From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <u-boot-bounces@lists.denx.de>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from phobos.denx.de (phobos.denx.de [85.214.62.61])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.lore.kernel.org (Postfix) with ESMTPS id BE71AC7EE23
	for <u-boot@archiver.kernel.org>; Mon, 22 May 2023 00:35:55 +0000 (UTC)
Received: from h2850616.stratoserver.net (localhost [IPv6:::1])
	by phobos.denx.de (Postfix) with ESMTP id E2DDD8445D;
	Mon, 22 May 2023 02:35:53 +0200 (CEST)
Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org
Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de
Authentication-Results: phobos.denx.de;
	dkim=pass (2048-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="wKw2THwg";
	dkim-atps=neutral
Received: by phobos.denx.de (Postfix, from userid 109)
 id E39F384659; Mon, 22 May 2023 02:35:52 +0200 (CEST)
Received: from mail-pl1-x62d.google.com (mail-pl1-x62d.google.com
 [IPv6:2607:f8b0:4864:20::62d])
 (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits))
 (No client certificate requested)
 by phobos.denx.de (Postfix) with ESMTPS id 50BDB82A18
 for <u-boot@lists.denx.de>; Mon, 22 May 2023 02:35:50 +0200 (CEST)
Authentication-Results: phobos.denx.de;
 dmarc=pass (p=none dis=none) header.from=linaro.org
Authentication-Results: phobos.denx.de;
 spf=pass smtp.mailfrom=takahiro.akashi@linaro.org
Received: by mail-pl1-x62d.google.com with SMTP id
 d9443c01a7336-1ae7dd22ea1so4087525ad.1
 for <u-boot@lists.denx.de>; Sun, 21 May 2023 17:35:50 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=linaro.org; s=google; t=1684715748; x=1687307748;
 h=in-reply-to:content-disposition:mime-version:references
 :mail-followup-to:message-id:subject:cc:to:from:date:from:to:cc
 :subject:date:message-id:reply-to;
 bh=9lJX3B/nsYPQAH8ZJt9TEe+2Z5N4dHOZNk4YslUtioU=;
 b=wKw2THwgFK2LAMG2LmrwZ0OPOJzSTZDAXp3IiyeODruLW4zJ9nI8QGjgI0SuSESBl7
 KkK3GZTld0ER7HOPL3LQF+Dj1kUFK1Iu9cbUuKL1NeTNJ/ammLKBY8fBuYoQt8X/guMG
 YPk/3aEurEYzlWlfV3tak1AU/v3kMq79eGHOTPCqUgXEtDStf6WvNCprcPvEq1nLjDy2
 R+eSRUiwnjHgYr2joYohiALvBn+2XnCq1bLM3PZ0x4sKydI5lSd/OeEbxL9PoIp8mwjK
 RJvByb73UXGKijMYTrHug0wwvdLot+cyayTUWxA/3rnF15zYHr/HatQj2+cPBHjEZ2dC
 x+/A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20221208; t=1684715748; x=1687307748;
 h=in-reply-to:content-disposition:mime-version:references
 :mail-followup-to:message-id:subject:cc:to:from:date
 :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
 bh=9lJX3B/nsYPQAH8ZJt9TEe+2Z5N4dHOZNk4YslUtioU=;
 b=il3C5bmb+hIX6bqw+v4nYDYig5HTh4XVMqJB42wym4BqfNLrJ0LZh75TuYVWyjv++b
 cxXUWu0JQdOxpBB+QCJRUm9HZ1DHmmkVU4ZM66XlZMLf/MaoLVthBem3cLF/Ia6Yv8Fs
 EaueauiihGQ/UqRsQxCm6mlgoi9ZUep3zuycmqhgssRWzJJ2lOYzqRh19m3JGApRlxTR
 RC9eAqH7SVQgFwE4U+Wd3P5LbJ5VK4XYH7bLug/WSJ5p9P2SQ3uirmoSrC7yMUmXVKP/
 oLeGiFzD3DmFI5rFM/l9wj74NLNfVa/7mTl+OigCcTUD7gRt1JdSgHpYieDxljzbnVW0
 QDfw==
X-Gm-Message-State: AC+VfDzOO4rZjIBrxcXKqFDIbS02/bUhPLibfaLulfKt5Kpk9d+MvOHu
 fYSxlGduns8yXeBp1dmFNE9VNw==
X-Google-Smtp-Source: ACHHUZ5S0n7y9yqnKZHyBaipbcvEBKWteMykkBKW0HFOtHugjo2i20dVxhL8pgOiCBV0BWXYVG8DCA==
X-Received: by 2002:a17:902:ced0:b0:1af:adc2:ab5b with SMTP id
 d16-20020a170902ced000b001afadc2ab5bmr2410320plg.0.1684715748509; 
 Sun, 21 May 2023 17:35:48 -0700 (PDT)
Received: from laputa ([2400:4050:c3e1:100:2448:ce5f:9dc0:677b])
 by smtp.gmail.com with ESMTPSA id
 jf5-20020a170903268500b001a800e03cf9sm3469903plb.256.2023.05.21.17.35.45
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Sun, 21 May 2023 17:35:47 -0700 (PDT)
Date: Mon, 22 May 2023 09:35:43 +0900
From: Takahiro Akashi <takahiro.akashi@linaro.org>
To: Masahisa Kojima <masahisa.kojima@linaro.org>
Cc: u-boot@lists.denx.de, Heinrich Schuchardt <xypron.glpk@gmx.de>,
 Ilias Apalodimas <ilias.apalodimas@linaro.org>,
 Simon Glass <sjg@chromium.org>
Subject: Re: [PATCH v6 7/8] doc: uefi: add firmware versioning documentation
Message-ID: <20230522003543.GB10198@laputa>
Mail-Followup-To: Takahiro Akashi <takahiro.akashi@linaro.org>,
 Masahisa Kojima <masahisa.kojima@linaro.org>, u-boot@lists.denx.de,
 Heinrich Schuchardt <xypron.glpk@gmx.de>,
 Ilias Apalodimas <ilias.apalodimas@linaro.org>,
 Simon Glass <sjg@chromium.org>
References: <20230519103214.1239656-1-masahisa.kojima@linaro.org>
 <20230519103214.1239656-8-masahisa.kojima@linaro.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20230519103214.1239656-8-masahisa.kojima@linaro.org>
X-BeenThere: u-boot@lists.denx.de
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: U-Boot discussion <u-boot.lists.denx.de>
List-Unsubscribe: <https://lists.denx.de/options/u-boot>,
 <mailto:u-boot-request@lists.denx.de?subject=unsubscribe>
List-Archive: <https://lists.denx.de/pipermail/u-boot/>
List-Post: <mailto:u-boot@lists.denx.de>
List-Help: <mailto:u-boot-request@lists.denx.de?subject=help>
List-Subscribe: <https://lists.denx.de/listinfo/u-boot>,
 <mailto:u-boot-request@lists.denx.de?subject=subscribe>
Errors-To: u-boot-bounces@lists.denx.de
Sender: "U-Boot" <u-boot-bounces@lists.denx.de>
X-Virus-Scanned: clamav-milter 0.103.8 at phobos.denx.de
X-Virus-Status: Clean

On Fri, May 19, 2023 at 07:32:13PM +0900, Masahisa Kojima wrote:
> This commit describes the procedure to add the firmware version
> into the capsule file.
> 
> Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
> ---
> Newly created in v6
> 
>  doc/develop/uefi/uefi.rst | 29 +++++++++++++++++++++++++++++
>  1 file changed, 29 insertions(+)
> 
> diff --git a/doc/develop/uefi/uefi.rst b/doc/develop/uefi/uefi.rst
> index ffe25ca231..efab0fc7b1 100644
> --- a/doc/develop/uefi/uefi.rst
> +++ b/doc/develop/uefi/uefi.rst
> @@ -510,6 +510,35 @@ where signature.dts looks like::
>              };
>      };
>  
> +Enabling Firmware Versioning
> +****************************
> +
> +The UEFI specification does not define the firmware versioning mechanism.
> +EDK II reference implementation inserts the FMP Payload Header right before
> +the payload. It coutains the fw_version and lowest supported version,
> +EDK II reference implementation uses these information to implement the
> +firmware versioning and anti-rollback protection, the firmware version and
> +lowest supported version is stored into EFI non-volatile variable.
> +
> +In U-Boot, the firmware versioning is implemented utilizing
> +the FMP Payload Header same as EDK II reference implementation,
> +reads the FMP Payload Header and stores the firmware version into
> +"FmpStateXXXX" EFI non-volatile variable. XXXX indicates the image index,
> +since FMP protocol handles multiple image indexes.

I suggested that you should use "FmState" with the firmware's own guid
as a vendor guid of the variable.
In theory, UEFI may have different FMP drivers, then "index id" may
have the same value for different firmwares.

> +
> +1. Run the following command to add firmware version into the capsule file

Anyhow, you'd better clearly mention that an user needs to specify
"--fw-version" option and what happens (or not happen) if the option
is not there.
I think all the text here can be simply merged in "Creating a capsule file".

-Takahiro Akashi


> +.. code-block:: console
> +
> +    $ mkeficapsule --monotonic-count 1 \
> +      --private-key CRT.key \
> +      --certificate CRT.crt \
> +      --index 1 --instance 0 \
> +      --fw-version 5 \
> +      [--fit | --raw | --guid <guid-string] \
> +      <image_blob> <capsule_file_name>
> +
>  Executing the boot manager
>  ~~~~~~~~~~~~~~~~~~~~~~~~~~
>  
> -- 
> 2.17.1
>