From patchwork Fri Oct 21 12:45:53 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sughosh Ganu X-Patchwork-Id: 617167 Delivered-To: patch@linaro.org Received: by 2002:a17:522:c983:b0:460:3032:e3c4 with SMTP id kr3csp955235pvb; Fri, 21 Oct 2022 05:46:45 -0700 (PDT) X-Google-Smtp-Source: AMsMyM7qa9iEzA1ZjcOKc/7xrt6wpXl8eb/xLBsodrJb96Pca5DtH3nvCupZIT4yLBZL2VkYVdP4 X-Received: by 2002:a17:907:31c7:b0:740:e3e5:c025 with SMTP id xf7-20020a17090731c700b00740e3e5c025mr15403200ejb.341.1666356404913; Fri, 21 Oct 2022 05:46:44 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1666356404; cv=none; d=google.com; s=arc-20160816; b=CHwBvOM3/b18OmHVHj82l5JjXE66hh4bSxZGuRmkaFcLgmA9TlakqTTdQ5LAISgXVd lwJ69Y8wivQnELMwr+lZIXllMxnr4oI5zEYzMaajDpv/vF6oekJW6HCFBWT1y4gqvc1i U72VyoKz//2nAZyjddZCEm4LpVH5LKh7lLh6EcVdyFWN49xaqecC082LcLA3dQFzRduj Fk5pw0MMvKKatN/MRgPdSEzA/9877Z3N65LCgI9vbJo8dnS8WebwtEZCkj2PagElG0G3 8hZIuNh2RjU32WmBIWv6/9QdQJNrqOCrMw0mASMzBTjUD23W3rf4kOi5iJTUE3yOBZk5 vSJQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:content-transfer-encoding :mime-version:message-id:date:subject:cc:to:from; bh=EmH++ZOJaj+QD8XcZMvUJoVp259YLXfEKWqc+QWLFLI=; b=uZfpQPbtwPKq1SuZeHrEqaVGtkHOK2y1yxFUhgiAUKdU1ehavcz43iGrPUVZr7KQAP TjDbi/SwbTvsUMXt5hpbB5VF4PZOh7Gx9hZULHh4F7Ku42OQdX8mPQHtlHxQ6tneCIQ3 TueTD/gPG909QN4GsWkidD35v8e2zfJNsfL3aQA6iFGN2h64ov4FFth412CM5UEFWkol XgRlkUD05N1cWFL8a2iYvgdi1AOZ35ZdOpI+75e9QkJpO57DJ+Mxm3wlbPqHW4TseK+w uqSVqQhRlVTirXRslUj3Nx8FlE57bWveAR+Th0mpDijRG1RgIr+aeUDxh2Fx7iKh31mu zc5Q== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from phobos.denx.de (phobos.denx.de. [2a01:238:438b:c500:173d:9f52:ddab:ee01]) by mx.google.com with ESMTPS id ga9-20020a1709070c0900b0077b83f3dc20si18054258ejc.63.2022.10.21.05.46.44 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 21 Oct 2022 05:46:44 -0700 (PDT) Received-SPF: pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) client-ip=2a01:238:438b:c500:173d:9f52:ddab:ee01; Authentication-Results: mx.google.com; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id E947184FC2; Fri, 21 Oct 2022 14:46:39 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=fail (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Received: by phobos.denx.de (Postfix, from userid 109) id 9B32384FCC; Fri, 21 Oct 2022 14:46:36 +0200 (CEST) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-1.2 required=5.0 tests=BAYES_00,SPF_HELO_NONE, SPF_SOFTFAIL autolearn=no autolearn_force=no version=3.4.2 Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by phobos.denx.de (Postfix) with ESMTP id 07AAA84FAF for ; Fri, 21 Oct 2022 14:46:32 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=fail (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=fail smtp.mailfrom=sughosh.ganu@linaro.org Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 5E5B61042; Fri, 21 Oct 2022 05:46:37 -0700 (PDT) Received: from a076522.blr.arm.com (a076522.blr.arm.com [10.162.16.44]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id 3467B3F792; Fri, 21 Oct 2022 05:46:27 -0700 (PDT) From: Sughosh Ganu To: u-boot@lists.denx.de Cc: Heinrich Schuchardt , Ilias Apalodimas , Takahiro Akashi , Patrick Delaunay , Patrice Chotard , Simon Glass , Tom Rini , Etienne Carriere , Jassi Brar Subject: [PATCH v15 00/15] FWU: Add FWU Multi Bank Update feature support Date: Fri, 21 Oct 2022 18:15:53 +0530 Message-Id: <20221021124608.681387-1-sughosh.ganu@linaro.org> X-Mailer: git-send-email 2.34.1 MIME-Version: 1.0 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.39 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.6 at phobos.denx.de X-Virus-Status: Clean The patchset adds support for the FWU Multi Bank Update[1] feature. Certain aspects of the Dependable Boot[2] specification have also been implemented. The FWU multi bank update feature is used for supporting multiple sets(also called banks) of firmware image(s), allowing the platform to boot from a different bank, in case it fails to boot from the active bank. This functionality is supported by keeping the relevant information in a structure called metadata, which provides information on the images. Among other parameters, the metadata structure contains information on the currect active bank that is being used to boot image(s). Functionality is being added to work with the UEFI capsule driver in u-boot. The metadata is read to gather information on the update bank, which is the bank to which the firmware images would be flashed to. On a successful completion of the update of all components, the active bank field in the metadata is updated, to reflect the bank from which the platform will boot on the subsequent boots. Currently, the feature is being enabled on the STM32MP157C-DK2 and Synquacer boards. The DK2 board boots a FIP image from a uSD card partitioned with the GPT partioning scheme, while the Synquacer board boots a FIP image from a MTD partitioned SPI NOR flash device. This feature also requires changes in a previous stage of bootloader, which parses the metadata and selects the bank to boot the image(s) from. Support has being added in tf-a(BL2 stage) for the STM32MP157C-DK2 board to boot the active bank images. These changes have been merged to the upstream tf-a repository. The patch for adding a python test for the feature has been developed, and was sent in the version 5 of the patches[3]. However, the test script depends on adding support for the feature on MTD SPI NOR devices, and that is being done as part of the Synquacer patches. Hence these set of patches do not have the test script for the feature. That will be added through the patches for adding support for the feauture on Synquacer platform. [1] - https://developer.arm.com/documentation/den0118/a [2] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf [3] - https://lists.denx.de/pipermail/u-boot/2022-June/485992.html Changes since V14: * Copy the primary metadata copy to the secondary metadata partition when both partitions are valid but do not match as suggested by Etienne * Add a note in fwu_update_mdata() specifying that the primary metadata partition needs to be updated first * Return EBADMSG in fwu_check_mdata_validity() instead of -1 as suggested by Ilias * Remove the check for nparts while iterating over the partitions as suggested by Ilias * Drop the superfluous braces in gpt_get_mdata_disk_part() * Add a NULL check for mdata in gpt_read_write_mdata() as suggested by Ilias * s/trial_state/in_trial/g as suggested by Ilias * Move the call to check for trial state in fwu_boottime_checks() as suggested by Ilias * Put the checks done earlier in fwu_trial_state_check() in fwu_trial_count_update() with the deletion of the variable called from a single place as suggested by Ilias * Add a function fwu_empty_capsule_checks_pass() to check if the empty capsules can be applied * Initialise the return value to EFI_INVALID_PARAMETER in fwu_empty_capsule_process() and get rid of the else part as suggested by Ilias * Remove the superfluous assignment of EFI_SUCCESS in fwu_post_update_process() as suggested by Ilias * Add a check for fwu_empty_capsule_checks_pass() to allow application of empty capsules only in trial state * Add a range check for the oemflags passed as suggested by Etienne * s/updation/update/ as suggested by Etienne Sughosh Ganu (15): dt/bindings: Add bindings for GPT based FWU Metadata storage device FWU: Add FWU metadata structure and driver for accessing metadata FWU: Add FWU metadata access driver for GPT partitioned block devices stm32mp1: Add a node for the FWU metadata device stm32mp1: Add image information for capsule updates FWU: Add helper functions for accessing FWU metadata FWU: STM32MP1: Add support to read boot index from backup register event: Add an event for main_loop FWU: Add boot time checks as highlighted by the FWU specification FWU: Add support for the FWU Multi Bank Update feature FWU: cmd: Add a command to read FWU metadata test: dm: Add test cases for FWU Metadata uclass mkeficapsule: Add support for generating empty capsules mkeficapsule: Add support for setting OEM flags in capsule header FWU: doc: Add documentation for the FWU feature arch/arm/dts/stm32mp157c-dk2-u-boot.dtsi | 7 + arch/arm/dts/stm32mp157c-ev1-u-boot.dtsi | 5 + arch/arm/mach-stm32mp/include/mach/stm32.h | 5 + arch/sandbox/Kconfig | 6 + arch/sandbox/dts/test.dts | 7 +- board/sandbox/sandbox.c | 8 + board/st/stm32mp1/stm32mp1.c | 39 + cmd/Kconfig | 6 + cmd/Makefile | 1 + cmd/fwu_mdata.c | 79 ++ common/board_r.c | 3 + common/event.c | 3 + configs/sandbox64_defconfig | 5 +- doc/develop/uefi/fwu_updates.rst | 184 +++++ doc/develop/uefi/index.rst | 1 + doc/develop/uefi/uefi.rst | 12 + .../firmware/fwu-mdata-gpt.yaml | 32 + doc/mkeficapsule.1 | 33 +- doc/usage/cmd/fwu_mdata.rst | 43 ++ doc/usage/index.rst | 1 + drivers/Kconfig | 2 + drivers/Makefile | 1 + drivers/fwu-mdata/Kconfig | 16 + drivers/fwu-mdata/Makefile | 8 + drivers/fwu-mdata/fwu-mdata-uclass.c | 186 +++++ drivers/fwu-mdata/gpt_blk.c | 290 +++++++ include/configs/stm32mp15_common.h | 4 + include/dm/uclass-id.h | 1 + include/event.h | 3 + include/fwu.h | 412 ++++++++++ include/fwu_mdata.h | 67 ++ lib/Kconfig | 6 + lib/Makefile | 1 + lib/efi_loader/efi_capsule.c | 210 ++++- lib/efi_loader/efi_firmware.c | 14 + lib/fwu_updates/Kconfig | 33 + lib/fwu_updates/Makefile | 7 + lib/fwu_updates/fwu.c | 719 ++++++++++++++++++ lib/fwu_updates/fwu_gpt.c | 123 +++ test/dm/Makefile | 1 + test/dm/fwu_mdata.c | 147 ++++ test/dm/fwu_mdata_disk_image.h | 112 +++ .../test_capsule_firmware_fit.py | 1 - .../test_capsule_firmware_signed_fit.py | 1 - tools/Makefile | 4 +- tools/eficapsule.h | 8 + tools/mkeficapsule.c | 114 ++- 47 files changed, 2949 insertions(+), 22 deletions(-) create mode 100644 cmd/fwu_mdata.c create mode 100644 doc/develop/uefi/fwu_updates.rst create mode 100644 doc/device-tree-bindings/firmware/fwu-mdata-gpt.yaml create mode 100644 doc/usage/cmd/fwu_mdata.rst create mode 100644 drivers/fwu-mdata/Kconfig create mode 100644 drivers/fwu-mdata/Makefile create mode 100644 drivers/fwu-mdata/fwu-mdata-uclass.c create mode 100644 drivers/fwu-mdata/gpt_blk.c create mode 100644 include/fwu.h create mode 100644 include/fwu_mdata.h create mode 100644 lib/fwu_updates/Kconfig create mode 100644 lib/fwu_updates/Makefile create mode 100644 lib/fwu_updates/fwu.c create mode 100644 lib/fwu_updates/fwu_gpt.c create mode 100644 test/dm/fwu_mdata.c create mode 100644 test/dm/fwu_mdata_disk_image.h