From: Akashi Takahiro <takahiro.akashi@linaro.org>
To: u-boot@lists.denx.de
Subject: [PATCH 3/8] qemu: arm64: Add support for efi firmware management protocol routines
Date: Fri, 8 May 2020 08:36:17 +0900 [thread overview]
Message-ID: <20200507233617.GB30323@laputa> (raw)
In-Reply-To: <8e54c2ee-13c3-2679-7041-b2b40550f622@gmx.de>
On Thu, May 07, 2020 at 10:47:47PM +0200, Heinrich Schuchardt wrote:
> On 5/7/20 4:33 AM, Akashi Takahiro wrote:
> > On Fri, May 01, 2020 at 11:33:42AM +0200, Heinrich Schuchardt wrote:
> >> On 4/30/20 9:13 PM, Sughosh Ganu wrote:
> >>>
> >>> On Fri, 1 May 2020 at 00:09, Heinrich Schuchardt <xypron.glpk@gmx.de
> >>> <mailto:xypron.glpk@gmx.de>> wrote:
> >>>
> >>> On 4/30/20 7:36 PM, Sughosh Ganu wrote:
> >>> > Add support for the get_image_info and set_image routines, which are
> >>> > part of the efi firmware management protocol.
> >>> >
> >>> > The current implementation uses the set_image routine for updating the
> >>> > u-boot binary image for the qemu arm64 platform. This is supported
> >>> > using the capsule-on-disk feature of the uefi specification, wherein
> >>> > the firmware image to be updated is placed on the efi system partition
> >>> > as a efi capsule under EFI/UpdateCapsule/ directory. Support has been
> >>> > added for updating the u-boot image on platforms booting with arm
> >>> > trusted firmware(tf-a), where the u-boot image gets booted as the BL33
> >>> > payload(bl33.bin).
> >>> >
> >>> > The feature can be enabled by the following config options
> >>> >
> >>> > CONFIG_EFI_CAPSULE_ON_DISK=y
> >>> > CONFIG_EFI_FIRMWARE_MANAGEMENT_PROTOCOL=y
> >>> >
> >>> > Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org
> >>> <mailto:sughosh.ganu@linaro.org>>
> >>>
> >>> U-Boot's UEFI subsystem should work in the same way for x86, ARM, and
> >>> RISC-V. Please, come up with an architecture independent solution.
> >>>
> >>>
> >>> Please check the explanation that I gave in the other mail. If you check
> >>> the patch series, the actual capsule authentication logic has been kept
> >>> architecture agnostic, in efi_capsule.c. The fmp protocol is very much
> >>> intended for allowing platforms to define their firmware update
> >>> routines. Edk2 also has platform specific implementation of the fmp
> >>> protocol under the edk2-platforms directory.
> >>>
> >>> -sughosh
> >>> ?
> >>>
> >>
> >> My idea is that for most platforms it will be enough to have a common
> >> FMP implementation that consumes a capsule
> >>
> >> * with one or more binaries
> >
> > Does this assumption apply to most platforms?
> > If so ("one"),
>
> Raspberry uses a file in the first partition which must be FAT to store
> U-Boot. The file name of U-Boot is indicated in file config.txt to the
> primary boot loader.
>
> On all other devices I own U-Boot is installed by command 'dd' writing
> to the SD-Card somewhere after the DOS partition table. (When using a
> GUID partition table often you have to shorten it or relocated it to
> after U-Boot.) Some of the devices could alternativley use eMMC for
> U-Boot (e.g. Odroid C2).
"Firmware" doesn't always mean U-Boot binary.
What I had in my mind is that it can be
- storage for U-Boot environment variables
- firmware for other peripherals, or even
- kernel(/initfs/dtb)
(Remember that FIT format potentially allows for holding them.)
So I believe that it's totally up to systems.
-Takahiro Akashi
> For reference have a look at
> doc/README.rockchip
> https://a-delacruz.github.io/ubuntu/rpi3-setup-64bit-uboot.html
>
> Best regards
>
> Heinrich
>
> >
> >> * a media device path, a start address, and a truncation flag
> >> for each of the binaries
> >
> > my FIT-based patch[1] meets this assumption and there already
> > are backend drivers for many media (but not for semihosting :)
> > as dfu.
> > (I see little reason to re-invent another set of backend drivers.)
> >
> > [1] https://lists.denx.de/pipermail/u-boot/2020-April/408767.html
> >
> >
> >> The protocol implementation then will write the binaries to the device
> >> paths:
> >>
> >> * to an SD-Card or eMMC exposing the Block IO protocol
> >> for most devices
> >> * to a file in case of the Raspberry Pi or the Sandbox or QEMU
> >> (and truncate it if the truncation flag is set)
> >>
> >> If for some devices like a SPI flash we do not have a media device path
> >> yet, then the only platform specific bit would be the block device
> >> driver exposing the media device path.
> >>
> >> Same with a semi-hosted file: just add a driver exposing it as a media
> >> path with an EFI_BLOCK_IO_PROTOCOL.
> >>
> >> For security reasons it may be advisable to make the device read-only
> >> when reaching ExitBootServices() or even better before the first
> >> execution of StartImage(). For this purpose we could use the Reset()
> >> service of the EFI_BLOCK_IO_PROTOCOL or provide a U-Boot specific
> >> service in the EFI_BLOCK_IO_PROTOCOL.
> >>
> >> Best regards
> >>
> >> Heinrich
>
next prev parent reply other threads:[~2020-05-07 23:36 UTC|newest]
Thread overview: 41+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-04-30 17:36 [PATCH 0/8] qemu: arm64: Add support for uefi firmware management protocol routines Sughosh Ganu
2020-04-30 17:36 ` [PATCH 1/8] semihosting: Change semihosting file operation functions into global symbols Sughosh Ganu
2020-05-11 3:05 ` Akashi Takahiro
2020-05-18 16:34 ` Heinrich Schuchardt
2020-04-30 17:36 ` [PATCH 2/8] semihosting: Add support for writing to a file Sughosh Ganu
2020-05-18 17:04 ` Heinrich Schuchardt
2020-04-30 17:36 ` [PATCH 3/8] qemu: arm64: Add support for efi firmware management protocol routines Sughosh Ganu
2020-04-30 18:39 ` Heinrich Schuchardt
2020-04-30 19:13 ` Sughosh Ganu
2020-05-01 9:33 ` Heinrich Schuchardt
2020-05-05 11:15 ` Grant Likely
2020-05-05 17:04 ` Heinrich Schuchardt
2020-05-05 17:23 ` Grant Likely
2020-05-05 17:57 ` Heinrich Schuchardt
2020-05-06 15:04 ` Grant Likely
2020-05-09 10:04 ` Heinrich Schuchardt
2020-05-10 11:59 ` Sughosh Ganu
2020-05-18 17:14 ` Grant Likely
2020-05-07 2:33 ` Akashi Takahiro
2020-05-07 20:47 ` Heinrich Schuchardt
2020-05-07 23:36 ` Akashi Takahiro [this message]
2020-04-30 17:36 ` [PATCH 4/8] efi_loader: Allow parsing of miscellaneous signature database variables Sughosh Ganu
2020-04-30 17:36 ` [PATCH 5/8] efi_loader: Make the pkcs7 header parsing function an extern Sughosh Ganu
2020-05-07 7:34 ` Akashi Takahiro
2020-05-07 11:18 ` Sughosh Ganu
2020-05-08 0:51 ` Akashi Takahiro
2020-05-10 11:20 ` Sughosh Ganu
2020-04-30 17:36 ` [PATCH 6/8] efi: capsule: Add support for uefi capsule authentication Sughosh Ganu
2020-05-07 8:19 ` Akashi Takahiro
2020-05-07 11:50 ` Sughosh Ganu
2020-05-08 0:42 ` Akashi Takahiro
2020-05-10 11:26 ` Sughosh Ganu
2020-05-11 2:45 ` Akashi Takahiro
2020-04-30 17:36 ` [PATCH 7/8] qemu: arm64: " Sughosh Ganu
2020-04-30 17:36 ` [PATCH 8/8] qemu: arm64: Add documentation for capsule update Sughosh Ganu
2020-04-30 18:37 ` Heinrich Schuchardt
2020-04-30 19:08 ` Sughosh Ganu
2020-04-30 19:27 ` Tom Rini
2020-05-01 5:47 ` Sughosh Ganu
2020-05-07 2:10 ` Akashi Takahiro
2020-05-07 20:52 ` Heinrich Schuchardt
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200507233617.GB30323@laputa \
--to=takahiro.akashi@linaro.org \
--cc=u-boot@lists.denx.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox