From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <SRS0=tW7D=LX=lists.denx.de=u-boot-bounces@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-15.8 required=3.0 tests=BAYES_00,DKIM_SIGNED,
	DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,
	INCLUDES_PATCH,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS autolearn=ham
	autolearn_force=no version=3.4.0
Received: from mail.kernel.org (mail.kernel.org [198.145.29.99])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 8750FC11F66
	for <u-boot@archiver.kernel.org>; Tue, 29 Jun 2021 13:04:16 +0000 (UTC)
Received: from phobos.denx.de (phobos.denx.de [85.214.62.61])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by mail.kernel.org (Postfix) with ESMTPS id 00D1861DBF
	for <u-boot@archiver.kernel.org>; Tue, 29 Jun 2021 13:04:15 +0000 (UTC)
DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 00D1861DBF
Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=linaro.org
Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de
Received: from h2850616.stratoserver.net (localhost [IPv6:::1])
	by phobos.denx.de (Postfix) with ESMTP id 285BC82E8E;
	Tue, 29 Jun 2021 15:04:14 +0200 (CEST)
Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org
Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de
Authentication-Results: phobos.denx.de;
	dkim=pass (2048-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="hbUfqjm2";
	dkim-atps=neutral
Received: by phobos.denx.de (Postfix, from userid 109)
 id 2FBD383145; Tue, 29 Jun 2021 15:04:13 +0200 (CEST)
Received: from mail-pg1-x534.google.com (mail-pg1-x534.google.com
 [IPv6:2607:f8b0:4864:20::534])
 (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits))
 (No client certificate requested)
 by phobos.denx.de (Postfix) with ESMTPS id 7E3BF82ABE
 for <u-boot@lists.denx.de>; Tue, 29 Jun 2021 15:04:09 +0200 (CEST)
Authentication-Results: phobos.denx.de;
 dmarc=pass (p=none dis=none) header.from=linaro.org
Authentication-Results: phobos.denx.de;
 spf=pass smtp.mailfrom=takahiro.akashi@linaro.org
Received: by mail-pg1-x534.google.com with SMTP id h4so18432884pgp.5
 for <u-boot@lists.denx.de>; Tue, 29 Jun 2021 06:04:09 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google;
 h=date:from:to:cc:subject:message-id:mail-followup-to:references
 :mime-version:content-disposition:in-reply-to;
 bh=f2/3a7I9nPpdADqxF27E2LD7GU1ffSPFeM/vAX08jWg=;
 b=hbUfqjm2k81SAE9jFevYdja4Dtj5mR30m+OIJa3Tvz4MOhg/KiUQjj+UeOowUDBdzn
 jUSRHcDZjsaWEHZAk8t+pG1QJ1Zu7IxDlxEWiqjQEe+fG9xYbruagZz3SXF45fLdht47
 pbkBrD1hFgl2zPtVAyKQASHCIeZLdcboaZhJ8uY3R7Wg7oviwNdIkmnB+ImgHba12emp
 tZLcRXFLWajGRhdu7n7xHYD+9v5al0ITOQ+EXpQXrc5mW2pjYt4WNZ4RJWVJ74PPN0lS
 2n5izac99ISStuCcdVQhaGQ9KXkuQSJVLB/jxEUgZ8pefW0wuLOKecqbTcRmJlhftYFC
 m51w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:date:from:to:cc:subject:message-id
 :mail-followup-to:references:mime-version:content-disposition
 :in-reply-to;
 bh=f2/3a7I9nPpdADqxF27E2LD7GU1ffSPFeM/vAX08jWg=;
 b=U+JoglVofUjk5HfXp0o+uDc5j6bH7tdfsKwnPk2tA2NlqjDsJfL9OVT0sq8cSUuJdB
 6LB3bdbqIjAl+xGwQXK43RHSX4D4cCo5Keev5rRQBZTR7IMzJmv9tMEnmiU96kf5XtZ6
 rul9/x5f5nQX2TPlN2tC9p64qdQw/aJjy/LFlKYDNGljCDyHiy3APeahDMZQoaHJHVtp
 +8Y261s+4NL0eQBjMkWPQsoF/cbsZTmLLXwAJebUF/OEbF0hNX+8G4CcZ7jqymjvMGIm
 r2UKgbqa9p8Raiv9zfiNw0uP089WiZEVNYi3x7q3aiTVuqItT04ba44pSQJYBb2ZJ4XI
 inNg==
X-Gm-Message-State: AOAM532AGF9qgv53i/fxweOL8xLOZ0fwxuxiDHgAINVyjRq0Dar8Ko70
 ROYrHE67LqBfUgaPjGsRbPkOxQ==
X-Google-Smtp-Source: ABdhPJwu9hUu/tfi8o7WxQFB/mbsRcZ4H6V7YZEdy4DmdolmrD5FeEFAd+g4DX6mNdeqUSI3vI2Jcw==
X-Received: by 2002:a63:5616:: with SMTP id k22mr28247709pgb.41.1624971847873; 
 Tue, 29 Jun 2021 06:04:07 -0700 (PDT)
Received: from laputa (p3dd30534.tkyea130.ap.so-net.ne.jp. [61.211.5.52])
 by smtp.gmail.com with ESMTPSA id c9sm14149362pja.7.2021.06.29.06.04.05
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Tue, 29 Jun 2021 06:04:07 -0700 (PDT)
Date: Tue, 29 Jun 2021 22:04:03 +0900
From: AKASHI Takahiro <takahiro.akashi@linaro.org>
To: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Cc: Heinrich Schuchardt <xypron.glpk@gmx.de>, masami.hiramatsu@linaro.org,
 pbrobinson@redhat.com, richard@hughsie.com,
 Alexander Graf <agraf@csgraf.de>, u-boot@lists.denx.de
Subject: Re: [PATCH] efi_loader: Allow capsule update on-disk without
 checking OsIndications
Message-ID: <20210629130403.GB48515@laputa>
Mail-Followup-To: AKASHI Takahiro <takahiro.akashi@linaro.org>,
 Ilias Apalodimas <ilias.apalodimas@linaro.org>,
 Heinrich Schuchardt <xypron.glpk@gmx.de>,
 masami.hiramatsu@linaro.org, pbrobinson@redhat.com,
 richard@hughsie.com, Alexander Graf <agraf@csgraf.de>,
 u-boot@lists.denx.de
References: <20210629045552.22372-1-ilias.apalodimas@linaro.org>
 <bd5cf1e5-5334-d6e6-9693-d60b813a27f6@gmx.de>
 <20210629124128.GB47632@laputa> <YNsV6R33NS1MD8kd@enceladus>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <YNsV6R33NS1MD8kd@enceladus>
X-BeenThere: u-boot@lists.denx.de
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: U-Boot discussion <u-boot.lists.denx.de>
List-Unsubscribe: <https://lists.denx.de/options/u-boot>,
 <mailto:u-boot-request@lists.denx.de?subject=unsubscribe>
List-Archive: <https://lists.denx.de/pipermail/u-boot/>
List-Post: <mailto:u-boot@lists.denx.de>
List-Help: <mailto:u-boot-request@lists.denx.de?subject=help>
List-Subscribe: <https://lists.denx.de/listinfo/u-boot>,
 <mailto:u-boot-request@lists.denx.de?subject=subscribe>
Errors-To: u-boot-bounces@lists.denx.de
Sender: "U-Boot" <u-boot-bounces@lists.denx.de>
X-Virus-Scanned: clamav-milter 0.103.2 at phobos.denx.de
X-Virus-Status: Clean

On Tue, Jun 29, 2021 at 03:45:29PM +0300, Ilias Apalodimas wrote:
> > > > 
> [...]
> > > > +config EFI_IGNORE_OSINDICATIONS
> > > > +	bool "Ignore OsIndications for CapsuleUpdate on-disk"
> > > > +	depends on EFI_CAPSULE_ON_DISK
> > > > +	default n
> > > > +	help
> > > > +	  There are boards were we can't support SetVariable at runtime.
> > > > +	  Select this option if you want to use capsule-on-disk feature,
> > > > +	  without setting the OsIndications bit.
> > 
> > Obviously, this option breaks the conformance to UEFI specification
> > and must be turned on carefully in the limited use cases.
> > You should describe that here explicitly.
> 
> Fair enough, I'll send a v2
> 
> > 
> > Additionally, you may add
> >    depends on !EFI_MM_COMM_TEE (or better config?)
> 
> That's not the case (yet).  I do have a kernel branch were SetVariable at
> runtime is supported, but that's not merged yet.  So until this gets accepted
> *all* the boards that want to perform a capsuleupdate on-disk without setting
> the variable need this. 

If so, I would suggest that another Kconfig option be added
for the availability of SetVariable at runtime.

This will allow us to keep "depends on" unchanged even if
yet another implementation of SetVariable is introduced in the future.

-Takahiro Akashi


> Cheers
> /Ilias
> > 
> > -Takahiro Akashi
> > 
> > 
> > > >   config EFI_CAPSULE_ON_DISK_EARLY
> > > >   	bool "Initiate capsule-on-disk at U-Boot boottime"
> > > >   	depends on EFI_CAPSULE_ON_DISK
> > > > diff --git a/lib/efi_loader/efi_capsule.c b/lib/efi_loader/efi_capsule.c
> > > > index d7136035d8f9..50bed32bfb3b 100644
> > > > --- a/lib/efi_loader/efi_capsule.c
> > > > +++ b/lib/efi_loader/efi_capsule.c
> > > > @@ -948,6 +948,33 @@ efi_status_t __weak efi_load_capsule_drivers(void)
> > > >   	return ret;
> > > >   }
> > > > 
> > > > +/**
> > > > + * check_run_capsules - Check whether capsule update should run
> > > > + *
> > > > + * The spec says OsIndications must be set in order to run the capsule update
> > > > + * on-disk.  Since U-Boot doesn't support runtime SetVariable, allow capsules to
> > > > + * run explicitly if CONFIG_EFI_IGNORE_OSINDICATIONS is selected
> > > > + */
> > > > +static bool check_run_capsules(void)
> > > > +{
> > > > +	u64 os_indications;
> > > > +	efi_uintn_t size;
> > > > +	efi_status_t ret;
> > > > +
> > > > +	if (IS_ENABLED(CONFIG_EFI_IGNORE_OSINDICATIONS))
> > > > +		return true;
> > > > +
> > > > +	size = sizeof(os_indications);
> > > > +	ret = efi_get_variable_int(L"OsIndications", &efi_global_variable_guid,
> > > > +				   NULL, &size, &os_indications, NULL);
> > > > +	if (ret == EFI_SUCCESS &&
> > > > +	    (os_indications
> > > > +	      & EFI_OS_INDICATIONS_FILE_CAPSULE_DELIVERY_SUPPORTED))
> > > 
> > > The bit EFI_OS_INDICATIONS_FILE_CAPSULE_DELIVERY_SUPPORTED must be
> > > cleared in OsIndications after successfully applying the capsule. See
> > > related patch
> > > 
> > > [PATCH 1/1] efi_loader: fix set_capsule_result()
> > > https://lists.denx.de/pipermail/u-boot/2021-June/453111.html
> > > 
> > > Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
> > > 
> > > > +		return true;
> > > > +
> > > > +	return false;
> > > > +}
> > > > +
> > > >   /**
> > > >    * efi_launch_capsule - launch capsules
> > > >    *
> > > > @@ -958,20 +985,13 @@ efi_status_t __weak efi_load_capsule_drivers(void)
> > > >    */
> > > >   efi_status_t efi_launch_capsules(void)
> > > >   {
> > > > -	u64 os_indications;
> > > > -	efi_uintn_t size;
> > > >   	struct efi_capsule_header *capsule = NULL;
> > > >   	u16 **files;
> > > >   	unsigned int nfiles, index, i;
> > > >   	u16 variable_name16[12];
> > > >   	efi_status_t ret;
> > > > 
> > > > -	size = sizeof(os_indications);
> > > > -	ret = efi_get_variable_int(L"OsIndications", &efi_global_variable_guid,
> > > > -				   NULL, &size, &os_indications, NULL);
> > > > -	if (ret != EFI_SUCCESS ||
> > > > -	    !(os_indications
> > > > -	      & EFI_OS_INDICATIONS_FILE_CAPSULE_DELIVERY_SUPPORTED))
> > > > +	if (!check_run_capsules())
> > > >   		return EFI_SUCCESS;
> > > > 
> > > >   	index = get_last_capsule();
> > > > 
> > >