From patchwork Thu Jan 20 15:31:30 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Masami Hiramatsu X-Patchwork-Id: 533552 Delivered-To: patch@linaro.org Received: by 2002:ad5:5d50:0:0:0:0:0 with SMTP id x16csp1677778imu; Thu, 20 Jan 2022 07:31:51 -0800 (PST) X-Google-Smtp-Source: ABdhPJxCPV9UUI5OACDx0vaBMzokfQSmlpOpp+8KkDuqZotPrjc9ajUmIRb+d6WG2X2DSAFK4yGm X-Received: by 2002:a17:907:2d1e:: with SMTP id gs30mr23338104ejc.43.1642692711172; Thu, 20 Jan 2022 07:31:51 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1642692711; cv=none; d=google.com; s=arc-20160816; b=Oo4nmBjA1butBUyVXVhbvZ/vsn282jCFQ6goHpe4T4xMTINBpEfFZ4cOFp0Z8v8AMz IbMqKnRM85FdUbbGTHOQ1BJLKGakWUJEDRPge6DuS3+uMWXgFKW7agai8gLj2gGfp323 5yNbAV83hX772cGq/zggbF7k/30rxO7GfKsmyszWk4pOvDuhYUIPwicbISlEHMzSd77Y mtqfmbd0S1FiEb4mqkEApdHr5HyaAnoPzDnfF/EdDX4kdnpV0+zKP4rU5g4Izcz0O2e4 4G4j0lMN9MkUjkK1oitIr8ScVBP33ms2hkcFpJ7GoS4PGZRkIrh1kBySgZ4Y0kpaNCQ7 JJtw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:content-transfer-encoding :mime-version:user-agent:references:in-reply-to:message-id:date :subject:cc:to:from:dkim-signature; bh=YfuZH/npEtxyny4JtvSk8JFITyNMadd2Rfji2/F1ZL0=; b=HAQZv/IYbpwfgoMXPe1gDekDmBktfPF9bTvgdAdzA8BMLoSRzotWXlTAWlCZhI2hII prv7YvVxziUNr2gzQM8cGszObQy7bNY0ZC8YfBEC7sNOiHikAJD7dTjLJ/CIhGcpEKuT 91h38lnf4VTBfXMErIH9Ow8yybLaTCtULeB/Aaa/2YNSIJmRFk4Q41/Bb5I+khw9OYHc bbssxKzAqQ4FjseNWnn2+Kc2ukNnYiMxNQctJHU6HEwu8bKIEIite8ec8JCFEC6mwgPJ tvQ56fjDyYLpuGqWLN6wY0s+L8oSwOz3poehnsP9C8GfBoT6KcsZuJPZxLe7RiaVjpIr Ly5A== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=EvlPb0QB; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from phobos.denx.de (phobos.denx.de. [2a01:238:438b:c500:173d:9f52:ddab:ee01]) by mx.google.com with ESMTPS id n3si2172063edd.566.2022.01.20.07.31.50 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 20 Jan 2022 07:31:51 -0800 (PST) Received-SPF: pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) client-ip=2a01:238:438b:c500:173d:9f52:ddab:ee01; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=EvlPb0QB; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 7966C838DA; Thu, 20 Jan 2022 16:31:42 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="EvlPb0QB"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id 94547838BD; Thu, 20 Jan 2022 16:31:40 +0100 (CET) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.2 Received: from mail-pg1-x52c.google.com (mail-pg1-x52c.google.com [IPv6:2607:f8b0:4864:20::52c]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id 84051838DA for ; Thu, 20 Jan 2022 16:31:37 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=masami.hiramatsu@linaro.org Received: by mail-pg1-x52c.google.com with SMTP id r11so5627699pgr.6 for ; Thu, 20 Jan 2022 07:31:37 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :user-agent:mime-version:content-transfer-encoding; bh=YfuZH/npEtxyny4JtvSk8JFITyNMadd2Rfji2/F1ZL0=; b=EvlPb0QBp6Kp62eI8XF1QPe8KqkXWrFOjXrV+Kcp9MP4lkLFI7rxP3FschWWQDyv7E UeOJUYqaE4o2IAvboMvyYVLIHjn7aDnumisgmoqrUC3GtcXT77phZijScR00TqvOJ7ih ay/AwM7BM2kiiA0XnLWw8yJO7t0TteOht737Svikj6dSJXzUXGSKv0Kljyg2/Dxu6ino 70in/0edm+q4sBa747+CXC3C6YBILEL/gDvm12ZrR8AJchQPlZGFeJGnuHj6ic48SaCE aHt6RoyIHzutldS+oAz3fFVOOWij7ql1zCx6wU5sSbCFNpFvhiHrdTNUp0NGBkAfATnS G4Tw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:user-agent:mime-version:content-transfer-encoding; bh=YfuZH/npEtxyny4JtvSk8JFITyNMadd2Rfji2/F1ZL0=; b=P1tY3LyGej7vf8+pb2ElKrnKldfk5U3/um8ka2EsL0UHzN8WpDlEkg+pAf3uDg2MpI TUvsnbifmVEpygwTaEgXZkwDoJ+r0uf2XQLRMc2ibjzy1Ob1M4Isl5+N1prEEyH3Gy4i dDdtRRZz/wvYfN+wwSUmaBMh5XyeCy96C0bbApSLncCK/Y2fiLOZea7HCN8fYsgF4eUn IeLtHMeyj2fin+c1upu0UfAFKZlXcGzeOuDhQh3OhiUH1NwiBU3UuUwUOmYcw/tO6p3n +fpYi94U1q1EDh52kcFshrwh+rdfBe10S0/gWGJI+/UdQeBo1OE0KFlGI0oIQdAWTkDw AcXQ== X-Gm-Message-State: AOAM530bNylrCXJwpojwJ/7E5713VfaaRU3bqtj1a9kFjD3uccd6Gbn/ CafK8RtRkK1hYrLCKMiPZEHaMMx/jA3iAg== X-Received: by 2002:a05:6a00:1490:b0:4c2:7965:9512 with SMTP id v16-20020a056a00149000b004c279659512mr31679072pfu.55.1642692695652; Thu, 20 Jan 2022 07:31:35 -0800 (PST) Received: from localhost.localdomain (113x37x226x201.ap113.ftth.ucom.ne.jp. [113.37.226.201]) by smtp.gmail.com with ESMTPSA id bt6sm4687752pjb.3.2022.01.20.07.31.32 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 20 Jan 2022 07:31:35 -0800 (PST) From: Masami Hiramatsu To: u-boot@lists.denx.de Cc: Masami Hiramatsu , Patrick Delaunay , Patrice Chotard , Heinrich Schuchardt , Alexander Graf , AKASHI Takahiro , Simon Glass , Bin Meng , Ilias Apalodimas , Jose Marinho , Grant Likely , Tom Rini , Etienne Carriere , Sughosh Ganu , Paul Liu Subject: [RFC PATCH 13/14] FWU: synquacer: Initialize broken metadata Date: Fri, 21 Jan 2022 00:31:30 +0900 Message-Id: <164269269065.39378.5600466909754039339.stgit@localhost> X-Mailer: git-send-email 2.25.1 In-Reply-To: <164269255955.39378.260729958623102750.stgit@localhost> References: <164269255955.39378.260729958623102750.stgit@localhost> User-Agent: StGit/0.19 MIME-Version: 1.0 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.39 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.2 at phobos.denx.de X-Virus-Status: Clean Since the FWU metadata is not initialized at the installation, if it is broken, it should be initialized. Usually, the FWU metadata is not covered by capsule update, so it is safe to initialize the metadata portion if it seems broken. But for the production device, usually firmware will be installed with initialized metadata, and the broken metadata means the device can be compromized. In that case, build U-Boot without this option. Signed-off-by: Masami Hiramatsu --- board/socionext/developerbox/Kconfig | 12 ++++++ board/socionext/developerbox/fwu_plat.c | 59 +++++++++++++++++++++++++++++++ 2 files changed, 71 insertions(+) diff --git a/board/socionext/developerbox/Kconfig b/board/socionext/developerbox/Kconfig index 4e2c341aad..1b36e10f3b 100644 --- a/board/socionext/developerbox/Kconfig +++ b/board/socionext/developerbox/Kconfig @@ -51,4 +51,16 @@ config FWU_SF_PRIMARY_MDATA_OFFSET config FWU_SF_SECONDARY_MDATA_OFFSET default 0x520000 +config FWU_INIT_BROKEN_METADATA + bool "Initialize FWU metadata if broken" + select BOARD_LATE_INIT + default n + help + Initialize FWU metadata if the metadata is broken. + This option is only for the development environment, since if the + metadata is broken, it means someone may compromize it. In that case + the production device must be bricked. + But for the development environment, or initial installation of the + FWU multi-bank update firmware, this will be useful. + endif diff --git a/board/socionext/developerbox/fwu_plat.c b/board/socionext/developerbox/fwu_plat.c index dbb814f1fd..2982e47a16 100644 --- a/board/socionext/developerbox/fwu_plat.c +++ b/board/socionext/developerbox/fwu_plat.c @@ -156,3 +156,62 @@ struct fwu_mdata_ops *get_plat_fwu_mdata_ops(void) return fwu_sf_get_fwu_mdata_ops(); } +#ifdef CONFIG_FWU_INIT_BROKEN_METADATA + +static void devbox_init_fwu_mdata(void) +{ + const efi_guid_t null_guid = NULL_GUID; + struct fwu_image_bank_info *bank; + struct fwu_mdata *metadata; + int i, j, ret; + + metadata = memalign(ARCH_DMA_MINALIGN, sizeof(*metadata)); + if (!metadata) { + log_err("Failed to allocate initial metadata.\n"); + return; + } + + metadata->version = 1; + metadata->active_index = 0; + metadata->previous_active_index = 0; + + /* + * Since the DeveloperBox doesn't use GPT, both of + * fwu_image_entry::location_uuid and + * fwu_img_bank_info::image_uuid are null GUID. + */ + for (i = 0; i < CONFIG_FWU_NUM_IMAGES_PER_BANK; i++) { + guidcpy(&metadata->img_entry[i].image_type_uuid, + &devbox_fip_image_type_guid); + guidcpy(&metadata->img_entry[i].location_uuid, + &null_guid); + bank = metadata->img_entry[i].img_bank_info; + + for (j = 0; j < CONFIG_FWU_NUM_BANKS; j++) { + guidcpy(&bank[j].image_uuid, &null_guid); + bank[j].accepted = (j == 0) ? 1 : 0; + bank[j].reserved = 0; + } + } + + ret = fwu_update_mdata(metadata); + if (ret < 0) + log_err("Failed to initialize FWU metadata\n"); + else + log_err("Initialized FWU metadata\n"); + free(metadata); +} + +int board_late_init(void) +{ + struct fwu_mdata *metadata; + + if (fwu_get_mdata(&metadata) < 0) { + // Initialize FWU metadata if broken + log_err("Unable to get a valid metadata. Initialize it.\n"); + devbox_init_fwu_mdata(); + } + return 0; +} + +#endif