[PATCH] efi_loader: set CapsuleMax from CONFIG_EFI_CAPSULE_MAX

Heinrich Schuchardt xypron.glpk at gmx.de
Thu Feb 16 17:48:32 CET 2023 

On 2/16/23 17:30, Etienne Carriere wrote:
> Adds CONFIG_EFI_CAPSULE_MAX to configure the max index value used in
> EFI capsule reports. The config default value is 65535 as the index max
> value used before this change. Platforms with limited storage capacity
> can set a lower configuration value to prevent storage capacity
> overflow or even waste of storage space.
>
> Signed-off-by: Etienne Carriere <etienne.carriere at linaro.org>
> ---
>   lib/efi_loader/Kconfig       |  8 ++++++
>   lib/efi_loader/efi_capsule.c | 48 +++++++++++++++++++++++++-----------
>   lib/efi_loader/efi_setup.c   |  7 +++++-
>   3 files changed, 48 insertions(+), 15 deletions(-)
>
> diff --git a/lib/efi_loader/Kconfig b/lib/efi_loader/Kconfig
> index c56904afc2..69bb66e09c 100644
> --- a/lib/efi_loader/Kconfig
> +++ b/lib/efi_loader/Kconfig
> @@ -226,6 +226,14 @@ config EFI_CAPSULE_AUTHENTICATE
>   	  Select this option if you want to enable capsule
>   	  authentication
>
> +config EFI_CAPSULE_MAX
> +	int "Max value for capsule index"
> +	default 65535

This number of variables does not fit into any variable store.
CONFIG_EFI_VAR_BUF_SIZE defaults to 16 KiB. A maximum of 16 coexisting
Capsule#### variables would be a reasonable number. As there seems to be
no process that deletes Capsule####, please, default to 15.

Best regards

Heinrich


> +	range 0 65535
> +	help
> +	  Select the max capsule index value used for capsule report
> +	  variables. This value is used to create CapsuleMax variable.
> +
>   config EFI_DEVICE_PATH_TO_TEXT
>   	bool "Device path to text protocol"
>   	default y
> diff --git a/lib/efi_loader/efi_capsule.c b/lib/efi_loader/efi_capsule.c
> index 0997cd248f..d5d3ede7ae 100644
> --- a/lib/efi_loader/efi_capsule.c
> +++ b/lib/efi_loader/efi_capsule.c
> @@ -45,17 +45,7 @@ const efi_guid_t fwu_guid_os_request_fw_accept =
>   static struct efi_file_handle *bootdev_root;
>   #endif
>
> -/**
> - * get_last_capsule - get the last capsule index
> - *
> - * Retrieve the index of the capsule invoked last time from "CapsuleLast"
> - * variable.
> - *
> - * Return:
> - * * > 0	- the last capsule index invoked
> - * * 0xffff	- on error, or no capsule invoked yet
> - */
> -static __maybe_unused unsigned int get_last_capsule(void)
> +static __maybe_unused unsigned int get_capsule_index(const u16 *variable_name)
>   {
>   	u16 value16[11]; /* "CapsuleXXXX": non-null-terminated */
>   	char value[5];
> @@ -65,7 +55,7 @@ static __maybe_unused unsigned int get_last_capsule(void)
>   	int i;
>
>   	size = sizeof(value16);
> -	ret = efi_get_variable_int(u"CapsuleLast", &efi_guid_capsule_report,
> +	ret = efi_get_variable_int(variable_name, &efi_guid_capsule_report,
>   				   NULL, &size, value16, NULL);
>   	if (ret != EFI_SUCCESS || size != 22 ||
>   	    u16_strncmp(value16, u"Capsule", 7))
> @@ -84,6 +74,35 @@ err:
>   	return index;
>   }
>
> +/**
> + * get_last_capsule - get the last capsule index
> + *
> + * Retrieve the index of the capsule invoked last time from "CapsuleLast"
> + * variable.
> + *
> + * Return:
> + * * > 0	- the last capsule index invoked
> + * * 0xffff	- on error, or no capsule invoked yet
> + */
> +static __maybe_unused unsigned int get_last_capsule(void)
> +{
> +	return get_capsule_index(u"CapsuleLast");
> +}
> +
> +/**
> + * get_max_capsule - get the max capsule index
> + *
> + * Retrieve the max capsule index value from "CapsuleMax" variable.
> + *
> + * Return:
> + * * > 0	- the max capsule index
> + * * 0xffff	- on error, or "CapsuleMax" variable does not exist
> + */
> +static __maybe_unused unsigned int get_max_capsule(void)
> +{
> +	return get_capsule_index(u"CapsuleMax");
> +}
> +
>   /**
>    * set_capsule_result - set a result variable
>    * @capsule:		Capsule
> @@ -1290,7 +1309,7 @@ efi_status_t efi_launch_capsules(void)
>   {
>   	struct efi_capsule_header *capsule = NULL;
>   	u16 **files;
> -	unsigned int nfiles, index, i;
> +	unsigned int nfiles, index, index_max, i;
>   	efi_status_t ret;
>   	bool capsule_update = true;
>   	bool update_status = true;
> @@ -1299,6 +1318,7 @@ efi_status_t efi_launch_capsules(void)
>   	if (check_run_capsules() != EFI_SUCCESS)
>   		return EFI_SUCCESS;
>
> +	index_max = get_max_capsule();
>   	index = get_last_capsule();
>
>   	/*
> @@ -1317,7 +1337,7 @@ efi_status_t efi_launch_capsules(void)
>   	/* Launch capsules */
>   	for (i = 0, ++index; i < nfiles; i++, index++) {
>   		log_debug("Applying %ls\n", files[i]);
> -		if (index > 0xffff)
> +		if (index > index_max)
>   			index = 0;
>   		ret = efi_capsule_read_file(files[i], &capsule);
>   		if (ret == EFI_SUCCESS) {
> diff --git a/lib/efi_loader/efi_setup.c b/lib/efi_loader/efi_setup.c
> index f0f01d3b1d..04da4cf14d 100644
> --- a/lib/efi_loader/efi_setup.c
> +++ b/lib/efi_loader/efi_setup.c
> @@ -129,12 +129,17 @@ static efi_status_t efi_init_capsule(void)
>   	efi_status_t ret = EFI_SUCCESS;
>
>   	if (IS_ENABLED(CONFIG_EFI_HAVE_CAPSULE_SUPPORT)) {
> +		u16 var_name16[12];
> +
> +		efi_create_indexed_name(var_name16, sizeof(var_name16),
> +					"Capsule", CONFIG_EFI_CAPSULE_MAX);
> +
>   		ret = efi_set_variable_int(u"CapsuleMax",
>   					   &efi_guid_capsule_report,
>   					   EFI_VARIABLE_READ_ONLY |
>   					   EFI_VARIABLE_BOOTSERVICE_ACCESS |
>   					   EFI_VARIABLE_RUNTIME_ACCESS,
> -					   22, u"CapsuleFFFF", false);
> +					   22, var_name16, false);
>   		if (ret != EFI_SUCCESS)
>   			printf("EFI: cannot initialize CapsuleMax variable\n");
>   	}

More information about the U-Boot mailing list