Message ID | 20220722174319.64006-6-jassisinghbrar@gmail.com |
---|---|
State | Superseded |
Headers | show |
Series | FWU: Add support for mtd backed feature on DeveloperBox | expand |
On 7/22/22 19:43, jassisinghbrar@gmail.com wrote: > From: Jassi Brar <jaswinder.singh@linaro.org> > > Add code to support FWU_MULTI_BANK_UPDATE. > The platform does not have gpt-partition storage for > Banks and MetaData, rather it used SPI-NOR backed > mtd regions for the purpose. > > Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> > Signed-off-by: Jassi Brar <jaswinder.singh@linaro.org> > --- > board/socionext/developerbox/Makefile | 1 + > board/socionext/developerbox/developerbox.c | 13 +++ > board/socionext/developerbox/fwu_plat.c | 95 ++++++++++++++++++++ > configs/synquacer_developerbox_defconfig | 13 ++- > doc/board/socionext/developerbox.rst | 96 +++++++++++++++++++++ > include/configs/synquacer.h | 10 +++ > 6 files changed, 226 insertions(+), 2 deletions(-) > create mode 100644 board/socionext/developerbox/fwu_plat.c > > diff --git a/board/socionext/developerbox/Makefile b/board/socionext/developerbox/Makefile > index 4a46de995a..9b80ee38e7 100644 > --- a/board/socionext/developerbox/Makefile > +++ b/board/socionext/developerbox/Makefile > @@ -7,3 +7,4 @@ > # > > obj-y := developerbox.o > +obj-$(CONFIG_FWU_MULTI_BANK_UPDATE) += fwu_plat.o > diff --git a/board/socionext/developerbox/developerbox.c b/board/socionext/developerbox/developerbox.c > index f5a5fe0121..ad2260e3d7 100644 > --- a/board/socionext/developerbox/developerbox.c > +++ b/board/socionext/developerbox/developerbox.c > @@ -20,6 +20,13 @@ > > #if CONFIG_IS_ENABLED(EFI_HAVE_CAPSULE_SUPPORT) > struct efi_fw_image fw_images[] = { > +#if defined(CONFIG_FWU_MULTI_BANK_UPDATE) > + { > + .image_type_id = DEVELOPERBOX_FIP_IMAGE_GUID, > + .fw_name = u"DEVELOPERBOX-FIP", The design is flawed. These fields should be moved to the device-tree. Best regards Heinrich > + .image_index = 1, > + }, > +#else > { > .image_type_id = DEVELOPERBOX_UBOOT_IMAGE_GUID, > .fw_name = u"DEVELOPERBOX-UBOOT", > @@ -35,12 +42,18 @@ struct efi_fw_image fw_images[] = { > .fw_name = u"DEVELOPERBOX-OPTEE", > .image_index = 3, > }, > +#endif > }; > > struct efi_capsule_update_info update_info = { > +#if defined(CONFIG_FWU_MULTI_BANK_UPDATE) > + .dfu_string = "mtd nor1=bank0 raw 600000 400000;" > + "bank1 raw a00000 400000;", > +#else > .dfu_string = "mtd nor1=u-boot.bin raw 200000 100000;" > "fip.bin raw 180000 78000;" > "optee.bin raw 500000 100000", > +#endif > .images = fw_images, > }; > > diff --git a/board/socionext/developerbox/fwu_plat.c b/board/socionext/developerbox/fwu_plat.c > new file mode 100644 > index 0000000000..9fb5cb28b3 > --- /dev/null > +++ b/board/socionext/developerbox/fwu_plat.c > @@ -0,0 +1,95 @@ > +// SPDX-License-Identifier: GPL-2.0-or-later > +/* > + * Copyright (c) 2021, Linaro Limited > + */ > + > +#include <dfu.h> > +#include <efi_loader.h> > +#include <flash.h> > +#include <fwu.h> > +#include <fwu_mdata.h> > +#include <malloc.h> > +#include <memalign.h> > +#include <mtd.h> > +#include <spi.h> > +#include <spi_flash.h> > +#include <uuid.h> > + > +#include <linux/errno.h> > +#include <linux/types.h> > +#include <u-boot/crc.h> > + > +#define DFU_ALT_BUF_LEN 256 > +#define DFU_ALT_NUM_MAX (CONFIG_FWU_NUM_IMAGES_PER_BANK * CONFIG_FWU_NUM_BANKS) > + > +/* Generate dfu_alt_info from partitions */ > +void set_dfu_alt_info(char *interface, char *devstr) > +{ > + int ret; > + struct mtd_info *mtd; > + static char *buf = NULL; > + > + if (!buf) { > + buf = malloc_cache_aligned(DFU_ALT_BUF_LEN); > + memset(buf, 0, DFU_ALT_BUF_LEN); > + > + mtd_probe_devices(); > + > + mtd = get_mtd_device_nm("nor1"); > + if (IS_ERR_OR_NULL(mtd)) > + return; > + > + ret = fwu_gen_alt_info_from_mtd(buf, DFU_ALT_BUF_LEN, mtd); > + if (ret < 0) { > + log_err("Error: Failed to generate dfu_alt_info. (%d)\n", ret); > + return; > + } > + log_debug("Make dfu_alt_info: '%s'\n", buf); > + } > + env_set("dfu_alt_info", buf); > +} > + > +int fwu_plat_get_alt_num(struct udevice __always_unused *dev, > + efi_guid_t *image_id, int *alt_num) > +{ > + return mtd_plat_get_alt_num(image_id, alt_num, "nor1", 0); > +} > + > +int fwu_plat_get_update_index(u32 *update_idx) > +{ > + int ret; > + u32 active_idx; > + > + ret = fwu_get_active_index(&active_idx); > + > + if (ret < 0) > + return ret; > + > + *update_idx = 1 - active_idx; > + > + return ret; > +} > + > +void fwu_plat_get_bootidx(void *boot_idx) > +{ > + int ret; > + u32 active_idx; > + u32 *bootidx = boot_idx; > + > + ret = fwu_get_active_index(&active_idx); > + > + if (ret < 0) > + *bootidx = -1; > + > + *bootidx = active_idx; > +} > + > +int board_late_init(void) > +{ > + /* Make mmc available for EFI, otherwise efi subsystem > + * complains "No EFI system partition" during bootup. > + */ > + run_command("mmc dev 0", 0); > + > + return 0; > +} > diff --git a/configs/synquacer_developerbox_defconfig b/configs/synquacer_developerbox_defconfig > index add6041e27..ded31ada6e 100644 > --- a/configs/synquacer_developerbox_defconfig > +++ b/configs/synquacer_developerbox_defconfig > @@ -1,10 +1,11 @@ > CONFIG_ARM=y > CONFIG_ARCH_SYNQUACER=y > -CONFIG_SYS_TEXT_BASE=0x08200000 > +CONFIG_POSITION_INDEPENDENT=y > +CONFIG_SYS_TEXT_BASE=0 > CONFIG_SYS_MALLOC_LEN=0x1000000 > CONFIG_SYS_MALLOC_F_LEN=0x400 > CONFIG_ENV_SIZE=0x30000 > -CONFIG_ENV_OFFSET=0x300000 > +CONFIG_ENV_OFFSET=0x580000 > CONFIG_ENV_SECT_SIZE=0x10000 > CONFIG_DM_GPIO=y > CONFIG_DEFAULT_DEVICE_TREE="synquacer-sc2a11-developerbox" > @@ -93,3 +94,11 @@ CONFIG_EFI_RUNTIME_UPDATE_CAPSULE=y > CONFIG_EFI_CAPSULE_ON_DISK=y > CONFIG_EFI_IGNORE_OSINDICATIONS=y > CONFIG_EFI_CAPSULE_FIRMWARE_RAW=y > +CONFIG_EFI_SECURE_BOOT=y > +CONFIG_BOARD_LATE_INIT=y > +CONFIG_FWU_MULTI_BANK_UPDATE=y > +CONFIG_DM_FWU_MDATA=y > +CONFIG_FWU_MDATA_MTD=y > +CONFIG_FWU_NUM_BANKS=2 > +CONFIG_FWU_NUM_IMAGES_PER_BANK=1 > +CONFIG_CMD_FWU_METADATA=y > diff --git a/doc/board/socionext/developerbox.rst b/doc/board/socionext/developerbox.rst > index 2d943c23be..f52820c2b0 100644 > --- a/doc/board/socionext/developerbox.rst > +++ b/doc/board/socionext/developerbox.rst > @@ -85,3 +85,99 @@ Once the flasher tool is running we are ready flash the UEFI image:: > > After transferring the SPI_NOR_UBOOT.fd, turn off the DSW2-7 and reset the board. > > + > +Enable FWU Multi Bank Update > +============================ > + > +DeveloperBox supports the FWU Multi Bank Update. You *MUST* update both *SCP firmware* and *TF-A* for this feature. This will change the layout and the boot process but you can switch back to the normal one by changing the DSW 1-4 off. > + > +Configure U-Boot > +---------------- > + > +To enable the FWU Multi Bank Update on the DeveloperBox, you need to add following configurations to configs/synquacer_developerbox_defconfig :: > + > + CONFIG_FWU_MULTI_BANK_UPDATE=y > + CONFIG_DM_FWU_MDATA=y > + CONFIG_FWU_MDATA_MTD=y > + CONFIG_FWU_NUM_BANKS=2 > + CONFIG_FWU_NUM_IMAGES_PER_BANK=1 > + CONFIG_CMD_FWU_METADATA=y > + > +And build it:: > + > + cd u-boot/ > + export ARCH=arm64 > + export CROSS_COMPILE=aarch64-linux-gnu- > + make synqucer_developerbox_defconfig > + make -j `noproc` > + cd ../ > + > +By default, the CONFIG_FWU_NUM_BANKS and COFNIG_FWU_NUM_IMAGES_PER_BANKS are set to 2 and 1 respectively. This uses FIP (Firmware Image Package) type image which contains TF-A, U-Boot and OP-TEE (the OP-TEE is optional.) > +You can use fiptool to compose the FIP image from those firmware images. > + > +Rebuild SCP firmware > +-------------------- > + > +Rebuild SCP firmware which supports FWU Multi Bank Update as below:: > + > + cd SCP-firmware/ > + OUT=./build/product/synquacer > + ROMFW_FILE=$OUT/scp_romfw/$SCP_BUILD_MODE/bin/scp_romfw.bin > + RAMFW_FILE=$OUT/scp_ramfw/$SCP_BUILD_MODE/bin/scp_ramfw.bin > + ROMRAMFW_FILE=scp_romramfw_release.bin > + > + make CC=$ARM_EMB_GCC PRODUCT=synquacer MODE=release > + tr "\000" "\377" < /dev/zero | dd of=${ROMRAMFW_FILE} bs=1 count=196608 > + dd if=${ROMFW_FILE} of=${ROMRAMFW_FILE} bs=1 conv=notrunc seek=0 > + dd if=${RAMFW_FILE} of=${ROMRAMFW_FILE} bs=1 seek=65536 > + cd ../ > + > +And you can get the `scp_romramfw_release.bin` file > + > +Rebuild TF-A and FIP > +-------------------- > + > +Rebuild TF-A which supports FWU Multi Bank Update as below:: > + > + cd arm-trusted-firmware/ > + make CROSS_COMPILE=aarch64-linux-gnu- -j`nproc` PLAT=synquacer \ > + SPD=opteed SQ_RESET_TO_BL2=1 GENERATE_COT=1 MBEDTLS_DIR=../mbedtls \ > + BL33=../u-boot/u-boot.bin all fip fiptool > + > +And make a FIP image.:: > + > + cp build/synquacer/release/fip.bin SPI_NOR_NEWFIP.fd > + tools/fiptool/fiptool update --tb-fw build/synquacer/release/bl2.bin SPI_NOR_NEWFIP.fd > + > + > +UUIDs for the FWU Multi Bank Update > +----------------------------------- > + > +FWU multi-bank update requires some UUIDs. The DeveloperBox platform uses following UUIDs. > + > + - Location UUID for the FIP image: 17e86d77-41f9-4fd7-87ec-a55df9842de5 > + - Image type UUID for the FIP image: 10c36d7d-ca52-b843-b7b9-f9d6c501d108 > + - Image UUID for Bank0 : 5a66a702-99fd-4fef-a392-c26e261a2828 > + - Image UUID for Bank1 : a8f868a1-6e5c-4757-878d-ce63375ef2c0 > + > +These UUIDs are used for making a FWU metadata image. > + > +Install via flash writer > +------------------------ > + > +As explained in above section, the new FIP image and the FWU metadata image can be installed via NOR flash writer. Note that the installation offsets for the FWU multi bank update supported firmware. > + > +Once the flasher tool is running we are ready flash the images.:: > +Write the FIP image to the 0x600000 offset.:: > + > + flash rawwrite 600000 180000 > + >> Send SPI_NOR_NEWFIP.fd via XMODEM (Control-A S in minicom) << > + > +And write the new SCP firmware.:: > + > + flash write cm3 > + >> Send scp_romramfw_release.bin via XMODEM (Control-A S in minicom) << > + > +At last, turn on the DSW 3-4 on the board, and reboot. > +Note that if DSW 3-4 is turned off, the DeveloperBox will boot from > +the original EDK2 firmware (or non-FWU U-Boot if you already installed.) > diff --git a/include/configs/synquacer.h b/include/configs/synquacer.h > index 5686a5b910..7995be852d 100644 > --- a/include/configs/synquacer.h > +++ b/include/configs/synquacer.h > @@ -46,19 +46,29 @@ > > /* Since U-Boot 64bit PCIe support is limited, disable 64bit MMIO support */ > > +#ifdef CONFIG_FWU_MULTI_BANK_UPDATE > +#define DEFAULT_DFU_ALT_INFO > +#else > #define DEFAULT_DFU_ALT_INFO "dfu_alt_info=" \ > "mtd nor1=u-boot.bin raw 200000 100000;" \ > "fip.bin raw 180000 78000;" \ > "optee.bin raw 500000 100000\0" > +#endif > > /* GUIDs for capsule updatable firmware images */ > #define DEVELOPERBOX_UBOOT_IMAGE_GUID \ > EFI_GUID(0x53a92e83, 0x4ef4, 0x473a, 0x8b, 0x0d, \ > 0xb5, 0xd8, 0xc7, 0xb2, 0xd6, 0x00) > > +#ifdef CONFIG_FWU_MULTI_BANK_UPDATE > +#define DEVELOPERBOX_FIP_IMAGE_GUID \ > + EFI_GUID(0x7d6dc310, 0x52ca, 0x43b8, 0xb7, 0xb9, \ > + 0xf9, 0xd6, 0xc5, 0x01, 0xd1, 0x08) > +#else > #define DEVELOPERBOX_FIP_IMAGE_GUID \ > EFI_GUID(0x880866e9, 0x84ba, 0x4793, 0xa9, 0x08, \ > 0x33, 0xe0, 0xb9, 0x16, 0xf3, 0x98) > +#endif > > #define DEVELOPERBOX_OPTEE_IMAGE_GUID \ > EFI_GUID(0xc1b629f1, 0xce0e, 0x4894, 0x82, 0xbf, \
On 9/1/22 09:07, Heinrich Schuchardt wrote: > On 7/22/22 19:43, jassisinghbrar@gmail.com wrote: >> From: Jassi Brar <jaswinder.singh@linaro.org> >> >> Add code to support FWU_MULTI_BANK_UPDATE. >> The platform does not have gpt-partition storage for >> Banks and MetaData, rather it used SPI-NOR backed >> mtd regions for the purpose. >> >> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> >> Signed-off-by: Jassi Brar <jaswinder.singh@linaro.org> >> --- >> board/socionext/developerbox/Makefile | 1 + >> board/socionext/developerbox/developerbox.c | 13 +++ >> board/socionext/developerbox/fwu_plat.c | 95 ++++++++++++++++++++ >> configs/synquacer_developerbox_defconfig | 13 ++- >> doc/board/socionext/developerbox.rst | 96 +++++++++++++++++++++ >> include/configs/synquacer.h | 10 +++ >> 6 files changed, 226 insertions(+), 2 deletions(-) >> create mode 100644 board/socionext/developerbox/fwu_plat.c >> >> diff --git a/board/socionext/developerbox/Makefile >> b/board/socionext/developerbox/Makefile >> index 4a46de995a..9b80ee38e7 100644 >> --- a/board/socionext/developerbox/Makefile >> +++ b/board/socionext/developerbox/Makefile >> @@ -7,3 +7,4 @@ >> # >> >> obj-y := developerbox.o >> +obj-$(CONFIG_FWU_MULTI_BANK_UPDATE) += fwu_plat.o >> diff --git a/board/socionext/developerbox/developerbox.c >> b/board/socionext/developerbox/developerbox.c >> index f5a5fe0121..ad2260e3d7 100644 >> --- a/board/socionext/developerbox/developerbox.c >> +++ b/board/socionext/developerbox/developerbox.c >> @@ -20,6 +20,13 @@ >> >> #if CONFIG_IS_ENABLED(EFI_HAVE_CAPSULE_SUPPORT) >> struct efi_fw_image fw_images[] = { >> +#if defined(CONFIG_FWU_MULTI_BANK_UPDATE) >> + { >> + .image_type_id = DEVELOPERBOX_FIP_IMAGE_GUID, >> + .fw_name = u"DEVELOPERBOX-FIP", > > The design is flawed. These fields should be moved to the device-tree. Currently we are changing C files for each board were we enable firmware updates. Probably an even better place then the device-tree would be a Kconfig file. The only problem with Kconfig is that it does not easily allow to edit arrays. But we could use a string like: GUID,name,index,GUID,name,index,... Best regards Heinrich> >> + .image_index = 1, >> + }, >> +#else >> { >> .image_type_id = DEVELOPERBOX_UBOOT_IMAGE_GUID, >> .fw_name = u"DEVELOPERBOX-UBOOT", >> @@ -35,12 +42,18 @@ struct efi_fw_image fw_images[] = { >> .fw_name = u"DEVELOPERBOX-OPTEE", >> .image_index = 3, >> }, >> +#endif >> }; >> >> struct efi_capsule_update_info update_info = { >> +#if defined(CONFIG_FWU_MULTI_BANK_UPDATE) >> + .dfu_string = "mtd nor1=bank0 raw 600000 400000;" >> + "bank1 raw a00000 400000;", >> +#else >> .dfu_string = "mtd nor1=u-boot.bin raw 200000 100000;" >> "fip.bin raw 180000 78000;" >> "optee.bin raw 500000 100000", >> +#endif >> .images = fw_images, >> }; >> >> diff --git a/board/socionext/developerbox/fwu_plat.c >> b/board/socionext/developerbox/fwu_plat.c >> new file mode 100644 >> index 0000000000..9fb5cb28b3 >> --- /dev/null >> +++ b/board/socionext/developerbox/fwu_plat.c >> @@ -0,0 +1,95 @@ >> +// SPDX-License-Identifier: GPL-2.0-or-later >> +/* >> + * Copyright (c) 2021, Linaro Limited >> + */ >> + >> +#include <dfu.h> >> +#include <efi_loader.h> >> +#include <flash.h> >> +#include <fwu.h> >> +#include <fwu_mdata.h> >> +#include <malloc.h> >> +#include <memalign.h> >> +#include <mtd.h> >> +#include <spi.h> >> +#include <spi_flash.h> >> +#include <uuid.h> >> + >> +#include <linux/errno.h> >> +#include <linux/types.h> >> +#include <u-boot/crc.h> >> + >> +#define DFU_ALT_BUF_LEN 256 >> +#define DFU_ALT_NUM_MAX (CONFIG_FWU_NUM_IMAGES_PER_BANK * >> CONFIG_FWU_NUM_BANKS) >> + >> +/* Generate dfu_alt_info from partitions */ >> +void set_dfu_alt_info(char *interface, char *devstr) >> +{ >> + int ret; >> + struct mtd_info *mtd; >> + static char *buf = NULL; >> + >> + if (!buf) { >> + buf = malloc_cache_aligned(DFU_ALT_BUF_LEN); >> + memset(buf, 0, DFU_ALT_BUF_LEN); >> + >> + mtd_probe_devices(); >> + >> + mtd = get_mtd_device_nm("nor1"); >> + if (IS_ERR_OR_NULL(mtd)) >> + return; >> + >> + ret = fwu_gen_alt_info_from_mtd(buf, DFU_ALT_BUF_LEN, mtd); >> + if (ret < 0) { >> + log_err("Error: Failed to generate dfu_alt_info. (%d)\n", >> ret); >> + return; >> + } >> + log_debug("Make dfu_alt_info: '%s'\n", buf); >> + } >> + env_set("dfu_alt_info", buf); >> +} >> + >> +int fwu_plat_get_alt_num(struct udevice __always_unused *dev, >> + efi_guid_t *image_id, int *alt_num) >> +{ >> + return mtd_plat_get_alt_num(image_id, alt_num, "nor1", 0); >> +} >> + >> +int fwu_plat_get_update_index(u32 *update_idx) >> +{ >> + int ret; >> + u32 active_idx; >> + >> + ret = fwu_get_active_index(&active_idx); >> + >> + if (ret < 0) >> + return ret; >> + >> + *update_idx = 1 - active_idx; >> + >> + return ret; >> +} >> + >> +void fwu_plat_get_bootidx(void *boot_idx) >> +{ >> + int ret; >> + u32 active_idx; >> + u32 *bootidx = boot_idx; >> + >> + ret = fwu_get_active_index(&active_idx); >> + >> + if (ret < 0) >> + *bootidx = -1; >> + >> + *bootidx = active_idx; >> +} >> + >> +int board_late_init(void) >> +{ >> + /* Make mmc available for EFI, otherwise efi subsystem >> + * complains "No EFI system partition" during bootup. >> + */ >> + run_command("mmc dev 0", 0); >> + >> + return 0; >> +} >> diff --git a/configs/synquacer_developerbox_defconfig >> b/configs/synquacer_developerbox_defconfig >> index add6041e27..ded31ada6e 100644 >> --- a/configs/synquacer_developerbox_defconfig >> +++ b/configs/synquacer_developerbox_defconfig >> @@ -1,10 +1,11 @@ >> CONFIG_ARM=y >> CONFIG_ARCH_SYNQUACER=y >> -CONFIG_SYS_TEXT_BASE=0x08200000 >> +CONFIG_POSITION_INDEPENDENT=y >> +CONFIG_SYS_TEXT_BASE=0 >> CONFIG_SYS_MALLOC_LEN=0x1000000 >> CONFIG_SYS_MALLOC_F_LEN=0x400 >> CONFIG_ENV_SIZE=0x30000 >> -CONFIG_ENV_OFFSET=0x300000 >> +CONFIG_ENV_OFFSET=0x580000 >> CONFIG_ENV_SECT_SIZE=0x10000 >> CONFIG_DM_GPIO=y >> CONFIG_DEFAULT_DEVICE_TREE="synquacer-sc2a11-developerbox" >> @@ -93,3 +94,11 @@ CONFIG_EFI_RUNTIME_UPDATE_CAPSULE=y >> CONFIG_EFI_CAPSULE_ON_DISK=y >> CONFIG_EFI_IGNORE_OSINDICATIONS=y >> CONFIG_EFI_CAPSULE_FIRMWARE_RAW=y >> +CONFIG_EFI_SECURE_BOOT=y >> +CONFIG_BOARD_LATE_INIT=y >> +CONFIG_FWU_MULTI_BANK_UPDATE=y >> +CONFIG_DM_FWU_MDATA=y >> +CONFIG_FWU_MDATA_MTD=y >> +CONFIG_FWU_NUM_BANKS=2 >> +CONFIG_FWU_NUM_IMAGES_PER_BANK=1 >> +CONFIG_CMD_FWU_METADATA=y >> diff --git a/doc/board/socionext/developerbox.rst >> b/doc/board/socionext/developerbox.rst >> index 2d943c23be..f52820c2b0 100644 >> --- a/doc/board/socionext/developerbox.rst >> +++ b/doc/board/socionext/developerbox.rst >> @@ -85,3 +85,99 @@ Once the flasher tool is running we are ready flash >> the UEFI image:: >> >> After transferring the SPI_NOR_UBOOT.fd, turn off the DSW2-7 and >> reset the board. >> >> + >> +Enable FWU Multi Bank Update >> +============================ >> + >> +DeveloperBox supports the FWU Multi Bank Update. You *MUST* update >> both *SCP firmware* and *TF-A* for this feature. This will change the >> layout and the boot process but you can switch back to the normal one >> by changing the DSW 1-4 off. >> + >> +Configure U-Boot >> +---------------- >> + >> +To enable the FWU Multi Bank Update on the DeveloperBox, you need to >> add following configurations to >> configs/synquacer_developerbox_defconfig :: >> + >> + CONFIG_FWU_MULTI_BANK_UPDATE=y >> + CONFIG_DM_FWU_MDATA=y >> + CONFIG_FWU_MDATA_MTD=y >> + CONFIG_FWU_NUM_BANKS=2 >> + CONFIG_FWU_NUM_IMAGES_PER_BANK=1 >> + CONFIG_CMD_FWU_METADATA=y >> + >> +And build it:: >> + >> + cd u-boot/ >> + export ARCH=arm64 >> + export CROSS_COMPILE=aarch64-linux-gnu- >> + make synqucer_developerbox_defconfig >> + make -j `noproc` >> + cd ../ >> + >> +By default, the CONFIG_FWU_NUM_BANKS and >> COFNIG_FWU_NUM_IMAGES_PER_BANKS are set to 2 and 1 respectively. This >> uses FIP (Firmware Image Package) type image which contains TF-A, >> U-Boot and OP-TEE (the OP-TEE is optional.) >> +You can use fiptool to compose the FIP image from those firmware images. >> + >> +Rebuild SCP firmware >> +-------------------- >> + >> +Rebuild SCP firmware which supports FWU Multi Bank Update as below:: >> + >> + cd SCP-firmware/ >> + OUT=./build/product/synquacer >> + ROMFW_FILE=$OUT/scp_romfw/$SCP_BUILD_MODE/bin/scp_romfw.bin >> + RAMFW_FILE=$OUT/scp_ramfw/$SCP_BUILD_MODE/bin/scp_ramfw.bin >> + ROMRAMFW_FILE=scp_romramfw_release.bin >> + >> + make CC=$ARM_EMB_GCC PRODUCT=synquacer MODE=release >> + tr "\000" "\377" < /dev/zero | dd of=${ROMRAMFW_FILE} bs=1 >> count=196608 >> + dd if=${ROMFW_FILE} of=${ROMRAMFW_FILE} bs=1 conv=notrunc seek=0 >> + dd if=${RAMFW_FILE} of=${ROMRAMFW_FILE} bs=1 seek=65536 >> + cd ../ >> + >> +And you can get the `scp_romramfw_release.bin` file >> + >> +Rebuild TF-A and FIP >> +-------------------- >> + >> +Rebuild TF-A which supports FWU Multi Bank Update as below:: >> + >> + cd arm-trusted-firmware/ >> + make CROSS_COMPILE=aarch64-linux-gnu- -j`nproc` PLAT=synquacer \ >> + SPD=opteed SQ_RESET_TO_BL2=1 GENERATE_COT=1 >> MBEDTLS_DIR=../mbedtls \ >> + BL33=../u-boot/u-boot.bin all fip fiptool >> + >> +And make a FIP image.:: >> + >> + cp build/synquacer/release/fip.bin SPI_NOR_NEWFIP.fd >> + tools/fiptool/fiptool update --tb-fw >> build/synquacer/release/bl2.bin SPI_NOR_NEWFIP.fd >> + >> + >> +UUIDs for the FWU Multi Bank Update >> +----------------------------------- >> + >> +FWU multi-bank update requires some UUIDs. The DeveloperBox platform >> uses following UUIDs. >> + >> + - Location UUID for the FIP image: 17e86d77-41f9-4fd7-87ec-a55df9842de5 >> + - Image type UUID for the FIP image: >> 10c36d7d-ca52-b843-b7b9-f9d6c501d108 >> + - Image UUID for Bank0 : 5a66a702-99fd-4fef-a392-c26e261a2828 >> + - Image UUID for Bank1 : a8f868a1-6e5c-4757-878d-ce63375ef2c0 >> + >> +These UUIDs are used for making a FWU metadata image. >> + >> +Install via flash writer >> +------------------------ >> + >> +As explained in above section, the new FIP image and the FWU metadata >> image can be installed via NOR flash writer. Note that the >> installation offsets for the FWU multi bank update supported firmware. >> + >> +Once the flasher tool is running we are ready flash the images.:: >> +Write the FIP image to the 0x600000 offset.:: >> + >> + flash rawwrite 600000 180000 >> + >> Send SPI_NOR_NEWFIP.fd via XMODEM (Control-A S in minicom) << >> + >> +And write the new SCP firmware.:: >> + >> + flash write cm3 >> + >> Send scp_romramfw_release.bin via XMODEM (Control-A S in >> minicom) << >> + >> +At last, turn on the DSW 3-4 on the board, and reboot. >> +Note that if DSW 3-4 is turned off, the DeveloperBox will boot from >> +the original EDK2 firmware (or non-FWU U-Boot if you already installed.) >> diff --git a/include/configs/synquacer.h b/include/configs/synquacer.h >> index 5686a5b910..7995be852d 100644 >> --- a/include/configs/synquacer.h >> +++ b/include/configs/synquacer.h >> @@ -46,19 +46,29 @@ >> >> /* Since U-Boot 64bit PCIe support is limited, disable 64bit MMIO >> support */ >> >> +#ifdef CONFIG_FWU_MULTI_BANK_UPDATE >> +#define DEFAULT_DFU_ALT_INFO >> +#else >> #define DEFAULT_DFU_ALT_INFO "dfu_alt_info=" \ >> "mtd nor1=u-boot.bin raw 200000 100000;" \ >> "fip.bin raw 180000 78000;" \ >> "optee.bin raw 500000 100000\0" >> +#endif >> >> /* GUIDs for capsule updatable firmware images */ >> #define DEVELOPERBOX_UBOOT_IMAGE_GUID \ >> EFI_GUID(0x53a92e83, 0x4ef4, 0x473a, 0x8b, 0x0d, \ >> 0xb5, 0xd8, 0xc7, 0xb2, 0xd6, 0x00) >> >> +#ifdef CONFIG_FWU_MULTI_BANK_UPDATE >> +#define DEVELOPERBOX_FIP_IMAGE_GUID \ >> + EFI_GUID(0x7d6dc310, 0x52ca, 0x43b8, 0xb7, 0xb9, \ >> + 0xf9, 0xd6, 0xc5, 0x01, 0xd1, 0x08) >> +#else >> #define DEVELOPERBOX_FIP_IMAGE_GUID \ >> EFI_GUID(0x880866e9, 0x84ba, 0x4793, 0xa9, 0x08, \ >> 0x33, 0xe0, 0xb9, 0x16, 0xf3, 0x98) >> +#endif >> >> #define DEVELOPERBOX_OPTEE_IMAGE_GUID \ >> EFI_GUID(0xc1b629f1, 0xce0e, 0x4894, 0x82, 0xbf, \ >
On Thu, 1 Sept 2022 at 02:28, Heinrich Schuchardt <xypron.glpk@gmx.de> wrote: > > On 7/22/22 19:43, jassisinghbrar@gmail.com wrote: > >> diff --git a/board/socionext/developerbox/developerbox.c > >> b/board/socionext/developerbox/developerbox.c > >> index f5a5fe0121..ad2260e3d7 100644 > >> --- a/board/socionext/developerbox/developerbox.c > >> +++ b/board/socionext/developerbox/developerbox.c > >> @@ -20,6 +20,13 @@ > >> > >> #if CONFIG_IS_ENABLED(EFI_HAVE_CAPSULE_SUPPORT) > >> struct efi_fw_image fw_images[] = { > >> +#if defined(CONFIG_FWU_MULTI_BANK_UPDATE) > >> + { > >> + .image_type_id = DEVELOPERBOX_FIP_IMAGE_GUID, > >> + .fw_name = u"DEVELOPERBOX-FIP", > > > > The design is flawed. These fields should be moved to the device-tree. > > Currently we are changing C files for each board were we enable firmware > updates. Probably an even better place then the device-tree would be a > Kconfig file. The only problem with Kconfig is that it does not easily > allow to edit arrays. But we could use a string like: > > GUID,name,index,GUID,name,index,... > Probably. But there already exists the structure that this patch only adds an entry to. Moving that structure into dt or kconfig should be a separate task of different context. Also right now I don't want to diverge from gpt based STM's implementation which does the same thing. thanks
diff --git a/board/socionext/developerbox/Makefile b/board/socionext/developerbox/Makefile index 4a46de995a..9b80ee38e7 100644 --- a/board/socionext/developerbox/Makefile +++ b/board/socionext/developerbox/Makefile @@ -7,3 +7,4 @@ # obj-y := developerbox.o +obj-$(CONFIG_FWU_MULTI_BANK_UPDATE) += fwu_plat.o diff --git a/board/socionext/developerbox/developerbox.c b/board/socionext/developerbox/developerbox.c index f5a5fe0121..ad2260e3d7 100644 --- a/board/socionext/developerbox/developerbox.c +++ b/board/socionext/developerbox/developerbox.c @@ -20,6 +20,13 @@ #if CONFIG_IS_ENABLED(EFI_HAVE_CAPSULE_SUPPORT) struct efi_fw_image fw_images[] = { +#if defined(CONFIG_FWU_MULTI_BANK_UPDATE) + { + .image_type_id = DEVELOPERBOX_FIP_IMAGE_GUID, + .fw_name = u"DEVELOPERBOX-FIP", + .image_index = 1, + }, +#else { .image_type_id = DEVELOPERBOX_UBOOT_IMAGE_GUID, .fw_name = u"DEVELOPERBOX-UBOOT", @@ -35,12 +42,18 @@ struct efi_fw_image fw_images[] = { .fw_name = u"DEVELOPERBOX-OPTEE", .image_index = 3, }, +#endif }; struct efi_capsule_update_info update_info = { +#if defined(CONFIG_FWU_MULTI_BANK_UPDATE) + .dfu_string = "mtd nor1=bank0 raw 600000 400000;" + "bank1 raw a00000 400000;", +#else .dfu_string = "mtd nor1=u-boot.bin raw 200000 100000;" "fip.bin raw 180000 78000;" "optee.bin raw 500000 100000", +#endif .images = fw_images, }; diff --git a/board/socionext/developerbox/fwu_plat.c b/board/socionext/developerbox/fwu_plat.c new file mode 100644 index 0000000000..9fb5cb28b3 --- /dev/null +++ b/board/socionext/developerbox/fwu_plat.c @@ -0,0 +1,95 @@ +// SPDX-License-Identifier: GPL-2.0-or-later +/* + * Copyright (c) 2021, Linaro Limited + */ + +#include <dfu.h> +#include <efi_loader.h> +#include <flash.h> +#include <fwu.h> +#include <fwu_mdata.h> +#include <malloc.h> +#include <memalign.h> +#include <mtd.h> +#include <spi.h> +#include <spi_flash.h> +#include <uuid.h> + +#include <linux/errno.h> +#include <linux/types.h> +#include <u-boot/crc.h> + +#define DFU_ALT_BUF_LEN 256 +#define DFU_ALT_NUM_MAX (CONFIG_FWU_NUM_IMAGES_PER_BANK * CONFIG_FWU_NUM_BANKS) + +/* Generate dfu_alt_info from partitions */ +void set_dfu_alt_info(char *interface, char *devstr) +{ + int ret; + struct mtd_info *mtd; + static char *buf = NULL; + + if (!buf) { + buf = malloc_cache_aligned(DFU_ALT_BUF_LEN); + memset(buf, 0, DFU_ALT_BUF_LEN); + + mtd_probe_devices(); + + mtd = get_mtd_device_nm("nor1"); + if (IS_ERR_OR_NULL(mtd)) + return; + + ret = fwu_gen_alt_info_from_mtd(buf, DFU_ALT_BUF_LEN, mtd); + if (ret < 0) { + log_err("Error: Failed to generate dfu_alt_info. (%d)\n", ret); + return; + } + log_debug("Make dfu_alt_info: '%s'\n", buf); + } + env_set("dfu_alt_info", buf); +} + +int fwu_plat_get_alt_num(struct udevice __always_unused *dev, + efi_guid_t *image_id, int *alt_num) +{ + return mtd_plat_get_alt_num(image_id, alt_num, "nor1", 0); +} + +int fwu_plat_get_update_index(u32 *update_idx) +{ + int ret; + u32 active_idx; + + ret = fwu_get_active_index(&active_idx); + + if (ret < 0) + return ret; + + *update_idx = 1 - active_idx; + + return ret; +} + +void fwu_plat_get_bootidx(void *boot_idx) +{ + int ret; + u32 active_idx; + u32 *bootidx = boot_idx; + + ret = fwu_get_active_index(&active_idx); + + if (ret < 0) + *bootidx = -1; + + *bootidx = active_idx; +} + +int board_late_init(void) +{ + /* Make mmc available for EFI, otherwise efi subsystem + * complains "No EFI system partition" during bootup. + */ + run_command("mmc dev 0", 0); + + return 0; +} diff --git a/configs/synquacer_developerbox_defconfig b/configs/synquacer_developerbox_defconfig index add6041e27..ded31ada6e 100644 --- a/configs/synquacer_developerbox_defconfig +++ b/configs/synquacer_developerbox_defconfig @@ -1,10 +1,11 @@ CONFIG_ARM=y CONFIG_ARCH_SYNQUACER=y -CONFIG_SYS_TEXT_BASE=0x08200000 +CONFIG_POSITION_INDEPENDENT=y +CONFIG_SYS_TEXT_BASE=0 CONFIG_SYS_MALLOC_LEN=0x1000000 CONFIG_SYS_MALLOC_F_LEN=0x400 CONFIG_ENV_SIZE=0x30000 -CONFIG_ENV_OFFSET=0x300000 +CONFIG_ENV_OFFSET=0x580000 CONFIG_ENV_SECT_SIZE=0x10000 CONFIG_DM_GPIO=y CONFIG_DEFAULT_DEVICE_TREE="synquacer-sc2a11-developerbox" @@ -93,3 +94,11 @@ CONFIG_EFI_RUNTIME_UPDATE_CAPSULE=y CONFIG_EFI_CAPSULE_ON_DISK=y CONFIG_EFI_IGNORE_OSINDICATIONS=y CONFIG_EFI_CAPSULE_FIRMWARE_RAW=y +CONFIG_EFI_SECURE_BOOT=y +CONFIG_BOARD_LATE_INIT=y +CONFIG_FWU_MULTI_BANK_UPDATE=y +CONFIG_DM_FWU_MDATA=y +CONFIG_FWU_MDATA_MTD=y +CONFIG_FWU_NUM_BANKS=2 +CONFIG_FWU_NUM_IMAGES_PER_BANK=1 +CONFIG_CMD_FWU_METADATA=y diff --git a/doc/board/socionext/developerbox.rst b/doc/board/socionext/developerbox.rst index 2d943c23be..f52820c2b0 100644 --- a/doc/board/socionext/developerbox.rst +++ b/doc/board/socionext/developerbox.rst @@ -85,3 +85,99 @@ Once the flasher tool is running we are ready flash the UEFI image:: After transferring the SPI_NOR_UBOOT.fd, turn off the DSW2-7 and reset the board. + +Enable FWU Multi Bank Update +============================ + +DeveloperBox supports the FWU Multi Bank Update. You *MUST* update both *SCP firmware* and *TF-A* for this feature. This will change the layout and the boot process but you can switch back to the normal one by changing the DSW 1-4 off. + +Configure U-Boot +---------------- + +To enable the FWU Multi Bank Update on the DeveloperBox, you need to add following configurations to configs/synquacer_developerbox_defconfig :: + + CONFIG_FWU_MULTI_BANK_UPDATE=y + CONFIG_DM_FWU_MDATA=y + CONFIG_FWU_MDATA_MTD=y + CONFIG_FWU_NUM_BANKS=2 + CONFIG_FWU_NUM_IMAGES_PER_BANK=1 + CONFIG_CMD_FWU_METADATA=y + +And build it:: + + cd u-boot/ + export ARCH=arm64 + export CROSS_COMPILE=aarch64-linux-gnu- + make synqucer_developerbox_defconfig + make -j `noproc` + cd ../ + +By default, the CONFIG_FWU_NUM_BANKS and COFNIG_FWU_NUM_IMAGES_PER_BANKS are set to 2 and 1 respectively. This uses FIP (Firmware Image Package) type image which contains TF-A, U-Boot and OP-TEE (the OP-TEE is optional.) +You can use fiptool to compose the FIP image from those firmware images. + +Rebuild SCP firmware +-------------------- + +Rebuild SCP firmware which supports FWU Multi Bank Update as below:: + + cd SCP-firmware/ + OUT=./build/product/synquacer + ROMFW_FILE=$OUT/scp_romfw/$SCP_BUILD_MODE/bin/scp_romfw.bin + RAMFW_FILE=$OUT/scp_ramfw/$SCP_BUILD_MODE/bin/scp_ramfw.bin + ROMRAMFW_FILE=scp_romramfw_release.bin + + make CC=$ARM_EMB_GCC PRODUCT=synquacer MODE=release + tr "\000" "\377" < /dev/zero | dd of=${ROMRAMFW_FILE} bs=1 count=196608 + dd if=${ROMFW_FILE} of=${ROMRAMFW_FILE} bs=1 conv=notrunc seek=0 + dd if=${RAMFW_FILE} of=${ROMRAMFW_FILE} bs=1 seek=65536 + cd ../ + +And you can get the `scp_romramfw_release.bin` file + +Rebuild TF-A and FIP +-------------------- + +Rebuild TF-A which supports FWU Multi Bank Update as below:: + + cd arm-trusted-firmware/ + make CROSS_COMPILE=aarch64-linux-gnu- -j`nproc` PLAT=synquacer \ + SPD=opteed SQ_RESET_TO_BL2=1 GENERATE_COT=1 MBEDTLS_DIR=../mbedtls \ + BL33=../u-boot/u-boot.bin all fip fiptool + +And make a FIP image.:: + + cp build/synquacer/release/fip.bin SPI_NOR_NEWFIP.fd + tools/fiptool/fiptool update --tb-fw build/synquacer/release/bl2.bin SPI_NOR_NEWFIP.fd + + +UUIDs for the FWU Multi Bank Update +----------------------------------- + +FWU multi-bank update requires some UUIDs. The DeveloperBox platform uses following UUIDs. + + - Location UUID for the FIP image: 17e86d77-41f9-4fd7-87ec-a55df9842de5 + - Image type UUID for the FIP image: 10c36d7d-ca52-b843-b7b9-f9d6c501d108 + - Image UUID for Bank0 : 5a66a702-99fd-4fef-a392-c26e261a2828 + - Image UUID for Bank1 : a8f868a1-6e5c-4757-878d-ce63375ef2c0 + +These UUIDs are used for making a FWU metadata image. + +Install via flash writer +------------------------ + +As explained in above section, the new FIP image and the FWU metadata image can be installed via NOR flash writer. Note that the installation offsets for the FWU multi bank update supported firmware. + +Once the flasher tool is running we are ready flash the images.:: +Write the FIP image to the 0x600000 offset.:: + + flash rawwrite 600000 180000 + >> Send SPI_NOR_NEWFIP.fd via XMODEM (Control-A S in minicom) << + +And write the new SCP firmware.:: + + flash write cm3 + >> Send scp_romramfw_release.bin via XMODEM (Control-A S in minicom) << + +At last, turn on the DSW 3-4 on the board, and reboot. +Note that if DSW 3-4 is turned off, the DeveloperBox will boot from +the original EDK2 firmware (or non-FWU U-Boot if you already installed.) diff --git a/include/configs/synquacer.h b/include/configs/synquacer.h index 5686a5b910..7995be852d 100644 --- a/include/configs/synquacer.h +++ b/include/configs/synquacer.h @@ -46,19 +46,29 @@ /* Since U-Boot 64bit PCIe support is limited, disable 64bit MMIO support */ +#ifdef CONFIG_FWU_MULTI_BANK_UPDATE +#define DEFAULT_DFU_ALT_INFO +#else #define DEFAULT_DFU_ALT_INFO "dfu_alt_info=" \ "mtd nor1=u-boot.bin raw 200000 100000;" \ "fip.bin raw 180000 78000;" \ "optee.bin raw 500000 100000\0" +#endif /* GUIDs for capsule updatable firmware images */ #define DEVELOPERBOX_UBOOT_IMAGE_GUID \ EFI_GUID(0x53a92e83, 0x4ef4, 0x473a, 0x8b, 0x0d, \ 0xb5, 0xd8, 0xc7, 0xb2, 0xd6, 0x00) +#ifdef CONFIG_FWU_MULTI_BANK_UPDATE +#define DEVELOPERBOX_FIP_IMAGE_GUID \ + EFI_GUID(0x7d6dc310, 0x52ca, 0x43b8, 0xb7, 0xb9, \ + 0xf9, 0xd6, 0xc5, 0x01, 0xd1, 0x08) +#else #define DEVELOPERBOX_FIP_IMAGE_GUID \ EFI_GUID(0x880866e9, 0x84ba, 0x4793, 0xa9, 0x08, \ 0x33, 0xe0, 0xb9, 0x16, 0xf3, 0x98) +#endif #define DEVELOPERBOX_OPTEE_IMAGE_GUID \ EFI_GUID(0xc1b629f1, 0xce0e, 0x4894, 0x82, 0xbf, \