From patchwork Wed May 31 03:35:14 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Masahisa Kojima X-Patchwork-Id: 687220 Delivered-To: patch@linaro.org Received: by 2002:a5d:4d8a:0:0:0:0:0 with SMTP id b10csp1054522wru; Tue, 30 May 2023 20:36:12 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ60sV4S5nY/U6BGYQ3Ks/0hFg8g+wDPFXuxoqZh8Olf6Fleq0O/K+eEf8HhP2s/u25vgK3C X-Received: by 2002:a05:6a00:16ca:b0:635:7fb2:2ab4 with SMTP id l10-20020a056a0016ca00b006357fb22ab4mr4832967pfc.6.1685504171891; Tue, 30 May 2023 20:36:11 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1685504171; cv=none; d=google.com; s=arc-20160816; b=jvsSHu2e7yfwWzt9wj3Dfim4zQVj/5CEy81Tied2PucDG8GzeXI7KMUYFhB/Zy9vxb qtoIOsyBeyIh6LDzsZ5rH4b6iY+qy1/yMtG4rhZF+50E1Ru24eJt5a1oxCsTnJs011rB LH3Jo5ID3MLaho4NtXrwR7uH02YXUAxBRF+XTJX8fHh5KoVoccf4BBmwYmW4t7FrDO9r D85h1uLcfhQG7xA6SJyH7wdQ8FAhYeAUF+1JszvQJh6IJDkQQITEboqZyozkdQjzlmDN HTIEqxdbe1nGCN15KJKjjOVdvjUg+vzaWTyMrp5HVFqGPm9AMDx7Bf53izM8PND2EiPz 6DWA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:content-transfer-encoding :mime-version:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=1fEHsJ2BPYepLe9lhrzjjRxecXuGuQemDM5Dv68+Bck=; b=tdv+kmOZl5qpK+gbxoLNqlVYk48KZInHXbMPLpgVLdp5AjoM0/4w/kR0QIxDqBC2ga A1jVJVU+90ZRrbDC8cY2sfoSGJzhMH00buV+khB4BV73GPZFGPsyZTvjOt7FjBjFyXIW HIaHahSXLxZZ7nbXNsvejeHZyQN0mqV13nY7YXLkmSmt2LiJJD21cAk9LkjzQ27K8of4 k5BEfFlrT7F9kG3dgJTQNJAda0bFOR4JezWUsqaZwIOFfaAl6vsbJ9n8eiEDU3kcBPzs 76gLk+mA2uNWz1H66uMFheuLqE7y5S2eRTTL36B8FhdwhTJLIdRPKpuTIDV9UCp5B+Rx ns2g== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=v9sg10rX; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from phobos.denx.de (phobos.denx.de. [2a01:238:438b:c500:173d:9f52:ddab:ee01]) by mx.google.com with ESMTPS id y26-20020aa7943a000000b0063b843131b1si2769740pfo.324.2023.05.30.20.36.10 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 30 May 2023 20:36:11 -0700 (PDT) Received-SPF: pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) client-ip=2a01:238:438b:c500:173d:9f52:ddab:ee01; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=v9sg10rX; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 9DD5486114; Wed, 31 May 2023 05:35:58 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="v9sg10rX"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id 7D61786093; Wed, 31 May 2023 05:35:56 +0200 (CEST) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.2 Received: from mail-pf1-x432.google.com (mail-pf1-x432.google.com [IPv6:2607:f8b0:4864:20::432]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id 07C2E86113 for ; Wed, 31 May 2023 05:35:52 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=masahisa.kojima@linaro.org Received: by mail-pf1-x432.google.com with SMTP id d2e1a72fcca58-64d57cd373fso357173b3a.1 for ; Tue, 30 May 2023 20:35:51 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1685504150; x=1688096150; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=1fEHsJ2BPYepLe9lhrzjjRxecXuGuQemDM5Dv68+Bck=; b=v9sg10rXR4mMkBzTT9W2NXdoCjT8ueu9B0ATCsCRKtwS8Qiq/3/USF+9siHHNIqv86 po+LfDUnxFtoQkITitoyjt93F2GzX9Wk4COgysgmJtzAlwIdj3udjL7lj01iCMHlx3/B enuLDg8G4mriRg20dk2Hpcu85BLlV8aIKB53AQgZwvnbOIk9CCnfxUEFVUh3ipDyfnlQ NM0pQjhp5GXjLFe/gJX9AQ2PWKyPEaCw95IJf2bUxjujmTy7OhssaZcsDKSFrTYvU70Q Eh3BHL5+wSlRTL+E1tt9Nk411HCkwPt4v7akxv79UzM7xF8grYQab+J/Bax4s8nj6RyH gcYw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1685504150; x=1688096150; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=1fEHsJ2BPYepLe9lhrzjjRxecXuGuQemDM5Dv68+Bck=; b=igkbOfxR2WKFaeb10yVz5hGeTa4P9aBobR0gVaDlmZLEbwM0aBY51i7Qe1TL7yO9DF 447+9WcmgGMEpVVebHBdn1VZT0PSNuVExDah6QlkUFSdlHhvA1OLwyLDPKEq8EVVkjiW Lo6F4Kdb/APQyflyD3TTEYmtpVll6zfckbUd4uNLZ0NgBKilQuy9u7P1QIKmUafczsyY BoKcIPSjtZxaItqyC1dXKYWzOExl+y4tl7gi8QlHHAVhXTsPgw894VY5fguIICJxDcG6 MXEXf873dHgG0vcN+lKOTSYAL6Higa3qBnB2idMlmoNu9V416l5zVY8t+PgX2UVEgp+9 0rgA== X-Gm-Message-State: AC+VfDw2hihKpUN1zjQEBDlk8GDT63g4SzsFRHG8YwD8LfhUd+FVXSQe 7as1LVnT25L1JIPAy00//mJxUxsLnKkn4kNYdGFupg== X-Received: by 2002:a17:902:da83:b0:1ad:d95d:ca9c with SMTP id j3-20020a170902da8300b001add95dca9cmr5001063plx.15.1685504149896; Tue, 30 May 2023 20:35:49 -0700 (PDT) Received: from ubuntu-SVE15129CJS.. ([240d:1a:cf7:5800:b037:3ab0:51c1:7dff]) by smtp.gmail.com with ESMTPSA id b4-20020a170902d30400b001b0395c3ffasm85709plc.180.2023.05.30.20.35.45 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 30 May 2023 20:35:49 -0700 (PDT) From: Masahisa Kojima To: u-boot@lists.denx.de Cc: Heinrich Schuchardt , Ilias Apalodimas , Simon Glass , Takahiro Akashi , Masahisa Kojima , Philipp Tomsich , Kever Yang , "Ying-Chun Liu (PaulLiu)" , Tuomas Tynkkynen , Heiko Thiery , Frieder Schrempf , Michael Walle , Mario Six , Jassi Brar , Patrick Delaunay , Patrice Chotard , Michal Simek , Sughosh Ganu , Etienne Carriere , uboot-stm32@st-md-mailman.stormreply.com (moderated list:STM32MP1 BOARD) Subject: [PATCH v7 01/10] efi_loader: add the number of image entries in efi_capsule_update_info Date: Wed, 31 May 2023 12:35:14 +0900 Message-Id: <20230531033523.1581973-2-masahisa.kojima@linaro.org> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20230531033523.1581973-1-masahisa.kojima@linaro.org> References: <20230531033523.1581973-1-masahisa.kojima@linaro.org> MIME-Version: 1.0 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.39 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.8 at phobos.denx.de X-Virus-Status: Clean The number of image array entries global variable is required to support EFI capsule update. This information is exposed as a num_image_type_guids variable, but this information should be included in the efi_capsule_update_info structure. This commit adds the num_images member in the efi_capsule_update_info structure. All board files supporting EFI capsule update are updated. Signed-off-by: Masahisa Kojima Reviewed-by: Ilias Apalodimas --- No update since v6 Newly created in v6 arch/arm/mach-rockchip/board.c | 4 ++-- board/advantech/imx8mp_rsb3720a1/imx8mp_rsb3720a1.c | 2 +- board/compulab/imx8mm-cl-iot-gate/imx8mm-cl-iot-gate.c | 2 +- board/emulation/qemu-arm/qemu-arm.c | 2 +- board/kontron/pitx_imx8m/pitx_imx8m.c | 2 +- board/kontron/sl-mx8mm/sl-mx8mm.c | 2 +- board/kontron/sl28/sl28.c | 2 +- board/rockchip/evb_rk3399/evb-rk3399.c | 2 +- board/sandbox/sandbox.c | 2 +- board/socionext/developerbox/developerbox.c | 2 +- board/st/stm32mp1/stm32mp1.c | 2 +- board/xilinx/common/board.c | 2 +- include/efi_loader.h | 3 ++- lib/efi_loader/efi_firmware.c | 6 +++--- lib/fwu_updates/fwu.c | 2 +- 15 files changed, 19 insertions(+), 18 deletions(-) diff --git a/arch/arm/mach-rockchip/board.c b/arch/arm/mach-rockchip/board.c index f1f70c81d0..8daa74b3eb 100644 --- a/arch/arm/mach-rockchip/board.c +++ b/arch/arm/mach-rockchip/board.c @@ -41,7 +41,7 @@ static bool updatable_image(struct disk_partition *info) uuid_str_to_bin(info->type_guid, image_type_guid.b, UUID_STR_FORMAT_GUID); - for (i = 0; i < num_image_type_guids; i++) { + for (i = 0; i < update_info.num_images; i++) { if (!guidcmp(&fw_images[i].image_type_id, &image_type_guid)) { ret = true; break; @@ -59,7 +59,7 @@ static void set_image_index(struct disk_partition *info, int index) uuid_str_to_bin(info->type_guid, image_type_guid.b, UUID_STR_FORMAT_GUID); - for (i = 0; i < num_image_type_guids; i++) { + for (i = 0; i < update_info.num_images; i++) { if (!guidcmp(&fw_images[i].image_type_id, &image_type_guid)) { fw_images[i].image_index = index; break; diff --git a/board/advantech/imx8mp_rsb3720a1/imx8mp_rsb3720a1.c b/board/advantech/imx8mp_rsb3720a1/imx8mp_rsb3720a1.c index 466174679e..b79a2380aa 100644 --- a/board/advantech/imx8mp_rsb3720a1/imx8mp_rsb3720a1.c +++ b/board/advantech/imx8mp_rsb3720a1/imx8mp_rsb3720a1.c @@ -54,10 +54,10 @@ struct efi_fw_image fw_images[] = { struct efi_capsule_update_info update_info = { .dfu_string = "mmc 2=flash-bin raw 0 0x1B00 mmcpart 1", + .num_images = ARRAY_SIZE(fw_images), .images = fw_images, }; -u8 num_image_type_guids = ARRAY_SIZE(fw_images); #endif /* EFI_HAVE_CAPSULE_SUPPORT */ diff --git a/board/compulab/imx8mm-cl-iot-gate/imx8mm-cl-iot-gate.c b/board/compulab/imx8mm-cl-iot-gate/imx8mm-cl-iot-gate.c index b373e45df9..af070ec315 100644 --- a/board/compulab/imx8mm-cl-iot-gate/imx8mm-cl-iot-gate.c +++ b/board/compulab/imx8mm-cl-iot-gate/imx8mm-cl-iot-gate.c @@ -50,10 +50,10 @@ struct efi_fw_image fw_images[] = { struct efi_capsule_update_info update_info = { .dfu_string = "mmc 2=flash-bin raw 0x42 0x1D00 mmcpart 1", + .num_images = ARRAY_SIZE(fw_images), .images = fw_images, }; -u8 num_image_type_guids = ARRAY_SIZE(fw_images); #endif /* EFI_HAVE_CAPSULE_SUPPORT */ int board_phys_sdram_size(phys_size_t *size) diff --git a/board/emulation/qemu-arm/qemu-arm.c b/board/emulation/qemu-arm/qemu-arm.c index 34ed3e8ae6..dfea0d92a3 100644 --- a/board/emulation/qemu-arm/qemu-arm.c +++ b/board/emulation/qemu-arm/qemu-arm.c @@ -47,10 +47,10 @@ struct efi_fw_image fw_images[] = { }; struct efi_capsule_update_info update_info = { + .num_images = ARRAY_SIZE(fw_images) .images = fw_images, }; -u8 num_image_type_guids = ARRAY_SIZE(fw_images); #endif /* EFI_HAVE_CAPSULE_SUPPORT */ static struct mm_region qemu_arm64_mem_map[] = { diff --git a/board/kontron/pitx_imx8m/pitx_imx8m.c b/board/kontron/pitx_imx8m/pitx_imx8m.c index fcda86bc1b..4548e7c1df 100644 --- a/board/kontron/pitx_imx8m/pitx_imx8m.c +++ b/board/kontron/pitx_imx8m/pitx_imx8m.c @@ -43,10 +43,10 @@ struct efi_fw_image fw_images[] = { struct efi_capsule_update_info update_info = { .dfu_string = "mmc 0=flash-bin raw 0x42 0x1000 mmcpart 1", + .num_images = ARRAY_SIZE(fw_images), .images = fw_images, }; -u8 num_image_type_guids = ARRAY_SIZE(fw_images); #endif /* EFI_HAVE_CAPSULE_SUPPORT */ int board_early_init_f(void) diff --git a/board/kontron/sl-mx8mm/sl-mx8mm.c b/board/kontron/sl-mx8mm/sl-mx8mm.c index 250195694b..ddb509eb66 100644 --- a/board/kontron/sl-mx8mm/sl-mx8mm.c +++ b/board/kontron/sl-mx8mm/sl-mx8mm.c @@ -29,10 +29,10 @@ struct efi_fw_image fw_images[] = { struct efi_capsule_update_info update_info = { .dfu_string = "sf 0:0=flash-bin raw 0x400 0x1f0000", + .num_images = ARRAY_SIZE(fw_images), .images = fw_images, }; -u8 num_image_type_guids = ARRAY_SIZE(fw_images); #endif /* EFI_HAVE_CAPSULE_SUPPORT */ int board_phys_sdram_size(phys_size_t *size) diff --git a/board/kontron/sl28/sl28.c b/board/kontron/sl28/sl28.c index 89948e087f..4ab221c12b 100644 --- a/board/kontron/sl28/sl28.c +++ b/board/kontron/sl28/sl28.c @@ -40,10 +40,10 @@ struct efi_fw_image fw_images[] = { struct efi_capsule_update_info update_info = { .dfu_string = "sf 0:0=u-boot-bin raw 0x210000 0x1d0000;" "u-boot-env raw 0x3e0000 0x20000", + .num_images = ARRAY_SIZE(fw_images), .images = fw_images, }; -u8 num_image_type_guids = ARRAY_SIZE(fw_images); #endif /* EFI_HAVE_CAPSULE_SUPPORT */ int board_early_init_f(void) diff --git a/board/rockchip/evb_rk3399/evb-rk3399.c b/board/rockchip/evb_rk3399/evb-rk3399.c index c99ffdd75e..3c773d0930 100644 --- a/board/rockchip/evb_rk3399/evb-rk3399.c +++ b/board/rockchip/evb_rk3399/evb-rk3399.c @@ -18,10 +18,10 @@ static struct efi_fw_image fw_images[ROCKPI4_UPDATABLE_IMAGES] = {0}; struct efi_capsule_update_info update_info = { + .num_images = ROCKPI4_UPDATABLE_IMAGES, .images = fw_images, }; -u8 num_image_type_guids = ROCKPI4_UPDATABLE_IMAGES; #endif #ifndef CONFIG_SPL_BUILD diff --git a/board/sandbox/sandbox.c b/board/sandbox/sandbox.c index 2e44bdf0df..c7b6cb78ff 100644 --- a/board/sandbox/sandbox.c +++ b/board/sandbox/sandbox.c @@ -67,10 +67,10 @@ struct efi_fw_image fw_images[] = { struct efi_capsule_update_info update_info = { .dfu_string = "sf 0:0=u-boot-bin raw 0x100000 0x50000;" "u-boot-env raw 0x150000 0x200000", + .num_images = ARRAY_SIZE(fw_images), .images = fw_images, }; -u8 num_image_type_guids = ARRAY_SIZE(fw_images); #endif /* EFI_HAVE_CAPSULE_SUPPORT */ #if !CONFIG_IS_ENABLED(OF_PLATDATA) diff --git a/board/socionext/developerbox/developerbox.c b/board/socionext/developerbox/developerbox.c index 16e14d4f7f..d92e1d0962 100644 --- a/board/socionext/developerbox/developerbox.c +++ b/board/socionext/developerbox/developerbox.c @@ -41,10 +41,10 @@ struct efi_capsule_update_info update_info = { .dfu_string = "mtd nor1=u-boot.bin raw 200000 100000;" "fip.bin raw 180000 78000;" "optee.bin raw 500000 100000", + .num_images = ARRAY_SIZE(fw_images), .images = fw_images, }; -u8 num_image_type_guids = ARRAY_SIZE(fw_images); #endif /* EFI_HAVE_CAPSULE_SUPPORT */ static struct mm_region sc2a11_mem_map[] = { diff --git a/board/st/stm32mp1/stm32mp1.c b/board/st/stm32mp1/stm32mp1.c index 1a1b1844c8..5b28ccd32e 100644 --- a/board/st/stm32mp1/stm32mp1.c +++ b/board/st/stm32mp1/stm32mp1.c @@ -92,10 +92,10 @@ struct efi_fw_image fw_images[1]; struct efi_capsule_update_info update_info = { + .num_images = ARRAY_SIZE(fw_images), .images = fw_images, }; -u8 num_image_type_guids = ARRAY_SIZE(fw_images); #endif /* EFI_HAVE_CAPSULE_SUPPORT */ int board_early_init_f(void) diff --git a/board/xilinx/common/board.c b/board/xilinx/common/board.c index d071ebfb9c..0328d68e75 100644 --- a/board/xilinx/common/board.c +++ b/board/xilinx/common/board.c @@ -52,10 +52,10 @@ struct efi_fw_image fw_images[] = { }; struct efi_capsule_update_info update_info = { + .num_images = ARRAY_SIZE(fw_images), .images = fw_images, }; -u8 num_image_type_guids = ARRAY_SIZE(fw_images); #endif /* EFI_HAVE_CAPSULE_SUPPORT */ #define EEPROM_HEADER_MAGIC 0xdaaddeed diff --git a/include/efi_loader.h b/include/efi_loader.h index b395eef9e7..941d63467c 100644 --- a/include/efi_loader.h +++ b/include/efi_loader.h @@ -1078,15 +1078,16 @@ struct efi_fw_image { * platforms which enable capsule updates * * @dfu_string: String used to populate dfu_alt_info + * @num_images: The number of images array entries * @images: Pointer to an array of updatable images */ struct efi_capsule_update_info { const char *dfu_string; + int num_images; struct efi_fw_image *images; }; extern struct efi_capsule_update_info update_info; -extern u8 num_image_type_guids; /** * Install the ESRT system table. diff --git a/lib/efi_loader/efi_firmware.c b/lib/efi_loader/efi_firmware.c index 93e2b01c07..cc650e1443 100644 --- a/lib/efi_loader/efi_firmware.c +++ b/lib/efi_loader/efi_firmware.c @@ -131,7 +131,7 @@ static efi_status_t efi_fill_image_desc_array( struct efi_fw_image *fw_array; int i; - total_size = sizeof(*image_info) * num_image_type_guids; + total_size = sizeof(*image_info) * update_info.num_images; if (*image_info_size < total_size) { *image_info_size = total_size; @@ -141,13 +141,13 @@ static efi_status_t efi_fill_image_desc_array( *image_info_size = total_size; fw_array = update_info.images; - *descriptor_count = num_image_type_guids; + *descriptor_count = update_info.num_images; *descriptor_version = EFI_FIRMWARE_IMAGE_DESCRIPTOR_VERSION; *descriptor_size = sizeof(*image_info); *package_version = 0xffffffff; /* not supported */ *package_version_name = NULL; /* not supported */ - for (i = 0; i < num_image_type_guids; i++) { + for (i = 0; i < update_info.num_images; i++) { image_info[i].image_index = fw_array[i].image_index; image_info[i].image_type_id = fw_array[i].image_type_id; image_info[i].image_id = fw_array[i].image_index; diff --git a/lib/fwu_updates/fwu.c b/lib/fwu_updates/fwu.c index 5313d07302..3b1785e7b1 100644 --- a/lib/fwu_updates/fwu.c +++ b/lib/fwu_updates/fwu.c @@ -151,7 +151,7 @@ static int fwu_get_image_type_id(u8 *image_index, efi_guid_t *image_type_id) index = *image_index; image = update_info.images; - for (i = 0; i < num_image_type_guids; i++) { + for (i = 0; i < update_info.num_images; i++) { if (index == image[i].image_index) { guidcpy(image_type_id, &image[i].image_type_id); return 0; From patchwork Wed May 31 03:35:15 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Masahisa Kojima X-Patchwork-Id: 687221 Delivered-To: patch@linaro.org Received: by 2002:a5d:4d8a:0:0:0:0:0 with SMTP id b10csp1054582wru; Tue, 30 May 2023 20:36:27 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ6Whl3AdDHJZHItF5M/9Ss7mSlDajWMiOVGC101zumqsCGUzmNjmfa2wkPlGVprwDrZ8PaC X-Received: by 2002:a25:241:0:b0:ba7:7664:916b with SMTP id 62-20020a250241000000b00ba77664916bmr4879578ybc.20.1685504186757; Tue, 30 May 2023 20:36:26 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1685504186; cv=none; d=google.com; s=arc-20160816; b=iptbDkP34LmjNQaLmJ6LWZIefrqKiwewcP0Y1tEDiWGereQBFcvpNo/3tp+msk7i9t s8WkfreKXy+TB4erqetd3+WXi5RlzO2Wk87iaKiRSlzva2ShU8lHDpYtFqkQDgPfVdm2 KMKepD7YKvxNetjZnlZw8ZnUSdQPtkxpGO6ZfYSZ0KKVwXDW3/0SHJ2tvvrLsVfp1xVH x0GyepYOrUyHxW3SFLwg7bSB5v3w2xtStJR8dd1cqr2k/2dB0bP5rVhliF+SN9H6eqqh i/cUf+XnqF45Voy8D+cVvoyomYJZtYochkJrSJ+6m6Nqj+8PxLC/P5Ou9AdpdReMTt4o oW8w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:content-transfer-encoding :mime-version:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=EblhmLzzzLvXvhUKMMe6toRQ+0UXVDesdjroTIcOrgw=; b=jHeC2QLHQSETnAHiJBJkruvahH3PLzuBx45xpxqicEAfmQMNve182RnDJ8jjhlUDed XPdEWsXFwKvi/ib+ORLX6DGrldRv6AY5XzUHHgUMm6p1NYYBnsHheERAZRecm0zMe+dh s1EXhgNeAnZrw/v4A5R8b+lOz7YTLcgTN87A10SRjCTViv1SlikdbG8/iEE+/fZPdqmj qQcASHDIGp+Bkdi8GauUGgrClL1DUuo+HiYAUuTTwO43DGiu1fpw+FWP7rhHDLBT2bo0 xAvE7tlTGOQ6ZWweQvQP9ybuFU0iT49ztqDtmMg6X2xypD7ro9CO4KQsb+gjjbMunBN6 YEHA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=bwu2yEZN; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 85.214.62.61 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from phobos.denx.de (phobos.denx.de. [85.214.62.61]) by mx.google.com with ESMTPS id ij17-20020a170902ab5100b001b0424c4f88si153367plb.182.2023.05.30.20.36.25 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 30 May 2023 20:36:26 -0700 (PDT) Received-SPF: pass (google.com: domain of u-boot-bounces@lists.denx.de designates 85.214.62.61 as permitted sender) client-ip=85.214.62.61; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=bwu2yEZN; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 85.214.62.61 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id E043E86197; Wed, 31 May 2023 05:36:02 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="bwu2yEZN"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id 1CED186114; Wed, 31 May 2023 05:35:58 +0200 (CEST) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.2 Received: from mail-io1-xd2e.google.com (mail-io1-xd2e.google.com [IPv6:2607:f8b0:4864:20::d2e]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id 45FFB86116 for ; Wed, 31 May 2023 05:35:54 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=masahisa.kojima@linaro.org Received: by mail-io1-xd2e.google.com with SMTP id ca18e2360f4ac-77749d2613bso77998839f.2 for ; Tue, 30 May 2023 20:35:54 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1685504152; x=1688096152; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=EblhmLzzzLvXvhUKMMe6toRQ+0UXVDesdjroTIcOrgw=; b=bwu2yEZNpkTzxLaltO7qkk7bUMPsZStlxHa+SK5Ar7fen9+IqhZL76zmzuYGE3JGKt FuAv8liHq2iFyLzI0z+tX+5092refgDMXbk9e9g2OqYvDOVFZDqQ/h7O7c3HeLsNFqly qmcpiMITsdyPeylZQGBOfnXdOgQdijnH9ysZH1ELsIEKYxlHP3lp4ELq+CXntFkrQKKL +YUDwsLDTQhb0pEz4Qth9ZaAWa5ENlB1gI5NAa4t7M5DO5WS0GUcxBd3kRWhocNZPyXa tmuyhLE6rQzP+71GUgcYNU+10EKvCJdz9hhUN5q8nyZZJkC/XJa3HAB9kYdBfLy7JrI/ K0Mw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1685504152; x=1688096152; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=EblhmLzzzLvXvhUKMMe6toRQ+0UXVDesdjroTIcOrgw=; b=he3as+T6XaRshikskB3xhD1aJr1W87qWIwro4txkx+K8ffCnyp6TE07/2KO1sB9HNZ NJ1/V6aGas58vGhvCh3MoFHeK8/tzAgnNM0mgjhgHR3UFZCufh0pNYebq5NypEtMjNox 7qGlnG/w7Mn9W9w+aqamTrSaRIyYOMI2M2jOuP52uPspPeSCswWn7jxfd3yrC2d9ShTh wBtD5Kig97HWkRdRUi5jfvXYt/PjFFzitBFI8AR+YZ8R5jYHhol05z3xLOH5ddVx4Kcr WxeZKw574VYjSAGaBXtInJjcZZYnkj0sfvvH6T6U6JZZxtmvpWiX9OQVk/yDoe6K/Q/Z iSsg== X-Gm-Message-State: AC+VfDwm+ihMtRd5LNLv3wiiLFAZY+S1x+0UDEH5N5LcSdnMNpDaiBYh 4sd/WyRrrnxiA627eiaHgeqmsH2VklU/bqNhA68= X-Received: by 2002:a92:d791:0:b0:337:8342:e6a5 with SMTP id d17-20020a92d791000000b003378342e6a5mr1201918iln.31.1685504152560; Tue, 30 May 2023 20:35:52 -0700 (PDT) Received: from ubuntu-SVE15129CJS.. ([240d:1a:cf7:5800:b037:3ab0:51c1:7dff]) by smtp.gmail.com with ESMTPSA id b4-20020a170902d30400b001b0395c3ffasm85709plc.180.2023.05.30.20.35.50 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 30 May 2023 20:35:52 -0700 (PDT) From: Masahisa Kojima To: u-boot@lists.denx.de Cc: Heinrich Schuchardt , Ilias Apalodimas , Simon Glass , Takahiro Akashi , Masahisa Kojima Subject: [PATCH v7 02/10] efi_loader: store firmware version into FmpState variable Date: Wed, 31 May 2023 12:35:15 +0900 Message-Id: <20230531033523.1581973-3-masahisa.kojima@linaro.org> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20230531033523.1581973-1-masahisa.kojima@linaro.org> References: <20230531033523.1581973-1-masahisa.kojima@linaro.org> MIME-Version: 1.0 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.39 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.8 at phobos.denx.de X-Virus-Status: Clean Firmware version management is not implemented in the current FMP protocol. EDK II reference implementation capsule generation script inserts the FMP Payload Header right before the payload, FMP Payload Header contains the firmware version and lowest supported version. This commit utilizes the FMP Payload Header, reads the header and stores the firmware version into "FmpStateXXXX" EFI non-volatile variable. XXXX indicates the image index, since FMP protocol handles multiple image indexes. Note that lowest supported version included in the FMP Payload Header is not used. If the platform uses file-based EFI variable storage, it can be tampered. The file-based EFI variable storage is not the right place to store the lowest supported version for anti-rollback protection. This change is compatible with the existing FMP implementation. This change does not mandate the FMP Payload Header. If no FMP Payload Header is found in the capsule file, fw_version, lowest supported version, last attempt version and last attempt status is 0 and this is the same behavior as existing FMP implementation. Signed-off-by: Masahisa Kojima --- Changes in v7: - simplify efi_firmware_get_fw_version() function Changed in v6: - only store the fw_version in the FmpState EFI variable Changes in v4: - move lines that are the same in both branches out of the if statement - s/EDK2/EDK II/ - create print result function - set last_attempt_version when capsule authentication failed - use log_err() instead of printf() Changes in v3: - exclude CONFIG_FWU_MULTI_BANK_UPDATE case - set image_type_id as a vendor field of FmpStateXXXX variable - set READ_ONLY flag for FmpStateXXXX variable - add error code for FIT image case Changes in v2: - modify indent lib/efi_loader/efi_firmware.c | 164 ++++++++++++++++++++++++++++++---- 1 file changed, 145 insertions(+), 19 deletions(-) diff --git a/lib/efi_loader/efi_firmware.c b/lib/efi_loader/efi_firmware.c index cc650e1443..a798d380a3 100644 --- a/lib/efi_loader/efi_firmware.c +++ b/lib/efi_loader/efi_firmware.c @@ -10,6 +10,7 @@ #include #include #include +#include #include #include #include @@ -36,11 +37,52 @@ struct fmp_payload_header { u32 lowest_supported_version; }; +/** + * struct fmp_state - fmp firmware update state + * + * This structure describes the state of the firmware update + * through FMP protocol. + * + * @fw_version: Firmware versions used + * @lowest_supported_version: Lowest supported version + * @last_attempt_version: Last attempt version + * @last_attempt_status: Last attempt status + */ +struct fmp_state { + u32 fw_version; + u32 lowest_supported_version; /* not used */ + u32 last_attempt_version; /* not used */ + u32 last_attempt_status; /* not used */ +}; + __weak void set_dfu_alt_info(char *interface, char *devstr) { env_set("dfu_alt_info", update_info.dfu_string); } +/** + * efi_firmware_get_image_type_id - get image_type_id + * @image_index: image index + * + * Return the image_type_id identified by the image index. + * + * Return: pointer to the image_type_id, NULL if image_index is invalid + */ +static +efi_guid_t *efi_firmware_get_image_type_id(u8 image_index) +{ + int i; + struct efi_fw_image *fw_array; + + fw_array = update_info.images; + for (i = 0; i < update_info.num_images; i++) { + if (fw_array[i].image_index == image_index) + return &fw_array[i].image_type_id; + } + + return NULL; +} + /* Place holder; not supported */ static efi_status_t EFIAPI efi_firmware_get_image_unsupported( @@ -194,8 +236,6 @@ efi_status_t efi_firmware_capsule_authenticate(const void **p_image, { const void *image = *p_image; efi_uintn_t image_size = *p_image_size; - u32 fmp_hdr_signature; - struct fmp_payload_header *header; void *capsule_payload; efi_status_t status; efi_uintn_t capsule_payload_size; @@ -222,26 +262,104 @@ efi_status_t efi_firmware_capsule_authenticate(const void **p_image, debug("Updating capsule without authenticating.\n"); } - fmp_hdr_signature = FMP_PAYLOAD_HDR_SIGNATURE; - header = (void *)image; - - if (!memcmp(&header->signature, &fmp_hdr_signature, - sizeof(fmp_hdr_signature))) { - /* - * When building the capsule with the scripts in - * edk2, a FMP header is inserted above the capsule - * payload. Compensate for this header to get the - * actual payload that is to be updated. - */ - image += header->header_size; - image_size -= header->header_size; - } - *p_image = image; *p_image_size = image_size; return EFI_SUCCESS; } +/** + * efi_firmware_set_fmp_state_var - set FmpStateXXXX variable + * @state: Pointer to fmp state + * @image_index: image index + * + * Update the FmpStateXXXX variable with the firmware update state. + * + * Return: status code + */ +static +efi_status_t efi_firmware_set_fmp_state_var(struct fmp_state *state, u8 image_index) +{ + u16 varname[13]; /* u"FmpStateXXXX" */ + efi_status_t ret; + efi_guid_t *image_type_id; + struct fmp_state var_state = { 0 }; + + image_type_id = efi_firmware_get_image_type_id(image_index); + if (!image_type_id) + return EFI_INVALID_PARAMETER; + + efi_create_indexed_name(varname, sizeof(varname), "FmpState", + image_index); + + /* + * Only the fw_version is set here. + * lowest_supported_version in FmpState variable is ignored since + * it can be tampered if the file based EFI variable storage is used. + */ + var_state.fw_version = state->fw_version; + + ret = efi_set_variable_int(varname, image_type_id, + EFI_VARIABLE_READ_ONLY | + EFI_VARIABLE_NON_VOLATILE | + EFI_VARIABLE_BOOTSERVICE_ACCESS | + EFI_VARIABLE_RUNTIME_ACCESS, + sizeof(var_state), &var_state, false); + + return ret; +} + +/** + * efi_firmware_get_fw_version - get fw_version from FMP payload header + * @p_image: Pointer to new image + * @p_image_size: Pointer to size of new image + * @state: Pointer to fmp state + * + * Parse the FMP payload header and fill the fmp_state structure. + * If no FMP payload header is found, fmp_state structure is not updated. + * + */ +static void efi_firmware_get_fw_version(const void **p_image, + efi_uintn_t *p_image_size, + struct fmp_state *state) +{ + const struct fmp_payload_header *header; + u32 fmp_hdr_signature = FMP_PAYLOAD_HDR_SIGNATURE; + + header = *p_image; + if (header->signature == fmp_hdr_signature) { + /* FMP header is inserted above the capsule payload */ + state->fw_version = header->fw_version; + + *p_image += header->header_size; + *p_image_size -= header->header_size; + } +} + +/** + * efi_firmware_verify_image - verify image + * @p_image: Pointer to new image + * @p_image_size: Pointer to size of new image + * @image_index: Image index + * @state: Pointer to fmp state + * + * Verify the capsule file + * + * Return: status code + */ +static +efi_status_t efi_firmware_verify_image(const void **p_image, + efi_uintn_t *p_image_size, + u8 image_index, + struct fmp_state *state) +{ + efi_status_t ret; + + ret = efi_firmware_capsule_authenticate(p_image, p_image_size); + efi_firmware_get_fw_version(p_image, p_image_size, state); + + return ret; +} + /** * efi_firmware_get_image_info - return information about the current * firmware image @@ -331,6 +449,7 @@ efi_status_t EFIAPI efi_firmware_fit_set_image( u16 **abort_reason) { efi_status_t status; + struct fmp_state state = { 0 }; EFI_ENTRY("%p %d %p %zu %p %p %p\n", this, image_index, image, image_size, vendor_code, progress, abort_reason); @@ -338,13 +457,16 @@ efi_status_t EFIAPI efi_firmware_fit_set_image( if (!image || image_index != 1) return EFI_EXIT(EFI_INVALID_PARAMETER); - status = efi_firmware_capsule_authenticate(&image, &image_size); + status = efi_firmware_verify_image(&image, &image_size, image_index, + &state); if (status != EFI_SUCCESS) return EFI_EXIT(status); if (fit_update(image)) return EFI_EXIT(EFI_DEVICE_ERROR); + efi_firmware_set_fmp_state_var(&state, image_index); + return EFI_EXIT(EFI_SUCCESS); } @@ -392,6 +514,7 @@ efi_status_t EFIAPI efi_firmware_raw_set_image( { int ret; efi_status_t status; + struct fmp_state state = { 0 }; EFI_ENTRY("%p %d %p %zu %p %p %p\n", this, image_index, image, image_size, vendor_code, progress, abort_reason); @@ -399,7 +522,8 @@ efi_status_t EFIAPI efi_firmware_raw_set_image( if (!image) return EFI_EXIT(EFI_INVALID_PARAMETER); - status = efi_firmware_capsule_authenticate(&image, &image_size); + status = efi_firmware_verify_image(&image, &image_size, image_index, + &state); if (status != EFI_SUCCESS) return EFI_EXIT(status); @@ -419,6 +543,8 @@ efi_status_t EFIAPI efi_firmware_raw_set_image( NULL, NULL)) return EFI_EXIT(EFI_DEVICE_ERROR); + efi_firmware_set_fmp_state_var(&state, image_index); + return EFI_EXIT(EFI_SUCCESS); } From patchwork Wed May 31 03:35:16 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Masahisa Kojima X-Patchwork-Id: 687222 Delivered-To: patch@linaro.org Received: by 2002:a5d:4d8a:0:0:0:0:0 with SMTP id b10csp1054655wru; Tue, 30 May 2023 20:36:41 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ6RreKDTjcIeI/PrM1+4/XzbOQ3f7lguBCZMsBsmWpFsjSDrBeNxi10/GJoPaRxXzj7bTzS X-Received: by 2002:a9d:7446:0:b0:6ac:6fd8:1e4 with SMTP id p6-20020a9d7446000000b006ac6fd801e4mr978217otk.8.1685504200995; Tue, 30 May 2023 20:36:40 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1685504200; cv=none; d=google.com; s=arc-20160816; b=yLxghY+g54PmolmEXQF/fwX4b7Qzv1r5JiQDq5Q/fxOtH6W6J2qpQJvxu1TOuqE4JZ xjtrcGVizU7UuaWqlsVRFr+7zbwYjYQEub+FkhEzm566oNL5OFFSy/cAyEbCCZ/8o9mU nCt2TQzeYw5htge46Lu+h6aGPqk1cyZTAzqMlNT+3Q8kxYTz2UdfDV9FEm/pGZU4pRVo T4NIEBJdWimSI+LtG5IMzCXWknRmz5tGj+NbWU/IecdWleE9mkGRnAXxGKguO8zYPNrJ n1k6rGeRLDczznxCHFFd4XGf/ywAtFbLdEa4C71H77NxO8DTd2T3slq5H5NbMik+o9VC zkrA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:content-transfer-encoding :mime-version:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=n0Z04dWPgPckxWdjfSL17/6m3hBT++D2uJu2TYzne6g=; b=nybGMFpjRZpy+IaqY44IGN22czjxKw4W1ICswvljRjNRPefA0GWuYx+s80gvqY19Oq Itk/g3nO4h1s8dYe4uFdzU7BGGPpHO9dH2WNTgiuTBmKCyDyHLV4/5CgwDkmgmIYL3Lh E0R4xf2wIORqx3LUFcqJFPSjJ5vL+aCSyIgB2hmRvTrM7ToPHvhnqgi6ahZnj64jyngX n+sQRREpMzkRVzQGpOsLZT460B/OWPY4JqM1bfaq3/rYXr3gg1uk4PpusciBw+mEocPh 3cyIIVb5qRJPifKbMYJNextbvZO3sFEcwGV+WHs9vgxOm4obifT6jRtUCouNBg/rFRNY //wg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=PiOFuBpQ; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from phobos.denx.de (phobos.denx.de. [2a01:238:438b:c500:173d:9f52:ddab:ee01]) by mx.google.com with ESMTPS id f9-20020aa79d89000000b0064f6c2c05besi2856893pfq.108.2023.05.30.20.36.39 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 30 May 2023 20:36:40 -0700 (PDT) Received-SPF: pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) client-ip=2a01:238:438b:c500:173d:9f52:ddab:ee01; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=PiOFuBpQ; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 2898A861C0; Wed, 31 May 2023 05:36:07 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="PiOFuBpQ"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id C578486093; Wed, 31 May 2023 05:35:59 +0200 (CEST) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.2 Received: from mail-oi1-x22c.google.com (mail-oi1-x22c.google.com [IPv6:2607:f8b0:4864:20::22c]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id 2504286093 for ; Wed, 31 May 2023 05:35:57 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=masahisa.kojima@linaro.org Received: by mail-oi1-x22c.google.com with SMTP id 5614622812f47-397f13944f2so3624584b6e.0 for ; Tue, 30 May 2023 20:35:57 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1685504155; x=1688096155; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=n0Z04dWPgPckxWdjfSL17/6m3hBT++D2uJu2TYzne6g=; b=PiOFuBpQjGyeBAt9wxuCLoTylMdZL/l6U1DSfzCyckMzPpg8BLPz/PZW1q5jjuNeMk PQKo+xErn81ZaBE+UaW/AOe/mcg/5m7wpMCwT/WMPCkxE3tdvvGSGIhvE6rK+5DaIGUt gOD/XhRMpnu7Ik5vFfE+8SbjHq4LrwWIRlWl42U06lUMD5pqdkXE4/9jNX1QB3yG5z8o wzkoVZY5B/MBklulY56L1Pzkhc4mWW2i8urnVMnj4bE8U49zmhRwaNqIxknf5TaezHh0 q7+nMPLnuO2WMXgocPNCYqMIQLAZD2wC1Q9YTNZI+PfWJPO15gxRHX4lGS5B+vgF6eNL SHNg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1685504155; x=1688096155; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=n0Z04dWPgPckxWdjfSL17/6m3hBT++D2uJu2TYzne6g=; b=ciTZWnvZtYm0L8mRvJEzh1sknAB1ZnPU8WaPu5r08g8malSluigLf4uiT+XULJlVd8 2q7C+jebG6xcwl/CnfNhUHnRimY0WwFt1kqFr4dIGBsM0oIX6BLH+99vEOkvc/ufqmGW EOdtMBaFTPzHdT1kzrEzODp9IHpIQpocVdB755WgJ/QK7VKjbsrvG6QWbwTtD/LUSeyU 3qFqy6tEIGaF1IS69YWzNmdrQAGbc0As8hIAucPynbbLn9R+VAU6s+JOa2mTf/GpR0/u JplV5HoHI11D/Ds7sik97t1tkmpKnKJLq02qoAS2Qi8cA7CmlQqR/UlVH6qe02qkSCir 79OA== X-Gm-Message-State: AC+VfDxY9mzYX17pfoYQi+x1G03t86lXcEgAoylJYSrDd5wJ2GN7JXFg IPkOr9mOyj0ze6z/xHVGV59K8HhFTC5Io1w8hOM= X-Received: by 2002:a05:6808:124e:b0:398:139f:fed7 with SMTP id o14-20020a056808124e00b00398139ffed7mr3129847oiv.8.1685504155177; Tue, 30 May 2023 20:35:55 -0700 (PDT) Received: from ubuntu-SVE15129CJS.. ([240d:1a:cf7:5800:b037:3ab0:51c1:7dff]) by smtp.gmail.com with ESMTPSA id b4-20020a170902d30400b001b0395c3ffasm85709plc.180.2023.05.30.20.35.53 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 30 May 2023 20:35:54 -0700 (PDT) From: Masahisa Kojima To: u-boot@lists.denx.de Cc: Heinrich Schuchardt , Ilias Apalodimas , Simon Glass , Takahiro Akashi , Masahisa Kojima Subject: [PATCH v7 03/10] efi_loader: versioning support in GetImageInfo Date: Wed, 31 May 2023 12:35:16 +0900 Message-Id: <20230531033523.1581973-4-masahisa.kojima@linaro.org> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20230531033523.1581973-1-masahisa.kojima@linaro.org> References: <20230531033523.1581973-1-masahisa.kojima@linaro.org> MIME-Version: 1.0 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.39 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.8 at phobos.denx.de X-Virus-Status: Clean Current FMP->GetImageInfo() always return 0 for the firmware version, user can not identify which firmware version is currently running through the EFI interface. This commit reads the "FmpStateXXXX" EFI variable, then fills the firmware version in FMP->GetImageInfo(). Now FMP->GetImageInfo() and ESRT have the meaningful version number. Signed-off-by: Masahisa Kojima Reviewed-by: Ilias Apalodimas --- No update since v6 Changes in v6: - create function to fill the version information lib/efi_loader/efi_firmware.c | 41 ++++++++++++++++++++++++++++++----- 1 file changed, 35 insertions(+), 6 deletions(-) diff --git a/lib/efi_loader/efi_firmware.c b/lib/efi_loader/efi_firmware.c index a798d380a3..5b71a2fcc9 100644 --- a/lib/efi_loader/efi_firmware.c +++ b/lib/efi_loader/efi_firmware.c @@ -144,6 +144,39 @@ efi_status_t EFIAPI efi_firmware_set_package_info_unsupported( return EFI_EXIT(EFI_UNSUPPORTED); } +/** + * efi_firmware_fill_version_info - fill the version information + * @image_info: Image information + * @fw_array: Pointer to size of new image + * + * Fill the version information into image_info strucrure. + * + */ +static +void efi_firmware_fill_version_info(struct efi_firmware_image_descriptor *image_info, + struct efi_fw_image *fw_array) +{ + u16 varname[13]; /* u"FmpStateXXXX" */ + efi_status_t ret; + efi_uintn_t size; + struct fmp_state var_state = { 0 }; + + efi_create_indexed_name(varname, sizeof(varname), "FmpState", + fw_array->image_index); + size = sizeof(var_state); + ret = efi_get_variable_int(varname, &fw_array->image_type_id, + NULL, &size, &var_state, NULL); + if (ret == EFI_SUCCESS) + image_info->version = var_state.fw_version; + else + image_info->version = 0; + + image_info->version_name = NULL; /* not supported */ + image_info->lowest_supported_image_version = 0; + image_info->last_attempt_version = 0; + image_info->last_attempt_status = LAST_ATTEMPT_STATUS_SUCCESS; +} + /** * efi_fill_image_desc_array - populate image descriptor array * @image_info_size: Size of @image_info @@ -193,11 +226,10 @@ static efi_status_t efi_fill_image_desc_array( image_info[i].image_index = fw_array[i].image_index; image_info[i].image_type_id = fw_array[i].image_type_id; image_info[i].image_id = fw_array[i].image_index; - image_info[i].image_id_name = fw_array[i].fw_name; - image_info[i].version = 0; /* not supported */ - image_info[i].version_name = NULL; /* not supported */ + efi_firmware_fill_version_info(&image_info[i], &fw_array[i]); + image_info[i].size = 0; image_info[i].attributes_supported = IMAGE_ATTRIBUTE_IMAGE_UPDATABLE | @@ -210,9 +242,6 @@ static efi_status_t efi_fill_image_desc_array( image_info[0].attributes_setting |= IMAGE_ATTRIBUTE_AUTHENTICATION_REQUIRED; - image_info[i].lowest_supported_image_version = 0; - image_info[i].last_attempt_version = 0; - image_info[i].last_attempt_status = LAST_ATTEMPT_STATUS_SUCCESS; image_info[i].hardware_instance = 1; image_info[i].dependencies = NULL; } From patchwork Wed May 31 03:35:17 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Masahisa Kojima X-Patchwork-Id: 687223 Delivered-To: patch@linaro.org Received: by 2002:a5d:4d8a:0:0:0:0:0 with SMTP id b10csp1054700wru; Tue, 30 May 2023 20:36:54 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ5okt2aURUb1zmO8FJjU5RDEL6h0zta43CsIb+Wpv5aM0uIfx0SCu69r/LhQjTQ+jweEK/k X-Received: by 2002:a05:6870:b145:b0:187:e50a:43b7 with SMTP id a5-20020a056870b14500b00187e50a43b7mr2265651oal.1.1685504213730; Tue, 30 May 2023 20:36:53 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1685504213; cv=none; d=google.com; s=arc-20160816; b=EfZaSyMRGjxcS2f1x4p5CfBW6zAlGl+NiDhmI/FvC4xa4d4avt4jm45pmEyqfMNPcp 1c1DG9dkBWti8NeGYptsixprA052R66nXnbPn6vThjQWzLNzOoJUjMcP01lePmw7kAWZ OR4k7l7xZEkTbRbA066JZClKLpv97LoOPGFeS1hmJporDh66mHHDeB3F+Zp3fZsfgAp6 Z+8tyVQ8fjWzC2RbaVT8SOYVTDm404+g39IlOQmCBCc6Pa1WNuTV0TS3jILf1jVbjvDs GBpg44gAcTEVhYIIQDe/kTQj/CLFeTISjQTYcV+l8pvWfOS2FT/pkBjX6+4jyDdNDEse Abog== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:content-transfer-encoding :mime-version:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=zHNH1e3DvXkdHTV1G1nA6dtwhOQUMXNT/LMvyWH6ix0=; b=RSzDd7kO55tcRRv/Qc7RO01pEYgiMD0iuXM/nEA78DnKs+2HqJKeEspRJ5aX18H26z 7eO5PJ+U+nbyQWlBXmq/CQ2YIvosgADvr4lJOmWQ39WF0NE4bYQ0Z4w0pX7YtL+g/LoZ vmjM31Qj6uqdX01ZYTg6fEG3auUh+N7p6XldrJlkvMFQyB0CBN+OTJkXQZZdKSTzE5ip qqsuKmniZhtP7314TkN3pucLcmPhKlZHIRFJbsgiaWQumaa+hzs8XfXfprc2kh3PYo10 ppweVEQ2tEok4hdG2mqUKDx4PWe2cxCyOi6vUWrQ+JSPjZ51Lja+XTiGjQ5xr1mXe7hr VE3A== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=D2M0nfIZ; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from phobos.denx.de (phobos.denx.de. [2a01:238:438b:c500:173d:9f52:ddab:ee01]) by mx.google.com with ESMTPS id j191-20020a6380c8000000b0053f23442f2bsi222807pgd.443.2023.05.30.20.36.52 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 30 May 2023 20:36:53 -0700 (PDT) Received-SPF: pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) client-ip=2a01:238:438b:c500:173d:9f52:ddab:ee01; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=D2M0nfIZ; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 339B886195; Wed, 31 May 2023 05:36:11 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="D2M0nfIZ"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id 737F3861A4; Wed, 31 May 2023 05:36:04 +0200 (CEST) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.2 Received: from mail-il1-x12c.google.com (mail-il1-x12c.google.com [IPv6:2607:f8b0:4864:20::12c]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id 2443F86130 for ; Wed, 31 May 2023 05:36:00 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=masahisa.kojima@linaro.org Received: by mail-il1-x12c.google.com with SMTP id e9e14a558f8ab-33b257651baso5872355ab.0 for ; Tue, 30 May 2023 20:36:00 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1685504158; x=1688096158; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=zHNH1e3DvXkdHTV1G1nA6dtwhOQUMXNT/LMvyWH6ix0=; b=D2M0nfIZeafRSPMWOQz34q5dEIoZ3FjUtM/UnQtC6Xs9VceiRyCPwdbzUtcufXCBev wYx+GNc7ycxCUCp/ADn7Y7jxn+FlMTOCRd2EVSt9NUG21sYDpFfL/vdBNtfKw5tQF8ZB KDmbVKHJNpHm+7FwKy3nfGwLHgFf0GnGZqUwGYwNlk0RbEQGsrD+5zo8Ya4xO/9rQqtc j8qvMM/ikh1UrgnDNSmC7KpH9MzJN1LXNusFhAvo7DXdQshGhHxsxzZilh5hkfvuayZ9 5t3ZBILssPaXkDQ0h6RBeod/68IHR6naQ3WB4nmJ9Yybshbd9JsIh6gRIEM1vKVzrill pl8A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1685504158; x=1688096158; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=zHNH1e3DvXkdHTV1G1nA6dtwhOQUMXNT/LMvyWH6ix0=; b=jZwmmseSgsFd6IFwjQUzafgYyVlyhkgK9qSNHN6eAZSMrDSSea57p6OCEaEqP/tF3K /K9tBTR0Cl+WEFCWM8LpI5eBUToyyHRWsB68nXEvFHQkkaZkZYqQEmrfKxaByF0Fxm0r 5gGKMsIzAj/G2RZeDetKGiboX3h+8mKZ+JBvDaLmEdqrdKHY4RhNj8GpAxyxW5GqGVzx c0dsRF4jPsW/tx3jkXqMNReGUm6eEPPZn0XLdzthaKcQwTxZ15PwVvxXrtbdKvwkWqvj aIlUrlo3UeDNnsCYZYRKIYhljArP/se6gDm53HjAUMV7Zt6p+JhsuHYiCLauNZGv41pz Woyw== X-Gm-Message-State: AC+VfDzd97hA44fv49CIAFdpcbgKIwGEZyvo/8KbOcvaukhog9oIs7A9 nWGLTUkEClqmNApE5LemODoEqmjGvr7Xb0v+n00= X-Received: by 2002:a92:d581:0:b0:33b:848:378b with SMTP id a1-20020a92d581000000b0033b0848378bmr1141014iln.8.1685504158520; Tue, 30 May 2023 20:35:58 -0700 (PDT) Received: from ubuntu-SVE15129CJS.. ([240d:1a:cf7:5800:b037:3ab0:51c1:7dff]) by smtp.gmail.com with ESMTPSA id b4-20020a170902d30400b001b0395c3ffasm85709plc.180.2023.05.30.20.35.56 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 30 May 2023 20:35:58 -0700 (PDT) From: Masahisa Kojima To: u-boot@lists.denx.de Cc: Heinrich Schuchardt , Ilias Apalodimas , Simon Glass , Takahiro Akashi , Masahisa Kojima Subject: [PATCH v7 04/10] efi_loader: get lowest supported version from device tree Date: Wed, 31 May 2023 12:35:17 +0900 Message-Id: <20230531033523.1581973-5-masahisa.kojima@linaro.org> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20230531033523.1581973-1-masahisa.kojima@linaro.org> References: <20230531033523.1581973-1-masahisa.kojima@linaro.org> MIME-Version: 1.0 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.39 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.8 at phobos.denx.de X-Virus-Status: Clean This commit gets the lowest supported version from device tree, then fills the lowest supported version in FMP->GetImageInfo(). Signed-off-by: Masahisa Kojima Reviewed-by: Ilias Apalodimas --- No update since v6 Changed in v6: - fw_version is removed from device tree .../firmware/firmware-version.txt | 22 ++++++++ lib/efi_loader/efi_firmware.c | 50 ++++++++++++++++++- 2 files changed, 71 insertions(+), 1 deletion(-) create mode 100644 doc/device-tree-bindings/firmware/firmware-version.txt diff --git a/doc/device-tree-bindings/firmware/firmware-version.txt b/doc/device-tree-bindings/firmware/firmware-version.txt new file mode 100644 index 0000000000..ee90ce3117 --- /dev/null +++ b/doc/device-tree-bindings/firmware/firmware-version.txt @@ -0,0 +1,22 @@ +firmware-version bindings +------------------------------- + +Required properties: +- image-type-id : guid for image blob type +- image-index : image index +- lowest-supported-version : lowest supported version + +Example: + + firmware-version { + image1 { + image-type-id = "09D7CF52-0720-4710-91D1-08469B7FE9C8"; + image-index = <1>; + lowest-supported-version = <3>; + }; + image2 { + image-type-id = "5A7021F5-FEF2-48B4-AABA-832E777418C0"; + image-index = <2>; + lowest-supported-version = <7>; + }; + }; diff --git a/lib/efi_loader/efi_firmware.c b/lib/efi_loader/efi_firmware.c index 5b71a2fcc9..ae631f49f7 100644 --- a/lib/efi_loader/efi_firmware.c +++ b/lib/efi_loader/efi_firmware.c @@ -144,6 +144,51 @@ efi_status_t EFIAPI efi_firmware_set_package_info_unsupported( return EFI_EXIT(EFI_UNSUPPORTED); } +/** + * efi_firmware_get_lsv_from_dtb - get lowest supported version from dtb + * @image_index: Image index + * @image_type_id: Image type id + * @lsv: Pointer to store the lowest supported version + * + * Read the firmware version information from dtb. + */ +static void efi_firmware_get_lsv_from_dtb(u8 image_index, + efi_guid_t *image_type_id, u32 *lsv) +{ + const void *fdt = gd->fdt_blob; + const fdt32_t *val; + const char *guid_str; + int len, offset, index; + int parent; + + *lsv = 0; + + parent = fdt_subnode_offset(fdt, 0, "firmware-version"); + if (parent < 0) + return; + + fdt_for_each_subnode(offset, fdt, parent) { + efi_guid_t guid; + + guid_str = fdt_getprop(fdt, offset, "image-type-id", &len); + if (!guid_str) + continue; + uuid_str_to_bin(guid_str, guid.b, UUID_STR_FORMAT_GUID); + + val = fdt_getprop(fdt, offset, "image-index", &len); + if (!val) + continue; + index = fdt32_to_cpu(*val); + + if (!guidcmp(&guid, image_type_id) && index == image_index) { + val = fdt_getprop(fdt, offset, + "lowest-supported-version", &len); + if (val) + *lsv = fdt32_to_cpu(*val); + } + } +} + /** * efi_firmware_fill_version_info - fill the version information * @image_info: Image information @@ -171,8 +216,11 @@ void efi_firmware_fill_version_info(struct efi_firmware_image_descriptor *image_ else image_info->version = 0; + efi_firmware_get_lsv_from_dtb(fw_array->image_index, + &fw_array->image_type_id, + &image_info->lowest_supported_image_version); + image_info->version_name = NULL; /* not supported */ - image_info->lowest_supported_image_version = 0; image_info->last_attempt_version = 0; image_info->last_attempt_status = LAST_ATTEMPT_STATUS_SUCCESS; } From patchwork Wed May 31 03:35:18 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Masahisa Kojima X-Patchwork-Id: 687224 Delivered-To: patch@linaro.org Received: by 2002:a5d:4d8a:0:0:0:0:0 with SMTP id b10csp1054754wru; Tue, 30 May 2023 20:37:07 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ7XqOtulVHI6ADe0OPPY77cP3cFCKVn6f6Ugee7qxwg7orGoS5+t3G2v0tgJmLn5zYbeWBG X-Received: by 2002:a05:6a00:188e:b0:645:b13e:e674 with SMTP id x14-20020a056a00188e00b00645b13ee674mr5633891pfh.26.1685504226846; Tue, 30 May 2023 20:37:06 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1685504226; cv=none; d=google.com; s=arc-20160816; b=JHqfmrpw6WiWtxTwSwX7Q7qsFcPWyEba7ybmWA8UimjM2VqYcjBpRmCAyRDMehdqWP CQtO4EbAMSvGuYEZQ8DthxlhenjQtNhy28Ob3olcp01JhmwSx5cjcjABN1fikRAbom+x LGw7Xx+ozMRIsOkgLxxvqTx9nG5Yor+F7p5O15bsUKBG+Ige+DIv1magtVBY11k+LPq0 PLTJ3/QYn0I1D4xoaNaSxgIq5iwWDGj18vNZXPaRc5V36f4EK0tQzJRto902epX1Mree W8OOeKXB2Ugde6chA92qqEyhOGCnFCT4ERSbma8cEEClA3y2XbJ6K+XVbF6ED1mxk+CA C8fA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:content-transfer-encoding :mime-version:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=LTBwBw26Zc8XKTPuHb10kzdVUi18Wuz4bZhDQZtyXSY=; b=e7BXnabHKkI85qLmwZIGiMaoL2w1CK8vm8Ytiwa65Max8IEZ2smGHiQLWKk5UuCylX XZDPivc8USyWzpsUV0GxsHRkG2TKu5VSJerUo5lJpR20D9OAAbRDEYYQn10Xc47nxMQM VanH+QFImDi2xHMkR8NDFhxEQZnmXKrU1eRM2eyk1gPudGXH/n4zNNz7RiWHWInXW5O1 wfdOChIAGZ3QsIbCi7rHnHdEtAihC6Z8/GTc64TrKSaB77iY3tFTwEP5GoiGV8moMvFV 796dABZuVIVUIf0vInn0Hi9+P+A+zUC7ybeAw7MyTeccelEUbg9LYnHGy2YrEMXX2njr BHxA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=LjV0XP8o; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 85.214.62.61 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from phobos.denx.de (phobos.denx.de. [85.214.62.61]) by mx.google.com with ESMTPS id g12-20020aa79f0c000000b0064a35829154si2830670pfr.343.2023.05.30.20.37.05 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 30 May 2023 20:37:06 -0700 (PDT) Received-SPF: pass (google.com: domain of u-boot-bounces@lists.denx.de designates 85.214.62.61 as permitted sender) client-ip=85.214.62.61; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=LjV0XP8o; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 85.214.62.61 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id A9B95861AC; Wed, 31 May 2023 05:36:13 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="LjV0XP8o"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id 8A4C486183; Wed, 31 May 2023 05:36:07 +0200 (CEST) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.2 Received: from mail-pl1-x62e.google.com (mail-pl1-x62e.google.com [IPv6:2607:f8b0:4864:20::62e]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id 176EF861A3 for ; Wed, 31 May 2023 05:36:04 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=masahisa.kojima@linaro.org Received: by mail-pl1-x62e.google.com with SMTP id d9443c01a7336-1b04706c974so23746785ad.2 for ; Tue, 30 May 2023 20:36:03 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1685504161; x=1688096161; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=LTBwBw26Zc8XKTPuHb10kzdVUi18Wuz4bZhDQZtyXSY=; b=LjV0XP8oEGw7W8tp7N3u3ctuy8bhPiKe7aLElUOWl8yw21DIrA7fWQsc5cL1t/BnNk eT4g/ro8jgYpOAQLXkBxrvb393vvOltMV0z5lZAzudHz3mtCxsEnnEuVALa5kr1rvj4z 7CCbhKn+hyox7Fch0yTJ8wXNZb9Uz/htQr9zOw0kuyOkfO6tsVc+XW/OfS2piXg9R44Z mUSTSpRZHoNa3VrNvjGbZ3XvF74amHyTaq1oCjunmlablqVJVJw9X8E0EkUfSlKhLWz/ O3oJxzwY5tdx58lcpjezimr9/cDkdV0IvHGAo9D51kO8h9fhmhHwIyfWIHbopmbn/er2 F0vQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1685504161; x=1688096161; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=LTBwBw26Zc8XKTPuHb10kzdVUi18Wuz4bZhDQZtyXSY=; b=jLOAvOnvINY66C+PhzBl3VeLawkY59GGlk4cw7AzfWcy1GxKmQk5RGg57W62ZTi6Pl wZEl670u20MhwoIDpKJA/elswK5dealn+TtMgoDD2kZk2Z3pNk0GBsWwhdgZwA9VuNfV cr+1f+EVNjLqkusq4+wPzyq3RWNWczFmETuxvZLbQxmspsfAWAai1TgRuP3bUDxcNBbR QQ/Ioptys+py61GznbrrDgLhnNSrRMqkLNlpFMLUGwh4coVfNtXLcfNzffwjQskI2PV4 oxIQvMKYb/XTeLnMj8CKVvdkOAj+ywCAu7+XOLXP6IaDYdL4kByFvcmtLZBufTs+G2Cw zmaA== X-Gm-Message-State: AC+VfDzylzn27B858WOAFWB4NJ1MTUfP1Ab2M9nSRJAqZ9Pm03F7MnxR OhGo3X89MmdyoQ594D+FXuh4Pi96n8/pC5kI5rQ= X-Received: by 2002:a17:902:ced1:b0:1b0:6038:2982 with SMTP id d17-20020a170902ced100b001b060382982mr4545852plg.41.1685504161125; Tue, 30 May 2023 20:36:01 -0700 (PDT) Received: from ubuntu-SVE15129CJS.. ([240d:1a:cf7:5800:b037:3ab0:51c1:7dff]) by smtp.gmail.com with ESMTPSA id b4-20020a170902d30400b001b0395c3ffasm85709plc.180.2023.05.30.20.35.59 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 30 May 2023 20:36:00 -0700 (PDT) From: Masahisa Kojima To: u-boot@lists.denx.de Cc: Heinrich Schuchardt , Ilias Apalodimas , Simon Glass , Takahiro Akashi , Masahisa Kojima Subject: [PATCH v7 05/10] efi_loader: check lowest supported version Date: Wed, 31 May 2023 12:35:18 +0900 Message-Id: <20230531033523.1581973-6-masahisa.kojima@linaro.org> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20230531033523.1581973-1-masahisa.kojima@linaro.org> References: <20230531033523.1581973-1-masahisa.kojima@linaro.org> MIME-Version: 1.0 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.39 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.8 at phobos.denx.de X-Virus-Status: Clean The FMP Payload Header which EDK II capsule generation scripts insert has a firmware version. This commit reads the lowest supported version stored in the device tree, then check if the firmware version in FMP payload header of the ongoing capsule is equal or greater than the lowest supported version. If the firmware version is lower than lowest supported version, capsule update will not be performed. Signed-off-by: Masahisa Kojima --- Changes in v7: - return immediately if efi_firmware_capsule_authenticate() fails Changes in v6: - get aligned to the latest implementation Changes in v5: - newly implement the device tree based versioning Changes in v4: - use log_err() instead of printf() Changes in v2: - add error message when the firmware version is lower than lowest supported version lib/efi_loader/efi_firmware.c | 19 ++++++++++++++++++- 1 file changed, 18 insertions(+), 1 deletion(-) diff --git a/lib/efi_loader/efi_firmware.c b/lib/efi_loader/efi_firmware.c index ae631f49f7..b557738370 100644 --- a/lib/efi_loader/efi_firmware.c +++ b/lib/efi_loader/efi_firmware.c @@ -419,7 +419,8 @@ static void efi_firmware_get_fw_version(const void **p_image, * @image_index: Image index * @state: Pointer to fmp state * - * Verify the capsule file + * Verify the capsule authentication and check if the fw_version + * is equal or greater than the lowest supported version. * * Return: status code */ @@ -429,11 +430,27 @@ efi_status_t efi_firmware_verify_image(const void **p_image, u8 image_index, struct fmp_state *state) { + u32 lsv; efi_status_t ret; + efi_guid_t *image_type_id; ret = efi_firmware_capsule_authenticate(p_image, p_image_size); + if (ret != EFI_SUCCESS) + return ret; + efi_firmware_get_fw_version(p_image, p_image_size, state); + image_type_id = efi_firmware_get_image_type_id(image_index); + if (!image_type_id) + return EFI_INVALID_PARAMETER; + + efi_firmware_get_lsv_from_dtb(image_index, image_type_id, &lsv); + if (state->fw_version < lsv) { + log_err("Firmware version %u too low. Expecting >= %u. Aborting update\n", + state->fw_version, lsv); + return EFI_INVALID_PARAMETER; + } + return ret; } From patchwork Wed May 31 03:35:19 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Masahisa Kojima X-Patchwork-Id: 687225 Delivered-To: patch@linaro.org Received: by 2002:a5d:4d8a:0:0:0:0:0 with SMTP id b10csp1054804wru; Tue, 30 May 2023 20:37:20 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ7eMkg0Fi2K/BAD3b2Q18P+/lg/h/virxD7CWThYypampW/7EtUiP1qh5hQhZi58v8qk+pj X-Received: by 2002:a05:6a21:78a6:b0:10f:1e5d:9045 with SMTP id bf38-20020a056a2178a600b0010f1e5d9045mr4745581pzc.45.1685504239813; Tue, 30 May 2023 20:37:19 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1685504239; cv=none; d=google.com; s=arc-20160816; b=d8R9mmvhqnFxAisiFPDlj6mhxieSVs9MHNKI47ZbD/+cZfNWQgcReg8zjiNwyTTfoS eSMqibXxTt+18hJCShx12Gkv7Vvkk62GZzLmzupwzq7qk/RXkO6e/WEavi7MmERqKM4v uYvtaWgZgLvAqMWd7rjA6U2oRA673FFhid5YOSmhkH1ojYKzjuXHDvAtURxGbTEDtBX+ ltuTnLbsBPSxtuLRMH1ycyLK/+lfczI7Eb/yjOgSGyHXSfAN1dar/uYx1zE3OdvBMXaO XBiTUW3Neqr2MSYyl1/HJTECCDoeDfIlKnhcRmmg0KKE9NSps/SRQiI/3Fcv6HDV4Wyc SJAA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:content-transfer-encoding :mime-version:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=MW7GFDppTaa4shPmyFzR8JHCQGmM/eby59Lo7pOvM6w=; b=gWXKHmpaJ1JsRVf2qnwXbrUXVqJXaz3HCtJgWyCJOjukXq+K8M1vH4pXaHydbxo4o6 Kt4pUWyFtl03FB3LIye/SW75SC+wH8WL1iBQMbw1UF4I/wRg8vXmGgqnIOKHEIpl+Lmj qnlzPf5QJoytHNfaEN1cXrshKlvIOKkP+tGRw8CYHLupoc7O5CslheYrifjBhPg7AnAe yi0gcAP7OJhou2TBpQ1D3GKO3nQCSq0LYKaiyoDIqFI9hoSUiC1vmO1OfRJ4q9Yo0MDr I7/p5CfowQ+JEnFMHrzZsb2KAXdkyxG7ELUgF0KuyGip1UIASxTKk+nrCyiBnEdZyJiz +sMQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=s3C2gtnm; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from phobos.denx.de (phobos.denx.de. [2a01:238:438b:c500:173d:9f52:ddab:ee01]) by mx.google.com with ESMTPS id 13-20020a170902c14d00b001b036adfdf7si162004plj.107.2023.05.30.20.37.18 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 30 May 2023 20:37:19 -0700 (PDT) Received-SPF: pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) client-ip=2a01:238:438b:c500:173d:9f52:ddab:ee01; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=s3C2gtnm; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 991A3861D6; Wed, 31 May 2023 05:36:21 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="s3C2gtnm"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id E227E861AC; Wed, 31 May 2023 05:36:11 +0200 (CEST) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.2 Received: from mail-yb1-xb35.google.com (mail-yb1-xb35.google.com [IPv6:2607:f8b0:4864:20::b35]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id 3F165861AF for ; Wed, 31 May 2023 05:36:06 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=masahisa.kojima@linaro.org Received: by mail-yb1-xb35.google.com with SMTP id 3f1490d57ef6-bacf685150cso9424150276.3 for ; Tue, 30 May 2023 20:36:06 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1685504164; x=1688096164; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=MW7GFDppTaa4shPmyFzR8JHCQGmM/eby59Lo7pOvM6w=; b=s3C2gtnmT0E4Gi8vIH7wvYrnJcVKIVjCWklY8nnpKPjHdGA9VvPo31pZQ7cWzv8Hfc 7FoZKflpiqO/DTIuB3WuqIA6luKkeam6DZAa2GiKm6QGG6GOL+p/aHPwb2J2avPDcg1P PObKKorKNdDPfxkTHkO9w1q8F4dKufbMAj+Hnfiydz21pXqQ9VsIJP/KC+FElkJWHRSR nJyg0ejdviaZSs52OyFbawYjDhGzu48XEo270erBcdtjzHpAYiJH2zyg+vOVfs39TxTT hKUNtVPnDxbGE6gKBVVhoULeEg5OdvO3H+tvWflExjhA8/MD2X9X1dBBKTe1zAQWoVqV Gdew== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1685504164; x=1688096164; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=MW7GFDppTaa4shPmyFzR8JHCQGmM/eby59Lo7pOvM6w=; b=fOV5iuPcMp/Gx3iFkGPC2j35zUjzqRx+XWCNhmdsG5ulwVasBh8qlf0YIsf3Zsc/ip H7VVeSdkZh2pDp5sB5JCHhWCOSVGXT5Kcx7WfQra7pEMv6/KddtF4ffBnM4pFbcVL0mQ s0XR1nypBG4np34yk0kfJ/ewc7lksu0t+byNDd0/ziU6Ljwqb/8DdW4o8h9H3/c23QCF SoRniS86sEeOpcEskNiTOSl8oVK0LJkcP77zz3cMXOCDaTpLFsryZq6X7QuHS7m15aGF sLxLvWN7ys9CXqzJEjnHJOvXkEjk+hyF4Auf9Qrfxadk40GluKCeVLbx2k/IovKG4GKv 6T3Q== X-Gm-Message-State: AC+VfDwuZpYnUK3ukMmoHlIizDowJ3xXmjD9pL2B/3ojUD9Sa0CUJbsu OYtDh6lOc5EYzJp7Z0rpBWS6HtwXLMR/nXL8h9A= X-Received: by 2002:a25:aac8:0:b0:bac:828a:e13f with SMTP id t66-20020a25aac8000000b00bac828ae13fmr4954667ybi.15.1685504164347; Tue, 30 May 2023 20:36:04 -0700 (PDT) Received: from ubuntu-SVE15129CJS.. ([240d:1a:cf7:5800:b037:3ab0:51c1:7dff]) by smtp.gmail.com with ESMTPSA id b4-20020a170902d30400b001b0395c3ffasm85709plc.180.2023.05.30.20.36.02 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 30 May 2023 20:36:03 -0700 (PDT) From: Masahisa Kojima To: u-boot@lists.denx.de Cc: Heinrich Schuchardt , Ilias Apalodimas , Simon Glass , Takahiro Akashi , Masahisa Kojima , Sughosh Ganu , Etienne Carriere Subject: [PATCH v7 06/10] mkeficapsule: add FMP Payload Header Date: Wed, 31 May 2023 12:35:19 +0900 Message-Id: <20230531033523.1581973-7-masahisa.kojima@linaro.org> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20230531033523.1581973-1-masahisa.kojima@linaro.org> References: <20230531033523.1581973-1-masahisa.kojima@linaro.org> MIME-Version: 1.0 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.39 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.8 at phobos.denx.de X-Virus-Status: Clean Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima Acked-by: Ilias Apalodimas --- No update since v5 Changes in v5: - remove --lsv since we use the lowest_supported_version in the dtb Changes in v3: - remove '-f' option - move some definitions into tools/eficapsule.h - add dependency check of fw_version and lowest_supported_version - remove unexpected modification of existing fprintf() call - add documentation Newly created in v2 doc/mkeficapsule.1 | 10 ++++++++++ tools/eficapsule.h | 30 ++++++++++++++++++++++++++++++ tools/mkeficapsule.c | 37 +++++++++++++++++++++++++++++++++---- 3 files changed, 73 insertions(+), 4 deletions(-) diff --git a/doc/mkeficapsule.1 b/doc/mkeficapsule.1 index 1ca245a10f..c4c2057d5c 100644 --- a/doc/mkeficapsule.1 +++ b/doc/mkeficapsule.1 @@ -61,6 +61,16 @@ Specify an image index .BI "-I\fR,\fB --instance " instance Specify a hardware instance +.PP +FMP Payload Header is inserted right before the payload if +.BR --fw-version +is specified + + +.TP +.BI "-v\fR,\fB --fw-version " firmware-version +Specify a firmware version, 0 if omitted + .PP For generation of firmware accept empty capsule .BR --guid diff --git a/tools/eficapsule.h b/tools/eficapsule.h index 072a4b5598..753fb73313 100644 --- a/tools/eficapsule.h +++ b/tools/eficapsule.h @@ -113,4 +113,34 @@ struct efi_firmware_image_authentication { struct win_certificate_uefi_guid auth_info; } __packed; +/* fmp payload header */ +#define SIGNATURE_16(A, B) ((A) | ((B) << 8)) +#define SIGNATURE_32(A, B, C, D) \ + (SIGNATURE_16(A, B) | (SIGNATURE_16(C, D) << 16)) + +#define FMP_PAYLOAD_HDR_SIGNATURE SIGNATURE_32('M', 'S', 'S', '1') + +/** + * struct fmp_payload_header - EDK2 header for the FMP payload + * + * This structure describes the header which is preprended to the + * FMP payload by the edk2 capsule generation scripts. + * + * @signature: Header signature used to identify the header + * @header_size: Size of the structure + * @fw_version: Firmware versions used + * @lowest_supported_version: Lowest supported version (not used) + */ +struct fmp_payload_header { + uint32_t signature; + uint32_t header_size; + uint32_t fw_version; + uint32_t lowest_supported_version; +}; + +struct fmp_payload_header_params { + bool have_header; + uint32_t fw_version; +}; + #endif /* _EFI_CAPSULE_H */ diff --git a/tools/mkeficapsule.c b/tools/mkeficapsule.c index b71537beee..52be1f122e 100644 --- a/tools/mkeficapsule.c +++ b/tools/mkeficapsule.c @@ -41,6 +41,7 @@ static struct option options[] = { {"guid", required_argument, NULL, 'g'}, {"index", required_argument, NULL, 'i'}, {"instance", required_argument, NULL, 'I'}, + {"fw-version", required_argument, NULL, 'v'}, {"private-key", required_argument, NULL, 'p'}, {"certificate", required_argument, NULL, 'c'}, {"monotonic-count", required_argument, NULL, 'm'}, @@ -60,6 +61,7 @@ static void print_usage(void) "\t-g, --guid guid for image blob type\n" "\t-i, --index update image index\n" "\t-I, --instance update hardware instance\n" + "\t-v, --fw-version firmware version\n" "\t-p, --private-key private key file\n" "\t-c, --certificate signer's certificate file\n" "\t-m, --monotonic-count monotonic count\n" @@ -402,6 +404,7 @@ static void free_sig_data(struct auth_context *ctx) */ static int create_fwbin(char *path, char *bin, efi_guid_t *guid, unsigned long index, unsigned long instance, + struct fmp_payload_header_params *fmp_ph_params, uint64_t mcount, char *privkey_file, char *cert_file, uint16_t oemflags) { @@ -410,10 +413,11 @@ static int create_fwbin(char *path, char *bin, efi_guid_t *guid, struct efi_firmware_management_capsule_image_header image; struct auth_context auth_context; FILE *f; - uint8_t *data; + uint8_t *data, *new_data, *buf; off_t bin_size; uint64_t offset; int ret; + struct fmp_payload_header payload_header; #ifdef DEBUG fprintf(stderr, "For output: %s\n", path); @@ -423,6 +427,7 @@ static int create_fwbin(char *path, char *bin, efi_guid_t *guid, auth_context.sig_size = 0; f = NULL; data = NULL; + new_data = NULL; ret = -1; /* @@ -431,12 +436,30 @@ static int create_fwbin(char *path, char *bin, efi_guid_t *guid, if (read_bin_file(bin, &data, &bin_size)) goto err; + buf = data; + + /* insert fmp payload header right before the payload */ + if (fmp_ph_params->have_header) { + new_data = malloc(bin_size + sizeof(payload_header)); + if (!new_data) + goto err; + + payload_header.signature = FMP_PAYLOAD_HDR_SIGNATURE; + payload_header.header_size = sizeof(payload_header); + payload_header.fw_version = fmp_ph_params->fw_version; + payload_header.lowest_supported_version = 0; /* not used */ + memcpy(new_data, &payload_header, sizeof(payload_header)); + memcpy(new_data + sizeof(payload_header), data, bin_size); + buf = new_data; + bin_size += sizeof(payload_header); + } + /* first, calculate signature to determine its size */ if (privkey_file && cert_file) { auth_context.key_file = privkey_file; auth_context.cert_file = cert_file; auth_context.auth.monotonic_count = mcount; - auth_context.image_data = data; + auth_context.image_data = buf; auth_context.image_size = bin_size; if (create_auth_data(&auth_context)) { @@ -536,7 +559,7 @@ static int create_fwbin(char *path, char *bin, efi_guid_t *guid, /* * firmware binary */ - if (write_capsule_file(f, data, bin_size, "Firmware binary")) + if (write_capsule_file(f, buf, bin_size, "Firmware binary")) goto err; ret = 0; @@ -545,6 +568,7 @@ err: fclose(f); free_sig_data(&auth_context); free(data); + free(new_data); return ret; } @@ -644,6 +668,7 @@ int main(int argc, char **argv) unsigned long oemflags; char *privkey_file, *cert_file; int c, idx; + struct fmp_payload_header_params fmp_ph_params = { 0 }; guid = NULL; index = 0; @@ -679,6 +704,10 @@ int main(int argc, char **argv) case 'I': instance = strtoul(optarg, NULL, 0); break; + case 'v': + fmp_ph_params.fw_version = strtoul(optarg, NULL, 0); + fmp_ph_params.have_header = true; + break; case 'p': if (privkey_file) { fprintf(stderr, @@ -751,7 +780,7 @@ int main(int argc, char **argv) exit(EXIT_FAILURE); } } else if (create_fwbin(argv[argc - 1], argv[argc - 2], guid, - index, instance, mcount, privkey_file, + index, instance, &fmp_ph_params, mcount, privkey_file, cert_file, (uint16_t)oemflags) < 0) { fprintf(stderr, "Creating firmware capsule failed\n"); exit(EXIT_FAILURE); From patchwork Wed May 31 03:35:20 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Masahisa Kojima X-Patchwork-Id: 687226 Delivered-To: patch@linaro.org Received: by 2002:a5d:4d8a:0:0:0:0:0 with SMTP id b10csp1054837wru; Tue, 30 May 2023 20:37:32 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ7ZisSg3p/12VSH0VmZ+I+n8TPb6OxPtroOlHz+I2NxMGzrKvP6j/M8D8gX32C8E9DI8oE8 X-Received: by 2002:a05:6870:7811:b0:18e:9101:733b with SMTP id hb17-20020a056870781100b0018e9101733bmr3644016oab.14.1685504251941; Tue, 30 May 2023 20:37:31 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1685504251; cv=none; d=google.com; s=arc-20160816; b=jQaa+8sbSnV0VOYRC0xJe/4XLZaZANbPNOl0x9UrM4Sr8qhUHylkrw0n5SCLScsK8l IWRhgTzB+c50MoxwAmYFNdR3azu4LvUMaU44tpnafG9xWXi7MbXjqFshYevmIVD8sxzC SEmpI8XT2lW3T2ryJ0kB7z+dTiz+crPecGj7s/YI1T6DLo30OfmhRjBfM3BPGvj2sGWr ewWKUNOa5zjlHcqqkVYVPJLe1RXjmiJCF42C5dVw3PXrGrdup/xmn678dbijbVodbDJz wn+ysPyYDlWoPdwyKeXswopfVco5ogJLZHxj/YcGcV3zTdS+wwV16dbJv5HpMNRtV4b7 TcJA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:content-transfer-encoding :mime-version:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=QqgSJOwm6GiaHr3eYjLepn+GTPMqA5HG3ixedQahIEs=; b=C5xwsmsIfI54U0Ez0dBV0QZviVQerRMY60iGRX25I4X3pbhIfYLATpFmFmbGUunfdw rYC7lhHbJtbjcQNVT1ca82ExQpj05JIXZB9Hvkf1COM3s4SsacnZ6JGAeHqs2nlKEiia VGc81roAL666Q/hO/bFNmR1Z57Ipl3LYLzU+ThWsoe1Ec7boSep8smTAfERb2C2dnWxS jYaP9MMnB5n47eHM6UhXrzRTTLzcVJ7OHAyWUkk4exU4GyFrUj4gzLuUpb1o0KHNHHij 9QKZqoFKWb7NyHHrDFa1yPR6TCRIPOGfVcNaqiTq/3353OXtM/AephO7bX7c5yl4byRc j5mA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=g7Lwz7ZQ; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from phobos.denx.de (phobos.denx.de. [2a01:238:438b:c500:173d:9f52:ddab:ee01]) by mx.google.com with ESMTPS id h190-20020a636cc7000000b0053059dfafe4si248486pgc.86.2023.05.30.20.37.30 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 30 May 2023 20:37:31 -0700 (PDT) Received-SPF: pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) client-ip=2a01:238:438b:c500:173d:9f52:ddab:ee01; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=g7Lwz7ZQ; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 4390086116; Wed, 31 May 2023 05:36:24 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="g7Lwz7ZQ"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id AB034861C2; Wed, 31 May 2023 05:36:12 +0200 (CEST) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.2 Received: from mail-oa1-x2f.google.com (mail-oa1-x2f.google.com [IPv6:2001:4860:4864:20::2f]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id B0C9086116 for ; Wed, 31 May 2023 05:36:08 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=masahisa.kojima@linaro.org Received: by mail-oa1-x2f.google.com with SMTP id 586e51a60fabf-19f6f8c8283so2097390fac.3 for ; Tue, 30 May 2023 20:36:08 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1685504167; x=1688096167; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=QqgSJOwm6GiaHr3eYjLepn+GTPMqA5HG3ixedQahIEs=; b=g7Lwz7ZQclmMrc7utHAsFGJEasRsntHumDsJBGApc0V0rKjIkdKWsKDNssHkQNdcea 7iCYilylg/xH1i87Orp70YE1t/KOpqVMIVah14BtKuBEEn3q++vWvZNt9jG0HWor0llA CDSVoK/Y6BnjW10CLQ1zGfzSLewCHMarg9/5sOuLmsL8baZh4hlYjg50xTVPqmzfc99s IoYn5moMscw3FW7eXxX/YPAuZB9peZG5LvXEly0m+XU+64wJhCqkDSj0EeHTLBu0NMQB +E8pAVSEHkH7E8DlGS2ptDru3VD/tMSwg3uKVGsm/RYw7/YxGCYd5li27H38asCfBBLm OqkA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1685504167; x=1688096167; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=QqgSJOwm6GiaHr3eYjLepn+GTPMqA5HG3ixedQahIEs=; b=fjYz2TOh31FoM/6qxuB/oId8dK8SogMHjFJG1eygIn9x1y5ykeza46dxhiTPD2p4WU x3Ml8GVm9CUEJpAuS123WizAIFm3ycXGhd2QHGHs8l+k/g0oJyeYeBPOBr0N5L9YrEK9 7UfVpULaBzg8SnOaI681723Y7+KW2ZsYIZWvSHLwahZIpO+z8PtpvGXohn+3/9S1Txh0 O3UyiXZI6f8HQ4kghsQoqMEXnbn1I70sJ3fl3VUad/KwDdbBQsxstaAAbJU8E8Jgb8XP WZTThWylRx1xia8eW6YILSquwXW8PZhloVsQ0ahG+r1V4ud5XXN2u4Dj0mjPwKive97Q VwsQ== X-Gm-Message-State: AC+VfDxyqLi3j8U+OSzDXzuAdE9VSugmZxb6fCTwHYxi4/zXSMVGKJQ8 ZRniUrSpODY1OQyRwHt8xY72dte4Rzll3gy3JHQ= X-Received: by 2002:aca:100f:0:b0:398:50f1:ad17 with SMTP id 15-20020aca100f000000b0039850f1ad17mr2455632oiq.4.1685504167046; Tue, 30 May 2023 20:36:07 -0700 (PDT) Received: from ubuntu-SVE15129CJS.. ([240d:1a:cf7:5800:b037:3ab0:51c1:7dff]) by smtp.gmail.com with ESMTPSA id b4-20020a170902d30400b001b0395c3ffasm85709plc.180.2023.05.30.20.36.05 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 30 May 2023 20:36:06 -0700 (PDT) From: Masahisa Kojima To: u-boot@lists.denx.de Cc: Heinrich Schuchardt , Ilias Apalodimas , Simon Glass , Takahiro Akashi , Masahisa Kojima Subject: [PATCH v7 07/10] doc: uefi: add firmware versioning documentation Date: Wed, 31 May 2023 12:35:20 +0900 Message-Id: <20230531033523.1581973-8-masahisa.kojima@linaro.org> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20230531033523.1581973-1-masahisa.kojima@linaro.org> References: <20230531033523.1581973-1-masahisa.kojima@linaro.org> MIME-Version: 1.0 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.39 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.8 at phobos.denx.de X-Virus-Status: Clean This commit describes the procedure to add the firmware version into the capsule file. Signed-off-by: Masahisa Kojima --- Changes in v7: - move documentation into "Creating a capsule file" - cleary describe the --fw-version option Newly created in v6 doc/develop/uefi/uefi.rst | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) diff --git a/doc/develop/uefi/uefi.rst b/doc/develop/uefi/uefi.rst index ffe25ca231..30b90a09d5 100644 --- a/doc/develop/uefi/uefi.rst +++ b/doc/develop/uefi/uefi.rst @@ -318,6 +318,33 @@ Run the following command --guid \ +The UEFI specification does not define the firmware versioning mechanism. +EDK II reference implementation inserts the FMP Payload Header right before +the payload. It coutains the fw_version and lowest supported version, +EDK II reference implementation uses these information to implement the +firmware versioning and anti-rollback protection, the firmware version and +lowest supported version is stored into EFI non-volatile variable. + +In U-Boot, the firmware versioning is implemented utilizing +the FMP Payload Header same as EDK II reference implementation, +reads the FMP Payload Header and stores the firmware version into +"FmpStateXXXX" EFI non-volatile variable. XXXX indicates the image index, +since FMP protocol handles multiple image indexes. + +To add the fw_version into the FMP Payload Header, +add --fw-version option in mkeficapsule tool. + +.. code-block:: console + + $ mkeficapsule \ + --index --instance 0 \ + --guid \ + --fw-version 5 \ + + +If the --fw-version option is not set, FMP Payload Header is not inserted +and fw_version is set as 0. + Performing the update ********************* From patchwork Wed May 31 03:35:21 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Masahisa Kojima X-Patchwork-Id: 687227 Delivered-To: patch@linaro.org Received: by 2002:a5d:4d8a:0:0:0:0:0 with SMTP id b10csp1054877wru; Tue, 30 May 2023 20:37:44 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ5e2yIA3O/H+zFd1zrtJ0nXrOBAF5dfWGIwVkOfoff5K+0AixGPp0i+8AkX1i20wzaYGCVf X-Received: by 2002:a05:6358:919c:b0:123:5851:f09f with SMTP id j28-20020a056358919c00b001235851f09fmr593063rwa.23.1685504263898; Tue, 30 May 2023 20:37:43 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1685504263; cv=none; d=google.com; s=arc-20160816; b=SRQkoLVOBm8o6iG2uk/2t/6nex9Md7ulL0woXwzt1kswXG9G7+HxuXyn4PH94/MRyz b71xVvTwQyZj91canCcfCjRrwZE8MCOcB0FhQbB7FBAIYsX93Vpb6uRCjJMjmleJ8+pe r3ZLAB2auGrbzwRgTV8kN8jN+/OPH7BsKU1ApgioxqnLOMyzkuy86YnF/ir4ovsduver jYPMML5AE4XI+MUY/PTdO6vp2cJO3SpkQFJJ0MpY1R+cENbd/UTDk+Hf1E7OTagLoPTt m3xuUCb58/IhJWDxs+yfinWBuiKK0phOTWEwXwzcIw8IeaEppdpFI/QDFGxybghZbwEi TF3w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:content-transfer-encoding :mime-version:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=ru095f4FwT6Uqe3ASe/q3BDrpLL4fomU05EebJHRAmI=; b=I7Uu8aIFSCQfW02e3BwTx+BNwrabSuOVe/VwuyzEyZZ5jGdsWp+v50ErKao8AyJIhP E1Q4IScjaGzGVHYwEAhkWx2u4ESakSRcCw8pLZIXwbIH/H0Bcq68H/Ga2anmdzNRAJTv aUJmNeXam+5pq+aAoQ5lKo1VXlUD25wtJkMnaGoNkXiZckd0DhDx/GrpJO5rme7WqtXW GkqaV5i6dVPDz3DUIG4ue245TKr1AIHV2/Mi/unqSDMHMafiUwpaKB0bctp40xfOJFW1 WGn55HJhBcAeyPVYA6CROGqjA7W8ipxWWKitk7Zl9oI1CrB8DWz2jaovlc5uxT9do5pq vILw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=fOqj5GRm; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from phobos.denx.de (phobos.denx.de. [2a01:238:438b:c500:173d:9f52:ddab:ee01]) by mx.google.com with ESMTPS id fv6-20020a17090b0e8600b00256bb961a29si268856pjb.35.2023.05.30.20.37.42 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 30 May 2023 20:37:43 -0700 (PDT) Received-SPF: pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) client-ip=2a01:238:438b:c500:173d:9f52:ddab:ee01; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=fOqj5GRm; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id E006F861BE; Wed, 31 May 2023 05:36:26 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="fOqj5GRm"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id EE4D4861B0; Wed, 31 May 2023 05:36:15 +0200 (CEST) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.2 Received: from mail-oo1-xc33.google.com (mail-oo1-xc33.google.com [IPv6:2607:f8b0:4864:20::c33]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id 855CE861A3 for ; Wed, 31 May 2023 05:36:11 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=masahisa.kojima@linaro.org Received: by mail-oo1-xc33.google.com with SMTP id 006d021491bc7-557ca32515eso2628909eaf.3 for ; Tue, 30 May 2023 20:36:11 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1685504169; x=1688096169; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=ru095f4FwT6Uqe3ASe/q3BDrpLL4fomU05EebJHRAmI=; b=fOqj5GRmoM0RSZZgX9Yy1ak+Cs1nz76O+4hfWcADKt7Z6biw/ZdU/N60bekpLNAouv JZzNNAI30yEcnA//GALToAC+dls+2Vx2o5YE2zQuCp6BVAzWbpGCWtY3D5AWCz8v5gsm 4dOG3r3MDQ9AdtQK/7HnTWdWlYXuizuCaezoa+xsj/b1whe1jK3rYXKwhqaoy2k4xDRi AxbPIYnlnlaTjyPC8VnoJHmnHO8amABYunnUicPHn8Mn1o66OS/30XVHTsZo8TZyewVb WdZ+hNcS4mQLjejTaVnNJHwjo7w1mg8OaCMOm3ui2j9+k6KCbsi1RQiZxBYPhJ9WewBs /x5w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1685504169; x=1688096169; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=ru095f4FwT6Uqe3ASe/q3BDrpLL4fomU05EebJHRAmI=; b=BnqiLFzjXrlf6NQ3I3FDEdDNvwrsq2RWL72z1JRA85j/PWTMxGk8UnD6AcdC09Wa3J awbpqRnJtE+JtSUKSp84ZfXuG+xQA6fB48FgNjIjKkalmp3SZZn2fVFULN+qW5B4w6A+ 1S+1w/v/mUtlbF1WkamaLaSsjHsT3V33jXgc/viWY8OvtQGpJglZQLu+wrXT7gocxnEl 1YaZWPd1MWX+WYpKpNpvSuHPYkXUQL4BXvXn+nXweCaKwKiJyol8FZPHf5CYUf3Pp/+v s6uufldbW3RFNa3d4vTenBRa86fuze+46JXGY8D0WqZKfrVxKWXdgbXrADiFbw49BNJQ weMA== X-Gm-Message-State: AC+VfDzExf/g8KhobnO6ixywbTyCYHPxP5Y3Un4xbgMmUZlvcw9PT7aB bgNQyOKID3DlnaSg/jTHECc0zGwDlWHUSJcBtxI= X-Received: by 2002:a05:6808:1386:b0:398:f32:9509 with SMTP id c6-20020a056808138600b003980f329509mr2457678oiw.41.1685504169691; Tue, 30 May 2023 20:36:09 -0700 (PDT) Received: from ubuntu-SVE15129CJS.. ([240d:1a:cf7:5800:b037:3ab0:51c1:7dff]) by smtp.gmail.com with ESMTPSA id b4-20020a170902d30400b001b0395c3ffasm85709plc.180.2023.05.30.20.36.07 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 30 May 2023 20:36:09 -0700 (PDT) From: Masahisa Kojima To: u-boot@lists.denx.de Cc: Heinrich Schuchardt , Ilias Apalodimas , Simon Glass , Takahiro Akashi , Masahisa Kojima Subject: [PATCH v7 08/10] doc: uefi: add anti-rollback documentation Date: Wed, 31 May 2023 12:35:21 +0900 Message-Id: <20230531033523.1581973-9-masahisa.kojima@linaro.org> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20230531033523.1581973-1-masahisa.kojima@linaro.org> References: <20230531033523.1581973-1-masahisa.kojima@linaro.org> MIME-Version: 1.0 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.39 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.8 at phobos.denx.de X-Virus-Status: Clean This commit describe the procedure to configure lowest supported version in the device tree for anti-rollback protection. Signed-off-by: Masahisa Kojima --- Changes in v7: - describe the usage Newly created in v6 doc/develop/uefi/uefi.rst | 39 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 39 insertions(+) diff --git a/doc/develop/uefi/uefi.rst b/doc/develop/uefi/uefi.rst index 30b90a09d5..ffd13cebe9 100644 --- a/doc/develop/uefi/uefi.rst +++ b/doc/develop/uefi/uefi.rst @@ -537,6 +537,45 @@ where signature.dts looks like:: }; }; +Anti-rollback Protection +************************ + +Anti-rollback prevents unintentional installation of outdated firmware. +To enable anti-rollback, you must add the lowest-supported-version property +to dtb and specify --fw-version when creating a capsule file with the +mkeficapsule tool. +When executing capsule update, U-Boot checks if fw_version is greater than +or equal to lowest-supported-version. If fw_version is less than +lowest-supported-version, the update will fail. +For example, if lowest-supported-version is set to 7 and you run capsule +update using a capsule file with --fw-version of 5, the update will fail. +When the --fw-version in the capsule file is updated, lowest-supported-version +in the dtb might be updated accordingly. + +To insert the lowest supported version into a dtb + +.. code-block:: console + + $ dtc -@ -I dts -O dtb -o version.dtbo version.dts + $ fdtoverlay -i orig.dtb -o new.dtb -v version.dtbo + +where version.dts looks like:: + + /dts-v1/; + /plugin/; + &{/} { + firmware-version { + image1 { + image-type-id = "09D7CF52-0720-4710-91D1-08469B7FE9C8"; + image-index = <1>; + lowest-supported-version = <3>; + }; + }; + }; + +The properties of image-type-id and image-index must match the value +defined in the efi_fw_image array as image_type_id and image_index. + Executing the boot manager ~~~~~~~~~~~~~~~~~~~~~~~~~~ From patchwork Wed May 31 03:35:22 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Masahisa Kojima X-Patchwork-Id: 687228 Delivered-To: patch@linaro.org Received: by 2002:a5d:4d8a:0:0:0:0:0 with SMTP id b10csp1054919wru; Tue, 30 May 2023 20:37:56 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ4Mh31WhPlmu/nZ3HHfgt/0HL1yHGDw9ei9Vft6DHBXuPPDnP0utMOHMDIbWZ0QMq4Xj/Fe X-Received: by 2002:a05:6a20:748c:b0:102:3f67:dbe1 with SMTP id p12-20020a056a20748c00b001023f67dbe1mr5432658pzd.4.1685504276244; Tue, 30 May 2023 20:37:56 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1685504276; cv=none; d=google.com; s=arc-20160816; b=aehMpdbRskjUjSqqdgemqXe3jxCxU/h+tCgEXZfaxxwnO++O1OPj8TOldIQ2b1V/Kz Q3zlWXq6pfZPqcJQdHi+BYH3TZ00kQERQuYNldD0t204hkwxMxp4Fo7tdd4LqtT6oTHm mJRHQaMHR8Ko0rdDar42NtuKHiUSfFsu5Csy5GMNpOhU/CnLT1Wo8U+pWRb8m0i+4ea6 ZIZrfzf2B5mGLfBc2nmEMbC4hA9lGDiMOso6Qqes9zT1NGcYZJHfL0o0yDWLfCD8W/2/ wjhm4rMwPeuo13hh6eQ+b8RMF1nTonsRscpFGbUvUFfKrudkKYTC3vri24edKz154Hxx jCsQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:content-transfer-encoding :mime-version:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=kxfo1t6wbpf8iEe7M5ajL6svw2AGJeiXQ2aOKZlkroc=; b=GkvtBJwyPNKtajteqFabPtYakmC+xdNDJifCEIx6IJGwDUoK32zIC0JBxGdZf1TbEt xfTlJThy32L6R1nKO/gsDB4Lnjn0DYKfpd0Rm5Ldo2J062ZMKt8rKI21JfwOHY/Md+s/ gAYb389MyObjoqAoWlG+Yat32hLG8TkVYfXQ8RXKH/apMEwDbObKwxUOm8UwxlOII5nG ApG9aVluynyv9vLoIAo2pqOzH8rOBHc5fp3GxSPl2PccfPZfxF9rj/9C3ENF+hI7g+6L QnCI+KwEeTTgnA8wAhN5Gq+sYOJbSxjYWc2vkkEPXl+ptgP8bzz+zR1LuXCXnzbcNG3f qvBg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=XvuIM76U; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from phobos.denx.de (phobos.denx.de. [2a01:238:438b:c500:173d:9f52:ddab:ee01]) by mx.google.com with ESMTPS id w29-20020a63af1d000000b0053ef5472644si217153pge.482.2023.05.30.20.37.54 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 30 May 2023 20:37:56 -0700 (PDT) Received-SPF: pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) client-ip=2a01:238:438b:c500:173d:9f52:ddab:ee01; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=XvuIM76U; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 2C7EC861DA; Wed, 31 May 2023 05:36:32 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="XvuIM76U"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id D124E861D8; Wed, 31 May 2023 05:36:22 +0200 (CEST) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.2 Received: from mail-pg1-x529.google.com (mail-pg1-x529.google.com [IPv6:2607:f8b0:4864:20::529]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id 21EBA861BF for ; Wed, 31 May 2023 05:36:15 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=masahisa.kojima@linaro.org Received: by mail-pg1-x529.google.com with SMTP id 41be03b00d2f7-53fbf2c42bfso1056457a12.3 for ; Tue, 30 May 2023 20:36:15 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1685504173; x=1688096173; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=kxfo1t6wbpf8iEe7M5ajL6svw2AGJeiXQ2aOKZlkroc=; b=XvuIM76U71+1GERbs9zq+ED+m6S79UL+TBPAl55nj4u2HtwsVcARc1k4NqDxtAxkSo gb0LJ88ZEShIo6HlQKRTSaACvS+B0zjp639eYShHVW+P4InbRraq8YRzY2gigT4WhUjt ymk7IXJpOu5GtYAx3A95g8s2q0U1cy9wuGGnCbE7VGpfIbEJNE1fInOI3jYazyaYNfK7 TYp+2U9gwqpuuLIWy/kkRbvqaPiVY6+FoBXH8VtLPSRo6/bBlarCtDujjSQn7hAvhAzn 7LZbVDSI3F1Styr+TifRmYYD0HWy5WSafQ1vKN0LXBiEGLwGTPSEY7YZiurngWKEXdxg HXtA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1685504173; x=1688096173; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=kxfo1t6wbpf8iEe7M5ajL6svw2AGJeiXQ2aOKZlkroc=; b=hRrJpaxjh3mSLl0PuNgMPOe/NZ71xnZBnyb5v4AQA+MoiwpT9tKHCUDvoTAgMAycdO nKyfvZqHsX19HyWRgbhW4Rg9k4h5JDPuwnZm+xrmQjEZHmndqAc+JMPG7o6m6tMiEY3a qXY8aLnvPDUEiUX0aRgfmF6VZ3R3tx2zAWvyghOjlHxwc/LeIwo9DDMx/EBRWWb1mbQC 2HmAg9k2eG70V9f1UMgIe0QhFMIDHl7c+Yrduqy6GFV+9UfB0vTJiMzT40Pp53Th7+zy jqpVb2Oh9dYb22/eQelpAlwVu3wosgNcifXbqoooB243xzWXs/Td0gCrKjjLMeD+1Mcq 0G0g== X-Gm-Message-State: AC+VfDyv5MgwNka4wXPFXMPSKvjLltkgEldWDyvRP21nyzhhAsjYYEZt tJ9IwYsppbWrKwxh1wzrNfTnUgEJ82B7/aI/VPU= X-Received: by 2002:a17:902:db09:b0:1b0:6031:4480 with SMTP id m9-20020a170902db0900b001b060314480mr4346823plx.39.1685504172882; Tue, 30 May 2023 20:36:12 -0700 (PDT) Received: from ubuntu-SVE15129CJS.. ([240d:1a:cf7:5800:b037:3ab0:51c1:7dff]) by smtp.gmail.com with ESMTPSA id b4-20020a170902d30400b001b0395c3ffasm85709plc.180.2023.05.30.20.36.10 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 30 May 2023 20:36:12 -0700 (PDT) From: Masahisa Kojima To: u-boot@lists.denx.de Cc: Heinrich Schuchardt , Ilias Apalodimas , Simon Glass , Takahiro Akashi , Masahisa Kojima Subject: [PATCH v7 09/10] test: efi_capsule: refactor efi_capsule test Date: Wed, 31 May 2023 12:35:22 +0900 Message-Id: <20230531033523.1581973-10-masahisa.kojima@linaro.org> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20230531033523.1581973-1-masahisa.kojima@linaro.org> References: <20230531033523.1581973-1-masahisa.kojima@linaro.org> MIME-Version: 1.0 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.39 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.8 at phobos.denx.de X-Virus-Status: Clean Current efi capsule python tests have much code duplication. This commit creates the common function in test/py/tests/test_efi_capsule/capsule_common.py, aim to reduce the code size and improve maintainability. Signed-off-by: Masahisa Kojima Reviewed-by: Simon Glass --- Newly created in v7 .../tests/test_efi_capsule/capsule_common.py | 86 +++++++ .../test_capsule_firmware_fit.py | 151 +++--------- .../test_capsule_firmware_raw.py | 224 +++--------------- .../test_capsule_firmware_signed_fit.py | 198 +++------------- .../test_capsule_firmware_signed_raw.py | 210 +++------------- 5 files changed, 231 insertions(+), 638 deletions(-) create mode 100644 test/py/tests/test_efi_capsule/capsule_common.py diff --git a/test/py/tests/test_efi_capsule/capsule_common.py b/test/py/tests/test_efi_capsule/capsule_common.py new file mode 100644 index 0000000000..a460cfd4c2 --- /dev/null +++ b/test/py/tests/test_efi_capsule/capsule_common.py @@ -0,0 +1,86 @@ +# SPDX-License-Identifier: GPL-2.0+ +# Copyright (c) 2023, Linaro Limited + + +"""Common function for UEFI capsule test.""" + +from capsule_defs import CAPSULE_DATA_DIR, CAPSULE_INSTALL_DIR + +def setup(u_boot_console, disk_img, osindications): + output = u_boot_console.run_command_list([ + 'host bind 0 %s' % disk_img, + 'printenv -e PlatformLangCodes', # workaround for terminal size determination + 'efidebug boot add -b 1 TEST host 0:1 /helloworld.efi', + 'efidebug boot order 1', + 'env set dfu_alt_info "sf 0:0=u-boot-bin raw 0x100000 0x50000;u-boot-env raw 0x150000 0x200000"']) + + if osindications is None: + output = u_boot_console.run_command('env set -e OsIndications') + else: + output = u_boot_console.run_command('env set -e -nv -bs -rt OsIndications =%s' % osindications) + + output = u_boot_console.run_command('env save') + +def init_content(u_boot_console, target, filename, expected): + output = u_boot_console.run_command_list([ + 'sf probe 0:0', + 'fatload host 0:1 4000000 %s/%s' + % (CAPSULE_DATA_DIR, filename), + 'sf write 4000000 %s 10' % target, + 'sf read 5000000 100000 10', + 'md.b 5000000 10']) + assert expected in ''.join(output) + +def place_capsule_file(u_boot_console, filenames): + for name in filenames: + output = u_boot_console.run_command_list([ + 'fatload host 0:1 4000000 %s/%s' % (CAPSULE_DATA_DIR, name), + 'fatwrite host 0:1 4000000 %s/%s $filesize' + % (CAPSULE_INSTALL_DIR, name)]) + + output = u_boot_console.run_command('fatls host 0:1 %s' % CAPSULE_INSTALL_DIR) + for name in filenames: + assert name in ''.join(output) + +def exec_manual_update(u_boot_console, disk_img, filenames, need_reboot = True): + # make sure that dfu_alt_info exists even persistent variables + # are not available. + output = u_boot_console.run_command_list([ + 'env set dfu_alt_info ' + '"sf 0:0=u-boot-bin raw 0x100000 0x50000;' + 'u-boot-env raw 0x150000 0x200000"', + 'host bind 0 %s' % disk_img, + 'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR]) + for name in filenames: + assert name in ''.join(output) + + # need to run uefi command to initiate capsule handling + output = u_boot_console.run_command( + 'env print -e Capsule0000', wait_for_reboot = need_reboot) + +def check_file_removed(u_boot_console, disk_img, filenames): + output = u_boot_console.run_command_list([ + 'host bind 0 %s' % disk_img, + 'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR]) + for name in filenames: + assert name not in ''.join(output) + +def check_file_exist(u_boot_console, disk_img, filenames): + output = u_boot_console.run_command_list([ + 'host bind 0 %s' % disk_img, + 'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR]) + for name in filenames: + assert name in ''.join(output) + +def verify_content(u_boot_console, target, expected): + output = u_boot_console.run_command_list([ + 'sf probe 0:0', + 'sf read 4000000 %s 10' % target, + 'md.b 4000000 10']) + assert expected in ''.join(output) + +def do_reboot_dtb_specified(u_boot_config, u_boot_console, dtb_filename): + mnt_point = u_boot_config.persistent_data_dir + '/test_efi_capsule' + u_boot_console.config.dtb = mnt_point + CAPSULE_DATA_DIR \ + + '/%s' % dtb_filename + u_boot_console.restart_uboot() diff --git a/test/py/tests/test_efi_capsule/test_capsule_firmware_fit.py b/test/py/tests/test_efi_capsule/test_capsule_firmware_fit.py index 9ee152818d..fccf1f3fc1 100644 --- a/test/py/tests/test_efi_capsule/test_capsule_firmware_fit.py +++ b/test/py/tests/test_efi_capsule/test_capsule_firmware_fit.py @@ -8,7 +8,14 @@ This test verifies capsule-on-disk firmware update for FIT images import pytest from capsule_defs import CAPSULE_DATA_DIR, CAPSULE_INSTALL_DIR - +from capsule_common import ( + setup, + init_content, + place_capsule_file, + exec_manual_update, + check_file_removed, + verify_content +) @pytest.mark.boardspec('sandbox_flattree') @pytest.mark.buildconfigspec('efi_capsule_firmware_fit') @@ -40,37 +47,12 @@ class TestEfiCapsuleFirmwareFit(): u_boot_console.restart_uboot() disk_img = efi_capsule_data + capsule_files = ['Test05'] with u_boot_console.log.section('Test Case 1-a, before reboot'): - output = u_boot_console.run_command_list([ - 'host bind 0 %s' % disk_img, - 'efidebug boot add -b 1 TEST host 0:1 /helloworld.efi -s ""', - 'efidebug boot order 1', - 'env set -e -nv -bs -rt OsIndications =0x0000000000000004', - 'env set dfu_alt_info "sf 0:0=u-boot-bin raw 0x100000 0x50000;u-boot-env raw 0x150000 0x200000"', - 'env save']) - - # initialize contents - output = u_boot_console.run_command_list([ - 'sf probe 0:0', - 'fatload host 0:1 4000000 %s/u-boot.bin.old' % CAPSULE_DATA_DIR, - 'sf write 4000000 100000 10', - 'sf read 5000000 100000 10', - 'md.b 5000000 10']) - assert 'Old' in ''.join(output) - output = u_boot_console.run_command_list([ - 'sf probe 0:0', - 'fatload host 0:1 4000000 %s/u-boot.env.old' % CAPSULE_DATA_DIR, - 'sf write 4000000 150000 10', - 'sf read 5000000 150000 10', - 'md.b 5000000 10']) - assert 'Old' in ''.join(output) - - # place a capsule file - output = u_boot_console.run_command_list([ - 'fatload host 0:1 4000000 %s/Test05' % CAPSULE_DATA_DIR, - 'fatwrite host 0:1 4000000 %s/Test05 $filesize' % CAPSULE_INSTALL_DIR, - 'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR]) - assert 'Test05' in ''.join(output) + setup(u_boot_console, disk_img, '0x0000000000000004') + init_content(u_boot_console, '100000', 'u-boot.bin.old', 'Old') + init_content(u_boot_console, '150000', 'u-boot.env.old', 'Old') + place_capsule_file(u_boot_console, capsule_files) capsule_early = u_boot_config.buildconfig.get( 'config_efi_capsule_on_disk_early') @@ -80,28 +62,13 @@ class TestEfiCapsuleFirmwareFit(): with u_boot_console.log.section('Test Case 1-b, after reboot'): if not capsule_early: - # make sure that dfu_alt_info exists even persistent variables - # are not available. - output = u_boot_console.run_command_list([ - 'env set dfu_alt_info "sf 0:0=u-boot-bin raw 0x100000 0x50000;u-boot-env raw 0x150000 0x200000"', - 'host bind 0 %s' % disk_img, - 'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR]) - assert 'Test05' in ''.join(output) - - # need to run uefi command to initiate capsule handling - output = u_boot_console.run_command( - 'env print -e Capsule0000', wait_for_reboot = True) - - output = u_boot_console.run_command_list([ - 'sf probe 0:0', - 'sf read 4000000 100000 10', - 'md.b 4000000 10']) - assert 'u-boot:Old' in ''.join(output) - - output = u_boot_console.run_command_list([ - 'sf read 4000000 150000 10', - 'md.b 4000000 10']) - assert 'u-boot-env:Old' in ''.join(output) + exec_manual_update(u_boot_console, disk_img, capsule_files) + + # deleted anyway + check_file_removed(u_boot_console, disk_img, capsule_files) + + verify_content(u_boot_console, '100000', 'u-boot:Old') + verify_content(u_boot_console, '150000', 'u-boot-env:Old') def test_efi_capsule_fw2( self, u_boot_config, u_boot_console, efi_capsule_data): @@ -112,38 +79,12 @@ class TestEfiCapsuleFirmwareFit(): """ disk_img = efi_capsule_data + capsule_files = ['Test04'] with u_boot_console.log.section('Test Case 2-a, before reboot'): - output = u_boot_console.run_command_list([ - 'host bind 0 %s' % disk_img, - 'printenv -e PlatformLangCodes', # workaround for terminal size determination - 'efidebug boot add -b 1 TEST host 0:1 /helloworld.efi -s ""', - 'efidebug boot order 1', - 'env set -e -nv -bs -rt OsIndications =0x0000000000000004', - 'env set dfu_alt_info "sf 0:0=u-boot-bin raw 0x100000 0x50000;u-boot-env raw 0x150000 0x200000"', - 'env save']) - - # initialize contents - output = u_boot_console.run_command_list([ - 'sf probe 0:0', - 'fatload host 0:1 4000000 %s/u-boot.bin.old' % CAPSULE_DATA_DIR, - 'sf write 4000000 100000 10', - 'sf read 5000000 100000 10', - 'md.b 5000000 10']) - assert 'Old' in ''.join(output) - output = u_boot_console.run_command_list([ - 'sf probe 0:0', - 'fatload host 0:1 4000000 %s/u-boot.env.old' % CAPSULE_DATA_DIR, - 'sf write 4000000 150000 10', - 'sf read 5000000 150000 10', - 'md.b 5000000 10']) - assert 'Old' in ''.join(output) - - # place a capsule file - output = u_boot_console.run_command_list([ - 'fatload host 0:1 4000000 %s/Test04' % CAPSULE_DATA_DIR, - 'fatwrite host 0:1 4000000 %s/Test04 $filesize' % CAPSULE_INSTALL_DIR, - 'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR]) - assert 'Test04' in ''.join(output) + setup(u_boot_console, disk_img, '0x0000000000000004') + init_content(u_boot_console, '100000', 'u-boot.bin.old', 'Old') + init_content(u_boot_console, '150000', 'u-boot.env.old', 'Old') + place_capsule_file(u_boot_console, capsule_files) capsule_early = u_boot_config.buildconfig.get( 'config_efi_capsule_on_disk_early') @@ -155,36 +96,12 @@ class TestEfiCapsuleFirmwareFit(): with u_boot_console.log.section('Test Case 2-b, after reboot'): if not capsule_early: - # make sure that dfu_alt_info exists even persistent variables - # are not available. - output = u_boot_console.run_command_list([ - 'env set dfu_alt_info "sf 0:0=u-boot-bin raw 0x100000 0x50000;u-boot-env raw 0x150000 0x200000"', - 'host bind 0 %s' % disk_img, - 'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR]) - assert 'Test04' in ''.join(output) - - # need to run uefi command to initiate capsule handling - output = u_boot_console.run_command( - 'env print -e Capsule0000', wait_for_reboot = True) - - output = u_boot_console.run_command_list([ - 'host bind 0 %s' % disk_img, - 'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR]) - assert 'Test04' not in ''.join(output) - - output = u_boot_console.run_command_list([ - 'sf probe 0:0', - 'sf read 4000000 100000 10', - 'md.b 4000000 10']) - if capsule_auth: - assert 'u-boot:Old' in ''.join(output) - else: - assert 'u-boot:New' in ''.join(output) - - output = u_boot_console.run_command_list([ - 'sf read 4000000 150000 10', - 'md.b 4000000 10']) - if capsule_auth: - assert 'u-boot-env:Old' in ''.join(output) - else: - assert 'u-boot-env:New' in ''.join(output) + exec_manual_update(u_boot_console, disk_img, capsule_files) + + check_file_removed(u_boot_console, disk_img, capsule_files) + + expected = 'u-boot:Old' if capsule_auth else 'u-boot:New' + verify_content(u_boot_console, '100000', expected) + + expected = 'u-boot-env:Old' if capsule_auth else 'u-boot-env:New' + verify_content(u_boot_console, '150000', expected) diff --git a/test/py/tests/test_efi_capsule/test_capsule_firmware_raw.py b/test/py/tests/test_efi_capsule/test_capsule_firmware_raw.py index 92bfb14932..e00686a9fc 100644 --- a/test/py/tests/test_efi_capsule/test_capsule_firmware_raw.py +++ b/test/py/tests/test_efi_capsule/test_capsule_firmware_raw.py @@ -8,6 +8,15 @@ This test verifies capsule-on-disk firmware update for raw images import pytest from capsule_defs import CAPSULE_DATA_DIR, CAPSULE_INSTALL_DIR +from capsule_common import ( + setup, + init_content, + place_capsule_file, + exec_manual_update, + check_file_removed, + check_file_exist, + verify_content +) @pytest.mark.boardspec('sandbox') @pytest.mark.buildconfigspec('efi_capsule_firmware_raw') @@ -40,37 +49,12 @@ class TestEfiCapsuleFirmwareRaw: u_boot_console.restart_uboot() disk_img = efi_capsule_data + capsule_files = ['Test03'] with u_boot_console.log.section('Test Case 1-a, before reboot'): - output = u_boot_console.run_command_list([ - 'host bind 0 %s' % disk_img, - 'efidebug boot add -b 1 TEST host 0:1 /helloworld.efi -s ""', - 'efidebug boot order 1', - 'env set -e -nv -bs -rt OsIndications =0x0000000000000004', - 'env set dfu_alt_info "sf 0:0=u-boot-bin raw 0x100000 0x50000;u-boot-env raw 0x150000 0x200000"', - 'env save']) - - # initialize contents - output = u_boot_console.run_command_list([ - 'sf probe 0:0', - 'fatload host 0:1 4000000 %s/u-boot.bin.old' % CAPSULE_DATA_DIR, - 'sf write 4000000 100000 10', - 'sf read 5000000 100000 10', - 'md.b 5000000 10']) - assert 'Old' in ''.join(output) - output = u_boot_console.run_command_list([ - 'sf probe 0:0', - 'fatload host 0:1 4000000 %s/u-boot.env.old' % CAPSULE_DATA_DIR, - 'sf write 4000000 150000 10', - 'sf read 5000000 150000 10', - 'md.b 5000000 10']) - assert 'Old' in ''.join(output) - - # place a capsule file - output = u_boot_console.run_command_list([ - 'fatload host 0:1 4000000 %s/Test03' % CAPSULE_DATA_DIR, - 'fatwrite host 0:1 4000000 %s/Test03 $filesize' % CAPSULE_INSTALL_DIR, - 'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR]) - assert 'Test03' in ''.join(output) + setup(u_boot_console, disk_img, '0x0000000000000004') + init_content(u_boot_console, '100000', 'u-boot.bin.old', 'Old') + init_content(u_boot_console, '150000', 'u-boot.env.old', 'Old') + place_capsule_file(u_boot_console, capsule_files) # reboot u_boot_console.restart_uboot() @@ -80,28 +64,13 @@ class TestEfiCapsuleFirmwareRaw: with u_boot_console.log.section('Test Case 1-b, after reboot'): if not capsule_early: - # make sure that dfu_alt_info exists even persistent variables - # are not available. - output = u_boot_console.run_command_list([ - 'env set dfu_alt_info "sf 0:0=u-boot-bin raw 0x100000 0x50000;u-boot-env raw 0x150000 0x200000"', - 'host bind 0 %s' % disk_img, - 'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR]) - assert 'Test03' in ''.join(output) + exec_manual_update(u_boot_console, disk_img, capsule_files) - # need to run uefi command to initiate capsule handling - output = u_boot_console.run_command( - 'env print -e Capsule0000', wait_for_reboot = True) + # deleted anyway + check_file_removed(u_boot_console, disk_img, capsule_files) - output = u_boot_console.run_command_list([ - 'sf probe 0:0', - 'sf read 4000000 100000 10', - 'md.b 4000000 10']) - assert 'u-boot:Old' in ''.join(output) - - output = u_boot_console.run_command_list([ - 'sf read 4000000 150000 10', - 'md.b 4000000 10']) - assert 'u-boot-env:Old' in ''.join(output) + verify_content(u_boot_console, '100000', 'u-boot:Old') + verify_content(u_boot_console, '150000', 'u-boot-env:Old') def test_efi_capsule_fw2( self, u_boot_config, u_boot_console, efi_capsule_data): @@ -112,44 +81,12 @@ class TestEfiCapsuleFirmwareRaw: 0x150000-0x200000: U-Boot environment (but dummy) """ disk_img = efi_capsule_data + capsule_files = ['Test01', 'Test02'] with u_boot_console.log.section('Test Case 2-a, before reboot'): - output = u_boot_console.run_command_list([ - 'host bind 0 %s' % disk_img, - 'printenv -e PlatformLangCodes', # workaround for terminal size determination - 'efidebug boot add -b 1 TEST host 0:1 /helloworld.efi -s ""', - 'efidebug boot order 1', - 'env set -e OsIndications', - 'env set dfu_alt_info "sf 0:0=u-boot-bin raw 0x100000 0x50000;u-boot-env raw 0x150000 0x200000"', - 'env save']) - - # initialize contents - output = u_boot_console.run_command_list([ - 'sf probe 0:0', - 'fatload host 0:1 4000000 %s/u-boot.bin.old' % CAPSULE_DATA_DIR, - 'sf write 4000000 100000 10', - 'sf read 5000000 100000 10', - 'md.b 5000000 10']) - assert 'Old' in ''.join(output) - output = u_boot_console.run_command_list([ - 'sf probe 0:0', - 'fatload host 0:1 4000000 %s/u-boot.env.old' % CAPSULE_DATA_DIR, - 'sf write 4000000 150000 10', - 'sf read 5000000 150000 10', - 'md.b 5000000 10']) - assert 'Old' in ''.join(output) - - # place the capsule files - output = u_boot_console.run_command_list([ - 'fatload host 0:1 4000000 %s/Test01' % CAPSULE_DATA_DIR, - 'fatwrite host 0:1 4000000 %s/Test01 $filesize' % CAPSULE_INSTALL_DIR, - 'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR]) - assert 'Test01' in ''.join(output) - - output = u_boot_console.run_command_list([ - 'fatload host 0:1 4000000 %s/Test02' % CAPSULE_DATA_DIR, - 'fatwrite host 0:1 4000000 %s/Test02 $filesize' % CAPSULE_INSTALL_DIR, - 'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR]) - assert 'Test02' in ''.join(output) + setup(u_boot_console, disk_img, None) + init_content(u_boot_console, '100000', 'u-boot.bin.old', 'Old') + init_content(u_boot_console, '150000', 'u-boot.env.old', 'Old') + place_capsule_file(u_boot_console, capsule_files) # reboot u_boot_console.restart_uboot() @@ -158,35 +95,12 @@ class TestEfiCapsuleFirmwareRaw: 'config_efi_capsule_on_disk_early') with u_boot_console.log.section('Test Case 2-b, after reboot'): if not capsule_early: - # make sure that dfu_alt_info exists even persistent variables - # are not available. - output = u_boot_console.run_command_list([ - 'env set dfu_alt_info "sf 0:0=u-boot-bin raw 0x100000 0x50000;u-boot-env raw 0x150000 0x200000"', - 'host bind 0 %s' % disk_img, - 'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR]) - assert 'Test01' in ''.join(output) - assert 'Test02' in ''.join(output) + exec_manual_update(u_boot_console, disk_img, capsule_files, False) - # need to run uefi command to initiate capsule handling - output = u_boot_console.run_command( - 'env print -e Capsule0000') + check_file_exist(u_boot_console, disk_img, capsule_files) - output = u_boot_console.run_command_list([ - 'host bind 0 %s' % disk_img, - 'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR]) - assert 'Test01' in ''.join(output) - assert 'Test02' in ''.join(output) - - output = u_boot_console.run_command_list([ - 'sf probe 0:0', - 'sf read 4000000 100000 10', - 'md.b 4000000 10']) - assert 'u-boot:Old' in ''.join(output) - - output = u_boot_console.run_command_list([ - 'sf read 4000000 150000 10', - 'md.b 4000000 10']) - assert 'u-boot-env:Old' in ''.join(output) + verify_content(u_boot_console, '100000', 'u-boot:Old') + verify_content(u_boot_console, '150000', 'u-boot-env:Old') def test_efi_capsule_fw3( self, u_boot_config, u_boot_console, efi_capsule_data): @@ -195,45 +109,12 @@ class TestEfiCapsuleFirmwareRaw: 0x100000-0x150000: U-Boot binary (but dummy) """ disk_img = efi_capsule_data + capsule_files = ['Test01', 'Test02'] with u_boot_console.log.section('Test Case 3-a, before reboot'): - output = u_boot_console.run_command_list([ - 'host bind 0 %s' % disk_img, - 'printenv -e PlatformLangCodes', # workaround for terminal size determination - 'efidebug boot add -b 1 TEST host 0:1 /helloworld.efi -s ""', - 'efidebug boot order 1', - 'env set -e -nv -bs -rt OsIndications =0x0000000000000004', - 'env set dfu_alt_info "sf 0:0=u-boot-bin raw 0x100000 0x50000;u-boot-env raw 0x150000 0x200000"', - 'env save']) - - # initialize contents - output = u_boot_console.run_command_list([ - 'sf probe 0:0', - 'fatload host 0:1 4000000 %s/u-boot.bin.old' % CAPSULE_DATA_DIR, - 'sf write 4000000 100000 10', - 'sf read 5000000 100000 10', - 'md.b 5000000 10']) - assert 'Old' in ''.join(output) - - output = u_boot_console.run_command_list([ - 'sf probe 0:0', - 'fatload host 0:1 4000000 %s/u-boot.env.old' % CAPSULE_DATA_DIR, - 'sf write 4000000 150000 10', - 'sf read 5000000 100000 10', - 'md.b 5000000 10']) - assert 'Old' in ''.join(output) - - # place the capsule files - output = u_boot_console.run_command_list([ - 'fatload host 0:1 4000000 %s/Test01' % CAPSULE_DATA_DIR, - 'fatwrite host 0:1 4000000 %s/Test01 $filesize' % CAPSULE_INSTALL_DIR, - 'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR]) - assert 'Test01' in ''.join(output) - - output = u_boot_console.run_command_list([ - 'fatload host 0:1 4000000 %s/Test02' % CAPSULE_DATA_DIR, - 'fatwrite host 0:1 4000000 %s/Test02 $filesize' % CAPSULE_INSTALL_DIR, - 'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR]) - assert 'Test02' in ''.join(output) + setup(u_boot_console, disk_img, '0x0000000000000004') + init_content(u_boot_console, '100000', 'u-boot.bin.old', 'Old') + init_content(u_boot_console, '150000', 'u-boot.env.old', 'Old') + place_capsule_file(u_boot_console, capsule_files) capsule_early = u_boot_config.buildconfig.get( 'config_efi_capsule_on_disk_early') @@ -245,18 +126,7 @@ class TestEfiCapsuleFirmwareRaw: with u_boot_console.log.section('Test Case 3-b, after reboot'): if not capsule_early: - # make sure that dfu_alt_info exists even persistent variables - # are not available. - output = u_boot_console.run_command_list([ - 'env set dfu_alt_info "sf 0:0=u-boot-bin raw 0x100000 0x50000;u-boot-env raw 0x150000 0x200000"', - 'host bind 0 %s' % disk_img, - 'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR]) - assert 'Test01' in ''.join(output) - assert 'Test02' in ''.join(output) - - # need to run uefi command to initiate capsule handling - output = u_boot_console.run_command( - 'env print -e Capsule0000', wait_for_reboot = True) + exec_manual_update(u_boot_console, disk_img, capsule_files) # make sure the dfu_alt_info exists because it is required for making ESRT. output = u_boot_console.run_command_list([ @@ -269,26 +139,10 @@ class TestEfiCapsuleFirmwareRaw: # ensure that SANDBOX_UBOOT_IMAGE_GUID is in the ESRT. assert '09D7CF52-0720-4710-91D1-08469B7FE9C8' in ''.join(output) - output = u_boot_console.run_command_list([ - 'host bind 0 %s' % disk_img, - 'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR]) - assert 'Test01' not in ''.join(output) - assert 'Test02' not in ''.join(output) + check_file_removed(u_boot_console, disk_img, capsule_files) - output = u_boot_console.run_command_list([ - 'sf probe 0:0', - 'sf read 4000000 100000 10', - 'md.b 4000000 10']) - if capsule_auth: - assert 'u-boot:Old' in ''.join(output) - else: - assert 'u-boot:New' in ''.join(output) + expected = 'u-boot:Old' if capsule_auth else 'u-boot:New' + verify_content(u_boot_console, '100000', expected) - output = u_boot_console.run_command_list([ - 'sf probe 0:0', - 'sf read 4000000 150000 10', - 'md.b 4000000 10']) - if capsule_auth: - assert 'u-boot-env:Old' in ''.join(output) - else: - assert 'u-boot-env:New' in ''.join(output) + expected = 'u-boot-env:Old' if capsule_auth else 'u-boot-env:New' + verify_content(u_boot_console, '150000', expected) diff --git a/test/py/tests/test_efi_capsule/test_capsule_firmware_signed_fit.py b/test/py/tests/test_efi_capsule/test_capsule_firmware_signed_fit.py index ba8429e83c..cbacdab4d1 100644 --- a/test/py/tests/test_efi_capsule/test_capsule_firmware_signed_fit.py +++ b/test/py/tests/test_efi_capsule/test_capsule_firmware_signed_fit.py @@ -11,6 +11,15 @@ with signed capsule files containing FIT images import pytest from capsule_defs import CAPSULE_DATA_DIR, CAPSULE_INSTALL_DIR +from capsule_common import ( + setup, + init_content, + place_capsule_file, + exec_manual_update, + check_file_removed, + verify_content, + do_reboot_dtb_specified +) @pytest.mark.boardspec('sandbox_flattree') @pytest.mark.buildconfigspec('efi_capsule_firmware_fit') @@ -37,70 +46,23 @@ class TestEfiCapsuleFirmwareSignedFit(): should pass and the firmware be updated. """ disk_img = efi_capsule_data + capsule_files = ['Test13'] with u_boot_console.log.section('Test Case 1-a, before reboot'): - output = u_boot_console.run_command_list([ - 'host bind 0 %s' % disk_img, - 'printenv -e PlatformLangCodes', # workaround for terminal size determination - 'efidebug boot add -b 1 TEST host 0:1 /helloworld.efi', - 'efidebug boot order 1', - 'env set -e -nv -bs -rt OsIndications =0x0000000000000004', - 'env set dfu_alt_info ' - '"sf 0:0=u-boot-bin raw 0x100000 ' - '0x50000;u-boot-env raw 0x150000 0x200000"', - 'env save']) + setup(u_boot_console, disk_img, '0x0000000000000004') + init_content(u_boot_console, '100000', 'u-boot.bin.old', 'Old') + place_capsule_file(u_boot_console, capsule_files) - # initialize content - output = u_boot_console.run_command_list([ - 'sf probe 0:0', - 'fatload host 0:1 4000000 %s/u-boot.bin.old' - % CAPSULE_DATA_DIR, - 'sf write 4000000 100000 10', - 'sf read 5000000 100000 10', - 'md.b 5000000 10']) - assert 'Old' in ''.join(output) - - # place a capsule file - output = u_boot_console.run_command_list([ - 'fatload host 0:1 4000000 %s/Test13' % CAPSULE_DATA_DIR, - 'fatwrite host 0:1 4000000 %s/Test13 $filesize' - % CAPSULE_INSTALL_DIR, - 'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR]) - assert 'Test13' in ''.join(output) - - # reboot - mnt_point = u_boot_config.persistent_data_dir + '/test_efi_capsule' - u_boot_console.config.dtb = mnt_point + CAPSULE_DATA_DIR \ - + '/test_sig.dtb' - u_boot_console.restart_uboot() + do_reboot_dtb_specified(u_boot_config, u_boot_console, 'test_sig.dtb') capsule_early = u_boot_config.buildconfig.get( 'config_efi_capsule_on_disk_early') with u_boot_console.log.section('Test Case 1-b, after reboot'): if not capsule_early: - # make sure that dfu_alt_info exists even persistent variables - # are not available. - output = u_boot_console.run_command_list([ - 'env set dfu_alt_info ' - '"sf 0:0=u-boot-bin raw 0x100000 ' - '0x50000;u-boot-env raw 0x150000 0x200000"', - 'host bind 0 %s' % disk_img, - 'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR]) - assert 'Test13' in ''.join(output) - - # need to run uefi command to initiate capsule handling - output = u_boot_console.run_command( - 'env print -e Capsule0000', wait_for_reboot = True) + exec_manual_update(u_boot_console, disk_img, capsule_files) - output = u_boot_console.run_command_list([ - 'host bind 0 %s' % disk_img, - 'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR]) - assert 'Test13' not in ''.join(output) + check_file_removed(u_boot_console, disk_img, capsule_files) - output = u_boot_console.run_command_list([ - 'sf probe 0:0', - 'sf read 4000000 100000 10', - 'md.b 4000000 10']) - assert 'u-boot:New' in ''.join(output) + verify_content(u_boot_console, '100000', 'u-boot:New') def test_efi_capsule_auth2( self, u_boot_config, u_boot_console, efi_capsule_data): @@ -113,73 +75,26 @@ class TestEfiCapsuleFirmwareSignedFit(): not be updated. """ disk_img = efi_capsule_data + capsule_files = ['Test14'] with u_boot_console.log.section('Test Case 2-a, before reboot'): - output = u_boot_console.run_command_list([ - 'host bind 0 %s' % disk_img, - 'printenv -e PlatformLangCodes', # workaround for terminal size determination - 'efidebug boot add -b 1 TEST host 0:1 /helloworld.efi', - 'efidebug boot order 1', - 'env set -e -nv -bs -rt OsIndications =0x0000000000000004', - 'env set dfu_alt_info ' - '"sf 0:0=u-boot-bin raw 0x100000 ' - '0x50000;u-boot-env raw 0x150000 0x200000"', - 'env save']) - - # initialize content - output = u_boot_console.run_command_list([ - 'sf probe 0:0', - 'fatload host 0:1 4000000 %s/u-boot.bin.old' - % CAPSULE_DATA_DIR, - 'sf write 4000000 100000 10', - 'sf read 5000000 100000 10', - 'md.b 5000000 10']) - assert 'Old' in ''.join(output) - - # place a capsule file - output = u_boot_console.run_command_list([ - 'fatload host 0:1 4000000 %s/Test14' % CAPSULE_DATA_DIR, - 'fatwrite host 0:1 4000000 %s/Test14 $filesize' - % CAPSULE_INSTALL_DIR, - 'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR]) - assert 'Test14' in ''.join(output) + setup(u_boot_console, disk_img, '0x0000000000000004') + init_content(u_boot_console, '100000', 'u-boot.bin.old', 'Old') + place_capsule_file(u_boot_console, capsule_files) - # reboot - mnt_point = u_boot_config.persistent_data_dir + '/test_efi_capsule' - u_boot_console.config.dtb = mnt_point + CAPSULE_DATA_DIR \ - + '/test_sig.dtb' - u_boot_console.restart_uboot() + do_reboot_dtb_specified(u_boot_config, u_boot_console, 'test_sig.dtb') capsule_early = u_boot_config.buildconfig.get( 'config_efi_capsule_on_disk_early') with u_boot_console.log.section('Test Case 2-b, after reboot'): if not capsule_early: - # make sure that dfu_alt_info exists even persistent variables - # are not available. - output = u_boot_console.run_command_list([ - 'env set dfu_alt_info ' - '"sf 0:0=u-boot-bin raw 0x100000 ' - '0x50000;u-boot-env raw 0x150000 0x200000"', - 'host bind 0 %s' % disk_img, - 'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR]) - assert 'Test14' in ''.join(output) - - # need to run uefi command to initiate capsule handling - output = u_boot_console.run_command( - 'env print -e Capsule0000', wait_for_reboot = True) + exec_manual_update(u_boot_console, disk_img, capsule_files) # deleted any way - output = u_boot_console.run_command_list([ - 'host bind 0 %s' % disk_img, - 'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR]) - assert 'Test14' not in ''.join(output) + check_file_removed(u_boot_console, disk_img, capsule_files) # TODO: check CapsuleStatus in CapsuleXXXX - output = u_boot_console.run_command_list([ - 'sf probe 0:0', - 'sf read 4000000 100000 10', - 'md.b 4000000 10']) - assert 'u-boot:Old' in ''.join(output) + verify_content(u_boot_console, '100000', 'u-boot:Old') def test_efi_capsule_auth3( self, u_boot_config, u_boot_console, efi_capsule_data): @@ -191,70 +106,23 @@ class TestEfiCapsuleFirmwareSignedFit(): should fail and the firmware not be updated. """ disk_img = efi_capsule_data + capsule_files = ['Test02'] with u_boot_console.log.section('Test Case 3-a, before reboot'): - output = u_boot_console.run_command_list([ - 'host bind 0 %s' % disk_img, - 'printenv -e PlatformLangCodes', # workaround for terminal size determination - 'efidebug boot add -b 1 TEST host 0:1 /helloworld.efi', - 'efidebug boot order 1', - 'env set -e -nv -bs -rt OsIndications =0x0000000000000004', - 'env set dfu_alt_info ' - '"sf 0:0=u-boot-bin raw 0x100000 ' - '0x50000;u-boot-env raw 0x150000 0x200000"', - 'env save']) - - # initialize content - output = u_boot_console.run_command_list([ - 'sf probe 0:0', - 'fatload host 0:1 4000000 %s/u-boot.bin.old' - % CAPSULE_DATA_DIR, - 'sf write 4000000 100000 10', - 'sf read 5000000 100000 10', - 'md.b 5000000 10']) - assert 'Old' in ''.join(output) + setup(u_boot_console, disk_img, '0x0000000000000004') + init_content(u_boot_console, '100000', 'u-boot.bin.old', 'Old') + place_capsule_file(u_boot_console, capsule_files) - # place a capsule file - output = u_boot_console.run_command_list([ - 'fatload host 0:1 4000000 %s/Test02' % CAPSULE_DATA_DIR, - 'fatwrite host 0:1 4000000 %s/Test02 $filesize' - % CAPSULE_INSTALL_DIR, - 'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR]) - assert 'Test02' in ''.join(output) - - # reboot - mnt_point = u_boot_config.persistent_data_dir + '/test_efi_capsule' - u_boot_console.config.dtb = mnt_point + CAPSULE_DATA_DIR \ - + '/test_sig.dtb' - u_boot_console.restart_uboot() + do_reboot_dtb_specified(u_boot_config, u_boot_console, 'test_sig.dtb') capsule_early = u_boot_config.buildconfig.get( 'config_efi_capsule_on_disk_early') with u_boot_console.log.section('Test Case 3-b, after reboot'): if not capsule_early: - # make sure that dfu_alt_info exists even persistent variables - # are not available. - output = u_boot_console.run_command_list([ - 'env set dfu_alt_info ' - '"sf 0:0=u-boot-bin raw 0x100000 ' - '0x50000;u-boot-env raw 0x150000 0x200000"', - 'host bind 0 %s' % disk_img, - 'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR]) - assert 'Test02' in ''.join(output) - - # need to run uefi command to initiate capsule handling - output = u_boot_console.run_command( - 'env print -e Capsule0000', wait_for_reboot = True) + exec_manual_update(u_boot_console, disk_img, capsule_files) # deleted any way - output = u_boot_console.run_command_list([ - 'host bind 0 %s' % disk_img, - 'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR]) - assert 'Test02' not in ''.join(output) + check_file_removed(u_boot_console, disk_img, capsule_files) # TODO: check CapsuleStatus in CapsuleXXXX - output = u_boot_console.run_command_list([ - 'sf probe 0:0', - 'sf read 4000000 100000 10', - 'md.b 4000000 10']) - assert 'u-boot:Old' in ''.join(output) + verify_content(u_boot_console, '100000', 'u-boot:Old') diff --git a/test/py/tests/test_efi_capsule/test_capsule_firmware_signed_raw.py b/test/py/tests/test_efi_capsule/test_capsule_firmware_signed_raw.py index 710d9925a3..3d6274ff99 100644 --- a/test/py/tests/test_efi_capsule/test_capsule_firmware_signed_raw.py +++ b/test/py/tests/test_efi_capsule/test_capsule_firmware_signed_raw.py @@ -9,6 +9,15 @@ with signed capsule files containing raw images import pytest from capsule_defs import CAPSULE_DATA_DIR, CAPSULE_INSTALL_DIR +from capsule_common import ( + setup, + init_content, + place_capsule_file, + exec_manual_update, + check_file_removed, + verify_content, + do_reboot_dtb_specified +) @pytest.mark.boardspec('sandbox') @pytest.mark.buildconfigspec('efi_capsule_firmware_raw') @@ -34,69 +43,23 @@ class TestEfiCapsuleFirmwareSignedRaw(): should pass and the firmware be updated. """ disk_img = efi_capsule_data + capsule_files = ['Test11'] with u_boot_console.log.section('Test Case 1-a, before reboot'): - output = u_boot_console.run_command_list([ - 'host bind 0 %s' % disk_img, - 'efidebug boot add -b 1 TEST host 0:1 /helloworld.efi', - 'efidebug boot order 1', - 'env set -e -nv -bs -rt OsIndications =0x0000000000000004', - 'env set dfu_alt_info ' - '"sf 0:0=u-boot-bin raw 0x100000 ' - '0x50000;u-boot-env raw 0x150000 0x200000"', - 'env save']) - - # initialize content - output = u_boot_console.run_command_list([ - 'sf probe 0:0', - 'fatload host 0:1 4000000 %s/u-boot.bin.old' - % CAPSULE_DATA_DIR, - 'sf write 4000000 100000 10', - 'sf read 5000000 100000 10', - 'md.b 5000000 10']) - assert 'Old' in ''.join(output) - - # place a capsule file - output = u_boot_console.run_command_list([ - 'fatload host 0:1 4000000 %s/Test11' % CAPSULE_DATA_DIR, - 'fatwrite host 0:1 4000000 %s/Test11 $filesize' - % CAPSULE_INSTALL_DIR, - 'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR]) - assert 'Test11' in ''.join(output) - - # reboot - mnt_point = u_boot_config.persistent_data_dir + '/test_efi_capsule' - u_boot_console.config.dtb = mnt_point + CAPSULE_DATA_DIR \ - + '/test_sig.dtb' - u_boot_console.restart_uboot() + setup(u_boot_console, disk_img, '0x0000000000000004') + init_content(u_boot_console, '100000', 'u-boot.bin.old', 'Old') + place_capsule_file(u_boot_console, capsule_files) + + do_reboot_dtb_specified(u_boot_config, u_boot_console, 'test_sig.dtb') capsule_early = u_boot_config.buildconfig.get( 'config_efi_capsule_on_disk_early') with u_boot_console.log.section('Test Case 1-b, after reboot'): if not capsule_early: - # make sure that dfu_alt_info exists even persistent variables - # are not available. - output = u_boot_console.run_command_list([ - 'env set dfu_alt_info ' - '"sf 0:0=u-boot-bin raw 0x100000 ' - '0x50000;u-boot-env raw 0x150000 0x200000"', - 'host bind 0 %s' % disk_img, - 'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR]) - assert 'Test11' in ''.join(output) - - # need to run uefi command to initiate capsule handling - output = u_boot_console.run_command( - 'env print -e Capsule0000', wait_for_reboot = True) - - output = u_boot_console.run_command_list([ - 'host bind 0 %s' % disk_img, - 'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR]) - assert 'Test11' not in ''.join(output) - - output = u_boot_console.run_command_list([ - 'sf probe 0:0', - 'sf read 4000000 100000 10', - 'md.b 4000000 10']) - assert 'u-boot:New' in ''.join(output) + exec_manual_update(u_boot_console, disk_img, capsule_files) + + check_file_removed(u_boot_console, disk_img, capsule_files) + + verify_content(u_boot_console, '100000', 'u-boot:New') def test_efi_capsule_auth2( self, u_boot_config, u_boot_console, efi_capsule_data): @@ -108,73 +71,25 @@ class TestEfiCapsuleFirmwareSignedRaw(): not be updated. """ disk_img = efi_capsule_data + capsule_files = ['Test12'] with u_boot_console.log.section('Test Case 2-a, before reboot'): - output = u_boot_console.run_command_list([ - 'host bind 0 %s' % disk_img, - 'printenv -e PlatformLangCodes', # workaround for terminal size determination - 'efidebug boot add -b 1 TEST host 0:1 /helloworld.efi', - 'efidebug boot order 1', - 'env set -e -nv -bs -rt OsIndications =0x0000000000000004', - 'env set dfu_alt_info ' - '"sf 0:0=u-boot-bin raw 0x100000 ' - '0x50000;u-boot-env raw 0x150000 0x200000"', - 'env save']) - - # initialize content - output = u_boot_console.run_command_list([ - 'sf probe 0:0', - 'fatload host 0:1 4000000 %s/u-boot.bin.old' - % CAPSULE_DATA_DIR, - 'sf write 4000000 100000 10', - 'sf read 5000000 100000 10', - 'md.b 5000000 10']) - assert 'Old' in ''.join(output) - - # place a capsule file - output = u_boot_console.run_command_list([ - 'fatload host 0:1 4000000 %s/Test12' % CAPSULE_DATA_DIR, - 'fatwrite host 0:1 4000000 %s/Test12 $filesize' - % CAPSULE_INSTALL_DIR, - 'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR]) - assert 'Test12' in ''.join(output) - - # reboot - mnt_point = u_boot_config.persistent_data_dir + '/test_efi_capsule' - u_boot_console.config.dtb = mnt_point + CAPSULE_DATA_DIR \ - + '/test_sig.dtb' - u_boot_console.restart_uboot() + setup(u_boot_console, disk_img, '0x0000000000000004') + init_content(u_boot_console, '100000', 'u-boot.bin.old', 'Old') + place_capsule_file(u_boot_console, capsule_files) + + do_reboot_dtb_specified(u_boot_config, u_boot_console, 'test_sig.dtb') capsule_early = u_boot_config.buildconfig.get( 'config_efi_capsule_on_disk_early') with u_boot_console.log.section('Test Case 2-b, after reboot'): if not capsule_early: - # make sure that dfu_alt_info exists even persistent variables - # are not available. - output = u_boot_console.run_command_list([ - 'env set dfu_alt_info ' - '"sf 0:0=u-boot-bin raw 0x100000 ' - '0x50000;u-boot-env raw 0x150000 0x200000"', - 'host bind 0 %s' % disk_img, - 'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR]) - assert 'Test12' in ''.join(output) - - # need to run uefi command to initiate capsule handling - output = u_boot_console.run_command( - 'env print -e Capsule0000', wait_for_reboot = True) - - # deleted any way - output = u_boot_console.run_command_list([ - 'host bind 0 %s' % disk_img, - 'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR]) - assert 'Test12' not in ''.join(output) + exec_manual_update(u_boot_console, disk_img, capsule_files) + + check_file_removed(u_boot_console, disk_img, capsule_files) # TODO: check CapsuleStatus in CapsuleXXXX - output = u_boot_console.run_command_list([ - 'sf probe 0:0', - 'sf read 4000000 100000 10', - 'md.b 4000000 10']) - assert 'u-boot:Old' in ''.join(output) + verify_content(u_boot_console, '100000', 'u-boot:Old') def test_efi_capsule_auth3( self, u_boot_config, u_boot_console, efi_capsule_data): @@ -185,70 +100,23 @@ class TestEfiCapsuleFirmwareSignedRaw(): should fail and the firmware not be updated. """ disk_img = efi_capsule_data + capsule_files = ['Test02'] with u_boot_console.log.section('Test Case 3-a, before reboot'): - output = u_boot_console.run_command_list([ - 'host bind 0 %s' % disk_img, - 'printenv -e PlatformLangCodes', # workaround for terminal size determination - 'efidebug boot add -b 1 TEST host 0:1 /helloworld.efi', - 'efidebug boot order 1', - 'env set -e -nv -bs -rt OsIndications =0x0000000000000004', - 'env set dfu_alt_info ' - '"sf 0:0=u-boot-bin raw 0x100000 ' - '0x50000;u-boot-env raw 0x150000 0x200000"', - 'env save']) - - # initialize content - output = u_boot_console.run_command_list([ - 'sf probe 0:0', - 'fatload host 0:1 4000000 %s/u-boot.bin.old' - % CAPSULE_DATA_DIR, - 'sf write 4000000 100000 10', - 'sf read 5000000 100000 10', - 'md.b 5000000 10']) - assert 'Old' in ''.join(output) - - # place a capsule file - output = u_boot_console.run_command_list([ - 'fatload host 0:1 4000000 %s/Test02' % CAPSULE_DATA_DIR, - 'fatwrite host 0:1 4000000 %s/Test02 $filesize' - % CAPSULE_INSTALL_DIR, - 'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR]) - assert 'Test02' in ''.join(output) - - # reboot - mnt_point = u_boot_config.persistent_data_dir + '/test_efi_capsule' - u_boot_console.config.dtb = mnt_point + CAPSULE_DATA_DIR \ - + '/test_sig.dtb' - u_boot_console.restart_uboot() + setup(u_boot_console, disk_img, '0x0000000000000004') + init_content(u_boot_console, '100000', 'u-boot.bin.old', 'Old') + place_capsule_file(u_boot_console, capsule_files) + + do_reboot_dtb_specified(u_boot_config, u_boot_console, 'test_sig.dtb') capsule_early = u_boot_config.buildconfig.get( 'config_efi_capsule_on_disk_early') with u_boot_console.log.section('Test Case 3-b, after reboot'): if not capsule_early: - # make sure that dfu_alt_info exists even persistent variables - # are not available. - output = u_boot_console.run_command_list([ - 'env set dfu_alt_info ' - '"sf 0:0=u-boot-bin raw 0x100000 ' - '0x50000;u-boot-env raw 0x150000 0x200000"', - 'host bind 0 %s' % disk_img, - 'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR]) - assert 'Test02' in ''.join(output) - - # need to run uefi command to initiate capsule handling - output = u_boot_console.run_command( - 'env print -e Capsule0000', wait_for_reboot = True) + exec_manual_update(u_boot_console, disk_img, capsule_files) # deleted anyway - output = u_boot_console.run_command_list([ - 'host bind 0 %s' % disk_img, - 'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR]) - assert 'Test02' not in ''.join(output) + check_file_removed(u_boot_console, disk_img, capsule_files) # TODO: check CapsuleStatus in CapsuleXXXX - output = u_boot_console.run_command_list([ - 'sf probe 0:0', - 'sf read 4000000 100000 10', - 'md.b 4000000 10']) - assert 'u-boot:Old' in ''.join(output) + verify_content(u_boot_console, '100000', 'u-boot:Old') From patchwork Wed May 31 03:35:23 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Masahisa Kojima X-Patchwork-Id: 687229 Delivered-To: patch@linaro.org Received: by 2002:a5d:4d8a:0:0:0:0:0 with SMTP id b10csp1054988wru; Tue, 30 May 2023 20:38:09 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ63Yc21A2eRkuzKkvB6zVHoTL2Kg3gsS03R9m2Tblhz6NoV2LRWSeJib9q7myYduxyHXUg6 X-Received: by 2002:a17:902:ce84:b0:1af:cbdb:9772 with SMTP id f4-20020a170902ce8400b001afcbdb9772mr5421453plg.18.1685504289145; Tue, 30 May 2023 20:38:09 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1685504289; cv=none; d=google.com; s=arc-20160816; b=KqNaIBtD2v13Z4hXZ33Uj8I4S4uio35cXV9abeontv54wRpoYPur66kVay3CCmq5pA 19KP7m++oPiz+qc0GB+O/kS9vbBwY2ct1tJKM/c0jFXax9GZ+UQuSWjiwLjbFVolV9M2 Oq6IYKbSdsz3cNP4lCkYRNhNg3k7f3N5TbysS5ofanAnqKwUZC0gJlHYzgWITcnjkvSM Wnwvk/5/mzoq4F/D8X75qf8j/GO6QSeaN0UHuUCBM5I8wI+qgM+uwEBm/hJfa/qWUKVO 8NS+yAmCr66h8yyNL6+sx/qlYeOIrq/Js0pKRK2UA6oHwS/G3VaKw1T7HAF4PRfecMuM cpXg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:content-transfer-encoding :mime-version:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=SR5DPQwrfUCyczL9kvUSgisJ++MRsPHWYgU8LRpM83o=; b=MnM01K2jeMlFWS1PhttktzE3/snhsR5QH55QoWjfQZAo7s9q5EvlALzW7Da+xljYam FeM5ZJk6FuAwOrEflpp+CdodnSe4wFU0v3kp54zrqQ0hxBaM2QMnw3wJffcOXKgamTUD jCTkPKxDpBJh90S5QaR2HETFE+qkfv5SOSiFADbz3aExOEo6mkhPCWlhPxUxEtQCUqkj 1ZCnxhgWu49HLg2NSNjJGwB/kGPAMVT5RNugJ7nqsJNRMj1qKqrfn+VIG2/foM9P4v4W yGO/WaFjSkztvpaOepJVB3nPZJp7DsrwL3FCuT687x/EFITNQZUBKVoecR8dY/XF7RPu zSQQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=SufDjOrh; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from phobos.denx.de (phobos.denx.de. [2a01:238:438b:c500:173d:9f52:ddab:ee01]) by mx.google.com with ESMTPS id s17-20020a170902ea1100b001b03a1a3174si149009plg.330.2023.05.30.20.38.08 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 30 May 2023 20:38:09 -0700 (PDT) Received-SPF: pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) client-ip=2a01:238:438b:c500:173d:9f52:ddab:ee01; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=SufDjOrh; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 2E6FC861F3; Wed, 31 May 2023 05:36:35 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="SufDjOrh"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id 33E6B861C2; Wed, 31 May 2023 05:36:27 +0200 (CEST) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.2 Received: from mail-pg1-x52a.google.com (mail-pg1-x52a.google.com [IPv6:2607:f8b0:4864:20::52a]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id 4F7BA861C5 for ; Wed, 31 May 2023 05:36:18 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=masahisa.kojima@linaro.org Received: by mail-pg1-x52a.google.com with SMTP id 41be03b00d2f7-53f70f5ef60so360691a12.1 for ; Tue, 30 May 2023 20:36:18 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1685504176; x=1688096176; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=SR5DPQwrfUCyczL9kvUSgisJ++MRsPHWYgU8LRpM83o=; b=SufDjOrhqZmq95d7nAWhp6T0/jGrl8slXgO4pWElkuzFhvVq1NOF1j0ogvecx75Nbc RPGFtvgRQKeUzoA77O8n/2OZT1kTyKwwStAP+Zlxy+rn+/K1Qez1lpFHv4G/x0gfdIeI RoEvf7EWHX79qF2V7sKc5JA9ltf1HzIEFUr7LJngTJ2tUqRdt27varHmjdLnD3eR071A 5/NQBstLVCZfpS2Og13rBJbE2fRmQLHANjZqcpsZ3Q2MShv4hAk2VuNY09ke8abqXj4C b4UaDI10kT/DrlbN4B85jnKFPtFzLqlR2/cmPguJmjopkHW45NGI7niVA0WR4qtimXkG N0GQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1685504176; x=1688096176; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=SR5DPQwrfUCyczL9kvUSgisJ++MRsPHWYgU8LRpM83o=; b=ac0ratcGuiAfgG/FyEJVJTXnJhzTTfwU12w4fSe19AmWO2KyHEq3MzTRMjdHjSGv/F 5I6ygnNdh8PrxnnAErpIWOrtNQGi7G2lTnWQ0GbrVPcQ0fc3noAWlAZ4CwHYt4zxqTj/ 1Q/qYWNH/btNKJdZgsHZv6AdqwCwA661AdAlQVDwxCaBVY9drcABFZ5jMjJMz/zSJxN+ 1pBcvUDJ2u/cUsSjwZRec382Ljj8mGqIGBzk+4WpU19fdoLrlAQ87S+w+hlt6O3nE0bB h+kixd1zPS8VSPykoSBPReR1X9GRL51DCHMbpJsaP/7WeXl3IwDG0fOGL+ym4OJtgmu1 WlHQ== X-Gm-Message-State: AC+VfDxH/0lvv/PojslmZdA0IRTXW6UUqhwx8mFUHIAMrF16UDwgm4yR KgvMy7DdkUz0qesfnlfjy9UzRNye8KUtP00pNVw= X-Received: by 2002:a17:902:b68a:b0:1a0:76e8:a4d with SMTP id c10-20020a170902b68a00b001a076e80a4dmr10976190pls.14.1685504176079; Tue, 30 May 2023 20:36:16 -0700 (PDT) Received: from ubuntu-SVE15129CJS.. ([240d:1a:cf7:5800:b037:3ab0:51c1:7dff]) by smtp.gmail.com with ESMTPSA id b4-20020a170902d30400b001b0395c3ffasm85709plc.180.2023.05.30.20.36.14 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 30 May 2023 20:36:15 -0700 (PDT) From: Masahisa Kojima To: u-boot@lists.denx.de Cc: Heinrich Schuchardt , Ilias Apalodimas , Simon Glass , Takahiro Akashi , Masahisa Kojima Subject: [PATCH v7 10/10] test/py: efi_capsule: test for FMP versioning Date: Wed, 31 May 2023 12:35:23 +0900 Message-Id: <20230531033523.1581973-11-masahisa.kojima@linaro.org> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20230531033523.1581973-1-masahisa.kojima@linaro.org> References: <20230531033523.1581973-1-masahisa.kojima@linaro.org> MIME-Version: 1.0 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.39 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.8 at phobos.denx.de X-Virus-Status: Clean This test covers the FMP versioning for both raw and FIT image, and both signed and non-signed capsule update. Signed-off-by: Masahisa Kojima --- Changes in v7: - use newly introcuded common functions of efi_capsule test test/py/tests/test_efi_capsule/conftest.py | 82 ++++++++++++++++++ .../test_capsule_firmware_fit.py | 80 ++++++++++++++++- .../test_capsule_firmware_raw.py | 85 ++++++++++++++++++- .../test_capsule_firmware_signed_fit.py | 65 ++++++++++++++ .../test_capsule_firmware_signed_raw.py | 70 +++++++++++++++ test/py/tests/test_efi_capsule/version.dts | 24 ++++++ 6 files changed, 404 insertions(+), 2 deletions(-) create mode 100644 test/py/tests/test_efi_capsule/version.dts diff --git a/test/py/tests/test_efi_capsule/conftest.py b/test/py/tests/test_efi_capsule/conftest.py index a337e62936..d0e20df01e 100644 --- a/test/py/tests/test_efi_capsule/conftest.py +++ b/test/py/tests/test_efi_capsule/conftest.py @@ -62,6 +62,23 @@ def efi_capsule_data(request, u_boot_config): '-out SIGNER2.crt -nodes -days 365' % data_dir, shell=True) + # Update dtb to add the version information + check_call('cd %s; ' + 'cp %s/test/py/tests/test_efi_capsule/version.dts .' + % (data_dir, u_boot_config.source_dir), shell=True) + if capsule_auth_enabled: + check_call('cd %s; ' + 'dtc -@ -I dts -O dtb -o version.dtbo version.dts; ' + 'fdtoverlay -i test_sig.dtb ' + '-o test_ver.dtb version.dtbo' + % (data_dir), shell=True) + else: + check_call('cd %s; ' + 'dtc -@ -I dts -O dtb -o version.dtbo version.dts; ' + 'fdtoverlay -i %s/arch/sandbox/dts/test.dtb ' + '-o test_ver.dtb version.dtbo' + % (data_dir, u_boot_config.build_dir), shell=True) + # Create capsule files # two regions: one for u-boot.bin and the other for u-boot.env check_call('cd %s; echo -n u-boot:Old > u-boot.bin.old; echo -n u-boot:New > u-boot.bin.new; echo -n u-boot-env:Old > u-boot.env.old; echo -n u-boot-env:New > u-boot.env.new' % data_dir, @@ -87,6 +104,26 @@ def efi_capsule_data(request, u_boot_config): check_call('cd %s; %s/tools/mkeficapsule --index 1 --guid 058B7D83-50D5-4C47-A195-60D86AD341C4 uboot_bin_env.itb Test05' % (data_dir, u_boot_config.build_dir), shell=True) + check_call('cd %s; %s/tools/mkeficapsule --index 1 --fw-version 5 ' + '--guid 09D7CF52-0720-4710-91D1-08469B7FE9C8 u-boot.bin.new Test101' % + (data_dir, u_boot_config.build_dir), + shell=True) + check_call('cd %s; %s/tools/mkeficapsule --index 2 --fw-version 10 ' + '--guid 5A7021F5-FEF2-48B4-AABA-832E777418C0 u-boot.env.new Test102' % + (data_dir, u_boot_config.build_dir), + shell=True) + check_call('cd %s; %s/tools/mkeficapsule --index 1 --fw-version 2 ' + '--guid 09D7CF52-0720-4710-91D1-08469B7FE9C8 u-boot.bin.new Test103' % + (data_dir, u_boot_config.build_dir), + shell=True) + check_call('cd %s; %s/tools/mkeficapsule --index 1 --fw-version 5 ' + '--guid 3673B45D-6A7C-46F3-9E60-ADABB03F7937 uboot_bin_env.itb Test104' % + (data_dir, u_boot_config.build_dir), + shell=True) + check_call('cd %s; %s/tools/mkeficapsule --index 1 --fw-version 2 ' + '--guid 3673B45D-6A7C-46F3-9E60-ADABB03F7937 uboot_bin_env.itb Test105' % + (data_dir, u_boot_config.build_dir), + shell=True) if capsule_auth_enabled: # raw firmware signed with proper key @@ -123,6 +160,51 @@ def efi_capsule_data(request, u_boot_config): 'uboot_bin_env.itb Test14' % (data_dir, u_boot_config.build_dir), shell=True) + # raw firmware signed with proper key with version information + check_call('cd %s; ' + '%s/tools/mkeficapsule --index 1 --monotonic-count 1 ' + '--fw-version 5 ' + '--private-key SIGNER.key --certificate SIGNER.crt ' + '--guid 09D7CF52-0720-4710-91D1-08469B7FE9C8 ' + 'u-boot.bin.new Test111' + % (data_dir, u_boot_config.build_dir), + shell=True) + # raw firmware signed with proper key with version information + check_call('cd %s; ' + '%s/tools/mkeficapsule --index 2 --monotonic-count 1 ' + '--fw-version 10 ' + '--private-key SIGNER.key --certificate SIGNER.crt ' + '--guid 5A7021F5-FEF2-48B4-AABA-832E777418C0 ' + 'u-boot.env.new Test112' + % (data_dir, u_boot_config.build_dir), + shell=True) + # raw firmware signed with proper key with lower version information + check_call('cd %s; ' + '%s/tools/mkeficapsule --index 1 --monotonic-count 1 ' + '--fw-version 2 ' + '--private-key SIGNER.key --certificate SIGNER.crt ' + '--guid 09D7CF52-0720-4710-91D1-08469B7FE9C8 ' + 'u-boot.bin.new Test113' + % (data_dir, u_boot_config.build_dir), + shell=True) + # FIT firmware signed with proper key with version information + check_call('cd %s; ' + '%s/tools/mkeficapsule --index 1 --monotonic-count 1 ' + '--fw-version 5 ' + '--private-key SIGNER.key --certificate SIGNER.crt ' + '--guid 3673B45D-6A7C-46F3-9E60-ADABB03F7937 ' + 'uboot_bin_env.itb Test114' + % (data_dir, u_boot_config.build_dir), + shell=True) + # FIT firmware signed with proper key with lower version information + check_call('cd %s; ' + '%s/tools/mkeficapsule --index 1 --monotonic-count 1 ' + '--fw-version 2 ' + '--private-key SIGNER.key --certificate SIGNER.crt ' + '--guid 3673B45D-6A7C-46F3-9E60-ADABB03F7937 ' + 'uboot_bin_env.itb Test115' + % (data_dir, u_boot_config.build_dir), + shell=True) # Create a disk image with EFI system partition check_call('virt-make-fs --partition=gpt --size=+1M --type=vfat %s %s' % diff --git a/test/py/tests/test_efi_capsule/test_capsule_firmware_fit.py b/test/py/tests/test_efi_capsule/test_capsule_firmware_fit.py index fccf1f3fc1..cd4f0c9f60 100644 --- a/test/py/tests/test_efi_capsule/test_capsule_firmware_fit.py +++ b/test/py/tests/test_efi_capsule/test_capsule_firmware_fit.py @@ -14,7 +14,8 @@ from capsule_common import ( place_capsule_file, exec_manual_update, check_file_removed, - verify_content + verify_content, + do_reboot_dtb_specified ) @pytest.mark.boardspec('sandbox_flattree') @@ -105,3 +106,80 @@ class TestEfiCapsuleFirmwareFit(): expected = 'u-boot-env:Old' if capsule_auth else 'u-boot-env:New' verify_content(u_boot_console, '150000', expected) + + def test_efi_capsule_fw3( + self, u_boot_config, u_boot_console, efi_capsule_data): + """ Test Case 3 + Update U-Boot on SPI Flash, raw image format with fw_version and lowest_supported_version + 0x100000-0x150000: U-Boot binary (but dummy) + 0x150000-0x200000: U-Boot environment (but dummy) + """ + disk_img = efi_capsule_data + capsule_files = ['Test104'] + with u_boot_console.log.section('Test Case 3-a, before reboot'): + setup(u_boot_console, disk_img, '0x0000000000000004') + init_content(u_boot_console, '100000', 'u-boot.bin.old', 'Old') + init_content(u_boot_console, '150000', 'u-boot.env.old', 'Old') + place_capsule_file(u_boot_console, capsule_files) + + # reboot + do_reboot_dtb_specified(u_boot_config, u_boot_console, 'test_ver.dtb') + + capsule_early = u_boot_config.buildconfig.get( + 'config_efi_capsule_on_disk_early') + capsule_auth = u_boot_config.buildconfig.get( + 'config_efi_capsule_authenticate') + with u_boot_console.log.section('Test Case 3-b, after reboot'): + if not capsule_early: + exec_manual_update(u_boot_console, disk_img, capsule_files) + + # deleted anyway + check_file_removed(u_boot_console, disk_img, capsule_files) + + # make sure the dfu_alt_info exists because it is required for making ESRT. + output = u_boot_console.run_command_list([ + 'env set dfu_alt_info "sf 0:0=u-boot-bin raw 0x100000 0x50000;u-boot-env raw 0x150000 0x200000"', + 'efidebug capsule esrt']) + + if capsule_auth: + # capsule authentication failed + verify_content(u_boot_console, '100000', 'u-boot:Old'); + verify_content(u_boot_console, '150000', 'u-boot-env:Old') + else: + # ensure that SANDBOX_UBOOT_IMAGE_GUID is in the ESRT. + assert '3673B45D-6A7C-46F3-9E60-ADABB03F7937' in ''.join(output) + assert 'ESRT: fw_version=5' in ''.join(output) + assert 'ESRT: lowest_supported_fw_version=3' in ''.join(output) + + verify_content(u_boot_console, '100000', 'u-boot:New'); + verify_content(u_boot_console, '150000', 'u-boot-env:New') + + def test_efi_capsule_fw4( + self, u_boot_config, u_boot_console, efi_capsule_data): + """ Test Case 4 + Update U-Boot on SPI Flash, raw image format with fw_version and lowest_supported_version + but fw_version is lower than lowest_supported_version + No update should happen + 0x100000-0x150000: U-Boot binary (but dummy) + """ + disk_img = efi_capsule_data + capsule_files = ['Test105'] + with u_boot_console.log.section('Test Case 4-a, before reboot'): + setup(u_boot_console, disk_img, '0x0000000000000004') + init_content(u_boot_console, '100000', 'u-boot.bin.old', 'Old') + place_capsule_file(u_boot_console, capsule_files) + + # reboot + do_reboot_dtb_specified(u_boot_config, u_boot_console, 'test_ver.dtb') + + capsule_early = u_boot_config.buildconfig.get( + 'config_efi_capsule_on_disk_early') + capsule_auth = u_boot_config.buildconfig.get( + 'config_efi_capsule_authenticate') + with u_boot_console.log.section('Test Case 4-b, after reboot'): + if not capsule_early: + exec_manual_update(u_boot_console, disk_img, capsule_files) + + check_file_removed(u_boot_console, disk_img, capsule_files) + + verify_content(u_boot_console, '100000', 'u-boot:Old'); diff --git a/test/py/tests/test_efi_capsule/test_capsule_firmware_raw.py b/test/py/tests/test_efi_capsule/test_capsule_firmware_raw.py index e00686a9fc..9cb92b8494 100644 --- a/test/py/tests/test_efi_capsule/test_capsule_firmware_raw.py +++ b/test/py/tests/test_efi_capsule/test_capsule_firmware_raw.py @@ -15,7 +15,8 @@ from capsule_common import ( exec_manual_update, check_file_removed, check_file_exist, - verify_content + verify_content, + do_reboot_dtb_specified ) @pytest.mark.boardspec('sandbox') @@ -146,3 +147,85 @@ class TestEfiCapsuleFirmwareRaw: expected = 'u-boot-env:Old' if capsule_auth else 'u-boot-env:New' verify_content(u_boot_console, '150000', expected) + + def test_efi_capsule_fw4( + self, u_boot_config, u_boot_console, efi_capsule_data): + """ Test Case 4 + Update U-Boot on SPI Flash, raw image format with fw_version and lowest_supported_version + 0x100000-0x150000: U-Boot binary (but dummy) + 0x150000-0x200000: U-Boot environment (but dummy) + """ + disk_img = efi_capsule_data + capsule_files = ['Test101', 'Test102'] + with u_boot_console.log.section('Test Case 4-a, before reboot'): + setup(u_boot_console, disk_img, '0x0000000000000004') + init_content(u_boot_console, '100000', 'u-boot.bin.old', 'Old') + init_content(u_boot_console, '150000', 'u-boot.env.old', 'Old') + place_capsule_file(u_boot_console, capsule_files) + + # reboot + do_reboot_dtb_specified(u_boot_config, u_boot_console, 'test_ver.dtb') + + capsule_early = u_boot_config.buildconfig.get( + 'config_efi_capsule_on_disk_early') + capsule_auth = u_boot_config.buildconfig.get( + 'config_efi_capsule_authenticate') + with u_boot_console.log.section('Test Case 4-b, after reboot'): + if not capsule_early: + exec_manual_update(u_boot_console, disk_img, capsule_files) + + # deleted anyway + check_file_removed(u_boot_console, disk_img, capsule_files) + + # make sure the dfu_alt_info exists because it is required for making ESRT. + output = u_boot_console.run_command_list([ + 'env set dfu_alt_info "sf 0:0=u-boot-bin raw 0x100000 0x50000;u-boot-env raw 0x150000 0x200000"', + 'efidebug capsule esrt']) + + if capsule_auth: + # capsule authentication failed + verify_content(u_boot_console, '100000', 'u-boot:Old'); + verify_content(u_boot_console, '150000', 'u-boot-env:Old') + else: + # ensure that SANDBOX_UBOOT_IMAGE_GUID is in the ESRT. + assert '09D7CF52-0720-4710-91D1-08469B7FE9C8' in ''.join(output) + assert 'ESRT: fw_version=5' in ''.join(output) + assert 'ESRT: lowest_supported_fw_version=3' in ''.join(output) + + # ensure that SANDBOX_UBOOT_ENV_IMAGE_GUID is in the ESRT. + assert '5A7021F5-FEF2-48B4-AABA-832E777418C0' in ''.join(output) + assert 'ESRT: fw_version=10' in ''.join(output) + assert 'ESRT: lowest_supported_fw_version=7' in ''.join(output) + + verify_content(u_boot_console, '100000', 'u-boot:New'); + verify_content(u_boot_console, '150000', 'u-boot-env:New') + + def test_efi_capsule_fw5( + self, u_boot_config, u_boot_console, efi_capsule_data): + """ Test Case 5 + Update U-Boot on SPI Flash, raw image format with fw_version and lowest_supported_version + but fw_version is lower than lowest_supported_version + No update should happen + 0x100000-0x150000: U-Boot binary (but dummy) + """ + disk_img = efi_capsule_data + capsule_files = ['Test103'] + with u_boot_console.log.section('Test Case 5-a, before reboot'): + setup(u_boot_console, disk_img, '0x0000000000000004') + init_content(u_boot_console, '100000', 'u-boot.bin.old', 'Old') + place_capsule_file(u_boot_console, capsule_files) + + # reboot + do_reboot_dtb_specified(u_boot_config, u_boot_console, 'test_ver.dtb') + + capsule_early = u_boot_config.buildconfig.get( + 'config_efi_capsule_on_disk_early') + capsule_auth = u_boot_config.buildconfig.get( + 'config_efi_capsule_authenticate') + with u_boot_console.log.section('Test Case 5-b, after reboot'): + if not capsule_early: + exec_manual_update(u_boot_console, disk_img, capsule_files) + + check_file_removed(u_boot_console, disk_img, capsule_files) + + verify_content(u_boot_console, '100000', 'u-boot:Old'); diff --git a/test/py/tests/test_efi_capsule/test_capsule_firmware_signed_fit.py b/test/py/tests/test_efi_capsule/test_capsule_firmware_signed_fit.py index cbacdab4d1..a4005ec34c 100644 --- a/test/py/tests/test_efi_capsule/test_capsule_firmware_signed_fit.py +++ b/test/py/tests/test_efi_capsule/test_capsule_firmware_signed_fit.py @@ -126,3 +126,68 @@ class TestEfiCapsuleFirmwareSignedFit(): # TODO: check CapsuleStatus in CapsuleXXXX verify_content(u_boot_console, '100000', 'u-boot:Old') + + def test_efi_capsule_auth4( + self, u_boot_config, u_boot_console, efi_capsule_data): + """Test Case 4 - Update U-Boot on SPI Flash, raw image format with version information + 0x100000-0x150000: U-Boot binary (but dummy) + + If the capsule is properly signed, the authentication + should pass and the firmware be updated. + """ + disk_img = efi_capsule_data + capsule_files = ['Test114'] + with u_boot_console.log.section('Test Case 4-a, before reboot'): + setup(u_boot_console, disk_img, '0x0000000000000004') + init_content(u_boot_console, '100000', 'u-boot.bin.old', 'Old') + place_capsule_file(u_boot_console, capsule_files) + + do_reboot_dtb_specified(u_boot_config, u_boot_console, 'test_ver.dtb') + + capsule_early = u_boot_config.buildconfig.get( + 'config_efi_capsule_on_disk_early') + with u_boot_console.log.section('Test Case 4-b, after reboot'): + if not capsule_early: + exec_manual_update(u_boot_console, disk_img, capsule_files) + + check_file_removed(u_boot_console, disk_img, capsule_files) + + output = u_boot_console.run_command_list([ + 'env set dfu_alt_info "sf 0:0=u-boot-bin raw 0x100000 0x50000;u-boot-env raw 0x150000 0x200000"', + 'efidebug capsule esrt']) + + # ensure that SANDBOX_UBOOT_IMAGE_GUID is in the ESRT. + assert '3673B45D-6A7C-46F3-9E60-ADABB03F7937' in ''.join(output) + assert 'ESRT: fw_version=5' in ''.join(output) + assert 'ESRT: lowest_supported_fw_version=3' in ''.join(output) + + verify_content(u_boot_console, '100000', 'u-boot:New'); + verify_content(u_boot_console, '150000', 'u-boot-env:New') + + def test_efi_capsule_auth5( + self, u_boot_config, u_boot_console, efi_capsule_data): + """Test Case 5 - Update U-Boot on SPI Flash, raw image format with version information + 0x100000-0x150000: U-Boot binary (but dummy) + + If the capsule is signed but fw_version is lower than lowest + supported version, the authentication should fail and the firmware + not be updated. + """ + disk_img = efi_capsule_data + capsule_files = ['Test115'] + with u_boot_console.log.section('Test Case 5-a, before reboot'): + setup(u_boot_console, disk_img, '0x0000000000000004') + init_content(u_boot_console, '100000', 'u-boot.bin.old', 'Old') + place_capsule_file(u_boot_console, capsule_files) + + do_reboot_dtb_specified(u_boot_config, u_boot_console, 'test_ver.dtb') + + capsule_early = u_boot_config.buildconfig.get( + 'config_efi_capsule_on_disk_early') + with u_boot_console.log.section('Test Case 5-b, after reboot'): + if not capsule_early: + exec_manual_update(u_boot_console, disk_img, capsule_files) + + check_file_removed(u_boot_console, disk_img, capsule_files) + + verify_content(u_boot_console, '100000', 'u-boot:Old') diff --git a/test/py/tests/test_efi_capsule/test_capsule_firmware_signed_raw.py b/test/py/tests/test_efi_capsule/test_capsule_firmware_signed_raw.py index 3d6274ff99..263ecbfed0 100644 --- a/test/py/tests/test_efi_capsule/test_capsule_firmware_signed_raw.py +++ b/test/py/tests/test_efi_capsule/test_capsule_firmware_signed_raw.py @@ -120,3 +120,73 @@ class TestEfiCapsuleFirmwareSignedRaw(): # TODO: check CapsuleStatus in CapsuleXXXX verify_content(u_boot_console, '100000', 'u-boot:Old') + + def test_efi_capsule_auth4( + self, u_boot_config, u_boot_console, efi_capsule_data): + """Test Case 4 - Update U-Boot on SPI Flash, raw image format with version information + 0x100000-0x150000: U-Boot binary (but dummy) + + If the capsule is properly signed, the authentication + should pass and the firmware be updated. + """ + disk_img = efi_capsule_data + capsule_files = ['Test111', 'Test112'] + with u_boot_console.log.section('Test Case 4-a, before reboot'): + setup(u_boot_console, disk_img, '0x0000000000000004') + init_content(u_boot_console, '100000', 'u-boot.bin.old', 'Old') + place_capsule_file(u_boot_console, capsule_files) + + do_reboot_dtb_specified(u_boot_config, u_boot_console, 'test_ver.dtb') + + capsule_early = u_boot_config.buildconfig.get( + 'config_efi_capsule_on_disk_early') + with u_boot_console.log.section('Test Case 4-b, after reboot'): + if not capsule_early: + exec_manual_update(u_boot_console, disk_img, capsule_files) + + check_file_removed(u_boot_console, disk_img, capsule_files) + + output = u_boot_console.run_command_list([ + 'env set dfu_alt_info "sf 0:0=u-boot-bin raw 0x100000 0x50000;u-boot-env raw 0x150000 0x200000"', + 'efidebug capsule esrt']) + + # ensure that SANDBOX_UBOOT_IMAGE_GUID is in the ESRT. + assert '09D7CF52-0720-4710-91D1-08469B7FE9C8' in ''.join(output) + assert 'ESRT: fw_version=5' in ''.join(output) + assert 'ESRT: lowest_supported_fw_version=3' in ''.join(output) + + # ensure that SANDBOX_UBOOT_ENV_IMAGE_GUID is in the ESRT. + assert '5A7021F5-FEF2-48B4-AABA-832E777418C0' in ''.join(output) + assert 'ESRT: fw_version=10' in ''.join(output) + assert 'ESRT: lowest_supported_fw_version=7' in ''.join(output) + + verify_content(u_boot_console, '100000', 'u-boot:New'); + verify_content(u_boot_console, '150000', 'u-boot-env:New') + + def test_efi_capsule_auth5( + self, u_boot_config, u_boot_console, efi_capsule_data): + """Test Case 5 - Update U-Boot on SPI Flash, raw image format with version information + 0x100000-0x150000: U-Boot binary (but dummy) + + If the capsule is signed but fw_version is lower than lowest + supported version, the authentication should fail and the firmware + not be updated. + """ + disk_img = efi_capsule_data + capsule_files = ['Test113'] + with u_boot_console.log.section('Test Case 5-a, before reboot'): + setup(u_boot_console, disk_img, '0x0000000000000004') + init_content(u_boot_console, '100000', 'u-boot.bin.old', 'Old') + place_capsule_file(u_boot_console, capsule_files) + + do_reboot_dtb_specified(u_boot_config, u_boot_console, 'test_ver.dtb') + + capsule_early = u_boot_config.buildconfig.get( + 'config_efi_capsule_on_disk_early') + with u_boot_console.log.section('Test Case 5-b, after reboot'): + if not capsule_early: + exec_manual_update(u_boot_console, disk_img, capsule_files) + + check_file_removed(u_boot_console, disk_img, capsule_files) + + verify_content(u_boot_console, '100000', 'u-boot:Old') diff --git a/test/py/tests/test_efi_capsule/version.dts b/test/py/tests/test_efi_capsule/version.dts new file mode 100644 index 0000000000..07850cc606 --- /dev/null +++ b/test/py/tests/test_efi_capsule/version.dts @@ -0,0 +1,24 @@ +// SPDX-License-Identifier: GPL-2.0+ + +/dts-v1/; +/plugin/; + +&{/} { + firmware-version { + image1 { + lowest-supported-version = <3>; + image-index = <1>; + image-type-id = "09D7CF52-0720-4710-91D1-08469B7FE9C8"; + }; + image2 { + lowest-supported-version = <7>; + image-index = <2>; + image-type-id = "5A7021F5-FEF2-48B4-AABA-832E777418C0"; + }; + image3 { + lowest-supported-version = <3>; + image-index = <1>; + image-type-id = "3673B45D-6A7C-46F3-9E60-ADABB03F7937"; + }; + }; +};