* [PATCH v7 0/8] efi: capsule: Capsule Update fixes and enhancements
@ 2022-04-14 10:54 Sughosh Ganu
2022-04-14 10:54 ` [PATCH v7 1/8] capsule: board: Add information needed for capsule updates Sughosh Ganu
` (7 more replies)
0 siblings, 8 replies; 13+ messages in thread
From: Sughosh Ganu @ 2022-04-14 10:54 UTC (permalink / raw)
To: u-boot
Cc: Heinrich Schuchardt, Ilias Apalodimas, AKASHI Takahiro,
Ying-Chun Liu, Tuomas Tynkkynen, Heiko Thiery, Frieder Schrempf,
Michael Walle, Masami Hiramatsu, Jassi Brar, Michal Simek,
Michal Simek
This series is cleaning up the usage of the image GUIDs that are used
in capsule update and the EFI System Resource Table(ESRT). There are
some other enhancements being made to the capsule update code to make
it more robust.
Firstly, an overview of the fixes being made.
Currently, there are two instances of the Firmware Management
Protocol(FMP), one defined for updating the FIT images, and the other
for updating raw images. The FMP code defines two GUID values, one for
all FIT images, and one for raw images. Depending on the FMP instance
used on a platform, the platform needs to use the corresponding image
GUID value for all images on the platform, and also across platforms.
A few issues are being fixed through the patch series. One, that an
image for a different platform can be flashed on another platform if
both the platforms are using the same FMP instance. So, for e.g. a
capsule generated for the Socionext DeveloperBox platform can be
flashed on the ZynqMP platform, since both the platforms use the
CONFIG_EFI_CAPSULE_FIRMWARE_RAW instance of the FMP. This can be
corrected if each firmware image that can be updated through the
capsule update mechanism has it's own unique image GUID.
The second issue that this patch series fixes is the value of FwClass
in the ESRT. With the current logic, all firmware image entries in the
ESRT display the same GUID value -- either the FIT GUID or the raw
GUID. This is not in compliance with the UEFI specification, as the
specification requires all entries to have unique GUID values.
The third issue being fixed is the population of the
EFI_FIRMWARE_IMAGE_DESCRIPTOR array. The current code uses the dfu
framework for populating the image descriptor array. However, there
might be other images that are not to be updated through the capsule
update mechanism also registered with the dfu framework. As a result
of this, the ESRT will show up entries of images that are not to be
targeted by the capsule update mechanism.
These issues are being fixed by defining a structure, efi_fw_images. A
platform can then define image related information like the image GUID
and image name. Every platform that uses capsule update mechanism
needs to define fw_images array. This array will then be used to
populate the image descriptor array, and also in determining if a
particular capsule's payload can be used for updating an image on the
platform.
The other part of the patches are some enhancements being made to the
capsule update code to make it more robust.
The first enhancement being made is to have a check for the image
index being passed through the capsule header. The capsule update code
uses the image index value as the dfu alt number, which points to the
partition to which the update must be made. The platform is supposed
to define the image index value for the updatable firmare images as
part of the fw_images array. This value must correspond to the dfu alt
num for the corresponding image, and can be obtained by checking the
output of the 'dfu list' u-boot command. At the time of update, the
image index being passed through the capsule is checked against the
image index value obtained from the platform.
The second enhancement made is the retrieval of the dfu_alt_info
variable from the set_dfu_alt_info function instead of using the
value defined in the environment. The dfu framework checks for the
existence of this function, and if the function is not defined, gets
the value from the environment. This can cause in an incorrect update
if the environment variable value is incorrect. A weak function is
defined for populating dfu_alt_info from the information obtained from
the platform. This function gets invoked on all platforms which
enabled capsule update feature.
The first patch adds the structure efi_capsule_update_info and
initialises the structure on all platforms which enable capsule update
feature
The second patch populates the image descriptor array in the
GetImageInfo function with the values from the fw_images array defined
in the board file
The third patch adds a check for the image index value from the
capsule header against the value obtained from the fw_images array for
the corresponding image
The fourth patch defines a weak function set_dfu_alt_info which is
used to populate dfu_alt_info to be used for capsule updates.
The fifth patch splits the capsule update test script into two, one
for FMP for raw images, and one for FMP for FIT images. The test for
FIT images is being enabled on the sandbox_flattree variant.
The sixth patch removes the now unused FIT and raw image GUID values
from the FMP module.
The seventh patch removes the --raw and --fit command line parameters
in the mkeficapsule utility.
The eighth patch makes corresponding changes in the capsule update
related documentation.
Changes since V6:
-----------------
* Renamed struct efi_fw_images as struct efi_fw_image as suggested by
Takahiro
* Made corresponding change in all board files based on the rename
done
* Use renamed struct efi_fw_image instead of struct efi_fw_images
* Reword the commit message to highlight the reason for removing --fit
and --raw options as suggested by Takahiro
* Remove the --fit and --raw description in the mkeficapsule man page
* Add example for the struct efi_fw_image array and struct
efi_capsule_update_info as suggested by Takahiro
Changes since V5:
-----------------
* Create a separate entry in fw_images array per config for boards
with multiple configs as suggested by Heinrich.
* Removed CONFIG_IS_ENABLED(EFI_HAVE_CAPSULE_SUPPORT) check in the
board config headers, as suggested by Heinrich.
* Add a check in the set_dfu_alt_info functions for the xilinx and
qemu platforms to get the board defined value of dfu_alt_info when
capsule update feature is enabled.
* Simplify the set_dfu_alt_info function definition to set the
variable directly from dfu_string, as suggested by Heinrich.
* Restart the platform before starting the tests. This is done to
clear out any stale state from a previously run test.
Changes since V4:
-----------------
* Define a structure efi_capsule_update_info which includes the string
for populating dfu_alt_info
* Initialise the string for dfu_alt_info in the board file
* Drop the image_count variable as was suggested by Ilias
* Drop another unused variable names_len
* Define a weak function set_dfu_alt_info for setting the variable in
a non board specific file as suggested by Ilias
* Drop the definitions of set_dfu_alt_info that were being added in
the board files
* Change the description of the platform data based on the changes
made in earlier patches
Changes since V3:
-----------------
* Do not remove the existing dfu_alt_info definitions made by
platforms in the config files, as discussed with Masami.
* Squash the selection of the SET_DFU_ALT_INFO config symbol for
capsule update feature as part of this patch.
* Rephrase the commit message to indicate that the doc changes are not
just limited to adding the GUID values, but other info as well.
* Elaborate with an example on the relation between the dfu alt number
and the image index
Changes since V2:
-----------------
* Add a new member image_index to the struct efi_fw_images to allow
the platforms to define the values for images.
* Address review comments from Michal Simek for the xilinx boards.
* Fix double inclusion of efi_loader.h as was pointed out by Heiko
Thiery.
* Use the image index values defined in the platform's fw_images array
for the image descriptors
* Add a description for adding image index value and definition of
set_dfu_alt_info function for the capsule updates.
Changes since V1:
-----------------
* Make changes for the xilinx boards as suggested by Michal Simek.
* Add a GUID for the sandbox FIT image.
* Split the capsule update test cases into two scripts, one for raw
images and one for FIT images.
* Add the capsule update test case for FIT images on sandbox64 and
sandbox_flattree variants.
* Add capsule update support on sandbox_flattree variant for enabling
FIT capsule update testing as part of the python tests
Sughosh Ganu (8):
capsule: board: Add information needed for capsule updates
capsule: FMP: Populate the image descriptor array from platform data
capsule: Put a check for image index before the update
efi: Define set_dfu_alt_info() for boards with UEFI capsule update
enabled
test: capsule: Modify the capsule tests to use GUID values for sandbox
FMP: Remove GUIDs for FIT and raw images
mkeficapsule: Remove raw and FIT GUID types
doc: uefi: Update the capsule update related documentation
.../imx8mp_rsb3720a1/imx8mp_rsb3720a1.c | 29 +++
.../imx8mm-cl-iot-gate/imx8mm-cl-iot-gate.c | 28 +++
board/emulation/common/qemu_dfu.c | 3 +-
board/emulation/qemu-arm/qemu-arm.c | 28 +++
board/kontron/pitx_imx8m/pitx_imx8m.c | 21 +-
board/kontron/sl-mx8mm/sl-mx8mm.c | 20 ++
board/kontron/sl28/sl28.c | 21 ++
board/sandbox/sandbox.c | 34 ++++
board/socionext/developerbox/developerbox.c | 33 +++
board/xilinx/common/board.c | 28 +++
board/xilinx/zynq/board.c | 3 +-
board/xilinx/zynqmp/zynqmp.c | 3 +-
configs/sandbox64_defconfig | 1 -
configs/sandbox_defconfig | 1 -
configs/sandbox_flattree_defconfig | 5 +
doc/develop/uefi/uefi.rst | 98 ++++++++-
doc/mkeficapsule.1 | 12 --
include/configs/imx8mm-cl-iot-gate.h | 9 +
include/configs/imx8mp_rsb3720.h | 9 +
include/configs/kontron-sl-mx8mm.h | 5 +
include/configs/kontron_pitx_imx8m.h | 5 +
include/configs/kontron_sl28.h | 5 +
include/configs/qemu-arm.h | 9 +
include/configs/sandbox.h | 13 ++
include/configs/synquacer.h | 13 ++
include/configs/xilinx_versal.h | 5 +
include/configs/xilinx_zynqmp.h | 9 +
include/configs/zynq-common.h | 9 +
include/efi_api.h | 8 -
include/efi_loader.h | 36 ++++
lib/efi_loader/Kconfig | 2 +
lib/efi_loader/efi_capsule.c | 8 +-
lib/efi_loader/efi_firmware.c | 104 +++-------
test/py/tests/test_efi_capsule/conftest.py | 21 +-
.../test_capsule_firmware_fit.py | 191 ++++++++++++++++++
...rmware.py => test_capsule_firmware_raw.py} | 167 ++++++---------
tools/eficapsule.h | 8 -
tools/mkeficapsule.c | 26 +--
38 files changed, 781 insertions(+), 249 deletions(-)
create mode 100644 test/py/tests/test_efi_capsule/test_capsule_firmware_fit.py
rename test/py/tests/test_efi_capsule/{test_capsule_firmware.py => test_capsule_firmware_raw.py} (75%)
--
2.25.1
^ permalink raw reply [flat|nested] 13+ messages in thread
* [PATCH v7 1/8] capsule: board: Add information needed for capsule updates
2022-04-14 10:54 [PATCH v7 0/8] efi: capsule: Capsule Update fixes and enhancements Sughosh Ganu
@ 2022-04-14 10:54 ` Sughosh Ganu
2022-04-14 10:54 ` [PATCH v7 2/8] capsule: FMP: Populate the image descriptor array from platform data Sughosh Ganu
` (6 subsequent siblings)
7 siblings, 0 replies; 13+ messages in thread
From: Sughosh Ganu @ 2022-04-14 10:54 UTC (permalink / raw)
To: u-boot
Cc: Heinrich Schuchardt, Ilias Apalodimas, AKASHI Takahiro,
Ying-Chun Liu, Tuomas Tynkkynen, Heiko Thiery, Frieder Schrempf,
Michael Walle, Masami Hiramatsu, Jassi Brar, Michal Simek,
Michal Simek, Sughosh Ganu
Add a structure which defines the information that is needed for
executing capsule updates on a platform. Some information in the
structure like the dfu string is used for making the update process
more robust while some information like the per platform image GUIDs
is used for fixing issues. Initialise this structure in the board
file, and use the information for the capsule updates.
Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
---
Changes since V6:
* Renamed struct efi_fw_images as struct efi_fw_image as suggested by
Takahiro
* Made corresponding change in all board files based on the rename
done
.../imx8mp_rsb3720a1/imx8mp_rsb3720a1.c | 29 +++++++++++++++
.../imx8mm-cl-iot-gate/imx8mm-cl-iot-gate.c | 28 +++++++++++++++
board/emulation/common/qemu_dfu.c | 3 +-
board/emulation/qemu-arm/qemu-arm.c | 28 +++++++++++++++
board/kontron/pitx_imx8m/pitx_imx8m.c | 21 ++++++++++-
board/kontron/sl-mx8mm/sl-mx8mm.c | 20 +++++++++++
board/kontron/sl28/sl28.c | 21 +++++++++++
board/sandbox/sandbox.c | 34 ++++++++++++++++++
board/socionext/developerbox/developerbox.c | 33 +++++++++++++++++
board/xilinx/common/board.c | 28 +++++++++++++++
board/xilinx/zynq/board.c | 3 +-
board/xilinx/zynqmp/zynqmp.c | 3 +-
include/configs/imx8mm-cl-iot-gate.h | 9 +++++
include/configs/imx8mp_rsb3720.h | 9 +++++
include/configs/kontron-sl-mx8mm.h | 5 +++
include/configs/kontron_pitx_imx8m.h | 5 +++
include/configs/kontron_sl28.h | 5 +++
include/configs/qemu-arm.h | 9 +++++
include/configs/sandbox.h | 13 +++++++
include/configs/synquacer.h | 13 +++++++
include/configs/xilinx_versal.h | 5 +++
include/configs/xilinx_zynqmp.h | 9 +++++
include/configs/zynq-common.h | 9 +++++
include/efi_loader.h | 36 +++++++++++++++++++
24 files changed, 374 insertions(+), 4 deletions(-)
diff --git a/board/advantech/imx8mp_rsb3720a1/imx8mp_rsb3720a1.c b/board/advantech/imx8mp_rsb3720a1/imx8mp_rsb3720a1.c
index 16566092bd..782025dc78 100644
--- a/board/advantech/imx8mp_rsb3720a1/imx8mp_rsb3720a1.c
+++ b/board/advantech/imx8mp_rsb3720a1/imx8mp_rsb3720a1.c
@@ -6,6 +6,8 @@
#include <common.h>
#include <dwc3-uboot.h>
+#include <efi.h>
+#include <efi_loader.h>
#include <errno.h>
#include <miiphy.h>
#include <netdev.h>
@@ -21,6 +23,7 @@
#include <asm/arch/clock.h>
#include <asm/mach-imx/dma.h>
#include <linux/delay.h>
+#include <linux/kernel.h>
#include <power/pmic.h>
DECLARE_GLOBAL_DATA_PTR;
@@ -44,6 +47,32 @@ static void setup_gpmi_nand(void)
}
#endif
+#if CONFIG_IS_ENABLED(EFI_HAVE_CAPSULE_SUPPORT)
+struct efi_fw_image fw_images[] = {
+#if defined(CONFIG_TARGET_IMX8MP_RSB3720A1_4G)
+ {
+ .image_type_id = IMX8MP_RSB3720A1_4G_FIT_IMAGE_GUID,
+ .fw_name = u"IMX8MP-RSB3720-FIT",
+ .image_index = 1,
+ },
+#elif defined(CONFIG_TARGET_IMX8MP_RSB3720A1_6G)
+ {
+ .image_type_id = IMX8MP_RSB3720A1_6G_FIT_IMAGE_GUID,
+ .fw_name = u"IMX8MP-RSB3720-FIT",
+ .image_index = 1,
+ },
+#endif
+};
+
+struct efi_capsule_update_info update_info = {
+ .dfu_string = "mmc 2=flash-bin raw 0 0x1B00 mmcpart 1",
+ .images = fw_images,
+};
+
+u8 num_image_type_guids = ARRAY_SIZE(fw_images);
+#endif /* EFI_HAVE_CAPSULE_SUPPORT */
+
+
int board_early_init_f(void)
{
struct wdog_regs *wdog = (struct wdog_regs *)WDOG1_BASE_ADDR;
diff --git a/board/compulab/imx8mm-cl-iot-gate/imx8mm-cl-iot-gate.c b/board/compulab/imx8mm-cl-iot-gate/imx8mm-cl-iot-gate.c
index 7e2d88f449..312db0e5f4 100644
--- a/board/compulab/imx8mm-cl-iot-gate/imx8mm-cl-iot-gate.c
+++ b/board/compulab/imx8mm-cl-iot-gate/imx8mm-cl-iot-gate.c
@@ -5,6 +5,8 @@
*/
#include <common.h>
+#include <efi.h>
+#include <efi_loader.h>
#include <env.h>
#include <extension_board.h>
#include <hang.h>
@@ -21,11 +23,37 @@
#include <asm/mach-imx/gpio.h>
#include <asm/mach-imx/mxc_i2c.h>
#include <asm/sections.h>
+#include <linux/kernel.h>
#include "ddr/ddr.h"
DECLARE_GLOBAL_DATA_PTR;
+#if CONFIG_IS_ENABLED(EFI_HAVE_CAPSULE_SUPPORT)
+struct efi_fw_image fw_images[] = {
+#if defined(CONFIG_TARGET_IMX8MM_CL_IOT_GATE)
+ {
+ .image_type_id = IMX8MM_CL_IOT_GATE_FIT_IMAGE_GUID,
+ .fw_name = u"IMX8MM-CL-IOT-GATE-FIT",
+ .image_index = 1,
+ },
+#elif defined(CONFIG_TARGET_IMX8MM_CL_IOT_GATE_OPTEE)
+ {
+ .image_type_id = IMX8MM_CL_IOT_GATE_OPTEE_FIT_IMAGE_GUID,
+ .fw_name = u"IMX8MM-CL-IOT-GATE-FIT",
+ .image_index = 1,
+ },
+#endif
+};
+
+struct efi_capsule_update_info update_info = {
+ .dfu_string = "mmc 2=flash-bin raw 0x42 0x1D00 mmcpart 1",
+ .images = fw_images,
+};
+
+u8 num_image_type_guids = ARRAY_SIZE(fw_images);
+#endif /* EFI_HAVE_CAPSULE_SUPPORT */
+
int board_phys_sdram_size(phys_size_t *size)
{
struct lpddr4_tcm_desc *lpddr4_tcm_desc =
diff --git a/board/emulation/common/qemu_dfu.c b/board/emulation/common/qemu_dfu.c
index 62234a7647..c1aeaf10d9 100644
--- a/board/emulation/common/qemu_dfu.c
+++ b/board/emulation/common/qemu_dfu.c
@@ -44,7 +44,8 @@ void set_dfu_alt_info(char *interface, char *devstr)
ALLOC_CACHE_ALIGN_BUFFER(char, buf, DFU_ALT_BUF_LEN);
- if (env_get("dfu_alt_info"))
+ if (!CONFIG_IS_ENABLED(EFI_HAVE_CAPSULE_SUPPORT) &&
+ env_get("dfu_alt_info"))
return;
memset(buf, 0, sizeof(buf));
diff --git a/board/emulation/qemu-arm/qemu-arm.c b/board/emulation/qemu-arm/qemu-arm.c
index c9e886e44a..16237e29e4 100644
--- a/board/emulation/qemu-arm/qemu-arm.c
+++ b/board/emulation/qemu-arm/qemu-arm.c
@@ -6,15 +6,43 @@
#include <common.h>
#include <cpu_func.h>
#include <dm.h>
+#include <efi.h>
+#include <efi_loader.h>
#include <fdtdec.h>
#include <init.h>
#include <log.h>
#include <virtio_types.h>
#include <virtio.h>
+#include <linux/kernel.h>
+
#ifdef CONFIG_ARM64
#include <asm/armv8/mmu.h>
+#if CONFIG_IS_ENABLED(EFI_HAVE_CAPSULE_SUPPORT)
+struct efi_fw_image fw_images[] = {
+#if defined(CONFIG_TARGET_QEMU_ARM_32BIT)
+ {
+ .image_type_id = QEMU_ARM_UBOOT_IMAGE_GUID,
+ .fw_name = u"Qemu-Arm-UBOOT",
+ .image_index = 1,
+ },
+#elif defined(CONFIG_TARGET_QEMU_ARM_64BIT)
+ {
+ .image_type_id = QEMU_ARM64_UBOOT_IMAGE_GUID,
+ .fw_name = u"Qemu-Arm-UBOOT",
+ .image_index = 1,
+ },
+#endif
+};
+
+struct efi_capsule_update_info update_info = {
+ .images = fw_images,
+};
+
+u8 num_image_type_guids = ARRAY_SIZE(fw_images);
+#endif /* EFI_HAVE_CAPSULE_SUPPORT */
+
static struct mm_region qemu_arm64_mem_map[] = {
{
/* Flash */
diff --git a/board/kontron/pitx_imx8m/pitx_imx8m.c b/board/kontron/pitx_imx8m/pitx_imx8m.c
index d655fe099b..d974af8da1 100644
--- a/board/kontron/pitx_imx8m/pitx_imx8m.c
+++ b/board/kontron/pitx_imx8m/pitx_imx8m.c
@@ -2,6 +2,8 @@
#include "pitx_misc.h"
#include <common.h>
+#include <efi.h>
+#include <efi_loader.h>
#include <init.h>
#include <mmc.h>
#include <miiphy.h>
@@ -12,7 +14,7 @@
#include <asm/mach-imx/gpio.h>
#include <asm/mach-imx/iomux-v3.h>
#include <linux/delay.h>
-
+#include <linux/kernel.h>
DECLARE_GLOBAL_DATA_PTR;
@@ -30,6 +32,23 @@ static iomux_v3_cfg_t const uart_pads[] = {
IMX8MQ_PAD_ECSPI1_MISO__UART3_CTS_B | MUX_PAD_CTRL(UART_PAD_CTRL),
};
+#if CONFIG_IS_ENABLED(EFI_HAVE_CAPSULE_SUPPORT)
+struct efi_fw_image fw_images[] = {
+ {
+ .image_type_id = KONTRON_PITX_IMX8M_FIT_IMAGE_GUID,
+ .fw_name = u"KONTRON-PITX-IMX8M-UBOOT",
+ .image_index = 1,
+ },
+};
+
+struct efi_capsule_update_info update_info = {
+ .dfu_string = "mmc 0=flash-bin raw 0x42 0x1000 mmcpart 1",
+ .images = fw_images,
+};
+
+u8 num_image_type_guids = ARRAY_SIZE(fw_images);
+#endif /* EFI_HAVE_CAPSULE_SUPPORT */
+
int board_early_init_f(void)
{
struct wdog_regs *wdog = (struct wdog_regs *)WDOG1_BASE_ADDR;
diff --git a/board/kontron/sl-mx8mm/sl-mx8mm.c b/board/kontron/sl-mx8mm/sl-mx8mm.c
index 48376cb826..fea9327837 100644
--- a/board/kontron/sl-mx8mm/sl-mx8mm.c
+++ b/board/kontron/sl-mx8mm/sl-mx8mm.c
@@ -6,12 +6,32 @@
#include <asm/arch/imx-regs.h>
#include <asm/global_data.h>
#include <asm/io.h>
+#include <efi.h>
+#include <efi_loader.h>
#include <fdt_support.h>
#include <linux/errno.h>
+#include <linux/kernel.h>
#include <net.h>
DECLARE_GLOBAL_DATA_PTR;
+#if CONFIG_IS_ENABLED(EFI_HAVE_CAPSULE_SUPPORT)
+struct efi_fw_image fw_images[] = {
+ {
+ .image_type_id = KONTRON_SL_MX8MM_FIT_IMAGE_GUID,
+ .fw_name = u"KONTROL-SL-MX8MM-UBOOT",
+ .image_index = 1,
+ },
+};
+
+struct efi_capsule_update_info update_info = {
+ .dfu_string = "sf 0:0=flash-bin raw 0x400 0x1f0000",
+ .images = fw_images,
+};
+
+u8 num_image_type_guids = ARRAY_SIZE(fw_images);
+#endif /* EFI_HAVE_CAPSULE_SUPPORT */
+
int board_phys_sdram_size(phys_size_t *size)
{
u32 ddr_size = readl(M4_BOOTROM_BASE_ADDR);
diff --git a/board/kontron/sl28/sl28.c b/board/kontron/sl28/sl28.c
index 3c48a9141d..865f2400f7 100644
--- a/board/kontron/sl28/sl28.c
+++ b/board/kontron/sl28/sl28.c
@@ -3,11 +3,14 @@
#include <common.h>
#include <dm.h>
#include <malloc.h>
+#include <efi.h>
+#include <efi_loader.h>
#include <errno.h>
#include <fsl_ddr.h>
#include <fdt_support.h>
#include <asm/global_data.h>
#include <linux/libfdt.h>
+#include <linux/kernel.h>
#include <env_internal.h>
#include <asm/arch-fsl-layerscape/soc.h>
#include <asm/arch-fsl-layerscape/fsl_icid.h>
@@ -23,6 +26,24 @@
DECLARE_GLOBAL_DATA_PTR;
+#if CONFIG_IS_ENABLED(EFI_HAVE_CAPSULE_SUPPORT)
+struct efi_fw_image fw_images[] = {
+ {
+ .image_type_id = KONTRON_SL28_FIT_IMAGE_GUID,
+ .fw_name = u"KONTRON-SL28-FIT",
+ .image_index = 1,
+ },
+};
+
+struct efi_capsule_update_info update_info = {
+ .dfu_string = "sf 0:0=u-boot-bin raw 0x210000 0x1d0000;"
+ "u-boot-env raw 0x3e0000 0x20000",
+ .images = fw_images,
+};
+
+u8 num_image_type_guids = ARRAY_SIZE(fw_images);
+#endif /* EFI_HAVE_CAPSULE_SUPPORT */
+
int board_early_init_f(void)
{
fsl_lsch3_early_init_f();
diff --git a/board/sandbox/sandbox.c b/board/sandbox/sandbox.c
index 5d9a945d64..28ad6efd13 100644
--- a/board/sandbox/sandbox.c
+++ b/board/sandbox/sandbox.c
@@ -7,6 +7,8 @@
#include <cpu_func.h>
#include <cros_ec.h>
#include <dm.h>
+#include <efi.h>
+#include <efi_loader.h>
#include <env_internal.h>
#include <init.h>
#include <led.h>
@@ -14,6 +16,7 @@
#include <asm/global_data.h>
#include <asm/test.h>
#include <asm/u-boot-sandbox.h>
+#include <linux/kernel.h>
#include <malloc.h>
#include <extension_board.h>
@@ -25,6 +28,37 @@
*/
gd_t *gd;
+#if CONFIG_IS_ENABLED(EFI_HAVE_CAPSULE_SUPPORT)
+struct efi_fw_image fw_images[] = {
+#if defined(CONFIG_EFI_CAPSULE_FIRMWARE_RAW)
+ {
+ .image_type_id = SANDBOX_UBOOT_IMAGE_GUID,
+ .fw_name = u"SANDBOX-UBOOT",
+ .image_index = 1,
+ },
+ {
+ .image_type_id = SANDBOX_UBOOT_ENV_IMAGE_GUID,
+ .fw_name = u"SANDBOX-UBOOT-ENV",
+ .image_index = 2,
+ },
+#elif defined(CONFIG_EFI_CAPSULE_FIRMWARE_FIT)
+ {
+ .image_type_id = SANDBOX_FIT_IMAGE_GUID,
+ .fw_name = u"SANDBOX-FIT",
+ .image_index = 1,
+ },
+#endif
+};
+
+struct efi_capsule_update_info update_info = {
+ .dfu_string = "sf 0:0=u-boot-bin raw 0x100000 0x50000;"
+ "u-boot-env raw 0x150000 0x200000",
+ .images = fw_images,
+};
+
+u8 num_image_type_guids = ARRAY_SIZE(fw_images);
+#endif /* EFI_HAVE_CAPSULE_SUPPORT */
+
#if !CONFIG_IS_ENABLED(OF_PLATDATA)
/*
* Add a simple GPIO device (don't use with of-platdata as it interferes with
diff --git a/board/socionext/developerbox/developerbox.c b/board/socionext/developerbox/developerbox.c
index 9552bfcdc3..f5a5fe0121 100644
--- a/board/socionext/developerbox/developerbox.c
+++ b/board/socionext/developerbox/developerbox.c
@@ -10,10 +10,43 @@
#include <asm/global_data.h>
#include <asm/io.h>
#include <common.h>
+#include <efi.h>
+#include <efi_loader.h>
#include <env_internal.h>
#include <fdt_support.h>
#include <log.h>
+#include <linux/kernel.h>
+
+#if CONFIG_IS_ENABLED(EFI_HAVE_CAPSULE_SUPPORT)
+struct efi_fw_image fw_images[] = {
+ {
+ .image_type_id = DEVELOPERBOX_UBOOT_IMAGE_GUID,
+ .fw_name = u"DEVELOPERBOX-UBOOT",
+ .image_index = 1,
+ },
+ {
+ .image_type_id = DEVELOPERBOX_FIP_IMAGE_GUID,
+ .fw_name = u"DEVELOPERBOX-FIP",
+ .image_index = 2,
+ },
+ {
+ .image_type_id = DEVELOPERBOX_OPTEE_IMAGE_GUID,
+ .fw_name = u"DEVELOPERBOX-OPTEE",
+ .image_index = 3,
+ },
+};
+
+struct efi_capsule_update_info update_info = {
+ .dfu_string = "mtd nor1=u-boot.bin raw 200000 100000;"
+ "fip.bin raw 180000 78000;"
+ "optee.bin raw 500000 100000",
+ .images = fw_images,
+};
+
+u8 num_image_type_guids = ARRAY_SIZE(fw_images);
+#endif /* EFI_HAVE_CAPSULE_SUPPORT */
+
static struct mm_region sc2a11_mem_map[] = {
{
.virt = 0x0UL,
diff --git a/board/xilinx/common/board.c b/board/xilinx/common/board.c
index 0769189dcf..5be3090c31 100644
--- a/board/xilinx/common/board.c
+++ b/board/xilinx/common/board.c
@@ -5,6 +5,8 @@
*/
#include <common.h>
+#include <efi.h>
+#include <efi_loader.h>
#include <env.h>
#include <log.h>
#include <asm/global_data.h>
@@ -20,9 +22,35 @@
#include <generated/dt.h>
#include <soc.h>
#include <linux/ctype.h>
+#include <linux/kernel.h>
#include "fru.h"
+#if CONFIG_IS_ENABLED(EFI_HAVE_CAPSULE_SUPPORT)
+struct efi_fw_image fw_images[] = {
+#if defined(XILINX_BOOT_IMAGE_GUID)
+ {
+ .image_type_id = XILINX_BOOT_IMAGE_GUID,
+ .fw_name = u"XILINX-BOOT",
+ .image_index = 1,
+ },
+#endif
+#if defined(XILINX_UBOOT_IMAGE_GUID)
+ {
+ .image_type_id = XILINX_UBOOT_IMAGE_GUID,
+ .fw_name = u"XILINX-UBOOT",
+ .image_index = 2,
+ },
+#endif
+};
+
+struct efi_capsule_update_info update_info = {
+ .images = fw_images,
+};
+
+u8 num_image_type_guids = ARRAY_SIZE(fw_images);
+#endif /* EFI_HAVE_CAPSULE_SUPPORT */
+
#if defined(CONFIG_ZYNQ_GEM_I2C_MAC_OFFSET)
int zynq_board_read_rom_ethaddr(unsigned char *ethaddr)
{
diff --git a/board/xilinx/zynq/board.c b/board/xilinx/zynq/board.c
index 26ef048835..63aff0474b 100644
--- a/board/xilinx/zynq/board.c
+++ b/board/xilinx/zynq/board.c
@@ -168,7 +168,8 @@ void set_dfu_alt_info(char *interface, char *devstr)
{
ALLOC_CACHE_ALIGN_BUFFER(char, buf, DFU_ALT_BUF_LEN);
- if (env_get("dfu_alt_info"))
+ if (!CONFIG_IS_ENABLED(EFI_HAVE_CAPSULE_SUPPORT) &&
+ env_get("dfu_alt_info"))
return;
memset(buf, 0, sizeof(buf));
diff --git a/board/xilinx/zynqmp/zynqmp.c b/board/xilinx/zynqmp/zynqmp.c
index e7e8e91d2c..41ecc9559c 100644
--- a/board/xilinx/zynqmp/zynqmp.c
+++ b/board/xilinx/zynqmp/zynqmp.c
@@ -889,7 +889,8 @@ void set_dfu_alt_info(char *interface, char *devstr)
ALLOC_CACHE_ALIGN_BUFFER(char, buf, DFU_ALT_BUF_LEN);
- if (env_get("dfu_alt_info"))
+ if (!CONFIG_IS_ENABLED(EFI_HAVE_CAPSULE_SUPPORT) &&
+ env_get("dfu_alt_info"))
return;
memset(buf, 0, sizeof(buf));
diff --git a/include/configs/imx8mm-cl-iot-gate.h b/include/configs/imx8mm-cl-iot-gate.h
index cd1eafdd5c..079e8a9491 100644
--- a/include/configs/imx8mm-cl-iot-gate.h
+++ b/include/configs/imx8mm-cl-iot-gate.h
@@ -31,6 +31,15 @@
#endif
+/* GUIDs for capsule updatable firmware images */
+#define IMX8MM_CL_IOT_GATE_FIT_IMAGE_GUID \
+ EFI_GUID(0x7a32a939, 0xab92, 0x467b, 0x91, 0x52, \
+ 0x74, 0x77, 0x1b, 0x95, 0xe6, 0x46)
+
+#define IMX8MM_CL_IOT_GATE_OPTEE_FIT_IMAGE_GUID \
+ EFI_GUID(0x0bf1165c, 0x1831, 0x4864, 0x94, 0x5e, \
+ 0xac, 0x3d, 0x38, 0x48, 0xf4, 0x99)
+
#if CONFIG_IS_ENABLED(CMD_MMC)
# define BOOT_TARGET_MMC(func) \
func(MMC, mmc, 2) \
diff --git a/include/configs/imx8mp_rsb3720.h b/include/configs/imx8mp_rsb3720.h
index 62e06d2303..2553f0dfb5 100644
--- a/include/configs/imx8mp_rsb3720.h
+++ b/include/configs/imx8mp_rsb3720.h
@@ -18,6 +18,15 @@
#define CONFIG_SYS_MONITOR_LEN (512 * 1024)
#define CONFIG_SYS_UBOOT_BASE (QSPI0_AMBA_BASE + CONFIG_SYS_MMCSD_RAW_MODE_U_BOOT_SECTOR * 512)
+/* GUIDs for capsule updatable firmware images */
+#define IMX8MP_RSB3720A1_4G_FIT_IMAGE_GUID \
+ EFI_GUID(0xb1251e89, 0x384a, 0x4635, 0xa8, 0x06, \
+ 0x3a, 0xa0, 0xb0, 0xe9, 0xf9, 0x65)
+
+#define IMX8MP_RSB3720A1_6G_FIT_IMAGE_GUID \
+ EFI_GUID(0xb5fb6f08, 0xe142, 0x4db1, 0x97, 0xea, \
+ 0x5f, 0xd3, 0x6b, 0x9b, 0xe5, 0xb9)
+
#ifdef CONFIG_SPL_BUILD
#define CONFIG_SPL_STACK 0x960000
#define CONFIG_SPL_BSS_START_ADDR 0x0098FC00
diff --git a/include/configs/kontron-sl-mx8mm.h b/include/configs/kontron-sl-mx8mm.h
index 788ae77cd3..1b429f7dbe 100644
--- a/include/configs/kontron-sl-mx8mm.h
+++ b/include/configs/kontron-sl-mx8mm.h
@@ -38,6 +38,11 @@
#define CONFIG_USB_MAX_CONTROLLER_COUNT 2
#endif
+/* GUID for capsule updatable firmware image */
+#define KONTRON_SL_MX8MM_FIT_IMAGE_GUID \
+ EFI_GUID(0xd488e45a, 0x4929, 0x4b55, 0x8c, 0x14, \
+ 0x86, 0xce, 0xa2, 0xcd, 0x66, 0x29)
+
#ifndef CONFIG_SPL_BUILD
#define BOOT_TARGET_DEVICES(func) \
func(MMC, mmc, 1) \
diff --git a/include/configs/kontron_pitx_imx8m.h b/include/configs/kontron_pitx_imx8m.h
index 2c0ad96e0d..ea0b573ca1 100644
--- a/include/configs/kontron_pitx_imx8m.h
+++ b/include/configs/kontron_pitx_imx8m.h
@@ -12,6 +12,11 @@
#define CONFIG_SPL_MAX_SIZE (124 * SZ_1K)
#define CONFIG_SYS_MONITOR_LEN (512 * SZ_1K)
+/* GUID for capsule updatable firmware image */
+#define KONTRON_PITX_IMX8M_FIT_IMAGE_GUID \
+ EFI_GUID(0xc898e959, 0x5b1f, 0x4e6d, 0x88, 0xe0, \
+ 0x40, 0xd4, 0x5c, 0xca, 0x13, 0x99)
+
#ifdef CONFIG_SPL_BUILD
#define CONFIG_SPL_STACK 0x187FF0
#define CONFIG_SPL_BSS_START_ADDR 0x00180000
diff --git a/include/configs/kontron_sl28.h b/include/configs/kontron_sl28.h
index 97286b6180..c3ab049535 100644
--- a/include/configs/kontron_sl28.h
+++ b/include/configs/kontron_sl28.h
@@ -52,6 +52,11 @@
#define CONFIG_SYS_SPL_MALLOC_START 0x80200000
#define CONFIG_SYS_MONITOR_LEN (1024 * 1024)
+/* GUID for capsule updatable firmware image */
+#define KONTRON_SL28_FIT_IMAGE_GUID \
+ EFI_GUID(0x86ebd44f, 0xfeb8, 0x466f, 0x8b, 0xb8, \
+ 0x89, 0x06, 0x18, 0x45, 0x6d, 0x8b)
+
/* environment */
/* see include/configs/ti_armv7_common.h */
#define ENV_MEM_LAYOUT_SETTINGS \
diff --git a/include/configs/qemu-arm.h b/include/configs/qemu-arm.h
index 3ad1cf3232..550e26f3f1 100644
--- a/include/configs/qemu-arm.h
+++ b/include/configs/qemu-arm.h
@@ -17,6 +17,15 @@
#define CONFIG_SYS_BOOTM_LEN SZ_64M
+/* GUIDs for capsule updatable firmware images */
+#define QEMU_ARM_UBOOT_IMAGE_GUID \
+ EFI_GUID(0xf885b085, 0x99f8, 0x45af, 0x84, 0x7d, \
+ 0xd5, 0x14, 0x10, 0x7a, 0x4a, 0x2c)
+
+#define QEMU_ARM64_UBOOT_IMAGE_GUID \
+ EFI_GUID(0x058b7d83, 0x50d5, 0x4c47, 0xa1, 0x95, \
+ 0x60, 0xd8, 0x6a, 0xd3, 0x41, 0xc4)
+
/* For timer, QEMU emulates an ARMv7/ARMv8 architected timer */
/* Environment options */
diff --git a/include/configs/sandbox.h b/include/configs/sandbox.h
index 71b47996da..7b6db46ee1 100644
--- a/include/configs/sandbox.h
+++ b/include/configs/sandbox.h
@@ -14,6 +14,19 @@
#define CONFIG_SYS_CBSIZE 1024 /* Console I/O Buffer Size */
+/* GUIDs for capsule updatable firmware images */
+#define SANDBOX_UBOOT_IMAGE_GUID \
+ EFI_GUID(0x09d7cf52, 0x0720, 0x4710, 0x91, 0xd1, \
+ 0x08, 0x46, 0x9b, 0x7f, 0xe9, 0xc8)
+
+#define SANDBOX_UBOOT_ENV_IMAGE_GUID \
+ EFI_GUID(0x5a7021f5, 0xfef2, 0x48b4, 0xaa, 0xba, \
+ 0x83, 0x2e, 0x77, 0x74, 0x18, 0xc0)
+
+#define SANDBOX_FIT_IMAGE_GUID \
+ EFI_GUID(0x3673b45d, 0x6a7c, 0x46f3, 0x9e, 0x60, \
+ 0xad, 0xab, 0xb0, 0x3f, 0x79, 0x37)
+
/* Size of our emulated memory */
#define SB_CONCAT(x, y) x ## y
#define SB_TO_UL(s) SB_CONCAT(s, UL)
diff --git a/include/configs/synquacer.h b/include/configs/synquacer.h
index 8dd092fc59..5686a5b910 100644
--- a/include/configs/synquacer.h
+++ b/include/configs/synquacer.h
@@ -51,6 +51,19 @@
"fip.bin raw 180000 78000;" \
"optee.bin raw 500000 100000\0"
+/* GUIDs for capsule updatable firmware images */
+#define DEVELOPERBOX_UBOOT_IMAGE_GUID \
+ EFI_GUID(0x53a92e83, 0x4ef4, 0x473a, 0x8b, 0x0d, \
+ 0xb5, 0xd8, 0xc7, 0xb2, 0xd6, 0x00)
+
+#define DEVELOPERBOX_FIP_IMAGE_GUID \
+ EFI_GUID(0x880866e9, 0x84ba, 0x4793, 0xa9, 0x08, \
+ 0x33, 0xe0, 0xb9, 0x16, 0xf3, 0x98)
+
+#define DEVELOPERBOX_OPTEE_IMAGE_GUID \
+ EFI_GUID(0xc1b629f1, 0xce0e, 0x4894, 0x82, 0xbf, \
+ 0xf0, 0xa3, 0x83, 0x87, 0xe6, 0x30)
+
/* Distro boot settings */
#ifndef CONFIG_SPL_BUILD
#ifdef CONFIG_CMD_USB
diff --git a/include/configs/xilinx_versal.h b/include/configs/xilinx_versal.h
index 80e94113f0..b025d2638d 100644
--- a/include/configs/xilinx_versal.h
+++ b/include/configs/xilinx_versal.h
@@ -25,6 +25,11 @@
#define CONFIG_SYS_BAUDRATE_TABLE \
{ 4800, 9600, 19200, 38400, 57600, 115200 }
+/* GUID for capsule updatable firmware image */
+#define XILINX_BOOT_IMAGE_GUID \
+ EFI_GUID(0x20c5fba5, 0x0171, 0x457f, 0xb9, 0xcd, \
+ 0xf5, 0x12, 0x9c, 0xd0, 0x72, 0x28)
+
/* Miscellaneous configurable options */
/* Monitor Command Prompt */
diff --git a/include/configs/xilinx_zynqmp.h b/include/configs/xilinx_zynqmp.h
index 1985a09325..e5e700d804 100644
--- a/include/configs/xilinx_zynqmp.h
+++ b/include/configs/xilinx_zynqmp.h
@@ -25,6 +25,15 @@
#define CONFIG_SYS_BAUDRATE_TABLE \
{ 4800, 9600, 19200, 38400, 57600, 115200 }
+/* GUIDs for capsule updatable firmware images */
+#define XILINX_BOOT_IMAGE_GUID \
+ EFI_GUID(0xde6066e8, 0x0256, 0x4fad, 0x82, 0x38, \
+ 0xe4, 0x06, 0xe2, 0x74, 0xc4, 0xcf)
+
+#define XILINX_UBOOT_IMAGE_GUID \
+ EFI_GUID(0xcf9ecfd4, 0x938b, 0x41c5, 0x85, 0x51, \
+ 0x1f, 0x88, 0x3a, 0xb7, 0xdc, 0x18)
+
#ifdef CONFIG_NAND_ARASAN
# define CONFIG_SYS_MAX_NAND_DEVICE 1
#endif
diff --git a/include/configs/zynq-common.h b/include/configs/zynq-common.h
index c92f796f8d..bd88b59f24 100644
--- a/include/configs/zynq-common.h
+++ b/include/configs/zynq-common.h
@@ -20,6 +20,15 @@
#define CONFIG_SYS_TIMER_COUNTS_DOWN
#define CONFIG_SYS_TIMER_COUNTER (CONFIG_SYS_TIMERBASE + 0x4)
+/* GUIDs for capsule updatable firmware images */
+#define XILINX_BOOT_IMAGE_GUID \
+ EFI_GUID(0x1ba29a15, 0x9969, 0x40aa, 0xb4, 0x24, \
+ 0xe8, 0x61, 0x21, 0x61, 0x86, 0x64)
+
+#define XILINX_UBOOT_IMAGE_GUID \
+ EFI_GUID(0x1a5178f0, 0x87d3, 0x4f36, 0xac, 0x63, \
+ 0x3b, 0x31, 0xa2, 0x3b, 0xe3, 0x05)
+
/* Serial drivers */
/* The following table includes the supported baudrates */
#define CONFIG_SYS_BAUDRATE_TABLE \
diff --git a/include/efi_loader.h b/include/efi_loader.h
index af36639ec6..c52ea59ec7 100644
--- a/include/efi_loader.h
+++ b/include/efi_loader.h
@@ -979,6 +979,42 @@ efi_status_t efi_capsule_authenticate(const void *capsule,
#define EFI_CAPSULE_DIR u"\\EFI\\UpdateCapsule\\"
+/**
+ * struct efi_fw_image - Information on firmware images updatable through
+ * capsule update
+ *
+ * This structure gives information about the firmware images on the platform
+ * which can be updated through the capsule update mechanism
+ *
+ * @image_type_id: Image GUID. Same value is to be used in the capsule
+ * @fw_name: Name of the firmware image
+ * @image_index: Image Index, same as value passed to SetImage FMP
+ * function
+ */
+struct efi_fw_image {
+ efi_guid_t image_type_id;
+ u16 *fw_name;
+ u8 image_index;
+};
+
+/**
+ * struct efi_capsule_update_info - Information needed for capsule updates
+ *
+ * This structure provides information needed for performing firmware
+ * updates. The structure needs to be initialised per platform, for all
+ * platforms which enable capsule updates
+ *
+ * @dfu_string: String used to populate dfu_alt_info
+ * @images: Pointer to an array of updatable images
+ */
+struct efi_capsule_update_info {
+ const char *dfu_string;
+ struct efi_fw_image *images;
+};
+
+extern struct efi_capsule_update_info update_info;
+extern u8 num_image_type_guids;
+
/**
* Install the ESRT system table.
*
--
2.25.1
^ permalink raw reply related [flat|nested] 13+ messages in thread
* [PATCH v7 2/8] capsule: FMP: Populate the image descriptor array from platform data
2022-04-14 10:54 [PATCH v7 0/8] efi: capsule: Capsule Update fixes and enhancements Sughosh Ganu
2022-04-14 10:54 ` [PATCH v7 1/8] capsule: board: Add information needed for capsule updates Sughosh Ganu
@ 2022-04-14 10:54 ` Sughosh Ganu
2022-04-14 11:37 ` Masami Hiramatsu
2022-04-14 10:54 ` [PATCH v7 3/8] capsule: Put a check for image index before the update Sughosh Ganu
` (5 subsequent siblings)
7 siblings, 1 reply; 13+ messages in thread
From: Sughosh Ganu @ 2022-04-14 10:54 UTC (permalink / raw)
To: u-boot
Cc: Heinrich Schuchardt, Ilias Apalodimas, AKASHI Takahiro,
Ying-Chun Liu, Tuomas Tynkkynen, Heiko Thiery, Frieder Schrempf,
Michael Walle, Masami Hiramatsu, Jassi Brar, Michal Simek,
Michal Simek, Sughosh Ganu
Currently, the image descriptor array that has been passed to the
GetImageInfo function of the Firmware Management Protocol(FMP) gets
populated through the data stored with the dfu framework. The
dfu data is not restricted to contain information only of the images
updatable through the capsule update mechanism, but it also contains
information on other images. The image descriptor array is also parsed
by the ESRT generation code, and thus the ESRT table contains entries
for other images that are not being handled by the FMP for the capsule
updates. Fix this by populating the image descriptor array from the
structure initialised in the board file.
The other issue fixed is assignment of a separate GUID for all images
in the image descriptor array. The UEFI specification mandates that
all entries in the ESRT table should have a unique GUID value as part
of the FwClass member of the EFI_SYSTEM_RESOURCE_ENTRY. Currently, all
images are assigned a single GUID value, either an FIT GUID or a raw
image GUID. This is fixed by obtaining the GUID values from the
efi_fw_images array defined per platform.
Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
---
Changes since V6:
* Use renamed struct efi_fw_image instead of struct efi_fw_images
lib/efi_loader/efi_firmware.c | 95 +++++++++++------------------------
1 file changed, 28 insertions(+), 67 deletions(-)
diff --git a/lib/efi_loader/efi_firmware.c b/lib/efi_loader/efi_firmware.c
index a5ff32f121..46aa7a001a 100644
--- a/lib/efi_loader/efi_firmware.c
+++ b/lib/efi_loader/efi_firmware.c
@@ -97,91 +97,58 @@ efi_status_t EFIAPI efi_firmware_set_package_info_unsupported(
}
/**
- * efi_get_dfu_info - return information about the current firmware image
+ * efi_fill_image_desc_array - populate image descriptor array
* @this: Protocol instance
* @image_info_size: Size of @image_info
* @image_info: Image information
* @descriptor_version: Pointer to version number
- * @descriptor_count: Pointer to number of descriptors
+ * @descriptor_count: Image count
* @descriptor_size: Pointer to descriptor size
- * package_version: Package version
- * package_version_name: Package version's name
- * image_type: Image type GUID
+ * @package_version: Package version
+ * @package_version_name: Package version's name
*
* Return information bout the current firmware image in @image_info.
* @image_info will consist of a number of descriptors.
- * Each descriptor will be created based on "dfu_alt_info" variable.
+ * Each descriptor will be created based on "efi_fw_images" variable.
*
* Return status code
*/
-static efi_status_t efi_get_dfu_info(
+static efi_status_t efi_fill_image_desc_array(
efi_uintn_t *image_info_size,
struct efi_firmware_image_descriptor *image_info,
u32 *descriptor_version,
u8 *descriptor_count,
efi_uintn_t *descriptor_size,
u32 *package_version,
- u16 **package_version_name,
- const efi_guid_t *image_type)
+ u16 **package_version_name)
{
- struct dfu_entity *dfu;
- size_t names_len, total_size;
- int dfu_num, i;
- u16 *name, *next;
- int ret;
-
- ret = dfu_init_env_entities(NULL, NULL);
- if (ret)
- return EFI_SUCCESS;
-
- names_len = 0;
- dfu_num = 0;
- list_for_each_entry(dfu, &dfu_list, list) {
- names_len += (utf8_utf16_strlen(dfu->name) + 1) * 2;
- dfu_num++;
- }
- if (!dfu_num) {
- log_warning("No entities in dfu_alt_info\n");
- *image_info_size = 0;
- dfu_free_entities();
+ size_t total_size;
+ struct efi_fw_image *fw_array;
+ int i;
- return EFI_SUCCESS;
- }
+ fw_array = update_info.images;
+ *descriptor_count = num_image_type_guids;
+
+ total_size = sizeof(*image_info) * num_image_type_guids;
- total_size = sizeof(*image_info) * dfu_num + names_len;
- /*
- * we will assume that sizeof(*image_info) * dfu_name
- * is, at least, a multiple of 2. So the start address for
- * image_id_name would be aligned with 2 bytes.
- */
if (*image_info_size < total_size) {
*image_info_size = total_size;
- dfu_free_entities();
return EFI_BUFFER_TOO_SMALL;
}
*image_info_size = total_size;
*descriptor_version = EFI_FIRMWARE_IMAGE_DESCRIPTOR_VERSION;
- *descriptor_count = dfu_num;
*descriptor_size = sizeof(*image_info);
*package_version = 0xffffffff; /* not supported */
*package_version_name = NULL; /* not supported */
- /* DFU alt number should correspond to image_index */
- i = 0;
- /* Name area starts just after descriptors */
- name = (u16 *)((u8 *)image_info + sizeof(*image_info) * dfu_num);
- next = name;
- list_for_each_entry(dfu, &dfu_list, list) {
- image_info[i].image_index = dfu->alt + 1;
- image_info[i].image_type_id = *image_type;
- image_info[i].image_id = dfu->alt;
-
- /* copy the DFU entity name */
- utf8_utf16_strcpy(&next, dfu->name);
- image_info[i].image_id_name = name;
- name = ++next;
+ for (i = 0; i < num_image_type_guids; i++) {
+ image_info[i].image_index = fw_array[i].image_index;
+ image_info[i].image_type_id = fw_array[i].image_type_id;
+ image_info[i].image_id = fw_array[i].image_index;
+
+ image_info[i].image_id_name = fw_array[i].fw_name;
image_info[i].version = 0; /* not supported */
image_info[i].version_name = NULL; /* not supported */
@@ -202,12 +169,8 @@ static efi_status_t efi_get_dfu_info(
image_info[i].last_attempt_status = LAST_ATTEMPT_STATUS_SUCCESS;
image_info[i].hardware_instance = 1;
image_info[i].dependencies = NULL;
-
- i++;
}
- dfu_free_entities();
-
return EFI_SUCCESS;
}
@@ -267,11 +230,10 @@ efi_status_t EFIAPI efi_firmware_fit_get_image_info(
!descriptor_size || !package_version || !package_version_name))
return EFI_EXIT(EFI_INVALID_PARAMETER);
- ret = efi_get_dfu_info(image_info_size, image_info,
- descriptor_version, descriptor_count,
- descriptor_size,
- package_version, package_version_name,
- &efi_firmware_image_type_uboot_fit);
+ ret = efi_fill_image_desc_array(image_info_size, image_info,
+ descriptor_version, descriptor_count,
+ descriptor_size, package_version,
+ package_version_name);
return EFI_EXIT(ret);
}
@@ -376,11 +338,10 @@ efi_status_t EFIAPI efi_firmware_raw_get_image_info(
!descriptor_size || !package_version || !package_version_name))
return EFI_EXIT(EFI_INVALID_PARAMETER);
- ret = efi_get_dfu_info(image_info_size, image_info,
- descriptor_version, descriptor_count,
- descriptor_size,
- package_version, package_version_name,
- &efi_firmware_image_type_uboot_raw);
+ ret = efi_fill_image_desc_array(image_info_size, image_info,
+ descriptor_version, descriptor_count,
+ descriptor_size, package_version,
+ package_version_name);
return EFI_EXIT(ret);
}
--
2.25.1
^ permalink raw reply related [flat|nested] 13+ messages in thread
* [PATCH v7 3/8] capsule: Put a check for image index before the update
2022-04-14 10:54 [PATCH v7 0/8] efi: capsule: Capsule Update fixes and enhancements Sughosh Ganu
2022-04-14 10:54 ` [PATCH v7 1/8] capsule: board: Add information needed for capsule updates Sughosh Ganu
2022-04-14 10:54 ` [PATCH v7 2/8] capsule: FMP: Populate the image descriptor array from platform data Sughosh Ganu
@ 2022-04-14 10:54 ` Sughosh Ganu
2022-04-14 10:54 ` [PATCH v7 4/8] efi: Define set_dfu_alt_info() for boards with UEFI capsule update enabled Sughosh Ganu
` (4 subsequent siblings)
7 siblings, 0 replies; 13+ messages in thread
From: Sughosh Ganu @ 2022-04-14 10:54 UTC (permalink / raw)
To: u-boot
Cc: Heinrich Schuchardt, Ilias Apalodimas, AKASHI Takahiro,
Ying-Chun Liu, Tuomas Tynkkynen, Heiko Thiery, Frieder Schrempf,
Michael Walle, Masami Hiramatsu, Jassi Brar, Michal Simek,
Michal Simek, Sughosh Ganu
The current capsule update code compares the image GUID value in the
capsule header with the image GUID value obtained from the
GetImageInfo function of the Firmware Management Protocol(FMP). This
comparison is done to ascertain if the FMP's SetImage function can be
called for the update. Make this checking more robust by comparing the
image_index value passed through the capsule with that returned by the
FMP's GetImageInfo function. This protects against the scenario of the
firmware being updated in a wrong partition/location on the storage
device if an incorrect value has been passed through the capsule,
since the image_index is used to determine the location of the update
on the storage device.
Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Reviewed-by: Masami Hiramatsu <masami.hiramatsu@linaro.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
---
Changes since V6: None
lib/efi_loader/efi_capsule.c | 8 +++++---
1 file changed, 5 insertions(+), 3 deletions(-)
diff --git a/lib/efi_loader/efi_capsule.c b/lib/efi_loader/efi_capsule.c
index a107f285dd..c76a5f3570 100644
--- a/lib/efi_loader/efi_capsule.c
+++ b/lib/efi_loader/efi_capsule.c
@@ -129,6 +129,7 @@ void set_capsule_result(int index, struct efi_capsule_header *capsule,
/**
* efi_fmp_find - search for Firmware Management Protocol drivers
* @image_type: Image type guid
+ * @image_index: Image Index
* @instance: Instance number
* @handles: Handles of FMP drivers
* @no_handles: Number of handles
@@ -142,8 +143,8 @@ void set_capsule_result(int index, struct efi_capsule_header *capsule,
* * NULL - on failure
*/
static struct efi_firmware_management_protocol *
-efi_fmp_find(efi_guid_t *image_type, u64 instance, efi_handle_t *handles,
- efi_uintn_t no_handles)
+efi_fmp_find(efi_guid_t *image_type, u8 image_index, u64 instance,
+ efi_handle_t *handles, efi_uintn_t no_handles)
{
efi_handle_t *handle;
struct efi_firmware_management_protocol *fmp;
@@ -204,6 +205,7 @@ efi_fmp_find(efi_guid_t *image_type, u64 instance, efi_handle_t *handles,
log_debug("+++ desc[%d] index: %d, name: %ls\n",
j, desc->image_index, desc->image_id_name);
if (!guidcmp(&desc->image_type_id, image_type) &&
+ (desc->image_index == image_index) &&
(!instance ||
!desc->hardware_instance ||
desc->hardware_instance == instance))
@@ -450,8 +452,8 @@ static efi_status_t efi_capsule_update_firmware(
}
/* find a device for update firmware */
- /* TODO: should we pass index as well, or nothing but type? */
fmp = efi_fmp_find(&image->update_image_type_id,
+ image->update_image_index,
image->update_hardware_instance,
handles, no_handles);
if (!fmp) {
--
2.25.1
^ permalink raw reply related [flat|nested] 13+ messages in thread
* [PATCH v7 4/8] efi: Define set_dfu_alt_info() for boards with UEFI capsule update enabled
2022-04-14 10:54 [PATCH v7 0/8] efi: capsule: Capsule Update fixes and enhancements Sughosh Ganu
` (2 preceding siblings ...)
2022-04-14 10:54 ` [PATCH v7 3/8] capsule: Put a check for image index before the update Sughosh Ganu
@ 2022-04-14 10:54 ` Sughosh Ganu
2022-04-14 11:41 ` Masami Hiramatsu
2022-04-14 10:54 ` [PATCH v7 5/8] test: capsule: Modify the capsule tests to use GUID values for sandbox Sughosh Ganu
` (3 subsequent siblings)
7 siblings, 1 reply; 13+ messages in thread
From: Sughosh Ganu @ 2022-04-14 10:54 UTC (permalink / raw)
To: u-boot
Cc: Heinrich Schuchardt, Ilias Apalodimas, AKASHI Takahiro,
Ying-Chun Liu, Tuomas Tynkkynen, Heiko Thiery, Frieder Schrempf,
Michael Walle, Masami Hiramatsu, Jassi Brar, Michal Simek,
Michal Simek, Sughosh Ganu
Currently, there are a bunch of boards which enable the UEFI capsule
update feature. The actual update of the firmware images is done
through the dfu framework which uses the dfu_alt_info environment
variable for getting information on the update, like device, partition
number/address etc. The dfu framework allows the variable to be set
through the set_dfu_alt_info function defined by the platform, or if
the function is not defined, it gets the variable from the
environment. Using the value set in the environment is not very
robust, since the variable can be modified from the u-boot command
line and this can cause an incorrect update.
To prevent this from happening, define the set_dfu_alt_info function
when the capsule update feature is enabled. A weak function is defined
which sets the dfu_alt_info environment variable by getting the string
for the variable from the platform.
Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
---
Changes since V6: None
lib/efi_loader/Kconfig | 2 ++
lib/efi_loader/efi_firmware.c | 5 +++++
2 files changed, 7 insertions(+)
diff --git a/lib/efi_loader/Kconfig b/lib/efi_loader/Kconfig
index 559b95a599..d50cd2563d 100644
--- a/lib/efi_loader/Kconfig
+++ b/lib/efi_loader/Kconfig
@@ -181,6 +181,7 @@ config EFI_CAPSULE_FIRMWARE_FIT
depends on EFI_CAPSULE_FIRMWARE_MANAGEMENT
select UPDATE_FIT
select DFU
+ select SET_DFU_ALT_INFO
select EFI_CAPSULE_FIRMWARE
help
Select this option if you want to enable firmware management protocol
@@ -192,6 +193,7 @@ config EFI_CAPSULE_FIRMWARE_RAW
depends on SANDBOX || (!SANDBOX && !EFI_CAPSULE_FIRMWARE_FIT)
select DFU_WRITE_ALT
select DFU
+ select SET_DFU_ALT_INFO
select EFI_CAPSULE_FIRMWARE
help
Select this option if you want to enable firmware management protocol
diff --git a/lib/efi_loader/efi_firmware.c b/lib/efi_loader/efi_firmware.c
index 46aa7a001a..aff5519e54 100644
--- a/lib/efi_loader/efi_firmware.c
+++ b/lib/efi_loader/efi_firmware.c
@@ -35,6 +35,11 @@ struct fmp_payload_header {
u32 lowest_supported_version;
};
+__weak void set_dfu_alt_info(char *interface, char *devstr)
+{
+ env_set("dfu_alt_info", update_info.dfu_string);
+}
+
/* Place holder; not supported */
static
efi_status_t EFIAPI efi_firmware_get_image_unsupported(
--
2.25.1
^ permalink raw reply related [flat|nested] 13+ messages in thread
* [PATCH v7 5/8] test: capsule: Modify the capsule tests to use GUID values for sandbox
2022-04-14 10:54 [PATCH v7 0/8] efi: capsule: Capsule Update fixes and enhancements Sughosh Ganu
` (3 preceding siblings ...)
2022-04-14 10:54 ` [PATCH v7 4/8] efi: Define set_dfu_alt_info() for boards with UEFI capsule update enabled Sughosh Ganu
@ 2022-04-14 10:54 ` Sughosh Ganu
2022-04-14 10:54 ` [PATCH v7 6/8] FMP: Remove GUIDs for FIT and raw images Sughosh Ganu
` (2 subsequent siblings)
7 siblings, 0 replies; 13+ messages in thread
From: Sughosh Ganu @ 2022-04-14 10:54 UTC (permalink / raw)
To: u-boot
Cc: Heinrich Schuchardt, Ilias Apalodimas, AKASHI Takahiro,
Ying-Chun Liu, Tuomas Tynkkynen, Heiko Thiery, Frieder Schrempf,
Michael Walle, Masami Hiramatsu, Jassi Brar, Michal Simek,
Michal Simek, Sughosh Ganu
The current UEFI capsule updation code uses two GUID values, one for
FIT images, and one for raw images across platforms. This logic is
being changed to have GUID values per image, per platform. Change the
tests for the capsule update code to reflect this change. The GUID
values now used are the ones specific to the sandbox platform -- one
for the u-boot image, and another for the u-boot environment image.
Install the FMP instance for raw images on the sandbox variant for
testing the capsule update code. Install the FMP instance for the FIT
images on the sandbox64 and sandbox_flattree variant for testing
capsule update for FIT images. This is being done by splitting the
capsule update script for FIT and raw images.
Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
---
Changes since V6: None
configs/sandbox64_defconfig | 1 -
configs/sandbox_defconfig | 1 -
configs/sandbox_flattree_defconfig | 5 +
test/py/tests/test_efi_capsule/conftest.py | 21 +-
.../test_capsule_firmware_fit.py | 191 ++++++++++++++++++
...rmware.py => test_capsule_firmware_raw.py} | 167 ++++++---------
6 files changed, 270 insertions(+), 116 deletions(-)
create mode 100644 test/py/tests/test_efi_capsule/test_capsule_firmware_fit.py
rename test/py/tests/test_efi_capsule/{test_capsule_firmware.py => test_capsule_firmware_raw.py} (75%)
diff --git a/configs/sandbox64_defconfig b/configs/sandbox64_defconfig
index 88f9ecbb7f..db748bbed3 100644
--- a/configs/sandbox64_defconfig
+++ b/configs/sandbox64_defconfig
@@ -246,7 +246,6 @@ CONFIG_ERRNO_STR=y
CONFIG_EFI_RUNTIME_UPDATE_CAPSULE=y
CONFIG_EFI_CAPSULE_ON_DISK=y
CONFIG_EFI_CAPSULE_FIRMWARE_FIT=y
-CONFIG_EFI_CAPSULE_FIRMWARE_RAW=y
CONFIG_EFI_SECURE_BOOT=y
CONFIG_TEST_FDTDEC=y
CONFIG_UNIT_TEST=y
diff --git a/configs/sandbox_defconfig b/configs/sandbox_defconfig
index cb8d590eb6..0dfc2d863d 100644
--- a/configs/sandbox_defconfig
+++ b/configs/sandbox_defconfig
@@ -319,7 +319,6 @@ CONFIG_SHA384=y
CONFIG_ERRNO_STR=y
CONFIG_EFI_RUNTIME_UPDATE_CAPSULE=y
CONFIG_EFI_CAPSULE_ON_DISK=y
-CONFIG_EFI_CAPSULE_FIRMWARE_FIT=y
CONFIG_EFI_CAPSULE_FIRMWARE_RAW=y
CONFIG_EFI_SECURE_BOOT=y
CONFIG_TEST_FDTDEC=y
diff --git a/configs/sandbox_flattree_defconfig b/configs/sandbox_flattree_defconfig
index 24b272068a..27dd38a0c0 100644
--- a/configs/sandbox_flattree_defconfig
+++ b/configs/sandbox_flattree_defconfig
@@ -28,6 +28,7 @@ CONFIG_CMD_BOOTEFI_HELLO=y
CONFIG_CMD_ASKENV=y
CONFIG_CMD_GREPENV=y
CONFIG_CMD_ERASEENV=y
+CONFIG_CMD_NVEDIT_EFI=y
CONFIG_CMD_NVEDIT_INFO=y
CONFIG_CMD_NVEDIT_LOAD=y
CONFIG_CMD_NVEDIT_SELECT=y
@@ -209,3 +210,7 @@ CONFIG_HEXDUMP=y
CONFIG_UNIT_TEST=y
CONFIG_UT_TIME=y
CONFIG_UT_DM=y
+CONFIG_EFI_RUNTIME_UPDATE_CAPSULE=y
+CONFIG_EFI_CAPSULE_ON_DISK=y
+CONFIG_EFI_CAPSULE_FIRMWARE_FIT=y
+CONFIG_DFU_SF=y
diff --git a/test/py/tests/test_efi_capsule/conftest.py b/test/py/tests/test_efi_capsule/conftest.py
index 9076087a12..d757415c88 100644
--- a/test/py/tests/test_efi_capsule/conftest.py
+++ b/test/py/tests/test_efi_capsule/conftest.py
@@ -72,7 +72,7 @@ def efi_capsule_data(request, u_boot_config):
# Create capsule files
# two regions: one for u-boot.bin and the other for u-boot.env
- check_call('cd %s; echo -n u-boot:Old > u-boot.bin.old; echo -n u-boot:New > u-boot.bin.new; echo -n u-boot-env:Old -> u-boot.env.old; echo -n u-boot-env:New > u-boot.env.new' % data_dir,
+ check_call('cd %s; echo -n u-boot:Old > u-boot.bin.old; echo -n u-boot:New > u-boot.bin.new; echo -n u-boot-env:Old > u-boot.env.old; echo -n u-boot-env:New > u-boot.env.new' % data_dir,
shell=True)
check_call('sed -e \"s?BINFILE1?u-boot.bin.new?\" -e \"s?BINFILE2?u-boot.env.new?\" %s/test/py/tests/test_efi_capsule/uboot_bin_env.its > %s/uboot_bin_env.its' %
(u_boot_config.source_dir, data_dir),
@@ -80,21 +80,29 @@ def efi_capsule_data(request, u_boot_config):
check_call('cd %s; %s/tools/mkimage -f uboot_bin_env.its uboot_bin_env.itb' %
(data_dir, u_boot_config.build_dir),
shell=True)
- check_call('cd %s; %s/tools/mkeficapsule --index 1 --fit uboot_bin_env.itb Test01' %
+ check_call('cd %s; %s/tools/mkeficapsule --index 1 --guid 09D7CF52-0720-4710-91D1-08469B7FE9C8 u-boot.bin.new Test01' %
(data_dir, u_boot_config.build_dir),
shell=True)
- check_call('cd %s; %s/tools/mkeficapsule --index 1 --raw u-boot.bin.new Test02' %
+ check_call('cd %s; %s/tools/mkeficapsule --index 2 --guid 5A7021F5-FEF2-48B4-AABA-832E777418C0 u-boot.env.new Test02' %
(data_dir, u_boot_config.build_dir),
shell=True)
- check_call('cd %s; %s/tools/mkeficapsule --index 1 --guid E2BB9C06-70E9-4B14-97A3-5A7913176E3F u-boot.bin.new Test03' %
+ check_call('cd %s; %s/tools/mkeficapsule --index 1 --guid 058B7D83-50D5-4C47-A195-60D86AD341C4 u-boot.bin.new Test03' %
(data_dir, u_boot_config.build_dir),
shell=True)
+ check_call('cd %s; %s/tools/mkeficapsule --index 1 --guid 3673B45D-6A7C-46F3-9E60-ADABB03F7937 uboot_bin_env.itb Test04' %
+ (data_dir, u_boot_config.build_dir),
+ shell=True)
+ check_call('cd %s; %s/tools/mkeficapsule --index 1 --guid 058B7D83-50D5-4C47-A195-60D86AD341C4 uboot_bin_env.itb Test05' %
+ (data_dir, u_boot_config.build_dir),
+ shell=True)
+
if capsule_auth_enabled:
# firmware signed with proper key
check_call('cd %s; '
'%s/tools/mkeficapsule --index 1 --monotonic-count 1 '
'--private-key SIGNER.key --certificate SIGNER.crt '
- '--raw u-boot.bin.new Test11'
+ '--guid 09D7DF52-0720-4710-91D1-08469B7FE9C8 '
+ 'u-boot.bin.new Test11'
% (data_dir, u_boot_config.build_dir),
shell=True)
# firmware signed with *mal* key
@@ -102,7 +110,8 @@ def efi_capsule_data(request, u_boot_config):
'%s/tools/mkeficapsule --index 1 --monotonic-count 1 '
'--private-key SIGNER2.key '
'--certificate SIGNER2.crt '
- '--raw u-boot.bin.new Test12'
+ '--guid 09D7DF52-0720-4710-91D1-08469B7FE9C8 '
+ 'u-boot.bin.new Test12'
% (data_dir, u_boot_config.build_dir),
shell=True)
diff --git a/test/py/tests/test_efi_capsule/test_capsule_firmware_fit.py b/test/py/tests/test_efi_capsule/test_capsule_firmware_fit.py
new file mode 100644
index 0000000000..5bef84958b
--- /dev/null
+++ b/test/py/tests/test_efi_capsule/test_capsule_firmware_fit.py
@@ -0,0 +1,191 @@
+# SPDX-License-Identifier: GPL-2.0+
+# Copyright (c) 2020, Linaro Limited
+# Author: AKASHI Takahiro <takahiro.akashi@linaro.org>
+#
+# U-Boot UEFI: Firmware Update Test
+
+"""
+This test verifies capsule-on-disk firmware update for FIT images
+"""
+
+from subprocess import check_call, check_output, CalledProcessError
+import pytest
+from capsule_defs import *
+
+
+@pytest.mark.boardspec('sandbox64')
+@pytest.mark.boardspec('sandbox_flattree')
+@pytest.mark.buildconfigspec('efi_capsule_firmware_fit')
+@pytest.mark.buildconfigspec('efi_capsule_on_disk')
+@pytest.mark.buildconfigspec('dfu')
+@pytest.mark.buildconfigspec('dfu_sf')
+@pytest.mark.buildconfigspec('cmd_efidebug')
+@pytest.mark.buildconfigspec('cmd_fat')
+@pytest.mark.buildconfigspec('cmd_memory')
+@pytest.mark.buildconfigspec('cmd_nvedit_efi')
+@pytest.mark.buildconfigspec('cmd_sf')
+@pytest.mark.slow
+class TestEfiCapsuleFirmwareFit(object):
+ def test_efi_capsule_fw1(
+ self, u_boot_config, u_boot_console, efi_capsule_data):
+ """
+ Test Case 1 - Update U-Boot and U-Boot environment on SPI Flash
+ but with an incorrect GUID value in the capsule
+ No update should happen
+ 0x100000-0x150000: U-Boot binary (but dummy)
+ 0x150000-0x200000: U-Boot environment (but dummy)
+ """
+ # other tests might have run and the
+ # system might not be in a clean state.
+ # Restart before starting the tests.
+ u_boot_console.restart_uboot()
+
+ disk_img = efi_capsule_data
+ with u_boot_console.log.section('Test Case 1-a, before reboot'):
+ output = u_boot_console.run_command_list([
+ 'host bind 0 %s' % disk_img,
+ 'efidebug boot add -b 1 TEST host 0:1 /helloworld.efi -s ""',
+ 'efidebug boot order 1',
+ 'env set -e -nv -bs -rt OsIndications =0x0000000000000004',
+ 'env set dfu_alt_info "sf 0:0=u-boot-bin raw 0x100000 0x50000;u-boot-env raw 0x150000 0x200000"',
+ 'env save'])
+
+ # initialize contents
+ output = u_boot_console.run_command_list([
+ 'sf probe 0:0',
+ 'fatload host 0:1 4000000 %s/u-boot.bin.old' % CAPSULE_DATA_DIR,
+ 'sf write 4000000 100000 10',
+ 'sf read 5000000 100000 10',
+ 'md.b 5000000 10'])
+ assert 'Old' in ''.join(output)
+ output = u_boot_console.run_command_list([
+ 'sf probe 0:0',
+ 'fatload host 0:1 4000000 %s/u-boot.env.old' % CAPSULE_DATA_DIR,
+ 'sf write 4000000 150000 10',
+ 'sf read 5000000 150000 10',
+ 'md.b 5000000 10'])
+ assert 'Old' in ''.join(output)
+
+ # place a capsule file
+ output = u_boot_console.run_command_list([
+ 'fatload host 0:1 4000000 %s/Test05' % CAPSULE_DATA_DIR,
+ 'fatwrite host 0:1 4000000 %s/Test05 $filesize' % CAPSULE_INSTALL_DIR,
+ 'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR])
+ assert 'Test05' in ''.join(output)
+
+ capsule_early = u_boot_config.buildconfig.get(
+ 'config_efi_capsule_on_disk_early')
+ capsule_auth = u_boot_config.buildconfig.get(
+ 'config_efi_capsule_authenticate')
+
+ # reboot
+ u_boot_console.restart_uboot(expect_reset = capsule_early)
+
+ with u_boot_console.log.section('Test Case 1-b, after reboot'):
+ if not capsule_early:
+ # make sure that dfu_alt_info exists even persistent variables
+ # are not available.
+ output = u_boot_console.run_command_list([
+ 'env set dfu_alt_info "sf 0:0=u-boot-bin raw 0x100000 0x50000;u-boot-env raw 0x150000 0x200000"',
+ 'host bind 0 %s' % disk_img,
+ 'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR])
+ assert 'Test05' in ''.join(output)
+
+ # need to run uefi command to initiate capsule handling
+ output = u_boot_console.run_command(
+ 'env print -e Capsule0000', wait_for_reboot = True)
+
+ output = u_boot_console.run_command_list([
+ 'sf probe 0:0',
+ 'sf read 4000000 100000 10',
+ 'md.b 4000000 10'])
+ assert 'u-boot:Old' in ''.join(output)
+
+ output = u_boot_console.run_command_list([
+ 'sf read 4000000 150000 10',
+ 'md.b 4000000 10'])
+ assert 'u-boot-env:Old' in ''.join(output)
+
+ def test_efi_capsule_fw2(
+ self, u_boot_config, u_boot_console, efi_capsule_data):
+ """
+ Test Case 2 - Update U-Boot and U-Boot environment on SPI Flash
+ 0x100000-0x150000: U-Boot binary (but dummy)
+ 0x150000-0x200000: U-Boot environment (but dummy)
+ """
+ disk_img = efi_capsule_data
+ with u_boot_console.log.section('Test Case 2-a, before reboot'):
+ output = u_boot_console.run_command_list([
+ 'host bind 0 %s' % disk_img,
+ 'efidebug boot add -b 1 TEST host 0:1 /helloworld.efi -s ""',
+ 'efidebug boot order 1',
+ 'env set -e -nv -bs -rt OsIndications =0x0000000000000004',
+ 'env set dfu_alt_info "sf 0:0=u-boot-bin raw 0x100000 0x50000;u-boot-env raw 0x150000 0x200000"',
+ 'env save'])
+
+ # initialize contents
+ output = u_boot_console.run_command_list([
+ 'sf probe 0:0',
+ 'fatload host 0:1 4000000 %s/u-boot.bin.old' % CAPSULE_DATA_DIR,
+ 'sf write 4000000 100000 10',
+ 'sf read 5000000 100000 10',
+ 'md.b 5000000 10'])
+ assert 'Old' in ''.join(output)
+ output = u_boot_console.run_command_list([
+ 'sf probe 0:0',
+ 'fatload host 0:1 4000000 %s/u-boot.env.old' % CAPSULE_DATA_DIR,
+ 'sf write 4000000 150000 10',
+ 'sf read 5000000 150000 10',
+ 'md.b 5000000 10'])
+ assert 'Old' in ''.join(output)
+
+ # place a capsule file
+ output = u_boot_console.run_command_list([
+ 'fatload host 0:1 4000000 %s/Test04' % CAPSULE_DATA_DIR,
+ 'fatwrite host 0:1 4000000 %s/Test04 $filesize' % CAPSULE_INSTALL_DIR,
+ 'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR])
+ assert 'Test04' in ''.join(output)
+
+ capsule_early = u_boot_config.buildconfig.get(
+ 'config_efi_capsule_on_disk_early')
+ capsule_auth = u_boot_config.buildconfig.get(
+ 'config_efi_capsule_authenticate')
+
+ # reboot
+ u_boot_console.restart_uboot(expect_reset = capsule_early)
+
+ with u_boot_console.log.section('Test Case 2-b, after reboot'):
+ if not capsule_early:
+ # make sure that dfu_alt_info exists even persistent variables
+ # are not available.
+ output = u_boot_console.run_command_list([
+ 'env set dfu_alt_info "sf 0:0=u-boot-bin raw 0x100000 0x50000;u-boot-env raw 0x150000 0x200000"',
+ 'host bind 0 %s' % disk_img,
+ 'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR])
+ assert 'Test04' in ''.join(output)
+
+ # need to run uefi command to initiate capsule handling
+ output = u_boot_console.run_command(
+ 'env print -e Capsule0000', wait_for_reboot = True)
+
+ output = u_boot_console.run_command_list([
+ 'host bind 0 %s' % disk_img,
+ 'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR])
+ assert 'Test04' not in ''.join(output)
+
+ output = u_boot_console.run_command_list([
+ 'sf probe 0:0',
+ 'sf read 4000000 100000 10',
+ 'md.b 4000000 10'])
+ if capsule_auth:
+ assert 'u-boot:Old' in ''.join(output)
+ else:
+ assert 'u-boot:New' in ''.join(output)
+
+ output = u_boot_console.run_command_list([
+ 'sf read 4000000 150000 10',
+ 'md.b 4000000 10'])
+ if capsule_auth:
+ assert 'u-boot-env:Old' in ''.join(output)
+ else:
+ assert 'u-boot-env:New' in ''.join(output)
diff --git a/test/py/tests/test_efi_capsule/test_capsule_firmware.py b/test/py/tests/test_efi_capsule/test_capsule_firmware_raw.py
similarity index 75%
rename from test/py/tests/test_efi_capsule/test_capsule_firmware.py
rename to test/py/tests/test_efi_capsule/test_capsule_firmware_raw.py
index 1dcf1c70f4..ae99f080ff 100644
--- a/test/py/tests/test_efi_capsule/test_capsule_firmware.py
+++ b/test/py/tests/test_efi_capsule/test_capsule_firmware_raw.py
@@ -5,7 +5,7 @@
# U-Boot UEFI: Firmware Update Test
"""
-This test verifies capsule-on-disk firmware update
+This test verifies capsule-on-disk firmware update for raw images
"""
from subprocess import check_call, check_output, CalledProcessError
@@ -14,7 +14,6 @@ from capsule_defs import *
@pytest.mark.boardspec('sandbox')
-@pytest.mark.buildconfigspec('efi_capsule_firmware_fit')
@pytest.mark.buildconfigspec('efi_capsule_firmware_raw')
@pytest.mark.buildconfigspec('efi_capsule_on_disk')
@pytest.mark.buildconfigspec('dfu')
@@ -25,23 +24,29 @@ from capsule_defs import *
@pytest.mark.buildconfigspec('cmd_nvedit_efi')
@pytest.mark.buildconfigspec('cmd_sf')
@pytest.mark.slow
-class TestEfiCapsuleFirmwareFit(object):
+class TestEfiCapsuleFirmwareRaw(object):
def test_efi_capsule_fw1(
self, u_boot_config, u_boot_console, efi_capsule_data):
"""
Test Case 1 - Update U-Boot and U-Boot environment on SPI Flash
- but with OsIndications unset
+ but with an incorrect GUID value in the capsule
No update should happen
0x100000-0x150000: U-Boot binary (but dummy)
0x150000-0x200000: U-Boot environment (but dummy)
"""
+
+ # other tests might have run and the
+ # system might not be in a clean state.
+ # Restart before starting the tests.
+ u_boot_console.restart_uboot()
+
disk_img = efi_capsule_data
with u_boot_console.log.section('Test Case 1-a, before reboot'):
output = u_boot_console.run_command_list([
'host bind 0 %s' % disk_img,
'efidebug boot add -b 1 TEST host 0:1 /helloworld.efi -s ""',
'efidebug boot order 1',
- 'env set -e OsIndications',
+ 'env set -e -nv -bs -rt OsIndications =0x0000000000000004',
'env set dfu_alt_info "sf 0:0=u-boot-bin raw 0x100000 0x50000;u-boot-env raw 0x150000 0x200000"',
'env save'])
@@ -63,16 +68,17 @@ class TestEfiCapsuleFirmwareFit(object):
# place a capsule file
output = u_boot_console.run_command_list([
- 'fatload host 0:1 4000000 %s/Test01' % CAPSULE_DATA_DIR,
- 'fatwrite host 0:1 4000000 %s/Test01 $filesize' % CAPSULE_INSTALL_DIR,
+ 'fatload host 0:1 4000000 %s/Test03' % CAPSULE_DATA_DIR,
+ 'fatwrite host 0:1 4000000 %s/Test03 $filesize' % CAPSULE_INSTALL_DIR,
'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR])
- assert 'Test01' in ''.join(output)
+ assert 'Test03' in ''.join(output)
# reboot
u_boot_console.restart_uboot()
capsule_early = u_boot_config.buildconfig.get(
'config_efi_capsule_on_disk_early')
+
with u_boot_console.log.section('Test Case 1-b, after reboot'):
if not capsule_early:
# make sure that dfu_alt_info exists even persistent variables
@@ -81,16 +87,11 @@ class TestEfiCapsuleFirmwareFit(object):
'env set dfu_alt_info "sf 0:0=u-boot-bin raw 0x100000 0x50000;u-boot-env raw 0x150000 0x200000"',
'host bind 0 %s' % disk_img,
'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR])
- assert 'Test01' in ''.join(output)
+ assert 'Test03' in ''.join(output)
# need to run uefi command to initiate capsule handling
output = u_boot_console.run_command(
- 'env print -e Capsule0000')
-
- output = u_boot_console.run_command_list([
- 'host bind 0 %s' % disk_img,
- 'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR])
- assert 'Test01' in ''.join(output)
+ 'env print -e Capsule0000', wait_for_reboot = True)
output = u_boot_console.run_command_list([
'sf probe 0:0',
@@ -107,6 +108,8 @@ class TestEfiCapsuleFirmwareFit(object):
self, u_boot_config, u_boot_console, efi_capsule_data):
"""
Test Case 2 - Update U-Boot and U-Boot environment on SPI Flash
+ but with OsIndications unset
+ No update should happen
0x100000-0x150000: U-Boot binary (but dummy)
0x150000-0x200000: U-Boot environment (but dummy)
"""
@@ -116,7 +119,7 @@ class TestEfiCapsuleFirmwareFit(object):
'host bind 0 %s' % disk_img,
'efidebug boot add -b 1 TEST host 0:1 /helloworld.efi -s ""',
'efidebug boot order 1',
- 'env set -e -nv -bs -rt OsIndications =0x0000000000000004',
+ 'env set -e OsIndications',
'env set dfu_alt_info "sf 0:0=u-boot-bin raw 0x100000 0x50000;u-boot-env raw 0x150000 0x200000"',
'env save'])
@@ -136,21 +139,24 @@ class TestEfiCapsuleFirmwareFit(object):
'md.b 5000000 10'])
assert 'Old' in ''.join(output)
- # place a capsule file
+ # place the capsule files
output = u_boot_console.run_command_list([
'fatload host 0:1 4000000 %s/Test01' % CAPSULE_DATA_DIR,
'fatwrite host 0:1 4000000 %s/Test01 $filesize' % CAPSULE_INSTALL_DIR,
'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR])
assert 'Test01' in ''.join(output)
- capsule_early = u_boot_config.buildconfig.get(
- 'config_efi_capsule_on_disk_early')
- capsule_auth = u_boot_config.buildconfig.get(
- 'config_efi_capsule_authenticate')
+ output = u_boot_console.run_command_list([
+ 'fatload host 0:1 4000000 %s/Test02' % CAPSULE_DATA_DIR,
+ 'fatwrite host 0:1 4000000 %s/Test02 $filesize' % CAPSULE_INSTALL_DIR,
+ 'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR])
+ assert 'Test02' in ''.join(output)
# reboot
- u_boot_console.restart_uboot(expect_reset = capsule_early)
+ u_boot_console.restart_uboot()
+ capsule_early = u_boot_config.buildconfig.get(
+ 'config_efi_capsule_on_disk_early')
with u_boot_console.log.section('Test Case 2-b, after reboot'):
if not capsule_early:
# make sure that dfu_alt_info exists even persistent variables
@@ -160,32 +166,28 @@ class TestEfiCapsuleFirmwareFit(object):
'host bind 0 %s' % disk_img,
'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR])
assert 'Test01' in ''.join(output)
+ assert 'Test02' in ''.join(output)
# need to run uefi command to initiate capsule handling
output = u_boot_console.run_command(
- 'env print -e Capsule0000', wait_for_reboot = True)
+ 'env print -e Capsule0000')
output = u_boot_console.run_command_list([
'host bind 0 %s' % disk_img,
'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR])
- assert 'Test01' not in ''.join(output)
+ assert 'Test01' in ''.join(output)
+ assert 'Test02' in ''.join(output)
output = u_boot_console.run_command_list([
'sf probe 0:0',
'sf read 4000000 100000 10',
'md.b 4000000 10'])
- if capsule_auth:
- assert 'u-boot:Old' in ''.join(output)
- else:
- assert 'u-boot:New' in ''.join(output)
+ assert 'u-boot:Old' in ''.join(output)
output = u_boot_console.run_command_list([
'sf read 4000000 150000 10',
'md.b 4000000 10'])
- if capsule_auth:
- assert 'u-boot-env:Old' in ''.join(output)
- else:
- assert 'u-boot-env:New' in ''.join(output)
+ assert 'u-boot-env:Old' in ''.join(output)
def test_efi_capsule_fw3(
self, u_boot_config, u_boot_console, efi_capsule_data):
@@ -203,7 +205,7 @@ class TestEfiCapsuleFirmwareFit(object):
'env set dfu_alt_info "sf 0:0=u-boot-bin raw 0x100000 0x50000;u-boot-env raw 0x150000 0x200000"',
'env save'])
- # initialize content
+ # initialize contents
output = u_boot_console.run_command_list([
'sf probe 0:0',
'fatload host 0:1 4000000 %s/u-boot.bin.old' % CAPSULE_DATA_DIR,
@@ -212,7 +214,21 @@ class TestEfiCapsuleFirmwareFit(object):
'md.b 5000000 10'])
assert 'Old' in ''.join(output)
- # place a capsule file
+ output = u_boot_console.run_command_list([
+ 'sf probe 0:0',
+ 'fatload host 0:1 4000000 %s/u-boot.env.old' % CAPSULE_DATA_DIR,
+ 'sf write 4000000 150000 10',
+ 'sf read 5000000 100000 10',
+ 'md.b 5000000 10'])
+ assert 'Old' in ''.join(output)
+
+ # place the capsule files
+ output = u_boot_console.run_command_list([
+ 'fatload host 0:1 4000000 %s/Test01' % CAPSULE_DATA_DIR,
+ 'fatwrite host 0:1 4000000 %s/Test01 $filesize' % CAPSULE_INSTALL_DIR,
+ 'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR])
+ assert 'Test01' in ''.join(output)
+
output = u_boot_console.run_command_list([
'fatload host 0:1 4000000 %s/Test02' % CAPSULE_DATA_DIR,
'fatwrite host 0:1 4000000 %s/Test02 $filesize' % CAPSULE_INSTALL_DIR,
@@ -235,6 +251,7 @@ class TestEfiCapsuleFirmwareFit(object):
'env set dfu_alt_info "sf 0:0=u-boot-bin raw 0x100000 0x50000;u-boot-env raw 0x150000 0x200000"',
'host bind 0 %s' % disk_img,
'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR])
+ assert 'Test01' in ''.join(output)
assert 'Test02' in ''.join(output)
# need to run uefi command to initiate capsule handling
@@ -246,15 +263,16 @@ class TestEfiCapsuleFirmwareFit(object):
'env set dfu_alt_info "sf 0:0=u-boot-bin raw 0x100000 0x50000;u-boot-env raw 0x150000 0x200000"',
'efidebug capsule esrt'])
- # ensure that EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID is in the ESRT.
- assert 'AE13FF2D-9AD4-4E25-9AC8-6D80B3B22147' in ''.join(output)
+ # ensure that SANDBOX_UBOOT_ENV_IMAGE_GUID is in the ESRT.
+ assert '5A7021F5-FEF2-48B4-AABA-832E777418C0' in ''.join(output)
- # ensure that EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID is in the ESRT.
- assert 'E2BB9C06-70E9-4B14-97A3-5A7913176E3F' in ''.join(output)
+ # ensure that SANDBOX_UBOOT_IMAGE_GUID is in the ESRT.
+ assert '09D7CF52-0720-4710-91D1-08469B7FE9C8' in ''.join(output)
output = u_boot_console.run_command_list([
'host bind 0 %s' % disk_img,
'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR])
+ assert 'Test01' not in ''.join(output)
assert 'Test02' not in ''.join(output)
output = u_boot_console.run_command_list([
@@ -266,78 +284,11 @@ class TestEfiCapsuleFirmwareFit(object):
else:
assert 'u-boot:New' in ''.join(output)
- def test_efi_capsule_fw4(
- self, u_boot_config, u_boot_console, efi_capsule_data):
- """
- Test Case 4 - Test "--guid" option of mkeficapsule
- The test scenario is the same as Case 3.
- """
- disk_img = efi_capsule_data
- with u_boot_console.log.section('Test Case 4-a, before reboot'):
- output = u_boot_console.run_command_list([
- 'host bind 0 %s' % disk_img,
- 'efidebug boot add -b 1 TEST host 0:1 /helloworld.efi -s ""',
- 'efidebug boot order 1',
- 'env set -e -nv -bs -rt OsIndications =0x0000000000000004',
- 'env set dfu_alt_info "sf 0:0=u-boot-bin raw 0x100000 0x50000;u-boot-env raw 0x150000 0x200000"',
- 'env save'])
-
- # initialize content
output = u_boot_console.run_command_list([
'sf probe 0:0',
- 'fatload host 0:1 4000000 %s/u-boot.bin.old' % CAPSULE_DATA_DIR,
- 'sf write 4000000 100000 10',
- 'sf read 5000000 100000 10',
- 'md.b 5000000 10'])
- assert 'Old' in ''.join(output)
-
- # place a capsule file
- output = u_boot_console.run_command_list([
- 'fatload host 0:1 4000000 %s/Test03' % CAPSULE_DATA_DIR,
- 'fatwrite host 0:1 4000000 %s/Test03 $filesize' % CAPSULE_INSTALL_DIR,
- 'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR])
- assert 'Test03' in ''.join(output)
-
- capsule_early = u_boot_config.buildconfig.get(
- 'config_efi_capsule_on_disk_early')
- capsule_auth = u_boot_config.buildconfig.get(
- 'config_efi_capsule_authenticate')
-
- # reboot
- u_boot_console.restart_uboot(expect_reset = capsule_early)
-
- with u_boot_console.log.section('Test Case 4-b, after reboot'):
- if not capsule_early:
- # make sure that dfu_alt_info exists even persistent variables
- # are not available.
- output = u_boot_console.run_command_list([
- 'env set dfu_alt_info "sf 0:0=u-boot-bin raw 0x100000 0x50000;u-boot-env raw 0x150000 0x200000"',
- 'host bind 0 %s' % disk_img,
- 'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR])
- assert 'Test03' in ''.join(output)
-
- # need to run uefi command to initiate capsule handling
- output = u_boot_console.run_command(
- 'env print -e Capsule0000', wait_for_reboot = True)
-
- # make sure the dfu_alt_info exists because it is required for making ESRT.
- output = u_boot_console.run_command_list([
- 'env set dfu_alt_info "sf 0:0=u-boot-bin raw 0x100000 0x50000;u-boot-env raw 0x150000 0x200000"',
- 'efidebug capsule esrt'])
-
- # ensure that EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID is in the ESRT.
- assert 'E2BB9C06-70E9-4B14-97A3-5A7913176E3F' in ''.join(output)
-
- output = u_boot_console.run_command_list([
- 'host bind 0 %s' % disk_img,
- 'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR])
- assert 'Test03' not in ''.join(output)
-
- output = u_boot_console.run_command_list([
- 'sf probe 0:0',
- 'sf read 4000000 100000 10',
+ 'sf read 4000000 150000 10',
'md.b 4000000 10'])
if capsule_auth:
- assert 'u-boot:Old' in ''.join(output)
+ assert 'u-boot-env:Old' in ''.join(output)
else:
- assert 'u-boot:New' in ''.join(output)
+ assert 'u-boot-env:New' in ''.join(output)
--
2.25.1
^ permalink raw reply related [flat|nested] 13+ messages in thread
* [PATCH v7 6/8] FMP: Remove GUIDs for FIT and raw images
2022-04-14 10:54 [PATCH v7 0/8] efi: capsule: Capsule Update fixes and enhancements Sughosh Ganu
` (4 preceding siblings ...)
2022-04-14 10:54 ` [PATCH v7 5/8] test: capsule: Modify the capsule tests to use GUID values for sandbox Sughosh Ganu
@ 2022-04-14 10:54 ` Sughosh Ganu
2022-04-14 10:54 ` [PATCH v7 7/8] mkeficapsule: Remove raw and FIT GUID types Sughosh Ganu
2022-04-14 10:54 ` [PATCH v7 8/8] doc: uefi: Update the capsule update related documentation Sughosh Ganu
7 siblings, 0 replies; 13+ messages in thread
From: Sughosh Ganu @ 2022-04-14 10:54 UTC (permalink / raw)
To: u-boot
Cc: Heinrich Schuchardt, Ilias Apalodimas, AKASHI Takahiro,
Ying-Chun Liu, Tuomas Tynkkynen, Heiko Thiery, Frieder Schrempf,
Michael Walle, Masami Hiramatsu, Jassi Brar, Michal Simek,
Michal Simek, Sughosh Ganu
The capsule update code has been modified for getting the image GUID
values from the platform code. With this, each image now has a unique
GUID value. With this change, there is no longer a need for defining
GUIDs for FIT and raw images. Remove these GUID values.
Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
---
Changes since V6: None
include/efi_api.h | 8 --------
lib/efi_loader/efi_firmware.c | 4 ----
2 files changed, 12 deletions(-)
diff --git a/include/efi_api.h b/include/efi_api.h
index 982c200172..c7f7873b5d 100644
--- a/include/efi_api.h
+++ b/include/efi_api.h
@@ -1967,14 +1967,6 @@ struct efi_signature_list {
EFI_GUID(0x86c77a67, 0x0b97, 0x4633, 0xa1, 0x87, \
0x49, 0x10, 0x4d, 0x06, 0x85, 0xc7)
-#define EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID \
- EFI_GUID(0xae13ff2d, 0x9ad4, 0x4e25, 0x9a, 0xc8, \
- 0x6d, 0x80, 0xb3, 0xb2, 0x21, 0x47)
-
-#define EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID \
- EFI_GUID(0xe2bb9c06, 0x70e9, 0x4b14, 0x97, 0xa3, \
- 0x5a, 0x79, 0x13, 0x17, 0x6e, 0x3f)
-
#define IMAGE_ATTRIBUTE_IMAGE_UPDATABLE 0x0000000000000001
#define IMAGE_ATTRIBUTE_RESET_REQUIRED 0x0000000000000002
#define IMAGE_ATTRIBUTE_AUTHENTICATION_REQUIRED 0x0000000000000004
diff --git a/lib/efi_loader/efi_firmware.c b/lib/efi_loader/efi_firmware.c
index aff5519e54..b6ce94334f 100644
--- a/lib/efi_loader/efi_firmware.c
+++ b/lib/efi_loader/efi_firmware.c
@@ -188,8 +188,6 @@ static efi_status_t efi_fill_image_desc_array(
* - versioning of firmware image
* - package information
*/
-const efi_guid_t efi_firmware_image_type_uboot_fit =
- EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID;
/**
* efi_firmware_fit_get_image_info - return information about the current
@@ -296,8 +294,6 @@ const struct efi_firmware_management_protocol efi_fmp_fit = {
* This FIRMWARE_MANAGEMENT_PROTOCOL driver provides a firmware update
* method with raw data.
*/
-const efi_guid_t efi_firmware_image_type_uboot_raw =
- EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID;
/**
* efi_firmware_raw_get_image_info - return information about the current
--
2.25.1
^ permalink raw reply related [flat|nested] 13+ messages in thread
* [PATCH v7 7/8] mkeficapsule: Remove raw and FIT GUID types
2022-04-14 10:54 [PATCH v7 0/8] efi: capsule: Capsule Update fixes and enhancements Sughosh Ganu
` (5 preceding siblings ...)
2022-04-14 10:54 ` [PATCH v7 6/8] FMP: Remove GUIDs for FIT and raw images Sughosh Ganu
@ 2022-04-14 10:54 ` Sughosh Ganu
2022-04-14 10:54 ` [PATCH v7 8/8] doc: uefi: Update the capsule update related documentation Sughosh Ganu
7 siblings, 0 replies; 13+ messages in thread
From: Sughosh Ganu @ 2022-04-14 10:54 UTC (permalink / raw)
To: u-boot
Cc: Heinrich Schuchardt, Ilias Apalodimas, AKASHI Takahiro,
Ying-Chun Liu, Tuomas Tynkkynen, Heiko Thiery, Frieder Schrempf,
Michael Walle, Masami Hiramatsu, Jassi Brar, Michal Simek,
Michal Simek, Sughosh Ganu
While building a capsule, the GUID value of that specific image is to
be passed through the --guid command option to the mkeficapsule
tool instead of using one of --raw or --fit options, where the GUID
value passed through the command line option is the image GUID.
This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and
EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the
--raw and --fit command line options as well. Also modify the
mkeficapsule man page to reflect this change.
Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
---
Changes since V6:
* Reword the commit message to highlight the reason for removing --fit
and --raw options as suggested by Takahiro
* Remove the --fit and --raw description in the mkeficapsule man page
doc/mkeficapsule.1 | 12 ------------
tools/eficapsule.h | 8 --------
tools/mkeficapsule.c | 26 +-------------------------
3 files changed, 1 insertion(+), 45 deletions(-)
diff --git a/doc/mkeficapsule.1 b/doc/mkeficapsule.1
index 8babb27ee8..09bdc24295 100644
--- a/doc/mkeficapsule.1
+++ b/doc/mkeficapsule.1
@@ -41,18 +41,6 @@ If you want to use other types than above two, you should explicitly
specify a guid for the FMP driver.
.SH "OPTIONS"
-One of
-.BR --fit ", " --raw " or " --guid
-option must be specified.
-
-.TP
-.BR -f ", " --fit
-Indicate that the blob is a FIT image file
-
-.TP
-.BR -r ", " --raw
-Indicate that the blob is a raw image file
-
.TP
.BI "-g\fR,\fB --guid " guid-string
Specify guid for image blob type. The format is:
diff --git a/tools/eficapsule.h b/tools/eficapsule.h
index 69c9c58c2f..d63b831443 100644
--- a/tools/eficapsule.h
+++ b/tools/eficapsule.h
@@ -37,14 +37,6 @@ typedef struct {
EFI_GUID(0x6dcbd5ed, 0xe82d, 0x4c44, 0xbd, 0xa1, \
0x71, 0x94, 0x19, 0x9a, 0xd9, 0x2a)
-#define EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID \
- EFI_GUID(0xae13ff2d, 0x9ad4, 0x4e25, 0x9a, 0xc8, \
- 0x6d, 0x80, 0xb3, 0xb2, 0x21, 0x47)
-
-#define EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID \
- EFI_GUID(0xe2bb9c06, 0x70e9, 0x4b14, 0x97, 0xa3, \
- 0x5a, 0x79, 0x13, 0x17, 0x6e, 0x3f)
-
#define EFI_CERT_TYPE_PKCS7_GUID \
EFI_GUID(0x4aafd29d, 0x68df, 0x49ee, 0x8a, 0xa9, \
0x34, 0x7d, 0x37, 0x56, 0x65, 0xa7)
diff --git a/tools/mkeficapsule.c b/tools/mkeficapsule.c
index c118335b93..5f74d23b9e 100644
--- a/tools/mkeficapsule.c
+++ b/tools/mkeficapsule.c
@@ -27,17 +27,11 @@
static const char *tool_name = "mkeficapsule";
efi_guid_t efi_guid_fm_capsule = EFI_FIRMWARE_MANAGEMENT_CAPSULE_ID_GUID;
-efi_guid_t efi_guid_image_type_uboot_fit =
- EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID;
-efi_guid_t efi_guid_image_type_uboot_raw =
- EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID;
efi_guid_t efi_guid_cert_type_pkcs7 = EFI_CERT_TYPE_PKCS7_GUID;
-static const char *opts_short = "frg:i:I:v:p:c:m:dh";
+static const char *opts_short = "g:i:I:v:p:c:m:dh";
static struct option options[] = {
- {"fit", no_argument, NULL, 'f'},
- {"raw", no_argument, NULL, 'r'},
{"guid", required_argument, NULL, 'g'},
{"index", required_argument, NULL, 'i'},
{"instance", required_argument, NULL, 'I'},
@@ -54,8 +48,6 @@ static void print_usage(void)
fprintf(stderr, "Usage: %s [options] <image blob> <output file>\n"
"Options:\n"
- "\t-f, --fit FIT image type\n"
- "\t-r, --raw raw image type\n"
"\t-g, --guid <guid string> guid for image blob type\n"
"\t-i, --index <index> update image index\n"
"\t-I, --instance <instance> update hardware instance\n"
@@ -606,22 +598,6 @@ int main(int argc, char **argv)
break;
switch (c) {
- case 'f':
- if (guid) {
- fprintf(stderr,
- "Image type already specified\n");
- exit(EXIT_FAILURE);
- }
- guid = &efi_guid_image_type_uboot_fit;
- break;
- case 'r':
- if (guid) {
- fprintf(stderr,
- "Image type already specified\n");
- exit(EXIT_FAILURE);
- }
- guid = &efi_guid_image_type_uboot_raw;
- break;
case 'g':
if (guid) {
fprintf(stderr,
--
2.25.1
^ permalink raw reply related [flat|nested] 13+ messages in thread
* [PATCH v7 8/8] doc: uefi: Update the capsule update related documentation
2022-04-14 10:54 [PATCH v7 0/8] efi: capsule: Capsule Update fixes and enhancements Sughosh Ganu
` (6 preceding siblings ...)
2022-04-14 10:54 ` [PATCH v7 7/8] mkeficapsule: Remove raw and FIT GUID types Sughosh Ganu
@ 2022-04-14 10:54 ` Sughosh Ganu
2022-04-14 12:57 ` Masami Hiramatsu
2022-04-15 1:24 ` AKASHI Takahiro
7 siblings, 2 replies; 13+ messages in thread
From: Sughosh Ganu @ 2022-04-14 10:54 UTC (permalink / raw)
To: u-boot
Cc: Heinrich Schuchardt, Ilias Apalodimas, AKASHI Takahiro,
Ying-Chun Liu, Tuomas Tynkkynen, Heiko Thiery, Frieder Schrempf,
Michael Walle, Masami Hiramatsu, Jassi Brar, Michal Simek,
Michal Simek, Sughosh Ganu
Update the capsule update functionality related documentation to
refect the additional definitions that need to be made per platform
for supporting the capsule update feature.
Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
---
Changes since V6:
* Add example for the struct efi_fw_image array and struct
efi_capsule_update_info as suggested by Takahiro
doc/develop/uefi/uefi.rst | 98 ++++++++++++++++++++++++++++++++++++++-
1 file changed, 96 insertions(+), 2 deletions(-)
diff --git a/doc/develop/uefi/uefi.rst b/doc/develop/uefi/uefi.rst
index fe337c88bd..1aea04a4e8 100644
--- a/doc/develop/uefi/uefi.rst
+++ b/doc/develop/uefi/uefi.rst
@@ -312,8 +312,8 @@ Run the following command
.. code-block:: console
$ mkeficapsule \
- --index 1 --instance 0 \
- [--fit <FIT image> | --raw <raw image>] \
+ --index <index> --instance 0 \
+ --guid <image GUID> \
<capsule_file_name>
Performing the update
@@ -333,9 +333,102 @@ won't be taken over across the reboot. If this is the case, you can skip
this feature check with the Kconfig option (CONFIG_EFI_IGNORE_OSINDICATIONS)
set.
+A few values need to be defined in the board file for performing the
+capsule update. These values are defined in the board file by
+initialisation of a structure which provides information needed for
+capsule updates. The following structures have been defined for
+containing the image related information
+
+.. code-block:: c
+
+ struct efi_fw_images {
+ efi_guid_t image_type_id;
+ u16 *fw_name;
+ u8 image_index;
+ };
+
+ struct efi_capsule_update_info {
+ const char *dfu_string;
+ struct efi_fw_image *images;
+ };
+
+
+A string is defined which is to be used for populating the
+dfu_alt_info variable. This string is used by the function
+set_dfu_alt_info. Instead of taking the variable from the environment,
+the capsule update feature requires that the variable be set through
+the function, since that is more robust. Allowing the user to change
+the location of the firmware updates is not a very secure
+practice. Getting this information from the firmware itself is more
+secure, assuming the firmware has been verified by a previous stage
+boot loader.
+
+The firmware images structure defines the GUID values, image index
+values and the name of the images that are to be updated through
+the capsule update feature. These values are to be defined as part of
+an array. These GUID values would be used by the Firmware Management
+Protocol(FMP) to populate the image descriptor array and also
+displayed as part of the ESRT table. The image index values defined in
+the array should be one greater than the dfu alt number that
+corresponds to the firmware image. So, if the dfu alt number for an
+image is 2, the value of image index in the fw_images array for that
+image should be 3. The dfu alt number can be obtained by running the
+following command::
+
+ dfu list
+
+When using the FMP for FIT images, the image index value needs to be
+set to 1.
+
Finally, the capsule update can be initiated by rebooting the board.
+An example of setting the values in the struct efi_fw_image and
+struct efi_capsule_update_info is shown below
+
+.. code-block:: c
+
+ struct efi_fw_image fw_images[] = {
+ {
+ .image_type_id = DEVELOPERBOX_UBOOT_IMAGE_GUID,
+ .fw_name = u"DEVELOPERBOX-UBOOT",
+ .image_index = 1,
+ },
+ {
+ .image_type_id = DEVELOPERBOX_FIP_IMAGE_GUID,
+ .fw_name = u"DEVELOPERBOX-FIP",
+ .image_index = 2,
+ },
+ {
+ .image_type_id = DEVELOPERBOX_OPTEE_IMAGE_GUID,
+ .fw_name = u"DEVELOPERBOX-OPTEE",
+ .image_index = 3,
+ },
+ };
+
+ struct efi_capsule_update_info update_info = {
+ .dfu_string = "mtd nor1=u-boot.bin raw 200000 100000;"
+ "fip.bin raw 180000 78000;"
+ "optee.bin raw 500000 100000",
+ .images = fw_images,
+ };
+
+The platform will define a fw_images array which contains information
+of all the firmware images that are to be updated through capsule
+update mechanism. The dfu_string is the string that is to be set as
+dfu_alt_info. In the example above, the image index to be set for
+u-boot.bin binary is 0x1, for fip.bin is 0x2 and for optee.bin is 0x3.
+
+As an example, for generating the capsule for the optee.bin image, the
+following command can be issued
+
+.. code-block:: bash
+
+ $ ./tools/mkeficapsule \
+ --index 0x3 --instance 0 \
+ --guid c1b629f1-ce0e-4894-82bf-f0a38387e630 \
+ optee.bin optee.capsule
+
+
Enabling Capsule Authentication
*******************************
--
2.25.1
^ permalink raw reply related [flat|nested] 13+ messages in thread
* Re: [PATCH v7 2/8] capsule: FMP: Populate the image descriptor array from platform data
2022-04-14 10:54 ` [PATCH v7 2/8] capsule: FMP: Populate the image descriptor array from platform data Sughosh Ganu
@ 2022-04-14 11:37 ` Masami Hiramatsu
0 siblings, 0 replies; 13+ messages in thread
From: Masami Hiramatsu @ 2022-04-14 11:37 UTC (permalink / raw)
To: Sughosh Ganu
Cc: u-boot, Heinrich Schuchardt, Ilias Apalodimas, AKASHI Takahiro,
Ying-Chun Liu, Tuomas Tynkkynen, Heiko Thiery, Frieder Schrempf,
Michael Walle, Jassi Brar, Michal Simek, Michal Simek
Hi Sughosh,
2022年4月14日(木) 19:55 Sughosh Ganu <sughosh.ganu@linaro.org>:
>
> Currently, the image descriptor array that has been passed to the
> GetImageInfo function of the Firmware Management Protocol(FMP) gets
> populated through the data stored with the dfu framework. The
> dfu data is not restricted to contain information only of the images
> updatable through the capsule update mechanism, but it also contains
> information on other images. The image descriptor array is also parsed
> by the ESRT generation code, and thus the ESRT table contains entries
> for other images that are not being handled by the FMP for the capsule
> updates. Fix this by populating the image descriptor array from the
> structure initialised in the board file.
>
> The other issue fixed is assignment of a separate GUID for all images
> in the image descriptor array. The UEFI specification mandates that
> all entries in the ESRT table should have a unique GUID value as part
> of the FwClass member of the EFI_SYSTEM_RESOURCE_ENTRY. Currently, all
> images are assigned a single GUID value, either an FIT GUID or a raw
> image GUID. This is fixed by obtaining the GUID values from the
> efi_fw_images array defined per platform.
>
> Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
> ---
>
> Changes since V6:
> * Use renamed struct efi_fw_image instead of struct efi_fw_images
>
>
> lib/efi_loader/efi_firmware.c | 95 +++++++++++------------------------
> 1 file changed, 28 insertions(+), 67 deletions(-)
>
> diff --git a/lib/efi_loader/efi_firmware.c b/lib/efi_loader/efi_firmware.c
> index a5ff32f121..46aa7a001a 100644
> --- a/lib/efi_loader/efi_firmware.c
> +++ b/lib/efi_loader/efi_firmware.c
> @@ -97,91 +97,58 @@ efi_status_t EFIAPI efi_firmware_set_package_info_unsupported(
> }
>
> /**
> - * efi_get_dfu_info - return information about the current firmware image
> + * efi_fill_image_desc_array - populate image descriptor array
> * @this: Protocol instance
> * @image_info_size: Size of @image_info
> * @image_info: Image information
> * @descriptor_version: Pointer to version number
> - * @descriptor_count: Pointer to number of descriptors
> + * @descriptor_count: Image count
> * @descriptor_size: Pointer to descriptor size
> - * package_version: Package version
> - * package_version_name: Package version's name
> - * image_type: Image type GUID
> + * @package_version: Package version
> + * @package_version_name: Package version's name
> *
> * Return information bout the current firmware image in @image_info.
> * @image_info will consist of a number of descriptors.
> - * Each descriptor will be created based on "dfu_alt_info" variable.
> + * Each descriptor will be created based on "efi_fw_images" variable.
nit: here is "efi_fw_images".
Except for that, this looks good to me.
Reviewed-by: Masami Hiramatsu <masami.hiramatsu@linaro.org>
Thank you,
> *
> * Return status code
> */
> -static efi_status_t efi_get_dfu_info(
> +static efi_status_t efi_fill_image_desc_array(
> efi_uintn_t *image_info_size,
> struct efi_firmware_image_descriptor *image_info,
> u32 *descriptor_version,
> u8 *descriptor_count,
> efi_uintn_t *descriptor_size,
> u32 *package_version,
> - u16 **package_version_name,
> - const efi_guid_t *image_type)
> + u16 **package_version_name)
> {
> - struct dfu_entity *dfu;
> - size_t names_len, total_size;
> - int dfu_num, i;
> - u16 *name, *next;
> - int ret;
> -
> - ret = dfu_init_env_entities(NULL, NULL);
> - if (ret)
> - return EFI_SUCCESS;
> -
> - names_len = 0;
> - dfu_num = 0;
> - list_for_each_entry(dfu, &dfu_list, list) {
> - names_len += (utf8_utf16_strlen(dfu->name) + 1) * 2;
> - dfu_num++;
> - }
> - if (!dfu_num) {
> - log_warning("No entities in dfu_alt_info\n");
> - *image_info_size = 0;
> - dfu_free_entities();
> + size_t total_size;
> + struct efi_fw_image *fw_array;
> + int i;
>
> - return EFI_SUCCESS;
> - }
> + fw_array = update_info.images;
> + *descriptor_count = num_image_type_guids;
> +
> + total_size = sizeof(*image_info) * num_image_type_guids;
>
> - total_size = sizeof(*image_info) * dfu_num + names_len;
> - /*
> - * we will assume that sizeof(*image_info) * dfu_name
> - * is, at least, a multiple of 2. So the start address for
> - * image_id_name would be aligned with 2 bytes.
> - */
> if (*image_info_size < total_size) {
> *image_info_size = total_size;
> - dfu_free_entities();
>
> return EFI_BUFFER_TOO_SMALL;
> }
> *image_info_size = total_size;
>
> *descriptor_version = EFI_FIRMWARE_IMAGE_DESCRIPTOR_VERSION;
> - *descriptor_count = dfu_num;
> *descriptor_size = sizeof(*image_info);
> *package_version = 0xffffffff; /* not supported */
> *package_version_name = NULL; /* not supported */
>
> - /* DFU alt number should correspond to image_index */
> - i = 0;
> - /* Name area starts just after descriptors */
> - name = (u16 *)((u8 *)image_info + sizeof(*image_info) * dfu_num);
> - next = name;
> - list_for_each_entry(dfu, &dfu_list, list) {
> - image_info[i].image_index = dfu->alt + 1;
> - image_info[i].image_type_id = *image_type;
> - image_info[i].image_id = dfu->alt;
> -
> - /* copy the DFU entity name */
> - utf8_utf16_strcpy(&next, dfu->name);
> - image_info[i].image_id_name = name;
> - name = ++next;
> + for (i = 0; i < num_image_type_guids; i++) {
> + image_info[i].image_index = fw_array[i].image_index;
> + image_info[i].image_type_id = fw_array[i].image_type_id;
> + image_info[i].image_id = fw_array[i].image_index;
> +
> + image_info[i].image_id_name = fw_array[i].fw_name;
>
> image_info[i].version = 0; /* not supported */
> image_info[i].version_name = NULL; /* not supported */
> @@ -202,12 +169,8 @@ static efi_status_t efi_get_dfu_info(
> image_info[i].last_attempt_status = LAST_ATTEMPT_STATUS_SUCCESS;
> image_info[i].hardware_instance = 1;
> image_info[i].dependencies = NULL;
> -
> - i++;
> }
>
> - dfu_free_entities();
> -
> return EFI_SUCCESS;
> }
>
> @@ -267,11 +230,10 @@ efi_status_t EFIAPI efi_firmware_fit_get_image_info(
> !descriptor_size || !package_version || !package_version_name))
> return EFI_EXIT(EFI_INVALID_PARAMETER);
>
> - ret = efi_get_dfu_info(image_info_size, image_info,
> - descriptor_version, descriptor_count,
> - descriptor_size,
> - package_version, package_version_name,
> - &efi_firmware_image_type_uboot_fit);
> + ret = efi_fill_image_desc_array(image_info_size, image_info,
> + descriptor_version, descriptor_count,
> + descriptor_size, package_version,
> + package_version_name);
>
> return EFI_EXIT(ret);
> }
> @@ -376,11 +338,10 @@ efi_status_t EFIAPI efi_firmware_raw_get_image_info(
> !descriptor_size || !package_version || !package_version_name))
> return EFI_EXIT(EFI_INVALID_PARAMETER);
>
> - ret = efi_get_dfu_info(image_info_size, image_info,
> - descriptor_version, descriptor_count,
> - descriptor_size,
> - package_version, package_version_name,
> - &efi_firmware_image_type_uboot_raw);
> + ret = efi_fill_image_desc_array(image_info_size, image_info,
> + descriptor_version, descriptor_count,
> + descriptor_size, package_version,
> + package_version_name);
>
> return EFI_EXIT(ret);
> }
> --
> 2.25.1
>
--
Masami Hiramatsu
^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: [PATCH v7 4/8] efi: Define set_dfu_alt_info() for boards with UEFI capsule update enabled
2022-04-14 10:54 ` [PATCH v7 4/8] efi: Define set_dfu_alt_info() for boards with UEFI capsule update enabled Sughosh Ganu
@ 2022-04-14 11:41 ` Masami Hiramatsu
0 siblings, 0 replies; 13+ messages in thread
From: Masami Hiramatsu @ 2022-04-14 11:41 UTC (permalink / raw)
To: Sughosh Ganu
Cc: u-boot, Heinrich Schuchardt, Ilias Apalodimas, AKASHI Takahiro,
Ying-Chun Liu, Tuomas Tynkkynen, Heiko Thiery, Frieder Schrempf,
Michael Walle, Jassi Brar, Michal Simek, Michal Simek
2022年4月14日(木) 19:55 Sughosh Ganu <sughosh.ganu@linaro.org>:
>
> Currently, there are a bunch of boards which enable the UEFI capsule
> update feature. The actual update of the firmware images is done
> through the dfu framework which uses the dfu_alt_info environment
> variable for getting information on the update, like device, partition
> number/address etc. The dfu framework allows the variable to be set
> through the set_dfu_alt_info function defined by the platform, or if
> the function is not defined, it gets the variable from the
> environment. Using the value set in the environment is not very
> robust, since the variable can be modified from the u-boot command
> line and this can cause an incorrect update.
>
> To prevent this from happening, define the set_dfu_alt_info function
> when the capsule update feature is enabled. A weak function is defined
> which sets the dfu_alt_info environment variable by getting the string
> for the variable from the platform.
This sounds reasonable.
Reviewed-by: Masami Hiramatsu <masami.hiramatsu@linaro.org>
Thank you,
>
> Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
> ---
>
> Changes since V6: None
>
> lib/efi_loader/Kconfig | 2 ++
> lib/efi_loader/efi_firmware.c | 5 +++++
> 2 files changed, 7 insertions(+)
>
> diff --git a/lib/efi_loader/Kconfig b/lib/efi_loader/Kconfig
> index 559b95a599..d50cd2563d 100644
> --- a/lib/efi_loader/Kconfig
> +++ b/lib/efi_loader/Kconfig
> @@ -181,6 +181,7 @@ config EFI_CAPSULE_FIRMWARE_FIT
> depends on EFI_CAPSULE_FIRMWARE_MANAGEMENT
> select UPDATE_FIT
> select DFU
> + select SET_DFU_ALT_INFO
> select EFI_CAPSULE_FIRMWARE
> help
> Select this option if you want to enable firmware management protocol
> @@ -192,6 +193,7 @@ config EFI_CAPSULE_FIRMWARE_RAW
> depends on SANDBOX || (!SANDBOX && !EFI_CAPSULE_FIRMWARE_FIT)
> select DFU_WRITE_ALT
> select DFU
> + select SET_DFU_ALT_INFO
> select EFI_CAPSULE_FIRMWARE
> help
> Select this option if you want to enable firmware management protocol
> diff --git a/lib/efi_loader/efi_firmware.c b/lib/efi_loader/efi_firmware.c
> index 46aa7a001a..aff5519e54 100644
> --- a/lib/efi_loader/efi_firmware.c
> +++ b/lib/efi_loader/efi_firmware.c
> @@ -35,6 +35,11 @@ struct fmp_payload_header {
> u32 lowest_supported_version;
> };
>
> +__weak void set_dfu_alt_info(char *interface, char *devstr)
> +{
> + env_set("dfu_alt_info", update_info.dfu_string);
> +}
> +
> /* Place holder; not supported */
> static
> efi_status_t EFIAPI efi_firmware_get_image_unsupported(
> --
> 2.25.1
>
--
Masami Hiramatsu
^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: [PATCH v7 8/8] doc: uefi: Update the capsule update related documentation
2022-04-14 10:54 ` [PATCH v7 8/8] doc: uefi: Update the capsule update related documentation Sughosh Ganu
@ 2022-04-14 12:57 ` Masami Hiramatsu
2022-04-15 1:24 ` AKASHI Takahiro
1 sibling, 0 replies; 13+ messages in thread
From: Masami Hiramatsu @ 2022-04-14 12:57 UTC (permalink / raw)
To: Sughosh Ganu
Cc: u-boot, Heinrich Schuchardt, Ilias Apalodimas, AKASHI Takahiro,
Ying-Chun Liu, Tuomas Tynkkynen, Heiko Thiery, Frieder Schrempf,
Michael Walle, Jassi Brar, Michal Simek, Michal Simek
Hi Sughosh,
2022年4月14日(木) 19:55 Sughosh Ganu <sughosh.ganu@linaro.org>:
>
> Update the capsule update functionality related documentation to
> refect the additional definitions that need to be made per platform
> for supporting the capsule update feature.
Thanks for adding the example. This is good to me.
Reviewed-by: Masami Hiramatsu <masami.hiramatsu@linaro.org>
Thank you,
>
> Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
> ---
>
> Changes since V6:
> * Add example for the struct efi_fw_image array and struct
> efi_capsule_update_info as suggested by Takahiro
>
> doc/develop/uefi/uefi.rst | 98 ++++++++++++++++++++++++++++++++++++++-
> 1 file changed, 96 insertions(+), 2 deletions(-)
>
> diff --git a/doc/develop/uefi/uefi.rst b/doc/develop/uefi/uefi.rst
> index fe337c88bd..1aea04a4e8 100644
> --- a/doc/develop/uefi/uefi.rst
> +++ b/doc/develop/uefi/uefi.rst
> @@ -312,8 +312,8 @@ Run the following command
> .. code-block:: console
>
> $ mkeficapsule \
> - --index 1 --instance 0 \
> - [--fit <FIT image> | --raw <raw image>] \
> + --index <index> --instance 0 \
> + --guid <image GUID> \
> <capsule_file_name>
>
> Performing the update
> @@ -333,9 +333,102 @@ won't be taken over across the reboot. If this is the case, you can skip
> this feature check with the Kconfig option (CONFIG_EFI_IGNORE_OSINDICATIONS)
> set.
>
> +A few values need to be defined in the board file for performing the
> +capsule update. These values are defined in the board file by
> +initialisation of a structure which provides information needed for
> +capsule updates. The following structures have been defined for
> +containing the image related information
> +
> +.. code-block:: c
> +
> + struct efi_fw_images {
> + efi_guid_t image_type_id;
> + u16 *fw_name;
> + u8 image_index;
> + };
> +
> + struct efi_capsule_update_info {
> + const char *dfu_string;
> + struct efi_fw_image *images;
> + };
> +
> +
> +A string is defined which is to be used for populating the
> +dfu_alt_info variable. This string is used by the function
> +set_dfu_alt_info. Instead of taking the variable from the environment,
> +the capsule update feature requires that the variable be set through
> +the function, since that is more robust. Allowing the user to change
> +the location of the firmware updates is not a very secure
> +practice. Getting this information from the firmware itself is more
> +secure, assuming the firmware has been verified by a previous stage
> +boot loader.
> +
> +The firmware images structure defines the GUID values, image index
> +values and the name of the images that are to be updated through
> +the capsule update feature. These values are to be defined as part of
> +an array. These GUID values would be used by the Firmware Management
> +Protocol(FMP) to populate the image descriptor array and also
> +displayed as part of the ESRT table. The image index values defined in
> +the array should be one greater than the dfu alt number that
> +corresponds to the firmware image. So, if the dfu alt number for an
> +image is 2, the value of image index in the fw_images array for that
> +image should be 3. The dfu alt number can be obtained by running the
> +following command::
> +
> + dfu list
> +
> +When using the FMP for FIT images, the image index value needs to be
> +set to 1.
> +
> Finally, the capsule update can be initiated by rebooting the board.
>
> +An example of setting the values in the struct efi_fw_image and
> +struct efi_capsule_update_info is shown below
> +
> +.. code-block:: c
> +
> + struct efi_fw_image fw_images[] = {
> + {
> + .image_type_id = DEVELOPERBOX_UBOOT_IMAGE_GUID,
> + .fw_name = u"DEVELOPERBOX-UBOOT",
> + .image_index = 1,
> + },
> + {
> + .image_type_id = DEVELOPERBOX_FIP_IMAGE_GUID,
> + .fw_name = u"DEVELOPERBOX-FIP",
> + .image_index = 2,
> + },
> + {
> + .image_type_id = DEVELOPERBOX_OPTEE_IMAGE_GUID,
> + .fw_name = u"DEVELOPERBOX-OPTEE",
> + .image_index = 3,
> + },
> + };
> +
> + struct efi_capsule_update_info update_info = {
> + .dfu_string = "mtd nor1=u-boot.bin raw 200000 100000;"
> + "fip.bin raw 180000 78000;"
> + "optee.bin raw 500000 100000",
> + .images = fw_images,
> + };
> +
> +The platform will define a fw_images array which contains information
> +of all the firmware images that are to be updated through capsule
> +update mechanism. The dfu_string is the string that is to be set as
> +dfu_alt_info. In the example above, the image index to be set for
> +u-boot.bin binary is 0x1, for fip.bin is 0x2 and for optee.bin is 0x3.
> +
> +As an example, for generating the capsule for the optee.bin image, the
> +following command can be issued
> +
> +.. code-block:: bash
> +
> + $ ./tools/mkeficapsule \
> + --index 0x3 --instance 0 \
> + --guid c1b629f1-ce0e-4894-82bf-f0a38387e630 \
> + optee.bin optee.capsule
> +
> +
> Enabling Capsule Authentication
> *******************************
>
> --
> 2.25.1
>
--
Masami Hiramatsu
^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: [PATCH v7 8/8] doc: uefi: Update the capsule update related documentation
2022-04-14 10:54 ` [PATCH v7 8/8] doc: uefi: Update the capsule update related documentation Sughosh Ganu
2022-04-14 12:57 ` Masami Hiramatsu
@ 2022-04-15 1:24 ` AKASHI Takahiro
1 sibling, 0 replies; 13+ messages in thread
From: AKASHI Takahiro @ 2022-04-15 1:24 UTC (permalink / raw)
To: Sughosh Ganu
Cc: u-boot, Heinrich Schuchardt, Ilias Apalodimas, Ying-Chun Liu,
Tuomas Tynkkynen, Heiko Thiery, Frieder Schrempf, Michael Walle,
Masami Hiramatsu, Jassi Brar, Michal Simek, Michal Simek
On Thu, Apr 14, 2022 at 04:24:48PM +0530, Sughosh Ganu wrote:
> Update the capsule update functionality related documentation to
> refect the additional definitions that need to be made per platform
> for supporting the capsule update feature.
Your code seems to expect that a global variable, "update_info", exists
for each platform.
If so, please describe this requirement explicitly in a document.
-Takahiro Akashi
>
> Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
> ---
>
> Changes since V6:
> * Add example for the struct efi_fw_image array and struct
> efi_capsule_update_info as suggested by Takahiro
>
> doc/develop/uefi/uefi.rst | 98 ++++++++++++++++++++++++++++++++++++++-
> 1 file changed, 96 insertions(+), 2 deletions(-)
>
> diff --git a/doc/develop/uefi/uefi.rst b/doc/develop/uefi/uefi.rst
> index fe337c88bd..1aea04a4e8 100644
> --- a/doc/develop/uefi/uefi.rst
> +++ b/doc/develop/uefi/uefi.rst
> @@ -312,8 +312,8 @@ Run the following command
> .. code-block:: console
>
> $ mkeficapsule \
> - --index 1 --instance 0 \
> - [--fit <FIT image> | --raw <raw image>] \
> + --index <index> --instance 0 \
> + --guid <image GUID> \
> <capsule_file_name>
>
> Performing the update
> @@ -333,9 +333,102 @@ won't be taken over across the reboot. If this is the case, you can skip
> this feature check with the Kconfig option (CONFIG_EFI_IGNORE_OSINDICATIONS)
> set.
>
> +A few values need to be defined in the board file for performing the
> +capsule update. These values are defined in the board file by
> +initialisation of a structure which provides information needed for
> +capsule updates. The following structures have been defined for
> +containing the image related information
> +
> +.. code-block:: c
> +
> + struct efi_fw_images {
> + efi_guid_t image_type_id;
> + u16 *fw_name;
> + u8 image_index;
> + };
> +
> + struct efi_capsule_update_info {
> + const char *dfu_string;
> + struct efi_fw_image *images;
> + };
> +
> +
> +A string is defined which is to be used for populating the
> +dfu_alt_info variable. This string is used by the function
> +set_dfu_alt_info. Instead of taking the variable from the environment,
> +the capsule update feature requires that the variable be set through
> +the function, since that is more robust. Allowing the user to change
> +the location of the firmware updates is not a very secure
> +practice. Getting this information from the firmware itself is more
> +secure, assuming the firmware has been verified by a previous stage
> +boot loader.
> +
> +The firmware images structure defines the GUID values, image index
> +values and the name of the images that are to be updated through
> +the capsule update feature. These values are to be defined as part of
> +an array. These GUID values would be used by the Firmware Management
> +Protocol(FMP) to populate the image descriptor array and also
> +displayed as part of the ESRT table. The image index values defined in
> +the array should be one greater than the dfu alt number that
> +corresponds to the firmware image. So, if the dfu alt number for an
> +image is 2, the value of image index in the fw_images array for that
> +image should be 3. The dfu alt number can be obtained by running the
> +following command::
> +
> + dfu list
> +
> +When using the FMP for FIT images, the image index value needs to be
> +set to 1.
> +
> Finally, the capsule update can be initiated by rebooting the board.
>
> +An example of setting the values in the struct efi_fw_image and
> +struct efi_capsule_update_info is shown below
> +
> +.. code-block:: c
> +
> + struct efi_fw_image fw_images[] = {
> + {
> + .image_type_id = DEVELOPERBOX_UBOOT_IMAGE_GUID,
> + .fw_name = u"DEVELOPERBOX-UBOOT",
> + .image_index = 1,
> + },
> + {
> + .image_type_id = DEVELOPERBOX_FIP_IMAGE_GUID,
> + .fw_name = u"DEVELOPERBOX-FIP",
> + .image_index = 2,
> + },
> + {
> + .image_type_id = DEVELOPERBOX_OPTEE_IMAGE_GUID,
> + .fw_name = u"DEVELOPERBOX-OPTEE",
> + .image_index = 3,
> + },
> + };
> +
> + struct efi_capsule_update_info update_info = {
> + .dfu_string = "mtd nor1=u-boot.bin raw 200000 100000;"
> + "fip.bin raw 180000 78000;"
> + "optee.bin raw 500000 100000",
> + .images = fw_images,
> + };
> +
> +The platform will define a fw_images array which contains information
> +of all the firmware images that are to be updated through capsule
> +update mechanism. The dfu_string is the string that is to be set as
> +dfu_alt_info. In the example above, the image index to be set for
> +u-boot.bin binary is 0x1, for fip.bin is 0x2 and for optee.bin is 0x3.
> +
> +As an example, for generating the capsule for the optee.bin image, the
> +following command can be issued
> +
> +.. code-block:: bash
> +
> + $ ./tools/mkeficapsule \
> + --index 0x3 --instance 0 \
> + --guid c1b629f1-ce0e-4894-82bf-f0a38387e630 \
> + optee.bin optee.capsule
> +
> +
> Enabling Capsule Authentication
> *******************************
>
> --
> 2.25.1
>
^ permalink raw reply [flat|nested] 13+ messages in thread
end of thread, other threads:[~2022-04-15 1:24 UTC | newest]
Thread overview: 13+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-04-14 10:54 [PATCH v7 0/8] efi: capsule: Capsule Update fixes and enhancements Sughosh Ganu
2022-04-14 10:54 ` [PATCH v7 1/8] capsule: board: Add information needed for capsule updates Sughosh Ganu
2022-04-14 10:54 ` [PATCH v7 2/8] capsule: FMP: Populate the image descriptor array from platform data Sughosh Ganu
2022-04-14 11:37 ` Masami Hiramatsu
2022-04-14 10:54 ` [PATCH v7 3/8] capsule: Put a check for image index before the update Sughosh Ganu
2022-04-14 10:54 ` [PATCH v7 4/8] efi: Define set_dfu_alt_info() for boards with UEFI capsule update enabled Sughosh Ganu
2022-04-14 11:41 ` Masami Hiramatsu
2022-04-14 10:54 ` [PATCH v7 5/8] test: capsule: Modify the capsule tests to use GUID values for sandbox Sughosh Ganu
2022-04-14 10:54 ` [PATCH v7 6/8] FMP: Remove GUIDs for FIT and raw images Sughosh Ganu
2022-04-14 10:54 ` [PATCH v7 7/8] mkeficapsule: Remove raw and FIT GUID types Sughosh Ganu
2022-04-14 10:54 ` [PATCH v7 8/8] doc: uefi: Update the capsule update related documentation Sughosh Ganu
2022-04-14 12:57 ` Masami Hiramatsu
2022-04-15 1:24 ` AKASHI Takahiro
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.