From patchwork Tue Apr 16 16:14:44 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: bence.balogh@arm.com X-Patchwork-Id: 42540 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id BEDFDC04FF6 for ; Tue, 16 Apr 2024 16:15:04 +0000 (UTC) Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by mx.groups.io with SMTP id smtpd.web10.25353.1713284096837072744 for ; Tue, 16 Apr 2024 09:14:56 -0700 Authentication-Results: mx.groups.io; dkim=none (message not signed); spf=pass (domain: arm.com, ip: 217.140.110.172, mailfrom: bence.balogh@arm.com) Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id A1554DA7; Tue, 16 Apr 2024 09:15:24 -0700 (PDT) Received: from e126523.budapest.arm.com (e126523.budapest.arm.com [10.45.26.201]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id E617F3F792; Tue, 16 Apr 2024 09:14:55 -0700 (PDT) From: bence.balogh@arm.com To: meta-arm@lists.yoctoproject.org Cc: Bence Balogh Subject: [PATCH 1/3] arm-bsp/corstone1000-flash-firmware-image: add nopt generation Date: Tue, 16 Apr 2024 18:14:44 +0200 Message-Id: <20240416161446.217376-2-bence.balogh@arm.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20240416161446.217376-1-bence.balogh@arm.com> References: <20240416161446.217376-1-bence.balogh@arm.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 16 Apr 2024 16:15:04 -0000 X-Groupsio-URL: https://lists.yoctoproject.org/g/meta-arm/message/5551 From: Bence Balogh The .nopt image is used during the UEFI Update Capsule generation. This .nopt image was generated manually when it was needed. Signed-off-by: Bence Balogh --- .../images/corstone1000-flash-firmware-image.bb | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/meta-arm-bsp/recipes-bsp/images/corstone1000-flash-firmware-image.bb b/meta-arm-bsp/recipes-bsp/images/corstone1000-flash-firmware-image.bb index 73fc1766..5238d1d3 100644 --- a/meta-arm-bsp/recipes-bsp/images/corstone1000-flash-firmware-image.bb +++ b/meta-arm-bsp/recipes-bsp/images/corstone1000-flash-firmware-image.bb @@ -38,6 +38,11 @@ RE_LAYOUT_WRAPPER_VERSION = "0.0.7" TFM_SIGN_PRIVATE_KEY = "${libdir}/tfm-scripts/root-RSA-3072_1.pem" RE_IMAGE_OFFSET = "0x1000" +# Offsets for the .nopt image generation +TFM_OFFSET = "102400" +FIP_OFFSET = "479232" +KERNEL_OFFSET = "2576384" + do_sign_images() { # Sign TF-A BL2 sign_host_image ${RECIPE_SYSROOT}/firmware/${TFA_BL2_BINARY} \ @@ -56,3 +61,15 @@ do_sign_images() { do_sign_images[depends] = "\ fiptool-native:do_populate_sysroot \ " + +# This .nopt image is not the same as the one which is generated by meta-arm/meta-arm/classes/wic_nopt.bbclass. +# The meta-arm/meta-arm/classes/wic_nopt.bbclass removes the partition table from the wic image, but keeps the +# second bank. This function creates a no-partition image with only the first bank. +create_nopt_image() { + dd conv=notrunc bs=1 if=${DEPLOY_DIR_IMAGE}/bl2_signed.bin of=${B}/${MACHINE}_image.nopt + dd conv=notrunc bs=1 if=${DEPLOY_DIR_IMAGE}/tfm_s_signed.bin of=${B}/${MACHINE}_image.nopt seek=${TFM_OFFSET} + dd conv=notrunc bs=1 if=${DEPLOY_DIR_IMAGE}/signed_fip-corstone1000.bin of=${B}/${MACHINE}_image.nopt seek=${FIP_OFFSET} + dd conv=notrunc bs=1 if=${DEPLOY_DIR_IMAGE}/Image.gz-initramfs-${MACHINE}.bin of=${B}/${MACHINE}_image.nopt seek=${KERNEL_OFFSET} +} +create_nopt_image[depends] += "mc:firmware:linux-yocto:do_deploy" +do_image_uefi_capsule[prefuncs] += "create_nopt_image" From patchwork Tue Apr 16 16:14:45 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: bence.balogh@arm.com X-Patchwork-Id: 42542 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id CD657C04FFF for ; Tue, 16 Apr 2024 16:15:04 +0000 (UTC) Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by mx.groups.io with SMTP id smtpd.web11.24984.1713284097956763977 for ; Tue, 16 Apr 2024 09:14:58 -0700 Authentication-Results: mx.groups.io; dkim=none (message not signed); spf=pass (domain: arm.com, ip: 217.140.110.172, mailfrom: bence.balogh@arm.com) Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id A6E0C339; Tue, 16 Apr 2024 09:15:25 -0700 (PDT) Received: from e126523.budapest.arm.com (e126523.budapest.arm.com [10.45.26.201]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id CE3D73F792; Tue, 16 Apr 2024 09:14:56 -0700 (PDT) From: bence.balogh@arm.com To: meta-arm@lists.yoctoproject.org Cc: Bence Balogh Subject: [PATCH 2/3] arm/uefi_capsule: use U-Boot for capsule generation Date: Tue, 16 Apr 2024 18:14:45 +0200 Message-Id: <20240416161446.217376-3-bence.balogh@arm.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20240416161446.217376-1-bence.balogh@arm.com> References: <20240416161446.217376-1-bence.balogh@arm.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 16 Apr 2024 16:15:04 -0000 X-Groupsio-URL: https://lists.yoctoproject.org/g/meta-arm/message/5552 From: Bence Balogh Currently, only the Corstone-1000 platform uses the capsule generation class. Corstone-1000 uses U-Boot instead of EDK2. With this change, the dependency on EDK2 was removed. Signed-off-by: Bence Balogh --- kas/corstone1000-image-configuration.yml | 5 ++ .../corstone1000-firmware-deploy-image.inc | 2 +- .../corstone1000-flash-firmware-image.bb | 26 ++++++++-- ...h-firmware-image-capsule-update-image.json | 11 ----- meta-arm/classes/uefi_capsule.bbclass | 49 +++++++++---------- 5 files changed, 52 insertions(+), 41 deletions(-) delete mode 100644 meta-arm-bsp/recipes-bsp/images/files/corstone1000-flash-firmware-image-capsule-update-image.json diff --git a/kas/corstone1000-image-configuration.yml b/kas/corstone1000-image-configuration.yml index 2b285223..01360484 100644 --- a/kas/corstone1000-image-configuration.yml +++ b/kas/corstone1000-image-configuration.yml @@ -38,3 +38,8 @@ local_conf_header: # TS PSA API tests commands for crypto, its, ps and iat CORE_IMAGE_EXTRA_INSTALL += "packagegroup-ts-tests-psa" + + capsule: | + CAPSULE_EXTENSION = "uefi.capsule" + CAPSULE_FW_VERSION = "6" + CAPSULE_NAME = "${MACHINE}-v${CAPSULE_FW_VERSION}" diff --git a/meta-arm-bsp/recipes-bsp/images/corstone1000-firmware-deploy-image.inc b/meta-arm-bsp/recipes-bsp/images/corstone1000-firmware-deploy-image.inc index 2d192745..f959573d 100644 --- a/meta-arm-bsp/recipes-bsp/images/corstone1000-firmware-deploy-image.inc +++ b/meta-arm-bsp/recipes-bsp/images/corstone1000-firmware-deploy-image.inc @@ -3,7 +3,7 @@ COMPATIBLE_MACHINE = "corstone1000" FIRMWARE_BINARIES = "corstone1000-flash-firmware-image-${MACHINE}.wic \ bl1.bin \ es_flashfw.bin \ - corstone1000-flash-firmware-image-${MACHINE}.wic.uefi.capsule \ + ${CAPSULE_NAME}.${CAPSULE_EXTENSION} \ corstone1000_capsule_cert.crt \ corstone1000_capsule_key.key \ " diff --git a/meta-arm-bsp/recipes-bsp/images/corstone1000-flash-firmware-image.bb b/meta-arm-bsp/recipes-bsp/images/corstone1000-flash-firmware-image.bb index 5238d1d3..0f5ae011 100644 --- a/meta-arm-bsp/recipes-bsp/images/corstone1000-flash-firmware-image.bb +++ b/meta-arm-bsp/recipes-bsp/images/corstone1000-flash-firmware-image.bb @@ -12,10 +12,12 @@ IMAGE_FSTYPES = "wic uefi_capsule" inherit image inherit tfm_sign_image inherit uefi_capsule +inherit deploy DEPENDS += "external-system \ trusted-firmware-a \ trusted-firmware-m \ + u-boot \ " IMAGE_FEATURES = "" @@ -23,9 +25,21 @@ IMAGE_LINGUAS = "" PACKAGE_INSTALL = "" -UEFI_FIRMWARE_BINARY = "${IMAGE_LINK_NAME}.${CAPSULE_IMGTYPE}" -UEFI_CAPSULE_CONFIG = "${THISDIR}/files/${PN}-capsule-update-image.json" -CAPSULE_IMGTYPE = "wic" +# The generated ${MACHINE}_image.nopt is used instead of the default wic image +# for the capsule generation. The uefi.capsule image type doesn't have to +# depend on the wic because of this. +# +# The corstone1000_capsule_cert.crt and corstone1000_capsule_key.key are installed +# by the U-Boot recipe so this recipe has to depend on that. +CAPSULE_IMGTYPE = "" +CAPSULE_CERTIFICATE_PATH = "${DEPLOY_DIR_IMAGE}/corstone1000_capsule_cert.crt" +CAPSULE_GUID:corstone1000-fvp ?= "989f3a4e-46e0-4cd0-9877-a25c70c01329" +CAPSULE_GUID:corstone1000-mps3 ?= "df1865d1-90fb-4d59-9c38-c9f2c1bba8cc" +CAPSULE_IMGLOCATION = "${DEPLOY_DIR_IMAGE}" +CAPSULE_INDEX = "1" +CAPSULE_MONOTONIC_COUNT = "1" +CAPSULE_PRIVATE_KEY_PATH = "${DEPLOY_DIR_IMAGE}/corstone1000_capsule_key.key" +UEFI_FIRMWARE_BINARY = "${B}/${MACHINE}_image.nopt" # TF-A settings for signing host images TFA_BL2_BINARY = "bl2-corstone1000.bin" @@ -73,3 +87,9 @@ create_nopt_image() { } create_nopt_image[depends] += "mc:firmware:linux-yocto:do_deploy" do_image_uefi_capsule[prefuncs] += "create_nopt_image" + +do_deploy() { + install -m 0755 ${B}/${MACHINE}_image.nopt ${DEPLOYDIR} +} + +addtask deploy after do_image_uefi_capsule diff --git a/meta-arm-bsp/recipes-bsp/images/files/corstone1000-flash-firmware-image-capsule-update-image.json b/meta-arm-bsp/recipes-bsp/images/files/corstone1000-flash-firmware-image-capsule-update-image.json deleted file mode 100644 index 0f011ff7..00000000 --- a/meta-arm-bsp/recipes-bsp/images/files/corstone1000-flash-firmware-image-capsule-update-image.json +++ /dev/null @@ -1,11 +0,0 @@ -{ - "Payloads": [ - { - "FwVersion": "5", - "Guid": "e2bb9c06-70e9-4b14-97a3-5a7913176e3f", - "LowestSupportedVersion": "1", - "Payload": "$UEFI_FIRMWARE_BINARY", - "UpdateImageIndex": "0" - } - ] -} diff --git a/meta-arm/classes/uefi_capsule.bbclass b/meta-arm/classes/uefi_capsule.bbclass index 690e7af4..a0709c0f 100644 --- a/meta-arm/classes/uefi_capsule.bbclass +++ b/meta-arm/classes/uefi_capsule.bbclass @@ -1,13 +1,10 @@ # This class generates UEFI capsules # The current class supports generating a capsule with single firmware binary -DEPENDS += "gettext-native" -inherit python3native - IMAGE_TYPES += "uefi_capsule" -# edk2 base tools should be installed in the native sysroot directory -do_image_uefi_capsule[depends] += "edk2-basetools-native:do_populate_sysroot" +# u-boot-tools should be installed in the native sysroot directory +do_image_uefi_capsule[depends] += "u-boot-tools-native:do_populate_sysroot" # By default the wic image is used to create a capsule CAPSULE_IMGTYPE ?= "wic" @@ -18,37 +15,37 @@ CAPSULE_IMGLOCATION ?= "${IMGDEPLOYDIR}" # The generated capsule by default has uefi.capsule extension CAPSULE_EXTENSION ?= "uefi.capsule" +# The generated capsule's name by default is the same as UEFI_FIRMWARE_BINARY +CAPSULE_NAME ?= "${UEFI_FIRMWARE_BINARY}" + # The following variables must be set to be able to generate a capsule update +CAPSULE_CERTIFICATE_PATH ?= "" +CAPSULE_FW_VERSION ?= "" +CAPSULE_GUID ?= "" +CAPSULE_INDEX ?= "" +CAPSULE_MONOTONIC_COUNT ?= "" +CAPSULE_PRIVATE_KEY_PATH ?= "" UEFI_FIRMWARE_BINARY ?= "" -UEFI_CAPSULE_CONFIG ?= "" # Check if the required variables are set python() { - for var in ["UEFI_FIRMWARE_BINARY", "UEFI_CAPSULE_CONFIG"]: + for var in ["CAPSULE_CERTIFICATE_PATH", "CAPSULE_FW_VERSION", \ + "CAPSULE_GUID", "CAPSULE_INDEX", \ + "CAPSULE_MONOTONIC_COUNT", "CAPSULE_PRIVATE_KEY_PATH", \ + "UEFI_FIRMWARE_BINARY"]: if not d.getVar(var): raise bb.parse.SkipRecipe(f"{var} not set") } IMAGE_CMD:uefi_capsule(){ - - # Force the GenerateCapsule script to use python3 - export PYTHON_COMMAND=${PYTHON} - - # Copy the firmware and the capsule config json to current directory - if [ -e ${CAPSULE_IMGLOCATION}/${UEFI_FIRMWARE_BINARY} ]; then - cp ${CAPSULE_IMGLOCATION}/${UEFI_FIRMWARE_BINARY} . ; - fi - - export UEFI_FIRMWARE_BINARY=${UEFI_FIRMWARE_BINARY} - envsubst < ${UEFI_CAPSULE_CONFIG} > ./${MACHINE}-capsule-update-image.json - - ${STAGING_DIR_NATIVE}/usr/bin/edk2-BaseTools/BinWrappers/PosixLike/GenerateCapsule \ - -e -o ${IMGDEPLOYDIR}/${UEFI_FIRMWARE_BINARY}.${CAPSULE_EXTENSION} -j \ - ${MACHINE}-capsule-update-image.json - - # Remove the firmware to avoid contamination of IMGDEPLOYDIR - rm ${UEFI_FIRMWARE_BINARY} - + mkeficapsule --certificate ${CAPSULE_CERTIFICATE_PATH} \ + --fw-version ${CAPSULE_FW_VERSION} \ + --guid ${CAPSULE_GUID} \ + --index ${CAPSULE_INDEX} \ + --monotonic-count ${CAPSULE_MONOTONIC_COUNT} \ + --private-key ${CAPSULE_PRIVATE_KEY_PATH} \ + ${UEFI_FIRMWARE_BINARY} \ + ${CAPSULE_IMGLOCATION}/${CAPSULE_NAME}.${CAPSULE_EXTENSION} } # The firmware binary should be created before generating the capsule From patchwork Tue Apr 16 16:14:46 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: bence.balogh@arm.com X-Patchwork-Id: 42541 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id A7EBEC4345F for ; Tue, 16 Apr 2024 16:15:04 +0000 (UTC) Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by mx.groups.io with SMTP id smtpd.web10.25355.1713284099052888564 for ; Tue, 16 Apr 2024 09:14:59 -0700 Authentication-Results: mx.groups.io; dkim=none (message not signed); spf=pass (domain: arm.com, ip: 217.140.110.172, mailfrom: bence.balogh@arm.com) Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id E1AC5DA7; Tue, 16 Apr 2024 09:15:26 -0700 (PDT) Received: from e126523.budapest.arm.com (e126523.budapest.arm.com [10.45.26.201]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id E42E33F792; Tue, 16 Apr 2024 09:14:57 -0700 (PDT) From: bence.balogh@arm.com To: meta-arm@lists.yoctoproject.org Cc: Bence Balogh Subject: [PATCH 3/3] arm-bsp/documentation: corstone1000: update capsule generation steps Date: Tue, 16 Apr 2024 18:14:46 +0200 Message-Id: <20240416161446.217376-4-bence.balogh@arm.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20240416161446.217376-1-bence.balogh@arm.com> References: <20240416161446.217376-1-bence.balogh@arm.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 16 Apr 2024 16:15:04 -0000 X-Groupsio-URL: https://lists.yoctoproject.org/g/meta-arm/message/5553 From: Bence Balogh The .nopt and capsule are generated during the yocto build. Sync the documentation with the changes. Signed-off-by: Bence Balogh --- .../documentation/corstone1000/user-guide.rst | 95 ++++++++----------- 1 file changed, 37 insertions(+), 58 deletions(-) diff --git a/meta-arm-bsp/documentation/corstone1000/user-guide.rst b/meta-arm-bsp/documentation/corstone1000/user-guide.rst index 06353b5d..778e0113 100644 --- a/meta-arm-bsp/documentation/corstone1000/user-guide.rst +++ b/meta-arm-bsp/documentation/corstone1000/user-guide.rst @@ -692,24 +692,6 @@ incorrect capsule (corrupted or outdated) which fails to boot to the host softwa Check the "Run SystemReady-IR ACS tests" section above to download and unpack the ACS image file - ``ir-acs-live-image-generic-arm64.wic.xz`` - -Download u-boot under <_workspace> and install tools: - -:: - - git clone https://github.com/u-boot/u-boot.git - cd u-boot - git checkout 83aa0ed1e93e1ffac24888d98d37a5b04ed3fb07 - make tools-only_defconfig - make tools-only - -**NOTE:** The following error could happen if the linux build system does not have "libgnutls28-dev". - **error: "tools/mkeficapsule.c:21:10: fatal error: gnutls/gnutls.h: No such file or directory"**. If that's the case please install libgnutls28-dev and its dependencies by using the following command. - -:: - - sudo apt-get install -y libgnutls28-dev - Download systemready-patch repo under <_workspace>: :: @@ -719,51 +701,48 @@ Download systemready-patch repo under <_workspace>: Generating Capsules ******************* -Generating FPGA Capsules -======================== +A no-partition image is created during the Yocto build. An update capsule is generated using this ``.nopt`` image. +This can be found in ``build/tmp_corstone1000-/deploy/images/corstone1000-/corstone1000-_image.nopt``. +The capsule's default metadata (name, version, etc.) can be found in ``meta-arm/meta-arm-bsp/recipes-bsp/images/corstone1000-flash-firmware-image.bb`` +and ``meta-arm/kas/corstone1000-image-configuration.yml``. -:: +FPGA Capsules +============= - cd <_workspace>/build/tmp/deploy/images/corstone1000-mps3/ - sh <_workspace>/systemready-patch/embedded-a/corstone1000/capsule_gen/capsule_gen.sh -d mps3 - -This will generate a file called "corstone1000_image.nopt" which will be used to -generate a UEFI capsule. +The generated capsule can be found in ``build/tmp_corstone1000-mps3/deploy/images/corstone1000-mps3/corstone1000-mps3-v6.uefi.capsule``. +If a new capsule has to be generated with different metadata, then it can be done by using the ``u-boot-tools`` and the previously +created ``.nopt`` image. +For example a capsule for the negative update test scenario, if the host's architecture is x86_64: :: cd <_workspace> - ./u-boot/tools/mkeficapsule --monotonic-count 1 --private-key build/tmp/deploy/images/corstone1000-mps3/corstone1000_capsule_key.key \ + ./build/tmp/sysroots-components/x86_64/u-boot-tools-native/usr/bin/mkeficapsule --monotonic-count 1 \ + --private-key build/tmp/deploy/images/corstone1000-mps3/corstone1000_capsule_key.key \ --certificate build/tmp/deploy/images/corstone1000-mps3/corstone1000_capsule_cert.crt --index 1 --guid df1865d1-90fb-4d59-9c38-c9f2c1bba8cc \ - --fw-version 6 build/tmp/deploy/images/corstone1000-mps3/corstone1000_image.nopt cs1k_cap_mps3_v6 + --fw-version 5 build/tmp_corstone1000-mps3/deploy/images/corstone1000-mps3/corstone1000-mps3_image.nopt corstone1000-mps3-v5.uefi.capsule - ./u-boot/tools/mkeficapsule --monotonic-count 1 --private-key build/tmp/deploy/images/corstone1000-mps3/corstone1000_capsule_key.key \ - --certificate build/tmp/deploy/images/corstone1000-mps3/corstone1000_capsule_cert.crt --index 1 --guid df1865d1-90fb-4d59-9c38-c9f2c1bba8cc \ - --fw-version 5 build/tmp/deploy/images/corstone1000-mps3/corstone1000_image.nopt cs1k_cap_mps3_v5 +This command will put the newly generated capsule to the ``<_workspace>`` directory. Generating FVP Capsules ======================= -:: - - cd <_workspace>/build/tmp/deploy/images/corstone1000-fvp/ - sh <_workspace>/systemready-patch/embedded-a/corstone1000/capsule_gen/capsule_gen.sh -d fvp - -This will generate a file called "corstone1000_image.nopt" which will be used to -generate a UEFI capsule. +The generated capsule can be found in ``build/tmp_corstone1000-fvp/deploy/images/corstone1000-fvp/corstone1000-fvp-v6.uefi.capsule``. +If a new capsule has to be generated with different metadata, then it can be done by using the ``u-boot-tools`` and the previously +created ``.nopt`` image. +For example a capsule for the negative update test scenario, if the host's architecture is x86_64: :: cd <_workspace> - ./u-boot/tools/mkeficapsule --monotonic-count 1 --private-key build/tmp/deploy/images/corstone1000-fvp/corstone1000_capsule_key.key \ - --certificate build/tmp/deploy/images/corstone1000-fvp/corstone1000_capsule_cert.crt --index 1 --guid 989f3a4e-46e0-4cd0-9877-a25c70c01329 \ - --fw-version 6 build/tmp/deploy/images/corstone1000-fvp/corstone1000_image.nopt cs1k_cap_fvp_v6 - ./u-boot/tools/mkeficapsule --monotonic-count 1 --private-key build/tmp/deploy/images/corstone1000-fvp/corstone1000_capsule_key.key \ + ./build/tmp/sysroots-components/x86_64/u-boot-tools-native/usr/bin/mkeficapsule --monotonic-count 1 \ + --private-key build/tmp/deploy/images/corstone1000-fvp/corstone1000_capsule_key.key \ --certificate build/tmp/deploy/images/corstone1000-fvp/corstone1000_capsule_cert.crt --index 1 --guid 989f3a4e-46e0-4cd0-9877-a25c70c01329 \ - --fw-version 5 build/tmp/deploy/images/corstone1000-fvp/corstone1000_image.nopt cs1k_cap_fvp_v5 + --fw-version 5 build/tmp_corstone1000-fvp/deploy/images/corstone1000-fvp/corstone1000-fvp_image.nopt corstone1000-fvp-v5.uefi.capsule +This command will put the newly generated capsule to the ``<_workspace>`` directory. Common Notes for FVP and FPGA ============================= @@ -782,15 +761,15 @@ Copying the FPGA capsules ========================= The user should prepare a USB stick as explained in ACS image section `FPGA instructions for ACS image`_. -Place the generated ``cs1k_cap`` files in the root directory of the boot partition -in the USB stick. Note: As we are running the direct method, the ``cs1k_cap`` file +Place the generated ``corstone1000-mps3-v<5/6>.uefi.capsule`` files in the root directory of the boot partition +in the USB stick. Note: As we are running the direct method, the ``corstone1000-mps3-v<5/6>.uefi.capsule`` files should not be under the EFI/UpdateCapsule directory as this may or may not trigger the on disk method. :: - sudo cp cs1k_cap_mps3_v6 /BOOT/ - sudo cp cs1k_cap_mps3_v5 /BOOT/ + sudo cp /corstone1000-mps3-v6.uefi.capsule /BOOT/ + sudo cp /corstone1000-mps3-v5.uefi.capsule /BOOT/ sync Copying the FVP capsules @@ -807,8 +786,8 @@ Then, copy the capsules: :: - sudo cp cs1k_cap_fvp_v6 /mnt/test/ - sudo cp cs1k_cap_fvp_v5 /mnt/test/ + sudo cp /corstone1000-fvp-v6.uefi.capsule /mnt/test/ + sudo cp /corstone1000-fvp-v5.uefi.capsule /mnt/test/ sync Then, unmount the IR image: @@ -823,8 +802,13 @@ Then, unmount the IR image: Performing the capsule update ****************************** -During this section we will be using the capsule with the higher version (cs1k_cap__v6) for the positive scenario -and the capsule with the lower version (cs1k_cap__v5) for the negative scenario. +During this section we will be using the capsule with the higher version (``corstone1000--v6.uefi.capsule``) for the positive scenario +and the capsule with the lower version (``corstone1000--v5.uefi.capsule``) for the negative scenario. + +Running the FPGA with the IR prebuilt image +=========================================== + +Insert the prepared USB stick then Power cycle the MPS3 board. Running the FVP with the IR prebuilt image ========================================== @@ -837,11 +821,6 @@ Run the FVP with the IR prebuilt image: **NOTE:** must start from the root directory. make sure there are no spaces before or after of "=". board.msd_mmc.p_mmc_file=/ir-acs-live-image-generic-arm64.wic. -Running the FPGA with the IR prebuilt image -=========================================== - -Insert the prepared USB stick then Power cycle the MPS3 board. - Executing capsule update for FVP and FPGA ========================================= @@ -861,7 +840,7 @@ In case of the positive scenario run the update with the higher version capsule :: - EFI/BOOT/app/CapsuleApp.efi cs1k_cap__v6 + EFI/BOOT/app/CapsuleApp.efi corstone1000--v6.uefi.capsule After successfully updating the capsule the system will reset. @@ -869,7 +848,7 @@ In case of the negative scenario run the update with the lower version capsule a :: - EFI/BOOT/app/CapsuleApp.efi cs1k_cap__v5 + EFI/BOOT/app/CapsuleApp.efi corstone1000--v5.uefi.capsule The command above should fail and in the TF-M logs the following message should appear: