| Message ID | 20180316161322.6756-1-ard.biesheuvel@linaro.org |
|---|---|
| Headers | show |
| Series | expand capsule to include SCP firmware | expand |
On 16 March 2018 at 17:13, Ard Biesheuvel <ard.biesheuvel@linaro.org> wrote: > Now that the NOR flash layout has been updated to split the actual SCP > firmware from the startup code and the builtin flasher, we can add the > SCP image to the capsule update to make it field upgradeable. > > This involves some rather nasty plumbing, since making changes to capsule > update installable via capsule update requires some additional care. > > Patch #1 fixes a bug in the FVB handling code of the flash access library. > > Patch #2 addresses an issue where we accidentally started to dereference > arbitrary data as an FV header by incorporating the secure firmware binary > into the flash device. > > Patch #3 is an optimization that speeds up flashing of sparse capsules. > > Patch #4 adds a PCD that holds the minimum firmware version that is allowed > by a platform. We will use this to ensure that systems using the new layout > cannot be flashed using older capsules, which is unlikely to work in any > case, but not guaranteed to fail in a harmless manner. > > Patch #5 is a temporary hack we will need to use to build capsules that > allow upgrading from the old layout to the new layout > > Patch #6 implements the new layout, and adds support to set the minimum > version on the build command line. > > Ard Biesheuvel (6): > Silicon/SynQuacerPlatformFlashAccessLib: fix return value on no FVB > found > Silicon/SynQuacerPlatformFlashAccessLib: don't dereference FVB header > fields > Silicon/SynQuacerPlatformFlashAccessLib: skip empty blocks > Silicon/SynQuacer: make lowest supported f/w version PCD configurable > TEMPORARY > Platform/Socionext/DeveloperBox: add SCP firmware image to capsule > > Platform/Socionext/DeveloperBox/DeveloperBox.dsc | 3 ++ > Platform/Socionext/DeveloperBox/DeveloperBox.fdf | 15 ++++--- > Platform/Socionext/DeveloperBox/SystemFirmwareDescriptor/SystemFirmwareDescriptor.inf | 2 + > Platform/Socionext/DeveloperBox/SystemFirmwareDescriptor/SystemFirmwareDescriptorTable.aslc | 2 +- > Platform/Socionext/DeveloperBox/SystemFirmwareUpdateConfig/SystemFirmwareUpdateConfig.ini | 4 +- > Silicon/Socionext/SynQuacer/Library/SynQuacerPlatformFlashAccessLib/SynQuacerPlatformFlashAccessLib.c | 46 ++++++++++++++++---- > Silicon/Socionext/SynQuacer/SynQuacer.dec | 3 ++ > 7 files changed, 58 insertions(+), 17 deletions(-) > Ping? _______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel
On Fri, Mar 16, 2018 at 04:13:16PM +0000, Ard Biesheuvel wrote: > Now that the NOR flash layout has been updated to split the actual SCP > firmware from the startup code and the builtin flasher, we can add the > SCP image to the capsule update to make it field upgradeable. > > This involves some rather nasty plumbing, since making changes to capsule > update installable via capsule update requires some additional care. > > Patch #1 fixes a bug in the FVB handling code of the flash access library. > > Patch #2 addresses an issue where we accidentally started to dereference > arbitrary data as an FV header by incorporating the secure firmware binary > into the flash device. > > Patch #3 is an optimization that speeds up flashing of sparse capsules. > > Patch #4 adds a PCD that holds the minimum firmware version that is allowed > by a platform. We will use this to ensure that systems using the new layout > cannot be flashed using older capsules, which is unlikely to work in any > case, but not guaranteed to fail in a harmless manner. > > Patch #5 is a temporary hack we will need to use to build capsules that > allow upgrading from the old layout to the new layout > > Patch #6 implements the new layout, and adds support to set the minimum > version on the build command line. > > Ard Biesheuvel (6): > Silicon/SynQuacerPlatformFlashAccessLib: fix return value on no FVB > found > Silicon/SynQuacerPlatformFlashAccessLib: don't dereference FVB header > fields > Silicon/SynQuacerPlatformFlashAccessLib: skip empty blocks > Silicon/SynQuacer: make lowest supported f/w version PCD configurable > TEMPORARY > Platform/Socionext/DeveloperBox: add SCP firmware image to capsule I have a few comments on the 5/6 layout thing, but apart from that I'm happy with the series. I guess 4 doesn't make much sense before we're ready to include the SCP firmware in the build. But still - for 1-4/6: Reviewed-by: Leif Lindholm <leif.lindholm@linaro.org> Feel free to push as many or as few of those as you like. > Platform/Socionext/DeveloperBox/DeveloperBox.dsc | 3 ++ > Platform/Socionext/DeveloperBox/DeveloperBox.fdf | 15 ++++--- > Platform/Socionext/DeveloperBox/SystemFirmwareDescriptor/SystemFirmwareDescriptor.inf | 2 + > Platform/Socionext/DeveloperBox/SystemFirmwareDescriptor/SystemFirmwareDescriptorTable.aslc | 2 +- > Platform/Socionext/DeveloperBox/SystemFirmwareUpdateConfig/SystemFirmwareUpdateConfig.ini | 4 +- > Silicon/Socionext/SynQuacer/Library/SynQuacerPlatformFlashAccessLib/SynQuacerPlatformFlashAccessLib.c | 46 ++++++++++++++++---- > Silicon/Socionext/SynQuacer/SynQuacer.dec | 3 ++ > 7 files changed, 58 insertions(+), 17 deletions(-) > > -- > 2.15.1 > _______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel
On 1 June 2018 at 11:51, Leif Lindholm <leif.lindholm@linaro.org> wrote: > On Fri, Mar 16, 2018 at 04:13:16PM +0000, Ard Biesheuvel wrote: >> Now that the NOR flash layout has been updated to split the actual SCP >> firmware from the startup code and the builtin flasher, we can add the >> SCP image to the capsule update to make it field upgradeable. >> >> This involves some rather nasty plumbing, since making changes to capsule >> update installable via capsule update requires some additional care. >> >> Patch #1 fixes a bug in the FVB handling code of the flash access library. >> >> Patch #2 addresses an issue where we accidentally started to dereference >> arbitrary data as an FV header by incorporating the secure firmware binary >> into the flash device. >> >> Patch #3 is an optimization that speeds up flashing of sparse capsules. >> >> Patch #4 adds a PCD that holds the minimum firmware version that is allowed >> by a platform. We will use this to ensure that systems using the new layout >> cannot be flashed using older capsules, which is unlikely to work in any >> case, but not guaranteed to fail in a harmless manner. >> >> Patch #5 is a temporary hack we will need to use to build capsules that >> allow upgrading from the old layout to the new layout >> >> Patch #6 implements the new layout, and adds support to set the minimum >> version on the build command line. >> >> Ard Biesheuvel (6): >> Silicon/SynQuacerPlatformFlashAccessLib: fix return value on no FVB >> found >> Silicon/SynQuacerPlatformFlashAccessLib: don't dereference FVB header >> fields >> Silicon/SynQuacerPlatformFlashAccessLib: skip empty blocks >> Silicon/SynQuacer: make lowest supported f/w version PCD configurable >> TEMPORARY >> Platform/Socionext/DeveloperBox: add SCP firmware image to capsule > > I have a few comments on the 5/6 layout thing, but apart from that I'm > happy with the series. I guess 4 doesn't make much sense before we're > ready to include the SCP firmware in the build. > But still - for 1-4/6: > Reviewed-by: Leif Lindholm <leif.lindholm@linaro.org> > > Feel free to push as many or as few of those as you like. > Thanks #1 - #3 pushed as c9be7b11ea10..e45ae44ec07e #4 will be updated to use PcdLowestSupportedFirmwareVersion from SignedCapsulePkg, and that patch is still under review. _______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel
Now that the NOR flash layout has been updated to split the actual SCP firmware from the startup code and the builtin flasher, we can add the SCP image to the capsule update to make it field upgradeable. This involves some rather nasty plumbing, since making changes to capsule update installable via capsule update requires some additional care. Patch #1 fixes a bug in the FVB handling code of the flash access library. Patch #2 addresses an issue where we accidentally started to dereference arbitrary data as an FV header by incorporating the secure firmware binary into the flash device. Patch #3 is an optimization that speeds up flashing of sparse capsules. Patch #4 adds a PCD that holds the minimum firmware version that is allowed by a platform. We will use this to ensure that systems using the new layout cannot be flashed using older capsules, which is unlikely to work in any case, but not guaranteed to fail in a harmless manner. Patch #5 is a temporary hack we will need to use to build capsules that allow upgrading from the old layout to the new layout Patch #6 implements the new layout, and adds support to set the minimum version on the build command line. Ard Biesheuvel (6): Silicon/SynQuacerPlatformFlashAccessLib: fix return value on no FVB found Silicon/SynQuacerPlatformFlashAccessLib: don't dereference FVB header fields Silicon/SynQuacerPlatformFlashAccessLib: skip empty blocks Silicon/SynQuacer: make lowest supported f/w version PCD configurable TEMPORARY Platform/Socionext/DeveloperBox: add SCP firmware image to capsule Platform/Socionext/DeveloperBox/DeveloperBox.dsc | 3 ++ Platform/Socionext/DeveloperBox/DeveloperBox.fdf | 15 ++++--- Platform/Socionext/DeveloperBox/SystemFirmwareDescriptor/SystemFirmwareDescriptor.inf | 2 + Platform/Socionext/DeveloperBox/SystemFirmwareDescriptor/SystemFirmwareDescriptorTable.aslc | 2 +- Platform/Socionext/DeveloperBox/SystemFirmwareUpdateConfig/SystemFirmwareUpdateConfig.ini | 4 +- Silicon/Socionext/SynQuacer/Library/SynQuacerPlatformFlashAccessLib/SynQuacerPlatformFlashAccessLib.c | 46 ++++++++++++++++---- Silicon/Socionext/SynQuacer/SynQuacer.dec | 3 ++ 7 files changed, 58 insertions(+), 17 deletions(-) -- 2.15.1 _______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel