From patchwork Fri Aug 9 00:56:23 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Caleb Connolly X-Patchwork-Id: 818101 Delivered-To: patch@linaro.org Received: by 2002:a5d:5711:0:b0:367:895a:4699 with SMTP id a17csp89434wrv; Thu, 8 Aug 2024 17:57:22 -0700 (PDT) X-Forwarded-Encrypted: i=2; AJvYcCUei7znx7j2gelF79Zz9nzYjyf31tEc14L7WtBsoHpbdOus68aikkAxdFtECiRbnFSv577nyfc/L0inS1XDmCrV X-Google-Smtp-Source: AGHT+IHfm3/ple9GyRgBliKt2sx84xaypkUw1ZjI4B65n02ZVyQNmaExiiBJgRwtiwkHKcQ/jdUO X-Received: by 2002:a17:907:7204:b0:a7a:a06b:eecf with SMTP id a640c23a62f3a-a80aa53b6bcmr1294566b.3.1723165041996; Thu, 08 Aug 2024 17:57:21 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1723165041; cv=none; d=google.com; s=arc-20160816; b=GZznFcNBtlUsbCcrBKJruJJrRnQx0yT2huHc9iF9TWPZfbmuR6PgEmJ+HDF+x/jePc A/woyQoBKt3lU9eeNXXC1mmUgOMH+kMGVzg0fW6HIsZnWzus3n8suvPoeomD0FCFzpP0 U7i+2uqjhsT1g7FR0Gh/Y7XC41udH78xRN7yNd2zA7B57LDkcjgc5u0/ymdX1n2+FZBU MyIiGvz7Ud0Il/MatzXxdESJ36ihxyB+mI1t9VX0Sh3oVaRgS2EGwjFbssW7W3o2FWfN 780FLVYxSi335ymK/7+krzwsHwx/YpTbTwJejMYIEyE0yOJx4PhPdn2M/jrDpHZFAx2j 6+Qw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:cc:to:in-reply-to:references :message-id:content-transfer-encoding:mime-version:subject:date:from :dkim-signature; bh=XceLW2XqiE7wRlBCScaaKGd8cI0ULr15gEOnMJ3F+Ro=; fh=lA/ssFwW9Mn6s0U90HRVKt1MJwZEYG+9uhnxxTwM+2M=; b=CkiACxHYJhVx80/tVtrWtezBjJ6WhMxYob2CD5d7+TqTTqegsYboiW6q/sZwJv7kz0 5B/qc16WwK90z7+JzvczPNxTDLADkyA4bgtl1Oycp0oEC674vsNW70dFt1DiEwWOgQ/2 m4wbVIWjKFAV9vWF5OtGO6mqxcpb4Dazt2rOhAP/VPpJD9/XZRuSt/pW/UuYBz6CSjez K+oDQ1ziBz48zhU9vr2OuPgfsN7amHP+vKVFwYEkuMDXnrY312iqSR9/PJAIMVOd834Y LI8ggRE6zHDAOTjDvEluJPmpwJPcGydYQ9OdbLgvWS7ZRQFMhETbMQOz4K5g1H7bAsO6 PLFg==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b="x/iO0nDf"; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 85.214.62.61 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org; dara=neutral header.i=@linaro.org Return-Path: Received: from phobos.denx.de (phobos.denx.de. [85.214.62.61]) by mx.google.com with ESMTPS id a640c23a62f3a-a7dc9f12ed6si802427966b.703.2024.08.08.17.57.21 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 08 Aug 2024 17:57:21 -0700 (PDT) Received-SPF: pass (google.com: domain of u-boot-bounces@lists.denx.de designates 85.214.62.61 as permitted sender) client-ip=85.214.62.61; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b="x/iO0nDf"; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 85.214.62.61 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org; dara=neutral header.i=@linaro.org Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 805F388BD4; Fri, 9 Aug 2024 02:56:39 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="x/iO0nDf"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id A9A5E88BEA; Fri, 9 Aug 2024 02:56:37 +0200 (CEST) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.2 Received: from mail-ed1-x52e.google.com (mail-ed1-x52e.google.com [IPv6:2a00:1450:4864:20::52e]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id AB36C88B99 for ; Fri, 9 Aug 2024 02:56:35 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=caleb.connolly@linaro.org Received: by mail-ed1-x52e.google.com with SMTP id 4fb4d7f45d1cf-5a15692b6f6so1728879a12.0 for ; Thu, 08 Aug 2024 17:56:35 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1723164995; x=1723769795; darn=lists.denx.de; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:from:to:cc:subject:date:message-id :reply-to; bh=XceLW2XqiE7wRlBCScaaKGd8cI0ULr15gEOnMJ3F+Ro=; b=x/iO0nDfJ1lFnUUNB7CGZ8+0ffWubeJijPifvtlGDHRkUqqSkwK2ZRynCR/c7Bw36x GfnU73xQbuc8Gw+Tyyuy7188xGUZd+B3D4pCeXXiJaNg3b6BlEpYY/gTdZPKpk1zeQxf kXW2+vrZwkKv1bJAxU2FXVTdIOlMXLn2lBaHJ4wsq6wj4Kwzdl2d0vEgql3G99B6Kzr0 /JLgnwImOf8XTOwKOVPko5uqXO6vA66qxb70+MrTuiHAqY/R7QOa2wLopSnj6SiqFAdV hsrCp9HPI0DH1Lt33E7CYd5oYKQXYSxHoB6wQ5Dv32+mw3IRfBJi8VlLTlM8LQl8wapO ozhg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1723164995; x=1723769795; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=XceLW2XqiE7wRlBCScaaKGd8cI0ULr15gEOnMJ3F+Ro=; b=Jde/+cHz/nqIOYOuZtGo9eJocW4IgJsNoEqA3lef3HkcdGEUrn+5nSW3ogthCVc3jU Bwd4TGzKYwByvAFCzLeycdxRAccmwnyDP9B8K4V8rdWU4PloeeuHGkPru1o5AlnE1h7x 85NtXr3OwF1ngP025giEiusOQYeokN0AypbzJQqIum7HxxSkxd32ppeTN3Gmi9mmRtWk ZBmjRG/4aVPPt3JciTGn7rT7PRTy1kB7wa5ReWl6yiAVQpWudYV0UuHVpUGee75G45L5 TMXlYMd0j4l9tjduJl/FwfRrvAiH/f8JvU849imm9eSdZv4wU67jQmDTVVc7EqH0Y+pO Q4gw== X-Forwarded-Encrypted: i=1; AJvYcCVyQD85y3GYvqWtmqi74vVP3+dnL0l4aoCIr+eYiHigv+OBDtYzpskHPRPmIwqM+ZdggHQfNPjan5+1GSDIayvB56aDuA== X-Gm-Message-State: AOJu0YztZwdL0zohLftOi0h2JuxYQ24agI8h62ZV0gHpacC/2ocuXlNZ 4js0k6ByE2ssPf/PyvWHZU6+KuS5CxYRACA64JbJgmCUHYUM3Vd2OUj/zlwl6Vo= X-Received: by 2002:a17:907:f1cb:b0:a7d:e41e:6bbf with SMTP id a640c23a62f3a-a80aa65eed5mr369566b.50.1723164995007; Thu, 08 Aug 2024 17:56:35 -0700 (PDT) Received: from [192.168.0.113] ([2a02:8109:aa0d:be00::7424]) by smtp.gmail.com with ESMTPSA id a640c23a62f3a-a7dc9e80e54sm790680266b.167.2024.08.08.17.56.34 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 08 Aug 2024 17:56:34 -0700 (PDT) From: Caleb Connolly Date: Fri, 09 Aug 2024 02:56:23 +0200 Subject: [PATCH v7 04/11] doc: uefi: document dynamic UUID generation MIME-Version: 1.0 Message-Id: <20240809-b4-dynamic-uuid-v7-4-8c44ab1f06a5@linaro.org> References: <20240809-b4-dynamic-uuid-v7-0-8c44ab1f06a5@linaro.org> In-Reply-To: <20240809-b4-dynamic-uuid-v7-0-8c44ab1f06a5@linaro.org> To: Tom Rini , Heinrich Schuchardt , Ilias Apalodimas , Simon Glass , Mario Six , Alper Nebi Yasak , Abdellatif El Khlifi Cc: Richard Hughes , u-boot@lists.denx.de, Caleb Connolly X-Mailer: b4 0.14-dev X-Developer-Signature: v=1; a=openpgp-sha256; l=2228; i=caleb.connolly@linaro.org; h=from:subject:message-id; bh=CnoU4+NAjPfmPO7lw0mrd3Kf+j79o89BEkFbYPucAaY=; b=owEBbQKS/ZANAwAIAQWDMSsZX2S2AcsmYgBmtWk8k48ESrmehsCSJB29SdV+aDDseXVIkgoSR JP1X/1lUjuJAjMEAAEIAB0WIQS2UaFGPGq+0GkMVc0FgzErGV9ktgUCZrVpPAAKCRAFgzErGV9k tqK7D/sE+kP3HFtW7I8QudEVkVnyyL6gg2SpfUSjcYaWvHtGkF5v7Tf4fxSze1fBqc2mkyLn7Gh hq1LSOvVsEqRtGqhGpk3Lek2Ma42LDydklZ/YY4PJMGLhQ79bOD8+3IuCokPI/cPAjBOWRtPFNe NVZyWmyCdVmkmUvgzFoyd2NVhPjJfUulEw2A29OPI4sKX62Sqstaeb1OStk8sHqJS5KkCUqrF/q NL4hQGO4UAIa0bgMFkRj4ydO6C13JhyQVlRqDZeR2NpA1iMo5x+PN/aCiO40EZiaQZc+VVPEmig fDHuyZ8w1JDQEhw1kdtp4LttvNssm5UsW0kbu7T4PtzRZpot/Hiw17Vm0nJsggVvi+4X4lacL8w webPa0PTWq45Sro+pV/zaYxQqIj44K8wyp8o22YGuJdGDKbtx9fbYg7+M3novXxncmPXaXeFEMq 8uC0wBqftBkY6jXFWS8cyqRtfVjgIIHJ2xX5VIa4Qd2KHlX8F0H/LfZZRq+3CH8Iu3uSpoBYYGd yLQgx1ZNYmArsOGqwEuONY/eajRSe1TNhjbPxjeFPZUZ6hCVqB3kp6gCZUi86rwKy125OmYQHaJ JcqaZa9GzAGhtfb4/Xv+HrgYPRGdw7/bY4vNJhP3sA+wU8cUloAxB+ByudKUnJktEJtGGeSB30g OTerNybSWhnX4tg== X-Developer-Key: i=caleb.connolly@linaro.org; a=openpgp; fpr=83B24DA7FE145076BC38BB250CD904EB673A7C47 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.39 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.8 at phobos.denx.de X-Virus-Status: Clean Document how platforms can generate GUIDs at runtime rather than maintaining a list of UUIDs per-board. Reviewed-by: Ilias Apalodimas Signed-off-by: Caleb Connolly Reviewed-by: Ilias Apalodimas --- doc/develop/uefi/uefi.rst | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) diff --git a/doc/develop/uefi/uefi.rst b/doc/develop/uefi/uefi.rst index d450b12bf801..b64009cc2256 100644 --- a/doc/develop/uefi/uefi.rst +++ b/doc/develop/uefi/uefi.rst @@ -448,8 +448,35 @@ the location of the firmware updates is not a very secure practice. Getting this information from the firmware itself is more secure, assuming the firmware has been verified by a previous stage boot loader. +Dynamic Firmware Update GUIDs +***************************** + +The image_type_id contains a GUID value which is specific to the image +and board being updated, that is to say it should uniquely identify the +board model (and revision if relevant) and image pair. Traditionally, +these GUIDs are generated manually and hardcoded on a per-board basis, +however this scheme makes it difficult to scale up to support many +boards. + +To address this, v5 GUIDs can be used to generate board-specific GUIDs +at runtime, based on the board's devicetree root compatible +(e.g. "qcom,qrb5165-rb5"). + +These strings are combined with the fw_image name to generate GUIDs for +each image. Support for dynamic UUIDs can be enabled by generating a new +namespace UUID and setting EFI_CAPSULE_NAMESPACE_GUID to it. Dynamic GUID +generation is only enabled if the image_type_id property is unset for your +firmware images, this is to avoid breaking existing boards with hardcoded +GUIDs. + +The mkeficapsule tool can be used to determine the GUIDs for a particular +board and image. It can be found in the tools directory. + +Firmware update images +********************** + The firmware images structure defines the GUID values, image index values and the name of the images that are to be updated through the capsule update feature. These values are to be defined as part of an array. These GUID values would be used by the Firmware Management