From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mga02.intel.com (mga02.intel.com [134.134.136.20]) (using TLSv1 with cipher CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 5E3091A1E21 for ; Mon, 29 Aug 2016 01:10:50 -0700 (PDT) Received: from orsmga002.jf.intel.com ([10.7.209.21]) by orsmga101.jf.intel.com with ESMTP; 29 Aug 2016 01:10:50 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.28,595,1464678000"; d="scan'208";a="1042786081" Received: from shwdeopenpsi168.ccr.corp.intel.com ([10.239.158.144]) by orsmga002.jf.intel.com with ESMTP; 29 Aug 2016 01:10:49 -0700 From: Yonghong Zhu To: edk2-devel@lists.01.org Cc: Liming Gao Date: Mon, 29 Aug 2016 16:10:46 +0800 Message-Id: <1472458246-117212-1-git-send-email-yonghong.zhu@intel.com> X-Mailer: git-send-email 2.6.1.windows.1 Subject: [Patch] BaseTools: UpdateImageSize include Image auth info for FMP Auth capsule X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 29 Aug 2016 08:10:50 -0000 Per UEFI spec UpdateImageSize may or may not include Firmware Image Authentication information. so for FMP auth capsule, UpdateImageSize should include the Image auth info. Cc: Liming Gao Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Yonghong Zhu --- BaseTools/Source/Python/GenFds/Capsule.py | 34 ++++++--------------------- BaseTools/Source/Python/GenFds/CapsuleData.py | 21 ++++++++++++++++- 2 files changed, 27 insertions(+), 28 deletions(-) diff --git a/BaseTools/Source/Python/GenFds/Capsule.py b/BaseTools/Source/Python/GenFds/Capsule.py index 93ecee1..c98c054 100644 --- a/BaseTools/Source/Python/GenFds/Capsule.py +++ b/BaseTools/Source/Python/GenFds/Capsule.py @@ -139,11 +139,10 @@ class Capsule (CapsuleClassObject) : PreSize += os.path.getsize(FileName) File = open(FileName, 'rb') Content.write(File.read()) File.close() for fmp in self.FmpPayloadList: - Buffer = fmp.GenCapsuleSubItem() if fmp.Certificate_Guid: ExternalTool, ExternalOption = FindExtendTool([], GenFdsGlobalVariable.ArchList, fmp.Certificate_Guid) CmdOption = '' CapInputFile = fmp.ImageFile if not os.path.isabs(fmp.ImageFile): @@ -160,37 +159,18 @@ class Capsule (CapsuleClassObject) : GenFdsGlobalVariable.CallExternalTool(CmdList, "Failed to generate FMP auth capsule") if uuid.UUID(fmp.Certificate_Guid) == EFI_CERT_TYPE_PKCS7_GUID: dwLength = 4 + 2 + 2 + 16 + os.path.getsize(CapOutputTmp) - os.path.getsize(CapInputFile) else: dwLength = 4 + 2 + 2 + 16 + 16 + 256 + 256 - Buffer += pack('Q', fmp.MonotonicCount) - Buffer += pack('I', dwLength) - Buffer += pack('H', WIN_CERT_REVISION) - Buffer += pack('H', WIN_CERT_TYPE_EFI_GUID) - Buffer += uuid.UUID(fmp.Certificate_Guid).get_bytes_le() - if os.path.exists(CapOutputTmp): - TmpFile = open(CapOutputTmp, 'rb') - Buffer += TmpFile.read() - TmpFile.close() - if fmp.VendorCodeFile: - VendorFile = open(fmp.VendorCodeFile, 'rb') - Buffer += VendorFile.read() - VendorFile.close() - FwMgrHdr.write(pack('=Q', PreSize)) - PreSize += len(Buffer) - Content.write(Buffer) + fmp.ImageFile = CapOutputTmp + AuthData = [fmp.MonotonicCount, dwLength, WIN_CERT_REVISION, WIN_CERT_TYPE_EFI_GUID, fmp.Certificate_Guid] + Buffer = fmp.GenCapsuleSubItem(AuthData) else: - ImageFile = open(fmp.ImageFile, 'rb') - Buffer += ImageFile.read() - ImageFile.close() - if fmp.VendorCodeFile: - VendorFile = open(fmp.VendorCodeFile, 'rb') - Buffer += VendorFile.read() - VendorFile.close() - FwMgrHdr.write(pack('=Q', PreSize)) - PreSize += len(Buffer) - Content.write(Buffer) + Buffer = fmp.GenCapsuleSubItem() + FwMgrHdr.write(pack('=Q', PreSize)) + PreSize += len(Buffer) + Content.write(Buffer) BodySize = len(FwMgrHdr.getvalue()) + len(Content.getvalue()) Header.write(pack('=I', HdrSize + BodySize)) # # The real capsule header structure is 28 bytes # diff --git a/BaseTools/Source/Python/GenFds/CapsuleData.py b/BaseTools/Source/Python/GenFds/CapsuleData.py index 5d5a1e4..07cc198 100644 --- a/BaseTools/Source/Python/GenFds/CapsuleData.py +++ b/BaseTools/Source/Python/GenFds/CapsuleData.py @@ -19,10 +19,11 @@ import Ffs from GenFdsGlobalVariable import GenFdsGlobalVariable import StringIO from struct import pack import os from Common.Misc import SaveFileOnChange +import uuid ## base class for capsule data # # class CapsuleData: @@ -181,14 +182,18 @@ class CapsulePayload(CapsuleData): self.ImageFile = None self.VendorCodeFile = None self.Certificate_Guid = None self.MonotonicCount = None - def GenCapsuleSubItem(self): + def GenCapsuleSubItem(self, AuthData=[]): if not self.Version: self.Version = 0x00000002 ImageFileSize = os.path.getsize(self.ImageFile) + if AuthData: + # the ImageFileSize need include the full authenticated info size. From first bytes of MonotonicCount to last bytes of certificate. + # the 32 bit is the MonotonicCount, dwLength, wRevision, wCertificateType and CertType + ImageFileSize += 32 VendorFileSize = 0 if self.VendorCodeFile: VendorFileSize = os.path.getsize(self.VendorCodeFile) # @@ -214,6 +219,20 @@ class CapsulePayload(CapsuleData): 0, ImageFileSize, VendorFileSize, int(self.HardwareInstance, 16) ) + if AuthData: + Buffer += pack('QIHH', AuthData[0], AuthData[1], AuthData[2], AuthData[3]) + Buffer += uuid.UUID(AuthData[4]).get_bytes_le() + + # + # Append file content to the structure + # + ImageFile = open(self.ImageFile, 'rb') + Buffer += ImageFile.read() + ImageFile.close() + if self.VendorCodeFile: + VendorFile = open(self.VendorCodeFile, 'rb') + Buffer += VendorFile.read() + VendorFile.close() return Buffer -- 2.6.1.windows.1