arm/uefi_capsule: use U-Boot for capsule generation

Currently, only the Corstone-1000 platform uses the capsule generation class. Corstone-1000 uses U-Boot instead of EDK2. With this change, the dependency on EDK2 was removed. Signed-off-by: Bence Balogh <bence.balogh@arm.com> Signed-off-by: Jon Mason <jon.mason@arm.com>
2026-05-07 04:58:57 +00:00 · 2024-04-16 18:14:45 +02:00
parent e6ff022d6d
commit d0d1b96b0a
5 changed files with 52 additions and 41 deletions
@@ -38,3 +38,8 @@ local_conf_header:
    # TS PSA API tests commands for crypto, its, ps and iat
    CORE_IMAGE_EXTRA_INSTALL += "packagegroup-ts-tests-psa"
  capsule: |
    CAPSULE_EXTENSION = "uefi.capsule"
    CAPSULE_FW_VERSION = "6"
    CAPSULE_NAME = "${MACHINE}-v${CAPSULE_FW_VERSION}"
@@ -3,7 +3,7 @@ COMPATIBLE_MACHINE = "corstone1000"
 FIRMWARE_BINARIES = "corstone1000-flash-firmware-image-${MACHINE}.wic \
                     bl1.bin \
                     es_flashfw.bin \
-                     corstone1000-flash-firmware-image-${MACHINE}.wic.uefi.capsule \
+                     ${CAPSULE_NAME}.${CAPSULE_EXTENSION} \
                     corstone1000_capsule_cert.crt \
                     corstone1000_capsule_key.key \
                    "
@@ -12,10 +12,12 @@ IMAGE_FSTYPES = "wic uefi_capsule"
 inherit image
 inherit tfm_sign_image
 inherit uefi_capsule
 inherit deploy
 DEPENDS += "external-system \
            trusted-firmware-a \
            trusted-firmware-m \
            u-boot \
 "
 IMAGE_FEATURES = ""
@@ -23,9 +25,21 @@ IMAGE_LINGUAS = ""
 PACKAGE_INSTALL = ""
-UEFI_FIRMWARE_BINARY = "${IMAGE_LINK_NAME}.${CAPSULE_IMGTYPE}"
+# The generated ${MACHINE}_image.nopt is used instead of the default wic image
-UEFI_CAPSULE_CONFIG = "${THISDIR}/files/${PN}-capsule-update-image.json"
+# for the capsule generation. The uefi.capsule image type doesn't have to
-CAPSULE_IMGTYPE = "wic"
+# depend on the wic because of this.
 #
 # The corstone1000_capsule_cert.crt and corstone1000_capsule_key.key are installed
 # by the U-Boot recipe so this recipe has to depend on that.
 CAPSULE_IMGTYPE = ""
 CAPSULE_CERTIFICATE_PATH = "${DEPLOY_DIR_IMAGE}/corstone1000_capsule_cert.crt"
 CAPSULE_GUID:corstone1000-fvp ?= "989f3a4e-46e0-4cd0-9877-a25c70c01329"
 CAPSULE_GUID:corstone1000-mps3 ?= "df1865d1-90fb-4d59-9c38-c9f2c1bba8cc"
 CAPSULE_IMGLOCATION = "${DEPLOY_DIR_IMAGE}"
 CAPSULE_INDEX = "1"
 CAPSULE_MONOTONIC_COUNT = "1"
 CAPSULE_PRIVATE_KEY_PATH = "${DEPLOY_DIR_IMAGE}/corstone1000_capsule_key.key"
 UEFI_FIRMWARE_BINARY = "${B}/${MACHINE}_image.nopt"
 # TF-A settings for signing host images
 TFA_BL2_BINARY = "bl2-corstone1000.bin"
@@ -73,3 +87,9 @@ create_nopt_image() {
 }
 create_nopt_image[depends] += "mc:firmware:linux-yocto:do_deploy"
 do_image_uefi_capsule[prefuncs] += "create_nopt_image"
 do_deploy() {
    install -m 0755 ${B}/${MACHINE}_image.nopt  ${DEPLOYDIR}
 }
 addtask deploy after do_image_uefi_capsule
@@ -1,11 +0,0 @@
 {
    "Payloads": [
        {
            "FwVersion": "5",
            "Guid": "e2bb9c06-70e9-4b14-97a3-5a7913176e3f",
            "LowestSupportedVersion": "1",
            "Payload": "$UEFI_FIRMWARE_BINARY",
            "UpdateImageIndex": "0"
        }
    ]
 }
@@ -1,13 +1,10 @@
 # This class generates UEFI capsules
 # The current class supports generating a capsule with single firmware binary
 DEPENDS += "gettext-native"
 inherit python3native
 IMAGE_TYPES += "uefi_capsule"
-# edk2 base tools should be installed in the native sysroot directory
+# u-boot-tools should be installed in the native sysroot directory
-do_image_uefi_capsule[depends] += "edk2-basetools-native:do_populate_sysroot"
+do_image_uefi_capsule[depends] += "u-boot-tools-native:do_populate_sysroot"
 # By default the wic image is used to create a capsule
 CAPSULE_IMGTYPE ?= "wic"
@@ -18,37 +15,37 @@ CAPSULE_IMGLOCATION ?= "${IMGDEPLOYDIR}"
 # The generated capsule by default has uefi.capsule extension
 CAPSULE_EXTENSION ?= "uefi.capsule"
 # The generated capsule's name by default is the same as UEFI_FIRMWARE_BINARY
 CAPSULE_NAME ?= "${UEFI_FIRMWARE_BINARY}"
 # The following variables must be set to be able to generate a capsule update
 CAPSULE_CERTIFICATE_PATH ?= ""
 CAPSULE_FW_VERSION ?= ""
 CAPSULE_GUID ?= ""
 CAPSULE_INDEX ?= ""
 CAPSULE_MONOTONIC_COUNT ?= ""
 CAPSULE_PRIVATE_KEY_PATH ?= ""
 UEFI_FIRMWARE_BINARY ?= ""
 UEFI_CAPSULE_CONFIG ?= ""
 # Check if the required variables are set
 python() {
-    for var in ["UEFI_FIRMWARE_BINARY", "UEFI_CAPSULE_CONFIG"]:
+    for var in ["CAPSULE_CERTIFICATE_PATH", "CAPSULE_FW_VERSION", \
                "CAPSULE_GUID", "CAPSULE_INDEX", \
                "CAPSULE_MONOTONIC_COUNT", "CAPSULE_PRIVATE_KEY_PATH", \
                "UEFI_FIRMWARE_BINARY"]:
        if not d.getVar(var):
            raise bb.parse.SkipRecipe(f"{var} not set")
 }
 IMAGE_CMD:uefi_capsule(){
-
+    mkeficapsule --certificate ${CAPSULE_CERTIFICATE_PATH} \
-    # Force the GenerateCapsule script to use python3
+                 --fw-version ${CAPSULE_FW_VERSION} \
-    export PYTHON_COMMAND=${PYTHON}
+                 --guid ${CAPSULE_GUID} \
-
+                 --index ${CAPSULE_INDEX} \
-    # Copy the firmware and the capsule config json to current directory
+                 --monotonic-count ${CAPSULE_MONOTONIC_COUNT} \
-    if [ -e ${CAPSULE_IMGLOCATION}/${UEFI_FIRMWARE_BINARY} ]; then
+                 --private-key ${CAPSULE_PRIVATE_KEY_PATH} \
-        cp ${CAPSULE_IMGLOCATION}/${UEFI_FIRMWARE_BINARY} . ;
+                 ${UEFI_FIRMWARE_BINARY} \
-    fi
+                 ${CAPSULE_IMGLOCATION}/${CAPSULE_NAME}.${CAPSULE_EXTENSION}
    export UEFI_FIRMWARE_BINARY=${UEFI_FIRMWARE_BINARY}
    envsubst < ${UEFI_CAPSULE_CONFIG} > ./${MACHINE}-capsule-update-image.json
    ${STAGING_DIR_NATIVE}/usr/bin/edk2-BaseTools/BinWrappers/PosixLike/GenerateCapsule \
    -e -o ${IMGDEPLOYDIR}/${UEFI_FIRMWARE_BINARY}.${CAPSULE_EXTENSION} -j \
    ${MACHINE}-capsule-update-image.json
    # Remove the firmware to avoid contamination of IMGDEPLOYDIR
    rm ${UEFI_FIRMWARE_BINARY}
 }
 # The firmware binary should be created before generating the capsule