[PATCH v8 03/13] FWU: Add FWU metadata access driver for GPT partitioned block devices
Sughosh Ganu
sughosh.ganu at linaro.org
Thu Aug 18 13:38:53 CEST 2022
hi Simon,
On Thu, 18 Aug 2022 at 08:51, Simon Glass <sjg at chromium.org> wrote:
>
> Hi Sughosh,
>
> On Wed, 17 Aug 2022 at 06:44, Sughosh Ganu <sughosh.ganu at linaro.org> wrote:
> >
> > In the FWU Multi Bank Update feature, the information about the
> > updatable images is stored as part of the metadata, on a separate
> > partition. Add a driver for reading from and writing to the metadata
> > when the updatable images and the metadata are stored on a block
> > device which is formated with GPT based partition scheme.
> >
> > Signed-off-by: Sughosh Ganu <sughosh.ganu at linaro.org>
> > Reviewed-by: Patrick Delaunay <patrick.delaunay at foss.st.com>
> > ---
> > Changes since V7: None
> >
> > drivers/fwu-mdata/Kconfig | 9 +
> > drivers/fwu-mdata/Makefile | 1 +
> > drivers/fwu-mdata/fwu_mdata_gpt_blk.c | 410 ++++++++++++++++++++++++++
> > include/fwu.h | 5 +
> > 4 files changed, 425 insertions(+)
> > create mode 100644 drivers/fwu-mdata/fwu_mdata_gpt_blk.c
> >
> > diff --git a/drivers/fwu-mdata/Kconfig b/drivers/fwu-mdata/Kconfig
> > index d6a21c8e19..d5edef19d6 100644
> > --- a/drivers/fwu-mdata/Kconfig
> > +++ b/drivers/fwu-mdata/Kconfig
> > @@ -5,3 +5,12 @@ config DM_FWU_MDATA
> > Enable support for accessing FWU Metadata partitions. The
> > FWU Metadata partitions reside on the same storage device
> > which contains the other FWU updatable firmware images.
>
> Can we link to the docs here, or will it be easy for people to find in
> the U-Boot docs?
The link to the spec is being provided in the documentation for the
feature. I guess that should suffice.
>
> > +
> > +config FWU_MDATA_GPT_BLK
> > + bool "FWU Metadata access for GPT partitioned Block devices"
> > + select PARTITION_TYPE_GUID
> > + select PARTITION_UUIDS
> > + depends on DM && HAVE_BLOCK_DEVICE && EFI_PARTITION
> > + help
> > + Enable support for accessing FWU Metadata on GPT partitioned
> > + block devices.
>
> GPT-partitioned (I think)
I see "GPT partition" being used elsewhere. I don't have a strong
opinion on this though.
>
> > diff --git a/drivers/fwu-mdata/Makefile b/drivers/fwu-mdata/Makefile
> > index e53a8c9983..313049f67a 100644
> > --- a/drivers/fwu-mdata/Makefile
> > +++ b/drivers/fwu-mdata/Makefile
> > @@ -4,3 +4,4 @@
> > #
> >
> > obj-$(CONFIG_DM_FWU_MDATA) += fwu-mdata-uclass.o
> > +obj-$(CONFIG_FWU_MDATA_GPT_BLK) += fwu_mdata_gpt_blk.o
> > diff --git a/drivers/fwu-mdata/fwu_mdata_gpt_blk.c b/drivers/fwu-mdata/fwu_mdata_gpt_blk.c
>
> Perhaps just call it gpt_blk.c since it is in this directory
Actually, there are both type of examples that can be seen under
drivers/. For e.g. the drivers/clk/ has all files starting with clk_*.
Similarly, under drivers/reset/. But there are other examples as well.
But this is not a big effort. I will change the name as per your
suggestion.
>
> > new file mode 100644
> > index 0000000000..f694c4369b
> > --- /dev/null
> > +++ b/drivers/fwu-mdata/fwu_mdata_gpt_blk.c
> > @@ -0,0 +1,410 @@
> > +// SPDX-License-Identifier: GPL-2.0-or-later
> > +/*
> > + * Copyright (c) 2022, Linaro Limited
> > + */
> > +
> > +#define LOG_CATEGORY UCLASS_FWU_MDATA
> > +
> > +#include <blk.h>
> > +#include <dm.h>
> > +#include <efi_loader.h>
> > +#include <fwu.h>
> > +#include <fwu_mdata.h>
> > +#include <log.h>
> > +#include <malloc.h>
> > +#include <memalign.h>
> > +#include <part.h>
> > +#include <part_efi.h>
> > +
> > +#include <dm/device-internal.h>
> > +#include <linux/errno.h>
> > +#include <linux/types.h>
> > +#include <u-boot/crc.h>
> > +
> > +#define PRIMARY_PART BIT(0)
> > +#define SECONDARY_PART BIT(1)
> > +#define BOTH_PARTS (PRIMARY_PART | SECONDARY_PART)
> > +
> > +#define MDATA_READ BIT(0)
> > +#define MDATA_WRITE BIT(1)
> > +
>
> comment?
Umm, is the macro name not descriptive enough? They are just being
used to select a read or write operation.
>
> > +static int gpt_get_mdata_partitions(struct blk_desc *desc,
> > + u16 *primary_mpart,
> > + u16 *secondary_mpart)
>
> Should use uint, no need to select a 16-bit var so far as I can get
Okay
>
> > +{
> > + int i, ret;
> > + u32 mdata_parts;
> > + efi_guid_t part_type_guid;
> > + struct disk_partition info;
> > + const efi_guid_t fwu_mdata_guid = FWU_MDATA_GUID;
> > +
> > + mdata_parts = 0;
> > + for (i = 1; i < MAX_SEARCH_PARTITIONS; i++) {
> > + if (part_get_info(desc, i, &info))
> > + continue;
> > + uuid_str_to_bin(info.type_guid, part_type_guid.b,
> > + UUID_STR_FORMAT_GUID);
> > +
> > + if (!guidcmp(&fwu_mdata_guid, &part_type_guid)) {
> > + ++mdata_parts;
> > + if (!*primary_mpart)
> > + *primary_mpart = i;
> > + else
> > + *secondary_mpart = i;
> > + }
> > + }
> > +
> > + if (mdata_parts != 2) {
> > + log_err("Expect two copies of the FWU metadata instead of %d\n",
> > + mdata_parts);
> > + ret = -EINVAL;
> > + } else {
> > + ret = 0;
> > + }
> > +
> > + return ret;
> > +}
> > +
> > +static int gpt_get_mdata_disk_part(struct blk_desc *desc,
> > + struct disk_partition *info,
> > + u32 part_num)
> > +{
> > + int ret;
> > + char *mdata_guid_str = "8a7a84a0-8387-40f6-ab41-a8b9a5a60d23";
>
> This is fine, but I wonder if it should that go in a header with all
> the other GUIDs? Or does it go hear because it is a string?
Yes, this is because it is a string
>
> > +
> > + ret = part_get_info(desc, part_num, info);
> > + if (ret < 0) {
> > + log_err("Unable to get the partition info for the FWU metadata part %d",
> > + part_num);
> > + return -1;
> > + }
> > +
> > + /* Check that it is indeed the FWU metadata partition */
> > + if (!strncmp(info->type_guid, mdata_guid_str, UUID_STR_LEN)) {
> > + /* Found the FWU metadata partition */
> > + return 0;
> > + }
> > +
> > + return -1;
> > +}
> > +
> > +static int gpt_read_write_mdata(struct blk_desc *desc,
> > + struct fwu_mdata *mdata,
> > + u8 access, u32 part_num)
> > +{
> > + int ret;
> > + u32 len, blk_start, blkcnt;
> > + struct disk_partition info;
> > +
> > + ALLOC_CACHE_ALIGN_BUFFER_PAD(struct fwu_mdata, mdata_aligned, 1,
> > + desc->blksz);
> > +
> > + ret = gpt_get_mdata_disk_part(desc, &info, part_num);
> > + if (ret < 0) {
> > + printf("Unable to get the FWU metadata partition\n");
> > + return -ENODEV;
>
> How about -ENOENT ?
>
> There is a device, so we cannot use -ENODEV
>
> Please fix below too
Okay
>
> > + }
> > +
> > + len = sizeof(*mdata);
> > + blkcnt = BLOCK_CNT(len, desc);
> > + if (blkcnt > info.size) {
> > + log_err("Block count exceeds FWU metadata partition size\n");
> > + return -ERANGE;
> > + }
> > +
> > + blk_start = info.start;
> > + if (access == MDATA_READ) {
> > + if (blk_dread(desc, blk_start, blkcnt, mdata_aligned) != blkcnt) {
> > + log_err("Error reading FWU metadata from the device\n");
> > + return -EIO;
> > + }
> > + memcpy(mdata, mdata_aligned, sizeof(struct fwu_mdata));
> > + } else {
> > + if (blk_dwrite(desc, blk_start, blkcnt, mdata) != blkcnt) {
> > + log_err("Error writing FWU metadata to the device\n");
> > + return -EIO;
> > + }
> > + }
> > +
> > + return 0;
> > +}
> > +
> > +static int gpt_read_mdata(struct blk_desc *desc,
> > + struct fwu_mdata *mdata, u32 part_num)
> > +{
> > + return gpt_read_write_mdata(desc, mdata, MDATA_READ, part_num);
> > +}
> > +
> > +static int gpt_write_mdata_partition(struct blk_desc *desc,
> > + struct fwu_mdata *mdata,
> > + u32 part_num)
> > +{
> > + return gpt_read_write_mdata(desc, mdata, MDATA_WRITE, part_num);
> > +}
> > +
> > +static int fwu_gpt_update_mdata(struct udevice *dev, struct fwu_mdata *mdata)
> > +{
> > + int ret;
> > + struct blk_desc *desc;
> > + u16 primary_mpart = 0, secondary_mpart = 0;
>
> uint
Okay
>
> > + struct fwu_mdata_gpt_blk_priv *priv = dev_get_priv(dev);
> > +
> > + desc = dev_get_uclass_plat(priv->blk_dev);
> > + if (!desc) {
> > + log_err("Block device not found\n");
> > + return -ENODEV;
>
> This cannot happen, drop this if()
Okay
>
> > + }
> > +
> > + ret = gpt_get_mdata_partitions(desc, &primary_mpart,
> > + &secondary_mpart);
> > +
>
> drop blank line so the error check is next to the thing that reads it
Will fix
>
> > + if (ret < 0) {
> > + log_err("Error getting the FWU metadata partitions\n");
> > + return -ENODEV;
> > + }
> > +
> > + /* First write the primary partition*/
>
> space before */
Will fix
>
> > + ret = gpt_write_mdata_partition(desc, mdata, primary_mpart);
> > + if (ret < 0) {
> > + log_err("Updating primary FWU metadata partition failed\n");
>
> This is very error-heavy. The log_err() things produce a string in the
> code so this ends up being very large. Is that what you want? If these
> things can happen in the real world and users need to debug them, then
> I suppose it is OK. But normally with driver model we report errors in
> the command code, or the logic, not in drivers themselves. Otherwise
> when you write tests you get lots of confusing error output that needs
> to be ignored.
I see your point, but in this specific case, it is only the driver
which will be able to tell about the error in some detail. I can
change this to a log_debug if you so wish. Although I do see quite a
few instances of log_err being used in the driver code as well.
>
> > + return ret;
> > + }
> > +
> > + /* And now the replica */
> > + ret = gpt_write_mdata_partition(desc, mdata, secondary_mpart);
> > + if (ret < 0) {
> > + log_err("Updating secondary FWU metadata partition failed\n");
> > + return ret;
> > + }
> > +
> > + return 0;
> > +}
> > +
> > +static int gpt_get_mdata(struct blk_desc *desc, struct fwu_mdata **mdata)
>
> mdatap
Okay
>
> > +{
> > + int ret;
> > + u16 primary_mpart = 0, secondary_mpart = 0;
>
> uint
Okay
>
> Also do you need to set them to 0
>
> Declare a locate mdata and use that here instead of *mdata, which is a pain.
This function is copying the metadata into the callers copy. Unless I
don't understand your comment.
>
> > +
> > + ret = gpt_get_mdata_partitions(desc, &primary_mpart,
> > + &secondary_mpart);
> > +
> > + if (ret < 0) {
> > + log_err("Error getting the FWU metadata partitions\n");
> > + return -ENODEV;
> > + }
> > +
> > + *mdata = malloc(sizeof(struct fwu_mdata));
> > + if (!*mdata) {
> > + log_err("Unable to allocate memory for reading FWU metadata\n");
> > + return -ENOMEM;
> > + }
> > +
> > + ret = gpt_read_mdata(desc, *mdata, primary_mpart);
> > + if (ret < 0) {
> > + log_err("Failed to read the FWU metadata from the device\n");
> > + return -EIO;
> > + }
> > +
> > + ret = fwu_verify_mdata(*mdata, 1);
> > + if (!ret)
> > + return 0;
> > +
> > + /*
> > + * Verification of the primary FWU metadata copy failed.
> > + * Try to read the replica.
> > + */
> > + memset(*mdata, 0, sizeof(struct fwu_mdata));
>
> '\0'
Okay
>
> > + ret = gpt_read_mdata(desc, *mdata, secondary_mpart);
> > + if (ret < 0) {
> > + log_err("Failed to read the FWU metadata from the device\n");
> > + return -EIO;
> > + }
> > +
> > + ret = fwu_verify_mdata(*mdata, 0);
> > + if (!ret)
> > + return 0;
> > +
> > + /* Both the FWU metadata copies are corrupted. */
> > + return -1;
>
> This is -EPERM
>
> Perhaps choose something else?
Again, I am not sure what would be a suitable error to return in this case.
>
> > +}
> > +
> > +static int gpt_check_mdata_validity(struct udevice *dev)
> > +{
> > + int ret;
> > + struct blk_desc *desc;
> > + struct fwu_mdata pri_mdata;
> > + struct fwu_mdata secondary_mdata;
> > + u16 primary_mpart = 0, secondary_mpart = 0;
> > + u16 valid_partitions, invalid_partitions;
> > + struct fwu_mdata_gpt_blk_priv *priv = dev_get_priv(dev);
> > +
> > + desc = dev_get_uclass_plat(priv->blk_dev);
> > + if (!desc) {
> > + log_err("Block device not found\n");
> > + return -ENODEV;
> > + }
> > +
> > + /*
> > + * Two FWU metadata partitions are expected.
> > + * If we don't have two, user needs to create
> > + * them first
> > + */
> > + valid_partitions = 0;
> > + ret = gpt_get_mdata_partitions(desc, &primary_mpart,
> > + &secondary_mpart);
> > +
> > + if (ret < 0) {
> > + log_err("Error getting the FWU metadata partitions\n");
> > + return -ENODEV;
> > + }
> > +
> > + ret = gpt_read_mdata(desc, &pri_mdata, primary_mpart);
> > + if (ret < 0) {
> > + log_err("Failed to read the FWU metadata from the device\n");
> > + goto secondary_read;
> > + }
> > +
> > + ret = fwu_verify_mdata(&pri_mdata, 1);
> > + if (!ret)
> > + valid_partitions |= PRIMARY_PART;
> > +
> > +secondary_read:
> > + /* Now check the secondary partition */
> > + ret = gpt_read_mdata(desc, &secondary_mdata, secondary_mpart);
> > + if (ret < 0) {
> > + log_err("Failed to read the FWU metadata from the device\n");
> > + goto mdata_restore;
> > + }
> > +
> > + ret = fwu_verify_mdata(&secondary_mdata, 0);
> > + if (!ret)
> > + valid_partitions |= SECONDARY_PART;
> > +
> > +mdata_restore:
> > + if (valid_partitions == (PRIMARY_PART | SECONDARY_PART)) {
> > + ret = -1;
> > + /*
> > + * Before returning, check that both the
> > + * FWU metadata copies are the same. If not,
> > + * the FWU metadata copies need to be
> > + * re-populated.
> > + */
> > + if (!memcmp(&pri_mdata, &secondary_mdata,
> > + sizeof(struct fwu_mdata))) {
> > + ret = 0;
> > + } else {
> > + log_err("Both FWU metadata copies are valid but do not match. Please check!\n");
>
> Honestly the error handling needs a rethink IMO. You should try to
> return error codes that indicate what went wrong (you mostly do in
> this file) and then have the top-level code decode those errors and
> produce an error message.
The code in efi_capsule.c which is calling the APIs is checking the
error codes and printing the error messages.
>
> > + }
> > + goto out;
> > + }
> > +
> > + ret = -1;
> > + if (!(valid_partitions & BOTH_PARTS))
> > + goto out;
> > +
> > + invalid_partitions = valid_partitions ^ BOTH_PARTS;
> > + ret = gpt_write_mdata_partition(desc,
> > + (invalid_partitions == PRIMARY_PART) ?
> > + &secondary_mdata : &pri_mdata,
> > + (invalid_partitions == PRIMARY_PART) ?
> > + primary_mpart : secondary_mpart);
> > +
> > + if (ret < 0)
> > + log_err("Restoring %s FWU metadata partition failed\n",
> > + (invalid_partitions == PRIMARY_PART) ?
> > + "primary" : "secondary");
> > +
> > +out:
> > + return ret;
> > +}
> > +
> > +static int fwu_gpt_mdata_check(struct udevice *dev)
> > +{
> > + /*
> > + * Check if both the copies of the FWU metadata are
> > + * valid. If one has gone bad, restore it from the
> > + * other good copy.
>
> word wrap wider
Okay
>
> > + */
> > + return gpt_check_mdata_validity(dev);
> > +}
> > +
> > +static int fwu_gpt_get_mdata(struct udevice *dev, struct fwu_mdata **mdata)
> > +{
> > + struct blk_desc *desc;
> > + struct fwu_mdata_gpt_blk_priv *priv = dev_get_priv(dev);
> > +
> > + desc = dev_get_uclass_plat(priv->blk_dev);
> > + if (!desc) {
> > + log_err("Block device not found\n");
> > + return -ENODEV;
>
> Again this cannot happen
Will remove
>
> > + }
> > +
> > + return gpt_get_mdata(desc, mdata);
> > +}
> > +
> > +static int fwu_get_mdata_device(struct udevice *dev, struct udevice **mdata_dev)
> > +{
> > + u32 phandle;
> > + int ret, size;
> > + struct udevice *parent, *child;
> > + const fdt32_t *phandle_p = NULL;
> > +
> > + phandle_p = dev_read_prop(dev, "fwu-mdata-store", &size);
> > + if (!phandle_p) {
> > + log_err("fwu-mdata-store property not found\n");
> > + return -ENOENT;
> > + }
> > +
> > + phandle = fdt32_to_cpu(*phandle_p);
>
> Can you use dev_read_u32() ?
Will check if this can be used.
>
> > +
> > + ret = device_get_global_by_ofnode(ofnode_get_by_phandle(phandle),
> > + &parent);
> > + if (ret)
> > + return ret;
> > +
> > + ret = -ENODEV;
>
> Here it is correct to return -ENODEV I think
>
> > + for (device_find_first_child(parent, &child); child;
> > + device_find_next_child(&child)) {
> > + if (device_get_uclass_id(child) == UCLASS_BLK) {
> > + *mdata_dev = child;
> > + ret = 0;
>
> See blk_get_from_parent()
Will check
>
> > + }
> > + }
> > +
> > + return ret;
> > +}
> > +
> > +static int fwu_mdata_gpt_blk_probe(struct udevice *dev)
> > +{
> > + int ret;
> > + struct udevice *mdata_dev = NULL;
> > + struct fwu_mdata_gpt_blk_priv *priv = dev_get_priv(dev);
> > +
> > + ret = fwu_get_mdata_device(dev, &mdata_dev);
> > + if (ret)
> > + return ret;
> > +
> > + priv->blk_dev = mdata_dev;
> > +
> > + return 0;
> > +}
> > +
> > +static const struct fwu_mdata_ops fwu_gpt_blk_ops = {
> > + .mdata_check = fwu_gpt_mdata_check,
> > + .get_mdata = fwu_gpt_get_mdata,
> > + .update_mdata = fwu_gpt_update_mdata,
> > +};
> > +
> > +static const struct udevice_id fwu_mdata_ids[] = {
> > + { .compatible = "u-boot,fwu-mdata-gpt" },
> > + { }
> > +};
> > +
> > +U_BOOT_DRIVER(fwu_mdata_gpt_blk) = {
> > + .name = "fwu-mdata-gpt-blk",
> > + .id = UCLASS_FWU_MDATA,
> > + .of_match = fwu_mdata_ids,
> > + .ops = &fwu_gpt_blk_ops,
> > + .probe = fwu_mdata_gpt_blk_probe,
> > + .priv_auto = sizeof(struct fwu_mdata_gpt_blk_priv),
> > +};
> > diff --git a/include/fwu.h b/include/fwu.h
> > index e03cfff800..8259c75d12 100644
> > --- a/include/fwu.h
> > +++ b/include/fwu.h
> > @@ -14,6 +14,10 @@
> > struct fwu_mdata;
> > struct udevice;
> >
> > +struct fwu_mdata_gpt_blk_priv {
> > + struct udevice *blk_dev;
> > +};
> > +
> > /**
> > * @mdata_check: check the validity of the FWU metadata partitions
> > * @get_mdata() - Get a FWU metadata copy
> > @@ -39,6 +43,7 @@ int fwu_get_active_index(u32 *active_idx);
> > int fwu_update_active_index(u32 active_idx);
> > int fwu_get_image_alt_num(efi_guid_t *image_type_id, u32 update_bank,
> > int *alt_num);
> > +int fwu_verify_mdata(struct fwu_mdata *mdata, bool pri_part);
>
> comments again
Will add
-sughosh
>
> > int fwu_mdata_check(void);
> > int fwu_revert_boot_index(void);
> > int fwu_accept_image(efi_guid_t *img_type_id, u32 bank);
> > --
> > 2.34.1
> >
>
> Regards,
> Simon
More information about the U-Boot
mailing list