From patchwork Mon Jun 14 15:10:14 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Ilias Apalodimas X-Patchwork-Id: 1491701 X-Patchwork-Delegate: xypron.glpk@gmx.de Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.denx.de (client-ip=2a01:238:438b:c500:173d:9f52:ddab:ee01; helo=phobos.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.a=rsa-sha256 header.s=google header.b=qjGWqmAX; dkim-atps=neutral Received: from phobos.denx.de (phobos.denx.de [IPv6:2a01:238:438b:c500:173d:9f52:ddab:ee01]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4G3ZdT2mTdz9sVb for ; Tue, 15 Jun 2021 01:10:37 +1000 (AEST) Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 854F582024; Mon, 14 Jun 2021 17:10:24 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="qjGWqmAX"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id 8AF6D81249; Mon, 14 Jun 2021 17:10:22 +0200 (CEST) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,SPF_HELO_NONE autolearn=ham autolearn_force=no version=3.4.2 Received: from mail-wr1-x432.google.com (mail-wr1-x432.google.com [IPv6:2a00:1450:4864:20::432]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id 7186A81249 for ; Mon, 14 Jun 2021 17:10:18 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=ilias.apalodimas@linaro.org Received: by mail-wr1-x432.google.com with SMTP id i94so14910409wri.4 for ; Mon, 14 Jun 2021 08:10:18 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=85/0rnEMfDkWbP4ujo8afaD2mtZffrJOG/thwStALCs=; b=qjGWqmAXEiRxE066PFeWk9ACGKkJ7LQioz/cb3m6rWE2yb7zhTSW3ApjOZrIPDey7M OMTeyoNbLHWlZ2PcomZks2+fgDjYJp+EZCjJ6+2Hde00jEkri4vJuOg9vE/ugAFa5yTl 3tsSOUK44GTRx8ntSY0BJF95lTIzNRy51K0BwVagNNDxHTplL3qObyHvIzjUzh3anost qE51ngXFELsfJKAWLCHz+g15sZk5jDM//kFOIjJFPF56VZOOJEx7vF30yqMEIHai168j VkjDECRH1eMmfv2gMHdESj8mq9EqwrWSktquxs55Zi2KRHr9F49oGAO6j4exYW63o216 v0MA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=85/0rnEMfDkWbP4ujo8afaD2mtZffrJOG/thwStALCs=; b=Iu4ffz2w5Y7Sm3fPQbpDkpgbRRx869K/gwhNOef3BWqtquvwZJDr6DAduqiU7An+XQ DxTyc1fALA8NqwHC8NLJLMa9HVBxL2K5iCMj3i8a5WXuT1kels83TsBJGKYSHN3GwqAN vo3pK2JfabLg5g2lJ7qnZpyYdwSYq20e2n6JQftFYJUE+YYh2Mc6exCNwc5YzoBujx/d tyH4tEXP3ehgka/sqwSFBYG33qBfg0MRyibghnEgVmHL7XsujHxDbXt5XaE2yRXPAop8 CdNorjFNkN0hkXedkvOIF4wZ1e7QEe8N4B0m3+CANqfxYM9PC+q09nGbiGxFtRYk4il7 /88g== X-Gm-Message-State: AOAM530yLHqi35KCkn+7pb0gQADPT8DFuPssOsmrmDOkCthcGnmqEBAf JzQSAlNXz7QqBvDGeMMT1RB/Bw== X-Google-Smtp-Source: ABdhPJyKVfcDEa47TvULiSCWI7p0akQVuvFBG1cO4CJ1CLfhJfEqV5lEAx0c5vNV9lfaNapckOR1yQ== X-Received: by 2002:a5d:50d1:: with SMTP id f17mr13763458wrt.104.1623683417987; Mon, 14 Jun 2021 08:10:17 -0700 (PDT) Received: from localhost.localdomain (ppp-94-66-220-227.home.otenet.gr. [94.66.220.227]) by smtp.gmail.com with ESMTPSA id q3sm16541603wrz.71.2021.06.14.08.10.16 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 14 Jun 2021 08:10:17 -0700 (PDT) From: Ilias Apalodimas To: xypron.glpk@gmx.de Cc: masami.hiramatsu@linaro.org, takahiro.akashi@linaro.org, Ilias Apalodimas , Simon Glass , Mario Six , Michal Simek , Alexander Graf , u-boot@lists.denx.de Subject: [PATCH] efi_loader: FMP cleanups Date: Mon, 14 Jun 2021 18:10:14 +0300 Message-Id: <20210614151015.99992-1-ilias.apalodimas@linaro.org> X-Mailer: git-send-email 2.32.0.rc0 MIME-Version: 1.0 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.34 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.2 at phobos.denx.de X-Virus-Status: Clean Right now we allow both of the FMPs (RAW and FIT based) to be installed at the same time. Moreover we only install those if a CapsuleUpdate is requested. Since we now have an ESRT table, it makes more sense to unconditionally install the FMP, so any userspace applications (e.g fwupd) can make use of them and trigger an update. While at it clean up the FMP installation as well. Chapter 23 of the EFI spec (rev 2.9) says: "A specific updatable hardware firmware store must be represented by exactly one FMP instance". This is not the case for us, since both of our FMP protocols can be installed at the same time and are controlled by a single 'dfu_alt_info' env variable. So make the config option a choice and allow the user to install one of them at any given time. The overall changes show up in fwupd pre-patch: fwupdmgr get-devices No detected devices post-patch (with FIT FMP installed): fwupdmgr get-devices WARNING: Required efivarfs filesystem was not found See https://github.com/fwupd/fwupd/wiki/PluginFlag:efivar-not-mounted for more information. Unknown Product │ └─Unknown Firmware: Device ID: 605080e08f71dabb86d0781c28f7d923edabf7d6 Current version: 0 Vendor: DMI:U-Boot Update Error: Not updatable as efivarfs was not found GUIDs: ae13ff2d-9ad4-4e25-9ac8-6d80b3b22147 230c8b18-8d9b-53ec-838b-6cfc0383493a ← main-system-firmware 1a1da7d4-0a24-51b5-8a1a-1e3274328094 ← UEFI\RES_{AE13FF2D-9AD4-4E25-9AC8-6D80B3B22147} Device Flags: • Internal device • System requires external power source • Needs a reboot after installation • Device is usable for the duration of the update Signed-off-by: Ilias Apalodimas Reviewed-by: Masami Hiramatsu --- configs/sandbox64_defconfig | 1 - configs/sandbox_defconfig | 1 - configs/xilinx_zynqmp_virt_defconfig | 1 - include/efi_loader.h | 1 + lib/efi_loader/Kconfig | 48 +++++++++++++++------------- lib/efi_loader/efi_capsule.c | 22 ++++--------- lib/efi_loader/efi_setup.c | 4 +++ 7 files changed, 37 insertions(+), 41 deletions(-) diff --git a/configs/sandbox64_defconfig b/configs/sandbox64_defconfig index 9a373bab6fe3..af18b6c7826e 100644 --- a/configs/sandbox64_defconfig +++ b/configs/sandbox64_defconfig @@ -233,7 +233,6 @@ CONFIG_LZ4=y CONFIG_ERRNO_STR=y CONFIG_EFI_RUNTIME_UPDATE_CAPSULE=y CONFIG_EFI_CAPSULE_ON_DISK=y -CONFIG_EFI_CAPSULE_FIRMWARE_FIT=y CONFIG_EFI_CAPSULE_FIRMWARE_RAW=y CONFIG_EFI_SECURE_BOOT=y CONFIG_TEST_FDTDEC=y diff --git a/configs/sandbox_defconfig b/configs/sandbox_defconfig index bdbf714e2bd9..24313fdfa53d 100644 --- a/configs/sandbox_defconfig +++ b/configs/sandbox_defconfig @@ -280,7 +280,6 @@ CONFIG_LZ4=y CONFIG_ERRNO_STR=y CONFIG_EFI_RUNTIME_UPDATE_CAPSULE=y CONFIG_EFI_CAPSULE_ON_DISK=y -CONFIG_EFI_CAPSULE_FIRMWARE_FIT=y CONFIG_EFI_CAPSULE_FIRMWARE_RAW=y CONFIG_EFI_SECURE_BOOT=y CONFIG_TEST_FDTDEC=y diff --git a/configs/xilinx_zynqmp_virt_defconfig b/configs/xilinx_zynqmp_virt_defconfig index e939b04ef6a5..0c2d1a70a5a1 100644 --- a/configs/xilinx_zynqmp_virt_defconfig +++ b/configs/xilinx_zynqmp_virt_defconfig @@ -188,5 +188,4 @@ CONFIG_EFI_SET_TIME=y CONFIG_EFI_RUNTIME_UPDATE_CAPSULE=y CONFIG_EFI_CAPSULE_ON_DISK=y CONFIG_EFI_CAPSULE_ON_DISK_EARLY=y -CONFIG_EFI_CAPSULE_FIRMWARE_FIT=y CONFIG_EFI_CAPSULE_FIRMWARE_RAW=y diff --git a/include/efi_loader.h b/include/efi_loader.h index 0a9c82a257e1..b81180cfda8b 100644 --- a/include/efi_loader.h +++ b/include/efi_loader.h @@ -972,4 +972,5 @@ efi_status_t efi_esrt_register(void); * - error code otherwise. */ efi_status_t efi_esrt_populate(void); +efi_status_t efi_load_capsule_drivers(void); #endif /* _EFI_LOADER_H */ diff --git a/lib/efi_loader/Kconfig b/lib/efi_loader/Kconfig index 6242caceb7f9..da6f5faf5adb 100644 --- a/lib/efi_loader/Kconfig +++ b/lib/efi_loader/Kconfig @@ -161,6 +161,31 @@ config EFI_CAPSULE_FIRMWARE_MANAGEMENT Select this option if you want to enable capsule-based firmware update using Firmware Management Protocol. +choice EFI_CAPSULE_TYPE + prompt "Capsule type (RAW/FIT)" + depends on EFI_CAPSULE_FIRMWARE_MANAGEMENT + +config EFI_CAPSULE_FIRMWARE_FIT + bool "FMP driver for FIT images" + depends on FIT + select UPDATE_FIT + select DFU + select EFI_CAPSULE_FIRMWARE + help + Select this option if you want to enable firmware management protocol + driver for FIT image + +config EFI_CAPSULE_FIRMWARE_RAW + bool "FMP driver for raw images" + select DFU_WRITE_ALT + select DFU + select EFI_CAPSULE_FIRMWARE + help + Select this option if you want to enable firmware management protocol + driver for raw image + +endchoice + config EFI_CAPSULE_AUTHENTICATE bool "Update Capsule authentication" depends on EFI_CAPSULE_FIRMWARE @@ -181,29 +206,6 @@ config EFI_CAPSULE_AUTHENTICATE Select this option if you want to enable capsule authentication -config EFI_CAPSULE_FIRMWARE_FIT - bool "FMP driver for FIT image" - depends on EFI_CAPSULE_FIRMWARE_MANAGEMENT - depends on FIT - select UPDATE_FIT - select DFU - select EFI_CAPSULE_FIRMWARE - default n - help - Select this option if you want to enable firmware management protocol - driver for FIT image - -config EFI_CAPSULE_FIRMWARE_RAW - bool "FMP driver for raw image" - depends on EFI_CAPSULE_FIRMWARE_MANAGEMENT - select DFU - select DFU_WRITE_ALT - select EFI_CAPSULE_FIRMWARE - default n - help - Select this option if you want to enable firmware management protocol - driver for raw image - config EFI_DEVICE_PATH_TO_TEXT bool "Device path to text protocol" default y diff --git a/lib/efi_loader/efi_capsule.c b/lib/efi_loader/efi_capsule.c index 9ead0d2c7816..3b4214a8d4cc 100644 --- a/lib/efi_loader/efi_capsule.c +++ b/lib/efi_loader/efi_capsule.c @@ -918,31 +918,27 @@ static void efi_capsule_scan_done(void) } /** - * arch_efi_load_capsule_drivers - initialize capsule drivers + * efi_load_capsule_drivers - initialize capsule drivers * - * Architecture or board specific initialization routine + * Generic FMP drivers backed by DFU * * Return: status code */ -efi_status_t __weak arch_efi_load_capsule_drivers(void) +efi_status_t efi_load_capsule_drivers(void) { - __maybe_unused efi_handle_t handle; + __maybe_unused efi_handle_t handle = NULL; efi_status_t ret = EFI_SUCCESS; - if (IS_ENABLED(CONFIG_EFI_CAPSULE_FIRMWARE_FIT)) { - handle = NULL; + if (IS_ENABLED(CONFIG_EFI_CAPSULE_FIRMWARE_FIT)) ret = EFI_CALL(efi_install_multiple_protocol_interfaces( &handle, &efi_guid_firmware_management_protocol, &efi_fmp_fit, NULL)); - } - if (IS_ENABLED(CONFIG_EFI_CAPSULE_FIRMWARE_RAW)) { - handle = NULL; + if (IS_ENABLED(CONFIG_EFI_CAPSULE_FIRMWARE_RAW)) ret = EFI_CALL(efi_install_multiple_protocol_interfaces( - &efi_root, + &handle, &efi_guid_firmware_management_protocol, &efi_fmp_raw, NULL)); - } return ret; } @@ -975,10 +971,6 @@ efi_status_t efi_launch_capsules(void) index = get_last_capsule(); - /* Load capsule drivers */ - ret = arch_efi_load_capsule_drivers(); - if (ret != EFI_SUCCESS) - return ret; /* * Find capsules on disk. diff --git a/lib/efi_loader/efi_setup.c b/lib/efi_loader/efi_setup.c index 3c5cf9a4357e..0106efdc161b 100644 --- a/lib/efi_loader/efi_setup.c +++ b/lib/efi_loader/efi_setup.c @@ -254,6 +254,10 @@ efi_status_t efi_init_obj_list(void) if (ret != EFI_SUCCESS) goto out; + ret = efi_load_capsule_drivers(); + if (ret != EFI_SUCCESS) + goto out; + #if defined(CONFIG_LCD) || defined(CONFIG_DM_VIDEO) ret = efi_gop_register(); if (ret != EFI_SUCCESS)