## @file\r
# Generate a capsule.\r
#\r
-# Copyright (c) 2018, Intel Corporation. All rights reserved.<BR>\r
-# This program and the accompanying materials\r
-# are licensed and made available under the terms and conditions of the BSD License\r
-# which accompanies this distribution. The full text of the license may be found at\r
-# http://opensource.org/licenses/bsd-license.php\r
+# This tool generates a UEFI Capsule around an FMP Capsule. The capsule payload\r
+# be signed using signtool or OpenSSL and if it is signed the signed content\r
+# includes an FMP Payload Header.\r
+#\r
+# This tool is intended to be used to generate UEFI Capsules to update the\r
+# system firmware or device firmware for integrated devices. In order to\r
+# keep the tool as simple as possible, it has the following limitations:\r
+# * Do not support multiple payloads in a capsule.\r
+# * Do not support optional drivers in a capsule.\r
+# * Do not support vendor code bytes in a capsule.\r
#\r
-# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,\r
-# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
+# Copyright (c) 2018, Intel Corporation. All rights reserved.<BR>\r
+# SPDX-License-Identifier: BSD-2-Clause-Patent\r
#\r
\r
'''\r
\r
if Process.returncode != 0:\r
shutil.rmtree (TempDirectoryName)\r
- print (Result[1].decode())\r
+ print (Result[1].decode(encoding='utf-8', errors='ignore'))\r
raise ValueError ('GenerateCapsule: error: signtool failed.')\r
\r
#\r
raise ValueError ('GenerateCapsule: error: can not run openssl.')\r
\r
if Process.returncode != 0:\r
- print (Result[1].decode())\r
+ print (Result[1].decode(encoding='utf-8', errors='ignore'))\r
raise ValueError ('GenerateCapsule: error: openssl failed.')\r
\r
return Signature\r
\r
if Process.returncode != 0:\r
shutil.rmtree (TempDirectoryName)\r
- print (Result[1].decode())\r
+ print (Result[1].decode(encoding='utf-8', errors='ignore'))\r
raise ValueError ('GenerateCapsule: error: openssl failed.')\r
\r
shutil.rmtree (TempDirectoryName)\r
# Add optional arguments for this command\r
#\r
parser.add_argument ("--capflag", dest = 'CapsuleFlag', action='append', default = [],\r
- choices=['PersistAcrossReset', 'PopulateSystemTable', 'InitiateReset'],\r
- help = "Capsule flag can be PersistAcrossReset, or PopulateSystemTable or InitiateReset or not set")\r
+ choices=['PersistAcrossReset', 'InitiateReset'],\r
+ help = "Capsule flag can be PersistAcrossReset or InitiateReset or not set")\r
parser.add_argument ("--capoemflag", dest = 'CapsuleOemFlag', type = ValidateUnsignedInteger, default = 0x0000,\r
help = "Capsule OEM Flag is an integer between 0x0000 and 0xffff.")\r
\r
help = "64-bit monotonic count value in header. Default is 0x0000000000000000.")\r
\r
parser.add_argument ("--fw-version", dest = 'FwVersion', type = ValidateUnsignedInteger,\r
- help = "The 32-bit version of the binary payload (e.g. 0x11223344 or 5678).")\r
+ help = "The 32-bit version of the binary payload (e.g. 0x11223344 or 5678). Required for encode operations that sign a payload.")\r
parser.add_argument ("--lsv", dest = 'LowestSupportedVersion', type = ValidateUnsignedInteger,\r
- help = "The 32-bit lowest supported version of the binary payload (e.g. 0x11223344 or 5678).")\r
+ help = "The 32-bit lowest supported version of the binary payload (e.g. 0x11223344 or 5678). Required for encode operations that sign a payload.")\r
\r
parser.add_argument ("--pfx-file", dest='SignToolPfxFile', type=argparse.FileType('rb'),\r
help="signtool PFX certificate filename.")\r
if args.Guid is None:\r
parser.error ('the following option is required: --guid')\r
if 'PersistAcrossReset' not in args.CapsuleFlag:\r
- if 'PopulateSystemTable' in args.CapsuleFlag:\r
- parser.error ('--capflag PopulateSystemTable also requires --capflag PersistAcrossReset')\r
if 'InitiateReset' in args.CapsuleFlag:\r
parser.error ('--capflag InitiateReset also requires --capflag PersistAcrossReset')\r
if args.CapsuleOemFlag > 0xFFFF:\r
args.OpenSslOtherPublicCertFile = args.OpenSslOtherPublicCertFile.name\r
args.OpenSslTrustedPublicCertFile = args.OpenSslTrustedPublicCertFile.name\r
\r
+ if args.DumpInfo:\r
+ if args.OutputFile is not None:\r
+ parser.error ('the following option is not supported for dumpinfo operations: --output')\r
+\r
#\r
# Read binary input file\r
#\r
)\r
except:\r
print ('GenerateCapsule: error: can not sign payload')\r
- raise\r
sys.exit (1)\r
\r
try:\r
try:\r
UefiCapsuleHeader.OemFlags = args.CapsuleOemFlag\r
UefiCapsuleHeader.PersistAcrossReset = 'PersistAcrossReset' in args.CapsuleFlag\r
- UefiCapsuleHeader.PopulateSystemTable = 'PopulateSystemTable' in args.CapsuleFlag\r
+ UefiCapsuleHeader.PopulateSystemTable = False\r
UefiCapsuleHeader.InitiateReset = 'InitiateReset' in args.CapsuleFlag\r
UefiCapsuleHeader.Payload = Result\r
Result = UefiCapsuleHeader.Encode ()\r
FmpCapsuleHeader.DumpInfo ()\r
if UseSignTool or UseOpenSsl:\r
Result = FmpAuthHeader.Decode (Result)\r
+ if args.Verbose:\r
+ print ('--------')\r
+ FmpAuthHeader.DumpInfo ()\r
\r
#\r
# Verify Image with 64-bit MonotonicCount appended to end of image\r
except ValueError:\r
print ('GenerateCapsule: warning: can not verify payload.')\r
\r
- Result = FmpPayloadHeader.Decode (Result)\r
- if args.Verbose:\r
- print ('--------')\r
- FmpAuthHeader.DumpInfo ()\r
- print ('--------')\r
- FmpPayloadHeader.DumpInfo ()\r
+ try:\r
+ Result = FmpPayloadHeader.Decode (Result)\r
+ if args.Verbose:\r
+ print ('--------')\r
+ FmpPayloadHeader.DumpInfo ()\r
+ print ('========')\r
+ except:\r
+ if args.Verbose:\r
+ print ('--------')\r
+ print ('No FMP_PAYLOAD_HEADER')\r
+ print ('========')\r
+ raise\r
else:\r
if args.Verbose:\r
print ('--------')\r
print ('No EFI_FIRMWARE_IMAGE_AUTHENTICATION')\r
print ('--------')\r
print ('No FMP_PAYLOAD_HEADER')\r
- if args.Verbose:\r
- print ('========')\r
+ print ('========')\r
except:\r
print ('GenerateCapsule: error: can not decode capsule')\r
- raise\r
sys.exit (1)\r
\r
elif args.DumpInfo:\r
FmpCapsuleHeader.DumpInfo ()\r
try:\r
Result = FmpAuthHeader.Decode (Result)\r
- Result = FmpPayloadHeader.Decode (Result)\r
print ('--------')\r
FmpAuthHeader.DumpInfo ()\r
- print ('--------')\r
- FmpPayloadHeader.DumpInfo ()\r
+ try:\r
+ Result = FmpPayloadHeader.Decode (Result)\r
+ print ('--------')\r
+ FmpPayloadHeader.DumpInfo ()\r
+ except:\r
+ print ('--------')\r
+ print ('No FMP_PAYLOAD_HEADER')\r
except:\r
print ('--------')\r
print ('No EFI_FIRMWARE_IMAGE_AUTHENTICATION')\r