The auto-update feature allows to automatically download software updates from a TFTP server and store them in Flash memory during boot. Updates are contained in a FIT file and protected with SHA-1 checksum.
More detailed description can be found in doc/README.au_tftp
Signed-off-by: Rafal Czubak rcz@semihalf.com Signed-off-by: Bartlomiej Sieka tur@semihalf.com --- README | 12 ++ common/Makefile | 1 + common/au_tftp.c | 279 +++++++++++++++++++++++++++++++++++++++ common/main.c | 7 + doc/README.au_tftp | 89 +++++++++++++ doc/uImage.FIT/update3.its | 41 ++++++ doc/uImage.FIT/update_uboot.its | 21 +++ 7 files changed, 450 insertions(+), 0 deletions(-) create mode 100644 common/au_tftp.c create mode 100644 doc/README.au_tftp create mode 100644 doc/uImage.FIT/update3.its create mode 100644 doc/uImage.FIT/update_uboot.its
diff --git a/README b/README index ccd839c..23516eb 100644 --- a/README +++ b/README @@ -1737,6 +1737,14 @@ The following options need to be configured: example, some LED's) on your board. At the moment, the following checkpoints are implemented:
+- Automatic software updates via TFTP server + CONFIG_AU_TFTP + CONFIG_AU_TFTP_CNT_MAX + CONFIG_AU_TFTP_SEC_MAX + + These options enable and control the auto-update feature; + for a more detailed description refer to doc/README.au_tftp. + Legacy uImage format:
Arg Where When @@ -2811,6 +2819,10 @@ Some configuration options can be set using Environment Variables: allowed for use by the bootm command. See also "bootm_low" environment variable.
+ auto-update - Location of the sofware update file on a TFTP server, used + by the automatic software update feature. Please refer to + documentation in doc/README.au_tftp for more details. + autoload - if set to "no" (any string beginning with 'n'), "bootp" will just load perform a lookup of the configuration from the BOOTP server, but not try to diff --git a/common/Makefile b/common/Makefile index 8bddf8e..96850b2 100644 --- a/common/Makefile +++ b/common/Makefile @@ -155,6 +155,7 @@ COBJS-$(CONFIG_LCD) += lcd.o COBJS-$(CONFIG_LYNXKDI) += lynxkdi.o COBJS-$(CONFIG_USB_KEYBOARD) += usb_kbd.o COBJS-$(CONFIG_DDR_SPD) += ddr_spd.o +COBJS-$(CONFIG_AU_TFTP) += au_tftp.o
COBJS := $(sort $(COBJS-y)) SRCS := $(AOBJS:.o=.S) $(COBJS:.o=.c) diff --git a/common/au_tftp.c b/common/au_tftp.c new file mode 100644 index 0000000..7dfecab --- /dev/null +++ b/common/au_tftp.c @@ -0,0 +1,279 @@ +/* + * (C) Copyright 2008 Semihalf + * + * Written by: Rafal Czubak rcz@semihalf.com + * Bartlomiej Sieka tur@semihalf.com + * + * See file CREDITS for list of people who contributed to this + * project. + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License as + * published by the Free Software Foundation; either version 2 of + * the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, + * MA 02111-1307 USA + * + */ + +#include <common.h> + +#if !(defined(CONFIG_FIT) && defined(CONFIG_OF_LIBFDT)) +#error "CONFIG_FIT and CONFIG_OF_LIBFDT are required for auto-update feature" +#endif + +#if defined(CFG_NO_FLASH) +#error "CFG_NO_FLASH defined, but FLASH is required for auto-update feature" +#endif + +#include <command.h> +#include <flash.h> +#include <net.h> + +/* env variable holding the location of the update file */ +#define AU_FILE_ENV "auto-update" +#define AU_NETRETRY_LEN 10 + +/* set configuration defaults if needed */ +#ifndef CONFIG_AU_LOAD_ADDR +#define CONFIG_AU_LOAD_ADDR 0x100000 +#endif + +#ifndef CONFIG_AU_TFTP_SEC_MAX +#define CONFIG_AU_TFTP_SEC_MAX 1 +#endif + +#ifndef CONFIG_AU_TFTP_CNT_MAX +#define CONFIG_AU_TFTP_CNT_MAX 0 +#endif + +extern ulong TftpRRQTimeoutSecs; +extern int TftpRRQTimeoutCountMax; +extern flash_info_t flash_info[]; +extern ulong load_addr; + + +static int au_load(char *filename, ulong sec_max, int cnt_max, uint32_t addr) +{ + int size, rv; + ulong saved_timeout_secs; + int saved_timeout_count; + char saved_netretry[AU_NETRETRY_LEN]; + char *netretry; + + rv = 0; + /* save used globals and env variable */ + saved_timeout_secs = TftpRRQTimeoutSecs; + saved_timeout_count = TftpRRQTimeoutCountMax; + + memset(&saved_netretry, 0, AU_NETRETRY_LEN); + if ((netretry = getenv("netretry")) != NULL) { + if (strlen(netretry) >= AU_NETRETRY_LEN) + printf("netretry value too long, won't be restored\n"); + else + strncpy(saved_netretry, netretry, AU_NETRETRY_LEN - 1); + } + + /* set timeouts for auto-update */ + TftpRRQTimeoutSecs = sec_max; + TftpRRQTimeoutCountMax = cnt_max; + + /* we don't want to retry the connection if errors occur */ + setenv("netretry", "no"); + + /* download the update file */ + load_addr = addr; + copy_filename(BootFile, filename, sizeof(BootFile)); + size = NetLoop(TFTP); + + if (size < 0) + rv = 1; + else if (size > 0) + flush_cache(addr, size); + + /* restore changed globals and env variable */ + TftpRRQTimeoutSecs = saved_timeout_secs; + TftpRRQTimeoutCountMax = saved_timeout_count; + + if (saved_netretry[0] != '\0') + setenv("netretry", saved_netretry); + else + setenv("netretry", NULL); + + return rv; +} + +static int au_flash(uint32_t addr_source, uint32_t addr_first, uint32_t size) +{ + uint32_t addr_last, bank, sector_end_addr; + flash_info_t *info; + char found; + int i; + + /* compute correct addr_last */ + addr_last = addr_first + size - 1; + + if (addr_first >= addr_last) { + printf("Error: end address exceeds addressing space\n"); + return 1; + } + + /* + * It may happen that addr_last doesn't fall on the sector + * boundary. We want to round such an address to the next + * sector boundary, so that the commands don't fail later on. + */ + + /* find the end addr of the sector where the addr_last is */ + found = 0; + for (bank = 0; bank < CFG_MAX_FLASH_BANKS && !found; ++bank) { + info = &flash_info[bank]; + for (i = 0; i < info->sector_count && !found; ++i) { + /* get the end address of the sector */ + if (i == info->sector_count - 1) + sector_end_addr = info->start[0] + + info->size - 1; + else + sector_end_addr = info->start[i+1] - 1; + + if (addr_last <= sector_end_addr && + addr_last >= info->start[i]) { + found = 1; + /* adjust addr_last if necessary */ + if (addr_last < sector_end_addr) + addr_last = sector_end_addr; + } + } + } + if (!found) { + printf("Error: end address (0x%08x) not in flash!\n", + addr_last); + return 1; + } + + /* remove protection on processed sectors */ + if (flash_sect_protect(0, addr_first, addr_last) > 0) { + printf("Error: could not unprotect flash sectors\n"); + return 1; + } + + printf("Erasing 0x%08x - 0x%08x", addr_first, addr_last); + if (flash_sect_erase(addr_first, addr_last) > 0) { + printf("Error: could not erase flash\n"); + return 1; + } + + printf("Copying to flash..."); + if (flash_write((char *)addr_source, addr_first, size) > 0) { + printf("Error: could not copy to flash\n"); + return 1; + } + printf("done\n"); + + /* enable protection on processed sectors */ + if (flash_sect_protect(1, addr_first, addr_last) > 0) { + printf("Error: could not protect flash sectors\n"); + return 1; + } + + return 0; +} + +static int au_fit_getparams(const void *fit, int noffset, uint32_t *addr, + uint32_t *fladdr, uint32_t *size) +{ + const void *data; + + if (fit_image_get_data(fit, noffset, &data, (size_t *)size)) + return 1; + + if (fit_image_get_load(fit, noffset, (ulong *)fladdr)) + return 1; + + *addr = (uint32_t)data; + + return 0; +} + +void au_tftp(void) +{ + char *filename, *env_addr; + int images_noffset, ndepth, noffset; + static uint32_t update_addr, update_fladdr, update_size; + ulong addr; + void *fit; + + printf("Auto-update from TFTP: "); + + /* get the file name of the update file */ + filename = getenv(AU_FILE_ENV); + if (filename == NULL) { + printf("failed, env. variable '%s' not found\n", AU_FILE_ENV); + return; + } + + printf("trying update file '%s'\n", filename); + + /* get load address of downloaded update file */ + if ((env_addr = getenv("loadaddr")) != NULL) + addr = simple_strtoul(env_addr, NULL, 16); + else + addr = CONFIG_AU_LOAD_ADDR; + + + if (au_load(filename, CONFIG_AU_TFTP_SEC_MAX, + CONFIG_AU_TFTP_CNT_MAX, addr)) { + printf("Can't load update file, aborting auto-update\n"); + return; + } + + fit = (void *)addr; + + if (!fit_check_format((void *)fit)) { + printf("Bad FIT format of the update file, aborting " + "auto-update\n"); + return; + } + + /* process updates */ + images_noffset = fdt_path_offset(fit, FIT_IMAGES_PATH); + + ndepth = 0; + noffset = fdt_next_node(fit, images_noffset, &ndepth); + while (noffset >= 0 && ndepth > 0) { + if (ndepth != 1) + goto next_node; + + printf("Processing update '%s' :", + fit_get_name(fit, noffset, NULL)); + + if (!fit_image_check_hashes(fit, noffset)) { + printf("Error: invalid update hash, aborting\n"); + goto next_node; + } + + printf("\n"); + if (au_fit_getparams(fit, noffset, &update_addr, + &update_fladdr, &update_size)) { + printf("Error: can't get update parameteres, " + "aborting\n"); + goto next_node; + } + if (au_flash(update_addr, update_fladdr, update_size)) { + printf("Error: can't flash update, aborting\n"); + goto next_node; + } +next_node: + noffset = fdt_next_node(fit, noffset, &ndepth); + } + + return; +} diff --git a/common/main.c b/common/main.c index 187ef8a..0d28eb4 100644 --- a/common/main.c +++ b/common/main.c @@ -56,6 +56,9 @@ extern int do_reset (cmd_tbl_t *cmdtp, int flag, int argc, char *argv[]); /* fo
extern int do_bootd (cmd_tbl_t *cmdtp, int flag, int argc, char *argv[]);
+#if defined(CONFIG_AU_TFTP) +void au_tftp (void); +#endif /* CONFIG_AU_TFTP */
#define MAX_DELAY_STOP_STR 32
@@ -290,6 +293,10 @@ void main_loop (void) char bcs_set[16]; #endif /* CONFIG_BOOTCOUNT_LIMIT */
+#if defined(CONFIG_AU_TFTP) + au_tftp (); +#endif /* CONFIG_AU_TFTP */ + #if defined(CONFIG_VFD) && defined(VFD_TEST_LOGO) ulong bmp = 0; /* default bitmap */ extern int trab_vfd (ulong bitmap); diff --git a/doc/README.au_tftp b/doc/README.au_tftp new file mode 100644 index 0000000..a2529fb --- /dev/null +++ b/doc/README.au_tftp @@ -0,0 +1,89 @@ +Automatic software update from a TFTP server +============================================ + +Overview +-------- + +This feature allows to automatically store software updates present on a TFTP +server in NOR Flash. In more detail: a TFTP transfer of a file given in +environment variable 'auto-update' from server 'serverip' is attempted during +boot. The update file should be a FIT file, and can contain one or more +updates. Each update in the update file has an address in NOR Flash where it +should be placed, updates are also protected with a SHA-1 checksum. If the +TFTP transfer is successful, the hash of each update is verified, and if the +verification is positive, the update is stored in Flash. + +The auto-update feature is enabled by the CONFIG_AU_TFTP macro: + +#define CONFIG_AU_TFTP 1 + + +Note that when enabling auto-update, Flash support must be turned on. Also, +one must enable FIT and LIBFDT support: + +#define CONFIG_FIT 1 +#define CONFIG_OF_LIBFDT 1 + +The auto-update feature uses the following configuration knobs: + +- CONFIG_AU_LOAD_ADDR + + Normally, TFTP transfer of the update file is done to the address specified + in environment variable 'loadaddr'. If this variable is not present, the + transfer is made to the address given in CONFIG_AU_LOAD_ADDR (0x100000 by + default). + +- CONFIG_AU_TFTP_CNT_MAX + CONFIG_AU_TFTP_SEC_MAX + + These knobs control the timeouts during initial connection to the TFTP + server. Since a transfer is attempted during each boot, it is undesirable to + have a long delay when a TFTP server is not present. CONFIG_AU_TFTP_SEC_MAX + specifies the number of seconds to wait for the server to respond to initial + connection, and CONFIG_AU_TFTP_CNT_MAX gives the number of such connection + retries. CONFIG_AU_TFTP_CNT_MAX must be non-negative and is 0 by default, + CONFIG_AU_TFTP_SEC_MAX must be positive and is 1 by default. + +Since the update file is in FIT format, it is created from an *.its file using +the mkimage tool. dtc tool with support for binary includes, e.g. in version +1.2.0 or later, must also be available on the system where the update file is +to be prepared. Refer to the doc/uImage.FIT/ directory for more details on FIT +images. + + +Example .its files +------------------ + +- doc/uImage.FIT/update_uboot.its + + A simple example that can be used to create an update file for automatically + replacing U-Boot image on a system. + + Assuming that an U-Boot image u-boot.bin is present in the current working + directory, and that the address given in the 'load' property in the + 'update_uboot.its' file is where the U-Boot is stored in Flash, the + following command will create the actual update file 'update_uboot.itb': + + mkimage -f update_uboot.its update_uboot.itb + + Place 'update_uboot.itb' on a TFTP server, for example as + '/tftpboot/update_uboot.itb', and set the 'auto-update' variable + appropriately, for example in the U-Boot prompt: + + setenv auto-update /tftpboot/update_uboot.itb + saveenv + + Now, when the system boots up and the update TFTP server specified in the + 'serverip' environment variable is accessible, the new U-Boot image will be + automatically stored in Flash. + + NOTE: do make sure that the 'u-boot.bin' image used to create the update + file is a good, working image. Also make sure that the address in Flash + where the update will be placed is correct. Making mistake here and + attempting the auto-update can render the system unusable. + +- doc/uImage.FIT/update3.its + + An example containing three updates. It can be used to update Linux kernel, + ramdisk and FDT blob stored in Flash. The procedure for preparing the update + file is similar to the example above. diff --git a/doc/uImage.FIT/update3.its b/doc/uImage.FIT/update3.its new file mode 100644 index 0000000..285cf73 --- /dev/null +++ b/doc/uImage.FIT/update3.its @@ -0,0 +1,41 @@ +/* + * Example Automatic software update file. + */ +/ { + description = "Automatic software updates: kernel, ramdisk, FDT"; + #address-cells = <1>; + + images { + update@1 { + description = "Linux kernel binary"; + data = /incbin/("./vmlinux.bin.gz"); + compression = "none"; + type = "firmware"; + load = <FF700000>; + hash@1 { + algo = "sha1"; + }; + }; + update@2 { + description = "Ramdisk image"; + data = /incbin/("./ramdisk_image.gz"); + compression = "none"; + type = "firmware"; + load = <FF8E0000>; + hash@1 { + algo = "sha1"; + }; + }; + + update@3 { + description = "FDT blob"; + data = /incbin/("./blob.fdt"); + compression = "none"; + type = "firmware"; + load = <FFAC0000>; + hash@1 { + algo = "sha1"; + }; + }; + }; +}; diff --git a/doc/uImage.FIT/update_uboot.its b/doc/uImage.FIT/update_uboot.its new file mode 100644 index 0000000..e0d27ea --- /dev/null +++ b/doc/uImage.FIT/update_uboot.its @@ -0,0 +1,21 @@ +/* + * Automatic software update for U-Boot + * Make sure the flashing addresses ('load' prop) is correct for your board! + */ +/ { + description = "Automatic U-Boot update"; + #address-cells = <1>; + + images { + update@1 { + description = "U-Boot binary"; + data = /incbin/("./u-boot.bin"); + compression = "none"; + type = "firmware"; + load = <FFFC0000>; + hash@1 { + algo = "sha1"; + }; + }; + }; +};