From patchwork Wed May 29 14:48:52 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Caleb Connolly X-Patchwork-Id: 799847 Delivered-To: patch@linaro.org Received: by 2002:adf:e110:0:b0:35b:5a80:51b4 with SMTP id t16csp771423wrz; Wed, 29 May 2024 07:49:40 -0700 (PDT) X-Forwarded-Encrypted: i=2; AJvYcCWWHLJPkGomndQXuo9gonW77GJxzcM1ZdBKlIhlhGQSyVqE5yIjyt08bux9rrTFvELLrV4nWEtKrkKjBgX9HNug X-Google-Smtp-Source: AGHT+IHvWkciYHdEd1XNp/ICOMjTCQ4/Om5qfK8OICnUgHin+bvFHWaFgr+GlZG9KKBAuybr7gLA X-Received: by 2002:a17:906:a08a:b0:a5c:de6f:87e7 with SMTP id a640c23a62f3a-a6264f0ecd7mr1119841166b.61.1716994179989; Wed, 29 May 2024 07:49:39 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1716994179; cv=none; d=google.com; s=arc-20160816; b=CJ4MtZpuc6IZsp/pRquHdAHIUqtKaoJRG9FR39CZok29OClD/vtPABYTSqnn5lWxJp bHWYPIj8s92q5OmA9tRQTOLf8JE7/jXgVcCVMYfpZ+oz0zgFptJ1FacllkadS0GvoWIl U7psgdoDZkhM7kQ5VnAJ1Zicn4F2FWSIg2BBW5shjB5dOSUQxHI/mQW/rVsGMgs+bAHz MtbxyGgyuUBrDTKSqaXHepmf9rw4BEXeF2OSLl6THE/4bLkPk2Hj98Wp0jOVU0BBft4X aFQtLLeNj2QxCtn4o/D2qLswVnNuTW5ObDI5TRzZ6wl3JSCVWDxl3RJEqw8f7pJu8cLb cXLQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:cc:to:in-reply-to:references :message-id:content-transfer-encoding:mime-version:subject:date:from :dkim-signature; bh=FMAW1dpN0sJGqp4IpwIC0EpaM2WaZQwQFd9eCKE47xE=; fh=tAKHAgHn2us0Jr26iSJlU0xrtmjw6YwEBoG8SpVzM6w=; b=dGSklR9pZMtSvQFJiG65i7tzeDV325qvCCv2E3Hyicoxei7MGHWnyNxjJ1xkLSWvlq YNH0Hp0Pes//Qui3WkRgvWa5dOW4UlWazyARaQM8SymLJfaqYizpofitJXtegu0oaYuF rbTPE5tphtG5mKUleG2NMXD2nV5imf1B0Hx5BvVG1qcNgTPe/lq6AC0FyjlTAOgxZjEU qCWnl+YiYkppFaTBTBLe0pJ44ZBmugNuA5hNlYOxDCvVpv4h90xtz5ccjQUwzT9RIJ3O yVs0/i8ZdhSIiKc3alL3bCLAwY0NX1zB1cnqYLKuvsaV+I2iczIyCOt4d3ir6jGAh8db 47BQ==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=IvhNLjfg; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 85.214.62.61 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from phobos.denx.de (phobos.denx.de. [85.214.62.61]) by mx.google.com with ESMTPS id a640c23a62f3a-a62bee59ca7si471989866b.871.2024.05.29.07.49.39 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 29 May 2024 07:49:39 -0700 (PDT) Received-SPF: pass (google.com: domain of u-boot-bounces@lists.denx.de designates 85.214.62.61 as permitted sender) client-ip=85.214.62.61; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=IvhNLjfg; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 85.214.62.61 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 152388863F; Wed, 29 May 2024 16:49:08 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="IvhNLjfg"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id CCFDD88629; Wed, 29 May 2024 16:49:05 +0200 (CEST) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.2 Received: from mail-ed1-x52f.google.com (mail-ed1-x52f.google.com [IPv6:2a00:1450:4864:20::52f]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id C8E4A88602 for ; Wed, 29 May 2024 16:49:03 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=caleb.connolly@linaro.org Received: by mail-ed1-x52f.google.com with SMTP id 4fb4d7f45d1cf-5785d466c82so2594620a12.3 for ; Wed, 29 May 2024 07:49:03 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1716994143; x=1717598943; darn=lists.denx.de; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:from:to:cc:subject:date:message-id :reply-to; bh=FMAW1dpN0sJGqp4IpwIC0EpaM2WaZQwQFd9eCKE47xE=; b=IvhNLjfgkOGvGgPAtXz9dMwGWDLansM4tlkA0xlYn9vGrwO85lAcUuq4cMkmn+4wi5 G1Wq4mChLldFsCZFoBOrHyUsDP+t3FcVzys/abgRezBY9rM1ZybqpkVPyTWJpsdQ4oG1 rNuvDS8jQgdXz0/HJJHN6i32l925UQJxuyeY6B1PLiwdcZjtWCak3NNrWtDTe+t0Xvkb exewB7chU3TjcWfhICLlBWsIB5Td+yx2GbJYc78vnq5WzpxXviPz8rAbVXGbaffqAX25 io6NIgtmmMrBp3NIQjAPblWLiNP5HlGlu0RSp3hfqoVWFGclzaLfdrwYRVCuynkfaBmN F0og== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1716994143; x=1717598943; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=FMAW1dpN0sJGqp4IpwIC0EpaM2WaZQwQFd9eCKE47xE=; b=m/wMajtAZa96GU+IDqVG/IT4CXym91Hb2gpakUmS1HYDqtGWP7RNNyHrPTQT72XYxE QmjvP338xW7eSQRNccrGDTEmULO5FLhdAiQMTr9gCZ3knD/ctfNpuj81jVi0k0aydk8R qSwc9yCWT6Es1g35ZtnqRRIPvVLZPDPskBR108+lIKs/h1b6oG6srQ/j5hpuC9RQB8cI +8Drdu6pHH9WUbv1+CEwGVsCc/pXWbUyySlrPKD8IsuqSAZE5TpCgEfZw+CUeNEFVfxE 8ohHjkYP/xUvOUKkJTrcfjB/ekoRmBu42FmZDVsVnPnFSFXpEgvX7x7eZWiMkZHD4IUX PHZg== X-Forwarded-Encrypted: i=1; AJvYcCWWp8J8OnPmbEZfVYWCSxeEBsVtXTsN/e/mNHtfUP48NP3mshAhOfepOrN8ciLRe3Pvx/sOSrpLwTSLhtfhc4iW/UJG8Q== X-Gm-Message-State: AOJu0YyQ/52OvDDXQ7CxQPFGFIT/bA9U900vTRCWZboxykN+KxF9EN83 HlU9Aef1lcEIX1oHwL4OuO+RY189XicP8QEmRwzg/5F83PEnkqgWzujWbnd0vLQ= X-Received: by 2002:a50:a45d:0:b0:578:63e0:e4f1 with SMTP id 4fb4d7f45d1cf-57863e0e555mr9562088a12.17.1716994143135; Wed, 29 May 2024 07:49:03 -0700 (PDT) Received: from [192.168.0.113] ([2a02:8109:aa0d:be00::8bb3]) by smtp.gmail.com with ESMTPSA id 4fb4d7f45d1cf-578638009b1sm6922029a12.17.2024.05.29.07.49.02 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 29 May 2024 07:49:02 -0700 (PDT) From: Caleb Connolly Date: Wed, 29 May 2024 16:48:52 +0200 Subject: [PATCH v2 3/7] doc: uefi: document dynamic UUID generation MIME-Version: 1.0 Message-Id: <20240529-b4-dynamic-uuid-v2-3-c26f31057bbe@linaro.org> References: <20240529-b4-dynamic-uuid-v2-0-c26f31057bbe@linaro.org> In-Reply-To: <20240529-b4-dynamic-uuid-v2-0-c26f31057bbe@linaro.org> To: Tom Rini , Heinrich Schuchardt , Ilias Apalodimas , Simon Glass , Mario Six , Alper Nebi Yasak , Abdellatif El Khlifi Cc: Richard Hughes , u-boot@lists.denx.de, Caleb Connolly X-Mailer: b4 0.14-dev X-Developer-Signature: v=1; a=openpgp-sha256; l=2297; i=caleb.connolly@linaro.org; h=from:subject:message-id; bh=EdslQZF10Tz/XBvoasteUepMjZO5dSDrB6Bbsr2kI1w=; b=owEBbQKS/ZANAwAIAQWDMSsZX2S2AcsmYgBmV0BatxyLQukAj5Dqnl+xStlnQCKCwrB0fbuyB w4B56lgPPGJAjMEAAEIAB0WIQS2UaFGPGq+0GkMVc0FgzErGV9ktgUCZldAWgAKCRAFgzErGV9k ticCD/9x/f5jkH7UFVfM6eqOBTbKYRSQTYKqhMfagwIB0HhU114r4p7qJdIxiC7r3VpS83Pf9pC hEILG0mjxNJx0+/7LmZA6nCVLJnP/X2LjrpbZxgnG7oroXkmxiZ3Tkj0HvpxCCvm19bh24t/GNJ UgMINpDhnZu5HOoyiYQ34xVLKOL6rtqlESLst2PRX5q3jJ0gX4o0vH59zNWdehb1bYdbIoR7v7A gXM55veKJ3BAwUnesc+OxzVh7YrCWh4Xtbl7DjVLgucUjwczIWYjzj5lhbkKpS5T993RsOyg8H0 4ixX26gY0KJei6PppJGtKfZgTrDgEqdA132/TsO/OSz3Fjjsj0iL7za/rY8lhHiXRiRzMAReNmD Go5eEvdvHlgEXnncuEsaVEKOdgjFLLn6Uhn6brsZTMTGwX3wVNKt0TwvpPzfu7bMg+lgXRjPep9 wReK9OPJTlr8Ok/hX0O/LTQ6BlvaASSgo9OjM210MQ8qrd3n8SB3GkbsG5k314MQ5Qm/bJsY5NG mN5XS4g0bvyQ2BcfCbbw2ihTWgO1Ihss0L1TalxqoJB+dcStmHxloP3fE0ff63cCm945572mYet +q1qg7lNOLoZzREet2/hZJmiTQPYXegZa3aotTYZULq2r3aouz7CazxJzawMwml4lp1aic/u7gT bXOO51Qlzq/D9ow== X-Developer-Key: i=caleb.connolly@linaro.org; a=openpgp; fpr=83B24DA7FE145076BC38BB250CD904EB673A7C47 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.39 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.8 at phobos.denx.de X-Virus-Status: Clean Document how platforms can generate GUIDs at runtime rather than maintaining a list of UUIDs per-board. Signed-off-by: Caleb Connolly --- doc/develop/uefi/uefi.rst | 31 +++++++++++++++++++++++++++++++ 1 file changed, 31 insertions(+) diff --git a/doc/develop/uefi/uefi.rst b/doc/develop/uefi/uefi.rst index 0389b269c01b..0b60702c052a 100644 --- a/doc/develop/uefi/uefi.rst +++ b/doc/develop/uefi/uefi.rst @@ -448,8 +448,39 @@ the location of the firmware updates is not a very secure practice. Getting this information from the firmware itself is more secure, assuming the firmware has been verified by a previous stage boot loader. +The image_type_id contains a GUID value which is specific to the image +and board being updated, that is to say it should uniquely identify the +board model (and revision if relevant) and image pair. Traditionally, +these GUIDs are generated manually and hardcoded on a per-board basis, +however this scheme makes it difficult to scale up to support many +boards. + +To address this, v5 GUIDs can be used to generate board-specific GUIDs +at runtime, based on a set of persistent identifiable information: + +.. code-block:: c + + /** + * efi_capsule_update_info_gen_ids - generate GUIDs for the images + * + * Generate the image_type_id for each image in the update_info.images array + * using the model and compatible strings from the device tree and a salt + * UUID defined at build time. + * + * Returns: status code + */ + static efi_status_t efi_capsule_update_info_gen_ids(void); + +These strings are combined with the fw_image name to generate GUIDs for +each image. Support for dynamic UUIDs can be enabled by turning on +CONFIG_EFI_CAPSULE_DYNAMIC_UUIDS, generating a new namespace UUID and +setting CONFIG_EFI_CAPSULE_NAMESPACE_UUID to it. + +The genguid tool can be used to determine the GUIDs for a particular board +and image. It can be found in the tools directory. + The firmware images structure defines the GUID values, image index values and the name of the images that are to be updated through the capsule update feature. These values are to be defined as part of an array. These GUID values would be used by the Firmware Management