From patchwork Fri May 19 10:32:07 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Masahisa Kojima X-Patchwork-Id: 683897 Delivered-To: patch@linaro.org Received: by 2002:a5d:4e01:0:0:0:0:0 with SMTP id p1csp852890wrt; Fri, 19 May 2023 03:33:04 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ67oxMZjCGbismeOz6Gfi7Si0Hes5wE3+V3/ZQZSA1MiN2UX3Q6D+ocLi72wjBSbRIG8NdF X-Received: by 2002:a17:902:d2ca:b0:1ac:5717:fd2 with SMTP id n10-20020a170902d2ca00b001ac57170fd2mr2189176plc.47.1684492384250; Fri, 19 May 2023 03:33:04 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1684492384; cv=none; d=google.com; s=arc-20160816; b=GTWXPiqMcmwXowfs4futSZyVj/5XZoWbwNO7Z1NoToduZjtP278CYDMEh0oc5PT42O ugOa22nUXInj8RxDj6Ibr7bu3umOdgeMYEN0B5BI/XwohlZ+KSMYz0i0HTdMnmsvtaEz GTw/D1aPbVnbQX6OqvC9ee8L6nOhChWERihh7++vOqyjq8ACWc9AdDJNOLgbhRbcDx++ H6cKjFx3ttXbG+pEiRoeExnIUbmHhFXrn76tyEiz08DQnLk04LeNXODkhJJDrvxPg+FH JxnHRSE7suUghQmaiWa1ahTbnm58DEZ4vWSxgn3R+YomiXVFOxFVGBHTwN4o7BhK1Vna VuOg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:content-transfer-encoding :mime-version:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=fhY/pC98MMyzB5y9rLRxXrIfvmGA8MlTORscpxy4ots=; b=ZIFzaLWOPMf+N9Cd5OsCWBrMHGLwwhpzefNdUQLMFCHmYp4gTE8vzpeVoAbuFzZElC IP1p3+hnSBpiYVauaymq8XAwmPnYOjYEVxfZ/oBS5rynadyiao/XI6nUz2lNOe2a47Gf dezbZ8hTFHWODM0Gx85/GRfiFG7j5ak+PS/5gIUsBwzfKCpn0WTK3LOq59RqWBRSGuAE XYimbm8zFrbhpw01FCbmrBteltwcED//FRlGkVY6k+gHrDdA+ZCelgvjVWVZVy9Xf+z9 fH9jxDesZ6MTdvntpwH7GFEE+ZSItlbgYBMoxrxzMXcvQs4GPAYGLhwopgGjegJKiCnw ZWyA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=KUuaOJKf; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 85.214.62.61 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from phobos.denx.de (phobos.denx.de. [85.214.62.61]) by mx.google.com with ESMTPS id q9-20020a170902dac900b001ae3cb42bfdsi3329312plx.634.2023.05.19.03.33.03 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 19 May 2023 03:33:04 -0700 (PDT) Received-SPF: pass (google.com: domain of u-boot-bounces@lists.denx.de designates 85.214.62.61 as permitted sender) client-ip=85.214.62.61; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=KUuaOJKf; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 85.214.62.61 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 4A40E86258; Fri, 19 May 2023 12:32:53 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="KUuaOJKf"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id 4369581DCF; Fri, 19 May 2023 12:32:50 +0200 (CEST) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.2 Received: from mail-pj1-x102b.google.com (mail-pj1-x102b.google.com [IPv6:2607:f8b0:4864:20::102b]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id 1CF6085EAD for ; Fri, 19 May 2023 12:32:46 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=masahisa.kojima@linaro.org Received: by mail-pj1-x102b.google.com with SMTP id 98e67ed59e1d1-24e14a24c9dso2438698a91.0 for ; Fri, 19 May 2023 03:32:46 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1684492364; x=1687084364; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=fhY/pC98MMyzB5y9rLRxXrIfvmGA8MlTORscpxy4ots=; b=KUuaOJKfRNpFMz68ZXl+NWO0abFyBLYgzzUSveLifwo6AvOvODoCam6pZ7H+HhJsou Q9rlKTQliNEt2wL/GF0HB6lB9RjBAOsEqUqUcV3cFX61XEMPgSYbFXzlhRL1YrCihadk s8K5lkVl+94YBc8aYrODtwyWythr+O6jAYisCgPP011Xk95qCD2TDt5XjjByAbr0yMm1 YgKW3Z47l8xwsyh9xP9XJvLEvwgrRlDJJ7F+el6tiDyeG2ir21fMqdwj2zC4TRWhYHqu WEeG+ZSSjZFuolIzXB7Cdg3qkUbmhBakW0HK29NO5r/0Uz2PcmszJAySqNR7nZFNqGA+ G28A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1684492364; x=1687084364; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=fhY/pC98MMyzB5y9rLRxXrIfvmGA8MlTORscpxy4ots=; b=czBRQsUdFfeQlrQxoyrSCE1kAxUja0XC0pbNuqf5En+iUx7bhI/gL4aZtiSWqoGVcG DSVtO3vdKvapyebJLCaC0LEiUix+s4aKvvpoI/H8ICh8JSF23WocQ3xrfB2oPSWYrmAe Hd+ciRV5yVujRUDT+prsWBSa+Uwj7brt7FdunpCfrq1I+BOQrnS6UUcou3fPPE7aWZfo vKoSUPkYU46aZiEqejoHKESygYTVwtedxJDeJyLHxkrUS7ybhp9FBVLt1nkPkQWNiU4A O4UOSb/Xx0816LL1VS2EdnIVs7U/ZyCSlSi7f+grHj97fB4UdYNNEsabj0JSyAcAf34p FzHA== X-Gm-Message-State: AC+VfDzRkMJJWOUlsWP0r11imcLFCLOwMZBcAhFFRBybGOuYXUIOCv/n NvSh+vRW6XXUvnywjQ/KOGNOptjzRkheDSNZzw9hMQ== X-Received: by 2002:a17:90a:658c:b0:253:6d5d:906b with SMTP id k12-20020a17090a658c00b002536d5d906bmr1608237pjj.26.1684492364123; Fri, 19 May 2023 03:32:44 -0700 (PDT) Received: from ubuntu-SVE15129CJS.. ([240d:1a:cf7:5800:8e72:6c60:18e6:c4c4]) by smtp.gmail.com with ESMTPSA id r13-20020a17090a940d00b0025352448ba9sm1195870pjo.0.2023.05.19.03.32.39 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 19 May 2023 03:32:43 -0700 (PDT) From: Masahisa Kojima To: u-boot@lists.denx.de Cc: Heinrich Schuchardt , Ilias Apalodimas , Simon Glass , Takahiro Akashi , Masahisa Kojima , Philipp Tomsich , Kever Yang , "Ying-Chun Liu (PaulLiu)" , Tuomas Tynkkynen , Heiko Thiery , Frieder Schrempf , Michael Walle , Mario Six , Jassi Brar , Patrick Delaunay , Patrice Chotard , Michal Simek , Sughosh Ganu , Etienne Carriere , uboot-stm32@st-md-mailman.stormreply.com (moderated list:STM32MP1 BOARD) Subject: [PATCH v6 1/8] efi_loader: add the number of image entries in efi_capsule_update_info Date: Fri, 19 May 2023 19:32:07 +0900 Message-Id: <20230519103214.1239656-2-masahisa.kojima@linaro.org> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20230519103214.1239656-1-masahisa.kojima@linaro.org> References: <20230519103214.1239656-1-masahisa.kojima@linaro.org> MIME-Version: 1.0 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.39 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.8 at phobos.denx.de X-Virus-Status: Clean The number of image array entries global variable is required to support EFI capsule update. This information is exposed as a num_image_type_guids variable, but this information should be included in the efi_capsule_update_info structure. This commit adds the num_images member in the efi_capsule_update_info structure. All board files supporting EFI capsule update are updated. Signed-off-by: Masahisa Kojima Reviewed-by: Ilias Apalodimas Reviewed-by: Ilias Apalodimas --- Newly created in v6 arch/arm/mach-rockchip/board.c | 4 ++-- board/advantech/imx8mp_rsb3720a1/imx8mp_rsb3720a1.c | 2 +- board/compulab/imx8mm-cl-iot-gate/imx8mm-cl-iot-gate.c | 2 +- board/emulation/qemu-arm/qemu-arm.c | 2 +- board/kontron/pitx_imx8m/pitx_imx8m.c | 2 +- board/kontron/sl-mx8mm/sl-mx8mm.c | 2 +- board/kontron/sl28/sl28.c | 2 +- board/rockchip/evb_rk3399/evb-rk3399.c | 2 +- board/sandbox/sandbox.c | 2 +- board/socionext/developerbox/developerbox.c | 2 +- board/st/stm32mp1/stm32mp1.c | 2 +- board/xilinx/common/board.c | 2 +- include/efi_loader.h | 3 ++- lib/efi_loader/efi_firmware.c | 6 +++--- lib/fwu_updates/fwu.c | 2 +- 15 files changed, 19 insertions(+), 18 deletions(-) diff --git a/arch/arm/mach-rockchip/board.c b/arch/arm/mach-rockchip/board.c index f1f70c81d0..8daa74b3eb 100644 --- a/arch/arm/mach-rockchip/board.c +++ b/arch/arm/mach-rockchip/board.c @@ -41,7 +41,7 @@ static bool updatable_image(struct disk_partition *info) uuid_str_to_bin(info->type_guid, image_type_guid.b, UUID_STR_FORMAT_GUID); - for (i = 0; i < num_image_type_guids; i++) { + for (i = 0; i < update_info.num_images; i++) { if (!guidcmp(&fw_images[i].image_type_id, &image_type_guid)) { ret = true; break; @@ -59,7 +59,7 @@ static void set_image_index(struct disk_partition *info, int index) uuid_str_to_bin(info->type_guid, image_type_guid.b, UUID_STR_FORMAT_GUID); - for (i = 0; i < num_image_type_guids; i++) { + for (i = 0; i < update_info.num_images; i++) { if (!guidcmp(&fw_images[i].image_type_id, &image_type_guid)) { fw_images[i].image_index = index; break; diff --git a/board/advantech/imx8mp_rsb3720a1/imx8mp_rsb3720a1.c b/board/advantech/imx8mp_rsb3720a1/imx8mp_rsb3720a1.c index 466174679e..b79a2380aa 100644 --- a/board/advantech/imx8mp_rsb3720a1/imx8mp_rsb3720a1.c +++ b/board/advantech/imx8mp_rsb3720a1/imx8mp_rsb3720a1.c @@ -54,10 +54,10 @@ struct efi_fw_image fw_images[] = { struct efi_capsule_update_info update_info = { .dfu_string = "mmc 2=flash-bin raw 0 0x1B00 mmcpart 1", + .num_images = ARRAY_SIZE(fw_images), .images = fw_images, }; -u8 num_image_type_guids = ARRAY_SIZE(fw_images); #endif /* EFI_HAVE_CAPSULE_SUPPORT */ diff --git a/board/compulab/imx8mm-cl-iot-gate/imx8mm-cl-iot-gate.c b/board/compulab/imx8mm-cl-iot-gate/imx8mm-cl-iot-gate.c index b373e45df9..af070ec315 100644 --- a/board/compulab/imx8mm-cl-iot-gate/imx8mm-cl-iot-gate.c +++ b/board/compulab/imx8mm-cl-iot-gate/imx8mm-cl-iot-gate.c @@ -50,10 +50,10 @@ struct efi_fw_image fw_images[] = { struct efi_capsule_update_info update_info = { .dfu_string = "mmc 2=flash-bin raw 0x42 0x1D00 mmcpart 1", + .num_images = ARRAY_SIZE(fw_images), .images = fw_images, }; -u8 num_image_type_guids = ARRAY_SIZE(fw_images); #endif /* EFI_HAVE_CAPSULE_SUPPORT */ int board_phys_sdram_size(phys_size_t *size) diff --git a/board/emulation/qemu-arm/qemu-arm.c b/board/emulation/qemu-arm/qemu-arm.c index 34ed3e8ae6..dfea0d92a3 100644 --- a/board/emulation/qemu-arm/qemu-arm.c +++ b/board/emulation/qemu-arm/qemu-arm.c @@ -47,10 +47,10 @@ struct efi_fw_image fw_images[] = { }; struct efi_capsule_update_info update_info = { + .num_images = ARRAY_SIZE(fw_images) .images = fw_images, }; -u8 num_image_type_guids = ARRAY_SIZE(fw_images); #endif /* EFI_HAVE_CAPSULE_SUPPORT */ static struct mm_region qemu_arm64_mem_map[] = { diff --git a/board/kontron/pitx_imx8m/pitx_imx8m.c b/board/kontron/pitx_imx8m/pitx_imx8m.c index fcda86bc1b..4548e7c1df 100644 --- a/board/kontron/pitx_imx8m/pitx_imx8m.c +++ b/board/kontron/pitx_imx8m/pitx_imx8m.c @@ -43,10 +43,10 @@ struct efi_fw_image fw_images[] = { struct efi_capsule_update_info update_info = { .dfu_string = "mmc 0=flash-bin raw 0x42 0x1000 mmcpart 1", + .num_images = ARRAY_SIZE(fw_images), .images = fw_images, }; -u8 num_image_type_guids = ARRAY_SIZE(fw_images); #endif /* EFI_HAVE_CAPSULE_SUPPORT */ int board_early_init_f(void) diff --git a/board/kontron/sl-mx8mm/sl-mx8mm.c b/board/kontron/sl-mx8mm/sl-mx8mm.c index 250195694b..ddb509eb66 100644 --- a/board/kontron/sl-mx8mm/sl-mx8mm.c +++ b/board/kontron/sl-mx8mm/sl-mx8mm.c @@ -29,10 +29,10 @@ struct efi_fw_image fw_images[] = { struct efi_capsule_update_info update_info = { .dfu_string = "sf 0:0=flash-bin raw 0x400 0x1f0000", + .num_images = ARRAY_SIZE(fw_images), .images = fw_images, }; -u8 num_image_type_guids = ARRAY_SIZE(fw_images); #endif /* EFI_HAVE_CAPSULE_SUPPORT */ int board_phys_sdram_size(phys_size_t *size) diff --git a/board/kontron/sl28/sl28.c b/board/kontron/sl28/sl28.c index 89948e087f..4ab221c12b 100644 --- a/board/kontron/sl28/sl28.c +++ b/board/kontron/sl28/sl28.c @@ -40,10 +40,10 @@ struct efi_fw_image fw_images[] = { struct efi_capsule_update_info update_info = { .dfu_string = "sf 0:0=u-boot-bin raw 0x210000 0x1d0000;" "u-boot-env raw 0x3e0000 0x20000", + .num_images = ARRAY_SIZE(fw_images), .images = fw_images, }; -u8 num_image_type_guids = ARRAY_SIZE(fw_images); #endif /* EFI_HAVE_CAPSULE_SUPPORT */ int board_early_init_f(void) diff --git a/board/rockchip/evb_rk3399/evb-rk3399.c b/board/rockchip/evb_rk3399/evb-rk3399.c index c99ffdd75e..3c773d0930 100644 --- a/board/rockchip/evb_rk3399/evb-rk3399.c +++ b/board/rockchip/evb_rk3399/evb-rk3399.c @@ -18,10 +18,10 @@ static struct efi_fw_image fw_images[ROCKPI4_UPDATABLE_IMAGES] = {0}; struct efi_capsule_update_info update_info = { + .num_images = ROCKPI4_UPDATABLE_IMAGES, .images = fw_images, }; -u8 num_image_type_guids = ROCKPI4_UPDATABLE_IMAGES; #endif #ifndef CONFIG_SPL_BUILD diff --git a/board/sandbox/sandbox.c b/board/sandbox/sandbox.c index 2e44bdf0df..c7b6cb78ff 100644 --- a/board/sandbox/sandbox.c +++ b/board/sandbox/sandbox.c @@ -67,10 +67,10 @@ struct efi_fw_image fw_images[] = { struct efi_capsule_update_info update_info = { .dfu_string = "sf 0:0=u-boot-bin raw 0x100000 0x50000;" "u-boot-env raw 0x150000 0x200000", + .num_images = ARRAY_SIZE(fw_images), .images = fw_images, }; -u8 num_image_type_guids = ARRAY_SIZE(fw_images); #endif /* EFI_HAVE_CAPSULE_SUPPORT */ #if !CONFIG_IS_ENABLED(OF_PLATDATA) diff --git a/board/socionext/developerbox/developerbox.c b/board/socionext/developerbox/developerbox.c index 16e14d4f7f..d92e1d0962 100644 --- a/board/socionext/developerbox/developerbox.c +++ b/board/socionext/developerbox/developerbox.c @@ -41,10 +41,10 @@ struct efi_capsule_update_info update_info = { .dfu_string = "mtd nor1=u-boot.bin raw 200000 100000;" "fip.bin raw 180000 78000;" "optee.bin raw 500000 100000", + .num_images = ARRAY_SIZE(fw_images), .images = fw_images, }; -u8 num_image_type_guids = ARRAY_SIZE(fw_images); #endif /* EFI_HAVE_CAPSULE_SUPPORT */ static struct mm_region sc2a11_mem_map[] = { diff --git a/board/st/stm32mp1/stm32mp1.c b/board/st/stm32mp1/stm32mp1.c index 1a1b1844c8..5b28ccd32e 100644 --- a/board/st/stm32mp1/stm32mp1.c +++ b/board/st/stm32mp1/stm32mp1.c @@ -92,10 +92,10 @@ struct efi_fw_image fw_images[1]; struct efi_capsule_update_info update_info = { + .num_images = ARRAY_SIZE(fw_images), .images = fw_images, }; -u8 num_image_type_guids = ARRAY_SIZE(fw_images); #endif /* EFI_HAVE_CAPSULE_SUPPORT */ int board_early_init_f(void) diff --git a/board/xilinx/common/board.c b/board/xilinx/common/board.c index d071ebfb9c..0328d68e75 100644 --- a/board/xilinx/common/board.c +++ b/board/xilinx/common/board.c @@ -52,10 +52,10 @@ struct efi_fw_image fw_images[] = { }; struct efi_capsule_update_info update_info = { + .num_images = ARRAY_SIZE(fw_images), .images = fw_images, }; -u8 num_image_type_guids = ARRAY_SIZE(fw_images); #endif /* EFI_HAVE_CAPSULE_SUPPORT */ #define EEPROM_HEADER_MAGIC 0xdaaddeed diff --git a/include/efi_loader.h b/include/efi_loader.h index b395eef9e7..941d63467c 100644 --- a/include/efi_loader.h +++ b/include/efi_loader.h @@ -1078,15 +1078,16 @@ struct efi_fw_image { * platforms which enable capsule updates * * @dfu_string: String used to populate dfu_alt_info + * @num_images: The number of images array entries * @images: Pointer to an array of updatable images */ struct efi_capsule_update_info { const char *dfu_string; + int num_images; struct efi_fw_image *images; }; extern struct efi_capsule_update_info update_info; -extern u8 num_image_type_guids; /** * Install the ESRT system table. diff --git a/lib/efi_loader/efi_firmware.c b/lib/efi_loader/efi_firmware.c index 93e2b01c07..cc650e1443 100644 --- a/lib/efi_loader/efi_firmware.c +++ b/lib/efi_loader/efi_firmware.c @@ -131,7 +131,7 @@ static efi_status_t efi_fill_image_desc_array( struct efi_fw_image *fw_array; int i; - total_size = sizeof(*image_info) * num_image_type_guids; + total_size = sizeof(*image_info) * update_info.num_images; if (*image_info_size < total_size) { *image_info_size = total_size; @@ -141,13 +141,13 @@ static efi_status_t efi_fill_image_desc_array( *image_info_size = total_size; fw_array = update_info.images; - *descriptor_count = num_image_type_guids; + *descriptor_count = update_info.num_images; *descriptor_version = EFI_FIRMWARE_IMAGE_DESCRIPTOR_VERSION; *descriptor_size = sizeof(*image_info); *package_version = 0xffffffff; /* not supported */ *package_version_name = NULL; /* not supported */ - for (i = 0; i < num_image_type_guids; i++) { + for (i = 0; i < update_info.num_images; i++) { image_info[i].image_index = fw_array[i].image_index; image_info[i].image_type_id = fw_array[i].image_type_id; image_info[i].image_id = fw_array[i].image_index; diff --git a/lib/fwu_updates/fwu.c b/lib/fwu_updates/fwu.c index 5313d07302..3b1785e7b1 100644 --- a/lib/fwu_updates/fwu.c +++ b/lib/fwu_updates/fwu.c @@ -151,7 +151,7 @@ static int fwu_get_image_type_id(u8 *image_index, efi_guid_t *image_type_id) index = *image_index; image = update_info.images; - for (i = 0; i < num_image_type_guids; i++) { + for (i = 0; i < update_info.num_images; i++) { if (index == image[i].image_index) { guidcpy(image_type_id, &image[i].image_type_id); return 0; From patchwork Fri May 19 10:32:08 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Masahisa Kojima X-Patchwork-Id: 683898 Delivered-To: patch@linaro.org Received: by 2002:a5d:4e01:0:0:0:0:0 with SMTP id p1csp853004wrt; Fri, 19 May 2023 03:33:19 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ5ABS3JpYygwhWre/gnIJuz5IcDra0NM0bHP9wDOOC7+GVqO+8UesNk1OzZ+CEreNpdBPmW X-Received: by 2002:a17:902:d382:b0:19d:1bc1:ce22 with SMTP id e2-20020a170902d38200b0019d1bc1ce22mr2088510pld.5.1684492398828; Fri, 19 May 2023 03:33:18 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1684492398; cv=none; d=google.com; s=arc-20160816; b=c/VKbdiqtmhAukN8o1haQJ5pCywSo++fTq0XFi5a+HKJLfsSfGXPNLOCBELNxgED11 fLQaU7uQvSMSRFUWQxMKeEuENY/HQ0J4F8YSZUgawz9qJOQxhmHrngerB2u1TmLlC5VC YK5IIfpKn4IkzYEHR2ySdedwEmY9IislwidtpusVZd78POlIl/t2DOAKh/aY1n0TqOUJ kP/+PeFKXBvknBR6m742fK6Q6UU+w7bOICXastzizO6jrVRJMxtwQzqbXQp1mHRzU5Ry gq7hmoJfnrAnjmf4EaFZiBdAa5PnAIR4175gUYr503qbajSQx02/hHcZ1NwLY+6pL0v+ Iw3Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:content-transfer-encoding :mime-version:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=x5gmGjRGGv29eBnLG5GJydODdVvUqBnwXNDh18h1tTw=; b=j09uXBT0Bhsv13kupW4Vzm2ExJ8ntYxE+GOds64q4WKf71xn+izZNpMXfLiZU2paUb 0Vuszfq548hQZlhQjZtBoUei/Ai0wMqtmAHaF4NhWn71gcGPB7dpiZ7YfA+m1I9hVFOJ gJ9uW8kfxyX9lmV84oA9e9NqQBJZVDLPlK4lErzwV/Z0E7llqgZn0FvyTbtIR7aa1Oyv SiIabahS9NPqlwTNd+Z6U1skS+1LxTDAOfXQeXzWlT6nAmWdszfrwh6NSez7ai64NEi1 FhqwqeKkcYQSA8GFfJeUsHVUqkh7C1S4MLnnWEa144KTxeYIpOkQRTw3e1cpZ1Tcmh5Y zx9A== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b="X5SgJ/ow"; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from phobos.denx.de (phobos.denx.de. [2a01:238:438b:c500:173d:9f52:ddab:ee01]) by mx.google.com with ESMTPS id p20-20020a170902ead400b001aaff31bcccsi3208800pld.124.2023.05.19.03.33.17 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 19 May 2023 03:33:18 -0700 (PDT) Received-SPF: pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) client-ip=2a01:238:438b:c500:173d:9f52:ddab:ee01; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b="X5SgJ/ow"; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 0054D862AB; Fri, 19 May 2023 12:32:56 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="X5SgJ/ow"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id E7A5486249; Fri, 19 May 2023 12:32:52 +0200 (CEST) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.2 Received: from mail-pj1-x102c.google.com (mail-pj1-x102c.google.com [IPv6:2607:f8b0:4864:20::102c]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id 96B1985FEF for ; Fri, 19 May 2023 12:32:48 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=masahisa.kojima@linaro.org Received: by mail-pj1-x102c.google.com with SMTP id 98e67ed59e1d1-2532c2c419dso2324109a91.0 for ; Fri, 19 May 2023 03:32:48 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1684492367; x=1687084367; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=x5gmGjRGGv29eBnLG5GJydODdVvUqBnwXNDh18h1tTw=; b=X5SgJ/owMizC5eKOWLXzNF2mtgIMb2PZGpUped7PQDNmESLIM2FfOj168bJ3UZ3I32 9zxv6jCBLCYwLEyi5FXTHQZeUDuuDlK+59AKlPOoVbcxRhF7PeNUpAEG6BkZLvnk9jEx EDV0JddpO90mp/X3tbGLzQiPJNCdw2jWzLH6nSGntL0EKlB6Zvo2Q37c7ztJfT0Hf/tl /ZPqneXGCAzZuWvreB+GKLcOIJgmnt34TE8SO6w5AJ6FUpFu3jxgXB7ktQm9Tflo34P3 6Yz4lorOlkrKd+NFbHAwQV3/OiyOzMPMAgGar++HF8myhaJ9gzClyidmfeA4CmWAu6Ko Xp4A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1684492367; x=1687084367; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=x5gmGjRGGv29eBnLG5GJydODdVvUqBnwXNDh18h1tTw=; b=IpZXgghe/DcWHy4QnIvvsSer65TGEMBRh/XFFk+QJHXxjx8HEw8p6jSEEFW4/SMbek ZQr0ZPyQvV+UIDZBrwM982JXR+KRAeWdz1CCNnmDfNbxMM3o2VTUaP7y/a3BT3sBmEDS IRxkYH9YRmy5FtGOzKXCeSwFImikXUqEphta73owTHolt+H88ODar0VWy64ecoXHbBQs LOjPpeDo/JBsrC9DLTBTKZ2ZDKAmwZ9F3HF/1FwzTLjCeqJdigeXM6vXPVgT0UU+aun7 l5sF/oOlPF0VYUdSOinn7oR3K8UpoRrOMyMCoG/bVFpKQ3z2hn+G4ZZolFAj3xHMzGnT 84nw== X-Gm-Message-State: AC+VfDzQf+2im3qxIcC1bPv7VVyaDOkyNKNC2d+RNhUrZFR1zlVSUPZA EINye0ziImeMS4t19gY3w8urOYa+IcmEM+yTL/c= X-Received: by 2002:a17:90a:f488:b0:253:772b:a8a6 with SMTP id bx8-20020a17090af48800b00253772ba8a6mr1721926pjb.4.1684492366707; Fri, 19 May 2023 03:32:46 -0700 (PDT) Received: from ubuntu-SVE15129CJS.. ([240d:1a:cf7:5800:8e72:6c60:18e6:c4c4]) by smtp.gmail.com with ESMTPSA id r13-20020a17090a940d00b0025352448ba9sm1195870pjo.0.2023.05.19.03.32.44 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 19 May 2023 03:32:46 -0700 (PDT) From: Masahisa Kojima To: u-boot@lists.denx.de Cc: Heinrich Schuchardt , Ilias Apalodimas , Simon Glass , Takahiro Akashi , Masahisa Kojima Subject: [PATCH v6 2/8] efi_loader: store firmware version into FmpState variable Date: Fri, 19 May 2023 19:32:08 +0900 Message-Id: <20230519103214.1239656-3-masahisa.kojima@linaro.org> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20230519103214.1239656-1-masahisa.kojima@linaro.org> References: <20230519103214.1239656-1-masahisa.kojima@linaro.org> MIME-Version: 1.0 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.39 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.8 at phobos.denx.de X-Virus-Status: Clean Firmware version management is not implemented in the current FMP protocol. EDK II reference implementation capsule generation script inserts the FMP Payload Header right before the payload, FMP Payload Header contains the firmware version and lowest supported version. This commit utilizes the FMP Payload Header, reads the header and stores the firmware version into "FmpStateXXXX" EFI non-volatile variable. XXXX indicates the image index, since FMP protocol handles multiple image indexes. Note that lowest supported version included in the FMP Payload Header is not used. If the platform uses file-based EFI variable storage, it can be tampered. The file-based EFI variable storage is not the right place to store the lowest supported version for anti-rollback protection. This change is compatible with the existing FMP implementation. This change does not mandate the FMP Payload Header. If no FMP Payload Header is found in the capsule file, fw_version, lowest supported version, last attempt version and last attempt status is 0 and this is the same behavior as existing FMP implementation. Signed-off-by: Masahisa Kojima --- Changed in v6: - only store the fw_version in the FmpState EFI variable Changes in v4: - move lines that are the same in both branches out of the if statement - s/EDK2/EDK II/ - create print result function - set last_attempt_version when capsule authentication failed - use log_err() instead of printf() Changes in v3: - exclude CONFIG_FWU_MULTI_BANK_UPDATE case - set image_type_id as a vendor field of FmpStateXXXX variable - set READ_ONLY flag for FmpStateXXXX variable - add error code for FIT image case Changes in v2: - modify indent lib/efi_loader/efi_firmware.c | 161 ++++++++++++++++++++++++++++++---- 1 file changed, 146 insertions(+), 15 deletions(-) diff --git a/lib/efi_loader/efi_firmware.c b/lib/efi_loader/efi_firmware.c index cc650e1443..fc085e3c08 100644 --- a/lib/efi_loader/efi_firmware.c +++ b/lib/efi_loader/efi_firmware.c @@ -10,6 +10,7 @@ #include #include #include +#include #include #include #include @@ -36,11 +37,52 @@ struct fmp_payload_header { u32 lowest_supported_version; }; +/** + * struct fmp_state - fmp firmware update state + * + * This structure describes the state of the firmware update + * through FMP protocol. + * + * @fw_version: Firmware versions used + * @lowest_supported_version: Lowest supported version + * @last_attempt_version: Last attempt version + * @last_attempt_status: Last attempt status + */ +struct fmp_state { + u32 fw_version; + u32 lowest_supported_version; /* not used */ + u32 last_attempt_version; /* not used */ + u32 last_attempt_status; /* not used */ +}; + __weak void set_dfu_alt_info(char *interface, char *devstr) { env_set("dfu_alt_info", update_info.dfu_string); } +/** + * efi_firmware_get_image_type_id - get image_type_id + * @image_index: image index + * + * Return the image_type_id identified by the image index. + * + * Return: pointer to the image_type_id, NULL if image_index is invalid + */ +static +efi_guid_t *efi_firmware_get_image_type_id(u8 image_index) +{ + int i; + struct efi_fw_image *fw_array; + + fw_array = update_info.images; + for (i = 0; i < update_info.num_images; i++) { + if (fw_array[i].image_index == image_index) + return &fw_array[i].image_type_id; + } + + return NULL; +} + /* Place holder; not supported */ static efi_status_t EFIAPI efi_firmware_get_image_unsupported( @@ -194,8 +236,6 @@ efi_status_t efi_firmware_capsule_authenticate(const void **p_image, { const void *image = *p_image; efi_uintn_t image_size = *p_image_size; - u32 fmp_hdr_signature; - struct fmp_payload_header *header; void *capsule_payload; efi_status_t status; efi_uintn_t capsule_payload_size; @@ -222,24 +262,107 @@ efi_status_t efi_firmware_capsule_authenticate(const void **p_image, debug("Updating capsule without authenticating.\n"); } - fmp_hdr_signature = FMP_PAYLOAD_HDR_SIGNATURE; - header = (void *)image; + *p_image = image; + *p_image_size = image_size; + return EFI_SUCCESS; +} + +/** + * efi_firmware_set_fmp_state_var - set FmpStateXXXX variable + * @state: Pointer to fmp state + * @image_index: image index + * + * Update the FmpStateXXXX variable with the firmware update state. + * + * Return: status code + */ +static +efi_status_t efi_firmware_set_fmp_state_var(struct fmp_state *state, u8 image_index) +{ + u16 varname[13]; /* u"FmpStateXXXX" */ + efi_status_t ret; + efi_guid_t *image_type_id; + struct fmp_state var_state = { 0 }; + + image_type_id = efi_firmware_get_image_type_id(image_index); + if (!image_type_id) + return EFI_INVALID_PARAMETER; + + efi_create_indexed_name(varname, sizeof(varname), "FmpState", + image_index); + + /* + * Only the fw_version is set here. + * lowest_supported_version in FmpState variable is ignored since + * it can be tampered if the file based EFI variable storage is used. + */ + var_state.fw_version = state->fw_version; + + ret = efi_set_variable_int(varname, image_type_id, + EFI_VARIABLE_READ_ONLY | + EFI_VARIABLE_NON_VOLATILE | + EFI_VARIABLE_BOOTSERVICE_ACCESS | + EFI_VARIABLE_RUNTIME_ACCESS, + sizeof(var_state), &var_state, false); + + return ret; +} + +/** + * efi_firmware_get_fw_version - get fw_version from FMP payload header + * @p_image: Pointer to new image + * @p_image_size: Pointer to size of new image + * @state Pointer to fmp state + * + * Parse the FMP payload header and fill the fmp_state structure. + * If no FMP payload header is found, fmp_state structure is not updated. + * + */ +static void efi_firmware_get_fw_version(const void **p_image, + efi_uintn_t *p_image_size, + struct fmp_state *state) +{ + const void *image = *p_image; + efi_uintn_t image_size = *p_image_size; + const struct fmp_payload_header *header; + u32 fmp_hdr_signature = FMP_PAYLOAD_HDR_SIGNATURE; + + header = image; + if (header->signature == fmp_hdr_signature) { + /* FMP header is inserted above the capsule payload */ + state->fw_version = header->fw_version; - if (!memcmp(&header->signature, &fmp_hdr_signature, - sizeof(fmp_hdr_signature))) { - /* - * When building the capsule with the scripts in - * edk2, a FMP header is inserted above the capsule - * payload. Compensate for this header to get the - * actual payload that is to be updated. - */ image += header->header_size; image_size -= header->header_size; } *p_image = image; *p_image_size = image_size; - return EFI_SUCCESS; +} + +/** + * efi_firmware_verify_image - verify image + * @p_image: Pointer to new image + * @p_image_size: Pointer to size of new image + * @image_index Image index + * @state Pointer to fmp state + * + * Verify the capsule file + * + * Return: status code + */ +static +efi_status_t efi_firmware_verify_image(const void **p_image, + efi_uintn_t *p_image_size, + u8 image_index, + struct fmp_state *state) +{ + efi_status_t ret; + + ret = efi_firmware_capsule_authenticate(p_image, p_image_size); + efi_firmware_get_fw_version(p_image, p_image_size, state); + + return ret; } /** @@ -331,6 +454,7 @@ efi_status_t EFIAPI efi_firmware_fit_set_image( u16 **abort_reason) { efi_status_t status; + struct fmp_state state = { 0 }; EFI_ENTRY("%p %d %p %zu %p %p %p\n", this, image_index, image, image_size, vendor_code, progress, abort_reason); @@ -338,13 +462,16 @@ efi_status_t EFIAPI efi_firmware_fit_set_image( if (!image || image_index != 1) return EFI_EXIT(EFI_INVALID_PARAMETER); - status = efi_firmware_capsule_authenticate(&image, &image_size); + status = efi_firmware_verify_image(&image, &image_size, image_index, + &state); if (status != EFI_SUCCESS) return EFI_EXIT(status); if (fit_update(image)) return EFI_EXIT(EFI_DEVICE_ERROR); + efi_firmware_set_fmp_state_var(&state, image_index); + return EFI_EXIT(EFI_SUCCESS); } @@ -392,6 +519,7 @@ efi_status_t EFIAPI efi_firmware_raw_set_image( { int ret; efi_status_t status; + struct fmp_state state = { 0 }; EFI_ENTRY("%p %d %p %zu %p %p %p\n", this, image_index, image, image_size, vendor_code, progress, abort_reason); @@ -399,7 +527,8 @@ efi_status_t EFIAPI efi_firmware_raw_set_image( if (!image) return EFI_EXIT(EFI_INVALID_PARAMETER); - status = efi_firmware_capsule_authenticate(&image, &image_size); + status = efi_firmware_verify_image(&image, &image_size, image_index, + &state); if (status != EFI_SUCCESS) return EFI_EXIT(status); @@ -419,6 +548,8 @@ efi_status_t EFIAPI efi_firmware_raw_set_image( NULL, NULL)) return EFI_EXIT(EFI_DEVICE_ERROR); + efi_firmware_set_fmp_state_var(&state, image_index); + return EFI_EXIT(EFI_SUCCESS); } From patchwork Fri May 19 10:32:09 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Masahisa Kojima X-Patchwork-Id: 683899 Delivered-To: patch@linaro.org Received: by 2002:a5d:4e01:0:0:0:0:0 with SMTP id p1csp853123wrt; Fri, 19 May 2023 03:33:32 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ7kh/0gCBCVO59ty54G6GiD3tQKt8GH+e+cjRkHyOZH18bq3xTD+WQyB29YKx9BX9tzc+Pl X-Received: by 2002:a05:6a00:a21:b0:644:ad29:fd37 with SMTP id p33-20020a056a000a2100b00644ad29fd37mr2492847pfh.28.1684492412374; Fri, 19 May 2023 03:33:32 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1684492412; cv=none; d=google.com; s=arc-20160816; b=Ex10j4ob55vAkhe9D1GmNqzj+CLFFClqopKcAiJ+8dsh7hYRbcIi0gGRkL5xlzEbVd JM2TnsGsq8LJeibdUAO+o1o+icZcnHLWd5cEznT+MXNBNKKrwy56TMf7m2UQfQO7DFe/ FBcT6LVS+++BHgx4DK314IKpWrV1WJf+AU9UzMCKjG/6ZkIFWIbwHXHTDHVXqsBRRsLE KJuD5DaDQdVdHjUOJxykeCRsu6ljFJRkpP6CmcJ9gC/sqz8/wauyjoQ98rDU6hEISAVm QjnIN2VO9OEHt/hsetjzA5LqKnMz6nYza59FPaYdCs4Xgw7hBoJKZqTUIsvlEZof90Jp mhGA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:content-transfer-encoding :mime-version:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=vFe4jYnKKjMjgznj7YCL9N3/YwICxUwPXFki6mDDffE=; b=ChkYE4biGS6uETyseYZPCqW8zZUsMiWHBMrWsWBdB/Vso18YBKm6Nlt9UofCtlxjO2 2MYMZFA/oEFlU4cLBSn7yQEx5oZUryttD1PB8r535ATo65E41tFl1lXFpEID0LFGcHL8 H5qmgX1EvkaoawJ8j0fPduv5JUrnVokaPyHkMWthFlTtfqfbc/ChMEJk95N6hAzhdp5y h4TBLK9ppHaXpifNVvPfgd58gP1GncOk7BhslSROf3S5N12mz/qRGq4CICJI8VZEkqIZ FWN7cjZRIb9DiISW6zsW9IKFNQ7dP65RWMyKtshIgmfPF95Jo/odNVsUV7lYrqrvm2Wp vlzA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=ma2YIP2w; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 85.214.62.61 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from phobos.denx.de (phobos.denx.de. [85.214.62.61]) by mx.google.com with ESMTPS id p18-20020aa79e92000000b0063f18073138si3760652pfq.99.2023.05.19.03.33.31 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 19 May 2023 03:33:32 -0700 (PDT) Received-SPF: pass (google.com: domain of u-boot-bounces@lists.denx.de designates 85.214.62.61 as permitted sender) client-ip=85.214.62.61; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=ma2YIP2w; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 85.214.62.61 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id E3121862D2; Fri, 19 May 2023 12:32:59 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="ma2YIP2w"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id 89DA281DCF; Fri, 19 May 2023 12:32:54 +0200 (CEST) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.2 Received: from mail-pf1-x42f.google.com (mail-pf1-x42f.google.com [IPv6:2607:f8b0:4864:20::42f]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id 8289881DCF for ; Fri, 19 May 2023 12:32:51 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=masahisa.kojima@linaro.org Received: by mail-pf1-x42f.google.com with SMTP id d2e1a72fcca58-6436dfa15b3so2242889b3a.1 for ; Fri, 19 May 2023 03:32:51 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1684492369; x=1687084369; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=vFe4jYnKKjMjgznj7YCL9N3/YwICxUwPXFki6mDDffE=; b=ma2YIP2whprCB9J+WwtFNBQdQPc67lM88b6wCMHgLAzMx/ucu33NQHGD8lCSWFj6zG 8FQ5BfoumDi8ABeM1UKrEEcJmGdgyjAVP8GGH96FgOFNQ4gamej9v+g+qbsm5kUa49rq tWlXKvDtuv4KjHA1OhI32m7sRtOzHVV1G+GwwQHZCEVJtV/VeMFDDCxyLxSloLMBmpnA nGw/9kZji8T9rI+091UQCvJuu/5Oj/TrJOgE04hoDYbBA3KWkGVoh7JfzbPYsRRfy6Dr aa90VXH9lewCQr1+0Cy8SNKdNmeRWZXchmw1jYr+1/y3sgzk58mzbp54+BQYGRTBvU0l H8CQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1684492369; x=1687084369; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=vFe4jYnKKjMjgznj7YCL9N3/YwICxUwPXFki6mDDffE=; b=aynJrhled9msVZ8Kdh7PJxa1q0aGIFYYyJKug3ITvKIx0/4s1ncCfMxLRKys011rBH 2KfZGgNoTKdJGGrabMuosGFwcGAgMHMy0kPy11DNPvH7agTufIaUWIP+tveZaKSkih0p 5sBTPG1plZSvVvpoWmS1iEemuCqnzIxufQjAmat+xP2hDFok4nkpuwwM1qB4hku8zEp3 Yana//x9/pSRJj1wn6To0oGJKS/A88m68AEp98TpPUuiX8g+FJprzd9vuvRJX8dWdJAj 8EQRwfpLXBQc6NIbFVydWUujnH2vhJgu+5kcZspDr8k86iaxefmTiIN85/cIpW2PZfbE cbaQ== X-Gm-Message-State: AC+VfDxbJUfIBzlZ8Rq08YY/C7jNwgmSrgfyRi5Q643fLx+9/7ARvn4t a4wIDg4i6szRpGUiSdXqXp59qsYAEQFC3imUQmE= X-Received: by 2002:a05:6a21:3703:b0:102:dd98:509b with SMTP id yl3-20020a056a21370300b00102dd98509bmr1391827pzb.21.1684492369624; Fri, 19 May 2023 03:32:49 -0700 (PDT) Received: from ubuntu-SVE15129CJS.. ([240d:1a:cf7:5800:8e72:6c60:18e6:c4c4]) by smtp.gmail.com with ESMTPSA id r13-20020a17090a940d00b0025352448ba9sm1195870pjo.0.2023.05.19.03.32.47 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 19 May 2023 03:32:48 -0700 (PDT) From: Masahisa Kojima To: u-boot@lists.denx.de Cc: Heinrich Schuchardt , Ilias Apalodimas , Simon Glass , Takahiro Akashi , Masahisa Kojima Subject: [PATCH v6 3/8] efi_loader: versioning support in GetImageInfo Date: Fri, 19 May 2023 19:32:09 +0900 Message-Id: <20230519103214.1239656-4-masahisa.kojima@linaro.org> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20230519103214.1239656-1-masahisa.kojima@linaro.org> References: <20230519103214.1239656-1-masahisa.kojima@linaro.org> MIME-Version: 1.0 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.39 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.8 at phobos.denx.de X-Virus-Status: Clean Current FMP->GetImageInfo() always return 0 for the firmware version, user can not identify which firmware version is currently running through the EFI interface. This commit reads the "FmpStateXXXX" EFI variable, then fills the firmware version in FMP->GetImageInfo(). Now FMP->GetImageInfo() and ESRT have the meaningful version number. Signed-off-by: Masahisa Kojima Reviewed-by: Ilias Apalodimas --- Changes in v6: - create function to fill the version information lib/efi_loader/efi_firmware.c | 41 ++++++++++++++++++++++++++++++----- 1 file changed, 35 insertions(+), 6 deletions(-) diff --git a/lib/efi_loader/efi_firmware.c b/lib/efi_loader/efi_firmware.c index fc085e3c08..64ceefa212 100644 --- a/lib/efi_loader/efi_firmware.c +++ b/lib/efi_loader/efi_firmware.c @@ -144,6 +144,39 @@ efi_status_t EFIAPI efi_firmware_set_package_info_unsupported( return EFI_EXIT(EFI_UNSUPPORTED); } +/** + * efi_firmware_fill_version_info - fill the version information + * @image_info: Image information + * @fw_array: Pointer to size of new image + * + * Fill the version information into image_info strucrure. + * + */ +static +void efi_firmware_fill_version_info(struct efi_firmware_image_descriptor *image_info, + struct efi_fw_image *fw_array) +{ + u16 varname[13]; /* u"FmpStateXXXX" */ + efi_status_t ret; + efi_uintn_t size; + struct fmp_state var_state = { 0 }; + + efi_create_indexed_name(varname, sizeof(varname), "FmpState", + fw_array->image_index); + size = sizeof(var_state); + ret = efi_get_variable_int(varname, &fw_array->image_type_id, + NULL, &size, &var_state, NULL); + if (ret == EFI_SUCCESS) + image_info->version = var_state.fw_version; + else + image_info->version = 0; + + image_info->version_name = NULL; /* not supported */ + image_info->lowest_supported_image_version = 0; + image_info->last_attempt_version = 0; + image_info->last_attempt_status = LAST_ATTEMPT_STATUS_SUCCESS; +} + /** * efi_fill_image_desc_array - populate image descriptor array * @image_info_size: Size of @image_info @@ -193,11 +226,10 @@ static efi_status_t efi_fill_image_desc_array( image_info[i].image_index = fw_array[i].image_index; image_info[i].image_type_id = fw_array[i].image_type_id; image_info[i].image_id = fw_array[i].image_index; - image_info[i].image_id_name = fw_array[i].fw_name; - image_info[i].version = 0; /* not supported */ - image_info[i].version_name = NULL; /* not supported */ + efi_firmware_fill_version_info(&image_info[i], &fw_array[i]); + image_info[i].size = 0; image_info[i].attributes_supported = IMAGE_ATTRIBUTE_IMAGE_UPDATABLE | @@ -210,9 +242,6 @@ static efi_status_t efi_fill_image_desc_array( image_info[0].attributes_setting |= IMAGE_ATTRIBUTE_AUTHENTICATION_REQUIRED; - image_info[i].lowest_supported_image_version = 0; - image_info[i].last_attempt_version = 0; - image_info[i].last_attempt_status = LAST_ATTEMPT_STATUS_SUCCESS; image_info[i].hardware_instance = 1; image_info[i].dependencies = NULL; } From patchwork Fri May 19 10:32:10 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Masahisa Kojima X-Patchwork-Id: 683900 Delivered-To: patch@linaro.org Received: by 2002:a5d:4e01:0:0:0:0:0 with SMTP id p1csp853239wrt; Fri, 19 May 2023 03:33:46 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ6RlYpjZ+qOJOj3SeovDzPE9nN7X7CXavtWjsuclJVjg3ymLzroMh0cmcixqlh2eW40UKv/ X-Received: by 2002:a17:90a:af96:b0:253:5375:bf57 with SMTP id w22-20020a17090aaf9600b002535375bf57mr1711440pjq.26.1684492425635; Fri, 19 May 2023 03:33:45 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1684492425; cv=none; d=google.com; s=arc-20160816; b=hrSjsdyCEIfbLwcyA9zfI1HDHPsg8x4+20xVg0LCbHNktDyHLSvirQ6kKX9CvhpXc9 tGmYbrAzI7EIyIe8VJ/NOakS3rC1ama6Y9/OUn7V8a2jxi6kbFj72tdKnpXETpXLIFPx /BTN1FiPqdtEluVNlcJMm119Hd3oBL1Y1v6qlSzIAI7Nb2nu7XziWxFJl6x53Sioab/3 5i8e16kqX21jp4nXQsoRtCBfnEbHiMmg92BdlnJQ1vJjKOTIIBF5Offai7RMGfHYi2YG HHV8r1s1qHNJ01h6/32nZ7gCKqPMO6BO9x4xnNjHzci0c5WSPMkG6mGx0OGrJyuvKn6s XYtQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:content-transfer-encoding :mime-version:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=tbjlSo/Rx7V8KMXVY5KC1bmVaKeb6AIJaZOay3qxEmk=; b=DO6uxVKY5RkOumfms0GA727TvEeHxmpN6p2Ol+ZRq1BKABFCkjP0H6yXP84sX61nFy h3a6nqUZbAgeXTVfcFtHaNys7mF5HhcrbvMW4e7pFZQpbcacUq9C7Ri+lBPOhITORzhA opqTX7gnNCx1AWC+wSO1x9wVpkwHU9AkLzVjGwo6soXUmDtZ65wYbZLpavkJgMNcim9B QmmKCZrcV7u583LUQ/ZD9gROcftneqRYr1w0fDhCmiOilK0N1sRLLo5U45u4MYh3B/lD wBRCwm3yyCx+829dZPYj0jDxSbIaSFCnjZqc49qxbKSgWDx2T9XJ41tuuYAcgF7WMlqN RA4A== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=K7ORRnD2; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from phobos.denx.de (phobos.denx.de. [2a01:238:438b:c500:173d:9f52:ddab:ee01]) by mx.google.com with ESMTPS id c5-20020a17090abf0500b0025350783742si1619355pjs.5.2023.05.19.03.33.44 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 19 May 2023 03:33:45 -0700 (PDT) Received-SPF: pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) client-ip=2a01:238:438b:c500:173d:9f52:ddab:ee01; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=K7ORRnD2; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 9622C86292; Fri, 19 May 2023 12:33:03 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="K7ORRnD2"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id 35FF3862C5; Fri, 19 May 2023 12:32:59 +0200 (CEST) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.2 Received: from mail-pj1-x102c.google.com (mail-pj1-x102c.google.com [IPv6:2607:f8b0:4864:20::102c]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id 6927086274 for ; Fri, 19 May 2023 12:32:54 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=masahisa.kojima@linaro.org Received: by mail-pj1-x102c.google.com with SMTP id 98e67ed59e1d1-25372604818so842019a91.2 for ; Fri, 19 May 2023 03:32:54 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1684492372; x=1687084372; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=tbjlSo/Rx7V8KMXVY5KC1bmVaKeb6AIJaZOay3qxEmk=; b=K7ORRnD21EVbhTVhap9PGCJl2IaQECy0ScXejWV4hCQbgmuamFpNO9vsuomb3DiCH8 ICeKJgMowtlYX9Q2+V1l10eOu+Ky9WDNlYU5GxFP6mlNa7ltqrDK69WCgvm632SPfEM3 LtA/PPGh/Q/w0qi57ny3bcd2LqBqmVEekXdexsGIgyzrUyHQ21VeLek1PehTPVVY1xjg W0togjlS8H7KeZ6wGT1JFIGNo6uDrep8S+9flFDpxRnD1Rkqh2DEbX3rs0OlbIYoJkF6 yCNLEfFgBtevSm8fkOn3JK+NQu0yNtr6IWZV0zAVPDx9Hcvs6qMOTxQtRuc3dIQytn1B wd1A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1684492372; x=1687084372; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=tbjlSo/Rx7V8KMXVY5KC1bmVaKeb6AIJaZOay3qxEmk=; b=RG8hIq8phDWfvNQhQWZiUlDgVgLuBWToUW94MpcY+wQmhXYCBB+OU7gBGZhmqHM04y /XpFjnvC+t+5rUr6EW+GTI690uNAHYbGC+FClPd3OQjkR4dkdfcucBW1xNNFcfmQoU3S znWRWWKKdZUaT/+RHCyjU86UhWc2hRE3kzMI69E05HuAC0sgDCP/wFLldlgErow4jfti CG0a+W77iCVLpmkqGvH14V8VD9UAAclJnBfOnocLxchBe45V2Tqqm3vXiHp5hVzyitTy yEpk0qunZ+f/MvMWN39mp7bB7Zcq2WVW0Lq2nFScA5cfbXcHKOdDX85Hqg5dbpEn8HtL 8Hcw== X-Gm-Message-State: AC+VfDzuvP036Z67gTydM8dAGoFgWUwGTQZgaLnIH/YZkUGRja4mVQsS krmlM53qnx+rIRlj3Doy/k5zUDyZyrth79J98Uk= X-Received: by 2002:a17:90b:892:b0:24e:1a7:9976 with SMTP id bj18-20020a17090b089200b0024e01a79976mr1751198pjb.10.1684492372612; Fri, 19 May 2023 03:32:52 -0700 (PDT) Received: from ubuntu-SVE15129CJS.. ([240d:1a:cf7:5800:8e72:6c60:18e6:c4c4]) by smtp.gmail.com with ESMTPSA id r13-20020a17090a940d00b0025352448ba9sm1195870pjo.0.2023.05.19.03.32.50 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 19 May 2023 03:32:52 -0700 (PDT) From: Masahisa Kojima To: u-boot@lists.denx.de Cc: Heinrich Schuchardt , Ilias Apalodimas , Simon Glass , Takahiro Akashi , Masahisa Kojima Subject: [PATCH v6 4/8] efi_loader: get lowest supported version from device tree Date: Fri, 19 May 2023 19:32:10 +0900 Message-Id: <20230519103214.1239656-5-masahisa.kojima@linaro.org> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20230519103214.1239656-1-masahisa.kojima@linaro.org> References: <20230519103214.1239656-1-masahisa.kojima@linaro.org> MIME-Version: 1.0 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.39 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.8 at phobos.denx.de X-Virus-Status: Clean This commit gets the lowest supported version from device tree, then fills the lowest supported version in FMP->GetImageInfo(). Signed-off-by: Masahisa Kojima Reviewed-by: Ilias Apalodimas --- Changed in v6: - fw_version is removed from device tree .../firmware/firmware-version.txt | 22 ++++++++ lib/efi_loader/efi_firmware.c | 50 ++++++++++++++++++- 2 files changed, 71 insertions(+), 1 deletion(-) create mode 100644 doc/device-tree-bindings/firmware/firmware-version.txt diff --git a/doc/device-tree-bindings/firmware/firmware-version.txt b/doc/device-tree-bindings/firmware/firmware-version.txt new file mode 100644 index 0000000000..ee90ce3117 --- /dev/null +++ b/doc/device-tree-bindings/firmware/firmware-version.txt @@ -0,0 +1,22 @@ +firmware-version bindings +------------------------------- + +Required properties: +- image-type-id : guid for image blob type +- image-index : image index +- lowest-supported-version : lowest supported version + +Example: + + firmware-version { + image1 { + image-type-id = "09D7CF52-0720-4710-91D1-08469B7FE9C8"; + image-index = <1>; + lowest-supported-version = <3>; + }; + image2 { + image-type-id = "5A7021F5-FEF2-48B4-AABA-832E777418C0"; + image-index = <2>; + lowest-supported-version = <7>; + }; + }; diff --git a/lib/efi_loader/efi_firmware.c b/lib/efi_loader/efi_firmware.c index 64ceefa212..00cf9a088a 100644 --- a/lib/efi_loader/efi_firmware.c +++ b/lib/efi_loader/efi_firmware.c @@ -144,6 +144,51 @@ efi_status_t EFIAPI efi_firmware_set_package_info_unsupported( return EFI_EXIT(EFI_UNSUPPORTED); } +/** + * efi_firmware_get_lsv_from_dtb - get lowest supported version from dtb + * @image_index: Image index + * @image_type_id: Image type id + * @lsv: Pointer to store the lowest supported version + * + * Read the firmware version information from dtb. + */ +static void efi_firmware_get_lsv_from_dtb(u8 image_index, + efi_guid_t *image_type_id, u32 *lsv) +{ + const void *fdt = gd->fdt_blob; + const fdt32_t *val; + const char *guid_str; + int len, offset, index; + int parent; + + *lsv = 0; + + parent = fdt_subnode_offset(fdt, 0, "firmware-version"); + if (parent < 0) + return; + + fdt_for_each_subnode(offset, fdt, parent) { + efi_guid_t guid; + + guid_str = fdt_getprop(fdt, offset, "image-type-id", &len); + if (!guid_str) + continue; + uuid_str_to_bin(guid_str, guid.b, UUID_STR_FORMAT_GUID); + + val = fdt_getprop(fdt, offset, "image-index", &len); + if (!val) + continue; + index = fdt32_to_cpu(*val); + + if (!guidcmp(&guid, image_type_id) && index == image_index) { + val = fdt_getprop(fdt, offset, + "lowest-supported-version", &len); + if (val) + *lsv = fdt32_to_cpu(*val); + } + } +} + /** * efi_firmware_fill_version_info - fill the version information * @image_info: Image information @@ -171,8 +216,11 @@ void efi_firmware_fill_version_info(struct efi_firmware_image_descriptor *image_ else image_info->version = 0; + efi_firmware_get_lsv_from_dtb(fw_array->image_index, + &fw_array->image_type_id, + &image_info->lowest_supported_image_version); + image_info->version_name = NULL; /* not supported */ - image_info->lowest_supported_image_version = 0; image_info->last_attempt_version = 0; image_info->last_attempt_status = LAST_ATTEMPT_STATUS_SUCCESS; } From patchwork Fri May 19 10:32:11 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Masahisa Kojima X-Patchwork-Id: 683901 Delivered-To: patch@linaro.org Received: by 2002:a5d:4e01:0:0:0:0:0 with SMTP id p1csp853343wrt; Fri, 19 May 2023 03:34:00 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ5cpPFzc+GHuFqq6f+f2XvnDCbmaONBCVx3OhLPWjFS5gpW4MPB8En6+orb/zkAT+hX4nJv X-Received: by 2002:a17:90b:4b01:b0:250:faff:e201 with SMTP id lx1-20020a17090b4b0100b00250faffe201mr1600968pjb.36.1684492439847; Fri, 19 May 2023 03:33:59 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1684492439; cv=none; d=google.com; s=arc-20160816; b=ySXgyVhRVxfSdj4nK/Dkp69sFpWzNgntC7GFuhhRrjP72tjpL/vQiMrwvl6Mp+0Qeu vL6V/6p3AW8UPcLQZPupOdXWfVW6lB2F6fCOtJRblB0jPemP5iv1MUJWZI6LWdJNhYiw MJBWTfTzuPrcnLmpMjiDqzGo1nUnNNKGX1DIQCUdM9NXeXLT5nUbvcQtsOyj3eirE+iN RXPMdv4vx267mh3rZQJv2jvvBK7QZ6WD3k8zIyL0D2UXPSI9UYiFHAgUr4zX5xvfMSQr fnEMBNrrOFXHtFmJX8qNKe1NHZ07VihRaa2lClm5FnPqjbU+ri+LjKGSPDe2EC9MHiTK NVhw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:content-transfer-encoding :mime-version:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=jytANE3A6ut77+YzD8arO4tXRo0D6bqyjXeRLGQGoBo=; b=g4diJo/5LPYv4a530VknCvNy5EvcLBwF5+t7nhBhoDvNJhQ4pl1TnMk1mwpsIT7Rzq 7i1qKk/1S3zR73vAcefZihknz3+eDCCWGWxT4g7YtxhzxqKJ2QhVnFMl7mbus9xPawrp IxXnH+ffJiMCFFZHO3lFxEqTiyeF8OoUyVbqKOdwgIHe0OVLVM4dzbqp8l0BI79lu5X5 q0p9+ilPjlttoMalGzkEk0stwBeTnek+fqXmpFStuhSm4bRwzHA/CT/x2uVqo1H3Oqxy rUPW/df3p9MuWSmIw6ccvSs4hAv5/c13wu8Ojbk/x3bswYc7nXwcian0Hd2PEfnqtYu7 HoWA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=hImligpo; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 85.214.62.61 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from phobos.denx.de (phobos.denx.de. [85.214.62.61]) by mx.google.com with ESMTPS id 7-20020a17090a08c700b002535adfa0e4si1551696pjn.65.2023.05.19.03.33.58 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 19 May 2023 03:33:59 -0700 (PDT) Received-SPF: pass (google.com: domain of u-boot-bounces@lists.denx.de designates 85.214.62.61 as permitted sender) client-ip=85.214.62.61; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=hImligpo; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 85.214.62.61 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id A7A3C8629D; Fri, 19 May 2023 12:33:06 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="hImligpo"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id D6AAF81DCF; Fri, 19 May 2023 12:33:01 +0200 (CEST) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.2 Received: from mail-pf1-x431.google.com (mail-pf1-x431.google.com [IPv6:2607:f8b0:4864:20::431]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id 1F518862AD for ; Fri, 19 May 2023 12:32:57 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=masahisa.kojima@linaro.org Received: by mail-pf1-x431.google.com with SMTP id d2e1a72fcca58-64d2c865e4eso773792b3a.0 for ; Fri, 19 May 2023 03:32:57 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1684492375; x=1687084375; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=jytANE3A6ut77+YzD8arO4tXRo0D6bqyjXeRLGQGoBo=; b=hImligponpL3m9hrsY5vnEd1V6e0IVddqO6bvkwrMkql/fC0+T15VEI0l02B9Bw9xL 4gb6dMuCQUDTjRieHQJBzyiKt+YErhH5rjxWaXSe0EkKZu23FOp5m0VJQldhEeGhiD4i 6Vj3bAjLinFnEEz7MmsrQuVgMKRLuqj7q7DpUCLHsDd8DQ6gJtNXIia2BYjwhJSQmBqX oaDZpuaZ4zqzWdPhLJb5Pub999VtKczPOAlkt/dukdzTYbSuIGhKktJ62EtzRbQpyCM/ n2X02RgLlt+i7buOW4+JOEB83MmfZSUNW175TUBae6S3uwum0xPlkbdGT4zYSSchEIv9 llfg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1684492375; x=1687084375; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=jytANE3A6ut77+YzD8arO4tXRo0D6bqyjXeRLGQGoBo=; b=azaSsBHwoP4qRfOm1syQBip6CMxK3CuDRK/gRiKm8l2+Fmu58fX6kyen6YBKA8pXH7 OEc0S0rIn+pVEYNiNAsd63977WxiAJhAbTyZIvcIVSaGUV1lEZauC2rXdu7PLnE/6AMu RekKVkYcJ3LQG1GDc/6P9reZa8+SnO+XCGyX5kqceO6MzbsEkcTUPo1fT8PO3CoicjHq L78GfDzIHEjcpG6yWCjKAPpD/s//XuSG7tjAb4MAch8NiJc4Y9Ln+zX0/GgvzsBoYKbP G+M7nCJMRpz5CrOvzeVg35+WghmCOMXM2koAmifmIpsCfM35q7KUj5Xc/MnP1Fe0Iakm bD+w== X-Gm-Message-State: AC+VfDyYy/JulPbCUogHESWFB0vpfnh8SxEqLEqd2WyIoQHcLZjUPfcx 5lcczieUT+cy4hbFxVYpir/KmS96TWIjGsJHRco= X-Received: by 2002:a05:6a21:6d88:b0:104:923b:4d00 with SMTP id wl8-20020a056a216d8800b00104923b4d00mr1695489pzb.36.1684492375310; Fri, 19 May 2023 03:32:55 -0700 (PDT) Received: from ubuntu-SVE15129CJS.. ([240d:1a:cf7:5800:8e72:6c60:18e6:c4c4]) by smtp.gmail.com with ESMTPSA id r13-20020a17090a940d00b0025352448ba9sm1195870pjo.0.2023.05.19.03.32.53 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 19 May 2023 03:32:54 -0700 (PDT) From: Masahisa Kojima To: u-boot@lists.denx.de Cc: Heinrich Schuchardt , Ilias Apalodimas , Simon Glass , Takahiro Akashi , Masahisa Kojima Subject: [PATCH v6 5/8] efi_loader: check lowest supported version Date: Fri, 19 May 2023 19:32:11 +0900 Message-Id: <20230519103214.1239656-6-masahisa.kojima@linaro.org> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20230519103214.1239656-1-masahisa.kojima@linaro.org> References: <20230519103214.1239656-1-masahisa.kojima@linaro.org> MIME-Version: 1.0 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.39 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.8 at phobos.denx.de X-Virus-Status: Clean The FMP Payload Header which EDK II capsule generation scripts insert has a firmware version. This commit reads the lowest supported version stored in the device tree, then check if the firmware version in FMP payload header of the ongoing capsule is equal or greater than the lowest supported version. If the firmware version is lower than lowest supported version, capsule update will not be performed. Signed-off-by: Masahisa Kojima --- Changes in v6: - get aligned to the latest implementation Changes in v5: - newly implement the device tree based versioning Changes in v4: - use log_err() instead of printf() Changes in v2: - add error message when the firmware version is lower than lowest supported version lib/efi_loader/efi_firmware.c | 19 ++++++++++++++++++- 1 file changed, 18 insertions(+), 1 deletion(-) diff --git a/lib/efi_loader/efi_firmware.c b/lib/efi_loader/efi_firmware.c index 00cf9a088a..7cd0016765 100644 --- a/lib/efi_loader/efi_firmware.c +++ b/lib/efi_loader/efi_firmware.c @@ -424,7 +424,8 @@ static void efi_firmware_get_fw_version(const void **p_image, * @image_index Image index * @state Pointer to fmp state * - * Verify the capsule file + * Verify the capsule authentication and check if the fw_version + * is equal or greater than the lowest supported version. * * Return: status code */ @@ -434,11 +435,27 @@ efi_status_t efi_firmware_verify_image(const void **p_image, u8 image_index, struct fmp_state *state) { + u32 lsv; efi_status_t ret; + efi_guid_t *image_type_id; ret = efi_firmware_capsule_authenticate(p_image, p_image_size); efi_firmware_get_fw_version(p_image, p_image_size, state); + /* check lowest_supported_version if capsule authentication passes */ + if (ret == EFI_SUCCESS) { + image_type_id = efi_firmware_get_image_type_id(image_index); + if (!image_type_id) + return EFI_INVALID_PARAMETER; + + efi_firmware_get_lsv_from_dtb(image_index, image_type_id, &lsv); + if (state->fw_version < lsv) { + log_err("Firmware version %u too low. Expecting >= %u. Aborting update\n", + state->fw_version, lsv); + return EFI_INVALID_PARAMETER; + } + } + return ret; } From patchwork Fri May 19 10:32:12 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Masahisa Kojima X-Patchwork-Id: 683903 Delivered-To: patch@linaro.org Received: by 2002:a5d:4e01:0:0:0:0:0 with SMTP id p1csp853566wrt; Fri, 19 May 2023 03:34:28 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ4yL6hBTmr+uF6nQxQcq/gDxhX9P2Mto3750niY88dTKFIUGUwvBOAJVyeEohEYD209yGHE X-Received: by 2002:a17:902:d50f:b0:1a9:7dc2:9427 with SMTP id b15-20020a170902d50f00b001a97dc29427mr6223717plg.21.1684492468282; Fri, 19 May 2023 03:34:28 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1684492468; cv=none; d=google.com; s=arc-20160816; b=zLnnSUPVqlVr3sr8RL4L1ZdXIKsv4p2Osl1v4sHxohymK4sSpMM/48tf5lfP4FBeXV I/aNrjECdIeImGR8BNdZN1uzN2egAgGXJ1k/3MZ1dOfB81ULW1XP/A/oaGs3b4RRZWiD uzBsFuvA4qj5UNgTEiBCF7GcK/5w4KIjBLsSrYzSIofy4frFWeXVMXwvNbOSjDM4KOBP dIa145GSS7pKvgZ3bpC4cGkuL1Yngz0dhF7NodBnOf2UeL0w5wJwE9ikwGwz9fkRbSce QQkQyFdQPM+RdAfM6y1jetRXCO8VgYt0gbQ8Uf998HwVFsvyW8VvDHDwh4NcwrUuL77p bxBQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:content-transfer-encoding :mime-version:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=4G9SH4kka4OaVc9fzfqOy7jYLz4LDRFYdvGbHtpwMBw=; b=jNMvXLK2H8pwBd09JfN7U6ABNagboYDn66862umZvZ1BwDeJG+7i2LFqITyxsi4DWc IEwfOgi2lWkARVk8twdhfDw5E6vE5EfAOwJjGCq88/8aDvzJqSgUR/nFC8uSKBQi5oC7 jxOgubdFzHPxSx7aFcyAj4gK947SDmWRmCCYtDQEIje2kdc9bKL4UuF8QCLgXLlGVyrc k3IbxXAYBZIip6fr+2u8aoCp64hF4ptIp+Ud9Hf3IGkpXTku3tlsOkyGXJHg8O0897w+ F+BQwNbcAIxV2Y4zzzovcspry5V2TwudqGNjGvxzdmSjt2I4kMFczQRfAQXiEBltvlFS WDVA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=FID5jGJ7; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from phobos.denx.de (phobos.denx.de. [2a01:238:438b:c500:173d:9f52:ddab:ee01]) by mx.google.com with ESMTPS id u14-20020a17090341ce00b001ae40e07fb3si3549085ple.563.2023.05.19.03.34.27 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 19 May 2023 03:34:28 -0700 (PDT) Received-SPF: pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) client-ip=2a01:238:438b:c500:173d:9f52:ddab:ee01; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=FID5jGJ7; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 29F68862DA; Fri, 19 May 2023 12:33:16 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="FID5jGJ7"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id 3769381DCF; Fri, 19 May 2023 12:33:07 +0200 (CEST) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.2 Received: from mail-pg1-x531.google.com (mail-pg1-x531.google.com [IPv6:2607:f8b0:4864:20::531]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id 7E9D8862DA for ; Fri, 19 May 2023 12:33:00 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=masahisa.kojima@linaro.org Received: by mail-pg1-x531.google.com with SMTP id 41be03b00d2f7-52cb8e5e9f5so492245a12.0 for ; Fri, 19 May 2023 03:33:00 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1684492378; x=1687084378; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=4G9SH4kka4OaVc9fzfqOy7jYLz4LDRFYdvGbHtpwMBw=; b=FID5jGJ7dg9WPG9/HANrv9gd2wWr4MlS5Xz74p0yn+6SUj9eH+msOA0+wHWfqzH0VR 3kv7EcHotbkcyXKA3qZlRlxG+C5yXIYHiz9+BeA+Ij7aT1IqE2SsG9tp456RFoSgT4dc z+/AvvoF0oOGs1JMsEwaOoMsz2jq6lvfV4/v39A91wAsMCjTWI70hc9NyGNXIvFUZOtq S6TREPtMgZedz+Y8LBjkd4N/x0OpscJKZEUGIWDKByoUm29/YGc9QCQwnieeOJo5H0cz vS27LuA0xvxCNUJY1Ll88ReDwSkAgc2wlLNkTXvgJzZdti78qnfB7uCAuzO5XLFSmn0P zBPg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1684492378; x=1687084378; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=4G9SH4kka4OaVc9fzfqOy7jYLz4LDRFYdvGbHtpwMBw=; b=RiCF6b9yOfT/pAZWfp61OQbP5Rj0SgNBfre8BSfre4G29xjnAzIYSLJ07QwdtmFXuz g4NFmAvSPp4rFfy3bJlgks00Fmrdq/kZi+zdW2nvOkmwgrf2D+pjsOtexVx8b0oIGpBP Di9gL7n6HasrH9bXKPFu7kJBeDuZv+JjooswAKlqIPgcLV7fpCxt6snk/A3D8kt74gks /N9q1cuKTzgsYyEhOBzmkcOu3AZWagbhXRnkfHKNLt76Z79qCLhED48Mafz97L7Qclwt v9eygG1D/iYEhUAoj56GOD2iDoTB/1oOpJPn5jmJX3e9Lrq2B484JaAQ84LEKiyXTnVn sGYw== X-Gm-Message-State: AC+VfDy2S52fogETwrqMCDaLLPg5t32yTJxKDGnBThc3tQ1G1fWCjWBk o/7+D0Iym/vURn15nynrVRImsJyXkiFY66CpCKc= X-Received: by 2002:a17:902:f545:b0:1ac:750e:33d6 with SMTP id h5-20020a170902f54500b001ac750e33d6mr6956789plf.23.1684492378412; Fri, 19 May 2023 03:32:58 -0700 (PDT) Received: from ubuntu-SVE15129CJS.. ([240d:1a:cf7:5800:8e72:6c60:18e6:c4c4]) by smtp.gmail.com with ESMTPSA id r13-20020a17090a940d00b0025352448ba9sm1195870pjo.0.2023.05.19.03.32.56 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 19 May 2023 03:32:57 -0700 (PDT) From: Masahisa Kojima To: u-boot@lists.denx.de Cc: Heinrich Schuchardt , Ilias Apalodimas , Simon Glass , Takahiro Akashi , Masahisa Kojima , Sughosh Ganu , Etienne Carriere Subject: [PATCH v6 6/8] mkeficapsule: add FMP Payload Header Date: Fri, 19 May 2023 19:32:12 +0900 Message-Id: <20230519103214.1239656-7-masahisa.kojima@linaro.org> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20230519103214.1239656-1-masahisa.kojima@linaro.org> References: <20230519103214.1239656-1-masahisa.kojima@linaro.org> MIME-Version: 1.0 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.39 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.8 at phobos.denx.de X-Virus-Status: Clean Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima Acked-by: Ilias Apalodimas --- No update since v5 Changes in v5: - remove --lsv since we use the lowest_supported_version in the dtb Changes in v3: - remove '-f' option - move some definitions into tools/eficapsule.h - add dependency check of fw_version and lowest_supported_version - remove unexpected modification of existing fprintf() call - add documentation Newly created in v2 doc/mkeficapsule.1 | 10 ++++++++++ tools/eficapsule.h | 30 ++++++++++++++++++++++++++++++ tools/mkeficapsule.c | 37 +++++++++++++++++++++++++++++++++---- 3 files changed, 73 insertions(+), 4 deletions(-) diff --git a/doc/mkeficapsule.1 b/doc/mkeficapsule.1 index 1ca245a10f..c4c2057d5c 100644 --- a/doc/mkeficapsule.1 +++ b/doc/mkeficapsule.1 @@ -61,6 +61,16 @@ Specify an image index .BI "-I\fR,\fB --instance " instance Specify a hardware instance +.PP +FMP Payload Header is inserted right before the payload if +.BR --fw-version +is specified + + +.TP +.BI "-v\fR,\fB --fw-version " firmware-version +Specify a firmware version, 0 if omitted + .PP For generation of firmware accept empty capsule .BR --guid diff --git a/tools/eficapsule.h b/tools/eficapsule.h index 072a4b5598..753fb73313 100644 --- a/tools/eficapsule.h +++ b/tools/eficapsule.h @@ -113,4 +113,34 @@ struct efi_firmware_image_authentication { struct win_certificate_uefi_guid auth_info; } __packed; +/* fmp payload header */ +#define SIGNATURE_16(A, B) ((A) | ((B) << 8)) +#define SIGNATURE_32(A, B, C, D) \ + (SIGNATURE_16(A, B) | (SIGNATURE_16(C, D) << 16)) + +#define FMP_PAYLOAD_HDR_SIGNATURE SIGNATURE_32('M', 'S', 'S', '1') + +/** + * struct fmp_payload_header - EDK2 header for the FMP payload + * + * This structure describes the header which is preprended to the + * FMP payload by the edk2 capsule generation scripts. + * + * @signature: Header signature used to identify the header + * @header_size: Size of the structure + * @fw_version: Firmware versions used + * @lowest_supported_version: Lowest supported version (not used) + */ +struct fmp_payload_header { + uint32_t signature; + uint32_t header_size; + uint32_t fw_version; + uint32_t lowest_supported_version; +}; + +struct fmp_payload_header_params { + bool have_header; + uint32_t fw_version; +}; + #endif /* _EFI_CAPSULE_H */ diff --git a/tools/mkeficapsule.c b/tools/mkeficapsule.c index b71537beee..52be1f122e 100644 --- a/tools/mkeficapsule.c +++ b/tools/mkeficapsule.c @@ -41,6 +41,7 @@ static struct option options[] = { {"guid", required_argument, NULL, 'g'}, {"index", required_argument, NULL, 'i'}, {"instance", required_argument, NULL, 'I'}, + {"fw-version", required_argument, NULL, 'v'}, {"private-key", required_argument, NULL, 'p'}, {"certificate", required_argument, NULL, 'c'}, {"monotonic-count", required_argument, NULL, 'm'}, @@ -60,6 +61,7 @@ static void print_usage(void) "\t-g, --guid guid for image blob type\n" "\t-i, --index update image index\n" "\t-I, --instance update hardware instance\n" + "\t-v, --fw-version firmware version\n" "\t-p, --private-key private key file\n" "\t-c, --certificate signer's certificate file\n" "\t-m, --monotonic-count monotonic count\n" @@ -402,6 +404,7 @@ static void free_sig_data(struct auth_context *ctx) */ static int create_fwbin(char *path, char *bin, efi_guid_t *guid, unsigned long index, unsigned long instance, + struct fmp_payload_header_params *fmp_ph_params, uint64_t mcount, char *privkey_file, char *cert_file, uint16_t oemflags) { @@ -410,10 +413,11 @@ static int create_fwbin(char *path, char *bin, efi_guid_t *guid, struct efi_firmware_management_capsule_image_header image; struct auth_context auth_context; FILE *f; - uint8_t *data; + uint8_t *data, *new_data, *buf; off_t bin_size; uint64_t offset; int ret; + struct fmp_payload_header payload_header; #ifdef DEBUG fprintf(stderr, "For output: %s\n", path); @@ -423,6 +427,7 @@ static int create_fwbin(char *path, char *bin, efi_guid_t *guid, auth_context.sig_size = 0; f = NULL; data = NULL; + new_data = NULL; ret = -1; /* @@ -431,12 +436,30 @@ static int create_fwbin(char *path, char *bin, efi_guid_t *guid, if (read_bin_file(bin, &data, &bin_size)) goto err; + buf = data; + + /* insert fmp payload header right before the payload */ + if (fmp_ph_params->have_header) { + new_data = malloc(bin_size + sizeof(payload_header)); + if (!new_data) + goto err; + + payload_header.signature = FMP_PAYLOAD_HDR_SIGNATURE; + payload_header.header_size = sizeof(payload_header); + payload_header.fw_version = fmp_ph_params->fw_version; + payload_header.lowest_supported_version = 0; /* not used */ + memcpy(new_data, &payload_header, sizeof(payload_header)); + memcpy(new_data + sizeof(payload_header), data, bin_size); + buf = new_data; + bin_size += sizeof(payload_header); + } + /* first, calculate signature to determine its size */ if (privkey_file && cert_file) { auth_context.key_file = privkey_file; auth_context.cert_file = cert_file; auth_context.auth.monotonic_count = mcount; - auth_context.image_data = data; + auth_context.image_data = buf; auth_context.image_size = bin_size; if (create_auth_data(&auth_context)) { @@ -536,7 +559,7 @@ static int create_fwbin(char *path, char *bin, efi_guid_t *guid, /* * firmware binary */ - if (write_capsule_file(f, data, bin_size, "Firmware binary")) + if (write_capsule_file(f, buf, bin_size, "Firmware binary")) goto err; ret = 0; @@ -545,6 +568,7 @@ err: fclose(f); free_sig_data(&auth_context); free(data); + free(new_data); return ret; } @@ -644,6 +668,7 @@ int main(int argc, char **argv) unsigned long oemflags; char *privkey_file, *cert_file; int c, idx; + struct fmp_payload_header_params fmp_ph_params = { 0 }; guid = NULL; index = 0; @@ -679,6 +704,10 @@ int main(int argc, char **argv) case 'I': instance = strtoul(optarg, NULL, 0); break; + case 'v': + fmp_ph_params.fw_version = strtoul(optarg, NULL, 0); + fmp_ph_params.have_header = true; + break; case 'p': if (privkey_file) { fprintf(stderr, @@ -751,7 +780,7 @@ int main(int argc, char **argv) exit(EXIT_FAILURE); } } else if (create_fwbin(argv[argc - 1], argv[argc - 2], guid, - index, instance, mcount, privkey_file, + index, instance, &fmp_ph_params, mcount, privkey_file, cert_file, (uint16_t)oemflags) < 0) { fprintf(stderr, "Creating firmware capsule failed\n"); exit(EXIT_FAILURE); From patchwork Fri May 19 10:32:13 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Masahisa Kojima X-Patchwork-Id: 683902 Delivered-To: patch@linaro.org Received: by 2002:a5d:4e01:0:0:0:0:0 with SMTP id p1csp853445wrt; Fri, 19 May 2023 03:34:14 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ7ztPqbJL3Q7Vdu0IcjWrBMVQTeL0eU2jVu8kN8Enrxm5URrD/CSYQzfeuLLN1nXvFlpGuv X-Received: by 2002:a17:903:1111:b0:1a2:8c7e:f310 with SMTP id n17-20020a170903111100b001a28c7ef310mr2713911plh.35.1684492454314; Fri, 19 May 2023 03:34:14 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1684492454; cv=none; d=google.com; s=arc-20160816; b=hyyCKIcKsDYdgdWA4Qe4XjzegavlfIvwSKIAJ/y/3sKGoMy8F9tBqX56d0vabR07Tg HbmebfGtBV1YIJDFgnY0W7WjcV8Yw07FUcf3g08K5vyFuQ0WTG+Fx6tMpwMRRAM/+F76 itgHUBAL2xzgoe2O0XNkqunHI+VtSiT+PUUeORbjOsOKupd4zr1PFL8cPBMJPP/6yvI9 MqdP7ourtocqaz576tBIE7BpQr65nnC2+kyzK4R8O9qlxbXkBvaYlREc8dihTpco4cP6 HCmLmyyv5jgRG4uMXMqnisS7W2n396Qip4WaWv8POWmfSHNjYkg4VtFuyO7cMtu6XsvC 2x2w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:content-transfer-encoding :mime-version:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=N4BJBX01dzwodMzXdwvK9cB8Al9t6G1fXCXpWPWmfZE=; b=urOJS5UgL1rg8DOMvJeD2D1LG1JYM9UOKgZEDCoua7ineG2d6WK0WDxDpHyL8Y2TuV 6CLZHzr5GyA44NUhFOfoDfp+hjXoK7Al4u+C2X/D1kUdZnHJ/Rh0cxTHXyYvMHtWxLYa +N4zeOfRxyu2M3vLRPT9KwuDSeZtW4LeiC2kiMQNgPFbhwAN+/c/Jje4JJZNU+K5g/IL /7x+FdTkxFfcMjKDU8ulSZXuSUG3VTvRyC5uLjULj0yNIfjYe7MunfsnvuL9CRoNMR6c 8vEdYnajscYhPQXMt42LuwpdaetVlVhzlmd+22GEjxEl9Hm4LlJHBpK8uDtq3uprp7rt /1Zg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b="n/EuoC5v"; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from phobos.denx.de (phobos.denx.de. [2a01:238:438b:c500:173d:9f52:ddab:ee01]) by mx.google.com with ESMTPS id h8-20020a170902ac8800b001adf24718c1si3415270plr.256.2023.05.19.03.34.13 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 19 May 2023 03:34:14 -0700 (PDT) Received-SPF: pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) client-ip=2a01:238:438b:c500:173d:9f52:ddab:ee01; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b="n/EuoC5v"; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id C9A36862F1; Fri, 19 May 2023 12:33:12 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="n/EuoC5v"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id 0AAC0862CB; Fri, 19 May 2023 12:33:07 +0200 (CEST) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.2 Received: from mail-pj1-x102b.google.com (mail-pj1-x102b.google.com [IPv6:2607:f8b0:4864:20::102b]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id E434781DCF for ; Fri, 19 May 2023 12:33:02 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=masahisa.kojima@linaro.org Received: by mail-pj1-x102b.google.com with SMTP id 98e67ed59e1d1-2533a03388dso2162337a91.2 for ; Fri, 19 May 2023 03:33:02 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1684492381; x=1687084381; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=N4BJBX01dzwodMzXdwvK9cB8Al9t6G1fXCXpWPWmfZE=; b=n/EuoC5vfFRuIUoTRscsvH0e1MDT6SJoqJ120p+AYnEz6UVotD5mfc05RcUrr2uB7j 6l+BMQSmKVNWbjfGmoFHfZWDajFcpMIhTTa0Xrxp9WzcXPUoNZjjjNYmVntL0ccm+2mY 57+Ua78UMXVHhC7Lkmdzjg7WmAdCHQJE0GF7nnkB4R/QX7ousITWbl50Vv6iz/HfH0Dm JJpcLv7wOFwy/4fyOKbokt+HH36G/4DKQiaCLmyeAOV09XMlbtastZ+hRkpTchGdeTOi +IteBbz+GnnvP5L+0BwWlMESa/BWRKoTyHSXkK30ZPyW6YQEJtSxt0oM5i+K47JeLDz4 82Zg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1684492381; x=1687084381; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=N4BJBX01dzwodMzXdwvK9cB8Al9t6G1fXCXpWPWmfZE=; b=CRjkwj/HWld3rsME55+bL1CoG1kkVwNY4+7drEgHc1gA77PiCs18H5Q/Z37NjkRmy5 D86cQLMWGrhqFR7vssrYPxWUy4K2higPazPV9ftKIhrrTOfq5DcQCD8sbQHN0h9OPgLC OOU9bVfuxcvnv7QI6O3sHrUwSr0J8vWgF+8SC20W9XNalZhT4tan+App1c/tqvM9XZqa kMKrNac0WVaHQeAJTFN23eFpM9LuJq4PRpAwtWj0BcN5upkUW3HtuUSQ2rqQagkyFpB7 b35xR6sAuWQhYIs2Tuh9Q4/MW6ePhMIr6yrUNy/0Mrjlw8v46/o+EYGdJHhgVnN8crBQ ZiHw== X-Gm-Message-State: AC+VfDzC9tlxUX1O5fgkhlsNSoBBISQnZVWGd+dzHL738/rcv5XzlW6K X6/prS4ouAgiom12Ckj1YFa9P5NlW7TqZV4ViLA= X-Received: by 2002:a17:90b:194:b0:253:8abb:b613 with SMTP id t20-20020a17090b019400b002538abbb613mr820169pjs.46.1684492380912; Fri, 19 May 2023 03:33:00 -0700 (PDT) Received: from ubuntu-SVE15129CJS.. ([240d:1a:cf7:5800:8e72:6c60:18e6:c4c4]) by smtp.gmail.com with ESMTPSA id r13-20020a17090a940d00b0025352448ba9sm1195870pjo.0.2023.05.19.03.32.59 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 19 May 2023 03:33:00 -0700 (PDT) From: Masahisa Kojima To: u-boot@lists.denx.de Cc: Heinrich Schuchardt , Ilias Apalodimas , Simon Glass , Takahiro Akashi , Masahisa Kojima Subject: [PATCH v6 7/8] doc: uefi: add firmware versioning documentation Date: Fri, 19 May 2023 19:32:13 +0900 Message-Id: <20230519103214.1239656-8-masahisa.kojima@linaro.org> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20230519103214.1239656-1-masahisa.kojima@linaro.org> References: <20230519103214.1239656-1-masahisa.kojima@linaro.org> MIME-Version: 1.0 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.39 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.8 at phobos.denx.de X-Virus-Status: Clean This commit describes the procedure to add the firmware version into the capsule file. Signed-off-by: Masahisa Kojima --- Newly created in v6 doc/develop/uefi/uefi.rst | 29 +++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) diff --git a/doc/develop/uefi/uefi.rst b/doc/develop/uefi/uefi.rst index ffe25ca231..efab0fc7b1 100644 --- a/doc/develop/uefi/uefi.rst +++ b/doc/develop/uefi/uefi.rst @@ -510,6 +510,35 @@ where signature.dts looks like:: }; }; +Enabling Firmware Versioning +**************************** + +The UEFI specification does not define the firmware versioning mechanism. +EDK II reference implementation inserts the FMP Payload Header right before +the payload. It coutains the fw_version and lowest supported version, +EDK II reference implementation uses these information to implement the +firmware versioning and anti-rollback protection, the firmware version and +lowest supported version is stored into EFI non-volatile variable. + +In U-Boot, the firmware versioning is implemented utilizing +the FMP Payload Header same as EDK II reference implementation, +reads the FMP Payload Header and stores the firmware version into +"FmpStateXXXX" EFI non-volatile variable. XXXX indicates the image index, +since FMP protocol handles multiple image indexes. + + +1. Run the following command to add firmware version into the capsule file + +.. code-block:: console + + $ mkeficapsule --monotonic-count 1 \ + --private-key CRT.key \ + --certificate CRT.crt \ + --index 1 --instance 0 \ + --fw-version 5 \ + [--fit | --raw | --guid + Executing the boot manager ~~~~~~~~~~~~~~~~~~~~~~~~~~ From patchwork Fri May 19 10:32:14 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Masahisa Kojima X-Patchwork-Id: 683904 Delivered-To: patch@linaro.org Received: by 2002:a5d:4e01:0:0:0:0:0 with SMTP id p1csp853663wrt; Fri, 19 May 2023 03:34:42 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ7rwGgyEJ931r+J3oUshAZh6opbiqfHyyGkZZCQQ2ZytGHY9KL8n65uxjWH/SGQCCoxwcRP X-Received: by 2002:a17:902:a713:b0:1ae:1ecf:f25c with SMTP id w19-20020a170902a71300b001ae1ecff25cmr1781479plq.21.1684492482078; Fri, 19 May 2023 03:34:42 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1684492482; cv=none; d=google.com; s=arc-20160816; b=G3DdRgr8rkocrFqhuRXr/PUVIB15eLCom1Z4cVI6TTWCJhB/n64CxdwHiXCZJ6Jt1o gaJahw5t0XCeTHEh/h+l8iTQx6MmNrxH/FZpEjq1JQGQP6ooo3Ilmtni5gJ1UqR1aZD6 VJ7xsVmJ/wbBTIY5yV9M26QndwHRMbZrKciPwEU2OFm43WLqWxCCSnO53Um9X7NkLKDp Tj3YU2bPFqO1+a4aZJHQF7TlBRxDOf42fBPCUoWY9ex0NgC2KH0UqwohnsZDRXvjHiNE RBrAac+fssNG1O7Y4egQ/pS4+Y/a+zFOhOs43SoH8PCQyfe8Pms2RBJrPgqF8+lh8UK4 6RlA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:content-transfer-encoding :mime-version:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=mo/B7/CjIUzb2/ZwUDiRWA0+pU7luPB1oM8GNU8uZmA=; b=pB1jHlLtpXBNZfbGOWAQsTHSEK2fJPgwMrDF038Fum0zOpvVzKcI8QyAsiTZOipBoN hNaEbwZEH0LM+B7al7JrgmzHZoBFYiXrcD5h/CkzwGO5S0ZUTEXanw61IU7hQeC6Rye+ N0KwBGSi8DDz1fPBLiNKOk1UiwectpQRb3uDQ2DZQUzWy2Ug5gZOgci151LxpOSMPMhi KTAvYUGn5fup6ZL7xldpTrao8IJFv+6mMW518/bfVdEMnVqQWw67XXaVritF51BjVcc4 9T9sDDjT6waMcKTQ/HlmU/H3yoooyoRFhNX92CG+zEVfaLIl/rFW2vCnqBqxyNT4Xfpb rqAg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=WQkAk5IV; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 85.214.62.61 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from phobos.denx.de (phobos.denx.de. [85.214.62.61]) by mx.google.com with ESMTPS id b4-20020a1709027e0400b001ab089f7319si17772plm.52.2023.05.19.03.34.41 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 19 May 2023 03:34:42 -0700 (PDT) Received-SPF: pass (google.com: domain of u-boot-bounces@lists.denx.de designates 85.214.62.61 as permitted sender) client-ip=85.214.62.61; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=WQkAk5IV; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 85.214.62.61 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 694328627B; Fri, 19 May 2023 12:33:19 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="WQkAk5IV"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id 80E5D862E7; Fri, 19 May 2023 12:33:11 +0200 (CEST) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.2 Received: from mail-pj1-x1031.google.com (mail-pj1-x1031.google.com [IPv6:2607:f8b0:4864:20::1031]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id F41D18623E for ; Fri, 19 May 2023 12:33:05 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=masahisa.kojima@linaro.org Received: by mail-pj1-x1031.google.com with SMTP id 98e67ed59e1d1-2537a79b9acso556728a91.3 for ; Fri, 19 May 2023 03:33:05 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1684492383; x=1687084383; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=mo/B7/CjIUzb2/ZwUDiRWA0+pU7luPB1oM8GNU8uZmA=; b=WQkAk5IV7iFAdFf1mx0a9Ii24NtLcmq5X9CLlfUx9xvinviEqn/5kNdd/TCJOpHz3w E2lUnbgP/lZU1NHnihy6HdhcnxNN3NkYRUV6lDza0GAYRXKCOvLHzAKgwRI1RNokdpMU P1wcv3nfb+I3U+XOlj/H+xb7cK8zIIlX6Fgmw1P/xdXZJYPfOR5/B9T8SROwiAK5S2Ly EdYokFfB+1cEWMOgAhjlAhBeNcCoqdvYl87Hs1nrYFv6cY+3CcLe7pzXWc84HwLtfCKd eh/LTEUFYxAMubk5OvGaUZFocsLJ6K2KdBYheK91jeESQU/JG4uB+oswZ8vjatJCeLYR t3sA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1684492383; x=1687084383; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=mo/B7/CjIUzb2/ZwUDiRWA0+pU7luPB1oM8GNU8uZmA=; b=KG+pxHh4LedCIQdsKTB2AiatGrPV71NllMPcky6iBPy/FeHObwL+1PatUO8gI4Ek72 i+y1EJY7ktD5StttHABEszII/OFDQ+BiqOnddMc2RnKTlAM+ci+16HwaOG+TID1o685u ymWFKsvDXZ9biid5YZkVbNH+ifnceBVXsaq389oR0k4puwFrA8FUSJoGRXBXtI9vPukJ V78mxbUiQ9j/J6PqqoDtUvkcwGA3G1K3hJQMea9DTO3LRsxg6NNARLrPQyEQbuZXzDAg 5yK9l3i/2gE0OuM6FsQIq6tUnSCHlGbnld2XA7WAraO5oueIfTiMDQalqxWUviqt7dKT aJgw== X-Gm-Message-State: AC+VfDxCXZlYGNNwQQdf7BaVJsm+Aj/+8WMZ806S1BqcPD30yTHuhZ38 EmfQ0nCGhkckyfaYN/7lmrw4Cyg+R6yPsTc0QeI= X-Received: by 2002:a17:90a:7e02:b0:24e:102e:edbf with SMTP id i2-20020a17090a7e0200b0024e102eedbfmr1607284pjl.13.1684492383613; Fri, 19 May 2023 03:33:03 -0700 (PDT) Received: from ubuntu-SVE15129CJS.. ([240d:1a:cf7:5800:8e72:6c60:18e6:c4c4]) by smtp.gmail.com with ESMTPSA id r13-20020a17090a940d00b0025352448ba9sm1195870pjo.0.2023.05.19.03.33.01 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 19 May 2023 03:33:03 -0700 (PDT) From: Masahisa Kojima To: u-boot@lists.denx.de Cc: Heinrich Schuchardt , Ilias Apalodimas , Simon Glass , Takahiro Akashi , Masahisa Kojima Subject: [PATCH v6 8/8] doc: uefi: add anti-rollback documentation Date: Fri, 19 May 2023 19:32:14 +0900 Message-Id: <20230519103214.1239656-9-masahisa.kojima@linaro.org> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20230519103214.1239656-1-masahisa.kojima@linaro.org> References: <20230519103214.1239656-1-masahisa.kojima@linaro.org> MIME-Version: 1.0 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.39 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.8 at phobos.denx.de X-Virus-Status: Clean This commit describe the procedure to configure lowest supported version in the device tree for anti-rollback protection. Signed-off-by: Masahisa Kojima --- Newly created in v6 doc/develop/uefi/uefi.rst | 32 ++++++++++++++++++++++++++++++++ 1 file changed, 32 insertions(+) diff --git a/doc/develop/uefi/uefi.rst b/doc/develop/uefi/uefi.rst index efab0fc7b1..f1f13bb993 100644 --- a/doc/develop/uefi/uefi.rst +++ b/doc/develop/uefi/uefi.rst @@ -539,6 +539,38 @@ since FMP protocol handles multiple image indexes. [--fit | --raw | --guid +Anti-rollback Protection +~~~~~~~~~~~~~~~~~~~~~~~~ + +The anti-rollback protection is implemented differently from firmware versioning. +U-Boot implements the file-based EFI variable storage, it can be tampered +and not the right place to store the lowest supported version. +U-Boot uses device tree to store the lowest supported version, it is secured +as long as dtb is authenticated together with U-Boot image by the authenticated +capsule update, and the former stage boot loader verifies the image containing the dtb +when the system boots. + +1. Insert the lowest supported version into a device tree + +.. code-block:: console + + $ dtc -@ -I dts -O dtb -o version.dtbo version.dts + $ fdtoverlay -i orig.dtb -o new.dtb -v version.dtbo + +where version.dts looks like:: + + /dts-v1/; + /plugin/; + &{/} { + firmware-version { + image1 { + image-type-id = "09D7CF52-0720-4710-91D1-08469B7FE9C8"; + image-index = <1>; + lowest-supported-version = <3>; + }; + }; + }; + Executing the boot manager ~~~~~~~~~~~~~~~~~~~~~~~~~~