Enable capsule updates #147
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
SergiiDmytruk
force-pushed
the
enable-capsule-updates
branch
from
e4bb5bf to
4fd97ed
Compare
SergiiDmytruk
force-pushed
the
enable-capsule-updates
branch
from
4fd97ed to
3213882
Compare
SergiiDmytruk
force-pushed
the
enable-capsule-updates
branch
from
3213882 to
1c539cc
Compare
SergiiDmytruk
force-pushed
the
enable-capsule-updates
branch
from
1c539cc to
c03aab8
Compare
krystian-hebel
approved these changes
Jul 24, 2024
SergiiDmytruk
force-pushed
the
enable-capsule-updates
branch
from
3e51d7c to
933d5f1
Compare
SergiiDmytruk
force-pushed
the
enable-capsule-updates
branch
from
933d5f1 to
a841165
Compare
|
Force-pushed a rebase. |
3 tasks
SergiiDmytruk
force-pushed
the
enable-capsule-updates
branch
from
a841165 to
1370be0
Compare
|
Force-push:
|
SergiiDmytruk
force-pushed
the
enable-capsule-updates
branch
from
1370be0 to
f171cf7
Compare
|
Force-push:
|
SergiiDmytruk
force-pushed
the
enable-capsule-updates
branch
from
f171cf7 to
64d767b
Compare
|
Force-push: rebase onto the latest target branch. |
SergiiDmytruk
force-pushed
the
rebased
branch
from
8eccede to
6b645e4
Compare
SergiiDmytruk
force-pushed
the
enable-capsule-updates
branch
from
1382f90 to
d73ef59
Compare
|
Force-push: rebase onto the latest target branch. |
SergiiDmytruk
force-pushed
the
enable-capsule-updates
branch
from
97938d0 to
88a61f5
Compare
This is using test certificate stored in this repository, but the root include was copied to ease replacement with the production key. Building additionally requires defining CAPSULE_FIRMWARE_GUID to firmware GUID in string form. FDF file is not updated because FMP driver will be embedded into update capsule. Signed-off-by: Sergii Dmytruk <[email protected]>
It will be used elsewhere. Signed-off-by: Sergii Dmytruk <[email protected]>
…sule update This should ensure that various protection mechanisms are off and won't get in the way of firmware flashing. Signed-off-by: Sergii Dmytruk <[email protected]>
The library was handling address switch event and updating pointers via EfiConvertPointer() from UefiRuntimeLib which can't be used in a non-runtime DXE. Turn event handler into an exported function and make SmmStoreFvb invoke that function in its handler of virtual address change. Signed-off-by: Sergii Dmytruk <[email protected]>
This allows reusing SMMSTORE protocol for the purpose of firmware updates. Signed-off-by: Sergii Dmytruk <[email protected]>
Such strings include, for example, coreboot version information. Signed-off-by: Sergii Dmytruk <[email protected]>
Part of functions of the library are left unimplemented (return EFI_UNSUPPORTED) the rest use information about current firmware obtained from CBMEM and SMMSTOREv2 to perform flashing. Flashing is slightly optimized: FmpDeviceSetImageWithStatus() first reads a block and checks that it differs from the new contents before initiating erase and write. Signed-off-by: Sergii Dmytruk <[email protected]>
…s HAP-disabled HAP-disabled ME doesn't do anything, including writing to system flash, which is what we need for a firmware update that relies on a warm reset. coreboot assumes that HECI/soft-disabled state of ME isn't as good as HMRFPO and switches to HMRFPO doing a global reset which loses in-RAM capsules. Checking variable's value should be enough, if somebody manually set it to an invalid value, the update there will be a reboot without a capsule update. A more reliable solution would be to pass this information from coreboot. Signed-off-by: Sergii Dmytruk <[email protected]>
…psules Signed-off-by: Sergii Dmytruk <[email protected]>
coreboot flash map data parsing library. There is a small amount of code, so modify it to mostly look like EDK code. Signed-off-by: Sergii Dmytruk <[email protected]>
This is a preparation for moving data from current image. Signed-off-by: Sergii Dmytruk <[email protected]>
Introduce and integrate MergeFirmwareImages() which will perform the migration. Signed-off-by: Sergii Dmytruk <[email protected]>
Signed-off-by: Sergii Dmytruk <[email protected]>
Signed-off-by: Sergii Dmytruk <[email protected]>
Signed-off-by: Sergii Dmytruk <[email protected]>
The code is imported in its essentially unchanged form (although large chunks of unused code were removed). There is a header which maps C symbols to their equivalents in EDK2 to make the code work without modifications. Signed-off-by: Sergii Dmytruk <[email protected]>
Returning an error from this function can disable useful functionality like capsule updates because progress bar treats such errors as fatal... Signed-off-by: Sergii Dmytruk <[email protected]>
The information is stored in CBFS files with known names. Signed-off-by: Sergii Dmytruk <[email protected]>
Simple EFI variables driver as a library. Signed-off-by: Sergii Dmytruk <[email protected]>
Instead of copying whole SMMSTORE region. Signed-off-by: Sergii Dmytruk <[email protected]>
…s bar Position and size of progress bar produced by DisplayUpdateProgressLibGraphics depends on the size of boot logo. As the logo can be customized by users, a dummy logo with determinable dimensions, depending on the size of current GOP mode, is created to make progress bar appear always in the same place. Signed-off-by: Krystian Hebel <[email protected]>
Project page: https://gitlab.com/bztsrc/scalable-font2 Signed-off-by: Krystian Hebel <[email protected]>
Signed-off-by: Krystian Hebel <[email protected]>
…errors Reasoning for ignoring errors is that this driver gives only informational output, and failure to do so shouldn't abort the update process. Signed-off-by: Krystian Hebel <[email protected]>
Previously, the code chose the highest non-reserved RAM region below 4G mark, regardless of its size. If the memory is fragmented, this may result in failed memory allocation further down the line. Skip regions smaller than PeiMemSize as defined in BlPeiEntryPoint. In some cases, it isn't possible to differentiate between structures in RAM (e.g. coreboot tables) and memory reserved by System Agent (e.g. TSEG, GSM) based on memory region type. Both are reported as reserved memory and they may even be combined into one region, but their caching methods must be different. Because of that, MTRR setting code is no longer called at this point. This depends on coreboot setting memory caching attributes properly, which it already does. Signed-off-by: Krystian Hebel <[email protected]>
This is required for initializing capsule update process from Linux's capsule_loader. It also fixes the possibility for putting the device in infinite FUM loop by creating the variable with runtime access. SetVariable() in WarnIfFirmwareUpdateMode() used to remove the variable failed because of mismatched attributes. According to UEFI specification, > If a preexisting variable is rewritten with no access attributes > specified, the variable will be deleted. This is exactly what is needed. The other way to delete a variable is to specify matching attributes and set the size of a variable as 0. Signed-off-by: Krystian Hebel <[email protected]>
The MTRRs have already been programmed by FSB (coreboot). Change-Id: I8c6e7657b789edac8ee83a89318209a598712db8 Signed-off-by: Patrick Rudolph <[email protected]> Signed-off-by: Sergii Dmytruk <[email protected]>
krystian-hebel
force-pushed
the
enable-capsule-updates
branch
from
5b3658c to
b7e2998
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This lacks FMP for update to actually do anything.
New CAPSULE_ENABLE define in DasharoPayloadPkg.dsc adds required libraries/DXEs/PCDs and enables building of CapsuleApp which is useful for testing.
BlSupportPei now switches boot mode to BOOT_ON_FLASH_UPDATE if there are any capsules. It's not guarded by any PCD under the assumption that coreboot won't pass capsules if EDK shouldn't be handling them.
EsrtDxe is enabled to manage and cache ESRT entries (caching is supposedly necessary after a capsule is processed, although don't really understand why). ProcessCapsules() internally looks up EsrtManagementProtocol and calls SyncEsrtFmp() to import data from available FMP instances.
PlatformBootManagerLib was made to call ProcessCapsules() (twice).