On Mon, 26 Sept 2022 at 08:28, Jassi Brar jassisinghbrar@gmail.com wrote:
On Thu, Sep 15, 2022 at 3:15 AM Sughosh Ganu sughosh.ganu@linaro.org wrote: ....
+/**
- @mdata_check: check the validity of the FWU metadata partitions
- @get_mdata() - Get a FWU metadata copy
- @update_mdata() - Update the FWU metadata copy
- */
+struct fwu_mdata_ops {
/*** mdata_check() - Check if the FWU metadata is valid* @dev: FWU device** Validate both copies of the FWU metadata. If one of the copies* has gone bad, restore it from the other bad copy.** Return: 0 if OK, -ve on error*/int (*mdata_check)(struct udevice *dev);Like get_mdata and update_mdata, maybe check_mdata too ?
Okay
.....
+/**
- fwu_get_active_index() - Get active_index from the FWU metadata
- @active_idxp: active_index value to be read
- Read the active_index field from the FWU metadata and place it in
- the variable pointed to be the function argument.
- Return: 0 if OK, -ve on error
- */
+int fwu_get_active_index(u32 *active_idxp);
+/**
- fwu_update_active_index() - Update active_index from the FWU metadata
- @active_idx: active_index value to be updated
- Update the active_index field in the FWU metadata
- Return: 0 if OK, -ve on error
- */
+int fwu_update_active_index(uint active_idx);
maybe fwu_set_active_index ? just like fwu_get_active_index
Okay
.....
+/**
- fwu_revert_boot_index() - Revert the active index in the FWU metadata
- Revert the active_index value in the FWU metadata, by swapping the values
- of active_index and previous_active_index in both copies of the
- FWU metadata.
- Return: 0 if OK, -ve on error
- */
+int fwu_revert_boot_index(void) +{
int ret;u32 cur_active_index;struct udevice *dev;struct fwu_mdata mdata = { 0 };ret = fwu_get_dev_mdata(&dev, &mdata);if (ret)return ret;/** Swap the active index and previous_active_index fields* in the FWU metadata*/cur_active_index = mdata.active_index;mdata.active_index = mdata.previous_active_index;mdata.previous_active_index = cur_active_index;This may cause problems. We are reverting because active_index does not work, and here we set it to previous_active_index which is supposed to mean "last good index". Also this logic assumes a 2-banks setup, and is obviously incorrect for >2 banks where the previous_active_index should point to "boot_index minus 2" bank (but of course there is no guarantee that that bank is preserved still). So either previous_active_index be left changed OR we also copy the previous bank to active bank before the swap.
Sorry, but I don't understand the review comment here. Even in the case of num_banks > 2, this function is simply using the previous_active_index value. It does not care what the previous_active_index value is. If you remember, the setting of the update bank is really a platform function(fwu_plat_get_update_index()). A platform can set any bank number as the update bank. So we cannot tell what the value of the previous_active_index will be. All that this function does is use the previous_active_index as the partition/bank to boot from in the subsequent boot cycle.
.....
+/**
- fwu_accept_image() - Set the Acceptance bit for the image
- @img_type_id: GUID of the image type for which the accepted bit is to be
cleared
- @bank: Bank of which the image's Accept bit is to be set
- Set the accepted bit for the image specified by the img_guid parameter. This
- indicates acceptance of image for subsequent boots by some governing component
- like OS(or firmware).
- Return: 0 if OK, -ve on error
- */
+int fwu_accept_image(efi_guid_t *img_type_id, u32 bank) +{
return fwu_clrset_image_accept(img_type_id, bank,IMAGE_ACCEPT_SET);+}
+/**
- fwu_clear_accept_image() - Clear the Acceptance bit for the image
Something more consistent like fwu_image_accepted_clear() and fwu_image_accepted_set() ?
Umm, the other related API is fwu_accept_image, and this is clearing the accept bit, hence the name. If you don't feel strongly about this, I would prefer the current name.
-sughosh