[PATCH v10 02/15] FWU: Add FWU metadata structure and driver for accessing metadata

Mon Sep 26 12:00:44 CEST 2022

On Mon, 26 Sept 2022 at 08:28, Jassi Brar <jassisinghbrar at gmail.com> wrote:
>
> On Thu, Sep 15, 2022 at 3:15 AM Sughosh Ganu <sughosh.ganu at linaro.org> wrote:
> ....
> > +/**
> > + * @mdata_check: check the validity of the FWU metadata partitions
> > + * @get_mdata() - Get a FWU metadata copy
> > + * @update_mdata() - Update the FWU metadata copy
> > + */
> > +struct fwu_mdata_ops {
> > +       /**
> > +        * mdata_check() - Check if the FWU metadata is valid
> > +        * @dev:        FWU device
> > +        *
> > +        * Validate both copies of the FWU metadata. If one of the copies
> > +        * has gone bad, restore it from the other bad copy.
> > +        *
> > +        * Return: 0 if OK, -ve on error
> > +        */
> > +       int (*mdata_check)(struct udevice *dev);
> >
> Like get_mdata and update_mdata, maybe  check_mdata too ?

Okay

>
> .....
> > +/**
> > + * fwu_get_active_index() - Get active_index from the FWU metadata
> > + * @active_idxp: active_index value to be read
> > + *
> > + * Read the active_index field from the FWU metadata and place it in
> > + * the variable pointed to be the function argument.
> > + *
> > + * Return: 0 if OK, -ve on error
> > + *
> > + */
> > +int fwu_get_active_index(u32 *active_idxp);
> > +
> > +/**
> > + * fwu_update_active_index() - Update active_index from the FWU metadata
> > + * @active_idx: active_index value to be updated
> > + *
> > + * Update the active_index field in the FWU metadata
> > + *
> > + * Return: 0 if OK, -ve on error
> > + *
> > + */
> > +int fwu_update_active_index(uint active_idx);
> >
> maybe  fwu_set_active_index  ? just like fwu_get_active_index

Okay

>
> .....
> > +/**
> > + * fwu_revert_boot_index() - Revert the active index in the FWU metadata
> > + *
> > + * Revert the active_index value in the FWU metadata, by swapping the values
> > + * of active_index and previous_active_index in both copies of the
> > + * FWU metadata.
> > + *
> > + * Return: 0 if OK, -ve on error
> > + *
> > + */
> > +int fwu_revert_boot_index(void)
> > +{
> > +       int ret;
> > +       u32 cur_active_index;
> > +       struct udevice *dev;
> > +       struct fwu_mdata mdata = { 0 };
> > +
> > +       ret = fwu_get_dev_mdata(&dev, &mdata);
> > +       if (ret)
> > +               return ret;
> > +
> > +       /*
> > +        * Swap the active index and previous_active_index fields
> > +        * in the FWU metadata
> > +        */
> > +       cur_active_index = mdata.active_index;
> > +       mdata.active_index = mdata.previous_active_index;
> > +       mdata.previous_active_index = cur_active_index;
> >
> This may cause problems.
> We are reverting because active_index does not work, and here we set
> it to previous_active_index which is supposed to mean "last good
> index".
>  Also this logic assumes a 2-banks setup, and is obviously incorrect
> for >2 banks where the previous_active_index should point to
> "boot_index minus 2" bank (but of course there is no guarantee that
> that bank is preserved still).
>  So either previous_active_index be left changed OR we also copy the
> previous bank to active bank before the swap.

Sorry, but I don't understand the review comment here. Even in the
case of num_banks > 2, this function is simply using the
previous_active_index value. It does not care what the
previous_active_index value is. If you remember, the setting of the
update bank is really a platform
function(fwu_plat_get_update_index()). A platform can set any bank
number as the update bank. So we cannot tell what the value of the
previous_active_index will be. All that this function does is use the
previous_active_index as the partition/bank to boot from in the
subsequent boot cycle.

>
> .....
> > +/**
> > + * fwu_accept_image() - Set the Acceptance bit for the image
> > + * @img_type_id: GUID of the image type for which the accepted bit is to be
> > + *               cleared
> > + * @bank: Bank of which the image's Accept bit is to be set
> > + *
> > + * Set the accepted bit for the image specified by the img_guid parameter. This
> > + * indicates acceptance of image for subsequent boots by some governing component
> > + * like OS(or firmware).
> > + *
> > + * Return: 0 if OK, -ve on error
> > + *
> > + */
> > +int fwu_accept_image(efi_guid_t *img_type_id, u32 bank)
> > +{
> > +       return fwu_clrset_image_accept(img_type_id, bank,
> > +                                      IMAGE_ACCEPT_SET);
> > +}
> > +
> > +/**
> > + * fwu_clear_accept_image() - Clear the Acceptance bit for the image
> >
> Something more consistent like fwu_image_accepted_clear()  and
> fwu_image_accepted_set() ?

Umm, the other related API is fwu_accept_image, and this is clearing
the accept bit, hence the name. If you don't feel strongly about this,
I would prefer the current name.

-sughosh