From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received-SPF: Pass (sender SPF authorized) identity=mailfrom; client-ip=192.55.52.151; helo=mga17.intel.com; envelope-from=michael.d.kinney@intel.com; receiver=edk2-devel@lists.01.org Received: from mga17.intel.com (mga17.intel.com [192.55.52.151]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id C67E720986ADD for ; Mon, 16 Jul 2018 00:09:34 -0700 (PDT) X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga008.fm.intel.com ([10.253.24.58]) by fmsmga107.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 16 Jul 2018 00:09:34 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.51,360,1526367600"; d="scan'208";a="55299325" Received: from mdkinney-mobl2.amr.corp.intel.com ([10.252.140.135]) by fmsmga008.fm.intel.com with ESMTP; 16 Jul 2018 00:09:25 -0700 From: "Kinney, Michael D" To: edk2-devel@lists.01.org Cc: Michael D Kinney Date: Mon, 16 Jul 2018 00:09:19 -0700 Message-Id: <20180716070919.15228-1-michael.d.kinney@intel.com> X-Mailer: git-send-email 2.14.2.windows.3 Subject: [staging/FmpDevicePkg-UDK2018] staging/FmpDevicePkg-UDK2018: Update Readme.MD for new branch X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.27 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 16 Jul 2018 07:09:35 -0000 Update Readme.MD for the FmpDevicePkg-UDK2018 branch in the edk2-staging repository. Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Michael D Kinney --- CryptoPkg/Library/OpensslLib/openssl | 2 +- Readme.md | 159 +++++++++++++++++++++++++++++++++++ 2 files changed, 160 insertions(+), 1 deletion(-) diff --git a/CryptoPkg/Library/OpensslLib/openssl b/CryptoPkg/Library/OpensslLib/openssl index b2758a2292..d4e4bd2a81 160000 --- a/CryptoPkg/Library/OpensslLib/openssl +++ b/CryptoPkg/Library/OpensslLib/openssl @@ -1 +1 @@ -Subproject commit b2758a2292aceda93e9f44c219b94fe21bb9a650 +Subproject commit d4e4bd2a8163f355fa8a3884077eaec7adc75ff7 diff --git a/Readme.md b/Readme.md index 1ef0780ee0..300047b435 100644 --- a/Readme.md +++ b/Readme.md @@ -27,3 +27,162 @@ are listed in [Maintainers.txt](Maintainers.txt). * [Mailing Lists](https://github.com/tianocore/tianocore.github.io/wiki/Mailing-Lists) * [TianoCore Bugzilla](https://bugzilla.tianocore.org) * [How To Contribute](https://github.com/tianocore/tianocore.github.io/wiki/How-To-Contribute) + +# FmpDevicePkg-UDK2018 edk2-staging branch + +The FmpDevicePkg provides a simple method to support UEFI Capsules for firmware +update of system firmware or devices using the Firmware Management Protocol. + +The content in this edk2-staging branch is based on content from the following: + + https://github.com/Microsoft/MS_UEFI/tree/share/MsCapsuleSupport/MsCapsuleUpdatePkg + +The Firmware Management Protocol advertises that a component supports a firmware +update using a UEFI capsule. The FmpDevicePkg provides library classes and PCDs +used to customize the behavior of a Firmware Management Protocol instance. + +## Goals +The goal of this branch in edk2-staging is to provide a version of the source +code that can be used to validate the functionality before it is added to +edk2/master. The target date for integration into edk2/master is early August +2018. + +## Developers +* Michael D Kinney +* Sean Brogan +* Jiewen Yao +* Yonghong Zhu +* Liming Gao +* Ruiyu Ni +* Star Zeng +* Eric Dong +* David Wei +* Mang Guo + +## Library Classes +* FmpDeviceLib - Provides firmware device specific services + to support updates of a firmware image stored in a firmware + device. +* CapsuleUpdatePolicyLib - Provides platform policy services + used during a capsule update. +* FmpPayloadHeaderLib - Provides services to retrieve values + from a capsule's FMP Payload Header. The structure is not + included in the library class. Instead, services are + provided to retrieve information from the FMP Payload Header. + If information is added to the FMP Payload Header, then new + services may be added to this library class to retrieve the + new information. + +## PCDs set per module +* PcdFmpDeviceSystemResetRequired - Indicates if a full + system reset is required before a firmware update to a + firmware devices takes effect +* PcdFmpDeviceTestKeySha256Digest - The SHA-256 hash of a + PKCS7 test key that is used to detect if a test key is + being used to authenticate capsules. Test key detection + is disabled by setting the value to {0}. +* PcdFmpDeviceProgressColor - The color of the progress bar + during a firmware update. +* PcdFmpDeviceImageIdName - The Null-terminated Unicode + string used to fill in the ImageIdName field of the + EFI_FIRMWARE_IMAGE_DESCRIPTOR structure that is returned + by the GetImageInfo() service of the Firmware Management + Protocol for the firmware device. +* PcdFmpDeviceBuildTimeLowestSupportedVersion - The build + time value used to fill in the LowestSupportedVersion field + of the EFI_FIRMWARE_IMAGE_DESCRIPTOR structure that is + returned by the GetImageInfo() service of the Firmware + Management Protocol. +* PcdFmpDeviceProgressWatchdogTimeInSeconds - The time in + seconds to arm a watchdog timer during the update of a + firmware device. + +## PCDs set per module or for entire platform +* PcdFmpDevicePkcs7CertBufferXdr - One or more PKCS7 + certificates used to verify a firmware device capsule + update image. +* PcdFmpDeviceLockEventGuid - An event GUID that locks + the firmware device when the event is signaled. + +## GenerateCapsule tool to create UEFI Capsules +* GenerateCapsule is a new standalone tool that is used to create a UEFI + capsule that can be processed by an FmpDxe module from the FmpDevicePkg. + +``` + usage: GenerateCapsule [-h] [-o OUTPUTFILE] (-e | -d | --dump-info) + [--capflag {PersistAcrossReset,PopulateSystemTable,InitiateReset}] + [--capoemflag CAPSULEOEMFLAG] [--guid GUID] + [--hardware-instance HARDWAREINSTANCE] + [--monotonic-count MONOTONICCOUNT] + [--fw-version FWVERSION] [--lsv LOWESTSUPPORTEDVERSION] + [--pfx-file SIGNTOOLPFXFILE] + [--signer-private-cert OPENSSLSIGNERPRIVATECERTFILE] + [--other-public-cert OPENSSLOTHERPUBLICCERTFILE] + [--trusted-public-cert OPENSSLTRUSTEDPUBLICCERTFILE] + [--signing-tool-path SIGNINGTOOLPATH] [--version] [-v] + [-q] [--debug [0-9]] + InputFile +``` + +``` + Generate a capsule. Copyright (c) 2018, Intel Corporation. All rights + reserved. + + positional arguments: + InputFile Input binary payload filename. + + optional arguments: + -h, --help show this help message and exit + -o OUTPUTFILE, --output OUTPUTFILE + Output filename. + -e, --encode Encode file + -d, --decode Decode file + --dump-info Display FMP Payload Header information + --capflag {PersistAcrossReset,PopulateSystemTable,InitiateReset} + Capsule flag can be PersistAcrossReset, or + PopulateSystemTable or InitiateReset or not set + --capoemflag CAPSULEOEMFLAG + Capsule OEM Flag is an integer between 0x0000 and + 0xffff. + --guid GUID The FMP/ESRT GUID in registry format. Required for + encode operations. + --hardware-instance HARDWAREINSTANCE + The 64-bit hardware instance. The default is + 0x0000000000000000 + --monotonic-count MONOTONICCOUNT + 64-bit monotonic count value in header. Default is + 0x0000000000000000. + --fw-version FWVERSION + The 32-bit version of the binary payload (e.g. + 0x11223344 or 5678). + --lsv LOWESTSUPPORTEDVERSION + The 32-bit lowest supported version of the binary + payload (e.g. 0x11223344 or 5678). + --pfx-file SIGNTOOLPFXFILE + signtool PFX certificate filename. + --signer-private-cert OPENSSLSIGNERPRIVATECERTFILE + OpenSSL signer private certificate filename. + --other-public-cert OPENSSLOTHERPUBLICCERTFILE + OpenSSL other public certificate filename. + --trusted-public-cert OPENSSLTRUSTEDPUBLICCERTFILE + OpenSSL trusted public certificate filename. + --signing-tool-path SIGNINGTOOLPATH + Path to signtool or OpenSSL tool. Optional if path to + tools are already in PATH. + --version show program's version number and exit + -v, --verbose Turn on verbose output with informational messages + printed, including capsule headers and warning + messages. + -q, --quiet Disable all messages except fatal errors. + --debug [0-9] Set debug level +``` + +## Vlv2TbltDevicePkg Platform +* Support system firmware update +* Support device firmware device update for three sample devices (Red, Green, Blue) + +## Validation Plans + +## Documentation Links +* [FmpDevicewPkg High Level Design Overview]() +* [FmpDevicePkg Platform Integration Guide]() -- 2.14.2.windows.3