From patchwork Tue Jun 29 12:55:20 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ilias Apalodimas X-Patchwork-Id: 468307 Delivered-To: patch@linaro.org Received: by 2002:a02:c94a:0:0:0:0:0 with SMTP id u10csp4927542jao; Tue, 29 Jun 2021 05:55:32 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxUyPSPPQe93vG2jjFQgyA7c7kZu4wK1qsW3xFXvhAI2T/jENg8mC5OQl2mf6oFowH2CFus X-Received: by 2002:a17:907:3e17:: with SMTP id hp23mr29157833ejc.259.1624971332239; Tue, 29 Jun 2021 05:55:32 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1624971332; cv=none; d=google.com; s=arc-20160816; b=Th4C3p7h4vdkS0I//U801qpdzbg4V/tY8RLE2sxmWCgra7jf9/btkPoxmEn5l1RN7L b9Opa0H6Y+ndxFgouP3p4C23ruQUYSOik/tRw9B3imY4w9+rdc6VOJrR0bcWsRFZ0Lik cCQNsv6Uf9S093blwQoWEkfAwHHDdJdMtnMhYZyvR/SdwrmjfDLWqrDWZ9GhcMh+PaMK 4EJgEsOxKXvtBWIZIAH8MsAJb5l2DShoQGXE0ZhTV5uX6dsIJnDv3HbM+R3qhuSrS5s2 NW1WS2jCx9ijQNrsY7pcHuHbmYApLgbYg3CYtmwO1pSFj1YQLnhmpf/XXqCp166HLte6 yZJg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:content-transfer-encoding :mime-version:message-id:date:subject:cc:to:from:dkim-signature; bh=w1nNqaD80TKrW3q0ayAw//yt4HfJWEpo9yp8k/fTdlw=; b=abqQUwiDdIJUWHgFqFzE3QvlNFzegUBvRSKQRj0gZniYI/Bt0U5fA44yKkk2OTzSLj t80F0++zZeYl5UASfOT6nbWg876HMSirAiPLO3OmHua/xNvNQYmIU3s5/bj65fpeozP2 QD8SXJ/pRdQOot4PuIzQYnZzw/IXeCJ5KSIH1afMZ7bU0X0VrhGtc1MxOJp4hTsqulav d6goqzVEV1s0ztnVAfxyN8XIDP8j4MNfmWr9j5lJhk/NDiT25GzkIT0kofV84EIas8qO u0TDVNW7Q5KBXKFrf/39WQCTj5vm3sO+j72ISx/G9kQlb/hqMMF5EJqyiTbS4PBJw9CF pyXg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=tIWKujAa; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from phobos.denx.de (phobos.denx.de. [2a01:238:438b:c500:173d:9f52:ddab:ee01]) by mx.google.com with ESMTPS id i14si16672840edc.537.2021.06.29.05.55.31 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 29 Jun 2021 05:55:32 -0700 (PDT) Received-SPF: pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) client-ip=2a01:238:438b:c500:173d:9f52:ddab:ee01; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=tIWKujAa; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id B7CE482D80; Tue, 29 Jun 2021 14:55:28 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="tIWKujAa"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id F149D82E8E; Tue, 29 Jun 2021 14:55:26 +0200 (CEST) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,SPF_HELO_NONE autolearn=ham autolearn_force=no version=3.4.2 Received: from mail-ed1-x531.google.com (mail-ed1-x531.google.com [IPv6:2a00:1450:4864:20::531]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id E274C82D80 for ; Tue, 29 Jun 2021 14:55:23 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=ilias.apalodimas@linaro.org Received: by mail-ed1-x531.google.com with SMTP id n25so4635145edw.9 for ; Tue, 29 Jun 2021 05:55:23 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=w1nNqaD80TKrW3q0ayAw//yt4HfJWEpo9yp8k/fTdlw=; b=tIWKujAa3kJC4ChxvvjHX5PMxRR9wE+eOqHjBwbNl1UBjlzBcNR5mQ6f2Kox+fpm4u tABGBSWCOCBLP8rYHjYxcRHH7Y8XLrigPlCC+BX+lDJoJfXd20/Mm7JJpZ+K9z1iEwvG fFdHECDiS8JY7HLwn1ZFAENsUa9X13yWHDZs8kORuiNJlQy7wGwCK+pGIJ06MInrjOIy vY6ayrio3lt72HZv01O8Ioe9dbgDPrYcSqDrPqTCJMSwK4+9aVFOzH+cX+Fq5bT30gFK qmOsfbYF5ElC+Xe+CSQGvXhDxbKvYoo4+2Un6YufLUFg/H6DgoFpu2J26JrYGL4NtsPH DHRg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=w1nNqaD80TKrW3q0ayAw//yt4HfJWEpo9yp8k/fTdlw=; b=AXtiA5scAk5GSN1pl5q6G6bASC03aSx+iNvJMMVrgDAN0xZtSdJikWBs1vN8243xJ8 BRYjbBX1QcSv8vESvRBLitdIm2XkwDyeGALufRPWkC21ii6X3SkXJ3pBMwF0nqlNxvSv 0cTkWyl/l67fpz2fP3spam5BtGwKS4LRjONPxHtL7Y/Ay79BP5WK80xOecmlTcxDOsgd iJ6IsyGmxHfF/3DHxyhqov5SG8WvQdMP1o5A4akoNQhBvx0tN4w9Kr/V0rim71yMoi+W 3MQO38wytBiT4av8ZOmic6ilPKyL5xp9cjneUHTtME0crb8Ee5XGhW3qwoZPhunMeBql Hx8w== X-Gm-Message-State: AOAM530BG0K2biEmXLes25QUfrGs8rK484JnOo8yugyGCU19fEn6paZQ fj70vdgMynmitwZt+rGM9TTx9Zmt2oP3Ug== X-Received: by 2002:a50:d64a:: with SMTP id c10mr41186994edj.199.1624971323579; Tue, 29 Jun 2021 05:55:23 -0700 (PDT) Received: from localhost.localdomain (ppp-94-66-243-100.home.otenet.gr. [94.66.243.100]) by smtp.gmail.com with ESMTPSA id bq1sm8285721ejb.66.2021.06.29.05.55.22 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 29 Jun 2021 05:55:23 -0700 (PDT) From: Ilias Apalodimas To: xypron.glpk@gmx.de Cc: masami.hiramatsu@linaro.org, takahiro.akashi@linaro.org, pbrobinson@redhat.com, richard@hughsie.com, Ilias Apalodimas , Alexander Graf , u-boot@lists.denx.de Subject: [PATCH v2] efi_loader: Allow capsule update on-disk without checking OsIndications Date: Tue, 29 Jun 2021 15:55:20 +0300 Message-Id: <20210629125520.36856-1-ilias.apalodimas@linaro.org> X-Mailer: git-send-email 2.32.0.rc0 MIME-Version: 1.0 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.34 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.2 at phobos.denx.de X-Virus-Status: Clean Although U-Boot supports capsule update on-disk, it's lack of support for SetVariable at runtime prevents applications like fwupd from using it. In order to perform the capsule update on-disk the spec says that the OS must copy the capsule to the \EFI\UpdateCapsule directory and set a bit in the OsIndications variable. The firmware then checks for the EFI_OS_INDICATIONS_FILE_CAPSULE_DELIVERY_SUPPORTED bit in OsIndications variable, which is set by submitter to trigger processing of the capsule on next reboot. Let's add a config option which ignores the bit checking in OsIndications and just rely on the capsule being present (which breaks the EFI spec). Since U-Boot deletes the capsule while processing it, we won't end up running it multiple times. Note that this is allowed for all capsules. In the future once, authenticated capsules is fully supported, we can limit the functionality to those only. Reviewed-by: Heinrich Schuchardt Signed-off-by: Ilias Apalodimas --- changes since v1: - explicitly state in the Kconfig that this breaks the EFI spec. lib/efi_loader/Kconfig | 10 ++++++++++ lib/efi_loader/efi_capsule.c | 36 ++++++++++++++++++++++++++++-------- 2 files changed, 38 insertions(+), 8 deletions(-) -- 2.32.0.rc0 diff --git a/lib/efi_loader/Kconfig b/lib/efi_loader/Kconfig index 684adfb62379..9c4d4b41e450 100644 --- a/lib/efi_loader/Kconfig +++ b/lib/efi_loader/Kconfig @@ -137,6 +137,16 @@ config EFI_CAPSULE_ON_DISK under a specific directory on UEFI system partition instead of via UpdateCapsule API. +config EFI_IGNORE_OSINDICATIONS + bool "Ignore OsIndications for CapsuleUpdate on-disk" + depends on EFI_CAPSULE_ON_DISK + default n + help + There are boards were we can't support SetVariable at runtime. + Select this option if you want to use capsule-on-disk feature, + without setting the OsIndications bit. Note that enabling this + breaks conformance to the EFI spec and CapsuleUpdate on-disk. + config EFI_CAPSULE_ON_DISK_EARLY bool "Initiate capsule-on-disk at U-Boot boottime" depends on EFI_CAPSULE_ON_DISK diff --git a/lib/efi_loader/efi_capsule.c b/lib/efi_loader/efi_capsule.c index d7136035d8f9..50bed32bfb3b 100644 --- a/lib/efi_loader/efi_capsule.c +++ b/lib/efi_loader/efi_capsule.c @@ -948,6 +948,33 @@ efi_status_t __weak efi_load_capsule_drivers(void) return ret; } +/** + * check_run_capsules - Check whether capsule update should run + * + * The spec says OsIndications must be set in order to run the capsule update + * on-disk. Since U-Boot doesn't support runtime SetVariable, allow capsules to + * run explicitly if CONFIG_EFI_IGNORE_OSINDICATIONS is selected + */ +static bool check_run_capsules(void) +{ + u64 os_indications; + efi_uintn_t size; + efi_status_t ret; + + if (IS_ENABLED(CONFIG_EFI_IGNORE_OSINDICATIONS)) + return true; + + size = sizeof(os_indications); + ret = efi_get_variable_int(L"OsIndications", &efi_global_variable_guid, + NULL, &size, &os_indications, NULL); + if (ret == EFI_SUCCESS && + (os_indications + & EFI_OS_INDICATIONS_FILE_CAPSULE_DELIVERY_SUPPORTED)) + return true; + + return false; +} + /** * efi_launch_capsule - launch capsules * @@ -958,20 +985,13 @@ efi_status_t __weak efi_load_capsule_drivers(void) */ efi_status_t efi_launch_capsules(void) { - u64 os_indications; - efi_uintn_t size; struct efi_capsule_header *capsule = NULL; u16 **files; unsigned int nfiles, index, i; u16 variable_name16[12]; efi_status_t ret; - size = sizeof(os_indications); - ret = efi_get_variable_int(L"OsIndications", &efi_global_variable_guid, - NULL, &size, &os_indications, NULL); - if (ret != EFI_SUCCESS || - !(os_indications - & EFI_OS_INDICATIONS_FILE_CAPSULE_DELIVERY_SUPPORTED)) + if (!check_run_capsules()) return EFI_SUCCESS; index = get_last_capsule();