From patchwork Tue Jun 6 09:40:25 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Masahisa Kojima X-Patchwork-Id: 689685 Delivered-To: patch@linaro.org Received: by 2002:a5d:4d8a:0:0:0:0:0 with SMTP id b10csp2537587wru; Tue, 6 Jun 2023 02:41:59 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ4ywr6LZgahBH++lz0z45dn3SKWuR+0Zs6yMzCvg5D1mBu1WBT4PRXR+RRduNDyW5AtmfHU X-Received: by 2002:a17:90a:aa08:b0:24b:52cb:9a31 with SMTP id k8-20020a17090aaa0800b0024b52cb9a31mr11543462pjq.22.1686044519392; Tue, 06 Jun 2023 02:41:59 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1686044519; cv=none; d=google.com; s=arc-20160816; b=zrLqda5QinYJXksXzW/p0bFOdqtSdbQF4gJdasluvseiWpGhk19SSdP57h3INemk5B qPEiR35ywmN1edSxoVFtYDsjGOVz2blpWv4daM6KnLGEA8FAjwT3ewFD/muBudUGcdl2 VTKN+bQhAxQoiIymKUlPzJYm8/zUbt289yxSlupYip0RIzywEgN5sl6VQmFjcB1HsLYY sMI514O5B/7t6V7a86l/plc84SF74AR/ov13I7607kTKfUyp4F+9sEqAMIXhbnNUJeSF wEiDXmNnkynXGROQG4NBob4Now+hjp+THAIh72xAvZzCtpnnz3kXntD6o9fFYNYA7ZdF oukA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:content-transfer-encoding :mime-version:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=1fEHsJ2BPYepLe9lhrzjjRxecXuGuQemDM5Dv68+Bck=; b=ndZn4y/WTjoORhE9zh/5nODMYQPtLH546k+f3Rm8i5dQwdlLntXCZ2GBpknJJKMf3X pIkwRSNsAqm5RUixcwrPdYY4RoDGiwZuVm14jG/dtzOweJqY2QUm77Dbl/edoVZEsX9T BbBCnpJZvsGGv1BDIgwWTgMLz/vuMmXgdfHYmOMXugCf3Lxb4p52AZTBrbOMmMjQX634 ibDf662yWyEnSDWCJSn61s00oXPvc7fHEn9C6YtATudLDTtfDTpHHtjagUX0m0Wc9WfX h8ag4YTmhEKb7B6KzwdZfpa6Bb4hqxssTuf4Fi+k+P+hppvD6lzaMYC3K76glnjs4lF7 CZiw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=kAQZjXnO; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from phobos.denx.de (phobos.denx.de. [2a01:238:438b:c500:173d:9f52:ddab:ee01]) by mx.google.com with ESMTPS id oe3-20020a17090b394300b002567eb9ffd8si9073997pjb.46.2023.06.06.02.41.58 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 06 Jun 2023 02:41:59 -0700 (PDT) Received-SPF: pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) client-ip=2a01:238:438b:c500:173d:9f52:ddab:ee01; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=kAQZjXnO; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 9926885E81; Tue, 6 Jun 2023 11:41:46 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="kAQZjXnO"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id DA3B185EE8; Tue, 6 Jun 2023 11:41:43 +0200 (CEST) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.2 Received: from mail-pf1-x435.google.com (mail-pf1-x435.google.com [IPv6:2607:f8b0:4864:20::435]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id C48D485E51 for ; Tue, 6 Jun 2023 11:41:36 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=masahisa.kojima@linaro.org Received: by mail-pf1-x435.google.com with SMTP id d2e1a72fcca58-64d44b198baso4275688b3a.0 for ; Tue, 06 Jun 2023 02:41:36 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1686044495; x=1688636495; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=1fEHsJ2BPYepLe9lhrzjjRxecXuGuQemDM5Dv68+Bck=; b=kAQZjXnO0GVFv/KmURaJE+VwtbE+8XQivEiqCWnPRML76jfHslwOXFtkBac9NUV5Cj WSLQrHgNATER0t4la2hwYrl1+Qe+p96CONByreJviLHcb8Cl+ppzCegCO/Wop4jmb4s/ rte1BxPWV9FMAD83HeKarUPbaO6ldZHr3SeJtWkR2Gi6dN9tJDbXm8wCVaJ3YZO/3kaQ YpuzKbj6lJ2c1uFlJeoI1PNfnUfLaT6jm9pT5C3xQhTWIZRoIAYlmmxBX++CVo+ffnyA mlZbAbrLl4SUUjSMerxV3msqIvObtvtpwsjkD7PvHagu2h3qXlYYovROLWgUr7bPdw59 yNxw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1686044495; x=1688636495; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=1fEHsJ2BPYepLe9lhrzjjRxecXuGuQemDM5Dv68+Bck=; b=gKYeiQZaY6zLj252t694GkYlt36dUIlAhaITOdaU+/NlNrqH1Pl2R2VGEhildrMTNx 9sXmcuaDbeyI7jF1KyASVhmhSrAhRVWoBeVOtK3t18IJcY2pUdfp4Tjhqlx4tiRRPLSu UKJtWvMTpWYUIJalEmBI6KXqK5wVH4STk/9gaH2G5pazBHjEBr8Tx0TA9MkNYQp4SxUn iFxYCDSbhu6SyyMOlCc8OggZh4nz1BJcv6QQo4oxk1EoahIRjUDxl5S5HGg34Q+6uiXT r6JVRv/bmJfxVsEM1fKaO5cI/HZkL6NRuCKpEUwxkNobP8/YsbunE+Yhq/AiEpG2DEMN CN4w== X-Gm-Message-State: AC+VfDyaB9ijjWdK/Yu4UPWcLjd8WBUNpBl0rZymaAj14lcoHl4IYfQn AJXXUFbP9Y1BjSr9tAI4UWGcBnR7WChK2RRqNolnqg== X-Received: by 2002:a05:6a00:189a:b0:652:a559:b2c5 with SMTP id x26-20020a056a00189a00b00652a559b2c5mr2204423pfh.13.1686044494716; Tue, 06 Jun 2023 02:41:34 -0700 (PDT) Received: from ubuntu-SVE15129CJS.. ([240d:1a:cf7:5800:d3c2:bf07:d08b:b72d]) by smtp.gmail.com with ESMTPSA id u25-20020aa78399000000b00627ed4e23e0sm6542809pfm.101.2023.06.06.02.41.30 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 06 Jun 2023 02:41:34 -0700 (PDT) From: Masahisa Kojima To: u-boot@lists.denx.de Cc: Heinrich Schuchardt , Ilias Apalodimas , Simon Glass , Takahiro Akashi , malte.schmidt-oss@weidmueller.com, Masahisa Kojima , Philipp Tomsich , Kever Yang , "Ying-Chun Liu (PaulLiu)" , Tuomas Tynkkynen , Heiko Thiery , Frieder Schrempf , Michael Walle , Mario Six , Jassi Brar , Patrick Delaunay , Patrice Chotard , Michal Simek , Sughosh Ganu , Etienne Carriere , uboot-stm32@st-md-mailman.stormreply.com (moderated list:STM32MP1 BOARD) Subject: [PATCH v8 01/10] efi_loader: add the number of image entries in efi_capsule_update_info Date: Tue, 6 Jun 2023 18:40:25 +0900 Message-Id: <20230606094035.28990-2-masahisa.kojima@linaro.org> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20230606094035.28990-1-masahisa.kojima@linaro.org> References: <20230606094035.28990-1-masahisa.kojima@linaro.org> MIME-Version: 1.0 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.39 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.8 at phobos.denx.de X-Virus-Status: Clean The number of image array entries global variable is required to support EFI capsule update. This information is exposed as a num_image_type_guids variable, but this information should be included in the efi_capsule_update_info structure. This commit adds the num_images member in the efi_capsule_update_info structure. All board files supporting EFI capsule update are updated. Signed-off-by: Masahisa Kojima Reviewed-by: Ilias Apalodimas --- No update since v6 Newly created in v6 arch/arm/mach-rockchip/board.c | 4 ++-- board/advantech/imx8mp_rsb3720a1/imx8mp_rsb3720a1.c | 2 +- board/compulab/imx8mm-cl-iot-gate/imx8mm-cl-iot-gate.c | 2 +- board/emulation/qemu-arm/qemu-arm.c | 2 +- board/kontron/pitx_imx8m/pitx_imx8m.c | 2 +- board/kontron/sl-mx8mm/sl-mx8mm.c | 2 +- board/kontron/sl28/sl28.c | 2 +- board/rockchip/evb_rk3399/evb-rk3399.c | 2 +- board/sandbox/sandbox.c | 2 +- board/socionext/developerbox/developerbox.c | 2 +- board/st/stm32mp1/stm32mp1.c | 2 +- board/xilinx/common/board.c | 2 +- include/efi_loader.h | 3 ++- lib/efi_loader/efi_firmware.c | 6 +++--- lib/fwu_updates/fwu.c | 2 +- 15 files changed, 19 insertions(+), 18 deletions(-) diff --git a/arch/arm/mach-rockchip/board.c b/arch/arm/mach-rockchip/board.c index f1f70c81d0..8daa74b3eb 100644 --- a/arch/arm/mach-rockchip/board.c +++ b/arch/arm/mach-rockchip/board.c @@ -41,7 +41,7 @@ static bool updatable_image(struct disk_partition *info) uuid_str_to_bin(info->type_guid, image_type_guid.b, UUID_STR_FORMAT_GUID); - for (i = 0; i < num_image_type_guids; i++) { + for (i = 0; i < update_info.num_images; i++) { if (!guidcmp(&fw_images[i].image_type_id, &image_type_guid)) { ret = true; break; @@ -59,7 +59,7 @@ static void set_image_index(struct disk_partition *info, int index) uuid_str_to_bin(info->type_guid, image_type_guid.b, UUID_STR_FORMAT_GUID); - for (i = 0; i < num_image_type_guids; i++) { + for (i = 0; i < update_info.num_images; i++) { if (!guidcmp(&fw_images[i].image_type_id, &image_type_guid)) { fw_images[i].image_index = index; break; diff --git a/board/advantech/imx8mp_rsb3720a1/imx8mp_rsb3720a1.c b/board/advantech/imx8mp_rsb3720a1/imx8mp_rsb3720a1.c index 466174679e..b79a2380aa 100644 --- a/board/advantech/imx8mp_rsb3720a1/imx8mp_rsb3720a1.c +++ b/board/advantech/imx8mp_rsb3720a1/imx8mp_rsb3720a1.c @@ -54,10 +54,10 @@ struct efi_fw_image fw_images[] = { struct efi_capsule_update_info update_info = { .dfu_string = "mmc 2=flash-bin raw 0 0x1B00 mmcpart 1", + .num_images = ARRAY_SIZE(fw_images), .images = fw_images, }; -u8 num_image_type_guids = ARRAY_SIZE(fw_images); #endif /* EFI_HAVE_CAPSULE_SUPPORT */ diff --git a/board/compulab/imx8mm-cl-iot-gate/imx8mm-cl-iot-gate.c b/board/compulab/imx8mm-cl-iot-gate/imx8mm-cl-iot-gate.c index b373e45df9..af070ec315 100644 --- a/board/compulab/imx8mm-cl-iot-gate/imx8mm-cl-iot-gate.c +++ b/board/compulab/imx8mm-cl-iot-gate/imx8mm-cl-iot-gate.c @@ -50,10 +50,10 @@ struct efi_fw_image fw_images[] = { struct efi_capsule_update_info update_info = { .dfu_string = "mmc 2=flash-bin raw 0x42 0x1D00 mmcpart 1", + .num_images = ARRAY_SIZE(fw_images), .images = fw_images, }; -u8 num_image_type_guids = ARRAY_SIZE(fw_images); #endif /* EFI_HAVE_CAPSULE_SUPPORT */ int board_phys_sdram_size(phys_size_t *size) diff --git a/board/emulation/qemu-arm/qemu-arm.c b/board/emulation/qemu-arm/qemu-arm.c index 34ed3e8ae6..dfea0d92a3 100644 --- a/board/emulation/qemu-arm/qemu-arm.c +++ b/board/emulation/qemu-arm/qemu-arm.c @@ -47,10 +47,10 @@ struct efi_fw_image fw_images[] = { }; struct efi_capsule_update_info update_info = { + .num_images = ARRAY_SIZE(fw_images) .images = fw_images, }; -u8 num_image_type_guids = ARRAY_SIZE(fw_images); #endif /* EFI_HAVE_CAPSULE_SUPPORT */ static struct mm_region qemu_arm64_mem_map[] = { diff --git a/board/kontron/pitx_imx8m/pitx_imx8m.c b/board/kontron/pitx_imx8m/pitx_imx8m.c index fcda86bc1b..4548e7c1df 100644 --- a/board/kontron/pitx_imx8m/pitx_imx8m.c +++ b/board/kontron/pitx_imx8m/pitx_imx8m.c @@ -43,10 +43,10 @@ struct efi_fw_image fw_images[] = { struct efi_capsule_update_info update_info = { .dfu_string = "mmc 0=flash-bin raw 0x42 0x1000 mmcpart 1", + .num_images = ARRAY_SIZE(fw_images), .images = fw_images, }; -u8 num_image_type_guids = ARRAY_SIZE(fw_images); #endif /* EFI_HAVE_CAPSULE_SUPPORT */ int board_early_init_f(void) diff --git a/board/kontron/sl-mx8mm/sl-mx8mm.c b/board/kontron/sl-mx8mm/sl-mx8mm.c index 250195694b..ddb509eb66 100644 --- a/board/kontron/sl-mx8mm/sl-mx8mm.c +++ b/board/kontron/sl-mx8mm/sl-mx8mm.c @@ -29,10 +29,10 @@ struct efi_fw_image fw_images[] = { struct efi_capsule_update_info update_info = { .dfu_string = "sf 0:0=flash-bin raw 0x400 0x1f0000", + .num_images = ARRAY_SIZE(fw_images), .images = fw_images, }; -u8 num_image_type_guids = ARRAY_SIZE(fw_images); #endif /* EFI_HAVE_CAPSULE_SUPPORT */ int board_phys_sdram_size(phys_size_t *size) diff --git a/board/kontron/sl28/sl28.c b/board/kontron/sl28/sl28.c index 89948e087f..4ab221c12b 100644 --- a/board/kontron/sl28/sl28.c +++ b/board/kontron/sl28/sl28.c @@ -40,10 +40,10 @@ struct efi_fw_image fw_images[] = { struct efi_capsule_update_info update_info = { .dfu_string = "sf 0:0=u-boot-bin raw 0x210000 0x1d0000;" "u-boot-env raw 0x3e0000 0x20000", + .num_images = ARRAY_SIZE(fw_images), .images = fw_images, }; -u8 num_image_type_guids = ARRAY_SIZE(fw_images); #endif /* EFI_HAVE_CAPSULE_SUPPORT */ int board_early_init_f(void) diff --git a/board/rockchip/evb_rk3399/evb-rk3399.c b/board/rockchip/evb_rk3399/evb-rk3399.c index c99ffdd75e..3c773d0930 100644 --- a/board/rockchip/evb_rk3399/evb-rk3399.c +++ b/board/rockchip/evb_rk3399/evb-rk3399.c @@ -18,10 +18,10 @@ static struct efi_fw_image fw_images[ROCKPI4_UPDATABLE_IMAGES] = {0}; struct efi_capsule_update_info update_info = { + .num_images = ROCKPI4_UPDATABLE_IMAGES, .images = fw_images, }; -u8 num_image_type_guids = ROCKPI4_UPDATABLE_IMAGES; #endif #ifndef CONFIG_SPL_BUILD diff --git a/board/sandbox/sandbox.c b/board/sandbox/sandbox.c index 2e44bdf0df..c7b6cb78ff 100644 --- a/board/sandbox/sandbox.c +++ b/board/sandbox/sandbox.c @@ -67,10 +67,10 @@ struct efi_fw_image fw_images[] = { struct efi_capsule_update_info update_info = { .dfu_string = "sf 0:0=u-boot-bin raw 0x100000 0x50000;" "u-boot-env raw 0x150000 0x200000", + .num_images = ARRAY_SIZE(fw_images), .images = fw_images, }; -u8 num_image_type_guids = ARRAY_SIZE(fw_images); #endif /* EFI_HAVE_CAPSULE_SUPPORT */ #if !CONFIG_IS_ENABLED(OF_PLATDATA) diff --git a/board/socionext/developerbox/developerbox.c b/board/socionext/developerbox/developerbox.c index 16e14d4f7f..d92e1d0962 100644 --- a/board/socionext/developerbox/developerbox.c +++ b/board/socionext/developerbox/developerbox.c @@ -41,10 +41,10 @@ struct efi_capsule_update_info update_info = { .dfu_string = "mtd nor1=u-boot.bin raw 200000 100000;" "fip.bin raw 180000 78000;" "optee.bin raw 500000 100000", + .num_images = ARRAY_SIZE(fw_images), .images = fw_images, }; -u8 num_image_type_guids = ARRAY_SIZE(fw_images); #endif /* EFI_HAVE_CAPSULE_SUPPORT */ static struct mm_region sc2a11_mem_map[] = { diff --git a/board/st/stm32mp1/stm32mp1.c b/board/st/stm32mp1/stm32mp1.c index 1a1b1844c8..5b28ccd32e 100644 --- a/board/st/stm32mp1/stm32mp1.c +++ b/board/st/stm32mp1/stm32mp1.c @@ -92,10 +92,10 @@ struct efi_fw_image fw_images[1]; struct efi_capsule_update_info update_info = { + .num_images = ARRAY_SIZE(fw_images), .images = fw_images, }; -u8 num_image_type_guids = ARRAY_SIZE(fw_images); #endif /* EFI_HAVE_CAPSULE_SUPPORT */ int board_early_init_f(void) diff --git a/board/xilinx/common/board.c b/board/xilinx/common/board.c index d071ebfb9c..0328d68e75 100644 --- a/board/xilinx/common/board.c +++ b/board/xilinx/common/board.c @@ -52,10 +52,10 @@ struct efi_fw_image fw_images[] = { }; struct efi_capsule_update_info update_info = { + .num_images = ARRAY_SIZE(fw_images), .images = fw_images, }; -u8 num_image_type_guids = ARRAY_SIZE(fw_images); #endif /* EFI_HAVE_CAPSULE_SUPPORT */ #define EEPROM_HEADER_MAGIC 0xdaaddeed diff --git a/include/efi_loader.h b/include/efi_loader.h index b395eef9e7..941d63467c 100644 --- a/include/efi_loader.h +++ b/include/efi_loader.h @@ -1078,15 +1078,16 @@ struct efi_fw_image { * platforms which enable capsule updates * * @dfu_string: String used to populate dfu_alt_info + * @num_images: The number of images array entries * @images: Pointer to an array of updatable images */ struct efi_capsule_update_info { const char *dfu_string; + int num_images; struct efi_fw_image *images; }; extern struct efi_capsule_update_info update_info; -extern u8 num_image_type_guids; /** * Install the ESRT system table. diff --git a/lib/efi_loader/efi_firmware.c b/lib/efi_loader/efi_firmware.c index 93e2b01c07..cc650e1443 100644 --- a/lib/efi_loader/efi_firmware.c +++ b/lib/efi_loader/efi_firmware.c @@ -131,7 +131,7 @@ static efi_status_t efi_fill_image_desc_array( struct efi_fw_image *fw_array; int i; - total_size = sizeof(*image_info) * num_image_type_guids; + total_size = sizeof(*image_info) * update_info.num_images; if (*image_info_size < total_size) { *image_info_size = total_size; @@ -141,13 +141,13 @@ static efi_status_t efi_fill_image_desc_array( *image_info_size = total_size; fw_array = update_info.images; - *descriptor_count = num_image_type_guids; + *descriptor_count = update_info.num_images; *descriptor_version = EFI_FIRMWARE_IMAGE_DESCRIPTOR_VERSION; *descriptor_size = sizeof(*image_info); *package_version = 0xffffffff; /* not supported */ *package_version_name = NULL; /* not supported */ - for (i = 0; i < num_image_type_guids; i++) { + for (i = 0; i < update_info.num_images; i++) { image_info[i].image_index = fw_array[i].image_index; image_info[i].image_type_id = fw_array[i].image_type_id; image_info[i].image_id = fw_array[i].image_index; diff --git a/lib/fwu_updates/fwu.c b/lib/fwu_updates/fwu.c index 5313d07302..3b1785e7b1 100644 --- a/lib/fwu_updates/fwu.c +++ b/lib/fwu_updates/fwu.c @@ -151,7 +151,7 @@ static int fwu_get_image_type_id(u8 *image_index, efi_guid_t *image_type_id) index = *image_index; image = update_info.images; - for (i = 0; i < num_image_type_guids; i++) { + for (i = 0; i < update_info.num_images; i++) { if (index == image[i].image_index) { guidcpy(image_type_id, &image[i].image_type_id); return 0; From patchwork Tue Jun 6 09:40:26 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Masahisa Kojima X-Patchwork-Id: 689686 Delivered-To: patch@linaro.org Received: by 2002:a5d:4d8a:0:0:0:0:0 with SMTP id b10csp2537689wru; Tue, 6 Jun 2023 02:42:15 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ55j+AATGQhJL1sJSgXqlSDI7TNZyRB/GAiO47iZGZsodOak2qWIP5MSGxbhgmWm4tXG5bF X-Received: by 2002:a05:6a20:7290:b0:104:28d6:5db3 with SMTP id o16-20020a056a20729000b0010428d65db3mr11522080pzk.29.1686044534752; Tue, 06 Jun 2023 02:42:14 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1686044534; cv=none; d=google.com; s=arc-20160816; b=pS93pZ7IrkhK5B5+sXyvq8lFHDzk3LGWUP+JSWQ2hO/SuZ2WIx3rPtx+4x4XmwfFGB VIj7aZQoodfSGpy6/MB/pfDG4874tyS2kBVtboQuGwtn1KDsAK55q+pI7yVTWme6qkE9 mHuYIvjNIg1oLgZ0Bqc81dIexA+mEcGjD93Xv8CmMTAT8bIq6iucGy0Uy4YFHpmR7N9Y 0hRD2eQf0zNXGLcj0Hsw85d6vx3mJqPQJWAnsI1W2Ob7cbAh/47M7SkxDwHmbZ3Y38vG hEOMfH3S4OLmYMDwAOHY8DyTUqNqJrodO4NBSY1I1cn9D0YmSzDabRqkA7eAPcOdJfZ6 e0Ig== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:content-transfer-encoding :mime-version:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=2IN70eFeXz6Q9vM6tLv2AIX/QWqaoAmtJxNzK9zzo68=; b=BB/SPKwt31aH2TkM1CO42l6uYxkjcZDOjetL0YeMCkrn2IiCw/Ju071Db8Lviev0Ub VuRHvTQ1bvU5IfaAuPt5L6a/y1/Os0X4cvDSIGogCyeB7+0qsbF9r1nuX6B+7ILGAzSx Rgg+hmEP/eZnq+YMlZSxi0XWIBrqJZBBMFgirzzl0WjN518Q3ijYrUnAICKDPQuOxQTc YRrfrNbL4VmjsHPgOCoV9/C6Pj41JJjTaDEcyPhbO2ngITksedp1+b5aiT34dmhQztAD AK9NUGH9IpacrLshnNJexiAsMybP+asBRRVNB/Mt/gQPABisxff+uVALOhKmQsyrR5De +A5Q== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=qVf8kVLY; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 85.214.62.61 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from phobos.denx.de (phobos.denx.de. [85.214.62.61]) by mx.google.com with ESMTPS id 69-20020a630048000000b005348885119asi7227541pga.523.2023.06.06.02.42.13 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 06 Jun 2023 02:42:14 -0700 (PDT) Received-SPF: pass (google.com: domain of u-boot-bounces@lists.denx.de designates 85.214.62.61 as permitted sender) client-ip=85.214.62.61; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=qVf8kVLY; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 85.214.62.61 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 6F25185F2B; Tue, 6 Jun 2023 11:41:49 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="qVf8kVLY"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id 6B13F85E51; Tue, 6 Jun 2023 11:41:45 +0200 (CEST) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.2 Received: from mail-pf1-x432.google.com (mail-pf1-x432.google.com [IPv6:2607:f8b0:4864:20::432]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id 848FD85E81 for ; Tue, 6 Jun 2023 11:41:39 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=masahisa.kojima@linaro.org Received: by mail-pf1-x432.google.com with SMTP id d2e1a72fcca58-64d57cd373fso4997080b3a.1 for ; Tue, 06 Jun 2023 02:41:39 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1686044497; x=1688636497; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=2IN70eFeXz6Q9vM6tLv2AIX/QWqaoAmtJxNzK9zzo68=; b=qVf8kVLYmW8PHAYuin3mh7jSW9Glw7Vszf3haL40llTOgXvWARjtB/Eyu2vb4w9l08 6/Red4n5B2hCvQUY79n+okomZww7PE07mc/BSTCtTZecMdSZ1m6YeXBmpsefPnIQaiDB XgKTF8h11WlQGsYosUShzxSzbtEaqtE1K5VybhxUV8/Wv9O6UKGS73gn8Jjo7l41WrR1 3LZHMm8GEekUcjmd89cdlEXnsO78lR+yPAp8s2qzJeZ1RkrLbZWLJ2wLt+aGvsgxY/6n /DEB/ialyX9eUftP8Un2JCx55qc28vYfPTwmAk3d6vHXer65uomYbL6Jf5H7h1M79/95 9YPg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1686044497; x=1688636497; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=2IN70eFeXz6Q9vM6tLv2AIX/QWqaoAmtJxNzK9zzo68=; b=M0s7dZt8upTv9aHsmqKAFBDtoCfiN9nKum4lpkVG4/cLpDkLaoZp1qo1C6UHBZKoRr v/E3hYIUuNbmOQwyPu9uBmYKcy6TiA1jVXDc+9RfIC9UfLn0E3SLMyM7NJcQpiSbnbsP Ui/zQJ7eKEJyoAYAKRl0zdmbciHffURgLmYZAqoa1OO4ajzXAL0fxK37oP7y75A2EP/v bKXRg7QuWjw3Y7eRzd73xy/b++k3lG95tvBV+OCWarpQJF7j/trjNHJESHLkumJhK8WV mfFoTaApPToxmNn0R/JwXU1rI0TNOh8XkVqO9ue6JD+juNlEqAN1hZkPSfjIrJQL+TrQ qMHA== X-Gm-Message-State: AC+VfDzg9toHpEoTy79Lldfe2iqGdpRwOZ8Pl3xhx6vfyte7zlGXJhYG yd/krt6IcJyU/C/ctSCZ0fX10dzb76rakhpdQ00= X-Received: by 2002:a05:6a20:258b:b0:110:f66c:a0e1 with SMTP id k11-20020a056a20258b00b00110f66ca0e1mr1996870pzd.14.1686044497580; Tue, 06 Jun 2023 02:41:37 -0700 (PDT) Received: from ubuntu-SVE15129CJS.. ([240d:1a:cf7:5800:d3c2:bf07:d08b:b72d]) by smtp.gmail.com with ESMTPSA id u25-20020aa78399000000b00627ed4e23e0sm6542809pfm.101.2023.06.06.02.41.35 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 06 Jun 2023 02:41:37 -0700 (PDT) From: Masahisa Kojima To: u-boot@lists.denx.de Cc: Heinrich Schuchardt , Ilias Apalodimas , Simon Glass , Takahiro Akashi , malte.schmidt-oss@weidmueller.com, Masahisa Kojima Subject: [PATCH v8 02/10] efi_loader: store firmware version into FmpState variable Date: Tue, 6 Jun 2023 18:40:26 +0900 Message-Id: <20230606094035.28990-3-masahisa.kojima@linaro.org> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20230606094035.28990-1-masahisa.kojima@linaro.org> References: <20230606094035.28990-1-masahisa.kojima@linaro.org> MIME-Version: 1.0 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.39 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.8 at phobos.denx.de X-Virus-Status: Clean Firmware version management is not implemented in the current FMP protocol. EDK II reference implementation capsule generation script inserts the FMP Payload Header right before the payload, FMP Payload Header contains the firmware version and lowest supported version. This commit utilizes the FMP Payload Header, reads the header and stores the firmware version into "FmpStateXXXX" EFI non-volatile variable. XXXX indicates the image index, since FMP protocol handles multiple image indexes. Note that lowest supported version included in the FMP Payload Header is not used. If the platform uses file-based EFI variable storage, it can be tampered. The file-based EFI variable storage is not the right place to store the lowest supported version for anti-rollback protection. This change is compatible with the existing FMP implementation. This change does not mandate the FMP Payload Header. If no FMP Payload Header is found in the capsule file, fw_version, lowest supported version, last attempt version and last attempt status is 0 and this is the same behavior as existing FMP implementation. Signed-off-by: Masahisa Kojima --- No update since v7 Changes in v7: - simplify efi_firmware_get_fw_version() function Changed in v6: - only store the fw_version in the FmpState EFI variable Changes in v4: - move lines that are the same in both branches out of the if statement - s/EDK2/EDK II/ - create print result function - set last_attempt_version when capsule authentication failed - use log_err() instead of printf() Changes in v3: - exclude CONFIG_FWU_MULTI_BANK_UPDATE case - set image_type_id as a vendor field of FmpStateXXXX variable - set READ_ONLY flag for FmpStateXXXX variable - add error code for FIT image case Changes in v2: - modify indent lib/efi_loader/efi_firmware.c | 164 ++++++++++++++++++++++++++++++---- 1 file changed, 145 insertions(+), 19 deletions(-) diff --git a/lib/efi_loader/efi_firmware.c b/lib/efi_loader/efi_firmware.c index cc650e1443..a798d380a3 100644 --- a/lib/efi_loader/efi_firmware.c +++ b/lib/efi_loader/efi_firmware.c @@ -10,6 +10,7 @@ #include #include #include +#include #include #include #include @@ -36,11 +37,52 @@ struct fmp_payload_header { u32 lowest_supported_version; }; +/** + * struct fmp_state - fmp firmware update state + * + * This structure describes the state of the firmware update + * through FMP protocol. + * + * @fw_version: Firmware versions used + * @lowest_supported_version: Lowest supported version + * @last_attempt_version: Last attempt version + * @last_attempt_status: Last attempt status + */ +struct fmp_state { + u32 fw_version; + u32 lowest_supported_version; /* not used */ + u32 last_attempt_version; /* not used */ + u32 last_attempt_status; /* not used */ +}; + __weak void set_dfu_alt_info(char *interface, char *devstr) { env_set("dfu_alt_info", update_info.dfu_string); } +/** + * efi_firmware_get_image_type_id - get image_type_id + * @image_index: image index + * + * Return the image_type_id identified by the image index. + * + * Return: pointer to the image_type_id, NULL if image_index is invalid + */ +static +efi_guid_t *efi_firmware_get_image_type_id(u8 image_index) +{ + int i; + struct efi_fw_image *fw_array; + + fw_array = update_info.images; + for (i = 0; i < update_info.num_images; i++) { + if (fw_array[i].image_index == image_index) + return &fw_array[i].image_type_id; + } + + return NULL; +} + /* Place holder; not supported */ static efi_status_t EFIAPI efi_firmware_get_image_unsupported( @@ -194,8 +236,6 @@ efi_status_t efi_firmware_capsule_authenticate(const void **p_image, { const void *image = *p_image; efi_uintn_t image_size = *p_image_size; - u32 fmp_hdr_signature; - struct fmp_payload_header *header; void *capsule_payload; efi_status_t status; efi_uintn_t capsule_payload_size; @@ -222,26 +262,104 @@ efi_status_t efi_firmware_capsule_authenticate(const void **p_image, debug("Updating capsule without authenticating.\n"); } - fmp_hdr_signature = FMP_PAYLOAD_HDR_SIGNATURE; - header = (void *)image; - - if (!memcmp(&header->signature, &fmp_hdr_signature, - sizeof(fmp_hdr_signature))) { - /* - * When building the capsule with the scripts in - * edk2, a FMP header is inserted above the capsule - * payload. Compensate for this header to get the - * actual payload that is to be updated. - */ - image += header->header_size; - image_size -= header->header_size; - } - *p_image = image; *p_image_size = image_size; return EFI_SUCCESS; } +/** + * efi_firmware_set_fmp_state_var - set FmpStateXXXX variable + * @state: Pointer to fmp state + * @image_index: image index + * + * Update the FmpStateXXXX variable with the firmware update state. + * + * Return: status code + */ +static +efi_status_t efi_firmware_set_fmp_state_var(struct fmp_state *state, u8 image_index) +{ + u16 varname[13]; /* u"FmpStateXXXX" */ + efi_status_t ret; + efi_guid_t *image_type_id; + struct fmp_state var_state = { 0 }; + + image_type_id = efi_firmware_get_image_type_id(image_index); + if (!image_type_id) + return EFI_INVALID_PARAMETER; + + efi_create_indexed_name(varname, sizeof(varname), "FmpState", + image_index); + + /* + * Only the fw_version is set here. + * lowest_supported_version in FmpState variable is ignored since + * it can be tampered if the file based EFI variable storage is used. + */ + var_state.fw_version = state->fw_version; + + ret = efi_set_variable_int(varname, image_type_id, + EFI_VARIABLE_READ_ONLY | + EFI_VARIABLE_NON_VOLATILE | + EFI_VARIABLE_BOOTSERVICE_ACCESS | + EFI_VARIABLE_RUNTIME_ACCESS, + sizeof(var_state), &var_state, false); + + return ret; +} + +/** + * efi_firmware_get_fw_version - get fw_version from FMP payload header + * @p_image: Pointer to new image + * @p_image_size: Pointer to size of new image + * @state: Pointer to fmp state + * + * Parse the FMP payload header and fill the fmp_state structure. + * If no FMP payload header is found, fmp_state structure is not updated. + * + */ +static void efi_firmware_get_fw_version(const void **p_image, + efi_uintn_t *p_image_size, + struct fmp_state *state) +{ + const struct fmp_payload_header *header; + u32 fmp_hdr_signature = FMP_PAYLOAD_HDR_SIGNATURE; + + header = *p_image; + if (header->signature == fmp_hdr_signature) { + /* FMP header is inserted above the capsule payload */ + state->fw_version = header->fw_version; + + *p_image += header->header_size; + *p_image_size -= header->header_size; + } +} + +/** + * efi_firmware_verify_image - verify image + * @p_image: Pointer to new image + * @p_image_size: Pointer to size of new image + * @image_index: Image index + * @state: Pointer to fmp state + * + * Verify the capsule file + * + * Return: status code + */ +static +efi_status_t efi_firmware_verify_image(const void **p_image, + efi_uintn_t *p_image_size, + u8 image_index, + struct fmp_state *state) +{ + efi_status_t ret; + + ret = efi_firmware_capsule_authenticate(p_image, p_image_size); + efi_firmware_get_fw_version(p_image, p_image_size, state); + + return ret; +} + /** * efi_firmware_get_image_info - return information about the current * firmware image @@ -331,6 +449,7 @@ efi_status_t EFIAPI efi_firmware_fit_set_image( u16 **abort_reason) { efi_status_t status; + struct fmp_state state = { 0 }; EFI_ENTRY("%p %d %p %zu %p %p %p\n", this, image_index, image, image_size, vendor_code, progress, abort_reason); @@ -338,13 +457,16 @@ efi_status_t EFIAPI efi_firmware_fit_set_image( if (!image || image_index != 1) return EFI_EXIT(EFI_INVALID_PARAMETER); - status = efi_firmware_capsule_authenticate(&image, &image_size); + status = efi_firmware_verify_image(&image, &image_size, image_index, + &state); if (status != EFI_SUCCESS) return EFI_EXIT(status); if (fit_update(image)) return EFI_EXIT(EFI_DEVICE_ERROR); + efi_firmware_set_fmp_state_var(&state, image_index); + return EFI_EXIT(EFI_SUCCESS); } @@ -392,6 +514,7 @@ efi_status_t EFIAPI efi_firmware_raw_set_image( { int ret; efi_status_t status; + struct fmp_state state = { 0 }; EFI_ENTRY("%p %d %p %zu %p %p %p\n", this, image_index, image, image_size, vendor_code, progress, abort_reason); @@ -399,7 +522,8 @@ efi_status_t EFIAPI efi_firmware_raw_set_image( if (!image) return EFI_EXIT(EFI_INVALID_PARAMETER); - status = efi_firmware_capsule_authenticate(&image, &image_size); + status = efi_firmware_verify_image(&image, &image_size, image_index, + &state); if (status != EFI_SUCCESS) return EFI_EXIT(status); @@ -419,6 +543,8 @@ efi_status_t EFIAPI efi_firmware_raw_set_image( NULL, NULL)) return EFI_EXIT(EFI_DEVICE_ERROR); + efi_firmware_set_fmp_state_var(&state, image_index); + return EFI_EXIT(EFI_SUCCESS); } From patchwork Tue Jun 6 09:40:27 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Masahisa Kojima X-Patchwork-Id: 689687 Delivered-To: patch@linaro.org Received: by 2002:a5d:4d8a:0:0:0:0:0 with SMTP id b10csp2537787wru; Tue, 6 Jun 2023 02:42:30 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ78UQBlNtqy4GLVY+Rcx5laLpyvxXAjo55xLOVUFh+ovT9KpZ22u+fjO9Qmq5owqpcyehkK X-Received: by 2002:a05:6a00:1a0e:b0:651:cd9d:7dd7 with SMTP id g14-20020a056a001a0e00b00651cd9d7dd7mr1772652pfv.15.1686044550482; Tue, 06 Jun 2023 02:42:30 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1686044550; cv=none; d=google.com; s=arc-20160816; b=sE0rrDAfvfhebgs8fHYzwUZQ/icRNYU3Ku/fS2fdPVY1KDx456cwxCwdXehkFAYdWP 7gAMGQvyV5y3nKX6anWieZuhHmwIwDWDLble2ihAsZPL8d2Vs60tbIMR8BVgyg0uBK9t AI7ZPv4ssh2/L1PvgnuErCrXnPXbKrMt9DAz7blmu5Tj35vQYeG80F1H8OpWYuaxO1Hh 3AlF3ORChl7DxWXO6G/D+Mxi+dB8OdGVlrXyCKnJELfF6PeVriVlXwZs39yUSXErtd3B Jw7TToDP/H5+DgddXK9IUQJAd1cvRmAu2Pg2T1ecyAZbk9CCQ706IrBQeJJVp6zfyrXD BgEA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:content-transfer-encoding :mime-version:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=n0Z04dWPgPckxWdjfSL17/6m3hBT++D2uJu2TYzne6g=; b=LTcQD4DwhN97QN3czdvdhy2I6dSvLRHA1wiNqAhhhUZbTevpwbvTc4Tq3IYNhitE+W T8S966rboVQDGAqXOv7vm/9P3Xj4snGiMOqc4MAbUHVFOCZ4Zp/LpzmRqjgSvgWSzr8J PKpJIu+xH2Bhb4ngV+Y49Hs1dalpGudia2MXfhBx4m0PIPQYUBjIlqvGfsYyEaqjF8lt 4CTCxh/eUJe7gWm4Us1muh3rQO5yNfm5PgjgGqvoK0wILQtSQbvpxjCdcEWbjqW151Ow 7psknX8T02JKKMlg/wiQZo9AT2R0s1eloHqqDHhnMdsp91cymnoL4Ktlnjf8/MeaCby9 mQKQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=QA8e2bV2; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 85.214.62.61 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from phobos.denx.de (phobos.denx.de. [85.214.62.61]) by mx.google.com with ESMTPS id d18-20020aa797b2000000b00653a59e83b3si6336235pfq.70.2023.06.06.02.42.29 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 06 Jun 2023 02:42:30 -0700 (PDT) Received-SPF: pass (google.com: domain of u-boot-bounces@lists.denx.de designates 85.214.62.61 as permitted sender) client-ip=85.214.62.61; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=QA8e2bV2; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 85.214.62.61 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 2079E85F29; Tue, 6 Jun 2023 11:41:53 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="QA8e2bV2"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id 9FF9485F4F; Tue, 6 Jun 2023 11:41:49 +0200 (CEST) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.2 Received: from mail-pf1-x430.google.com (mail-pf1-x430.google.com [IPv6:2607:f8b0:4864:20::430]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id 8097585EE7 for ; Tue, 6 Jun 2023 11:41:42 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=masahisa.kojima@linaro.org Received: by mail-pf1-x430.google.com with SMTP id d2e1a72fcca58-6549df4321aso3318144b3a.2 for ; Tue, 06 Jun 2023 02:41:42 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1686044500; x=1688636500; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=n0Z04dWPgPckxWdjfSL17/6m3hBT++D2uJu2TYzne6g=; b=QA8e2bV2WrD4E1IKvmCFIB9zczLuxbpusafa8B+CRCwjGP9K70Gt4LtPG8ML3oVVWG SNeKeuT956c034dGVLWJVY1mpN+ZbqjuZTcGYoggCvjM/7LdS741w99R+86izxrJKQIX QIJMj8PlvkVSwrFUm7+BmyFQV6LDP2ZQSUFuJkop7XYptgPaQqFK65E7DGYvP6Wq0yyX lnIVLlD9GMNhJ1VelN+BRF+HDJ5i5ipGwHyW6a5e+4w4QRzZVHsWJfjuT9s36ONK7RQB gwuNwwWjZsO21G+8NtVDfPONitb2wZaZjxxr6YPkDgHSIVna5+XaOmpRpJAfFOwSavLW 63Lw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1686044500; x=1688636500; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=n0Z04dWPgPckxWdjfSL17/6m3hBT++D2uJu2TYzne6g=; b=lbnmnQw14ctkUTqQ6c+D8Kd4B9nBcRZzlb2Kwb49lDdUSGuXk8y7/t6VdwjA2SkMeZ mxMDgDBzxqJOPepQ6ehhEHrh+31hjzaoZTw9agXOS1iRc0fhJp5CmIQp/9WsRPG9P17J iIOUBN5tH98cvefXv01XZHCN5c4ycGlS+m0EE/nDwfTt8BRs6Y3nOTBAgp/Rd/foj10s JoRg4KnmuBOsqERvnL1WpMkCVbIydmbdN5qS6w7arFZ8nFjh3qNkwijkR0kNt7GuhR80 s1YBR3JL7XV6aahdSUxKioi8Hxhhyta7rxhP4hByDFa0oQ/ovSWevaV+h+eXpoFZUTve lw4A== X-Gm-Message-State: AC+VfDzsdBaDDBQWM872hQXO5IlS2GiH+yRsvzXib12ueRwmXqYv6Phk Tt51rXH7d6mmNjI1btdwHmFZ6h83gWdRBP69Qg8= X-Received: by 2002:a05:6a00:842:b0:658:f86f:b18e with SMTP id q2-20020a056a00084200b00658f86fb18emr1938622pfk.22.1686044500462; Tue, 06 Jun 2023 02:41:40 -0700 (PDT) Received: from ubuntu-SVE15129CJS.. ([240d:1a:cf7:5800:d3c2:bf07:d08b:b72d]) by smtp.gmail.com with ESMTPSA id u25-20020aa78399000000b00627ed4e23e0sm6542809pfm.101.2023.06.06.02.41.38 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 06 Jun 2023 02:41:39 -0700 (PDT) From: Masahisa Kojima To: u-boot@lists.denx.de Cc: Heinrich Schuchardt , Ilias Apalodimas , Simon Glass , Takahiro Akashi , malte.schmidt-oss@weidmueller.com, Masahisa Kojima Subject: [PATCH v8 03/10] efi_loader: versioning support in GetImageInfo Date: Tue, 6 Jun 2023 18:40:27 +0900 Message-Id: <20230606094035.28990-4-masahisa.kojima@linaro.org> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20230606094035.28990-1-masahisa.kojima@linaro.org> References: <20230606094035.28990-1-masahisa.kojima@linaro.org> MIME-Version: 1.0 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.39 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.8 at phobos.denx.de X-Virus-Status: Clean Current FMP->GetImageInfo() always return 0 for the firmware version, user can not identify which firmware version is currently running through the EFI interface. This commit reads the "FmpStateXXXX" EFI variable, then fills the firmware version in FMP->GetImageInfo(). Now FMP->GetImageInfo() and ESRT have the meaningful version number. Signed-off-by: Masahisa Kojima Reviewed-by: Ilias Apalodimas --- No update since v6 Changes in v6: - create function to fill the version information lib/efi_loader/efi_firmware.c | 41 ++++++++++++++++++++++++++++++----- 1 file changed, 35 insertions(+), 6 deletions(-) diff --git a/lib/efi_loader/efi_firmware.c b/lib/efi_loader/efi_firmware.c index a798d380a3..5b71a2fcc9 100644 --- a/lib/efi_loader/efi_firmware.c +++ b/lib/efi_loader/efi_firmware.c @@ -144,6 +144,39 @@ efi_status_t EFIAPI efi_firmware_set_package_info_unsupported( return EFI_EXIT(EFI_UNSUPPORTED); } +/** + * efi_firmware_fill_version_info - fill the version information + * @image_info: Image information + * @fw_array: Pointer to size of new image + * + * Fill the version information into image_info strucrure. + * + */ +static +void efi_firmware_fill_version_info(struct efi_firmware_image_descriptor *image_info, + struct efi_fw_image *fw_array) +{ + u16 varname[13]; /* u"FmpStateXXXX" */ + efi_status_t ret; + efi_uintn_t size; + struct fmp_state var_state = { 0 }; + + efi_create_indexed_name(varname, sizeof(varname), "FmpState", + fw_array->image_index); + size = sizeof(var_state); + ret = efi_get_variable_int(varname, &fw_array->image_type_id, + NULL, &size, &var_state, NULL); + if (ret == EFI_SUCCESS) + image_info->version = var_state.fw_version; + else + image_info->version = 0; + + image_info->version_name = NULL; /* not supported */ + image_info->lowest_supported_image_version = 0; + image_info->last_attempt_version = 0; + image_info->last_attempt_status = LAST_ATTEMPT_STATUS_SUCCESS; +} + /** * efi_fill_image_desc_array - populate image descriptor array * @image_info_size: Size of @image_info @@ -193,11 +226,10 @@ static efi_status_t efi_fill_image_desc_array( image_info[i].image_index = fw_array[i].image_index; image_info[i].image_type_id = fw_array[i].image_type_id; image_info[i].image_id = fw_array[i].image_index; - image_info[i].image_id_name = fw_array[i].fw_name; - image_info[i].version = 0; /* not supported */ - image_info[i].version_name = NULL; /* not supported */ + efi_firmware_fill_version_info(&image_info[i], &fw_array[i]); + image_info[i].size = 0; image_info[i].attributes_supported = IMAGE_ATTRIBUTE_IMAGE_UPDATABLE | @@ -210,9 +242,6 @@ static efi_status_t efi_fill_image_desc_array( image_info[0].attributes_setting |= IMAGE_ATTRIBUTE_AUTHENTICATION_REQUIRED; - image_info[i].lowest_supported_image_version = 0; - image_info[i].last_attempt_version = 0; - image_info[i].last_attempt_status = LAST_ATTEMPT_STATUS_SUCCESS; image_info[i].hardware_instance = 1; image_info[i].dependencies = NULL; } From patchwork Tue Jun 6 09:40:28 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Masahisa Kojima X-Patchwork-Id: 689688 Delivered-To: patch@linaro.org Received: by 2002:a5d:4d8a:0:0:0:0:0 with SMTP id b10csp2537883wru; Tue, 6 Jun 2023 02:42:53 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ7bXW8tnMyW2xY60rN8MfOQrcQnRUuzhurkiK4GwEKVr3Qy4akX8VEaPe9lQ9OmsLqCjCGC X-Received: by 2002:a17:902:760d:b0:1b1:862b:cdbb with SMTP id k13-20020a170902760d00b001b1862bcdbbmr500516pll.20.1686044573311; Tue, 06 Jun 2023 02:42:53 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1686044573; cv=none; d=google.com; s=arc-20160816; b=bVLDJuvSJBIIsyIvuaHFBuq4Ad4NE7kUlBSvHAYsdq6vy3O4Z4xS8ZVL0KS+2g6h8c TI+tOCZ1VmTPL8itqkrwi4Gu1spdEj7CVGK5YC317VQwqi8TqiWcuWcEB05j55aGwtIQ gkljDGr0bBkC+TOA0q9kpSPe1nElN1nHmxAg0zUdQ0171n7XcGQQS8NfjSCp2JOnGGbo krsvx0KAN1Bdt0tNUyagBFt0M6oe97SbKZUgIQpuIhnlcXHLHaZvkE/KtIogzQo9CFNT JVImcbM6Is259j13m8tpurCBpKLqV8ncT1AkSphmUPMrOZmdD3TTpR3zaXdVXSoEMOym ncVw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:content-transfer-encoding :mime-version:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=zHNH1e3DvXkdHTV1G1nA6dtwhOQUMXNT/LMvyWH6ix0=; b=CflX0yJqASLhW0SjYkG5uBYc4kYeyWkxSPAqJhJOX1ek6/lg0drj2/STFZ+mSVaP/Q Vs01+KPA1284Xs7HMXV1LYPZCicQlibhA9tUnPjxJsP7p5t5BLm4bhztsvtMquvzfUG7 VlO5/FkWHUlsH99DjQ+QA0WnjidTtNCFpQiLM1QyHO68Sf5GHyU/ungo9F0SZOI98RRf 3MYeIi2y4P/dQ/9hCt3NDDisSykNF5OJZ/Vfu1skQwp1s5MO1Gx/UjE2hspa45VNpySA mRMvrziVJBO6FAbD3/t5nxM9Af3t2vkq4rVOKLa5jq1kr3B0nj7PxtdQoFTLU+u8d0OD xX8g== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=B0aHKzdX; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from phobos.denx.de (phobos.denx.de. [2a01:238:438b:c500:173d:9f52:ddab:ee01]) by mx.google.com with ESMTPS id n1-20020a170902dc8100b001add3e4ee84si6941106pld.132.2023.06.06.02.42.52 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 06 Jun 2023 02:42:53 -0700 (PDT) Received-SPF: pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) client-ip=2a01:238:438b:c500:173d:9f52:ddab:ee01; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=B0aHKzdX; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 8F27785E7D; Tue, 6 Jun 2023 11:41:57 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="B0aHKzdX"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id C439185F3D; Tue, 6 Jun 2023 11:41:50 +0200 (CEST) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.2 Received: from mail-oi1-x22d.google.com (mail-oi1-x22d.google.com [IPv6:2607:f8b0:4864:20::22d]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id BBE5C85DE2 for ; Tue, 6 Jun 2023 11:41:45 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=masahisa.kojima@linaro.org Received: by mail-oi1-x22d.google.com with SMTP id 5614622812f47-39c503bc770so224204b6e.0 for ; Tue, 06 Jun 2023 02:41:45 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1686044504; x=1688636504; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=zHNH1e3DvXkdHTV1G1nA6dtwhOQUMXNT/LMvyWH6ix0=; b=B0aHKzdXj1a+all4kqFROghElIAzSK7O5ezR4pcGZhoY1tgzGpJo/UDwvM041J//pZ qIRj+VaDBi2sYSHYSz3GYDaUVCi7oYM/Rkd/gMo4xntCsh6DPPPoIhALgzIDzrqCiByD 3S5B6E5dTbJZHL9HX0qeRUyf9Pm8TbJI30gkOYNUKpc6ZHiIvQ4FiMOb4Wb8kTvZL1v+ utWqUM5meDf+UJj3l00Wnu0mcUMzYcvT4J5K3Hp4/QTbvu+CW0YavfNIqNUpFH/sir4Q 8O5JJ2pvehDnykC6LQs6Ir9frr8sUwKD/5p0hmGvEadSgTEMQvEdHK0lz+QpXwqn1Erh 1C/A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1686044504; x=1688636504; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=zHNH1e3DvXkdHTV1G1nA6dtwhOQUMXNT/LMvyWH6ix0=; b=bhk925K3vTb7ojY52BU5eByQqr+Q6Bb+pI5h5OOf57l/huJ5NdU8miy+Y1lzMSBIin RxGwB9Ky89fusxvs21l4T2nOTq0BVdmzL/gkJlSYlt2aH2BjAdcW1XbXeF1FZAGZLNsL kacYR+wY3aOQpkteqntQehvXC/JHJ+K0PkQUNVxpG+EtKqvLkyDfgaDXed02poz1V9l/ 6yi2MicNm9PB+7wKA0uTzys4bdlxLCGUMRKi9oL68pXbR2kSKzb2xcuI/FzzyzMr1ZAW yfH9luJBiIFLSJys5OfvLTs0+nEmbEU8HV33gVbMEc6Lx674LzEG5HuCr9tmoJTPuO3h BN3Q== X-Gm-Message-State: AC+VfDx9K1g83uiZ56mSAf09FbkO+lLS08fpiT/MnZ8NZeH9RDCjfowv 6yi+zkgBZKLWiDE6SYaLQrclNkGSrYu8djTStFw= X-Received: by 2002:aca:1011:0:b0:38c:c177:a6bb with SMTP id 17-20020aca1011000000b0038cc177a6bbmr1788633oiq.23.1686044503960; Tue, 06 Jun 2023 02:41:43 -0700 (PDT) Received: from ubuntu-SVE15129CJS.. ([240d:1a:cf7:5800:d3c2:bf07:d08b:b72d]) by smtp.gmail.com with ESMTPSA id u25-20020aa78399000000b00627ed4e23e0sm6542809pfm.101.2023.06.06.02.41.42 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 06 Jun 2023 02:41:43 -0700 (PDT) From: Masahisa Kojima To: u-boot@lists.denx.de Cc: Heinrich Schuchardt , Ilias Apalodimas , Simon Glass , Takahiro Akashi , malte.schmidt-oss@weidmueller.com, Masahisa Kojima Subject: [PATCH v8 04/10] efi_loader: get lowest supported version from device tree Date: Tue, 6 Jun 2023 18:40:28 +0900 Message-Id: <20230606094035.28990-5-masahisa.kojima@linaro.org> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20230606094035.28990-1-masahisa.kojima@linaro.org> References: <20230606094035.28990-1-masahisa.kojima@linaro.org> MIME-Version: 1.0 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.39 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.8 at phobos.denx.de X-Virus-Status: Clean This commit gets the lowest supported version from device tree, then fills the lowest supported version in FMP->GetImageInfo(). Signed-off-by: Masahisa Kojima Reviewed-by: Ilias Apalodimas --- No update since v6 Changed in v6: - fw_version is removed from device tree .../firmware/firmware-version.txt | 22 ++++++++ lib/efi_loader/efi_firmware.c | 50 ++++++++++++++++++- 2 files changed, 71 insertions(+), 1 deletion(-) create mode 100644 doc/device-tree-bindings/firmware/firmware-version.txt diff --git a/doc/device-tree-bindings/firmware/firmware-version.txt b/doc/device-tree-bindings/firmware/firmware-version.txt new file mode 100644 index 0000000000..ee90ce3117 --- /dev/null +++ b/doc/device-tree-bindings/firmware/firmware-version.txt @@ -0,0 +1,22 @@ +firmware-version bindings +------------------------------- + +Required properties: +- image-type-id : guid for image blob type +- image-index : image index +- lowest-supported-version : lowest supported version + +Example: + + firmware-version { + image1 { + image-type-id = "09D7CF52-0720-4710-91D1-08469B7FE9C8"; + image-index = <1>; + lowest-supported-version = <3>; + }; + image2 { + image-type-id = "5A7021F5-FEF2-48B4-AABA-832E777418C0"; + image-index = <2>; + lowest-supported-version = <7>; + }; + }; diff --git a/lib/efi_loader/efi_firmware.c b/lib/efi_loader/efi_firmware.c index 5b71a2fcc9..ae631f49f7 100644 --- a/lib/efi_loader/efi_firmware.c +++ b/lib/efi_loader/efi_firmware.c @@ -144,6 +144,51 @@ efi_status_t EFIAPI efi_firmware_set_package_info_unsupported( return EFI_EXIT(EFI_UNSUPPORTED); } +/** + * efi_firmware_get_lsv_from_dtb - get lowest supported version from dtb + * @image_index: Image index + * @image_type_id: Image type id + * @lsv: Pointer to store the lowest supported version + * + * Read the firmware version information from dtb. + */ +static void efi_firmware_get_lsv_from_dtb(u8 image_index, + efi_guid_t *image_type_id, u32 *lsv) +{ + const void *fdt = gd->fdt_blob; + const fdt32_t *val; + const char *guid_str; + int len, offset, index; + int parent; + + *lsv = 0; + + parent = fdt_subnode_offset(fdt, 0, "firmware-version"); + if (parent < 0) + return; + + fdt_for_each_subnode(offset, fdt, parent) { + efi_guid_t guid; + + guid_str = fdt_getprop(fdt, offset, "image-type-id", &len); + if (!guid_str) + continue; + uuid_str_to_bin(guid_str, guid.b, UUID_STR_FORMAT_GUID); + + val = fdt_getprop(fdt, offset, "image-index", &len); + if (!val) + continue; + index = fdt32_to_cpu(*val); + + if (!guidcmp(&guid, image_type_id) && index == image_index) { + val = fdt_getprop(fdt, offset, + "lowest-supported-version", &len); + if (val) + *lsv = fdt32_to_cpu(*val); + } + } +} + /** * efi_firmware_fill_version_info - fill the version information * @image_info: Image information @@ -171,8 +216,11 @@ void efi_firmware_fill_version_info(struct efi_firmware_image_descriptor *image_ else image_info->version = 0; + efi_firmware_get_lsv_from_dtb(fw_array->image_index, + &fw_array->image_type_id, + &image_info->lowest_supported_image_version); + image_info->version_name = NULL; /* not supported */ - image_info->lowest_supported_image_version = 0; image_info->last_attempt_version = 0; image_info->last_attempt_status = LAST_ATTEMPT_STATUS_SUCCESS; } From patchwork Tue Jun 6 09:40:29 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Masahisa Kojima X-Patchwork-Id: 689689 Delivered-To: patch@linaro.org Received: by 2002:a5d:4d8a:0:0:0:0:0 with SMTP id b10csp2537948wru; Tue, 6 Jun 2023 02:43:05 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ61AiGUe8/dtDsiv0yD0vlDCH+x8W1bpL3Iob/EobG5ThkLxuwP/6A3BrDucvt3WhvkQNba X-Received: by 2002:a05:6a00:198f:b0:656:5182:5e61 with SMTP id d15-20020a056a00198f00b0065651825e61mr2126410pfl.2.1686044584687; Tue, 06 Jun 2023 02:43:04 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1686044584; cv=none; d=google.com; s=arc-20160816; b=v5yO5uLPZcMn7JW1Dz2Jiy97E+Y2zYojTCgBheKH4SgcyLx+a+RmVmY0Q052buhHGe jABjwxeVSrNcp4g3UX5HaeHxg0JpujnPzj/c4IGZAvcYZVYwdeoNyYaf8QC4xCEWhdEO DZGkM82pFZcjX7jjpUXj81RkG4Fguzq83sFIZLsxMbLtS4XAsFDOX6v9Icf55gXiE+PU +9PV2g4yt0DqXcYKvOj4ksEaDivpbcP0leNYzcfaKd8raNQzKoRxPzu9/S/Ieg1cQaJW U2ebYoL2nUShh1xvq+7Dq0H47NdpN/meCt17xOL3YHyvmwQ5ML8pmj33BLRuOD0tnhrk PSHg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:content-transfer-encoding :mime-version:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=kAiYNifcUFjH2u10kgcQy2iwEfX1E4cUKuU88IaJLNg=; b=OSoc++DJVlCLrZ9Q5UqP+rleG8W/ZCbrDfazF/772omrmIr+BU7tGADPfQMfk9voaK mJhrE/WchcjI3esZnlhshXy2aZpLffb8N49qVG0mRWIMiHJA62RsWUFfLRDcj7+yYZwR VIa9YZqUCXhBKlFwlV0nQ3bL9NBw6KkhjvomaNiyLi3Azlewd7vWGjG69KWVpiNsfhxX J96smt01Wm3f/YmmTDtPfzwUcoKvSCaRECK0hcSt0veabJb4Vl2puWJHIpon0YtCehVf 1wPkqgoo/bTAJV0yhpvXLo2O9aPhH872SrrxvMTASBviUXdb5ZBGL09JU6uqvToQbyIa fXmg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=b5x4S4EZ; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 85.214.62.61 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from phobos.denx.de (phobos.denx.de. [85.214.62.61]) by mx.google.com with ESMTPS id b13-20020aa78ecd000000b0064d33e22709si6924718pfr.66.2023.06.06.02.43.03 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 06 Jun 2023 02:43:04 -0700 (PDT) Received-SPF: pass (google.com: domain of u-boot-bounces@lists.denx.de designates 85.214.62.61 as permitted sender) client-ip=85.214.62.61; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=b5x4S4EZ; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 85.214.62.61 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 039EC85F13; Tue, 6 Jun 2023 11:42:01 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="b5x4S4EZ"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id E921385EDD; Tue, 6 Jun 2023 11:41:52 +0200 (CEST) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.2 Received: from mail-pf1-x433.google.com (mail-pf1-x433.google.com [IPv6:2607:f8b0:4864:20::433]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id B7D6685EDD for ; Tue, 6 Jun 2023 11:41:48 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=masahisa.kojima@linaro.org Received: by mail-pf1-x433.google.com with SMTP id d2e1a72fcca58-64d24136685so4261763b3a.1 for ; Tue, 06 Jun 2023 02:41:48 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1686044507; x=1688636507; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=kAiYNifcUFjH2u10kgcQy2iwEfX1E4cUKuU88IaJLNg=; b=b5x4S4EZke+0M+1oA6mvTDOsnEjAbKEREhAVYCpPOIH1SqlH6REfCHdzI+BlEH5DnY trhv3SM9cm5x/m+67ikWbLx0YFgXw81/ZNRdVbJIYmZADgl0ox4eqfObn35pCL67W3B9 RRIOFWshc0AQZkv97QZ7EZTMuSlpuDnyRgwuXicVBTFoUWpm1HvlStd9nOEmGrA1Ymtv 34gCJhixq2guE6FeSs5GuUSnZ7g8RKbG6Q/dGM9UhQwXRsvHpL4xpG2ABWRi63r0WtsE diKFa4W4/v/gxSdmFIitGraZpdg1GMVoEfwdGUWCv3728+GY4AEeYCf6NZfd2umrikuP t8og== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1686044507; x=1688636507; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=kAiYNifcUFjH2u10kgcQy2iwEfX1E4cUKuU88IaJLNg=; b=DMZ+tI1qDVG3uDlzwR+6ryDECRL/EsI65SNgfBVxtcj+8b8kzVkJX1vmqyQ57b+rDh vQMh+EJHT7/E9C7gBq+P7LfV0qR/C04bzkKCzH+yuSyFiIRvC3ajtfNm00yBSxHjxcHX gopAuBLNQE5hA6MLlEhnnDHll+CakMxKZKuIoZtsmS6VyMB7cpU30VYmFEQDo5DYzlxi vVsKHJNILmh9YZ3M/DUEBAS7APLHAIbHXWq9g8PAWk9QXLVAfS5TStBSupy9DH7ZzOTo D93nczUuk5/99KoJwW6zvPDjeEVd0+f3JR+M65Ux6Y3nlR3yQsDFmo49P/AuAZngGD9t KrOw== X-Gm-Message-State: AC+VfDy7iFMU8Y5z1/APGSOgzYyLx7GH/H47CX+mAXx+wuJXw+3bN0mM FolIG02GpMDh5/RLEI5VsITFXvgBtj3rOb69+fE= X-Received: by 2002:a05:6a00:2794:b0:655:a7b4:2c8f with SMTP id bd20-20020a056a00279400b00655a7b42c8fmr2260128pfb.11.1686044506789; Tue, 06 Jun 2023 02:41:46 -0700 (PDT) Received: from ubuntu-SVE15129CJS.. ([240d:1a:cf7:5800:d3c2:bf07:d08b:b72d]) by smtp.gmail.com with ESMTPSA id u25-20020aa78399000000b00627ed4e23e0sm6542809pfm.101.2023.06.06.02.41.44 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 06 Jun 2023 02:41:46 -0700 (PDT) From: Masahisa Kojima To: u-boot@lists.denx.de Cc: Heinrich Schuchardt , Ilias Apalodimas , Simon Glass , Takahiro Akashi , malte.schmidt-oss@weidmueller.com, Masahisa Kojima Subject: [PATCH v8 05/10] efi_loader: check lowest supported version Date: Tue, 6 Jun 2023 18:40:29 +0900 Message-Id: <20230606094035.28990-6-masahisa.kojima@linaro.org> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20230606094035.28990-1-masahisa.kojima@linaro.org> References: <20230606094035.28990-1-masahisa.kojima@linaro.org> MIME-Version: 1.0 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.39 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.8 at phobos.denx.de X-Virus-Status: Clean The FMP Payload Header which EDK II capsule generation scripts insert has a firmware version. This commit reads the lowest supported version stored in the device tree, then check if the firmware version in FMP payload header of the ongoing capsule is equal or greater than the lowest supported version. If the firmware version is lower than lowest supported version, capsule update will not be performed. Signed-off-by: Masahisa Kojima --- No update since v7 Changes in v7: - return immediately if efi_firmware_capsule_authenticate() fails Changes in v6: - get aligned to the latest implementation Changes in v5: - newly implement the device tree based versioning Changes in v4: - use log_err() instead of printf() Changes in v2: - add error message when the firmware version is lower than lowest supported version lib/efi_loader/efi_firmware.c | 19 ++++++++++++++++++- 1 file changed, 18 insertions(+), 1 deletion(-) diff --git a/lib/efi_loader/efi_firmware.c b/lib/efi_loader/efi_firmware.c index ae631f49f7..b557738370 100644 --- a/lib/efi_loader/efi_firmware.c +++ b/lib/efi_loader/efi_firmware.c @@ -419,7 +419,8 @@ static void efi_firmware_get_fw_version(const void **p_image, * @image_index: Image index * @state: Pointer to fmp state * - * Verify the capsule file + * Verify the capsule authentication and check if the fw_version + * is equal or greater than the lowest supported version. * * Return: status code */ @@ -429,11 +430,27 @@ efi_status_t efi_firmware_verify_image(const void **p_image, u8 image_index, struct fmp_state *state) { + u32 lsv; efi_status_t ret; + efi_guid_t *image_type_id; ret = efi_firmware_capsule_authenticate(p_image, p_image_size); + if (ret != EFI_SUCCESS) + return ret; + efi_firmware_get_fw_version(p_image, p_image_size, state); + image_type_id = efi_firmware_get_image_type_id(image_index); + if (!image_type_id) + return EFI_INVALID_PARAMETER; + + efi_firmware_get_lsv_from_dtb(image_index, image_type_id, &lsv); + if (state->fw_version < lsv) { + log_err("Firmware version %u too low. Expecting >= %u. Aborting update\n", + state->fw_version, lsv); + return EFI_INVALID_PARAMETER; + } + return ret; } From patchwork Tue Jun 6 09:40:30 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Masahisa Kojima X-Patchwork-Id: 689691 Delivered-To: patch@linaro.org Received: by 2002:a5d:4d8a:0:0:0:0:0 with SMTP id b10csp2538097wru; Tue, 6 Jun 2023 02:43:33 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ6HpHlkGF5dYFj9H2CD8OG0oZYhr1C8jFMm6J8oJI4eRU0h4aduxFB/IYPFFjqTSTjHO4dr X-Received: by 2002:a05:6a00:1818:b0:63e:6b8a:7975 with SMTP id y24-20020a056a00181800b0063e6b8a7975mr1937747pfa.9.1686044613568; Tue, 06 Jun 2023 02:43:33 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1686044613; cv=none; d=google.com; s=arc-20160816; b=ZiIIaz3Avd2ypfnLBiAk9PM1uNahXVVq1rCGgml/I2rtEApBWtYBesYjyRYBgBjUdG 89FdLmg3f+8WHizbCSUlpLMgljsXZCkUs6psx0/OPQGd4hall9Jk4l0YqrIiVVuc9zf9 /T0jytLTAkMA7wqOtO/12Yu+2yiOsNRhBHlWLjN142U2gjNO3qQR8TQ+A0rQdnf5czYj vGEKpQnMT5jQTpqzKzDU2lDjkAaeG31XpXHF5lnjqZrQgU9ICv0Ta4m+EVgKgcqDECoZ mmjoAWHKfKIqvSI5N/OBMXGds39XvturSR+RnoX5DcuSv+IWQzmSMf1BRYD+P3eNPng3 lltg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:content-transfer-encoding :mime-version:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=MW7GFDppTaa4shPmyFzR8JHCQGmM/eby59Lo7pOvM6w=; b=D+nZqUbnsrROoF9nQn5gCrzxoRfHvxr4s9LK6Q4vIqi8+FiqQ5jXC/+zgzmw5agzZX IWiLaMk005U4vLle0PapjM/cswPFyOGm/YOCht2gPLdlXcmpOR455cVkLHW4OwvFfM6j N6opnOjhhyA2xebu+WUYzvbbKPaSZwtjnMYJiawyITOfk9BdITCFMIjuWDtlPg7r6Ton Yvt8275Ow0+QrQjrekRttNkpFKo8d2nUJRHquVewN1yxUTpPtZr+z8ssmJrtcbV8tSLf A4+TFG31dH3vfr/TgxC1l0idLsmKC87aUfRo0EocLET9mjdSXW0xL46txHlOq1b7yPsd m/Kw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=fKpypSfy; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 85.214.62.61 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from phobos.denx.de (phobos.denx.de. [85.214.62.61]) by mx.google.com with ESMTPS id k137-20020a633d8f000000b0053fee168aabsi7184161pga.742.2023.06.06.02.43.32 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 06 Jun 2023 02:43:33 -0700 (PDT) Received-SPF: pass (google.com: domain of u-boot-bounces@lists.denx.de designates 85.214.62.61 as permitted sender) client-ip=85.214.62.61; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=fKpypSfy; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 85.214.62.61 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 14BCE85F3D; Tue, 6 Jun 2023 11:42:12 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="fKpypSfy"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id EE2E785EEB; Tue, 6 Jun 2023 11:41:59 +0200 (CEST) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.2 Received: from mail-pg1-x536.google.com (mail-pg1-x536.google.com [IPv6:2607:f8b0:4864:20::536]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id 259AB85F13 for ; Tue, 6 Jun 2023 11:41:52 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=masahisa.kojima@linaro.org Received: by mail-pg1-x536.google.com with SMTP id 41be03b00d2f7-53f9a376f3eso5264894a12.0 for ; Tue, 06 Jun 2023 02:41:52 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1686044510; x=1688636510; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=MW7GFDppTaa4shPmyFzR8JHCQGmM/eby59Lo7pOvM6w=; b=fKpypSfyDPfnv5PIneLzAR4ADTxCCE1g65BC7vuNVZpM8baNVSBRrTzS/YCZF1//pq lUz/yHLyiAhMQNDOYtHvpn0VShPPYa9pHomm7J/UD+ThdVBHqwKisekFBosZ9gnumfHy DVbQ78bmNN70zYwvK5Z+SqbEaWmv38nGvpjMZbJ1O9FaGM0v9PotpQdMfnJS4sm4zbNG z4EdumbFfUgqDQ6kiwL5sgOHh/mOLSLhMuGDm6kmuYIDNL05B4Q9ZHbRHlkbwopM7bTe NCs/YfPqsFvSezSSUcUN2wVfVMm+apVE+izbTuPcjHzXd2GoXTcAfpD0BK3Qqyt1TkkT 9wfQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1686044510; x=1688636510; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=MW7GFDppTaa4shPmyFzR8JHCQGmM/eby59Lo7pOvM6w=; b=i+5ZzFiiMXMhLh5YNimxGkVxwC1+yg6Y08oh09+zMcFkhbaRM2EPBo0cNZwBW7Ob3L bga6PnkPjqU4jH9NtJvtsaXs1bjvSyG011lH66bJqnSRMwOgBSRDZxloqaKgri4+ajpf CGGxPJjm8pkRspwqqLsJhsPP7h8fnsMZW1DiRVwBYLPzJk4/4BCphPFNOxpX4turVMTT BbwJ7f8ozfVLeKDl/V64qe3YrVmXr67TgmuUjb2tEBIeNECRWPiXUWz+0JKz5FUT+n3f fB4Xm600jAKK9skiUY2RFhXDg3vNa7UgwKlg5X7eZuNxp942j9ATbeH3SJ0ZhbyLCFPT KJNQ== X-Gm-Message-State: AC+VfDxfXC6MXtthy3pZfKczIr+ktli3kISufa3zk4nefeueurbxnfHm oioyCIGktZluMRBeVD4aBm9YjTbjeRBc15WRRQw= X-Received: by 2002:a05:6a20:a112:b0:10b:e88f:598f with SMTP id q18-20020a056a20a11200b0010be88f598fmr2086686pzk.51.1686044510248; Tue, 06 Jun 2023 02:41:50 -0700 (PDT) Received: from ubuntu-SVE15129CJS.. ([240d:1a:cf7:5800:d3c2:bf07:d08b:b72d]) by smtp.gmail.com with ESMTPSA id u25-20020aa78399000000b00627ed4e23e0sm6542809pfm.101.2023.06.06.02.41.47 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 06 Jun 2023 02:41:49 -0700 (PDT) From: Masahisa Kojima To: u-boot@lists.denx.de Cc: Heinrich Schuchardt , Ilias Apalodimas , Simon Glass , Takahiro Akashi , malte.schmidt-oss@weidmueller.com, Masahisa Kojima , Etienne Carriere , Sughosh Ganu Subject: [PATCH v8 06/10] mkeficapsule: add FMP Payload Header Date: Tue, 6 Jun 2023 18:40:30 +0900 Message-Id: <20230606094035.28990-7-masahisa.kojima@linaro.org> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20230606094035.28990-1-masahisa.kojima@linaro.org> References: <20230606094035.28990-1-masahisa.kojima@linaro.org> MIME-Version: 1.0 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.39 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.8 at phobos.denx.de X-Virus-Status: Clean Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima Acked-by: Ilias Apalodimas --- No update since v5 Changes in v5: - remove --lsv since we use the lowest_supported_version in the dtb Changes in v3: - remove '-f' option - move some definitions into tools/eficapsule.h - add dependency check of fw_version and lowest_supported_version - remove unexpected modification of existing fprintf() call - add documentation Newly created in v2 doc/mkeficapsule.1 | 10 ++++++++++ tools/eficapsule.h | 30 ++++++++++++++++++++++++++++++ tools/mkeficapsule.c | 37 +++++++++++++++++++++++++++++++++---- 3 files changed, 73 insertions(+), 4 deletions(-) diff --git a/doc/mkeficapsule.1 b/doc/mkeficapsule.1 index 1ca245a10f..c4c2057d5c 100644 --- a/doc/mkeficapsule.1 +++ b/doc/mkeficapsule.1 @@ -61,6 +61,16 @@ Specify an image index .BI "-I\fR,\fB --instance " instance Specify a hardware instance +.PP +FMP Payload Header is inserted right before the payload if +.BR --fw-version +is specified + + +.TP +.BI "-v\fR,\fB --fw-version " firmware-version +Specify a firmware version, 0 if omitted + .PP For generation of firmware accept empty capsule .BR --guid diff --git a/tools/eficapsule.h b/tools/eficapsule.h index 072a4b5598..753fb73313 100644 --- a/tools/eficapsule.h +++ b/tools/eficapsule.h @@ -113,4 +113,34 @@ struct efi_firmware_image_authentication { struct win_certificate_uefi_guid auth_info; } __packed; +/* fmp payload header */ +#define SIGNATURE_16(A, B) ((A) | ((B) << 8)) +#define SIGNATURE_32(A, B, C, D) \ + (SIGNATURE_16(A, B) | (SIGNATURE_16(C, D) << 16)) + +#define FMP_PAYLOAD_HDR_SIGNATURE SIGNATURE_32('M', 'S', 'S', '1') + +/** + * struct fmp_payload_header - EDK2 header for the FMP payload + * + * This structure describes the header which is preprended to the + * FMP payload by the edk2 capsule generation scripts. + * + * @signature: Header signature used to identify the header + * @header_size: Size of the structure + * @fw_version: Firmware versions used + * @lowest_supported_version: Lowest supported version (not used) + */ +struct fmp_payload_header { + uint32_t signature; + uint32_t header_size; + uint32_t fw_version; + uint32_t lowest_supported_version; +}; + +struct fmp_payload_header_params { + bool have_header; + uint32_t fw_version; +}; + #endif /* _EFI_CAPSULE_H */ diff --git a/tools/mkeficapsule.c b/tools/mkeficapsule.c index b71537beee..52be1f122e 100644 --- a/tools/mkeficapsule.c +++ b/tools/mkeficapsule.c @@ -41,6 +41,7 @@ static struct option options[] = { {"guid", required_argument, NULL, 'g'}, {"index", required_argument, NULL, 'i'}, {"instance", required_argument, NULL, 'I'}, + {"fw-version", required_argument, NULL, 'v'}, {"private-key", required_argument, NULL, 'p'}, {"certificate", required_argument, NULL, 'c'}, {"monotonic-count", required_argument, NULL, 'm'}, @@ -60,6 +61,7 @@ static void print_usage(void) "\t-g, --guid guid for image blob type\n" "\t-i, --index update image index\n" "\t-I, --instance update hardware instance\n" + "\t-v, --fw-version firmware version\n" "\t-p, --private-key private key file\n" "\t-c, --certificate signer's certificate file\n" "\t-m, --monotonic-count monotonic count\n" @@ -402,6 +404,7 @@ static void free_sig_data(struct auth_context *ctx) */ static int create_fwbin(char *path, char *bin, efi_guid_t *guid, unsigned long index, unsigned long instance, + struct fmp_payload_header_params *fmp_ph_params, uint64_t mcount, char *privkey_file, char *cert_file, uint16_t oemflags) { @@ -410,10 +413,11 @@ static int create_fwbin(char *path, char *bin, efi_guid_t *guid, struct efi_firmware_management_capsule_image_header image; struct auth_context auth_context; FILE *f; - uint8_t *data; + uint8_t *data, *new_data, *buf; off_t bin_size; uint64_t offset; int ret; + struct fmp_payload_header payload_header; #ifdef DEBUG fprintf(stderr, "For output: %s\n", path); @@ -423,6 +427,7 @@ static int create_fwbin(char *path, char *bin, efi_guid_t *guid, auth_context.sig_size = 0; f = NULL; data = NULL; + new_data = NULL; ret = -1; /* @@ -431,12 +436,30 @@ static int create_fwbin(char *path, char *bin, efi_guid_t *guid, if (read_bin_file(bin, &data, &bin_size)) goto err; + buf = data; + + /* insert fmp payload header right before the payload */ + if (fmp_ph_params->have_header) { + new_data = malloc(bin_size + sizeof(payload_header)); + if (!new_data) + goto err; + + payload_header.signature = FMP_PAYLOAD_HDR_SIGNATURE; + payload_header.header_size = sizeof(payload_header); + payload_header.fw_version = fmp_ph_params->fw_version; + payload_header.lowest_supported_version = 0; /* not used */ + memcpy(new_data, &payload_header, sizeof(payload_header)); + memcpy(new_data + sizeof(payload_header), data, bin_size); + buf = new_data; + bin_size += sizeof(payload_header); + } + /* first, calculate signature to determine its size */ if (privkey_file && cert_file) { auth_context.key_file = privkey_file; auth_context.cert_file = cert_file; auth_context.auth.monotonic_count = mcount; - auth_context.image_data = data; + auth_context.image_data = buf; auth_context.image_size = bin_size; if (create_auth_data(&auth_context)) { @@ -536,7 +559,7 @@ static int create_fwbin(char *path, char *bin, efi_guid_t *guid, /* * firmware binary */ - if (write_capsule_file(f, data, bin_size, "Firmware binary")) + if (write_capsule_file(f, buf, bin_size, "Firmware binary")) goto err; ret = 0; @@ -545,6 +568,7 @@ err: fclose(f); free_sig_data(&auth_context); free(data); + free(new_data); return ret; } @@ -644,6 +668,7 @@ int main(int argc, char **argv) unsigned long oemflags; char *privkey_file, *cert_file; int c, idx; + struct fmp_payload_header_params fmp_ph_params = { 0 }; guid = NULL; index = 0; @@ -679,6 +704,10 @@ int main(int argc, char **argv) case 'I': instance = strtoul(optarg, NULL, 0); break; + case 'v': + fmp_ph_params.fw_version = strtoul(optarg, NULL, 0); + fmp_ph_params.have_header = true; + break; case 'p': if (privkey_file) { fprintf(stderr, @@ -751,7 +780,7 @@ int main(int argc, char **argv) exit(EXIT_FAILURE); } } else if (create_fwbin(argv[argc - 1], argv[argc - 2], guid, - index, instance, mcount, privkey_file, + index, instance, &fmp_ph_params, mcount, privkey_file, cert_file, (uint16_t)oemflags) < 0) { fprintf(stderr, "Creating firmware capsule failed\n"); exit(EXIT_FAILURE); From patchwork Tue Jun 6 09:40:31 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Masahisa Kojima X-Patchwork-Id: 689690 Delivered-To: patch@linaro.org Received: by 2002:a5d:4d8a:0:0:0:0:0 with SMTP id b10csp2538030wru; Tue, 6 Jun 2023 02:43:19 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ7zUoU5jg7qIazmRlO8E3CQhEFoEbXser4BmgGkANuc4o8HZZoDFOfA2kxoNzPu8nY9F2Vx X-Received: by 2002:a17:903:489:b0:1b0:25ab:a9eb with SMTP id jj9-20020a170903048900b001b025aba9ebmr1787355plb.8.1686044599601; Tue, 06 Jun 2023 02:43:19 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1686044599; cv=none; d=google.com; s=arc-20160816; b=iVGfANMsyOd+HIg0pc25s9f8phls6dyQ4aohF2gzTi7alMEKfVeBNKt3nDcs3thyvt q0or4MH/0i2bZe/FnPvQWg3wkwVgeAiio6g5h/ziP65DWbDhcUUpiE+XxGBqI6Ae1s8m sjlNXYxv/zltIvrnVptgB9RKzw3kz29CLgBN7Il9zTR//YhQtJSxpA8XHnsvNa7ujocf 1AT/hjpRlOv4UtDtFJhygmabWyJIdjn2uK5IrSmz14Gr+XFmsEqMIdESmCO/N3I5PhEm ZnheoZcT6BNc1IiM/hYN3o1uPzhoNIMTQllEUk8IiEMWjPvU9hVX8SCzQhgY/WGIVn/R oKIg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:content-transfer-encoding :mime-version:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=DKnt3wjagfXjw4oYKhw2ai69OJDQPbCIAY/vH4tA8j0=; b=wpAuzXybesQ4q0ZvgBdaQUxa4pCDDA1PyFNgzZMcKC4rejMMgaSL/YcdrZgQW35gxa aQhtfMEyXUet/bKQPbFnjSpdNhT4il1Ch/9k7xcf71O7ya3jFiRUfA2s6eqs6EGMYF3D 6/q2hawvlRweHeLgW2blIRhc++hbKOvzVJjx8KnREbWyZyHc63zx705Q5R+CNVuD/1d/ gXmM0twN0zmPLjOPKotSGEk9q08JDVjRgXX10Ure2KGP3Z6KE2Q6zqWhdC+2I+WoDTMd SLkf46r+aKloX0+rPA0yF/uD9GGqhyAGQTcaFZm3BomoaH7LOh1WhgR5WGAV3oGxGpw2 KKpQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=XwBAF5dl; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from phobos.denx.de (phobos.denx.de. [2a01:238:438b:c500:173d:9f52:ddab:ee01]) by mx.google.com with ESMTPS id jj9-20020a170903048900b001b039d82f9csi6904029plb.30.2023.06.06.02.43.18 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 06 Jun 2023 02:43:19 -0700 (PDT) Received-SPF: pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) client-ip=2a01:238:438b:c500:173d:9f52:ddab:ee01; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=XwBAF5dl; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 4B73C85FD2; Tue, 6 Jun 2023 11:42:09 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="XwBAF5dl"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id CA6DF85F4F; Tue, 6 Jun 2023 11:41:58 +0200 (CEST) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.2 Received: from mail-pf1-x435.google.com (mail-pf1-x435.google.com [IPv6:2607:f8b0:4864:20::435]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id BE85885EEB for ; Tue, 6 Jun 2023 11:41:54 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=masahisa.kojima@linaro.org Received: by mail-pf1-x435.google.com with SMTP id d2e1a72fcca58-652dd220d67so4777180b3a.3 for ; Tue, 06 Jun 2023 02:41:54 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1686044513; x=1688636513; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=DKnt3wjagfXjw4oYKhw2ai69OJDQPbCIAY/vH4tA8j0=; b=XwBAF5dlsLhrsWZxMRNUQIKiwmJCihp3Qpkl6O/wx37e6ay4ZBvQ59HHpw9+vdHEBj tW8k61hbIkQTu/+jzyJyKoFgk+6P0PXiU4B6emR7I6PS5P5q93RWq2PhlSdsQ6k4fsYY M8MNjABbcblK8byh0Sx/MOz/QlX6vM7sQYQFbbiyaZeDprY1Uvt8tiINpXrRk+e8TR7i koqQWlmSutrgx3e7qEgRYAph7ttmclv9WmgDXnZQRlVS145v5431rJPX4sG/jinp+UsG Wsd9oqJ2LU8/pNhB75JUUraZO68j3/gpog7CDngIK7TnNbo7bWRmng58SqfM3VibduZE cdHQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1686044513; x=1688636513; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=DKnt3wjagfXjw4oYKhw2ai69OJDQPbCIAY/vH4tA8j0=; b=fWSebvKnFzjUQx298os6xtm24iCu9ibLgeSiq0k6IkHvxdb95uswl2xYfnluNtgr9B S3D4aRFZUXutSJoaJqfyq7+feIPwziYwfZvI2KSeaV/ItF+jgYy1W783OoQwU+q8LzZk F0LT7AXZVY6x71GjdvVCxOjZ84b9fWaY5vtxjCmdmm7YAnbQ9cZRBSqgSjhhvg67ZMRf iDkqh4SX1XQsvza20nVzmiuoBNryrQ1JynOIzcnoTuOYk2EeMqeHE2+k7BVqMPke2flQ k/ukM8S7WpLbgdC/UC47hva80PA+3//aRMDNERSH0M6CexxPcBJmNxvb1ONPYZbj9VRE IKHQ== X-Gm-Message-State: AC+VfDzy5uXeHfMgxzO0bugnMrjYLlJLzmyy9JvjukShvIN8xfsLS1HA tazihk/mEqiPpp+ynhbkFAcq05Uu4A9HjAJMZq4= X-Received: by 2002:a05:6a00:1a8b:b0:652:542c:ad8d with SMTP id e11-20020a056a001a8b00b00652542cad8dmr1834780pfv.9.1686044513020; Tue, 06 Jun 2023 02:41:53 -0700 (PDT) Received: from ubuntu-SVE15129CJS.. ([240d:1a:cf7:5800:d3c2:bf07:d08b:b72d]) by smtp.gmail.com with ESMTPSA id u25-20020aa78399000000b00627ed4e23e0sm6542809pfm.101.2023.06.06.02.41.51 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 06 Jun 2023 02:41:52 -0700 (PDT) From: Masahisa Kojima To: u-boot@lists.denx.de Cc: Heinrich Schuchardt , Ilias Apalodimas , Simon Glass , Takahiro Akashi , malte.schmidt-oss@weidmueller.com, Masahisa Kojima Subject: [PATCH v8 07/10] doc: uefi: add firmware versioning documentation Date: Tue, 6 Jun 2023 18:40:31 +0900 Message-Id: <20230606094035.28990-8-masahisa.kojima@linaro.org> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20230606094035.28990-1-masahisa.kojima@linaro.org> References: <20230606094035.28990-1-masahisa.kojima@linaro.org> MIME-Version: 1.0 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.39 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.8 at phobos.denx.de X-Virus-Status: Clean This commit describes the procedure to add the firmware version into the capsule file. Signed-off-by: Masahisa Kojima --- No update since v7 Changes in v7: - move documentation into "Creating a capsule file" - cleary describe the --fw-version option Newly created in v6 doc/develop/uefi/uefi.rst | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) diff --git a/doc/develop/uefi/uefi.rst b/doc/develop/uefi/uefi.rst index ffe25ca231..30b90a09d5 100644 --- a/doc/develop/uefi/uefi.rst +++ b/doc/develop/uefi/uefi.rst @@ -318,6 +318,33 @@ Run the following command --guid \ +The UEFI specification does not define the firmware versioning mechanism. +EDK II reference implementation inserts the FMP Payload Header right before +the payload. It coutains the fw_version and lowest supported version, +EDK II reference implementation uses these information to implement the +firmware versioning and anti-rollback protection, the firmware version and +lowest supported version is stored into EFI non-volatile variable. + +In U-Boot, the firmware versioning is implemented utilizing +the FMP Payload Header same as EDK II reference implementation, +reads the FMP Payload Header and stores the firmware version into +"FmpStateXXXX" EFI non-volatile variable. XXXX indicates the image index, +since FMP protocol handles multiple image indexes. + +To add the fw_version into the FMP Payload Header, +add --fw-version option in mkeficapsule tool. + +.. code-block:: console + + $ mkeficapsule \ + --index --instance 0 \ + --guid \ + --fw-version 5 \ + + +If the --fw-version option is not set, FMP Payload Header is not inserted +and fw_version is set as 0. + Performing the update ********************* From patchwork Tue Jun 6 09:40:32 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Masahisa Kojima X-Patchwork-Id: 689692 Delivered-To: patch@linaro.org Received: by 2002:a5d:4d8a:0:0:0:0:0 with SMTP id b10csp2538154wru; Tue, 6 Jun 2023 02:43:46 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ4FxMGZ1vLPEtqekCIG53RgytFo9UYQPdHB3OnnOHELPRJUPGZJXk9PYcShg0/YnqKA4L9j X-Received: by 2002:a05:6a21:1509:b0:10a:fad7:43bf with SMTP id nq9-20020a056a21150900b0010afad743bfmr1947451pzb.39.1686044626021; Tue, 06 Jun 2023 02:43:46 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1686044626; cv=none; d=google.com; s=arc-20160816; b=gLQr3X/gD1NdweDb7QwogmcGavK6hEm9qQXXzUHI3N/6FE1HDFZET9JL3pMuKLO/sB xv7izjxcwkaVu4SM6mLF/qoYPJEEwkJc3eNbLrhPEqK7WAf/sLboSHz/C5DcK+MgiTNX w/oU5RqewSL5bc9j5OPsv8BCMUJR5P0vBN9G6qZqgjVY8/dJCHt8TmmsXCWQXH8iRTtY hlz5EdMlZXgO63dHye9PtjdGBklXNoWeFOEDN2GSepd0TGLQ+vh4A/N6try6DgNJPCFf gzYiknfALPHK+tN4bUvWwy/XW8li3gL1g0QI4GJfIV+3F9g6OtPqMU7EePnyXNUCP+jT VsdQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:content-transfer-encoding :mime-version:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=RVyANGbj1qT5Yo4Hx3gumcq/3C2zNijDWqGxalF/0HA=; b=jQiSkNhBhR7dulv+Ez3qL1nVbj2jsGHLsGHSGhqlb58dccITaMWA+T9ccocuCeo6hh mM53tFevU2OYf18CYgb7wTA9nxjQkPQ8K4pc+x/86WKpW+x9o9sYRAGCD6Jsrw69rCOv xlliPqF5eUQcs7fUjloWpzRJr79xq8RLtQ3XaG3FzjRA9DZfzBY6Jp/2TM0U19AkDmJV iVKlZVKOzGqLRrVhqw1YAkOQn+87v6CIFMVdPTnvRuaytSTApHzk4w0F8ERAdMR4CC0k Hcp0UBnvhBuLbGeewAIwT9JAyRAPwgJ20QEfHXTpeksWIfSWXd90zcQW6CsJ6YtYIT8Q n55Q== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=itzSoxrg; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 85.214.62.61 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from phobos.denx.de (phobos.denx.de. [85.214.62.61]) by mx.google.com with ESMTPS id c19-20020aa79533000000b00653b5ab16c3si6527798pfp.265.2023.06.06.02.43.44 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 06 Jun 2023 02:43:45 -0700 (PDT) Received-SPF: pass (google.com: domain of u-boot-bounces@lists.denx.de designates 85.214.62.61 as permitted sender) client-ip=85.214.62.61; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=itzSoxrg; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 85.214.62.61 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 0873985FEC; Tue, 6 Jun 2023 11:42:15 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="itzSoxrg"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id 5906785F3D; Tue, 6 Jun 2023 11:42:03 +0200 (CEST) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.2 Received: from mail-pf1-x431.google.com (mail-pf1-x431.google.com [IPv6:2607:f8b0:4864:20::431]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id B4BF785EAD for ; Tue, 6 Jun 2023 11:41:57 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=masahisa.kojima@linaro.org Received: by mail-pf1-x431.google.com with SMTP id d2e1a72fcca58-654f8b56807so3217328b3a.1 for ; Tue, 06 Jun 2023 02:41:57 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1686044516; x=1688636516; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=RVyANGbj1qT5Yo4Hx3gumcq/3C2zNijDWqGxalF/0HA=; b=itzSoxrgB4ymbl/AYym8P4o5djLDVtOqgQG3dZ0n3M0sp8ySgm8gsdr3NvdloptvjG RM9/b2zS0Ra+ctcNmBKfYsJmc3QH4ABqfakVHf6NocAn6GJ/KMwaadc0ZysTc75+Tuoc LG4gB7BpC7NAqnUDgF3slCFYpPC9hS8ljBms4WbCKJC1+bHTaneFG3RuF2uWljYdiU1w HGjpgPUYQkW9xi94ggEx7//xRyxFSN4PZ/YUym46SVSkQUnmFZnIn1W5wKLhMpgkq6/R /6XwEl9R21Dvp5Nz2EpjKghSyGCkwushP0OfaKogNuiEUt3pMucP/Rr9o3NP1/NsQvWu 8GNQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1686044516; x=1688636516; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=RVyANGbj1qT5Yo4Hx3gumcq/3C2zNijDWqGxalF/0HA=; b=SSyCnNn0YPT+6fG18NB/GVczT8rTroSR7cAHzG1GgrfL/MsFYPfB9aMdIH0aQEVr3o CfLZMBvuhDl2jeBuQBIS8FrICGYoCfuYPfVbSaBjYdg0xa6+K7MbI+iDCSGjsTvO1T6p gnKFpwTU1apZJDd+rc5Ff1ExcP+gXej4+YHcg6uiz17mTg3pAWNlASqbHTImq5l5d+cW GBIFJaKDcoo0ynxUVPVasWYsde95bGfylVs+Pn1AL5ZuOzCUC8Nd86o9RBjm6eBhtrXt PS+s97HRt51aMPwcSt7Q0i0WDyUziFhFT0XywGtCAUvrbS9y1WHWlWWtJM6a8WE7YYK8 /LoQ== X-Gm-Message-State: AC+VfDzq1H3xDO8TOiOEv6Z1dsLkCEZXV14V5knkQ/NiUBryMkA7DTRT 8Qt7WFcFuBNqZ52B2YqtHxAX9ZQFTgOSTVIpZ2M= X-Received: by 2002:a05:6a00:190b:b0:64f:e997:5107 with SMTP id y11-20020a056a00190b00b0064fe9975107mr1822208pfi.1.1686044515813; Tue, 06 Jun 2023 02:41:55 -0700 (PDT) Received: from ubuntu-SVE15129CJS.. ([240d:1a:cf7:5800:d3c2:bf07:d08b:b72d]) by smtp.gmail.com with ESMTPSA id u25-20020aa78399000000b00627ed4e23e0sm6542809pfm.101.2023.06.06.02.41.53 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 06 Jun 2023 02:41:55 -0700 (PDT) From: Masahisa Kojima To: u-boot@lists.denx.de Cc: Heinrich Schuchardt , Ilias Apalodimas , Simon Glass , Takahiro Akashi , malte.schmidt-oss@weidmueller.com, Masahisa Kojima Subject: [PATCH v8 08/10] doc: uefi: add anti-rollback documentation Date: Tue, 6 Jun 2023 18:40:32 +0900 Message-Id: <20230606094035.28990-9-masahisa.kojima@linaro.org> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20230606094035.28990-1-masahisa.kojima@linaro.org> References: <20230606094035.28990-1-masahisa.kojima@linaro.org> MIME-Version: 1.0 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.39 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.8 at phobos.denx.de X-Virus-Status: Clean This commit describe the procedure to configure lowest supported version in the device tree for anti-rollback protection. Signed-off-by: Masahisa Kojima --- No update since v7 Changes in v7: - describe the usage Newly created in v6 doc/develop/uefi/uefi.rst | 39 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 39 insertions(+) diff --git a/doc/develop/uefi/uefi.rst b/doc/develop/uefi/uefi.rst index 30b90a09d5..ffd13cebe9 100644 --- a/doc/develop/uefi/uefi.rst +++ b/doc/develop/uefi/uefi.rst @@ -537,6 +537,45 @@ where signature.dts looks like:: }; }; +Anti-rollback Protection +************************ + +Anti-rollback prevents unintentional installation of outdated firmware. +To enable anti-rollback, you must add the lowest-supported-version property +to dtb and specify --fw-version when creating a capsule file with the +mkeficapsule tool. +When executing capsule update, U-Boot checks if fw_version is greater than +or equal to lowest-supported-version. If fw_version is less than +lowest-supported-version, the update will fail. +For example, if lowest-supported-version is set to 7 and you run capsule +update using a capsule file with --fw-version of 5, the update will fail. +When the --fw-version in the capsule file is updated, lowest-supported-version +in the dtb might be updated accordingly. + +To insert the lowest supported version into a dtb + +.. code-block:: console + + $ dtc -@ -I dts -O dtb -o version.dtbo version.dts + $ fdtoverlay -i orig.dtb -o new.dtb -v version.dtbo + +where version.dts looks like:: + + /dts-v1/; + /plugin/; + &{/} { + firmware-version { + image1 { + image-type-id = "09D7CF52-0720-4710-91D1-08469B7FE9C8"; + image-index = <1>; + lowest-supported-version = <3>; + }; + }; + }; + +The properties of image-type-id and image-index must match the value +defined in the efi_fw_image array as image_type_id and image_index. + Executing the boot manager ~~~~~~~~~~~~~~~~~~~~~~~~~~ From patchwork Tue Jun 6 09:40:33 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Masahisa Kojima X-Patchwork-Id: 689694 Delivered-To: patch@linaro.org Received: by 2002:a5d:4d8a:0:0:0:0:0 with SMTP id b10csp2538306wru; Tue, 6 Jun 2023 02:44:13 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ7s5/n9hKYc5RzVy1YTlWs5l/ZPUvhRdDA8KGKdKhYoWOrVVqwBCfjAWdlm/XGvrBKOAOEJ X-Received: by 2002:a17:902:da87:b0:1b2:2400:f324 with SMTP id j7-20020a170902da8700b001b22400f324mr1844506plx.64.1686044653626; Tue, 06 Jun 2023 02:44:13 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1686044653; cv=none; d=google.com; s=arc-20160816; b=rFk9UQPGr0bGEtPOu/mY2M9Mjs6ZSZ9tOWFYS0HlJwkmGZx0Rp4EC6ELkK9kKCJa3u /ch9LDUwPVaDchhFXdeSqnRPxWsnPrdgQyDG33ZRozM+OshmXKp7KdImoX8fbfU3nQgS nCHmB+H2hjmHRGz7+fyQ3bz0NB6yyuuxdc/dZLUXT6XicyigQf79DGC0AYXAjAfMHw6H wRn+BZ6oEyknWNnD6MRhh//Yvjw0bNoF/tlqByegQ0PKt6qWWrz6XjirMAia4e78SIXT sFNS4ObQNQ9Ar7RTMlG1Estxv8HKongVbVUm4TEAY8EzFjyncvOUeRJS4NwkJZ1C4h4W O0TQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:content-transfer-encoding :mime-version:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=o3yTta2TXOcHgw4K4G1CoaXK03xBZDwaPsXaMBVskpw=; b=qDozuRrpKdYa8vc/SOtT5lKj1rMwNuteV50DcI8rPpVizzO+oeMAQeE6QvyLDFeg7u 70O7StrXFNGSiHA19UH010T1N3e1CoOKd9bxvJkF57MbB0UvrXZA48nIvDjP+a/dBIaa OhgDI9WKhxxi7kDm/LgKae8hBGFkLXrYErv6va6MY9X23an4R4fEJKFPpZzyH6/wWm6a KVcOulcvSQa7eTpvl7RqPGGTfbd7NKxf8zZ2c58oCM3IyObO3auAmhp/O/GlyPWl1xX3 C4dft/1GDzmQiSJkDo3bbCIqbXL5PoBmdlfSCaX/MV39NDDAd/NGZCZ0aQmmNoT5fneJ PpIQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b="m/dnnr25"; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 85.214.62.61 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from phobos.denx.de (phobos.denx.de. [85.214.62.61]) by mx.google.com with ESMTPS id l6-20020a170902f68600b001b04c92cb42si7191657plg.357.2023.06.06.02.44.12 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 06 Jun 2023 02:44:13 -0700 (PDT) Received-SPF: pass (google.com: domain of u-boot-bounces@lists.denx.de designates 85.214.62.61 as permitted sender) client-ip=85.214.62.61; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b="m/dnnr25"; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 85.214.62.61 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 2D40885F79; Tue, 6 Jun 2023 11:42:27 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="m/dnnr25"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id 3CC7785FF0; Tue, 6 Jun 2023 11:42:19 +0200 (CEST) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.2 Received: from mail-pf1-x42e.google.com (mail-pf1-x42e.google.com [IPv6:2607:f8b0:4864:20::42e]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id 024BB85DE2 for ; Tue, 6 Jun 2023 11:42:02 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=masahisa.kojima@linaro.org Received: by mail-pf1-x42e.google.com with SMTP id d2e1a72fcca58-65131e85be4so5896569b3a.1 for ; Tue, 06 Jun 2023 02:42:02 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1686044520; x=1688636520; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=o3yTta2TXOcHgw4K4G1CoaXK03xBZDwaPsXaMBVskpw=; b=m/dnnr25/rJok4G01rr4X9W1IuCgeRacB+YEHm5iOF6VU9YL9Y5ZtC2+1lGgXV69vI 3LonDmbo6CtANoZRN5uHlHnt67zRxEIyuoU1JtV9xksBYYqNt0r59OnvKGSOkZHRXHYo dr8bf2IgcRtju2EEpgA3kl7PIC2n4y7k0vN7JJoyfxQQboPL13IJPjmG5CbXqd5IAU+Z 0qFwJq3eGNkF7dmpOD8u6fdxqUNT0bnpbs12UhhrliMLp4L+Z4Z4OrjPO0htn4dKCnfS LM7JPTOVWw2s3YugLDEEsM3Pts4U/Fq/RxVaK4aOiEkuVGwLTkjJe1aOIQDxyVMOi+gz BZ8w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1686044520; x=1688636520; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=o3yTta2TXOcHgw4K4G1CoaXK03xBZDwaPsXaMBVskpw=; b=WF9G73M06trQhn6bSB+BF1zRn8t4X6BSjlCrTrq0o07b4ZBzwznK6O9d8l/c5RmD9D npj5Lc0T1k5sORet1Use6WZAQVD2Q6U6fWU/xDk6xmaX1S2CRv8ybpb04R2lVV2UnNgR dTDZ4FoPBmXaNpbJr41rOStV5Z1ZpvlbQHJwsBSV50GNGXJDgmdDNgKwaG8NVfPjcm9W 9f9CkIhZraTSw9YG+pMT8KGWKpEI0tMV98Dvx/zPOXrZ5F8WDqyhrbdn4OaK1Js5Y5s4 HQasJT/AozsWjXvQndJi5KLf6DapwF4bdN+BPXRNviwINMRalVIMtUuLOSONr3ZG+WR5 ueyg== X-Gm-Message-State: AC+VfDxzERDZdpVuH0HNDj28VTVVs6WjoX2ji7+p0zqqU3Z+PXcvTq+z zCV/rMUz1AGxz+1Bn4L6DlXC8B1BIAG00ZyEYQA= X-Received: by 2002:a05:6a00:896:b0:641:39cb:1716 with SMTP id q22-20020a056a00089600b0064139cb1716mr2343828pfj.20.1686044519363; Tue, 06 Jun 2023 02:41:59 -0700 (PDT) Received: from ubuntu-SVE15129CJS.. ([240d:1a:cf7:5800:d3c2:bf07:d08b:b72d]) by smtp.gmail.com with ESMTPSA id u25-20020aa78399000000b00627ed4e23e0sm6542809pfm.101.2023.06.06.02.41.57 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 06 Jun 2023 02:41:58 -0700 (PDT) From: Masahisa Kojima To: u-boot@lists.denx.de Cc: Heinrich Schuchardt , Ilias Apalodimas , Simon Glass , Takahiro Akashi , malte.schmidt-oss@weidmueller.com, Masahisa Kojima Subject: [PATCH v8 09/10] test: efi_capsule: refactor efi_capsule test Date: Tue, 6 Jun 2023 18:40:33 +0900 Message-Id: <20230606094035.28990-10-masahisa.kojima@linaro.org> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20230606094035.28990-1-masahisa.kojima@linaro.org> References: <20230606094035.28990-1-masahisa.kojima@linaro.org> MIME-Version: 1.0 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.39 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.8 at phobos.denx.de X-Virus-Status: Clean Current efi capsule python tests have much code duplication. This commit creates the common function in test/py/tests/test_efi_capsule/capsule_common.py, aim to reduce the code size and improve maintainability. Reviewed-by: Simon Glass Signed-off-by: Masahisa Kojima --- Changes in v8: - add function comments Newly created in v7 .../tests/test_efi_capsule/capsule_common.py | 167 +++++++++++++ .../test_capsule_firmware_fit.py | 151 +++--------- .../test_capsule_firmware_raw.py | 224 +++--------------- .../test_capsule_firmware_signed_fit.py | 198 +++------------- .../test_capsule_firmware_signed_raw.py | 210 +++------------- 5 files changed, 312 insertions(+), 638 deletions(-) create mode 100644 test/py/tests/test_efi_capsule/capsule_common.py diff --git a/test/py/tests/test_efi_capsule/capsule_common.py b/test/py/tests/test_efi_capsule/capsule_common.py new file mode 100644 index 0000000000..be85c346b3 --- /dev/null +++ b/test/py/tests/test_efi_capsule/capsule_common.py @@ -0,0 +1,167 @@ +# SPDX-License-Identifier: GPL-2.0+ +# Copyright (c) 2023, Linaro Limited + + +"""Common function for UEFI capsule test.""" + +from capsule_defs import CAPSULE_DATA_DIR, CAPSULE_INSTALL_DIR + +def setup(u_boot_console, disk_img, osindications): + """setup the test + + Args: + u_boot_console: A console connection to U-Boot. + disk_img: A path to disk image to be used for testing. + osindications: String of osindications value. + + Return: + Nothing. + """ + output = u_boot_console.run_command_list([ + 'host bind 0 %s' % disk_img, + 'printenv -e PlatformLangCodes', # workaround for terminal size determination + 'efidebug boot add -b 1 TEST host 0:1 /helloworld.efi', + 'efidebug boot order 1', + 'env set dfu_alt_info "sf 0:0=u-boot-bin raw 0x100000 0x50000;u-boot-env raw 0x150000 0x200000"']) + + if osindications is None: + output = u_boot_console.run_command('env set -e OsIndications') + else: + output = u_boot_console.run_command('env set -e -nv -bs -rt OsIndications =%s' % osindications) + + output = u_boot_console.run_command('env save') + +def init_content(u_boot_console, target, filename, expected): + """initialize test content + + Args: + u_boot_console: A console connection to U-Boot. + target: Target address to place the content. + filename: File name of the content. + expected: Expected string of the content. + + Return: + Nothing. + """ + output = u_boot_console.run_command_list([ + 'sf probe 0:0', + 'fatload host 0:1 4000000 %s/%s' + % (CAPSULE_DATA_DIR, filename), + 'sf write 4000000 %s 10' % target, + 'sf read 5000000 100000 10', + 'md.b 5000000 10']) + assert expected in ''.join(output) + +def place_capsule_file(u_boot_console, filenames): + """place the capsule file + + Args: + u_boot_console: A console connection to U-Boot. + filenames: File name array of the target capsule files. + + Return: + Nothing. + """ + for name in filenames: + output = u_boot_console.run_command_list([ + 'fatload host 0:1 4000000 %s/%s' % (CAPSULE_DATA_DIR, name), + 'fatwrite host 0:1 4000000 %s/%s $filesize' + % (CAPSULE_INSTALL_DIR, name)]) + + output = u_boot_console.run_command('fatls host 0:1 %s' % CAPSULE_INSTALL_DIR) + for name in filenames: + assert name in ''.join(output) + +def exec_manual_update(u_boot_console, disk_img, filenames, need_reboot = True): + """execute capsule update manually + + Args: + u_boot_console: A console connection to U-Boot. + disk_img: A path to disk image to be used for testing. + filenames: File name array of the target capsule files. + need_reboot: Flag indicates whether system reboot is required. + + Return: + Nothing. + """ + # make sure that dfu_alt_info exists even persistent variables + # are not available. + output = u_boot_console.run_command_list([ + 'env set dfu_alt_info ' + '"sf 0:0=u-boot-bin raw 0x100000 0x50000;' + 'u-boot-env raw 0x150000 0x200000"', + 'host bind 0 %s' % disk_img, + 'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR]) + for name in filenames: + assert name in ''.join(output) + + # need to run uefi command to initiate capsule handling + output = u_boot_console.run_command( + 'env print -e Capsule0000', wait_for_reboot = need_reboot) + +def check_file_removed(u_boot_console, disk_img, filenames): + """check files are removed + + Args: + u_boot_console: A console connection to U-Boot. + disk_img: A path to disk image to be used for testing. + filenames: File name array of the target capsule files. + + Return: + Nothing. + """ + output = u_boot_console.run_command_list([ + 'host bind 0 %s' % disk_img, + 'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR]) + for name in filenames: + assert name not in ''.join(output) + +def check_file_exist(u_boot_console, disk_img, filenames): + """check files exist + + Args: + u_boot_console: A console connection to U-Boot. + disk_img: A path to disk image to be used for testing. + filenames: File name array of the target capsule files. + + Return: + Nothing. + """ + output = u_boot_console.run_command_list([ + 'host bind 0 %s' % disk_img, + 'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR]) + for name in filenames: + assert name in ''.join(output) + +def verify_content(u_boot_console, target, expected): + """verify the content + + Args: + u_boot_console: A console connection to U-Boot. + target: Target address to verify. + expected: Expected string of the content. + + Return: + Nothing. + """ + output = u_boot_console.run_command_list([ + 'sf probe 0:0', + 'sf read 4000000 %s 10' % target, + 'md.b 4000000 10']) + assert expected in ''.join(output) + +def do_reboot_dtb_specified(u_boot_config, u_boot_console, dtb_filename): + """do reboot with specified DTB + + Args: + u_boot_config: U-boot configuration. + u_boot_console: A console connection to U-Boot. + dtb_filename: DTB file name. + + Return: + Nothing. + """ + mnt_point = u_boot_config.persistent_data_dir + '/test_efi_capsule' + u_boot_console.config.dtb = mnt_point + CAPSULE_DATA_DIR \ + + '/%s' % dtb_filename + u_boot_console.restart_uboot() diff --git a/test/py/tests/test_efi_capsule/test_capsule_firmware_fit.py b/test/py/tests/test_efi_capsule/test_capsule_firmware_fit.py index 9ee152818d..fccf1f3fc1 100644 --- a/test/py/tests/test_efi_capsule/test_capsule_firmware_fit.py +++ b/test/py/tests/test_efi_capsule/test_capsule_firmware_fit.py @@ -8,7 +8,14 @@ This test verifies capsule-on-disk firmware update for FIT images import pytest from capsule_defs import CAPSULE_DATA_DIR, CAPSULE_INSTALL_DIR - +from capsule_common import ( + setup, + init_content, + place_capsule_file, + exec_manual_update, + check_file_removed, + verify_content +) @pytest.mark.boardspec('sandbox_flattree') @pytest.mark.buildconfigspec('efi_capsule_firmware_fit') @@ -40,37 +47,12 @@ class TestEfiCapsuleFirmwareFit(): u_boot_console.restart_uboot() disk_img = efi_capsule_data + capsule_files = ['Test05'] with u_boot_console.log.section('Test Case 1-a, before reboot'): - output = u_boot_console.run_command_list([ - 'host bind 0 %s' % disk_img, - 'efidebug boot add -b 1 TEST host 0:1 /helloworld.efi -s ""', - 'efidebug boot order 1', - 'env set -e -nv -bs -rt OsIndications =0x0000000000000004', - 'env set dfu_alt_info "sf 0:0=u-boot-bin raw 0x100000 0x50000;u-boot-env raw 0x150000 0x200000"', - 'env save']) - - # initialize contents - output = u_boot_console.run_command_list([ - 'sf probe 0:0', - 'fatload host 0:1 4000000 %s/u-boot.bin.old' % CAPSULE_DATA_DIR, - 'sf write 4000000 100000 10', - 'sf read 5000000 100000 10', - 'md.b 5000000 10']) - assert 'Old' in ''.join(output) - output = u_boot_console.run_command_list([ - 'sf probe 0:0', - 'fatload host 0:1 4000000 %s/u-boot.env.old' % CAPSULE_DATA_DIR, - 'sf write 4000000 150000 10', - 'sf read 5000000 150000 10', - 'md.b 5000000 10']) - assert 'Old' in ''.join(output) - - # place a capsule file - output = u_boot_console.run_command_list([ - 'fatload host 0:1 4000000 %s/Test05' % CAPSULE_DATA_DIR, - 'fatwrite host 0:1 4000000 %s/Test05 $filesize' % CAPSULE_INSTALL_DIR, - 'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR]) - assert 'Test05' in ''.join(output) + setup(u_boot_console, disk_img, '0x0000000000000004') + init_content(u_boot_console, '100000', 'u-boot.bin.old', 'Old') + init_content(u_boot_console, '150000', 'u-boot.env.old', 'Old') + place_capsule_file(u_boot_console, capsule_files) capsule_early = u_boot_config.buildconfig.get( 'config_efi_capsule_on_disk_early') @@ -80,28 +62,13 @@ class TestEfiCapsuleFirmwareFit(): with u_boot_console.log.section('Test Case 1-b, after reboot'): if not capsule_early: - # make sure that dfu_alt_info exists even persistent variables - # are not available. - output = u_boot_console.run_command_list([ - 'env set dfu_alt_info "sf 0:0=u-boot-bin raw 0x100000 0x50000;u-boot-env raw 0x150000 0x200000"', - 'host bind 0 %s' % disk_img, - 'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR]) - assert 'Test05' in ''.join(output) - - # need to run uefi command to initiate capsule handling - output = u_boot_console.run_command( - 'env print -e Capsule0000', wait_for_reboot = True) - - output = u_boot_console.run_command_list([ - 'sf probe 0:0', - 'sf read 4000000 100000 10', - 'md.b 4000000 10']) - assert 'u-boot:Old' in ''.join(output) - - output = u_boot_console.run_command_list([ - 'sf read 4000000 150000 10', - 'md.b 4000000 10']) - assert 'u-boot-env:Old' in ''.join(output) + exec_manual_update(u_boot_console, disk_img, capsule_files) + + # deleted anyway + check_file_removed(u_boot_console, disk_img, capsule_files) + + verify_content(u_boot_console, '100000', 'u-boot:Old') + verify_content(u_boot_console, '150000', 'u-boot-env:Old') def test_efi_capsule_fw2( self, u_boot_config, u_boot_console, efi_capsule_data): @@ -112,38 +79,12 @@ class TestEfiCapsuleFirmwareFit(): """ disk_img = efi_capsule_data + capsule_files = ['Test04'] with u_boot_console.log.section('Test Case 2-a, before reboot'): - output = u_boot_console.run_command_list([ - 'host bind 0 %s' % disk_img, - 'printenv -e PlatformLangCodes', # workaround for terminal size determination - 'efidebug boot add -b 1 TEST host 0:1 /helloworld.efi -s ""', - 'efidebug boot order 1', - 'env set -e -nv -bs -rt OsIndications =0x0000000000000004', - 'env set dfu_alt_info "sf 0:0=u-boot-bin raw 0x100000 0x50000;u-boot-env raw 0x150000 0x200000"', - 'env save']) - - # initialize contents - output = u_boot_console.run_command_list([ - 'sf probe 0:0', - 'fatload host 0:1 4000000 %s/u-boot.bin.old' % CAPSULE_DATA_DIR, - 'sf write 4000000 100000 10', - 'sf read 5000000 100000 10', - 'md.b 5000000 10']) - assert 'Old' in ''.join(output) - output = u_boot_console.run_command_list([ - 'sf probe 0:0', - 'fatload host 0:1 4000000 %s/u-boot.env.old' % CAPSULE_DATA_DIR, - 'sf write 4000000 150000 10', - 'sf read 5000000 150000 10', - 'md.b 5000000 10']) - assert 'Old' in ''.join(output) - - # place a capsule file - output = u_boot_console.run_command_list([ - 'fatload host 0:1 4000000 %s/Test04' % CAPSULE_DATA_DIR, - 'fatwrite host 0:1 4000000 %s/Test04 $filesize' % CAPSULE_INSTALL_DIR, - 'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR]) - assert 'Test04' in ''.join(output) + setup(u_boot_console, disk_img, '0x0000000000000004') + init_content(u_boot_console, '100000', 'u-boot.bin.old', 'Old') + init_content(u_boot_console, '150000', 'u-boot.env.old', 'Old') + place_capsule_file(u_boot_console, capsule_files) capsule_early = u_boot_config.buildconfig.get( 'config_efi_capsule_on_disk_early') @@ -155,36 +96,12 @@ class TestEfiCapsuleFirmwareFit(): with u_boot_console.log.section('Test Case 2-b, after reboot'): if not capsule_early: - # make sure that dfu_alt_info exists even persistent variables - # are not available. - output = u_boot_console.run_command_list([ - 'env set dfu_alt_info "sf 0:0=u-boot-bin raw 0x100000 0x50000;u-boot-env raw 0x150000 0x200000"', - 'host bind 0 %s' % disk_img, - 'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR]) - assert 'Test04' in ''.join(output) - - # need to run uefi command to initiate capsule handling - output = u_boot_console.run_command( - 'env print -e Capsule0000', wait_for_reboot = True) - - output = u_boot_console.run_command_list([ - 'host bind 0 %s' % disk_img, - 'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR]) - assert 'Test04' not in ''.join(output) - - output = u_boot_console.run_command_list([ - 'sf probe 0:0', - 'sf read 4000000 100000 10', - 'md.b 4000000 10']) - if capsule_auth: - assert 'u-boot:Old' in ''.join(output) - else: - assert 'u-boot:New' in ''.join(output) - - output = u_boot_console.run_command_list([ - 'sf read 4000000 150000 10', - 'md.b 4000000 10']) - if capsule_auth: - assert 'u-boot-env:Old' in ''.join(output) - else: - assert 'u-boot-env:New' in ''.join(output) + exec_manual_update(u_boot_console, disk_img, capsule_files) + + check_file_removed(u_boot_console, disk_img, capsule_files) + + expected = 'u-boot:Old' if capsule_auth else 'u-boot:New' + verify_content(u_boot_console, '100000', expected) + + expected = 'u-boot-env:Old' if capsule_auth else 'u-boot-env:New' + verify_content(u_boot_console, '150000', expected) diff --git a/test/py/tests/test_efi_capsule/test_capsule_firmware_raw.py b/test/py/tests/test_efi_capsule/test_capsule_firmware_raw.py index 92bfb14932..e00686a9fc 100644 --- a/test/py/tests/test_efi_capsule/test_capsule_firmware_raw.py +++ b/test/py/tests/test_efi_capsule/test_capsule_firmware_raw.py @@ -8,6 +8,15 @@ This test verifies capsule-on-disk firmware update for raw images import pytest from capsule_defs import CAPSULE_DATA_DIR, CAPSULE_INSTALL_DIR +from capsule_common import ( + setup, + init_content, + place_capsule_file, + exec_manual_update, + check_file_removed, + check_file_exist, + verify_content +) @pytest.mark.boardspec('sandbox') @pytest.mark.buildconfigspec('efi_capsule_firmware_raw') @@ -40,37 +49,12 @@ class TestEfiCapsuleFirmwareRaw: u_boot_console.restart_uboot() disk_img = efi_capsule_data + capsule_files = ['Test03'] with u_boot_console.log.section('Test Case 1-a, before reboot'): - output = u_boot_console.run_command_list([ - 'host bind 0 %s' % disk_img, - 'efidebug boot add -b 1 TEST host 0:1 /helloworld.efi -s ""', - 'efidebug boot order 1', - 'env set -e -nv -bs -rt OsIndications =0x0000000000000004', - 'env set dfu_alt_info "sf 0:0=u-boot-bin raw 0x100000 0x50000;u-boot-env raw 0x150000 0x200000"', - 'env save']) - - # initialize contents - output = u_boot_console.run_command_list([ - 'sf probe 0:0', - 'fatload host 0:1 4000000 %s/u-boot.bin.old' % CAPSULE_DATA_DIR, - 'sf write 4000000 100000 10', - 'sf read 5000000 100000 10', - 'md.b 5000000 10']) - assert 'Old' in ''.join(output) - output = u_boot_console.run_command_list([ - 'sf probe 0:0', - 'fatload host 0:1 4000000 %s/u-boot.env.old' % CAPSULE_DATA_DIR, - 'sf write 4000000 150000 10', - 'sf read 5000000 150000 10', - 'md.b 5000000 10']) - assert 'Old' in ''.join(output) - - # place a capsule file - output = u_boot_console.run_command_list([ - 'fatload host 0:1 4000000 %s/Test03' % CAPSULE_DATA_DIR, - 'fatwrite host 0:1 4000000 %s/Test03 $filesize' % CAPSULE_INSTALL_DIR, - 'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR]) - assert 'Test03' in ''.join(output) + setup(u_boot_console, disk_img, '0x0000000000000004') + init_content(u_boot_console, '100000', 'u-boot.bin.old', 'Old') + init_content(u_boot_console, '150000', 'u-boot.env.old', 'Old') + place_capsule_file(u_boot_console, capsule_files) # reboot u_boot_console.restart_uboot() @@ -80,28 +64,13 @@ class TestEfiCapsuleFirmwareRaw: with u_boot_console.log.section('Test Case 1-b, after reboot'): if not capsule_early: - # make sure that dfu_alt_info exists even persistent variables - # are not available. - output = u_boot_console.run_command_list([ - 'env set dfu_alt_info "sf 0:0=u-boot-bin raw 0x100000 0x50000;u-boot-env raw 0x150000 0x200000"', - 'host bind 0 %s' % disk_img, - 'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR]) - assert 'Test03' in ''.join(output) + exec_manual_update(u_boot_console, disk_img, capsule_files) - # need to run uefi command to initiate capsule handling - output = u_boot_console.run_command( - 'env print -e Capsule0000', wait_for_reboot = True) + # deleted anyway + check_file_removed(u_boot_console, disk_img, capsule_files) - output = u_boot_console.run_command_list([ - 'sf probe 0:0', - 'sf read 4000000 100000 10', - 'md.b 4000000 10']) - assert 'u-boot:Old' in ''.join(output) - - output = u_boot_console.run_command_list([ - 'sf read 4000000 150000 10', - 'md.b 4000000 10']) - assert 'u-boot-env:Old' in ''.join(output) + verify_content(u_boot_console, '100000', 'u-boot:Old') + verify_content(u_boot_console, '150000', 'u-boot-env:Old') def test_efi_capsule_fw2( self, u_boot_config, u_boot_console, efi_capsule_data): @@ -112,44 +81,12 @@ class TestEfiCapsuleFirmwareRaw: 0x150000-0x200000: U-Boot environment (but dummy) """ disk_img = efi_capsule_data + capsule_files = ['Test01', 'Test02'] with u_boot_console.log.section('Test Case 2-a, before reboot'): - output = u_boot_console.run_command_list([ - 'host bind 0 %s' % disk_img, - 'printenv -e PlatformLangCodes', # workaround for terminal size determination - 'efidebug boot add -b 1 TEST host 0:1 /helloworld.efi -s ""', - 'efidebug boot order 1', - 'env set -e OsIndications', - 'env set dfu_alt_info "sf 0:0=u-boot-bin raw 0x100000 0x50000;u-boot-env raw 0x150000 0x200000"', - 'env save']) - - # initialize contents - output = u_boot_console.run_command_list([ - 'sf probe 0:0', - 'fatload host 0:1 4000000 %s/u-boot.bin.old' % CAPSULE_DATA_DIR, - 'sf write 4000000 100000 10', - 'sf read 5000000 100000 10', - 'md.b 5000000 10']) - assert 'Old' in ''.join(output) - output = u_boot_console.run_command_list([ - 'sf probe 0:0', - 'fatload host 0:1 4000000 %s/u-boot.env.old' % CAPSULE_DATA_DIR, - 'sf write 4000000 150000 10', - 'sf read 5000000 150000 10', - 'md.b 5000000 10']) - assert 'Old' in ''.join(output) - - # place the capsule files - output = u_boot_console.run_command_list([ - 'fatload host 0:1 4000000 %s/Test01' % CAPSULE_DATA_DIR, - 'fatwrite host 0:1 4000000 %s/Test01 $filesize' % CAPSULE_INSTALL_DIR, - 'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR]) - assert 'Test01' in ''.join(output) - - output = u_boot_console.run_command_list([ - 'fatload host 0:1 4000000 %s/Test02' % CAPSULE_DATA_DIR, - 'fatwrite host 0:1 4000000 %s/Test02 $filesize' % CAPSULE_INSTALL_DIR, - 'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR]) - assert 'Test02' in ''.join(output) + setup(u_boot_console, disk_img, None) + init_content(u_boot_console, '100000', 'u-boot.bin.old', 'Old') + init_content(u_boot_console, '150000', 'u-boot.env.old', 'Old') + place_capsule_file(u_boot_console, capsule_files) # reboot u_boot_console.restart_uboot() @@ -158,35 +95,12 @@ class TestEfiCapsuleFirmwareRaw: 'config_efi_capsule_on_disk_early') with u_boot_console.log.section('Test Case 2-b, after reboot'): if not capsule_early: - # make sure that dfu_alt_info exists even persistent variables - # are not available. - output = u_boot_console.run_command_list([ - 'env set dfu_alt_info "sf 0:0=u-boot-bin raw 0x100000 0x50000;u-boot-env raw 0x150000 0x200000"', - 'host bind 0 %s' % disk_img, - 'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR]) - assert 'Test01' in ''.join(output) - assert 'Test02' in ''.join(output) + exec_manual_update(u_boot_console, disk_img, capsule_files, False) - # need to run uefi command to initiate capsule handling - output = u_boot_console.run_command( - 'env print -e Capsule0000') + check_file_exist(u_boot_console, disk_img, capsule_files) - output = u_boot_console.run_command_list([ - 'host bind 0 %s' % disk_img, - 'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR]) - assert 'Test01' in ''.join(output) - assert 'Test02' in ''.join(output) - - output = u_boot_console.run_command_list([ - 'sf probe 0:0', - 'sf read 4000000 100000 10', - 'md.b 4000000 10']) - assert 'u-boot:Old' in ''.join(output) - - output = u_boot_console.run_command_list([ - 'sf read 4000000 150000 10', - 'md.b 4000000 10']) - assert 'u-boot-env:Old' in ''.join(output) + verify_content(u_boot_console, '100000', 'u-boot:Old') + verify_content(u_boot_console, '150000', 'u-boot-env:Old') def test_efi_capsule_fw3( self, u_boot_config, u_boot_console, efi_capsule_data): @@ -195,45 +109,12 @@ class TestEfiCapsuleFirmwareRaw: 0x100000-0x150000: U-Boot binary (but dummy) """ disk_img = efi_capsule_data + capsule_files = ['Test01', 'Test02'] with u_boot_console.log.section('Test Case 3-a, before reboot'): - output = u_boot_console.run_command_list([ - 'host bind 0 %s' % disk_img, - 'printenv -e PlatformLangCodes', # workaround for terminal size determination - 'efidebug boot add -b 1 TEST host 0:1 /helloworld.efi -s ""', - 'efidebug boot order 1', - 'env set -e -nv -bs -rt OsIndications =0x0000000000000004', - 'env set dfu_alt_info "sf 0:0=u-boot-bin raw 0x100000 0x50000;u-boot-env raw 0x150000 0x200000"', - 'env save']) - - # initialize contents - output = u_boot_console.run_command_list([ - 'sf probe 0:0', - 'fatload host 0:1 4000000 %s/u-boot.bin.old' % CAPSULE_DATA_DIR, - 'sf write 4000000 100000 10', - 'sf read 5000000 100000 10', - 'md.b 5000000 10']) - assert 'Old' in ''.join(output) - - output = u_boot_console.run_command_list([ - 'sf probe 0:0', - 'fatload host 0:1 4000000 %s/u-boot.env.old' % CAPSULE_DATA_DIR, - 'sf write 4000000 150000 10', - 'sf read 5000000 100000 10', - 'md.b 5000000 10']) - assert 'Old' in ''.join(output) - - # place the capsule files - output = u_boot_console.run_command_list([ - 'fatload host 0:1 4000000 %s/Test01' % CAPSULE_DATA_DIR, - 'fatwrite host 0:1 4000000 %s/Test01 $filesize' % CAPSULE_INSTALL_DIR, - 'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR]) - assert 'Test01' in ''.join(output) - - output = u_boot_console.run_command_list([ - 'fatload host 0:1 4000000 %s/Test02' % CAPSULE_DATA_DIR, - 'fatwrite host 0:1 4000000 %s/Test02 $filesize' % CAPSULE_INSTALL_DIR, - 'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR]) - assert 'Test02' in ''.join(output) + setup(u_boot_console, disk_img, '0x0000000000000004') + init_content(u_boot_console, '100000', 'u-boot.bin.old', 'Old') + init_content(u_boot_console, '150000', 'u-boot.env.old', 'Old') + place_capsule_file(u_boot_console, capsule_files) capsule_early = u_boot_config.buildconfig.get( 'config_efi_capsule_on_disk_early') @@ -245,18 +126,7 @@ class TestEfiCapsuleFirmwareRaw: with u_boot_console.log.section('Test Case 3-b, after reboot'): if not capsule_early: - # make sure that dfu_alt_info exists even persistent variables - # are not available. - output = u_boot_console.run_command_list([ - 'env set dfu_alt_info "sf 0:0=u-boot-bin raw 0x100000 0x50000;u-boot-env raw 0x150000 0x200000"', - 'host bind 0 %s' % disk_img, - 'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR]) - assert 'Test01' in ''.join(output) - assert 'Test02' in ''.join(output) - - # need to run uefi command to initiate capsule handling - output = u_boot_console.run_command( - 'env print -e Capsule0000', wait_for_reboot = True) + exec_manual_update(u_boot_console, disk_img, capsule_files) # make sure the dfu_alt_info exists because it is required for making ESRT. output = u_boot_console.run_command_list([ @@ -269,26 +139,10 @@ class TestEfiCapsuleFirmwareRaw: # ensure that SANDBOX_UBOOT_IMAGE_GUID is in the ESRT. assert '09D7CF52-0720-4710-91D1-08469B7FE9C8' in ''.join(output) - output = u_boot_console.run_command_list([ - 'host bind 0 %s' % disk_img, - 'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR]) - assert 'Test01' not in ''.join(output) - assert 'Test02' not in ''.join(output) + check_file_removed(u_boot_console, disk_img, capsule_files) - output = u_boot_console.run_command_list([ - 'sf probe 0:0', - 'sf read 4000000 100000 10', - 'md.b 4000000 10']) - if capsule_auth: - assert 'u-boot:Old' in ''.join(output) - else: - assert 'u-boot:New' in ''.join(output) + expected = 'u-boot:Old' if capsule_auth else 'u-boot:New' + verify_content(u_boot_console, '100000', expected) - output = u_boot_console.run_command_list([ - 'sf probe 0:0', - 'sf read 4000000 150000 10', - 'md.b 4000000 10']) - if capsule_auth: - assert 'u-boot-env:Old' in ''.join(output) - else: - assert 'u-boot-env:New' in ''.join(output) + expected = 'u-boot-env:Old' if capsule_auth else 'u-boot-env:New' + verify_content(u_boot_console, '150000', expected) diff --git a/test/py/tests/test_efi_capsule/test_capsule_firmware_signed_fit.py b/test/py/tests/test_efi_capsule/test_capsule_firmware_signed_fit.py index ba8429e83c..cbacdab4d1 100644 --- a/test/py/tests/test_efi_capsule/test_capsule_firmware_signed_fit.py +++ b/test/py/tests/test_efi_capsule/test_capsule_firmware_signed_fit.py @@ -11,6 +11,15 @@ with signed capsule files containing FIT images import pytest from capsule_defs import CAPSULE_DATA_DIR, CAPSULE_INSTALL_DIR +from capsule_common import ( + setup, + init_content, + place_capsule_file, + exec_manual_update, + check_file_removed, + verify_content, + do_reboot_dtb_specified +) @pytest.mark.boardspec('sandbox_flattree') @pytest.mark.buildconfigspec('efi_capsule_firmware_fit') @@ -37,70 +46,23 @@ class TestEfiCapsuleFirmwareSignedFit(): should pass and the firmware be updated. """ disk_img = efi_capsule_data + capsule_files = ['Test13'] with u_boot_console.log.section('Test Case 1-a, before reboot'): - output = u_boot_console.run_command_list([ - 'host bind 0 %s' % disk_img, - 'printenv -e PlatformLangCodes', # workaround for terminal size determination - 'efidebug boot add -b 1 TEST host 0:1 /helloworld.efi', - 'efidebug boot order 1', - 'env set -e -nv -bs -rt OsIndications =0x0000000000000004', - 'env set dfu_alt_info ' - '"sf 0:0=u-boot-bin raw 0x100000 ' - '0x50000;u-boot-env raw 0x150000 0x200000"', - 'env save']) + setup(u_boot_console, disk_img, '0x0000000000000004') + init_content(u_boot_console, '100000', 'u-boot.bin.old', 'Old') + place_capsule_file(u_boot_console, capsule_files) - # initialize content - output = u_boot_console.run_command_list([ - 'sf probe 0:0', - 'fatload host 0:1 4000000 %s/u-boot.bin.old' - % CAPSULE_DATA_DIR, - 'sf write 4000000 100000 10', - 'sf read 5000000 100000 10', - 'md.b 5000000 10']) - assert 'Old' in ''.join(output) - - # place a capsule file - output = u_boot_console.run_command_list([ - 'fatload host 0:1 4000000 %s/Test13' % CAPSULE_DATA_DIR, - 'fatwrite host 0:1 4000000 %s/Test13 $filesize' - % CAPSULE_INSTALL_DIR, - 'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR]) - assert 'Test13' in ''.join(output) - - # reboot - mnt_point = u_boot_config.persistent_data_dir + '/test_efi_capsule' - u_boot_console.config.dtb = mnt_point + CAPSULE_DATA_DIR \ - + '/test_sig.dtb' - u_boot_console.restart_uboot() + do_reboot_dtb_specified(u_boot_config, u_boot_console, 'test_sig.dtb') capsule_early = u_boot_config.buildconfig.get( 'config_efi_capsule_on_disk_early') with u_boot_console.log.section('Test Case 1-b, after reboot'): if not capsule_early: - # make sure that dfu_alt_info exists even persistent variables - # are not available. - output = u_boot_console.run_command_list([ - 'env set dfu_alt_info ' - '"sf 0:0=u-boot-bin raw 0x100000 ' - '0x50000;u-boot-env raw 0x150000 0x200000"', - 'host bind 0 %s' % disk_img, - 'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR]) - assert 'Test13' in ''.join(output) - - # need to run uefi command to initiate capsule handling - output = u_boot_console.run_command( - 'env print -e Capsule0000', wait_for_reboot = True) + exec_manual_update(u_boot_console, disk_img, capsule_files) - output = u_boot_console.run_command_list([ - 'host bind 0 %s' % disk_img, - 'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR]) - assert 'Test13' not in ''.join(output) + check_file_removed(u_boot_console, disk_img, capsule_files) - output = u_boot_console.run_command_list([ - 'sf probe 0:0', - 'sf read 4000000 100000 10', - 'md.b 4000000 10']) - assert 'u-boot:New' in ''.join(output) + verify_content(u_boot_console, '100000', 'u-boot:New') def test_efi_capsule_auth2( self, u_boot_config, u_boot_console, efi_capsule_data): @@ -113,73 +75,26 @@ class TestEfiCapsuleFirmwareSignedFit(): not be updated. """ disk_img = efi_capsule_data + capsule_files = ['Test14'] with u_boot_console.log.section('Test Case 2-a, before reboot'): - output = u_boot_console.run_command_list([ - 'host bind 0 %s' % disk_img, - 'printenv -e PlatformLangCodes', # workaround for terminal size determination - 'efidebug boot add -b 1 TEST host 0:1 /helloworld.efi', - 'efidebug boot order 1', - 'env set -e -nv -bs -rt OsIndications =0x0000000000000004', - 'env set dfu_alt_info ' - '"sf 0:0=u-boot-bin raw 0x100000 ' - '0x50000;u-boot-env raw 0x150000 0x200000"', - 'env save']) - - # initialize content - output = u_boot_console.run_command_list([ - 'sf probe 0:0', - 'fatload host 0:1 4000000 %s/u-boot.bin.old' - % CAPSULE_DATA_DIR, - 'sf write 4000000 100000 10', - 'sf read 5000000 100000 10', - 'md.b 5000000 10']) - assert 'Old' in ''.join(output) - - # place a capsule file - output = u_boot_console.run_command_list([ - 'fatload host 0:1 4000000 %s/Test14' % CAPSULE_DATA_DIR, - 'fatwrite host 0:1 4000000 %s/Test14 $filesize' - % CAPSULE_INSTALL_DIR, - 'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR]) - assert 'Test14' in ''.join(output) + setup(u_boot_console, disk_img, '0x0000000000000004') + init_content(u_boot_console, '100000', 'u-boot.bin.old', 'Old') + place_capsule_file(u_boot_console, capsule_files) - # reboot - mnt_point = u_boot_config.persistent_data_dir + '/test_efi_capsule' - u_boot_console.config.dtb = mnt_point + CAPSULE_DATA_DIR \ - + '/test_sig.dtb' - u_boot_console.restart_uboot() + do_reboot_dtb_specified(u_boot_config, u_boot_console, 'test_sig.dtb') capsule_early = u_boot_config.buildconfig.get( 'config_efi_capsule_on_disk_early') with u_boot_console.log.section('Test Case 2-b, after reboot'): if not capsule_early: - # make sure that dfu_alt_info exists even persistent variables - # are not available. - output = u_boot_console.run_command_list([ - 'env set dfu_alt_info ' - '"sf 0:0=u-boot-bin raw 0x100000 ' - '0x50000;u-boot-env raw 0x150000 0x200000"', - 'host bind 0 %s' % disk_img, - 'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR]) - assert 'Test14' in ''.join(output) - - # need to run uefi command to initiate capsule handling - output = u_boot_console.run_command( - 'env print -e Capsule0000', wait_for_reboot = True) + exec_manual_update(u_boot_console, disk_img, capsule_files) # deleted any way - output = u_boot_console.run_command_list([ - 'host bind 0 %s' % disk_img, - 'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR]) - assert 'Test14' not in ''.join(output) + check_file_removed(u_boot_console, disk_img, capsule_files) # TODO: check CapsuleStatus in CapsuleXXXX - output = u_boot_console.run_command_list([ - 'sf probe 0:0', - 'sf read 4000000 100000 10', - 'md.b 4000000 10']) - assert 'u-boot:Old' in ''.join(output) + verify_content(u_boot_console, '100000', 'u-boot:Old') def test_efi_capsule_auth3( self, u_boot_config, u_boot_console, efi_capsule_data): @@ -191,70 +106,23 @@ class TestEfiCapsuleFirmwareSignedFit(): should fail and the firmware not be updated. """ disk_img = efi_capsule_data + capsule_files = ['Test02'] with u_boot_console.log.section('Test Case 3-a, before reboot'): - output = u_boot_console.run_command_list([ - 'host bind 0 %s' % disk_img, - 'printenv -e PlatformLangCodes', # workaround for terminal size determination - 'efidebug boot add -b 1 TEST host 0:1 /helloworld.efi', - 'efidebug boot order 1', - 'env set -e -nv -bs -rt OsIndications =0x0000000000000004', - 'env set dfu_alt_info ' - '"sf 0:0=u-boot-bin raw 0x100000 ' - '0x50000;u-boot-env raw 0x150000 0x200000"', - 'env save']) - - # initialize content - output = u_boot_console.run_command_list([ - 'sf probe 0:0', - 'fatload host 0:1 4000000 %s/u-boot.bin.old' - % CAPSULE_DATA_DIR, - 'sf write 4000000 100000 10', - 'sf read 5000000 100000 10', - 'md.b 5000000 10']) - assert 'Old' in ''.join(output) + setup(u_boot_console, disk_img, '0x0000000000000004') + init_content(u_boot_console, '100000', 'u-boot.bin.old', 'Old') + place_capsule_file(u_boot_console, capsule_files) - # place a capsule file - output = u_boot_console.run_command_list([ - 'fatload host 0:1 4000000 %s/Test02' % CAPSULE_DATA_DIR, - 'fatwrite host 0:1 4000000 %s/Test02 $filesize' - % CAPSULE_INSTALL_DIR, - 'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR]) - assert 'Test02' in ''.join(output) - - # reboot - mnt_point = u_boot_config.persistent_data_dir + '/test_efi_capsule' - u_boot_console.config.dtb = mnt_point + CAPSULE_DATA_DIR \ - + '/test_sig.dtb' - u_boot_console.restart_uboot() + do_reboot_dtb_specified(u_boot_config, u_boot_console, 'test_sig.dtb') capsule_early = u_boot_config.buildconfig.get( 'config_efi_capsule_on_disk_early') with u_boot_console.log.section('Test Case 3-b, after reboot'): if not capsule_early: - # make sure that dfu_alt_info exists even persistent variables - # are not available. - output = u_boot_console.run_command_list([ - 'env set dfu_alt_info ' - '"sf 0:0=u-boot-bin raw 0x100000 ' - '0x50000;u-boot-env raw 0x150000 0x200000"', - 'host bind 0 %s' % disk_img, - 'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR]) - assert 'Test02' in ''.join(output) - - # need to run uefi command to initiate capsule handling - output = u_boot_console.run_command( - 'env print -e Capsule0000', wait_for_reboot = True) + exec_manual_update(u_boot_console, disk_img, capsule_files) # deleted any way - output = u_boot_console.run_command_list([ - 'host bind 0 %s' % disk_img, - 'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR]) - assert 'Test02' not in ''.join(output) + check_file_removed(u_boot_console, disk_img, capsule_files) # TODO: check CapsuleStatus in CapsuleXXXX - output = u_boot_console.run_command_list([ - 'sf probe 0:0', - 'sf read 4000000 100000 10', - 'md.b 4000000 10']) - assert 'u-boot:Old' in ''.join(output) + verify_content(u_boot_console, '100000', 'u-boot:Old') diff --git a/test/py/tests/test_efi_capsule/test_capsule_firmware_signed_raw.py b/test/py/tests/test_efi_capsule/test_capsule_firmware_signed_raw.py index 710d9925a3..3d6274ff99 100644 --- a/test/py/tests/test_efi_capsule/test_capsule_firmware_signed_raw.py +++ b/test/py/tests/test_efi_capsule/test_capsule_firmware_signed_raw.py @@ -9,6 +9,15 @@ with signed capsule files containing raw images import pytest from capsule_defs import CAPSULE_DATA_DIR, CAPSULE_INSTALL_DIR +from capsule_common import ( + setup, + init_content, + place_capsule_file, + exec_manual_update, + check_file_removed, + verify_content, + do_reboot_dtb_specified +) @pytest.mark.boardspec('sandbox') @pytest.mark.buildconfigspec('efi_capsule_firmware_raw') @@ -34,69 +43,23 @@ class TestEfiCapsuleFirmwareSignedRaw(): should pass and the firmware be updated. """ disk_img = efi_capsule_data + capsule_files = ['Test11'] with u_boot_console.log.section('Test Case 1-a, before reboot'): - output = u_boot_console.run_command_list([ - 'host bind 0 %s' % disk_img, - 'efidebug boot add -b 1 TEST host 0:1 /helloworld.efi', - 'efidebug boot order 1', - 'env set -e -nv -bs -rt OsIndications =0x0000000000000004', - 'env set dfu_alt_info ' - '"sf 0:0=u-boot-bin raw 0x100000 ' - '0x50000;u-boot-env raw 0x150000 0x200000"', - 'env save']) - - # initialize content - output = u_boot_console.run_command_list([ - 'sf probe 0:0', - 'fatload host 0:1 4000000 %s/u-boot.bin.old' - % CAPSULE_DATA_DIR, - 'sf write 4000000 100000 10', - 'sf read 5000000 100000 10', - 'md.b 5000000 10']) - assert 'Old' in ''.join(output) - - # place a capsule file - output = u_boot_console.run_command_list([ - 'fatload host 0:1 4000000 %s/Test11' % CAPSULE_DATA_DIR, - 'fatwrite host 0:1 4000000 %s/Test11 $filesize' - % CAPSULE_INSTALL_DIR, - 'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR]) - assert 'Test11' in ''.join(output) - - # reboot - mnt_point = u_boot_config.persistent_data_dir + '/test_efi_capsule' - u_boot_console.config.dtb = mnt_point + CAPSULE_DATA_DIR \ - + '/test_sig.dtb' - u_boot_console.restart_uboot() + setup(u_boot_console, disk_img, '0x0000000000000004') + init_content(u_boot_console, '100000', 'u-boot.bin.old', 'Old') + place_capsule_file(u_boot_console, capsule_files) + + do_reboot_dtb_specified(u_boot_config, u_boot_console, 'test_sig.dtb') capsule_early = u_boot_config.buildconfig.get( 'config_efi_capsule_on_disk_early') with u_boot_console.log.section('Test Case 1-b, after reboot'): if not capsule_early: - # make sure that dfu_alt_info exists even persistent variables - # are not available. - output = u_boot_console.run_command_list([ - 'env set dfu_alt_info ' - '"sf 0:0=u-boot-bin raw 0x100000 ' - '0x50000;u-boot-env raw 0x150000 0x200000"', - 'host bind 0 %s' % disk_img, - 'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR]) - assert 'Test11' in ''.join(output) - - # need to run uefi command to initiate capsule handling - output = u_boot_console.run_command( - 'env print -e Capsule0000', wait_for_reboot = True) - - output = u_boot_console.run_command_list([ - 'host bind 0 %s' % disk_img, - 'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR]) - assert 'Test11' not in ''.join(output) - - output = u_boot_console.run_command_list([ - 'sf probe 0:0', - 'sf read 4000000 100000 10', - 'md.b 4000000 10']) - assert 'u-boot:New' in ''.join(output) + exec_manual_update(u_boot_console, disk_img, capsule_files) + + check_file_removed(u_boot_console, disk_img, capsule_files) + + verify_content(u_boot_console, '100000', 'u-boot:New') def test_efi_capsule_auth2( self, u_boot_config, u_boot_console, efi_capsule_data): @@ -108,73 +71,25 @@ class TestEfiCapsuleFirmwareSignedRaw(): not be updated. """ disk_img = efi_capsule_data + capsule_files = ['Test12'] with u_boot_console.log.section('Test Case 2-a, before reboot'): - output = u_boot_console.run_command_list([ - 'host bind 0 %s' % disk_img, - 'printenv -e PlatformLangCodes', # workaround for terminal size determination - 'efidebug boot add -b 1 TEST host 0:1 /helloworld.efi', - 'efidebug boot order 1', - 'env set -e -nv -bs -rt OsIndications =0x0000000000000004', - 'env set dfu_alt_info ' - '"sf 0:0=u-boot-bin raw 0x100000 ' - '0x50000;u-boot-env raw 0x150000 0x200000"', - 'env save']) - - # initialize content - output = u_boot_console.run_command_list([ - 'sf probe 0:0', - 'fatload host 0:1 4000000 %s/u-boot.bin.old' - % CAPSULE_DATA_DIR, - 'sf write 4000000 100000 10', - 'sf read 5000000 100000 10', - 'md.b 5000000 10']) - assert 'Old' in ''.join(output) - - # place a capsule file - output = u_boot_console.run_command_list([ - 'fatload host 0:1 4000000 %s/Test12' % CAPSULE_DATA_DIR, - 'fatwrite host 0:1 4000000 %s/Test12 $filesize' - % CAPSULE_INSTALL_DIR, - 'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR]) - assert 'Test12' in ''.join(output) - - # reboot - mnt_point = u_boot_config.persistent_data_dir + '/test_efi_capsule' - u_boot_console.config.dtb = mnt_point + CAPSULE_DATA_DIR \ - + '/test_sig.dtb' - u_boot_console.restart_uboot() + setup(u_boot_console, disk_img, '0x0000000000000004') + init_content(u_boot_console, '100000', 'u-boot.bin.old', 'Old') + place_capsule_file(u_boot_console, capsule_files) + + do_reboot_dtb_specified(u_boot_config, u_boot_console, 'test_sig.dtb') capsule_early = u_boot_config.buildconfig.get( 'config_efi_capsule_on_disk_early') with u_boot_console.log.section('Test Case 2-b, after reboot'): if not capsule_early: - # make sure that dfu_alt_info exists even persistent variables - # are not available. - output = u_boot_console.run_command_list([ - 'env set dfu_alt_info ' - '"sf 0:0=u-boot-bin raw 0x100000 ' - '0x50000;u-boot-env raw 0x150000 0x200000"', - 'host bind 0 %s' % disk_img, - 'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR]) - assert 'Test12' in ''.join(output) - - # need to run uefi command to initiate capsule handling - output = u_boot_console.run_command( - 'env print -e Capsule0000', wait_for_reboot = True) - - # deleted any way - output = u_boot_console.run_command_list([ - 'host bind 0 %s' % disk_img, - 'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR]) - assert 'Test12' not in ''.join(output) + exec_manual_update(u_boot_console, disk_img, capsule_files) + + check_file_removed(u_boot_console, disk_img, capsule_files) # TODO: check CapsuleStatus in CapsuleXXXX - output = u_boot_console.run_command_list([ - 'sf probe 0:0', - 'sf read 4000000 100000 10', - 'md.b 4000000 10']) - assert 'u-boot:Old' in ''.join(output) + verify_content(u_boot_console, '100000', 'u-boot:Old') def test_efi_capsule_auth3( self, u_boot_config, u_boot_console, efi_capsule_data): @@ -185,70 +100,23 @@ class TestEfiCapsuleFirmwareSignedRaw(): should fail and the firmware not be updated. """ disk_img = efi_capsule_data + capsule_files = ['Test02'] with u_boot_console.log.section('Test Case 3-a, before reboot'): - output = u_boot_console.run_command_list([ - 'host bind 0 %s' % disk_img, - 'printenv -e PlatformLangCodes', # workaround for terminal size determination - 'efidebug boot add -b 1 TEST host 0:1 /helloworld.efi', - 'efidebug boot order 1', - 'env set -e -nv -bs -rt OsIndications =0x0000000000000004', - 'env set dfu_alt_info ' - '"sf 0:0=u-boot-bin raw 0x100000 ' - '0x50000;u-boot-env raw 0x150000 0x200000"', - 'env save']) - - # initialize content - output = u_boot_console.run_command_list([ - 'sf probe 0:0', - 'fatload host 0:1 4000000 %s/u-boot.bin.old' - % CAPSULE_DATA_DIR, - 'sf write 4000000 100000 10', - 'sf read 5000000 100000 10', - 'md.b 5000000 10']) - assert 'Old' in ''.join(output) - - # place a capsule file - output = u_boot_console.run_command_list([ - 'fatload host 0:1 4000000 %s/Test02' % CAPSULE_DATA_DIR, - 'fatwrite host 0:1 4000000 %s/Test02 $filesize' - % CAPSULE_INSTALL_DIR, - 'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR]) - assert 'Test02' in ''.join(output) - - # reboot - mnt_point = u_boot_config.persistent_data_dir + '/test_efi_capsule' - u_boot_console.config.dtb = mnt_point + CAPSULE_DATA_DIR \ - + '/test_sig.dtb' - u_boot_console.restart_uboot() + setup(u_boot_console, disk_img, '0x0000000000000004') + init_content(u_boot_console, '100000', 'u-boot.bin.old', 'Old') + place_capsule_file(u_boot_console, capsule_files) + + do_reboot_dtb_specified(u_boot_config, u_boot_console, 'test_sig.dtb') capsule_early = u_boot_config.buildconfig.get( 'config_efi_capsule_on_disk_early') with u_boot_console.log.section('Test Case 3-b, after reboot'): if not capsule_early: - # make sure that dfu_alt_info exists even persistent variables - # are not available. - output = u_boot_console.run_command_list([ - 'env set dfu_alt_info ' - '"sf 0:0=u-boot-bin raw 0x100000 ' - '0x50000;u-boot-env raw 0x150000 0x200000"', - 'host bind 0 %s' % disk_img, - 'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR]) - assert 'Test02' in ''.join(output) - - # need to run uefi command to initiate capsule handling - output = u_boot_console.run_command( - 'env print -e Capsule0000', wait_for_reboot = True) + exec_manual_update(u_boot_console, disk_img, capsule_files) # deleted anyway - output = u_boot_console.run_command_list([ - 'host bind 0 %s' % disk_img, - 'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR]) - assert 'Test02' not in ''.join(output) + check_file_removed(u_boot_console, disk_img, capsule_files) # TODO: check CapsuleStatus in CapsuleXXXX - output = u_boot_console.run_command_list([ - 'sf probe 0:0', - 'sf read 4000000 100000 10', - 'md.b 4000000 10']) - assert 'u-boot:Old' in ''.join(output) + verify_content(u_boot_console, '100000', 'u-boot:Old') From patchwork Tue Jun 6 09:40:34 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Masahisa Kojima X-Patchwork-Id: 689693 Delivered-To: patch@linaro.org Received: by 2002:a5d:4d8a:0:0:0:0:0 with SMTP id b10csp2538232wru; Tue, 6 Jun 2023 02:43:59 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ6sZOAy3zKt1c9gc622sKaQlzHjUGI4CZ9wIyasDZNwUFNVKdQYVR7JAAunXdAmCPqjK5GO X-Received: by 2002:a54:4705:0:b0:39a:aff8:a64c with SMTP id k5-20020a544705000000b0039aaff8a64cmr1725278oik.23.1686044639521; Tue, 06 Jun 2023 02:43:59 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1686044639; cv=none; d=google.com; s=arc-20160816; b=Mz5Aev9C8/ZTydo8DERWQgmDF8OlbTW9/NHR6ew1acuMJ0sCRE3Pu1hn1NhR+deY7a RXZQwBV7QqCHd2OrpxSiPSw4vNtkyp3he1b8MZw4lG3pZiPNIMDSp3wxtkDiJR5AWo7p nY9rvGF0oCnqXBekv4PmQdSKXBcPdiLBhQlLD9ZM9KLa1/v9E2AnhSjnIuHJ2JMDrtyg W2S1J8FwZEUIXokWRe4GnDxWSqGl4Tb+E0ZCRctbRXamy3f7tR5Mayyaav/OZhlS6CHY 00p29fuDd7zYlV/e/p3wWAZzg0T+p5tU10knpJgNnIwufDMUbdMD/ETUPC5IZkMZE/9e XbGQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:content-transfer-encoding :mime-version:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=KXQj7HNXG4ndf06ULkDyc/Rz8mKXUPsCkRqVEFdPDyc=; b=JZuJ374g6t3jdKZklyWh7X5NXxOXwbBvihzq9GQ8K8jCex+ctyPrHdSjkiTdg/y/Q3 5gFDSFB0nuBF5Wu72Jr+JBQ4mIeTXUQuA+3+BPubnlFiTdIj9tEOOeoHFPFoyXErb6q/ DmBQHmFmsJGl5Vmd4qfs3yOQoZ7cEfkYvnBP7TpPwBZDx3Wy0QbYgo+U0jSWMTX3mXuq mMEjKcmmKIuD8vUJuG/ymz4Li4IotUm/aFKvWpw/VxUu4zApNjRkh74/184WCt5FJuzz am/gtOO/ko8aAoyuaTHxQzys9VktNqjb0pReZ+oOgLBoG2l6PKYsvIGknWhk5mqiC5Kh 8w9Q== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=hLDpbEWz; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from phobos.denx.de (phobos.denx.de. [2a01:238:438b:c500:173d:9f52:ddab:ee01]) by mx.google.com with ESMTPS id b3-20020a170903228300b001b061dcdb78si7338476plh.92.2023.06.06.02.43.58 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 06 Jun 2023 02:43:59 -0700 (PDT) Received-SPF: pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) client-ip=2a01:238:438b:c500:173d:9f52:ddab:ee01; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=hLDpbEWz; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 02DF085FF0; Tue, 6 Jun 2023 11:42:23 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="hLDpbEWz"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id 8ADD085F0D; Tue, 6 Jun 2023 11:42:20 +0200 (CEST) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.2 Received: from mail-il1-x12d.google.com (mail-il1-x12d.google.com [IPv6:2607:f8b0:4864:20::12d]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id A8D5685EEB for ; Tue, 6 Jun 2023 11:42:05 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=masahisa.kojima@linaro.org Received: by mail-il1-x12d.google.com with SMTP id e9e14a558f8ab-33b204f0ca0so29860135ab.2 for ; Tue, 06 Jun 2023 02:42:05 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1686044523; x=1688636523; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=KXQj7HNXG4ndf06ULkDyc/Rz8mKXUPsCkRqVEFdPDyc=; b=hLDpbEWzYQ7SUCJeAryjN6E2nNbLya6mzimVLBa5D3CTKNGC5JwGlWKgPZPEJrUWUW sdAGnyWECJH+TY28vjSyfeVgAB7LicG5HDfxQ0JDyLwiR+pqGdMWMhYtW9Ej8rsCA8XM hPnKLWKy6hEDS7ZSJ9W38KVgMxCScBt6yE0cuKEFblzP8iE50tbmXmP0C/y0afB1qkl4 aUF5S+QVXbI+bhwGNgZcFpyso3/9gZCAqMSUCmWt6Ne/FXyC/m0gLw3JfDe9AHLpxzwK 1Yhi8yUfQMFG6Y4rE8JEL9+Uc02SYNdh7LxZzXAb0TUOqqRnj0RuPksoi365mZvggtEL NZfg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1686044523; x=1688636523; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=KXQj7HNXG4ndf06ULkDyc/Rz8mKXUPsCkRqVEFdPDyc=; b=eG5s1EulpmBnEv/w+fxI4AerueHqtmDSWntDORTitsZjB0PmXpAj3+wSav76XPNpg1 e6iSgAXOzhM//khMIqEnu1cU7rSyuqIUDKArS/078y8vRPxoKr1hxTGf5reywDKr7gqs 3AKheoz0Sw6rrY8qUZ0FkmacnUVcul6hWXQ+SyyIu1qeAwb129M1QmAg7avSq2pHd5/1 EvfAwStOeceUJx1NV0fYYbygPMjy+Q1oYeNIGQcupvdAuKqLmNsVciuQdGtAZ+ezbqiZ F2KItI8xFKIvEEeQYxbyooNAz7wjV6Zwf0zYq/ExzFlr2kJR7jgtn1I1JyHp0LePeH3L ynyw== X-Gm-Message-State: AC+VfDwzTZ8F303gpHiYcKoLoEJvL0UUJYD7kWHOIySHUMUMWip7s3uR KuNIuOVIVbFkDyY2Gxs0d8VgttAu7xsv4KdZBDA= X-Received: by 2002:a92:dad0:0:b0:33d:1587:e7ef with SMTP id o16-20020a92dad0000000b0033d1587e7efmr2928734ilq.24.1686044522729; Tue, 06 Jun 2023 02:42:02 -0700 (PDT) Received: from ubuntu-SVE15129CJS.. ([240d:1a:cf7:5800:d3c2:bf07:d08b:b72d]) by smtp.gmail.com with ESMTPSA id u25-20020aa78399000000b00627ed4e23e0sm6542809pfm.101.2023.06.06.02.42.00 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 06 Jun 2023 02:42:02 -0700 (PDT) From: Masahisa Kojima To: u-boot@lists.denx.de Cc: Heinrich Schuchardt , Ilias Apalodimas , Simon Glass , Takahiro Akashi , malte.schmidt-oss@weidmueller.com, Masahisa Kojima Subject: [PATCH v8 10/10] test/py: efi_capsule: test for FMP versioning Date: Tue, 6 Jun 2023 18:40:34 +0900 Message-Id: <20230606094035.28990-11-masahisa.kojima@linaro.org> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20230606094035.28990-1-masahisa.kojima@linaro.org> References: <20230606094035.28990-1-masahisa.kojima@linaro.org> MIME-Version: 1.0 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.39 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.8 at phobos.denx.de X-Virus-Status: Clean This test covers the FMP versioning for both raw and FIT image, and both signed and non-signed capsule update. Signed-off-by: Masahisa Kojima --- Changes in v8: - remove excess semicolons Changes in v7: - use newly introduced common functions of efi_capsule test test/py/tests/test_efi_capsule/conftest.py | 82 ++++++++++++++++++ .../test_capsule_firmware_fit.py | 80 ++++++++++++++++- .../test_capsule_firmware_raw.py | 85 ++++++++++++++++++- .../test_capsule_firmware_signed_fit.py | 65 ++++++++++++++ .../test_capsule_firmware_signed_raw.py | 70 +++++++++++++++ test/py/tests/test_efi_capsule/version.dts | 24 ++++++ 6 files changed, 404 insertions(+), 2 deletions(-) create mode 100644 test/py/tests/test_efi_capsule/version.dts diff --git a/test/py/tests/test_efi_capsule/conftest.py b/test/py/tests/test_efi_capsule/conftest.py index a337e62936..d0e20df01e 100644 --- a/test/py/tests/test_efi_capsule/conftest.py +++ b/test/py/tests/test_efi_capsule/conftest.py @@ -62,6 +62,23 @@ def efi_capsule_data(request, u_boot_config): '-out SIGNER2.crt -nodes -days 365' % data_dir, shell=True) + # Update dtb to add the version information + check_call('cd %s; ' + 'cp %s/test/py/tests/test_efi_capsule/version.dts .' + % (data_dir, u_boot_config.source_dir), shell=True) + if capsule_auth_enabled: + check_call('cd %s; ' + 'dtc -@ -I dts -O dtb -o version.dtbo version.dts; ' + 'fdtoverlay -i test_sig.dtb ' + '-o test_ver.dtb version.dtbo' + % (data_dir), shell=True) + else: + check_call('cd %s; ' + 'dtc -@ -I dts -O dtb -o version.dtbo version.dts; ' + 'fdtoverlay -i %s/arch/sandbox/dts/test.dtb ' + '-o test_ver.dtb version.dtbo' + % (data_dir, u_boot_config.build_dir), shell=True) + # Create capsule files # two regions: one for u-boot.bin and the other for u-boot.env check_call('cd %s; echo -n u-boot:Old > u-boot.bin.old; echo -n u-boot:New > u-boot.bin.new; echo -n u-boot-env:Old > u-boot.env.old; echo -n u-boot-env:New > u-boot.env.new' % data_dir, @@ -87,6 +104,26 @@ def efi_capsule_data(request, u_boot_config): check_call('cd %s; %s/tools/mkeficapsule --index 1 --guid 058B7D83-50D5-4C47-A195-60D86AD341C4 uboot_bin_env.itb Test05' % (data_dir, u_boot_config.build_dir), shell=True) + check_call('cd %s; %s/tools/mkeficapsule --index 1 --fw-version 5 ' + '--guid 09D7CF52-0720-4710-91D1-08469B7FE9C8 u-boot.bin.new Test101' % + (data_dir, u_boot_config.build_dir), + shell=True) + check_call('cd %s; %s/tools/mkeficapsule --index 2 --fw-version 10 ' + '--guid 5A7021F5-FEF2-48B4-AABA-832E777418C0 u-boot.env.new Test102' % + (data_dir, u_boot_config.build_dir), + shell=True) + check_call('cd %s; %s/tools/mkeficapsule --index 1 --fw-version 2 ' + '--guid 09D7CF52-0720-4710-91D1-08469B7FE9C8 u-boot.bin.new Test103' % + (data_dir, u_boot_config.build_dir), + shell=True) + check_call('cd %s; %s/tools/mkeficapsule --index 1 --fw-version 5 ' + '--guid 3673B45D-6A7C-46F3-9E60-ADABB03F7937 uboot_bin_env.itb Test104' % + (data_dir, u_boot_config.build_dir), + shell=True) + check_call('cd %s; %s/tools/mkeficapsule --index 1 --fw-version 2 ' + '--guid 3673B45D-6A7C-46F3-9E60-ADABB03F7937 uboot_bin_env.itb Test105' % + (data_dir, u_boot_config.build_dir), + shell=True) if capsule_auth_enabled: # raw firmware signed with proper key @@ -123,6 +160,51 @@ def efi_capsule_data(request, u_boot_config): 'uboot_bin_env.itb Test14' % (data_dir, u_boot_config.build_dir), shell=True) + # raw firmware signed with proper key with version information + check_call('cd %s; ' + '%s/tools/mkeficapsule --index 1 --monotonic-count 1 ' + '--fw-version 5 ' + '--private-key SIGNER.key --certificate SIGNER.crt ' + '--guid 09D7CF52-0720-4710-91D1-08469B7FE9C8 ' + 'u-boot.bin.new Test111' + % (data_dir, u_boot_config.build_dir), + shell=True) + # raw firmware signed with proper key with version information + check_call('cd %s; ' + '%s/tools/mkeficapsule --index 2 --monotonic-count 1 ' + '--fw-version 10 ' + '--private-key SIGNER.key --certificate SIGNER.crt ' + '--guid 5A7021F5-FEF2-48B4-AABA-832E777418C0 ' + 'u-boot.env.new Test112' + % (data_dir, u_boot_config.build_dir), + shell=True) + # raw firmware signed with proper key with lower version information + check_call('cd %s; ' + '%s/tools/mkeficapsule --index 1 --monotonic-count 1 ' + '--fw-version 2 ' + '--private-key SIGNER.key --certificate SIGNER.crt ' + '--guid 09D7CF52-0720-4710-91D1-08469B7FE9C8 ' + 'u-boot.bin.new Test113' + % (data_dir, u_boot_config.build_dir), + shell=True) + # FIT firmware signed with proper key with version information + check_call('cd %s; ' + '%s/tools/mkeficapsule --index 1 --monotonic-count 1 ' + '--fw-version 5 ' + '--private-key SIGNER.key --certificate SIGNER.crt ' + '--guid 3673B45D-6A7C-46F3-9E60-ADABB03F7937 ' + 'uboot_bin_env.itb Test114' + % (data_dir, u_boot_config.build_dir), + shell=True) + # FIT firmware signed with proper key with lower version information + check_call('cd %s; ' + '%s/tools/mkeficapsule --index 1 --monotonic-count 1 ' + '--fw-version 2 ' + '--private-key SIGNER.key --certificate SIGNER.crt ' + '--guid 3673B45D-6A7C-46F3-9E60-ADABB03F7937 ' + 'uboot_bin_env.itb Test115' + % (data_dir, u_boot_config.build_dir), + shell=True) # Create a disk image with EFI system partition check_call('virt-make-fs --partition=gpt --size=+1M --type=vfat %s %s' % diff --git a/test/py/tests/test_efi_capsule/test_capsule_firmware_fit.py b/test/py/tests/test_efi_capsule/test_capsule_firmware_fit.py index fccf1f3fc1..a4df326c53 100644 --- a/test/py/tests/test_efi_capsule/test_capsule_firmware_fit.py +++ b/test/py/tests/test_efi_capsule/test_capsule_firmware_fit.py @@ -14,7 +14,8 @@ from capsule_common import ( place_capsule_file, exec_manual_update, check_file_removed, - verify_content + verify_content, + do_reboot_dtb_specified ) @pytest.mark.boardspec('sandbox_flattree') @@ -105,3 +106,80 @@ class TestEfiCapsuleFirmwareFit(): expected = 'u-boot-env:Old' if capsule_auth else 'u-boot-env:New' verify_content(u_boot_console, '150000', expected) + + def test_efi_capsule_fw3( + self, u_boot_config, u_boot_console, efi_capsule_data): + """ Test Case 3 + Update U-Boot on SPI Flash, raw image format with fw_version and lowest_supported_version + 0x100000-0x150000: U-Boot binary (but dummy) + 0x150000-0x200000: U-Boot environment (but dummy) + """ + disk_img = efi_capsule_data + capsule_files = ['Test104'] + with u_boot_console.log.section('Test Case 3-a, before reboot'): + setup(u_boot_console, disk_img, '0x0000000000000004') + init_content(u_boot_console, '100000', 'u-boot.bin.old', 'Old') + init_content(u_boot_console, '150000', 'u-boot.env.old', 'Old') + place_capsule_file(u_boot_console, capsule_files) + + # reboot + do_reboot_dtb_specified(u_boot_config, u_boot_console, 'test_ver.dtb') + + capsule_early = u_boot_config.buildconfig.get( + 'config_efi_capsule_on_disk_early') + capsule_auth = u_boot_config.buildconfig.get( + 'config_efi_capsule_authenticate') + with u_boot_console.log.section('Test Case 3-b, after reboot'): + if not capsule_early: + exec_manual_update(u_boot_console, disk_img, capsule_files) + + # deleted anyway + check_file_removed(u_boot_console, disk_img, capsule_files) + + # make sure the dfu_alt_info exists because it is required for making ESRT. + output = u_boot_console.run_command_list([ + 'env set dfu_alt_info "sf 0:0=u-boot-bin raw 0x100000 0x50000;u-boot-env raw 0x150000 0x200000"', + 'efidebug capsule esrt']) + + if capsule_auth: + # capsule authentication failed + verify_content(u_boot_console, '100000', 'u-boot:Old') + verify_content(u_boot_console, '150000', 'u-boot-env:Old') + else: + # ensure that SANDBOX_UBOOT_IMAGE_GUID is in the ESRT. + assert '3673B45D-6A7C-46F3-9E60-ADABB03F7937' in ''.join(output) + assert 'ESRT: fw_version=5' in ''.join(output) + assert 'ESRT: lowest_supported_fw_version=3' in ''.join(output) + + verify_content(u_boot_console, '100000', 'u-boot:New') + verify_content(u_boot_console, '150000', 'u-boot-env:New') + + def test_efi_capsule_fw4( + self, u_boot_config, u_boot_console, efi_capsule_data): + """ Test Case 4 + Update U-Boot on SPI Flash, raw image format with fw_version and lowest_supported_version + but fw_version is lower than lowest_supported_version + No update should happen + 0x100000-0x150000: U-Boot binary (but dummy) + """ + disk_img = efi_capsule_data + capsule_files = ['Test105'] + with u_boot_console.log.section('Test Case 4-a, before reboot'): + setup(u_boot_console, disk_img, '0x0000000000000004') + init_content(u_boot_console, '100000', 'u-boot.bin.old', 'Old') + place_capsule_file(u_boot_console, capsule_files) + + # reboot + do_reboot_dtb_specified(u_boot_config, u_boot_console, 'test_ver.dtb') + + capsule_early = u_boot_config.buildconfig.get( + 'config_efi_capsule_on_disk_early') + capsule_auth = u_boot_config.buildconfig.get( + 'config_efi_capsule_authenticate') + with u_boot_console.log.section('Test Case 4-b, after reboot'): + if not capsule_early: + exec_manual_update(u_boot_console, disk_img, capsule_files) + + check_file_removed(u_boot_console, disk_img, capsule_files) + + verify_content(u_boot_console, '100000', 'u-boot:Old') diff --git a/test/py/tests/test_efi_capsule/test_capsule_firmware_raw.py b/test/py/tests/test_efi_capsule/test_capsule_firmware_raw.py index e00686a9fc..d63168498c 100644 --- a/test/py/tests/test_efi_capsule/test_capsule_firmware_raw.py +++ b/test/py/tests/test_efi_capsule/test_capsule_firmware_raw.py @@ -15,7 +15,8 @@ from capsule_common import ( exec_manual_update, check_file_removed, check_file_exist, - verify_content + verify_content, + do_reboot_dtb_specified ) @pytest.mark.boardspec('sandbox') @@ -146,3 +147,85 @@ class TestEfiCapsuleFirmwareRaw: expected = 'u-boot-env:Old' if capsule_auth else 'u-boot-env:New' verify_content(u_boot_console, '150000', expected) + + def test_efi_capsule_fw4( + self, u_boot_config, u_boot_console, efi_capsule_data): + """ Test Case 4 + Update U-Boot on SPI Flash, raw image format with fw_version and lowest_supported_version + 0x100000-0x150000: U-Boot binary (but dummy) + 0x150000-0x200000: U-Boot environment (but dummy) + """ + disk_img = efi_capsule_data + capsule_files = ['Test101', 'Test102'] + with u_boot_console.log.section('Test Case 4-a, before reboot'): + setup(u_boot_console, disk_img, '0x0000000000000004') + init_content(u_boot_console, '100000', 'u-boot.bin.old', 'Old') + init_content(u_boot_console, '150000', 'u-boot.env.old', 'Old') + place_capsule_file(u_boot_console, capsule_files) + + # reboot + do_reboot_dtb_specified(u_boot_config, u_boot_console, 'test_ver.dtb') + + capsule_early = u_boot_config.buildconfig.get( + 'config_efi_capsule_on_disk_early') + capsule_auth = u_boot_config.buildconfig.get( + 'config_efi_capsule_authenticate') + with u_boot_console.log.section('Test Case 4-b, after reboot'): + if not capsule_early: + exec_manual_update(u_boot_console, disk_img, capsule_files) + + # deleted anyway + check_file_removed(u_boot_console, disk_img, capsule_files) + + # make sure the dfu_alt_info exists because it is required for making ESRT. + output = u_boot_console.run_command_list([ + 'env set dfu_alt_info "sf 0:0=u-boot-bin raw 0x100000 0x50000;u-boot-env raw 0x150000 0x200000"', + 'efidebug capsule esrt']) + + if capsule_auth: + # capsule authentication failed + verify_content(u_boot_console, '100000', 'u-boot:Old') + verify_content(u_boot_console, '150000', 'u-boot-env:Old') + else: + # ensure that SANDBOX_UBOOT_IMAGE_GUID is in the ESRT. + assert '09D7CF52-0720-4710-91D1-08469B7FE9C8' in ''.join(output) + assert 'ESRT: fw_version=5' in ''.join(output) + assert 'ESRT: lowest_supported_fw_version=3' in ''.join(output) + + # ensure that SANDBOX_UBOOT_ENV_IMAGE_GUID is in the ESRT. + assert '5A7021F5-FEF2-48B4-AABA-832E777418C0' in ''.join(output) + assert 'ESRT: fw_version=10' in ''.join(output) + assert 'ESRT: lowest_supported_fw_version=7' in ''.join(output) + + verify_content(u_boot_console, '100000', 'u-boot:New') + verify_content(u_boot_console, '150000', 'u-boot-env:New') + + def test_efi_capsule_fw5( + self, u_boot_config, u_boot_console, efi_capsule_data): + """ Test Case 5 + Update U-Boot on SPI Flash, raw image format with fw_version and lowest_supported_version + but fw_version is lower than lowest_supported_version + No update should happen + 0x100000-0x150000: U-Boot binary (but dummy) + """ + disk_img = efi_capsule_data + capsule_files = ['Test103'] + with u_boot_console.log.section('Test Case 5-a, before reboot'): + setup(u_boot_console, disk_img, '0x0000000000000004') + init_content(u_boot_console, '100000', 'u-boot.bin.old', 'Old') + place_capsule_file(u_boot_console, capsule_files) + + # reboot + do_reboot_dtb_specified(u_boot_config, u_boot_console, 'test_ver.dtb') + + capsule_early = u_boot_config.buildconfig.get( + 'config_efi_capsule_on_disk_early') + capsule_auth = u_boot_config.buildconfig.get( + 'config_efi_capsule_authenticate') + with u_boot_console.log.section('Test Case 5-b, after reboot'): + if not capsule_early: + exec_manual_update(u_boot_console, disk_img, capsule_files) + + check_file_removed(u_boot_console, disk_img, capsule_files) + + verify_content(u_boot_console, '100000', 'u-boot:Old') diff --git a/test/py/tests/test_efi_capsule/test_capsule_firmware_signed_fit.py b/test/py/tests/test_efi_capsule/test_capsule_firmware_signed_fit.py index cbacdab4d1..509ad9d25c 100644 --- a/test/py/tests/test_efi_capsule/test_capsule_firmware_signed_fit.py +++ b/test/py/tests/test_efi_capsule/test_capsule_firmware_signed_fit.py @@ -126,3 +126,68 @@ class TestEfiCapsuleFirmwareSignedFit(): # TODO: check CapsuleStatus in CapsuleXXXX verify_content(u_boot_console, '100000', 'u-boot:Old') + + def test_efi_capsule_auth4( + self, u_boot_config, u_boot_console, efi_capsule_data): + """Test Case 4 - Update U-Boot on SPI Flash, raw image format with version information + 0x100000-0x150000: U-Boot binary (but dummy) + + If the capsule is properly signed, the authentication + should pass and the firmware be updated. + """ + disk_img = efi_capsule_data + capsule_files = ['Test114'] + with u_boot_console.log.section('Test Case 4-a, before reboot'): + setup(u_boot_console, disk_img, '0x0000000000000004') + init_content(u_boot_console, '100000', 'u-boot.bin.old', 'Old') + place_capsule_file(u_boot_console, capsule_files) + + do_reboot_dtb_specified(u_boot_config, u_boot_console, 'test_ver.dtb') + + capsule_early = u_boot_config.buildconfig.get( + 'config_efi_capsule_on_disk_early') + with u_boot_console.log.section('Test Case 4-b, after reboot'): + if not capsule_early: + exec_manual_update(u_boot_console, disk_img, capsule_files) + + check_file_removed(u_boot_console, disk_img, capsule_files) + + output = u_boot_console.run_command_list([ + 'env set dfu_alt_info "sf 0:0=u-boot-bin raw 0x100000 0x50000;u-boot-env raw 0x150000 0x200000"', + 'efidebug capsule esrt']) + + # ensure that SANDBOX_UBOOT_IMAGE_GUID is in the ESRT. + assert '3673B45D-6A7C-46F3-9E60-ADABB03F7937' in ''.join(output) + assert 'ESRT: fw_version=5' in ''.join(output) + assert 'ESRT: lowest_supported_fw_version=3' in ''.join(output) + + verify_content(u_boot_console, '100000', 'u-boot:New') + verify_content(u_boot_console, '150000', 'u-boot-env:New') + + def test_efi_capsule_auth5( + self, u_boot_config, u_boot_console, efi_capsule_data): + """Test Case 5 - Update U-Boot on SPI Flash, raw image format with version information + 0x100000-0x150000: U-Boot binary (but dummy) + + If the capsule is signed but fw_version is lower than lowest + supported version, the authentication should fail and the firmware + not be updated. + """ + disk_img = efi_capsule_data + capsule_files = ['Test115'] + with u_boot_console.log.section('Test Case 5-a, before reboot'): + setup(u_boot_console, disk_img, '0x0000000000000004') + init_content(u_boot_console, '100000', 'u-boot.bin.old', 'Old') + place_capsule_file(u_boot_console, capsule_files) + + do_reboot_dtb_specified(u_boot_config, u_boot_console, 'test_ver.dtb') + + capsule_early = u_boot_config.buildconfig.get( + 'config_efi_capsule_on_disk_early') + with u_boot_console.log.section('Test Case 5-b, after reboot'): + if not capsule_early: + exec_manual_update(u_boot_console, disk_img, capsule_files) + + check_file_removed(u_boot_console, disk_img, capsule_files) + + verify_content(u_boot_console, '100000', 'u-boot:Old') diff --git a/test/py/tests/test_efi_capsule/test_capsule_firmware_signed_raw.py b/test/py/tests/test_efi_capsule/test_capsule_firmware_signed_raw.py index 3d6274ff99..525ec76ca1 100644 --- a/test/py/tests/test_efi_capsule/test_capsule_firmware_signed_raw.py +++ b/test/py/tests/test_efi_capsule/test_capsule_firmware_signed_raw.py @@ -120,3 +120,73 @@ class TestEfiCapsuleFirmwareSignedRaw(): # TODO: check CapsuleStatus in CapsuleXXXX verify_content(u_boot_console, '100000', 'u-boot:Old') + + def test_efi_capsule_auth4( + self, u_boot_config, u_boot_console, efi_capsule_data): + """Test Case 4 - Update U-Boot on SPI Flash, raw image format with version information + 0x100000-0x150000: U-Boot binary (but dummy) + + If the capsule is properly signed, the authentication + should pass and the firmware be updated. + """ + disk_img = efi_capsule_data + capsule_files = ['Test111', 'Test112'] + with u_boot_console.log.section('Test Case 4-a, before reboot'): + setup(u_boot_console, disk_img, '0x0000000000000004') + init_content(u_boot_console, '100000', 'u-boot.bin.old', 'Old') + place_capsule_file(u_boot_console, capsule_files) + + do_reboot_dtb_specified(u_boot_config, u_boot_console, 'test_ver.dtb') + + capsule_early = u_boot_config.buildconfig.get( + 'config_efi_capsule_on_disk_early') + with u_boot_console.log.section('Test Case 4-b, after reboot'): + if not capsule_early: + exec_manual_update(u_boot_console, disk_img, capsule_files) + + check_file_removed(u_boot_console, disk_img, capsule_files) + + output = u_boot_console.run_command_list([ + 'env set dfu_alt_info "sf 0:0=u-boot-bin raw 0x100000 0x50000;u-boot-env raw 0x150000 0x200000"', + 'efidebug capsule esrt']) + + # ensure that SANDBOX_UBOOT_IMAGE_GUID is in the ESRT. + assert '09D7CF52-0720-4710-91D1-08469B7FE9C8' in ''.join(output) + assert 'ESRT: fw_version=5' in ''.join(output) + assert 'ESRT: lowest_supported_fw_version=3' in ''.join(output) + + # ensure that SANDBOX_UBOOT_ENV_IMAGE_GUID is in the ESRT. + assert '5A7021F5-FEF2-48B4-AABA-832E777418C0' in ''.join(output) + assert 'ESRT: fw_version=10' in ''.join(output) + assert 'ESRT: lowest_supported_fw_version=7' in ''.join(output) + + verify_content(u_boot_console, '100000', 'u-boot:New') + verify_content(u_boot_console, '150000', 'u-boot-env:New') + + def test_efi_capsule_auth5( + self, u_boot_config, u_boot_console, efi_capsule_data): + """Test Case 5 - Update U-Boot on SPI Flash, raw image format with version information + 0x100000-0x150000: U-Boot binary (but dummy) + + If the capsule is signed but fw_version is lower than lowest + supported version, the authentication should fail and the firmware + not be updated. + """ + disk_img = efi_capsule_data + capsule_files = ['Test113'] + with u_boot_console.log.section('Test Case 5-a, before reboot'): + setup(u_boot_console, disk_img, '0x0000000000000004') + init_content(u_boot_console, '100000', 'u-boot.bin.old', 'Old') + place_capsule_file(u_boot_console, capsule_files) + + do_reboot_dtb_specified(u_boot_config, u_boot_console, 'test_ver.dtb') + + capsule_early = u_boot_config.buildconfig.get( + 'config_efi_capsule_on_disk_early') + with u_boot_console.log.section('Test Case 5-b, after reboot'): + if not capsule_early: + exec_manual_update(u_boot_console, disk_img, capsule_files) + + check_file_removed(u_boot_console, disk_img, capsule_files) + + verify_content(u_boot_console, '100000', 'u-boot:Old') diff --git a/test/py/tests/test_efi_capsule/version.dts b/test/py/tests/test_efi_capsule/version.dts new file mode 100644 index 0000000000..07850cc606 --- /dev/null +++ b/test/py/tests/test_efi_capsule/version.dts @@ -0,0 +1,24 @@ +// SPDX-License-Identifier: GPL-2.0+ + +/dts-v1/; +/plugin/; + +&{/} { + firmware-version { + image1 { + lowest-supported-version = <3>; + image-index = <1>; + image-type-id = "09D7CF52-0720-4710-91D1-08469B7FE9C8"; + }; + image2 { + lowest-supported-version = <7>; + image-index = <2>; + image-type-id = "5A7021F5-FEF2-48B4-AABA-832E777418C0"; + }; + image3 { + lowest-supported-version = <3>; + image-index = <1>; + image-type-id = "3673B45D-6A7C-46F3-9E60-ADABB03F7937"; + }; + }; +};