From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mga01.intel.com (mga01.intel.com [192.55.52.88]) (using TLSv1 with cipher CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 5FE0E1A1DF7 for ; Tue, 30 Aug 2016 00:47:17 -0700 (PDT) Received: from orsmga003.jf.intel.com ([10.7.209.27]) by fmsmga101.fm.intel.com with ESMTP; 30 Aug 2016 00:47:17 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.30,255,1470726000"; d="scan'208";a="872494103" Received: from fmsmsx107.amr.corp.intel.com ([10.18.124.205]) by orsmga003.jf.intel.com with ESMTP; 30 Aug 2016 00:47:17 -0700 Received: from shsmsx151.ccr.corp.intel.com (10.239.6.50) by fmsmsx107.amr.corp.intel.com (10.18.124.205) with Microsoft SMTP Server (TLS) id 14.3.248.2; Tue, 30 Aug 2016 00:47:16 -0700 Received: from shsmsx102.ccr.corp.intel.com ([169.254.2.109]) by SHSMSX151.ccr.corp.intel.com ([169.254.3.250]) with mapi id 14.03.0248.002; Tue, 30 Aug 2016 15:47:14 +0800 From: "Gao, Liming" To: "Zhu, Yonghong" , "edk2-devel@lists.01.org" Thread-Topic: [Patch] BaseTools: UpdateImageSize include Image auth info for FMP Auth capsule Thread-Index: AQHSAczdlzB1BHCz3E+2agQNj894z6BhIdEA Date: Tue, 30 Aug 2016 07:47:14 +0000 Message-ID: <4A89E2EF3DFEDB4C8BFDE51014F606A14B3E0120@shsmsx102.ccr.corp.intel.com> References: <1472458246-117212-1-git-send-email-yonghong.zhu@intel.com> In-Reply-To: <1472458246-117212-1-git-send-email-yonghong.zhu@intel.com> Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ctpclassification: CTP_IC x-titus-metadata-40: eyJDYXRlZ29yeUxhYmVscyI6IiIsIk1ldGFkYXRhIjp7Im5zIjoiaHR0cDpcL1wvd3d3LnRpdHVzLmNvbVwvbnNcL0ludGVsMyIsImlkIjoiNGVhNTU1MWMtOGFlOC00MTU1LWE5NTEtOGM5ODdiYTNkOTcyIiwicHJvcHMiOlt7Im4iOiJDVFBDbGFzc2lmaWNhdGlvbiIsInZhbHMiOlt7InZhbHVlIjoiQ1RQX0lDIn1dfV19LCJTdWJqZWN0TGFiZWxzIjpbXSwiVE1DVmVyc2lvbiI6IjE1LjkuNi42IiwiVHJ1c3RlZExhYmVsSGFzaCI6InI3NU9BcHhOSjVrWDdQUlFrXC9xdlJ1Y0ZxbmFYOVNTTlwvTitXdXJjU054bz0ifQ== x-originating-ip: [10.239.127.40] MIME-Version: 1.0 Subject: Re: [Patch] BaseTools: UpdateImageSize include Image auth info for FMP Auth capsule X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 30 Aug 2016 07:47:17 -0000 Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Reviewed-by: Liming Gao -----Original Message----- From: Zhu, Yonghong=20 Sent: Monday, August 29, 2016 4:11 PM To: edk2-devel@lists.01.org Cc: Gao, Liming Subject: [Patch] BaseTools: UpdateImageSize include Image auth info for FMP= Auth capsule Per UEFI spec UpdateImageSize may or may not include Firmware Image Authentication information. so for FMP auth capsule, UpdateImageSize should include the Image auth info. Cc: Liming Gao Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Yonghong Zhu --- BaseTools/Source/Python/GenFds/Capsule.py | 34 ++++++-----------------= ---- BaseTools/Source/Python/GenFds/CapsuleData.py | 21 ++++++++++++++++- 2 files changed, 27 insertions(+), 28 deletions(-) diff --git a/BaseTools/Source/Python/GenFds/Capsule.py b/BaseTools/Source/P= ython/GenFds/Capsule.py index 93ecee1..c98c054 100644 --- a/BaseTools/Source/Python/GenFds/Capsule.py +++ b/BaseTools/Source/Python/GenFds/Capsule.py @@ -139,11 +139,10 @@ class Capsule (CapsuleClassObject) : PreSize +=3D os.path.getsize(FileName) File =3D open(FileName, 'rb') Content.write(File.read()) File.close() for fmp in self.FmpPayloadList: - Buffer =3D fmp.GenCapsuleSubItem() if fmp.Certificate_Guid: ExternalTool, ExternalOption =3D FindExtendTool([], GenFds= GlobalVariable.ArchList, fmp.Certificate_Guid) CmdOption =3D '' CapInputFile =3D fmp.ImageFile if not os.path.isabs(fmp.ImageFile): @@ -160,37 +159,18 @@ class Capsule (CapsuleClassObject) : GenFdsGlobalVariable.CallExternalTool(CmdList, "Failed to = generate FMP auth capsule") if uuid.UUID(fmp.Certificate_Guid) =3D=3D EFI_CERT_TYPE_PK= CS7_GUID: dwLength =3D 4 + 2 + 2 + 16 + os.path.getsize(CapOutpu= tTmp) - os.path.getsize(CapInputFile) else: dwLength =3D 4 + 2 + 2 + 16 + 16 + 256 + 256 - Buffer +=3D pack('Q', fmp.MonotonicCount) - Buffer +=3D pack('I', dwLength) - Buffer +=3D pack('H', WIN_CERT_REVISION) - Buffer +=3D pack('H', WIN_CERT_TYPE_EFI_GUID) - Buffer +=3D uuid.UUID(fmp.Certificate_Guid).get_bytes_le() - if os.path.exists(CapOutputTmp): - TmpFile =3D open(CapOutputTmp, 'rb') - Buffer +=3D TmpFile.read() - TmpFile.close() - if fmp.VendorCodeFile: - VendorFile =3D open(fmp.VendorCodeFile, 'rb') - Buffer +=3D VendorFile.read() - VendorFile.close() - FwMgrHdr.write(pack('=3DQ', PreSize)) - PreSize +=3D len(Buffer) - Content.write(Buffer) + fmp.ImageFile =3D CapOutputTmp + AuthData =3D [fmp.MonotonicCount, dwLength, WIN_CERT_REVIS= ION, WIN_CERT_TYPE_EFI_GUID, fmp.Certificate_Guid] + Buffer =3D fmp.GenCapsuleSubItem(AuthData) else: - ImageFile =3D open(fmp.ImageFile, 'rb') - Buffer +=3D ImageFile.read() - ImageFile.close() - if fmp.VendorCodeFile: - VendorFile =3D open(fmp.VendorCodeFile, 'rb') - Buffer +=3D VendorFile.read() - VendorFile.close() - FwMgrHdr.write(pack('=3DQ', PreSize)) - PreSize +=3D len(Buffer) - Content.write(Buffer) + Buffer =3D fmp.GenCapsuleSubItem() + FwMgrHdr.write(pack('=3DQ', PreSize)) + PreSize +=3D len(Buffer) + Content.write(Buffer) BodySize =3D len(FwMgrHdr.getvalue()) + len(Content.getvalue()) Header.write(pack('=3DI', HdrSize + BodySize)) # # The real capsule header structure is 28 bytes # diff --git a/BaseTools/Source/Python/GenFds/CapsuleData.py b/BaseTools/Sour= ce/Python/GenFds/CapsuleData.py index 5d5a1e4..07cc198 100644 --- a/BaseTools/Source/Python/GenFds/CapsuleData.py +++ b/BaseTools/Source/Python/GenFds/CapsuleData.py @@ -19,10 +19,11 @@ import Ffs from GenFdsGlobalVariable import GenFdsGlobalVariable import StringIO from struct import pack import os from Common.Misc import SaveFileOnChange +import uuid =20 ## base class for capsule data # # class CapsuleData: @@ -181,14 +182,18 @@ class CapsulePayload(CapsuleData): self.ImageFile =3D None self.VendorCodeFile =3D None self.Certificate_Guid =3D None self.MonotonicCount =3D None =20 - def GenCapsuleSubItem(self): + def GenCapsuleSubItem(self, AuthData=3D[]): if not self.Version: self.Version =3D 0x00000002 ImageFileSize =3D os.path.getsize(self.ImageFile) + if AuthData: + # the ImageFileSize need include the full authenticated info s= ize. From first bytes of MonotonicCount to last bytes of certificate. + # the 32 bit is the MonotonicCount, dwLength, wRevision, wCert= ificateType and CertType + ImageFileSize +=3D 32 VendorFileSize =3D 0 if self.VendorCodeFile: VendorFileSize =3D os.path.getsize(self.VendorCodeFile) =20 # @@ -214,6 +219,20 @@ class CapsulePayload(CapsuleData): 0, ImageFileSize, VendorFileSize, int(self.HardwareInstance, 16) ) + if AuthData: + Buffer +=3D pack('QIHH', AuthData[0], AuthData[1], AuthData[2]= , AuthData[3]) + Buffer +=3D uuid.UUID(AuthData[4]).get_bytes_le() + + # + # Append file content to the structure + # + ImageFile =3D open(self.ImageFile, 'rb') + Buffer +=3D ImageFile.read() + ImageFile.close() + if self.VendorCodeFile: + VendorFile =3D open(self.VendorCodeFile, 'rb') + Buffer +=3D VendorFile.read() + VendorFile.close() return Buffer --=20 2.6.1.windows.1