From patchwork Tue Jun 29 04:55:51 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ilias Apalodimas X-Patchwork-Id: 468294 Delivered-To: patch@linaro.org Received: by 2002:a02:c94a:0:0:0:0:0 with SMTP id u10csp4608063jao; Mon, 28 Jun 2021 21:56:03 -0700 (PDT) X-Google-Smtp-Source: ABdhPJy33G/3CuW8BXbLXKACiSEu1xwpCpqTk2vyD7hOat9Ctlb/mWKiOomJTeBDjSt3m9fRFxdA X-Received: by 2002:a17:906:2583:: with SMTP id m3mr27100173ejb.506.1624942562995; Mon, 28 Jun 2021 21:56:02 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1624942562; cv=none; d=google.com; s=arc-20160816; b=ARywmFMw264sS/sbQqYd5rPsWeJBle0nygNC0klzPQwyFEQJ1Kjiuvq1L1o+simSdA /zF0DuU/GU84yqV8OrIMx0TEDNk5Wc1fITbnhe82kMZ/1kxQghYYPh2PljHRlnOCe+y/ Q67hQNG2mObikHbQWPyMAPd7uLTPXjUGNWVogZEjbUsE9M/HhZQ+DsLDr1FZAhWpFPzo TPwz16KQceiMnHG5cPgaXtuWUW1ggFWwHe4rkBwmW/fpwxgkqGz54c50U5jRgNmrDaG7 IAzR2s188TtYuhk3UCBWVuKbISx8duWEtTUA+VoWXmXXeTKrIhDaUHQ/vSvHPuhuO5rH Bdjg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:content-transfer-encoding :mime-version:message-id:date:subject:cc:to:from:dkim-signature; bh=0S4MLXRvMc5YBbDMG/DinE630PeWnfKycwho6jm2e+I=; b=cvJif4qvZsxNuANlPOt6+0nXUroHiTSaaFReJp/cNehfPUuaAzN6elZQFkIDyGTwaS 06ExMfKQYJ/9eRjCgOMae5mvMlq8KycD2k6v+wwXkMG6uWvKXC23GYJLTmE6h8dUX8b9 A4clj6/boczB8pjrEwIwlTTOzjmsgVZEJV05ojkoJ/E4JPFByd5k4dOkMuGtUexInIM+ CDnY36SEkS/qELqDC5jiNXyxwIf5PlneNVTBoH0f1QhlN0uuTBagMs3WDQXBFAkO3YiN ZE/o6UfuQtHMNjbo5NIimCmAooVXEfbYdyIP5q5eAz0JhmtJsoQn/Rf9CDGXmhwo/c1k S5zg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=Kk1Cv2IX; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 85.214.62.61 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from phobos.denx.de (phobos.denx.de. [85.214.62.61]) by mx.google.com with ESMTPS id bo13si15946090edb.444.2021.06.28.21.56.02 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 28 Jun 2021 21:56:02 -0700 (PDT) Received-SPF: pass (google.com: domain of u-boot-bounces@lists.denx.de designates 85.214.62.61 as permitted sender) client-ip=85.214.62.61; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=Kk1Cv2IX; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 85.214.62.61 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id B2AE082E98; Tue, 29 Jun 2021 06:55:59 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="Kk1Cv2IX"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id 7E4F782EF8; Tue, 29 Jun 2021 06:55:58 +0200 (CEST) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,SPF_HELO_NONE autolearn=ham autolearn_force=no version=3.4.2 Received: from mail-wm1-x334.google.com (mail-wm1-x334.google.com [IPv6:2a00:1450:4864:20::334]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id 8CA9682E6A for ; Tue, 29 Jun 2021 06:55:55 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=ilias.apalodimas@linaro.org Received: by mail-wm1-x334.google.com with SMTP id k30-20020a05600c1c9eb02901d4d33c5ca0so1456398wms.3 for ; Mon, 28 Jun 2021 21:55:55 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=0S4MLXRvMc5YBbDMG/DinE630PeWnfKycwho6jm2e+I=; b=Kk1Cv2IXA4NdUwJEUwrbkABnuoMpMg8BiBeAhVuDv009/TlmwEx1PhjBkGChOM7K8h q0HVA6JeT3cdAlTkk+N3dAwAL9P8vypf46i+GKyS3011M9kSRBElfVaOzfptZIz7pNfp BNvJiG1oy9U96QFNnmxUIgK2KyuTzOrz+wv19op/Ho1KDoNR2pzYGtvjsGOm48sreYCX bfBvPPyLCFJAxFzPiWf7VkQvpLTacnACGuFqZhdwWXl89nYZxQHtMZUf+T6prmtn1he+ zXzN/7OTSEnRWCsfzMIl+x1jfdtTeHsqyjpcsYDzIw1NFnVBOCOemw4/Jtp2pwdXzIhz hv0Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=0S4MLXRvMc5YBbDMG/DinE630PeWnfKycwho6jm2e+I=; b=RUzbtMQ//neh82+lQhGDoy8OnEsiN3lAz03w+KVQ5LYsiXMtn6E3gc44dBf0OSkrHr G4ZsEHzTpx870aOMbDyW/Iyj+Mof949ZhwUVR9jYYMriQhDtDc0m/UQ+TTJpX78T+KoU YInFY6RB28Ovp70uWg5G3UoUhe7aXhlY3dikoFapVJhaZMMGKBa+QwQteMgvGPgmEbfI E3BLaVI9vgHJe3oOA+V0BGeEbOI+XE8OmeSEx8AdrCmd155dMckw8yaMVG1/fueQ5rMb hgWJoxZZv9xHttRV4ROY+gd50vD0tp0QlslrTQtI/os75sgkYaVG2uJ46jwDhHfTP81W 5Xzg== X-Gm-Message-State: AOAM531CCS2SMpp0hLfUCjjvab9sp7gRTxjq4LQWcnv3pmD4qe/b/wug OWQtZBnteoGe2wpcaqt+XTr3Wg== X-Received: by 2002:a1c:f016:: with SMTP id a22mr30498715wmb.65.1624942555116; Mon, 28 Jun 2021 21:55:55 -0700 (PDT) Received: from localhost.localdomain (ppp-94-66-243-100.home.otenet.gr. [94.66.243.100]) by smtp.gmail.com with ESMTPSA id o2sm17096308wrp.53.2021.06.28.21.55.54 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 28 Jun 2021 21:55:54 -0700 (PDT) From: Ilias Apalodimas To: xypron.glpk@gmx.de Cc: masami.hiramatsu@linaro.org, takahiro.akashi@linaro.org, pbrobinson@redhat.com, richard@hughsie.com, apalos , Alexander Graf , u-boot@lists.denx.de Subject: [PATCH] efi_loader: Allow capsule update on-disk without checking OsIndications Date: Tue, 29 Jun 2021 07:55:51 +0300 Message-Id: <20210629045552.22372-1-ilias.apalodimas@linaro.org> X-Mailer: git-send-email 2.32.0.rc0 MIME-Version: 1.0 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.34 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.2 at phobos.denx.de X-Virus-Status: Clean From: apalos Although U-Boot supports capsule update on-disk, it's lack of support for SetVariable at runtime prevents applications like fwupd from using it. In order to perform the capsule update on-disk the spec says that the OS must copy the capsule to the \EFI\UpdateCapsule directory and set a bit in the OsIndications variable. The firmware then checks for the EFI_OS_INDICATIONS_FILE_CAPSULE_DELIVERY_SUPPORTED bit in OsIndications variable, which is set by submitter to trigger processing of the capsule on next reboot. Let's add a config option which ignores the bit checking in OsIndications and just rely on the capsule being present. Since U-Boot deletes the capsule while processing it, we won't end up running it multiple times. Note that this is allowed for all capsules. In the future once, authenticated capsules is fully supported, we can limit the functionality to those only. Signed-off-by: apalos --- lib/efi_loader/Kconfig | 9 +++++++++ lib/efi_loader/efi_capsule.c | 36 ++++++++++++++++++++++++++++-------- 2 files changed, 37 insertions(+), 8 deletions(-) -- 2.32.0.rc0 Reviewed-by: Heinrich Schuchardt diff --git a/lib/efi_loader/Kconfig b/lib/efi_loader/Kconfig index 684adfb62379..5a3820e76122 100644 --- a/lib/efi_loader/Kconfig +++ b/lib/efi_loader/Kconfig @@ -137,6 +137,15 @@ config EFI_CAPSULE_ON_DISK under a specific directory on UEFI system partition instead of via UpdateCapsule API. +config EFI_IGNORE_OSINDICATIONS + bool "Ignore OsIndications for CapsuleUpdate on-disk" + depends on EFI_CAPSULE_ON_DISK + default n + help + There are boards were we can't support SetVariable at runtime. + Select this option if you want to use capsule-on-disk feature, + without setting the OsIndications bit. + config EFI_CAPSULE_ON_DISK_EARLY bool "Initiate capsule-on-disk at U-Boot boottime" depends on EFI_CAPSULE_ON_DISK diff --git a/lib/efi_loader/efi_capsule.c b/lib/efi_loader/efi_capsule.c index d7136035d8f9..50bed32bfb3b 100644 --- a/lib/efi_loader/efi_capsule.c +++ b/lib/efi_loader/efi_capsule.c @@ -948,6 +948,33 @@ efi_status_t __weak efi_load_capsule_drivers(void) return ret; } +/** + * check_run_capsules - Check whether capsule update should run + * + * The spec says OsIndications must be set in order to run the capsule update + * on-disk. Since U-Boot doesn't support runtime SetVariable, allow capsules to + * run explicitly if CONFIG_EFI_IGNORE_OSINDICATIONS is selected + */ +static bool check_run_capsules(void) +{ + u64 os_indications; + efi_uintn_t size; + efi_status_t ret; + + if (IS_ENABLED(CONFIG_EFI_IGNORE_OSINDICATIONS)) + return true; + + size = sizeof(os_indications); + ret = efi_get_variable_int(L"OsIndications", &efi_global_variable_guid, + NULL, &size, &os_indications, NULL); + if (ret == EFI_SUCCESS && + (os_indications + & EFI_OS_INDICATIONS_FILE_CAPSULE_DELIVERY_SUPPORTED)) + return true; + + return false; +} + /** * efi_launch_capsule - launch capsules * @@ -958,20 +985,13 @@ efi_status_t __weak efi_load_capsule_drivers(void) */ efi_status_t efi_launch_capsules(void) { - u64 os_indications; - efi_uintn_t size; struct efi_capsule_header *capsule = NULL; u16 **files; unsigned int nfiles, index, i; u16 variable_name16[12]; efi_status_t ret; - size = sizeof(os_indications); - ret = efi_get_variable_int(L"OsIndications", &efi_global_variable_guid, - NULL, &size, &os_indications, NULL); - if (ret != EFI_SUCCESS || - !(os_indications - & EFI_OS_INDICATIONS_FILE_CAPSULE_DELIVERY_SUPPORTED)) + if (!check_run_capsules()) return EFI_SUCCESS; index = get_last_capsule();