[RFC PATCH 10/14] FWU: Reboot soon after successfully install the new firmware

Masami Hiramatsu masami.hiramatsu at linaro.org
Fri Jan 21 07:54:12 CET 2022 

Hi,

2022年1月21日(金) 13:35 Masami Hiramatsu <masami.hiramatsu at linaro.org>:
>
> Hi Takahiro,
>
> 2022年1月21日(金) 10:46 AKASHI Takahiro <takahiro.akashi at linaro.org>:
> >
> > On Fri, Jan 21, 2022 at 12:31:00AM +0900, Masami Hiramatsu wrote:
> > > Reboot to the trial state soon after successfully installing
> > > the new firmware to the next bank and updating the active_index.
> > > This is enabled by CONFIG_FWU_REBOOT_AFTER_UPDATE and is a
> > > recommended option.
> >
> > EFI_CAPSULE_HEADER.Flags may have a flag, CAPSULE_FLAGS_INITIATE_RESET.
> > See Section "8.5.3 Update Capsule" in the UEFI specification.
> >
> > I think that we'd better implement the feature rather than adding
> > CONFIG_FWU_REBOOT_AFTER_UPDATE.
>
> Thanks for pointing it! I agree with you, the flag is more useful.

According to the UEFI spec 2.9, we need to consider implementing some
related things.

In 8.5.3 Update Capsule
 ----
A capsule which has the CAPSULE_FLAGS_INITIATE_RESET Flag must have
CAPSULE_FLAGS_PERSIST_ACROSS_RESET set in its header as well.
 [...]
If a capsule has the CAPSULE_FLAGS_PERSIST_ACROSS_RESET Flag set in its
header, the firmware will process the capsules after system reset. The
caller must
ensure to reset the system using the required reset value obtained from
QueryCapsuleCapabilities.
 ----
In Table 8-8 Flag Firmware Behavior
----
CAPSULE_FLAGS_PERSIST_ACROSS_RESET +
CAPSULE_FLAGS_INITIATE_RESET

Firmware will attempt to process or launch the capsule
across a reset. The firmware will initiate a reset which is
compatible with the passed-in capsule request and will
not return back to the caller. If the capsule is not
recognized, can expect an error. If the processing requires
a reset which is unsupported by the platform, expect an
error.
----

So, I have 2 questions;

1) Should we implement CAPSULE_FLAGS_PERSIST_ACROSS_RESET too?
 Since U-Boot only supports capsule update on disk, it seems the capsule already
 applied "across a reset". :-)
2) If there are multiple capsule files and only one file (e.g. aaaa.cap) has
  CAPSULE_FLAGS_INITIATE_RESET flag, should U-Boot resets after
   applying that capsule, or wait after all capsule files are applied?
   (current implementation is the latter one)

Thank you,

>
> Regards,
>
> >
> > -Takahiro Akashi
> >
> > > Signed-off-by: Masami Hiramatsu <masami.hiramatsu at linaro.org>
> > > ---
> > >  lib/efi_loader/efi_capsule.c |   10 ++++++++--
> > >  lib/fwu_updates/Kconfig      |    9 +++++++++
> > >  2 files changed, 17 insertions(+), 2 deletions(-)
> > >
> > > diff --git a/lib/efi_loader/efi_capsule.c b/lib/efi_loader/efi_capsule.c
> > > index 83c89a0cbb..0928425b5f 100644
> > > --- a/lib/efi_loader/efi_capsule.c
> > > +++ b/lib/efi_loader/efi_capsule.c
> > > @@ -1355,10 +1355,16 @@ efi_status_t efi_launch_capsules(void)
> > >                       } else {
> > >                               log_debug("Successfully updated the active_index\n");
> > >                               status = fwu_trial_state_ctr_start();
> > > -                             if (status < 0)
> > > +                             if (status < 0) {
> > >                                       ret = EFI_DEVICE_ERROR;
> > > -                             else
> > > +                             } else {
> > >                                       ret = EFI_SUCCESS;
> > > +                                     if (IS_ENABLED(CONFIG_FWU_REBOOT_AFTER_UPDATE)) {
> > > +                                             log_info("New firmware is installed in bank#%d. Reboot from that bank.\n",
> > > +                                                      update_index);
> > > +                                             do_reset(NULL, 0, 0, NULL);
> > > +                                     }
> > > +                             }
> > >                       }
> > >               } else if (capsule_update == true && update_status == false) {
> > >                       log_err("All capsules were not updated. Not updating FWU metadata\n");
> > > diff --git a/lib/fwu_updates/Kconfig b/lib/fwu_updates/Kconfig
> > > index 6de28e0c9c..0940a90747 100644
> > > --- a/lib/fwu_updates/Kconfig
> > > +++ b/lib/fwu_updates/Kconfig
> > > @@ -29,3 +29,12 @@ config FWU_TRIAL_STATE_CNT
> > >         With FWU Multi Bank Update feature enabled, number of times
> > >         the platform is allowed to boot in Trial State after an
> > >         update.
> > > +
> > > +config FWU_REBOOT_AFTER_UPDATE
> > > +     bool "Reboot soon after installing new firmware"
> > > +     depends on FWU_MULTI_BANK_UPDATE
> > > +     default y
> > > +     help
> > > +       Reboot the machine soon after installing a new firmware
> > > +       and start trial boot. You can disable this option for
> > > +       debugging or FWU development, but recommended to enable it.
> > >
>
>
>
> --
> Masami Hiramatsu



-- 
Masami Hiramatsu

More information about the U-Boot mailing list