From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from phobos.denx.de (phobos.denx.de [85.214.62.61]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 9E869C43217 for ; Tue, 30 Nov 2021 12:58:14 +0000 (UTC) Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 8378183077; Tue, 30 Nov 2021 13:58:12 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=fail (p=none dis=none) header.from=gmx.de Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (1024-bit key; secure) header.d=gmx.net header.i=@gmx.net header.b="iGvN9hKE"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id C32AD83081; Tue, 30 Nov 2021 13:58:10 +0100 (CET) Received: from mout.gmx.net (mout.gmx.net [212.227.15.19]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id 1DBC18306E for ; Tue, 30 Nov 2021 13:58:06 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=gmx.de Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=xypron.glpk@gmx.de DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=gmx.net; s=badeba3b8450; t=1638277076; bh=fOGl0Q9qqMaOJ6401r1x+3BzIhP1LaeN/zw35+fz8P8=; h=X-UI-Sender-Class:Date:Subject:To:Cc:References:From:In-Reply-To; b=iGvN9hKE+4GfLpRAMLWxym2aJG/sHKDG7MmuyoEfpzboxUJm28KL77a57ORv6KNl3 jJq0aTiN7Qot6MYyrsoApryz+W7uAJqJ9Bk3fzW4iikuaGrZwFF1ISCCrGy7Vu6Gqn OmzfFjYc8YsU9yCzACs3UOGOyHShwX0qVRXqbgjg= X-UI-Sender-Class: 01bb95c1-4bf8-414a-932a-4f6e2808ef9c Received: from [192.168.123.35] ([88.152.144.157]) by mail.gmx.net (mrgmx005 [212.227.17.190]) with ESMTPSA (Nemesis) id 1MxUnz-1mhUrt0svp-00xoHr; Tue, 30 Nov 2021 13:57:56 +0100 Message-ID: Date: Tue, 30 Nov 2021 13:57:52 +0100 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.3.1 Subject: Re: [RESEND RFC PATCH 03/10] FWU: Add metadata structure and functions for accessing metadata Content-Language: en-US To: Sughosh Ganu Cc: Patrick Delaunay , Patrice Chotard , Alexander Graf , Simon Glass , Bin Meng , Peng Fan , AKASHI Takahiro , Ilias Apalodimas , Jose Marinho , Grant Likely , Jason Liu , u-boot@lists.denx.de References: <20211125071302.3644-1-sughosh.ganu@linaro.org> <20211125071302.3644-4-sughosh.ganu@linaro.org> From: Heinrich Schuchardt In-Reply-To: <20211125071302.3644-4-sughosh.ganu@linaro.org> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: quoted-printable X-Provags-ID: V03:K1:ZvcpagKbnK/Vd8GPuXWgrO1GEpJc8JCew0+eCrvFBWn2n3/QceX HAsyBJbGPi+zAKAjva1oAE3BGwaA2SLuOPJ3wzOM5W2qeejOPjIc+lEy7bU8atgIQgyMz2u CuWEPrTI+ingcMhM9ncr0MMvsxx+zvON+9Fzccx396TRifDuOrwwnU4PP6O3k7uYktDNxqc XRaXZBTzqQXyolrlPsnIg== X-UI-Out-Filterresults: notjunk:1;V03:K0:Z6mgk6BxrrE=:DyX6tp04fTlFRo3/MpYbvz HW8GpRcgVjPOMbPMTmABfey6aKDAl57PTnQ4juTnOHSBXC23NgxZ5cI3lyHT8gN6RSSxn9fz+ CBy5uxhylucFDbB7192v1EqSXE9OEE/CIfXcRKNArcX+/olCZOTLlp9Ra6cUlXktg0pKZhjWk 8WZs2ApXge/Z2p1qpRy3MI2T+ry5XI4YruNoP/+i7+aByWMc9DAJ0m3B3l+6hC4QNXZpCbBJb xFAg0B9nWsBT2e9N/9YvybRviJuXpWU17zVeic7ztJczGfKPgHOEZuQ3QXqIplbr6gnfLRnpX SEKGLyZVrZe/Wm27DBqoXbgX70FdpI3Kn3+NkaxVN0wvTvucuLv1JFvgkhRpf4MB/+JtnDdlE +BWYXxUvJeP1avl1HHgRYnAPHvAcn2m16PusbjmonTw0I7Yo03dV0cItxOlvIbdRNcnizTCGK esvKsBrNuiXboG5oyIfhZRW/CSy1IrG2MlnnUK0XkbrVZEdm9ZLxidD2TXHEcWMGXTFNSTQNu YZJhS4SPLPoCwxGVImBfCdtrVnkVrT2D4m3cyDBQAoIjvwIo/941CCU/QX2LRi7rA4vbaZkF5 FeWrB08L1tViY3sqC2SqCpy8oMpSxCcb6RAqvDSTjCFhPg1u5hek1uT4Y6KL+lVo4QGICHWUe 3nA14A1GKZc9ft+MjMZQa3xwr2jmVHekRyVXcRBHAmstzc9iylZtQOaius3ueweU+mrc/h2aQ nQJ2rFchNxgB72g69SV0p9vpwo+mHGa/VnsY/Aj5BbNQU/3oVf8eOvznfr+TuhLyP73zSE2cP E6Q4VUneI2wILuMXLLURd154ODVZNMwywSrza/3ONhQCOztX59kApBe1x8puWcIFmwodDcO/F RE7BZo9nMebVnu+KF1cv8ktS2YHaEBtAvgvGxza1fffHe8eMhXTjtxS/SW5mLKPZrdBS0SqXq Twd1KjV4vFSH4mrdekEMhxM7LSiuIKYXGrU6MN23JBavyHzHttUcDAAhmCxYkF1TMrESxYjl4 e+WZF0CFBsZjQbQ6NrUTwnWnEpDze6cW7kAjLm+g9JoZKPuQbB41+/TmSyIee4AsU7Bvr8MZE H2WzDNaYuBCPiQ= X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.37 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.2 at phobos.denx.de X-Virus-Status: Clean On 11/25/21 08:12, Sughosh Ganu wrote: > In the FWU Multi Bank Update feature, the information about the > updatable images is stored as part of the metadata, which is stored on > a dedicated partition. Add the metadata structure, and functions to > access the metadata. These are generic API's, and implementations can > be added based on parameters like how the metadata partition is > accessed and what type of storage device houses the metadata. > > Signed-off-by: Sughosh Ganu > --- > include/fwu_metadata.h | 125 +++++++++++++++ > lib/fwu_updates/fwu_metadata.c | 275 +++++++++++++++++++++++++++++++++ > 2 files changed, 400 insertions(+) > create mode 100644 include/fwu_metadata.h > create mode 100644 lib/fwu_updates/fwu_metadata.c > > diff --git a/include/fwu_metadata.h b/include/fwu_metadata.h > new file mode 100644 > index 0000000000..e692ef7506 > --- /dev/null > +++ b/include/fwu_metadata.h > @@ -0,0 +1,125 @@ > +/* SPDX-License-Identifier: GPL-2.0+ */ > +/* > + * Copyright (c) 2021, Linaro Limited > + */ > + > +#if !defined _FWU_METADATA_H_ > +#define _FWU_METADATA_H_ > + > +#include > +#include > +#include > + > +#include > + > +/** > + * struct fwu_image_bank_info - firmware image information > + * @image_uuid: Guid value of the image in this bank > + * @accepted: Acceptance status of the image > + * @reserved: Reserved > + * > + * The structure contains image specific fields which are > + * used to identify the image and to specify the image's > + * acceptance status > + */ > +struct fwu_image_bank_info { > + efi_guid_t image_uuid; > + u32 accepted; > + u32 reserved; > +}; > + > +/** > + * struct fwu_image_entry - information for a particular type of image > + * @image_type_uuid: Guid value for identifying the image type > + * @location_uuid: Guid of the storage volume where the image is locate= d > + * @img_bank_info: Array containing properties of images > + * > + * This structure contains information on various types of updatable > + * firmware images. Each image type then contains an array of image > + * information per bank. > + */ > +struct fwu_image_entry { > + efi_guid_t image_type_uuid; > + efi_guid_t location_uuid; > + struct fwu_image_bank_info img_bank_info[CONFIG_FWU_NUM_BANKS]; > +}; > + > +/** > + * struct fwu_metadata - Metadata structure for multi-bank updates > + * @crc32: crc32 value for the metadata > + * @version: Metadata version > + * @active_index: Index of the bank currently used for booting images > + * @previous_active_inde: Index of the bank used before the current ban= k > + * being used for booting > + * @img_entry: Array of information on various firmware images that can > + * be updated > + * > + * This structure is used to store all the needed information for perfo= rming > + * multi bank updates on the platform. This contains info on the bank b= eing > + * used to boot along with the information needed for identification of > + * individual images > + */ > +struct fwu_metadata { > + u32 crc32; > + u32 version; > + u32 active_index; > + u32 previous_active_index; > + > + struct fwu_image_entry img_entry[CONFIG_FWU_NUM_IMAGES_PER_BANK]; > +}; > + > +/** > + * @get_active_index: get the current active_index value > + * @update_active_index: update the active_index value > + * @fill_partition_guid_array: fill the array with guid values of the > + * partitions found on the storage media > + * @get_image_alt_num: get the alt number to be used for the image > + * @metadata_check: check the validity of the metadata partitions > + * @revert_boot_index: set the active_index to previous_active_index > + * @set_accept_image: set the accepted bit for the image > + * @clear_accept_image: clear the accepted bit for the image > + * @get_metadata() - Get a metadata copy > + */ > +struct fwu_metadata_ops { > + int (*get_active_index)(u32 *active_idx); > + > + int (*update_active_index)(u32 active_idx); > + > + int (*fill_partition_guid_array)(efi_guid_t **part_guid_arr, > + u32 *nparts); > + > + int (*get_image_alt_num)(efi_guid_t image_type_id, u32 update_bank, > + int *alt_num); > + > + int (*metadata_check)(void); > + > + int (*revert_boot_index)(u32 *active_idx); > + > + int (*set_accept_image)(efi_guid_t *img_type_id); > + > + int (*clear_accept_image)(efi_guid_t *img_type_id, u32 bank); > + > + int (*get_metadata)(struct fwu_metadata **metadata); > +}; > + > +#define FWU_METADATA_GUID \ > + EFI_GUID(0x8a7a84a0, 0x8387, 0x40f6, 0xab, 0x41, \ > + 0xa8, 0xb9, 0xa5, 0xa6, 0x0d, 0x23) > + > +#define FWU_METADATA_VERSION 0x1 > + > +extern struct fwu_metadata_ops fwu_gpt_blk_ops; > + > +struct fwu_metadata_ops *get_plat_fwu_metadata_ops(void); > +int fwu_get_active_index(u32 *active_idx); > +int fwu_update_active_index(u32 active_idx); > +int fwu_fill_partition_guid_array(efi_guid_t **part_guid_arr, u32 *npar= ts); > +int fwu_get_image_alt_num(efi_guid_t image_type_id, u32 update_bank, > + int *alt_num); > +int fwu_metadata_check(void); > +int fwu_revert_boot_index(u32 *active_idx); > +int fwu_accept_image(efi_guid_t *img_type_id); > +int fwu_clear_accept_image(efi_guid_t *img_type_id, u32 bank); > +int fwu_get_metadata(struct fwu_metadata **metadata); > + > +#endif /* _FWU_METADATA_H_ */ > diff --git a/lib/fwu_updates/fwu_metadata.c b/lib/fwu_updates/fwu_metada= ta.c > new file mode 100644 > index 0000000000..ebc3eaa04a > --- /dev/null > +++ b/lib/fwu_updates/fwu_metadata.c > @@ -0,0 +1,275 @@ > +// SPDX-License-Identifier: GPL-2.0+ > +/* > + * Copyright (c) 2021, Linaro Limited > + */ > + > +#include > + > +#include > +#include > + > +static inline struct fwu_metadata_ops *get_fwu_metadata_ops(void) > +{ > + return get_plat_fwu_metadata_ops(); > +} > + > +/** > + * fwu_get_active_index() - Get active_index from the metadata > + * @active_idx: active_index value to be read > + * > + * Read the active_index field from the metadata and place it in > + * the variable pointed to be the function argument. > + * > + * Return: 0 if OK, -ve on error > + * > + */ > +int fwu_get_active_index(u32 *active_idx) > +{ > + struct fwu_metadata_ops *ops; > + > + ops =3D get_fwu_metadata_ops(); > + if (!ops) { > + log_err("Unable to get fwu ops\n"); > + return -EPROTONOSUPPORT; > + } > + > + if (!ops->get_active_index) { > + log_err("get_active_index() method not defined for the platform\n"); > + return -ENOSYS; > + } > + > + return ops->get_active_index(active_idx); > +} > + > +/** > + * fwu_update_active_index() - Update active_index from the metadata > + * @active_idx: active_index value to be updated > + * > + * Update the active_index field in the metadata > + * > + * Return: 0 if OK, -ve on error > + * > + */ > +int fwu_update_active_index(u32 active_idx) > +{ > + struct fwu_metadata_ops *ops; > + > + ops =3D get_fwu_metadata_ops(); > + if (!ops) { > + log_err("Unable to get fwu ops\n"); > + return -EPROTONOSUPPORT; > + } > + > + if (!ops->update_active_index) { > + log_err("update_active_index() method not defined for the platform\n"= ); > + return -ENOSYS; > + } > + > + return ops->update_active_index(active_idx); > +} > + > +/** > + * fwu_fill_partition_guid_array() - Fill the part_guid_arr array with = the guid's of > + * the partitions > + * @part_guid_arr: array of partition guid's > + * @nparts: Number of gpt partitions on the device > + * > + * Get the information on the partition guid's, filling the array with = the guid > + * values and also the number of partitions. > + * > + * Return: 0 if OK, -ve on error > + * > + */ > +int fwu_fill_partition_guid_array(efi_guid_t **part_guid_arr, u32 *npar= ts) > +{ > + struct fwu_metadata_ops *ops; > + > + ops =3D get_fwu_metadata_ops(); > + if (!ops) { > + log_err("Unable to get fwu ops\n"); > + return -EPROTONOSUPPORT; > + } > + > + if (!ops->fill_partition_guid_array) { > + log_err("fill_partition_guid_array() method not defined for the platf= orm\n"); > + return -ENOSYS; > + } > + > + return ops->fill_partition_guid_array(part_guid_arr, nparts); > +} > + > +/** > + * fwu_get_image_alt_num() - Get the dfu alt number to be used for caps= ule update > + * @image_type_id: image guid as passed in the capsule > + * @update_bank: Bank to which the update is to be made > + * @alt_num: The alt_num for the image > + * > + * Based on the guid value passed in the capsule, along with the bank t= o which the > + * image needs to be updated, get the dfu alt number which will be used= for the > + * capsule update > + * > + * Return: 0 if OK, -ve on error > + * > + */ > +int fwu_get_image_alt_num(efi_guid_t image_type_id, u32 update_bank, > + int *alt_num) > +{ > + struct fwu_metadata_ops *ops; The metadata is an untrusted information source and hence MUST NOT be used to map the image_type_id to the DFU alt_number. Don't invite for an denial of service attack. The signed capsule would be a good place for storing the DFU mapping. Best regards Heinrich > + > + ops =3D get_fwu_metadata_ops(); > + if (!ops) { > + log_err("Unable to get fwu ops\n"); > + return -EPROTONOSUPPORT; > + } > + > + if (!ops->get_image_alt_num) { > + log_err("get_image_alt_num() method not defined for the platform\n"); > + return -ENOSYS; > + } > + > + return ops->get_image_alt_num(image_type_id, update_bank, alt_num); > +} > + > +/** > + * fwu_metadata_check() - Check if the metadata is valid > + * > + * Validate both copies of metadata. If one of the copies > + * has gone bad, restore it from the other bad copy. > + * > + * Return: 0 if OK, -ve on error > + * > + */ > +int fwu_metadata_check(void) > +{ > + struct fwu_metadata_ops *ops; > + > + ops =3D get_fwu_metadata_ops(); > + if (!ops) { > + log_err("Unable to get fwu ops\n"); > + return -EPROTONOSUPPORT; > + } > + > + if (!ops->metadata_check) { > + log_err("metadata_check() method not defined for the platform\n"); > + return -ENOSYS; > + } > + > + return ops->metadata_check(); > +} > + > +/** > + * fwu_revert_boot_index() - Revert the active index in the metadata > + * @active_idx: Value of the updated active_index > + * > + * Revert the active_index value in the metadata, by swapping the value= s > + * of active_index and previous_active_index in both copies of the > + * metadata. > + * > + * Return: 0 if OK, -ve on error > + * > + */ > +int fwu_revert_boot_index(u32 *active_idx) > +{ > + struct fwu_metadata_ops *ops; > + > + ops =3D get_fwu_metadata_ops(); > + if (!ops) { > + log_err("Unable to get fwu ops\n"); > + return -EPROTONOSUPPORT; > + } > + > + if (!ops->revert_boot_index) { > + log_err("revert_boot_index() method not defined for the platform\n"); > + return -ENOSYS; > + } > + > + return ops->revert_boot_index(active_idx); > +} > + > +/** > + * fwu_accept_image() - Set the Acceptance bit for the image > + * @img_type_id: Guid of the image type for which the accepted bit is t= o be > + * cleared > + * > + * Set the accepted bit for the image specified by the img_guid paramet= er. This > + * indicates acceptance of image for subsequent boots by some governing= component > + * like OS(or firmware). > + * > + * Return: 0 if OK, -ve on error > + * > + */ > +int fwu_accept_image(efi_guid_t *img_type_id) > +{ > + struct fwu_metadata_ops *ops; > + > + ops =3D get_fwu_metadata_ops(); > + if (!ops) { > + log_err("Unable to get fwu ops\n"); > + return -EPROTONOSUPPORT; > + } > + > + if (!ops->set_accept_image) { > + log_err("set_accept_image() method not defined for the platform\n"); > + return -ENOSYS; > + } > + > + return ops->set_accept_image(img_type_id); > +} > + > +/** > + * fwu_clear_accept_image() - Clear the Acceptance bit for the image > + * @img_type_id: Guid of the image type for which the accepted bit is t= o be > + * cleared > + * > + * Clear the accepted bit for the image type specified by the img_type_= id parameter. > + * This function is called after the image has been updated. The accept= ed bit is > + * cleared to be set subsequently after passing the image acceptance cr= iteria, by > + * either the OS(or firmware) > + * > + * Return: 0 if OK, -ve on error > + * > + */ > +int fwu_clear_accept_image(efi_guid_t *img_type_id, u32 bank) > +{ > + struct fwu_metadata_ops *ops; > + > + ops =3D get_fwu_metadata_ops(); > + if (!ops) { > + log_err("Unable to get fwu ops\n"); > + return -EPROTONOSUPPORT; > + } > + > + if (!ops->clear_accept_image) { > + log_err("clear_accept_image() method not defined for the platform\n")= ; > + return -ENOSYS; > + } > + > + return ops->clear_accept_image(img_type_id, bank); > +} > + > +/** > + * fwu_get_metadata() - Get a metadata copy > + * @metadata: Copy of the metadata > + * > + * Get a valid copy of the metadata. > + * > + * Return: 0 if OK, -ve on error > + * > + */ > +int fwu_get_metadata(struct fwu_metadata **metadata) > +{ > + struct fwu_metadata_ops *ops; > + > + ops =3D get_fwu_metadata_ops(); > + if (!ops) { > + log_err("Unable to get fwu ops\n"); > + return -EPROTONOSUPPORT; > + } > + > + if (!ops->get_metadata) { > + log_err("get_metadata() method not defined for the platform\n"); > + return -ENOSYS; > + } > + > + return ops->get_metadata(metadata); > +} >