public inbox for devel@edk2.groups.io
 help / color / mirror / Atom feed
* [Patch] BaseTools: UpdateImageSize include Image auth info for FMP Auth capsule
@ 2016-08-26  9:36 Yonghong Zhu
  0 siblings, 0 replies; 3+ messages in thread
From: Yonghong Zhu @ 2016-08-26  9:36 UTC (permalink / raw)
  To: edk2-devel; +Cc: Liming Gao

Per UEFI spec UpdateImageSize may or may not include Firmware Image
Authentication information. so for FMP auth capsule, UpdateImageSize
should include the Image auth info.

Cc: Liming Gao <liming.gao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Yonghong Zhu <yonghong.zhu@intel.com>
---
 BaseTools/Source/Python/GenFds/Capsule.py | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/BaseTools/Source/Python/GenFds/Capsule.py b/BaseTools/Source/Python/GenFds/Capsule.py
index 93ecee1..c9fddf6 100644
--- a/BaseTools/Source/Python/GenFds/Capsule.py
+++ b/BaseTools/Source/Python/GenFds/Capsule.py
@@ -139,11 +139,10 @@ class Capsule (CapsuleClassObject) :
             PreSize += os.path.getsize(FileName)
             File = open(FileName, 'rb')
             Content.write(File.read())
             File.close()
         for fmp in self.FmpPayloadList:
-            Buffer = fmp.GenCapsuleSubItem()
             if fmp.Certificate_Guid:
                 ExternalTool, ExternalOption = FindExtendTool([], GenFdsGlobalVariable.ArchList, fmp.Certificate_Guid)
                 CmdOption = ''
                 CapInputFile = fmp.ImageFile
                 if not os.path.isabs(fmp.ImageFile):
@@ -160,10 +159,12 @@ class Capsule (CapsuleClassObject) :
                 GenFdsGlobalVariable.CallExternalTool(CmdList, "Failed to generate FMP auth capsule")
                 if uuid.UUID(fmp.Certificate_Guid) == EFI_CERT_TYPE_PKCS7_GUID:
                     dwLength = 4 + 2 + 2 + 16 + os.path.getsize(CapOutputTmp) - os.path.getsize(CapInputFile)
                 else:
                     dwLength = 4 + 2 + 2 + 16 + 16 + 256 + 256
+                fmp.ImageFile = CapOutputTmp
+                Buffer = fmp.GenCapsuleSubItem()
                 Buffer += pack('Q', fmp.MonotonicCount)
                 Buffer += pack('I', dwLength)
                 Buffer += pack('H', WIN_CERT_REVISION)
                 Buffer += pack('H', WIN_CERT_TYPE_EFI_GUID)
                 Buffer += uuid.UUID(fmp.Certificate_Guid).get_bytes_le()
@@ -177,10 +178,11 @@ class Capsule (CapsuleClassObject) :
                         VendorFile.close()
                     FwMgrHdr.write(pack('=Q', PreSize))
                     PreSize += len(Buffer)
                     Content.write(Buffer)
             else:
+                Buffer = fmp.GenCapsuleSubItem()
                 ImageFile = open(fmp.ImageFile, 'rb')
                 Buffer += ImageFile.read()
                 ImageFile.close()
                 if fmp.VendorCodeFile:
                     VendorFile = open(fmp.VendorCodeFile, 'rb')
-- 
2.6.1.windows.1



^ permalink raw reply related	[flat|nested] 3+ messages in thread

* [Patch] BaseTools: UpdateImageSize include Image auth info for FMP Auth capsule
@ 2016-08-29  8:10 Yonghong Zhu
  2016-08-30  7:47 ` Gao, Liming
  0 siblings, 1 reply; 3+ messages in thread
From: Yonghong Zhu @ 2016-08-29  8:10 UTC (permalink / raw)
  To: edk2-devel; +Cc: Liming Gao

Per UEFI spec UpdateImageSize may or may not include Firmware Image
Authentication information. so for FMP auth capsule, UpdateImageSize
should include the Image auth info.

Cc: Liming Gao <liming.gao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Yonghong Zhu <yonghong.zhu@intel.com>
---
 BaseTools/Source/Python/GenFds/Capsule.py     | 34 ++++++---------------------
 BaseTools/Source/Python/GenFds/CapsuleData.py | 21 ++++++++++++++++-
 2 files changed, 27 insertions(+), 28 deletions(-)

diff --git a/BaseTools/Source/Python/GenFds/Capsule.py b/BaseTools/Source/Python/GenFds/Capsule.py
index 93ecee1..c98c054 100644
--- a/BaseTools/Source/Python/GenFds/Capsule.py
+++ b/BaseTools/Source/Python/GenFds/Capsule.py
@@ -139,11 +139,10 @@ class Capsule (CapsuleClassObject) :
             PreSize += os.path.getsize(FileName)
             File = open(FileName, 'rb')
             Content.write(File.read())
             File.close()
         for fmp in self.FmpPayloadList:
-            Buffer = fmp.GenCapsuleSubItem()
             if fmp.Certificate_Guid:
                 ExternalTool, ExternalOption = FindExtendTool([], GenFdsGlobalVariable.ArchList, fmp.Certificate_Guid)
                 CmdOption = ''
                 CapInputFile = fmp.ImageFile
                 if not os.path.isabs(fmp.ImageFile):
@@ -160,37 +159,18 @@ class Capsule (CapsuleClassObject) :
                 GenFdsGlobalVariable.CallExternalTool(CmdList, "Failed to generate FMP auth capsule")
                 if uuid.UUID(fmp.Certificate_Guid) == EFI_CERT_TYPE_PKCS7_GUID:
                     dwLength = 4 + 2 + 2 + 16 + os.path.getsize(CapOutputTmp) - os.path.getsize(CapInputFile)
                 else:
                     dwLength = 4 + 2 + 2 + 16 + 16 + 256 + 256
-                Buffer += pack('Q', fmp.MonotonicCount)
-                Buffer += pack('I', dwLength)
-                Buffer += pack('H', WIN_CERT_REVISION)
-                Buffer += pack('H', WIN_CERT_TYPE_EFI_GUID)
-                Buffer += uuid.UUID(fmp.Certificate_Guid).get_bytes_le()
-                if os.path.exists(CapOutputTmp):
-                    TmpFile = open(CapOutputTmp, 'rb')
-                    Buffer += TmpFile.read()
-                    TmpFile.close()
-                    if fmp.VendorCodeFile:
-                        VendorFile = open(fmp.VendorCodeFile, 'rb')
-                        Buffer += VendorFile.read()
-                        VendorFile.close()
-                    FwMgrHdr.write(pack('=Q', PreSize))
-                    PreSize += len(Buffer)
-                    Content.write(Buffer)
+                fmp.ImageFile = CapOutputTmp
+                AuthData = [fmp.MonotonicCount, dwLength, WIN_CERT_REVISION, WIN_CERT_TYPE_EFI_GUID, fmp.Certificate_Guid]
+                Buffer = fmp.GenCapsuleSubItem(AuthData)
             else:
-                ImageFile = open(fmp.ImageFile, 'rb')
-                Buffer += ImageFile.read()
-                ImageFile.close()
-                if fmp.VendorCodeFile:
-                    VendorFile = open(fmp.VendorCodeFile, 'rb')
-                    Buffer += VendorFile.read()
-                    VendorFile.close()
-                FwMgrHdr.write(pack('=Q', PreSize))
-                PreSize += len(Buffer)
-                Content.write(Buffer)
+                Buffer = fmp.GenCapsuleSubItem()
+            FwMgrHdr.write(pack('=Q', PreSize))
+            PreSize += len(Buffer)
+            Content.write(Buffer)
         BodySize = len(FwMgrHdr.getvalue()) + len(Content.getvalue())
         Header.write(pack('=I', HdrSize + BodySize))
         #
         # The real capsule header structure is 28 bytes
         #
diff --git a/BaseTools/Source/Python/GenFds/CapsuleData.py b/BaseTools/Source/Python/GenFds/CapsuleData.py
index 5d5a1e4..07cc198 100644
--- a/BaseTools/Source/Python/GenFds/CapsuleData.py
+++ b/BaseTools/Source/Python/GenFds/CapsuleData.py
@@ -19,10 +19,11 @@ import Ffs
 from GenFdsGlobalVariable import GenFdsGlobalVariable
 import StringIO
 from struct import pack
 import os
 from Common.Misc import SaveFileOnChange
+import uuid
 
 ## base class for capsule data
 #
 #
 class CapsuleData:
@@ -181,14 +182,18 @@ class CapsulePayload(CapsuleData):
         self.ImageFile = None
         self.VendorCodeFile = None
         self.Certificate_Guid = None
         self.MonotonicCount = None
 
-    def GenCapsuleSubItem(self):
+    def GenCapsuleSubItem(self, AuthData=[]):
         if not self.Version:
             self.Version = 0x00000002
         ImageFileSize = os.path.getsize(self.ImageFile)
+        if AuthData:
+            # the ImageFileSize need include the full authenticated info size. From first bytes of MonotonicCount to last bytes of certificate.
+            # the 32 bit is the MonotonicCount, dwLength, wRevision, wCertificateType and CertType
+            ImageFileSize += 32
         VendorFileSize = 0
         if self.VendorCodeFile:
             VendorFileSize = os.path.getsize(self.VendorCodeFile)
 
         #
@@ -214,6 +219,20 @@ class CapsulePayload(CapsuleData):
                        0,
                        ImageFileSize,
                        VendorFileSize,
                        int(self.HardwareInstance, 16)
                        )
+        if AuthData:
+            Buffer += pack('QIHH', AuthData[0], AuthData[1], AuthData[2], AuthData[3])
+            Buffer += uuid.UUID(AuthData[4]).get_bytes_le()
+
+        #
+        # Append file content to the structure
+        #
+        ImageFile = open(self.ImageFile, 'rb')
+        Buffer += ImageFile.read()
+        ImageFile.close()
+        if self.VendorCodeFile:
+            VendorFile = open(self.VendorCodeFile, 'rb')
+            Buffer += VendorFile.read()
+            VendorFile.close()
         return Buffer
-- 
2.6.1.windows.1



^ permalink raw reply related	[flat|nested] 3+ messages in thread

* Re: [Patch] BaseTools: UpdateImageSize include Image auth info for FMP Auth capsule
  2016-08-29  8:10 [Patch] BaseTools: UpdateImageSize include Image auth info for FMP Auth capsule Yonghong Zhu
@ 2016-08-30  7:47 ` Gao, Liming
  0 siblings, 0 replies; 3+ messages in thread
From: Gao, Liming @ 2016-08-30  7:47 UTC (permalink / raw)
  To: Zhu, Yonghong, edk2-devel@lists.01.org

Reviewed-by: Liming Gao <liming.gao@intel.com>

-----Original Message-----
From: Zhu, Yonghong 
Sent: Monday, August 29, 2016 4:11 PM
To: edk2-devel@lists.01.org
Cc: Gao, Liming <liming.gao@intel.com>
Subject: [Patch] BaseTools: UpdateImageSize include Image auth info for FMP Auth capsule

Per UEFI spec UpdateImageSize may or may not include Firmware Image
Authentication information. so for FMP auth capsule, UpdateImageSize
should include the Image auth info.

Cc: Liming Gao <liming.gao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Yonghong Zhu <yonghong.zhu@intel.com>
---
 BaseTools/Source/Python/GenFds/Capsule.py     | 34 ++++++---------------------
 BaseTools/Source/Python/GenFds/CapsuleData.py | 21 ++++++++++++++++-
 2 files changed, 27 insertions(+), 28 deletions(-)

diff --git a/BaseTools/Source/Python/GenFds/Capsule.py b/BaseTools/Source/Python/GenFds/Capsule.py
index 93ecee1..c98c054 100644
--- a/BaseTools/Source/Python/GenFds/Capsule.py
+++ b/BaseTools/Source/Python/GenFds/Capsule.py
@@ -139,11 +139,10 @@ class Capsule (CapsuleClassObject) :
             PreSize += os.path.getsize(FileName)
             File = open(FileName, 'rb')
             Content.write(File.read())
             File.close()
         for fmp in self.FmpPayloadList:
-            Buffer = fmp.GenCapsuleSubItem()
             if fmp.Certificate_Guid:
                 ExternalTool, ExternalOption = FindExtendTool([], GenFdsGlobalVariable.ArchList, fmp.Certificate_Guid)
                 CmdOption = ''
                 CapInputFile = fmp.ImageFile
                 if not os.path.isabs(fmp.ImageFile):
@@ -160,37 +159,18 @@ class Capsule (CapsuleClassObject) :
                 GenFdsGlobalVariable.CallExternalTool(CmdList, "Failed to generate FMP auth capsule")
                 if uuid.UUID(fmp.Certificate_Guid) == EFI_CERT_TYPE_PKCS7_GUID:
                     dwLength = 4 + 2 + 2 + 16 + os.path.getsize(CapOutputTmp) - os.path.getsize(CapInputFile)
                 else:
                     dwLength = 4 + 2 + 2 + 16 + 16 + 256 + 256
-                Buffer += pack('Q', fmp.MonotonicCount)
-                Buffer += pack('I', dwLength)
-                Buffer += pack('H', WIN_CERT_REVISION)
-                Buffer += pack('H', WIN_CERT_TYPE_EFI_GUID)
-                Buffer += uuid.UUID(fmp.Certificate_Guid).get_bytes_le()
-                if os.path.exists(CapOutputTmp):
-                    TmpFile = open(CapOutputTmp, 'rb')
-                    Buffer += TmpFile.read()
-                    TmpFile.close()
-                    if fmp.VendorCodeFile:
-                        VendorFile = open(fmp.VendorCodeFile, 'rb')
-                        Buffer += VendorFile.read()
-                        VendorFile.close()
-                    FwMgrHdr.write(pack('=Q', PreSize))
-                    PreSize += len(Buffer)
-                    Content.write(Buffer)
+                fmp.ImageFile = CapOutputTmp
+                AuthData = [fmp.MonotonicCount, dwLength, WIN_CERT_REVISION, WIN_CERT_TYPE_EFI_GUID, fmp.Certificate_Guid]
+                Buffer = fmp.GenCapsuleSubItem(AuthData)
             else:
-                ImageFile = open(fmp.ImageFile, 'rb')
-                Buffer += ImageFile.read()
-                ImageFile.close()
-                if fmp.VendorCodeFile:
-                    VendorFile = open(fmp.VendorCodeFile, 'rb')
-                    Buffer += VendorFile.read()
-                    VendorFile.close()
-                FwMgrHdr.write(pack('=Q', PreSize))
-                PreSize += len(Buffer)
-                Content.write(Buffer)
+                Buffer = fmp.GenCapsuleSubItem()
+            FwMgrHdr.write(pack('=Q', PreSize))
+            PreSize += len(Buffer)
+            Content.write(Buffer)
         BodySize = len(FwMgrHdr.getvalue()) + len(Content.getvalue())
         Header.write(pack('=I', HdrSize + BodySize))
         #
         # The real capsule header structure is 28 bytes
         #
diff --git a/BaseTools/Source/Python/GenFds/CapsuleData.py b/BaseTools/Source/Python/GenFds/CapsuleData.py
index 5d5a1e4..07cc198 100644
--- a/BaseTools/Source/Python/GenFds/CapsuleData.py
+++ b/BaseTools/Source/Python/GenFds/CapsuleData.py
@@ -19,10 +19,11 @@ import Ffs
 from GenFdsGlobalVariable import GenFdsGlobalVariable
 import StringIO
 from struct import pack
 import os
 from Common.Misc import SaveFileOnChange
+import uuid
 
 ## base class for capsule data
 #
 #
 class CapsuleData:
@@ -181,14 +182,18 @@ class CapsulePayload(CapsuleData):
         self.ImageFile = None
         self.VendorCodeFile = None
         self.Certificate_Guid = None
         self.MonotonicCount = None
 
-    def GenCapsuleSubItem(self):
+    def GenCapsuleSubItem(self, AuthData=[]):
         if not self.Version:
             self.Version = 0x00000002
         ImageFileSize = os.path.getsize(self.ImageFile)
+        if AuthData:
+            # the ImageFileSize need include the full authenticated info size. From first bytes of MonotonicCount to last bytes of certificate.
+            # the 32 bit is the MonotonicCount, dwLength, wRevision, wCertificateType and CertType
+            ImageFileSize += 32
         VendorFileSize = 0
         if self.VendorCodeFile:
             VendorFileSize = os.path.getsize(self.VendorCodeFile)
 
         #
@@ -214,6 +219,20 @@ class CapsulePayload(CapsuleData):
                        0,
                        ImageFileSize,
                        VendorFileSize,
                        int(self.HardwareInstance, 16)
                        )
+        if AuthData:
+            Buffer += pack('QIHH', AuthData[0], AuthData[1], AuthData[2], AuthData[3])
+            Buffer += uuid.UUID(AuthData[4]).get_bytes_le()
+
+        #
+        # Append file content to the structure
+        #
+        ImageFile = open(self.ImageFile, 'rb')
+        Buffer += ImageFile.read()
+        ImageFile.close()
+        if self.VendorCodeFile:
+            VendorFile = open(self.VendorCodeFile, 'rb')
+            Buffer += VendorFile.read()
+            VendorFile.close()
         return Buffer
-- 
2.6.1.windows.1



^ permalink raw reply related	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2016-08-30  7:47 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2016-08-29  8:10 [Patch] BaseTools: UpdateImageSize include Image auth info for FMP Auth capsule Yonghong Zhu
2016-08-30  7:47 ` Gao, Liming
  -- strict thread matches above, loose matches on Subject: below --
2016-08-26  9:36 Yonghong Zhu

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox