Message ID | 20240719-b4-dynamic-uuid-v5-0-8a83de3fe3dc@linaro.org |
---|---|
Headers | show |
Series | efi: CapsuleUpdate: support for dynamic UUIDs | expand |
Hi Caleb, checkpatch reports some issues for #4 & #9, check that for v6 Cheers /Ilias On Fri, 19 Jul 2024 at 15:43, Caleb Connolly <caleb.connolly@linaro.org> wrote: > > As more boards adopt support for the EFI CapsuleUpdate mechanism, there > is a growing issue of being able to target updates to them properly. The > current mechanism of hardcoding UUIDs for each board at compile time is > unsustainable, and maintaining lists of GUIDs is similarly cumbersome. > > In this series, I propose that we adopt v5 GUIDs, these are generated by > using a well-known salt GUID as well as board specific information the > DT root compatible string, these are hashed together and the result is > truncated to form a new UUID. > > The well-known salt GUID can be specific to the architecture (SoC > vendor), or OEM. It is defined in the board defconfig so that vendors > can easily bring their own. > > Specifically, the following fields are used to generate a GUID for a > particular fw_image: > > * namespace salt > * board compatible (usually the first entry in the dt root compatible > array). > * fw_image name (the string identifying the specific image, especially > relevant for board that can update multiple images). > > == Usage == > > Boards can enable dynamic UUID support by simply not setting the > efi_fw_image image_type_id property. Vendors may also wish to set a > custom namespace GUID (by setting CONFIG_EFI_CAPSULE_NAMESPACE_GUID). > > == Limitations == > > * Changing GUIDs > > The primary limitation with this approach is that if any of the source > fields change, so will the GUID for the board. It is therefore pretty > important to ensure that GUID changes are caught during development. > > * Supporting multiple boards with a single image > > This now requires having an entry with the GUID for every board which > might lead to larger UpdateCapsule images. > > == Tooling == > > The mkeficapsule command is updated to add a new guidgen subcommand, > this can generate GUIDs that match those the board would generate at > runtime. It accepts an optional namespace GUID (if the default isn't > used), a path to the board DTB, and a list of firmware image names. > > This series follows a related discussion started by Ilias: > https://lore.kernel.org/u-boot/CAC_iWjJNHa4gMF897MqYZNdbgjFG8K4kwGsTXWuy72WkYLizrw@mail.gmail.com/ > > CI run for this series: https://source.denx.de/u-boot/custodians/u-boot-snapdragon/-/pipelines/21419 > > --- > Changes in v5: > - Clean up mkeficapsule genguid patch > - Add explicit tests validating the GUID type bits > - Link to v4: https://lore.kernel.org/r/20240702-b4-dynamic-uuid-v4-0-a00c82d1f504@linaro.org > > Changes in v4: > - Make UUID v5 support always enabled rather than being optional. > - Fix endianness issues (thanks Vincent and Ilias) > - Merge genguid tool into mkeficapsule. > - And move mkeficapsule over to using U-Boot's UUID code rather > than libuuid. > - Provide a default namespace UUID for all U-Boot boards. > - Link to v3: https://lore.kernel.org/r/20240531-b4-dynamic-uuid-v3-0-ca4a4865db00@linaro.org > > Changes in v3: > - Add manpage for genguid > - Add dedicated CONFIG_TOOLS_GENGUID option > - Minor code fixes addressing v2 feedback > - Link to v2: https://lore.kernel.org/r/20240529-b4-dynamic-uuid-v2-0-c26f31057bbe@linaro.org > > Changes in v2: > - Move namespace UUID to be defined in defconfig > - Add tests and tooling > - Only use the first board compatible to generate UUID. > - Link to v1: https://lore.kernel.org/r/20240426-b4-dynamic-uuid-v1-0-e8154e00ec44@linaro.org > > --- > Caleb Connolly (11): > efi: define struct efi_guid > lib: uuid: add UUID v5 support > efi: add a helper to generate dynamic UUIDs > doc: uefi: document dynamic UUID generation > sandbox: switch to dynamic UUIDs > lib: uuid: supporting building as part of host tools > include: export uuid.h > tools: mkeficapsule: use u-boot UUID library > tools: mkeficapsule: support generating dynamic GUIDs > test: lib/uuid: add unit tests for dynamic UUIDs > test: lib/uuid: add tests for UUID version/variant bits > > arch/arm/mach-rockchip/board.c | 2 +- > board/cobra5272/flash.c | 2 +- > board/gardena/smart-gateway-mt7688/board.c | 2 +- > board/sandbox/sandbox.c | 16 -- > board/socrates/socrates.c | 2 +- > board/xilinx/common/board.c | 2 +- > cmd/efi.c | 2 +- > cmd/efi_common.c | 2 +- > cmd/flash.c | 2 +- > cmd/gpt.c | 2 +- > cmd/nvedit_efi.c | 2 +- > cmd/x86/hob.c | 2 +- > common/flash.c | 2 +- > disk/part_efi.c | 2 +- > doc/develop/uefi/uefi.rst | 27 +++ > doc/mkeficapsule.1 | 23 +++ > drivers/firmware/arm-ffa/arm-ffa-uclass.c | 2 +- > env/sf.c | 2 +- > fs/btrfs/btrfs.c | 2 +- > fs/btrfs/compat.h | 2 +- > fs/btrfs/disk-io.c | 2 +- > fs/ext4/ext4fs.c | 2 +- > include/efi.h | 2 +- > include/fwu.h | 2 +- > include/part.h | 2 +- > include/rkmtd.h | 2 +- > include/sandbox_efi_capsule.h | 6 +- > include/{ => u-boot}/uuid.h | 21 ++- > lib/Kconfig | 1 + > lib/acpi/acpi_dp.c | 2 +- > lib/acpi/acpigen.c | 2 +- > lib/efi/efi_app.c | 2 +- > lib/efi_loader/Kconfig | 12 ++ > lib/efi_loader/efi_capsule.c | 1 + > lib/efi_loader/efi_device_path.c | 2 +- > lib/efi_loader/efi_firmware.c | 52 +++++ > lib/efi_loader/efi_variable.c | 2 +- > lib/fwu_updates/fwu_mtd.c | 2 +- > lib/uuid.c | 102 +++++++--- > lib/vsprintf.c | 2 +- > net/bootp.c | 2 +- > test/dm/acpi_dp.c | 2 +- > test/dm/acpigen.c | 2 +- > test/lib/uuid.c | 120 +++++++++++- > .../test_efi_capsule/test_capsule_firmware_fit.py | 2 +- > .../test_efi_capsule/test_capsule_firmware_raw.py | 8 +- > .../test_capsule_firmware_signed_fit.py | 2 +- > .../test_capsule_firmware_signed_raw.py | 4 +- > test/py/tests/test_efi_capsule/version.dts | 6 +- > tools/Makefile | 8 +- > tools/binman/etype/efi_capsule.py | 2 +- > tools/binman/ftest.py | 2 +- > tools/eficapsule.h | 2 +- > tools/mkeficapsule.c | 209 ++++++++++++++++----- > 54 files changed, 544 insertions(+), 148 deletions(-) > --- > change-id: 20240422-b4-dynamic-uuid-1a5ab1486c27 > base-commit: c717871c07fb36f13806ef5351d858a72a811d95 > > // Caleb (they/them) >