[RESEND RFC PATCH 03/10] FWU: Add metadata structure and functions for accessing metadata
Sughosh Ganu
sughosh.ganu at linaro.org
Wed Dec 1 06:36:05 CET 2021
On Tue, 30 Nov 2021 at 18:33, Heinrich Schuchardt <xypron.glpk at gmx.de>
wrote:
> On 11/25/21 08:12, Sughosh Ganu wrote:
> > In the FWU Multi Bank Update feature, the information about the
> > updatable images is stored as part of the metadata, which is stored on
> > a dedicated partition. Add the metadata structure, and functions to
> > access the metadata. These are generic API's, and implementations can
> > be added based on parameters like how the metadata partition is
> > accessed and what type of storage device houses the metadata.
> >
> > Signed-off-by: Sughosh Ganu <sughosh.ganu at linaro.org>
> > ---
> > include/fwu_metadata.h | 125 +++++++++++++++
> > lib/fwu_updates/fwu_metadata.c | 275 +++++++++++++++++++++++++++++++++
> > 2 files changed, 400 insertions(+)
> > create mode 100644 include/fwu_metadata.h
> > create mode 100644 lib/fwu_updates/fwu_metadata.c
> >
> > diff --git a/include/fwu_metadata.h b/include/fwu_metadata.h
> > new file mode 100644
> > index 0000000000..e692ef7506
> > --- /dev/null
> > +++ b/include/fwu_metadata.h
> > @@ -0,0 +1,125 @@
> > +/* SPDX-License-Identifier: GPL-2.0+ */
> > +/*
> > + * Copyright (c) 2021, Linaro Limited
> > + */
> > +
> > +#if !defined _FWU_METADATA_H_
> > +#define _FWU_METADATA_H_
> > +
> > +#include <blk.h>
> > +#include <efi.h>
> > +#include <uuid.h>
> > +
> > +#include <linux/types.h>
> > +
> > +/**
> > + * struct fwu_image_bank_info - firmware image information
> > + * @image_uuid: Guid value of the image in this bank
> > + * @accepted: Acceptance status of the image
> > + * @reserved: Reserved
> > + *
> > + * The structure contains image specific fields which are
> > + * used to identify the image and to specify the image's
> > + * acceptance status
> > + */
> > +struct fwu_image_bank_info {
> > + efi_guid_t image_uuid;
> > + u32 accepted;
> > + u32 reserved;
> > +};
> > +
> > +/**
> > + * struct fwu_image_entry - information for a particular type of image
> > + * @image_type_uuid: Guid value for identifying the image type
> > + * @location_uuid: Guid of the storage volume where the image is located
> > + * @img_bank_info: Array containing properties of images
> > + *
> > + * This structure contains information on various types of updatable
> > + * firmware images. Each image type then contains an array of image
> > + * information per bank.
> > + */
> > +struct fwu_image_entry {
> > + efi_guid_t image_type_uuid;
> > + efi_guid_t location_uuid;
> > + struct fwu_image_bank_info img_bank_info[CONFIG_FWU_NUM_BANKS];
> > +};
> > +
> > +/**
> > + * struct fwu_metadata - Metadata structure for multi-bank updates
> > + * @crc32: crc32 value for the metadata
> > + * @version: Metadata version
> > + * @active_index: Index of the bank currently used for booting images
> > + * @previous_active_inde: Index of the bank used before the current bank
> > + * being used for booting
> > + * @img_entry: Array of information on various firmware images that can
> > + * be updated
> > + *
> > + * This structure is used to store all the needed information for
> performing
> > + * multi bank updates on the platform. This contains info on the bank
> being
> > + * used to boot along with the information needed for identification of
> > + * individual images
> > + */
> > +struct fwu_metadata {
> > + u32 crc32;
> > + u32 version;
> > + u32 active_index;
> > + u32 previous_active_index;
> > +
> > + struct fwu_image_entry img_entry[CONFIG_FWU_NUM_IMAGES_PER_BANK];
> > +};
> > +
> > +/**
> > + * @get_active_index: get the current active_index value
> > + * @update_active_index: update the active_index value
> > + * @fill_partition_guid_array: fill the array with guid values of the
> > + * partitions found on the storage media
> > + * @get_image_alt_num: get the alt number to be used for the image
> > + * @metadata_check: check the validity of the metadata partitions
> > + * @revert_boot_index: set the active_index to previous_active_index
> > + * @set_accept_image: set the accepted bit for the image
> > + * @clear_accept_image: clear the accepted bit for the image
> > + * @get_metadata() - Get a metadata copy
> > + */
> > +struct fwu_metadata_ops {
> > + int (*get_active_index)(u32 *active_idx);
> > +
> > + int (*update_active_index)(u32 active_idx);
> > +
> > + int (*fill_partition_guid_array)(efi_guid_t **part_guid_arr,
> > + u32 *nparts);
> > +
> > + int (*get_image_alt_num)(efi_guid_t image_type_id, u32 update_bank,
> > + int *alt_num);
> > +
> > + int (*metadata_check)(void);
> > +
> > + int (*revert_boot_index)(u32 *active_idx);
> > +
> > + int (*set_accept_image)(efi_guid_t *img_type_id);
> > +
> > + int (*clear_accept_image)(efi_guid_t *img_type_id, u32 bank);
> > +
> > + int (*get_metadata)(struct fwu_metadata **metadata);
> > +};
> > +
> > +#define FWU_METADATA_GUID \
> > + EFI_GUID(0x8a7a84a0, 0x8387, 0x40f6, 0xab, 0x41, \
> > + 0xa8, 0xb9, 0xa5, 0xa6, 0x0d, 0x23)
> > +
> > +#define FWU_METADATA_VERSION 0x1
> > +
> > +extern struct fwu_metadata_ops fwu_gpt_blk_ops;
> > +
> > +struct fwu_metadata_ops *get_plat_fwu_metadata_ops(void);
> > +int fwu_get_active_index(u32 *active_idx);
> > +int fwu_update_active_index(u32 active_idx);
> > +int fwu_fill_partition_guid_array(efi_guid_t **part_guid_arr, u32
> *nparts);
> > +int fwu_get_image_alt_num(efi_guid_t image_type_id, u32 update_bank,
> > + int *alt_num);
> > +int fwu_metadata_check(void);
> > +int fwu_revert_boot_index(u32 *active_idx);
> > +int fwu_accept_image(efi_guid_t *img_type_id);
> > +int fwu_clear_accept_image(efi_guid_t *img_type_id, u32 bank);
> > +int fwu_get_metadata(struct fwu_metadata **metadata);
> > +
> > +#endif /* _FWU_METADATA_H_ */
> > diff --git a/lib/fwu_updates/fwu_metadata.c
> b/lib/fwu_updates/fwu_metadata.c
> > new file mode 100644
> > index 0000000000..ebc3eaa04a
> > --- /dev/null
> > +++ b/lib/fwu_updates/fwu_metadata.c
> > @@ -0,0 +1,275 @@
> > +// SPDX-License-Identifier: GPL-2.0+
> > +/*
> > + * Copyright (c) 2021, Linaro Limited
> > + */
> > +
> > +#include <fwu_metadata.h>
> > +
> > +#include <linux/errno.h>
> > +#include <linux/types.h>
> > +
> > +static inline struct fwu_metadata_ops *get_fwu_metadata_ops(void)
> > +{
> > + return get_plat_fwu_metadata_ops();
> > +}
> > +
> > +/**
> > + * fwu_get_active_index() - Get active_index from the metadata
> > + * @active_idx: active_index value to be read
> > + *
> > + * Read the active_index field from the metadata and place it in
> > + * the variable pointed to be the function argument.
> > + *
> > + * Return: 0 if OK, -ve on error
> > + *
> > + */
> > +int fwu_get_active_index(u32 *active_idx)
> > +{
> > + struct fwu_metadata_ops *ops;
> > +
> > + ops = get_fwu_metadata_ops();
> > + if (!ops) {
> > + log_err("Unable to get fwu ops\n");
> > + return -EPROTONOSUPPORT;
> > + }
> > +
> > + if (!ops->get_active_index) {
> > + log_err("get_active_index() method not defined for the
> platform\n");
> > + return -ENOSYS;
> > + }
> > +
> > + return ops->get_active_index(active_idx);
> > +}
> > +
> > +/**
> > + * fwu_update_active_index() - Update active_index from the metadata
> > + * @active_idx: active_index value to be updated
> > + *
> > + * Update the active_index field in the metadata
> > + *
> > + * Return: 0 if OK, -ve on error
> > + *
> > + */
> > +int fwu_update_active_index(u32 active_idx)
> > +{
> > + struct fwu_metadata_ops *ops;
> > +
> > + ops = get_fwu_metadata_ops();
> > + if (!ops) {
> > + log_err("Unable to get fwu ops\n");
> > + return -EPROTONOSUPPORT;
> > + }
> > +
> > + if (!ops->update_active_index) {
> > + log_err("update_active_index() method not defined for the
> platform\n");
> > + return -ENOSYS;
> > + }
> > +
> > + return ops->update_active_index(active_idx);
> > +}
> > +
> > +/**
> > + * fwu_fill_partition_guid_array() - Fill the part_guid_arr array with
> the guid's of
> > + * the partitions
> > + * @part_guid_arr: array of partition guid's
> > + * @nparts: Number of gpt partitions on the device
> > + *
> > + * Get the information on the partition guid's, filling the array with
> the guid
> > + * values and also the number of partitions.
> > + *
> > + * Return: 0 if OK, -ve on error
> > + *
> > + */
> > +int fwu_fill_partition_guid_array(efi_guid_t **part_guid_arr, u32
> *nparts)
> > +{
> > + struct fwu_metadata_ops *ops;
> > +
> > + ops = get_fwu_metadata_ops();
> > + if (!ops) {
> > + log_err("Unable to get fwu ops\n");
> > + return -EPROTONOSUPPORT;
> > + }
> > +
> > + if (!ops->fill_partition_guid_array) {
> > + log_err("fill_partition_guid_array() method not defined
> for the platform\n");
> > + return -ENOSYS;
> > + }
> > +
> > + return ops->fill_partition_guid_array(part_guid_arr, nparts);
> > +}
> > +
> > +/**
> > + * fwu_get_image_alt_num() - Get the dfu alt number to be used for
> capsule update
> > + * @image_type_id: image guid as passed in the capsule
> > + * @update_bank: Bank to which the update is to be made
> > + * @alt_num: The alt_num for the image
> > + *
> > + * Based on the guid value passed in the capsule, along with the bank
> to which the
> > + * image needs to be updated, get the dfu alt number which will be used
> for the
> > + * capsule update
> > + *
> > + * Return: 0 if OK, -ve on error
> > + *
> > + */
> > +int fwu_get_image_alt_num(efi_guid_t image_type_id, u32 update_bank,
> > + int *alt_num)
> > +{
> > + struct fwu_metadata_ops *ops;
>
> The metadata is an untrusted information source and hence MUST NOT be
> used to map the image_type_id to the DFU alt_number. Don't invite for an
> denial of service attack.
>
> The signed capsule would be a good place for storing the DFU mapping.
>
I understand your concern with using dfu_alt_info for storing the
information needed for writing the capsule payload. However, putting the
information currently stored on the dfu_alt_info on a capsule should
require a spec change IMO. This should first be discussed and brought in as
part of the UEFI spec. Also, when you say signed capsule, please note not
the entire capsule gets signed -- it is only the capsule payloads that are
signed, not the headers. So putting the information currently stored in dfu
env var to the capsule would mean adding a header to the payload, which
would contain this information, and then the header plus payload would be
signed. However this is implemented, this would mean changes to the current
capsule format, and making this change without changing the spec would also
mean that we will also not be able to use the GenerateCapsule tool for
capsule generation. This is not a small change which can be included as a
patch in the FWU A/B update series, but should be taken up as a separate
exercise.
-sughosh
> Best regards
>
> Heinrich
>
>
> > +
> > + ops = get_fwu_metadata_ops();
> > + if (!ops) {
> > + log_err("Unable to get fwu ops\n");
> > + return -EPROTONOSUPPORT;
> > + }
> > +
> > + if (!ops->get_image_alt_num) {
> > + log_err("get_image_alt_num() method not defined for the
> platform\n");
> > + return -ENOSYS;
> > + }
> > +
> > + return ops->get_image_alt_num(image_type_id, update_bank, alt_num);
> > +}
> > +
> > +/**
> > + * fwu_metadata_check() - Check if the metadata is valid
> > + *
> > + * Validate both copies of metadata. If one of the copies
> > + * has gone bad, restore it from the other bad copy.
> > + *
> > + * Return: 0 if OK, -ve on error
> > + *
> > + */
> > +int fwu_metadata_check(void)
> > +{
> > + struct fwu_metadata_ops *ops;
> > +
> > + ops = get_fwu_metadata_ops();
> > + if (!ops) {
> > + log_err("Unable to get fwu ops\n");
> > + return -EPROTONOSUPPORT;
> > + }
> > +
> > + if (!ops->metadata_check) {
> > + log_err("metadata_check() method not defined for the
> platform\n");
> > + return -ENOSYS;
> > + }
> > +
> > + return ops->metadata_check();
> > +}
> > +
> > +/**
> > + * fwu_revert_boot_index() - Revert the active index in the metadata
> > + * @active_idx: Value of the updated active_index
> > + *
> > + * Revert the active_index value in the metadata, by swapping the values
> > + * of active_index and previous_active_index in both copies of the
> > + * metadata.
> > + *
> > + * Return: 0 if OK, -ve on error
> > + *
> > + */
> > +int fwu_revert_boot_index(u32 *active_idx)
> > +{
> > + struct fwu_metadata_ops *ops;
> > +
> > + ops = get_fwu_metadata_ops();
> > + if (!ops) {
> > + log_err("Unable to get fwu ops\n");
> > + return -EPROTONOSUPPORT;
> > + }
> > +
> > + if (!ops->revert_boot_index) {
> > + log_err("revert_boot_index() method not defined for the
> platform\n");
> > + return -ENOSYS;
> > + }
> > +
> > + return ops->revert_boot_index(active_idx);
> > +}
> > +
> > +/**
> > + * fwu_accept_image() - Set the Acceptance bit for the image
> > + * @img_type_id: Guid of the image type for which the accepted bit is
> to be
> > + * cleared
> > + *
> > + * Set the accepted bit for the image specified by the img_guid
> parameter. This
> > + * indicates acceptance of image for subsequent boots by some governing
> component
> > + * like OS(or firmware).
> > + *
> > + * Return: 0 if OK, -ve on error
> > + *
> > + */
> > +int fwu_accept_image(efi_guid_t *img_type_id)
> > +{
> > + struct fwu_metadata_ops *ops;
> > +
> > + ops = get_fwu_metadata_ops();
> > + if (!ops) {
> > + log_err("Unable to get fwu ops\n");
> > + return -EPROTONOSUPPORT;
> > + }
> > +
> > + if (!ops->set_accept_image) {
> > + log_err("set_accept_image() method not defined for the
> platform\n");
> > + return -ENOSYS;
> > + }
> > +
> > + return ops->set_accept_image(img_type_id);
> > +}
> > +
> > +/**
> > + * fwu_clear_accept_image() - Clear the Acceptance bit for the image
> > + * @img_type_id: Guid of the image type for which the accepted bit is
> to be
> > + * cleared
> > + *
> > + * Clear the accepted bit for the image type specified by the
> img_type_id parameter.
> > + * This function is called after the image has been updated. The
> accepted bit is
> > + * cleared to be set subsequently after passing the image acceptance
> criteria, by
> > + * either the OS(or firmware)
> > + *
> > + * Return: 0 if OK, -ve on error
> > + *
> > + */
> > +int fwu_clear_accept_image(efi_guid_t *img_type_id, u32 bank)
> > +{
> > + struct fwu_metadata_ops *ops;
> > +
> > + ops = get_fwu_metadata_ops();
> > + if (!ops) {
> > + log_err("Unable to get fwu ops\n");
> > + return -EPROTONOSUPPORT;
> > + }
> > +
> > + if (!ops->clear_accept_image) {
> > + log_err("clear_accept_image() method not defined for the
> platform\n");
> > + return -ENOSYS;
> > + }
> > +
> > + return ops->clear_accept_image(img_type_id, bank);
> > +}
> > +
> > +/**
> > + * fwu_get_metadata() - Get a metadata copy
> > + * @metadata: Copy of the metadata
> > + *
> > + * Get a valid copy of the metadata.
> > + *
> > + * Return: 0 if OK, -ve on error
> > + *
> > + */
> > +int fwu_get_metadata(struct fwu_metadata **metadata)
> > +{
> > + struct fwu_metadata_ops *ops;
> > +
> > + ops = get_fwu_metadata_ops();
> > + if (!ops) {
> > + log_err("Unable to get fwu ops\n");
> > + return -EPROTONOSUPPORT;
> > + }
> > +
> > + if (!ops->get_metadata) {
> > + log_err("get_metadata() method not defined for the
> platform\n");
> > + return -ENOSYS;
> > + }
> > +
> > + return ops->get_metadata(metadata);
> > +}
> >
>
>
More information about the U-Boot
mailing list