On 1/19/22 19:55, Sughosh Ganu wrote:
In the FWU Multi Bank Update feature, the information about the updatable images is stored as part of the metadata, on a separate partition. Add functions for reading from and writing to the metadata when the updatable images and the metadata are stored on a block device which is formated with GPT based partition scheme.
Signed-off-by: Sughosh Ganu sughosh.ganu@linaro.org
Will a GPT partition remain the only place to store that information? Should this be implemented according to the dirver model?
Changes since V2:
Move the function definition of fwu_verify_mdata to fwu_mdata.c to facilitate reuse
Remove the block device specific desc->devnum parameter for the fwu_plat_get_alt_num function call
include/fwu.h | 1 + include/fwu_mdata.h | 2 + lib/fwu_updates/fwu_mdata.c | 29 ++ lib/fwu_updates/fwu_mdata_gpt_blk.c | 520 ++++++++++++++++++++++++++++ 4 files changed, 552 insertions(+) create mode 100644 lib/fwu_updates/fwu_mdata_gpt_blk.c
diff --git a/include/fwu.h b/include/fwu.h index acba725bc8..12f7eecdb0 100644 --- a/include/fwu.h +++ b/include/fwu.h @@ -53,6 +53,7 @@ int fwu_get_active_index(u32 *active_idx); int fwu_update_active_index(u32 active_idx); int fwu_get_image_alt_num(efi_guid_t image_type_id, u32 update_bank, int *alt_num); +int fwu_verify_mdata(struct fwu_mdata *mdata, bool pri_part); int fwu_mdata_check(void); int fwu_revert_boot_index(void); int fwu_accept_image(efi_guid_t *img_type_id, u32 bank); diff --git a/include/fwu_mdata.h b/include/fwu_mdata.h index d788eb69e7..53e39f9af6 100644 --- a/include/fwu_mdata.h +++ b/include/fwu_mdata.h @@ -64,4 +64,6 @@ struct fwu_mdata { struct fwu_image_entry img_entry[CONFIG_FWU_NUM_IMAGES_PER_BANK]; } __attribute__((__packed__));
+extern struct fwu_mdata_ops fwu_gpt_blk_ops;
- #endif /* _FWU_MDATA_H_ */
diff --git a/lib/fwu_updates/fwu_mdata.c b/lib/fwu_updates/fwu_mdata.c index 58e838fe28..252fcf50f6 100644 --- a/lib/fwu_updates/fwu_mdata.c +++ b/lib/fwu_updates/fwu_mdata.c @@ -25,6 +25,35 @@ static struct fwu_mdata_ops *get_fwu_mdata_ops(void) return ops; }
+/**
- fwu_verify_mdata() - Verify the FWU metadata
- @mdata: FWU metadata structure
- @pri_part: FWU metadata partition is primary or secondary
- Verify the FWU metadata by computing the CRC32 for the metadata
- structure and comparing it against the CRC32 value stored as part
- of the structure.
- Return: 0 if OK, -ve on error
- */
+int fwu_verify_mdata(struct fwu_mdata *mdata, bool pri_part) +{
- u32 calc_crc32;
- void *buf;
- buf = &mdata->version;
- calc_crc32 = crc32(0, buf, sizeof(*mdata) - sizeof(u32));
CRC32 does not offer any security against manipulation. What are the security implications?
Best regards
Heinrich
- if (calc_crc32 != mdata->crc32) {
log_err("crc32 check failed for %s FWU metadata partition\n",pri_part ? "primary" : "secondary");return -1;- }
- return 0;
+}
- /**
- fwu_get_active_index() - Get active_index from the FWU metadata
- @active_idx: active_index value to be read
diff --git a/lib/fwu_updates/fwu_mdata_gpt_blk.c b/lib/fwu_updates/fwu_mdata_gpt_blk.c new file mode 100644 index 0000000000..cb47ddf4a7 --- /dev/null +++ b/lib/fwu_updates/fwu_mdata_gpt_blk.c @@ -0,0 +1,520 @@ +// SPDX-License-Identifier: GPL-2.0+ +/*
- Copyright (c) 2021, Linaro Limited
- */
+#include <blk.h> +#include <efi_loader.h> +#include <fwu.h> +#include <fwu_mdata.h> +#include <log.h> +#include <malloc.h> +#include <memalign.h> +#include <part.h> +#include <part_efi.h>
+#include <linux/errno.h> +#include <linux/types.h> +#include <u-boot/crc.h>
+#define PRIMARY_PART BIT(0) +#define SECONDARY_PART BIT(1) +#define BOTH_PARTS (PRIMARY_PART | SECONDARY_PART)
+#define MDATA_READ BIT(0) +#define MDATA_WRITE BIT(1)
+#define IMAGE_ACCEPT_SET BIT(0) +#define IMAGE_ACCEPT_CLEAR BIT(1)
+static int gpt_get_mdata_partitions(struct blk_desc *desc,
u16 *primary_mpart,u16 *secondary_mpart)+{
- int i, ret;
- u32 mdata_parts;
- efi_guid_t part_type_guid;
- struct disk_partition info;
- const efi_guid_t fwu_mdata_guid = FWU_MDATA_GUID;
- for (i = 1; i < MAX_SEARCH_PARTITIONS; i++) {
if (part_get_info(desc, i, &info))continue;uuid_str_to_bin(info.type_guid, part_type_guid.b,UUID_STR_FORMAT_GUID);if (!guidcmp(&fwu_mdata_guid, &part_type_guid)) {++mdata_parts;if (!*primary_mpart)*primary_mpart = i;else*secondary_mpart = i;}- }
- if (mdata_parts != 2) {
log_err("Expect two copies of the FWU metadata instead of %d\n",mdata_parts);ret = -EINVAL;- } else {
ret = 0;- }
- return ret;
+}
+static int gpt_get_mdata_disk_part(struct blk_desc *desc,
struct disk_partition *info,u32 part_num)+{
- int ret;
- char *mdata_guid_str = "8a7a84a0-8387-40f6-ab41-a8b9a5a60d23";
- ret = part_get_info(desc, part_num, info);
- if (ret < 0) {
log_err("Unable to get the partition info for the FWU metadata part %d",part_num);return -1;- }
- /* Check that it is indeed the FWU metadata partition */
- if (!strncmp(info->type_guid, mdata_guid_str, UUID_STR_LEN)) {
/* Found the FWU metadata partition */return 0;- }
- return -1;
+}
+static int gpt_read_write_mdata(struct blk_desc *desc,
struct fwu_mdata *mdata,u8 access, u32 part_num)+{
- int ret;
- u32 len, blk_start, blkcnt;
- struct disk_partition info;
- ALLOC_CACHE_ALIGN_BUFFER_PAD(struct fwu_mdata, mdata_aligned, 1,
desc->blksz);- ret = gpt_get_mdata_disk_part(desc, &info, part_num);
- if (ret < 0) {
printf("Unable to get the FWU metadata partition\n");return -ENODEV;- }
- len = sizeof(*mdata);
- blkcnt = BLOCK_CNT(len, desc);
- if (blkcnt > info.size) {
log_err("Block count exceeds FWU metadata partition size\n");return -ERANGE;- }
- blk_start = info.start;
- if (access == MDATA_READ) {
if (blk_dread(desc, blk_start, blkcnt, mdata_aligned) != blkcnt) {log_err("Error reading FWU metadata from the device\n");return -EIO;}memcpy(mdata, mdata_aligned, sizeof(struct fwu_mdata));- } else {
if (blk_dwrite(desc, blk_start, blkcnt, mdata) != blkcnt) {log_err("Error writing FWU metadata to the device\n");return -EIO;}- }
- return 0;
+}
+static int gpt_read_mdata(struct blk_desc *desc,
struct fwu_mdata *mdata, u32 part_num)+{
- return gpt_read_write_mdata(desc, mdata, MDATA_READ, part_num);
+}
+static int gpt_write_mdata_partition(struct blk_desc *desc,
struct fwu_mdata *mdata,u32 part_num)+{
- return gpt_read_write_mdata(desc, mdata, MDATA_WRITE, part_num);
+}
+static int fwu_gpt_update_mdata(struct fwu_mdata *mdata) +{
- int ret;
- struct blk_desc *desc;
- u16 primary_mpart = 0, secondary_mpart = 0;
- ret = fwu_plat_get_blk_desc(&desc);
- if (ret < 0) {
log_err("Block device not found\n");return -ENODEV;- }
- ret = gpt_get_mdata_partitions(desc, &primary_mpart,
&secondary_mpart);- if (ret < 0) {
log_err("Error getting the FWU metadata partitions\n");return -ENODEV;- }
- /* First write the primary partition*/
- ret = gpt_write_mdata_partition(desc, mdata, primary_mpart);
- if (ret < 0) {
log_err("Updating primary FWU metadata partition failed\n");return ret;- }
- /* And now the replica */
- ret = gpt_write_mdata_partition(desc, mdata, secondary_mpart);
- if (ret < 0) {
log_err("Updating secondary FWU metadata partition failed\n");return ret;- }
- return 0;
+}
+static int gpt_get_mdata(struct fwu_mdata **mdata) +{
- int ret;
- struct blk_desc *desc;
- u16 primary_mpart = 0, secondary_mpart = 0;
- ret = fwu_plat_get_blk_desc(&desc);
- if (ret < 0) {
log_err("Block device not found\n");return -ENODEV;- }
- ret = gpt_get_mdata_partitions(desc, &primary_mpart,
&secondary_mpart);- if (ret < 0) {
log_err("Error getting the FWU metadata partitions\n");return -ENODEV;- }
- *mdata = malloc(sizeof(struct fwu_mdata));
- if (!*mdata) {
log_err("Unable to allocate memory for reading FWU metadata\n");return -ENOMEM;- }
- ret = gpt_read_mdata(desc, *mdata, primary_mpart);
- if (ret < 0) {
log_err("Failed to read the FWU metadata from the device\n");return -EIO;- }
- ret = fwu_verify_mdata(*mdata, 1);
- if (!ret)
return 0;- /*
* Verification of the primary FWU metadata copy failed.* Try to read the replica.*/- memset(*mdata, 0, sizeof(struct fwu_mdata));
- ret = gpt_read_mdata(desc, *mdata, secondary_mpart);
- if (ret < 0) {
log_err("Failed to read the FWU metadata from the device\n");return -EIO;- }
- ret = fwu_verify_mdata(*mdata, 0);
- if (!ret)
return 0;- /* Both the FWU metadata copies are corrupted. */
- return -1;
+}
+static int gpt_check_mdata_validity(void) +{
- int ret;
- struct blk_desc *desc;
- struct fwu_mdata pri_mdata;
- struct fwu_mdata secondary_mdata;
- u16 primary_mpart = 0, secondary_mpart = 0;
- u16 valid_partitions, invalid_partitions;
- ret = fwu_plat_get_blk_desc(&desc);
- if (ret < 0) {
log_err("Block device not found\n");return -ENODEV;- }
- /*
* Two FWU metadata partitions are expected.* If we don't have two, user needs to create* them first*/- valid_partitions = 0;
- ret = gpt_get_mdata_partitions(desc, &primary_mpart,
&secondary_mpart);- if (ret < 0) {
log_err("Error getting the FWU metadata partitions\n");return -ENODEV;- }
- ret = gpt_read_mdata(desc, &pri_mdata, primary_mpart);
- if (ret < 0) {
log_err("Failed to read the FWU metadata from the device\n");goto secondary_read;- }
- ret = fwu_verify_mdata(&pri_mdata, 1);
- if (!ret)
valid_partitions |= PRIMARY_PART;+secondary_read:
- /* Now check the secondary partition */
- ret = gpt_read_mdata(desc, &secondary_mdata, secondary_mpart);
- if (ret < 0) {
log_err("Failed to read the FWU metadata from the device\n");goto mdata_restore;- }
- ret = fwu_verify_mdata(&secondary_mdata, 0);
- if (!ret)
valid_partitions |= SECONDARY_PART;+mdata_restore:
- if (valid_partitions == (PRIMARY_PART | SECONDARY_PART)) {
ret = -1;/** Before returning, check that both the* FWU metadata copies are the same. If not,* the FWU metadata copies need to be* re-populated.*/if (!memcmp(&pri_mdata, &secondary_mdata,sizeof(struct fwu_mdata))) {ret = 0;} else {log_err("Both FWU metadata copies are valid but do not match. Please check!\n");}goto out;- }
- ret = -1;
- if (!(valid_partitions & BOTH_PARTS))
goto out;- invalid_partitions = valid_partitions ^ BOTH_PARTS;
- ret = gpt_write_mdata_partition(desc,
(invalid_partitions == PRIMARY_PART) ?&secondary_mdata : &pri_mdata,(invalid_partitions == PRIMARY_PART) ?primary_mpart : secondary_mpart);- if (ret < 0)
log_err("Restoring %s FWU metadata partition failed\n",(invalid_partitions == PRIMARY_PART) ?"primary" : "secondary");+out:
- return ret;
+}
+int fwu_gpt_get_active_index(u32 *active_idx) +{
- int ret;
- struct fwu_mdata *mdata;
- ret = gpt_get_mdata(&mdata);
- if (ret < 0) {
log_err("Unable to get valid FWU metadata\n");goto out;- }
- /*
* Found the FWU metadata partition, now read the active_index* value*/- *active_idx = mdata->active_index;
- if (*active_idx > CONFIG_FWU_NUM_BANKS - 1) {
printf("Active index value read is incorrect\n");ret = -EINVAL;goto out;- }
+out:
- free(mdata);
- return ret;
+}
+static int gpt_get_image_alt_num(struct blk_desc *desc,
efi_guid_t image_type_id,u32 update_bank, int *alt_no)+{
- int ret, i;
- u32 part;
- struct fwu_mdata *mdata;
- struct fwu_image_entry *img_entry;
- struct fwu_image_bank_info *img_bank_info;
- struct disk_partition info;
- efi_guid_t unique_part_guid;
- efi_guid_t image_guid = NULL_GUID;
- ret = gpt_get_mdata(&mdata);
- if (ret < 0) {
log_err("Unable to read valid FWU metadata\n");goto out;- }
- /*
* The FWU metadata has been read. Now get the image_uuid for the* image with the update_bank.*/- for (i = 0; i < CONFIG_FWU_NUM_IMAGES_PER_BANK; i++) {
if (!guidcmp(&image_type_id,&mdata->img_entry[i].image_type_uuid)) {img_entry = &mdata->img_entry[i];img_bank_info = &img_entry->img_bank_info[update_bank];guidcpy(&image_guid, &img_bank_info->image_uuid);break;}- }
- /*
* Now read the GPT Partition Table Entries to find a matching* partition with UniquePartitionGuid value. We need to iterate* through all the GPT partitions since they might be in any* order*/- for (i = 1; i < MAX_SEARCH_PARTITIONS; i++) {
if (part_get_info(desc, i, &info))continue;uuid_str_to_bin(info.uuid, unique_part_guid.b,UUID_STR_FORMAT_GUID);if (!guidcmp(&unique_part_guid, &image_guid)) {/* Found the partition */part = i;*alt_no = fwu_plat_get_alt_num(&part);if (*alt_no != -1)log_info("alt_num %d for partition %pUl\n",*alt_no, &image_guid);ret = 0;break;}- }
- if (*alt_no == -1) {
log_err("alt_num not found for partition with GUID %pUl\n",&image_guid);ret = -EINVAL;- }
- if (i == MAX_SEARCH_PARTITIONS) {
log_err("Partition with the image guid not found\n");ret = -EINVAL;- }
+out:
- free(mdata);
- return ret;
+}
+int fwu_gpt_get_image_alt_num(efi_guid_t image_type_id, u32 update_bank,
int *alt_no)+{
- int ret;
- struct blk_desc *desc;
- ret = fwu_plat_get_blk_desc(&desc);
- if (ret < 0) {
log_err("Block device not found\n");return -ENODEV;- }
- return gpt_get_image_alt_num(desc, image_type_id, update_bank, alt_no);
+}
+int fwu_gpt_mdata_check(void) +{
- /*
* Check if both the copies of the FWU metadata are* valid. If one has gone bad, restore it from the* other good copy.*/- return gpt_check_mdata_validity();
+}
+int fwu_gpt_get_mdata(struct fwu_mdata **mdata) +{
- return gpt_get_mdata(mdata);
+}
+static int fwu_gpt_set_clear_image_accept(efi_guid_t *img_type_id,
u32 bank, u8 action)+{
- void *buf;
- int ret, i;
- u32 nimages;
- struct fwu_mdata *mdata;
- struct fwu_image_entry *img_entry;
- struct fwu_image_bank_info *img_bank_info;
- ret = gpt_get_mdata(&mdata);
- if (ret < 0) {
log_err("Unable to get valid FWU metadata\n");goto out;- }
- nimages = CONFIG_FWU_NUM_IMAGES_PER_BANK;
- img_entry = &mdata->img_entry[0];
- for (i = 0; i < nimages; i++) {
if (!guidcmp(&img_entry[i].image_type_uuid, img_type_id)) {img_bank_info = &img_entry[i].img_bank_info[bank];if (action == IMAGE_ACCEPT_SET)img_bank_info->accepted |= FWU_IMAGE_ACCEPTED;elseimg_bank_info->accepted = 0;buf = &mdata->version;mdata->crc32 = crc32(0, buf, sizeof(*mdata) -sizeof(u32));ret = fwu_gpt_update_mdata(mdata);goto out;}- }
- /* Image not found */
- ret = -EINVAL;
+out:
- free(mdata);
- return ret;
+}
+static int fwu_gpt_accept_image(efi_guid_t *img_type_id, u32 bank) +{
- return fwu_gpt_set_clear_image_accept(img_type_id, bank,
IMAGE_ACCEPT_SET);+}
+static int fwu_gpt_clear_accept_image(efi_guid_t *img_type_id, u32 bank) +{
- return fwu_gpt_set_clear_image_accept(img_type_id, bank,
IMAGE_ACCEPT_CLEAR);+}
+struct fwu_mdata_ops fwu_gpt_blk_ops = {
- .get_active_index = fwu_gpt_get_active_index,
- .get_image_alt_num = fwu_gpt_get_image_alt_num,
- .mdata_check = fwu_gpt_mdata_check,
- .set_accept_image = fwu_gpt_accept_image,
- .clear_accept_image = fwu_gpt_clear_accept_image,
- .get_mdata = fwu_gpt_get_mdata,
- .update_mdata = fwu_gpt_update_mdata,
+};