* [PATCH 0/2 v4] Add ESRT and test ESRT creation
@ 2021-02-23 16:49 Jose Marinho
2021-02-23 16:50 ` [PATCH 1/2 v4] efi: Add ESRT to the EFI system table Jose Marinho
2021-02-23 16:50 ` [PATCH 2/2 v4] efi: ESRT creation tests Jose Marinho
0 siblings, 2 replies; 8+ messages in thread
From: Jose Marinho @ 2021-02-23 16:49 UTC (permalink / raw)
To: u-boot
The following 2 commits add the ESRT and provide a test of the
functionality.
The first commit adds the ESRT as defined in the UEFI 2.8 specification.
An empty ESRT is created during the execution of the efi_init_obj_list().
The ESRT is updated when:
1) a FMP protocol is installed in the system: this will add the
corresponding entries to the ESRT.
2) a capsule is installed via UpdateCapsule: this should update
entries already present in the ESRT.
This implementation of the ESRT creation takes input from FMP only.
It is assumed that the FMP will maintain the following values across
reboot:
- LastAttemptVersion.
- LastAttemptStatus.
The second commit enables testing the ESRT creation in the sandbox
platform. That commit is composed of 2 tests.
- Test 1 executes from the u-boot shell with "ut lib".
- Test 2 executes in the pytest environment.
Patch v4:
- update stale [Patch 1/2 v3] commit message.
Patch v3:
- Address v2 comments.
Patch v2:
- The ESRT is now regenerated from scratch at every FMP EVT_NOTIFY_SIGNAL
and whenever a capsule is updated.
- Extended TestEfiCapsuleFirmwareFit::test_efi_capsule_fw3 to verify
that the ESRT is correctly populated after an UpdateCapsule.
- Addressed v1 comments.
Patch v1:
- reworked the ESRT creation code, allowing table to resize as
FMPs are installed.
- registered a callback for the FMP protocol install.
- Created a unit test running on the sandbox platform.
rfc: initial patch submission
CC: Heinrich Schuchardt <xypron.glpk@gmx.de>
CC: Sughosh Ganu <sughosh.ganu@linaro.org>
CC: AKASHI Takahiro <takahiro.akashi@linaro.org>
CC: Ilias Apalodimas <ilias.apalodimas@linaro.org>
CC: Andre Przywara <andre.przywara@arm.com>
CC: Alexander Graf <agraf@csgraf.de>
CC: nd at arm.com
Jose Marinho (2):
efi: Add ESRT to the EFI system table
efi: ESRT creation tests
cmd/efidebug.c | 68 +++
include/efi_api.h | 21 +
include/efi_loader.h | 20 +
lib/efi_loader/Kconfig | 7 +
lib/efi_loader/Makefile | 1 +
lib/efi_loader/efi_capsule.c | 8 +
lib/efi_loader/efi_esrt.c | 518 ++++++++++++++++++
lib/efi_loader/efi_setup.c | 6 +
test/lib/Makefile | 1 +
test/lib/efi_esrt.c | 191 +++++++
.../test_efi_capsule/test_capsule_firmware.py | 4 +
11 files changed, 845 insertions(+)
create mode 100644 lib/efi_loader/efi_esrt.c
create mode 100644 test/lib/efi_esrt.c
--
2.17.1
^ permalink raw reply [flat|nested] 8+ messages in thread
* [PATCH 1/2 v4] efi: Add ESRT to the EFI system table
2021-02-23 16:49 [PATCH 0/2 v4] Add ESRT and test ESRT creation Jose Marinho
@ 2021-02-23 16:50 ` Jose Marinho
2021-02-26 14:56 ` Heinrich Schuchardt
2021-02-23 16:50 ` [PATCH 2/2 v4] efi: ESRT creation tests Jose Marinho
1 sibling, 1 reply; 8+ messages in thread
From: Jose Marinho @ 2021-02-23 16:50 UTC (permalink / raw)
To: u-boot
The ESRT is initialised during efi_init_objlist after
efi_initialize_system_table().
The ESRT is recreated from scratch at the following events:
- successful UpdateCapsule;
- FMP instance install.
The code ensures that every ESRT entry has a unique fw_class value.
Limitations:
- The ESRT is not updated when an FMP instance is uninstalled;
- the fields image_type and flags are currently set to UNKNOWN and 0
respectively. The mapping between fw_class and the image_type/flags
fields is platform specific. A mapping function is lacking from the
current implementation but should be added in the future.
Signed-off-by: Jose Marinho <jose.marinho@arm.com>
CC: Heinrich Schuchardt <xypron.glpk@gmx.de>
CC: Sughosh Ganu <sughosh.ganu@linaro.org>
CC: AKASHI Takahiro <takahiro.akashi@linaro.org>
CC: Ilias Apalodimas <ilias.apalodimas@linaro.org>
CC: Andre Przywara <andre.przywara@arm.com>
CC: Alexander Graf <agraf@csgraf.de>
CC: nd at arm.com
---
cmd/efidebug.c | 4 +
include/efi_api.h | 21 ++
include/efi_loader.h | 20 ++
lib/efi_loader/Kconfig | 7 +
lib/efi_loader/Makefile | 1 +
lib/efi_loader/efi_capsule.c | 8 +
lib/efi_loader/efi_esrt.c | 518 +++++++++++++++++++++++++++++++++++
lib/efi_loader/efi_setup.c | 6 +
8 files changed, 585 insertions(+)
create mode 100644 lib/efi_loader/efi_esrt.c
diff --git a/cmd/efidebug.c b/cmd/efidebug.c
index bbbcb0a546..a7dace2f80 100644
--- a/cmd/efidebug.c
+++ b/cmd/efidebug.c
@@ -459,6 +459,10 @@ static const struct {
"Block IO",
EFI_BLOCK_IO_PROTOCOL_GUID,
},
+ {
+ "EFI System Resource Table",
+ EFI_SYSTEM_RESOURCE_TABLE_GUID,
+ },
{
"Simple File System",
EFI_SIMPLE_FILE_SYSTEM_PROTOCOL_GUID,
diff --git a/include/efi_api.h b/include/efi_api.h
index 48e48a6263..fb53637419 100644
--- a/include/efi_api.h
+++ b/include/efi_api.h
@@ -1722,6 +1722,23 @@ struct efi_load_file_protocol {
void *buffer);
};
+struct efi_system_resource_entry {
+ efi_guid_t fw_class;
+ u32 fw_type;
+ u32 fw_version;
+ u32 lowest_supported_fw_version;
+ u32 capsule_flags;
+ u32 last_attempt_version;
+ u32 last_attempt_status;
+} __packed;
+
+struct efi_system_resource_table {
+ u32 fw_resource_count;
+ u32 fw_resource_count_max;
+ u64 fw_resource_version;
+ struct efi_system_resource_entry entries[];
+} __packed;
+
/* Boot manager load options */
#define LOAD_OPTION_ACTIVE 0x00000001
#define LOAD_OPTION_FORCE_RECONNECT 0x00000002
@@ -1740,6 +1757,10 @@ struct efi_load_file_protocol {
#define ESRT_FW_TYPE_DEVICEFIRMWARE 0x00000002
#define ESRT_FW_TYPE_UEFIDRIVER 0x00000003
+#define EFI_SYSTEM_RESOURCE_TABLE_GUID\
+ EFI_GUID(0xb122a263, 0x3661, 0x4f68,\
+ 0x99, 0x29, 0x78, 0xf8, 0xb0, 0xd6, 0x21, 0x80)
+
/* Last Attempt Status Values */
#define LAST_ATTEMPT_STATUS_SUCCESS 0x00000000
#define LAST_ATTEMPT_STATUS_ERROR_UNSUCCESSFUL 0x00000001
diff --git a/include/efi_loader.h b/include/efi_loader.h
index f470bbd636..c2720f2823 100644
--- a/include/efi_loader.h
+++ b/include/efi_loader.h
@@ -214,6 +214,8 @@ extern const efi_guid_t efi_guid_rng_protocol;
extern const efi_guid_t efi_guid_capsule_report;
/* GUID of firmware management protocol */
extern const efi_guid_t efi_guid_firmware_management_protocol;
+/* GUID for the ESRT */
+extern const efi_guid_t efi_esrt_guid;
extern unsigned int __efi_runtime_start, __efi_runtime_stop;
extern unsigned int __efi_runtime_rel_start, __efi_runtime_rel_stop;
@@ -884,4 +886,22 @@ static inline efi_status_t efi_launch_capsules(void)
#endif /* CONFIG_IS_ENABLED(EFI_LOADER) */
+/**
+ * Install the ESRT system table.
+ *
+ * @return status code
+ */
+efi_status_t efi_esrt_register(void);
+
+/**
+ * efi_esrt_populate() - Populates the ESRT entries from the FMP instances
+ * present in the system.
+ * If an ESRT already exists, the old ESRT is replaced in the system table.
+ * The memory of the old ESRT is deallocated.
+ *
+ * Return:
+ * - EFI_SUCCESS if the ESRT is correctly created
+ * - error code otherwise.
+ */
+efi_status_t efi_esrt_populate(void);
#endif /* _EFI_LOADER_H */
diff --git a/lib/efi_loader/Kconfig b/lib/efi_loader/Kconfig
index e729f727df..a96014ce18 100644
--- a/lib/efi_loader/Kconfig
+++ b/lib/efi_loader/Kconfig
@@ -347,4 +347,11 @@ config EFI_SECURE_BOOT
it is signed with a trusted key. To do that, you need to install,
at least, PK, KEK and db.
+config EFI_ESRT
+ bool "Enable the UEFI ESRT generation"
+ depends on EFI_CAPSULE_FIRMWARE_MANAGEMENT
+ default y
+ help
+ Enabling this option creates the ESRT UEFI system table.
+
endif
diff --git a/lib/efi_loader/Makefile b/lib/efi_loader/Makefile
index 10b42e8847..9a8127846f 100644
--- a/lib/efi_loader/Makefile
+++ b/lib/efi_loader/Makefile
@@ -52,6 +52,7 @@ obj-y += efi_variable.o
obj-$(CONFIG_EFI_VARIABLES_PRESEED) += efi_var_seed.o
endif
obj-y += efi_watchdog.o
+obj-$(CONFIG_EFI_ESRT) += efi_esrt.o
obj-$(CONFIG_LCD) += efi_gop.o
obj-$(CONFIG_DM_VIDEO) += efi_gop.o
obj-$(CONFIG_PARTITIONS) += efi_disk.o
diff --git a/lib/efi_loader/efi_capsule.c b/lib/efi_loader/efi_capsule.c
index b57f0302c5..a1a69e619d 100644
--- a/lib/efi_loader/efi_capsule.c
+++ b/lib/efi_loader/efi_capsule.c
@@ -482,6 +482,14 @@ efi_status_t EFIAPI efi_update_capsule(
goto out;
}
out:
+
+ if (IS_ENABLED(CONFIG_EFI_ESRT)) {
+ /* Rebuild the ESRT to reflect any updated FW images. */
+ ret = EFI_CALL(efi_esrt_populate());
+ if (ret != EFI_SUCCESS)
+ log_warning("EFI Capsule: failed to update ESRT\n");
+ }
+
return EFI_EXIT(ret);
}
diff --git a/lib/efi_loader/efi_esrt.c b/lib/efi_loader/efi_esrt.c
new file mode 100644
index 0000000000..d31963ad6e
--- /dev/null
+++ b/lib/efi_loader/efi_esrt.c
@@ -0,0 +1,518 @@
+// SPDX-License-Identifier: GPL-2.0-only
+/*
+ * EFI application ESRT tables support
+ *
+ * Copyright (C) 2021 Arm Ltd.
+ */
+
+#include <common.h>
+#include <efi_loader.h>
+#include <log.h>
+#include <efi_api.h>
+#include <malloc.h>
+
+const efi_guid_t efi_esrt_guid = EFI_SYSTEM_RESOURCE_TABLE_GUID;
+
+static struct efi_system_resource_table *esrt;
+
+#define EFI_ESRT_VERSION 1
+
+/**
+ * efi_esrt_image_info_to_entry() - copy the information present in a fw image
+ * descriptor to a ESRT entry.
+ * The function ensures the ESRT entry matches the image_type_id in @img_info.
+ * In case of a mismatch we leave the entry unchanged.
+ *
+ * @img_info: the source image info descriptor
+ * @entry: pointer to the ESRT entry to be filled
+ * @desc_version: the version of the elements in img_info
+ * @image_type: the image type value to be set in the ESRT entry
+ * @flags: the capsule flags value to be set in the ESRT entry
+ *
+ * Return:
+ * - EFI_SUCCESS if the entry is correctly updated
+ * - EFI_INVALID_PARAMETER if entry does not match image_type_id in @img_info.
+ */
+static efi_status_t
+efi_esrt_image_info_to_entry(struct efi_firmware_image_descriptor *img_info,
+ struct efi_system_resource_entry *entry,
+ u32 desc_version, u32 image_type, u32 flags)
+{
+ if (guidcmp(&entry->fw_class, &img_info->image_type_id)) {
+ EFI_PRINT("ESRT entry %pUL mismatches img_type_id %pUL\n",
+ &entry->fw_class, &img_info->image_type_id);
+ return EFI_INVALID_PARAMETER;
+ }
+
+ entry->fw_version = img_info->version;
+
+ entry->fw_type = image_type;
+ entry->capsule_flags = flags;
+
+ /*
+ * The field lowest_supported_image_version is only present
+ * on image info structure of version 2 or greater.
+ * See the EFI_FIRMWARE_IMAGE_DESCRIPTOR definition in UEFI.
+ */
+ if (desc_version >= 2)
+ entry->lowest_supported_fw_version =
+ img_info->lowest_supported_image_version;
+ else
+ entry->lowest_supported_fw_version = 0;
+
+ /*
+ * The fields last_attempt_version and last_attempt_status
+ * are only present on image info structure of version 3 or
+ * greater.
+ * See the EFI_FIRMWARE_IMAGE_DESCRIPTOR definition in UEFI.
+ */
+ if (desc_version >= 3) {
+ entry->last_attempt_version =
+ img_info->last_attempt_version;
+
+ entry->last_attempt_status =
+ img_info->last_attempt_status;
+ } else {
+ entry->last_attempt_version = 0;
+ entry->last_attempt_status = LAST_ATTEMPT_STATUS_SUCCESS;
+ }
+
+ return EFI_SUCCESS;
+}
+
+/**
+ * efi_esrt_entries_to_size() - Obtain the bytes used by an ESRT
+ * datastructure with @num_entries.
+ *
+ * @num_entries: the number of entries in the ESRT.
+ *
+ * Return: the number of bytes an ESRT with @num_entries occupies in memory.
+ */
+static
+inline u32 efi_esrt_entries_to_size(u32 num_entries)
+{
+ u32 esrt_size = sizeof(struct efi_system_resource_table) +
+ num_entries * sizeof(struct efi_system_resource_entry);
+
+ return esrt_size;
+}
+
+/**
+ * efi_esrt_allocate_install() - Allocates @num_entries for the ESRT and
+ * performs basic ESRT initialization.
+ *
+ * @bt: pointer to the boottime services structure.
+ * @num_entries: the number of entries that the ESRT will hold.
+ *
+ * Return:
+ * - pointer to the ESRT if successful.
+ * - NULL otherwise.
+ */
+static
+efi_status_t efi_esrt_allocate_install(struct efi_boot_services *bt,
+ u32 num_entries)
+{
+ efi_status_t ret;
+ struct efi_system_resource_table *new_esrt;
+ u32 size = efi_esrt_entries_to_size(num_entries);
+ efi_guid_t esrt_guid = efi_esrt_guid;
+
+ /* Reserve num_pages for ESRT */
+ ret = bt->allocate_pool(EFI_BOOT_SERVICES_DATA, size,
+ (void **)&new_esrt);
+
+ if (ret != EFI_SUCCESS) {
+ EFI_PRINT("ESRT cannot allocate memory for %d entries (%d bytes)\n",
+ num_entries, efi_esrt_entries_to_size(num_entries));
+
+ return ret;
+ }
+
+ new_esrt->fw_resource_count_max = num_entries;
+ new_esrt->fw_resource_count = 0;
+ new_esrt->fw_resource_version = EFI_ESRT_VERSION;
+
+ /* Install the ESRT in the system configuration table. */
+ ret = bt->install_configuration_table(&esrt_guid, (void *)new_esrt);
+ if (ret != EFI_SUCCESS) {
+ EFI_PRINT("ESRT failed to install the ESRT in the system table\n");
+ return ret;
+ }
+
+ /* If there was a previous ESRT, deallocate its memory now. */
+ if (esrt)
+ ret = bt->free_pool(esrt);
+
+ esrt = new_esrt;
+
+ return EFI_SUCCESS;
+}
+
+/**
+ * esrt_find_entry() - Obtain the ESRT entry for the image with GUID
+ * @img_fw_class.
+ *
+ * If the img_fw_class is not yet present in the ESRT, this function
+ * reserves the tail element of the current ESRT as the entry for that fw_class.
+ * The number of elements in the ESRT is updated in that case.
+ *
+ * @img_fw_class: the GUID of the FW image which ESRT entry we want to obtain.
+ *
+ * Return:
+ * - A pointer to the ESRT entry for the image with GUID img_fw_class,
+ * - NULL if:
+ * - there is no more space in the ESRT,
+ * - ESRT is not initialized,
+ */
+static
+struct efi_system_resource_entry *esrt_find_entry(efi_guid_t *img_fw_class)
+{
+ u32 filled_entries;
+ u32 max_entries;
+ struct efi_system_resource_entry *entry;
+
+ if (!esrt) {
+ EFI_PRINT("ESRT access before initialized\n");
+ return NULL;
+ }
+
+ filled_entries = esrt->fw_resource_count;
+ entry = esrt->entries;
+
+ /* Check if the image with img_fw_class is already in the ESRT. */
+ for (u32 idx = 0; idx < filled_entries; idx++) {
+ if (!guidcmp(&entry[idx].fw_class, img_fw_class)) {
+ EFI_PRINT("ESRT found entry for image %pUl@index %d\n",
+ img_fw_class, idx);
+ return &entry[idx];
+ }
+ }
+
+ max_entries = esrt->fw_resource_count_max;
+ /*
+ * Since the image with img_fw_class is not present in the ESRT, check
+ * if ESRT is full before appending the new entry to it.
+ */
+ if (filled_entries == max_entries) {
+ EFI_PRINT("ESRT full, this should not happen\n");
+ return NULL;
+ }
+
+ /*
+ * This is a new entry for a fw image, increment the element
+ * number in the table and set the fw_class field.
+ */
+ esrt->fw_resource_count++;
+ entry[filled_entries].fw_class = *img_fw_class;
+ EFI_PRINT("ESRT allocated new entry for image %pUl at index %d\n",
+ img_fw_class, filled_entries);
+
+ return &entry[filled_entries];
+}
+
+/**
+ * efi_esrt_add_from_fmp() - Populates a sequence of ESRT entries from the FW
+ * images in the FMP.
+ *
+ * @bt : pointer to the boottime services structure.
+ * @fmp: the FMP instance from which FW images are added to the ESRT
+ *
+ * Return:
+ * - EFI_SUCCESS if all the FW images in the FMP are added to the ESRT
+ * - Error status otherwise
+ */
+static
+efi_status_t efi_esrt_add_from_fmp(struct efi_boot_services *bt,
+ struct efi_firmware_management_protocol *fmp)
+{
+ struct efi_system_resource_entry *entry = NULL;
+ size_t info_size = 0;
+ struct efi_firmware_image_descriptor *img_info = NULL;
+ u32 desc_version;
+ u8 desc_count;
+ size_t desc_size;
+ u32 package_version;
+ u16 *package_version_name;
+ efi_status_t ret = EFI_SUCCESS;
+
+ /*
+ * TODO: set the field image_type depending on the FW image type
+ * defined in a platform basis.
+ */
+ u32 image_type = ESRT_FW_TYPE_UNKNOWN;
+
+ /* TODO: set the capsule flags as a function of the FW image type. */
+ u32 flags = 0;
+
+ ret = fmp->get_image_info(fmp, &info_size, img_info,
+ &desc_version, &desc_count,
+ &desc_size, NULL, NULL);
+
+ if (ret != EFI_BUFFER_TOO_SMALL) {
+ /*
+ * An input of info_size=0 should always lead
+ * fmp->get_image_info to return BUFFER_TO_SMALL.
+ */
+ EFI_PRINT("Erroneous FMP implementation\n");
+ return EFI_INVALID_PARAMETER;
+ }
+
+ ret = bt->allocate_pool(EFI_BOOT_SERVICES_DATA, info_size,
+ (void **)&img_info);
+ if (ret != EFI_SUCCESS) {
+ EFI_PRINT("ESRT failed to allocate memory for image info.\n");
+ return ret;
+ }
+
+ ret = fmp->get_image_info(fmp, &info_size, img_info,
+ &desc_version, &desc_count,
+ &desc_size, &package_version, &package_version_name);
+ if (ret != EFI_SUCCESS) {
+ EFI_PRINT("ESRT failed to obtain the FMP image info\n");
+ goto out;
+ }
+
+ /*
+ * Iterate over all the FW images in the FMP.
+ */
+ for (u32 desc_idx = 0; desc_idx < desc_count; desc_idx++) {
+ struct efi_firmware_image_descriptor *cur_img_info =
+ (struct efi_firmware_image_descriptor *)
+ ((uintptr_t)img_info + desc_idx * desc_size);
+
+ /*
+ * Obtain the ESRT entry for the FW image with fw_class
+ * equal to cur_img_info->image_type_id.
+ */
+ entry = esrt_find_entry(&cur_img_info->image_type_id);
+
+ if (entry) {
+ ret = efi_esrt_image_info_to_entry(cur_img_info, entry,
+ desc_version,
+ image_type, flags);
+ if (ret != EFI_SUCCESS)
+ EFI_PRINT("ESRT entry mismatches image_type\n");
+
+ } else {
+ EFI_PRINT("ESRT failed to add entry for %pUl\n",
+ &cur_img_info->image_type_id);
+ continue;
+ }
+ }
+
+out:
+ bt->free_pool(img_info);
+ return EFI_SUCCESS;
+}
+
+/**
+ * efi_esrt_populate() - Populates the ESRT entries from the FMP instances
+ * present in the system.
+ * If an ESRT already exists, the old ESRT is replaced in the system table.
+ * The memory of the old ESRT is deallocated.
+ *
+ * Return:
+ * - EFI_SUCCESS if the ESRT is correctly created
+ * - error code otherwise.
+ */
+efi_status_t efi_esrt_populate(void)
+{
+ efi_handle_t *base_handle = NULL;
+ efi_handle_t *it_handle;
+ size_t no_handles = 0;
+ struct efi_firmware_management_protocol *fmp;
+ efi_status_t ret;
+ u32 num_entries = 0;
+ struct efi_boot_services *bt = systab.boottime;
+
+ if (!bt) {
+ EFI_PRINT("ESRT cannot obtain pointer to BS\n");
+ return EFI_NOT_READY;
+ }
+
+ /*
+ * Obtain the number of registered FMP handles.
+ */
+ ret = bt->locate_handle_buffer(BY_PROTOCOL,
+ &efi_guid_firmware_management_protocol,
+ NULL, &no_handles,
+ (efi_handle_t **)&base_handle);
+
+ if (ret != EFI_SUCCESS) {
+ EFI_PRINT("ESRT There are no FMP instances\n");
+
+ ret = efi_esrt_allocate_install(bt, 0);
+ if (ret != EFI_SUCCESS) {
+ EFI_PRINT("ESRT failed to create table with 0 entries\n");
+ return ret;
+ }
+ return EFI_SUCCESS;
+ }
+
+ EFI_PRINT("ESRT populate esrt from (%ld) available FMP handles\n",
+ no_handles);
+
+ /*
+ * Iterate over all FMPs to determine an upper bound on the number of
+ * ESRT entries.
+ */
+ it_handle = base_handle;
+ for (u32 idx = 0; idx < no_handles; idx++, it_handle++) {
+ struct efi_firmware_image_descriptor *img_info = NULL;
+ size_t info_size = 0;
+ u32 desc_version = 0;
+ u8 desc_count = 0;
+ size_t desc_size = 0;
+ u32 package_version;
+ u16 *package_version_name;
+
+ ret = bt->handle_protocol(*it_handle,
+ &efi_guid_firmware_management_protocol,
+ (void **)&fmp);
+
+ if (ret != EFI_SUCCESS) {
+ EFI_PRINT("ESRT Unable to find FMP handle (%d)\n",
+ idx);
+ goto out;
+ }
+
+ ret = fmp->get_image_info(fmp, &info_size, NULL,
+ &desc_version, &desc_count,
+ &desc_size, &package_version, &package_version_name);
+
+ if (ret != EFI_BUFFER_TOO_SMALL) {
+ /*
+ * An input of info_size=0 should always lead
+ * fmp->get_image_info to return BUFFER_TO_SMALL.
+ */
+ EFI_PRINT("ESRT erroneous FMP implementation\n");
+ ret = EFI_INVALID_PARAMETER;
+ goto out;
+ }
+
+ ret = bt->allocate_pool(EFI_BOOT_SERVICES_DATA, info_size,
+ (void **)&img_info);
+ if (ret != EFI_SUCCESS) {
+ EFI_PRINT("ESRT failed to allocate memory for image info\n");
+ goto out;
+ }
+
+ /*
+ * Calls to a FMP get_image_info method do not return the
+ * desc_count value if the return status differs from EFI_SUCCESS.
+ * We need to repeat the call to get_image_info with a properly
+ * sized buffer in order to obtain the real number of images
+ * handled by the FMP.
+ */
+ ret = fmp->get_image_info(fmp, &info_size, img_info,
+ &desc_version, &desc_count,
+ &desc_size, &package_version, &package_version_name);
+
+ if (ret != EFI_SUCCESS) {
+ EFI_PRINT("ESRT failed to obtain image info from FMP\n");
+ bt->free_pool(img_info);
+ goto out;
+ }
+
+ num_entries += desc_count;
+
+ bt->free_pool(img_info);
+ }
+
+ EFI_PRINT("ESRT create table with %d entries\n", num_entries);
+ /*
+ * Allocate an ESRT with the sufficient number of entries to accommodate
+ * all the FMPs in the system.
+ */
+ ret = efi_esrt_allocate_install(bt, num_entries);
+ if (ret != EFI_SUCCESS) {
+ EFI_PRINT("ESRT failed to initialize table\n");
+ goto out;
+ }
+
+ /*
+ * Populate the ESRT entries with all existing FMP.
+ */
+ it_handle = base_handle;
+ for (u32 idx = 0; idx < no_handles; idx++, it_handle++) {
+ ret = bt->handle_protocol(*it_handle,
+ &efi_guid_firmware_management_protocol,
+ (void **)&fmp);
+
+ if (ret != EFI_SUCCESS) {
+ EFI_PRINT("ESRT unable to find FMP handle (%d)\n",
+ idx);
+ break;
+ }
+
+ ret = efi_esrt_add_from_fmp(bt, fmp);
+ if (ret != EFI_SUCCESS)
+ EFI_PRINT("ESRT failed to add FMP to the table\n");
+ }
+
+out:
+
+ bt->free_pool(base_handle);
+
+ return ret;
+}
+
+/**
+ * efi_esrt_new_fmp_notify() - Callback for the EVT_NOTIFY_SIGNAL event raised
+ * when a new FMP protocol instance is registered in the system.
+ */
+static void EFIAPI efi_esrt_new_fmp_notify(struct efi_event *event,
+ void *context)
+{
+ efi_status_t ret;
+
+ ret = efi_esrt_populate();
+ if (ret != EFI_SUCCESS) {
+ EFI_PRINT("ESRT failed to populate ESRT entry\n");
+ return;
+ }
+}
+
+/**
+ * efi_esrt_register() - Install the ESRT system table.
+ *
+ * Return: status code
+ */
+efi_status_t efi_esrt_register(void)
+{
+ struct efi_boot_services *bt = systab.boottime;
+ struct efi_event *ev = NULL;
+ void *registration;
+ efi_status_t ret;
+
+ if (!bt) {
+ EFI_PRINT("ESRT cannot obtain pointer to BS\n");
+ return EFI_NOT_READY;
+ }
+
+ EFI_PRINT("ESRT creation start\n");
+
+ ret = efi_esrt_populate();
+ if (ret != EFI_SUCCESS) {
+ EFI_PRINT("ESRT failed to initiate the table\n");
+ return ret;
+ }
+
+ ret = bt->create_event(EVT_NOTIFY_SIGNAL, TPL_CALLBACK,
+ efi_esrt_new_fmp_notify, NULL, &ev);
+ if (ret != EFI_SUCCESS) {
+ EFI_PRINT("ESRT failed to create event\n");
+ return ret;
+ }
+
+ ret = bt->register_protocol_notify(&efi_guid_firmware_management_protocol,
+ ev, ®istration);
+ if (ret != EFI_SUCCESS) {
+ EFI_PRINT("ESRT failed to register FMP callback\n");
+ return ret;
+ }
+
+ EFI_PRINT("ESRT table created\n");
+
+ return ret;
+}
diff --git a/lib/efi_loader/efi_setup.c b/lib/efi_loader/efi_setup.c
index b1c5125032..3c5cf9a435 100644
--- a/lib/efi_loader/efi_setup.c
+++ b/lib/efi_loader/efi_setup.c
@@ -227,6 +227,12 @@ efi_status_t efi_init_obj_list(void)
if (ret != EFI_SUCCESS)
goto out;
+ if (IS_ENABLED(CONFIG_EFI_ESRT)) {
+ ret = efi_esrt_register();
+ if (ret != EFI_SUCCESS)
+ goto out;
+ }
+
if (IS_ENABLED(CONFIG_EFI_TCG2_PROTOCOL)) {
ret = efi_tcg2_register();
if (ret != EFI_SUCCESS)
--
2.17.1
^ permalink raw reply related [flat|nested] 8+ messages in thread
* [PATCH 2/2 v4] efi: ESRT creation tests
2021-02-23 16:49 [PATCH 0/2 v4] Add ESRT and test ESRT creation Jose Marinho
2021-02-23 16:50 ` [PATCH 1/2 v4] efi: Add ESRT to the EFI system table Jose Marinho
@ 2021-02-23 16:50 ` Jose Marinho
2021-02-26 13:55 ` Heinrich Schuchardt
1 sibling, 1 reply; 8+ messages in thread
From: Jose Marinho @ 2021-02-23 16:50 UTC (permalink / raw)
To: u-boot
This commmit exercises the ESRT creation -- introduced in the previous
commit -- in two tests.
test 1:
A fake FMP, with TEST_ESRT_NUM_ENTRIES FW images, is installed in the
system leading to the corresponding ESRT entries being populated.
The ESRT entries are checked against the datastructure used to
initialize the FMP.
test 1 invocation:
make sandbox_capsule_defconfig all
./u-boot -d arch/sandbox/dts/test.dtb
ut lib
test 2:
The test is part of test_efi_capsule_fw3.
In order to run the test the following must be added to
sandbox_defconfig:
+CONFIG_CMD_SF=y
+CONFIG_CMD_MEMORY=y
+CONFIG_CMD_FAT=y
+CONFIG_DFU=y
The ESRT is printed in the u-boot shell by calling efidebug esrt.
The test ensures that, after the capsule is installed, the ESRT
contains entries with the GUIDs:
- EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID;
- EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID;
test 2 invocation:
sudo ./test/py/test.py --bd sandbox -k capsule_fw3 -l --build
Signed-off-by: Jose Marinho <jose.marinho@arm.com>
CC: Heinrich Schuchardt <xypron.glpk@gmx.de>
CC: Sughosh Ganu <sughosh.ganu@linaro.org>
CC: AKASHI Takahiro <takahiro.akashi@linaro.org>
CC: Ilias Apalodimas <ilias.apalodimas@linaro.org>
CC: Andre Przywara <andre.przywara@arm.com>
CC: Alexander Graf <agraf@csgraf.de>
CC: nd at arm.com
---
cmd/efidebug.c | 64 ++++++
test/lib/Makefile | 1 +
test/lib/efi_esrt.c | 191 ++++++++++++++++++
.../test_efi_capsule/test_capsule_firmware.py | 4 +
4 files changed, 260 insertions(+)
create mode 100644 test/lib/efi_esrt.c
diff --git a/cmd/efidebug.c b/cmd/efidebug.c
index a7dace2f80..5a9ff2bd9a 100644
--- a/cmd/efidebug.c
+++ b/cmd/efidebug.c
@@ -129,6 +129,61 @@ static int do_efi_capsule_show(struct cmd_tbl *cmdtp, int flag,
return CMD_RET_SUCCESS;
}
+#ifdef CONFIG_EFI_ESRT
+/**
+ * do_efi_capsule_esrt() - manage UEFI capsules
+ *
+ * @cmdtp: Command table
+ * @flag: Command flag
+ * @argc: Number of arguments
+ * @argv: Argument array
+ * Return: CMD_RET_SUCCESS on success,
+ * CMD_RET_USAGE or CMD_RET_RET_FAILURE on failure
+ *
+ * Implement efidebug "capsule esrt" sub-command.
+ * The prints the current ESRT table.
+ *
+ * efidebug capsule esrt
+ */
+static int do_efi_capsule_esrt(struct cmd_tbl *cmdtp, int flag,
+ int argc, char * const argv[])
+{
+ struct efi_system_resource_table *esrt = NULL;
+
+ if (argc != 1)
+ return CMD_RET_USAGE;
+
+ for (int idx = 0; idx < systab.nr_tables; idx++)
+ if (!guidcmp(&efi_esrt_guid, &systab.tables[idx].guid))
+ esrt = (struct efi_system_resource_table *)systab.tables[idx].table;
+
+ if (!esrt)
+ return CMD_RET_FAILURE;
+
+ printf("========================================\n");
+ printf("ESRT: fw_resource_count=%d\n", esrt->fw_resource_count);
+ printf("ESRT: fw_resource_count_max=%d\n", esrt->fw_resource_count_max);
+ printf("ESRT: fw_resource_version=%lld\n", esrt->fw_resource_version);
+
+ for (int idx = 0; idx < esrt->fw_resource_count; idx++) {
+ printf("[entry %d]==============================\n", idx);
+ printf("ESRT: fw_class=%pUL\n", &esrt->entries[idx].fw_class);
+ printf("ESRT: fw_type=%d\n", esrt->entries[idx].fw_type);
+ printf("ESRT: fw_version=%d\n", esrt->entries[idx].fw_version);
+ printf("ESRT: lowest_supported_fw_version=%d\n",
+ esrt->entries[idx].lowest_supported_fw_version);
+ printf("ESRT: capsule_flags=%d\n",
+ esrt->entries[idx].capsule_flags);
+ printf("ESRT: last_attempt_version=%d\n",
+ esrt->entries[idx].last_attempt_version);
+ printf("ESRT: last_attempt_status=%d\n",
+ esrt->entries[idx].last_attempt_status);
+ }
+ printf("========================================\n");
+
+ return CMD_RET_SUCCESS;
+}
+#endif /* CONFIG_EFI_ESRT */
/**
* do_efi_capsule_res() - show a capsule update result
*
@@ -221,6 +276,10 @@ static struct cmd_tbl cmd_efidebug_capsule_sub[] = {
"", ""),
U_BOOT_CMD_MKENT(show, CONFIG_SYS_MAXARGS, 1, do_efi_capsule_show,
"", ""),
+#ifdef CONFIG_EFI_ESRT
+ U_BOOT_CMD_MKENT(esrt, CONFIG_SYS_MAXARGS, 1, do_efi_capsule_esrt,
+ "", ""),
+#endif
U_BOOT_CMD_MKENT(disk-update, 0, 0, do_efi_capsule_on_disk_update,
"", ""),
U_BOOT_CMD_MKENT(result, CONFIG_SYS_MAXARGS, 1, do_efi_capsule_res,
@@ -256,6 +315,7 @@ static int do_efi_capsule(struct cmd_tbl *cmdtp, int flag,
return cp->cmd(cmdtp, flag, argc, argv);
}
+
#endif /* CONFIG_EFI_HAVE_CAPSULE_SUPPORT */
/**
@@ -1580,6 +1640,10 @@ static char efidebug_help_text[] =
" - show capsule information\n"
"efidebug capsule result [<capsule result var>]\n"
" - show a capsule update result\n"
+#ifdef CONFIG_EFI_ESRT
+ "efidebug capsule esrt\n"
+ " - print the ESRT\n"
+#endif
"\n"
#endif
"efidebug devices\n"
diff --git a/test/lib/Makefile b/test/lib/Makefile
index 97c11e35a8..aeb8c13eb0 100644
--- a/test/lib/Makefile
+++ b/test/lib/Makefile
@@ -15,3 +15,4 @@ obj-$(CONFIG_UT_LIB_ASN1) += asn1.o
obj-$(CONFIG_UT_LIB_RSA) += rsa.o
obj-$(CONFIG_AES) += test_aes.o
obj-$(CONFIG_GETOPT) += getopt.o
+obj-$(CONFIG_EFI_ESRT) += efi_esrt.o
diff --git a/test/lib/efi_esrt.c b/test/lib/efi_esrt.c
new file mode 100644
index 0000000000..e8cfe671e2
--- /dev/null
+++ b/test/lib/efi_esrt.c
@@ -0,0 +1,191 @@
+// SPDX-License-Identifier: GPL-2.0-only
+/*
+ * Test ESRT tables support
+ *
+ * Copyright (C) 2021 Arm Ltd.
+ */
+#include <common.h>
+#include <efi_loader.h>
+#include <net.h>
+#include <test/lib.h>
+#include <test/test.h>
+#include <test/ut.h>
+
+#define TEST_ESRT_NUM_ENTRIES 255
+
+#if 0x100 < TEST_ESRT_NUM_ENTRIES
+#error TEST_ESRT_NUM_ENTRIES must be lower or equal to 255.
+#endif
+
+static
+struct efi_firmware_image_descriptor static_img_info[TEST_ESRT_NUM_ENTRIES];
+
+static void efi_test_esrt_init_info(void)
+{
+ for (int idx = 0; idx < TEST_ESRT_NUM_ENTRIES; idx++) {
+ static_img_info[idx].image_index = 1;
+
+ // Note: the 16 byte value present in
+ // static_img_info[idx].image_type_id is not strictly a GUID.
+ // The value is used for the sake of code testing.
+ static_img_info[idx].image_type_id.b[0] = idx;
+
+ static_img_info[idx].image_id = 0;
+ static_img_info[idx].image_id_name = NULL;
+ static_img_info[idx].version = 0;
+ static_img_info[idx].version_name = NULL;
+ static_img_info[idx].size = 0;
+ static_img_info[idx].lowest_supported_image_version = 1;
+ static_img_info[idx].last_attempt_version = 2;
+ static_img_info[idx].last_attempt_status = 3;
+ static_img_info[idx].hardware_instance = 1;
+ }
+}
+
+static efi_status_t
+EFIAPI efi_test_fmp_get_image_info(struct efi_firmware_management_protocol *this,
+ efi_uintn_t *image_info_size,
+ struct efi_firmware_image_descriptor *image_info,
+ u32 *descriptor_version,
+ u8 *descriptor_count,
+ efi_uintn_t *descriptor_size,
+ u32 *package_version,
+ u16 **package_version_name)
+{
+ efi_status_t ret = EFI_SUCCESS;
+
+ if (!image_info_size)
+ return EFI_INVALID_PARAMETER;
+
+ if (descriptor_version)
+ *descriptor_version = EFI_FIRMWARE_IMAGE_DESCRIPTOR_VERSION;
+ if (descriptor_count)
+ *descriptor_count = TEST_ESRT_NUM_ENTRIES;
+ if (descriptor_size)
+ *descriptor_size = sizeof(*image_info);
+ if (package_version)
+ *package_version = 0xffffffff;
+ if (package_version_name)
+ *package_version_name = NULL;
+
+ if (*image_info_size < sizeof(*image_info)) {
+ *image_info_size = *descriptor_size * *descriptor_count;
+ return EFI_BUFFER_TOO_SMALL;
+ }
+
+ for (int idx = 0; idx < TEST_ESRT_NUM_ENTRIES; idx++)
+ image_info[idx] = static_img_info[idx];
+
+ return ret;
+}
+
+struct efi_firmware_management_protocol efi_test_fmp = {
+ .get_image_info = efi_test_fmp_get_image_info,
+ .get_image = NULL,
+ .set_image = NULL,
+ .check_image = NULL,
+ .get_package_info = NULL,
+ .set_package_info = NULL,
+};
+
+static void *lib_test_get_esrt(void)
+{
+ for (int idx = 0; idx < systab.nr_tables; idx++)
+ if (!guidcmp(&efi_esrt_guid, &systab.tables[idx].guid))
+ return systab.tables[idx].table;
+
+ return NULL;
+}
+
+static bool lib_test_check_uuid_entry(struct efi_system_resource_table *esrt,
+ struct efi_firmware_image_descriptor
+ *img_info)
+{
+ const u32 filled_entries = esrt->fw_resource_count;
+ struct efi_system_resource_entry *entry = esrt->entries;
+
+ for (u32 idx = 0; idx < filled_entries; idx++) {
+ if (!guidcmp(&entry[idx].fw_class, &img_info->image_type_id)) {
+ if (entry[idx].fw_version != img_info->version)
+ return false;
+
+ if (entry[idx].lowest_supported_fw_version !=
+ img_info->lowest_supported_image_version)
+ return false;
+
+ if (entry[idx].last_attempt_version !=
+ img_info->last_attempt_version)
+ return false;
+
+ if (entry[idx].last_attempt_status !=
+ img_info->last_attempt_status)
+ return false;
+
+ /*
+ * The entry with fw_class = img_uuid matches with the
+ * remainder fmp input.
+ */
+ return true;
+ }
+ }
+
+ /* There exists no entry with fw_class equal to img_uuid in the ESRT. */
+ return false;
+}
+
+int lib_test_efi_esrt(struct unit_test_state *uts)
+{
+ struct efi_system_resource_table *esrt;
+ efi_status_t ret = EFI_SUCCESS;
+ struct efi_boot_services *bt;
+
+ efi_test_esrt_init_info();
+
+ ret = efi_init_obj_list();
+
+ bt = systab.boottime;
+ ut_asserteq(ret, EFI_SUCCESS);
+
+ assert(bt);
+
+ ret = EFI_CALL(bt->install_multiple_protocol_interfaces
+ (&efi_root,
+ &efi_guid_firmware_management_protocol,
+ &efi_test_fmp,
+ NULL));
+
+ ut_asserteq(ret, EFI_SUCCESS);
+
+ esrt = lib_test_get_esrt();
+ ut_assert(esrt);
+
+ ut_asserteq(esrt->fw_resource_count, TEST_ESRT_NUM_ENTRIES);
+
+ /* Update the ESRT. */
+ ut_asserteq(efi_esrt_populate(), EFI_SUCCESS);
+ esrt = lib_test_get_esrt();
+ ut_assert(esrt);
+
+ /* Verify that the number of images remains the same. */
+ ut_asserteq(esrt->fw_resource_count, TEST_ESRT_NUM_ENTRIES);
+
+ for (u32 idx = 0; idx < TEST_ESRT_NUM_ENTRIES; idx++)
+ ut_assert(lib_test_check_uuid_entry(esrt, &static_img_info[idx]));
+
+ ret = EFI_CALL(bt->uninstall_multiple_protocol_interfaces
+ (efi_root, &efi_guid_firmware_management_protocol,
+ &efi_test_fmp, NULL));
+
+ ut_asserteq(ret, EFI_SUCCESS);
+
+ /* Update the ESRT after FMP removal. */
+ ut_asserteq(efi_esrt_populate(), EFI_SUCCESS);
+ esrt = lib_test_get_esrt();
+ ut_assert(esrt);
+
+ ut_asserteq(esrt->fw_resource_count, 0);
+
+ return ret;
+}
+
+LIB_TEST(lib_test_efi_esrt, 0);
diff --git a/test/py/tests/test_efi_capsule/test_capsule_firmware.py b/test/py/tests/test_efi_capsule/test_capsule_firmware.py
index f006fa95d6..3a7c2e1ac8 100644
--- a/test/py/tests/test_efi_capsule/test_capsule_firmware.py
+++ b/test/py/tests/test_efi_capsule/test_capsule_firmware.py
@@ -229,6 +229,10 @@ class TestEfiCapsuleFirmwareFit(object):
output = u_boot_console.run_command(
'env print -e -all Capsule0000')
+ output = u_boot_console.run_command_list(['efidebug capsule esrt'])
+ assert 'AE13FF2D-9AD4-4E25-9AC8-6D80B3B22147' in ''.join(output)
+ assert 'E2BB9C06-70E9-4B14-97A3-5A7913176E3F' in ''.join(output)
+
output = u_boot_console.run_command_list([
'host bind 0 %s' % disk_img,
'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR])
--
2.17.1
^ permalink raw reply related [flat|nested] 8+ messages in thread
* [PATCH 2/2 v4] efi: ESRT creation tests
2021-02-23 16:50 ` [PATCH 2/2 v4] efi: ESRT creation tests Jose Marinho
@ 2021-02-26 13:55 ` Heinrich Schuchardt
2021-02-26 14:17 ` Heinrich Schuchardt
2021-03-02 11:51 ` Jose Marinho
0 siblings, 2 replies; 8+ messages in thread
From: Heinrich Schuchardt @ 2021-02-26 13:55 UTC (permalink / raw)
To: u-boot
On 23.02.21 17:50, Jose Marinho wrote:
> This commmit exercises the ESRT creation -- introduced in the previous
> commit -- in two tests.
>
> test 1:
> A fake FMP, with TEST_ESRT_NUM_ENTRIES FW images, is installed in the
> system leading to the corresponding ESRT entries being populated.
> The ESRT entries are checked against the datastructure used to
> initialize the FMP.
>
> test 1 invocation:
> make sandbox_capsule_defconfig all
> ./u-boot -d arch/sandbox/dts/test.dtb
> ut lib
>
> test 2:
> The test is part of test_efi_capsule_fw3.
>
> In order to run the test the following must be added to
> sandbox_defconfig:
> +CONFIG_CMD_SF=y
> +CONFIG_CMD_MEMORY=y
> +CONFIG_CMD_FAT=y
> +CONFIG_DFU=y
>
> The ESRT is printed in the u-boot shell by calling efidebug esrt.
> The test ensures that, after the capsule is installed, the ESRT
> contains entries with the GUIDs:
> - EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID;
> - EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID;
>
> test 2 invocation:
> sudo ./test/py/test.py --bd sandbox -k capsule_fw3 -l --build
>
> Signed-off-by: Jose Marinho <jose.marinho@arm.com>
>
> CC: Heinrich Schuchardt <xypron.glpk@gmx.de>
> CC: Sughosh Ganu <sughosh.ganu@linaro.org>
> CC: AKASHI Takahiro <takahiro.akashi@linaro.org>
> CC: Ilias Apalodimas <ilias.apalodimas@linaro.org>
> CC: Andre Przywara <andre.przywara@arm.com>
> CC: Alexander Graf <agraf@csgraf.de>
> CC: nd at arm.com
>
> ---
> cmd/efidebug.c | 64 ++++++
> test/lib/Makefile | 1 +
> test/lib/efi_esrt.c | 191 ++++++++++++++++++
> .../test_efi_capsule/test_capsule_firmware.py | 4 +
> 4 files changed, 260 insertions(+)
> create mode 100644 test/lib/efi_esrt.c
>
> diff --git a/cmd/efidebug.c b/cmd/efidebug.c
> index a7dace2f80..5a9ff2bd9a 100644
> --- a/cmd/efidebug.c
> +++ b/cmd/efidebug.c
> @@ -129,6 +129,61 @@ static int do_efi_capsule_show(struct cmd_tbl *cmdtp, int flag,
> return CMD_RET_SUCCESS;
> }
>
> +#ifdef CONFIG_EFI_ESRT
> +/**
> + * do_efi_capsule_esrt() - manage UEFI capsules
> + *
> + * @cmdtp: Command table
> + * @flag: Command flag
> + * @argc: Number of arguments
> + * @argv: Argument array
> + * Return: CMD_RET_SUCCESS on success,
> + * CMD_RET_USAGE or CMD_RET_RET_FAILURE on failure
> + *
> + * Implement efidebug "capsule esrt" sub-command.
> + * The prints the current ESRT table.
> + *
> + * efidebug capsule esrt
> + */
> +static int do_efi_capsule_esrt(struct cmd_tbl *cmdtp, int flag,
> + int argc, char * const argv[])
> +{
> + struct efi_system_resource_table *esrt = NULL;
> +
> + if (argc != 1)
> + return CMD_RET_USAGE;
> +
> + for (int idx = 0; idx < systab.nr_tables; idx++)
> + if (!guidcmp(&efi_esrt_guid, &systab.tables[idx].guid))
> + esrt = (struct efi_system_resource_table *)systab.tables[idx].table;
> +
> + if (!esrt)
> + return CMD_RET_FAILURE;
> +
> + printf("========================================\n");
> + printf("ESRT: fw_resource_count=%d\n", esrt->fw_resource_count);
> + printf("ESRT: fw_resource_count_max=%d\n", esrt->fw_resource_count_max);
> + printf("ESRT: fw_resource_version=%lld\n", esrt->fw_resource_version);
> +
> + for (int idx = 0; idx < esrt->fw_resource_count; idx++) {
> + printf("[entry %d]==============================\n", idx);
> + printf("ESRT: fw_class=%pUL\n", &esrt->entries[idx].fw_class);
> + printf("ESRT: fw_type=%d\n", esrt->entries[idx].fw_type);
> + printf("ESRT: fw_version=%d\n", esrt->entries[idx].fw_version);
> + printf("ESRT: lowest_supported_fw_version=%d\n",
> + esrt->entries[idx].lowest_supported_fw_version);
> + printf("ESRT: capsule_flags=%d\n",
> + esrt->entries[idx].capsule_flags);
> + printf("ESRT: last_attempt_version=%d\n",
> + esrt->entries[idx].last_attempt_version);
> + printf("ESRT: last_attempt_status=%d\n",
> + esrt->entries[idx].last_attempt_status);
> + }
> + printf("========================================\n");
> +
> + return CMD_RET_SUCCESS;
With which configuration do we see any entry in the list?
I only got:
=> efidebug capsule esrt
========================================
ESRT: fw_resource_count=0
ESRT: fw_resource_count_max=0
ESRT: fw_resource_version=1
========================================
=>
with
CONFIG_EFI_HAVE_CAPSULE_SUPPORT=y
CONFIG_EFI_RUNTIME_UPDATE_CAPSULE=y
CONFIG_EFI_CAPSULE_ON_DISK=y
# CONFIG_EFI_CAPSULE_ON_DISK_EARLY is not set
CONFIG_EFI_CAPSULE_FIRMWARE=y
CONFIG_EFI_CAPSULE_FIRMWARE_MANAGEMENT=y
# CONFIG_EFI_CAPSULE_AUTHENTICATE is not set
CONFIG_EFI_CAPSULE_FIRMWARE_FIT=y
CONFIG_EFI_CAPSULE_FIRMWARE_RAW=y
efidebug dh does not show any FMP protocol installed:
=> efidebug dh
Handle Protocols
================ ====================
000000007eef19c0 Device Path, Device Path To Text, Device Path
Utilities, Device-Tree Fixup, Unicode Collation 2, HII String, HII
Database, Random Number Generator
000000007eef1bb0 Simple Text Output
000000007eef1c20 Simple Text Input, Simple Text Input Ex
000000007eef1f60 Device Path, Block IO
000000007eef2130 Device Path, Block IO, System Partition, Simple File System
000000007eef2f10 Driver Binding
000000007eef4050 Simple Network, Device Path, PXE Base Code
> +}
> +#endif /* CONFIG_EFI_ESRT */
> /**
> * do_efi_capsule_res() - show a capsule update result
> *
> @@ -221,6 +276,10 @@ static struct cmd_tbl cmd_efidebug_capsule_sub[] = {
> "", ""),
> U_BOOT_CMD_MKENT(show, CONFIG_SYS_MAXARGS, 1, do_efi_capsule_show,
> "", ""),
> +#ifdef CONFIG_EFI_ESRT
> + U_BOOT_CMD_MKENT(esrt, CONFIG_SYS_MAXARGS, 1, do_efi_capsule_esrt,
> + "", ""),
> +#endif
> U_BOOT_CMD_MKENT(disk-update, 0, 0, do_efi_capsule_on_disk_update,
> "", ""),
> U_BOOT_CMD_MKENT(result, CONFIG_SYS_MAXARGS, 1, do_efi_capsule_res,
> @@ -256,6 +315,7 @@ static int do_efi_capsule(struct cmd_tbl *cmdtp, int flag,
>
> return cp->cmd(cmdtp, flag, argc, argv);
> }
> +
> #endif /* CONFIG_EFI_HAVE_CAPSULE_SUPPORT */
>
> /**
> @@ -1580,6 +1640,10 @@ static char efidebug_help_text[] =
> " - show capsule information\n"
> "efidebug capsule result [<capsule result var>]\n"
> " - show a capsule update result\n"
> +#ifdef CONFIG_EFI_ESRT
> + "efidebug capsule esrt\n"
> + " - print the ESRT\n"
> +#endif
> "\n"
> #endif
> "efidebug devices\n"
The efidebug capsule esrt command is should be in a separate patch at is
useful outside of testing.
> diff --git a/test/lib/Makefile b/test/lib/Makefile
> index 97c11e35a8..aeb8c13eb0 100644
> --- a/test/lib/Makefile
> +++ b/test/lib/Makefile
> @@ -15,3 +15,4 @@ obj-$(CONFIG_UT_LIB_ASN1) += asn1.o
> obj-$(CONFIG_UT_LIB_RSA) += rsa.o
> obj-$(CONFIG_AES) += test_aes.o
> obj-$(CONFIG_GETOPT) += getopt.o
> +obj-$(CONFIG_EFI_ESRT) += efi_esrt.o
> diff --git a/test/lib/efi_esrt.c b/test/lib/efi_esrt.c
> new file mode 100644
> index 0000000000..e8cfe671e2
> --- /dev/null
> +++ b/test/lib/efi_esrt.c
> @@ -0,0 +1,191 @@
> +// SPDX-License-Identifier: GPL-2.0-only
> +/*
> + * Test ESRT tables support
> + *
> + * Copyright (C) 2021 Arm Ltd.
> + */
> +#include <common.h>
> +#include <efi_loader.h>
> +#include <net.h>
> +#include <test/lib.h>
> +#include <test/test.h>
> +#include <test/ut.h>
> +
> +#define TEST_ESRT_NUM_ENTRIES 255
> +
> +#if 0x100 < TEST_ESRT_NUM_ENTRIES
> +#error TEST_ESRT_NUM_ENTRIES must be lower or equal to 255.
> +#endif
A comment above the #define should be enough.
What leads to the limit of 255 entries?
Have the existing FMP protocols to be in the count?
> +
> +static
> +struct efi_firmware_image_descriptor static_img_info[TEST_ESRT_NUM_ENTRIES];
> +
> +static void efi_test_esrt_init_info(void)
> +{
> + for (int idx = 0; idx < TEST_ESRT_NUM_ENTRIES; idx++) {
> + static_img_info[idx].image_index = 1;
> +
> + // Note: the 16 byte value present in
> + // static_img_info[idx].image_type_id is not strictly a GUID.
> + // The value is used for the sake of code testing.
> + static_img_info[idx].image_type_id.b[0] = idx;
> +
> + static_img_info[idx].image_id = 0;
> + static_img_info[idx].image_id_name = NULL;
> + static_img_info[idx].version = 0;
> + static_img_info[idx].version_name = NULL;
> + static_img_info[idx].size = 0;
> + static_img_info[idx].lowest_supported_image_version = 1;
> + static_img_info[idx].last_attempt_version = 2;
> + static_img_info[idx].last_attempt_status = 3;
> + static_img_info[idx].hardware_instance = 1;
> + }
> +}
> +
> +static efi_status_t
> +EFIAPI efi_test_fmp_get_image_info(struct efi_firmware_management_protocol *this,
> + efi_uintn_t *image_info_size,
> + struct efi_firmware_image_descriptor *image_info,
> + u32 *descriptor_version,
> + u8 *descriptor_count,
> + efi_uintn_t *descriptor_size,
> + u32 *package_version,
> + u16 **package_version_name)
> +{
> + efi_status_t ret = EFI_SUCCESS;
> +
> + if (!image_info_size)
> + return EFI_INVALID_PARAMETER;
> +
> + if (descriptor_version)
> + *descriptor_version = EFI_FIRMWARE_IMAGE_DESCRIPTOR_VERSION;
> + if (descriptor_count)
> + *descriptor_count = TEST_ESRT_NUM_ENTRIES;
> + if (descriptor_size)
> + *descriptor_size = sizeof(*image_info);
> + if (package_version)
> + *package_version = 0xffffffff;
> + if (package_version_name)
> + *package_version_name = NULL;
> +
> + if (*image_info_size < sizeof(*image_info)) {
> + *image_info_size = *descriptor_size * *descriptor_count;
> + return EFI_BUFFER_TOO_SMALL;
> + }
> +
> + for (int idx = 0; idx < TEST_ESRT_NUM_ENTRIES; idx++)
> + image_info[idx] = static_img_info[idx];
> +
> + return ret;
> +}
> +
> +struct efi_firmware_management_protocol efi_test_fmp = {
> + .get_image_info = efi_test_fmp_get_image_info,
> + .get_image = NULL,
> + .set_image = NULL,
> + .check_image = NULL,
> + .get_package_info = NULL,
> + .set_package_info = NULL,
> +};
> +
> +static void *lib_test_get_esrt(void)
> +{
> + for (int idx = 0; idx < systab.nr_tables; idx++)
> + if (!guidcmp(&efi_esrt_guid, &systab.tables[idx].guid))
> + return systab.tables[idx].table;
> +
> + return NULL;
> +}
> +
> +static bool lib_test_check_uuid_entry(struct efi_system_resource_table *esrt,
> + struct efi_firmware_image_descriptor
> + *img_info)
> +{
> + const u32 filled_entries = esrt->fw_resource_count;
> + struct efi_system_resource_entry *entry = esrt->entries;
> +
> + for (u32 idx = 0; idx < filled_entries; idx++) {
> + if (!guidcmp(&entry[idx].fw_class, &img_info->image_type_id)) {
> + if (entry[idx].fw_version != img_info->version)
> + return false;
> +
> + if (entry[idx].lowest_supported_fw_version !=
> + img_info->lowest_supported_image_version)
> + return false;
> +
> + if (entry[idx].last_attempt_version !=
> + img_info->last_attempt_version)
> + return false;
> +
> + if (entry[idx].last_attempt_status !=
> + img_info->last_attempt_status)
> + return false;
> +
> + /*
> + * The entry with fw_class = img_uuid matches with the
> + * remainder fmp input.
> + */
> + return true;
> + }
> + }
> +
> + /* There exists no entry with fw_class equal to img_uuid in the ESRT. */
> + return false;
> +}
> +
> +int lib_test_efi_esrt(struct unit_test_state *uts)
> +{
> + struct efi_system_resource_table *esrt;
> + efi_status_t ret = EFI_SUCCESS;
> + struct efi_boot_services *bt;
> +
> + efi_test_esrt_init_info();
> +
> + ret = efi_init_obj_list();
> +
> + bt = systab.boottime;
> + ut_asserteq(ret, EFI_SUCCESS);
> +
> + assert(bt);
> +
> + ret = EFI_CALL(bt->install_multiple_protocol_interfaces
> + (&efi_root,
> + &efi_guid_firmware_management_protocol,
> + &efi_test_fmp,
> + NULL));
> +
> + ut_asserteq(ret, EFI_SUCCESS);
> +
> + esrt = lib_test_get_esrt();
> + ut_assert(esrt);
> +
> + ut_asserteq(esrt->fw_resource_count, TEST_ESRT_NUM_ENTRIES);
> +
> + /* Update the ESRT. */
> + ut_asserteq(efi_esrt_populate(), EFI_SUCCESS);
> + esrt = lib_test_get_esrt();
> + ut_assert(esrt);
> +
> + /* Verify that the number of images remains the same. */
> + ut_asserteq(esrt->fw_resource_count, TEST_ESRT_NUM_ENTRIES);
> +
> + for (u32 idx = 0; idx < TEST_ESRT_NUM_ENTRIES; idx++)
> + ut_assert(lib_test_check_uuid_entry(esrt, &static_img_info[idx]));
> +
> + ret = EFI_CALL(bt->uninstall_multiple_protocol_interfaces
> + (efi_root, &efi_guid_firmware_management_protocol,
> + &efi_test_fmp, NULL));
> +
> + ut_asserteq(ret, EFI_SUCCESS);
> +
> + /* Update the ESRT after FMP removal. */
> + ut_asserteq(efi_esrt_populate(), EFI_SUCCESS);
> + esrt = lib_test_get_esrt();
> + ut_assert(esrt);
> +
> + ut_asserteq(esrt->fw_resource_count, 0);
> +
> + return ret;
> +}
The unit test should be implemented in lib/efi_selftest/ so that we can
run it with 'bootefi selftest'.
It is important that every protocol that you install in the setup
function is uninstalled after the test in the teardown function to avoid
affecting other tests
> +
> +LIB_TEST(lib_test_efi_esrt, 0);
> diff --git a/test/py/tests/test_efi_capsule/test_capsule_firmware.py b/test/py/tests/test_efi_capsule/test_capsule_firmware.py
> index f006fa95d6..3a7c2e1ac8 100644
> --- a/test/py/tests/test_efi_capsule/test_capsule_firmware.py
> +++ b/test/py/tests/test_efi_capsule/test_capsule_firmware.py
> @@ -229,6 +229,10 @@ class TestEfiCapsuleFirmwareFit(object):
> output = u_boot_console.run_command(
> 'env print -e -all Capsule0000')
>
> + output = u_boot_console.run_command_list(['efidebug capsule esrt'])
> + assert 'AE13FF2D-9AD4-4E25-9AC8-6D80B3B22147' in ''.join(output)
> + assert 'E2BB9C06-70E9-4B14-97A3-5A7913176E3F' in ''.join(output)
> +
> output = u_boot_console.run_command_list([
> 'host bind 0 %s' % disk_img,
> 'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR])
>
Best regards
Heinrich
^ permalink raw reply [flat|nested] 8+ messages in thread
* [PATCH 2/2 v4] efi: ESRT creation tests
2021-02-26 13:55 ` Heinrich Schuchardt
@ 2021-02-26 14:17 ` Heinrich Schuchardt
2021-03-01 1:18 ` AKASHI Takahiro
2021-03-02 11:51 ` Jose Marinho
1 sibling, 1 reply; 8+ messages in thread
From: Heinrich Schuchardt @ 2021-02-26 14:17 UTC (permalink / raw)
To: u-boot
On 26.02.21 14:55, Heinrich Schuchardt wrote:
> On 23.02.21 17:50, Jose Marinho wrote:
>> This commmit exercises the ESRT creation -- introduced in the previous
>> commit -- in two tests.
>>
>> test 1:
>> A fake FMP, with TEST_ESRT_NUM_ENTRIES FW images, is installed in the
>> system leading to the corresponding ESRT entries being populated.
>> The ESRT entries are checked against the datastructure used to
>> initialize the FMP.
>>
>> test 1 invocation:
>> make sandbox_capsule_defconfig all
>> ./u-boot -d arch/sandbox/dts/test.dtb
>> ut lib
>>
>> test 2:
>> The test is part of test_efi_capsule_fw3.
>>
>> In order to run the test the following must be added to
>> sandbox_defconfig:
>> +CONFIG_CMD_SF=y
>> +CONFIG_CMD_MEMORY=y
>> +CONFIG_CMD_FAT=y
>> +CONFIG_DFU=y
>>
>> The ESRT is printed in the u-boot shell by calling efidebug esrt.
>> The test ensures that, after the capsule is installed, the ESRT
>> contains entries with the GUIDs:
>> - EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID;
>> - EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID;
>>
>> test 2 invocation:
>> sudo ./test/py/test.py --bd sandbox -k capsule_fw3 -l --build
>>
>> Signed-off-by: Jose Marinho <jose.marinho@arm.com>
>>
>> CC: Heinrich Schuchardt <xypron.glpk@gmx.de>
>> CC: Sughosh Ganu <sughosh.ganu@linaro.org>
>> CC: AKASHI Takahiro <takahiro.akashi@linaro.org>
>> CC: Ilias Apalodimas <ilias.apalodimas@linaro.org>
>> CC: Andre Przywara <andre.przywara@arm.com>
>> CC: Alexander Graf <agraf@csgraf.de>
>> CC: nd at arm.com
>>
>> ---
>> cmd/efidebug.c | 64 ++++++
>> test/lib/Makefile | 1 +
>> test/lib/efi_esrt.c | 191 ++++++++++++++++++
>> .../test_efi_capsule/test_capsule_firmware.py | 4 +
>> 4 files changed, 260 insertions(+)
>> create mode 100644 test/lib/efi_esrt.c
>>
>> diff --git a/cmd/efidebug.c b/cmd/efidebug.c
>> index a7dace2f80..5a9ff2bd9a 100644
>> --- a/cmd/efidebug.c
>> +++ b/cmd/efidebug.c
>> @@ -129,6 +129,61 @@ static int do_efi_capsule_show(struct cmd_tbl *cmdtp, int flag,
>> return CMD_RET_SUCCESS;
>> }
>>
>> +#ifdef CONFIG_EFI_ESRT
>> +/**
>> + * do_efi_capsule_esrt() - manage UEFI capsules
>> + *
>> + * @cmdtp: Command table
>> + * @flag: Command flag
>> + * @argc: Number of arguments
>> + * @argv: Argument array
>> + * Return: CMD_RET_SUCCESS on success,
>> + * CMD_RET_USAGE or CMD_RET_RET_FAILURE on failure
>> + *
>> + * Implement efidebug "capsule esrt" sub-command.
>> + * The prints the current ESRT table.
>> + *
>> + * efidebug capsule esrt
>> + */
>> +static int do_efi_capsule_esrt(struct cmd_tbl *cmdtp, int flag,
>> + int argc, char * const argv[])
>> +{
>> + struct efi_system_resource_table *esrt = NULL;
>> +
>> + if (argc != 1)
>> + return CMD_RET_USAGE;
>> +
>> + for (int idx = 0; idx < systab.nr_tables; idx++)
>> + if (!guidcmp(&efi_esrt_guid, &systab.tables[idx].guid))
>> + esrt = (struct efi_system_resource_table *)systab.tables[idx].table;
>> +
>> + if (!esrt)
>> + return CMD_RET_FAILURE;
>> +
>> + printf("========================================\n");
>> + printf("ESRT: fw_resource_count=%d\n", esrt->fw_resource_count);
>> + printf("ESRT: fw_resource_count_max=%d\n", esrt->fw_resource_count_max);
>> + printf("ESRT: fw_resource_version=%lld\n", esrt->fw_resource_version);
>> +
>> + for (int idx = 0; idx < esrt->fw_resource_count; idx++) {
>> + printf("[entry %d]==============================\n", idx);
>> + printf("ESRT: fw_class=%pUL\n", &esrt->entries[idx].fw_class);
>> + printf("ESRT: fw_type=%d\n", esrt->entries[idx].fw_type);
>> + printf("ESRT: fw_version=%d\n", esrt->entries[idx].fw_version);
>> + printf("ESRT: lowest_supported_fw_version=%d\n",
>> + esrt->entries[idx].lowest_supported_fw_version);
>> + printf("ESRT: capsule_flags=%d\n",
>> + esrt->entries[idx].capsule_flags);
>> + printf("ESRT: last_attempt_version=%d\n",
>> + esrt->entries[idx].last_attempt_version);
>> + printf("ESRT: last_attempt_status=%d\n",
>> + esrt->entries[idx].last_attempt_status);
>> + }
>> + printf("========================================\n");
>> +
>> + return CMD_RET_SUCCESS;
>
> With which configuration do we see any entry in the list?
>
> I only got:
>
> => efidebug capsule esrt
> ========================================
> ESRT: fw_resource_count=0
> ESRT: fw_resource_count_max=0
> ESRT: fw_resource_version=1
> ========================================
> =>
>
> with
>
> CONFIG_EFI_HAVE_CAPSULE_SUPPORT=y
> CONFIG_EFI_RUNTIME_UPDATE_CAPSULE=y
> CONFIG_EFI_CAPSULE_ON_DISK=y
> # CONFIG_EFI_CAPSULE_ON_DISK_EARLY is not set
> CONFIG_EFI_CAPSULE_FIRMWARE=y
> CONFIG_EFI_CAPSULE_FIRMWARE_MANAGEMENT=y
> # CONFIG_EFI_CAPSULE_AUTHENTICATE is not set
> CONFIG_EFI_CAPSULE_FIRMWARE_FIT=y
> CONFIG_EFI_CAPSULE_FIRMWARE_RAW=y
>
> efidebug dh does not show any FMP protocol installed:
>
> => efidebug dh
> Handle Protocols
> ================ ====================
> 000000007eef19c0 Device Path, Device Path To Text, Device Path
> Utilities, Device-Tree Fixup, Unicode Collation 2, HII String, HII
> Database, Random Number Generator
> 000000007eef1bb0 Simple Text Output
> 000000007eef1c20 Simple Text Input, Simple Text Input Ex
> 000000007eef1f60 Device Path, Block IO
> 000000007eef2130 Device Path, Block IO, System Partition, Simple File System
> 000000007eef2f10 Driver Binding
> 000000007eef4050 Simple Network, Device Path, PXE Base Code
@Sughosh, Takahiro
If EFI_OS_INDICATIONS_FILE_CAPSULE_DELIVERY_SUPPORTED in OsIndications
is not set, the FMP protocols are not installed.
Shouldn't the FMP protocols always be installed to process a
CapsuleUpdate() call? Otherwise efi_capsule_update_firmware() will fail
with EFI_UNSUPPORTED.
Best regards
Heinrich
^ permalink raw reply [flat|nested] 8+ messages in thread
* [PATCH 1/2 v4] efi: Add ESRT to the EFI system table
2021-02-23 16:50 ` [PATCH 1/2 v4] efi: Add ESRT to the EFI system table Jose Marinho
@ 2021-02-26 14:56 ` Heinrich Schuchardt
0 siblings, 0 replies; 8+ messages in thread
From: Heinrich Schuchardt @ 2021-02-26 14:56 UTC (permalink / raw)
To: u-boot
On 23.02.21 17:50, Jose Marinho wrote:
> The ESRT is initialised during efi_init_objlist after
> efi_initialize_system_table().
>
> The ESRT is recreated from scratch at the following events:
> - successful UpdateCapsule;
> - FMP instance install.
>
> The code ensures that every ESRT entry has a unique fw_class value.
>
> Limitations:
> - The ESRT is not updated when an FMP instance is uninstalled;
> - the fields image_type and flags are currently set to UNKNOWN and 0
> respectively. The mapping between fw_class and the image_type/flags
> fields is platform specific. A mapping function is lacking from the
> current implementation but should be added in the future.
>
> Signed-off-by: Jose Marinho <jose.marinho@arm.com>
>
> CC: Heinrich Schuchardt <xypron.glpk@gmx.de>
> CC: Sughosh Ganu <sughosh.ganu@linaro.org>
> CC: AKASHI Takahiro <takahiro.akashi@linaro.org>
> CC: Ilias Apalodimas <ilias.apalodimas@linaro.org>
> CC: Andre Przywara <andre.przywara@arm.com>
> CC: Alexander Graf <agraf@csgraf.de>
> CC: nd at arm.com
>
> ---
> cmd/efidebug.c | 4 +
> include/efi_api.h | 21 ++
> include/efi_loader.h | 20 ++
> lib/efi_loader/Kconfig | 7 +
> lib/efi_loader/Makefile | 1 +
> lib/efi_loader/efi_capsule.c | 8 +
> lib/efi_loader/efi_esrt.c | 518 +++++++++++++++++++++++++++++++++++
> lib/efi_loader/efi_setup.c | 6 +
> 8 files changed, 585 insertions(+)
> create mode 100644 lib/efi_loader/efi_esrt.c
>
> diff --git a/cmd/efidebug.c b/cmd/efidebug.c
> index bbbcb0a546..a7dace2f80 100644
> --- a/cmd/efidebug.c
> +++ b/cmd/efidebug.c
> @@ -459,6 +459,10 @@ static const struct {
> "Block IO",
> EFI_BLOCK_IO_PROTOCOL_GUID,
> },
> + {
> + "EFI System Resource Table",
> + EFI_SYSTEM_RESOURCE_TABLE_GUID,
> + },
> {
> "Simple File System",
> EFI_SIMPLE_FILE_SYSTEM_PROTOCOL_GUID,
> diff --git a/include/efi_api.h b/include/efi_api.h
> index 48e48a6263..fb53637419 100644
> --- a/include/efi_api.h
> +++ b/include/efi_api.h
> @@ -1722,6 +1722,23 @@ struct efi_load_file_protocol {
> void *buffer);
> };
>
> +struct efi_system_resource_entry {
> + efi_guid_t fw_class;
> + u32 fw_type;
> + u32 fw_version;
> + u32 lowest_supported_fw_version;
> + u32 capsule_flags;
> + u32 last_attempt_version;
> + u32 last_attempt_status;
> +} __packed;
> +
> +struct efi_system_resource_table {
> + u32 fw_resource_count;
> + u32 fw_resource_count_max;
> + u64 fw_resource_version;
> + struct efi_system_resource_entry entries[];
> +} __packed;
> +
> /* Boot manager load options */
> #define LOAD_OPTION_ACTIVE 0x00000001
> #define LOAD_OPTION_FORCE_RECONNECT 0x00000002
> @@ -1740,6 +1757,10 @@ struct efi_load_file_protocol {
> #define ESRT_FW_TYPE_DEVICEFIRMWARE 0x00000002
> #define ESRT_FW_TYPE_UEFIDRIVER 0x00000003
>
> +#define EFI_SYSTEM_RESOURCE_TABLE_GUID\
> + EFI_GUID(0xb122a263, 0x3661, 0x4f68,\
> + 0x99, 0x29, 0x78, 0xf8, 0xb0, 0xd6, 0x21, 0x80)
> +
> /* Last Attempt Status Values */
> #define LAST_ATTEMPT_STATUS_SUCCESS 0x00000000
> #define LAST_ATTEMPT_STATUS_ERROR_UNSUCCESSFUL 0x00000001
> diff --git a/include/efi_loader.h b/include/efi_loader.h
> index f470bbd636..c2720f2823 100644
> --- a/include/efi_loader.h
> +++ b/include/efi_loader.h
> @@ -214,6 +214,8 @@ extern const efi_guid_t efi_guid_rng_protocol;
> extern const efi_guid_t efi_guid_capsule_report;
> /* GUID of firmware management protocol */
> extern const efi_guid_t efi_guid_firmware_management_protocol;
> +/* GUID for the ESRT */
> +extern const efi_guid_t efi_esrt_guid;
>
> extern unsigned int __efi_runtime_start, __efi_runtime_stop;
> extern unsigned int __efi_runtime_rel_start, __efi_runtime_rel_stop;
> @@ -884,4 +886,22 @@ static inline efi_status_t efi_launch_capsules(void)
>
> #endif /* CONFIG_IS_ENABLED(EFI_LOADER) */
>
> +/**
> + * Install the ESRT system table.
> + *
> + * @return status code
> + */
> +efi_status_t efi_esrt_register(void);
> +
> +/**
> + * efi_esrt_populate() - Populates the ESRT entries from the FMP instances
> + * present in the system.
> + * If an ESRT already exists, the old ESRT is replaced in the system table.
> + * The memory of the old ESRT is deallocated.
> + *
> + * Return:
> + * - EFI_SUCCESS if the ESRT is correctly created
> + * - error code otherwise.
> + */
> +efi_status_t efi_esrt_populate(void);
> #endif /* _EFI_LOADER_H */
> diff --git a/lib/efi_loader/Kconfig b/lib/efi_loader/Kconfig
> index e729f727df..a96014ce18 100644
> --- a/lib/efi_loader/Kconfig
> +++ b/lib/efi_loader/Kconfig
> @@ -347,4 +347,11 @@ config EFI_SECURE_BOOT
> it is signed with a trusted key. To do that, you need to install,
> at least, PK, KEK and db.
>
> +config EFI_ESRT
> + bool "Enable the UEFI ESRT generation"
> + depends on EFI_CAPSULE_FIRMWARE_MANAGEMENT
> + default y
> + help
> + Enabling this option creates the ESRT UEFI system table.
> +
> endif
> diff --git a/lib/efi_loader/Makefile b/lib/efi_loader/Makefile
> index 10b42e8847..9a8127846f 100644
> --- a/lib/efi_loader/Makefile
> +++ b/lib/efi_loader/Makefile
> @@ -52,6 +52,7 @@ obj-y += efi_variable.o
> obj-$(CONFIG_EFI_VARIABLES_PRESEED) += efi_var_seed.o
> endif
> obj-y += efi_watchdog.o
> +obj-$(CONFIG_EFI_ESRT) += efi_esrt.o
> obj-$(CONFIG_LCD) += efi_gop.o
> obj-$(CONFIG_DM_VIDEO) += efi_gop.o
> obj-$(CONFIG_PARTITIONS) += efi_disk.o
> diff --git a/lib/efi_loader/efi_capsule.c b/lib/efi_loader/efi_capsule.c
> index b57f0302c5..a1a69e619d 100644
> --- a/lib/efi_loader/efi_capsule.c
> +++ b/lib/efi_loader/efi_capsule.c
> @@ -482,6 +482,14 @@ efi_status_t EFIAPI efi_update_capsule(
> goto out;
> }
> out:
> +
> + if (IS_ENABLED(CONFIG_EFI_ESRT)) {
> + /* Rebuild the ESRT to reflect any updated FW images. */
> + ret = EFI_CALL(efi_esrt_populate());
> + if (ret != EFI_SUCCESS)
> + log_warning("EFI Capsule: failed to update ESRT\n");
> + }
> +
> return EFI_EXIT(ret);
> }
>
> diff --git a/lib/efi_loader/efi_esrt.c b/lib/efi_loader/efi_esrt.c
> new file mode 100644
> index 0000000000..d31963ad6e
> --- /dev/null
> +++ b/lib/efi_loader/efi_esrt.c
> @@ -0,0 +1,518 @@
> +// SPDX-License-Identifier: GPL-2.0-only
> +/*
> + * EFI application ESRT tables support
> + *
> + * Copyright (C) 2021 Arm Ltd.
> + */
> +
> +#include <common.h>
> +#include <efi_loader.h>
> +#include <log.h>
> +#include <efi_api.h>
> +#include <malloc.h>
> +
> +const efi_guid_t efi_esrt_guid = EFI_SYSTEM_RESOURCE_TABLE_GUID;
> +
> +static struct efi_system_resource_table *esrt;
> +
> +#define EFI_ESRT_VERSION 1
> +
> +/**
> + * efi_esrt_image_info_to_entry() - copy the information present in a fw image
> + * descriptor to a ESRT entry.
> + * The function ensures the ESRT entry matches the image_type_id in @img_info.
> + * In case of a mismatch we leave the entry unchanged.
> + *
> + * @img_info: the source image info descriptor
> + * @entry: pointer to the ESRT entry to be filled
> + * @desc_version: the version of the elements in img_info
> + * @image_type: the image type value to be set in the ESRT entry
> + * @flags: the capsule flags value to be set in the ESRT entry
> + *
> + * Return:
> + * - EFI_SUCCESS if the entry is correctly updated
> + * - EFI_INVALID_PARAMETER if entry does not match image_type_id in @img_info.
> + */
> +static efi_status_t
> +efi_esrt_image_info_to_entry(struct efi_firmware_image_descriptor *img_info,
> + struct efi_system_resource_entry *entry,
> + u32 desc_version, u32 image_type, u32 flags)
> +{
> + if (guidcmp(&entry->fw_class, &img_info->image_type_id)) {
> + EFI_PRINT("ESRT entry %pUL mismatches img_type_id %pUL\n",
> + &entry->fw_class, &img_info->image_type_id);
> + return EFI_INVALID_PARAMETER;
> + }
> +
> + entry->fw_version = img_info->version;
> +
> + entry->fw_type = image_type;
> + entry->capsule_flags = flags;
> +
> + /*
> + * The field lowest_supported_image_version is only present
> + * on image info structure of version 2 or greater.
> + * See the EFI_FIRMWARE_IMAGE_DESCRIPTOR definition in UEFI.
> + */
> + if (desc_version >= 2)
> + entry->lowest_supported_fw_version =
> + img_info->lowest_supported_image_version;
> + else
> + entry->lowest_supported_fw_version = 0;
> +
> + /*
> + * The fields last_attempt_version and last_attempt_status
> + * are only present on image info structure of version 3 or
> + * greater.
> + * See the EFI_FIRMWARE_IMAGE_DESCRIPTOR definition in UEFI.
> + */
> + if (desc_version >= 3) {
> + entry->last_attempt_version =
> + img_info->last_attempt_version;
> +
> + entry->last_attempt_status =
> + img_info->last_attempt_status;
> + } else {
> + entry->last_attempt_version = 0;
> + entry->last_attempt_status = LAST_ATTEMPT_STATUS_SUCCESS;
> + }
> +
> + return EFI_SUCCESS;
> +}
> +
> +/**
> + * efi_esrt_entries_to_size() - Obtain the bytes used by an ESRT
> + * datastructure with @num_entries.
> + *
> + * @num_entries: the number of entries in the ESRT.
> + *
> + * Return: the number of bytes an ESRT with @num_entries occupies in memory.
> + */
> +static
> +inline u32 efi_esrt_entries_to_size(u32 num_entries)
> +{
> + u32 esrt_size = sizeof(struct efi_system_resource_table) +
> + num_entries * sizeof(struct efi_system_resource_entry);
> +
> + return esrt_size;
> +}
> +
> +/**
> + * efi_esrt_allocate_install() - Allocates @num_entries for the ESRT and
> + * performs basic ESRT initialization.
> + *
> + * @bt: pointer to the boottime services structure.
Please get rid of this parameter. Export the functions that you want to
access instead.
> + * @num_entries: the number of entries that the ESRT will hold.
> + *
> + * Return:
> + * - pointer to the ESRT if successful.
> + * - NULL otherwise.
> + */
> +static
> +efi_status_t efi_esrt_allocate_install(struct efi_boot_services *bt,
> + u32 num_entries)
> +{
> + efi_status_t ret;
> + struct efi_system_resource_table *new_esrt;
> + u32 size = efi_esrt_entries_to_size(num_entries);
> + efi_guid_t esrt_guid = efi_esrt_guid;
> +
> + /* Reserve num_pages for ESRT */
> + ret = bt->allocate_pool(EFI_BOOT_SERVICES_DATA, size,
> + (void **)&new_esrt);
> +
> + if (ret != EFI_SUCCESS) {
> + EFI_PRINT("ESRT cannot allocate memory for %d entries (%d bytes)\n",
> + num_entries, efi_esrt_entries_to_size(num_entries));
> +
> + return ret;
> + }
> +
> + new_esrt->fw_resource_count_max = num_entries;
> + new_esrt->fw_resource_count = 0;
> + new_esrt->fw_resource_version = EFI_ESRT_VERSION;
> +
> + /* Install the ESRT in the system configuration table. */
> + ret = bt->install_configuration_table(&esrt_guid, (void *)new_esrt);
EFI_CALL() is needed to call the UEFI API.
Call efi_install_configuration_table() instead.
> + if (ret != EFI_SUCCESS) {
> + EFI_PRINT("ESRT failed to install the ESRT in the system table\n");
> + return ret;
> + }
> +
> + /* If there was a previous ESRT, deallocate its memory now. */
> + if (esrt)
> + ret = bt->free_pool(esrt);
> +
> + esrt = new_esrt;
> +
> + return EFI_SUCCESS;
> +}
> +
> +/**
> + * esrt_find_entry() - Obtain the ESRT entry for the image with GUID
> + * @img_fw_class.
> + *
> + * If the img_fw_class is not yet present in the ESRT, this function
> + * reserves the tail element of the current ESRT as the entry for that fw_class.
> + * The number of elements in the ESRT is updated in that case.
> + *
> + * @img_fw_class: the GUID of the FW image which ESRT entry we want to obtain.
> + *
> + * Return:
> + * - A pointer to the ESRT entry for the image with GUID img_fw_class,
> + * - NULL if:
> + * - there is no more space in the ESRT,
> + * - ESRT is not initialized,
> + */
> +static
> +struct efi_system_resource_entry *esrt_find_entry(efi_guid_t *img_fw_class)
> +{
> + u32 filled_entries;
> + u32 max_entries;
> + struct efi_system_resource_entry *entry;
> +
> + if (!esrt) {
> + EFI_PRINT("ESRT access before initialized\n");
> + return NULL;
> + }
> +
> + filled_entries = esrt->fw_resource_count;
> + entry = esrt->entries;
> +
> + /* Check if the image with img_fw_class is already in the ESRT. */
> + for (u32 idx = 0; idx < filled_entries; idx++) {
> + if (!guidcmp(&entry[idx].fw_class, img_fw_class)) {
> + EFI_PRINT("ESRT found entry for image %pUl at index %d\n",
> + img_fw_class, idx);
> + return &entry[idx];
> + }
> + }
> +
> + max_entries = esrt->fw_resource_count_max;
> + /*
> + * Since the image with img_fw_class is not present in the ESRT, check
> + * if ESRT is full before appending the new entry to it.
> + */
> + if (filled_entries == max_entries) {
> + EFI_PRINT("ESRT full, this should not happen\n");
> + return NULL;
> + }
> +
> + /*
> + * This is a new entry for a fw image, increment the element
> + * number in the table and set the fw_class field.
> + */
> + esrt->fw_resource_count++;
> + entry[filled_entries].fw_class = *img_fw_class;
> + EFI_PRINT("ESRT allocated new entry for image %pUl at index %d\n",
> + img_fw_class, filled_entries);
> +
> + return &entry[filled_entries];
> +}
> +
> +/**
> + * efi_esrt_add_from_fmp() - Populates a sequence of ESRT entries from the FW
> + * images in the FMP.
> + *
> + * @bt : pointer to the boottime services structure.
Get rid of this parameter.
> + * @fmp: the FMP instance from which FW images are added to the ESRT
> + *
> + * Return:
> + * - EFI_SUCCESS if all the FW images in the FMP are added to the ESRT
> + * - Error status otherwise
> + */
> +static
> +efi_status_t efi_esrt_add_from_fmp(struct efi_boot_services *bt,
> + struct efi_firmware_management_protocol *fmp)
> +{
> + struct efi_system_resource_entry *entry = NULL;
> + size_t info_size = 0;
> + struct efi_firmware_image_descriptor *img_info = NULL;
> + u32 desc_version;
> + u8 desc_count;
> + size_t desc_size;
> + u32 package_version;
> + u16 *package_version_name;
> + efi_status_t ret = EFI_SUCCESS;
> +
> + /*
> + * TODO: set the field image_type depending on the FW image type
> + * defined in a platform basis.
> + */
> + u32 image_type = ESRT_FW_TYPE_UNKNOWN;
> +
> + /* TODO: set the capsule flags as a function of the FW image type. */
> + u32 flags = 0;
> +
> + ret = fmp->get_image_info(fmp, &info_size, img_info,
> + &desc_version, &desc_count,
> + &desc_size, NULL, NULL);
EFI_CALL() is needed to call the UEFI API.
> +
> + if (ret != EFI_BUFFER_TOO_SMALL) {
> + /*
> + * An input of info_size=0 should always lead
> + * fmp->get_image_info to return BUFFER_TO_SMALL.
EFI_CALL().
> + */
> + EFI_PRINT("Erroneous FMP implementation\n");
> + return EFI_INVALID_PARAMETER;
> + }
> +
> + ret = bt->allocate_pool(EFI_BOOT_SERVICES_DATA, info_size,
> + (void **)&img_info);
Call efi_allocate_pool() instead.
> + if (ret != EFI_SUCCESS) {
> + EFI_PRINT("ESRT failed to allocate memory for image info.\n");
> + return ret;
> + }
> +
> + ret = fmp->get_image_info(fmp, &info_size, img_info,
> + &desc_version, &desc_count,
> + &desc_size, &package_version, &package_version_name);
EFI_CALL()
> + if (ret != EFI_SUCCESS) {
> + EFI_PRINT("ESRT failed to obtain the FMP image info\n");
> + goto out;
> + }
> +
> + /*
> + * Iterate over all the FW images in the FMP.
> + */
> + for (u32 desc_idx = 0; desc_idx < desc_count; desc_idx++) {
> + struct efi_firmware_image_descriptor *cur_img_info =
> + (struct efi_firmware_image_descriptor *)
> + ((uintptr_t)img_info + desc_idx * desc_size);
> +
> + /*
> + * Obtain the ESRT entry for the FW image with fw_class
> + * equal to cur_img_info->image_type_id.
> + */
> + entry = esrt_find_entry(&cur_img_info->image_type_id);
> +
> + if (entry) {
> + ret = efi_esrt_image_info_to_entry(cur_img_info, entry,
> + desc_version,
> + image_type, flags);
> + if (ret != EFI_SUCCESS)
> + EFI_PRINT("ESRT entry mismatches image_type\n");
> +
> + } else {
> + EFI_PRINT("ESRT failed to add entry for %pUl\n",
> + &cur_img_info->image_type_id);
> + continue;
> + }
> + }
> +
> +out:
> + bt->free_pool(img_info);
> + return EFI_SUCCESS;
> +}
> +
> +/**
> + * efi_esrt_populate() - Populates the ESRT entries from the FMP instances
> + * present in the system.
> + * If an ESRT already exists, the old ESRT is replaced in the system table.
> + * The memory of the old ESRT is deallocated.
> + *
> + * Return:
> + * - EFI_SUCCESS if the ESRT is correctly created
> + * - error code otherwise.
> + */
> +efi_status_t efi_esrt_populate(void)
> +{
> + efi_handle_t *base_handle = NULL;
> + efi_handle_t *it_handle;
> + size_t no_handles = 0;
> + struct efi_firmware_management_protocol *fmp;
> + efi_status_t ret;
> + u32 num_entries = 0;
> + struct efi_boot_services *bt = systab.boottime;
> +
> + if (!bt) {
> + EFI_PRINT("ESRT cannot obtain pointer to BS\n");
> + return EFI_NOT_READY;
> + }
Do not use this pointer. Instead export the required functions.
> +
> + /*
> + * Obtain the number of registered FMP handles.
> + */
> + ret = bt->locate_handle_buffer(BY_PROTOCOL,
> + &efi_guid_firmware_management_protocol,
> + NULL, &no_handles,
> + (efi_handle_t **)&base_handle);
You have to use EFI_CALL() here. To avoid one level of indirection,
please, use EFI_CALL(efi_locate_handle_buffer())
> +
> + if (ret != EFI_SUCCESS) {
> + EFI_PRINT("ESRT There are no FMP instances\n");
> +
> + ret = efi_esrt_allocate_install(bt, 0);
> + if (ret != EFI_SUCCESS) {
> + EFI_PRINT("ESRT failed to create table with 0 entries\n");
> + return ret;
> + }
> + return EFI_SUCCESS;
> + }
> +
> + EFI_PRINT("ESRT populate esrt from (%ld) available FMP handles\n",
> + no_handles);
> +
> + /*
> + * Iterate over all FMPs to determine an upper bound on the number of
> + * ESRT entries.
> + */
> + it_handle = base_handle;
> + for (u32 idx = 0; idx < no_handles; idx++, it_handle++) {
> + struct efi_firmware_image_descriptor *img_info = NULL;
> + size_t info_size = 0;
> + u32 desc_version = 0;
> + u8 desc_count = 0;
> + size_t desc_size = 0;
> + u32 package_version;
> + u16 *package_version_name;
> +
> + ret = bt->handle_protocol(*it_handle,
> + &efi_guid_firmware_management_protocol,
> + (void **)&fmp);
Call efi_search_protocol().
handler->protocol_interface is what you look for.
> +
> + if (ret != EFI_SUCCESS) {
> + EFI_PRINT("ESRT Unable to find FMP handle (%d)\n",
> + idx);
> + goto out;
> + }
> +
> + ret = fmp->get_image_info(fmp, &info_size, NULL,
> + &desc_version, &desc_count,
> + &desc_size, &package_version, &package_version_name);
> +
EFI_CALL()
> + if (ret != EFI_BUFFER_TOO_SMALL) {
> + /*
> + * An input of info_size=0 should always lead
> + * fmp->get_image_info to return BUFFER_TO_SMALL.
> + */
> + EFI_PRINT("ESRT erroneous FMP implementation\n");
> + ret = EFI_INVALID_PARAMETER;
> + goto out;
> + }
> +
> + ret = bt->allocate_pool(EFI_BOOT_SERVICES_DATA, info_size,
> + (void **)&img_info);
This would require EFI_CALL(). Just use efi_allocate_pool().
> + if (ret != EFI_SUCCESS) {
> + EFI_PRINT("ESRT failed to allocate memory for image info\n");
> + goto out;
> + }
> +
> + /*
> + * Calls to a FMP get_image_info method do not return the
> + * desc_count value if the return status differs from EFI_SUCCESS.
> + * We need to repeat the call to get_image_info with a properly
> + * sized buffer in order to obtain the real number of images
> + * handled by the FMP.
> + */
> + ret = fmp->get_image_info(fmp, &info_size, img_info,
> + &desc_version, &desc_count,
> + &desc_size, &package_version, &package_version_name);
> +
EFI_CALL().
> + if (ret != EFI_SUCCESS) {
> + EFI_PRINT("ESRT failed to obtain image info from FMP\n");
> + bt->free_pool(img_info);
> + goto out;
> + }
> +
> + num_entries += desc_count;
> +
> + bt->free_pool(img_info);
> + }
> +
> + EFI_PRINT("ESRT create table with %d entries\n", num_entries);
> + /*
> + * Allocate an ESRT with the sufficient number of entries to accommodate
> + * all the FMPs in the system.
> + */
> + ret = efi_esrt_allocate_install(bt, num_entries);
> + if (ret != EFI_SUCCESS) {
> + EFI_PRINT("ESRT failed to initialize table\n");
> + goto out;
> + }
> +
> + /*
> + * Populate the ESRT entries with all existing FMP.
> + */
> + it_handle = base_handle;
> + for (u32 idx = 0; idx < no_handles; idx++, it_handle++) {
> + ret = bt->handle_protocol(*it_handle,
> + &efi_guid_firmware_management_protocol,
> + (void **)&fmp);
Use efi_search_protocol()
> +
> + if (ret != EFI_SUCCESS) {
> + EFI_PRINT("ESRT unable to find FMP handle (%d)\n",
> + idx);
> + break;
> + }
> +
> + ret = efi_esrt_add_from_fmp(bt, fmp);
> + if (ret != EFI_SUCCESS)
> + EFI_PRINT("ESRT failed to add FMP to the table\n");
> + }
> +
> +out:
> +
> + bt->free_pool(base_handle);
> +
> + return ret;
> +}
> +
> +/**
> + * efi_esrt_new_fmp_notify() - Callback for the EVT_NOTIFY_SIGNAL event raised
> + * when a new FMP protocol instance is registered in the system.
> + */
> +static void EFIAPI efi_esrt_new_fmp_notify(struct efi_event *event,
> + void *context)
> +{
> + efi_status_t ret;
Here you need EFI_ENTRY().
> +
> + ret = efi_esrt_populate();
> + if (ret != EFI_SUCCESS) {
> + EFI_PRINT("ESRT failed to populate ESRT entry\n");
> + return;
> + }
You must leave with EFI_EXIT().
> +}
> +
> +/**
> + * efi_esrt_register() - Install the ESRT system table.
> + *
> + * Return: status code
> + */
> +efi_status_t efi_esrt_register(void)
> +{
> + struct efi_boot_services *bt = systab.boottime;
> + struct efi_event *ev = NULL;
> + void *registration;
> + efi_status_t ret;
> +
> + if (!bt) {
> + EFI_PRINT("ESRT cannot obtain pointer to BS\n");
> + return EFI_NOT_READY;
> + }
> +
> + EFI_PRINT("ESRT creation start\n");
> +
> + ret = efi_esrt_populate();
> + if (ret != EFI_SUCCESS) {
> + EFI_PRINT("ESRT failed to initiate the table\n");
> + return ret;
> + }
> +
> + ret = bt->create_event(EVT_NOTIFY_SIGNAL, TPL_CALLBACK,
> + efi_esrt_new_fmp_notify, NULL, &ev);
This would require EFI_CALL().
Call efi_create_event() instead.
> + if (ret != EFI_SUCCESS) {
> + EFI_PRINT("ESRT failed to create event\n");
> + return ret;
> + }
> +
> + ret = bt->register_protocol_notify(&efi_guid_firmware_management_protocol,
> + ev, ®istration);
You need EFI_CALL here().
It is preferable to export efi_register_protocol_notify() to avoid the
bt-> indirection.
Best regards
Heinrich
> + if (ret != EFI_SUCCESS) {
> + EFI_PRINT("ESRT failed to register FMP callback\n");
> + return ret;
> + }
> +
> + EFI_PRINT("ESRT table created\n");
> +
> + return ret;
> +}
> diff --git a/lib/efi_loader/efi_setup.c b/lib/efi_loader/efi_setup.c
> index b1c5125032..3c5cf9a435 100644
> --- a/lib/efi_loader/efi_setup.c
> +++ b/lib/efi_loader/efi_setup.c
> @@ -227,6 +227,12 @@ efi_status_t efi_init_obj_list(void)
> if (ret != EFI_SUCCESS)
> goto out;
>
> + if (IS_ENABLED(CONFIG_EFI_ESRT)) {
> + ret = efi_esrt_register();
> + if (ret != EFI_SUCCESS)
> + goto out;
> + }
> +
> if (IS_ENABLED(CONFIG_EFI_TCG2_PROTOCOL)) {
> ret = efi_tcg2_register();
> if (ret != EFI_SUCCESS)
>
^ permalink raw reply [flat|nested] 8+ messages in thread
* [PATCH 2/2 v4] efi: ESRT creation tests
2021-02-26 14:17 ` Heinrich Schuchardt
@ 2021-03-01 1:18 ` AKASHI Takahiro
0 siblings, 0 replies; 8+ messages in thread
From: AKASHI Takahiro @ 2021-03-01 1:18 UTC (permalink / raw)
To: u-boot
Heinrich,
On Fri, Feb 26, 2021 at 03:17:42PM +0100, Heinrich Schuchardt wrote:
> On 26.02.21 14:55, Heinrich Schuchardt wrote:
> > On 23.02.21 17:50, Jose Marinho wrote:
> >> This commmit exercises the ESRT creation -- introduced in the previous
> >> commit -- in two tests.
> >>
> >> test 1:
> >> A fake FMP, with TEST_ESRT_NUM_ENTRIES FW images, is installed in the
> >> system leading to the corresponding ESRT entries being populated.
> >> The ESRT entries are checked against the datastructure used to
> >> initialize the FMP.
> >>
> >> test 1 invocation:
> >> make sandbox_capsule_defconfig all
> >> ./u-boot -d arch/sandbox/dts/test.dtb
> >> ut lib
> >>
> >> test 2:
> >> The test is part of test_efi_capsule_fw3.
> >>
> >> In order to run the test the following must be added to
> >> sandbox_defconfig:
> >> +CONFIG_CMD_SF=y
> >> +CONFIG_CMD_MEMORY=y
> >> +CONFIG_CMD_FAT=y
> >> +CONFIG_DFU=y
> >>
> >> The ESRT is printed in the u-boot shell by calling efidebug esrt.
> >> The test ensures that, after the capsule is installed, the ESRT
> >> contains entries with the GUIDs:
> >> - EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID;
> >> - EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID;
> >>
> >> test 2 invocation:
> >> sudo ./test/py/test.py --bd sandbox -k capsule_fw3 -l --build
> >>
> >> Signed-off-by: Jose Marinho <jose.marinho@arm.com>
> >>
> >> CC: Heinrich Schuchardt <xypron.glpk@gmx.de>
> >> CC: Sughosh Ganu <sughosh.ganu@linaro.org>
> >> CC: AKASHI Takahiro <takahiro.akashi@linaro.org>
> >> CC: Ilias Apalodimas <ilias.apalodimas@linaro.org>
> >> CC: Andre Przywara <andre.przywara@arm.com>
> >> CC: Alexander Graf <agraf@csgraf.de>
> >> CC: nd at arm.com
> >>
> >> ---
> >> cmd/efidebug.c | 64 ++++++
> >> test/lib/Makefile | 1 +
> >> test/lib/efi_esrt.c | 191 ++++++++++++++++++
> >> .../test_efi_capsule/test_capsule_firmware.py | 4 +
> >> 4 files changed, 260 insertions(+)
> >> create mode 100644 test/lib/efi_esrt.c
> >>
> >> diff --git a/cmd/efidebug.c b/cmd/efidebug.c
> >> index a7dace2f80..5a9ff2bd9a 100644
> >> --- a/cmd/efidebug.c
> >> +++ b/cmd/efidebug.c
> >> @@ -129,6 +129,61 @@ static int do_efi_capsule_show(struct cmd_tbl *cmdtp, int flag,
> >> return CMD_RET_SUCCESS;
> >> }
> >>
> >> +#ifdef CONFIG_EFI_ESRT
> >> +/**
> >> + * do_efi_capsule_esrt() - manage UEFI capsules
> >> + *
> >> + * @cmdtp: Command table
> >> + * @flag: Command flag
> >> + * @argc: Number of arguments
> >> + * @argv: Argument array
> >> + * Return: CMD_RET_SUCCESS on success,
> >> + * CMD_RET_USAGE or CMD_RET_RET_FAILURE on failure
> >> + *
> >> + * Implement efidebug "capsule esrt" sub-command.
> >> + * The prints the current ESRT table.
> >> + *
> >> + * efidebug capsule esrt
> >> + */
> >> +static int do_efi_capsule_esrt(struct cmd_tbl *cmdtp, int flag,
> >> + int argc, char * const argv[])
> >> +{
> >> + struct efi_system_resource_table *esrt = NULL;
> >> +
> >> + if (argc != 1)
> >> + return CMD_RET_USAGE;
> >> +
> >> + for (int idx = 0; idx < systab.nr_tables; idx++)
> >> + if (!guidcmp(&efi_esrt_guid, &systab.tables[idx].guid))
> >> + esrt = (struct efi_system_resource_table *)systab.tables[idx].table;
> >> +
> >> + if (!esrt)
> >> + return CMD_RET_FAILURE;
> >> +
> >> + printf("========================================\n");
> >> + printf("ESRT: fw_resource_count=%d\n", esrt->fw_resource_count);
> >> + printf("ESRT: fw_resource_count_max=%d\n", esrt->fw_resource_count_max);
> >> + printf("ESRT: fw_resource_version=%lld\n", esrt->fw_resource_version);
> >> +
> >> + for (int idx = 0; idx < esrt->fw_resource_count; idx++) {
> >> + printf("[entry %d]==============================\n", idx);
> >> + printf("ESRT: fw_class=%pUL\n", &esrt->entries[idx].fw_class);
> >> + printf("ESRT: fw_type=%d\n", esrt->entries[idx].fw_type);
> >> + printf("ESRT: fw_version=%d\n", esrt->entries[idx].fw_version);
> >> + printf("ESRT: lowest_supported_fw_version=%d\n",
> >> + esrt->entries[idx].lowest_supported_fw_version);
> >> + printf("ESRT: capsule_flags=%d\n",
> >> + esrt->entries[idx].capsule_flags);
> >> + printf("ESRT: last_attempt_version=%d\n",
> >> + esrt->entries[idx].last_attempt_version);
> >> + printf("ESRT: last_attempt_status=%d\n",
> >> + esrt->entries[idx].last_attempt_status);
> >> + }
> >> + printf("========================================\n");
> >> +
> >> + return CMD_RET_SUCCESS;
> >
> > With which configuration do we see any entry in the list?
> >
> > I only got:
> >
> > => efidebug capsule esrt
> > ========================================
> > ESRT: fw_resource_count=0
> > ESRT: fw_resource_count_max=0
> > ESRT: fw_resource_version=1
> > ========================================
> > =>
> >
> > with
> >
> > CONFIG_EFI_HAVE_CAPSULE_SUPPORT=y
> > CONFIG_EFI_RUNTIME_UPDATE_CAPSULE=y
> > CONFIG_EFI_CAPSULE_ON_DISK=y
> > # CONFIG_EFI_CAPSULE_ON_DISK_EARLY is not set
> > CONFIG_EFI_CAPSULE_FIRMWARE=y
> > CONFIG_EFI_CAPSULE_FIRMWARE_MANAGEMENT=y
> > # CONFIG_EFI_CAPSULE_AUTHENTICATE is not set
> > CONFIG_EFI_CAPSULE_FIRMWARE_FIT=y
> > CONFIG_EFI_CAPSULE_FIRMWARE_RAW=y
> >
> > efidebug dh does not show any FMP protocol installed:
> >
> > => efidebug dh
> > Handle Protocols
> > ================ ====================
> > 000000007eef19c0 Device Path, Device Path To Text, Device Path
> > Utilities, Device-Tree Fixup, Unicode Collation 2, HII String, HII
> > Database, Random Number Generator
> > 000000007eef1bb0 Simple Text Output
> > 000000007eef1c20 Simple Text Input, Simple Text Input Ex
> > 000000007eef1f60 Device Path, Block IO
> > 000000007eef2130 Device Path, Block IO, System Partition, Simple File System
> > 000000007eef2f10 Driver Binding
> > 000000007eef4050 Simple Network, Device Path, PXE Base Code
>
> @Sughosh, Takahiro
>
> If EFI_OS_INDICATIONS_FILE_CAPSULE_DELIVERY_SUPPORTED in OsIndications
> is not set, the FMP protocols are not installed.
First of all, OsIndications is one of variables that should be set properly
by *OS user*, not by the firmware (U-Boot).
In addition, according to "8.5.4 Exchanging information between the OS
and Firmware,"
When submitting capsule via the Mass Storage Device method of Section 8.5.5,
the bit EFI_OS_INDICATIONS_FILE_CAPSULE_DELIVERY_SUPPORTED in OsIndications
variable must be set by submitter to trigger processing of submitted capsule
on next reboot. This bit will be cleared from OsIndications by system
firmware in all cases during processing following reboot.
> Shouldn't the FMP protocols always be installed to process a
> CapsuleUpdate() call? Otherwise efi_capsule_update_firmware() will fail
> with EFI_UNSUPPORTED.
Under the current implementation, capsule update will be expected
to be performed only through a capsule file, ie. UpdateCapsule() API
is *not* supported.
Therefore, FMP (FIT or raw) are not installed if not the case.
-Takahiro Akashi
> Best regards
>
> Heinrich
>
^ permalink raw reply [flat|nested] 8+ messages in thread
* [PATCH 2/2 v4] efi: ESRT creation tests
2021-02-26 13:55 ` Heinrich Schuchardt
2021-02-26 14:17 ` Heinrich Schuchardt
@ 2021-03-02 11:51 ` Jose Marinho
1 sibling, 0 replies; 8+ messages in thread
From: Jose Marinho @ 2021-03-02 11:51 UTC (permalink / raw)
To: u-boot
Hi Heinrich,
Thank you for your reviews.
>
> With which configuration do we see any entry in the list?
>
> I only got:
>
> => efidebug capsule esrt
> ========================================
> ESRT: fw_resource_count=0
> ESRT: fw_resource_count_max=0
> ESRT: fw_resource_version=1
> ========================================
> =>
>
To get the FIT and RAW capsules showing, the best is to execute the test script in:
test/py/tests/test_efi_capsule/test_capsule_firmware.py
> > diff --git a/test/lib/Makefile b/test/lib/Makefile index
> > 97c11e35a8..aeb8c13eb0 100644
> > --- a/test/lib/Makefile
> > +++ b/test/lib/Makefile
> > @@ -15,3 +15,4 @@ obj-$(CONFIG_UT_LIB_ASN1) += asn1.o
> > obj-$(CONFIG_UT_LIB_RSA) += rsa.o
> > obj-$(CONFIG_AES) += test_aes.o
> > obj-$(CONFIG_GETOPT) += getopt.o
> > +obj-$(CONFIG_EFI_ESRT) += efi_esrt.o
> > diff --git a/test/lib/efi_esrt.c b/test/lib/efi_esrt.c new file mode
> > 100644 index 0000000000..e8cfe671e2
> > --- /dev/null
> > +++ b/test/lib/efi_esrt.c
> > @@ -0,0 +1,191 @@
> > +// SPDX-License-Identifier: GPL-2.0-only
> > +/*
> > + * Test ESRT tables support
> > + *
> > + * Copyright (C) 2021 Arm Ltd.
> > + */
> > +#include <common.h>
> > +#include <efi_loader.h>
> > +#include <net.h>
> > +#include <test/lib.h>
> > +#include <test/test.h>
> > +#include <test/ut.h>
> > +
> > +#define TEST_ESRT_NUM_ENTRIES 255
> > +
> > +#if 0x100 < TEST_ESRT_NUM_ENTRIES
> > +#error TEST_ESRT_NUM_ENTRIES must be lower or equal to 255.
> > +#endif
>
> A comment above the #define should be enough.
>
> What leads to the limit of 255 entries?
The 255 entry limit stems from the get_image_info u8 descriptor_count output variable.
>
> Have the existing FMP protocols to be in the count?
>
Regards,
Jose
^ permalink raw reply [flat|nested] 8+ messages in thread
end of thread, other threads:[~2021-03-02 11:51 UTC | newest]
Thread overview: 8+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-02-23 16:49 [PATCH 0/2 v4] Add ESRT and test ESRT creation Jose Marinho
2021-02-23 16:50 ` [PATCH 1/2 v4] efi: Add ESRT to the EFI system table Jose Marinho
2021-02-26 14:56 ` Heinrich Schuchardt
2021-02-23 16:50 ` [PATCH 2/2 v4] efi: ESRT creation tests Jose Marinho
2021-02-26 13:55 ` Heinrich Schuchardt
2021-02-26 14:17 ` Heinrich Schuchardt
2021-03-01 1:18 ` AKASHI Takahiro
2021-03-02 11:51 ` Jose Marinho
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.