stderr, "Compatible string not null-terminated\n");
934 return -1;
935 }
936
937 printf("Generating GUIDs for %s with namespace %s:\n",
938 compatible, DEFAULT_NAMESPACE_GUID);
939 for (; idx < argc; idx++) {
940 memset(fw_image, 0, sizeof(fw_image));
941 namelen = strlen(argv[idx]);
942 if (namelen > MAX_IMAGE_NAME_LEN) {
943 fprintf(stderr, "Image name too long: %s\n", argv[idx]);
944 return -1;
945 }
946
947 for (int i = 0; i < namelen; i++)
948 fw_image[i] = (uint16_t)argv[idx][i];
949
950 gen_v5_guid((struct uuid *)&namespace, &image_type_id,
951 compatible, strlen(compatible),
952 fw_image, namelen * sizeof(uint16_t),
953 NULL);
954
955 printf("%s: ", argv[idx]);
956 print_guid(&image_type_id);
957 }
958
959 return 0;
960}
961
AKASHI Takahirod9612f42022-02-09 19:10:39 +0900962/**
AKASHI Takahiro16abff22022-02-09 19:10:35 +0900963 * main - main entry function of mkeficapsule
964 * @argc: Number of arguments
965 * @argv: Array of pointers to arguments
966 *
967 * Create an uefi capsule file, optionally signing it.
968 * Parse all the arguments and pass them on to create_fwbin().
969 *
970 * Return:
971 * * 0 - on success
972 * * -1 - on failure
AKASHI Takahirofab430b2020-11-30 18:12:15 +0900973 */
974int main(int argc, char **argv)
975{
AKASHI Takahirofab430b2020-11-30 18:12:15 +0900976 efi_guid_t *guid;
AKASHI Takahirod9612f42022-02-09 19:10:39 +0900977 unsigned char uuid_buf[16];
AKASHI Takahirofab430b2020-11-30 18:12:15 +0900978 unsigned long index, instance;
AKASHI Takahiro16abff22022-02-09 19:10:35 +0900979 uint64_t mcount;
Sughosh Ganuf65ee992022-10-21 18:16:07 +0530980 unsigned long oemflags;
Sughosh Ganu69840772023-10-10 14:40:54 +0530981 bool capsule_dump;
AKASHI Takahiro16abff22022-02-09 19:10:35 +0900982 char *privkey_file, *cert_file;
AKASHI Takahirofab430b2020-11-30 18:12:15 +0900983 int c, idx;
Masahisa Kojima000806f2023-06-07 14:41:56 +0900984 struct fmp_payload_header_params fmp_ph_params = { 0 };
AKASHI Takahirofab430b2020-11-30 18:12:15 +0900985
Caleb Connolly75583852024-08-30 13:34:39 +0100986 /* Generate dynamic GUIDs */
987 if (argc > 1 && !strcmp(argv[1], "guidgen")) {
988 if (genguid(argc - 1, argv + 1))
989 exit(EXIT_FAILURE);
990 exit(EXIT_SUCCESS);
991 }
992
AKASHI Takahirofab430b2020-11-30 18:12:15 +0900993 guid = NULL;
994 index = 0;
995 instance = 0;
AKASHI Takahiro16abff22022-02-09 19:10:35 +0900996 mcount = 0;
997 privkey_file = NULL;
998 cert_file = NULL;
Sughosh Ganu69840772023-10-10 14:40:54 +0530999 capsule_dump = false;
AKASHI Takahiro16abff22022-02-09 19:10:35 +09001000 dump_sig = 0;
Sughosh Ganu6da92712022-10-21 18:16:06 +05301001 capsule_type = CAPSULE_NORMAL_BLOB;
Sughosh Ganuf65ee992022-10-21 18:16:07 +05301002 oemflags = 0;
AKASHI Takahirofab430b2020-11-30 18:12:15 +09001003 for (;;) {
AKASHI Takahiro16abff22022-02-09 19:10:35 +09001004 c = getopt_long(argc, argv, opts_short, options, &idx);
AKASHI Takahirofab430b2020-11-30 18:12:15 +09001005 if (c == -1)
1006 break;
1007
1008 switch (c) {
AKASHI Takahirod9612f42022-02-09 19:10:39 +09001009 case 'g':
1010 if (guid) {
1011 fprintf(stderr,
1012 "Image type already specified\n");
1013 exit(EXIT_FAILURE);
1014 }
Caleb Connollyf102e0d2024-08-30 13:34:38 +01001015 if (uuid_str_to_bin(optarg, uuid_buf, UUID_STR_FORMAT_GUID)) {
AKASHI Takahirod9612f42022-02-09 19:10:39 +09001016 fprintf(stderr, "Wrong guid format\n");
1017 exit(EXIT_FAILURE);
1018 }
AKASHI Takahirod9612f42022-02-09 19:10:39 +09001019 guid = (efi_guid_t *)uuid_buf;
1020 break;
AKASHI Takahirofab430b2020-11-30 18:12:15 +09001021 case 'i':
1022 index = strtoul(optarg, NULL, 0);
1023 break;
1024 case 'I':
1025 instance = strtoul(optarg, NULL, 0);
1026 break;
Masahisa Kojima000806f2023-06-07 14:41:56 +09001027 case 'v':
1028 fmp_ph_params.fw_version = strtoul(optarg, NULL, 0);
1029 fmp_ph_params.have_header = true;
1030 break;
AKASHI Takahiro16abff22022-02-09 19:10:35 +09001031 case 'p':
1032 if (privkey_file) {
1033 fprintf(stderr,
1034 "Private Key already specified\n");
1035 exit(EXIT_FAILURE);
1036 }
1037 privkey_file = optarg;
1038 break;
1039 case 'c':
1040 if (cert_file) {
1041 fprintf(stderr,
1042 "Certificate file already specified\n");
1043 exit(EXIT_FAILURE);
1044 }
1045 cert_file = optarg;
1046 break;
1047 case 'm':
1048 mcount = strtoul(optarg, NULL, 0);
1049 break;
1050 case 'd':
1051 dump_sig = 1;
1052 break;
Sughosh Ganu6da92712022-10-21 18:16:06 +05301053 case 'A':
1054 if (capsule_type) {
1055 fprintf(stderr,
1056 "Select either of Accept or Revert capsule generation\n");
1057 exit(1);
1058 }
1059 capsule_type = CAPSULE_ACCEPT;
1060 break;
1061 case 'R':
1062 if (capsule_type) {
1063 fprintf(stderr,
1064 "Select either of Accept or Revert capsule generation\n");
1065 exit(1);
1066 }
1067 capsule_type = CAPSULE_REVERT;
1068 break;
Sughosh Ganuf65ee992022-10-21 18:16:07 +05301069 case 'o':
1070 oemflags = strtoul(optarg, NULL, 0);
1071 if (oemflags > 0xffff) {
1072 fprintf(stderr,
1073 "oemflags must be between 0x0 and 0xffff\n");
1074 exit(1);
1075 }
1076 break;
Sughosh Ganu69840772023-10-10 14:40:54 +05301077 case 'D':
1078 capsule_dump = true;
1079 break;
Simon Glass84362822024-07-31 08:49:00 -06001080 case 'V':
1081 printf("mkeficapsule version %s\n", PLAIN_VERSION);
1082 exit(EXIT_SUCCESS);
Sughosh Ganu6da92712022-10-21 18:16:06 +05301083 default:
Caleb Connolly75583852024-08-30 13:34:39 +01001084 print_usage_mkeficapsule();
Simon Glassba35f732024-07-31 08:49:03 -06001085 exit(EXIT_FAILURE);
AKASHI Takahirofab430b2020-11-30 18:12:15 +09001086 }
1087 }
1088
Sughosh Ganu69840772023-10-10 14:40:54 +05301089 if (capsule_dump) {
1090 if (argc != optind + 1) {
1091 fprintf(stderr, "Must provide the capsule file to parse\n");
1092 exit(EXIT_FAILURE);
1093 }
1094 dump_capsule_contents(argv[argc - 1]);
1095 exit(EXIT_SUCCESS);
1096 }
1097
AKASHI Takahiro16abff22022-02-09 19:10:35 +09001098 /* check necessary parameters */
Sughosh Ganu6da92712022-10-21 18:16:06 +05301099 if ((capsule_type == CAPSULE_NORMAL_BLOB &&
1100 ((argc != optind + 2) || !guid ||
1101 ((privkey_file && !cert_file) ||
1102 (!privkey_file && cert_file)))) ||
1103 (capsule_type != CAPSULE_NORMAL_BLOB &&
1104 ((argc != optind + 1) ||
1105 ((capsule_type == CAPSULE_ACCEPT) && !guid) ||
1106 ((capsule_type == CAPSULE_REVERT) && guid)))) {
Caleb Connolly75583852024-08-30 13:34:39 +01001107 print_usage_mkeficapsule();
Sughosh Ganud33f3182021-01-22 20:34:56 +05301108 exit(EXIT_FAILURE);
AKASHI Takahirofab430b2020-11-30 18:12:15 +09001109 }
1110
Sughosh Ganu6da92712022-10-21 18:16:06 +05301111 if (capsule_type != CAPSULE_NORMAL_BLOB) {
1112 if (create_empty_capsule(argv[argc - 1], guid,
1113 capsule_type == CAPSULE_ACCEPT) < 0) {
1114 fprintf(stderr, "Creating empty capsule failed\n");
1115 exit(EXIT_FAILURE);
1116 }
1117 } else if (create_fwbin(argv[argc - 1], argv[argc - 2], guid,
Masahisa Kojima000806f2023-06-07 14:41:56 +09001118 index, instance, &fmp_ph_params, mcount, privkey_file,
Sughosh Ganuf65ee992022-10-21 18:16:07 +05301119 cert_file, (uint16_t)oemflags) < 0) {
AKASHI Takahirodf1ce602022-01-18 13:39:44 +09001120 fprintf(stderr, "Creating firmware capsule failed\n");
Sughosh Ganud33f3182021-01-22 20:34:56 +05301121 exit(EXIT_FAILURE);
AKASHI Takahirofab430b2020-11-30 18:12:15 +09001122 }
1123
Sughosh Ganud33f3182021-01-22 20:34:56 +05301124 exit(EXIT_SUCCESS);
AKASHI Takahirofab430b2020-11-30 18:12:15 +09001125}