Add capsules V2 changes to dasharo-25.12#904
Open
SergiiDmytruk wants to merge 21 commits into
Open
Conversation
Upstream-Status: Inappropriate [Dasharo downstream] Change-Id: Id1b33912eb0172b430dbf3bf3073a823aee8d4d2 Signed-off-by: Sergii Dmytruk <sergii.dmytruk@3mdeb.com>
This replaces CONFIG_EDK2_CAPSULE_ON_DISK_SUPPORT and CONFIG_EDK2_SHOW_CAPSULE_REPORT to avoid proliferation of trivial options which are always enabled together. Most wouldn't show up anywhere but build-system files. Similarly switch from specifying individual PCDs for EDK to passing a macro which will do the same but on the side of EDK. There is no need to bake this knowledge into coreboot's build system. Change-Id: I603c08d07c325e4d05b86edb6667694a21212c1d Upstream-Status: Inappropriate [Dasharo downstream] Signed-off-by: Sergii Dmytruk <sergii.dmytruk@3mdeb.com>
Change-Id: Iaccb60dedad5ea089f297968e7c0778b052d87de Upstream-Status: Inappropriate [Dasharo downstream] Signed-off-by: Sergii Dmytruk <sergii.dmytruk@3mdeb.com>
Change-Id: I2b89e14e9e4d554945eb6bccdb03778e03a16f7e Upstream-Status: Inappropriate [Dasharo downstream] Signed-off-by: Sergii Dmytruk <sergii.dmytruk@3mdeb.com>
Integrate the functionality of capsule_cabinet.sh into capsule.sh. Cabinets can now be created using `./capsule.sh create_cabinet capsule.cap`. Prior functionality and calls of capsule.sh remain unaffected. Change-Id: I5c9a2aec62722a665aaef10634d729461dca64c9 Upstream-Status: Inappropriate [Dasharo downstream] Signed-off-by: Filip Lewiński <filip.lewinski@3mdeb.com>
Add a command that allows uploading built cabinets to LVFS. Upstream-Status: Inappropriate [Dasharo downstream] Signed-off-by: Filip Lewiński <filip.lewinski@3mdeb.com>
…RESS The PCD flag has been obsoleted by recent changes that provide a fallback mechanism in the graphical path in case the GOP is not available (monitor is not plugged in) Upstream-Status: Inappropriate [Dasharo downstream] Change-Id: Iddfa6b6c4836ef3606e079a896b7b2e8da4ee715 Signed-off-by: Filip Lewiński <filip.lewinski@3mdeb.com>
Change-Id: I6af426d7fcb6eb4e403c995633127050bbef5028 Upstream-Status: Inappropriate [Dasharo downstream] Signed-off-by: Sergii Dmytruk <sergii.dmytruk@3mdeb.com>
Upon detecting that sealed capsules are enabled:
1. Force the use of test keys for signing a capsule with coreboot.rom
and drivers.
2. Wrap that capsule into another capsule signed with the user-supplied
keys.
3. Remove that first capsule.
Upstream-Status: Inappropriate [Dasharo downstream]
Change-Id: I80f7870439d92a657df23a2740579e1bb246b18e
Signed-off-by: Sergii Dmytruk <sergii.dmytruk@3mdeb.com>
* include sizes in two log lines of is_good_capsule_head() * spew addresses of SG blocks as they are processed Change-Id: I002747dcc8330076745dca8dafde04105c707312 Upstream-Status: Pending Signed-off-by: Sergii Dmytruk <sergii.dmytruk@3mdeb.com>
* This option prevents capsule.sh from generating capsules of a new kind to permit updates from a previous release. * Set the option for MSI boards. Change-Id: Ia87cb23c62f8b2296a332b3416367cb4ad931cee Upstream-Status: Inappropriate [Dasharo downstream] Signed-off-by: Sergii Dmytruk <sergii.dmytruk@3mdeb.com>
Upstream-Status: Inappropriate [Dasharo downstream] Change-Id: Iedbcfcbca5c048774ae66cd4cf4566500cd615e8 Signed-off-by: Sergii Dmytruk <sergii.dmytruk@3mdeb.com>
If CapsuleRootKey.inc exists and CONFIG_EDK2_CAPSULES_V2 is set, copy the file to EDK. This needs to be done as part of coreboot's build process because EDK's worktree doesn't exist right after cloning coreboot and there is no way to initialize it without building coreboot. This makes it impossible to provision EDK's key before the build without coreboot knowing about it at some level. Also reset DasharoPayloadPkg/CapsuleRootKey.inf in EDK if CONFIG_EDK2_CAPSULES_V2 is enabled, like it's already done for logos. Not adding the file to .gitignore so it's more visible to the user when present. Change-Id: I8b557c4ab239d61a5cef01928fda13b8417d54cb Upstream-Status: Inappropriate [Dasharo downstream] Signed-off-by: Sergii Dmytruk <sergii.dmytruk@3mdeb.com>
Change-Id: Ia9462cc4997dd04a17bc43d41fd3f8a08d318341 Upstream-Status: Inappropriate [Dasharo downstream] Signed-off-by: Sergii Dmytruk <sergii.dmytruk@3mdeb.com>
There was one outlier in this file. Upstream-Status: Inappropriate [Dasharo downstream] Change-Id: I3334d8eccaf64c57fc37580dce3d057938795427 Signed-off-by: Sergii Dmytruk <sergii.dmytruk@3mdeb.com>
…ates Check that `CONFIG_EDK2_CAPSULES_V2=y` is not added to `CONFIG_DRIVERS_EFI_UPDATE_CAPSULES=y` without `CONFIG_EDK2_CAPSULES_V2_TRANSITION=y`. Check that `CONFIG_EDK2_CAPSULES_V2_TRANSITION=y` doesn't live longer than one release cycle. Check that `CONFIG_EDK2_CAPSULES_V2_TRANSITION=y` is not added to `CONFIG_EDK2_CAPSULES_V2=y`. Check that `CONFIG_EDK2_CAPSULES_V2_TRANSITION=y` is not removed. Change-Id: I24a1fd41864983fff3f9dfa717a0e4a7505fecac Upstream-Status: Inappropriate [Dasharo downstream] Signed-off-by: Sergii Dmytruk <sergii.dmytruk@3mdeb.com>
They will reused by upcoming changes. Change-Id: Ie81e82f402e4c171f957a9b53b1e40dc559d19a4 Upstream-Status: Inappropriate [Dasharo downstream] Signed-off-by: Sergii Dmytruk <sergii.dmytruk@3mdeb.com>
Takes a capsule and signing keys, unpacks the capsule, then packs it back under a (likely) different name. Two functions were borrowed from a script in OSFV. Change-Id: I23157aaeedb4e1fdcfb10c5a0235acd571aa72b4 Upstream-Status: Inappropriate [Dasharo downstream] Co-authored-by: Filip Gołaś <filip.golas@3mdeb.com> Signed-off-by: Sergii Dmytruk <sergii.dmytruk@3mdeb.com>
This allows bundling capsule.sh with gencap/ created by `capsule.sh box` and use it standalone for resigning. Change-Id: Ia36460ce4ab510b1719a2560594529304a0fe3f0 Upstream-Status: Inappropriate [Dasharo downstream] Signed-off-by: Sergii Dmytruk <sergii.dmytruk@3mdeb.com>
Change-Id: I36bb570f2cf02c8f421298ef95e787cd91548d01 Upstream-Status: Inappropriate [Dasharo downstream] Signed-off-by: Sergii Dmytruk <sergii.dmytruk@3mdeb.com>
This option signifies missing implementation of tsc_freq_mhz() which results in tsc_freq_mhz() from src/arch/x86/timestamp.c returning zero. That zero in turn gets put into TIMESTAMP CBMEM table requiring payloads and user-space tools to figure the frequency on their own. Implement tsc_freq_mhz() to query timer frequency in coreboot, so it gets reported downstream. Change-Id: I88d1206c13f15a9f20c07b65dcec42ec614f7e6a Upstream-Status: Pending Signed-off-by: Sergii Dmytruk <sergii.dmytruk@3mdeb.com>
SergiiDmytruk
force-pushed
the
capsules-v2-25.12
branch
from
22bc7d8 to
f7198d9
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Many features were developed separately from
dasharooncapsules-v2branch, time to merge them into the main tree before doing releases with these features.In addition to that:
dasharobranch todasharo-stable202602: rebased EDK for rebased corebootref: dsh-1166