From nobody Fri Apr 26 03:03:48 2024
Delivered-To: importer@patchew.org
Authentication-Results: mx.zohomail.com;
	spf=none (zoho.com: 198.145.21.10 is neither permitted nor denied by domain
 of lists.01.org)  smtp.mailfrom=edk2-devel-bounces@lists.01.org;
	dmarc=fail(p=none dis=none)  header.from=intel.com
Return-Path: <edk2-devel-bounces@lists.01.org>
Received: from ml01.01.org (ml01.01.org [198.145.21.10]) by mx.zohomail.com
	with SMTPS id 1533105231252427.6003429451973;
 Tue, 31 Jul 2018 23:33:51 -0700 (PDT)
Received: from [127.0.0.1] (localhost [IPv6:::1])
	by ml01.01.org (Postfix) with ESMTP id 3F6B2210C7ACB;
	Tue, 31 Jul 2018 23:33:49 -0700 (PDT)
Received: from mga01.intel.com (mga01.intel.com [192.55.52.88])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by ml01.01.org (Postfix) with ESMTPS id CD908210C66BF
 for <edk2-devel@lists.01.org>; Tue, 31 Jul 2018 23:33:47 -0700 (PDT)
Received: from fmsmga006.fm.intel.com ([10.253.24.20])
 by fmsmga101.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384;
 31 Jul 2018 23:33:47 -0700
Received: from mdkinney-mobl2.amr.corp.intel.com ([10.254.71.234])
 by fmsmga006.fm.intel.com with ESMTP; 31 Jul 2018 23:33:47 -0700
X-Original-To: edk2-devel@lists.01.org
Received-SPF: none (zoho.com: 198.145.21.10 is neither permitted nor denied by
 domain of lists.01.org) client-ip=198.145.21.10;
 envelope-from=edk2-devel-bounces@lists.01.org; helo=ml01.01.org;
Received-SPF: Pass (sender SPF authorized) identity=mailfrom;
 client-ip=192.55.52.88; helo=mga01.intel.com;
 envelope-from=michael.d.kinney@intel.com; receiver=edk2-devel@lists.01.org
X-Amp-Result: SKIPPED(no attachment in message)
X-Amp-File-Uploaded: False
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.51,430,1526367600"; d="scan'208";a="250709199"
From: "Kinney, Michael D" <michael.d.kinney@intel.com>
To: edk2-devel@lists.01.org
Date: Tue, 31 Jul 2018 23:33:24 -0700
Message-Id: <20180801063333.17824-2-michael.d.kinney@intel.com>
X-Mailer: git-send-email 2.14.2.windows.3
In-Reply-To: <20180801063333.17824-1-michael.d.kinney@intel.com>
References: <20180801063333.17824-1-michael.d.kinney@intel.com>
Subject: [edk2] [Patch v3 01/10] BaseTools/Capsule: Add Capsule Generation
 Tools
X-BeenThere: edk2-devel@lists.01.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: EDK II Development  <edk2-devel.lists.01.org>
List-Unsubscribe: <https://lists.01.org/mailman/options/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=unsubscribe>
List-Archive: <http://lists.01.org/pipermail/edk2-devel/>
List-Post: <mailto:edk2-devel@lists.01.org>
List-Help: <mailto:edk2-devel-request@lists.01.org?subject=help>
List-Subscribe: <https://lists.01.org/mailman/listinfo/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=subscribe>
Cc: Michael D Kinney <michael.d.kinney@intel.com>,
 Jiewen Yao <jiewen.yao@intel.com>, Liming Gao <liming.gao@intel.com>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Errors-To: edk2-devel-bounces@lists.01.org
Sender: "edk2-devel" <edk2-devel-bounces@lists.01.org>
X-ZohoMail: RSF_4  Z_629925259 SPT_0
Content-Type: text/plain; charset="utf-8"

https://bugzilla.tianocore.org/show_bug.cgi?id=3D945

Based on content from the following branch

https://github.com/Microsoft/MS_UEFI/tree/share/beta/CapsuleTools

* Convert C tools to Python
* Add common python modules to:
    BaseTools/Source/Python/Common/Uefi/Capsule
    BaseTools/Source/Python/Common/Edk2/Capsule
* Add GenerateCapsule.py to BaseTools/Source/Python/Capsule
* Add Windows and Posix wrappers for GenerateCapsule.py

usage: GenerateCapsule [-h] [-o OUTPUTFILE] (-e | -d | --dump-info)
                       [--capflag {PersistAcrossReset,PopulateSystemTable,I=
nitiateReset}]
                       [--capoemflag CAPSULEOEMFLAG] [--guid GUID]
                       [--hardware-instance HARDWAREINSTANCE]
                       [--monotonic-count MONOTONICCOUNT]
                       [--fw-version FWVERSION] [--lsv LOWESTSUPPORTEDVERSI=
ON]
                       [--pfx-file SIGNTOOLPFXFILE]
                       [--signer-private-cert OPENSSLSIGNERPRIVATECERTFILE]
                       [--other-public-cert OPENSSLOTHERPUBLICCERTFILE]
                       [--trusted-public-cert OPENSSLTRUSTEDPUBLICCERTFILE]
                       [--signing-tool-path SIGNINGTOOLPATH] [--version] [-=
v]
                       [-q] [--debug [0-9]]
                       InputFile

Generate a capsule. Copyright (c) 2018, Intel Corporation. All rights
reserved.

positional arguments:
  InputFile             Input binary payload filename.

optional arguments:
  -h, --help            show this help message and exit
  -o OUTPUTFILE, --output OUTPUTFILE
                        Output filename.
  -e, --encode          Encode file
  -d, --decode          Decode file
  --dump-info           Display FMP Payload Header information
  --capflag {PersistAcrossReset,PopulateSystemTable,InitiateReset}
                        Capsule flag can be PersistAcrossReset, or
                        PopulateSystemTable or InitiateReset or not set
  --capoemflag CAPSULEOEMFLAG
                        Capsule OEM Flag is an integer between 0x0000 and
                        0xffff.
  --guid GUID           The FMP/ESRT GUID in registry format. Required for
                        encode operations.
  --hardware-instance HARDWAREINSTANCE
                        The 64-bit hardware instance. The default is
                        0x0000000000000000
  --monotonic-count MONOTONICCOUNT
                        64-bit monotonic count value in header. Default is
                        0x0000000000000000.
  --fw-version FWVERSION
                        The 32-bit version of the binary payload (e.g.
                        0x11223344 or 5678).
  --lsv LOWESTSUPPORTEDVERSION
                        The 32-bit lowest supported version of the binary
                        payload (e.g. 0x11223344 or 5678).
  --pfx-file SIGNTOOLPFXFILE
                        signtool PFX certificate filename.
  --signer-private-cert OPENSSLSIGNERPRIVATECERTFILE
                        OpenSSL signer private certificate filename.
  --other-public-cert OPENSSLOTHERPUBLICCERTFILE
                        OpenSSL other public certificate filename.
  --trusted-public-cert OPENSSLTRUSTEDPUBLICCERTFILE
                        OpenSSL trusted public certificate filename.
  --signing-tool-path SIGNINGTOOLPATH
                        Path to signtool or OpenSSL tool. Optional if path =
to
                        tools are already in PATH.
  --version             show program's version number and exit
  -v, --verbose         Turn on verbose output with informational messages
                        printed, including capsule headers and warning
                        messages.
  -q, --quiet           Disable all messages except fatal errors.
  --debug [0-9]         Set debug level

Cc: Sean Brogan <sean.brogan@microsoft.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Yonghong Zhu <yonghong.zhu@intel.com>
Cc: Liming Gao <liming.gao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com>
---
 BaseTools/BinWrappers/PosixLike/GenerateCapsule    |  14 +
 .../BinWrappers/WindowsLike/GenerateCapsule.bat    |   1 +
 BaseTools/Source/Python/Capsule/GenerateCapsule.py | 522 +++++++++++++++++=
++++
 .../Python/Common/Edk2/Capsule/FmpPayloadHeader.py |  91 ++++
 .../Source/Python/Common/Edk2/Capsule/__init__.py  |  15 +
 BaseTools/Source/Python/Common/Edk2/__init__.py    |  15 +
 .../Python/Common/Uefi/Capsule/FmpAuthHeader.py    | 184 ++++++++
 .../Python/Common/Uefi/Capsule/FmpCapsuleHeader.py | 302 ++++++++++++
 .../Common/Uefi/Capsule/UefiCapsuleHeader.py       | 136 ++++++
 .../Source/Python/Common/Uefi/Capsule/__init__.py  |  15 +
 BaseTools/Source/Python/Common/Uefi/__init__.py    |  15 +
 11 files changed, 1310 insertions(+)
 create mode 100644 BaseTools/BinWrappers/PosixLike/GenerateCapsule
 create mode 100644 BaseTools/BinWrappers/WindowsLike/GenerateCapsule.bat
 create mode 100644 BaseTools/Source/Python/Capsule/GenerateCapsule.py
 create mode 100644 BaseTools/Source/Python/Common/Edk2/Capsule/FmpPayloadH=
eader.py
 create mode 100644 BaseTools/Source/Python/Common/Edk2/Capsule/__init__.py
 create mode 100644 BaseTools/Source/Python/Common/Edk2/__init__.py
 create mode 100644 BaseTools/Source/Python/Common/Uefi/Capsule/FmpAuthHead=
er.py
 create mode 100644 BaseTools/Source/Python/Common/Uefi/Capsule/FmpCapsuleH=
eader.py
 create mode 100644 BaseTools/Source/Python/Common/Uefi/Capsule/UefiCapsule=
Header.py
 create mode 100644 BaseTools/Source/Python/Common/Uefi/Capsule/__init__.py
 create mode 100644 BaseTools/Source/Python/Common/Uefi/__init__.py

diff --git a/BaseTools/BinWrappers/PosixLike/GenerateCapsule b/BaseTools/Bi=
nWrappers/PosixLike/GenerateCapsule
new file mode 100644
index 0000000000..59a6c8ba43
--- /dev/null
+++ b/BaseTools/BinWrappers/PosixLike/GenerateCapsule
@@ -0,0 +1,14 @@
+#!/usr/bin/env bash
+#python `dirname $0`/RunToolFromSource.py `basename $0` $*
+
+# If a python2 command is available, use it in preference to python
+if command -v python2 >/dev/null 2>&1; then
+    python_exe=3Dpython2
+fi
+
+full_cmd=3D${BASH_SOURCE:-$0} # see http://mywiki.wooledge.org/BashFAQ/028=
 for a discussion of why $0 is not a good choice here
+dir=3D$(dirname "$full_cmd")
+cmd=3D${full_cmd##*/}
+
+export PYTHONPATH=3D"$dir/../../Source/Python${PYTHONPATH:+:"$PYTHONPATH"}"
+exec "${python_exe:-python}" "$dir/../../Source/Python/Capsule/$cmd.py" "$=
@"
diff --git a/BaseTools/BinWrappers/WindowsLike/GenerateCapsule.bat b/BaseTo=
ols/BinWrappers/WindowsLike/GenerateCapsule.bat
new file mode 100644
index 0000000000..ca442d181b
--- /dev/null
+++ b/BaseTools/BinWrappers/WindowsLike/GenerateCapsule.bat
@@ -0,0 +1 @@
+@%PYTHON_HOME%\python.exe %BASE_TOOLS_PATH%\Source\Python\Capsule\Generate=
Capsule.py %*
diff --git a/BaseTools/Source/Python/Capsule/GenerateCapsule.py b/BaseTools=
/Source/Python/Capsule/GenerateCapsule.py
new file mode 100644
index 0000000000..4018dc0420
--- /dev/null
+++ b/BaseTools/Source/Python/Capsule/GenerateCapsule.py
@@ -0,0 +1,522 @@
+## @file
+# Generate a capsule.
+#
+# Copyright (c) 2018, Intel Corporation. All rights reserved.<BR>
+# This program and the accompanying materials
+# are licensed and made available under the terms and conditions of the BS=
D License
+# which accompanies this distribution.  The full text of the license may b=
e found at
+# http://opensource.org/licenses/bsd-license.php
+#
+# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMP=
LIED.
+#
+
+'''
+GenerateCapsule
+'''
+
+import sys
+import argparse
+import uuid
+import struct
+import subprocess
+import os
+import tempfile
+import shutil
+import platform
+from Common.Uefi.Capsule.UefiCapsuleHeader import UefiCapsuleHeaderClass
+from Common.Uefi.Capsule.FmpCapsuleHeader  import FmpCapsuleHeaderClass
+from Common.Uefi.Capsule.FmpAuthHeader     import FmpAuthHeaderClass
+from Common.Edk2.Capsule.FmpPayloadHeader  import FmpPayloadHeaderClass
+
+#
+# Globals for help information
+#
+__prog__        =3D 'GenerateCapsule'
+__version__     =3D '0.9'
+__copyright__   =3D 'Copyright (c) 2018, Intel Corporation. All rights res=
erved.'
+__description__ =3D 'Generate a capsule.\n'
+
+def SignPayloadSignTool (Payload, ToolPath, PfxFile):
+    #
+    # Create a temporary directory
+    #
+    TempDirectoryName =3D tempfile.mkdtemp()
+
+    #
+    # Generate temp file name for the payload contents
+    #
+    TempFileName =3D os.path.join (TempDirectoryName, 'Payload.bin')
+
+    #
+    # Create temporary payload file for signing
+    #
+    try:
+        File =3D open (TempFileName, mode=3D'wb')
+        File.write (Payload)
+        File.close ()
+    except:
+        shutil.rmtree (TempDirectoryName)
+        raise ValueError ('GenerateCapsule: error: can not write temporary=
 payload file.')
+
+    #
+    # Build signtool command
+    #
+    if ToolPath is None:
+        ToolPath =3D ''
+    Command =3D ''
+    Command =3D Command + '"{Path}" '.format (Path =3D os.path.join (ToolP=
ath, 'signtool.exe'))
+    Command =3D Command + 'sign /fd sha256 /p7ce DetachedSignedData /p7co =
1.2.840.113549.1.7.2 '
+    Command =3D Command + '/p7 {TempDir} '.format (TempDir =3D TempDirecto=
ryName)
+    Command =3D Command + '/f {PfxFile} '.format (PfxFile =3D PfxFile)
+    Command =3D Command + TempFileName
+
+    #
+    # Sign the input file using the specified private key
+    #
+    try:
+        Process =3D subprocess.Popen (Command, stdin =3D subprocess.PIPE, =
stdout =3D subprocess.PIPE, stderr =3D subprocess.PIPE, shell =3D True)
+        Result =3D Process.communicate('')
+    except:
+        shutil.rmtree (TempDirectoryName)
+        raise ValueError ('GenerateCapsule: error: can not run signtool.')
+
+    if Process.returncode !=3D 0:
+        shutil.rmtree (TempDirectoryName)
+        print (Result[1].decode())
+        raise ValueError ('GenerateCapsule: error: signtool failed.')
+
+    #
+    # Read the signature from the generated output file
+    #
+    try:
+        File =3D open (TempFileName + '.p7', mode=3D'rb')
+        Signature =3D File.read ()
+        File.close ()
+    except:
+        shutil.rmtree (TempDirectoryName)
+        raise ValueError ('GenerateCapsule: error: can not read signature =
file.')
+
+    shutil.rmtree (TempDirectoryName)
+    return Signature
+
+def VerifyPayloadSignTool (Payload, CertData, ToolPath, PfxFile):
+    print ('signtool verify is not supported.')
+    raise ValueError ('GenerateCapsule: error: signtool verify is not supp=
orted.')
+
+def SignPayloadOpenSsl (Payload, ToolPath, SignerPrivateCertFile, OtherPub=
licCertFile, TrustedPublicCertFile):
+    #
+    # Build openssl command
+    #
+    if ToolPath is None:
+        ToolPath =3D ''
+    Command =3D ''
+    Command =3D Command + '"{Path}" '.format (Path =3D os.path.join (ToolP=
ath, 'openssl'))
+    Command =3D Command + 'smime -sign -binary -outform DER -md sha256 '
+    Command =3D Command + '-signer "{Private}" -certfile "{Public}"'.forma=
t (Private =3D SignerPrivateCertFile, Public =3D OtherPublicCertFile)
+
+    #
+    # Sign the input file using the specified private key and capture sign=
ature from STDOUT
+    #
+    try:
+        Process =3D subprocess.Popen (Command, stdin =3D subprocess.PIPE, =
stdout =3D subprocess.PIPE, stderr =3D subprocess.PIPE, shell =3D True)
+        Result =3D Process.communicate(input =3D Payload)
+        Signature =3D Result[0]
+    except:
+        raise ValueError ('GenerateCapsule: error: can not run openssl.')
+
+    if Process.returncode !=3D 0:
+        print (Result[1].decode())
+        raise ValueError ('GenerateCapsule: error: openssl failed.')
+
+    return Signature
+
+def VerifyPayloadOpenSsl (Payload, CertData, ToolPath, SignerPrivateCertFi=
le, OtherPublicCertFile, TrustedPublicCertFile):
+    #
+    # Create a temporary directory
+    #
+    TempDirectoryName =3D tempfile.mkdtemp()
+
+    #
+    # Generate temp file name for the payload contents
+    #
+    TempFileName =3D os.path.join (TempDirectoryName, 'Payload.bin')
+
+    #
+    # Create temporary payload file for verification
+    #
+    try:
+        File =3D open (TempFileName, mode=3D'wb')
+        File.write (Payload)
+        File.close ()
+    except:
+        shutil.rmtree (TempDirectoryName)
+        raise ValueError ('GenerateCapsule: error: can not write temporary=
 payload file.')
+
+    #
+    # Build openssl command
+    #
+    if ToolPath is None:
+        ToolPath =3D ''
+    Command =3D ''
+    Command =3D Command + '"{Path}" '.format (Path =3D os.path.join (ToolP=
ath, 'openssl'))
+    Command =3D Command + 'smime -verify -inform DER '
+    Command =3D Command + '-content {Content} -CAfile "{Public}"'.format (=
Content =3D TempFileName, Public =3D TrustedPublicCertFile)
+
+    #
+    # Verify signature
+    #
+    try:
+        Process =3D subprocess.Popen (Command, stdin =3D subprocess.PIPE, =
stdout =3D subprocess.PIPE, stderr =3D subprocess.PIPE, shell =3D True)
+        Result =3D Process.communicate(input =3D CertData)
+    except:
+        shutil.rmtree (TempDirectoryName)
+        raise ValueError ('GenerateCapsule: error: can not run openssl.')
+
+    if Process.returncode !=3D 0:
+        shutil.rmtree (TempDirectoryName)
+        print (Result[1].decode())
+        raise ValueError ('GenerateCapsule: error: openssl failed.')
+
+    shutil.rmtree (TempDirectoryName)
+    return Payload
+
+if __name__ =3D=3D '__main__':
+    def convert_arg_line_to_args(arg_line):
+        for arg in arg_line.split():
+            if not arg.strip():
+                continue
+            yield arg
+
+    def ValidateUnsignedInteger (Argument):
+        try:
+            Value =3D int (Argument, 0)
+        except:
+            Message =3D '{Argument} is not a valid integer value.'.format =
(Argument =3D Argument)
+            raise argparse.ArgumentTypeError (Message)
+        if Value < 0:
+            Message =3D '{Argument} is a negative value.'.format (Argument=
 =3D Argument)
+            raise argparse.ArgumentTypeError (Message)
+        return Value
+
+    def ValidateRegistryFormatGuid (Argument):
+        try:
+            Value =3D uuid.UUID (Argument)
+        except:
+            Message =3D '{Argument} is not a valid registry format GUID va=
lue.'.format (Argument =3D Argument)
+            raise argparse.ArgumentTypeError (Message)
+        return Value
+
+    #
+    # Create command line argument parser object
+    #
+    parser =3D argparse.ArgumentParser (
+                        prog =3D __prog__,
+                        description =3D __description__ + __copyright__,
+                        conflict_handler =3D 'resolve',
+                        fromfile_prefix_chars =3D '@'
+                        )
+    parser.convert_arg_line_to_args =3D convert_arg_line_to_args
+
+    #
+    # Add input and output file arguments
+    #
+    parser.add_argument("InputFile",  type =3D argparse.FileType('rb'),
+                        help =3D "Input binary payload filename.")
+    parser.add_argument("-o", "--output", dest =3D 'OutputFile', type =3D =
argparse.FileType('wb'),
+                        help =3D "Output filename.")
+    #
+    # Add group for -e and -d flags that are mutually exclusive and requir=
ed
+    #
+    group =3D parser.add_mutually_exclusive_group (required =3D True)
+    group.add_argument ("-e", "--encode", dest =3D 'Encode', action =3D "s=
tore_true",
+                        help =3D "Encode file")
+    group.add_argument ("-d", "--decode", dest =3D 'Decode', action =3D "s=
tore_true",
+                        help =3D "Decode file")
+    group.add_argument ("--dump-info", dest =3D 'DumpInfo', action =3D "st=
ore_true",
+                        help =3D "Display FMP Payload Header information")
+    #
+    # Add optional arguments for this command
+    #
+    parser.add_argument ("--capflag", dest =3D 'CapsuleFlag', action=3D'ap=
pend', default =3D [],
+                         choices=3D['PersistAcrossReset', 'PopulateSystemT=
able', 'InitiateReset'],
+                         help =3D "Capsule flag can be PersistAcrossReset,=
 or PopulateSystemTable or InitiateReset or not set")
+    parser.add_argument ("--capoemflag", dest =3D 'CapsuleOemFlag', type =
=3D ValidateUnsignedInteger, default =3D 0x0000,
+                         help =3D "Capsule OEM Flag is an integer between =
0x0000 and 0xffff.")
+
+    parser.add_argument ("--guid", dest =3D 'Guid', type =3D ValidateRegis=
tryFormatGuid,
+                         help =3D "The FMP/ESRT GUID in registry format.  =
Required for encode operations.")
+    parser.add_argument ("--hardware-instance", dest =3D 'HardwareInstance=
', type =3D ValidateUnsignedInteger, default =3D 0x0000000000000000,
+                         help =3D "The 64-bit hardware instance.  The defa=
ult is 0x0000000000000000")
+
+
+    parser.add_argument ("--monotonic-count", dest =3D 'MonotonicCount', t=
ype =3D ValidateUnsignedInteger, default =3D 0x0000000000000000,
+                         help =3D "64-bit monotonic count value in header.=
  Default is 0x0000000000000000.")
+
+    parser.add_argument ("--fw-version", dest =3D 'FwVersion', type =3D Va=
lidateUnsignedInteger,
+                         help =3D "The 32-bit version of the binary payloa=
d (e.g. 0x11223344 or 5678).")
+    parser.add_argument ("--lsv", dest =3D 'LowestSupportedVersion', type =
=3D ValidateUnsignedInteger,
+                         help =3D "The 32-bit lowest supported version of =
the binary payload (e.g. 0x11223344 or 5678).")
+
+    parser.add_argument ("--pfx-file", dest=3D'SignToolPfxFile', type=3Dar=
gparse.FileType('rb'),
+                         help=3D"signtool PFX certificate filename.")
+
+    parser.add_argument ("--signer-private-cert", dest=3D'OpenSslSignerPri=
vateCertFile', type=3Dargparse.FileType('rb'),
+                         help=3D"OpenSSL signer private certificate filena=
me.")
+    parser.add_argument ("--other-public-cert", dest=3D'OpenSslOtherPublic=
CertFile', type=3Dargparse.FileType('rb'),
+                         help=3D"OpenSSL other public certificate filename=
.")
+    parser.add_argument ("--trusted-public-cert", dest=3D'OpenSslTrustedPu=
blicCertFile', type=3Dargparse.FileType('rb'),
+                         help=3D"OpenSSL trusted public certificate filena=
me.")
+
+    parser.add_argument ("--signing-tool-path", dest =3D 'SigningToolPath',
+                         help =3D "Path to signtool or OpenSSL tool.  Opti=
onal if path to tools are already in PATH.")
+
+    #
+    # Add optional arguments common to all operations
+    #
+    parser.add_argument ('--version', action=3D'version', version=3D'%(pro=
g)s ' + __version__)
+    parser.add_argument ("-v", "--verbose", dest =3D 'Verbose', action =3D=
 "store_true",
+                         help =3D "Turn on verbose output with information=
al messages printed, including capsule headers and warning messages.")
+    parser.add_argument ("-q", "--quiet", dest =3D 'Quiet', action =3D "st=
ore_true",
+                         help =3D "Disable all messages except fatal error=
s.")
+    parser.add_argument ("--debug", dest =3D 'Debug', type =3D int, metava=
r =3D '[0-9]', choices =3D range (0, 10), default =3D 0,
+                         help =3D "Set debug level")
+
+    #
+    # Parse command line arguments
+    #
+    args =3D parser.parse_args()
+
+    #
+    # Perform additional argument verification
+    #
+    if args.Encode:
+        if args.Guid is None:
+            parser.error ('the following option is required: --guid')
+        if 'PersistAcrossReset' not in args.CapsuleFlag:
+            if 'PopulateSystemTable' in args.CapsuleFlag:
+                parser.error ('--capflag PopulateSystemTable also requires=
 --capflag PersistAcrossReset')
+            if 'InitiateReset' in args.CapsuleFlag:
+                parser.error ('--capflag InitiateReset also requires --cap=
flag PersistAcrossReset')
+
+    UseSignTool =3D args.SignToolPfxFile is not None
+    UseOpenSsl  =3D (args.OpenSslSignerPrivateCertFile is not None and
+                   args.OpenSslOtherPublicCertFile is not None and
+                   args.OpenSslTrustedPublicCertFile is not None)
+    AnyOpenSsl  =3D (args.OpenSslSignerPrivateCertFile is not None or
+                   args.OpenSslOtherPublicCertFile is not None or
+                   args.OpenSslTrustedPublicCertFile is not None)
+    if args.Encode or args.Decode:
+        if args.OutputFile is None:
+            parser.error ('the following option is required for all encode=
 and decode operations: --output')
+
+        if UseSignTool and AnyOpenSsl:
+            parser.error ('Providing both signtool and OpenSSL options is =
not supported')
+        if not UseSignTool and not UseOpenSsl and AnyOpenSsl:
+            parser.error ('all the following options are required for Open=
SSL: --signer-private-cert, --other-public-cert, --trusted-public-cert')
+        if UseSignTool and platform.system() !=3D 'Windows':
+            parser.error ('Use of signtool is not supported on this operat=
ing system.')
+        if args.Encode and (UseSignTool or UseOpenSsl):
+            if args.FwVersion is None or args.LowestSupportedVersion is No=
ne:
+                parser.error ('the following options are required: --fw-ve=
rsion, --lsv')
+
+        if UseSignTool:
+            args.SignToolPfxFile.close()
+            args.SignToolPfxFile =3D args.SignToolPfxFile.name
+        if UseOpenSsl:
+            args.OpenSslSignerPrivateCertFile.close()
+            args.OpenSslOtherPublicCertFile.close()
+            args.OpenSslTrustedPublicCertFile.close()
+            args.OpenSslSignerPrivateCertFile =3D args.OpenSslSignerPrivat=
eCertFile.name
+            args.OpenSslOtherPublicCertFile   =3D args.OpenSslOtherPublicC=
ertFile.name
+            args.OpenSslTrustedPublicCertFile =3D args.OpenSslTrustedPubli=
cCertFile.name
+
+    #
+    # Read binary input file
+    #
+    try:
+        if args.Verbose:
+            print ('Read binary input file {File}'.format (File =3D args.I=
nputFile.name))
+        Buffer =3D args.InputFile.read ()
+        args.InputFile.close ()
+    except:
+        print ('GenerateCapsule: error: can not read binary input file {Fi=
le}'.format (File =3D args.InputFile.name))
+        sys.exit (1)
+
+    #
+    # Create objects
+    #
+    UefiCapsuleHeader =3D UefiCapsuleHeaderClass ()
+    FmpCapsuleHeader  =3D FmpCapsuleHeaderClass ()
+    FmpAuthHeader     =3D FmpAuthHeaderClass ()
+    FmpPayloadHeader  =3D FmpPayloadHeaderClass ()
+
+    if args.Encode:
+        Result =3D Buffer
+        if UseSignTool or UseOpenSsl:
+            try:
+                FmpPayloadHeader.FwVersion              =3D args.FwVersion
+                FmpPayloadHeader.LowestSupportedVersion =3D args.LowestSup=
portedVersion
+                FmpPayloadHeader.Payload                =3D Result
+                Result =3D FmpPayloadHeader.Encode ()
+                if args.Verbose:
+                    FmpPayloadHeader.DumpInfo ()
+            except:
+                print ('GenerateCapsule: error: can not encode FMP Payload=
 Header')
+                sys.exit (1)
+
+            #
+            # Sign image with 64-bit MonotonicCount appended to end of ima=
ge
+            #
+            try:
+                if UseSignTool:
+                    CertData =3D SignPayloadSignTool (
+                                 Result + struct.pack ('<Q', args.Monotoni=
cCount),
+                                 args.SigningToolPath,
+                                 args.SignToolPfxFile
+                                 )
+                else:
+                    CertData =3D SignPayloadOpenSsl (
+                                 Result + struct.pack ('<Q', args.Monotoni=
cCount),
+                                 args.SigningToolPath,
+                                 args.OpenSslSignerPrivateCertFile,
+                                 args.OpenSslOtherPublicCertFile,
+                                 args.OpenSslTrustedPublicCertFile
+                                 )
+            except:
+                print ('GenerateCapsule: error: can not sign payload')
+                raise
+                sys.exit (1)
+
+            try:
+                FmpAuthHeader.MonotonicCount =3D args.MonotonicCount
+                FmpAuthHeader.CertData       =3D CertData
+                FmpAuthHeader.Payload        =3D Result
+                Result =3D FmpAuthHeader.Encode ()
+                if args.Verbose:
+                    FmpAuthHeader.DumpInfo ()
+            except:
+                print ('GenerateCapsule: error: can not encode FMP Auth He=
ader')
+                sys.exit (1)
+
+        try:
+            FmpCapsuleHeader.AddPayload (args.Guid, Result, HardwareInstan=
ce =3D args.HardwareInstance)
+            Result =3D FmpCapsuleHeader.Encode ()
+            if args.Verbose:
+                FmpCapsuleHeader.DumpInfo ()
+        except:
+            print ('GenerateCapsule: error: can not encode FMP Capsule Hea=
der')
+            sys.exit (1)
+
+        try:
+            UefiCapsuleHeader.OemFlags            =3D args.CapsuleOemFlag
+            UefiCapsuleHeader.PersistAcrossReset  =3D 'PersistAcrossReset'=
  in args.CapsuleFlag
+            UefiCapsuleHeader.PopulateSystemTable =3D 'PopulateSystemTable=
' in args.CapsuleFlag
+            UefiCapsuleHeader.InitiateReset       =3D 'InitiateReset'     =
  in args.CapsuleFlag
+            UefiCapsuleHeader.Payload             =3D Result
+            Result =3D UefiCapsuleHeader.Encode ()
+            if args.Verbose:
+                UefiCapsuleHeader.DumpInfo ()
+        except:
+            print ('GenerateCapsule: error: can not encode UEFI Capsule He=
ader')
+            sys.exit (1)
+
+    elif args.Decode:
+        try:
+            Result =3D UefiCapsuleHeader.Decode (Buffer)
+            FmpCapsuleHeader.Decode (Result)
+            Result =3D FmpCapsuleHeader.GetFmpCapsuleImageHeader (0).Paylo=
ad
+            if args.Verbose:
+                print ('=3D=3D=3D=3D=3D=3D=3D=3D')
+                UefiCapsuleHeader.DumpInfo ()
+                print ('--------')
+                FmpCapsuleHeader.DumpInfo ()
+            if UseSignTool or UseOpenSsl:
+                Result =3D FmpAuthHeader.Decode (Result)
+
+                #
+                # Verify Image with 64-bit MonotonicCount appended to end =
of image
+                #
+                try:
+                  if UseSignTool:
+                      CertData =3D VerifyPayloadSignTool (
+                                   FmpAuthHeader.Payload + struct.pack ('<=
Q', FmpAuthHeader.MonotonicCount),
+                                   FmpAuthHeader.CertData,
+                                   args.SigningToolPath,
+                                   args.SignToolPfxFile
+                                   )
+                  else:
+                      CertData =3D VerifyPayloadOpenSsl (
+                                   FmpAuthHeader.Payload + struct.pack ('<=
Q', FmpAuthHeader.MonotonicCount),
+                                   FmpAuthHeader.CertData,
+                                   args.SigningToolPath,
+                                   args.OpenSslSignerPrivateCertFile,
+                                   args.OpenSslOtherPublicCertFile,
+                                   args.OpenSslTrustedPublicCertFile
+                                   )
+                except ValueError:
+                    print ('GenerateCapsule: warning: can not verify paylo=
ad.')
+
+                Result =3D FmpPayloadHeader.Decode (Result)
+                if args.Verbose:
+                    print ('--------')
+                    FmpAuthHeader.DumpInfo ()
+                    print ('--------')
+                    FmpPayloadHeader.DumpInfo ()
+            else:
+                if args.Verbose:
+                    print ('--------')
+                    print ('No EFI_FIRMWARE_IMAGE_AUTHENTICATION')
+                    print ('--------')
+                    print ('No FMP_PAYLOAD_HEADER')
+            if args.Verbose:
+                print ('=3D=3D=3D=3D=3D=3D=3D=3D')
+        except:
+            print ('GenerateCapsule: error: can not decode capsule')
+            raise
+            sys.exit (1)
+
+    elif args.DumpInfo:
+        try:
+            Result =3D UefiCapsuleHeader.Decode (Buffer)
+            FmpCapsuleHeader.Decode (Result)
+            Result =3D FmpCapsuleHeader.GetFmpCapsuleImageHeader (0).Paylo=
ad
+            print ('=3D=3D=3D=3D=3D=3D=3D=3D')
+            UefiCapsuleHeader.DumpInfo ()
+            print ('--------')
+            FmpCapsuleHeader.DumpInfo ()
+            try:
+                Result =3D FmpAuthHeader.Decode (Result)
+                Result =3D FmpPayloadHeader.Decode (Result)
+                print ('--------')
+                FmpAuthHeader.DumpInfo ()
+                print ('--------')
+                FmpPayloadHeader.DumpInfo ()
+            except:
+                print ('--------')
+                print ('No EFI_FIRMWARE_IMAGE_AUTHENTICATION')
+                print ('--------')
+                print ('No FMP_PAYLOAD_HEADER')
+            print ('=3D=3D=3D=3D=3D=3D=3D=3D')
+        except:
+            print ('GenerateCapsule: error: can not decode capsule')
+            sys.exit (1)
+    else:
+        print('GenerateCapsule: error: invalid options')
+        sys.exit (1)
+
+    #
+    # Write binary output file
+    #
+    if args.OutputFile is not None:
+        try:
+            if args.Verbose:
+                print ('Write binary output file {File}'.format (File =3D =
args.OutputFile.name))
+            args.OutputFile.write (Result)
+            args.OutputFile.close ()
+        except:
+            print ('GenerateCapsule: error: can not write binary output fi=
le {File}'.format (File =3D args.OutputFile.name))
+            sys.exit (1)
+
+    if args.Verbose:
+        print('Success')
diff --git a/BaseTools/Source/Python/Common/Edk2/Capsule/FmpPayloadHeader.p=
y b/BaseTools/Source/Python/Common/Edk2/Capsule/FmpPayloadHeader.py
new file mode 100644
index 0000000000..0ed51752d3
--- /dev/null
+++ b/BaseTools/Source/Python/Common/Edk2/Capsule/FmpPayloadHeader.py
@@ -0,0 +1,91 @@
+## @file
+# Module that encodes and decodes a FMP_PAYLOAD_HEADER with a payload.
+# The FMP_PAYLOAD_HEADER is processed by the FmpPayloadHeaderLib in the
+# FmpDevicePkg.
+#
+# Copyright (c) 2018, Intel Corporation. All rights reserved.<BR>
+# This program and the accompanying materials
+# are licensed and made available under the terms and conditions of the BS=
D License
+# which accompanies this distribution.  The full text of the license may b=
e found at
+# http://opensource.org/licenses/bsd-license.php
+#
+# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMP=
LIED.
+#
+
+'''
+FmpPayloadHeader
+'''
+
+import struct
+
+def _SIGNATURE_32 (A, B, C, D):
+    return struct.unpack ('=3DI',bytearray (A + B + C + D, 'ascii'))[0]
+
+def _SIGNATURE_32_TO_STRING (Signature):
+    return struct.pack ("<I", Signature).decode ()
+
+class FmpPayloadHeaderClass (object):
+    #
+    # typedef struct {
+    #   UINT32  Signature;
+    #   UINT32  HeaderSize;
+    #   UINT32  FwVersion;
+    #   UINT32  LowestSupportedVersion;
+    # } FMP_PAYLOAD_HEADER;
+    #
+    # #define FMP_PAYLOAD_HEADER_SIGNATURE SIGNATURE_32 ('M', 'S', 'S', '1=
')
+    #
+    _StructFormat =3D '<IIII'
+    _StructSize   =3D struct.calcsize (_StructFormat)
+
+    _FMP_PAYLOAD_HEADER_SIGNATURE =3D _SIGNATURE_32 ('M', 'S', 'S', '1')
+
+    def __init__ (self):
+        self._Valid                 =3D False
+        self.Signature              =3D self._FMP_PAYLOAD_HEADER_SIGNATURE
+        self.HeaderSize             =3D self._StructSize
+        self.FwVersion              =3D 0x00000000
+        self.LowestSupportedVersion =3D 0x00000000
+        self.Payload                =3D b''
+
+    def Encode (self):
+        FmpPayloadHeader =3D struct.pack (
+                                     self._StructFormat,
+                                     self.Signature,
+                                     self.HeaderSize,
+                                     self.FwVersion,
+                                     self.LowestSupportedVersion
+                                     )
+        self._Valid =3D True
+        return FmpPayloadHeader + self.Payload
+
+    def Decode (self, Buffer):
+        if len (Buffer) < self._StructSize:
+            raise ValueError
+        (Signature, HeaderSize, FwVersion, LowestSupportedVersion) =3D \
+            struct.unpack (
+                     self._StructFormat,
+                     Buffer[0:self._StructSize]
+                     )
+        if Signature !=3D self._FMP_PAYLOAD_HEADER_SIGNATURE:
+            raise ValueError
+        if HeaderSize < self._StructSize:
+            raise ValueError
+        self.Signature              =3D Signature
+        self.HeaderSize             =3D HeaderSize
+        self.FwVersion              =3D FwVersion
+        self.LowestSupportedVersion =3D LowestSupportedVersion
+        self.Payload                =3D Buffer[self.HeaderSize:]
+
+        self._Valid                 =3D True
+        return self.Payload
+
+    def DumpInfo (self):
+        if not self._Valid:
+            raise ValueError
+        print ('FMP_PAYLOAD_HEADER.Signature              =3D {Signature:0=
8X} ({SignatureString})'.format (Signature =3D self.Signature, SignatureStr=
ing =3D _SIGNATURE_32_TO_STRING (self.Signature)))
+        print ('FMP_PAYLOAD_HEADER.HeaderSize             =3D {HeaderSize:=
08X}'.format (HeaderSize =3D self.HeaderSize))
+        print ('FMP_PAYLOAD_HEADER.FwVersion              =3D {FwVersion:0=
8X}'.format (FwVersion =3D self.FwVersion))
+        print ('FMP_PAYLOAD_HEADER.LowestSupportedVersion =3D {LowestSuppo=
rtedVersion:08X}'.format (LowestSupportedVersion =3D self.LowestSupportedVe=
rsion))
+        print ('sizeof (Payload)                          =3D {Size:08X}'.=
format (Size =3D len (self.Payload)))
diff --git a/BaseTools/Source/Python/Common/Edk2/Capsule/__init__.py b/Base=
Tools/Source/Python/Common/Edk2/Capsule/__init__.py
new file mode 100644
index 0000000000..71c6f06838
--- /dev/null
+++ b/BaseTools/Source/Python/Common/Edk2/Capsule/__init__.py
@@ -0,0 +1,15 @@
+## @file
+# Python 'Common.Edk2.Capsule' package initialization file.
+#
+# This file is required to make Python interpreter treat the directory
+# as containing package.
+#
+# Copyright (c) 2018, Intel Corporation. All rights reserved.<BR>
+# This program and the accompanying materials
+# are licensed and made available under the terms and conditions of the BS=
D License
+# which accompanies this distribution.  The full text of the license may b=
e found at
+# http://opensource.org/licenses/bsd-license.php
+#
+# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMP=
LIED.
+#
diff --git a/BaseTools/Source/Python/Common/Edk2/__init__.py b/BaseTools/So=
urce/Python/Common/Edk2/__init__.py
new file mode 100644
index 0000000000..97d925cbf8
--- /dev/null
+++ b/BaseTools/Source/Python/Common/Edk2/__init__.py
@@ -0,0 +1,15 @@
+## @file
+# Python 'Common.Edk2' package initialization file.
+#
+# This file is required to make Python interpreter treat the directory
+# as containing package.
+#
+# Copyright (c) 2018, Intel Corporation. All rights reserved.<BR>
+# This program and the accompanying materials
+# are licensed and made available under the terms and conditions of the BS=
D License
+# which accompanies this distribution.  The full text of the license may b=
e found at
+# http://opensource.org/licenses/bsd-license.php
+#
+# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMP=
LIED.
+#
diff --git a/BaseTools/Source/Python/Common/Uefi/Capsule/FmpAuthHeader.py b=
/BaseTools/Source/Python/Common/Uefi/Capsule/FmpAuthHeader.py
new file mode 100644
index 0000000000..aec52bf772
--- /dev/null
+++ b/BaseTools/Source/Python/Common/Uefi/Capsule/FmpAuthHeader.py
@@ -0,0 +1,184 @@
+## @file
+# Module that encodes and decodes a EFI_FIRMWARE_IMAGE_AUTHENTICATION with
+# certificate data and payload data.
+#
+# Copyright (c) 2018, Intel Corporation. All rights reserved.<BR>
+# This program and the accompanying materials
+# are licensed and made available under the terms and conditions of the BS=
D License
+# which accompanies this distribution.  The full text of the license may b=
e found at
+# http://opensource.org/licenses/bsd-license.php
+#
+# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMP=
LIED.
+#
+
+'''
+FmpAuthHeader
+'''
+
+import struct
+import uuid
+
+class FmpAuthHeaderClass (object):
+    # ///
+    # /// Image Attribute -Authentication Required
+    # ///
+    # typedef struct {
+    #   ///
+    #   /// It is included in the signature of AuthInfo. It is used to ens=
ure freshness/no replay.
+    #   /// It is incremented during each firmware image operation.
+    #   ///
+    #   UINT64                                  MonotonicCount;
+    #   ///
+    #   /// Provides the authorization for the firmware image operations. =
It is a signature across
+    #   /// the image data and the Monotonic Count value. Caller uses the =
private key that is
+    #   /// associated with a public key that has been provisioned via the=
 key exchange.
+    #   /// Because this is defined as a signature, WIN_CERTIFICATE_UEFI_G=
UID.CertType must
+    #   /// be EFI_CERT_TYPE_PKCS7_GUID.
+    #   ///
+    #   WIN_CERTIFICATE_UEFI_GUID               AuthInfo;
+    # } EFI_FIRMWARE_IMAGE_AUTHENTICATION;
+    #
+    # ///
+    # /// Certificate which encapsulates a GUID-specific digital signature
+    # ///
+    # typedef struct {
+    #   ///
+    #   /// This is the standard WIN_CERTIFICATE header, where
+    #   /// wCertificateType is set to WIN_CERT_TYPE_EFI_GUID.
+    #   ///
+    #   WIN_CERTIFICATE   Hdr;
+    #   ///
+    #   /// This is the unique id which determines the
+    #   /// format of the CertData. .
+    #   ///
+    #   EFI_GUID          CertType;
+    #   ///
+    #   /// The following is the certificate data. The format of
+    #   /// the data is determined by the CertType.
+    #   /// If CertType is EFI_CERT_TYPE_RSA2048_SHA256_GUID,
+    #   /// the CertData will be EFI_CERT_BLOCK_RSA_2048_SHA256 structure.
+    #   ///
+    #   UINT8            CertData[1];
+    # } WIN_CERTIFICATE_UEFI_GUID;
+    #
+    # ///
+    # /// The WIN_CERTIFICATE structure is part of the PE/COFF specificati=
on.
+    # ///
+    # typedef struct {
+    #   ///
+    #   /// The length of the entire certificate,
+    #   /// including the length of the header, in bytes.
+    #   ///
+    #   UINT32  dwLength;
+    #   ///
+    #   /// The revision level of the WIN_CERTIFICATE
+    #   /// structure. The current revision level is 0x0200.
+    #   ///
+    #   UINT16  wRevision;
+    #   ///
+    #   /// The certificate type. See WIN_CERT_TYPE_xxx for the UEFI
+    #   /// certificate types. The UEFI specification reserves the range of
+    #   /// certificate type values from 0x0EF0 to 0x0EFF.
+    #   ///
+    #   UINT16  wCertificateType;
+    #   ///
+    #   /// The following is the actual certificate. The format of
+    #   /// the certificate depends on wCertificateType.
+    #   ///
+    #   /// UINT8 bCertificate[ANYSIZE_ARRAY];
+    #   ///
+    # } WIN_CERTIFICATE;
+    #
+    # #define WIN_CERT_TYPE_EFI_GUID         0x0EF1
+    #
+    # ///
+    # /// This identifies a signature containing a DER-encoded PKCS #7 ver=
sion 1.5 [RFC2315]
+    # /// SignedData value.
+    # ///
+    # #define EFI_CERT_TYPE_PKCS7_GUID \
+    #   { \
+    #     0x4aafd29d, 0x68df, 0x49ee, {0x8a, 0xa9, 0x34, 0x7d, 0x37, 0x56,=
 0x65, 0xa7} \
+    #   }
+
+    _StructFormat =3D '<QIHH16s'
+    _StructSize   =3D struct.calcsize (_StructFormat)
+
+    _MonotonicCountFormat =3D '<Q'
+    _MonotonicCountSize   =3D struct.calcsize (_MonotonicCountFormat)
+
+    _StructAuthInfoFormat =3D '<IHH16s'
+    _StructAuthInfoSize   =3D struct.calcsize (_StructAuthInfoFormat)
+
+    _WIN_CERT_REVISION        =3D 0x0200
+    _WIN_CERT_TYPE_EFI_GUID   =3D 0x0EF1
+    _EFI_CERT_TYPE_PKCS7_GUID =3D uuid.UUID ('4aafd29d-68df-49ee-8aa9-347d=
375665a7')
+
+    def __init__ (self):
+        self._Valid              =3D False
+        self.MonotonicCount      =3D 0
+        self.dwLength            =3D self._StructAuthInfoSize
+        self.wRevision           =3D self._WIN_CERT_REVISION
+        self.wCertificateType    =3D self._WIN_CERT_TYPE_EFI_GUID
+        self.CertType            =3D self._EFI_CERT_TYPE_PKCS7_GUID
+        self.CertData            =3D b''
+        self.Payload             =3D b''
+
+
+    def Encode (self):
+        if self.wRevision !=3D self._WIN_CERT_REVISION:
+            raise ValueError
+        if self.wCertificateType !=3D self._WIN_CERT_TYPE_EFI_GUID:
+            raise ValueError
+        if self.CertType !=3D self._EFI_CERT_TYPE_PKCS7_GUID:
+            raise ValueError
+        self.dwLength =3D self._StructAuthInfoSize + len (self.CertData)
+
+        FmpAuthHeader =3D struct.pack (
+                                 self._StructFormat,
+                                 self.MonotonicCount,
+                                 self.dwLength,
+                                 self.wRevision,
+                                 self.wCertificateType,
+                                 self.CertType.bytes_le
+                                 )
+        self._Valid =3D True
+
+        return FmpAuthHeader + self.CertData + self.Payload
+
+    def Decode (self, Buffer):
+        if len (Buffer) < self._StructSize:
+            raise ValueError
+        (MonotonicCount, dwLength, wRevision, wCertificateType, CertType) =
=3D \
+            struct.unpack (
+                     self._StructFormat,
+                     Buffer[0:self._StructSize]
+                     )
+        if dwLength < self._StructAuthInfoSize:
+            raise ValueError
+        if wRevision !=3D self._WIN_CERT_REVISION:
+            raise ValueError
+        if wCertificateType !=3D self._WIN_CERT_TYPE_EFI_GUID:
+            raise ValueError
+        if CertType !=3D self._EFI_CERT_TYPE_PKCS7_GUID.bytes_le:
+            raise ValueError
+        self.MonotonicCount   =3D MonotonicCount
+        self.dwLength         =3D dwLength
+        self.wRevision        =3D wRevision
+        self.wCertificateType =3D wCertificateType
+        self.CertType         =3D uuid.UUID (bytes =3D CertType)
+        self.CertData         =3D Buffer[self._StructSize:self._MonotonicC=
ountSize + self.dwLength]
+        self.Payload          =3D Buffer[self._MonotonicCountSize + self.d=
wLength:]
+        self._Valid           =3D True
+        return self.Payload
+
+    def DumpInfo (self):
+        if not self._Valid:
+            raise ValueError
+        print ('EFI_FIRMWARE_IMAGE_AUTHENTICATION.MonotonicCount          =
      =3D {MonotonicCount:016X}'.format (MonotonicCount =3D self.MonotonicC=
ount))
+        print ('EFI_FIRMWARE_IMAGE_AUTHENTICATION.AuthInfo.Hdr.dwLength   =
      =3D {dwLength:08X}'.format (dwLength =3D self.dwLength))
+        print ('EFI_FIRMWARE_IMAGE_AUTHENTICATION.AuthInfo.Hdr.wRevision  =
      =3D {wRevision:04X}'.format (wRevision =3D self.wRevision))
+        print ('EFI_FIRMWARE_IMAGE_AUTHENTICATION.AuthInfo.Hdr.wCertificat=
eType =3D {wCertificateType:04X}'.format (wCertificateType =3D self.wCertif=
icateType))
+        print ('EFI_FIRMWARE_IMAGE_AUTHENTICATION.AuthInfo.CertType       =
      =3D {Guid}'.format (Guid =3D str(self.CertType).upper()))
+        print ('sizeof (EFI_FIRMWARE_IMAGE_AUTHENTICATION.AuthInfo.CertDat=
a)    =3D {Size:08X}'.format (Size =3D len (self.CertData)))
+        print ('sizeof (Payload)                                          =
      =3D {Size:08X}'.format (Size =3D len (self.Payload)))
diff --git a/BaseTools/Source/Python/Common/Uefi/Capsule/FmpCapsuleHeader.p=
y b/BaseTools/Source/Python/Common/Uefi/Capsule/FmpCapsuleHeader.py
new file mode 100644
index 0000000000..2461fb5068
--- /dev/null
+++ b/BaseTools/Source/Python/Common/Uefi/Capsule/FmpCapsuleHeader.py
@@ -0,0 +1,302 @@
+## @file
+# Module that encodes and decodes a EFI_FIRMWARE_MANAGEMENT_CAPSULE_HEADER=
 with
+# a payload.
+#
+# Copyright (c) 2018, Intel Corporation. All rights reserved.<BR>
+# This program and the accompanying materials
+# are licensed and made available under the terms and conditions of the BS=
D License
+# which accompanies this distribution.  The full text of the license may b=
e found at
+# http://opensource.org/licenses/bsd-license.php
+#
+# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMP=
LIED.
+#
+
+'''
+FmpCapsuleHeader
+'''
+
+import struct
+import uuid
+
+class FmpCapsuleImageHeaderClass (object):
+    # typedef struct {
+    #   UINT32   Version;
+    #
+    #   ///
+    #   /// Used to identify device firmware targeted by this update. This=
 guid is matched by
+    #   /// system firmware against ImageTypeId field within a EFI_FIRMWAR=
E_IMAGE_DESCRIPTOR
+    #   ///
+    #   EFI_GUID UpdateImageTypeId;
+    #
+    #   ///
+    #   /// Passed as ImageIndex in call to EFI_FIRMWARE_MANAGEMENT_PROTOC=
OL.SetImage ()
+    #   ///
+    #   UINT8    UpdateImageIndex;
+    #   UINT8    reserved_bytes[3];
+    #
+    #   ///
+    #   /// Size of the binary update image which immediately follows this=
 structure
+    #   ///
+    #   UINT32   UpdateImageSize;
+    #
+    #   ///
+    #   /// Size of the VendorCode bytes which optionally immediately foll=
ow binary update image in the capsule
+    #   ///
+    #   UINT32   UpdateVendorCodeSize;
+    #
+    #   ///
+    #   /// The HardwareInstance to target with this update. If value is z=
ero it means match all
+    #   /// HardwareInstances. This field allows update software to target=
 only a single device in
+    #   /// cases where there are more than one device with the same Image=
TypeId GUID.
+    #   /// This header is outside the signed data of the Authentication I=
nfo structure and
+    #   /// therefore can be modified without changing the Auth data.
+    #   ///
+    #   UINT64   UpdateHardwareInstance;
+    # } EFI_FIRMWARE_MANAGEMENT_CAPSULE_IMAGE_HEADER;
+    #
+    #  #define EFI_FIRMWARE_MANAGEMENT_CAPSULE_IMAGE_HEADER_INIT_VERSION 0=
x00000002
+
+    _StructFormat =3D '<I16sB3BIIQ'
+    _StructSize   =3D struct.calcsize (_StructFormat)
+
+    EFI_FIRMWARE_MANAGEMENT_CAPSULE_IMAGE_HEADER_INIT_VERSION =3D 0x000000=
02
+
+    def __init__ (self):
+        self._Valid                 =3D False
+        self.Version                =3D self.EFI_FIRMWARE_MANAGEMENT_CAPSU=
LE_IMAGE_HEADER_INIT_VERSION
+        self.UpdateImageTypeId      =3D uuid.UUID ('00000000-0000-0000-000=
0-000000000000')
+        self.UpdateImageIndex       =3D 0
+        self.UpdateImageSize        =3D 0
+        self.UpdateVendorCodeSize   =3D 0
+        self.UpdateHardwareInstance =3D 0x0000000000000000
+        self.Payload                =3D b''
+        self.VendorCodeBytes        =3D b''
+
+    def Encode (self):
+        self.UpdateImageSize      =3D len (self.Payload)
+        self.UpdateVendorCodeSize =3D len (self.VendorCodeBytes)
+        FmpCapsuleImageHeader =3D struct.pack (
+                                         self._StructFormat,
+                                         self.Version,
+                                         self.UpdateImageTypeId.bytes_le,
+                                         self.UpdateImageIndex,
+                                         0,0,0,
+                                         self.UpdateImageSize,
+                                         self.UpdateVendorCodeSize,
+                                         self.UpdateHardwareInstance
+                                         )
+        self._Valid =3D True
+        return FmpCapsuleImageHeader + self.Payload + self.VendorCodeBytes
+
+    def Decode (self, Buffer):
+        if len (Buffer) < self._StructSize:
+            raise ValueError
+        (Version, UpdateImageTypeId, UpdateImageIndex, r0, r1, r2, UpdateI=
mageSize, UpdateVendorCodeSize, UpdateHardwareInstance) =3D \
+            struct.unpack (
+                     self._StructFormat,
+                     Buffer[0:self._StructSize]
+                     )
+
+        if Version < self.EFI_FIRMWARE_MANAGEMENT_CAPSULE_IMAGE_HEADER_INI=
T_VERSION:
+            raise ValueError
+        if UpdateImageIndex < 1:
+            raise ValueError
+        if UpdateImageSize + UpdateVendorCodeSize !=3D len (Buffer[self._S=
tructSize:]):
+            raise ValueError
+
+        self.Version                =3D Version
+        self.UpdateImageTypeId      =3D uuid.UUID (bytes_le =3D UpdateImag=
eTypeId)
+        self.UpdateImageIndex       =3D UpdateImageIndex
+        self.UpdateImageSize        =3D UpdateImageSize
+        self.UpdateVendorCodeSize   =3D UpdateVendorCodeSize
+        self.UpdateHardwareInstance =3D UpdateHardwareInstance
+        self.Payload                =3D Buffer[self._StructSize:self._Stru=
ctSize + UpdateImageSize]
+        self.VendorCodeBytes        =3D Buffer[self._StructSize + UpdateIm=
ageSize:]
+        self._Valid                 =3D True
+        return Buffer[self._StructSize:]
+
+    def DumpInfo (self):
+        if not self._Valid:
+            raise ValueError
+        print ('EFI_FIRMWARE_MANAGEMENT_CAPSULE_IMAGE_HEADER.Version      =
          =3D {Version:08X}'.format (Version =3D self.Version))
+        print ('EFI_FIRMWARE_MANAGEMENT_CAPSULE_IMAGE_HEADER.UpdateImageTy=
peId      =3D {UpdateImageTypeId}'.format (UpdateImageTypeId =3D str(self.U=
pdateImageTypeId).upper()))
+        print ('EFI_FIRMWARE_MANAGEMENT_CAPSULE_IMAGE_HEADER.UpdateImageIn=
dex       =3D {UpdateImageIndex:08X}'.format (UpdateImageIndex =3D self.Upd=
ateImageIndex))
+        print ('EFI_FIRMWARE_MANAGEMENT_CAPSULE_IMAGE_HEADER.UpdateImageSi=
ze        =3D {UpdateImageSize:08X}'.format (UpdateImageSize =3D self.Updat=
eImageSize))
+        print ('EFI_FIRMWARE_MANAGEMENT_CAPSULE_IMAGE_HEADER.UpdateVendorC=
odeSize   =3D {UpdateVendorCodeSize:08X}'.format (UpdateVendorCodeSize =3D =
self.UpdateVendorCodeSize))
+        print ('EFI_FIRMWARE_MANAGEMENT_CAPSULE_IMAGE_HEADER.UpdateHardwar=
eInstance =3D {UpdateHardwareInstance:016X}'.format (UpdateHardwareInstance=
 =3D self.UpdateHardwareInstance))
+        print ('sizeof (Payload)                                          =
          =3D {Size:08X}'.format (Size =3D len (self.Payload)))
+        print ('sizeof (VendorCodeBytes)                                  =
          =3D {Size:08X}'.format (Size =3D len (self.VendorCodeBytes)))
+
+class FmpCapsuleHeaderClass (object):
+    # typedef struct {
+    #   UINT32 Version;
+    #
+    #   ///
+    #   /// The number of drivers included in the capsule and the number o=
f corresponding
+    #   /// offsets stored in ItemOffsetList array.
+    #   ///
+    #   UINT16 EmbeddedDriverCount;
+    #
+    #   ///
+    #   /// The number of payload items included in the capsule and the nu=
mber of
+    #   /// corresponding offsets stored in the ItemOffsetList array.
+    #   ///
+    #   UINT16 PayloadItemCount;
+    #
+    #   ///
+    #   /// Variable length array of dimension [EmbeddedDriverCount + Payl=
oadItemCount]
+    #   /// containing offsets of each of the drivers and payload items co=
ntained within the capsule
+    #   ///
+    #   // UINT64 ItemOffsetList[];
+    # } EFI_FIRMWARE_MANAGEMENT_CAPSULE_HEADER;
+    #
+    #  #define EFI_FIRMWARE_MANAGEMENT_CAPSULE_HEADER_INIT_VERSION       0=
x00000001
+    _StructFormat =3D '<IHH'
+    _StructSize   =3D struct.calcsize (_StructFormat)
+
+    _ItemOffsetFormat =3D '<Q'
+    _ItemOffsetSize   =3D struct.calcsize (_ItemOffsetFormat)
+
+    EFI_FIRMWARE_MANAGEMENT_CAPSULE_HEADER_INIT_VERSION =3D 0x00000001
+
+    def __init__ (self):
+        self._Valid                     =3D False
+        self.Version                    =3D self.EFI_FIRMWARE_MANAGEMENT_C=
APSULE_HEADER_INIT_VERSION
+        self.EmbeddedDriverCount        =3D 0
+        self.PayloadItemCount           =3D 0
+        self._ItemOffsetList            =3D []
+        self._EmbeddedDriverList        =3D []
+        self._PayloadList               =3D []
+        self._FmpCapsuleImageHeaderList =3D []
+
+    def AddEmbeddedDriver (self, EmbeddedDriver):
+        self._EmbeddedDriverList.append (EmbeddedDriver)
+
+    def GetEmbeddedDriver (self, Index):
+        if Index > len (self._EmbeddedDriverList):
+            raise ValueError
+        return self._EmbeddedDriverList[Index]
+
+    def AddPayload (self, UpdateImageTypeId, Payload =3D b'', VendorCodeBy=
tes =3D b'', HardwareInstance =3D 0):
+        self._PayloadList.append ((UpdateImageTypeId, Payload, VendorCodeB=
ytes, HardwareInstance))
+
+    def GetFmpCapsuleImageHeader (self, Index):
+        if Index >=3D len (self._FmpCapsuleImageHeaderList):
+            raise ValueError
+        return self._FmpCapsuleImageHeaderList[Index]
+
+    def Encode (self):
+        self.EmbeddedDriverCount =3D len (self._EmbeddedDriverList)
+        self.PayloadItemCount    =3D len (self._PayloadList)
+
+        FmpCapsuleHeader =3D struct.pack (
+                                    self._StructFormat,
+                                    self.Version,
+                                    self.EmbeddedDriverCount,
+                                    self.PayloadItemCount
+                                    )
+
+        FmpCapsuleData =3D b''
+        Offset =3D self._StructSize + (self.EmbeddedDriverCount + self.Pay=
loadItemCount) * self._ItemOffsetSize
+        for EmbeddedDriver in self._EmbeddedDriverList:
+            FmpCapsuleData =3D FmpCapsuleData + EmbeddedDriver
+            self._ItemOffsetList.append (Offset)
+            Offset =3D Offset + len (EmbeddedDriver)
+        Index =3D 1
+        for (UpdateImageTypeId, Payload, VendorCodeBytes, HardwareInstance=
) in self._PayloadList:
+            FmpCapsuleImageHeader =3D FmpCapsuleImageHeaderClass ()
+            FmpCapsuleImageHeader.UpdateImageTypeId      =3D UpdateImageTy=
peId
+            FmpCapsuleImageHeader.UpdateImageIndex       =3D Index
+            FmpCapsuleImageHeader.Payload                =3D Payload
+            FmpCapsuleImageHeader.VendorCodeBytes        =3D VendorCodeByt=
es
+            FmpCapsuleImageHeader.UpdateHardwareInstance =3D HardwareInsta=
nce
+            FmpCapsuleImage =3D FmpCapsuleImageHeader.Encode ()
+            FmpCapsuleData =3D FmpCapsuleData + FmpCapsuleImage
+
+            self._ItemOffsetList.append (Offset)
+            self._FmpCapsuleImageHeaderList.append (FmpCapsuleImageHeader)
+
+            Offset =3D Offset + len (FmpCapsuleImage)
+            Index =3D Index + 1
+
+        for Offset in self._ItemOffsetList:
+          FmpCapsuleHeader =3D FmpCapsuleHeader + struct.pack (self._ItemO=
ffsetFormat, Offset)
+
+        self._Valid =3D True
+        return FmpCapsuleHeader + FmpCapsuleData
+
+    def Decode (self, Buffer):
+        if len (Buffer) < self._StructSize:
+            raise ValueError
+        (Version, EmbeddedDriverCount, PayloadItemCount) =3D \
+            struct.unpack (
+                     self._StructFormat,
+                     Buffer[0:self._StructSize]
+                     )
+        if Version < self.EFI_FIRMWARE_MANAGEMENT_CAPSULE_HEADER_INIT_VERS=
ION:
+            raise ValueError
+
+        self.Version                    =3D Version
+        self.EmbeddedDriverCount        =3D EmbeddedDriverCount
+        self.PayloadItemCount           =3D PayloadItemCount
+        self._ItemOffsetList            =3D []
+        self._EmbeddedDriverList        =3D []
+        self._PayloadList               =3D []
+        self._FmpCapsuleImageHeaderList =3D []
+
+        #
+        # Parse the ItemOffsetList values
+        #
+        Offset =3D self._StructSize
+        for Index in range (0, EmbeddedDriverCount + PayloadItemCount):
+            ItemOffset =3D struct.unpack (self._ItemOffsetFormat, Buffer[O=
ffset:Offset + self._ItemOffsetSize])[0]
+            if ItemOffset >=3D len (Buffer):
+                raise ValueError
+            self._ItemOffsetList.append (ItemOffset)
+            Offset =3D Offset + self._ItemOffsetSize
+        Result =3D Buffer[Offset:]
+
+        #
+        # Parse the EmbeddedDrivers
+        #
+        for Index in range (0, EmbeddedDriverCount):
+            Offset =3D self._ItemOffsetList[Index]
+            if Index < (len (self._ItemOffsetList) - 1):
+                Length =3D self._ItemOffsetList[Index + 1] - Offset
+            else:
+                Length =3D len (Buffer) - Offset
+            self.AddEmbeddedDriver (Buffer[Offset:Offset + Length])
+
+        #
+        # Parse the Payloads that are FMP Capsule Images
+        #
+        for Index in range (EmbeddedDriverCount, EmbeddedDriverCount + Pay=
loadItemCount):
+            Offset =3D self._ItemOffsetList[Index]
+            if Index < (len (self._ItemOffsetList) - 1):
+                Length =3D self._ItemOffsetList[Index + 1] - Offset
+            else:
+                Length =3D len (Buffer) - Offset
+            FmpCapsuleImageHeader =3D FmpCapsuleImageHeaderClass ()
+            FmpCapsuleImageHeader.Decode (Buffer[Offset:Offset + Length])
+            self.AddPayload (
+                   FmpCapsuleImageHeader.UpdateImageTypeId,
+                   FmpCapsuleImageHeader.Payload,
+                   FmpCapsuleImageHeader.VendorCodeBytes
+                   )
+            self._FmpCapsuleImageHeaderList.append (FmpCapsuleImageHeader)
+
+        self._Valid =3D True
+        return Result
+
+    def DumpInfo (self):
+        if not self._Valid:
+            raise ValueError
+        print ('EFI_FIRMWARE_MANAGEMENT_CAPSULE_HEADER.Version            =
 =3D {Version:08X}'.format (Version =3D self.Version))
+        print ('EFI_FIRMWARE_MANAGEMENT_CAPSULE_HEADER.EmbeddedDriverCount=
 =3D {EmbeddedDriverCount:08X}'.format (EmbeddedDriverCount =3D self.Embedd=
edDriverCount))
+        print ('EFI_FIRMWARE_MANAGEMENT_CAPSULE_HEADER.PayloadItemCount   =
 =3D {PayloadItemCount:08X}'.format (PayloadItemCount =3D self.PayloadItemC=
ount))
+        print ('EFI_FIRMWARE_MANAGEMENT_CAPSULE_HEADER.ItemOffsetList     =
 =3D ')
+        for Offset in self._ItemOffsetList:
+            print ('  {Offset:016X}'.format (Offset =3D Offset))
+        for FmpCapsuleImageHeader in self._FmpCapsuleImageHeaderList:
+            FmpCapsuleImageHeader.DumpInfo ()
diff --git a/BaseTools/Source/Python/Common/Uefi/Capsule/UefiCapsuleHeader.=
py b/BaseTools/Source/Python/Common/Uefi/Capsule/UefiCapsuleHeader.py
new file mode 100644
index 0000000000..cfe1cb6c46
--- /dev/null
+++ b/BaseTools/Source/Python/Common/Uefi/Capsule/UefiCapsuleHeader.py
@@ -0,0 +1,136 @@
+## @file
+# Module that encodes and decodes a EFI_CAPSULE_HEADER with a payload
+#
+# Copyright (c) 2018, Intel Corporation. All rights reserved.<BR>
+# This program and the accompanying materials
+# are licensed and made available under the terms and conditions of the BS=
D License
+# which accompanies this distribution.  The full text of the license may b=
e found at
+# http://opensource.org/licenses/bsd-license.php
+#
+# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMP=
LIED.
+#
+
+'''
+UefiCapsuleHeader
+'''
+
+import struct
+import uuid
+
+class UefiCapsuleHeaderClass (object):
+    # typedef struct {
+    #   ///
+    #   /// A GUID that defines the contents of a capsule.
+    #   ///
+    #   EFI_GUID          CapsuleGuid;
+    #   ///
+    #   /// The size of the capsule header. This may be larger than the si=
ze of
+    #   /// the EFI_CAPSULE_HEADER since CapsuleGuid may imply
+    #   /// extended header entries
+    #   ///
+    #   UINT32            HeaderSize;
+    #   ///
+    #   /// Bit-mapped list describing the capsule attributes. The Flag va=
lues
+    #   /// of 0x0000 - 0xFFFF are defined by CapsuleGuid. Flag values
+    #   /// of 0x10000 - 0xFFFFFFFF are defined by this specification
+    #   ///
+    #   UINT32            Flags;
+    #   ///
+    #   /// Size in bytes of the capsule.
+    #   ///
+    #   UINT32            CapsuleImageSize;
+    # } EFI_CAPSULE_HEADER;
+    #
+    # #define CAPSULE_FLAGS_PERSIST_ACROSS_RESET          0x00010000
+    # #define CAPSULE_FLAGS_POPULATE_SYSTEM_TABLE         0x00020000
+    # #define CAPSULE_FLAGS_INITIATE_RESET                0x00040000
+    #
+    _StructFormat =3D '<16sIIII'
+    _StructSize   =3D struct.calcsize (_StructFormat)
+
+    EFI_FIRMWARE_MANAGEMENT_CAPSULE_ID_GUID =3D uuid.UUID ('6DCBD5ED-E82D-=
4C44-BDA1-7194199AD92A')
+
+    _CAPSULE_FLAGS_PERSIST_ACROSS_RESET  =3D 0x00010000
+    _CAPSULE_FLAGS_POPULATE_SYSTEM_TABLE =3D 0x00020000
+    _CAPSULE_FLAGS_INITIATE_RESET        =3D 0x00040000
+
+    def __init__ (self):
+        self._Valid              =3D False
+        self.CapsuleGuid         =3D self.EFI_FIRMWARE_MANAGEMENT_CAPSULE_=
ID_GUID
+        self.HeaderSize          =3D self._StructSize
+        self.OemFlags            =3D 0x0000
+        self.PersistAcrossReset  =3D False
+        self.PopulateSystemTable =3D False
+        self.InitiateReset       =3D False
+        self.CapsuleImageSize    =3D self.HeaderSize
+        self.Payload             =3D b''
+
+    def Encode (self):
+        Flags =3D self.OemFlags
+        if self.PersistAcrossReset:
+            Flags =3D Flags | self._CAPSULE_FLAGS_PERSIST_ACROSS_RESET
+        if self.PopulateSystemTable:
+            Flags =3D Flags | self._CAPSULE_FLAGS_POPULATE_SYSTEM_TABLE
+        if self.InitiateReset:
+            Flags =3D Flags | self._CAPSULE_FLAGS_INITIATE_RESET
+
+        self.CapsuleImageSize =3D self.HeaderSize + len (self.Payload)
+
+        UefiCapsuleHeader =3D struct.pack (
+                                     self._StructFormat,
+                                     self.CapsuleGuid.bytes_le,
+                                     self.HeaderSize,
+                                     Flags,
+                                     self.CapsuleImageSize,
+                                     0
+                                     )
+        self._Valid =3D True
+        return UefiCapsuleHeader + self.Payload
+
+    def Decode (self, Buffer):
+        if len (Buffer) < self._StructSize:
+            raise ValueError
+        (CapsuleGuid, HeaderSize, Flags, CapsuleImageSize, Reserved) =3D \
+            struct.unpack (
+                     self._StructFormat,
+                     Buffer[0:self._StructSize]
+                     )
+        if HeaderSize < self._StructSize:
+            raise ValueError
+        if CapsuleImageSize !=3D len (Buffer):
+            raise ValueError
+        self.CapsuleGuid         =3D uuid.UUID (bytes_le =3D CapsuleGuid)
+        self.HeaderSize          =3D HeaderSize
+        self.OemFlags            =3D Flags & 0xffff
+        self.PersistAcrossReset  =3D (Flags & self._CAPSULE_FLAGS_PERSIST_=
ACROSS_RESET) !=3D 0
+        self.PopulateSystemTable =3D (Flags & self._CAPSULE_FLAGS_POPULATE=
_SYSTEM_TABLE) !=3D 0
+        self.InitiateReset       =3D (Flags & self._CAPSULE_FLAGS_INITIATE=
_RESET) !=3D 0
+        self.CapsuleImageSize    =3D CapsuleImageSize
+        self.Payload             =3D Buffer[self.HeaderSize:]
+
+        self._Valid              =3D True
+        return self.Payload
+
+    def DumpInfo (self):
+        if not self._Valid:
+            raise ValueError
+        Flags =3D self.OemFlags
+        if self.PersistAcrossReset:
+            Flags =3D Flags | self._CAPSULE_FLAGS_PERSIST_ACROSS_RESET
+        if self.PopulateSystemTable:
+            Flags =3D Flags | self._CAPSULE_FLAGS_POPULATE_SYSTEM_TABLE
+        if self.InitiateReset:
+            Flags =3D Flags | self._CAPSULE_FLAGS_INITIATE_RESET
+        print ('EFI_CAPSULE_HEADER.CapsuleGuid      =3D {Guid}'.format (Gu=
id =3D str(self.CapsuleGuid).upper()))
+        print ('EFI_CAPSULE_HEADER.HeaderSize       =3D {Size:08X}'.format=
 (Size =3D self.HeaderSize))
+        print ('EFI_CAPSULE_HEADER.Flags            =3D {Flags:08X}'.forma=
t (Flags =3D Flags))
+        print ('  OEM Flags                         =3D {Flags:04X}'.forma=
t (Flags =3D self.OemFlags))
+        if self.PersistAcrossReset:
+            print ('  CAPSULE_FLAGS_PERSIST_ACROSS_RESET')
+        if self.PopulateSystemTable:
+            print ('  CAPSULE_FLAGS_POPULATE_SYSTEM_TABLE')
+        if self.InitiateReset:
+            print ('  CAPSULE_FLAGS_INITIATE_RESET')
+        print ('EFI_CAPSULE_HEADER.CapsuleImageSize =3D {Size:08X}'.format=
 (Size =3D self.CapsuleImageSize))
+        print ('sizeof (Payload)                    =3D {Size:08X}'.format=
 (Size =3D len (self.Payload)))
diff --git a/BaseTools/Source/Python/Common/Uefi/Capsule/__init__.py b/Base=
Tools/Source/Python/Common/Uefi/Capsule/__init__.py
new file mode 100644
index 0000000000..d9db4aa919
--- /dev/null
+++ b/BaseTools/Source/Python/Common/Uefi/Capsule/__init__.py
@@ -0,0 +1,15 @@
+## @file
+# Python 'Common.Uefi.Capsule' package initialization file.
+#
+# This file is required to make Python interpreter treat the directory
+# as containing package.
+#
+# Copyright (c) 2018, Intel Corporation. All rights reserved.<BR>
+# This program and the accompanying materials
+# are licensed and made available under the terms and conditions of the BS=
D License
+# which accompanies this distribution.  The full text of the license may b=
e found at
+# http://opensource.org/licenses/bsd-license.php
+#
+# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMP=
LIED.
+#
diff --git a/BaseTools/Source/Python/Common/Uefi/__init__.py b/BaseTools/So=
urce/Python/Common/Uefi/__init__.py
new file mode 100644
index 0000000000..d80219dcb3
--- /dev/null
+++ b/BaseTools/Source/Python/Common/Uefi/__init__.py
@@ -0,0 +1,15 @@
+## @file
+# Python 'Common.Uefi' package initialization file.
+#
+# This file is required to make Python interpreter treat the directory
+# as containing package.
+#
+# Copyright (c) 2018, Intel Corporation. All rights reserved.<BR>
+# This program and the accompanying materials
+# are licensed and made available under the terms and conditions of the BS=
D License
+# which accompanies this distribution.  The full text of the license may b=
e found at
+# http://opensource.org/licenses/bsd-license.php
+#
+# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMP=
LIED.
+#
--=20
2.14.2.windows.3

_______________________________________________
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel
From nobody Fri Apr 26 03:03:48 2024
Delivered-To: importer@patchew.org
Authentication-Results: mx.zohomail.com;
	spf=none (zoho.com: 198.145.21.10 is neither permitted nor denied by domain
 of lists.01.org)  smtp.mailfrom=edk2-devel-bounces@lists.01.org;
	dmarc=fail(p=none dis=none)  header.from=intel.com
Return-Path: <edk2-devel-bounces@lists.01.org>
Received: from ml01.01.org (ml01.01.org [198.145.21.10]) by mx.zohomail.com
	with SMTPS id 15331052351390.5440445411226165;
 Tue, 31 Jul 2018 23:33:55 -0700 (PDT)
Received: from [127.0.0.1] (localhost [IPv6:::1])
	by ml01.01.org (Postfix) with ESMTP id 70CF9210C7ACE;
	Tue, 31 Jul 2018 23:33:49 -0700 (PDT)
Received: from mga01.intel.com (mga01.intel.com [192.55.52.88])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by ml01.01.org (Postfix) with ESMTPS id 0D835210C7AC7
 for <edk2-devel@lists.01.org>; Tue, 31 Jul 2018 23:33:48 -0700 (PDT)
Received: from fmsmga006.fm.intel.com ([10.253.24.20])
 by fmsmga101.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384;
 31 Jul 2018 23:33:47 -0700
Received: from mdkinney-mobl2.amr.corp.intel.com ([10.254.71.234])
 by fmsmga006.fm.intel.com with ESMTP; 31 Jul 2018 23:33:47 -0700
X-Original-To: edk2-devel@lists.01.org
Received-SPF: none (zoho.com: 198.145.21.10 is neither permitted nor denied by
 domain of lists.01.org) client-ip=198.145.21.10;
 envelope-from=edk2-devel-bounces@lists.01.org; helo=ml01.01.org;
Received-SPF: Pass (sender SPF authorized) identity=mailfrom;
 client-ip=192.55.52.88; helo=mga01.intel.com;
 envelope-from=michael.d.kinney@intel.com; receiver=edk2-devel@lists.01.org
X-Amp-Result: SKIPPED(no attachment in message)
X-Amp-File-Uploaded: False
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.51,430,1526367600"; d="scan'208";a="250709203"
From: "Kinney, Michael D" <michael.d.kinney@intel.com>
To: edk2-devel@lists.01.org
Date: Tue, 31 Jul 2018 23:33:25 -0700
Message-Id: <20180801063333.17824-3-michael.d.kinney@intel.com>
X-Mailer: git-send-email 2.14.2.windows.3
In-Reply-To: <20180801063333.17824-1-michael.d.kinney@intel.com>
References: <20180801063333.17824-1-michael.d.kinney@intel.com>
Subject: [edk2] [Patch v3 02/10] BaseTools GenerateCapsule: Change property
 to executable for Linux
X-BeenThere: edk2-devel@lists.01.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: EDK II Development  <edk2-devel.lists.01.org>
List-Unsubscribe: <https://lists.01.org/mailman/options/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=unsubscribe>
List-Archive: <http://lists.01.org/pipermail/edk2-devel/>
List-Post: <mailto:edk2-devel@lists.01.org>
List-Help: <mailto:edk2-devel-request@lists.01.org?subject=help>
List-Subscribe: <https://lists.01.org/mailman/listinfo/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=subscribe>
Cc: Michael D Kinney <michael.d.kinney@intel.com>,
 Star Zeng <star.zeng@intel.com>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Errors-To: edk2-devel-bounces@lists.01.org
Sender: "edk2-devel" <edk2-devel-bounces@lists.01.org>
X-ZohoMail: RSF_4  Z_629925259 SPT_0
Content-Type: text/plain; charset="utf-8"

From: Star Zeng <star.zeng@intel.com>

Cc: Michael D Kinney <michael.d.kinney@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Michael D Kinney <michael.d.kinney@intel.com>
---
 BaseTools/BinWrappers/PosixLike/GenerateCapsule | 0
 1 file changed, 0 insertions(+), 0 deletions(-)
 mode change 100644 =3D> 100755 BaseTools/BinWrappers/PosixLike/GenerateCap=
sule

diff --git a/BaseTools/BinWrappers/PosixLike/GenerateCapsule b/BaseTools/Bi=
nWrappers/PosixLike/GenerateCapsule
old mode 100644
new mode 100755
--=20
2.14.2.windows.3

_______________________________________________
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel
From nobody Fri Apr 26 03:03:48 2024
Delivered-To: importer@patchew.org
Authentication-Results: mx.zohomail.com;
	spf=none (zoho.com: 198.145.21.10 is neither permitted nor denied by domain
 of lists.01.org)  smtp.mailfrom=edk2-devel-bounces@lists.01.org;
	dmarc=fail(p=none dis=none)  header.from=intel.com
Return-Path: <edk2-devel-bounces@lists.01.org>
Received: from ml01.01.org (ml01.01.org [198.145.21.10]) by mx.zohomail.com
	with SMTPS id 1533105239102347.1135537447261;
 Tue, 31 Jul 2018 23:33:59 -0700 (PDT)
Received: from [127.0.0.1] (localhost [IPv6:::1])
	by ml01.01.org (Postfix) with ESMTP id A086021BADAB2;
	Tue, 31 Jul 2018 23:33:49 -0700 (PDT)
Received: from mga01.intel.com (mga01.intel.com [192.55.52.88])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by ml01.01.org (Postfix) with ESMTPS id 7656C210C7AC0
 for <edk2-devel@lists.01.org>; Tue, 31 Jul 2018 23:33:48 -0700 (PDT)
Received: from fmsmga006.fm.intel.com ([10.253.24.20])
 by fmsmga101.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384;
 31 Jul 2018 23:33:48 -0700
Received: from mdkinney-mobl2.amr.corp.intel.com ([10.254.71.234])
 by fmsmga006.fm.intel.com with ESMTP; 31 Jul 2018 23:33:48 -0700
X-Original-To: edk2-devel@lists.01.org
Received-SPF: none (zoho.com: 198.145.21.10 is neither permitted nor denied by
 domain of lists.01.org) client-ip=198.145.21.10;
 envelope-from=edk2-devel-bounces@lists.01.org; helo=ml01.01.org;
Received-SPF: Pass (sender SPF authorized) identity=mailfrom;
 client-ip=192.55.52.88; helo=mga01.intel.com;
 envelope-from=michael.d.kinney@intel.com; receiver=edk2-devel@lists.01.org
X-Amp-Result: SKIPPED(no attachment in message)
X-Amp-File-Uploaded: False
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.51,430,1526367600"; d="scan'208";a="250709207"
From: "Kinney, Michael D" <michael.d.kinney@intel.com>
To: edk2-devel@lists.01.org
Date: Tue, 31 Jul 2018 23:33:26 -0700
Message-Id: <20180801063333.17824-4-michael.d.kinney@intel.com>
X-Mailer: git-send-email 2.14.2.windows.3
In-Reply-To: <20180801063333.17824-1-michael.d.kinney@intel.com>
References: <20180801063333.17824-1-michael.d.kinney@intel.com>
Subject: [edk2] [Patch v3 03/10] BaseTools/Capsule: Add max value checks to
 Capsule Generation tools
X-BeenThere: edk2-devel@lists.01.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: EDK II Development  <edk2-devel.lists.01.org>
List-Unsubscribe: <https://lists.01.org/mailman/options/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=unsubscribe>
List-Archive: <http://lists.01.org/pipermail/edk2-devel/>
List-Post: <mailto:edk2-devel@lists.01.org>
List-Help: <mailto:edk2-devel-request@lists.01.org?subject=help>
List-Subscribe: <https://lists.01.org/mailman/listinfo/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=subscribe>
Cc: Michael D Kinney <michael.d.kinney@intel.com>,
 Jiewen Yao <jiewen.yao@intel.com>, Liming Gao <liming.gao@intel.com>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Errors-To: edk2-devel-bounces@lists.01.org
Sender: "edk2-devel" <edk2-devel-bounces@lists.01.org>
X-ZohoMail: RSF_4  Z_629925259 SPT_0
Content-Type: text/plain; charset="utf-8"

https://bugzilla.tianocore.org/show_bug.cgi?id=3D1021
https://bugzilla.tianocore.org/show_bug.cgi?id=3D1022
https://bugzilla.tianocore.org/show_bug.cgi?id=3D1026

Cc: Sean Brogan <sean.brogan@microsoft.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Yonghong Zhu <yonghong.zhu@intel.com>
Cc: Liming Gao <liming.gao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com>
Reviewed-by: Yonghong Zhu <yonghong.zhu@intel.com>
---
 BaseTools/Source/Python/Capsule/GenerateCapsule.py | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/BaseTools/Source/Python/Capsule/GenerateCapsule.py b/BaseTools=
/Source/Python/Capsule/GenerateCapsule.py
index 4018dc0420..5398c12a9c 100644
--- a/BaseTools/Source/Python/Capsule/GenerateCapsule.py
+++ b/BaseTools/Source/Python/Capsule/GenerateCapsule.py
@@ -298,6 +298,12 @@ if __name__ =3D=3D '__main__':
                 parser.error ('--capflag PopulateSystemTable also requires=
 --capflag PersistAcrossReset')
             if 'InitiateReset' in args.CapsuleFlag:
                 parser.error ('--capflag InitiateReset also requires --cap=
flag PersistAcrossReset')
+        if args.CapsuleOemFlag > 0xFFFF:
+            parser.error ('--capoemflag must be an integer between 0x0000 =
and 0xffff')
+        if args.HardwareInstance > 0xFFFFFFFFFFFFFFFF:
+            parser.error ('--hardware-instance must be an integer in range=
 0x0..0xffffffffffffffff')
+        if args.MonotonicCount > 0xFFFFFFFFFFFFFFFF:
+            parser.error ('--monotonic-count must be an integer in range 0=
x0..0xffffffffffffffff')
=20
     UseSignTool =3D args.SignToolPfxFile is not None
     UseOpenSsl  =3D (args.OpenSslSignerPrivateCertFile is not None and
@@ -319,6 +325,10 @@ if __name__ =3D=3D '__main__':
         if args.Encode and (UseSignTool or UseOpenSsl):
             if args.FwVersion is None or args.LowestSupportedVersion is No=
ne:
                 parser.error ('the following options are required: --fw-ve=
rsion, --lsv')
+            if args.FwVersion > 0xFFFFFFFF:
+                parser.error ('--fw-version must be an integer in range 0x=
0..0xffffffff')
+            if args.LowestSupportedVersion > 0xFFFFFFFF:
+                parser.error ('--lsv must be an integer in range 0x0..0xff=
ffffff')
=20
         if UseSignTool:
             args.SignToolPfxFile.close()
--=20
2.14.2.windows.3

_______________________________________________
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel
From nobody Fri Apr 26 03:03:48 2024
Delivered-To: importer@patchew.org
Authentication-Results: mx.zohomail.com;
	spf=none (zoho.com: 198.145.21.10 is neither permitted nor denied by domain
 of lists.01.org)  smtp.mailfrom=edk2-devel-bounces@lists.01.org;
	dmarc=fail(p=none dis=none)  header.from=intel.com
Return-Path: <edk2-devel-bounces@lists.01.org>
Received: from ml01.01.org (ml01.01.org [198.145.21.10]) by mx.zohomail.com
	with SMTPS id 1533105242860964.5320105234592;
 Tue, 31 Jul 2018 23:34:02 -0700 (PDT)
Received: from [127.0.0.1] (localhost [IPv6:::1])
	by ml01.01.org (Postfix) with ESMTP id D005A210C7ACA;
	Tue, 31 Jul 2018 23:33:52 -0700 (PDT)
Received: from mga01.intel.com (mga01.intel.com [192.55.52.88])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by ml01.01.org (Postfix) with ESMTPS id 1C420210C7AC9
 for <edk2-devel@lists.01.org>; Tue, 31 Jul 2018 23:33:49 -0700 (PDT)
Received: from fmsmga006.fm.intel.com ([10.253.24.20])
 by fmsmga101.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384;
 31 Jul 2018 23:33:49 -0700
Received: from mdkinney-mobl2.amr.corp.intel.com ([10.254.71.234])
 by fmsmga006.fm.intel.com with ESMTP; 31 Jul 2018 23:33:48 -0700
X-Original-To: edk2-devel@lists.01.org
Received-SPF: none (zoho.com: 198.145.21.10 is neither permitted nor denied by
 domain of lists.01.org) client-ip=198.145.21.10;
 envelope-from=edk2-devel-bounces@lists.01.org; helo=ml01.01.org;
Received-SPF: Pass (sender SPF authorized) identity=mailfrom;
 client-ip=192.55.52.88; helo=mga01.intel.com;
 envelope-from=michael.d.kinney@intel.com; receiver=edk2-devel@lists.01.org
X-Amp-Result: SKIPPED(no attachment in message)
X-Amp-File-Uploaded: False
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.51,430,1526367600"; d="scan'208";a="250709214"
From: "Kinney, Michael D" <michael.d.kinney@intel.com>
To: edk2-devel@lists.01.org
Date: Tue, 31 Jul 2018 23:33:27 -0700
Message-Id: <20180801063333.17824-5-michael.d.kinney@intel.com>
X-Mailer: git-send-email 2.14.2.windows.3
In-Reply-To: <20180801063333.17824-1-michael.d.kinney@intel.com>
References: <20180801063333.17824-1-michael.d.kinney@intel.com>
Subject: [edk2] [Patch v3 04/10] BaseTools/Capsule: Remove support for
 PopulateSystemTable
X-BeenThere: edk2-devel@lists.01.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: EDK II Development  <edk2-devel.lists.01.org>
List-Unsubscribe: <https://lists.01.org/mailman/options/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=unsubscribe>
List-Archive: <http://lists.01.org/pipermail/edk2-devel/>
List-Post: <mailto:edk2-devel@lists.01.org>
List-Help: <mailto:edk2-devel-request@lists.01.org?subject=help>
List-Subscribe: <https://lists.01.org/mailman/listinfo/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=subscribe>
Cc: Michael D Kinney <michael.d.kinney@intel.com>,
 Jiewen Yao <jiewen.yao@intel.com>, Liming Gao <liming.gao@intel.com>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Errors-To: edk2-devel-bounces@lists.01.org
Sender: "edk2-devel" <edk2-devel-bounces@lists.01.org>
X-ZohoMail: RSF_4  Z_629925259 SPT_0
Content-Type: text/plain; charset="utf-8"

https://bugzilla.tianocore.org/show_bug.cgi?id=3D1030

Cc: Sean Brogan <sean.brogan@microsoft.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Yonghong Zhu <yonghong.zhu@intel.com>
Cc: Liming Gao <liming.gao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com>
Reviewed-by: Yonghong Zhu <yonghong.zhu@intel.com>
---
 BaseTools/Source/Python/Capsule/GenerateCapsule.py | 8 +++-----
 1 file changed, 3 insertions(+), 5 deletions(-)

diff --git a/BaseTools/Source/Python/Capsule/GenerateCapsule.py b/BaseTools=
/Source/Python/Capsule/GenerateCapsule.py
index 5398c12a9c..34337b2710 100644
--- a/BaseTools/Source/Python/Capsule/GenerateCapsule.py
+++ b/BaseTools/Source/Python/Capsule/GenerateCapsule.py
@@ -239,8 +239,8 @@ if __name__ =3D=3D '__main__':
     # Add optional arguments for this command
     #
     parser.add_argument ("--capflag", dest =3D 'CapsuleFlag', action=3D'ap=
pend', default =3D [],
-                         choices=3D['PersistAcrossReset', 'PopulateSystemT=
able', 'InitiateReset'],
-                         help =3D "Capsule flag can be PersistAcrossReset,=
 or PopulateSystemTable or InitiateReset or not set")
+                         choices=3D['PersistAcrossReset', 'InitiateReset'],
+                         help =3D "Capsule flag can be PersistAcrossReset =
or InitiateReset or not set")
     parser.add_argument ("--capoemflag", dest =3D 'CapsuleOemFlag', type =
=3D ValidateUnsignedInteger, default =3D 0x0000,
                          help =3D "Capsule OEM Flag is an integer between =
0x0000 and 0xffff.")
=20
@@ -294,8 +294,6 @@ if __name__ =3D=3D '__main__':
         if args.Guid is None:
             parser.error ('the following option is required: --guid')
         if 'PersistAcrossReset' not in args.CapsuleFlag:
-            if 'PopulateSystemTable' in args.CapsuleFlag:
-                parser.error ('--capflag PopulateSystemTable also requires=
 --capflag PersistAcrossReset')
             if 'InitiateReset' in args.CapsuleFlag:
                 parser.error ('--capflag InitiateReset also requires --cap=
flag PersistAcrossReset')
         if args.CapsuleOemFlag > 0xFFFF:
@@ -421,7 +419,7 @@ if __name__ =3D=3D '__main__':
         try:
             UefiCapsuleHeader.OemFlags            =3D args.CapsuleOemFlag
             UefiCapsuleHeader.PersistAcrossReset  =3D 'PersistAcrossReset'=
  in args.CapsuleFlag
-            UefiCapsuleHeader.PopulateSystemTable =3D 'PopulateSystemTable=
' in args.CapsuleFlag
+            UefiCapsuleHeader.PopulateSystemTable =3D False
             UefiCapsuleHeader.InitiateReset       =3D 'InitiateReset'     =
  in args.CapsuleFlag
             UefiCapsuleHeader.Payload             =3D Result
             Result =3D UefiCapsuleHeader.Encode ()
--=20
2.14.2.windows.3

_______________________________________________
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel
From nobody Fri Apr 26 03:03:48 2024
Delivered-To: importer@patchew.org
Authentication-Results: mx.zohomail.com;
	spf=none (zoho.com: 198.145.21.10 is neither permitted nor denied by domain
 of lists.01.org)  smtp.mailfrom=edk2-devel-bounces@lists.01.org;
	dmarc=fail(p=none dis=none)  header.from=intel.com
Return-Path: <edk2-devel-bounces@lists.01.org>
Received: from ml01.01.org (ml01.01.org [198.145.21.10]) by mx.zohomail.com
	with SMTPS id 1533105261598128.18021660521526;
 Tue, 31 Jul 2018 23:34:21 -0700 (PDT)
Received: from [127.0.0.1] (localhost [IPv6:::1])
	by ml01.01.org (Postfix) with ESMTP id 902B3210C7AE3;
	Tue, 31 Jul 2018 23:34:12 -0700 (PDT)
Received: from mga18.intel.com (mga18.intel.com [134.134.136.126])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by ml01.01.org (Postfix) with ESMTPS id A841F210C7ADE
 for <edk2-devel@lists.01.org>; Tue, 31 Jul 2018 23:34:11 -0700 (PDT)
Received: from fmsmga006.fm.intel.com ([10.253.24.20])
 by orsmga106.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384;
 31 Jul 2018 23:34:09 -0700
Received: from mdkinney-mobl2.amr.corp.intel.com ([10.254.71.234])
 by fmsmga006.fm.intel.com with ESMTP; 31 Jul 2018 23:33:49 -0700
X-Original-To: edk2-devel@lists.01.org
Received-SPF: none (zoho.com: 198.145.21.10 is neither permitted nor denied by
 domain of lists.01.org) client-ip=198.145.21.10;
 envelope-from=edk2-devel-bounces@lists.01.org; helo=ml01.01.org;
Received-SPF: Pass (sender SPF authorized) identity=mailfrom;
 client-ip=134.134.136.126; helo=mga18.intel.com;
 envelope-from=michael.d.kinney@intel.com; receiver=edk2-devel@lists.01.org
X-Amp-Result: SKIPPED(no attachment in message)
X-Amp-File-Uploaded: False
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.51,430,1526367600"; d="scan'208";a="250709220"
From: "Kinney, Michael D" <michael.d.kinney@intel.com>
To: edk2-devel@lists.01.org
Date: Tue, 31 Jul 2018 23:33:28 -0700
Message-Id: <20180801063333.17824-6-michael.d.kinney@intel.com>
X-Mailer: git-send-email 2.14.2.windows.3
In-Reply-To: <20180801063333.17824-1-michael.d.kinney@intel.com>
References: <20180801063333.17824-1-michael.d.kinney@intel.com>
Subject: [edk2] [Patch v3 05/10] BaseTools/Capsule: Fix CertType GUID byte
 order
X-BeenThere: edk2-devel@lists.01.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: EDK II Development  <edk2-devel.lists.01.org>
List-Unsubscribe: <https://lists.01.org/mailman/options/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=unsubscribe>
List-Archive: <http://lists.01.org/pipermail/edk2-devel/>
List-Post: <mailto:edk2-devel@lists.01.org>
List-Help: <mailto:edk2-devel-request@lists.01.org?subject=help>
List-Subscribe: <https://lists.01.org/mailman/listinfo/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=subscribe>
Cc: Michael D Kinney <michael.d.kinney@intel.com>,
 Jiewen Yao <jiewen.yao@intel.com>, Liming Gao <liming.gao@intel.com>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Errors-To: edk2-devel-bounces@lists.01.org
Sender: "edk2-devel" <edk2-devel-bounces@lists.01.org>
X-ZohoMail: RSF_4  Z_629925259 SPT_0
Content-Type: text/plain; charset="utf-8"

https://bugzilla.tianocore.org/show_bug.cgi?id=3D1024

Cc: Sean Brogan <sean.brogan@microsoft.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Yonghong Zhu <yonghong.zhu@intel.com>
Cc: Liming Gao <liming.gao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com>
Reviewed-by: Yonghong Zhu <yonghong.zhu@intel.com>
---
 BaseTools/Source/Python/Common/Uefi/Capsule/FmpAuthHeader.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/BaseTools/Source/Python/Common/Uefi/Capsule/FmpAuthHeader.py b=
/BaseTools/Source/Python/Common/Uefi/Capsule/FmpAuthHeader.py
index aec52bf772..ae5c1df8a4 100644
--- a/BaseTools/Source/Python/Common/Uefi/Capsule/FmpAuthHeader.py
+++ b/BaseTools/Source/Python/Common/Uefi/Capsule/FmpAuthHeader.py
@@ -166,7 +166,7 @@ class FmpAuthHeaderClass (object):
         self.dwLength         =3D dwLength
         self.wRevision        =3D wRevision
         self.wCertificateType =3D wCertificateType
-        self.CertType         =3D uuid.UUID (bytes =3D CertType)
+        self.CertType         =3D uuid.UUID (bytes_le =3D CertType)
         self.CertData         =3D Buffer[self._StructSize:self._MonotonicC=
ountSize + self.dwLength]
         self.Payload          =3D Buffer[self._MonotonicCountSize + self.d=
wLength:]
         self._Valid           =3D True
--=20
2.14.2.windows.3

_______________________________________________
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel
From nobody Fri Apr 26 03:03:48 2024
Delivered-To: importer@patchew.org
Authentication-Results: mx.zohomail.com;
	spf=none (zoho.com: 198.145.21.10 is neither permitted nor denied by domain
 of lists.01.org)  smtp.mailfrom=edk2-devel-bounces@lists.01.org;
	dmarc=fail(p=none dis=none)  header.from=intel.com
Return-Path: <edk2-devel-bounces@lists.01.org>
Received: from ml01.01.org (ml01.01.org [198.145.21.10]) by mx.zohomail.com
	with SMTPS id 1533105257866137.64944218134542;
 Tue, 31 Jul 2018 23:34:17 -0700 (PDT)
Received: from [127.0.0.1] (localhost [IPv6:::1])
	by ml01.01.org (Postfix) with ESMTP id 6A3A4210C7ADF;
	Tue, 31 Jul 2018 23:34:12 -0700 (PDT)
Received: from mga18.intel.com (mga18.intel.com [134.134.136.126])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by ml01.01.org (Postfix) with ESMTPS id 9C198210C7ADD
 for <edk2-devel@lists.01.org>; Tue, 31 Jul 2018 23:34:10 -0700 (PDT)
Received: from fmsmga006.fm.intel.com ([10.253.24.20])
 by orsmga106.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384;
 31 Jul 2018 23:34:09 -0700
Received: from mdkinney-mobl2.amr.corp.intel.com ([10.254.71.234])
 by fmsmga006.fm.intel.com with ESMTP; 31 Jul 2018 23:33:49 -0700
X-Original-To: edk2-devel@lists.01.org
Received-SPF: none (zoho.com: 198.145.21.10 is neither permitted nor denied by
 domain of lists.01.org) client-ip=198.145.21.10;
 envelope-from=edk2-devel-bounces@lists.01.org; helo=ml01.01.org;
Received-SPF: Pass (sender SPF authorized) identity=mailfrom;
 client-ip=134.134.136.126; helo=mga18.intel.com;
 envelope-from=michael.d.kinney@intel.com; receiver=edk2-devel@lists.01.org
X-Amp-Result: SKIPPED(no attachment in message)
X-Amp-File-Uploaded: False
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.51,430,1526367600"; d="scan'208";a="250709224"
From: "Kinney, Michael D" <michael.d.kinney@intel.com>
To: edk2-devel@lists.01.org
Date: Tue, 31 Jul 2018 23:33:29 -0700
Message-Id: <20180801063333.17824-7-michael.d.kinney@intel.com>
X-Mailer: git-send-email 2.14.2.windows.3
In-Reply-To: <20180801063333.17824-1-michael.d.kinney@intel.com>
References: <20180801063333.17824-1-michael.d.kinney@intel.com>
Subject: [edk2] [Patch v3 06/10] BaseTools/Capsule: Do not support -o with
 --dump-info
X-BeenThere: edk2-devel@lists.01.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: EDK II Development  <edk2-devel.lists.01.org>
List-Unsubscribe: <https://lists.01.org/mailman/options/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=unsubscribe>
List-Archive: <http://lists.01.org/pipermail/edk2-devel/>
List-Post: <mailto:edk2-devel@lists.01.org>
List-Help: <mailto:edk2-devel-request@lists.01.org?subject=help>
List-Subscribe: <https://lists.01.org/mailman/listinfo/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=subscribe>
Cc: Michael D Kinney <michael.d.kinney@intel.com>,
 Jiewen Yao <jiewen.yao@intel.com>, Liming Gao <liming.gao@intel.com>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Errors-To: edk2-devel-bounces@lists.01.org
Sender: "edk2-devel" <edk2-devel-bounces@lists.01.org>
X-ZohoMail: RSF_4  Z_629925259 SPT_0
Content-Type: text/plain; charset="utf-8"

https://bugzilla.tianocore.org/show_bug.cgi?id=3D1025

Cc: Sean Brogan <sean.brogan@microsoft.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Yonghong Zhu <yonghong.zhu@intel.com>
Cc: Liming Gao <liming.gao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com>
Reviewed-by: Yonghong Zhu <yonghong.zhu@intel.com>
---
 BaseTools/Source/Python/Capsule/GenerateCapsule.py | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/BaseTools/Source/Python/Capsule/GenerateCapsule.py b/BaseTools=
/Source/Python/Capsule/GenerateCapsule.py
index 34337b2710..3c641bdca7 100644
--- a/BaseTools/Source/Python/Capsule/GenerateCapsule.py
+++ b/BaseTools/Source/Python/Capsule/GenerateCapsule.py
@@ -339,6 +339,10 @@ if __name__ =3D=3D '__main__':
             args.OpenSslOtherPublicCertFile   =3D args.OpenSslOtherPublicC=
ertFile.name
             args.OpenSslTrustedPublicCertFile =3D args.OpenSslTrustedPubli=
cCertFile.name
=20
+    if args.DumpInfo:
+        if args.OutputFile is not None:
+            parser.error ('the following option is not supported for dumpi=
nfo operations: --output')
+
     #
     # Read binary input file
     #
--=20
2.14.2.windows.3

_______________________________________________
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel
From nobody Fri Apr 26 03:03:48 2024
Delivered-To: importer@patchew.org
Authentication-Results: mx.zohomail.com;
	spf=none (zoho.com: 198.145.21.10 is neither permitted nor denied by domain
 of lists.01.org)  smtp.mailfrom=edk2-devel-bounces@lists.01.org;
	dmarc=fail(p=none dis=none)  header.from=intel.com
Return-Path: <edk2-devel-bounces@lists.01.org>
Received: from ml01.01.org (ml01.01.org [198.145.21.10]) by mx.zohomail.com
	with SMTPS id 1533105265884582.1303715494709;
 Tue, 31 Jul 2018 23:34:25 -0700 (PDT)
Received: from [127.0.0.1] (localhost [IPv6:::1])
	by ml01.01.org (Postfix) with ESMTP id B6416210C7AEB;
	Tue, 31 Jul 2018 23:34:15 -0700 (PDT)
Received: from mga18.intel.com (mga18.intel.com [134.134.136.126])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by ml01.01.org (Postfix) with ESMTPS id B4A75210C7ADF
 for <edk2-devel@lists.01.org>; Tue, 31 Jul 2018 23:34:11 -0700 (PDT)
Received: from fmsmga006.fm.intel.com ([10.253.24.20])
 by orsmga106.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384;
 31 Jul 2018 23:34:09 -0700
Received: from mdkinney-mobl2.amr.corp.intel.com ([10.254.71.234])
 by fmsmga006.fm.intel.com with ESMTP; 31 Jul 2018 23:33:50 -0700
X-Original-To: edk2-devel@lists.01.org
Received-SPF: none (zoho.com: 198.145.21.10 is neither permitted nor denied by
 domain of lists.01.org) client-ip=198.145.21.10;
 envelope-from=edk2-devel-bounces@lists.01.org; helo=ml01.01.org;
Received-SPF: Pass (sender SPF authorized) identity=mailfrom;
 client-ip=134.134.136.126; helo=mga18.intel.com;
 envelope-from=michael.d.kinney@intel.com; receiver=edk2-devel@lists.01.org
X-Amp-Result: SKIPPED(no attachment in message)
X-Amp-File-Uploaded: False
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.51,430,1526367600"; d="scan'208";a="250709230"
From: "Kinney, Michael D" <michael.d.kinney@intel.com>
To: edk2-devel@lists.01.org
Date: Tue, 31 Jul 2018 23:33:30 -0700
Message-Id: <20180801063333.17824-8-michael.d.kinney@intel.com>
X-Mailer: git-send-email 2.14.2.windows.3
In-Reply-To: <20180801063333.17824-1-michael.d.kinney@intel.com>
References: <20180801063333.17824-1-michael.d.kinney@intel.com>
Subject: [edk2] [Patch v3 07/10] BaseTools/Capsule: Update help for
 --fw-version and --lsv
X-BeenThere: edk2-devel@lists.01.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: EDK II Development  <edk2-devel.lists.01.org>
List-Unsubscribe: <https://lists.01.org/mailman/options/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=unsubscribe>
List-Archive: <http://lists.01.org/pipermail/edk2-devel/>
List-Post: <mailto:edk2-devel@lists.01.org>
List-Help: <mailto:edk2-devel-request@lists.01.org?subject=help>
List-Subscribe: <https://lists.01.org/mailman/listinfo/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=subscribe>
Cc: Michael D Kinney <michael.d.kinney@intel.com>,
 Jiewen Yao <jiewen.yao@intel.com>, Liming Gao <liming.gao@intel.com>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Errors-To: edk2-devel-bounces@lists.01.org
Sender: "edk2-devel" <edk2-devel-bounces@lists.01.org>
X-ZohoMail: RSF_4  Z_629925259 SPT_0
Content-Type: text/plain; charset="utf-8"

Update help to state that --fw-version and -=3D-lsv are required
for encode operations that sign a payload.

https://bugzilla.tianocore.org/show_bug.cgi?id=3D1029

Cc: Sean Brogan <sean.brogan@microsoft.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Yonghong Zhu <yonghong.zhu@intel.com>
Cc: Liming Gao <liming.gao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com>
Reviewed-by: Yonghong Zhu <yonghong.zhu@intel.com>
---
 BaseTools/Source/Python/Capsule/GenerateCapsule.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/BaseTools/Source/Python/Capsule/GenerateCapsule.py b/BaseTools=
/Source/Python/Capsule/GenerateCapsule.py
index 3c641bdca7..76426dcf66 100644
--- a/BaseTools/Source/Python/Capsule/GenerateCapsule.py
+++ b/BaseTools/Source/Python/Capsule/GenerateCapsule.py
@@ -254,9 +254,9 @@ if __name__ =3D=3D '__main__':
                          help =3D "64-bit monotonic count value in header.=
  Default is 0x0000000000000000.")
=20
     parser.add_argument ("--fw-version", dest =3D 'FwVersion', type =3D Va=
lidateUnsignedInteger,
-                         help =3D "The 32-bit version of the binary payloa=
d (e.g. 0x11223344 or 5678).")
+                         help =3D "The 32-bit version of the binary payloa=
d (e.g. 0x11223344 or 5678).  Required for encode operations that sign a pa=
yload.")
     parser.add_argument ("--lsv", dest =3D 'LowestSupportedVersion', type =
=3D ValidateUnsignedInteger,
-                         help =3D "The 32-bit lowest supported version of =
the binary payload (e.g. 0x11223344 or 5678).")
+                         help =3D "The 32-bit lowest supported version of =
the binary payload (e.g. 0x11223344 or 5678).  Required for encode operatio=
ns that sign a payload.")
=20
     parser.add_argument ("--pfx-file", dest=3D'SignToolPfxFile', type=3Dar=
gparse.FileType('rb'),
                          help=3D"signtool PFX certificate filename.")
--=20
2.14.2.windows.3

_______________________________________________
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel
From nobody Fri Apr 26 03:03:48 2024
Delivered-To: importer@patchew.org
Authentication-Results: mx.zohomail.com;
	spf=none (zoho.com: 198.145.21.10 is neither permitted nor denied by domain
 of lists.01.org)  smtp.mailfrom=edk2-devel-bounces@lists.01.org;
	dmarc=fail(p=none dis=none)  header.from=intel.com
Return-Path: <edk2-devel-bounces@lists.01.org>
Received: from ml01.01.org (ml01.01.org [198.145.21.10]) by mx.zohomail.com
	with SMTPS id 153310527037352.973289797525695;
 Tue, 31 Jul 2018 23:34:30 -0700 (PDT)
Received: from [127.0.0.1] (localhost [IPv6:::1])
	by ml01.01.org (Postfix) with ESMTP id E5373210C7AEE;
	Tue, 31 Jul 2018 23:34:15 -0700 (PDT)
Received: from mga18.intel.com (mga18.intel.com [134.134.136.126])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by ml01.01.org (Postfix) with ESMTPS id CF60A210C7ADD
 for <edk2-devel@lists.01.org>; Tue, 31 Jul 2018 23:34:11 -0700 (PDT)
Received: from fmsmga006.fm.intel.com ([10.253.24.20])
 by orsmga106.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384;
 31 Jul 2018 23:34:10 -0700
Received: from mdkinney-mobl2.amr.corp.intel.com ([10.254.71.234])
 by fmsmga006.fm.intel.com with ESMTP; 31 Jul 2018 23:33:50 -0700
X-Original-To: edk2-devel@lists.01.org
Received-SPF: none (zoho.com: 198.145.21.10 is neither permitted nor denied by
 domain of lists.01.org) client-ip=198.145.21.10;
 envelope-from=edk2-devel-bounces@lists.01.org; helo=ml01.01.org;
Received-SPF: Pass (sender SPF authorized) identity=mailfrom;
 client-ip=134.134.136.126; helo=mga18.intel.com;
 envelope-from=michael.d.kinney@intel.com; receiver=edk2-devel@lists.01.org
X-Amp-Result: SKIPPED(no attachment in message)
X-Amp-File-Uploaded: False
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.51,430,1526367600"; d="scan'208";a="250709234"
From: "Kinney, Michael D" <michael.d.kinney@intel.com>
To: edk2-devel@lists.01.org
Date: Tue, 31 Jul 2018 23:33:31 -0700
Message-Id: <20180801063333.17824-9-michael.d.kinney@intel.com>
X-Mailer: git-send-email 2.14.2.windows.3
In-Reply-To: <20180801063333.17824-1-michael.d.kinney@intel.com>
References: <20180801063333.17824-1-michael.d.kinney@intel.com>
Subject: [edk2] [Patch v3 08/10] BaseTools/Capsule: Update file header with
 tool limitations
X-BeenThere: edk2-devel@lists.01.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: EDK II Development  <edk2-devel.lists.01.org>
List-Unsubscribe: <https://lists.01.org/mailman/options/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=unsubscribe>
List-Archive: <http://lists.01.org/pipermail/edk2-devel/>
List-Post: <mailto:edk2-devel@lists.01.org>
List-Help: <mailto:edk2-devel-request@lists.01.org?subject=help>
List-Subscribe: <https://lists.01.org/mailman/listinfo/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=subscribe>
Cc: Michael D Kinney <michael.d.kinney@intel.com>,
 Jiewen Yao <jiewen.yao@intel.com>, Liming Gao <liming.gao@intel.com>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Errors-To: edk2-devel-bounces@lists.01.org
Sender: "edk2-devel" <edk2-devel-bounces@lists.01.org>
X-ZohoMail: RSF_4  Z_629925259 SPT_0
Content-Type: text/plain; charset="utf-8"

Update file header to state that the tool does not support:
* Multiple payloads
* Drivers
* Vendor code bytes

https://bugzilla.tianocore.org/show_bug.cgi?id=3D1031

Cc: Sean Brogan <sean.brogan@microsoft.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Yonghong Zhu <yonghong.zhu@intel.com>
Cc: Liming Gao <liming.gao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com>
Reviewed-by: Yonghong Zhu <yonghong.zhu@intel.com>
---
 BaseTools/Source/Python/Capsule/GenerateCapsule.py | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/BaseTools/Source/Python/Capsule/GenerateCapsule.py b/BaseTools=
/Source/Python/Capsule/GenerateCapsule.py
index 76426dcf66..d829000849 100644
--- a/BaseTools/Source/Python/Capsule/GenerateCapsule.py
+++ b/BaseTools/Source/Python/Capsule/GenerateCapsule.py
@@ -1,6 +1,17 @@
 ## @file
 # Generate a capsule.
 #
+# This tool generates a UEFI Capsule around an FMP Capsule.  The capsule p=
ayload
+# be signed using signtool or OpenSSL and if it is signed the signed conte=
nt
+# includes an FMP Payload Header.
+#
+# This tool is intended to be used to generate UEFI Capsules to update the
+# system firmware or device firmware for integrated devices.  In order to
+# keep the tool as simple as possible, it has the following limitations:
+#   * Do not support multiple payloads in a capsule.
+#   * Do not support optional drivers in a capsule.
+#   * Do not support vendor code bytes in a capsule.
+#
 # Copyright (c) 2018, Intel Corporation. All rights reserved.<BR>
 # This program and the accompanying materials
 # are licensed and made available under the terms and conditions of the BS=
D License
--=20
2.14.2.windows.3

_______________________________________________
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel
From nobody Fri Apr 26 03:03:48 2024
Delivered-To: importer@patchew.org
Authentication-Results: mx.zohomail.com;
	spf=none (zoho.com: 198.145.21.10 is neither permitted nor denied by domain
 of lists.01.org)  smtp.mailfrom=edk2-devel-bounces@lists.01.org;
	dmarc=fail(p=none dis=none)  header.from=intel.com
Return-Path: <edk2-devel-bounces@lists.01.org>
Received: from ml01.01.org (ml01.01.org [198.145.21.10]) by mx.zohomail.com
	with SMTPS id 1533105252070319.8400740552902;
 Tue, 31 Jul 2018 23:34:12 -0700 (PDT)
Received: from [127.0.0.1] (localhost [IPv6:::1])
	by ml01.01.org (Postfix) with ESMTP id 0F60D210C7AD6;
	Tue, 31 Jul 2018 23:34:11 -0700 (PDT)
Received: from mga01.intel.com (mga01.intel.com [192.55.52.88])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by ml01.01.org (Postfix) with ESMTPS id 4F6AA210C7AC0
 for <edk2-devel@lists.01.org>; Tue, 31 Jul 2018 23:34:10 -0700 (PDT)
Received: from fmsmga006.fm.intel.com ([10.253.24.20])
 by fmsmga101.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384;
 31 Jul 2018 23:34:10 -0700
Received: from mdkinney-mobl2.amr.corp.intel.com ([10.254.71.234])
 by fmsmga006.fm.intel.com with ESMTP; 31 Jul 2018 23:33:51 -0700
X-Original-To: edk2-devel@lists.01.org
Received-SPF: none (zoho.com: 198.145.21.10 is neither permitted nor denied by
 domain of lists.01.org) client-ip=198.145.21.10;
 envelope-from=edk2-devel-bounces@lists.01.org; helo=ml01.01.org;
Received-SPF: Pass (sender SPF authorized) identity=mailfrom;
 client-ip=192.55.52.88; helo=mga01.intel.com;
 envelope-from=michael.d.kinney@intel.com; receiver=edk2-devel@lists.01.org
X-Amp-Result: SKIPPED(no attachment in message)
X-Amp-File-Uploaded: False
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.51,430,1526367600"; d="scan'208";a="250709239"
From: "Kinney, Michael D" <michael.d.kinney@intel.com>
To: edk2-devel@lists.01.org
Date: Tue, 31 Jul 2018 23:33:32 -0700
Message-Id: <20180801063333.17824-10-michael.d.kinney@intel.com>
X-Mailer: git-send-email 2.14.2.windows.3
In-Reply-To: <20180801063333.17824-1-michael.d.kinney@intel.com>
References: <20180801063333.17824-1-michael.d.kinney@intel.com>
Subject: [edk2] [Patch v3 09/10] BaseTools/Capsule: Prevent traceback during
 signing operations
X-BeenThere: edk2-devel@lists.01.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: EDK II Development  <edk2-devel.lists.01.org>
List-Unsubscribe: <https://lists.01.org/mailman/options/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=unsubscribe>
List-Archive: <http://lists.01.org/pipermail/edk2-devel/>
List-Post: <mailto:edk2-devel@lists.01.org>
List-Help: <mailto:edk2-devel-request@lists.01.org?subject=help>
List-Subscribe: <https://lists.01.org/mailman/listinfo/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=subscribe>
Cc: Michael D Kinney <michael.d.kinney@intel.com>,
 Jiewen Yao <jiewen.yao@intel.com>, Liming Gao <liming.gao@intel.com>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Errors-To: edk2-devel-bounces@lists.01.org
Sender: "edk2-devel" <edk2-devel-bounces@lists.01.org>
X-ZohoMail: RSF_4  Z_629925259 SPT_0
Content-Type: text/plain; charset="utf-8"

https://bugzilla.tianocore.org/show_bug.cgi?id=3D1046
https://bugzilla.tianocore.org/show_bug.cgi?id=3D1048
https://bugzilla.tianocore.org/show_bug.cgi?id=3D1050

Remove raise statements that generate Tracebacks that were only
intended for development/debug.  With the raise statements removed
proper error messages are shown.

Cc: Sean Brogan <sean.brogan@microsoft.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Yonghong Zhu <yonghong.zhu@intel.com>
Cc: Liming Gao <liming.gao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com>
Reviewed-by: Yonghong Zhu <yonghong.zhu@intel.com>
---
 BaseTools/Source/Python/Capsule/GenerateCapsule.py | 2 --
 1 file changed, 2 deletions(-)

diff --git a/BaseTools/Source/Python/Capsule/GenerateCapsule.py b/BaseTools=
/Source/Python/Capsule/GenerateCapsule.py
index d829000849..42cd1fb8ba 100644
--- a/BaseTools/Source/Python/Capsule/GenerateCapsule.py
+++ b/BaseTools/Source/Python/Capsule/GenerateCapsule.py
@@ -408,7 +408,6 @@ if __name__ =3D=3D '__main__':
                                  )
             except:
                 print ('GenerateCapsule: error: can not sign payload')
-                raise
                 sys.exit (1)
=20
             try:
@@ -496,7 +495,6 @@ if __name__ =3D=3D '__main__':
                 print ('=3D=3D=3D=3D=3D=3D=3D=3D')
         except:
             print ('GenerateCapsule: error: can not decode capsule')
-            raise
             sys.exit (1)
=20
     elif args.DumpInfo:
--=20
2.14.2.windows.3

_______________________________________________
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel
From nobody Fri Apr 26 03:03:48 2024
Delivered-To: importer@patchew.org
Authentication-Results: mx.zohomail.com;
	spf=none (zoho.com: 198.145.21.10 is neither permitted nor denied by domain
 of lists.01.org)  smtp.mailfrom=edk2-devel-bounces@lists.01.org;
	dmarc=fail(p=none dis=none)  header.from=intel.com
Return-Path: <edk2-devel-bounces@lists.01.org>
Received: from ml01.01.org (ml01.01.org [198.145.21.10]) by mx.zohomail.com
	with SMTPS id 1533105254552857.0145368177002;
 Tue, 31 Jul 2018 23:34:14 -0700 (PDT)
Received: from [127.0.0.1] (localhost [IPv6:::1])
	by ml01.01.org (Postfix) with ESMTP id 3E64F210C7ADA;
	Tue, 31 Jul 2018 23:34:11 -0700 (PDT)
Received: from mga01.intel.com (mga01.intel.com [192.55.52.88])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by ml01.01.org (Postfix) with ESMTPS id 73C3B210C7AC7
 for <edk2-devel@lists.01.org>; Tue, 31 Jul 2018 23:34:10 -0700 (PDT)
Received: from fmsmga006.fm.intel.com ([10.253.24.20])
 by fmsmga101.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384;
 31 Jul 2018 23:34:10 -0700
Received: from mdkinney-mobl2.amr.corp.intel.com ([10.254.71.234])
 by fmsmga006.fm.intel.com with ESMTP; 31 Jul 2018 23:33:51 -0700
X-Original-To: edk2-devel@lists.01.org
Received-SPF: none (zoho.com: 198.145.21.10 is neither permitted nor denied by
 domain of lists.01.org) client-ip=198.145.21.10;
 envelope-from=edk2-devel-bounces@lists.01.org; helo=ml01.01.org;
Received-SPF: Pass (sender SPF authorized) identity=mailfrom;
 client-ip=192.55.52.88; helo=mga01.intel.com;
 envelope-from=michael.d.kinney@intel.com; receiver=edk2-devel@lists.01.org
X-Amp-Result: SKIPPED(no attachment in message)
X-Amp-File-Uploaded: False
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.51,430,1526367600"; d="scan'208";a="250709244"
From: "Kinney, Michael D" <michael.d.kinney@intel.com>
To: edk2-devel@lists.01.org
Date: Tue, 31 Jul 2018 23:33:33 -0700
Message-Id: <20180801063333.17824-11-michael.d.kinney@intel.com>
X-Mailer: git-send-email 2.14.2.windows.3
In-Reply-To: <20180801063333.17824-1-michael.d.kinney@intel.com>
References: <20180801063333.17824-1-michael.d.kinney@intel.com>
Subject: [edk2] [Patch v3 10/10] BaseTools/Capsule: Support capsules without
 a payload header
X-BeenThere: edk2-devel@lists.01.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: EDK II Development  <edk2-devel.lists.01.org>
List-Unsubscribe: <https://lists.01.org/mailman/options/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=unsubscribe>
List-Archive: <http://lists.01.org/pipermail/edk2-devel/>
List-Post: <mailto:edk2-devel@lists.01.org>
List-Help: <mailto:edk2-devel-request@lists.01.org?subject=help>
List-Subscribe: <https://lists.01.org/mailman/listinfo/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=subscribe>
Cc: Michael D Kinney <michael.d.kinney@intel.com>,
 Jiewen Yao <jiewen.yao@intel.com>, Liming Gao <liming.gao@intel.com>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Errors-To: edk2-devel-bounces@lists.01.org
Sender: "edk2-devel" <edk2-devel-bounces@lists.01.org>
X-ZohoMail: RSF_4  Z_629925259 SPT_0
Content-Type: text/plain; charset="utf-8"

https://bugzilla.tianocore.org/show_bug.cgi?id=3D1028

Update --dump-info and --decode to show auth header information
even if a payload header is not present.  The --decode operation
still fails if a payload header is not present.

Cc: Sean Brogan <sean.brogan@microsoft.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Yonghong Zhu <yonghong.zhu@intel.com>
Cc: Liming Gao <liming.gao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com>
Reviewed-by: Yonghong Zhu <yonghong.zhu@intel.com>
---
 BaseTools/Source/Python/Capsule/GenerateCapsule.py | 34 +++++++++++++++---=
----
 1 file changed, 23 insertions(+), 11 deletions(-)

diff --git a/BaseTools/Source/Python/Capsule/GenerateCapsule.py b/BaseTools=
/Source/Python/Capsule/GenerateCapsule.py
index 42cd1fb8ba..7b08918857 100644
--- a/BaseTools/Source/Python/Capsule/GenerateCapsule.py
+++ b/BaseTools/Source/Python/Capsule/GenerateCapsule.py
@@ -455,6 +455,9 @@ if __name__ =3D=3D '__main__':
                 FmpCapsuleHeader.DumpInfo ()
             if UseSignTool or UseOpenSsl:
                 Result =3D FmpAuthHeader.Decode (Result)
+                if args.Verbose:
+                    print ('--------')
+                    FmpAuthHeader.DumpInfo ()
=20
                 #
                 # Verify Image with 64-bit MonotonicCount appended to end =
of image
@@ -479,20 +482,25 @@ if __name__ =3D=3D '__main__':
                 except ValueError:
                     print ('GenerateCapsule: warning: can not verify paylo=
ad.')
=20
-                Result =3D FmpPayloadHeader.Decode (Result)
-                if args.Verbose:
-                    print ('--------')
-                    FmpAuthHeader.DumpInfo ()
-                    print ('--------')
-                    FmpPayloadHeader.DumpInfo ()
+                try:
+                    Result =3D FmpPayloadHeader.Decode (Result)
+                    if args.Verbose:
+                        print ('--------')
+                        FmpPayloadHeader.DumpInfo ()
+                        print ('=3D=3D=3D=3D=3D=3D=3D=3D')
+                except:
+                    if args.Verbose:
+                        print ('--------')
+                        print ('No FMP_PAYLOAD_HEADER')
+                        print ('=3D=3D=3D=3D=3D=3D=3D=3D')
+                    raise
             else:
                 if args.Verbose:
                     print ('--------')
                     print ('No EFI_FIRMWARE_IMAGE_AUTHENTICATION')
                     print ('--------')
                     print ('No FMP_PAYLOAD_HEADER')
-            if args.Verbose:
-                print ('=3D=3D=3D=3D=3D=3D=3D=3D')
+                    print ('=3D=3D=3D=3D=3D=3D=3D=3D')
         except:
             print ('GenerateCapsule: error: can not decode capsule')
             sys.exit (1)
@@ -508,11 +516,15 @@ if __name__ =3D=3D '__main__':
             FmpCapsuleHeader.DumpInfo ()
             try:
                 Result =3D FmpAuthHeader.Decode (Result)
-                Result =3D FmpPayloadHeader.Decode (Result)
                 print ('--------')
                 FmpAuthHeader.DumpInfo ()
-                print ('--------')
-                FmpPayloadHeader.DumpInfo ()
+                try:
+                    Result =3D FmpPayloadHeader.Decode (Result)
+                    print ('--------')
+                    FmpPayloadHeader.DumpInfo ()
+                except:
+                    print ('--------')
+                    print ('No FMP_PAYLOAD_HEADER')
             except:
                 print ('--------')
                 print ('No EFI_FIRMWARE_IMAGE_AUTHENTICATION')
--=20
2.14.2.windows.3

_______________________________________________
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel