From patchwork Wed Jun 7 05:41:51 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Masahisa Kojima X-Patchwork-Id: 690166 Delivered-To: patch@linaro.org Received: by 2002:a5d:4d8a:0:0:0:0:0 with SMTP id b10csp139619wru; Tue, 6 Jun 2023 22:42:57 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ5f7JWjMyMzv7SoI3ANV99dkT+QIppHxWcyObefkR6xza2UZU3Ljw/2sbfGxbQw7WDz9dix X-Received: by 2002:a05:6902:52d:b0:ba2:bffc:5f8d with SMTP id y13-20020a056902052d00b00ba2bffc5f8dmr5276203ybs.29.1686116577121; Tue, 06 Jun 2023 22:42:57 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1686116577; cv=none; d=google.com; s=arc-20160816; b=K7CNronAh9Yf/OdX1b01Q3ty+8NcETfQxQXPEPBzK7YXQtTuEw4VvNfJKJa+OX6BbA EJJ7cd9BK6bEv2rGoqgwElU88LKKvfEpmcbohWWuQdSsLXAZTPrJxmIAd/T9yq77Hy2k J2izt8ChB7eHxTkajmqsEeCgQuRMYv0w79fmc7B5eCTGY0vGPIp37/GEelzqcA8GtaRN Wwpm+XpXDsMMiJz2KBBiVjvvaWqxB0KbycNDo02JT/G7MxmwLNfTuD/UzfPctkuEJhwr 40nxfdWaZc0eiCAZw8tedXes/B8YxTFA77exuEFD0hv1QEBy/m4Rz3h/mKO0n2uKy9ti 9lUw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:content-transfer-encoding :mime-version:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=1fEHsJ2BPYepLe9lhrzjjRxecXuGuQemDM5Dv68+Bck=; b=rtJD+QCo5RJhV74Adr2wdV43PMum8wOKhlYYBgPjtrqfBd/G0ZURWdjmvKfrqJ298G rQHT/odcgOkyQt/sPmSkdsiHDNnFSrFrcrtyNfHZP2TOughJXYCSobnugzLwT35m8DGX swcLvSYRPdJGMcgHk/qLF1eYl071SMU51R9848KXwW8M+CmNWhfy9kHss962OyvTgMFv AWsGu5wyCX1OJuKFYzhJyKBvmEHLAKEypTgkIg0niFxukSJRXiGRduJRQZIJsHTGx6mu wuiFUyH1HCJWS76Dhd78mIKVHS1EOGnyXpMOfWsDATQuTWyWJJtBAmzEpuzFjplRQqq3 eGzw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=ofo5deYZ; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 85.214.62.61 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from phobos.denx.de (phobos.denx.de. [85.214.62.61]) by mx.google.com with ESMTPS id p6-20020a170902eac600b001ac4f733007si8325987pld.549.2023.06.06.22.42.56 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 06 Jun 2023 22:42:57 -0700 (PDT) Received-SPF: pass (google.com: domain of u-boot-bounces@lists.denx.de designates 85.214.62.61 as permitted sender) client-ip=85.214.62.61; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=ofo5deYZ; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 85.214.62.61 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 0880B85F79; Wed, 7 Jun 2023 07:42:45 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="ofo5deYZ"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id 20EED85F7F; Wed, 7 Jun 2023 07:42:44 +0200 (CEST) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.2 Received: from mail-ot1-x32d.google.com (mail-ot1-x32d.google.com [IPv6:2607:f8b0:4864:20::32d]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id CAE2880181 for ; Wed, 7 Jun 2023 07:42:40 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=masahisa.kojima@linaro.org Received: by mail-ot1-x32d.google.com with SMTP id 46e09a7af769-6af8b25fc72so5192004a34.3 for ; Tue, 06 Jun 2023 22:42:40 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1686116559; x=1688708559; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=1fEHsJ2BPYepLe9lhrzjjRxecXuGuQemDM5Dv68+Bck=; b=ofo5deYZ4kVZg7JDJE0KrDsci+7+8zB1o4H1aWIj8mJBw0xhz0dshSi6hoAL/76rfn UHwz6ywfSlU5yWVfPCWztwX5FPBypH7WJicnwn3xa+kqgTgNKHtxm+ctB2qQbP+P63ll eRhyjVhGndTdFHxQTzlX6hUChURyn1VwoMHid2BIgkVmTWEb2b1CdVLCkR3yyPOvnwkx 1hTyVcFac7Prwfz1IukAq3L+AshC76czB+PKi/ytegCDgKb7Z5oweyOHbQh+FbCKKr/W m93b0w/i+r2HkL+l1AEEmlMzQSOBxfl3+gKsXnRrj1CflxYlEci6ykhtElzhw144NqUj I67A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1686116559; x=1688708559; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=1fEHsJ2BPYepLe9lhrzjjRxecXuGuQemDM5Dv68+Bck=; b=ADFUlF7XfgcjTEMFaU4ylRUS24bCiY3XH7MPiAMo35iyGx4xtNhrnSjEmELJxs2F85 19DmhSW0EQjmb8MHx2YIsCoCETyJ00RCKG4n5oEePX0Y6Ukky4xW0KH1/AT/+ULT1BU9 RUUQYLIkbl6CeID7QQxDZk+xffTU/NHiGz2/fRkYe2tm6P8vtBh++6GofUGzmi11I3MV ZZcK1+TmypkqPkV2nYVlQJO0DQMic/PPxWNxjWlf6GbXY+Gu1b7TmfGXX8mht1v+xZGl 6BZLw4lvmffUJEEFRjDZaY35y0dP9Rqo/77djQKuoq9Nj6Cu+J+HYzFaBnr+/fjjnSMR B/iw== X-Gm-Message-State: AC+VfDzSA9Eqooksj7+h+615iZcALrnfwuvF2Q5iAXGv1DWijAdFygu2 Rkz1S1bzNcLi+743JIkuE6j5r3rrywtlgE4AeiwsyQ== X-Received: by 2002:aca:1a16:0:b0:399:6025:e285 with SMTP id a22-20020aca1a16000000b003996025e285mr4253995oia.15.1686116558833; Tue, 06 Jun 2023 22:42:38 -0700 (PDT) Received: from ubuntu-SVE15129CJS.. ([240d:1a:cf7:5800:d3c2:bf07:d08b:b72d]) by smtp.gmail.com with ESMTPSA id fh2-20020a17090b034200b0024df2b712a7sm469033pjb.52.2023.06.06.22.42.34 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 06 Jun 2023 22:42:38 -0700 (PDT) From: Masahisa Kojima To: u-boot@lists.denx.de Cc: Heinrich Schuchardt , Ilias Apalodimas , Simon Glass , Takahiro Akashi , malte.schmidt-oss@weidmueller.com, Masahisa Kojima , Philipp Tomsich , Kever Yang , "Ying-Chun Liu (PaulLiu)" , Tuomas Tynkkynen , Heiko Thiery , Frieder Schrempf , Michael Walle , Mario Six , Jassi Brar , Patrick Delaunay , Patrice Chotard , Michal Simek , Sughosh Ganu , Etienne Carriere , uboot-stm32@st-md-mailman.stormreply.com (moderated list:STM32MP1 BOARD) Subject: [PATCH v9 01/10] efi_loader: add the number of image entries in efi_capsule_update_info Date: Wed, 7 Jun 2023 14:41:51 +0900 Message-Id: <20230607054201.42702-2-masahisa.kojima@linaro.org> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20230607054201.42702-1-masahisa.kojima@linaro.org> References: <20230607054201.42702-1-masahisa.kojima@linaro.org> MIME-Version: 1.0 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.39 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.8 at phobos.denx.de X-Virus-Status: Clean The number of image array entries global variable is required to support EFI capsule update. This information is exposed as a num_image_type_guids variable, but this information should be included in the efi_capsule_update_info structure. This commit adds the num_images member in the efi_capsule_update_info structure. All board files supporting EFI capsule update are updated. Signed-off-by: Masahisa Kojima Reviewed-by: Ilias Apalodimas --- No update since v6 Newly created in v6 arch/arm/mach-rockchip/board.c | 4 ++-- board/advantech/imx8mp_rsb3720a1/imx8mp_rsb3720a1.c | 2 +- board/compulab/imx8mm-cl-iot-gate/imx8mm-cl-iot-gate.c | 2 +- board/emulation/qemu-arm/qemu-arm.c | 2 +- board/kontron/pitx_imx8m/pitx_imx8m.c | 2 +- board/kontron/sl-mx8mm/sl-mx8mm.c | 2 +- board/kontron/sl28/sl28.c | 2 +- board/rockchip/evb_rk3399/evb-rk3399.c | 2 +- board/sandbox/sandbox.c | 2 +- board/socionext/developerbox/developerbox.c | 2 +- board/st/stm32mp1/stm32mp1.c | 2 +- board/xilinx/common/board.c | 2 +- include/efi_loader.h | 3 ++- lib/efi_loader/efi_firmware.c | 6 +++--- lib/fwu_updates/fwu.c | 2 +- 15 files changed, 19 insertions(+), 18 deletions(-) diff --git a/arch/arm/mach-rockchip/board.c b/arch/arm/mach-rockchip/board.c index f1f70c81d0..8daa74b3eb 100644 --- a/arch/arm/mach-rockchip/board.c +++ b/arch/arm/mach-rockchip/board.c @@ -41,7 +41,7 @@ static bool updatable_image(struct disk_partition *info) uuid_str_to_bin(info->type_guid, image_type_guid.b, UUID_STR_FORMAT_GUID); - for (i = 0; i < num_image_type_guids; i++) { + for (i = 0; i < update_info.num_images; i++) { if (!guidcmp(&fw_images[i].image_type_id, &image_type_guid)) { ret = true; break; @@ -59,7 +59,7 @@ static void set_image_index(struct disk_partition *info, int index) uuid_str_to_bin(info->type_guid, image_type_guid.b, UUID_STR_FORMAT_GUID); - for (i = 0; i < num_image_type_guids; i++) { + for (i = 0; i < update_info.num_images; i++) { if (!guidcmp(&fw_images[i].image_type_id, &image_type_guid)) { fw_images[i].image_index = index; break; diff --git a/board/advantech/imx8mp_rsb3720a1/imx8mp_rsb3720a1.c b/board/advantech/imx8mp_rsb3720a1/imx8mp_rsb3720a1.c index 466174679e..b79a2380aa 100644 --- a/board/advantech/imx8mp_rsb3720a1/imx8mp_rsb3720a1.c +++ b/board/advantech/imx8mp_rsb3720a1/imx8mp_rsb3720a1.c @@ -54,10 +54,10 @@ struct efi_fw_image fw_images[] = { struct efi_capsule_update_info update_info = { .dfu_string = "mmc 2=flash-bin raw 0 0x1B00 mmcpart 1", + .num_images = ARRAY_SIZE(fw_images), .images = fw_images, }; -u8 num_image_type_guids = ARRAY_SIZE(fw_images); #endif /* EFI_HAVE_CAPSULE_SUPPORT */ diff --git a/board/compulab/imx8mm-cl-iot-gate/imx8mm-cl-iot-gate.c b/board/compulab/imx8mm-cl-iot-gate/imx8mm-cl-iot-gate.c index b373e45df9..af070ec315 100644 --- a/board/compulab/imx8mm-cl-iot-gate/imx8mm-cl-iot-gate.c +++ b/board/compulab/imx8mm-cl-iot-gate/imx8mm-cl-iot-gate.c @@ -50,10 +50,10 @@ struct efi_fw_image fw_images[] = { struct efi_capsule_update_info update_info = { .dfu_string = "mmc 2=flash-bin raw 0x42 0x1D00 mmcpart 1", + .num_images = ARRAY_SIZE(fw_images), .images = fw_images, }; -u8 num_image_type_guids = ARRAY_SIZE(fw_images); #endif /* EFI_HAVE_CAPSULE_SUPPORT */ int board_phys_sdram_size(phys_size_t *size) diff --git a/board/emulation/qemu-arm/qemu-arm.c b/board/emulation/qemu-arm/qemu-arm.c index 34ed3e8ae6..dfea0d92a3 100644 --- a/board/emulation/qemu-arm/qemu-arm.c +++ b/board/emulation/qemu-arm/qemu-arm.c @@ -47,10 +47,10 @@ struct efi_fw_image fw_images[] = { }; struct efi_capsule_update_info update_info = { + .num_images = ARRAY_SIZE(fw_images) .images = fw_images, }; -u8 num_image_type_guids = ARRAY_SIZE(fw_images); #endif /* EFI_HAVE_CAPSULE_SUPPORT */ static struct mm_region qemu_arm64_mem_map[] = { diff --git a/board/kontron/pitx_imx8m/pitx_imx8m.c b/board/kontron/pitx_imx8m/pitx_imx8m.c index fcda86bc1b..4548e7c1df 100644 --- a/board/kontron/pitx_imx8m/pitx_imx8m.c +++ b/board/kontron/pitx_imx8m/pitx_imx8m.c @@ -43,10 +43,10 @@ struct efi_fw_image fw_images[] = { struct efi_capsule_update_info update_info = { .dfu_string = "mmc 0=flash-bin raw 0x42 0x1000 mmcpart 1", + .num_images = ARRAY_SIZE(fw_images), .images = fw_images, }; -u8 num_image_type_guids = ARRAY_SIZE(fw_images); #endif /* EFI_HAVE_CAPSULE_SUPPORT */ int board_early_init_f(void) diff --git a/board/kontron/sl-mx8mm/sl-mx8mm.c b/board/kontron/sl-mx8mm/sl-mx8mm.c index 250195694b..ddb509eb66 100644 --- a/board/kontron/sl-mx8mm/sl-mx8mm.c +++ b/board/kontron/sl-mx8mm/sl-mx8mm.c @@ -29,10 +29,10 @@ struct efi_fw_image fw_images[] = { struct efi_capsule_update_info update_info = { .dfu_string = "sf 0:0=flash-bin raw 0x400 0x1f0000", + .num_images = ARRAY_SIZE(fw_images), .images = fw_images, }; -u8 num_image_type_guids = ARRAY_SIZE(fw_images); #endif /* EFI_HAVE_CAPSULE_SUPPORT */ int board_phys_sdram_size(phys_size_t *size) diff --git a/board/kontron/sl28/sl28.c b/board/kontron/sl28/sl28.c index 89948e087f..4ab221c12b 100644 --- a/board/kontron/sl28/sl28.c +++ b/board/kontron/sl28/sl28.c @@ -40,10 +40,10 @@ struct efi_fw_image fw_images[] = { struct efi_capsule_update_info update_info = { .dfu_string = "sf 0:0=u-boot-bin raw 0x210000 0x1d0000;" "u-boot-env raw 0x3e0000 0x20000", + .num_images = ARRAY_SIZE(fw_images), .images = fw_images, }; -u8 num_image_type_guids = ARRAY_SIZE(fw_images); #endif /* EFI_HAVE_CAPSULE_SUPPORT */ int board_early_init_f(void) diff --git a/board/rockchip/evb_rk3399/evb-rk3399.c b/board/rockchip/evb_rk3399/evb-rk3399.c index c99ffdd75e..3c773d0930 100644 --- a/board/rockchip/evb_rk3399/evb-rk3399.c +++ b/board/rockchip/evb_rk3399/evb-rk3399.c @@ -18,10 +18,10 @@ static struct efi_fw_image fw_images[ROCKPI4_UPDATABLE_IMAGES] = {0}; struct efi_capsule_update_info update_info = { + .num_images = ROCKPI4_UPDATABLE_IMAGES, .images = fw_images, }; -u8 num_image_type_guids = ROCKPI4_UPDATABLE_IMAGES; #endif #ifndef CONFIG_SPL_BUILD diff --git a/board/sandbox/sandbox.c b/board/sandbox/sandbox.c index 2e44bdf0df..c7b6cb78ff 100644 --- a/board/sandbox/sandbox.c +++ b/board/sandbox/sandbox.c @@ -67,10 +67,10 @@ struct efi_fw_image fw_images[] = { struct efi_capsule_update_info update_info = { .dfu_string = "sf 0:0=u-boot-bin raw 0x100000 0x50000;" "u-boot-env raw 0x150000 0x200000", + .num_images = ARRAY_SIZE(fw_images), .images = fw_images, }; -u8 num_image_type_guids = ARRAY_SIZE(fw_images); #endif /* EFI_HAVE_CAPSULE_SUPPORT */ #if !CONFIG_IS_ENABLED(OF_PLATDATA) diff --git a/board/socionext/developerbox/developerbox.c b/board/socionext/developerbox/developerbox.c index 16e14d4f7f..d92e1d0962 100644 --- a/board/socionext/developerbox/developerbox.c +++ b/board/socionext/developerbox/developerbox.c @@ -41,10 +41,10 @@ struct efi_capsule_update_info update_info = { .dfu_string = "mtd nor1=u-boot.bin raw 200000 100000;" "fip.bin raw 180000 78000;" "optee.bin raw 500000 100000", + .num_images = ARRAY_SIZE(fw_images), .images = fw_images, }; -u8 num_image_type_guids = ARRAY_SIZE(fw_images); #endif /* EFI_HAVE_CAPSULE_SUPPORT */ static struct mm_region sc2a11_mem_map[] = { diff --git a/board/st/stm32mp1/stm32mp1.c b/board/st/stm32mp1/stm32mp1.c index 1a1b1844c8..5b28ccd32e 100644 --- a/board/st/stm32mp1/stm32mp1.c +++ b/board/st/stm32mp1/stm32mp1.c @@ -92,10 +92,10 @@ struct efi_fw_image fw_images[1]; struct efi_capsule_update_info update_info = { + .num_images = ARRAY_SIZE(fw_images), .images = fw_images, }; -u8 num_image_type_guids = ARRAY_SIZE(fw_images); #endif /* EFI_HAVE_CAPSULE_SUPPORT */ int board_early_init_f(void) diff --git a/board/xilinx/common/board.c b/board/xilinx/common/board.c index d071ebfb9c..0328d68e75 100644 --- a/board/xilinx/common/board.c +++ b/board/xilinx/common/board.c @@ -52,10 +52,10 @@ struct efi_fw_image fw_images[] = { }; struct efi_capsule_update_info update_info = { + .num_images = ARRAY_SIZE(fw_images), .images = fw_images, }; -u8 num_image_type_guids = ARRAY_SIZE(fw_images); #endif /* EFI_HAVE_CAPSULE_SUPPORT */ #define EEPROM_HEADER_MAGIC 0xdaaddeed diff --git a/include/efi_loader.h b/include/efi_loader.h index b395eef9e7..941d63467c 100644 --- a/include/efi_loader.h +++ b/include/efi_loader.h @@ -1078,15 +1078,16 @@ struct efi_fw_image { * platforms which enable capsule updates * * @dfu_string: String used to populate dfu_alt_info + * @num_images: The number of images array entries * @images: Pointer to an array of updatable images */ struct efi_capsule_update_info { const char *dfu_string; + int num_images; struct efi_fw_image *images; }; extern struct efi_capsule_update_info update_info; -extern u8 num_image_type_guids; /** * Install the ESRT system table. diff --git a/lib/efi_loader/efi_firmware.c b/lib/efi_loader/efi_firmware.c index 93e2b01c07..cc650e1443 100644 --- a/lib/efi_loader/efi_firmware.c +++ b/lib/efi_loader/efi_firmware.c @@ -131,7 +131,7 @@ static efi_status_t efi_fill_image_desc_array( struct efi_fw_image *fw_array; int i; - total_size = sizeof(*image_info) * num_image_type_guids; + total_size = sizeof(*image_info) * update_info.num_images; if (*image_info_size < total_size) { *image_info_size = total_size; @@ -141,13 +141,13 @@ static efi_status_t efi_fill_image_desc_array( *image_info_size = total_size; fw_array = update_info.images; - *descriptor_count = num_image_type_guids; + *descriptor_count = update_info.num_images; *descriptor_version = EFI_FIRMWARE_IMAGE_DESCRIPTOR_VERSION; *descriptor_size = sizeof(*image_info); *package_version = 0xffffffff; /* not supported */ *package_version_name = NULL; /* not supported */ - for (i = 0; i < num_image_type_guids; i++) { + for (i = 0; i < update_info.num_images; i++) { image_info[i].image_index = fw_array[i].image_index; image_info[i].image_type_id = fw_array[i].image_type_id; image_info[i].image_id = fw_array[i].image_index; diff --git a/lib/fwu_updates/fwu.c b/lib/fwu_updates/fwu.c index 5313d07302..3b1785e7b1 100644 --- a/lib/fwu_updates/fwu.c +++ b/lib/fwu_updates/fwu.c @@ -151,7 +151,7 @@ static int fwu_get_image_type_id(u8 *image_index, efi_guid_t *image_type_id) index = *image_index; image = update_info.images; - for (i = 0; i < num_image_type_guids; i++) { + for (i = 0; i < update_info.num_images; i++) { if (index == image[i].image_index) { guidcpy(image_type_id, &image[i].image_type_id); return 0; From patchwork Wed Jun 7 05:41:52 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Masahisa Kojima X-Patchwork-Id: 690167 Delivered-To: patch@linaro.org Received: by 2002:a5d:4d8a:0:0:0:0:0 with SMTP id b10csp139681wru; Tue, 6 Jun 2023 22:43:11 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ5P4d72rVov+airKFlVNXmQ3AU3Q0zyQd9KZo1r5a8DGFEYcgwKTDBrYf1t/d2RO0Yz4/FG X-Received: by 2002:a17:90a:1cb:b0:253:8e59:a867 with SMTP id 11-20020a17090a01cb00b002538e59a867mr3574638pjd.42.1686116590564; Tue, 06 Jun 2023 22:43:10 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1686116590; cv=none; d=google.com; s=arc-20160816; b=xKFm8x97+3YeRjUY/XShe4pn2F8m/PRvrA31Udd9neoMMF33/aezrJuY5h2hUErEXn ZmBQyjBPyVsrK43OAgQ+3m2TYxgKWGXQnNe4xQEUWHsMLU2ooDyK6c3A1f96A+BPYwnv eg5ABFDQ+Qlk0SMcxAyp6PYbHA5Uks7Jl5eD31IpCg4GG1gP7yLbJb8tr0YdQyUXwtVk y53HlM9Aan6SiJyL6dBI+JhwRkxj6EvPk0RRh1RbRAWnG373LVqQs3SEGIalyfNy4Lfn BAVktpC/c3f/Az3siXXp8fYVggFZSKpzpZf+8JMYRXn29akTxxO97+ut58pISYMflgg3 bUXQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:content-transfer-encoding :mime-version:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=2IN70eFeXz6Q9vM6tLv2AIX/QWqaoAmtJxNzK9zzo68=; b=obtfkijmwl+prC5n9wkMlKoSmjDD7FaWR5vz487OF8dFYtXS6kSNUK6XJ6ZGCQNZ3y IuO6hOSrK2C8+J6kgrkFL0a+FQi0ayYB9y+CJrQQboSOyWq2eaHcXgjxYsEJX6qC2oP2 g0ZDOtaj+bIHznrv6CSKwsJI/kq2MV6Ku5BQr5H5bDTvR4ir6h6ycksnoi/OJZdicFJa /OIYNvxHxcUDU4n5O8mUqYuPGWoG9fplbVg21tHJpdYI6+YdIukm4f8W//KPvOz0cxwy WNrOdB8iee61+NDKPaEyEYpmy4RrI7zd3O/CsWuAOdLUMWcWBc1lWIZEEau19rljOe1W S2dQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=ibiks8QI; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from phobos.denx.de (phobos.denx.de. [2a01:238:438b:c500:173d:9f52:ddab:ee01]) by mx.google.com with ESMTPS id br24-20020a17090b0f1800b00259b7a03125si606359pjb.29.2023.06.06.22.43.09 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 06 Jun 2023 22:43:10 -0700 (PDT) Received-SPF: pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) client-ip=2a01:238:438b:c500:173d:9f52:ddab:ee01; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=ibiks8QI; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id E6E2C85FE0; Wed, 7 Jun 2023 07:42:48 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="ibiks8QI"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id C482585FD2; Wed, 7 Jun 2023 07:42:46 +0200 (CEST) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.2 Received: from mail-pj1-x1033.google.com (mail-pj1-x1033.google.com [IPv6:2607:f8b0:4864:20::1033]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id 8B2B285D4E for ; Wed, 7 Jun 2023 07:42:43 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=masahisa.kojima@linaro.org Received: by mail-pj1-x1033.google.com with SMTP id 98e67ed59e1d1-2565a9107d2so5929108a91.0 for ; Tue, 06 Jun 2023 22:42:43 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1686116562; x=1688708562; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=2IN70eFeXz6Q9vM6tLv2AIX/QWqaoAmtJxNzK9zzo68=; b=ibiks8QIvKl+VbvEPYBEEEW0EMVO5ysH0uI/t7FHE5djUMNzxXgQTjhhjQw39VpAMx 14XM0uNotbEIc2vFrWLR67nEbQfNJhv8+SzZP2+NjDmVM2G6USXAlzW8HmQUOHSd9VRF SPyQslvFtI+TPdUPRmRLWPQ4Y0D6pw0bS6B3OX1f/urzxfSVnqwDhkISE3ciSJQnFu59 JcUmZn/aMP53+GBhoF9TgJuNg1wal+BWrT+oG8sKjgBIQVE5ov1MIsM7sR5SN64FlwXH Ri6FP23Pgf92d4AMmHEBfNJJyvBbZTwrnCUkt8VzNpMa/LnPhJqe/hQu9BduDXdB7O7C gAPw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1686116562; x=1688708562; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=2IN70eFeXz6Q9vM6tLv2AIX/QWqaoAmtJxNzK9zzo68=; b=AeC7pRQ+8VM7u1q1xxCOsapx5RG0MP4PKd2XVss/Hjj0GCjZccubxaNpc93phEDml6 g+vY7Lk9sVf/3kyLEDH8uRX/yE2AovzgTU/5mka8WEJmdQfHhGXHRmiSWF1c0WtFo6F2 m6AICYnxUReQxezaslQ1Sl7VdpVeMlRE+ICPGXnl1zEw+fRuqNJiOXPKFPzTRqLyQaC9 C4vN/IqLkcgq1xA6AZjIBb3/FMEc2dcxgTL27WUQ96kGxU/hNIHuAcKcxfNjlBuQn323 GAVdTJOjPHgVCk21RBrxnvoOf3+zMJH6NA8em39nlO3tQ+gl0xOmFX+C6Q3uWNicILNF o8mQ== X-Gm-Message-State: AC+VfDz4KGlwvjxxtY/FniEt0zrqzmr1d+yHCx9lttrA58UX06OQgsah PQW3Bs7f/laOf7hIMVbUBfWZyf+pksDV8cdDB4c= X-Received: by 2002:a17:90a:cf81:b0:255:2dde:17cc with SMTP id i1-20020a17090acf8100b002552dde17ccmr3895799pju.47.1686116561637; Tue, 06 Jun 2023 22:42:41 -0700 (PDT) Received: from ubuntu-SVE15129CJS.. ([240d:1a:cf7:5800:d3c2:bf07:d08b:b72d]) by smtp.gmail.com with ESMTPSA id fh2-20020a17090b034200b0024df2b712a7sm469033pjb.52.2023.06.06.22.42.39 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 06 Jun 2023 22:42:41 -0700 (PDT) From: Masahisa Kojima To: u-boot@lists.denx.de Cc: Heinrich Schuchardt , Ilias Apalodimas , Simon Glass , Takahiro Akashi , malte.schmidt-oss@weidmueller.com, Masahisa Kojima Subject: [PATCH v9 02/10] efi_loader: store firmware version into FmpState variable Date: Wed, 7 Jun 2023 14:41:52 +0900 Message-Id: <20230607054201.42702-3-masahisa.kojima@linaro.org> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20230607054201.42702-1-masahisa.kojima@linaro.org> References: <20230607054201.42702-1-masahisa.kojima@linaro.org> MIME-Version: 1.0 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.39 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.8 at phobos.denx.de X-Virus-Status: Clean Firmware version management is not implemented in the current FMP protocol. EDK II reference implementation capsule generation script inserts the FMP Payload Header right before the payload, FMP Payload Header contains the firmware version and lowest supported version. This commit utilizes the FMP Payload Header, reads the header and stores the firmware version into "FmpStateXXXX" EFI non-volatile variable. XXXX indicates the image index, since FMP protocol handles multiple image indexes. Note that lowest supported version included in the FMP Payload Header is not used. If the platform uses file-based EFI variable storage, it can be tampered. The file-based EFI variable storage is not the right place to store the lowest supported version for anti-rollback protection. This change is compatible with the existing FMP implementation. This change does not mandate the FMP Payload Header. If no FMP Payload Header is found in the capsule file, fw_version, lowest supported version, last attempt version and last attempt status is 0 and this is the same behavior as existing FMP implementation. Signed-off-by: Masahisa Kojima --- No update since v7 Changes in v7: - simplify efi_firmware_get_fw_version() function Changed in v6: - only store the fw_version in the FmpState EFI variable Changes in v4: - move lines that are the same in both branches out of the if statement - s/EDK2/EDK II/ - create print result function - set last_attempt_version when capsule authentication failed - use log_err() instead of printf() Changes in v3: - exclude CONFIG_FWU_MULTI_BANK_UPDATE case - set image_type_id as a vendor field of FmpStateXXXX variable - set READ_ONLY flag for FmpStateXXXX variable - add error code for FIT image case Changes in v2: - modify indent lib/efi_loader/efi_firmware.c | 164 ++++++++++++++++++++++++++++++---- 1 file changed, 145 insertions(+), 19 deletions(-) diff --git a/lib/efi_loader/efi_firmware.c b/lib/efi_loader/efi_firmware.c index cc650e1443..a798d380a3 100644 --- a/lib/efi_loader/efi_firmware.c +++ b/lib/efi_loader/efi_firmware.c @@ -10,6 +10,7 @@ #include #include #include +#include #include #include #include @@ -36,11 +37,52 @@ struct fmp_payload_header { u32 lowest_supported_version; }; +/** + * struct fmp_state - fmp firmware update state + * + * This structure describes the state of the firmware update + * through FMP protocol. + * + * @fw_version: Firmware versions used + * @lowest_supported_version: Lowest supported version + * @last_attempt_version: Last attempt version + * @last_attempt_status: Last attempt status + */ +struct fmp_state { + u32 fw_version; + u32 lowest_supported_version; /* not used */ + u32 last_attempt_version; /* not used */ + u32 last_attempt_status; /* not used */ +}; + __weak void set_dfu_alt_info(char *interface, char *devstr) { env_set("dfu_alt_info", update_info.dfu_string); } +/** + * efi_firmware_get_image_type_id - get image_type_id + * @image_index: image index + * + * Return the image_type_id identified by the image index. + * + * Return: pointer to the image_type_id, NULL if image_index is invalid + */ +static +efi_guid_t *efi_firmware_get_image_type_id(u8 image_index) +{ + int i; + struct efi_fw_image *fw_array; + + fw_array = update_info.images; + for (i = 0; i < update_info.num_images; i++) { + if (fw_array[i].image_index == image_index) + return &fw_array[i].image_type_id; + } + + return NULL; +} + /* Place holder; not supported */ static efi_status_t EFIAPI efi_firmware_get_image_unsupported( @@ -194,8 +236,6 @@ efi_status_t efi_firmware_capsule_authenticate(const void **p_image, { const void *image = *p_image; efi_uintn_t image_size = *p_image_size; - u32 fmp_hdr_signature; - struct fmp_payload_header *header; void *capsule_payload; efi_status_t status; efi_uintn_t capsule_payload_size; @@ -222,26 +262,104 @@ efi_status_t efi_firmware_capsule_authenticate(const void **p_image, debug("Updating capsule without authenticating.\n"); } - fmp_hdr_signature = FMP_PAYLOAD_HDR_SIGNATURE; - header = (void *)image; - - if (!memcmp(&header->signature, &fmp_hdr_signature, - sizeof(fmp_hdr_signature))) { - /* - * When building the capsule with the scripts in - * edk2, a FMP header is inserted above the capsule - * payload. Compensate for this header to get the - * actual payload that is to be updated. - */ - image += header->header_size; - image_size -= header->header_size; - } - *p_image = image; *p_image_size = image_size; return EFI_SUCCESS; } +/** + * efi_firmware_set_fmp_state_var - set FmpStateXXXX variable + * @state: Pointer to fmp state + * @image_index: image index + * + * Update the FmpStateXXXX variable with the firmware update state. + * + * Return: status code + */ +static +efi_status_t efi_firmware_set_fmp_state_var(struct fmp_state *state, u8 image_index) +{ + u16 varname[13]; /* u"FmpStateXXXX" */ + efi_status_t ret; + efi_guid_t *image_type_id; + struct fmp_state var_state = { 0 }; + + image_type_id = efi_firmware_get_image_type_id(image_index); + if (!image_type_id) + return EFI_INVALID_PARAMETER; + + efi_create_indexed_name(varname, sizeof(varname), "FmpState", + image_index); + + /* + * Only the fw_version is set here. + * lowest_supported_version in FmpState variable is ignored since + * it can be tampered if the file based EFI variable storage is used. + */ + var_state.fw_version = state->fw_version; + + ret = efi_set_variable_int(varname, image_type_id, + EFI_VARIABLE_READ_ONLY | + EFI_VARIABLE_NON_VOLATILE | + EFI_VARIABLE_BOOTSERVICE_ACCESS | + EFI_VARIABLE_RUNTIME_ACCESS, + sizeof(var_state), &var_state, false); + + return ret; +} + +/** + * efi_firmware_get_fw_version - get fw_version from FMP payload header + * @p_image: Pointer to new image + * @p_image_size: Pointer to size of new image + * @state: Pointer to fmp state + * + * Parse the FMP payload header and fill the fmp_state structure. + * If no FMP payload header is found, fmp_state structure is not updated. + * + */ +static void efi_firmware_get_fw_version(const void **p_image, + efi_uintn_t *p_image_size, + struct fmp_state *state) +{ + const struct fmp_payload_header *header; + u32 fmp_hdr_signature = FMP_PAYLOAD_HDR_SIGNATURE; + + header = *p_image; + if (header->signature == fmp_hdr_signature) { + /* FMP header is inserted above the capsule payload */ + state->fw_version = header->fw_version; + + *p_image += header->header_size; + *p_image_size -= header->header_size; + } +} + +/** + * efi_firmware_verify_image - verify image + * @p_image: Pointer to new image + * @p_image_size: Pointer to size of new image + * @image_index: Image index + * @state: Pointer to fmp state + * + * Verify the capsule file + * + * Return: status code + */ +static +efi_status_t efi_firmware_verify_image(const void **p_image, + efi_uintn_t *p_image_size, + u8 image_index, + struct fmp_state *state) +{ + efi_status_t ret; + + ret = efi_firmware_capsule_authenticate(p_image, p_image_size); + efi_firmware_get_fw_version(p_image, p_image_size, state); + + return ret; +} + /** * efi_firmware_get_image_info - return information about the current * firmware image @@ -331,6 +449,7 @@ efi_status_t EFIAPI efi_firmware_fit_set_image( u16 **abort_reason) { efi_status_t status; + struct fmp_state state = { 0 }; EFI_ENTRY("%p %d %p %zu %p %p %p\n", this, image_index, image, image_size, vendor_code, progress, abort_reason); @@ -338,13 +457,16 @@ efi_status_t EFIAPI efi_firmware_fit_set_image( if (!image || image_index != 1) return EFI_EXIT(EFI_INVALID_PARAMETER); - status = efi_firmware_capsule_authenticate(&image, &image_size); + status = efi_firmware_verify_image(&image, &image_size, image_index, + &state); if (status != EFI_SUCCESS) return EFI_EXIT(status); if (fit_update(image)) return EFI_EXIT(EFI_DEVICE_ERROR); + efi_firmware_set_fmp_state_var(&state, image_index); + return EFI_EXIT(EFI_SUCCESS); } @@ -392,6 +514,7 @@ efi_status_t EFIAPI efi_firmware_raw_set_image( { int ret; efi_status_t status; + struct fmp_state state = { 0 }; EFI_ENTRY("%p %d %p %zu %p %p %p\n", this, image_index, image, image_size, vendor_code, progress, abort_reason); @@ -399,7 +522,8 @@ efi_status_t EFIAPI efi_firmware_raw_set_image( if (!image) return EFI_EXIT(EFI_INVALID_PARAMETER); - status = efi_firmware_capsule_authenticate(&image, &image_size); + status = efi_firmware_verify_image(&image, &image_size, image_index, + &state); if (status != EFI_SUCCESS) return EFI_EXIT(status); @@ -419,6 +543,8 @@ efi_status_t EFIAPI efi_firmware_raw_set_image( NULL, NULL)) return EFI_EXIT(EFI_DEVICE_ERROR); + efi_firmware_set_fmp_state_var(&state, image_index); + return EFI_EXIT(EFI_SUCCESS); } From patchwork Wed Jun 7 05:41:53 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Masahisa Kojima X-Patchwork-Id: 690168 Delivered-To: patch@linaro.org Received: by 2002:a5d:4d8a:0:0:0:0:0 with SMTP id b10csp139755wru; Tue, 6 Jun 2023 22:43:24 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ68S803XJ1095s7bVQu0LDzpo7p2YIKR1HpR2aQdZ3o5RMZMNXTkuDPtD1n/PH2Jswc4jt2 X-Received: by 2002:a05:6a21:9101:b0:10a:9f45:e3f with SMTP id tn1-20020a056a21910100b0010a9f450e3fmr789182pzb.12.1686116603941; Tue, 06 Jun 2023 22:43:23 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1686116603; cv=none; d=google.com; s=arc-20160816; b=tPx749DqaKflLvMuWEOEOtA8HB1A45fHil8YAum7Od5IW4VpU29Z1FitoeA29ZN6SG dMLyKBBwpQSHlxcWwYZNEdqDvssmWChWkWQ114kBsYGbduvP0IWJ7rzgj1KyV2kCJ7O6 IXh3BXKx/9iZjiEQCL5GPKaLGOUfmRkEfaiaiy5U+tEJpkioIfQFjV6WLcPz6Ldtb4Eb HhygvzuWYwV55gQ6oy5x6eQhpYZwz0zQ/jOkanvX3KC5GXuV6Rhl1isjvXv/uLSdg3G6 +JoncZE8mAKjbEjcvT2wn3gvURyJid+Lmw44cDh+4n2Voiga4pM1ppf2xd9wmMtJOpGK j0jw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:content-transfer-encoding :mime-version:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=n0Z04dWPgPckxWdjfSL17/6m3hBT++D2uJu2TYzne6g=; b=TSXpWfqn/ACx4ECBsygMD02hRCfE5lPUY4dd2WRsJn/SQ3sBhliZ6KAcKPfjW9HM2l O/HyDU8yQkI7jEuJSuX/jPBr7ljWRaQG0d+5qK1T72UPndL8mXNPdMqgYmHqCv+IQkWJ Db/H5FOP5QhOB+rhEZ3MxwQ9ezHux0fSldEaKUXbBD9wNdDmKPzhJTCAtacMixMHBnhp v2xLdu4Qja6Eb5fhQ+3vKbk3KJeUkAqYd7/0tg9v7Gr1i8V7mfCvkKuZ9RGFvpzYa3nc xXOvVLCNkgTh5iWGaE3Co8KaL2vUJX/+76oaXe/76T9O4L1m3vAs8PdCYxgSdf6WSFis Xi3A== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=o7pJhXnl; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 85.214.62.61 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from phobos.denx.de (phobos.denx.de. [85.214.62.61]) by mx.google.com with ESMTPS id d18-20020a170902aa9200b001aadd1e0384si8297406plr.192.2023.06.06.22.43.22 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 06 Jun 2023 22:43:23 -0700 (PDT) Received-SPF: pass (google.com: domain of u-boot-bounces@lists.denx.de designates 85.214.62.61 as permitted sender) client-ip=85.214.62.61; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=o7pJhXnl; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 85.214.62.61 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 90F7E86020; Wed, 7 Jun 2023 07:42:51 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="o7pJhXnl"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id ECDC385FD2; Wed, 7 Jun 2023 07:42:48 +0200 (CEST) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.2 Received: from mail-oo1-xc31.google.com (mail-oo1-xc31.google.com [IPv6:2607:f8b0:4864:20::c31]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id 1E66E85F8E for ; Wed, 7 Jun 2023 07:42:46 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=masahisa.kojima@linaro.org Received: by mail-oo1-xc31.google.com with SMTP id 006d021491bc7-558b04141e2so2579822eaf.0 for ; Tue, 06 Jun 2023 22:42:46 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1686116564; x=1688708564; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=n0Z04dWPgPckxWdjfSL17/6m3hBT++D2uJu2TYzne6g=; b=o7pJhXnlRsQIlwQhlCy2RFuoTc9nlB7TWD+s4R/ftK9tyotKTgHItQex8w7fONOhRK lz0qX9mqbvws9TY4gTjfOtM79yuon3sTsWHEOudB02BDNSn1tw6Vti8MKUkURrW+JPGu YBFOVwh1z3XsxYqC3tiXhTiAdQdCw99y6bl/UHhu1XuKMQ6CU38OKSCcBa3r4UtynYUh hWkh+1p5kfezmHcL9DRnxhxnsdkJ4MMl/ZfzZ1p44Vm5VnugAxoDQATsr/Ags0rEmWy7 McKL4VoDwFDTza35+x66ABG0IRjbzIlpzBIHAPh+V5TBLGKra8EvreoWiBDAxhI6iPcZ ijDQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1686116564; x=1688708564; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=n0Z04dWPgPckxWdjfSL17/6m3hBT++D2uJu2TYzne6g=; b=TqSsGTIeeEA96UIqK5N34nsr0+aqYD+Lt66FVUpZx0MH+CIND6E1tAyp5y8mgGUZq4 asbPp/ED7dcJmPiivR1DmXn26tFBIqqHE9Z0gu/CTf/y6inilSWYRANZQEoEq+zcuLQ6 AmmvAqwofatG7QWm94biMzHms4d3AEaeUk8fisEFR9MrrU299KqdyM7Hp/sHmZleGAsC WDERrLZhHymxTi8YSrhOJ2gIQQa2a1Lq9MzCrx6avkWwNrE+c8HmCBZt5DxZCSntH5sO JC1mYzH1/2W2OkC1ZhdWDk0t+8f6F591Q/Jy/7KvBZWRKcAXNGvmg7skYEnLFFKpZ0l4 MAnA== X-Gm-Message-State: AC+VfDwIe43Fgc+jy1DXp6vEgRBb9E8vOXx3Ji/ucni/AIRxNoAguGaD HWe4gMjeV1HXEfIzhZz3PK7aUtLkj1+NzkieYQA= X-Received: by 2002:a05:6358:1a9c:b0:128:5278:cbcf with SMTP id gm28-20020a0563581a9c00b001285278cbcfmr2279112rwb.31.1686116564415; Tue, 06 Jun 2023 22:42:44 -0700 (PDT) Received: from ubuntu-SVE15129CJS.. ([240d:1a:cf7:5800:d3c2:bf07:d08b:b72d]) by smtp.gmail.com with ESMTPSA id fh2-20020a17090b034200b0024df2b712a7sm469033pjb.52.2023.06.06.22.42.42 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 06 Jun 2023 22:42:43 -0700 (PDT) From: Masahisa Kojima To: u-boot@lists.denx.de Cc: Heinrich Schuchardt , Ilias Apalodimas , Simon Glass , Takahiro Akashi , malte.schmidt-oss@weidmueller.com, Masahisa Kojima Subject: [PATCH v9 03/10] efi_loader: versioning support in GetImageInfo Date: Wed, 7 Jun 2023 14:41:53 +0900 Message-Id: <20230607054201.42702-4-masahisa.kojima@linaro.org> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20230607054201.42702-1-masahisa.kojima@linaro.org> References: <20230607054201.42702-1-masahisa.kojima@linaro.org> MIME-Version: 1.0 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.39 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.8 at phobos.denx.de X-Virus-Status: Clean Current FMP->GetImageInfo() always return 0 for the firmware version, user can not identify which firmware version is currently running through the EFI interface. This commit reads the "FmpStateXXXX" EFI variable, then fills the firmware version in FMP->GetImageInfo(). Now FMP->GetImageInfo() and ESRT have the meaningful version number. Signed-off-by: Masahisa Kojima Reviewed-by: Ilias Apalodimas --- No update since v6 Changes in v6: - create function to fill the version information lib/efi_loader/efi_firmware.c | 41 ++++++++++++++++++++++++++++++----- 1 file changed, 35 insertions(+), 6 deletions(-) diff --git a/lib/efi_loader/efi_firmware.c b/lib/efi_loader/efi_firmware.c index a798d380a3..5b71a2fcc9 100644 --- a/lib/efi_loader/efi_firmware.c +++ b/lib/efi_loader/efi_firmware.c @@ -144,6 +144,39 @@ efi_status_t EFIAPI efi_firmware_set_package_info_unsupported( return EFI_EXIT(EFI_UNSUPPORTED); } +/** + * efi_firmware_fill_version_info - fill the version information + * @image_info: Image information + * @fw_array: Pointer to size of new image + * + * Fill the version information into image_info strucrure. + * + */ +static +void efi_firmware_fill_version_info(struct efi_firmware_image_descriptor *image_info, + struct efi_fw_image *fw_array) +{ + u16 varname[13]; /* u"FmpStateXXXX" */ + efi_status_t ret; + efi_uintn_t size; + struct fmp_state var_state = { 0 }; + + efi_create_indexed_name(varname, sizeof(varname), "FmpState", + fw_array->image_index); + size = sizeof(var_state); + ret = efi_get_variable_int(varname, &fw_array->image_type_id, + NULL, &size, &var_state, NULL); + if (ret == EFI_SUCCESS) + image_info->version = var_state.fw_version; + else + image_info->version = 0; + + image_info->version_name = NULL; /* not supported */ + image_info->lowest_supported_image_version = 0; + image_info->last_attempt_version = 0; + image_info->last_attempt_status = LAST_ATTEMPT_STATUS_SUCCESS; +} + /** * efi_fill_image_desc_array - populate image descriptor array * @image_info_size: Size of @image_info @@ -193,11 +226,10 @@ static efi_status_t efi_fill_image_desc_array( image_info[i].image_index = fw_array[i].image_index; image_info[i].image_type_id = fw_array[i].image_type_id; image_info[i].image_id = fw_array[i].image_index; - image_info[i].image_id_name = fw_array[i].fw_name; - image_info[i].version = 0; /* not supported */ - image_info[i].version_name = NULL; /* not supported */ + efi_firmware_fill_version_info(&image_info[i], &fw_array[i]); + image_info[i].size = 0; image_info[i].attributes_supported = IMAGE_ATTRIBUTE_IMAGE_UPDATABLE | @@ -210,9 +242,6 @@ static efi_status_t efi_fill_image_desc_array( image_info[0].attributes_setting |= IMAGE_ATTRIBUTE_AUTHENTICATION_REQUIRED; - image_info[i].lowest_supported_image_version = 0; - image_info[i].last_attempt_version = 0; - image_info[i].last_attempt_status = LAST_ATTEMPT_STATUS_SUCCESS; image_info[i].hardware_instance = 1; image_info[i].dependencies = NULL; } From patchwork Wed Jun 7 05:41:54 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Masahisa Kojima X-Patchwork-Id: 690169 Delivered-To: patch@linaro.org Received: by 2002:a5d:4d8a:0:0:0:0:0 with SMTP id b10csp139795wru; Tue, 6 Jun 2023 22:43:37 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ73jlD1G/BLWjdz8p8E05XHRJa15IrXq/MPIml+G7SfJoZR+XmunR1buRjkT/GwaqR7ZzNe X-Received: by 2002:a17:903:32cf:b0:1b2:1ee9:682 with SMTP id i15-20020a17090332cf00b001b21ee90682mr2893754plr.23.1686116617141; Tue, 06 Jun 2023 22:43:37 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1686116617; cv=none; d=google.com; s=arc-20160816; b=VXZSYE2P+xWBcm6gC0FO7OYaRihLBD2fBSdXVRfOq3oj7JLYjNG6XvQZDhEqaykukk zJ6dTdiOeJXzj9/0YSKKn57t6aMkyvewMTzDeXHvaqco5tk3q4Yi+O+XrygwwX0bI6lJ oEjRy/TOpwBRsIqiWmbarX5uxg25oChzdwLYvCe8XQl7mq38yGDSqr2SbwaIRvpxIDtV Rz39XRDmmbuq3E0c1zL5t+HEFdoTe1F9RQgfSYwWKIxZ0AW4jePAr22Y0EUK2bHTBa75 T8rK3B/u3bbjMtSs9pZImSDzDRw6jv/ebUrcfwCto4FCVBCuxGLYt7psmQEJqCHkrVMU mOkA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:content-transfer-encoding :mime-version:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=zHNH1e3DvXkdHTV1G1nA6dtwhOQUMXNT/LMvyWH6ix0=; b=lKkQypNlAxeEHofYxM/Aqw9vzZdg+TWPB0N/sEOuxWB6+ZaeXoYnE5OfeWBq59yJHc pouOH6JP/25eplEwpl4XRGKXmWuzQETq8yy/KuYozU/LDT9V9wghx5U+XBinzYOuHLt2 3NIy3N9JiOmYYvPoiti0I+WR0ZQmYkGxUSbRPzTxNszIR4Xb8Y771vCO/o7LXvBzyqjy R3XhkShhgLj82nvHfKNQKC2/zW5mTX/rkKLKyzTxGUyape3pq41IG5fHHp1jdSTxTpcR IfCuZmVfQyHg/HZYmKg5PWMgo9ccTT9dc2DsXWL0l4ch6VLEugaPFbtf+KJWSndYwYfU hyAA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=cmgfClUC; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from phobos.denx.de (phobos.denx.de. [2a01:238:438b:c500:173d:9f52:ddab:ee01]) by mx.google.com with ESMTPS id e14-20020a17090301ce00b001afada38c64si8443466plh.302.2023.06.06.22.43.36 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 06 Jun 2023 22:43:37 -0700 (PDT) Received-SPF: pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) client-ip=2a01:238:438b:c500:173d:9f52:ddab:ee01; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=cmgfClUC; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id A254385FDD; Wed, 7 Jun 2023 07:42:56 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="cmgfClUC"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id 0052185FEB; Wed, 7 Jun 2023 07:42:54 +0200 (CEST) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.2 Received: from mail-oo1-xc32.google.com (mail-oo1-xc32.google.com [IPv6:2607:f8b0:4864:20::c32]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id D7C0A80181 for ; Wed, 7 Jun 2023 07:42:49 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=masahisa.kojima@linaro.org Received: by mail-oo1-xc32.google.com with SMTP id 006d021491bc7-55564892accso4747061eaf.2 for ; Tue, 06 Jun 2023 22:42:49 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1686116568; x=1688708568; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=zHNH1e3DvXkdHTV1G1nA6dtwhOQUMXNT/LMvyWH6ix0=; b=cmgfClUCHbOnTD0QC4CYcSEVvfF9E2LM91FUA4mV7EIJKVsUMgsASuqm9BAizppoyD 4gXkaeMisLUzEeteb9FTQKrI2QIxp194gkDBk3GeuCUyi+eXGGXKLN8Ud4SNLlvxiKDt 5fPp+7OYxJvFYExkhZ83Hw6kNT8qwCG41iUU6T4/EffqcNrelr99NKemi+Ju1gvnxwdI uB15JDQuRH94xPRGw+88JYi7MiBvn8bCGlj6JooyN6bOc2J8h3KNQibcAWgUs6dbNWql JM9Vx7Fii2x9L6uAuUNPBcMu97NwS4UB5QTcGd7OPSopa4TViQCjJ8Fc8GwbZaaV/AlV dzuA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1686116568; x=1688708568; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=zHNH1e3DvXkdHTV1G1nA6dtwhOQUMXNT/LMvyWH6ix0=; b=Ew3FpTptPmzx2h4RFPmreNBDfZfEtGDEZEh3+Qwmej8+zGdaNaiRGXgX3BqS7lMaVX MJ2Gaf/qqpmC+y93cJFcz2ZgCB9nGj/YKCa9/qpkApG/YVHB18G014BES8NCRV9gp7v0 V3n0qLJly3TxWpOwkgCqiVKPiMEoyZZ2OtCk0AGKs7roZ13Tn3X1JoULJdj2ymdbC1KN 2GE3AI+tSc1as1KY9HfHi9C3wuMwGXzrBYnuxwJ1fKCdG06cf5LlqCok7jKmplTJ5vvk Cjndp5H83qI0xjjKvIW4Mtw2JKTV70MH6qB4bu5Mx3mie9GvFTvqZudOVY7QgBQ8kSh+ lJMA== X-Gm-Message-State: AC+VfDzzak+3nte3RcpMquhEbKGG94JjxIE9avmkqp9oMX0uFqM/v+Q5 5K+3KJWISQEl50jK0Kg+z+pH5bDTasTv0TBC0Bw= X-Received: by 2002:a05:6358:1a9c:b0:128:5278:cbcf with SMTP id gm28-20020a0563581a9c00b001285278cbcfmr2279270rwb.31.1686116567958; Tue, 06 Jun 2023 22:42:47 -0700 (PDT) Received: from ubuntu-SVE15129CJS.. ([240d:1a:cf7:5800:d3c2:bf07:d08b:b72d]) by smtp.gmail.com with ESMTPSA id fh2-20020a17090b034200b0024df2b712a7sm469033pjb.52.2023.06.06.22.42.45 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 06 Jun 2023 22:42:47 -0700 (PDT) From: Masahisa Kojima To: u-boot@lists.denx.de Cc: Heinrich Schuchardt , Ilias Apalodimas , Simon Glass , Takahiro Akashi , malte.schmidt-oss@weidmueller.com, Masahisa Kojima Subject: [PATCH v9 04/10] efi_loader: get lowest supported version from device tree Date: Wed, 7 Jun 2023 14:41:54 +0900 Message-Id: <20230607054201.42702-5-masahisa.kojima@linaro.org> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20230607054201.42702-1-masahisa.kojima@linaro.org> References: <20230607054201.42702-1-masahisa.kojima@linaro.org> MIME-Version: 1.0 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.39 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.8 at phobos.denx.de X-Virus-Status: Clean This commit gets the lowest supported version from device tree, then fills the lowest supported version in FMP->GetImageInfo(). Signed-off-by: Masahisa Kojima Reviewed-by: Ilias Apalodimas --- No update since v6 Changed in v6: - fw_version is removed from device tree .../firmware/firmware-version.txt | 22 ++++++++ lib/efi_loader/efi_firmware.c | 50 ++++++++++++++++++- 2 files changed, 71 insertions(+), 1 deletion(-) create mode 100644 doc/device-tree-bindings/firmware/firmware-version.txt diff --git a/doc/device-tree-bindings/firmware/firmware-version.txt b/doc/device-tree-bindings/firmware/firmware-version.txt new file mode 100644 index 0000000000..ee90ce3117 --- /dev/null +++ b/doc/device-tree-bindings/firmware/firmware-version.txt @@ -0,0 +1,22 @@ +firmware-version bindings +------------------------------- + +Required properties: +- image-type-id : guid for image blob type +- image-index : image index +- lowest-supported-version : lowest supported version + +Example: + + firmware-version { + image1 { + image-type-id = "09D7CF52-0720-4710-91D1-08469B7FE9C8"; + image-index = <1>; + lowest-supported-version = <3>; + }; + image2 { + image-type-id = "5A7021F5-FEF2-48B4-AABA-832E777418C0"; + image-index = <2>; + lowest-supported-version = <7>; + }; + }; diff --git a/lib/efi_loader/efi_firmware.c b/lib/efi_loader/efi_firmware.c index 5b71a2fcc9..ae631f49f7 100644 --- a/lib/efi_loader/efi_firmware.c +++ b/lib/efi_loader/efi_firmware.c @@ -144,6 +144,51 @@ efi_status_t EFIAPI efi_firmware_set_package_info_unsupported( return EFI_EXIT(EFI_UNSUPPORTED); } +/** + * efi_firmware_get_lsv_from_dtb - get lowest supported version from dtb + * @image_index: Image index + * @image_type_id: Image type id + * @lsv: Pointer to store the lowest supported version + * + * Read the firmware version information from dtb. + */ +static void efi_firmware_get_lsv_from_dtb(u8 image_index, + efi_guid_t *image_type_id, u32 *lsv) +{ + const void *fdt = gd->fdt_blob; + const fdt32_t *val; + const char *guid_str; + int len, offset, index; + int parent; + + *lsv = 0; + + parent = fdt_subnode_offset(fdt, 0, "firmware-version"); + if (parent < 0) + return; + + fdt_for_each_subnode(offset, fdt, parent) { + efi_guid_t guid; + + guid_str = fdt_getprop(fdt, offset, "image-type-id", &len); + if (!guid_str) + continue; + uuid_str_to_bin(guid_str, guid.b, UUID_STR_FORMAT_GUID); + + val = fdt_getprop(fdt, offset, "image-index", &len); + if (!val) + continue; + index = fdt32_to_cpu(*val); + + if (!guidcmp(&guid, image_type_id) && index == image_index) { + val = fdt_getprop(fdt, offset, + "lowest-supported-version", &len); + if (val) + *lsv = fdt32_to_cpu(*val); + } + } +} + /** * efi_firmware_fill_version_info - fill the version information * @image_info: Image information @@ -171,8 +216,11 @@ void efi_firmware_fill_version_info(struct efi_firmware_image_descriptor *image_ else image_info->version = 0; + efi_firmware_get_lsv_from_dtb(fw_array->image_index, + &fw_array->image_type_id, + &image_info->lowest_supported_image_version); + image_info->version_name = NULL; /* not supported */ - image_info->lowest_supported_image_version = 0; image_info->last_attempt_version = 0; image_info->last_attempt_status = LAST_ATTEMPT_STATUS_SUCCESS; } From patchwork Wed Jun 7 05:41:55 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Masahisa Kojima X-Patchwork-Id: 690170 Delivered-To: patch@linaro.org Received: by 2002:a5d:4d8a:0:0:0:0:0 with SMTP id b10csp139867wru; Tue, 6 Jun 2023 22:43:50 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ4J0TmdoBe0dbX7bMSNscGZCpa2rqKdNlFLOBBQMfUgDILEeJUrAQCgIDyzS/kdMakAa+mC X-Received: by 2002:aca:1c11:0:b0:39a:531b:db6c with SMTP id c17-20020aca1c11000000b0039a531bdb6cmr4305167oic.47.1686116629900; Tue, 06 Jun 2023 22:43:49 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1686116629; cv=none; d=google.com; s=arc-20160816; b=xsKDrKnQU30xJmGfqNxN1ZGzXhVXEXBk+0V1XzJHdmiIOscm/Q7v4G6l2Ra0+9vFyO 9+l5HPSK6/gpSgUU0elvkCecjWO3HFV1aGzV8MeCZIbmfopZtRIepsLhaG4lyNUFgu+M afBHFE88l4ngkcPSdrFFiZnWQGwlGDk99Hek27yQ1SMRGKdC98p9FRKyhBtYNDEur0Hl t7lkGA7rvbA0ZTd2gYdHrvOPyyRIxdFJiVlI7Ge6fOLOrcAP/xNng4nlg/lO3k6nRvGw PAz9O4wv/h/yJYmoPm4WEANGztUI0QtzFJTMql1NmySbFVBzhb4vWGHwAdb53Z9Yd2t8 DZPw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:content-transfer-encoding :mime-version:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=kAiYNifcUFjH2u10kgcQy2iwEfX1E4cUKuU88IaJLNg=; b=xSZcly4p7jUt0ynuBZkoAqgvA0OsRfJDv420nAzJ/HTk6L/9/l4VAJkQ5uGJZMekM3 MLqt2eihR6Xb+qIZ7s7dF/eUuADAA7bsF4krqGGbxizyCQn/8lWy8EaZKClrFm0UnB2L QN9HsYHbtjVJpTzMvYttrDrTAwdH8RF5pCALfE4o+NVTPiWOKRfT3wyqDjToj+ZC+HhL 0dGuDftb4s2wbjbwTViDk7Le2OreYLHHJJgjfdCmKaGRyE8+wOO4hrABzQ4OPVPfyrcM 1Zkr3HVwcN2caZrF13PeieRJebkGrwReyaiU7jcEPX+NLf2D8GQMqM+Ryn9VmLmAqffz OriQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=EhhqBtJ8; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from phobos.denx.de (phobos.denx.de. [2a01:238:438b:c500:173d:9f52:ddab:ee01]) by mx.google.com with ESMTPS id w12-20020a17090aea0c00b002568322e3d0si616602pjy.34.2023.06.06.22.43.48 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 06 Jun 2023 22:43:49 -0700 (PDT) Received-SPF: pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) client-ip=2a01:238:438b:c500:173d:9f52:ddab:ee01; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=EhhqBtJ8; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 732D585FF6; Wed, 7 Jun 2023 07:42:58 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="EhhqBtJ8"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id 6482385FD3; Wed, 7 Jun 2023 07:42:56 +0200 (CEST) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.2 Received: from mail-oi1-x232.google.com (mail-oi1-x232.google.com [IPv6:2607:f8b0:4864:20::232]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id 269EA85FD3 for ; Wed, 7 Jun 2023 07:42:53 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=masahisa.kojima@linaro.org Received: by mail-oi1-x232.google.com with SMTP id 5614622812f47-39a9b16b37bso3509032b6e.1 for ; Tue, 06 Jun 2023 22:42:53 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1686116571; x=1688708571; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=kAiYNifcUFjH2u10kgcQy2iwEfX1E4cUKuU88IaJLNg=; b=EhhqBtJ8BiEBFENn/8Dvj9+5s19AU2hFzIsaMgeUFzYu1mauGEFQYCCJyPT3WIPmXL Ths7DexVT/h2+FdhSaevWWGmd1TXt4W/m/+Owxk1zakPDXhJn8DQW2ryq3qm6TofgDV6 Ni5F0f1cIysLhlKfAcnNRsNqJtcPakEWZOaobeAfWjpbKfRIvrtYx6KRcaBu5jsTPAag kiNgChzeYsHEFbU9MO3SXDxUUuW5KHwy6/lHf5J6vwwMbMRkP+AowEAcxcaa+RY1OHoc 5f2N4TiBZnUFJokKICEk2llMv0mryTjCYTbKWXpcsZkyFZVeKUg22pkAot6U6ZpM+u8m wCXg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1686116571; x=1688708571; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=kAiYNifcUFjH2u10kgcQy2iwEfX1E4cUKuU88IaJLNg=; b=HSS54L4Xr9fvPVHNjm2ERsWIN0tkva6JyzNexqmA1Up/kgme0SHZpo3yCaKE9pssFk 46KgKVz73IR6XE1BGyvoy2mwAOLinL43P8JWl0j/I6LuUnyUTuIs5FZj31Vk+ZLbeAE9 PrumckDYJ4ceHC/qMm3IWyjZw7X3CZLg6reCOiu6h/VCMNm9QJPkTpVeiPtYsOgWbQog A6RmF4n01t+pgRoKeyCkQt2FHv6enmssNF7IzBORinE3dcu36NOkm6ZJuxfk/TzO/CeF DegKL0VZJ4teWslhmDv8tY/W+5O9LHc9MLG1NwhBwhEtZf5YThovfOIbxaVk04nuzdh8 AF1g== X-Gm-Message-State: AC+VfDyfPQoaxOPYm5UaOyogIhmgahNHIcVVhalgFy++51CKMh7BqErh BMuARSGS+GohpzC44coFZbBWMr62JhwPHqqApTA= X-Received: by 2002:a05:6808:17:b0:39c:6a9b:2eeb with SMTP id u23-20020a056808001700b0039c6a9b2eebmr281571oic.46.1686116570864; Tue, 06 Jun 2023 22:42:50 -0700 (PDT) Received: from ubuntu-SVE15129CJS.. ([240d:1a:cf7:5800:d3c2:bf07:d08b:b72d]) by smtp.gmail.com with ESMTPSA id fh2-20020a17090b034200b0024df2b712a7sm469033pjb.52.2023.06.06.22.42.48 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 06 Jun 2023 22:42:50 -0700 (PDT) From: Masahisa Kojima To: u-boot@lists.denx.de Cc: Heinrich Schuchardt , Ilias Apalodimas , Simon Glass , Takahiro Akashi , malte.schmidt-oss@weidmueller.com, Masahisa Kojima Subject: [PATCH v9 05/10] efi_loader: check lowest supported version Date: Wed, 7 Jun 2023 14:41:55 +0900 Message-Id: <20230607054201.42702-6-masahisa.kojima@linaro.org> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20230607054201.42702-1-masahisa.kojima@linaro.org> References: <20230607054201.42702-1-masahisa.kojima@linaro.org> MIME-Version: 1.0 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.39 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.8 at phobos.denx.de X-Virus-Status: Clean The FMP Payload Header which EDK II capsule generation scripts insert has a firmware version. This commit reads the lowest supported version stored in the device tree, then check if the firmware version in FMP payload header of the ongoing capsule is equal or greater than the lowest supported version. If the firmware version is lower than lowest supported version, capsule update will not be performed. Signed-off-by: Masahisa Kojima --- No update since v7 Changes in v7: - return immediately if efi_firmware_capsule_authenticate() fails Changes in v6: - get aligned to the latest implementation Changes in v5: - newly implement the device tree based versioning Changes in v4: - use log_err() instead of printf() Changes in v2: - add error message when the firmware version is lower than lowest supported version lib/efi_loader/efi_firmware.c | 19 ++++++++++++++++++- 1 file changed, 18 insertions(+), 1 deletion(-) diff --git a/lib/efi_loader/efi_firmware.c b/lib/efi_loader/efi_firmware.c index ae631f49f7..b557738370 100644 --- a/lib/efi_loader/efi_firmware.c +++ b/lib/efi_loader/efi_firmware.c @@ -419,7 +419,8 @@ static void efi_firmware_get_fw_version(const void **p_image, * @image_index: Image index * @state: Pointer to fmp state * - * Verify the capsule file + * Verify the capsule authentication and check if the fw_version + * is equal or greater than the lowest supported version. * * Return: status code */ @@ -429,11 +430,27 @@ efi_status_t efi_firmware_verify_image(const void **p_image, u8 image_index, struct fmp_state *state) { + u32 lsv; efi_status_t ret; + efi_guid_t *image_type_id; ret = efi_firmware_capsule_authenticate(p_image, p_image_size); + if (ret != EFI_SUCCESS) + return ret; + efi_firmware_get_fw_version(p_image, p_image_size, state); + image_type_id = efi_firmware_get_image_type_id(image_index); + if (!image_type_id) + return EFI_INVALID_PARAMETER; + + efi_firmware_get_lsv_from_dtb(image_index, image_type_id, &lsv); + if (state->fw_version < lsv) { + log_err("Firmware version %u too low. Expecting >= %u. Aborting update\n", + state->fw_version, lsv); + return EFI_INVALID_PARAMETER; + } + return ret; } From patchwork Wed Jun 7 05:41:56 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Masahisa Kojima X-Patchwork-Id: 690171 Delivered-To: patch@linaro.org Received: by 2002:a5d:4d8a:0:0:0:0:0 with SMTP id b10csp139916wru; Tue, 6 Jun 2023 22:44:02 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ4dOuQYHdRujeTktXEXVhoezQ5L6LVguN1lHpBKVoQI98Hu/fZwYeRyaxYDlUi3PGSBInjO X-Received: by 2002:a25:1402:0:b0:b8f:5639:cb8a with SMTP id 2-20020a251402000000b00b8f5639cb8amr4155957ybu.9.1686116642653; Tue, 06 Jun 2023 22:44:02 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1686116642; cv=none; d=google.com; s=arc-20160816; b=Yqbv0ws/tmFdnOdf9DmVApP4ak6P8wUpH8FKfYx4eUEWcb4xZl7tTwUBsSG+2dQhRW gWEgHoSo6kqvZ7jeauyFSwL9Jexs9Eo5X/WsweUDhkBE1XLJP7j2X8TZLIlb0AIt+s40 zdpqAY/+YmGYJkQF3bde3fXSNVFbO9k62kF4N6mCZaue/Boze0TbGcpjYWOxRlcOP87s aqHanB7axSROhACnK8fMqd1+Xm0GYQB/SoPrZKEF9X0AAYDtKTGASFwMrzlmIxLDl4ku 7XR/osA/IH4nE7GySDsRXLa6ixKOoUjO28UH/LgckC19U8AXCCkw2ce0sEUXqhwg9Gi2 24qw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:content-transfer-encoding :mime-version:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=MW7GFDppTaa4shPmyFzR8JHCQGmM/eby59Lo7pOvM6w=; b=mwhZjW3bV4EOyHk8T1fKzzluMU+XbAzjJ8yDKZaDwiCyit3eXg7tcl0uaBHWRB3zEe lOQnapg4A39iXuqcPCNdF0nDSUG3b4zP/Cc+nepKemOBHQrz0SRmgAD/AZkfVK2DaDOP CynlXLLTJeUkXjVu48ewm4DQzoIMP1cUZlx2JCgg+p7ThLKswfE2CXUfHya3wtAboNzK ju5NnEh4Bf0NiU3baF+WGzhPSpLHZJrEtJ4ConE1Cs3VOd/rBW22QEm8U5oC8mgdZm0K 1Ci5KYvfD0VHo1qNAj6pHK7w5rLJ19mi5h0KBbp5xrDaoW8bRF7IRiEU90jz0J7wwxNx CCOw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=DzNxqxpy; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from phobos.denx.de (phobos.denx.de. [2a01:238:438b:c500:173d:9f52:ddab:ee01]) by mx.google.com with ESMTPS id jh2-20020a170903328200b001a2513b8e14si8089894plb.84.2023.06.06.22.44.01 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 06 Jun 2023 22:44:02 -0700 (PDT) Received-SPF: pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) client-ip=2a01:238:438b:c500:173d:9f52:ddab:ee01; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=DzNxqxpy; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 1925686043; Wed, 7 Jun 2023 07:43:00 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="DzNxqxpy"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id 82EF58603A; Wed, 7 Jun 2023 07:42:59 +0200 (CEST) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.2 Received: from mail-ot1-x336.google.com (mail-ot1-x336.google.com [IPv6:2607:f8b0:4864:20::336]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id 2799385FD2 for ; Wed, 7 Jun 2023 07:42:56 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=masahisa.kojima@linaro.org Received: by mail-ot1-x336.google.com with SMTP id 46e09a7af769-6b29a03ec42so1246657a34.1 for ; Tue, 06 Jun 2023 22:42:56 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1686116574; x=1688708574; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=MW7GFDppTaa4shPmyFzR8JHCQGmM/eby59Lo7pOvM6w=; b=DzNxqxpyBKBQJUCxxUN3dQ9wtnXg9tSMfV1uWb4meHaHvDXVgW8IGmp5LKChsPeqUg 8BADF6G2LPK9CSpJm8hlZ96yz3EbD9PZrh/gXdnmBbbFzs8rMakDcb4petUfx2+S4k3r S8sBzyfQKxA0fuhBLKPs3w7C7ZAzJQJap4MaBaFgU4YXNOaSPYerzV8+kyZGPzz6Tt30 sxGu9BP13p11d922wuJwsw0OTUolLKOCN7e9tFIID0xzLvjQlcagwX3Hc822TWc5YH2q NyQVQUcoIK3NwwWYljPuXFBSUVWxb23nqwexkBVgTyGo8YOeQ74xjxK6yevKx1fGufnM cDOg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1686116574; x=1688708574; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=MW7GFDppTaa4shPmyFzR8JHCQGmM/eby59Lo7pOvM6w=; b=iKxDpMfOnqXJNLLiZweUpf7+00RxR4YXAFd8qIFg+ACOKP+K5e9/NHqtdB457q4B5J UXmcYj5q2M63dbSyWgnb+wIYQqSqzpQjpZxHDlLUawqRjhfQXiSU+L/YBbUxJHGl6dSp ddbfkQyzKhgLJM1PlVAHfivfZrfy0PmGVy0ktfq3J5BbHmRAS9HnF0PxPlJB5wbXJVTL SfLOayViUisgK0gP9ZDjFaFXgTuMJYFdOyoGw821of4gCZ+NqAaDeUZEHdzK6fXYfhzj PrG0ggq2OYXF/a5aRFRh/TyoygF83FQLUFAjyJpkSlLzaKrzsT0kK3awtARB6FKozgdO QBVg== X-Gm-Message-State: AC+VfDzTbVe7GAYBmk5mQWXkKqPuL02uo1KGPAURl5OaaL2jrfXqEPTg HRLSLxMCtBjShvRCzn+ZTPIErHIKL7KDoCFr4bQ= X-Received: by 2002:a05:6358:e95:b0:129:cb51:7efe with SMTP id 21-20020a0563580e9500b00129cb517efemr2403630rwg.14.1686116574400; Tue, 06 Jun 2023 22:42:54 -0700 (PDT) Received: from ubuntu-SVE15129CJS.. ([240d:1a:cf7:5800:d3c2:bf07:d08b:b72d]) by smtp.gmail.com with ESMTPSA id fh2-20020a17090b034200b0024df2b712a7sm469033pjb.52.2023.06.06.22.42.52 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 06 Jun 2023 22:42:53 -0700 (PDT) From: Masahisa Kojima To: u-boot@lists.denx.de Cc: Heinrich Schuchardt , Ilias Apalodimas , Simon Glass , Takahiro Akashi , malte.schmidt-oss@weidmueller.com, Masahisa Kojima , Etienne Carriere , Sughosh Ganu Subject: [PATCH v9 06/10] mkeficapsule: add FMP Payload Header Date: Wed, 7 Jun 2023 14:41:56 +0900 Message-Id: <20230607054201.42702-7-masahisa.kojima@linaro.org> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20230607054201.42702-1-masahisa.kojima@linaro.org> References: <20230607054201.42702-1-masahisa.kojima@linaro.org> MIME-Version: 1.0 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.39 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.8 at phobos.denx.de X-Virus-Status: Clean Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima Acked-by: Ilias Apalodimas --- No update since v5 Changes in v5: - remove --lsv since we use the lowest_supported_version in the dtb Changes in v3: - remove '-f' option - move some definitions into tools/eficapsule.h - add dependency check of fw_version and lowest_supported_version - remove unexpected modification of existing fprintf() call - add documentation Newly created in v2 doc/mkeficapsule.1 | 10 ++++++++++ tools/eficapsule.h | 30 ++++++++++++++++++++++++++++++ tools/mkeficapsule.c | 37 +++++++++++++++++++++++++++++++++---- 3 files changed, 73 insertions(+), 4 deletions(-) diff --git a/doc/mkeficapsule.1 b/doc/mkeficapsule.1 index 1ca245a10f..c4c2057d5c 100644 --- a/doc/mkeficapsule.1 +++ b/doc/mkeficapsule.1 @@ -61,6 +61,16 @@ Specify an image index .BI "-I\fR,\fB --instance " instance Specify a hardware instance +.PP +FMP Payload Header is inserted right before the payload if +.BR --fw-version +is specified + + +.TP +.BI "-v\fR,\fB --fw-version " firmware-version +Specify a firmware version, 0 if omitted + .PP For generation of firmware accept empty capsule .BR --guid diff --git a/tools/eficapsule.h b/tools/eficapsule.h index 072a4b5598..753fb73313 100644 --- a/tools/eficapsule.h +++ b/tools/eficapsule.h @@ -113,4 +113,34 @@ struct efi_firmware_image_authentication { struct win_certificate_uefi_guid auth_info; } __packed; +/* fmp payload header */ +#define SIGNATURE_16(A, B) ((A) | ((B) << 8)) +#define SIGNATURE_32(A, B, C, D) \ + (SIGNATURE_16(A, B) | (SIGNATURE_16(C, D) << 16)) + +#define FMP_PAYLOAD_HDR_SIGNATURE SIGNATURE_32('M', 'S', 'S', '1') + +/** + * struct fmp_payload_header - EDK2 header for the FMP payload + * + * This structure describes the header which is preprended to the + * FMP payload by the edk2 capsule generation scripts. + * + * @signature: Header signature used to identify the header + * @header_size: Size of the structure + * @fw_version: Firmware versions used + * @lowest_supported_version: Lowest supported version (not used) + */ +struct fmp_payload_header { + uint32_t signature; + uint32_t header_size; + uint32_t fw_version; + uint32_t lowest_supported_version; +}; + +struct fmp_payload_header_params { + bool have_header; + uint32_t fw_version; +}; + #endif /* _EFI_CAPSULE_H */ diff --git a/tools/mkeficapsule.c b/tools/mkeficapsule.c index b71537beee..52be1f122e 100644 --- a/tools/mkeficapsule.c +++ b/tools/mkeficapsule.c @@ -41,6 +41,7 @@ static struct option options[] = { {"guid", required_argument, NULL, 'g'}, {"index", required_argument, NULL, 'i'}, {"instance", required_argument, NULL, 'I'}, + {"fw-version", required_argument, NULL, 'v'}, {"private-key", required_argument, NULL, 'p'}, {"certificate", required_argument, NULL, 'c'}, {"monotonic-count", required_argument, NULL, 'm'}, @@ -60,6 +61,7 @@ static void print_usage(void) "\t-g, --guid guid for image blob type\n" "\t-i, --index update image index\n" "\t-I, --instance update hardware instance\n" + "\t-v, --fw-version firmware version\n" "\t-p, --private-key private key file\n" "\t-c, --certificate signer's certificate file\n" "\t-m, --monotonic-count monotonic count\n" @@ -402,6 +404,7 @@ static void free_sig_data(struct auth_context *ctx) */ static int create_fwbin(char *path, char *bin, efi_guid_t *guid, unsigned long index, unsigned long instance, + struct fmp_payload_header_params *fmp_ph_params, uint64_t mcount, char *privkey_file, char *cert_file, uint16_t oemflags) { @@ -410,10 +413,11 @@ static int create_fwbin(char *path, char *bin, efi_guid_t *guid, struct efi_firmware_management_capsule_image_header image; struct auth_context auth_context; FILE *f; - uint8_t *data; + uint8_t *data, *new_data, *buf; off_t bin_size; uint64_t offset; int ret; + struct fmp_payload_header payload_header; #ifdef DEBUG fprintf(stderr, "For output: %s\n", path); @@ -423,6 +427,7 @@ static int create_fwbin(char *path, char *bin, efi_guid_t *guid, auth_context.sig_size = 0; f = NULL; data = NULL; + new_data = NULL; ret = -1; /* @@ -431,12 +436,30 @@ static int create_fwbin(char *path, char *bin, efi_guid_t *guid, if (read_bin_file(bin, &data, &bin_size)) goto err; + buf = data; + + /* insert fmp payload header right before the payload */ + if (fmp_ph_params->have_header) { + new_data = malloc(bin_size + sizeof(payload_header)); + if (!new_data) + goto err; + + payload_header.signature = FMP_PAYLOAD_HDR_SIGNATURE; + payload_header.header_size = sizeof(payload_header); + payload_header.fw_version = fmp_ph_params->fw_version; + payload_header.lowest_supported_version = 0; /* not used */ + memcpy(new_data, &payload_header, sizeof(payload_header)); + memcpy(new_data + sizeof(payload_header), data, bin_size); + buf = new_data; + bin_size += sizeof(payload_header); + } + /* first, calculate signature to determine its size */ if (privkey_file && cert_file) { auth_context.key_file = privkey_file; auth_context.cert_file = cert_file; auth_context.auth.monotonic_count = mcount; - auth_context.image_data = data; + auth_context.image_data = buf; auth_context.image_size = bin_size; if (create_auth_data(&auth_context)) { @@ -536,7 +559,7 @@ static int create_fwbin(char *path, char *bin, efi_guid_t *guid, /* * firmware binary */ - if (write_capsule_file(f, data, bin_size, "Firmware binary")) + if (write_capsule_file(f, buf, bin_size, "Firmware binary")) goto err; ret = 0; @@ -545,6 +568,7 @@ err: fclose(f); free_sig_data(&auth_context); free(data); + free(new_data); return ret; } @@ -644,6 +668,7 @@ int main(int argc, char **argv) unsigned long oemflags; char *privkey_file, *cert_file; int c, idx; + struct fmp_payload_header_params fmp_ph_params = { 0 }; guid = NULL; index = 0; @@ -679,6 +704,10 @@ int main(int argc, char **argv) case 'I': instance = strtoul(optarg, NULL, 0); break; + case 'v': + fmp_ph_params.fw_version = strtoul(optarg, NULL, 0); + fmp_ph_params.have_header = true; + break; case 'p': if (privkey_file) { fprintf(stderr, @@ -751,7 +780,7 @@ int main(int argc, char **argv) exit(EXIT_FAILURE); } } else if (create_fwbin(argv[argc - 1], argv[argc - 2], guid, - index, instance, mcount, privkey_file, + index, instance, &fmp_ph_params, mcount, privkey_file, cert_file, (uint16_t)oemflags) < 0) { fprintf(stderr, "Creating firmware capsule failed\n"); exit(EXIT_FAILURE); From patchwork Wed Jun 7 05:41:57 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Masahisa Kojima X-Patchwork-Id: 690172 Delivered-To: patch@linaro.org Received: by 2002:a5d:4d8a:0:0:0:0:0 with SMTP id b10csp139980wru; Tue, 6 Jun 2023 22:44:15 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ7nmo6QYFoCW5p4vLZRGHtGoQowuBc+0ncQi6FCJ0uVxleZcVf72GBCB1EWhQ+PpdSoyLYF X-Received: by 2002:a17:902:7b8c:b0:1a1:f5dd:2dce with SMTP id w12-20020a1709027b8c00b001a1f5dd2dcemr4336033pll.6.1686116655178; Tue, 06 Jun 2023 22:44:15 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1686116655; cv=none; d=google.com; s=arc-20160816; b=r3DNORXz5kzcD3+xdRoU7eNO0v6MwXFfmuJKJ3A7hhf7xhHGwmb3Bqct1FQUjAJUwH GDIQRavzrMea/ZsLVxuN7/9rjk6t6X3IgSh7QuVuSqRIYmOB8dIHfO3rBg7KiAv9Mj/V qYCK7VbBcT5yNRMwczSk1mRjNPMbZvLYUce6mwHHP9m93d6t12U1I0l2fwwwJFyrLCpd xLDVnPJtYZw8IYskkAYvXbjfTYNhaOtYR8izPvnot+MZZkIH8H1QnHysVlDH/t2vtRb5 ZEFnPVNr0/YhwWpwMaMMztYq9TtSzjNZo3UwFOVNlhKZQPh8YZzgBVYwztVJhvBGyUi4 Imww== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:content-transfer-encoding :mime-version:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=DKnt3wjagfXjw4oYKhw2ai69OJDQPbCIAY/vH4tA8j0=; b=UREbMPg2DjFFzK3J7kd3OTbdudgCKfeJ0wxn2osH3XVigN2sYlW1+RRuCrYxPnTcx5 EcLx5Gdju3fs7hiT2kJ4rfM1Pu0W5jYYRZ6GRSttfXk23cAd2b98u6MsIFGzmYo6AIyt ryytT1gX9QjR0ssKuMmLIOidi9zSFVpDXG7X2AWW9QgqmrW2/oqDO1eM0Ak8xtZSzFOe mgLBqPylQbG7ppJwbvgz0vDqA3uNEd2EPJzJWikWjBgDAtmqKo4BXcyPVJiFuxJb3ciE thu6gIrm2QkfjaRR9JJvK5CCZD2lVzpBgP4O+Buq4g6Uw4BS7XT4SQSH+wFbz9G5xt7i rUcg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=vFE+jHpY; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 85.214.62.61 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from phobos.denx.de (phobos.denx.de. [85.214.62.61]) by mx.google.com with ESMTPS id bc8-20020a170902930800b001ae8c22791asi8018041plb.477.2023.06.06.22.44.13 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 06 Jun 2023 22:44:15 -0700 (PDT) Received-SPF: pass (google.com: domain of u-boot-bounces@lists.denx.de designates 85.214.62.61 as permitted sender) client-ip=85.214.62.61; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=vFE+jHpY; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 85.214.62.61 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 2041686081; Wed, 7 Jun 2023 07:43:05 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="vFE+jHpY"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id 4F7BF86073; Wed, 7 Jun 2023 07:43:02 +0200 (CEST) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.2 Received: from mail-pj1-x1033.google.com (mail-pj1-x1033.google.com [IPv6:2607:f8b0:4864:20::1033]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id 155B186014 for ; Wed, 7 Jun 2023 07:42:59 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=masahisa.kojima@linaro.org Received: by mail-pj1-x1033.google.com with SMTP id 98e67ed59e1d1-256712e2be3so5987357a91.2 for ; Tue, 06 Jun 2023 22:42:59 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1686116577; x=1688708577; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=DKnt3wjagfXjw4oYKhw2ai69OJDQPbCIAY/vH4tA8j0=; b=vFE+jHpYax/6p6Gr4xRQZgJo5bd8dKwVMWoi+Qge7XZIUlpXtZ5oQVVIOjYCEDOMmx 2SDQwRnAvO1lE10+bUzM4V/P686lTz9xjjDuwen4H92EBY6tBMMAHSz8zUNwth6an/qS 0gC4zd39xJxT1EUZNFj+3afWyLBH3Ywe6TRfc9hU4pbSbVIixD7wp/klIOK4W8vWY2BP 2Av5WF+jhHZmfE/VrHGBRNjNCAGUh+U+1bFNxCQeypE0itgHphjDOawugL22H+V3aQXx p1+5DCY0WGfDzEEnhxNsr9zlBVGbwGE4oWIJ9AhdLw8jda6mYWcZ7A1FCTWK19H7eprS sMdA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1686116577; x=1688708577; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=DKnt3wjagfXjw4oYKhw2ai69OJDQPbCIAY/vH4tA8j0=; b=eWrBAFTT44idGh4NpyKLqPibXy8KWf38EbEFDlSW5tUcq/fUuGJyBy5HUO5YGWlCVA qD+k3ccE6gjeffyuv65r6HexboBu5l0IITEbXjbQFZWONjvmraMpWPpdWPPpS7xDlZTc g2DZX7M29N4/W3H/SB1GNEevAUIYvZRx/0XS8f73gIY6SbMKfnVugZyv/dtPYXkvkZK9 I199TTvtzCg8PQTJ+w0gFmRF0X8fCDlJ8SC9D6fBkyYaeWpae2lqKVq+wfoEkjF28LCM LtNvo8Np7R7qa9mRVmsYEjb95M0gW5IbeUgcIBkvg8v7DdozVVLG3QMZMoUrutYeCcHW YzRg== X-Gm-Message-State: AC+VfDzXPEs0YP7QWJMYgHPer1/RXX6GUyZ6LQN4VMBF588jMKHtMxn6 mz/L4LfGwuTa8XUs12LBS6cCjI1p7lxFPOY1LWU= X-Received: by 2002:a17:90a:fd8c:b0:256:d4a:ea4c with SMTP id cx12-20020a17090afd8c00b002560d4aea4cmr3877298pjb.30.1686116577257; Tue, 06 Jun 2023 22:42:57 -0700 (PDT) Received: from ubuntu-SVE15129CJS.. ([240d:1a:cf7:5800:d3c2:bf07:d08b:b72d]) by smtp.gmail.com with ESMTPSA id fh2-20020a17090b034200b0024df2b712a7sm469033pjb.52.2023.06.06.22.42.55 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 06 Jun 2023 22:42:56 -0700 (PDT) From: Masahisa Kojima To: u-boot@lists.denx.de Cc: Heinrich Schuchardt , Ilias Apalodimas , Simon Glass , Takahiro Akashi , malte.schmidt-oss@weidmueller.com, Masahisa Kojima Subject: [PATCH v9 07/10] doc: uefi: add firmware versioning documentation Date: Wed, 7 Jun 2023 14:41:57 +0900 Message-Id: <20230607054201.42702-8-masahisa.kojima@linaro.org> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20230607054201.42702-1-masahisa.kojima@linaro.org> References: <20230607054201.42702-1-masahisa.kojima@linaro.org> MIME-Version: 1.0 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.39 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.8 at phobos.denx.de X-Virus-Status: Clean This commit describes the procedure to add the firmware version into the capsule file. Signed-off-by: Masahisa Kojima --- No update since v7 Changes in v7: - move documentation into "Creating a capsule file" - cleary describe the --fw-version option Newly created in v6 doc/develop/uefi/uefi.rst | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) diff --git a/doc/develop/uefi/uefi.rst b/doc/develop/uefi/uefi.rst index ffe25ca231..30b90a09d5 100644 --- a/doc/develop/uefi/uefi.rst +++ b/doc/develop/uefi/uefi.rst @@ -318,6 +318,33 @@ Run the following command --guid \ +The UEFI specification does not define the firmware versioning mechanism. +EDK II reference implementation inserts the FMP Payload Header right before +the payload. It coutains the fw_version and lowest supported version, +EDK II reference implementation uses these information to implement the +firmware versioning and anti-rollback protection, the firmware version and +lowest supported version is stored into EFI non-volatile variable. + +In U-Boot, the firmware versioning is implemented utilizing +the FMP Payload Header same as EDK II reference implementation, +reads the FMP Payload Header and stores the firmware version into +"FmpStateXXXX" EFI non-volatile variable. XXXX indicates the image index, +since FMP protocol handles multiple image indexes. + +To add the fw_version into the FMP Payload Header, +add --fw-version option in mkeficapsule tool. + +.. code-block:: console + + $ mkeficapsule \ + --index --instance 0 \ + --guid \ + --fw-version 5 \ + + +If the --fw-version option is not set, FMP Payload Header is not inserted +and fw_version is set as 0. + Performing the update ********************* From patchwork Wed Jun 7 05:41:58 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Masahisa Kojima X-Patchwork-Id: 690173 Delivered-To: patch@linaro.org Received: by 2002:a5d:4d8a:0:0:0:0:0 with SMTP id b10csp140037wru; Tue, 6 Jun 2023 22:44:27 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ4DUyT2hTGWLIVrR5zsQ5HGCGULk/aX5KDpL/5Mv46jAh9tzWNtrJjyVlbBzrkNJLj85jdK X-Received: by 2002:a17:903:41c6:b0:1b1:ac87:b47a with SMTP id u6-20020a17090341c600b001b1ac87b47amr5000597ple.65.1686116667266; Tue, 06 Jun 2023 22:44:27 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1686116667; cv=none; d=google.com; s=arc-20160816; b=qzjyj0tAx/roPItkXj7wHNmVhDj0td9RAtbX+kFx6BLV6ZBV1lmquFC4My2hXWrBM1 mTh49RlcmqYVbOWSQBkCkyzO7jIVKZ2O46If7j2DOgdiJrauXbsGRTK1JhnQskCZMBiT BJXeq3BI/fM5GT0fhtqh0rp6mI1RkVbIey88KIp2Wy8XLOfR0PaIfGih5gmc9l3Zkh+E T67j2cqttxe2y+M3XKwQz343I2rvRXjWp9a1JyswpCbE19GjNCykbgeqbj8ZpqHkipN1 argHR1MKZ+0rbRjoIELtk//cJJgaLD8smPcR2nU2wvwQNYIhBmOtnvzRvM77+H7CxOIV 8mjw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:content-transfer-encoding :mime-version:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=RVyANGbj1qT5Yo4Hx3gumcq/3C2zNijDWqGxalF/0HA=; b=GekJf54cNwveUDLIyaTdKWFSJvGR2cdNqkCjKKGaaq+WkEB+f3Y1TAK98JOf+yo9Or uEvCyiQJsVhh18yNbzUTnKJhWwsaSUucbcVbaBCfGfg65DwQYJB84i5+oNVkkHEb9XZA emEjK8vuKtuEehU67IjAaPQolT2ZoDWJGY96e1E0NgLc2T63k2ows63mO3SwgZTMSzCA O+yg5ogoJqJ9UcSHpftMZaziGcXxmhRE3UwxxCBVQpkeThcJp61bFBbHVNqnm3fcXVV+ A1YZfrNS+405dSw4p7TYvSZ3LWEecSbU98PY92rxBZqXN/Efm/VfVMuv7N+7bYflx9S6 x1Sw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=luvx5eyC; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 85.214.62.61 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from phobos.denx.de (phobos.denx.de. [85.214.62.61]) by mx.google.com with ESMTPS id e8-20020a17090301c800b001aafc6a76e1si8557586plh.69.2023.06.06.22.44.26 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 06 Jun 2023 22:44:27 -0700 (PDT) Received-SPF: pass (google.com: domain of u-boot-bounces@lists.denx.de designates 85.214.62.61 as permitted sender) client-ip=85.214.62.61; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=luvx5eyC; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 85.214.62.61 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 9422A8609B; Wed, 7 Jun 2023 07:43:07 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="luvx5eyC"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id CB4D786071; Wed, 7 Jun 2023 07:43:05 +0200 (CEST) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.2 Received: from mail-yb1-xb35.google.com (mail-yb1-xb35.google.com [IPv6:2607:f8b0:4864:20::b35]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id ADC9D85FB2 for ; Wed, 7 Jun 2023 07:43:01 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=masahisa.kojima@linaro.org Received: by mail-yb1-xb35.google.com with SMTP id 3f1490d57ef6-ba81deea9c2so7445556276.2 for ; Tue, 06 Jun 2023 22:43:01 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1686116580; x=1688708580; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=RVyANGbj1qT5Yo4Hx3gumcq/3C2zNijDWqGxalF/0HA=; b=luvx5eyC4T8E2V6v7PRXruhpfenyfisLoQmD9LJY/jWX7lg6nxqCDT7V2peGUZ75zl inuEqxFswnbCD8diR6TeHUEWlrfql08SGHF5AlsM7qa7nFJbaDdbD62X6rNQJBn/k6Jc R64wM1LUaxzbbCJKp1Ji+wyehXQ8aHe6eNoHh4sYDANLtRHOJ80OBXSy/S/lt8TABV0c 1xmm1wyNPrWK4XTd7ECIOAJ917U3e0bvwrnl7ALQcP3xzJZsRkwikQc8nWDylzQDdl/q 9+wu/a2VIRkSQBb8udj1vj5HBJW+3Vgrk9gx7SiMYs7ufd6oTv/67NlWPu3er4yHZICJ AoKw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1686116580; x=1688708580; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=RVyANGbj1qT5Yo4Hx3gumcq/3C2zNijDWqGxalF/0HA=; b=a8zZV2+MErEkxQZWp/2+jinnLPa5BG7Hscpd+SCuRuTKOIjVlBMBqKbauDYrevGzZY cwhC3f0StHXBAOmWl17ARpJMve+X5KzKMbFCcXLWFc4oG4VH5wX+mut4agSA4L+Q9H1K CULVVwlpBJhg9wbumKKJ3INBxhaEepi7qQqWW93qYAPReH0LPXUukz2IE28lc//unsBw ITGpFqiEEY7D5J6xuEqNlnft+H92C50Y8z87ILhP5YQClCOrmEHc+bPqTUoILh8TPCKC q2ahwe4Kf9kp4nn/fspjhtpzkg/CeHVlQig7D9AIqNQArR1QMDISpicoMwN0WsZ0uKAH 0xAA== X-Gm-Message-State: AC+VfDw/OPfBxgfa4RzZgYOxDwtPI383wpZ3JxX44UAlvyYaoz159szR AmcFSatbxEB8UiW7KOyjhavpTK6BW6NzBRmowkU= X-Received: by 2002:a0d:df90:0:b0:55a:26cf:33e with SMTP id i138-20020a0ddf90000000b0055a26cf033emr4670786ywe.42.1686116580001; Tue, 06 Jun 2023 22:43:00 -0700 (PDT) Received: from ubuntu-SVE15129CJS.. ([240d:1a:cf7:5800:d3c2:bf07:d08b:b72d]) by smtp.gmail.com with ESMTPSA id fh2-20020a17090b034200b0024df2b712a7sm469033pjb.52.2023.06.06.22.42.58 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 06 Jun 2023 22:42:59 -0700 (PDT) From: Masahisa Kojima To: u-boot@lists.denx.de Cc: Heinrich Schuchardt , Ilias Apalodimas , Simon Glass , Takahiro Akashi , malte.schmidt-oss@weidmueller.com, Masahisa Kojima Subject: [PATCH v9 08/10] doc: uefi: add anti-rollback documentation Date: Wed, 7 Jun 2023 14:41:58 +0900 Message-Id: <20230607054201.42702-9-masahisa.kojima@linaro.org> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20230607054201.42702-1-masahisa.kojima@linaro.org> References: <20230607054201.42702-1-masahisa.kojima@linaro.org> MIME-Version: 1.0 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.39 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.8 at phobos.denx.de X-Virus-Status: Clean This commit describe the procedure to configure lowest supported version in the device tree for anti-rollback protection. Signed-off-by: Masahisa Kojima --- No update since v7 Changes in v7: - describe the usage Newly created in v6 doc/develop/uefi/uefi.rst | 39 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 39 insertions(+) diff --git a/doc/develop/uefi/uefi.rst b/doc/develop/uefi/uefi.rst index 30b90a09d5..ffd13cebe9 100644 --- a/doc/develop/uefi/uefi.rst +++ b/doc/develop/uefi/uefi.rst @@ -537,6 +537,45 @@ where signature.dts looks like:: }; }; +Anti-rollback Protection +************************ + +Anti-rollback prevents unintentional installation of outdated firmware. +To enable anti-rollback, you must add the lowest-supported-version property +to dtb and specify --fw-version when creating a capsule file with the +mkeficapsule tool. +When executing capsule update, U-Boot checks if fw_version is greater than +or equal to lowest-supported-version. If fw_version is less than +lowest-supported-version, the update will fail. +For example, if lowest-supported-version is set to 7 and you run capsule +update using a capsule file with --fw-version of 5, the update will fail. +When the --fw-version in the capsule file is updated, lowest-supported-version +in the dtb might be updated accordingly. + +To insert the lowest supported version into a dtb + +.. code-block:: console + + $ dtc -@ -I dts -O dtb -o version.dtbo version.dts + $ fdtoverlay -i orig.dtb -o new.dtb -v version.dtbo + +where version.dts looks like:: + + /dts-v1/; + /plugin/; + &{/} { + firmware-version { + image1 { + image-type-id = "09D7CF52-0720-4710-91D1-08469B7FE9C8"; + image-index = <1>; + lowest-supported-version = <3>; + }; + }; + }; + +The properties of image-type-id and image-index must match the value +defined in the efi_fw_image array as image_type_id and image_index. + Executing the boot manager ~~~~~~~~~~~~~~~~~~~~~~~~~~ From patchwork Wed Jun 7 05:41:59 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Masahisa Kojima X-Patchwork-Id: 690174 Delivered-To: patch@linaro.org Received: by 2002:a5d:4d8a:0:0:0:0:0 with SMTP id b10csp140099wru; Tue, 6 Jun 2023 22:44:40 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ4J6uFrGdepdyqPIShS7EJHzSdd1hGidbwcU+N5w7l+E26UbRrOZDkU+tmkVrZC1cUF28EP X-Received: by 2002:aca:2b05:0:b0:397:f2bb:b26e with SMTP id i5-20020aca2b05000000b00397f2bbb26emr4320006oik.34.1686116680354; Tue, 06 Jun 2023 22:44:40 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1686116680; cv=none; d=google.com; s=arc-20160816; b=HXUb2joqGPsnAj4LZLCD5SSBDOkYAE7sn63cdSB9XvuaSij8MHMUWuhJNH2jGW/HRd I7o9lLkyY95ZaIMKztJbTiCArqQaBW9e0ORAFWoaNg6j4n2YOb7GRqL05MX84p+FdoeZ 2+06VFg1g2ijYJ1VRBNQhO2Ob08INLLqdwRgCkmRsYR6G5QKY2NCElOROGTFY+LNalcY 49DWuenkrBAypcGxyuHi5WpGcMLGKgaWB/I4PvKqhbkjznffXXCrRQdcr2SQi4WQwckn 43MpkYcS6desqzE09om5ITaPdBx4X8PApyS0TqKcXh8yruNt6JNd6HN7J9FxlkAofxOm RwGg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:content-transfer-encoding :mime-version:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=9UwTHuYg/3GeCaLMwamLq0atRZAcqQ/nVe+5NOHobD0=; b=G4L5+yK8vlS3s7KpmBG+jY8hLXU1dKgOFWnmwRVO1cPH7D5w89pzNG7ZceIeygn23p vmdiJOde/orM2nmcIdhbPrD5uWDU3UUigjrV7vukgs0Ynpaetr/OkR9lUa/9Ud9hC24A NB9KFSHoMMuuROPWNIRsS3eLWcF5TbdgKAbivyLr/Q7nMWUEj7eAhMSgM3Lfp0wng3Bb vqkRugjOHLiIX0YQoctjiI0v0Wgh0FRZli3wBS7n1L9B873eZzXhmQQtrgIUDqJc4Ix3 zj2DTSdNGTp/CUvpi6VfEvzueTV2UhnvRGxzDt4ISbo0Ei5qRtrk+cKvI5BBWnU45/y2 7VRw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=skZ+1DKQ; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 85.214.62.61 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from phobos.denx.de (phobos.denx.de. [85.214.62.61]) by mx.google.com with ESMTPS id u10-20020a17090341ca00b001ac62935789si8488424ple.468.2023.06.06.22.44.38 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 06 Jun 2023 22:44:40 -0700 (PDT) Received-SPF: pass (google.com: domain of u-boot-bounces@lists.denx.de designates 85.214.62.61 as permitted sender) client-ip=85.214.62.61; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=skZ+1DKQ; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 85.214.62.61 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id D27278603C; Wed, 7 Jun 2023 07:43:13 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="skZ+1DKQ"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id 96E7486053; Wed, 7 Jun 2023 07:43:12 +0200 (CEST) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.2 Received: from mail-pg1-x533.google.com (mail-pg1-x533.google.com [IPv6:2607:f8b0:4864:20::533]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id E459E86014 for ; Wed, 7 Jun 2023 07:43:05 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=masahisa.kojima@linaro.org Received: by mail-pg1-x533.google.com with SMTP id 41be03b00d2f7-543b17343baso1664888a12.0 for ; Tue, 06 Jun 2023 22:43:05 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1686116584; x=1688708584; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=9UwTHuYg/3GeCaLMwamLq0atRZAcqQ/nVe+5NOHobD0=; b=skZ+1DKQwkwlttqoEBojpPmJAbAYQrzJzGxtJIkLcfuSV5cgoY0J08CSVzC+t3M1rv ZpoPKljCCNWTl33m+Qg6p4mb1gG680kzO5Z2Aa3GAyAwuBfTzKHxLU/Zu8TBmVm2pRag f9US2ojRAxj2qnrYnY6aOGR75314HMsOQJjLk8ursifMFiqYKkfrkXe/Dal74YHm5IGO 9B6LB8r9rssTAo4SGg4kJ5XWKADvHA8yzqqKn/+lLHwRmwWyNYl9G96ahgZuo87sbVs2 Tiu0hZIxv5Q4K8gaL15kO17TB+ZRx0cVPLe7uA+EYVVIAJau7fD6pe9A64WVLdFW/CFk woog== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1686116584; x=1688708584; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=9UwTHuYg/3GeCaLMwamLq0atRZAcqQ/nVe+5NOHobD0=; b=Rdfp3x7/bUVwbAdlpDx2qDwx+yjLy/0iuRTJPtZWXt+MERMphdfe7k5Mw9Mvbp89kv NWcWtFElC0LhcpZFB6L4EGZVACbZqT4iKSvKarzNn4gqBOaK/QFTlfxwcKynI0QlDfGB 5ehZ1PJq8HFR7qjil1l/MMGm4m68VqXnnrzMgIyY2XEy3IIB8S3sWWZi3EqJVVnxM5iX atTlgT7vMpUb5RvxWpQnMNzQQGEr2xpcKYazwfAhLWAosqoG/BLJ1WRfdGxAyF+WVwfc h2WF2qfRYuQwCPmcofzFqa0B27DHKSjPjLimkEh6xb2MNvISGGik9BggR56KXDeVeczc qvpQ== X-Gm-Message-State: AC+VfDzSqfErZgeHZl46CAFZINOm11mqy852BXKCl9ASSVDeIitzPvuo /qZ8fw76ndheH+nz4kb/AnYJRIuu+iMWAaiSgds= X-Received: by 2002:a17:90b:183:b0:247:ab52:d5d8 with SMTP id t3-20020a17090b018300b00247ab52d5d8mr1582648pjs.26.1686116583238; Tue, 06 Jun 2023 22:43:03 -0700 (PDT) Received: from ubuntu-SVE15129CJS.. ([240d:1a:cf7:5800:d3c2:bf07:d08b:b72d]) by smtp.gmail.com with ESMTPSA id fh2-20020a17090b034200b0024df2b712a7sm469033pjb.52.2023.06.06.22.43.01 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 06 Jun 2023 22:43:02 -0700 (PDT) From: Masahisa Kojima To: u-boot@lists.denx.de Cc: Heinrich Schuchardt , Ilias Apalodimas , Simon Glass , Takahiro Akashi , malte.schmidt-oss@weidmueller.com, Masahisa Kojima Subject: [PATCH v9 09/10] test: efi_capsule: refactor efi_capsule test Date: Wed, 7 Jun 2023 14:41:59 +0900 Message-Id: <20230607054201.42702-10-masahisa.kojima@linaro.org> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20230607054201.42702-1-masahisa.kojima@linaro.org> References: <20230607054201.42702-1-masahisa.kojima@linaro.org> MIME-Version: 1.0 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.39 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.8 at phobos.denx.de X-Virus-Status: Clean Current efi capsule python tests have much code duplication. This commit creates the common function in test/py/tests/test_efi_capsule/capsule_common.py, aim to reduce the code size and improve maintainability. Reviewed-by: Simon Glass Signed-off-by: Masahisa Kojima Acked-by: Ilias Apalodimas --- Changes in v9: - fix pylint warnings Changes in v8: - add function comments .../tests/test_efi_capsule/capsule_common.py | 142 +++++++++++ .../test_capsule_firmware_fit.py | 152 +++--------- .../test_capsule_firmware_raw.py | 225 +++--------------- .../test_capsule_firmware_signed_fit.py | 199 +++------------- .../test_capsule_firmware_signed_raw.py | 211 +++------------- 5 files changed, 287 insertions(+), 642 deletions(-) create mode 100644 test/py/tests/test_efi_capsule/capsule_common.py diff --git a/test/py/tests/test_efi_capsule/capsule_common.py b/test/py/tests/test_efi_capsule/capsule_common.py new file mode 100644 index 0000000000..9eef6767a6 --- /dev/null +++ b/test/py/tests/test_efi_capsule/capsule_common.py @@ -0,0 +1,142 @@ +# SPDX-License-Identifier: GPL-2.0+ +# Copyright (c) 2023, Linaro Limited + + +"""Common function for UEFI capsule test.""" + +from capsule_defs import CAPSULE_DATA_DIR, CAPSULE_INSTALL_DIR + +def setup(u_boot_console, disk_img, osindications): + """setup the test + + Args: + u_boot_console -- A console connection to U-Boot. + disk_img -- A path to disk image to be used for testing. + osindications -- String of osindications value. + """ + u_boot_console.run_command_list([ + f'host bind 0 {disk_img}', + 'printenv -e PlatformLangCodes', # workaround for terminal size determination + 'efidebug boot add -b 1 TEST host 0:1 /helloworld.efi', + 'efidebug boot order 1', + 'env set dfu_alt_info "sf 0:0=u-boot-bin raw 0x100000 0x50000;' + 'u-boot-env raw 0x150000 0x200000"']) + + if osindications is None: + u_boot_console.run_command('env set -e OsIndications') + else: + u_boot_console.run_command(f'env set -e -nv -bs -rt OsIndications ={osindications}') + + u_boot_console.run_command('env save') + +def init_content(u_boot_console, target, filename, expected): + """initialize test content + + Args: + u_boot_console -- A console connection to U-Boot. + target -- Target address to place the content. + filename -- File name of the content. + expected -- Expected string of the content. + """ + output = u_boot_console.run_command_list([ + 'sf probe 0:0', + f'fatload host 0:1 4000000 {CAPSULE_DATA_DIR}/{filename}', + f'sf write 4000000 {target} 10', + 'sf read 5000000 100000 10', + 'md.b 5000000 10']) + assert expected in ''.join(output) + +def place_capsule_file(u_boot_console, filenames): + """place the capsule file + + Args: + u_boot_console -- A console connection to U-Boot. + filenames -- File name array of the target capsule files. + """ + for name in filenames: + u_boot_console.run_command_list([ + f'fatload host 0:1 4000000 {CAPSULE_DATA_DIR}/{name}', + f'fatwrite host 0:1 4000000 {CAPSULE_INSTALL_DIR}/{name} $filesize']) + + output = u_boot_console.run_command(f'fatls host 0:1 {CAPSULE_INSTALL_DIR}') + for name in filenames: + assert name in ''.join(output) + +def exec_manual_update(u_boot_console, disk_img, filenames, need_reboot = True): + """execute capsule update manually + + Args: + u_boot_console -- A console connection to U-Boot. + disk_img -- A path to disk image to be used for testing. + filenames -- File name array of the target capsule files. + need_reboot -- Flag indicates whether system reboot is required. + """ + # make sure that dfu_alt_info exists even persistent variables + # are not available. + output = u_boot_console.run_command_list([ + 'env set dfu_alt_info ' + '"sf 0:0=u-boot-bin raw 0x100000 0x50000;' + 'u-boot-env raw 0x150000 0x200000"', + f'host bind 0 {disk_img}', + f'fatls host 0:1 {CAPSULE_INSTALL_DIR}']) + for name in filenames: + assert name in ''.join(output) + + # need to run uefi command to initiate capsule handling + u_boot_console.run_command( + 'env print -e Capsule0000', wait_for_reboot = need_reboot) + +def check_file_removed(u_boot_console, disk_img, filenames): + """check files are removed + + Args: + u_boot_console -- A console connection to U-Boot. + disk_img -- A path to disk image to be used for testing. + filenames -- File name array of the target capsule files. + """ + output = u_boot_console.run_command_list([ + f'host bind 0 {disk_img}', + f'fatls host 0:1 {CAPSULE_INSTALL_DIR}']) + for name in filenames: + assert name not in ''.join(output) + +def check_file_exist(u_boot_console, disk_img, filenames): + """check files exist + + Args: + u_boot_console -- A console connection to U-Boot. + disk_img -- A path to disk image to be used for testing. + filenames -- File name array of the target capsule files. + """ + output = u_boot_console.run_command_list([ + f'host bind 0 {disk_img}', + f'fatls host 0:1 {CAPSULE_INSTALL_DIR}']) + for name in filenames: + assert name in ''.join(output) + +def verify_content(u_boot_console, target, expected): + """verify the content + + Args: + u_boot_console -- A console connection to U-Boot. + target -- Target address to verify. + expected -- Expected string of the content. + """ + output = u_boot_console.run_command_list([ + 'sf probe 0:0', + f'sf read 4000000 {target} 10', + 'md.b 4000000 10']) + assert expected in ''.join(output) + +def do_reboot_dtb_specified(u_boot_config, u_boot_console, dtb_filename): + """do reboot with specified DTB + + Args: + u_boot_config -- U-boot configuration. + u_boot_console -- A console connection to U-Boot. + dtb_filename -- DTB file name. + """ + mnt_point = u_boot_config.persistent_data_dir + '/test_efi_capsule' + u_boot_console.config.dtb = mnt_point + CAPSULE_DATA_DIR \ + + f'/{dtb_filename}' + u_boot_console.restart_uboot() diff --git a/test/py/tests/test_efi_capsule/test_capsule_firmware_fit.py b/test/py/tests/test_efi_capsule/test_capsule_firmware_fit.py index 9ee152818d..dd3dfdc047 100644 --- a/test/py/tests/test_efi_capsule/test_capsule_firmware_fit.py +++ b/test/py/tests/test_efi_capsule/test_capsule_firmware_fit.py @@ -7,8 +7,14 @@ This test verifies capsule-on-disk firmware update for FIT images """ import pytest -from capsule_defs import CAPSULE_DATA_DIR, CAPSULE_INSTALL_DIR - +from capsule_common import ( + setup, + init_content, + place_capsule_file, + exec_manual_update, + check_file_removed, + verify_content +) @pytest.mark.boardspec('sandbox_flattree') @pytest.mark.buildconfigspec('efi_capsule_firmware_fit') @@ -40,37 +46,12 @@ class TestEfiCapsuleFirmwareFit(): u_boot_console.restart_uboot() disk_img = efi_capsule_data + capsule_files = ['Test05'] with u_boot_console.log.section('Test Case 1-a, before reboot'): - output = u_boot_console.run_command_list([ - 'host bind 0 %s' % disk_img, - 'efidebug boot add -b 1 TEST host 0:1 /helloworld.efi -s ""', - 'efidebug boot order 1', - 'env set -e -nv -bs -rt OsIndications =0x0000000000000004', - 'env set dfu_alt_info "sf 0:0=u-boot-bin raw 0x100000 0x50000;u-boot-env raw 0x150000 0x200000"', - 'env save']) - - # initialize contents - output = u_boot_console.run_command_list([ - 'sf probe 0:0', - 'fatload host 0:1 4000000 %s/u-boot.bin.old' % CAPSULE_DATA_DIR, - 'sf write 4000000 100000 10', - 'sf read 5000000 100000 10', - 'md.b 5000000 10']) - assert 'Old' in ''.join(output) - output = u_boot_console.run_command_list([ - 'sf probe 0:0', - 'fatload host 0:1 4000000 %s/u-boot.env.old' % CAPSULE_DATA_DIR, - 'sf write 4000000 150000 10', - 'sf read 5000000 150000 10', - 'md.b 5000000 10']) - assert 'Old' in ''.join(output) - - # place a capsule file - output = u_boot_console.run_command_list([ - 'fatload host 0:1 4000000 %s/Test05' % CAPSULE_DATA_DIR, - 'fatwrite host 0:1 4000000 %s/Test05 $filesize' % CAPSULE_INSTALL_DIR, - 'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR]) - assert 'Test05' in ''.join(output) + setup(u_boot_console, disk_img, '0x0000000000000004') + init_content(u_boot_console, '100000', 'u-boot.bin.old', 'Old') + init_content(u_boot_console, '150000', 'u-boot.env.old', 'Old') + place_capsule_file(u_boot_console, capsule_files) capsule_early = u_boot_config.buildconfig.get( 'config_efi_capsule_on_disk_early') @@ -80,28 +61,13 @@ class TestEfiCapsuleFirmwareFit(): with u_boot_console.log.section('Test Case 1-b, after reboot'): if not capsule_early: - # make sure that dfu_alt_info exists even persistent variables - # are not available. - output = u_boot_console.run_command_list([ - 'env set dfu_alt_info "sf 0:0=u-boot-bin raw 0x100000 0x50000;u-boot-env raw 0x150000 0x200000"', - 'host bind 0 %s' % disk_img, - 'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR]) - assert 'Test05' in ''.join(output) - - # need to run uefi command to initiate capsule handling - output = u_boot_console.run_command( - 'env print -e Capsule0000', wait_for_reboot = True) - - output = u_boot_console.run_command_list([ - 'sf probe 0:0', - 'sf read 4000000 100000 10', - 'md.b 4000000 10']) - assert 'u-boot:Old' in ''.join(output) - - output = u_boot_console.run_command_list([ - 'sf read 4000000 150000 10', - 'md.b 4000000 10']) - assert 'u-boot-env:Old' in ''.join(output) + exec_manual_update(u_boot_console, disk_img, capsule_files) + + # deleted anyway + check_file_removed(u_boot_console, disk_img, capsule_files) + + verify_content(u_boot_console, '100000', 'u-boot:Old') + verify_content(u_boot_console, '150000', 'u-boot-env:Old') def test_efi_capsule_fw2( self, u_boot_config, u_boot_console, efi_capsule_data): @@ -112,38 +78,12 @@ class TestEfiCapsuleFirmwareFit(): """ disk_img = efi_capsule_data + capsule_files = ['Test04'] with u_boot_console.log.section('Test Case 2-a, before reboot'): - output = u_boot_console.run_command_list([ - 'host bind 0 %s' % disk_img, - 'printenv -e PlatformLangCodes', # workaround for terminal size determination - 'efidebug boot add -b 1 TEST host 0:1 /helloworld.efi -s ""', - 'efidebug boot order 1', - 'env set -e -nv -bs -rt OsIndications =0x0000000000000004', - 'env set dfu_alt_info "sf 0:0=u-boot-bin raw 0x100000 0x50000;u-boot-env raw 0x150000 0x200000"', - 'env save']) - - # initialize contents - output = u_boot_console.run_command_list([ - 'sf probe 0:0', - 'fatload host 0:1 4000000 %s/u-boot.bin.old' % CAPSULE_DATA_DIR, - 'sf write 4000000 100000 10', - 'sf read 5000000 100000 10', - 'md.b 5000000 10']) - assert 'Old' in ''.join(output) - output = u_boot_console.run_command_list([ - 'sf probe 0:0', - 'fatload host 0:1 4000000 %s/u-boot.env.old' % CAPSULE_DATA_DIR, - 'sf write 4000000 150000 10', - 'sf read 5000000 150000 10', - 'md.b 5000000 10']) - assert 'Old' in ''.join(output) - - # place a capsule file - output = u_boot_console.run_command_list([ - 'fatload host 0:1 4000000 %s/Test04' % CAPSULE_DATA_DIR, - 'fatwrite host 0:1 4000000 %s/Test04 $filesize' % CAPSULE_INSTALL_DIR, - 'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR]) - assert 'Test04' in ''.join(output) + setup(u_boot_console, disk_img, '0x0000000000000004') + init_content(u_boot_console, '100000', 'u-boot.bin.old', 'Old') + init_content(u_boot_console, '150000', 'u-boot.env.old', 'Old') + place_capsule_file(u_boot_console, capsule_files) capsule_early = u_boot_config.buildconfig.get( 'config_efi_capsule_on_disk_early') @@ -155,36 +95,12 @@ class TestEfiCapsuleFirmwareFit(): with u_boot_console.log.section('Test Case 2-b, after reboot'): if not capsule_early: - # make sure that dfu_alt_info exists even persistent variables - # are not available. - output = u_boot_console.run_command_list([ - 'env set dfu_alt_info "sf 0:0=u-boot-bin raw 0x100000 0x50000;u-boot-env raw 0x150000 0x200000"', - 'host bind 0 %s' % disk_img, - 'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR]) - assert 'Test04' in ''.join(output) - - # need to run uefi command to initiate capsule handling - output = u_boot_console.run_command( - 'env print -e Capsule0000', wait_for_reboot = True) - - output = u_boot_console.run_command_list([ - 'host bind 0 %s' % disk_img, - 'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR]) - assert 'Test04' not in ''.join(output) - - output = u_boot_console.run_command_list([ - 'sf probe 0:0', - 'sf read 4000000 100000 10', - 'md.b 4000000 10']) - if capsule_auth: - assert 'u-boot:Old' in ''.join(output) - else: - assert 'u-boot:New' in ''.join(output) - - output = u_boot_console.run_command_list([ - 'sf read 4000000 150000 10', - 'md.b 4000000 10']) - if capsule_auth: - assert 'u-boot-env:Old' in ''.join(output) - else: - assert 'u-boot-env:New' in ''.join(output) + exec_manual_update(u_boot_console, disk_img, capsule_files) + + check_file_removed(u_boot_console, disk_img, capsule_files) + + expected = 'u-boot:Old' if capsule_auth else 'u-boot:New' + verify_content(u_boot_console, '100000', expected) + + expected = 'u-boot-env:Old' if capsule_auth else 'u-boot-env:New' + verify_content(u_boot_console, '150000', expected) diff --git a/test/py/tests/test_efi_capsule/test_capsule_firmware_raw.py b/test/py/tests/test_efi_capsule/test_capsule_firmware_raw.py index 92bfb14932..e525096d8e 100644 --- a/test/py/tests/test_efi_capsule/test_capsule_firmware_raw.py +++ b/test/py/tests/test_efi_capsule/test_capsule_firmware_raw.py @@ -7,7 +7,15 @@ This test verifies capsule-on-disk firmware update for raw images """ import pytest -from capsule_defs import CAPSULE_DATA_DIR, CAPSULE_INSTALL_DIR +from capsule_common import ( + setup, + init_content, + place_capsule_file, + exec_manual_update, + check_file_removed, + check_file_exist, + verify_content +) @pytest.mark.boardspec('sandbox') @pytest.mark.buildconfigspec('efi_capsule_firmware_raw') @@ -40,37 +48,12 @@ class TestEfiCapsuleFirmwareRaw: u_boot_console.restart_uboot() disk_img = efi_capsule_data + capsule_files = ['Test03'] with u_boot_console.log.section('Test Case 1-a, before reboot'): - output = u_boot_console.run_command_list([ - 'host bind 0 %s' % disk_img, - 'efidebug boot add -b 1 TEST host 0:1 /helloworld.efi -s ""', - 'efidebug boot order 1', - 'env set -e -nv -bs -rt OsIndications =0x0000000000000004', - 'env set dfu_alt_info "sf 0:0=u-boot-bin raw 0x100000 0x50000;u-boot-env raw 0x150000 0x200000"', - 'env save']) - - # initialize contents - output = u_boot_console.run_command_list([ - 'sf probe 0:0', - 'fatload host 0:1 4000000 %s/u-boot.bin.old' % CAPSULE_DATA_DIR, - 'sf write 4000000 100000 10', - 'sf read 5000000 100000 10', - 'md.b 5000000 10']) - assert 'Old' in ''.join(output) - output = u_boot_console.run_command_list([ - 'sf probe 0:0', - 'fatload host 0:1 4000000 %s/u-boot.env.old' % CAPSULE_DATA_DIR, - 'sf write 4000000 150000 10', - 'sf read 5000000 150000 10', - 'md.b 5000000 10']) - assert 'Old' in ''.join(output) - - # place a capsule file - output = u_boot_console.run_command_list([ - 'fatload host 0:1 4000000 %s/Test03' % CAPSULE_DATA_DIR, - 'fatwrite host 0:1 4000000 %s/Test03 $filesize' % CAPSULE_INSTALL_DIR, - 'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR]) - assert 'Test03' in ''.join(output) + setup(u_boot_console, disk_img, '0x0000000000000004') + init_content(u_boot_console, '100000', 'u-boot.bin.old', 'Old') + init_content(u_boot_console, '150000', 'u-boot.env.old', 'Old') + place_capsule_file(u_boot_console, capsule_files) # reboot u_boot_console.restart_uboot() @@ -80,28 +63,13 @@ class TestEfiCapsuleFirmwareRaw: with u_boot_console.log.section('Test Case 1-b, after reboot'): if not capsule_early: - # make sure that dfu_alt_info exists even persistent variables - # are not available. - output = u_boot_console.run_command_list([ - 'env set dfu_alt_info "sf 0:0=u-boot-bin raw 0x100000 0x50000;u-boot-env raw 0x150000 0x200000"', - 'host bind 0 %s' % disk_img, - 'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR]) - assert 'Test03' in ''.join(output) + exec_manual_update(u_boot_console, disk_img, capsule_files) - # need to run uefi command to initiate capsule handling - output = u_boot_console.run_command( - 'env print -e Capsule0000', wait_for_reboot = True) + # deleted anyway + check_file_removed(u_boot_console, disk_img, capsule_files) - output = u_boot_console.run_command_list([ - 'sf probe 0:0', - 'sf read 4000000 100000 10', - 'md.b 4000000 10']) - assert 'u-boot:Old' in ''.join(output) - - output = u_boot_console.run_command_list([ - 'sf read 4000000 150000 10', - 'md.b 4000000 10']) - assert 'u-boot-env:Old' in ''.join(output) + verify_content(u_boot_console, '100000', 'u-boot:Old') + verify_content(u_boot_console, '150000', 'u-boot-env:Old') def test_efi_capsule_fw2( self, u_boot_config, u_boot_console, efi_capsule_data): @@ -112,44 +80,12 @@ class TestEfiCapsuleFirmwareRaw: 0x150000-0x200000: U-Boot environment (but dummy) """ disk_img = efi_capsule_data + capsule_files = ['Test01', 'Test02'] with u_boot_console.log.section('Test Case 2-a, before reboot'): - output = u_boot_console.run_command_list([ - 'host bind 0 %s' % disk_img, - 'printenv -e PlatformLangCodes', # workaround for terminal size determination - 'efidebug boot add -b 1 TEST host 0:1 /helloworld.efi -s ""', - 'efidebug boot order 1', - 'env set -e OsIndications', - 'env set dfu_alt_info "sf 0:0=u-boot-bin raw 0x100000 0x50000;u-boot-env raw 0x150000 0x200000"', - 'env save']) - - # initialize contents - output = u_boot_console.run_command_list([ - 'sf probe 0:0', - 'fatload host 0:1 4000000 %s/u-boot.bin.old' % CAPSULE_DATA_DIR, - 'sf write 4000000 100000 10', - 'sf read 5000000 100000 10', - 'md.b 5000000 10']) - assert 'Old' in ''.join(output) - output = u_boot_console.run_command_list([ - 'sf probe 0:0', - 'fatload host 0:1 4000000 %s/u-boot.env.old' % CAPSULE_DATA_DIR, - 'sf write 4000000 150000 10', - 'sf read 5000000 150000 10', - 'md.b 5000000 10']) - assert 'Old' in ''.join(output) - - # place the capsule files - output = u_boot_console.run_command_list([ - 'fatload host 0:1 4000000 %s/Test01' % CAPSULE_DATA_DIR, - 'fatwrite host 0:1 4000000 %s/Test01 $filesize' % CAPSULE_INSTALL_DIR, - 'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR]) - assert 'Test01' in ''.join(output) - - output = u_boot_console.run_command_list([ - 'fatload host 0:1 4000000 %s/Test02' % CAPSULE_DATA_DIR, - 'fatwrite host 0:1 4000000 %s/Test02 $filesize' % CAPSULE_INSTALL_DIR, - 'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR]) - assert 'Test02' in ''.join(output) + setup(u_boot_console, disk_img, None) + init_content(u_boot_console, '100000', 'u-boot.bin.old', 'Old') + init_content(u_boot_console, '150000', 'u-boot.env.old', 'Old') + place_capsule_file(u_boot_console, capsule_files) # reboot u_boot_console.restart_uboot() @@ -158,35 +94,12 @@ class TestEfiCapsuleFirmwareRaw: 'config_efi_capsule_on_disk_early') with u_boot_console.log.section('Test Case 2-b, after reboot'): if not capsule_early: - # make sure that dfu_alt_info exists even persistent variables - # are not available. - output = u_boot_console.run_command_list([ - 'env set dfu_alt_info "sf 0:0=u-boot-bin raw 0x100000 0x50000;u-boot-env raw 0x150000 0x200000"', - 'host bind 0 %s' % disk_img, - 'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR]) - assert 'Test01' in ''.join(output) - assert 'Test02' in ''.join(output) + exec_manual_update(u_boot_console, disk_img, capsule_files, False) - # need to run uefi command to initiate capsule handling - output = u_boot_console.run_command( - 'env print -e Capsule0000') + check_file_exist(u_boot_console, disk_img, capsule_files) - output = u_boot_console.run_command_list([ - 'host bind 0 %s' % disk_img, - 'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR]) - assert 'Test01' in ''.join(output) - assert 'Test02' in ''.join(output) - - output = u_boot_console.run_command_list([ - 'sf probe 0:0', - 'sf read 4000000 100000 10', - 'md.b 4000000 10']) - assert 'u-boot:Old' in ''.join(output) - - output = u_boot_console.run_command_list([ - 'sf read 4000000 150000 10', - 'md.b 4000000 10']) - assert 'u-boot-env:Old' in ''.join(output) + verify_content(u_boot_console, '100000', 'u-boot:Old') + verify_content(u_boot_console, '150000', 'u-boot-env:Old') def test_efi_capsule_fw3( self, u_boot_config, u_boot_console, efi_capsule_data): @@ -195,45 +108,12 @@ class TestEfiCapsuleFirmwareRaw: 0x100000-0x150000: U-Boot binary (but dummy) """ disk_img = efi_capsule_data + capsule_files = ['Test01', 'Test02'] with u_boot_console.log.section('Test Case 3-a, before reboot'): - output = u_boot_console.run_command_list([ - 'host bind 0 %s' % disk_img, - 'printenv -e PlatformLangCodes', # workaround for terminal size determination - 'efidebug boot add -b 1 TEST host 0:1 /helloworld.efi -s ""', - 'efidebug boot order 1', - 'env set -e -nv -bs -rt OsIndications =0x0000000000000004', - 'env set dfu_alt_info "sf 0:0=u-boot-bin raw 0x100000 0x50000;u-boot-env raw 0x150000 0x200000"', - 'env save']) - - # initialize contents - output = u_boot_console.run_command_list([ - 'sf probe 0:0', - 'fatload host 0:1 4000000 %s/u-boot.bin.old' % CAPSULE_DATA_DIR, - 'sf write 4000000 100000 10', - 'sf read 5000000 100000 10', - 'md.b 5000000 10']) - assert 'Old' in ''.join(output) - - output = u_boot_console.run_command_list([ - 'sf probe 0:0', - 'fatload host 0:1 4000000 %s/u-boot.env.old' % CAPSULE_DATA_DIR, - 'sf write 4000000 150000 10', - 'sf read 5000000 100000 10', - 'md.b 5000000 10']) - assert 'Old' in ''.join(output) - - # place the capsule files - output = u_boot_console.run_command_list([ - 'fatload host 0:1 4000000 %s/Test01' % CAPSULE_DATA_DIR, - 'fatwrite host 0:1 4000000 %s/Test01 $filesize' % CAPSULE_INSTALL_DIR, - 'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR]) - assert 'Test01' in ''.join(output) - - output = u_boot_console.run_command_list([ - 'fatload host 0:1 4000000 %s/Test02' % CAPSULE_DATA_DIR, - 'fatwrite host 0:1 4000000 %s/Test02 $filesize' % CAPSULE_INSTALL_DIR, - 'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR]) - assert 'Test02' in ''.join(output) + setup(u_boot_console, disk_img, '0x0000000000000004') + init_content(u_boot_console, '100000', 'u-boot.bin.old', 'Old') + init_content(u_boot_console, '150000', 'u-boot.env.old', 'Old') + place_capsule_file(u_boot_console, capsule_files) capsule_early = u_boot_config.buildconfig.get( 'config_efi_capsule_on_disk_early') @@ -245,18 +125,7 @@ class TestEfiCapsuleFirmwareRaw: with u_boot_console.log.section('Test Case 3-b, after reboot'): if not capsule_early: - # make sure that dfu_alt_info exists even persistent variables - # are not available. - output = u_boot_console.run_command_list([ - 'env set dfu_alt_info "sf 0:0=u-boot-bin raw 0x100000 0x50000;u-boot-env raw 0x150000 0x200000"', - 'host bind 0 %s' % disk_img, - 'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR]) - assert 'Test01' in ''.join(output) - assert 'Test02' in ''.join(output) - - # need to run uefi command to initiate capsule handling - output = u_boot_console.run_command( - 'env print -e Capsule0000', wait_for_reboot = True) + exec_manual_update(u_boot_console, disk_img, capsule_files) # make sure the dfu_alt_info exists because it is required for making ESRT. output = u_boot_console.run_command_list([ @@ -269,26 +138,10 @@ class TestEfiCapsuleFirmwareRaw: # ensure that SANDBOX_UBOOT_IMAGE_GUID is in the ESRT. assert '09D7CF52-0720-4710-91D1-08469B7FE9C8' in ''.join(output) - output = u_boot_console.run_command_list([ - 'host bind 0 %s' % disk_img, - 'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR]) - assert 'Test01' not in ''.join(output) - assert 'Test02' not in ''.join(output) + check_file_removed(u_boot_console, disk_img, capsule_files) - output = u_boot_console.run_command_list([ - 'sf probe 0:0', - 'sf read 4000000 100000 10', - 'md.b 4000000 10']) - if capsule_auth: - assert 'u-boot:Old' in ''.join(output) - else: - assert 'u-boot:New' in ''.join(output) + expected = 'u-boot:Old' if capsule_auth else 'u-boot:New' + verify_content(u_boot_console, '100000', expected) - output = u_boot_console.run_command_list([ - 'sf probe 0:0', - 'sf read 4000000 150000 10', - 'md.b 4000000 10']) - if capsule_auth: - assert 'u-boot-env:Old' in ''.join(output) - else: - assert 'u-boot-env:New' in ''.join(output) + expected = 'u-boot-env:Old' if capsule_auth else 'u-boot-env:New' + verify_content(u_boot_console, '150000', expected) diff --git a/test/py/tests/test_efi_capsule/test_capsule_firmware_signed_fit.py b/test/py/tests/test_efi_capsule/test_capsule_firmware_signed_fit.py index ba8429e83c..70f24e8ce7 100644 --- a/test/py/tests/test_efi_capsule/test_capsule_firmware_signed_fit.py +++ b/test/py/tests/test_efi_capsule/test_capsule_firmware_signed_fit.py @@ -10,7 +10,15 @@ with signed capsule files containing FIT images """ import pytest -from capsule_defs import CAPSULE_DATA_DIR, CAPSULE_INSTALL_DIR +from capsule_common import ( + setup, + init_content, + place_capsule_file, + exec_manual_update, + check_file_removed, + verify_content, + do_reboot_dtb_specified +) @pytest.mark.boardspec('sandbox_flattree') @pytest.mark.buildconfigspec('efi_capsule_firmware_fit') @@ -37,70 +45,23 @@ class TestEfiCapsuleFirmwareSignedFit(): should pass and the firmware be updated. """ disk_img = efi_capsule_data + capsule_files = ['Test13'] with u_boot_console.log.section('Test Case 1-a, before reboot'): - output = u_boot_console.run_command_list([ - 'host bind 0 %s' % disk_img, - 'printenv -e PlatformLangCodes', # workaround for terminal size determination - 'efidebug boot add -b 1 TEST host 0:1 /helloworld.efi', - 'efidebug boot order 1', - 'env set -e -nv -bs -rt OsIndications =0x0000000000000004', - 'env set dfu_alt_info ' - '"sf 0:0=u-boot-bin raw 0x100000 ' - '0x50000;u-boot-env raw 0x150000 0x200000"', - 'env save']) + setup(u_boot_console, disk_img, '0x0000000000000004') + init_content(u_boot_console, '100000', 'u-boot.bin.old', 'Old') + place_capsule_file(u_boot_console, capsule_files) - # initialize content - output = u_boot_console.run_command_list([ - 'sf probe 0:0', - 'fatload host 0:1 4000000 %s/u-boot.bin.old' - % CAPSULE_DATA_DIR, - 'sf write 4000000 100000 10', - 'sf read 5000000 100000 10', - 'md.b 5000000 10']) - assert 'Old' in ''.join(output) - - # place a capsule file - output = u_boot_console.run_command_list([ - 'fatload host 0:1 4000000 %s/Test13' % CAPSULE_DATA_DIR, - 'fatwrite host 0:1 4000000 %s/Test13 $filesize' - % CAPSULE_INSTALL_DIR, - 'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR]) - assert 'Test13' in ''.join(output) - - # reboot - mnt_point = u_boot_config.persistent_data_dir + '/test_efi_capsule' - u_boot_console.config.dtb = mnt_point + CAPSULE_DATA_DIR \ - + '/test_sig.dtb' - u_boot_console.restart_uboot() + do_reboot_dtb_specified(u_boot_config, u_boot_console, 'test_sig.dtb') capsule_early = u_boot_config.buildconfig.get( 'config_efi_capsule_on_disk_early') with u_boot_console.log.section('Test Case 1-b, after reboot'): if not capsule_early: - # make sure that dfu_alt_info exists even persistent variables - # are not available. - output = u_boot_console.run_command_list([ - 'env set dfu_alt_info ' - '"sf 0:0=u-boot-bin raw 0x100000 ' - '0x50000;u-boot-env raw 0x150000 0x200000"', - 'host bind 0 %s' % disk_img, - 'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR]) - assert 'Test13' in ''.join(output) - - # need to run uefi command to initiate capsule handling - output = u_boot_console.run_command( - 'env print -e Capsule0000', wait_for_reboot = True) + exec_manual_update(u_boot_console, disk_img, capsule_files) - output = u_boot_console.run_command_list([ - 'host bind 0 %s' % disk_img, - 'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR]) - assert 'Test13' not in ''.join(output) + check_file_removed(u_boot_console, disk_img, capsule_files) - output = u_boot_console.run_command_list([ - 'sf probe 0:0', - 'sf read 4000000 100000 10', - 'md.b 4000000 10']) - assert 'u-boot:New' in ''.join(output) + verify_content(u_boot_console, '100000', 'u-boot:New') def test_efi_capsule_auth2( self, u_boot_config, u_boot_console, efi_capsule_data): @@ -113,73 +74,26 @@ class TestEfiCapsuleFirmwareSignedFit(): not be updated. """ disk_img = efi_capsule_data + capsule_files = ['Test14'] with u_boot_console.log.section('Test Case 2-a, before reboot'): - output = u_boot_console.run_command_list([ - 'host bind 0 %s' % disk_img, - 'printenv -e PlatformLangCodes', # workaround for terminal size determination - 'efidebug boot add -b 1 TEST host 0:1 /helloworld.efi', - 'efidebug boot order 1', - 'env set -e -nv -bs -rt OsIndications =0x0000000000000004', - 'env set dfu_alt_info ' - '"sf 0:0=u-boot-bin raw 0x100000 ' - '0x50000;u-boot-env raw 0x150000 0x200000"', - 'env save']) - - # initialize content - output = u_boot_console.run_command_list([ - 'sf probe 0:0', - 'fatload host 0:1 4000000 %s/u-boot.bin.old' - % CAPSULE_DATA_DIR, - 'sf write 4000000 100000 10', - 'sf read 5000000 100000 10', - 'md.b 5000000 10']) - assert 'Old' in ''.join(output) - - # place a capsule file - output = u_boot_console.run_command_list([ - 'fatload host 0:1 4000000 %s/Test14' % CAPSULE_DATA_DIR, - 'fatwrite host 0:1 4000000 %s/Test14 $filesize' - % CAPSULE_INSTALL_DIR, - 'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR]) - assert 'Test14' in ''.join(output) + setup(u_boot_console, disk_img, '0x0000000000000004') + init_content(u_boot_console, '100000', 'u-boot.bin.old', 'Old') + place_capsule_file(u_boot_console, capsule_files) - # reboot - mnt_point = u_boot_config.persistent_data_dir + '/test_efi_capsule' - u_boot_console.config.dtb = mnt_point + CAPSULE_DATA_DIR \ - + '/test_sig.dtb' - u_boot_console.restart_uboot() + do_reboot_dtb_specified(u_boot_config, u_boot_console, 'test_sig.dtb') capsule_early = u_boot_config.buildconfig.get( 'config_efi_capsule_on_disk_early') with u_boot_console.log.section('Test Case 2-b, after reboot'): if not capsule_early: - # make sure that dfu_alt_info exists even persistent variables - # are not available. - output = u_boot_console.run_command_list([ - 'env set dfu_alt_info ' - '"sf 0:0=u-boot-bin raw 0x100000 ' - '0x50000;u-boot-env raw 0x150000 0x200000"', - 'host bind 0 %s' % disk_img, - 'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR]) - assert 'Test14' in ''.join(output) - - # need to run uefi command to initiate capsule handling - output = u_boot_console.run_command( - 'env print -e Capsule0000', wait_for_reboot = True) + exec_manual_update(u_boot_console, disk_img, capsule_files) # deleted any way - output = u_boot_console.run_command_list([ - 'host bind 0 %s' % disk_img, - 'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR]) - assert 'Test14' not in ''.join(output) + check_file_removed(u_boot_console, disk_img, capsule_files) # TODO: check CapsuleStatus in CapsuleXXXX - output = u_boot_console.run_command_list([ - 'sf probe 0:0', - 'sf read 4000000 100000 10', - 'md.b 4000000 10']) - assert 'u-boot:Old' in ''.join(output) + verify_content(u_boot_console, '100000', 'u-boot:Old') def test_efi_capsule_auth3( self, u_boot_config, u_boot_console, efi_capsule_data): @@ -191,70 +105,23 @@ class TestEfiCapsuleFirmwareSignedFit(): should fail and the firmware not be updated. """ disk_img = efi_capsule_data + capsule_files = ['Test02'] with u_boot_console.log.section('Test Case 3-a, before reboot'): - output = u_boot_console.run_command_list([ - 'host bind 0 %s' % disk_img, - 'printenv -e PlatformLangCodes', # workaround for terminal size determination - 'efidebug boot add -b 1 TEST host 0:1 /helloworld.efi', - 'efidebug boot order 1', - 'env set -e -nv -bs -rt OsIndications =0x0000000000000004', - 'env set dfu_alt_info ' - '"sf 0:0=u-boot-bin raw 0x100000 ' - '0x50000;u-boot-env raw 0x150000 0x200000"', - 'env save']) - - # initialize content - output = u_boot_console.run_command_list([ - 'sf probe 0:0', - 'fatload host 0:1 4000000 %s/u-boot.bin.old' - % CAPSULE_DATA_DIR, - 'sf write 4000000 100000 10', - 'sf read 5000000 100000 10', - 'md.b 5000000 10']) - assert 'Old' in ''.join(output) + setup(u_boot_console, disk_img, '0x0000000000000004') + init_content(u_boot_console, '100000', 'u-boot.bin.old', 'Old') + place_capsule_file(u_boot_console, capsule_files) - # place a capsule file - output = u_boot_console.run_command_list([ - 'fatload host 0:1 4000000 %s/Test02' % CAPSULE_DATA_DIR, - 'fatwrite host 0:1 4000000 %s/Test02 $filesize' - % CAPSULE_INSTALL_DIR, - 'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR]) - assert 'Test02' in ''.join(output) - - # reboot - mnt_point = u_boot_config.persistent_data_dir + '/test_efi_capsule' - u_boot_console.config.dtb = mnt_point + CAPSULE_DATA_DIR \ - + '/test_sig.dtb' - u_boot_console.restart_uboot() + do_reboot_dtb_specified(u_boot_config, u_boot_console, 'test_sig.dtb') capsule_early = u_boot_config.buildconfig.get( 'config_efi_capsule_on_disk_early') with u_boot_console.log.section('Test Case 3-b, after reboot'): if not capsule_early: - # make sure that dfu_alt_info exists even persistent variables - # are not available. - output = u_boot_console.run_command_list([ - 'env set dfu_alt_info ' - '"sf 0:0=u-boot-bin raw 0x100000 ' - '0x50000;u-boot-env raw 0x150000 0x200000"', - 'host bind 0 %s' % disk_img, - 'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR]) - assert 'Test02' in ''.join(output) - - # need to run uefi command to initiate capsule handling - output = u_boot_console.run_command( - 'env print -e Capsule0000', wait_for_reboot = True) + exec_manual_update(u_boot_console, disk_img, capsule_files) # deleted any way - output = u_boot_console.run_command_list([ - 'host bind 0 %s' % disk_img, - 'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR]) - assert 'Test02' not in ''.join(output) + check_file_removed(u_boot_console, disk_img, capsule_files) # TODO: check CapsuleStatus in CapsuleXXXX - output = u_boot_console.run_command_list([ - 'sf probe 0:0', - 'sf read 4000000 100000 10', - 'md.b 4000000 10']) - assert 'u-boot:Old' in ''.join(output) + verify_content(u_boot_console, '100000', 'u-boot:Old') diff --git a/test/py/tests/test_efi_capsule/test_capsule_firmware_signed_raw.py b/test/py/tests/test_efi_capsule/test_capsule_firmware_signed_raw.py index 710d9925a3..c6109e2103 100644 --- a/test/py/tests/test_efi_capsule/test_capsule_firmware_signed_raw.py +++ b/test/py/tests/test_efi_capsule/test_capsule_firmware_signed_raw.py @@ -8,7 +8,15 @@ with signed capsule files containing raw images """ import pytest -from capsule_defs import CAPSULE_DATA_DIR, CAPSULE_INSTALL_DIR +from capsule_common import ( + setup, + init_content, + place_capsule_file, + exec_manual_update, + check_file_removed, + verify_content, + do_reboot_dtb_specified +) @pytest.mark.boardspec('sandbox') @pytest.mark.buildconfigspec('efi_capsule_firmware_raw') @@ -34,69 +42,23 @@ class TestEfiCapsuleFirmwareSignedRaw(): should pass and the firmware be updated. """ disk_img = efi_capsule_data + capsule_files = ['Test11'] with u_boot_console.log.section('Test Case 1-a, before reboot'): - output = u_boot_console.run_command_list([ - 'host bind 0 %s' % disk_img, - 'efidebug boot add -b 1 TEST host 0:1 /helloworld.efi', - 'efidebug boot order 1', - 'env set -e -nv -bs -rt OsIndications =0x0000000000000004', - 'env set dfu_alt_info ' - '"sf 0:0=u-boot-bin raw 0x100000 ' - '0x50000;u-boot-env raw 0x150000 0x200000"', - 'env save']) - - # initialize content - output = u_boot_console.run_command_list([ - 'sf probe 0:0', - 'fatload host 0:1 4000000 %s/u-boot.bin.old' - % CAPSULE_DATA_DIR, - 'sf write 4000000 100000 10', - 'sf read 5000000 100000 10', - 'md.b 5000000 10']) - assert 'Old' in ''.join(output) - - # place a capsule file - output = u_boot_console.run_command_list([ - 'fatload host 0:1 4000000 %s/Test11' % CAPSULE_DATA_DIR, - 'fatwrite host 0:1 4000000 %s/Test11 $filesize' - % CAPSULE_INSTALL_DIR, - 'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR]) - assert 'Test11' in ''.join(output) - - # reboot - mnt_point = u_boot_config.persistent_data_dir + '/test_efi_capsule' - u_boot_console.config.dtb = mnt_point + CAPSULE_DATA_DIR \ - + '/test_sig.dtb' - u_boot_console.restart_uboot() + setup(u_boot_console, disk_img, '0x0000000000000004') + init_content(u_boot_console, '100000', 'u-boot.bin.old', 'Old') + place_capsule_file(u_boot_console, capsule_files) + + do_reboot_dtb_specified(u_boot_config, u_boot_console, 'test_sig.dtb') capsule_early = u_boot_config.buildconfig.get( 'config_efi_capsule_on_disk_early') with u_boot_console.log.section('Test Case 1-b, after reboot'): if not capsule_early: - # make sure that dfu_alt_info exists even persistent variables - # are not available. - output = u_boot_console.run_command_list([ - 'env set dfu_alt_info ' - '"sf 0:0=u-boot-bin raw 0x100000 ' - '0x50000;u-boot-env raw 0x150000 0x200000"', - 'host bind 0 %s' % disk_img, - 'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR]) - assert 'Test11' in ''.join(output) - - # need to run uefi command to initiate capsule handling - output = u_boot_console.run_command( - 'env print -e Capsule0000', wait_for_reboot = True) - - output = u_boot_console.run_command_list([ - 'host bind 0 %s' % disk_img, - 'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR]) - assert 'Test11' not in ''.join(output) - - output = u_boot_console.run_command_list([ - 'sf probe 0:0', - 'sf read 4000000 100000 10', - 'md.b 4000000 10']) - assert 'u-boot:New' in ''.join(output) + exec_manual_update(u_boot_console, disk_img, capsule_files) + + check_file_removed(u_boot_console, disk_img, capsule_files) + + verify_content(u_boot_console, '100000', 'u-boot:New') def test_efi_capsule_auth2( self, u_boot_config, u_boot_console, efi_capsule_data): @@ -108,73 +70,25 @@ class TestEfiCapsuleFirmwareSignedRaw(): not be updated. """ disk_img = efi_capsule_data + capsule_files = ['Test12'] with u_boot_console.log.section('Test Case 2-a, before reboot'): - output = u_boot_console.run_command_list([ - 'host bind 0 %s' % disk_img, - 'printenv -e PlatformLangCodes', # workaround for terminal size determination - 'efidebug boot add -b 1 TEST host 0:1 /helloworld.efi', - 'efidebug boot order 1', - 'env set -e -nv -bs -rt OsIndications =0x0000000000000004', - 'env set dfu_alt_info ' - '"sf 0:0=u-boot-bin raw 0x100000 ' - '0x50000;u-boot-env raw 0x150000 0x200000"', - 'env save']) - - # initialize content - output = u_boot_console.run_command_list([ - 'sf probe 0:0', - 'fatload host 0:1 4000000 %s/u-boot.bin.old' - % CAPSULE_DATA_DIR, - 'sf write 4000000 100000 10', - 'sf read 5000000 100000 10', - 'md.b 5000000 10']) - assert 'Old' in ''.join(output) - - # place a capsule file - output = u_boot_console.run_command_list([ - 'fatload host 0:1 4000000 %s/Test12' % CAPSULE_DATA_DIR, - 'fatwrite host 0:1 4000000 %s/Test12 $filesize' - % CAPSULE_INSTALL_DIR, - 'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR]) - assert 'Test12' in ''.join(output) - - # reboot - mnt_point = u_boot_config.persistent_data_dir + '/test_efi_capsule' - u_boot_console.config.dtb = mnt_point + CAPSULE_DATA_DIR \ - + '/test_sig.dtb' - u_boot_console.restart_uboot() + setup(u_boot_console, disk_img, '0x0000000000000004') + init_content(u_boot_console, '100000', 'u-boot.bin.old', 'Old') + place_capsule_file(u_boot_console, capsule_files) + + do_reboot_dtb_specified(u_boot_config, u_boot_console, 'test_sig.dtb') capsule_early = u_boot_config.buildconfig.get( 'config_efi_capsule_on_disk_early') with u_boot_console.log.section('Test Case 2-b, after reboot'): if not capsule_early: - # make sure that dfu_alt_info exists even persistent variables - # are not available. - output = u_boot_console.run_command_list([ - 'env set dfu_alt_info ' - '"sf 0:0=u-boot-bin raw 0x100000 ' - '0x50000;u-boot-env raw 0x150000 0x200000"', - 'host bind 0 %s' % disk_img, - 'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR]) - assert 'Test12' in ''.join(output) - - # need to run uefi command to initiate capsule handling - output = u_boot_console.run_command( - 'env print -e Capsule0000', wait_for_reboot = True) - - # deleted any way - output = u_boot_console.run_command_list([ - 'host bind 0 %s' % disk_img, - 'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR]) - assert 'Test12' not in ''.join(output) + exec_manual_update(u_boot_console, disk_img, capsule_files) + + check_file_removed(u_boot_console, disk_img, capsule_files) # TODO: check CapsuleStatus in CapsuleXXXX - output = u_boot_console.run_command_list([ - 'sf probe 0:0', - 'sf read 4000000 100000 10', - 'md.b 4000000 10']) - assert 'u-boot:Old' in ''.join(output) + verify_content(u_boot_console, '100000', 'u-boot:Old') def test_efi_capsule_auth3( self, u_boot_config, u_boot_console, efi_capsule_data): @@ -185,70 +99,23 @@ class TestEfiCapsuleFirmwareSignedRaw(): should fail and the firmware not be updated. """ disk_img = efi_capsule_data + capsule_files = ['Test02'] with u_boot_console.log.section('Test Case 3-a, before reboot'): - output = u_boot_console.run_command_list([ - 'host bind 0 %s' % disk_img, - 'printenv -e PlatformLangCodes', # workaround for terminal size determination - 'efidebug boot add -b 1 TEST host 0:1 /helloworld.efi', - 'efidebug boot order 1', - 'env set -e -nv -bs -rt OsIndications =0x0000000000000004', - 'env set dfu_alt_info ' - '"sf 0:0=u-boot-bin raw 0x100000 ' - '0x50000;u-boot-env raw 0x150000 0x200000"', - 'env save']) - - # initialize content - output = u_boot_console.run_command_list([ - 'sf probe 0:0', - 'fatload host 0:1 4000000 %s/u-boot.bin.old' - % CAPSULE_DATA_DIR, - 'sf write 4000000 100000 10', - 'sf read 5000000 100000 10', - 'md.b 5000000 10']) - assert 'Old' in ''.join(output) - - # place a capsule file - output = u_boot_console.run_command_list([ - 'fatload host 0:1 4000000 %s/Test02' % CAPSULE_DATA_DIR, - 'fatwrite host 0:1 4000000 %s/Test02 $filesize' - % CAPSULE_INSTALL_DIR, - 'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR]) - assert 'Test02' in ''.join(output) - - # reboot - mnt_point = u_boot_config.persistent_data_dir + '/test_efi_capsule' - u_boot_console.config.dtb = mnt_point + CAPSULE_DATA_DIR \ - + '/test_sig.dtb' - u_boot_console.restart_uboot() + setup(u_boot_console, disk_img, '0x0000000000000004') + init_content(u_boot_console, '100000', 'u-boot.bin.old', 'Old') + place_capsule_file(u_boot_console, capsule_files) + + do_reboot_dtb_specified(u_boot_config, u_boot_console, 'test_sig.dtb') capsule_early = u_boot_config.buildconfig.get( 'config_efi_capsule_on_disk_early') with u_boot_console.log.section('Test Case 3-b, after reboot'): if not capsule_early: - # make sure that dfu_alt_info exists even persistent variables - # are not available. - output = u_boot_console.run_command_list([ - 'env set dfu_alt_info ' - '"sf 0:0=u-boot-bin raw 0x100000 ' - '0x50000;u-boot-env raw 0x150000 0x200000"', - 'host bind 0 %s' % disk_img, - 'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR]) - assert 'Test02' in ''.join(output) - - # need to run uefi command to initiate capsule handling - output = u_boot_console.run_command( - 'env print -e Capsule0000', wait_for_reboot = True) + exec_manual_update(u_boot_console, disk_img, capsule_files) # deleted anyway - output = u_boot_console.run_command_list([ - 'host bind 0 %s' % disk_img, - 'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR]) - assert 'Test02' not in ''.join(output) + check_file_removed(u_boot_console, disk_img, capsule_files) # TODO: check CapsuleStatus in CapsuleXXXX - output = u_boot_console.run_command_list([ - 'sf probe 0:0', - 'sf read 4000000 100000 10', - 'md.b 4000000 10']) - assert 'u-boot:Old' in ''.join(output) + verify_content(u_boot_console, '100000', 'u-boot:Old') From patchwork Wed Jun 7 05:42:00 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Masahisa Kojima X-Patchwork-Id: 690175 Delivered-To: patch@linaro.org Received: by 2002:a5d:4d8a:0:0:0:0:0 with SMTP id b10csp140138wru; Tue, 6 Jun 2023 22:44:54 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ5rLzBuL4VAkahV6Pu7JTorpRMtlRQ0+F+DNanVViPBcqhjUDw5YIbPkxvCOmZTxSqbNOBK X-Received: by 2002:aca:220d:0:b0:398:10ad:e857 with SMTP id b13-20020aca220d000000b0039810ade857mr4181610oic.48.1686116694433; Tue, 06 Jun 2023 22:44:54 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1686116694; cv=none; d=google.com; s=arc-20160816; b=tjpsqyxcwAsSdGBgHpyTqcXvqrM/4ZGQNUZnRmRLYUK+7vNEpvbu0Yk/LmDlIJItRu gfyrL4IDrSWQ7ZSj7lydRbH2evoFYzplpwCTayeNeI161SvZ72IZ57n4wR8BcGrv73R1 E/wbo6ZBhqOgDrlQHIah2d6cP3Eok96Tecy8oQKqoVpT1WoUcjEk4Q1odDs54DKCJ/eq Dg+TpHmd5UKy+aLIYbIaTeIxjGJXbnwuRv+uXdAoyyMAhEaSua5TBI1NqlUgpVl3VrD6 0T7JT/uehGNKpB1u4ZfZyTCOtWG0qZ9vlUH1kMJkhwxPY+cl5HmeCWA7r8LbbueE1LM9 z4bw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:content-transfer-encoding :mime-version:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=e77DOzfxTOgAy2se0v4Xhd7I50L6kvbTIEl9h3FxAdg=; b=GULDAdNSOeQDJaB5qCmUhZLO27tCc64TyGTWO4gpxZRSu+qvhGQA00aDAEcn3osAPt 1B770PuosZZ4xKZxinLWlS0xgghmIgSFn8YkBNL3erwRS9JtEQbzx21Giz0wDDaWZiFX AuFIRZyBnyoHBN0ycDiez1jN3oTzhnGX9DUx4my7lk+yXthfEo7+Cm573jvAxZXMfYyG o3oujl1ZbzVgjF9Ybs8Pzolpw5YySPYaxQqWygOcYSbQ07m8Mhudhr/OljU//Vwjw3Bz SCwzkpRlkCt8wx/wdMhhdAtrSKy91ngaHp54OK6LLUwfLqh3Jj0BI5FfoZ+zZ3CVoXy1 7mJw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=bK3LmF62; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from phobos.denx.de (phobos.denx.de. [2a01:238:438b:c500:173d:9f52:ddab:ee01]) by mx.google.com with ESMTPS id ik6-20020a170902ab0600b001ac6b926624si8158904plb.122.2023.06.06.22.44.53 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 06 Jun 2023 22:44:54 -0700 (PDT) Received-SPF: pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) client-ip=2a01:238:438b:c500:173d:9f52:ddab:ee01; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=bK3LmF62; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id D4735860A3; Wed, 7 Jun 2023 07:43:16 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="bK3LmF62"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id 38D1886014; Wed, 7 Jun 2023 07:43:13 +0200 (CEST) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.2 Received: from mail-oi1-x22b.google.com (mail-oi1-x22b.google.com [IPv6:2607:f8b0:4864:20::22b]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id 41BD28603C for ; Wed, 7 Jun 2023 07:43:08 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=masahisa.kojima@linaro.org Received: by mail-oi1-x22b.google.com with SMTP id 5614622812f47-38dec65ab50so6022690b6e.2 for ; Tue, 06 Jun 2023 22:43:08 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1686116586; x=1688708586; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=e77DOzfxTOgAy2se0v4Xhd7I50L6kvbTIEl9h3FxAdg=; b=bK3LmF623nz1SymtJrHFnB7GiD698/r9GjPVTFUvcJZQm2FpoWCmWQWDgYcRiYWYZj u4miSUSGYw+qUB1oQfqIbThVoY5jb5i/QDuIhabraPDqkjTQs/pg4udYIXCJguDzLDTy S6w3VLqWcHyw/6pectkI9q+0q0SdrXRORq/czE14FHOhdxsRFnPSpHhfpLBP8ShvpjTb 3OJD5mebOGZy3+lNK5h7/V7+TaAjDSivd4O/Ue/XobhXUqJdbv7K1g2m/sN/OaDjdh4S wIluv3nozCu+vwus/gBvngK7zo8Gl52aYiaAAYaJC6PVfC7XuErcbMht7jK6Smirx5kl w3fw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1686116586; x=1688708586; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=e77DOzfxTOgAy2se0v4Xhd7I50L6kvbTIEl9h3FxAdg=; b=QDJ9syDd4adUKU697ix/NbOXwEL7T/UWNJ/slHOJwGZdfh72R/KfPzq0++NU/2P4jj +FRtU6Blt7NPU8/SH+WIByFX9GzBOn/NlDKJix+NBVaAmS/8eXTiNIPFxgdTm7/Gis9y Y/9V99Bil35vQx1TFwHibrDz2NedbBS2PxxO7FLLMLeGTv+A42/M7BwvX/R+NRQ/qmkW 8sOCrw8X1fGRWSQoMM9nzutdJ9T6NkaW496vCggr6yKK6q3KZTtthbxrd6NYslo3+9/4 vl9UeTDazR5+UMf4I6sHHnOcffSuWoCtEqoMax9xVL8Vsy02BEfFH+wmOPGLqnvIqYIO 6OfQ== X-Gm-Message-State: AC+VfDwDXfC93ep3M8LMZBorpd+P9rN7KXT/Vn5RmFjX/BLdjUsiOGkr C5ElLgOGA9yLvS2HiQ2TFpG5Jc6cnwaoxNqC19U= X-Received: by 2002:a54:4502:0:b0:398:19e6:56a9 with SMTP id l2-20020a544502000000b0039819e656a9mr4122840oil.2.1686116586479; Tue, 06 Jun 2023 22:43:06 -0700 (PDT) Received: from ubuntu-SVE15129CJS.. ([240d:1a:cf7:5800:d3c2:bf07:d08b:b72d]) by smtp.gmail.com with ESMTPSA id fh2-20020a17090b034200b0024df2b712a7sm469033pjb.52.2023.06.06.22.43.04 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 06 Jun 2023 22:43:06 -0700 (PDT) From: Masahisa Kojima To: u-boot@lists.denx.de Cc: Heinrich Schuchardt , Ilias Apalodimas , Simon Glass , Takahiro Akashi , malte.schmidt-oss@weidmueller.com, Masahisa Kojima Subject: [PATCH v9 10/10] test/py: efi_capsule: test for FMP versioning Date: Wed, 7 Jun 2023 14:42:00 +0900 Message-Id: <20230607054201.42702-11-masahisa.kojima@linaro.org> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20230607054201.42702-1-masahisa.kojima@linaro.org> References: <20230607054201.42702-1-masahisa.kojima@linaro.org> MIME-Version: 1.0 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.39 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.8 at phobos.denx.de X-Virus-Status: Clean This test covers the FMP versioning for both raw and FIT image, and both signed and non-signed capsule update. Signed-off-by: Masahisa Kojima Acked-by: Ilias Apalodimas --- Changes in v9: - fix pyling warnings Changes in v8: - remove excess semicolons Changes in v7: - use newly introduced common functions of efi_capsule test test/py/tests/test_efi_capsule/conftest.py | 82 ++++++++++++++++++ .../test_capsule_firmware_fit.py | 79 ++++++++++++++++- .../test_capsule_firmware_raw.py | 84 ++++++++++++++++++- .../test_capsule_firmware_signed_fit.py | 66 +++++++++++++++ .../test_capsule_firmware_signed_raw.py | 71 ++++++++++++++++ test/py/tests/test_efi_capsule/version.dts | 24 ++++++ 6 files changed, 404 insertions(+), 2 deletions(-) create mode 100644 test/py/tests/test_efi_capsule/version.dts diff --git a/test/py/tests/test_efi_capsule/conftest.py b/test/py/tests/test_efi_capsule/conftest.py index a337e62936..d0e20df01e 100644 --- a/test/py/tests/test_efi_capsule/conftest.py +++ b/test/py/tests/test_efi_capsule/conftest.py @@ -62,6 +62,23 @@ def efi_capsule_data(request, u_boot_config): '-out SIGNER2.crt -nodes -days 365' % data_dir, shell=True) + # Update dtb to add the version information + check_call('cd %s; ' + 'cp %s/test/py/tests/test_efi_capsule/version.dts .' + % (data_dir, u_boot_config.source_dir), shell=True) + if capsule_auth_enabled: + check_call('cd %s; ' + 'dtc -@ -I dts -O dtb -o version.dtbo version.dts; ' + 'fdtoverlay -i test_sig.dtb ' + '-o test_ver.dtb version.dtbo' + % (data_dir), shell=True) + else: + check_call('cd %s; ' + 'dtc -@ -I dts -O dtb -o version.dtbo version.dts; ' + 'fdtoverlay -i %s/arch/sandbox/dts/test.dtb ' + '-o test_ver.dtb version.dtbo' + % (data_dir, u_boot_config.build_dir), shell=True) + # Create capsule files # two regions: one for u-boot.bin and the other for u-boot.env check_call('cd %s; echo -n u-boot:Old > u-boot.bin.old; echo -n u-boot:New > u-boot.bin.new; echo -n u-boot-env:Old > u-boot.env.old; echo -n u-boot-env:New > u-boot.env.new' % data_dir, @@ -87,6 +104,26 @@ def efi_capsule_data(request, u_boot_config): check_call('cd %s; %s/tools/mkeficapsule --index 1 --guid 058B7D83-50D5-4C47-A195-60D86AD341C4 uboot_bin_env.itb Test05' % (data_dir, u_boot_config.build_dir), shell=True) + check_call('cd %s; %s/tools/mkeficapsule --index 1 --fw-version 5 ' + '--guid 09D7CF52-0720-4710-91D1-08469B7FE9C8 u-boot.bin.new Test101' % + (data_dir, u_boot_config.build_dir), + shell=True) + check_call('cd %s; %s/tools/mkeficapsule --index 2 --fw-version 10 ' + '--guid 5A7021F5-FEF2-48B4-AABA-832E777418C0 u-boot.env.new Test102' % + (data_dir, u_boot_config.build_dir), + shell=True) + check_call('cd %s; %s/tools/mkeficapsule --index 1 --fw-version 2 ' + '--guid 09D7CF52-0720-4710-91D1-08469B7FE9C8 u-boot.bin.new Test103' % + (data_dir, u_boot_config.build_dir), + shell=True) + check_call('cd %s; %s/tools/mkeficapsule --index 1 --fw-version 5 ' + '--guid 3673B45D-6A7C-46F3-9E60-ADABB03F7937 uboot_bin_env.itb Test104' % + (data_dir, u_boot_config.build_dir), + shell=True) + check_call('cd %s; %s/tools/mkeficapsule --index 1 --fw-version 2 ' + '--guid 3673B45D-6A7C-46F3-9E60-ADABB03F7937 uboot_bin_env.itb Test105' % + (data_dir, u_boot_config.build_dir), + shell=True) if capsule_auth_enabled: # raw firmware signed with proper key @@ -123,6 +160,51 @@ def efi_capsule_data(request, u_boot_config): 'uboot_bin_env.itb Test14' % (data_dir, u_boot_config.build_dir), shell=True) + # raw firmware signed with proper key with version information + check_call('cd %s; ' + '%s/tools/mkeficapsule --index 1 --monotonic-count 1 ' + '--fw-version 5 ' + '--private-key SIGNER.key --certificate SIGNER.crt ' + '--guid 09D7CF52-0720-4710-91D1-08469B7FE9C8 ' + 'u-boot.bin.new Test111' + % (data_dir, u_boot_config.build_dir), + shell=True) + # raw firmware signed with proper key with version information + check_call('cd %s; ' + '%s/tools/mkeficapsule --index 2 --monotonic-count 1 ' + '--fw-version 10 ' + '--private-key SIGNER.key --certificate SIGNER.crt ' + '--guid 5A7021F5-FEF2-48B4-AABA-832E777418C0 ' + 'u-boot.env.new Test112' + % (data_dir, u_boot_config.build_dir), + shell=True) + # raw firmware signed with proper key with lower version information + check_call('cd %s; ' + '%s/tools/mkeficapsule --index 1 --monotonic-count 1 ' + '--fw-version 2 ' + '--private-key SIGNER.key --certificate SIGNER.crt ' + '--guid 09D7CF52-0720-4710-91D1-08469B7FE9C8 ' + 'u-boot.bin.new Test113' + % (data_dir, u_boot_config.build_dir), + shell=True) + # FIT firmware signed with proper key with version information + check_call('cd %s; ' + '%s/tools/mkeficapsule --index 1 --monotonic-count 1 ' + '--fw-version 5 ' + '--private-key SIGNER.key --certificate SIGNER.crt ' + '--guid 3673B45D-6A7C-46F3-9E60-ADABB03F7937 ' + 'uboot_bin_env.itb Test114' + % (data_dir, u_boot_config.build_dir), + shell=True) + # FIT firmware signed with proper key with lower version information + check_call('cd %s; ' + '%s/tools/mkeficapsule --index 1 --monotonic-count 1 ' + '--fw-version 2 ' + '--private-key SIGNER.key --certificate SIGNER.crt ' + '--guid 3673B45D-6A7C-46F3-9E60-ADABB03F7937 ' + 'uboot_bin_env.itb Test115' + % (data_dir, u_boot_config.build_dir), + shell=True) # Create a disk image with EFI system partition check_call('virt-make-fs --partition=gpt --size=+1M --type=vfat %s %s' % diff --git a/test/py/tests/test_efi_capsule/test_capsule_firmware_fit.py b/test/py/tests/test_efi_capsule/test_capsule_firmware_fit.py index dd3dfdc047..a3094c33f4 100644 --- a/test/py/tests/test_efi_capsule/test_capsule_firmware_fit.py +++ b/test/py/tests/test_efi_capsule/test_capsule_firmware_fit.py @@ -13,7 +13,8 @@ from capsule_common import ( place_capsule_file, exec_manual_update, check_file_removed, - verify_content + verify_content, + do_reboot_dtb_specified ) @pytest.mark.boardspec('sandbox_flattree') @@ -104,3 +105,79 @@ class TestEfiCapsuleFirmwareFit(): expected = 'u-boot-env:Old' if capsule_auth else 'u-boot-env:New' verify_content(u_boot_console, '150000', expected) + + def test_efi_capsule_fw3( + self, u_boot_config, u_boot_console, efi_capsule_data): + """ Test Case 3 + Update U-Boot on SPI Flash, raw image format with fw_version and lowest_supported_version + 0x100000-0x150000: U-Boot binary (but dummy) + 0x150000-0x200000: U-Boot environment (but dummy) + """ + disk_img = efi_capsule_data + capsule_files = ['Test104'] + with u_boot_console.log.section('Test Case 3-a, before reboot'): + setup(u_boot_console, disk_img, '0x0000000000000004') + init_content(u_boot_console, '100000', 'u-boot.bin.old', 'Old') + init_content(u_boot_console, '150000', 'u-boot.env.old', 'Old') + place_capsule_file(u_boot_console, capsule_files) + + # reboot + do_reboot_dtb_specified(u_boot_config, u_boot_console, 'test_ver.dtb') + + capsule_early = u_boot_config.buildconfig.get( + 'config_efi_capsule_on_disk_early') + capsule_auth = u_boot_config.buildconfig.get( + 'config_efi_capsule_authenticate') + with u_boot_console.log.section('Test Case 3-b, after reboot'): + if not capsule_early: + exec_manual_update(u_boot_console, disk_img, capsule_files) + + # deleted anyway + check_file_removed(u_boot_console, disk_img, capsule_files) + + # make sure the dfu_alt_info exists because it is required for making ESRT. + output = u_boot_console.run_command_list([ + 'env set dfu_alt_info "sf 0:0=u-boot-bin raw 0x100000 0x50000;' + 'u-boot-env raw 0x150000 0x200000"', + 'efidebug capsule esrt']) + + if capsule_auth: + # capsule authentication failed + verify_content(u_boot_console, '100000', 'u-boot:Old') + verify_content(u_boot_console, '150000', 'u-boot-env:Old') + else: + # ensure that SANDBOX_UBOOT_IMAGE_GUID is in the ESRT. + assert '3673B45D-6A7C-46F3-9E60-ADABB03F7937' in ''.join(output) + assert 'ESRT: fw_version=5' in ''.join(output) + assert 'ESRT: lowest_supported_fw_version=3' in ''.join(output) + + verify_content(u_boot_console, '100000', 'u-boot:New') + verify_content(u_boot_console, '150000', 'u-boot-env:New') + + def test_efi_capsule_fw4( + self, u_boot_config, u_boot_console, efi_capsule_data): + """ Test Case 4 + Update U-Boot on SPI Flash, raw image format with fw_version and lowest_supported_version + but fw_version is lower than lowest_supported_version + No update should happen + 0x100000-0x150000: U-Boot binary (but dummy) + """ + disk_img = efi_capsule_data + capsule_files = ['Test105'] + with u_boot_console.log.section('Test Case 4-a, before reboot'): + setup(u_boot_console, disk_img, '0x0000000000000004') + init_content(u_boot_console, '100000', 'u-boot.bin.old', 'Old') + place_capsule_file(u_boot_console, capsule_files) + + # reboot + do_reboot_dtb_specified(u_boot_config, u_boot_console, 'test_ver.dtb') + + capsule_early = u_boot_config.buildconfig.get( + 'config_efi_capsule_on_disk_early') + with u_boot_console.log.section('Test Case 4-b, after reboot'): + if not capsule_early: + exec_manual_update(u_boot_console, disk_img, capsule_files) + + check_file_removed(u_boot_console, disk_img, capsule_files) + + verify_content(u_boot_console, '100000', 'u-boot:Old') diff --git a/test/py/tests/test_efi_capsule/test_capsule_firmware_raw.py b/test/py/tests/test_efi_capsule/test_capsule_firmware_raw.py index e525096d8e..80d791e3de 100644 --- a/test/py/tests/test_efi_capsule/test_capsule_firmware_raw.py +++ b/test/py/tests/test_efi_capsule/test_capsule_firmware_raw.py @@ -14,7 +14,8 @@ from capsule_common import ( exec_manual_update, check_file_removed, check_file_exist, - verify_content + verify_content, + do_reboot_dtb_specified ) @pytest.mark.boardspec('sandbox') @@ -145,3 +146,84 @@ class TestEfiCapsuleFirmwareRaw: expected = 'u-boot-env:Old' if capsule_auth else 'u-boot-env:New' verify_content(u_boot_console, '150000', expected) + + def test_efi_capsule_fw4( + self, u_boot_config, u_boot_console, efi_capsule_data): + """ Test Case 4 + Update U-Boot on SPI Flash, raw image format with fw_version and lowest_supported_version + 0x100000-0x150000: U-Boot binary (but dummy) + 0x150000-0x200000: U-Boot environment (but dummy) + """ + disk_img = efi_capsule_data + capsule_files = ['Test101', 'Test102'] + with u_boot_console.log.section('Test Case 4-a, before reboot'): + setup(u_boot_console, disk_img, '0x0000000000000004') + init_content(u_boot_console, '100000', 'u-boot.bin.old', 'Old') + init_content(u_boot_console, '150000', 'u-boot.env.old', 'Old') + place_capsule_file(u_boot_console, capsule_files) + + # reboot + do_reboot_dtb_specified(u_boot_config, u_boot_console, 'test_ver.dtb') + + capsule_early = u_boot_config.buildconfig.get( + 'config_efi_capsule_on_disk_early') + capsule_auth = u_boot_config.buildconfig.get( + 'config_efi_capsule_authenticate') + with u_boot_console.log.section('Test Case 4-b, after reboot'): + if not capsule_early: + exec_manual_update(u_boot_console, disk_img, capsule_files) + + # deleted anyway + check_file_removed(u_boot_console, disk_img, capsule_files) + + # make sure the dfu_alt_info exists because it is required for making ESRT. + output = u_boot_console.run_command_list([ + 'env set dfu_alt_info "sf 0:0=u-boot-bin raw 0x100000 0x50000' + 'u-boot-env raw 0x150000 0x200000"', + 'efidebug capsule esrt']) + + if capsule_auth: + # capsule authentication failed + verify_content(u_boot_console, '100000', 'u-boot:Old') + verify_content(u_boot_console, '150000', 'u-boot-env:Old') + else: + # ensure that SANDBOX_UBOOT_IMAGE_GUID is in the ESRT. + assert '09D7CF52-0720-4710-91D1-08469B7FE9C8' in ''.join(output) + assert 'ESRT: fw_version=5' in ''.join(output) + assert 'ESRT: lowest_supported_fw_version=3' in ''.join(output) + + # ensure that SANDBOX_UBOOT_ENV_IMAGE_GUID is in the ESRT. + assert '5A7021F5-FEF2-48B4-AABA-832E777418C0' in ''.join(output) + assert 'ESRT: fw_version=10' in ''.join(output) + assert 'ESRT: lowest_supported_fw_version=7' in ''.join(output) + + verify_content(u_boot_console, '100000', 'u-boot:New') + verify_content(u_boot_console, '150000', 'u-boot-env:New') + + def test_efi_capsule_fw5( + self, u_boot_config, u_boot_console, efi_capsule_data): + """ Test Case 5 + Update U-Boot on SPI Flash, raw image format with fw_version and lowest_supported_version + but fw_version is lower than lowest_supported_version + No update should happen + 0x100000-0x150000: U-Boot binary (but dummy) + """ + disk_img = efi_capsule_data + capsule_files = ['Test103'] + with u_boot_console.log.section('Test Case 5-a, before reboot'): + setup(u_boot_console, disk_img, '0x0000000000000004') + init_content(u_boot_console, '100000', 'u-boot.bin.old', 'Old') + place_capsule_file(u_boot_console, capsule_files) + + # reboot + do_reboot_dtb_specified(u_boot_config, u_boot_console, 'test_ver.dtb') + + capsule_early = u_boot_config.buildconfig.get( + 'config_efi_capsule_on_disk_early') + with u_boot_console.log.section('Test Case 5-b, after reboot'): + if not capsule_early: + exec_manual_update(u_boot_console, disk_img, capsule_files) + + check_file_removed(u_boot_console, disk_img, capsule_files) + + verify_content(u_boot_console, '100000', 'u-boot:Old') diff --git a/test/py/tests/test_efi_capsule/test_capsule_firmware_signed_fit.py b/test/py/tests/test_efi_capsule/test_capsule_firmware_signed_fit.py index 70f24e8ce7..94d6c3eef0 100644 --- a/test/py/tests/test_efi_capsule/test_capsule_firmware_signed_fit.py +++ b/test/py/tests/test_efi_capsule/test_capsule_firmware_signed_fit.py @@ -125,3 +125,69 @@ class TestEfiCapsuleFirmwareSignedFit(): # TODO: check CapsuleStatus in CapsuleXXXX verify_content(u_boot_console, '100000', 'u-boot:Old') + + def test_efi_capsule_auth4( + self, u_boot_config, u_boot_console, efi_capsule_data): + """Test Case 4 - Update U-Boot on SPI Flash, raw image format with version information + 0x100000-0x150000: U-Boot binary (but dummy) + + If the capsule is properly signed, the authentication + should pass and the firmware be updated. + """ + disk_img = efi_capsule_data + capsule_files = ['Test114'] + with u_boot_console.log.section('Test Case 4-a, before reboot'): + setup(u_boot_console, disk_img, '0x0000000000000004') + init_content(u_boot_console, '100000', 'u-boot.bin.old', 'Old') + place_capsule_file(u_boot_console, capsule_files) + + do_reboot_dtb_specified(u_boot_config, u_boot_console, 'test_ver.dtb') + + capsule_early = u_boot_config.buildconfig.get( + 'config_efi_capsule_on_disk_early') + with u_boot_console.log.section('Test Case 4-b, after reboot'): + if not capsule_early: + exec_manual_update(u_boot_console, disk_img, capsule_files) + + check_file_removed(u_boot_console, disk_img, capsule_files) + + output = u_boot_console.run_command_list([ + 'env set dfu_alt_info "sf 0:0=u-boot-bin raw 0x100000 0x50000;' + 'u-boot-env raw 0x150000 0x200000"', + 'efidebug capsule esrt']) + + # ensure that SANDBOX_UBOOT_IMAGE_GUID is in the ESRT. + assert '3673B45D-6A7C-46F3-9E60-ADABB03F7937' in ''.join(output) + assert 'ESRT: fw_version=5' in ''.join(output) + assert 'ESRT: lowest_supported_fw_version=3' in ''.join(output) + + verify_content(u_boot_console, '100000', 'u-boot:New') + verify_content(u_boot_console, '150000', 'u-boot-env:New') + + def test_efi_capsule_auth5( + self, u_boot_config, u_boot_console, efi_capsule_data): + """Test Case 5 - Update U-Boot on SPI Flash, raw image format with version information + 0x100000-0x150000: U-Boot binary (but dummy) + + If the capsule is signed but fw_version is lower than lowest + supported version, the authentication should fail and the firmware + not be updated. + """ + disk_img = efi_capsule_data + capsule_files = ['Test115'] + with u_boot_console.log.section('Test Case 5-a, before reboot'): + setup(u_boot_console, disk_img, '0x0000000000000004') + init_content(u_boot_console, '100000', 'u-boot.bin.old', 'Old') + place_capsule_file(u_boot_console, capsule_files) + + do_reboot_dtb_specified(u_boot_config, u_boot_console, 'test_ver.dtb') + + capsule_early = u_boot_config.buildconfig.get( + 'config_efi_capsule_on_disk_early') + with u_boot_console.log.section('Test Case 5-b, after reboot'): + if not capsule_early: + exec_manual_update(u_boot_console, disk_img, capsule_files) + + check_file_removed(u_boot_console, disk_img, capsule_files) + + verify_content(u_boot_console, '100000', 'u-boot:Old') diff --git a/test/py/tests/test_efi_capsule/test_capsule_firmware_signed_raw.py b/test/py/tests/test_efi_capsule/test_capsule_firmware_signed_raw.py index c6109e2103..ad2b1c6324 100644 --- a/test/py/tests/test_efi_capsule/test_capsule_firmware_signed_raw.py +++ b/test/py/tests/test_efi_capsule/test_capsule_firmware_signed_raw.py @@ -119,3 +119,74 @@ class TestEfiCapsuleFirmwareSignedRaw(): # TODO: check CapsuleStatus in CapsuleXXXX verify_content(u_boot_console, '100000', 'u-boot:Old') + + def test_efi_capsule_auth4( + self, u_boot_config, u_boot_console, efi_capsule_data): + """Test Case 4 - Update U-Boot on SPI Flash, raw image format with version information + 0x100000-0x150000: U-Boot binary (but dummy) + + If the capsule is properly signed, the authentication + should pass and the firmware be updated. + """ + disk_img = efi_capsule_data + capsule_files = ['Test111', 'Test112'] + with u_boot_console.log.section('Test Case 4-a, before reboot'): + setup(u_boot_console, disk_img, '0x0000000000000004') + init_content(u_boot_console, '100000', 'u-boot.bin.old', 'Old') + place_capsule_file(u_boot_console, capsule_files) + + do_reboot_dtb_specified(u_boot_config, u_boot_console, 'test_ver.dtb') + + capsule_early = u_boot_config.buildconfig.get( + 'config_efi_capsule_on_disk_early') + with u_boot_console.log.section('Test Case 4-b, after reboot'): + if not capsule_early: + exec_manual_update(u_boot_console, disk_img, capsule_files) + + check_file_removed(u_boot_console, disk_img, capsule_files) + + output = u_boot_console.run_command_list([ + 'env set dfu_alt_info "sf 0:0=u-boot-bin raw 0x100000 0x50000;' + 'u-boot-env raw 0x150000 0x200000"', + 'efidebug capsule esrt']) + + # ensure that SANDBOX_UBOOT_IMAGE_GUID is in the ESRT. + assert '09D7CF52-0720-4710-91D1-08469B7FE9C8' in ''.join(output) + assert 'ESRT: fw_version=5' in ''.join(output) + assert 'ESRT: lowest_supported_fw_version=3' in ''.join(output) + + # ensure that SANDBOX_UBOOT_ENV_IMAGE_GUID is in the ESRT. + assert '5A7021F5-FEF2-48B4-AABA-832E777418C0' in ''.join(output) + assert 'ESRT: fw_version=10' in ''.join(output) + assert 'ESRT: lowest_supported_fw_version=7' in ''.join(output) + + verify_content(u_boot_console, '100000', 'u-boot:New') + verify_content(u_boot_console, '150000', 'u-boot-env:New') + + def test_efi_capsule_auth5( + self, u_boot_config, u_boot_console, efi_capsule_data): + """Test Case 5 - Update U-Boot on SPI Flash, raw image format with version information + 0x100000-0x150000: U-Boot binary (but dummy) + + If the capsule is signed but fw_version is lower than lowest + supported version, the authentication should fail and the firmware + not be updated. + """ + disk_img = efi_capsule_data + capsule_files = ['Test113'] + with u_boot_console.log.section('Test Case 5-a, before reboot'): + setup(u_boot_console, disk_img, '0x0000000000000004') + init_content(u_boot_console, '100000', 'u-boot.bin.old', 'Old') + place_capsule_file(u_boot_console, capsule_files) + + do_reboot_dtb_specified(u_boot_config, u_boot_console, 'test_ver.dtb') + + capsule_early = u_boot_config.buildconfig.get( + 'config_efi_capsule_on_disk_early') + with u_boot_console.log.section('Test Case 5-b, after reboot'): + if not capsule_early: + exec_manual_update(u_boot_console, disk_img, capsule_files) + + check_file_removed(u_boot_console, disk_img, capsule_files) + + verify_content(u_boot_console, '100000', 'u-boot:Old') diff --git a/test/py/tests/test_efi_capsule/version.dts b/test/py/tests/test_efi_capsule/version.dts new file mode 100644 index 0000000000..07850cc606 --- /dev/null +++ b/test/py/tests/test_efi_capsule/version.dts @@ -0,0 +1,24 @@ +// SPDX-License-Identifier: GPL-2.0+ + +/dts-v1/; +/plugin/; + +&{/} { + firmware-version { + image1 { + lowest-supported-version = <3>; + image-index = <1>; + image-type-id = "09D7CF52-0720-4710-91D1-08469B7FE9C8"; + }; + image2 { + lowest-supported-version = <7>; + image-index = <2>; + image-type-id = "5A7021F5-FEF2-48B4-AABA-832E777418C0"; + }; + image3 { + lowest-supported-version = <3>; + image-index = <1>; + image-type-id = "3673B45D-6A7C-46F3-9E60-ADABB03F7937"; + }; + }; +};