mkeficapsule - Man Page

mkeficapsule [options] [image-blob] capsule-file

mkeficapsule guidgen [GUID] DTB IMAGE_NAME...

The mkeficapsule command is used to create an EFI capsule file to be used by U-Boot for firmware updates. A capsule file may contain various types of firmware blobs which are to be applied to the system. If a capsule file is placed in the /EFI/CapusuleUpdate directory of the EFI system partition, U-Boot will try to execute the update at the next reboot.

Optionally, a capsule file can be signed with a given private key. In this case, the update will be authenticated by verifying the signature before applying.

Additionally, an empty capsule file can be generated to indicate the acceptance or rejection of firmware images by a governing component like an operating system. Empty capsules do not require an image-blob input file.

mkeficapsule takes any type of image files when generating non empty capsules, including:

raw image

format is a single binary blob of any type of firmware.

FIT (Flattened Image Tree) image

format is the same as used in the new uImage format and allows for multiple binary blobs in a single capsule file. This type of image file can be generated by mkimage.

mkeficapsule can also be used to simulate the dynamic GUID generation used to identify firmware images in capsule updates by providing the namespace guid, dtb for the board, and a list of firmware images.

-g,  --guid guid-string

Specify guid for image blob type. The format is:
   xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx

The first three elements are in little endian, while the rest is in big endian. The option must be specified for all non empty and image acceptance capsules

-i,  --index index

Specify an image index

-I,  --instance instance

Specify a hardware instance

FMP Payload Header is inserted right before the payload if --fw-version is specified

-v,  --fw-version firmware-version

Specify a firmware version, 0 if omitted

For generation of firmware accept empty capsule --guid is mandatory

-A,  --fw-accept

Generate a firmware acceptance empty capsule

-R,  --fw-revert

Generate a firmware revert empty capsule

-o,  --capoemflag

Capsule OEM flag, value between 0x0000 to 0xffff

-V,  --version

Print version information and exit.

-h,  --help

Print a help message

With signing, --private-key, --certificate and --monotonic-count are all mandatory.

-p,  --private-key private-key-file

Specify signer's private key file in PEM

-c,  --certificate certificate-file

Specify signer's certificate file in EFI certificate list format

-m,  --monotonic-count count

Specify a monotonic count which is set to be monotonically incremented at every firmware update.

-d,  --dump_sig

Dump signature data into *.p7 file

[GUID]

The namespace/salt GUID, by default this is EFI_CAPSULE_NAMESPACE_GUID. The format is:
   xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx

DTB

The device tree blob file for the board.

IMAGE_NAME...

The names of the firmware images to generate GUIDs for.

/EFI/UpdateCapsule

The directory in which all capsule files be placed

mkimage(1)

Written by AKASHI Takahiro <takahiro.akashi@linaro.org>

http://www.u-boot.org/