1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
|
/* SPDX-License-Identifier: GPL-2.0-or-later */
/*
* Copyright (c) 2022, Linaro Limited
*/
#if !defined _FWU_H_
#define _FWU_H_
#include <blk.h>
#include <efi.h>
#include <linux/types.h>
struct fwu_mdata;
struct udevice;
struct fwu_mdata_gpt_blk_priv {
struct udevice *blk_dev;
};
/**
* @mdata_check: check the validity of the FWU metadata partitions
* @get_mdata() - Get a FWU metadata copy
* @update_mdata() - Update the FWU metadata copy
*/
struct fwu_mdata_ops {
/**
* check_mdata() - Check if the FWU metadata is valid
* @dev: FWU device
*
* Validate both copies of the FWU metadata. If one of the copies
* has gone bad, restore it from the other copy.
*
* Return: 0 if OK, -ve on error
*/
int (*check_mdata)(struct udevice *dev);
/**
* get_mdata() - Get a FWU metadata copy
* @dev: FWU device
* @mdata: Pointer to FWU metadata
*
* Get a valid copy of the FWU metadata.
*
* Return: 0 if OK, -ve on error
*/
int (*get_mdata)(struct udevice *dev, struct fwu_mdata *mdata);
/**
* update_mdata() - Update the FWU metadata
* @dev: FWU device
* @mdata: Copy of the FWU metadata
*
* Update the FWU metadata structure by writing to the
* FWU metadata partitions.
*
* Return: 0 if OK, -ve on error
*/
int (*update_mdata)(struct udevice *dev, struct fwu_mdata *mdata);
/**
* get_mdata_part_num() - Get the FWU metadata partition numbers
* @dev: FWU metadata device
* @mdata_parts: array for storing the metadata partition numbers
*
* Get the partition numbers on the storage device on which the
* FWU metadata is stored. Two partition numbers will be returned.
*
* Return: 0 if OK, -ve on error
*/
int (*get_mdata_part_num)(struct udevice *dev, uint *mdata_parts);
/**
* read_mdata_partition() - Read the FWU metadata from a partition
* @dev: FWU metadata device
* @mdata: Copy of the FWU metadata
* @part_num: Partition number from which FWU metadata is to be read
*
* Read the FWU metadata from the specified partition number
*
* Return: 0 if OK, -ve on error
*/
int (*read_mdata_partition)(struct udevice *dev,
struct fwu_mdata *mdata, uint part_num);
/**
* write_mdata_partition() - Write the FWU metadata to a partition
* @dev: FWU metadata device
* @mdata: Copy of the FWU metadata
* @part_num: Partition number to which FWU metadata is to be written
*
* Write the FWU metadata to the specified partition number
*
* Return: 0 if OK, -ve on error
*/
int (*write_mdata_partition)(struct udevice *dev,
struct fwu_mdata *mdata, uint part_num);
};
#define FWU_MDATA_VERSION 0x1
#define FWU_IMAGE_ACCEPTED 0x1
/*
* GUID value defined in the FWU specification for identification
* of the FWU metadata partition.
*/
#define FWU_MDATA_GUID \
EFI_GUID(0x8a7a84a0, 0x8387, 0x40f6, 0xab, 0x41, \
0xa8, 0xb9, 0xa5, 0xa6, 0x0d, 0x23)
/*
* GUID value defined in the Dependable Boot specification for
* identification of the revert capsule, used for reverting
* any image in the updated bank.
*/
#define FWU_OS_REQUEST_FW_REVERT_GUID \
EFI_GUID(0xacd58b4b, 0xc0e8, 0x475f, 0x99, 0xb5, \
0x6b, 0x3f, 0x7e, 0x07, 0xaa, 0xf0)
/*
* GUID value defined in the Dependable Boot specification for
* identification of the accept capsule, used for accepting
* an image in the updated bank.
*/
#define FWU_OS_REQUEST_FW_ACCEPT_GUID \
EFI_GUID(0x0c996046, 0xbcc0, 0x4d04, 0x85, 0xec, \
0xe1, 0xfc, 0xed, 0xf1, 0xc6, 0xf8)
/**
* fwu_check_mdata_validity() - Check for validity of the FWU metadata copies
*
* Read both the metadata copies from the storage media, verify their
* checksum, and ascertain that both copies match. If one of the copies
* has gone bad, restore it from the good copy.
*
* Return: 0 if OK, -ve on error
*
*/
int fwu_check_mdata_validity(void);
/**
* fwu_get_mdata_part_num() - Get the FWU metadata partition numbers
* @dev: FWU metadata device
* @mdata_parts: array for storing the metadata partition numbers
*
* Get the partition numbers on the storage device on which the
* FWU metadata is stored. Two partition numbers will be returned
* through the array.
*
* Return: 0 if OK, -ve on error
*
*/
int fwu_get_mdata_part_num(struct udevice *dev, uint *mdata_parts);
/**
* fwu_read_mdata_partition() - Read the FWU metadata from a partition
* @dev: FWU metadata device
* @mdata: Copy of the FWU metadata
* @part_num: Partition number from which FWU metadata is to be read
*
* Read the FWU metadata from the specified partition number
*
* Return: 0 if OK, -ve on error
*
*/
int fwu_read_mdata_partition(struct udevice *dev, struct fwu_mdata *mdata,
uint part_num);
/**
* fwu_write_mdata_partition() - Write the FWU metadata to a partition
* @dev: FWU metadata device
* @mdata: Copy of the FWU metadata
* @part_num: Partition number to which FWU metadata is to be written
*
* Write the FWU metadata to the specified partition number
*
* Return: 0 if OK, -ve on error
*
*/
int fwu_write_mdata_partition(struct udevice *dev, struct fwu_mdata *mdata,
uint part_num);
/**
* fwu_get_mdata() - Get a FWU metadata copy
* @dev: FWU metadata device
* @mdata: Copy of the FWU metadata
*
* Get a valid copy of the FWU metadata.
*
* Note: This function is to be called first when modifying any fields
* in the metadata. The sequence of calls to modify any field in the
* metadata would be 1) fwu_get_mdata 2) Modify metadata, followed by
* 3) fwu_update_mdata
*
* Return: 0 if OK, -ve on error
*
*/
int fwu_get_mdata(struct udevice *dev, struct fwu_mdata *mdata);
/**
* fwu_update_mdata() - Update the FWU metadata
* @dev: FWU metadata device
* @mdata: Copy of the FWU metadata
*
* Update the FWU metadata structure by writing to the
* FWU metadata partitions.
*
* Note: This function is not to be called directly to update the
* metadata fields. The sequence of function calls should be
* 1) fwu_get_mdata() 2) Modify the medata fields 3) fwu_update_mdata()
*
* The sequence of updating the partitions should be, update the
* primary metadata partition (first partition encountered), followed
* by updating the secondary partition. With this update sequence, in
* the rare scenario that the two metadata partitions are valid but do
* not match, maybe due to power outage at the time of updating the
* metadata copies, the secondary partition can be updated from the
* primary.
*
* Return: 0 if OK, -ve on error
*
*/
int fwu_update_mdata(struct udevice *dev, struct fwu_mdata *mdata);
/**
* fwu_get_active_index() - Get active_index from the FWU metadata
* @active_idxp: active_index value to be read
*
* Read the active_index field from the FWU metadata and place it in
* the variable pointed to be the function argument.
*
* Return: 0 if OK, -ve on error
*
*/
int fwu_get_active_index(uint *active_idxp);
/**
* fwu_set_active_index() - Set active_index in the FWU metadata
* @active_idx: active_index value to be set
*
* Update the active_index field in the FWU metadata
*
* Return: 0 if OK, -ve on error
*
*/
int fwu_set_active_index(uint active_idx);
/**
* fwu_get_image_index() - Get the Image Index to be used for capsule update
* @image_index: The Image Index for the image
*
* The FWU multi bank update feature computes the value of image_index at
* runtime, based on the bank to which the image needs to be written to.
* Derive the image_index value for the image.
*
* Currently, the capsule update driver uses the DFU framework for
* the updates. This function gets the DFU alt number which is to
* be used as the Image Index
*
* Return: 0 if OK, -ve on error
*
*/
int fwu_get_image_index(u8 *image_index);
/**
* fwu_mdata_check() - Check if the FWU metadata is valid
* @dev: FWU metadata device
*
* Validate both copies of the FWU metadata. If one of the copies
* has gone bad, restore it from the other copy.
*
* Return: 0 if OK, -ve on error
*
*/
int fwu_mdata_check(struct udevice *dev);
/**
* fwu_revert_boot_index() - Revert the active index in the FWU metadata
*
* Revert the active_index value in the FWU metadata, by swapping the values
* of active_index and previous_active_index in both copies of the
* FWU metadata.
*
* Return: 0 if OK, -ve on error
*
*/
int fwu_revert_boot_index(void);
/**
* fwu_verify_mdata() - Verify the FWU metadata
* @mdata: FWU metadata structure
* @pri_part: FWU metadata partition is primary or secondary
*
* Verify the FWU metadata by computing the CRC32 for the metadata
* structure and comparing it against the CRC32 value stored as part
* of the structure.
*
* Return: 0 if OK, -ve on error
*
*/
int fwu_verify_mdata(struct fwu_mdata *mdata, bool pri_part);
/**
* fwu_accept_image() - Set the Acceptance bit for the image
* @img_type_id: GUID of the image type for which the accepted bit is to be
* cleared
* @bank: Bank of which the image's Accept bit is to be set
*
* Set the accepted bit for the image specified by the img_guid parameter. This
* indicates acceptance of image for subsequent boots by some governing component
* like OS(or firmware).
*
* Return: 0 if OK, -ve on error
*
*/
int fwu_accept_image(efi_guid_t *img_type_id, u32 bank);
/**
* fwu_clear_accept_image() - Clear the Acceptance bit for the image
* @img_type_id: GUID of the image type for which the accepted bit is to be
* cleared
* @bank: Bank of which the image's Accept bit is to be cleared
*
* Clear the accepted bit for the image type specified by the img_type_id parameter.
* This function is called after the image has been updated. The accepted bit is
* cleared to be set subsequently after passing the image acceptance criteria, by
* either the OS(or firmware)
*
* Return: 0 if OK, -ve on error
*
*/
int fwu_clear_accept_image(efi_guid_t *img_type_id, u32 bank);
/**
* fwu_plat_get_alt_num() - Get the DFU Alt Num for the image from the platform
* @dev: FWU device
* @image_guid: Image GUID for which DFU alt number needs to be retrieved
* @alt_num: Pointer to the alt_num
*
* Get the DFU alt number from the platform for the image specified by the
* image GUID.
*
* Return: 0 if OK, -ve on error
*
*/
int fwu_plat_get_alt_num(struct udevice *dev, efi_guid_t *image_guid,
u8 *alt_num);
/**
* fwu_plat_get_update_index() - Get the value of the update bank
* @update_idx: Bank number to which images are to be updated
*
* Get the value of the bank(partition) to which the update needs to be
* made.
*
* Note: This is a weak function and platforms can override this with
* their own implementation for selection of the update bank.
*
* Return: 0 if OK, -ve on error
*
*/
int fwu_plat_get_update_index(uint *update_idx);
/**
* fwu_plat_get_bootidx() - Get the value of the boot index
* @boot_idx: Boot index value
*
* Get the value of the bank(partition) from which the platform
* has booted. This value is passed to U-Boot from the earlier
* stage bootloader which loads and boots all the relevant
* firmware images
*
*/
void fwu_plat_get_bootidx(uint *boot_idx);
/**
* fwu_update_checks_pass() - Check if FWU update can be done
*
* Check if the FWU update can be executed. The updates are
* allowed only when the platform is not in Trial State and
* the boot time checks have passed
*
* Return: 1 if OK, 0 if checks do not pass
*
*/
u8 fwu_update_checks_pass(void);
/**
* fwu_empty_capsule_checks_pass() - Check if empty capsule can be processed
*
* Check if the empty capsule can be processed to either accept or revert
* an earlier executed update. The empty capsules need to be processed
* only when the platform is in Trial State and the boot time checks have
* passed
*
* Return: 1 if OK, 0 if not to be allowed
*
*/
u8 fwu_empty_capsule_checks_pass(void);
/**
* fwu_trial_state_ctr_start() - Start the Trial State counter
*
* Start the counter to identify the platform booting in the
* Trial State. The counter is implemented as an EFI variable.
*
* Return: 0 if OK, -ve on error
*
*/
int fwu_trial_state_ctr_start(void);
#endif /* _FWU_H_ */
|
