From patchwork Thu Sep 15 08:14:45 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sughosh Ganu X-Patchwork-Id: 606196 Delivered-To: patch@linaro.org Received: by 2002:ab3:1c02:0:b0:1e7:4ce8:c350 with SMTP id u2csp147041lth; Thu, 15 Sep 2022 01:17:15 -0700 (PDT) X-Google-Smtp-Source: AA6agR5Y72+ITyRd+U+H8gRq4Kq9VqER+WXFthaFA6Kf0jetf59sHYoYtHTGVxCtG/9koqo0zpUM X-Received: by 2002:a17:906:845b:b0:770:86da:9702 with SMTP id e27-20020a170906845b00b0077086da9702mr26981907ejy.244.1663229835509; Thu, 15 Sep 2022 01:17:15 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1663229835; cv=none; d=google.com; s=arc-20160816; b=m8DGBtj5oTmKTkw49oT8/mCo5olRsDQEaHpftT5P6rCx3oFFHDEPnaFZFryuyXzDk1 924T4OPQukb6lPIQjInPQFj0ghmqN4/4qYf7MwDJnXz/1ceuTLJcicCe1dRvAsH1EpkP hwMxGrMP3hnp4M8fXmi8BCJi/+GgV2Uk77HDWtc68OZ/7sotV5nnk6njpHUwLxy+DE48 YSgBYfGCLyEp/y30vBHUuDBxHngoXACgDLbhxLPvMhhldnFrNYc59I0B+yppxLl/pOOM nwO19mioul2AG0ZA8vxdxJ0YRSdrPvHiJy+tE+jx0lxwzchmMPKBoO6Ci0ilvuVtMRPj qMeA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:content-transfer-encoding :mime-version:references:in-reply-to:message-id:date:subject:cc:to :from; bh=VieVvm/y+MmSMTcYDubB0+C0A6N3V40fkd+uAB6HKiI=; b=sd/7BUWSkn7eY7Q74QWnpdrx7X+jNsAP2heW/fgXVSILYicCfyf752vJQsAr63zD0N tbjzxCTlrMoOkuu8zGsioCKZ2FdFyZVgqMGGfWu3uqTx7Pi31hwx3AJjxwejVLJMCM1b g6GKSmZuq2aKff9raB3nOw1QHyMVk5b//AsayAeDKIkQbXvLq0IVIbYtWMVTVpUfrF0l Y7dlCfeVZruXg82IDz6nxrmSjaxFdyhKpDe3xGQC2e91JxK2FShxoMCayxj84MoY7dmf IOAxG1UT1YxczYmQ4je2PJy2Zex+jsA507m9mUoSOqnncLY1g3C0HstsEmPDuNANooFs T/9A== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from phobos.denx.de (phobos.denx.de. [2a01:238:438b:c500:173d:9f52:ddab:ee01]) by mx.google.com with ESMTPS id x2-20020a05640225c200b0044ec0f9e8aasi13275857edb.563.2022.09.15.01.17.15 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 15 Sep 2022 01:17:15 -0700 (PDT) Received-SPF: pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) client-ip=2a01:238:438b:c500:173d:9f52:ddab:ee01; Authentication-Results: mx.google.com; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id B30A384B86; Thu, 15 Sep 2022 10:16:04 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=fail (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Received: by phobos.denx.de (Postfix, from userid 109) id 433EA84B9E; Thu, 15 Sep 2022 10:16:03 +0200 (CEST) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-1.2 required=5.0 tests=BAYES_00,SPF_HELO_NONE, SPF_SOFTFAIL,T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=3.4.2 Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by phobos.denx.de (Postfix) with ESMTP id 0B4A684B9F for ; Thu, 15 Sep 2022 10:15:58 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=fail (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=fail smtp.mailfrom=sughosh.ganu@linaro.org Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id D94881CE2; Thu, 15 Sep 2022 01:16:03 -0700 (PDT) Received: from a076522.blr.arm.com (a076522.blr.arm.com [10.162.16.44]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id C65B03F73B; Thu, 15 Sep 2022 01:15:53 -0700 (PDT) From: Sughosh Ganu To: u-boot@lists.denx.de Cc: Heinrich Schuchardt , Ilias Apalodimas , Takahiro Akashi , Patrick Delaunay , Patrice Chotard , Simon Glass , Bin Meng , Tom Rini , Etienne Carriere , Michal Simek , Jassi Brar , Sughosh Ganu Subject: [PATCH v10 09/15] FWU: Add boot time checks as highlighted by the FWU specification Date: Thu, 15 Sep 2022 13:44:45 +0530 Message-Id: <20220915081451.633983-10-sughosh.ganu@linaro.org> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20220915081451.633983-1-sughosh.ganu@linaro.org> References: <20220915081451.633983-1-sughosh.ganu@linaro.org> MIME-Version: 1.0 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.39 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.6 at phobos.denx.de X-Virus-Status: Clean The FWU Multi Bank Update specification requires the Update Agent to carry out certain checks at the time of platform boot. The Update Agent is the component which is responsible for updating the firmware components and maintaining and keeping the metadata in sync. The spec requires that the Update Agent perform the following checks at the time of boot * Sanity check of both the metadata copies maintained by the platform. * Get the boot index passed to U-Boot by the prior stage bootloader and use this value for metadata bookkeeping. * Check if the system is booting in Trial State. If the system boots in the Trial State for more than a specified number of boot counts, change the Active Bank to be booting the platform from. Call these checks through the main loop event at the time of platform boot. Signed-off-by: Sughosh Ganu Reviewed-by: Etienne Carriere --- Changes since V9: * Remove the unused variable active_idx, as suggested by Etienne include/fwu.h | 13 +++ lib/efi_loader/efi_setup.c | 1 + lib/fwu_updates/fwu.c | 192 ++++++++++++++++++++++++++++++++++++- 3 files changed, 204 insertions(+), 2 deletions(-) diff --git a/include/fwu.h b/include/fwu.h index 484289ed4f..d5f77ce83c 100644 --- a/include/fwu.h +++ b/include/fwu.h @@ -256,4 +256,17 @@ int fwu_plat_get_update_index(uint *update_idx); * */ void fwu_plat_get_bootidx(uint *boot_idx); + +/** + * fwu_update_checks_pass() - Check if FWU update can be done + * + * Check if the FWU update can be executed. The updates are + * allowed only when the platform is not in Trial State and + * the boot time checks have passed + * + * Return: 1 if OK, 0 on error + * + */ +u8 fwu_update_checks_pass(void); + #endif /* _FWU_H_ */ diff --git a/lib/efi_loader/efi_setup.c b/lib/efi_loader/efi_setup.c index c633fcd91e..557e97de4a 100644 --- a/lib/efi_loader/efi_setup.c +++ b/lib/efi_loader/efi_setup.c @@ -199,6 +199,7 @@ static efi_status_t __efi_init_early(void) goto out; ret = efi_disk_init(); + out: return ret; } diff --git a/lib/fwu_updates/fwu.c b/lib/fwu_updates/fwu.c index 8e91b7aeae..32518d6f86 100644 --- a/lib/fwu_updates/fwu.c +++ b/lib/fwu_updates/fwu.c @@ -4,10 +4,19 @@ */ #include +#include #include +#include +#include #include #include -#include +#include + +#include +#include + +static u8 trial_state; +static u8 boottime_check; #include #include @@ -16,8 +25,112 @@ #define IMAGE_ACCEPT_SET BIT(0) #define IMAGE_ACCEPT_CLEAR BIT(1) -static int fwu_get_dev_mdata(struct udevice **dev, struct fwu_mdata *mdata) +static int trial_counter_update(u16 *trial_state_ctr) +{ + bool delete; + u32 var_attr; + efi_status_t status; + efi_uintn_t var_size; + + delete = !trial_state_ctr ? true : false; + var_size = !trial_state_ctr ? 0 : (efi_uintn_t)sizeof(*trial_state_ctr); + var_attr = !trial_state_ctr ? 0 : EFI_VARIABLE_NON_VOLATILE | + EFI_VARIABLE_BOOTSERVICE_ACCESS; + status = efi_set_variable_int(u"TrialStateCtr", + &efi_global_variable_guid, + var_attr, + var_size, trial_state_ctr, false); + + if ((delete && (status != EFI_NOT_FOUND && + status != EFI_SUCCESS)) || + (!delete && status != EFI_SUCCESS)) + return -1; + + return 0; +} + +static int in_trial_state(struct fwu_mdata *mdata) +{ + u32 i, active_bank; + struct fwu_image_entry *img_entry; + struct fwu_image_bank_info *img_bank_info; + + active_bank = mdata->active_index; + img_entry = &mdata->img_entry[0]; + for (i = 0; i < CONFIG_FWU_NUM_IMAGES_PER_BANK; i++) { + img_bank_info = &img_entry[i].img_bank_info[active_bank]; + if (!img_bank_info->accepted) { + return 1; + } + } + + return 0; +} + +static int fwu_trial_state_check(struct udevice *dev) +{ + int ret; + efi_status_t status; + efi_uintn_t var_size; + u16 trial_state_ctr; + u32 var_attributes; + struct fwu_mdata mdata = { 0 }; + + ret = fwu_get_mdata(dev, &mdata); + if (ret) + return ret; + + if ((trial_state = in_trial_state(&mdata))) { + var_size = (efi_uintn_t)sizeof(trial_state_ctr); + log_info("System booting in Trial State\n"); + var_attributes = EFI_VARIABLE_NON_VOLATILE | + EFI_VARIABLE_BOOTSERVICE_ACCESS; + status = efi_get_variable_int(u"TrialStateCtr", + &efi_global_variable_guid, + &var_attributes, + &var_size, &trial_state_ctr, + NULL); + if (status != EFI_SUCCESS) { + log_err("Unable to read TrialStateCtr variable\n"); + ret = -1; + goto out; + } + + ++trial_state_ctr; + if (trial_state_ctr > CONFIG_FWU_TRIAL_STATE_CNT) { + log_info("Trial State count exceeded. Revert back to previous_active_index\n"); + ret = fwu_revert_boot_index(); + if (ret) { + log_err("Unable to revert active_index\n"); + goto out; + } + + /* Delete the TrialStateCtr variable */ + ret = trial_counter_update(NULL); + if (ret) { + log_err("Unable to delete TrialStateCtr variable\n"); + goto out; + } + } else { + ret = trial_counter_update(&trial_state_ctr); + if (ret) { + log_err("Unable to increment TrialStateCtr variable\n"); + goto out; + } + } + } else { + /* Delete the variable */ + ret = trial_counter_update(NULL); + if (ret) { + log_err("Unable to delete TrialStateCtr variable\n"); + } + } + +out: + return ret; +} +static int fwu_get_dev_mdata(struct udevice **dev, struct fwu_mdata *mdata) { int ret; @@ -27,6 +140,9 @@ static int fwu_get_dev_mdata(struct udevice **dev, struct fwu_mdata *mdata) return ret; } + if (!mdata) + return 0; + ret = fwu_get_mdata(*dev, mdata); if (ret < 0) log_debug("Unable to get valid FWU metadata\n"); @@ -358,3 +474,75 @@ __weak int fwu_plat_get_update_index(uint *update_idx) return ret; } + +/** + * fwu_update_checks_pass() - Check if FWU update can be done + * + * Check if the FWU update can be executed. The updates are + * allowed only when the platform is not in Trial State and + * the boot time checks have passed + * + * Return: 1 if OK, 0 on error + * + */ +u8 fwu_update_checks_pass(void) +{ + return !trial_state && boottime_check; +} + +static int fwu_boottime_checks(void *ctx, struct event *event) +{ + int ret; + struct udevice *dev; + u32 boot_idx, active_idx; + + ret = fwu_get_dev_mdata(&dev, NULL); + if (ret) + return ret; + + ret = fwu_mdata_check(dev); + if (ret) { + return 0; + } + + /* + * Get the Boot Index, i.e. the bank from + * which the platform has booted. This value + * gets passed from the ealier stage bootloader + * which booted u-boot, e.g. tf-a. If the + * boot index is not the same as the + * active_index read from the FWU metadata, + * update the active_index. + */ + fwu_plat_get_bootidx(&boot_idx); + if (boot_idx >= CONFIG_FWU_NUM_BANKS) { + log_err("Received incorrect value of boot_index\n"); + return 0; + } + + ret = fwu_get_active_index(&active_idx); + if (ret) { + log_err("Unable to read active_index\n"); + return 0; + } + + if (boot_idx != active_idx) { + log_info("Boot idx %u is not matching active idx %u, changing active_idx\n", + boot_idx, active_idx); + ret = fwu_update_active_index(boot_idx); + if (!ret) + boottime_check = 1; + + return 0; + } + + if (efi_init_obj_list() != EFI_SUCCESS) + return 0; + + ret = fwu_trial_state_check(dev); + if (!ret) + boottime_check = 1; + + return 0; +} +EVENT_SPY(EVT_MAIN_LOOP, fwu_boottime_checks);