From patchwork Mon Apr 10 09:07:28 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Masahisa Kojima X-Patchwork-Id: 672027 Delivered-To: patch@linaro.org Received: by 2002:a05:6000:184:0:0:0:0 with SMTP id p4csp151265wrx; Mon, 10 Apr 2023 02:06:42 -0700 (PDT) X-Google-Smtp-Source: AKy350aaRUC15EzsUEQ9ZRKqtSIso1MNUySFx4u92xsSwYs81C4NuIY4ZGteZT5o1fpKHaXgk0iU X-Received: by 2002:a05:6214:622:b0:5ee:c6f8:7010 with SMTP id a2-20020a056214062200b005eec6f87010mr67661qvx.24.1681117602684; Mon, 10 Apr 2023 02:06:42 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1681117602; cv=none; d=google.com; s=arc-20160816; b=zkl3gBUEWFnEs4MsaeuwJXKtx20zp3Zr6FlykqqwBTgA6937tZ1wkTWVrxbZ81JY00 2HqzOa+ym7daTDXZ1nG5bkceCFB7j1USD2PdDSJ7+lPZNbYS859PRrv8PP2X9INkPtQu lPFMjb3tsxZkfLwuhfAhFNeifS2RNvw2plD8qeR08oRFzxveN1tVXC1obJQltGyd6Zj0 AwBMu5Lqd8/5r2O/Jbf38TPicSxN3rP+EuywamRDkhxdOCzuHIFc0CnwYDAzXxOVr+D2 uAWchcUeUm2h9eUPC4PQEbfcsDDEre13OvT5wYUwG75AZzcUubd7yFVbnzICMBxi9wIu aIBw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:message-id:date:subject:cc:to :from:dkim-signature; bh=KRoqRu+RS9vhZIpq0jR3z7xtl/egpDW54CECHa3AtFk=; b=kUxFgHWCdGSWev9UGd9OxYEjvCvZHpWb3iSBmz4KIP4Hf52tTYyd0YDJpAS/pxZgkP yx6eAuJO0MEL4mcgBXnfjxTYqNYn94VkHPJDhUJLSv61XP3OOlooVqyi8fvBXzvNbsBl 130+b/1r1F1a9yunXvAUrA1BwI/klkGq+RyWwO3PHi57M4eGxGIVpovehhFTdANF0Glf j1TVUGJPX3GAGWoQ7Zxgv62R3H/0Zgdj1BuDRs1wwUj3ZXt/Q0bH8tJZuhPrjLOt0zH7 N/jgv19d4LHqP+KkA6V2f78+ff7xd2psC4v9CPWyDAy8GgC7xSm/Hi5Y8vxcgXfnOVHF 15RQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=xtdYNpOz; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from phobos.denx.de (phobos.denx.de. [2a01:238:438b:c500:173d:9f52:ddab:ee01]) by mx.google.com with ESMTPS id 16-20020a370510000000b00745ceb5888asi6931864qkf.84.2023.04.10.02.06.42 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 10 Apr 2023 02:06:42 -0700 (PDT) Received-SPF: pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) client-ip=2a01:238:438b:c500:173d:9f52:ddab:ee01; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=xtdYNpOz; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 6E02A837A7; Mon, 10 Apr 2023 11:06:35 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="xtdYNpOz"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id BBCBE850CF; Mon, 10 Apr 2023 11:06:31 +0200 (CEST) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.2 Received: from mail-pj1-x1029.google.com (mail-pj1-x1029.google.com [IPv6:2607:f8b0:4864:20::1029]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id 1CF6A82160 for ; Mon, 10 Apr 2023 11:06:28 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=masahisa.kojima@linaro.org Received: by mail-pj1-x1029.google.com with SMTP id d22-20020a17090a111600b0023d1b009f52so6716843pja.2 for ; Mon, 10 Apr 2023 02:06:28 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1681117586; x=1683709586; h=message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=KRoqRu+RS9vhZIpq0jR3z7xtl/egpDW54CECHa3AtFk=; b=xtdYNpOz7CRlTzxIYXy12JXnanBEvqhUo0XSZbQI+XEusIfTlawqQ4SfNO3irsfHFe Wzhz/43s3YdwLjl9JUdLYdq8L5uNIZBFhh9dn0t4QhKrDtpB4RiI7Yc5MpIP45Pd+jCw tAELyZMY8QxDa51kFSQjidK/hxHJTSpRSr+Y9kNKKBXYK8FnVo4sv0RZX9qTvrU5+NmW sGnl6l3hQU7HfPXXjVmBNbvt0YJMYJZgnfENPn0UAkR+ViHTQJnybJ1lNRF/bcV9d/Nt 9P4c4KAT2lPBm16tOnSfl0QnYBeRGG2XwvUxENNnQ3RvsC1XKMOMW7EqIDMeB7wvL7SF Kz/Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; t=1681117586; x=1683709586; h=message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=KRoqRu+RS9vhZIpq0jR3z7xtl/egpDW54CECHa3AtFk=; b=CBd/beL7casKht+GCalvmxb1S4xuqrkFaKh26hq/0sU8ps1w0ztztMupy4uqPQEPKA LrB7IAVBX//dN01yt8PIIViqVdsKym2ZBh2r32fA9w87Tmz7kfXrdYz/C9j2aA1XWz4H HROEfQhjZp8j/6wkJkJ/VHqt1Bk/rBbehLu21y9eaJc81/VjBrMZB31bHRfhmn8wxQre ET80HOhEyDoVg+QHJU3wRXQVxWJDlUs+P5MUsVr4PAAyyw9e65EQ65gNGFGTMSPezfLt y2p2oazWWmfrgQrEmmbNkijTsFbx7CdCk/w+OqC0frLRlaqvfelXx7jyiCCZ4kR7atKm CEfQ== X-Gm-Message-State: AAQBX9eNXUpqMBzIWo/TyoVzswwNAHWrgsZYKF57eGLaJ0k49yo5d/Fj HWB5CFgI/rA8Pt6dY3hPb/avnzqnaTtyrdB4tU4= X-Received: by 2002:a17:90b:4a49:b0:246:aa73:309e with SMTP id lb9-20020a17090b4a4900b00246aa73309emr3223237pjb.42.1681117586081; Mon, 10 Apr 2023 02:06:26 -0700 (PDT) Received: from localhost.localdomain ([240d:1a:cf7:5800:82fa:5bff:fe4b:26b1]) by smtp.gmail.com with ESMTPSA id s15-20020a17090a5d0f00b0023f8bdc4a7fsm7189279pji.14.2023.04.10.02.06.24 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 10 Apr 2023 02:06:25 -0700 (PDT) From: Masahisa Kojima To: u-boot@lists.denx.de Cc: Heinrich Schuchardt , Ilias Apalodimas , Takahiro Akashi , Masahisa Kojima Subject: [PATCH v5 0/4] FMP versioning support Date: Mon, 10 Apr 2023 18:07:28 +0900 Message-Id: <20230410090732.1676-1-masahisa.kojima@linaro.org> X-Mailer: git-send-email 2.17.1 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.39 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.8 at phobos.denx.de X-Virus-Status: Clean Firmware version management is not implemented in the current FMP implementation. This series aims to add the versioning support in FMP. There is a major design change in v5. Until v4, the fw_version and lowest_supported_version are stored as a EFI variable. If the backing storage is a file we can't trust any of that information since anyone can tamper with the file, although the variables are defined as RO. With that, we store the version information in the device tree in v5. We can trust the information from dtb as long as the former stage boot loader verifies the image containing the dtb. The disadvantage of this design change is that we need to maintain the fw_version in both device tree and FMP Payload Header. It is inevitable since not all the capsule files contain the dtb. EDK II reference implementation utilizes the FMP Payload Header inserted right before the capsule payload. With this series, U-Boot also follows the EDK II implementation. Currently, there is no way to know the current running firmware version through the EFI interface. FMP->GetImageInfo() returns always 0 for the version number. So a user can not know that expected firmware is running after the capsule update. With this series applied, version number can be specified in the capsule file generation with mkeficapsule tool, then user can know the running firmware version through FMP->GetImageInfo() and ESRT. Note that this series does not mandate the FMP Payload Header, compatible with boards that are already using the existing U-Boot FMP implementation. If no FMP Payload Header is found in the capsule file, fw_version, lowest supported version, last attempt version and last attempt status is set to 0 and this is the same behavior as existing FMP implementation. Major Changes in v5: - major design changes, versioning is implemented with device tree instead of EFI variable Major Changes in v4: - add python-based test Major Changes in v3: - exclude CONFIG_FWU_MULTI Masahisa Kojima (4): efi_loader: get version information from device tree efi_loader: check lowest supported version mkeficapsule: add FMP Payload Header test/py: efi_capsule: test for FMP versioning .../firmware/firmware-version.txt | 25 +++ doc/mkeficapsule.1 | 10 + lib/efi_loader/efi_firmware.c | 187 +++++++++++++--- test/py/tests/test_efi_capsule/conftest.py | 73 +++++++ .../test_capsule_firmware_fit.py | 187 ++++++++++++++++ .../test_capsule_firmware_raw.py | 201 ++++++++++++++++++ .../test_capsule_firmware_signed_fit.py | 165 ++++++++++++++ .../test_capsule_firmware_signed_raw.py | 169 +++++++++++++++ test/py/tests/test_efi_capsule/version.dts | 27 +++ tools/eficapsule.h | 30 +++ tools/mkeficapsule.c | 37 +++- 11 files changed, 1082 insertions(+), 29 deletions(-) create mode 100644 doc/device-tree-bindings/firmware/firmware-version.txt create mode 100644 test/py/tests/test_efi_capsule/version.dts