From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-15.8 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER, INCLUDES_PATCH,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 2B0CFC11F66 for ; Tue, 29 Jun 2021 12:41:44 +0000 (UTC) Received: from phobos.denx.de (phobos.denx.de [85.214.62.61]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 9BFD261D5E for ; Tue, 29 Jun 2021 12:41:43 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 9BFD261D5E Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=linaro.org Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 4B50483152; Tue, 29 Jun 2021 14:41:41 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="K5H16A1G"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id 6B1DE83158; Tue, 29 Jun 2021 14:41:39 +0200 (CEST) Received: from mail-pf1-x42f.google.com (mail-pf1-x42f.google.com [IPv6:2607:f8b0:4864:20::42f]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id A84B78314D for ; Tue, 29 Jun 2021 14:41:35 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=takahiro.akashi@linaro.org Received: by mail-pf1-x42f.google.com with SMTP id q192so17073355pfc.7 for ; Tue, 29 Jun 2021 05:41:35 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=date:from:to:cc:subject:message-id:mail-followup-to:references :mime-version:content-disposition:in-reply-to; bh=FR7D3EnUkpc+SZRAYqBoN1O6WFl81K2P/s5pAUUzMSM=; b=K5H16A1GVY42ddiTTrI3aSwwOEgH5ACaevnoetwtDh8LOG2bHbmvPuyAd2m0UPNaVj E0e48duERgToijK+KHIPevUPofyrUnJgmS69Pue2pEaBgy0OgPiHvk0ZTBnAEtNBqWY1 yK7xlrijj5i0AvBx1K3BT0lwWaFa+YpjNherrcAcs0nQmqARA6wJzJZ5BNyjcOmVUeCN d+jUwvXR4Dv0utbJ6Vd35keMCb4PP0P/XgHw5SMWCBpe9RzS+uxAz0fzgmWsytCoXcii imNrZSjBKYicG84SZBFe1Yqp04rsN/xA8FITFYFg6aZ4YhQ7QZYjN3tTsVvrKadvL/Hy WpGw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id :mail-followup-to:references:mime-version:content-disposition :in-reply-to; bh=FR7D3EnUkpc+SZRAYqBoN1O6WFl81K2P/s5pAUUzMSM=; b=d3OGezR1Q5Mav4lKWFoYVw+bQ2Uqd+lVtXDdnT8VyvXlF8GzKfO3TjbmQ0UIL6u4SG ETYoTIB8m8UYlWgfC3HhRulUzEIyJhpF3+sVYAOjwIIm0Whx5GQoKfsIs6x6fIWjgj0g JDxT/vWCIw05z302JNrA3e9bT/e025f5dlY7VBtSbFDO0uayrXUVwpZp3bnnjRKwiaRK wJnhvujFBdqVoKasoG30e2M28d5Y63ejCeA4VLPFoyQ4o+78WSPIvV7j8pAP99UFAoC7 6HeQFqu4VduCt60mknvSX7KhJ1N5sa+gDMHt5zdSzLlCtzWH83e/P95JqLx5FARGq89M YSDA== X-Gm-Message-State: AOAM533VIKomZQm3+OK68/YZNJbYcZ/eG+hi/k7XNIWJeN4k8aNvZnIT VDeDUSq3Brb49YM/zYJ65PCBOg== X-Google-Smtp-Source: ABdhPJwKoN7TFWNKkQ9f7ExoG2y5FANx7FiUTsiin2dVosjIcXZ+q0SAtWDR+o4zkw+gDjlkQPDZfg== X-Received: by 2002:a63:f64d:: with SMTP id u13mr3211006pgj.156.1624970494042; Tue, 29 Jun 2021 05:41:34 -0700 (PDT) Received: from laputa (p3dd30534.tkyea130.ap.so-net.ne.jp. [61.211.5.52]) by smtp.gmail.com with ESMTPSA id c24sm15858266pfn.86.2021.06.29.05.41.30 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 29 Jun 2021 05:41:32 -0700 (PDT) Date: Tue, 29 Jun 2021 21:41:28 +0900 From: AKASHI Takahiro To: Heinrich Schuchardt Cc: Ilias Apalodimas , masami.hiramatsu@linaro.org, pbrobinson@redhat.com, richard@hughsie.com, Alexander Graf , u-boot@lists.denx.de Subject: Re: [PATCH] efi_loader: Allow capsule update on-disk without checking OsIndications Message-ID: <20210629124128.GB47632@laputa> Mail-Followup-To: AKASHI Takahiro , Heinrich Schuchardt , Ilias Apalodimas , masami.hiramatsu@linaro.org, pbrobinson@redhat.com, richard@hughsie.com, Alexander Graf , u-boot@lists.denx.de References: <20210629045552.22372-1-ilias.apalodimas@linaro.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.34 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.2 at phobos.denx.de X-Virus-Status: Clean On Tue, Jun 29, 2021 at 09:43:40AM +0200, Heinrich Schuchardt wrote: > On 6/29/21 6:55 AM, Ilias Apalodimas wrote: > > From: apalos > > > > Although U-Boot supports capsule update on-disk, it's lack of support for > > SetVariable at runtime prevents applications like fwupd from using it. > > > > In order to perform the capsule update on-disk the spec says that the OS > > must copy the capsule to the \EFI\UpdateCapsule directory and set a bit in > > the OsIndications variable. The firmware then checks for the > > EFI_OS_INDICATIONS_FILE_CAPSULE_DELIVERY_SUPPORTED bit in OsIndications > > variable, which is set by submitter to trigger processing of the capsule > > on next reboot. > > > > Let's add a config option which ignores the bit checking in OsIndications > > and just rely on the capsule being present. Since U-Boot deletes the > > capsule while processing it, we won't end up running it multiple times. > > > > Note that this is allowed for all capsules. In the future once, > > authenticated capsules is fully supported, we can limit the functionality > > to those only. > > > > Signed-off-by: apalos > > --- > > lib/efi_loader/Kconfig | 9 +++++++++ > > lib/efi_loader/efi_capsule.c | 36 ++++++++++++++++++++++++++++-------- > > 2 files changed, 37 insertions(+), 8 deletions(-) > > > > diff --git a/lib/efi_loader/Kconfig b/lib/efi_loader/Kconfig > > index 684adfb62379..5a3820e76122 100644 > > --- a/lib/efi_loader/Kconfig > > +++ b/lib/efi_loader/Kconfig > > @@ -137,6 +137,15 @@ config EFI_CAPSULE_ON_DISK > > under a specific directory on UEFI system partition instead of > > via UpdateCapsule API. > > > > +config EFI_IGNORE_OSINDICATIONS > > + bool "Ignore OsIndications for CapsuleUpdate on-disk" > > + depends on EFI_CAPSULE_ON_DISK > > + default n > > + help > > + There are boards were we can't support SetVariable at runtime. > > + Select this option if you want to use capsule-on-disk feature, > > + without setting the OsIndications bit. Obviously, this option breaks the conformance to UEFI specification and must be turned on carefully in the limited use cases. You should describe that here explicitly. Additionally, you may add depends on !EFI_MM_COMM_TEE (or better config?) -Takahiro Akashi > > config EFI_CAPSULE_ON_DISK_EARLY > > bool "Initiate capsule-on-disk at U-Boot boottime" > > depends on EFI_CAPSULE_ON_DISK > > diff --git a/lib/efi_loader/efi_capsule.c b/lib/efi_loader/efi_capsule.c > > index d7136035d8f9..50bed32bfb3b 100644 > > --- a/lib/efi_loader/efi_capsule.c > > +++ b/lib/efi_loader/efi_capsule.c > > @@ -948,6 +948,33 @@ efi_status_t __weak efi_load_capsule_drivers(void) > > return ret; > > } > > > > +/** > > + * check_run_capsules - Check whether capsule update should run > > + * > > + * The spec says OsIndications must be set in order to run the capsule update > > + * on-disk. Since U-Boot doesn't support runtime SetVariable, allow capsules to > > + * run explicitly if CONFIG_EFI_IGNORE_OSINDICATIONS is selected > > + */ > > +static bool check_run_capsules(void) > > +{ > > + u64 os_indications; > > + efi_uintn_t size; > > + efi_status_t ret; > > + > > + if (IS_ENABLED(CONFIG_EFI_IGNORE_OSINDICATIONS)) > > + return true; > > + > > + size = sizeof(os_indications); > > + ret = efi_get_variable_int(L"OsIndications", &efi_global_variable_guid, > > + NULL, &size, &os_indications, NULL); > > + if (ret == EFI_SUCCESS && > > + (os_indications > > + & EFI_OS_INDICATIONS_FILE_CAPSULE_DELIVERY_SUPPORTED)) > > The bit EFI_OS_INDICATIONS_FILE_CAPSULE_DELIVERY_SUPPORTED must be > cleared in OsIndications after successfully applying the capsule. See > related patch > > [PATCH 1/1] efi_loader: fix set_capsule_result() > https://lists.denx.de/pipermail/u-boot/2021-June/453111.html > > Reviewed-by: Heinrich Schuchardt > > > + return true; > > + > > + return false; > > +} > > + > > /** > > * efi_launch_capsule - launch capsules > > * > > @@ -958,20 +985,13 @@ efi_status_t __weak efi_load_capsule_drivers(void) > > */ > > efi_status_t efi_launch_capsules(void) > > { > > - u64 os_indications; > > - efi_uintn_t size; > > struct efi_capsule_header *capsule = NULL; > > u16 **files; > > unsigned int nfiles, index, i; > > u16 variable_name16[12]; > > efi_status_t ret; > > > > - size = sizeof(os_indications); > > - ret = efi_get_variable_int(L"OsIndications", &efi_global_variable_guid, > > - NULL, &size, &os_indications, NULL); > > - if (ret != EFI_SUCCESS || > > - !(os_indications > > - & EFI_OS_INDICATIONS_FILE_CAPSULE_DELIVERY_SUPPORTED)) > > + if (!check_run_capsules()) > > return EFI_SUCCESS; > > > > index = get_last_capsule(); > > >