| Message ID | 164511074686.43219.11720107253974331269.stgit@localhost |
|---|---|
| State | New |
| Headers | show |
| Series | FWU: Add FWU Multi Bank Update for DeveloerBox | expand |
Hi, I decided to add tools/mkfwumdata tool to make a raw image of fwu_mdata for initialization. So this patch will be dropped from next version. Thank you, 2022年2月18日(金) 0:12 Masami Hiramatsu <masami.hiramatsu@linaro.org>: > > Since the FWU metadata is not initialized at the installation, > if it is broken, it should be initialized. Usually, the FWU > metadata is not covered by capsule update, so it is safe to > initialize the metadata portion if it seems broken. > > But for the production device, usually firmware will be installed > with initialized metadata, and the broken metadata means the > device can be compromized. In that case, build U-Boot without > this option. > > Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> > --- > board/socionext/developerbox/Kconfig | 12 ++++++ > board/socionext/developerbox/fwu_plat.c | 60 +++++++++++++++++++++++++++++++ > 2 files changed, 72 insertions(+) > > diff --git a/board/socionext/developerbox/Kconfig b/board/socionext/developerbox/Kconfig > index 4120098cab..9fbe8d1e74 100644 > --- a/board/socionext/developerbox/Kconfig > +++ b/board/socionext/developerbox/Kconfig > @@ -44,4 +44,16 @@ config FWU_NUM_BANKS > config FWU_NUM_IMAGES_PER_BANK > default 1 > > +config FWU_INIT_BROKEN_METADATA > + bool "Initialize FWU metadata if broken" > + select BOARD_LATE_INIT > + default n > + help > + Initialize FWU metadata if the metadata is broken. > + This option is only for the development environment, since if the > + metadata is broken, it means someone may compromize it. In that case > + the production device must be bricked. > + But for the development environment, or initial installation of the > + FWU multi-bank update firmware, this will be useful. > + > endif > diff --git a/board/socionext/developerbox/fwu_plat.c b/board/socionext/developerbox/fwu_plat.c > index cbbbd58bc0..1892f79660 100644 > --- a/board/socionext/developerbox/fwu_plat.c > +++ b/board/socionext/developerbox/fwu_plat.c > @@ -176,3 +176,63 @@ void fwu_plat_get_bootidx(void *boot_idx) > else > *bootidx = devbox_plat_metadata->boot_index; > } > + > +#ifdef CONFIG_FWU_INIT_BROKEN_METADATA > + > +static void devbox_init_fwu_mdata(void) > +{ > + const efi_guid_t null_guid = NULL_GUID; > + struct fwu_image_bank_info *bank; > + struct fwu_mdata *metadata; > + int i, j, ret; > + > + metadata = memalign(ARCH_DMA_MINALIGN, sizeof(*metadata)); > + if (!metadata) { > + log_err("Failed to allocate initial metadata.\n"); > + return; > + } > + > + metadata->version = 1; > + metadata->active_index = 0; > + metadata->previous_active_index = 0; > + > + /* > + * Since the DeveloperBox doesn't use GPT, both of > + * fwu_image_entry::location_uuid and > + * fwu_img_bank_info::image_uuid are null GUID. > + */ > + for (i = 0; i < CONFIG_FWU_NUM_IMAGES_PER_BANK; i++) { > + guidcpy(&metadata->img_entry[i].image_type_uuid, > + &devbox_fip_image_type_guid); > + guidcpy(&metadata->img_entry[i].location_uuid, > + &null_guid); > + bank = metadata->img_entry[i].img_bank_info; > + > + for (j = 0; j < CONFIG_FWU_NUM_BANKS; j++) { > + guidcpy(&bank[j].image_uuid, &null_guid); > + bank[j].accepted = (j == 0) ? 1 : 0; > + bank[j].reserved = 0; > + } > + } > + > + ret = fwu_update_mdata(metadata); > + if (ret < 0) > + log_err("Failed to initialize FWU metadata\n"); > + else > + log_err("Initialized FWU metadata\n"); > + free(metadata); > +} > + > +int board_late_init(void) > +{ > + struct fwu_mdata *metadata; > + > + if (fwu_get_mdata(&metadata) < 0) { > + // Initialize FWU metadata if broken > + log_err("Unable to get a valid metadata. Initialize it.\n"); > + devbox_init_fwu_mdata(); > + } > + return 0; > +} > + > +#endif >
diff --git a/board/socionext/developerbox/Kconfig b/board/socionext/developerbox/Kconfig index 4120098cab..9fbe8d1e74 100644 --- a/board/socionext/developerbox/Kconfig +++ b/board/socionext/developerbox/Kconfig @@ -44,4 +44,16 @@ config FWU_NUM_BANKS config FWU_NUM_IMAGES_PER_BANK default 1 +config FWU_INIT_BROKEN_METADATA + bool "Initialize FWU metadata if broken" + select BOARD_LATE_INIT + default n + help + Initialize FWU metadata if the metadata is broken. + This option is only for the development environment, since if the + metadata is broken, it means someone may compromize it. In that case + the production device must be bricked. + But for the development environment, or initial installation of the + FWU multi-bank update firmware, this will be useful. + endif diff --git a/board/socionext/developerbox/fwu_plat.c b/board/socionext/developerbox/fwu_plat.c index cbbbd58bc0..1892f79660 100644 --- a/board/socionext/developerbox/fwu_plat.c +++ b/board/socionext/developerbox/fwu_plat.c @@ -176,3 +176,63 @@ void fwu_plat_get_bootidx(void *boot_idx) else *bootidx = devbox_plat_metadata->boot_index; } + +#ifdef CONFIG_FWU_INIT_BROKEN_METADATA + +static void devbox_init_fwu_mdata(void) +{ + const efi_guid_t null_guid = NULL_GUID; + struct fwu_image_bank_info *bank; + struct fwu_mdata *metadata; + int i, j, ret; + + metadata = memalign(ARCH_DMA_MINALIGN, sizeof(*metadata)); + if (!metadata) { + log_err("Failed to allocate initial metadata.\n"); + return; + } + + metadata->version = 1; + metadata->active_index = 0; + metadata->previous_active_index = 0; + + /* + * Since the DeveloperBox doesn't use GPT, both of + * fwu_image_entry::location_uuid and + * fwu_img_bank_info::image_uuid are null GUID. + */ + for (i = 0; i < CONFIG_FWU_NUM_IMAGES_PER_BANK; i++) { + guidcpy(&metadata->img_entry[i].image_type_uuid, + &devbox_fip_image_type_guid); + guidcpy(&metadata->img_entry[i].location_uuid, + &null_guid); + bank = metadata->img_entry[i].img_bank_info; + + for (j = 0; j < CONFIG_FWU_NUM_BANKS; j++) { + guidcpy(&bank[j].image_uuid, &null_guid); + bank[j].accepted = (j == 0) ? 1 : 0; + bank[j].reserved = 0; + } + } + + ret = fwu_update_mdata(metadata); + if (ret < 0) + log_err("Failed to initialize FWU metadata\n"); + else + log_err("Initialized FWU metadata\n"); + free(metadata); +} + +int board_late_init(void) +{ + struct fwu_mdata *metadata; + + if (fwu_get_mdata(&metadata) < 0) { + // Initialize FWU metadata if broken + log_err("Unable to get a valid metadata. Initialize it.\n"); + devbox_init_fwu_mdata(); + } + return 0; +} + +#endif
Since the FWU metadata is not initialized at the installation, if it is broken, it should be initialized. Usually, the FWU metadata is not covered by capsule update, so it is safe to initialize the metadata portion if it seems broken. But for the production device, usually firmware will be installed with initialized metadata, and the broken metadata means the device can be compromized. In that case, build U-Boot without this option. Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> --- board/socionext/developerbox/Kconfig | 12 ++++++ board/socionext/developerbox/fwu_plat.c | 60 +++++++++++++++++++++++++++++++ 2 files changed, 72 insertions(+)