| Age | Commit message (Collapse) | Author |
|---|
|
When boot_idx differs from active_idx at boot time, it indicates a
rollback scenario where the firmware update failed and the system
reverted to the previous working bank. In this case, mark the failed
bank (active_idx) as invalid to prevent future boot attempts from that
bank.
Signed-off-by: Kory Maincent <[email protected]>
Reviewed-by: Ilias Apalodimas <[email protected]>
Signed-off-by: Ilias Apalodimas <[email protected]>
|
|
FWU metadata information is unavailable for platform-specific
operations since FWU initialization has not yet occurred.
The initialization function is invoked as part of the main
loop event. To address this, the FWU platform hook function
is introduced during FWU initialization, allowing metadata
processing with platform-specific operations.
Signed-off-by: Padmarao Begari <[email protected]>
Link: https://lore.kernel.org/r/[email protected]
Signed-off-by: Michal Simek <[email protected]>
|
|
When in Trial State, the platform keeps a count of the number of times
it has booted in the Trial State. Once the threshold of the maximum
allowed count exceeds, the platform reverts to boot from a different
bank on subsequent boot, thus coming out of the Trial State. It is
expected that all the updated images would be accepted or rejected
while the platform is in Trial State. Put in checks so that it is not
possible to apply an empty capsule once the max Trial Count exceeds.
Signed-off-by: Sughosh Ganu <[email protected]>
Tested-by: Michal Simek <[email protected]>
Signed-off-by: Ilias Apalodimas <[email protected]>
|
|
The platform transitions out of Trial State into the Regular State
only when all the images in the update bank have been accepted. Check
for this condition before transitioning out of Trial State.
Signed-off-by: Sughosh Ganu <[email protected]>
Tested-by: Michal Simek <[email protected]>
Signed-off-by: Ilias Apalodimas <[email protected]>
|
|
Drop all duplicate newlines. No functional change.
Signed-off-by: Marek Vasut <[email protected]>
|
|
With addition of support for version 2 of the FWU metadata structure,
the metadata information is collected into a version agnostic
structure. Make changes to the FWU functions so that the information
that was earlier obtained by reading the metadata structure is now
obtained through this version agnostic structure.
Signed-off-by: Sughosh Ganu <[email protected]>
Tested-by: Michal Simek <[email protected]>
|
|
The capsule update uses the DFU framework for updating
storage. fwu_get_image_index() currently returns the
image_index calculated by (dfu_alt_num + 1), but this is
different from the image_index in UEFI terminology.
Since capsule update implementation calls dfu_write_by_alt
function, it is better that FWU returns the dfu_alt_num.
Signed-off-by: Masahisa Kojima <[email protected]>
Reviewed-by: Ilias Apalodimas <[email protected]>
|
|
Very few of the existing event-spy records use the arguments they are
passed. Update them to use a simple spy instead, to simplify the code.
Where an adaptor function is currently used, remove it where possible.
Signed-off-by: Simon Glass <[email protected]>
|
|
The current CI test worked by sheer luck, the g_dev global pointer
in the fwu library was never initialized and the test equally well
failed on sandbox64. Trigger the main loop in sandbox tests too to
initialize that global state, and move the sandbox specific exit
from fwu_boottime_checks after g_dev is initialized.
Signed-off-by: Marek Vasut <[email protected]>
Acked-by: Sughosh Ganu <[email protected]>
Reviewed-by: Simon Glass <[email protected]>
|
|
It is not visible anywhere in Trial State if this is the first, second, etc
attempt that's why show a message to be aware about status.
Signed-off-by: Michal Simek <[email protected]>
Acked-by: Jassi Brar <[email protected]>
|
|
Current code after capsule update (mtd write) is not changing active_index
in mdata to previous_active_index.
On the reboot this is shown but showing message
"Boot idx 1 is not matching active idx 0, changing active_idx"
which is changing active_idx and writing mdata to flash.
But when this message is visible it is not checking which state that images
are. If they have acceptance bit setup to yes everything is fine and valid
images are booted (doesn't mean the latest one).
But if acceptance bit is no and images are in trial state in_trial variable
is never setup. Which means that from new flashed image stable image can be
rewritten because in_trial is not setup properly.
Signed-off-by: Michal Simek <[email protected]>
Acked-by: Jassi Brar <[email protected]>
|
|
Just like fwu_plat_get_update_index, provide a default/weak
implementation of fwu_plat_get_bootidx. So that most platforms
wouldn't have to re-implement the likely case.
Signed-off-by: Jassi Brar <[email protected]>
|
|
fwu_get_mdata() sounds more appropriate than fwu_get_verified_mdata()
Signed-off-by: Jassi Brar <[email protected]>
Reviewed-by: Etienne Carriere <[email protected]>
Reviewed-by: Ilias Apalodimas <[email protected]>
Tested-by: Sughosh Ganu <[email protected]>
|
|
The common code can now read, verify and fix meta-data copies
while exposing one consistent structure to users.
Only the .read_mdata() and .write_mdata() callbacks of fwu_mdata_ops
are needed. Get rid of .get_mdata() .update_mdata() .get_mdata_part_num()
.read_mdata_partition() and .write_mdata_partition() and also the
corresponding wrapper functions.
Signed-off-by: Jassi Brar <[email protected]>
Reviewed-by: Etienne Carriere <[email protected]>
Reviewed-by: Ilias Apalodimas <[email protected]>
Tested-by: Sughosh Ganu <[email protected]>
|
|
Instead of each i/f having to implement their own meta-data verification
and storage, move the logic in common code. This simplifies the i/f code
much simpler and compact.
Signed-off-by: Jassi Brar <[email protected]>
Reviewed-by: Ilias Apalodimas <[email protected]>
Tested-by: Sughosh Ganu <[email protected]>
|
|
The number of image array entries global variable is required
to support EFI capsule update. This information is exposed as a
num_image_type_guids variable, but this information
should be included in the efi_capsule_update_info structure.
This commit adds the num_images member in the
efi_capsule_update_info structure. All board files supporting
EFI capsule update are updated.
Signed-off-by: Masahisa Kojima <[email protected]>
Reviewed-by: Ilias Apalodimas <[email protected]>
|
|
Add test cases for accessing the FWU Metadata on the sandbox
platform. The sandbox platform also uses the metadata access driver
for GPT partitioned block devices.
The FWU feature will be tested on the sandbox64 variant with a raw
capsule. Remove the FIT capsule testing from sandbox64 defconfig --
the FIT capsule test will be run on the sandbox_flattree variant.
Signed-off-by: Sughosh Ganu <[email protected]>
Suggested-by: Heinrich Schuchardt <[email protected]>
Acked-by: Ilias Apalodimas <[email protected]>
|
|
The FWU Multi Bank Update feature supports updating firmware images
to one of multiple sets(also called banks) of images. The firmware
images are clubbed together in banks, with the system booting images
from the active bank. Information on the images such as which bank
they belong to is stored as part of the metadata structure, which is
stored on the same storage media as the firmware images on a dedicated
partition.
At the time of update, the metadata is read to identify the bank to
which the images need to be flashed(update bank). On a successful
update, the metadata is modified to set the updated bank as active
bank to subsequently boot from.
Signed-off-by: Sughosh Ganu <[email protected]>
Acked-by: Ilias Apalodimas <[email protected]>
|
|
The FWU Multi Bank Update specification requires the Update Agent to
carry out certain checks at the time of platform boot. The Update
Agent is the component which is responsible for updating the firmware
components and maintaining and keeping the metadata in sync.
The spec requires that the Update Agent perform the following checks
at the time of boot
* Sanity check of both the metadata copies maintained by the platform.
* Get the boot index passed to U-Boot by the prior stage bootloader
and use this value for metadata bookkeeping.
* Check if the system is booting in Trial State. If the system boots
in the Trial State for more than a specified number of boot counts,
change the Active Bank to be booting the platform from.
Call these checks through the main loop event at the time of platform
boot.
Signed-off-by: Sughosh Ganu <[email protected]>
Reviewed-by: Etienne Carriere <[email protected]>
Acked-by: Ilias Apalodimas <[email protected]>
|
|
Add weak functions for getting the update index value and dfu
alternate number needed for FWU Multi Bank update
functionality.
The current implementation for getting the update index value is for
platforms with 2 banks. If a platform supports more than 2 banks, it
can implement it's own function. The function to get the dfu alternate
number has been added for platforms with GPT partitioned storage
devices. Platforms with other storage partition scheme need to
implement their own function.
Signed-off-by: Sughosh Ganu <[email protected]>
Reviewed-by: Patrick Delaunay <[email protected]>
Acked-by: Etienne Carriere <[email protected]>
Reviewed-by: Ilias Apalodimas <[email protected]>
|
|
In the FWU Multi Bank Update feature, the information about the
updatable images is stored as part of the metadata, which is stored on
a dedicated partition. Add the metadata structure, and a driver model
uclass which provides functions to access the metadata. These are
generic API's, and implementations can be added based on parameters
like how the metadata partition is accessed and what type of storage
device houses the metadata.
Signed-off-by: Sughosh Ganu <[email protected]>
Reviewed-by: Patrick Delaunay <[email protected]>
|
