From patchwork Tue Jun 6 09:40:24 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Masahisa Kojima X-Patchwork-Id: 689684 Delivered-To: patch@linaro.org Received: by 2002:a5d:4d8a:0:0:0:0:0 with SMTP id b10csp2537488wru; Tue, 6 Jun 2023 02:41:43 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ6YyIMMWK06wcV7HEbpytcfzuJg9+a9zd2sWcli943ySKLKuDj06gYCz0oODlCWIj9orFLk X-Received: by 2002:a05:6870:e506:b0:180:1c4b:fce6 with SMTP id y6-20020a056870e50600b001801c4bfce6mr1781645oag.28.1686044503063; Tue, 06 Jun 2023 02:41:43 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1686044503; cv=none; d=google.com; s=arc-20160816; b=jPeVhyjboQv7KNk5lzBouy2q57WG6qbJP7Q7zQQS11fmmjOCidv6xk26zx3IDlaURD hm9BllKT2G7M0XqLa2QKl8Tv8Jpw1gR/MCnht1xr5jUudXBr+WM21HrzNdGxb4l4PjIG w0GmqldJsmLB8ZVtoE/xBkGFZqXMVRrSy+a6q5rhPW4a4pfWaI9Ui6WS90Hjzjxrb5Kz 2SHg5fnKgGObQfcr13qKd0mA0M1RBZ+iVKluyf0MPyP49lydZ3eYtCoaTG/YubU+6vbA 0UV4xMfTemR7L/CZoFw0B3BFWJLBYQL9gltBocDBDozaPVkP1jhuXAEO/9Jd+shK6M8t xzPw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:content-transfer-encoding :mime-version:message-id:date:subject:cc:to:from:dkim-signature; bh=y93igYPUNCUZx7n5wC9MOgbkywSiKrvYVoAZGBDdTtg=; b=G9USxFtZ9jc4iAyIzFdE+VDMniUUdwlU1IaJQ6CdBrnyJeAe9h9GcRgrUumbuC+C42 Zczfsnt4Dy8fQf3JzTjD7dj8Cvgo0PvNxEi73aX+xajfjDrMCbSwX2D07ryK4YKCZYxn HzL+lOcK5jFvLDeRUBgEIKfecOhvNk5luPReR2e2Bf2+krL7iKWtAT8MvTui7vGh+Y4+ 04x9TnSvoqIcXN9vb2C3YmR1klpPe5XyxyzX+O3pparOKxEPR7uZ5QLEJm0B3bQaeL9J aXi3Jkab9gYJWIwKnsXq1sreURjrDXZ0hSZQzH5jkSsfhuljCVaB4QvI5dQKeC1MJ9xt Y+Dg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=MYKAgs2S; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from phobos.denx.de (phobos.denx.de. [2a01:238:438b:c500:173d:9f52:ddab:ee01]) by mx.google.com with ESMTPS id x18-20020a63b212000000b00543d2bb9c1bsi1760076pge.745.2023.06.06.02.41.41 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 06 Jun 2023 02:41:43 -0700 (PDT) Received-SPF: pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) client-ip=2a01:238:438b:c500:173d:9f52:ddab:ee01; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=MYKAgs2S; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 1852585DFA; Tue, 6 Jun 2023 11:41:35 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="MYKAgs2S"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id C3F0585E51; Tue, 6 Jun 2023 11:41:32 +0200 (CEST) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.2 Received: from mail-il1-x135.google.com (mail-il1-x135.google.com [IPv6:2607:f8b0:4864:20::135]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id 5FEFC85DE2 for ; Tue, 6 Jun 2023 11:41:29 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=masahisa.kojima@linaro.org Received: by mail-il1-x135.google.com with SMTP id e9e14a558f8ab-33b6c47898dso29939855ab.0 for ; Tue, 06 Jun 2023 02:41:29 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1686044487; x=1688636487; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=y93igYPUNCUZx7n5wC9MOgbkywSiKrvYVoAZGBDdTtg=; b=MYKAgs2SFKpDkgApOKRHtEwiOFuOFDhG8b9qLHj0Gg71hfOtgMjvbc/SBqdpR3SwxP Mo3aF0WzVcbzT5v2P/b9HLSxmP9otNFb0EziFox8i0oegIUlb7jVHYhZFlbpdAs8uXuq j9+7tOqPqR2KBQosZhH9YXvrc5tGRVY08gjfJSOfHNg0Di0IT5T5Wpt9gH3LlfFsrptA as/CVX7c+aWiKupoLK3n18h/O6E9QpUoy6JNru0haG1nrWKOx7zAM7c5CVchwLxWLVSb xxCuEld87yOK4bVWXSLmZOuTyiACdxaE86f88Py/fhcpkMzRAepHNu4EMSr3WJTME7i4 +5BA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1686044487; x=1688636487; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=y93igYPUNCUZx7n5wC9MOgbkywSiKrvYVoAZGBDdTtg=; b=P2hMf070Y83Y6RyLCYwCVBJh8BxRuNqKr8DI0i+sxYGAu2oJTr9NvidClpaCv5Tl8C LnHmOrsih8XpEPrYj8o1pHGp9q1J8kVw45UMo1YoiTmbjRAhIXjOj0LK9+y5J0fARcmN at0BeSCRPTmlagWSGF67ZAc5ho/24Pb0iPtt1jxvnMSxBlQ0dk6qcgJNpUsADtdmToJn k5OlM0/2Ok8uTTjSWQCgqf2mFwYtr93Kr5MG49XSs4chgCOlvgeHaUYOuQMC4YiPSbJO yRWSh+8O6GjYUSD3K/Onvad170f4NlaKkD3yq6MndXGdEctVXY1CyVfMYCrDcC9d187B PAgw== X-Gm-Message-State: AC+VfDzMOYGNqEp2CP2zL9Cl/AYxSTBBU1Hm3aekZ52/jEuIZIfHbFR6 RQy8bfEuvRSEpe7401nqVoA8fm+NW8yTYY6yHuw= X-Received: by 2002:a05:6e02:5d2:b0:33d:3b69:2d2c with SMTP id l18-20020a056e0205d200b0033d3b692d2cmr2882926ils.20.1686044487704; Tue, 06 Jun 2023 02:41:27 -0700 (PDT) Received: from ubuntu-SVE15129CJS.. ([240d:1a:cf7:5800:d3c2:bf07:d08b:b72d]) by smtp.gmail.com with ESMTPSA id u25-20020aa78399000000b00627ed4e23e0sm6542809pfm.101.2023.06.06.02.41.25 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 06 Jun 2023 02:41:27 -0700 (PDT) From: Masahisa Kojima To: u-boot@lists.denx.de Cc: Heinrich Schuchardt , Ilias Apalodimas , Simon Glass , Takahiro Akashi , malte.schmidt-oss@weidmueller.com, Masahisa Kojima Subject: [PATCH v8 00/10] FMP versioning support Date: Tue, 6 Jun 2023 18:40:24 +0900 Message-Id: <20230606094035.28990-1-masahisa.kojima@linaro.org> X-Mailer: git-send-email 2.34.1 MIME-Version: 1.0 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.39 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.8 at phobos.denx.de X-Virus-Status: Clean Firmware version management is not implemented in the current FMP implementation. This series aims to add the versioning support in FMP. Currently, there is no way to know the current running firmware version through the EFI interface. FMP->GetImageInfo() returns always 0 for the version number. So a user can not know that expected firmware is running after the capsule update. EDK II reference implementation utilizes the FMP Payload Header inserted right before the capsule payload. U-Boot also follows the EDK II implementation. With this series applied, version number can be specified in the capsule file generation with mkeficapsule tool, then user can know the running firmware version through FMP->GetImageInfo() and ESRT. There is a design consideration for lowest supported version. If the backing storage is a file we can't trust any of that information since anyone can tamper with the file, although the variables are defined as RO. With that, we store the lowest supported version in the device tree. We can trust the information from dtb as long as the former stage boot loader verifies the image containing the dtb. The firmware version can not be stored in device tree because not all the capsule files do not have a device tree. Note that this series does not mandate the FMP Payload Header, compatible with boards that are already using the existing U-Boot FMP implementation. If no FMP Payload Header is found in the capsule file, fw_version, lowest supported version, last attempt version and last attempt status is set to 0 and this is the same behavior as existing FMP implementation. Major Changes in v8: - This version only updates python tests(test/py/tests/test_efi_capsule) - remove excess semicolons - add comments of newly created common functions Major Changes in v7: - refactor the efi_capsule python test - add test cases for the FMP versioning Major Changes in v6: - change the location of fw_version and lowest supported version - fw_version is stored in FMP Payload Header in the capsule file - lowest_supported_version is stored in the device tree Major Changes in v5: - major design changes, versioning is implemented with device tree instead of EFI variable Major Changes in v4: - add python-based test Major Changes in v3: - exclude CONFIG_FWU_MULT Masahisa Kojima (10): efi_loader: add the number of image entries in efi_capsule_update_info efi_loader: store firmware version into FmpState variable efi_loader: versioning support in GetImageInfo efi_loader: get lowest supported version from device tree efi_loader: check lowest supported version mkeficapsule: add FMP Payload Header doc: uefi: add firmware versioning documentation doc: uefi: add anti-rollback documentation test: efi_capsule: refactor efi_capsule test test/py: efi_capsule: test for FMP versioning arch/arm/mach-rockchip/board.c | 4 +- .../imx8mp_rsb3720a1/imx8mp_rsb3720a1.c | 2 +- .../imx8mm-cl-iot-gate/imx8mm-cl-iot-gate.c | 2 +- board/emulation/qemu-arm/qemu-arm.c | 2 +- board/kontron/pitx_imx8m/pitx_imx8m.c | 2 +- board/kontron/sl-mx8mm/sl-mx8mm.c | 2 +- board/kontron/sl28/sl28.c | 2 +- board/rockchip/evb_rk3399/evb-rk3399.c | 2 +- board/sandbox/sandbox.c | 2 +- board/socionext/developerbox/developerbox.c | 2 +- board/st/stm32mp1/stm32mp1.c | 2 +- board/xilinx/common/board.c | 2 +- doc/develop/uefi/uefi.rst | 66 ++++ .../firmware/firmware-version.txt | 22 ++ doc/mkeficapsule.1 | 10 + include/efi_loader.h | 3 +- lib/efi_loader/efi_firmware.c | 276 ++++++++++++++-- lib/fwu_updates/fwu.c | 2 +- .../tests/test_efi_capsule/capsule_common.py | 167 ++++++++++ test/py/tests/test_efi_capsule/conftest.py | 82 +++++ .../test_capsule_firmware_fit.py | 213 ++++++------- .../test_capsule_firmware_raw.py | 301 +++++++----------- .../test_capsule_firmware_signed_fit.py | 267 ++++++---------- .../test_capsule_firmware_signed_raw.py | 274 ++++++---------- test/py/tests/test_efi_capsule/version.dts | 24 ++ tools/eficapsule.h | 30 ++ tools/mkeficapsule.c | 37 ++- 27 files changed, 1127 insertions(+), 673 deletions(-) create mode 100644 doc/device-tree-bindings/firmware/firmware-version.txt create mode 100644 test/py/tests/test_efi_capsule/capsule_common.py create mode 100644 test/py/tests/test_efi_capsule/version.dts