hi Simon, On Thu, 18 Aug 2022 at 08:51, Simon Glass <s...@chromium.org> wrote: > > Hi Sughosh, > > On Wed, 17 Aug 2022 at 06:44, Sughosh Ganu <sughosh.g...@linaro.org> wrote: > > > > In the FWU Multi Bank Update feature, the information about the > > updatable images is stored as part of the metadata, on a separate > > partition. Add a driver for reading from and writing to the metadata > > when the updatable images and the metadata are stored on a block > > device which is formated with GPT based partition scheme. > > > > Signed-off-by: Sughosh Ganu <sughosh.g...@linaro.org> > > Reviewed-by: Patrick Delaunay <patrick.delau...@foss.st.com> > > --- > > Changes since V7: None > > > > drivers/fwu-mdata/Kconfig | 9 + > > drivers/fwu-mdata/Makefile | 1 + > > drivers/fwu-mdata/fwu_mdata_gpt_blk.c | 410 ++++++++++++++++++++++++++ > > include/fwu.h | 5 + > > 4 files changed, 425 insertions(+) > > create mode 100644 drivers/fwu-mdata/fwu_mdata_gpt_blk.c > > > > diff --git a/drivers/fwu-mdata/Kconfig b/drivers/fwu-mdata/Kconfig > > index d6a21c8e19..d5edef19d6 100644 > > --- a/drivers/fwu-mdata/Kconfig > > +++ b/drivers/fwu-mdata/Kconfig > > @@ -5,3 +5,12 @@ config DM_FWU_MDATA > > Enable support for accessing FWU Metadata partitions. The > > FWU Metadata partitions reside on the same storage device > > which contains the other FWU updatable firmware images. > > Can we link to the docs here, or will it be easy for people to find in > the U-Boot docs?
The link to the spec is being provided in the documentation for the feature. I guess that should suffice. > > > + > > +config FWU_MDATA_GPT_BLK > > + bool "FWU Metadata access for GPT partitioned Block devices" > > + select PARTITION_TYPE_GUID > > + select PARTITION_UUIDS > > + depends on DM && HAVE_BLOCK_DEVICE && EFI_PARTITION > > + help > > + Enable support for accessing FWU Metadata on GPT partitioned > > + block devices. > > GPT-partitioned (I think) I see "GPT partition" being used elsewhere. I don't have a strong opinion on this though. > > > diff --git a/drivers/fwu-mdata/Makefile b/drivers/fwu-mdata/Makefile > > index e53a8c9983..313049f67a 100644 > > --- a/drivers/fwu-mdata/Makefile > > +++ b/drivers/fwu-mdata/Makefile > > @@ -4,3 +4,4 @@ > > # > > > > obj-$(CONFIG_DM_FWU_MDATA) += fwu-mdata-uclass.o > > +obj-$(CONFIG_FWU_MDATA_GPT_BLK) += fwu_mdata_gpt_blk.o > > diff --git a/drivers/fwu-mdata/fwu_mdata_gpt_blk.c > > b/drivers/fwu-mdata/fwu_mdata_gpt_blk.c > > Perhaps just call it gpt_blk.c since it is in this directory Actually, there are both type of examples that can be seen under drivers/. For e.g. the drivers/clk/ has all files starting with clk_*. Similarly, under drivers/reset/. But there are other examples as well. But this is not a big effort. I will change the name as per your suggestion. > > > new file mode 100644 > > index 0000000000..f694c4369b > > --- /dev/null > > +++ b/drivers/fwu-mdata/fwu_mdata_gpt_blk.c > > @@ -0,0 +1,410 @@ > > +// SPDX-License-Identifier: GPL-2.0-or-later > > +/* > > + * Copyright (c) 2022, Linaro Limited > > + */ > > + > > +#define LOG_CATEGORY UCLASS_FWU_MDATA > > + > > +#include <blk.h> > > +#include <dm.h> > > +#include <efi_loader.h> > > +#include <fwu.h> > > +#include <fwu_mdata.h> > > +#include <log.h> > > +#include <malloc.h> > > +#include <memalign.h> > > +#include <part.h> > > +#include <part_efi.h> > > + > > +#include <dm/device-internal.h> > > +#include <linux/errno.h> > > +#include <linux/types.h> > > +#include <u-boot/crc.h> > > + > > +#define PRIMARY_PART BIT(0) > > +#define SECONDARY_PART BIT(1) > > +#define BOTH_PARTS (PRIMARY_PART | SECONDARY_PART) > > + > > +#define MDATA_READ BIT(0) > > +#define MDATA_WRITE BIT(1) > > + > > comment? Umm, is the macro name not descriptive enough? They are just being used to select a read or write operation. > > > +static int gpt_get_mdata_partitions(struct blk_desc *desc, > > + u16 *primary_mpart, > > + u16 *secondary_mpart) > > Should use uint, no need to select a 16-bit var so far as I can get Okay > > > +{ > > + int i, ret; > > + u32 mdata_parts; > > + efi_guid_t part_type_guid; > > + struct disk_partition info; > > + const efi_guid_t fwu_mdata_guid = FWU_MDATA_GUID; > > + > > + mdata_parts = 0; > > + for (i = 1; i < MAX_SEARCH_PARTITIONS; i++) { > > + if (part_get_info(desc, i, &info)) > > + continue; > > + uuid_str_to_bin(info.type_guid, part_type_guid.b, > > + UUID_STR_FORMAT_GUID); > > + > > + if (!guidcmp(&fwu_mdata_guid, &part_type_guid)) { > > + ++mdata_parts; > > + if (!*primary_mpart) > > + *primary_mpart = i; > > + else > > + *secondary_mpart = i; > > + } > > + } > > + > > + if (mdata_parts != 2) { > > + log_err("Expect two copies of the FWU metadata instead of > > %d\n", > > + mdata_parts); > > + ret = -EINVAL; > > + } else { > > + ret = 0; > > + } > > + > > + return ret; > > +} > > + > > +static int gpt_get_mdata_disk_part(struct blk_desc *desc, > > + struct disk_partition *info, > > + u32 part_num) > > +{ > > + int ret; > > + char *mdata_guid_str = "8a7a84a0-8387-40f6-ab41-a8b9a5a60d23"; > > This is fine, but I wonder if it should that go in a header with all > the other GUIDs? Or does it go hear because it is a string? Yes, this is because it is a string > > > + > > + ret = part_get_info(desc, part_num, info); > > + if (ret < 0) { > > + log_err("Unable to get the partition info for the FWU > > metadata part %d", > > + part_num); > > + return -1; > > + } > > + > > + /* Check that it is indeed the FWU metadata partition */ > > + if (!strncmp(info->type_guid, mdata_guid_str, UUID_STR_LEN)) { > > + /* Found the FWU metadata partition */ > > + return 0; > > + } > > + > > + return -1; > > +} > > + > > +static int gpt_read_write_mdata(struct blk_desc *desc, > > + struct fwu_mdata *mdata, > > + u8 access, u32 part_num) > > +{ > > + int ret; > > + u32 len, blk_start, blkcnt; > > + struct disk_partition info; > > + > > + ALLOC_CACHE_ALIGN_BUFFER_PAD(struct fwu_mdata, mdata_aligned, 1, > > + desc->blksz); > > + > > + ret = gpt_get_mdata_disk_part(desc, &info, part_num); > > + if (ret < 0) { > > + printf("Unable to get the FWU metadata partition\n"); > > + return -ENODEV; > > How about -ENOENT ? > > There is a device, so we cannot use -ENODEV > > Please fix below too Okay > > > + } > > + > > + len = sizeof(*mdata); > > + blkcnt = BLOCK_CNT(len, desc); > > + if (blkcnt > info.size) { > > + log_err("Block count exceeds FWU metadata partition > > size\n"); > > + return -ERANGE; > > + } > > + > > + blk_start = info.start; > > + if (access == MDATA_READ) { > > + if (blk_dread(desc, blk_start, blkcnt, mdata_aligned) != > > blkcnt) { > > + log_err("Error reading FWU metadata from the > > device\n"); > > + return -EIO; > > + } > > + memcpy(mdata, mdata_aligned, sizeof(struct fwu_mdata)); > > + } else { > > + if (blk_dwrite(desc, blk_start, blkcnt, mdata) != blkcnt) { > > + log_err("Error writing FWU metadata to the > > device\n"); > > + return -EIO; > > + } > > + } > > + > > + return 0; > > +} > > + > > +static int gpt_read_mdata(struct blk_desc *desc, > > + struct fwu_mdata *mdata, u32 part_num) > > +{ > > + return gpt_read_write_mdata(desc, mdata, MDATA_READ, part_num); > > +} > > + > > +static int gpt_write_mdata_partition(struct blk_desc *desc, > > + struct fwu_mdata *mdata, > > + u32 part_num) > > +{ > > + return gpt_read_write_mdata(desc, mdata, MDATA_WRITE, part_num); > > +} > > + > > +static int fwu_gpt_update_mdata(struct udevice *dev, struct fwu_mdata > > *mdata) > > +{ > > + int ret; > > + struct blk_desc *desc; > > + u16 primary_mpart = 0, secondary_mpart = 0; > > uint Okay > > > + struct fwu_mdata_gpt_blk_priv *priv = dev_get_priv(dev); > > + > > + desc = dev_get_uclass_plat(priv->blk_dev); > > + if (!desc) { > > + log_err("Block device not found\n"); > > + return -ENODEV; > > This cannot happen, drop this if() Okay > > > + } > > + > > + ret = gpt_get_mdata_partitions(desc, &primary_mpart, > > + &secondary_mpart); > > + > > drop blank line so the error check is next to the thing that reads it Will fix > > > + if (ret < 0) { > > + log_err("Error getting the FWU metadata partitions\n"); > > + return -ENODEV; > > + } > > + > > + /* First write the primary partition*/ > > space before */ Will fix > > > + ret = gpt_write_mdata_partition(desc, mdata, primary_mpart); > > + if (ret < 0) { > > + log_err("Updating primary FWU metadata partition failed\n"); > > This is very error-heavy. The log_err() things produce a string in the > code so this ends up being very large. Is that what you want? If these > things can happen in the real world and users need to debug them, then > I suppose it is OK. But normally with driver model we report errors in > the command code, or the logic, not in drivers themselves. Otherwise > when you write tests you get lots of confusing error output that needs > to be ignored. I see your point, but in this specific case, it is only the driver which will be able to tell about the error in some detail. I can change this to a log_debug if you so wish. Although I do see quite a few instances of log_err being used in the driver code as well. > > > + return ret; > > + } > > + > > + /* And now the replica */ > > + ret = gpt_write_mdata_partition(desc, mdata, secondary_mpart); > > + if (ret < 0) { > > + log_err("Updating secondary FWU metadata partition > > failed\n"); > > + return ret; > > + } > > + > > + return 0; > > +} > > + > > +static int gpt_get_mdata(struct blk_desc *desc, struct fwu_mdata **mdata) > > mdatap Okay > > > +{ > > + int ret; > > + u16 primary_mpart = 0, secondary_mpart = 0; > > uint Okay > > Also do you need to set them to 0 > > Declare a locate mdata and use that here instead of *mdata, which is a pain. This function is copying the metadata into the callers copy. Unless I don't understand your comment. > > > + > > + ret = gpt_get_mdata_partitions(desc, &primary_mpart, > > + &secondary_mpart); > > + > > + if (ret < 0) { > > + log_err("Error getting the FWU metadata partitions\n"); > > + return -ENODEV; > > + } > > + > > + *mdata = malloc(sizeof(struct fwu_mdata)); > > + if (!*mdata) { > > + log_err("Unable to allocate memory for reading FWU > > metadata\n"); > > + return -ENOMEM; > > + } > > + > > + ret = gpt_read_mdata(desc, *mdata, primary_mpart); > > + if (ret < 0) { > > + log_err("Failed to read the FWU metadata from the > > device\n"); > > + return -EIO; > > + } > > + > > + ret = fwu_verify_mdata(*mdata, 1); > > + if (!ret) > > + return 0; > > + > > + /* > > + * Verification of the primary FWU metadata copy failed. > > + * Try to read the replica. > > + */ > > + memset(*mdata, 0, sizeof(struct fwu_mdata)); > > '\0' Okay > > > + ret = gpt_read_mdata(desc, *mdata, secondary_mpart); > > + if (ret < 0) { > > + log_err("Failed to read the FWU metadata from the > > device\n"); > > + return -EIO; > > + } > > + > > + ret = fwu_verify_mdata(*mdata, 0); > > + if (!ret) > > + return 0; > > + > > + /* Both the FWU metadata copies are corrupted. */ > > + return -1; > > This is -EPERM > > Perhaps choose something else? Again, I am not sure what would be a suitable error to return in this case. > > > +} > > + > > +static int gpt_check_mdata_validity(struct udevice *dev) > > +{ > > + int ret; > > + struct blk_desc *desc; > > + struct fwu_mdata pri_mdata; > > + struct fwu_mdata secondary_mdata; > > + u16 primary_mpart = 0, secondary_mpart = 0; > > + u16 valid_partitions, invalid_partitions; > > + struct fwu_mdata_gpt_blk_priv *priv = dev_get_priv(dev); > > + > > + desc = dev_get_uclass_plat(priv->blk_dev); > > + if (!desc) { > > + log_err("Block device not found\n"); > > + return -ENODEV; > > + } > > + > > + /* > > + * Two FWU metadata partitions are expected. > > + * If we don't have two, user needs to create > > + * them first > > + */ > > + valid_partitions = 0; > > + ret = gpt_get_mdata_partitions(desc, &primary_mpart, > > + &secondary_mpart); > > + > > + if (ret < 0) { > > + log_err("Error getting the FWU metadata partitions\n"); > > + return -ENODEV; > > + } > > + > > + ret = gpt_read_mdata(desc, &pri_mdata, primary_mpart); > > + if (ret < 0) { > > + log_err("Failed to read the FWU metadata from the > > device\n"); > > + goto secondary_read; > > + } > > + > > + ret = fwu_verify_mdata(&pri_mdata, 1); > > + if (!ret) > > + valid_partitions |= PRIMARY_PART; > > + > > +secondary_read: > > + /* Now check the secondary partition */ > > + ret = gpt_read_mdata(desc, &secondary_mdata, secondary_mpart); > > + if (ret < 0) { > > + log_err("Failed to read the FWU metadata from the > > device\n"); > > + goto mdata_restore; > > + } > > + > > + ret = fwu_verify_mdata(&secondary_mdata, 0); > > + if (!ret) > > + valid_partitions |= SECONDARY_PART; > > + > > +mdata_restore: > > + if (valid_partitions == (PRIMARY_PART | SECONDARY_PART)) { > > + ret = -1; > > + /* > > + * Before returning, check that both the > > + * FWU metadata copies are the same. If not, > > + * the FWU metadata copies need to be > > + * re-populated. > > + */ > > + if (!memcmp(&pri_mdata, &secondary_mdata, > > + sizeof(struct fwu_mdata))) { > > + ret = 0; > > + } else { > > + log_err("Both FWU metadata copies are valid but do > > not match. Please check!\n"); > > Honestly the error handling needs a rethink IMO. You should try to > return error codes that indicate what went wrong (you mostly do in > this file) and then have the top-level code decode those errors and > produce an error message. The code in efi_capsule.c which is calling the APIs is checking the error codes and printing the error messages. > > > + } > > + goto out; > > + } > > + > > + ret = -1; > > + if (!(valid_partitions & BOTH_PARTS)) > > + goto out; > > + > > + invalid_partitions = valid_partitions ^ BOTH_PARTS; > > + ret = gpt_write_mdata_partition(desc, > > + (invalid_partitions == > > PRIMARY_PART) ? > > + &secondary_mdata : &pri_mdata, > > + (invalid_partitions == > > PRIMARY_PART) ? > > + primary_mpart : secondary_mpart); > > + > > + if (ret < 0) > > + log_err("Restoring %s FWU metadata partition failed\n", > > + (invalid_partitions == PRIMARY_PART) ? > > + "primary" : "secondary"); > > + > > +out: > > + return ret; > > +} > > + > > +static int fwu_gpt_mdata_check(struct udevice *dev) > > +{ > > + /* > > + * Check if both the copies of the FWU metadata are > > + * valid. If one has gone bad, restore it from the > > + * other good copy. > > word wrap wider Okay > > > + */ > > + return gpt_check_mdata_validity(dev); > > +} > > + > > +static int fwu_gpt_get_mdata(struct udevice *dev, struct fwu_mdata **mdata) > > +{ > > + struct blk_desc *desc; > > + struct fwu_mdata_gpt_blk_priv *priv = dev_get_priv(dev); > > + > > + desc = dev_get_uclass_plat(priv->blk_dev); > > + if (!desc) { > > + log_err("Block device not found\n"); > > + return -ENODEV; > > Again this cannot happen Will remove > > > + } > > + > > + return gpt_get_mdata(desc, mdata); > > +} > > + > > +static int fwu_get_mdata_device(struct udevice *dev, struct udevice > > **mdata_dev) > > +{ > > + u32 phandle; > > + int ret, size; > > + struct udevice *parent, *child; > > + const fdt32_t *phandle_p = NULL; > > + > > + phandle_p = dev_read_prop(dev, "fwu-mdata-store", &size); > > + if (!phandle_p) { > > + log_err("fwu-mdata-store property not found\n"); > > + return -ENOENT; > > + } > > + > > + phandle = fdt32_to_cpu(*phandle_p); > > Can you use dev_read_u32() ? Will check if this can be used. > > > + > > + ret = device_get_global_by_ofnode(ofnode_get_by_phandle(phandle), > > + &parent); > > + if (ret) > > + return ret; > > + > > + ret = -ENODEV; > > Here it is correct to return -ENODEV I think > > > + for (device_find_first_child(parent, &child); child; > > + device_find_next_child(&child)) { > > + if (device_get_uclass_id(child) == UCLASS_BLK) { > > + *mdata_dev = child; > > + ret = 0; > > See blk_get_from_parent() Will check > > > + } > > + } > > + > > + return ret; > > +} > > + > > +static int fwu_mdata_gpt_blk_probe(struct udevice *dev) > > +{ > > + int ret; > > + struct udevice *mdata_dev = NULL; > > + struct fwu_mdata_gpt_blk_priv *priv = dev_get_priv(dev); > > + > > + ret = fwu_get_mdata_device(dev, &mdata_dev); > > + if (ret) > > + return ret; > > + > > + priv->blk_dev = mdata_dev; > > + > > + return 0; > > +} > > + > > +static const struct fwu_mdata_ops fwu_gpt_blk_ops = { > > + .mdata_check = fwu_gpt_mdata_check, > > + .get_mdata = fwu_gpt_get_mdata, > > + .update_mdata = fwu_gpt_update_mdata, > > +}; > > + > > +static const struct udevice_id fwu_mdata_ids[] = { > > + { .compatible = "u-boot,fwu-mdata-gpt" }, > > + { } > > +}; > > + > > +U_BOOT_DRIVER(fwu_mdata_gpt_blk) = { > > + .name = "fwu-mdata-gpt-blk", > > + .id = UCLASS_FWU_MDATA, > > + .of_match = fwu_mdata_ids, > > + .ops = &fwu_gpt_blk_ops, > > + .probe = fwu_mdata_gpt_blk_probe, > > + .priv_auto = sizeof(struct fwu_mdata_gpt_blk_priv), > > +}; > > diff --git a/include/fwu.h b/include/fwu.h > > index e03cfff800..8259c75d12 100644 > > --- a/include/fwu.h > > +++ b/include/fwu.h > > @@ -14,6 +14,10 @@ > > struct fwu_mdata; > > struct udevice; > > > > +struct fwu_mdata_gpt_blk_priv { > > + struct udevice *blk_dev; > > +}; > > + > > /** > > * @mdata_check: check the validity of the FWU metadata partitions > > * @get_mdata() - Get a FWU metadata copy > > @@ -39,6 +43,7 @@ int fwu_get_active_index(u32 *active_idx); > > int fwu_update_active_index(u32 active_idx); > > int fwu_get_image_alt_num(efi_guid_t *image_type_id, u32 update_bank, > > int *alt_num); > > +int fwu_verify_mdata(struct fwu_mdata *mdata, bool pri_part); > > comments again Will add -sughosh > > > int fwu_mdata_check(void); > > int fwu_revert_boot_index(void); > > int fwu_accept_image(efi_guid_t *img_type_id, u32 bank); > > -- > > 2.34.1 > > > > Regards, > Simon