[SRU] backport mkeficapsule to jammy
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OEM Priority Project |
Confirmed
|
High
|
Aristo Chen | ||
u-boot (Ubuntu) |
Fix Released
|
High
|
Unassigned | ||
Jammy |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
[Impact]
* mkeficapsule is a standalone command used to generate a capsule file for updating specially configured U-Boot (not only on SD card but also on SPI flash and other media) and possibly other firmware like TF-A.
* mkeficapsule code exists in Jammy already, but is not shipped in the u-boot-tools Debian package, so users are not able to generate capsule file in Jammy environment, and since the mkeficapsule command is not available in Jammy, ideally no one should be impacted.
[Test case]
Test case 1:
Users can use mkeficapsule to generate capsule file which contains firmware, or anything they want, such as dtb or fip.bin, we use mkeficapsule to create a capsule file that contains U-Boot in this test case
prerequisite:
1. Please prepare a device that is capable to use capsule file to update firmware
2. Prepare your own key by this command
$ openssl req -x509 -sha256 -newkey rsa:2048 -subj /CN=TEST_SIGNER/ -keyout SIGNER.key -out SIGNER.crt -nodes -days 365
steps:
1. use mkeficapsule command to generate test_new.cap and test_old.cap, both contain U-Boot built at different time
$ mkeficapsule --private-key SIGNER.key --certificate SIGNER.crt --monotonic-count 1 --instance 0 --index 2 --guid "12345678-
2. Put the capsule file to required path(both test_new.cap and test_old.cap)
3. Reboot device and stop at u-boot prompt, then type the command. Note the actual location of test_new.cap may bedifferent in your case
=> efidebug boot add -b 0 0 mmc 0:8 test_new.cap
4. The device should reset and check if the U-Boot build stamp is different from previous
Test case 2:
1. sudo apt install efitools libguestfs-tools
2. Add CONFIG_
3. Follow the command here(https:/
[Where problems could occur]
* There is no mkeficapsule command in Jammy yet, and mkeficapsule is a standalone tool, so the regression risk should be low
[Other Info]
* These patches are already in Lunar, so we only need to backport to Jammy
description: | updated |
tags: | added: oem-priority originate-from-2031356 |
Changed in oem-priority: | |
assignee: | nobody → Aristo Chen (aristochen) |
importance: | Undecided → High |
status: | New → Confirmed |
description: | updated |
The U-Boot v2022.01 source code already contains mkeficapsule. Do you plan to backport any patches from higher U-Boot versions or do you simply want to change the list of installed files in u-boot-tools?