mbox series

[RFC,v2,0/8] FWU: Add support for FWU Multi Bank Update feature

Message ID 20211219070605.14894-1-sughosh.ganu@linaro.org
Headers show
Series FWU: Add support for FWU Multi Bank Update feature | expand

Message

Sughosh Ganu Dec. 19, 2021, 7:05 a.m. UTC 
The patchset adds support for the FWU Multi Bank Update[1]
feature. Certain aspects of the Dependable Boot[2] specification have
also been implemented.

The FWU multi bank update feature is used for supporting multiple
sets(also called banks) of firmware image(s), allowing the platform to
boot from a different bank, in case it fails to boot from the active
bank. This functionality is supported by keeping the relevant
information in a structure called metadata, which provides information
on the images. Among other parameters, the metadata structure contains
information on the currect active bank that is being used to boot
image(s).

Functionality is being added to work with the UEFI capsule driver in
u-boot. The metadata is read to gather information on the update bank,
which is the bank to which the firmware images would be flashed to. On
a successful completion of the update of all components, the active
bank field in the metadata is updated, to reflect the bank from which
the platform will boot on the subsequent boots.

Currently, the feature is being enabled on the STM32MP157C-DK2
board which boots a FIP image from a uSD card partitioned with the GPT
partioning scheme. This also requires changes in the previous stage of
bootloader, which parses the metadata and selects the bank to boot the
image(s) from. Support is being added in tf-a(BL2 stage) for the
STM32MP157C-DK2 board to boot the active bank images. These changes
are under review currently[3].

Changes since V1:
* Rename metadata with mdata for all symbols. Applicable for
  all patches
* Move all function declarations to a separate header fwu.h
* Drop the patch which added the get_gpt_hdr_parts api, as
  suggested by Patrick
* Use the logic suggested by Patrick to get the partition
  type guids and partition guid's instead of defining a new
  api
* Drop the parameter in the function fwu_revert_boot_index
  as suggested by Etienne
* Use BIT for all macros
* Call the platform function fwu_plat_get_alt_num for
  getting the alt_num for the image partition, instead of
  the earlier hard-coded approach.
* Change the logic in gpt_check_mdata_validity as suggested
  by Ilias.
* Other smaller code style changes suggested by Ilias
* Define a new function fwu_plat_get_alt_num using logic
  suggested by Patrick for returning the alt_num for the
  partition
* Define a new function plat_fill_gpt_partition_guids to
  fill the guid array with Partition Type guids
* Use the TAMP_BOOTCOUNT register as suggested by Yann
  Gautier instead of the earlier unused register 10
* Define a new function fwu_plat_get_alt_num for filling up
  all the dfu partitions with a preset ImageTypeId guid
* Remove the distinction made in the earlier version for
  setting image_type_id as suggested by Heinrich
* Define a funtion fwu_update_checks_pass to do the checks
  before initiating the update
* Log the status of the boottime checks using boottime_check
  variable and allow system to boot instead of hanging the
  platform(fwu_boottime_checks)
* Call function fwu_update_checks_pass to check if the
  update can be initiated
* Do not allow firmware update from efi_init_obj_list as the
  fwu boot-time checks need to be run

Todo's
------
1) Add a test(selftest) for the metadata access.
2) Add a tool for generation of the metadata. Not sure if this needs to
   be part of the u-boot repository though.
3) Add a tool for generation of the firmware accept/reject dummy
   capsule. Need to check if this can be added to the mkeficapsule
   tool in u-boot.

[1] - https://developer.arm.com/documentation/den0118/a
[2] - https://staging-git.codelinaro.org/linaro/firmware-dual-banked-updates/test
[3] - https://review.trustedfirmware.org/c/TF-A/trusted-firmware-a/+/12566


Sughosh Ganu (8):
  FWU: Add FWU metadata structure and functions for accessing metadata
  FWU: Add FWU metadata access functions for GPT partitioned block
    devices
  FWU: stm32mp1: Add helper functions for accessing FWU metadata
  FWU: STM32MP1: Add support to read boot index from backup register
  EFI: FMP: Add provision to update image's ImageTypeId in image
    descriptor
  FWU: Add boot time checks as highlighted by the FWU specification
  FWU: Add support for FWU Multi Bank Update feature
  FWU: cmd: Add a command to read FWU metadata

 board/st/stm32mp1/stm32mp1.c        | 169 ++++++++
 cmd/Kconfig                         |   7 +
 cmd/Makefile                        |   1 +
 cmd/fwu_mdata.c                     |  64 +++
 common/board_r.c                    |   6 +
 include/fwu.h                       |  51 +++
 include/fwu_mdata.h                 | 104 +++++
 lib/Kconfig                         |  32 ++
 lib/Makefile                        |   1 +
 lib/efi_loader/efi_capsule.c        | 198 ++++++++-
 lib/efi_loader/efi_firmware.c       |  90 +++-
 lib/efi_loader/efi_setup.c          |   3 +-
 lib/fwu_updates/Makefile            |  11 +
 lib/fwu_updates/fwu.c               | 190 +++++++++
 lib/fwu_updates/fwu_mdata.c         | 236 +++++++++++
 lib/fwu_updates/fwu_mdata_gpt_blk.c | 635 ++++++++++++++++++++++++++++
 16 files changed, 1787 insertions(+), 11 deletions(-)
 create mode 100644 cmd/fwu_mdata.c
 create mode 100644 include/fwu.h
 create mode 100644 include/fwu_mdata.h
 create mode 100644 lib/fwu_updates/Makefile
 create mode 100644 lib/fwu_updates/fwu.c
 create mode 100644 lib/fwu_updates/fwu_mdata.c
 create mode 100644 lib/fwu_updates/fwu_mdata_gpt_blk.c