[PATCH v2 2/2] efi_loader: Reset system after CapsuleUpdate on disk

Masami Hiramatsu masami.hiramatsu at linaro.org
Thu Feb 3 07:35:53 CET 2022


Hi Takahiro,

We forgot a simple fact. The warm reset doesn't load the new firmware
from media.

If this reset is for reloading the new firmware, we anyway need the
cold reset :-)
(and I can't think of any reason other than this)

Thank you,

2022年2月3日(木) 13:34 Masami Hiramatsu <masami.hiramatsu at linaro.org>:
>
> Hi Takahiro,
>
> 2022年2月3日(木) 10:24 AKASHI Takahiro <takahiro.akashi at linaro.org>:
> >
> > On Wed, Feb 02, 2022 at 10:54:43PM +0900, Masami Hiramatsu wrote:
> > > Add a config option to reset system soon after processing capsule update
> > > on disk.
> >
> > We no longer have a new config option :)
>
> Oops, that's my fault.
>
> >
> > > This is required in UEFI specification 2.9 Section 8.5.5
> > >  "Delivery of Capsules via file on Mass Storage device" as;
> > >
> > >     In all cases that a capsule is identified for processing the system is
> > >     restarted after capsule processing is completed.
> > >
> > > This also reports the result of each capsule update so that the user can
> > > notice that the capsule update has been succeeded or not from console log.
> > >
> > > Signed-off-by: Masami Hiramatsu <masami.hiramatsu at linaro.org>
> > > ---
> > >  Changes in v3:
> > >   - Log succeeded capsule update in info level.
> > >   - Use sysreset if possible.
> > >   - Use do_reset() and hang() instead of panic().
> > >  Changes in v2:
> > >   - Remove kconfig option to disable this feature.
> > >   - Use panic() instead of do_reset() so that if the reset fails,
> > >     the machine halt.
> > >   - Log the result of each capsule update always.
> > > ---
> > >  lib/efi_loader/efi_capsule.c |   22 ++++++++++++++++++++--
> > >  1 file changed, 20 insertions(+), 2 deletions(-)
> > >
> > > diff --git a/lib/efi_loader/efi_capsule.c b/lib/efi_loader/efi_capsule.c
> > > index 1ec7ea29ff..ade9155042 100644
> > > --- a/lib/efi_loader/efi_capsule.c
> > > +++ b/lib/efi_loader/efi_capsule.c
> > > @@ -14,9 +14,11 @@
> > >  #include <env.h>
> > >  #include <fdtdec.h>
> > >  #include <fs.h>
> > > +#include <hang.h>
> > >  #include <malloc.h>
> > >  #include <mapmem.h>
> > >  #include <sort.h>
> > > +#include <sysreset.h>
> > >  #include <asm/global_data.h>
> > >
> > >  #include <crypto/pkcs7.h>
> > > @@ -1120,8 +1122,11 @@ efi_status_t efi_launch_capsules(void)
> > >               if (ret == EFI_SUCCESS) {
> > >                       ret = efi_capsule_update_firmware(capsule);
> > >                       if (ret != EFI_SUCCESS)
> > > -                             log_err("Applying capsule %ls failed\n",
> > > +                             log_err("Applying capsule %ls failed.\n",
> > >                                       files[i]);
> > > +                     else
> > > +                             log_info("Applying capsule %ls succeeded.\n",
> > > +                                      files[i]);
> > >
> > >                       /* create CapsuleXXXX */
> > >                       set_capsule_result(index, capsule, ret);
> > > @@ -1142,6 +1147,19 @@ efi_status_t efi_launch_capsules(void)
> > >               free(files[i]);
> > >       free(files);
> > >
> > > -     return ret;
> > > +     /*
> > > +      * UEFI spec requires to reset system after complete processing capsule
> > > +      * update on the storage.
> > > +      */
> > > +     puts("Reboot after firmware update");
> > > +     if (CONFIG_IS_ENABLED(SYSRESET)) {
> > > +             reset_cpu();
> > > +     } else {
> > > +             do_reset(NULL, 0, 0, NULL);
> > > +             hang();
> > > +     }
> > > +     /* not reach here */
> >
> > Despite the code that I proposed, I have a few concerns:
> > 1) warm or cold reset
> > Now that we are updating firmware, we may have to initiate
> > a cold reset in some cases.
> > (That's why I used 'sysreset(WARM)' to raise a question.)
>
> Indeed. Hm, as far as I can see the EDK2, it also uses cold reset.
> (HandleCapsules at ArmPkg/Library/PlatformBootManagerLib/PlatformBM.c)
> Since do_reset() calls sysreset_walk_halt(), I think do_reset() is enough.
>
> >
> > From the viewpoint of UEFI specification,
> >   * A type of reset can be determined per capsule by calling
> >     QueryCapsuleCapabilities API.
> >     (The spec said, "Returns if the capsule can be supported via
> >      UpdateCapsule()" and Capsule-on-disk might be out of scope?)
>
> I think that is only for UpdateCapsule(), as far as I can read the EDK2 code.
>
> >   * There exists ResetSystem API and it takes a *reset type*
> >     as a parameter.
>
> This API is independent from UpdateCapsule(). But while executing
> the UpdateCapsule() this API is prohibited. (See Table 8-1)
>
> >
> > 2) ResetSystem at boot time
> > So we may want to internally make use of efi_reset_system() following
> > capsule-on-disk processing.
> > The current implementation, however, does not utilize SYSRESET drivers,
> > but call do_reset(). This should be changed (as I suggested above?).
>
> As I said above, I think it should always be a cold reset and not need to use
> efi_reset_system(). For the UpdateCapsule(), there is a reason to use
> warm reset, because the capsule images which will be applied after reset,
> will be on the memory. In this case the system must be reboot without
> resetting the memory.
> But after capsule-on-disk process, all capsule images are applied and the
> firmware image on the storage is updated. So it is better to reset the
> system with cold reset so that the new firmware image can start with
> cleaned memory and devices.
>
> Thank you,
>
> >
> > -Takahiro Akashi
> >
> >
> > > +
> > > +     return 0;
> > >  }
> > >  #endif /* CONFIG_EFI_CAPSULE_ON_DISK */
> > >
>
>
>
> --
> Masami Hiramatsu



-- 
Masami Hiramatsu


More information about the U-Boot mailing list