Re: [RFC PATCH v3 6/9] FWU: Add boot time checks as highlighted by the FWU specification

public inbox for u-boot@lists.denx.de
 help / color / mirror / Atom feed

From: Ilias Apalodimas <ilias.apalodimas@linaro.org>
To: Sughosh Ganu <sughosh.ganu@linaro.org>
Cc: u-boot@lists.denx.de,
	Masami Hiramatsu <masami.hiramatsu@linaro.org>,
	Patrick Delaunay <patrick.delaunay@foss.st.com>,
	Patrice Chotard <patrice.chotard@foss.st.com>,
	Heinrich Schuchardt <xypron.glpk@gmx.de>,
	Alexander Graf <agraf@csgraf.de>,
	AKASHI Takahiro <takahiro.akashi@linaro.org>,
	Simon Glass <sjg@chromium.org>, Bin Meng <bmeng.cn@gmail.com>,
	Jose Marinho <jose.marinho@arm.com>,
	Grant Likely <grant.likely@arm.com>,
	Tom Rini <trini@konsulko.com>,
	Etienne Carriere <etienne.carriere@linaro.org>
Subject: Re: [RFC PATCH v3 6/9] FWU: Add boot time checks as highlighted by the FWU specification
Date: Fri, 21 Jan 2022 15:15:07 +0200	[thread overview]
Message-ID: <Yeqx2+JzA6RLXKIs@hades> (raw)
In-Reply-To: <20220119185548.16730-7-sughosh.ganu@linaro.org>

Hi Sughosh

[...]

> +#include <efi.h>
> +#include <efi_loader.h>
> +#include <efi_variable.h>
> +#include <fwu.h>
> +#include <fwu_mdata.h>
> +#include <malloc.h>
> +
> +#include <linux/errno.h>
> +#include <linux/types.h>
> +
> +static u8 trial_state = 0;
> +static u8 boottime_check = 0;
> +
> +static int fwu_trial_state_check(void)
> +{
> +	int ret, i;
> +	efi_status_t status;
> +	efi_uintn_t var_size;
> +	u16 trial_state_ctr;
> +	u32 nimages, active_bank, var_attributes, active_idx;
> +	struct fwu_mdata *mdata = NULL;
> +	struct fwu_image_entry *img_entry;
> +	struct fwu_image_bank_info *img_bank_info;
> +
> +	ret = fwu_get_mdata(&mdata);
> +	if (ret < 0)
> +		return ret;
> +
> +	ret = 0;
> +	nimages = CONFIG_FWU_NUM_IMAGES_PER_BANK;
> +	active_bank = mdata->active_index;
> +	img_entry = &mdata->img_entry[0];
> +	for (i = 0; i < nimages; i++) {
> +		img_bank_info = &img_entry[i].img_bank_info[active_bank];
> +		if (!img_bank_info->accepted) {
> +			trial_state = 1;
> +			break;
> +		}
> +	}
> +
> +	if (trial_state) {

That's personal preference and feel free to ignore it,  but I generally
find the code easier to read like 
if (!trial_state)
	do stuff;
	goto out;

<rest of the code follows here>

> +		var_size = (efi_uintn_t)sizeof(trial_state_ctr);
> +		log_info("System booting in Trial State\n");
> +		var_attributes = EFI_VARIABLE_NON_VOLATILE |
> +			EFI_VARIABLE_BOOTSERVICE_ACCESS |
> +			EFI_VARIABLE_RUNTIME_ACCESS;

Do we really need it with runtime access?

> +		status = efi_get_variable_int(L"TrialStateCtr",
> +					      &efi_global_variable_guid,
> +					      &var_attributes,
> +					      &var_size, &trial_state_ctr,
> +					      NULL);
> +		if (status != EFI_SUCCESS) {
> +			log_err("Unable to read TrialStateCtr variable\n");
> +			ret = -1;
> +			goto out;
> +		}
> +
> +		++trial_state_ctr;
> +		if (trial_state_ctr > CONFIG_FWU_TRIAL_STATE_CNT) {
> +			log_info("Trial State count exceeded. Revert back to previous_active_index\n");
> +			active_idx = mdata->active_index;
> +			ret = fwu_revert_boot_index();
> +			if (ret < 0) {
> +				log_err("Unable to revert active_index\n");
> +				goto out;
> +			}
> +
> +			trial_state_ctr = 0;
> +			status = efi_set_variable_int(L"TrialStateCtr",
> +						      &efi_global_variable_guid,
> +						      var_attributes,
> +						      0,
> +						      &trial_state_ctr, false);
> +			if (status != EFI_SUCCESS) {
> +				log_err("Unable to clear TrialStateCtr variable\n");
> +				ret = -1;
> +				goto out;
> +			}
> +		} else {
> +			status = efi_set_variable_int(L"TrialStateCtr",
> +						      &efi_global_variable_guid,
> +						      var_attributes,
> +						      var_size,
> +						      &trial_state_ctr, false);
> +			if (status != EFI_SUCCESS) {
> +				log_err("Unable to increment TrialStateCtr variable\n");
> +				ret = -1;
> +				goto out;
> +			} else {
> +				ret = 0;
> +			}
> +		}
> +	} else {
> +		trial_state_ctr = 0;
> +		ret = 0;
> +		status = efi_set_variable_int(L"TrialStateCtr",
> +					      &efi_global_variable_guid,
> +					      0,
> +					      0, &trial_state_ctr,
> +					      NULL);

We can't completely ignore the failed setvariable here, as it will affect
the entire code path from that point onwards.  Any checks after an update
will fail since the variable wont be there.


> +	}
> +
> +out:
> +	free(mdata);
> +	return ret;
> +}
> +
> +u8 fwu_update_checks_pass(void)
> +{
> +	return !trial_state && boottime_check;
> +}
> +
> +int fwu_boottime_checks(void)
> +{
> +	int ret;
> +	u32 boot_idx, active_idx;
> +
> +	ret = fwu_mdata_check();
> +	if (ret < 0) {
> +		boottime_check = 0;
> +		return 0;
> +	}
> +
> +	/*
> +	 * Get the Boot Index, i.e. the bank from
> +	 * which the platform has booted. This value
> +	 * gets passed from the ealier stage bootloader
> +	 * which booted u-boot, e.g. tf-a. If the
> +	 * boot index is not the same as the
> +	 * active_index read from the FWU metadata,
> +	 * update the active_index.
> +	 */
> +	fwu_plat_get_bootidx(&boot_idx);
> +	if (boot_idx >= CONFIG_FWU_NUM_BANKS) {
> +		log_err("Received incorrect value of boot_index\n");
> +		boottime_check = 0;
> +		return 0;
> +	}
> +
> +	ret = fwu_get_active_index(&active_idx);
> +	if (ret < 0) {
> +		log_err("Unable to read active_index\n");
> +		boottime_check = 0;
> +		return 0;
> +	}
> +
> +	if (boot_idx != active_idx) {
> +		log_info("Boot idx %u is not matching active idx %u, changing active_idx\n",
> +			 boot_idx, active_idx);
> +		ret = fwu_update_active_index(boot_idx);
> +		if (ret < 0)
> +			boottime_check = 0;
> +		else
> +			boottime_check = 1;
> +
> +		return 0;
> +	}
> +
> +	ret = fwu_trial_state_check();
> +	if (ret < 0)
> +		boottime_check = 0;
> +	else
> +		boottime_check = 1;
> +
> +	return 0;
> +}
> -- 

cheers
/Ilias
> 2.17.1
>

next prev parent reply	other threads:[~2022-01-21 13:15 UTC|newest]

Thread overview: 45+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-01-19 18:55 [RFC PATCH v3 0/9] FWU: Add support for FWU Multi Bank Update feature Sughosh Ganu
2022-01-19 18:55 ` [RFC PATCH v3 1/9] FWU: Add FWU metadata structure and functions for accessing metadata Sughosh Ganu
2022-01-20  5:53   ` Masami Hiramatsu
2022-01-24  6:59     ` Sughosh Ganu
2022-01-20  6:05   ` Masami Hiramatsu
2022-01-24  7:07     ` Sughosh Ganu
2022-01-20 12:18   ` Heinrich Schuchardt
2022-01-19 18:55 ` [RFC PATCH v3 2/9] FWU: Add FWU metadata access functions for GPT partitioned block devices Sughosh Ganu
2022-01-20  8:43   ` Masami Hiramatsu
2022-01-24  6:58     ` Sughosh Ganu
2022-01-24  7:17       ` Masami Hiramatsu
2022-01-24  7:38       ` AKASHI Takahiro
2022-01-20 11:27   ` Heinrich Schuchardt
2022-01-21 10:20     ` Sughosh Ganu
2022-01-19 18:55 ` [RFC PATCH v3 3/9] FWU: stm32mp1: Add helper functions for accessing FWU metadata Sughosh Ganu
2022-01-20 10:59   ` Heinrich Schuchardt
2022-01-21 10:05     ` Sughosh Ganu
2022-01-21 11:52   ` Ilias Apalodimas
2022-01-24  2:46   ` Masami Hiramatsu
2022-01-24  7:17     ` Sughosh Ganu
2022-01-19 18:55 ` [RFC PATCH v3 4/9] FWU: STM32MP1: Add support to read boot index from backup register Sughosh Ganu
2022-01-20 12:24   ` Heinrich Schuchardt
2022-01-19 18:55 ` [RFC PATCH v3 5/9] EFI: FMP: Add provision to update image's ImageTypeId in image descriptor Sughosh Ganu
2022-01-20  5:24   ` AKASHI Takahiro
2022-01-21  7:02     ` Sughosh Ganu
2022-01-24  2:33       ` AKASHI Takahiro
2022-01-24  6:27         ` Sughosh Ganu
2022-01-19 18:55 ` [RFC PATCH v3 6/9] FWU: Add boot time checks as highlighted by the FWU specification Sughosh Ganu
2022-01-21 13:15   ` Ilias Apalodimas [this message]
2022-01-19 18:55 ` [RFC PATCH v3 7/9] FWU: Add support for FWU Multi Bank Update feature Sughosh Ganu
2022-01-20  6:07   ` Masami Hiramatsu
2022-01-21  7:17     ` Sughosh Ganu
2022-01-19 18:55 ` [RFC PATCH v3 8/9] FWU: cmd: Add a command to read FWU metadata Sughosh Ganu
2022-01-20 12:28   ` Heinrich Schuchardt
2022-01-19 18:55 ` [RFC PATCH v3 9/9] mkeficapsule: Add support for generating empty capsules Sughosh Ganu
2022-01-20  2:13   ` AKASHI Takahiro
2022-01-21  6:48     ` Sughosh Ganu
2022-01-24  2:08       ` AKASHI Takahiro
2022-01-24  2:48         ` Masami Hiramatsu
2022-01-21 13:00   ` Ilias Apalodimas
2022-01-31 13:17     ` Sughosh Ganu
2022-01-20  5:31 ` [RFC PATCH v3 0/9] FWU: Add support for FWU Multi Bank Update feature AKASHI Takahiro
2022-01-21  7:10   ` Sughosh Ganu
2022-01-20 10:08 ` Heinrich Schuchardt
2022-01-21  7:15   ` Sughosh Ganu

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=Yeqx2+JzA6RLXKIs@hades \
    --to=ilias.apalodimas@linaro.org \
    --cc=agraf@csgraf.de \
    --cc=bmeng.cn@gmail.com \
    --cc=etienne.carriere@linaro.org \
    --cc=grant.likely@arm.com \
    --cc=jose.marinho@arm.com \
    --cc=masami.hiramatsu@linaro.org \
    --cc=patrice.chotard@foss.st.com \
    --cc=patrick.delaunay@foss.st.com \
    --cc=sjg@chromium.org \
    --cc=sughosh.ganu@linaro.org \
    --cc=takahiro.akashi@linaro.org \
    --cc=trini@konsulko.com \
    --cc=u-boot@lists.denx.de \
    --cc=xypron.glpk@gmx.de \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox