[v2] efi_loader: set CapsuleMax from CONFIG_EFI_CAPSULE_MAX

Adds CONFIG_EFI_CAPSULE_MAX to configure the max index value used in
EFI capsule reports. The config default value is 65535 as the index max
value used before this change. Platforms with limited storage capacity
can set a lower configuration value to prevent storage capacity
overflow or even waste of storage space.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
---
Changes since v1
- Changed CONFIG_EFI_CAPSULE_MAX default value from 65535 to 15.
---
 lib/efi_loader/Kconfig       |  8 ++++++
 lib/efi_loader/efi_capsule.c | 48 +++++++++++++++++++++++++-----------
 lib/efi_loader/efi_setup.c   |  7 +++++-
 3 files changed, 48 insertions(+), 15 deletions(-)

On Thu, 16 Feb 2023 at 18:21, Etienne Carriere
<etienne.carriere@linaro.org> wrote:
>
> Adds CONFIG_EFI_CAPSULE_MAX to configure the max index value used in
> EFI capsule reports. The config default value is 65535 as the index max

I forgot to update the commit message.
I'll fix in v3.

> value used before this change. Platforms with limited storage capacity
> can set a lower configuration value to prevent storage capacity
> overflow or even waste of storage space.
>
> Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
> ---
> Changes since v1
> - Changed CONFIG_EFI_CAPSULE_MAX default value from 65535 to 15.
> ---
>  lib/efi_loader/Kconfig       |  8 ++++++
>  lib/efi_loader/efi_capsule.c | 48 +++++++++++++++++++++++++-----------
>  lib/efi_loader/efi_setup.c   |  7 +++++-
>  3 files changed, 48 insertions(+), 15 deletions(-)
>
> diff --git a/lib/efi_loader/Kconfig b/lib/efi_loader/Kconfig
> index c56904afc2..727241dc9c 100644
> --- a/lib/efi_loader/Kconfig
> +++ b/lib/efi_loader/Kconfig
> @@ -226,6 +226,14 @@ config EFI_CAPSULE_AUTHENTICATE
>           Select this option if you want to enable capsule
>           authentication
>
> +config EFI_CAPSULE_MAX
> +       int "Max value for capsule index"
> +       default 15
> +       range 0 65535
> +       help
> +         Select the max capsule index value used for capsule report
> +         variables. This value is used to create CapsuleMax variable.
> +
>  config EFI_DEVICE_PATH_TO_TEXT
>         bool "Device path to text protocol"
>         default y
> diff --git a/lib/efi_loader/efi_capsule.c b/lib/efi_loader/efi_capsule.c
> index 0997cd248f..d5d3ede7ae 100644
> --- a/lib/efi_loader/efi_capsule.c
> +++ b/lib/efi_loader/efi_capsule.c
> @@ -45,17 +45,7 @@ const efi_guid_t fwu_guid_os_request_fw_accept =
>  static struct efi_file_handle *bootdev_root;
>  #endif
>
> -/**
> - * get_last_capsule - get the last capsule index
> - *
> - * Retrieve the index of the capsule invoked last time from "CapsuleLast"
> - * variable.
> - *
> - * Return:
> - * * > 0       - the last capsule index invoked
> - * * 0xffff    - on error, or no capsule invoked yet
> - */
> -static __maybe_unused unsigned int get_last_capsule(void)
> +static __maybe_unused unsigned int get_capsule_index(const u16 *variable_name)
>  {
>         u16 value16[11]; /* "CapsuleXXXX": non-null-terminated */
>         char value[5];
> @@ -65,7 +55,7 @@ static __maybe_unused unsigned int get_last_capsule(void)
>         int i;
>
>         size = sizeof(value16);
> -       ret = efi_get_variable_int(u"CapsuleLast", &efi_guid_capsule_report,
> +       ret = efi_get_variable_int(variable_name, &efi_guid_capsule_report,
>                                    NULL, &size, value16, NULL);
>         if (ret != EFI_SUCCESS || size != 22 ||
>             u16_strncmp(value16, u"Capsule", 7))
> @@ -84,6 +74,35 @@ err:
>         return index;
>  }
>
> +/**
> + * get_last_capsule - get the last capsule index
> + *
> + * Retrieve the index of the capsule invoked last time from "CapsuleLast"
> + * variable.
> + *
> + * Return:
> + * * > 0       - the last capsule index invoked
> + * * 0xffff    - on error, or no capsule invoked yet
> + */
> +static __maybe_unused unsigned int get_last_capsule(void)
> +{
> +       return get_capsule_index(u"CapsuleLast");
> +}
> +
> +/**
> + * get_max_capsule - get the max capsule index
> + *
> + * Retrieve the max capsule index value from "CapsuleMax" variable.
> + *
> + * Return:
> + * * > 0       - the max capsule index
> + * * 0xffff    - on error, or "CapsuleMax" variable does not exist
> + */
> +static __maybe_unused unsigned int get_max_capsule(void)
> +{
> +       return get_capsule_index(u"CapsuleMax");
> +}
> +
>  /**
>   * set_capsule_result - set a result variable
>   * @capsule:           Capsule
> @@ -1290,7 +1309,7 @@ efi_status_t efi_launch_capsules(void)
>  {
>         struct efi_capsule_header *capsule = NULL;
>         u16 **files;
> -       unsigned int nfiles, index, i;
> +       unsigned int nfiles, index, index_max, i;
>         efi_status_t ret;
>         bool capsule_update = true;
>         bool update_status = true;
> @@ -1299,6 +1318,7 @@ efi_status_t efi_launch_capsules(void)
>         if (check_run_capsules() != EFI_SUCCESS)
>                 return EFI_SUCCESS;
>
> +       index_max = get_max_capsule();
>         index = get_last_capsule();
>
>         /*
> @@ -1317,7 +1337,7 @@ efi_status_t efi_launch_capsules(void)
>         /* Launch capsules */
>         for (i = 0, ++index; i < nfiles; i++, index++) {
>                 log_debug("Applying %ls\n", files[i]);
> -               if (index > 0xffff)
> +               if (index > index_max)
>                         index = 0;
>                 ret = efi_capsule_read_file(files[i], &capsule);
>                 if (ret == EFI_SUCCESS) {
> diff --git a/lib/efi_loader/efi_setup.c b/lib/efi_loader/efi_setup.c
> index f0f01d3b1d..04da4cf14d 100644
> --- a/lib/efi_loader/efi_setup.c
> +++ b/lib/efi_loader/efi_setup.c
> @@ -129,12 +129,17 @@ static efi_status_t efi_init_capsule(void)
>         efi_status_t ret = EFI_SUCCESS;
>
>         if (IS_ENABLED(CONFIG_EFI_HAVE_CAPSULE_SUPPORT)) {
> +               u16 var_name16[12];
> +
> +               efi_create_indexed_name(var_name16, sizeof(var_name16),
> +                                       "Capsule", CONFIG_EFI_CAPSULE_MAX);
> +
>                 ret = efi_set_variable_int(u"CapsuleMax",
>                                            &efi_guid_capsule_report,
>                                            EFI_VARIABLE_READ_ONLY |
>                                            EFI_VARIABLE_BOOTSERVICE_ACCESS |
>                                            EFI_VARIABLE_RUNTIME_ACCESS,
> -                                          22, u"CapsuleFFFF", false);
> +                                          22, var_name16, false);
>                 if (ret != EFI_SUCCESS)
>                         printf("EFI: cannot initialize CapsuleMax variable\n");
>         }
> --
> 2.25.1
>

Hi Etienne,

On Thu, Feb 16, 2023 at 06:21:41PM +0100, Etienne Carriere wrote:
> Adds CONFIG_EFI_CAPSULE_MAX to configure the max index value used in
> EFI capsule reports. The config default value is 65535 as the index max
> value used before this change. Platforms with limited storage capacity
> can set a lower configuration value to prevent storage capacity
> overflow or even waste of storage space.
>
> Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
> ---
> Changes since v1
> - Changed CONFIG_EFI_CAPSULE_MAX default value from 65535 to 15.
> ---
>  lib/efi_loader/Kconfig       |  8 ++++++
>  lib/efi_loader/efi_capsule.c | 48 +++++++++++++++++++++++++-----------
>  lib/efi_loader/efi_setup.c   |  7 +++++-
>  3 files changed, 48 insertions(+), 15 deletions(-)
>
> diff --git a/lib/efi_loader/Kconfig b/lib/efi_loader/Kconfig
> index c56904afc2..727241dc9c 100644
> --- a/lib/efi_loader/Kconfig
> +++ b/lib/efi_loader/Kconfig
> @@ -226,6 +226,14 @@ config EFI_CAPSULE_AUTHENTICATE
>  	  Select this option if you want to enable capsule
>  	  authentication
>
> +config EFI_CAPSULE_MAX
> +	int "Max value for capsule index"
> +	default 15
> +	range 0 65535
> +	help
> +	  Select the max capsule index value used for capsule report
> +	  variables. This value is used to create CapsuleMax variable.
> +
>  config EFI_DEVICE_PATH_TO_TEXT
>  	bool "Device path to text protocol"
>  	default y
> diff --git a/lib/efi_loader/efi_capsule.c b/lib/efi_loader/efi_capsule.c
> index 0997cd248f..d5d3ede7ae 100644
> --- a/lib/efi_loader/efi_capsule.c
> +++ b/lib/efi_loader/efi_capsule.c
> @@ -45,17 +45,7 @@ const efi_guid_t fwu_guid_os_request_fw_accept =
>  static struct efi_file_handle *bootdev_root;
>  #endif
>
> -/**
> - * get_last_capsule - get the last capsule index
> - *
> - * Retrieve the index of the capsule invoked last time from "CapsuleLast"
> - * variable.
> - *
> - * Return:
> - * * > 0	- the last capsule index invoked
> - * * 0xffff	- on error, or no capsule invoked yet
> - */
> -static __maybe_unused unsigned int get_last_capsule(void)
> +static __maybe_unused unsigned int get_capsule_index(const u16 *variable_name)
>  {
>  	u16 value16[11]; /* "CapsuleXXXX": non-null-terminated */
>  	char value[5];
> @@ -65,7 +55,7 @@ static __maybe_unused unsigned int get_last_capsule(void)
>  	int i;
>
>  	size = sizeof(value16);
> -	ret = efi_get_variable_int(u"CapsuleLast", &efi_guid_capsule_report,
> +	ret = efi_get_variable_int(variable_name, &efi_guid_capsule_report,
>  				   NULL, &size, value16, NULL);

Variable name is now an argument, but the value16 size remains an array of
11 u16's.  We should test that before calling efi_get_variable_int()
although the code currently just uses 'CapsuleLast' and 'CapsuleMax'.

>  	if (ret != EFI_SUCCESS || size != 22 ||
>  	    u16_strncmp(value16, u"Capsule", 7))
> @@ -84,6 +74,35 @@ err:
>  	return index;
>  }
>

[...]

Cheers
/Ilias