| Age | Commit message (Collapse) | Author |
|---|
|
Add support for setting OEM flags in the capsule header. As per the
UEFI specification, bits 0-15 of the flags member of the capsule
header can be defined per capsule GUID.
The oemflags will be used for the FWU Multi Bank update feature, as
specified by the Dependable Boot specification[1]. Bit
15 of the flags member will be used to determine if the
acceptance/rejection of the updated images is to be done by the
firmware or an external component like the OS.
[1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf
Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
|
The Dependable Boot specification[1] describes the structure of the
firmware accept and revert capsules. These are empty capsules which
are used for signalling the acceptance or rejection of the updated
firmware by the OS. Add support for generating these empty capsules.
[1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf
Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
|
Add test cases for accessing the FWU Metadata on the sandbox
platform. The sandbox platform also uses the metadata access driver
for GPT partitioned block devices.
The FWU feature will be tested on the sandbox64 variant with a raw
capsule. Remove the FIT capsule testing from sandbox64 defconfig --
the FIT capsule test will be run on the sandbox_flattree variant.
Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
|
Add a command to read the metadata as specified in the FWU
specification and print the fields of the metadata.
Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
|
|
The FWU Multi Bank Update feature supports updating firmware images
to one of multiple sets(also called banks) of images. The firmware
images are clubbed together in banks, with the system booting images
from the active bank. Information on the images such as which bank
they belong to is stored as part of the metadata structure, which is
stored on the same storage media as the firmware images on a dedicated
partition.
At the time of update, the metadata is read to identify the bank to
which the images need to be flashed(update bank). On a successful
update, the metadata is modified to set the updated bank as active
bank to subsequently boot from.
Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
|
The FWU Multi Bank Update specification requires the Update Agent to
carry out certain checks at the time of platform boot. The Update
Agent is the component which is responsible for updating the firmware
components and maintaining and keeping the metadata in sync.
The spec requires that the Update Agent perform the following checks
at the time of boot
* Sanity check of both the metadata copies maintained by the platform.
* Get the boot index passed to U-Boot by the prior stage bootloader
and use this value for metadata bookkeeping.
* Check if the system is booting in Trial State. If the system boots
in the Trial State for more than a specified number of boot counts,
change the Active Bank to be booting the platform from.
Call these checks through the main loop event at the time of platform
boot.
Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
|
Add an event type EVT_MAIN_LOOP that can be used for registering
events that need to be run after the platform has been initialised and
before the main_loop function is called.
Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
|
The FWU Multi Bank Update feature allows the platform to boot the
firmware images from one of the partitions(banks). The first stage
bootloader(fsbl) passes the value of the boot index, i.e. the bank
from which the firmware images were booted from to U-Boot. On the
STM32MP157C-DK2 board, this value is passed through one of the SoC's
backup register. Add a function to read the boot index value from the
backup register.
Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Reviewed-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
|
Add weak functions for getting the update index value and dfu
alternate number needed for FWU Multi Bank update
functionality.
The current implementation for getting the update index value is for
platforms with 2 banks. If a platform supports more than 2 banks, it
can implement it's own function. The function to get the dfu alternate
number has been added for platforms with GPT partitioned storage
devices. Platforms with other storage partition scheme need to
implement their own function.
Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Reviewed-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
|
Enabling capsule update functionality on the platform requires
populating information on the images that are to be updated using the
functionality. Do so for the DK2 board.
Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Reviewed-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
|
|
The FWU metadata structure is accessed through the driver model
interface. On the stm32mp157c dk2 and ev1 boards, the FWU metadata is
stored on the uSD card. Add the fwu-mdata node on the u-boot specifc
dtsi file for accessing the metadata structure.
Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Reviewed-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
|
In the FWU Multi Bank Update feature, the information about the
updatable images is stored as part of the metadata, on a separate
partition. Add a driver for reading from and writing to the metadata
when the updatable images and the metadata are stored on a block
device which is formatted with GPT based partition scheme.
Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Reviewed-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
|
In the FWU Multi Bank Update feature, the information about the
updatable images is stored as part of the metadata, which is stored on
a dedicated partition. Add the metadata structure, and a driver model
uclass which provides functions to access the metadata. These are
generic API's, and implementations can be added based on parameters
like how the metadata partition is accessed and what type of storage
device houses the metadata.
Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Reviewed-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
|
|
Add bindings needed for accessing the FWU metadata partitions. These
include the compatible string which point to the access method and the
actual device which stores the FWU metadata.
The current patch adds basic bindings needed for accessing the
metadata structure on GPT partitioned block devices.
Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
|
To quote Simon:
This series provides an implementation of VBE from TPL through to U-Boot
proper, using VBE to load the relevant firmware stages. It buils a single
image.bin file containing all the phases:
TPL - initial phase, loads VPL using binman symbols
VPL - main firmware phase, loads SPL using VBE parameters
SPL - loads U-Boot proper using VBE parameters
U-Boot - final firmware phase, where OS booting is processed
This series does not include the OS-booting phase. That will be the
subject of a future series.
The implementation is entirely handled by sandbox. It should be possible
to enable this on a real board without much effort, but that is also the
subject of a future series.
|
|
Add a test which checks that VBE boots correctly from TPL through to
U-Boot proper.
Signed-off-by: Simon Glass <sjg@chromium.org>
|
|
Add a VBE comment which shows the current state. Currently this is just
the phases which booted via VBE.
Signed-off-by: Simon Glass <sjg@chromium.org>
|
|
We expect VPL and SPL to load using VBE. Add a record of this so we can
check it in U-Boot proper.
Signed-off-by: Simon Glass <sjg@chromium.org>
|
|
Use a manual test for the VBE test, so we can make the pytest and the
C unit test work together properly.
Signed-off-by: Simon Glass <sjg@chromium.org>
|
|
Add the required Kconfig option so that signatures can be verified when
loading a configuration.
Signed-off-by: Simon Glass <sjg@chromium.org>
|
|
Use binman to build an image which includes all the U-Boot phases so that
a full VBE boot can take place with just that image.bin file. Attach the
image file to mmc2 so it can be loaded.
VBE is used to load images in two phases:
- In VPL, VBE decides which SPL image to load
- In SPL, VBE decides which U-Boot image to load
The latter should really be determined by VPL, since it does the full
signature verification on the selected configuration. However, we have
separate configurations for SPL and U-Boot proper, so for now we keep it
simple and have SPL do its own verification. This will need to be
tidied up later.
Signed-off-by: Simon Glass <sjg@chromium.org>
|
|
At present we put the driver in the /chosen node in U-Boot. This is a bit
strange, since U-Boot doesn't normally use that node itself. It is better
to put it under the bootstd node.
To make this work we need to copy create the node under /chosen when
fixing up the device tree. Copy over all the properties so that fwupd
knows what to do.
Update the sandbox device tree accordingly.
Signed-off-by: Simon Glass <sjg@chromium.org>
|
|
Enable the various features needed in VPL, by adding Kconfig options.
Update the defconfig for sandbox_vpl so that the build for each phase
includes what is needed. Drop LZMA for now and make sure partition support
is omitted in SPL, since it is not needed.
Signed-off-by: Simon Glass <sjg@chromium.org>
|
|
We don't need the U-Boot prefix on the version and in fact it is harmful
since pytest gets confused seeing the U-Boot banner bring displayed when
the version is printed.
Drop the prefix from the string.
We could produce an entirely new string from the component parts, but this
adds to the rodata size and would break the use of version_string as the
only thing which holds this information.
Signed-off-by: Simon Glass <sjg@chromium.org>
|
|
Move this into its own file so it can be built only by U-Boot proper.
Signed-off-by: Simon Glass <sjg@chromium.org>
|
|
Add an SPL loader to obtain the next-phase binary from a FIT provided
by the VBE driver.
Signed-off-by: Simon Glass <sjg@chromium.org>
|
|
VBE supports booting firmware during the SPL phases, i.e. so that VPL can
start SPL and SPL can start U-Boot.
It also supports booting an OS, when in U-Boot.
As a first step towards these features, add functions to indicate the
current VBE phase. The firmware selection is done in VPL and the OS
selection is done in U-Boot proper.
Signed-off-by: Simon Glass <sjg@chromium.org>
|
|
At present sandbox runs the next phase from discrete executables, so for
example u-boot-tpl runs u-boot-vpl to get to the next phase.
In some cases the phases are all built into a single firmware image, as is
done for real boards. Add support for this to sandbox.
Make it higher priority so that it takes precedence over the existing
method.
Signed-off-by: Simon Glass <sjg@chromium.org>
|
|
At present we only support a single loader of each time. Extra ones are
ignored. This means that only one BOOT_DEVICE_BOARD can be used in the SPL
image.
This is inconvenient since we sometimes want to provide several
board-specific drivers, albeit at different priorties. Add support for
this.
This should have no functional change for existing boards.
Signed-off-by: Simon Glass <sjg@chromium.org>
|
|
Optional requests should present a warning rather than an error. Update
the log call.
Signed-off-by: Simon Glass <sjg@chromium.org>
|
|
The vbe_fixup file handles device tree fixups, but these are called OS
requests in VBE. Rename the file to reflect its wider purpose.
Signed-off-by: Simon Glass <sjg@chromium.org>
|
|
Add support for filtering out FIT images by phase. Rather than adding yet
another argument to this already overloaded function, use a composite
value, where the phase is only added in if needed.
The FIT config is still selected (and verified) as normal, but the images
are selected based on the phase.
Tests for this come in a little later, as part of the updated VPL test.
Signed-off-by: Simon Glass <sjg@chromium.org>
|
|
We want to be able to mark an image as related to a phase, so we can
easily load all the images for SPL or for U-Boot proper.
Add this to the FIT specification, along with some access functions.
Signed-off-by: Simon Glass <sjg@chromium.org>
|
|
At present the sandbox executable is assumed to be arg[0] but this only
works for a single jump (e.g. from SPL to U-Boot). Add a new arg to solve
this issue, along with a detailed comment.
Signed-off-by: Simon Glass <sjg@chromium.org>
|
|
At present sandbox only supports jumping to a file, to get to the next
U-Boot phase. We want to support other methods, so update the code to
use an enum for the method. Also use the
Use board_boot_order() to set the order, so we can add more options.
Also add the MMC methods into the BOOT_DEVICE enum so that booting
from MMC can be supported.
Signed-off-by: Simon Glass <sjg@chromium.org>
|
|
Move this comment to the header file, where the APIs should be defined.
Signed-off-by: Simon Glass <sjg@chromium.org>
|
|
This happens every time sandbox moves to the next phase so is not very
interesting. Display the message only when debugging.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
|
When MMC_WRITE is disabled this driver produced a build error. Fix this.
Also update a comment while we are here.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Jaehoon Chung <jh80.chung@samsung.com>
|
|
Use the correct SPL_TPL_ variable so that these features can be enabled in
TPL and VPL as needed.
Disable it by default in TPL to avoid any code-size increase. No boards
are actually using it since the Makefile rules don't allow including
drivers/block/ with TPL_DM enabled. It can be manually enabled as needed.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Jaehoon Chung <jh80.chung@samsung.com>
|
|
Disable debugging by default since this implementation is stable now.
Signed-off-by: Simon Glass <sjg@chromium.org>
|
|
Add test coverage for blk_write() as well.
The blk_erase() is not tested for now as the USB stor interface does not
support erase.
Signed-off-by: Simon Glass <sjg@chromium.org>
|
|
At present we have functions called blk_dread(), etc., which take a
struct blk_desc * to refer to the block device. Add some functions which
use udevice instead, since this is more in keeping with how driver model
is supposed to work.
Update one of the tests to use this.
Note that it would be nice to update the functions in disk-uclass.c to use
these new functions. However they are not quite the same. For example,
disk_blk_read() adds the partition offset to 'start' when calling the
cache read/fill functions, but does not with part_blk_read(), which does
the addition itself. So as designed the code is duplicated.
Signed-off-by: Simon Glass <sjg@chromium.org>
|
|
The use of 'block_dev' in this context is confusing, since it is not a
pointer to a device, just to some information about it. Rename this to
'desc', as is more commonly used, since it is a block descriptor.
Signed-off-by: Simon Glass <sjg@chromium.org>
Acked-by: Heinrich Schuchardt <xypron.glplk@gmx.de>
|
|
Use the uclass type as the first part of the function name, to be
consistent with the methods in other block drivers.
Signed-off-by: Simon Glass <sjg@chromium.org>
|
|
Add a function to init a bootflow, to reduce code duplication.
Signed-off-by: Simon Glass <sjg@chromium.org>
|
|
At present we normally write tests either in Python or in C. But most
Python tests end up doing a lot of checks which would be better done in C.
Checks done in C are orders of magnitude faster and it is possible to get
full access to U-Boot's internal workings, rather than just relying on
the command line.
The model is to have a Python test set up some things and then use C code
(in a unit test) to check that they were done correctly. But we don't want
those checks to happen as part of normal test running, since each C unit
tests is dependent on the associate Python tests, so cannot run without
it.
To acheive this, add a new UT_TESTF_MANUAL flag to use with the C 'check'
tests, so that they can be skipped by default when the 'ut' command is
used. Require that tests have a name ending with '_norun', so that pytest
knows to skip them.
Signed-off-by: Simon Glass <sjg@chromium.org>
|
|
Some tests currently return 0 when they want to be skipped. Update them to
return -EAGAIN instead, so they are counted as skipped.
A few tests are in two parts, with the latter part being skipped in
certain situations. Split these into two and use the correct condition for
the second part.
Signed-off-by: Simon Glass <sjg@chromium.org>
|
|
At present it is possible for a test to skip itself by returning -EAGAIN
but this is not recorded. An existing example is in test_pre_run() with
the "Console recording disabled" check.
Keep a track of skipped tests and report the total at the end.
Signed-off-by: Simon Glass <sjg@chromium.org>
Acked-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
|
In some cases the ELF version of SPL builds may be packaged, rather
than a binary .bin file. Add support for this.
Signed-off-by: Simon Glass <sjg@chromium.org>
|
|
This feature is used by several etypes and we plan to add more that use
it. Make symbol writing a feature of the base class to reduce the code
duplication.
Signed-off-by: Simon Glass <sjg@chromium.org>
|
