From patchwork Mon Oct 3 14:24:21 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sughosh Ganu X-Patchwork-Id: 611976 Delivered-To: patch@linaro.org Received: by 2002:a17:522:c983:b0:460:3032:e3c4 with SMTP id kr3csp1130923pvb; Mon, 3 Oct 2022 07:26:53 -0700 (PDT) X-Google-Smtp-Source: AMsMyM6aU8U3ycjTfbL6z9PBvypoaJcOk3ZPr3cZWLz8FYRaOu7pKDa3QRGRys5mcB3IhFc9mpYJ X-Received: by 2002:a17:907:94c1:b0:783:59a:da2d with SMTP id dn1-20020a17090794c100b00783059ada2dmr15138596ejc.136.1664807212777; Mon, 03 Oct 2022 07:26:52 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1664807212; cv=none; d=google.com; s=arc-20160816; b=ZBl5HQhdfIjntlwfZ3zmWaw7QBBYFUaxmY9mtj5DVbP86VwcI5QcQmnFF3StyDROI5 8nKNQ1qX0YCGBsaDLhtZPyAAJqMbYDF01CGRC6kW+ugvF0U9puOhdefuU7YpBNv8h9uq xg3MjRiMW1SC6xp8nTNSImj2UnkjEk0V1s+Tl0zwGXj5JHpv6rtymvXnwwGui+qeWi+a kxRQlwGv042p5fmHi8UM7c/iG4mcub3q5x9l9Pae9JGd82Ch2S19Cq4ymoNKhsYYeV2x t9GEvKFkxSsAFXDKZohO401EJl1oQ8Ird0H0e5cJ7+qIJadJi667eytVAMVeF1UHbX0M qnyg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:content-transfer-encoding :mime-version:references:in-reply-to:message-id:date:subject:cc:to :from; bh=et3R0BJ6nwpCPI48ujIFvOL16tIHM+hC3713iuAJpIc=; b=g5rnjuIyr3H0VmXV+sPm4PA56HawE+dfsIeqWK8F/cabFgNYikQvTThHImmM6QIX1C 5QJCZeViJVzWL4TmjH31dR7PVLy7MmTaQKK2lZrBPMCucjflUlZi3AytEEoVkawBeHF5 e0g7OPTgaiKDiCigVVsLoSK/jDSaXsQTyu+MlNaRS/GmxpbbnRpJtUaiDRVFzAt0BrP6 kaI16NkFwl0WDyKZ/YZCNu4TD2nhCXB0y6gsNNuiel4RJZdeapEW62CMr8gk1KHsgQ/U qDjTWkYyaSFT+XvbaJD89+S76KfWqjSuB7C3CJM/LDfiMm4srHmXRHffiS0UwTLdC0hO 4e9g== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 85.214.62.61 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from phobos.denx.de (phobos.denx.de. [85.214.62.61]) by mx.google.com with ESMTPS id j6-20020a17090686c600b0078223ff2756si6433143ejy.244.2022.10.03.07.26.52 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 03 Oct 2022 07:26:52 -0700 (PDT) Received-SPF: pass (google.com: domain of u-boot-bounces@lists.denx.de designates 85.214.62.61 as permitted sender) client-ip=85.214.62.61; Authentication-Results: mx.google.com; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 85.214.62.61 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 1044284E35; Mon, 3 Oct 2022 16:25:54 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=fail (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Received: by phobos.denx.de (Postfix, from userid 109) id 16B9884E2E; Mon, 3 Oct 2022 16:25:48 +0200 (CEST) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-1.2 required=5.0 tests=BAYES_00,SPF_HELO_NONE, SPF_SOFTFAIL autolearn=no autolearn_force=no version=3.4.2 Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by phobos.denx.de (Postfix) with ESMTP id E3AED84E22 for ; Mon, 3 Oct 2022 16:25:42 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=fail (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=fail smtp.mailfrom=sughosh.ganu@linaro.org Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id DD36B16F8; Mon, 3 Oct 2022 07:25:48 -0700 (PDT) Received: from a076522.blr.arm.com (a076522.blr.arm.com [10.162.16.44]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id 7BE723F73B; Mon, 3 Oct 2022 07:25:38 -0700 (PDT) From: Sughosh Ganu To: u-boot@lists.denx.de Cc: Heinrich Schuchardt , Ilias Apalodimas , Takahiro Akashi , Patrick Delaunay , Patrice Chotard , Simon Glass , Bin Meng , Tom Rini , Etienne Carriere , Michal Simek , Jassi Brar , Sughosh Ganu Subject: [PATCH v12 09/15] FWU: Add boot time checks as highlighted by the FWU specification Date: Mon, 3 Oct 2022 19:54:21 +0530 Message-Id: <20221003142427.251192-10-sughosh.ganu@linaro.org> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20221003142427.251192-1-sughosh.ganu@linaro.org> References: <20221003142427.251192-1-sughosh.ganu@linaro.org> MIME-Version: 1.0 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.39 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.6 at phobos.denx.de X-Virus-Status: Clean The FWU Multi Bank Update specification requires the Update Agent to carry out certain checks at the time of platform boot. The Update Agent is the component which is responsible for updating the firmware components and maintaining and keeping the metadata in sync. The spec requires that the Update Agent perform the following checks at the time of boot * Sanity check of both the metadata copies maintained by the platform. * Get the boot index passed to U-Boot by the prior stage bootloader and use this value for metadata bookkeeping. * Check if the system is booting in Trial State. If the system boots in the Trial State for more than a specified number of boot counts, change the Active Bank to be booting the platform from. Call these checks through the main loop event at the time of platform boot. Signed-off-by: Sughosh Ganu Reviewed-by: Etienne Carriere --- Changes since V11: * Remove the superfluous braces in fwu_boottime_checks() include/fwu.h | 13 +++ lib/fwu_updates/fwu.c | 191 +++++++++++++++++++++++++++++++++++++++++- 2 files changed, 203 insertions(+), 1 deletion(-) diff --git a/include/fwu.h b/include/fwu.h index 71a03cf70b..2effa7da38 100644 --- a/include/fwu.h +++ b/include/fwu.h @@ -253,4 +253,17 @@ int fwu_plat_get_update_index(uint *update_idx); * */ void fwu_plat_get_bootidx(uint *boot_idx); + +/** + * fwu_update_checks_pass() - Check if FWU update can be done + * + * Check if the FWU update can be executed. The updates are + * allowed only when the platform is not in Trial State and + * the boot time checks have passed + * + * Return: 1 if OK, 0 on error + * + */ +u8 fwu_update_checks_pass(void); + #endif /* _FWU_H_ */ diff --git a/lib/fwu_updates/fwu.c b/lib/fwu_updates/fwu.c index 70482d14a0..b14c0dfadd 100644 --- a/lib/fwu_updates/fwu.c +++ b/lib/fwu_updates/fwu.c @@ -4,10 +4,19 @@ */ #include +#include #include +#include +#include #include #include -#include +#include + +#include +#include + +static u8 trial_state; +static u8 boottime_check; #include #include @@ -18,6 +27,112 @@ enum { IMAGE_ACCEPT_CLEAR, }; +static int trial_counter_update(u16 *trial_state_ctr) +{ + bool delete; + u32 var_attr; + efi_status_t status; + efi_uintn_t var_size; + + delete = !trial_state_ctr ? true : false; + var_size = !trial_state_ctr ? 0 : (efi_uintn_t)sizeof(*trial_state_ctr); + var_attr = !trial_state_ctr ? 0 : EFI_VARIABLE_NON_VOLATILE | + EFI_VARIABLE_BOOTSERVICE_ACCESS; + status = efi_set_variable_int(u"TrialStateCtr", + &efi_global_variable_guid, + var_attr, + var_size, trial_state_ctr, false); + + if ((delete && (status != EFI_NOT_FOUND && + status != EFI_SUCCESS)) || + (!delete && status != EFI_SUCCESS)) + return -1; + + return 0; +} + +static int in_trial_state(struct fwu_mdata *mdata) +{ + u32 i, active_bank; + struct fwu_image_entry *img_entry; + struct fwu_image_bank_info *img_bank_info; + + active_bank = mdata->active_index; + img_entry = &mdata->img_entry[0]; + for (i = 0; i < CONFIG_FWU_NUM_IMAGES_PER_BANK; i++) { + img_bank_info = &img_entry[i].img_bank_info[active_bank]; + if (!img_bank_info->accepted) { + return 1; + } + } + + return 0; +} + +static int fwu_trial_state_check(struct udevice *dev) +{ + int ret; + efi_status_t status; + efi_uintn_t var_size; + u16 trial_state_ctr; + u32 var_attributes; + struct fwu_mdata mdata = { 0 }; + + ret = fwu_get_mdata(dev, &mdata); + if (ret) + return ret; + + trial_state = in_trial_state(&mdata); + if (trial_state) { + var_size = (efi_uintn_t)sizeof(trial_state_ctr); + log_info("System booting in Trial State\n"); + var_attributes = EFI_VARIABLE_NON_VOLATILE | + EFI_VARIABLE_BOOTSERVICE_ACCESS; + status = efi_get_variable_int(u"TrialStateCtr", + &efi_global_variable_guid, + &var_attributes, + &var_size, &trial_state_ctr, + NULL); + if (status != EFI_SUCCESS) { + log_err("Unable to read TrialStateCtr variable\n"); + ret = -1; + goto out; + } + + ++trial_state_ctr; + if (trial_state_ctr > CONFIG_FWU_TRIAL_STATE_CNT) { + log_info("Trial State count exceeded. Revert back to previous_active_index\n"); + ret = fwu_revert_boot_index(); + if (ret) { + log_err("Unable to revert active_index\n"); + goto out; + } + + /* Delete the TrialStateCtr variable */ + ret = trial_counter_update(NULL); + if (ret) { + log_err("Unable to delete TrialStateCtr variable\n"); + goto out; + } + } else { + ret = trial_counter_update(&trial_state_ctr); + if (ret) { + log_err("Unable to increment TrialStateCtr variable\n"); + goto out; + } + } + } else { + /* Delete the variable */ + ret = trial_counter_update(NULL); + if (ret) { + log_err("Unable to delete TrialStateCtr variable\n"); + } + } + +out: + return ret; +} + static int fwu_get_dev_mdata(struct udevice **dev, struct fwu_mdata *mdata) { int ret; @@ -28,6 +143,9 @@ static int fwu_get_dev_mdata(struct udevice **dev, struct fwu_mdata *mdata) return ret; } + if (!mdata) + return 0; + ret = fwu_get_mdata(*dev, mdata); if (ret < 0) log_debug("Unable to get valid FWU metadata\n"); @@ -389,3 +507,74 @@ __weak int fwu_plat_get_update_index(uint *update_idx) return ret; } + +/** + * fwu_update_checks_pass() - Check if FWU update can be done + * + * Check if the FWU update can be executed. The updates are + * allowed only when the platform is not in Trial State and + * the boot time checks have passed + * + * Return: 1 if OK, 0 on error + * + */ +u8 fwu_update_checks_pass(void) +{ + return !trial_state && boottime_check; +} + +static int fwu_boottime_checks(void *ctx, struct event *event) +{ + int ret; + struct udevice *dev; + u32 boot_idx, active_idx; + + ret = fwu_get_dev_mdata(&dev, NULL); + if (ret) + return ret; + + ret = fwu_mdata_check(dev); + if (ret) + return 0; + + /* + * Get the Boot Index, i.e. the bank from + * which the platform has booted. This value + * gets passed from the ealier stage bootloader + * which booted u-boot, e.g. tf-a. If the + * boot index is not the same as the + * active_index read from the FWU metadata, + * update the active_index. + */ + fwu_plat_get_bootidx(&boot_idx); + if (boot_idx >= CONFIG_FWU_NUM_BANKS) { + log_err("Received incorrect value of boot_index\n"); + return 0; + } + + ret = fwu_get_active_index(&active_idx); + if (ret) { + log_err("Unable to read active_index\n"); + return 0; + } + + if (boot_idx != active_idx) { + log_info("Boot idx %u is not matching active idx %u, changing active_idx\n", + boot_idx, active_idx); + ret = fwu_set_active_index(boot_idx); + if (!ret) + boottime_check = 1; + + return 0; + } + + if (efi_init_obj_list() != EFI_SUCCESS) + return 0; + + ret = fwu_trial_state_check(dev); + if (!ret) + boottime_check = 1; + + return 0; +} +EVENT_SPY(EVT_MAIN_LOOP, fwu_boottime_checks);