From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from phobos.denx.de (phobos.denx.de [85.214.62.61]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 8DEA0C6FA82 for ; Thu, 22 Sep 2022 05:21:16 +0000 (UTC) Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 855D484BCE; Thu, 22 Sep 2022 07:21:14 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="zef7Zj/M"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id AE23C84C9B; Thu, 22 Sep 2022 07:21:12 +0200 (CEST) Received: from mail-pl1-x633.google.com (mail-pl1-x633.google.com [IPv6:2607:f8b0:4864:20::633]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id 44FEC84BAC for ; Thu, 22 Sep 2022 07:21:08 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=takahiro.akashi@linaro.org Received: by mail-pl1-x633.google.com with SMTP id l10so7726117plb.10 for ; Wed, 21 Sep 2022 22:21:08 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=in-reply-to:content-disposition:mime-version:references :mail-followup-to:message-id:subject:cc:to:from:date:from:to:cc :subject:date; bh=v5h0CdTWMP4vjOMOSlbLyRdzP+9+pBBOldT9rn6nUsE=; b=zef7Zj/MG6AH00SK5aq+S3tLL7VDrt7eIjt41BjQ879gzutW05cy0+5L364PvoN+Xh bFt/+dvp0CvVF/PVbQmTFLW5ALMjTb95l6nQsZaT/6ruUWeckzg54LUZttpIO9FQf15p vzkUqvWgtv6ZPt6ZMS2W3/uUYqtZoRbRPV/zsZXO6aDlPgxRhRYn8Jlf5WF/WV2vG8yr wlkig8/bHHWGr9ZlmjxzXyUPVG3s36bfLsw/CTXwAXEpnIqfcsfEp3890qxn3ii79L6O x1leZK4CuynbpVkE2LzHEI0wRNd3Yd/UwAC3KF1O5VPy0j+soZi9PhLlhQ42rC58+B8i xfLg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=in-reply-to:content-disposition:mime-version:references :mail-followup-to:message-id:subject:cc:to:from:date :x-gm-message-state:from:to:cc:subject:date; bh=v5h0CdTWMP4vjOMOSlbLyRdzP+9+pBBOldT9rn6nUsE=; b=jefAY/DQlXcfAo0A+7PoSm+iIlm4ERDBiWxmTH6Tidyd2LUUv74y2MjwIUnOnVHzxx Xr3T6g9eP+WyU1TrLb2XTjeBUkt8rR7QcrLF4V4BPlSYsNLKfOKauIhaNa8QdUJW+pSe IegmOFlFf5hrbHVuBtVSYncpAIdbImoKNSsF10j9DEhSqOwINP4vcPjnvR+IdAB7m60p yTwiawFRTxBW0fBZDz8qD0g1oAvwJCla7RYUsagnBiIBydnA73iTWXQgnKCn1xR5XHlr uVCYlCZzy8GNBL4lDyNmEKJGxxuIeQT29MSGvrC7k+D480uG/hIGAVpZ1n+353jQblTP 7xdA== X-Gm-Message-State: ACrzQf03fLvT4F7TITzGIREapM4cKQ9eL7RkQw+ZcT3s+Hay4JLag9j2 CP8dQfkpAn1mX+r6G5NW64QCFQ== X-Google-Smtp-Source: AMsMyM6xN74T/nS0togg9ccbAiO3adGI03KPaqsMdvW6h/VdhybPmFZWKDU+y8SK5Etw3kvDmyxyBA== X-Received: by 2002:a17:902:d4ce:b0:177:fe49:19d2 with SMTP id o14-20020a170902d4ce00b00177fe4919d2mr1769855plg.4.1663824066175; Wed, 21 Sep 2022 22:21:06 -0700 (PDT) Received: from laputa ([2400:4050:c3e1:100:3629:3dce:3bac:7ef9]) by smtp.gmail.com with ESMTPSA id w189-20020a6230c6000000b0053e4cec4763sm3164938pfw.160.2022.09.21.22.21.02 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 21 Sep 2022 22:21:05 -0700 (PDT) Date: Thu, 22 Sep 2022 14:21:00 +0900 From: Takahiro Akashi To: Sughosh Ganu Cc: u-boot@lists.denx.de, Heinrich Schuchardt , Ilias Apalodimas , Patrick Delaunay , Patrice Chotard , Simon Glass , Bin Meng , Tom Rini , Etienne Carriere , Michal Simek , Jassi Brar Subject: Re: [PATCH v10 10/15] FWU: Add support for the FWU Multi Bank Update feature Message-ID: <20220922052100.GA64916@laputa> Mail-Followup-To: Takahiro Akashi , Sughosh Ganu , u-boot@lists.denx.de, Heinrich Schuchardt , Ilias Apalodimas , Patrick Delaunay , Patrice Chotard , Simon Glass , Bin Meng , Tom Rini , Etienne Carriere , Michal Simek , Jassi Brar References: <20220915081451.633983-1-sughosh.ganu@linaro.org> <20220915081451.633983-11-sughosh.ganu@linaro.org> <20220916014741.GB45676@laputa> <20220916065013.GA63216@laputa> <20220920081602.GA58197@laputa> <20220921052831.GA55439@laputa> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.39 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.6 at phobos.denx.de X-Virus-Status: Clean On Wed, Sep 21, 2022 at 04:56:20PM +0530, Sughosh Ganu wrote: > hi Takahiro, > > On Wed, 21 Sept 2022 at 10:58, Takahiro Akashi > wrote: > > > > Sughosh, > > > > On Tue, Sep 20, 2022 at 06:34:12PM +0530, Sughosh Ganu wrote: > > > On Tue, 20 Sept 2022 at 13:46, Takahiro Akashi > > > wrote: > > > > > > > > On Fri, Sep 16, 2022 at 04:24:35PM +0530, Sughosh Ganu wrote: > > > > > hi Takahiro, > > > > > > > > > > On Fri, 16 Sept 2022 at 12:20, Takahiro Akashi > > > > > wrote: > > > > > > > > > > > > On Fri, Sep 16, 2022 at 10:52:11AM +0530, Sughosh Ganu wrote: > > > > > > > () hi Takahiro, > > > > > > > > > > > > > > On Fri, 16 Sept 2022 at 07:17, Takahiro Akashi > > > > > > > wrote: > > > > > > > > > > > > > > > > Hi Sughosh, > > > > > > > > > > > > > > > > On Thu, Sep 15, 2022 at 01:44:46PM +0530, Sughosh Ganu wrote: > > > > > > > > > The FWU Multi Bank Update feature supports updation of firmware images > > > > > > > > > to one of multiple sets(also called banks) of images. The firmware > > > > > > > > > images are clubbed together in banks, with the system booting images > > > > > > > > > from the active bank. Information on the images such as which bank > > > > > > > > > they belong to is stored as part of the metadata structure, which is > > > > > > > > > stored on the same storage media as the firmware images on a dedicated > > > > > > > > > partition. > > > > > > > > > > > > > > > > > > At the time of update, the metadata is read to identify the bank to > > > > > > > > > which the images need to be flashed(update bank). On a successful > > > > > > > > > update, the metadata is modified to set the updated bank as active > > > > > > > > > bank to subsequently boot from. > > > > > > > > > > > > > > > > > > Signed-off-by: Sughosh Ganu > > > > > > > > > --- > > > > > > > > > Changes since V9: > > > > > > > > > * Move the global variables into local variables as suggested by > > > > > > > > > Ilias. > > > > > > > > > * Change fwu_get_image_alt_num() name to fwu_get_image_image_index() > > > > > > > > > > > > > > > > -> typo? fwu_get_image_index()? > > > > > > > > > > > > > > > > > as suggested by Takahiro. > > > > > > > > > * Allow capsule updates to be called from efi_init_obj_list() with the > > > > > > > > > FWU feature enabled, as suggested by Takahiro. > > > > > > > > > * Enable EFI_CAPSULE_ON_DISK_EARLY as an imply with the FWU feature > > > > > > > > > enabled. > > > > > > > > > * Define the FWU feature related functions as __maybe_unused to allow > > > > > > > > > for compilation with the FWU feature disabled. > > > > > > > > > > > > > > > > > > drivers/Kconfig | 2 + > > > > > > > > > drivers/Makefile | 1 + > > > > > > > > > include/fwu.h | 30 +++++ > > > > > > > > > lib/Kconfig | 6 + > > > > > > > > > lib/Makefile | 1 + > > > > > > > > > lib/efi_loader/efi_capsule.c | 243 ++++++++++++++++++++++++++++++++++- > > > > > > > > > lib/fwu_updates/Kconfig | 33 +++++ > > > > > > > > > lib/fwu_updates/Makefile | 7 + > > > > > > > > > lib/fwu_updates/fwu.c | 23 ++++ > > > > > > > > > 9 files changed, 340 insertions(+), 6 deletions(-) > > > > > > > > > create mode 100644 lib/fwu_updates/Kconfig > > > > > > > > > create mode 100644 lib/fwu_updates/Makefile > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > /** > > > > > > > > > * efi_capsule_update_firmware - update firmware from capsule > > > > > > > > > @@ -410,7 +544,35 @@ static efi_status_t efi_capsule_update_firmware( > > > > > > > > > int item; > > > > > > > > > struct efi_firmware_management_protocol *fmp; > > > > > > > > > u16 *abort_reason; > > > > > > > > > + efi_guid_t image_type_id; > > > > > > > > > efi_status_t ret = EFI_SUCCESS; > > > > > > > > > + int status; > > > > > > > > > + u8 image_index; > > > > > > > > > + u32 update_index; > > > > > > > > > + bool fw_accept_os, image_index_check; > > > > > > > > > + > > > > > > > > > + if (IS_ENABLED(CONFIG_FWU_MULTI_BANK_UPDATE)) { > > > > > > > > > + if (!fwu_empty_capsule(capsule_data) && > > > > > > > > > + !fwu_update_checks_pass()) { > > > > > > > > > + log_err("FWU checks failed. Cannot start update\n"); > > > > > > > > > + return EFI_INVALID_PARAMETER; > > > > > > > > > + } > > > > > > > > > + > > > > > > > > > + if (fwu_empty_capsule(capsule_data)) > > > > > > > > > + return fwu_empty_capsule_process(capsule_data); > > > > > > > > > + > > > > > > > > > + /* Obtain the update_index from the platform */ > > > > > > > > > + status = fwu_plat_get_update_index(&update_index); > > > > > > > > > + if (status < 0) { > > > > > > > > > + log_err("Failed to get the FWU update_index value\n"); > > > > > > > > > + return EFI_DEVICE_ERROR; > > > > > > > > > + } > > > > > > > > > + > > > > > > > > > + image_index_check = false; > > > > > > > > > + fw_accept_os = capsule_data->flags & FW_ACCEPT_OS ? 0x1 : 0x0; > > > > > > > > > + } else { > > > > > > > > > + image_index_check = true; > > > > > > > > > + } > > > > > > > > > > > > > > > > > > /* sanity check */ > > > > > > > > > if (capsule_data->header_size < sizeof(*capsule) || > > > > > > > > > @@ -455,7 +617,8 @@ static efi_status_t efi_capsule_update_firmware( > > > > > > > > > fmp = efi_fmp_find(&image->update_image_type_id, > > > > > > > > > image->update_image_index, > > > > > > > > > image->update_hardware_instance, > > > > > > > > > - handles, no_handles); > > > > > > > > > + handles, no_handles, > > > > > > > > > + image_index_check); > > > > > > > > > if (!fmp) { > > > > > > > > > log_err("FMP driver not found for firmware type %pUs, hardware instance %lld\n", > > > > > > > > > &image->update_image_type_id, > > > > > > > > > @@ -485,8 +648,30 @@ static efi_status_t efi_capsule_update_firmware( > > > > > > > > > goto out; > > > > > > > > > } > > > > > > > > > > > > > > > > > > + if (IS_ENABLED(CONFIG_FWU_MULTI_BANK_UPDATE)) { > > > > > > > > > + /* > > > > > > > > > + * Based on the value of update_image_type_id, > > > > > > > > > + * derive the image index value. This will be > > > > > > > > > + * passed as update_image_index to the > > > > > > > > > + * set_image function. > > > > > > > > > + */ > > > > > > > > > + image_type_id = image->update_image_type_id; > > > > > > > > > + status = fwu_get_image_index(&image_type_id, > > > > > > > > > + update_index, > > > > > > > > > + &image_index); > > > > > > > > > > > > > > > > AS I said in my comment to v9, this function should be moved in FMP driver, > > > > > > > > that is, efi_firmware.c and contained in set_image(). > > > > > > > > > > > > > > Okay. I had replied to your review comment and for this specific > > > > > > > comment, I had mentioned that I would prefer keeping this in the > > > > > > > capsule driver. Since you did not object to that, I was under the > > > > > > > assumption that you are fine with what I had said. > > > > > > > > > > > > > > I looked at moving this to the FMP's set_image function. However, > > > > > > > there is an issue in that the fwu_get_image_index() function needs to > > > > > > > be passed the ImageTypeId GUID value for getting the image index. > > > > > > > However, the set_image function has not been passed this GUID. Unless > > > > > > > we use some global variable, it would not be possible to move this > > > > > > > function to the set_image function. > > > > > > > > > > > > I doubt it. > > > > > > Because FMP driver is looked for with image type id at efi_fmp_find(), > > > > > > it should know who it is. > > > > > > After you change in the past, current FMP drivers, either FIT or RAW, > > > > > > are bound only to a single GUID. Right? > > > > > > > > > > With the recent change that I had made, we do need different GUIDs for > > > > > different images in the capsule, but the FMP instance will be the same > > > > > for all raw images, and similarly for all FIT images. But the > > > > > set_image function does not know for which image the function has been > > > > > called. Multiple images of a given type(raw/FIT) can use the same > > > > > set_image function. > > > > > > > > > > > > > > > > > > > > > > > > > > > You try to use different image_index's to distinguish A and B banks, but > > > > > > > > this kind of usage is quite implementation-dependent since other firmware > > > > > > > > framework may use a different approach to support multiple banks. > > > > > > > > > > > > > > True, but even with this implementation, that underlying framework can > > > > > > > be abstracted. If, in the future, we have an option for multiple > > > > > > > frameworks for performing the update, the fwu_get_image_index() can be > > > > > > > extended to support those multiple framework implementations. The API > > > > > > > > > > > > I can't image how. > > > > > > My point is that a caller of set_image() can and should pass an unique > > > > > > (and the same) index id whether the working firmware is on A or B bank. > > > > > > > > > > We have discussed this earlier as well. What you say is true for the > > > > > normal capsule update. However, for the FWU(A/B) updates, the image > > > > > index is going to be calculated at run-time, based on the > > > > > partition(bank) to which the image needs to be written to. Which is > > > > > > > > It sound weird to me. > > > > If we assume what you said here, FMP driver is expected to handle > > > > a capsule image solely based on "index" but without knowing which type (id) > > > > the image belongs to. > > > > > > I am referring to the set_image(SetImage) FMP function. That is indeed > > > solely based on the image index -- there is no ImageTypeId being > > > passed to the SetImage FMP function. > > > > Before further discussion, let me ask in another way. > > > > What contents do you expect GetImageInfo() returns, in particular, > > for "ImageIndex" for a specific firmware image? > > > > UEFI specification says, in 23.1 Firmware Management Protocol, > > ===(a)=== > > The definition of GET_IMAGE_INFO(): > > DescriptorCount > > A pointer to the location in which firmware returns the number of descriptors or > > firmware images within this device. > > > > ... > > > > The definition of EFI_FIRMWARE_IMAGE_DESCRIPTOR: > > ImageIndex > > A unique number identifying the firmware image within the device. The number is > > between 1 and DescriptorCount. > > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ > > ImageTypeId > > A unique GUID identifying the firmware image type. > > === === > > > > So whatever "ImageTypeId" is, ImageIndex will and can uniquely identify a specific > > firmware image in terms of a table of EFI_FIRMWARE_IMAGE_DESCRIPTOR's which is > > returned by GetImageInfo() of a FMP driver. > > Yes, this is true for the normal capsule update scenario. However, in > the case of A/B updates, the above condition is no longer true. We > will have a single ImageTypeId with multiple ImageIndex values, since > we have multiple banks. And if we have to extrapolate the ImageIndex > of BankB based on the value of ImageIndex in BankA, we will have to > put that restriction on the order of placement of the images on the > storage media -- this would mean that the order of images in all banks > will have to be the same. I don't think you fully understand what I meant to say. As I said in my previous reply, ImageIndex is quite unique enough to distinguish all the firmware images, which is also items in a list of ImageInfo returned by GetImageInfo(), that a given FMP driver can handle. This means that SetImage() doesn't have to take a ImageTypeId as one of arguments, and so there is no reason that might prevent us from calling fwu_get_image_index() in FMP's SetImage(). (i.e. we can drop ImageTypeId from arguments of fwu_get_image_index().) I think that the issue is the only one that you mentioned as your concern. > While in case of FWU A/B updates,we do not > need that restriction, since the FWU metadata does not put any > restriction on placement of images. Which is why the image_index is > being derived at run-time based on the values of ImageTypeId and > update bank. > > Actually, this is something pretty similar to the case of updating FIT > images. Even in case of FIT updates, we use a single image_index(0x1) > for the entire FIT image, and then the actual FIT update code is > figuring out the location of the constituent images at run-time based > on parsing of the FIT header. This is not a fair comparison. As I repeatedly said, FIT FMP driver recognizes a FIT file as a single image in respect of UEFI APIs. How it will handle a capsule is totally up to the driver itself. We don't have to care how it will manage multiple banks internally. -Takahiro Akashi > In the case of FWU(A/B) updates, we > figure out the image_index at run-time based on the values of the > ImageTypeId and the update bank. The way I see it, this is not > affecting the native capsule update code behaviour. Just that in the > case of A/B updates, the way of deriving the ImageIndex is different. > > -sughosh > > > > > Furthermore, > > > > in 23.3 Delivering Capsules Containing Updates to Firmware Management Protocol, > > ===(b)=== > > The definition of EFI_FIRMWARE_MANAGEMENT_CAPSULE_IMAGE_HEADER: > > UpdateImageTypeId > > Used to identify device firmware targeted by this update. This guid is matched by > > system firmware against ImageTypeId field within a > > EFI_FIRMWARE_IMAGE_DESCRIPTOR returned by an instance of > > EFI_FIRMWARE_MANAGEMENT_PROTOCOL.GetImageInfo() in the system. > > UpdateImageIndex > > Passed as ImageIndex in call to EFI_FIRMWARE_MANAGEMENT_PROTOCOL.SetImage() > > ^^^^^^^^^^^^^ > > === === > > > > So I believe that "UpdateImageIndex" in a header of capsule file is expected to be > > passed *directly* to SetImage() as one of arguments, assuming that > > a content of capsule image header is irrelevant to which bank the firmware is to be > > applied at any time. > > > > -Takahiro Akashi > > > > > efi_status_t (EFIAPI *set_image)( > > > struct efi_firmware_management_protocol *this, > > > u8 image_index, > > > const void *image, > > > efi_uintn_t image_size, > > > const void *vendor_code, > > > efi_status_t (*progress)(efi_uintn_t completion), > > > u16 **abort_reason); > > > > > > > I don' think it can be universal assumption for all kind of FMP's. > > > > Why must we have different semantics of set_image() for normal (non-A/B-update) > > > > case and A/B update case? > > > > > > The semantics are not different for set_image() for the two cases. > > > It's just that the image_index value being passed would be different > > > for the A/B update case, since that value is being calculated at > > > run-time. > > > > > > -sughosh > > > > > > > > > > > -Takahiro Akashi > > > > > > > > > > > > > the sole purpose of having the fwu_get_image_index() API. I could have > > > > > moved the function out of the efi_capsule.c to the FMP's set_image > > > > > functions, but like I mentioned earlier, the set_image function does > > > > > not know the ImageTypeId of the image for which it has been called -- > > > > > since the image_index is a parameter being passed to the set_image > > > > > function, we need to compute it earlier, before calling the function. > > > > > > > > > > -sughosh > > > > > > > > > > > > > > > > > I think that all the visible part of A/B update in efi_capsule.c > > > > > > is a handling of accept/revert capsules. > > > > > > > > > > > > -Takahiro Akashi > > > > > > > > > > > > > is just getting the image index for the image payload, and the image > > > > > > > index will remain irrespective of the underlying framework for doing > > > > > > > the updates. > > > > > > > > > > > > > > -sughosh > > > > > > > > > > > > > > > > > > > > > > > Please remember that, from the viewpoint of API, image_index must be unique > > > > > > > > whether it is on A bank or B bank as it is used to identify a specific firmware image > > > > > > > > within a device, not a "physical" location. > > > > > > > > > > > > > > > > Please re-think. > > > > > > > > > > > > > > > > -Takahiro Akashi > > > > > > > > > > > > > > > > > > > > > > > > > + ret = fwu_to_efi_error(status); > > > > > > > > > + if (ret != EFI_SUCCESS) { > > > > > > > > > + log_err("Unable to get the Image Index for the image type %pUs\n", > > > > > > > > > + &image_type_id); > > > > > > > > > + goto out; > > > > > > > > > + } > > > > > > > > > + log_debug("Image Index %u for Image Type Id %pUs\n", > > > > > > > > > + image_index, &image_type_id); > > > > > > > > > + } else { > > > > > > > > > + image_index = image->update_image_index; > > > > > > > > > + } > > > > > > > > > abort_reason = NULL; > > > > > > > > > - ret = EFI_CALL(fmp->set_image(fmp, image->update_image_index, > > > > > > > > > + ret = EFI_CALL(fmp->set_image(fmp, image_index, > > > > > > > > > image_binary, > > > > > > > > > image_binary_size, > > > > > > > > > vendor_code, NULL, > > > > > > > > > @@ -497,6 +682,33 @@ static efi_status_t efi_capsule_update_firmware( > > > > > > > > > efi_free_pool(abort_reason); > > > > > > > > > goto out; > > > > > > > > > } > > > > > > > > > + > > > > > > > > > + if (IS_ENABLED(CONFIG_FWU_MULTI_BANK_UPDATE)) { > > > > > > > > > + if (!fw_accept_os) { > > > > > > > > > + /* > > > > > > > > > + * The OS will not be accepting the firmware > > > > > > > > > + * images. Set the accept bit of all the > > > > > > > > > + * images contained in this capsule. > > > > > > > > > + */ > > > > > > > > > + status = fwu_accept_image(&image_type_id, > > > > > > > > > + update_index); > > > > > > > > > + } else { > > > > > > > > > + status = fwu_clear_accept_image(&image_type_id, > > > > > > > > > + update_index); > > > > > > > > > + } > > > > > > > > > + ret = fwu_to_efi_error(status); > > > > > > > > > + if (ret != EFI_SUCCESS) { > > > > > > > > > + log_err("Unable to %s the accept bit for the image %pUs\n", > > > > > > > > > + fw_accept_os ? "clear" : "set", > > > > > > > > > + &image_type_id); > > > > > > > > > + goto out; > > > > > > > > > + } > > > > > > > > > + > > > > > > > > > + log_debug("%s the accepted bit for Image %pUs\n", > > > > > > > > > + fw_accept_os ? "Cleared" : "Set", > > > > > > > > > + &image_type_id); > > > > > > > > > + } > > > > > > > > > + > > > > > > > > > } > > > > > > > > > > > > > > > > > > out: > > > > > > > > > @@ -1104,6 +1316,9 @@ efi_status_t efi_launch_capsules(void) > > > > > > > > > u16 **files; > > > > > > > > > unsigned int nfiles, index, i; > > > > > > > > > efi_status_t ret; > > > > > > > > > + bool capsule_update = true; > > > > > > > > > + bool update_status = true; > > > > > > > > > + bool fw_accept_os = false; > > > > > > > > > > > > > > > > > > if (check_run_capsules() != EFI_SUCCESS) > > > > > > > > > return EFI_SUCCESS; > > > > > > > > > @@ -1131,12 +1346,19 @@ efi_status_t efi_launch_capsules(void) > > > > > > > > > ret = efi_capsule_read_file(files[i], &capsule); > > > > > > > > > if (ret == EFI_SUCCESS) { > > > > > > > > > ret = efi_capsule_update_firmware(capsule); > > > > > > > > > - if (ret != EFI_SUCCESS) > > > > > > > > > + if (ret != EFI_SUCCESS) { > > > > > > > > > log_err("Applying capsule %ls failed.\n", > > > > > > > > > files[i]); > > > > > > > > > - else > > > > > > > > > + update_status = false; > > > > > > > > > + } else { > > > > > > > > > log_info("Applying capsule %ls succeeded.\n", > > > > > > > > > files[i]); > > > > > > > > > + if (IS_ENABLED(CONFIG_FWU_MULTI_BANK_UPDATE)) { > > > > > > > > > + fwu_post_update_checks(capsule, > > > > > > > > > + &fw_accept_os, > > > > > > > > > + &capsule_update); > > > > > > > > > + } > > > > > > > > > + } > > > > > > > > > > > > > > > > > > /* create CapsuleXXXX */ > > > > > > > > > set_capsule_result(index, capsule, ret); > > > > > > > > > @@ -1144,6 +1366,7 @@ efi_status_t efi_launch_capsules(void) > > > > > > > > > free(capsule); > > > > > > > > > } else { > > > > > > > > > log_err("Reading capsule %ls failed\n", files[i]); > > > > > > > > > + update_status = false; > > > > > > > > > } > > > > > > > > > /* delete a capsule either in case of success or failure */ > > > > > > > > > ret = efi_capsule_delete_file(files[i]); > > > > > > > > > @@ -1151,7 +1374,15 @@ efi_status_t efi_launch_capsules(void) > > > > > > > > > log_err("Deleting capsule %ls failed\n", > > > > > > > > > files[i]); > > > > > > > > > } > > > > > > > > > + > > > > > > > > > efi_capsule_scan_done(); > > > > > > > > > + if (IS_ENABLED(CONFIG_FWU_MULTI_BANK_UPDATE)) { > > > > > > > > > + if (update_status == true && capsule_update == true) { > > > > > > > > > + ret = fwu_post_update_process(fw_accept_os); > > > > > > > > > + } else if (capsule_update == true && update_status == false) { > > > > > > > > > + log_err("All capsules were not updated. Not updating FWU metadata\n"); > > > > > > > > > + } > > > > > > > > > + } > > > > > > > > > > > > > > > > > > for (i = 0; i < nfiles; i++) > > > > > > > > > free(files[i]); > > > > > > > > > diff --git a/lib/fwu_updates/Kconfig b/lib/fwu_updates/Kconfig > > > > > > > > > new file mode 100644 > > > > > > > > > index 0000000000..78759e6618 > > > > > > > > > --- /dev/null > > > > > > > > > +++ b/lib/fwu_updates/Kconfig > > > > > > > > > @@ -0,0 +1,33 @@ > > > > > > > > > +config FWU_MULTI_BANK_UPDATE > > > > > > > > > + bool "Enable FWU Multi Bank Update Feature" > > > > > > > > > + depends on EFI_CAPSULE_ON_DISK > > > > > > > > > + select PARTITION_TYPE_GUID > > > > > > > > > + select EFI_SETUP_EARLY > > > > > > > > > + imply EFI_CAPSULE_ON_DISK_EARLY > > > > > > > > > + select EVENT > > > > > > > > > + help > > > > > > > > > + Feature for updating firmware images on platforms having > > > > > > > > > + multiple banks(copies) of the firmware images. One of the > > > > > > > > > + bank is selected for updating all the firmware components > > > > > > > > > + > > > > > > > > > +config FWU_NUM_BANKS > > > > > > > > > + int "Number of Banks defined by the platform" > > > > > > > > > + depends on FWU_MULTI_BANK_UPDATE > > > > > > > > > + help > > > > > > > > > + Define the number of banks of firmware images on a platform > > > > > > > > > + > > > > > > > > > +config FWU_NUM_IMAGES_PER_BANK > > > > > > > > > + int "Number of firmware images per bank" > > > > > > > > > + depends on FWU_MULTI_BANK_UPDATE > > > > > > > > > + help > > > > > > > > > + Define the number of firmware images per bank. This value > > > > > > > > > + should be the same for all the banks. > > > > > > > > > + > > > > > > > > > +config FWU_TRIAL_STATE_CNT > > > > > > > > > + int "Number of times system boots in Trial State" > > > > > > > > > + depends on FWU_MULTI_BANK_UPDATE > > > > > > > > > + default 3 > > > > > > > > > + help > > > > > > > > > + With FWU Multi Bank Update feature enabled, number of times > > > > > > > > > + the platform is allowed to boot in Trial State after an > > > > > > > > > + update. > > > > > > > > > diff --git a/lib/fwu_updates/Makefile b/lib/fwu_updates/Makefile > > > > > > > > > new file mode 100644 > > > > > > > > > index 0000000000..1993088e5b > > > > > > > > > --- /dev/null > > > > > > > > > +++ b/lib/fwu_updates/Makefile > > > > > > > > > @@ -0,0 +1,7 @@ > > > > > > > > > +# SPDX-License-Identifier: GPL-2.0-or-later > > > > > > > > > +# > > > > > > > > > +# Copyright (c) 2022, Linaro Limited > > > > > > > > > +# > > > > > > > > > + > > > > > > > > > +obj-$(CONFIG_FWU_MULTI_BANK_UPDATE) += fwu.o > > > > > > > > > +obj-$(CONFIG_FWU_MDATA_GPT_BLK) += fwu_gpt.o > > > > > > > > > diff --git a/lib/fwu_updates/fwu.c b/lib/fwu_updates/fwu.c > > > > > > > > > index 32518d6f86..7209000b56 100644 > > > > > > > > > --- a/lib/fwu_updates/fwu.c > > > > > > > > > +++ b/lib/fwu_updates/fwu.c > > > > > > > > > @@ -490,7 +490,30 @@ u8 fwu_update_checks_pass(void) > > > > > > > > > return !trial_state && boottime_check; > > > > > > > > > } > > > > > > > > > > > > > > > > > > +/** > > > > > > > > > + * fwu_trial_state_ctr_start() - Start the Trial State counter > > > > > > > > > + * > > > > > > > > > + * Start the counter to identify the platform booting in the > > > > > > > > > + * Trial State. The counter is implemented as an EFI variable. > > > > > > > > > + * > > > > > > > > > + * Return: 0 if OK, -ve on error > > > > > > > > > + * > > > > > > > > > + */ > > > > > > > > > +int fwu_trial_state_ctr_start(void) > > > > > > > > > +{ > > > > > > > > > + int ret; > > > > > > > > > + u16 trial_state_ctr; > > > > > > > > > + > > > > > > > > > + trial_state_ctr = 0; > > > > > > > > > + ret = trial_counter_update(&trial_state_ctr); > > > > > > > > > + if (ret) > > > > > > > > > + log_err("Unable to initialise TrialStateCtr\n"); > > > > > > > > > + > > > > > > > > > + return ret; > > > > > > > > > +} > > > > > > > > > + > > > > > > > > > static int fwu_boottime_checks(void *ctx, struct event *event) > > > > > > > > > + > > > > > > > > > { > > > > > > > > > int ret; > > > > > > > > > struct udevice *dev; > > > > > > > > > -- > > > > > > > > > 2.34.1 > > > > > > > > >