[PATCH v6 00/11] efi: CapsuleUpdate: support for dynamic UUIDs

Thu Aug 8 18:56:10 CEST 2024

Small CI issue, I'll fix it up and resend

https://source.denx.de/u-boot/custodians/u-boot-snapdragon/-/jobs/884570

On 08/08/2024 18:21, Caleb Connolly wrote:
> As more boards adopt support for the EFI CapsuleUpdate mechanism, there
> is a growing issue of being able to target updates to them properly. The
> current mechanism of hardcoding UUIDs for each board at compile time is
> unsustainable, and maintaining lists of GUIDs is similarly cumbersome.
> 
> In this series, I propose that we adopt v5 GUIDs, these are generated by
> using a well-known salt GUID as well as board specific information the
> DT root compatible string, these are hashed together and the result is
> truncated to form a new UUID.
> 
> The well-known salt GUID can be specific to the architecture (SoC
> vendor), or OEM. It is defined in the board defconfig so that vendors
> can easily bring their own.
> 
> Specifically, the following fields are used to generate a GUID for a
> particular fw_image:
> 
> * namespace salt
> * board compatible (usually the first entry in the dt root compatible
>    array).
> * fw_image name (the string identifying the specific image, especially
>    relevant for board that can update multiple images).
> 
> == Usage ==
> 
> Boards can enable dynamic UUID support by simply not setting the
> efi_fw_image image_type_id property. Vendors may also wish to set a
> custom namespace GUID (by setting CONFIG_EFI_CAPSULE_NAMESPACE_GUID).
> 
> == Limitations ==
> 
> * Changing GUIDs
> 
> The primary limitation with this approach is that if any of the source
> fields change, so will the GUID for the board. It is therefore pretty
> important to ensure that GUID changes are caught during development.
> 
> * Supporting multiple boards with a single image
> 
> This now requires having an entry with the GUID for every board which
> might lead to larger UpdateCapsule images.
> 
> == Tooling ==
> 
> The mkeficapsule command is updated to add a new guidgen subcommand,
> this can generate GUIDs that match those the board would generate at
> runtime. It accepts an optional namespace GUID (if the default isn't
> used), a path to the board DTB, and a list of firmware image names.
> 
> This series follows a related discussion started by Ilias:
> https://lore.kernel.org/u-boot/CAC_iWjJNHa4gMF897MqYZNdbgjFG8K4kwGsTXWuy72WkYLizrw@mail.gmail.com/
> 
> CI run for this series: https://source.denx.de/u-boot/custodians/u-boot-snapdragon/-/pipelines/21419
> 
> ---
> Changes in v6:
> - FWU -> Firmware Update in docs
> - Make v5 GUIDs explicitly LE
> - Link to v5: https://lore.kernel.org/r/20240719-b4-dynamic-uuid-v5-0-8a83de3fe3dc@linaro.org
> 
> Changes in v5:
> - Clean up mkeficapsule genguid patch
> - Add explicit tests validating the GUID type bits
> - Link to v4: https://lore.kernel.org/r/20240702-b4-dynamic-uuid-v4-0-a00c82d1f504@linaro.org
> 
> Changes in v4:
> - Make UUID v5 support always enabled rather than being optional.
> - Fix endianness issues (thanks Vincent and Ilias)
> - Merge genguid tool into mkeficapsule.
> -	And move mkeficapsule over to using U-Boot's UUID code rather
> 	than libuuid.
> - Provide a default namespace UUID for all U-Boot boards.
> - Link to v3: https://lore.kernel.org/r/20240531-b4-dynamic-uuid-v3-0-ca4a4865db00@linaro.org
> 
> Changes in v3:
> - Add manpage for genguid
> - Add dedicated CONFIG_TOOLS_GENGUID option
> - Minor code fixes addressing v2 feedback
> - Link to v2: https://lore.kernel.org/r/20240529-b4-dynamic-uuid-v2-0-c26f31057bbe@linaro.org
> 
> Changes in v2:
> - Move namespace UUID to be defined in defconfig
> - Add tests and tooling
> - Only use the first board compatible to generate UUID.
> - Link to v1: https://lore.kernel.org/r/20240426-b4-dynamic-uuid-v1-0-e8154e00ec44@linaro.org
> 
> ---
> Caleb Connolly (11):
>        efi: define struct efi_guid
>        lib: uuid: add UUID v5 support
>        efi: add a helper to generate dynamic UUIDs
>        doc: uefi: document dynamic UUID generation
>        sandbox: switch to dynamic UUIDs
>        lib: uuid: supporting building as part of host tools
>        include: export uuid.h
>        tools: mkeficapsule: use u-boot UUID library
>        tools: mkeficapsule: support generating dynamic GUIDs
>        test: lib/uuid: add unit tests for dynamic UUIDs
>        test: lib/uuid: add tests for UUID version/variant bits
> 
>   arch/arm/mach-rockchip/board.c                     |   2 +-
>   board/cobra5272/flash.c                            |   2 +-
>   board/gardena/smart-gateway-mt7688/board.c         |   2 +-
>   board/sandbox/sandbox.c                            |  16 --
>   board/socrates/socrates.c                          |   2 +-
>   board/xilinx/common/board.c                        |   2 +-
>   cmd/efi.c                                          |   2 +-
>   cmd/efi_common.c                                   |   2 +-
>   cmd/flash.c                                        |   2 +-
>   cmd/gpt.c                                          |   2 +-
>   cmd/nvedit_efi.c                                   |   2 +-
>   cmd/x86/hob.c                                      |   2 +-
>   common/flash.c                                     |   2 +-
>   disk/part_efi.c                                    |   2 +-
>   doc/develop/uefi/uefi.rst                          |  27 +++
>   doc/mkeficapsule.1                                 |  23 +++
>   drivers/firmware/arm-ffa/arm-ffa-uclass.c          |   2 +-
>   env/sf.c                                           |   2 +-
>   fs/btrfs/btrfs.c                                   |   2 +-
>   fs/btrfs/compat.h                                  |   2 +-
>   fs/btrfs/disk-io.c                                 |   2 +-
>   fs/ext4/ext4fs.c                                   |   2 +-
>   include/efi.h                                      |   2 +-
>   include/fwu.h                                      |   2 +-
>   include/part.h                                     |   2 +-
>   include/rkmtd.h                                    |   2 +-
>   include/sandbox_efi_capsule.h                      |   6 +-
>   include/{ => u-boot}/uuid.h                        |  21 ++-
>   lib/Kconfig                                        |   1 +
>   lib/acpi/acpi_dp.c                                 |   2 +-
>   lib/acpi/acpigen.c                                 |   2 +-
>   lib/efi/efi_app.c                                  |   2 +-
>   lib/efi_loader/Kconfig                             |  12 ++
>   lib/efi_loader/efi_capsule.c                       |   1 +
>   lib/efi_loader/efi_device_path.c                   |   2 +-
>   lib/efi_loader/efi_firmware.c                      |  55 +++++-
>   lib/efi_loader/efi_variable.c                      |   2 +-
>   lib/fwu_updates/fwu_mtd.c                          |   2 +-
>   lib/uuid.c                                         | 102 +++++++---
>   lib/vsprintf.c                                     |   2 +-
>   net/bootp.c                                        |   2 +-
>   test/dm/acpi_dp.c                                  |   2 +-
>   test/dm/acpigen.c                                  |   2 +-
>   test/lib/uuid.c                                    | 120 +++++++++++-
>   .../test_efi_capsule/test_capsule_firmware_fit.py  |   2 +-
>   .../test_efi_capsule/test_capsule_firmware_raw.py  |   8 +-
>   .../test_capsule_firmware_signed_fit.py            |   2 +-
>   .../test_capsule_firmware_signed_raw.py            |   4 +-
>   test/py/tests/test_efi_capsule/version.dtso        |   6 +-
>   tools/Makefile                                     |   8 +-
>   tools/binman/etype/efi_capsule.py                  |   2 +-
>   tools/binman/ftest.py                              |   2 +-
>   tools/eficapsule.h                                 |   2 +-
>   tools/mkeficapsule.c                               | 209 ++++++++++++++++-----
>   54 files changed, 546 insertions(+), 149 deletions(-)
> ---
> change-id: 20240422-b4-dynamic-uuid-1a5ab1486c27
> base-commit: 07e73b0483a844e4581c8c94d01e73ca22c0ab50
> 
> // Caleb (they/them)
> 

-- 
// Caleb (they/them)