diff options
Diffstat (limited to 'doc')
| -rw-r--r-- | doc/README.rmobile | 1 | ||||
| -rw-r--r-- | doc/board/socionext/developerbox.rst | 154 | ||||
| -rw-r--r-- | doc/board/ti/j7200_evm.rst | 332 | ||||
| -rw-r--r-- | doc/board/ti/k3.rst | 1 | ||||
| -rw-r--r-- | doc/build/clang.rst | 36 | ||||
| -rw-r--r-- | doc/develop/uefi/uefi.rst | 66 | ||||
| -rw-r--r-- | doc/device-tree-bindings/firmware/firmware-version.txt | 22 | ||||
| -rw-r--r-- | doc/device-tree-bindings/firmware/fwu-mdata-mtd.yaml | 105 | ||||
| -rw-r--r-- | doc/mkeficapsule.1 | 10 | ||||
| -rw-r--r-- | doc/mkfwumdata.1 | 89 |
10 files changed, 796 insertions, 20 deletions
diff --git a/doc/README.rmobile b/doc/README.rmobile index ea170a25a6..524d839558 100644 --- a/doc/README.rmobile +++ b/doc/README.rmobile @@ -35,6 +35,7 @@ Currently the following boards are supported: | R8A77965 M3-N | Renesas Electronics ULCB | r8a77965_ulcb |---------------+----------------------------------------+------------------- | R8A77970 V3M | Renesas Electronics Eagle | r8a77970_eagle_defconfig +| R8A77970 V3M | Renesas Electronics V3MSK | r8a77970_v3msk_defconfig |---------------+----------------------------------------+------------------- | R8A77995 D3 | Renesas Electronics Draak | r8a77995_draak_defconfig '===============+========================================+=================== diff --git a/doc/board/socionext/developerbox.rst b/doc/board/socionext/developerbox.rst index 2d943c23be..aa7080e26c 100644 --- a/doc/board/socionext/developerbox.rst +++ b/doc/board/socionext/developerbox.rst @@ -57,14 +57,20 @@ Installation You can install the SNI_NOR_UBOOT.fd via NOR flash writer. -Flashing the U-Boot image on DeveloperBox requires a 96boards UART mezzanine or other mezzanine which can connect to LS-UART0 port. -Connect USB cable from host to the LS-UART0 and set DSW2-7 to ON, and turn the board on again. The flash writer program will be started automatically; don’t forget to turn the DSW2-7 off again after flashing. +Flashing the U-Boot image on DeveloperBox requires a 96boards UART mezzanine +or other mezzanine which can connect to the LS-UART0 port. +Connect USB cable from host to the LS-UART0 and set DSW2-7 to ON, and turn the +board on again. The flash writer program will be started automatically; +don't forget to turn the DSW2-7 off again after flashing. -*!!CAUTION!! If you failed to write the U-Boot image on wrong address, the board can be bricked. See below page if you need to recover the bricked board. See the following page for more detail* +*!!CAUTION!! If you write the U-Boot image on wrong address, the board can +be bricked. See below page if you need to recover the bricked board. See +the following page for more details* https://www.96boards.org/documentation/enterprise/developerbox/installation/board-recovery.md.html -When the serial flasher is running correctly is will show the following boot messages shown via LS-UART0:: +When the serial flasher is running correctly it will show the following boot +messages printed to the LS-UART0 console:: /*------------------------------------------*/ @@ -81,7 +87,143 @@ Once the flasher tool is running we are ready flash the UEFI image:: flash rawwrite 200000 100000 >> Send SPI_NOR_UBOOT.fd via XMODEM (Control-A S in minicom) << -*!!NOTE!! The flasher command parameter is different from the command for board recovery. U-Boot uses the offset 200000 (2-five-0, 2M in hex) and the size 100000 (1-five-0, 1M in hex).* +*!!NOTE!! The flasher command parameter is different from the command for +board recovery. U-Boot uses the offset 200000 (2-five-0, 2M in hex) and the +size 100000 (1-five-0, 1M in hex).* -After transferring the SPI_NOR_UBOOT.fd, turn off the DSW2-7 and reset the board. +After transferring the SPI_NOR_UBOOT.fd, turn off the DSW2-7 and +reset the board. + +Enable FWU Multi Bank Update +============================ + +DeveloperBox supports the FWU Multi Bank Update. You *MUST* update both +*SCP firmware* and *TF-A* for this feature. This will change the layout and +the boot process but you can switch back to the normal one by changing +the DSW 1-4 off. + +Configure U-Boot +---------------- + +To enable the FWU Multi Bank Update on the DeveloperBox board the +configs/synquacer_developerbox_defconfig enables default FWU configuration :: + + CONFIG_FWU_MULTI_BANK_UPDATE=y + CONFIG_FWU_MDATA=y + CONFIG_FWU_MDATA_MTD=y + CONFIG_FWU_NUM_BANKS=2 + CONFIG_FWU_NUM_IMAGES_PER_BANK=1 + CONFIG_CMD_FWU_METADATA=y + +And build it:: + + cd u-boot/ + export ARCH=arm64 + export CROSS_COMPILE=aarch64-linux-gnu- + make synquacer_developerbox_defconfig + make -j `noproc` + cd ../ + +By default, the CONFIG_FWU_NUM_BANKS and CONFIG_FWU_NUM_IMAGES_PER_BANKS are +set to 2 and 1 respectively. This uses FIP (Firmware Image Package) type image +which contains TF-A, U-Boot and OP-TEE (the OP-TEE is optional). +You can use fiptool to compose the FIP image from those firmware images. + +Rebuild SCP firmware +-------------------- + +Rebuild SCP firmware which supports FWU Multi Bank Update as below:: + + cd SCP-firmware/ + OUT=./build/product/synquacer + ROMFW_FILE=$OUT/scp_romfw/$SCP_BUILD_MODE/bin/scp_romfw.bin + RAMFW_FILE=$OUT/scp_ramfw/$SCP_BUILD_MODE/bin/scp_ramfw.bin + ROMRAMFW_FILE=scp_romramfw_release.bin + + make CC=arm-none-eabi-gcc PRODUCT=synquacer MODE=release + tr "\000" "\377" < /dev/zero | dd of=${ROMRAMFW_FILE} bs=1 count=196608 + dd if=${ROMFW_FILE} of=${ROMRAMFW_FILE} bs=1 conv=notrunc seek=0 + dd if=${RAMFW_FILE} of=${ROMRAMFW_FILE} bs=1 seek=65536 + cd ../ + +And you can get the `scp_romramfw_release.bin` file. + +Rebuild OPTEE firmware +---------------------- + +Rebuild OPTEE to use in new-layout FIP as below:: + + cd optee_os/ + make -j`nproc` PLATFORM=synquacer ARCH=arm \ + CROSS_COMPILE64=aarch64-linux-gnu- CFG_ARM64_core=y \ + CFG_CRYPTO_WITH_CE=y CFG_CORE_HEAP_SIZE=524288 CFG_CORE_DYN_SHM=y \ + CFG_CORE_ARM64_PA_BITS=48 CFG_TEE_CORE_LOG_LEVEL=1 CFG_TEE_TA_LOG_LEVEL=1 + cp out/arm-plat-synquacer/core/tee-pager_v2.bin ../arm-trusted-firmware/ + +The produced `tee-pager_v2.bin` is to be used while building TF-A next. + + +Rebuild TF-A and FIP +-------------------- + +Rebuild TF-A which supports FWU Multi Bank Update as below:: + + cd arm-trusted-firmware/ + make CROSS_COMPILE=aarch64-linux-gnu- -j`nproc` PLAT=synquacer \ + TRUSTED_BOARD_BOOT=1 SPD=opteed SQ_RESET_TO_BL2=1 GENERATE_COT=1 \ + MBEDTLS_DIR=../mbedtls BL32=tee-pager_v2.bin \ + BL33=../u-boot/u-boot.bin all fip fiptool + +And make a FIP image.:: + + cp build/synquacer/release/fip.bin SPI_NOR_NEWFIP.fd + tools/fiptool/fiptool update --tb-fw build/synquacer/release/bl2.bin SPI_NOR_NEWFIP.fd + +UUIDs for the FWU Multi Bank Update +----------------------------------- + +FWU multi-bank update requires some UUIDs. The DeveloperBox platform uses +following UUIDs. + + - Location UUID for the FIP image: 17e86d77-41f9-4fd7-87ec-a55df9842de5 + - Image type UUID for the FIP image: 10c36d7d-ca52-b843-b7b9-f9d6c501d108 + - Image UUID for Bank0 : 5a66a702-99fd-4fef-a392-c26e261a2828 + - Image UUID for Bank1 : a8f868a1-6e5c-4757-878d-ce63375ef2c0 + +These UUIDs are used for making a FWU metadata image. + +u-boot$ ./tools/mkfwumdata -i 1 -b 2 \ + 17e86d77-41f9-4fd7-87ec-a55df9842de5,10c36d7d-ca52-b843-b7b9-f9d6c501d108,5a66a702-99fd-4fef-a392-c26e261a2828,a8f868a1-6e5c-4757-878d-ce63375ef2c0 \ + ../devbox-fwu-mdata.img + +Create Accept & Revert capsules + +u-boot$ ./tools/mkeficapsule -A -g 7d6dc310-52ca-43b8-b7b9-f9d6c501d108 NEWFIP_accept.Cap +u-boot$ ./tools/mkeficapsule -R NEWFIP_revert.Cap + +Install via flash writer +------------------------ + +As explained in above section, the new FIP image and the FWU metadata image +can be installed via NOR flash writer. + +Once the flasher tool is running we are ready to flash the images.:: +Write the FIP image to the Bank-0 & 1 at 6MB and 10MB offset.:: + + flash rawwrite 600000 180000 + flash rawwrite a00000 180000 + >> Send SPI_NOR_NEWFIP.fd via XMODEM (Control-A S in minicom) << + + flash rawwrite 500000 1000 + flash rawwrite 530000 1000 + >> Send devbox-fwu-mdata.img via XMODEM (Control-A S in minicom) << + +And write the new SCP firmware.:: + + flash write cm3 + >> Send scp_romramfw_release.bin via XMODEM (Control-A S in minicom) << + +At last, turn on the DSW 3-4 on the board, and reboot. +Note that if DSW 3-4 is turned off, the DeveloperBox will boot from +the original EDK2 firmware (or non-FWU U-Boot if you already installed). diff --git a/doc/board/ti/j7200_evm.rst b/doc/board/ti/j7200_evm.rst new file mode 100644 index 0000000000..0d3a526516 --- /dev/null +++ b/doc/board/ti/j7200_evm.rst @@ -0,0 +1,332 @@ +.. SPDX-License-Identifier: GPL-2.0+ OR BSD-3-Clause +.. sectionauthor:: Udit Kumar <u-kumar1@ti.com> + +J7200 Platforms +=============== + +Introduction: +------------- +The J7200 family of SoCs are part of K3 Multicore SoC architecture platform +targeting automotive applications. They are designed as a low power, high +performance and highly integrated device architecture, adding significant +enhancement on processing power, graphics capability, video and imaging +processing, virtualization and coherent memory support. + +The device is partitioned into three functional domains, each containing +specific processing cores and peripherals: + +1. Wake-up (WKUP) domain: + * Device Management and Security Controller (DMSC) + +2. Microcontroller (MCU) domain: + * Dual Core ARM Cortex-R5F processor + +3. MAIN domain: + * Dual core 64-bit ARM Cortex-A72 + +More info can be found in TRM: https://www.ti.com/lit/pdf/spruiu1 + +Boot Flow: +---------- +Below is the pictorial representation of boot flow: + +.. code-block:: text + + +------------------------------------------------------------------------+-----------------------+ + | DMSC | MCU R5 | A72 | MAIN R5/C7x | + +------------------------------------------------------------------------+-----------------------+ + | +--------+ | | | | + | | Reset | | | | | + | +--------+ | | | | + | : | | | | + | +--------+ | +-----------+ | | | + | | *ROM* |----------|-->| Reset rls | | | | + | +--------+ | +-----------+ | | | + | | | | : | | | + | | ROM | | : | | | + | |services| | : | | | + | | | | +-------------+ | | | + | | | | | *R5 ROM* | | | | + | | | | +-------------+ | | | + | | |<---------|---|Load and auth| | | | + | | | | | tiboot3.bin | | | | + | | Start | | +-------------+ | | | + | | TIFS |<---------|---| Start | | | | + | | | | | TIFS | | | | + | +--------+ | +-------------+ | | | + | : | | | | | | + | +---------+ | | Load | | | | + | | *TIFS* | | | system | | | | + | +---------+ | | Config data | | | | + | | |<--------|---| | | | | + | | | | +-------------+ | | | + | | | | : | | | + | | | | : | | | + | | | | : | | | + | | | | +-------------+ | | | + | | | | | *R5 SPL* | | | | + | | | | +-------------+ | | | + | | | | | DDR | | | | + | | | | | config | | | | + | | | | +-------------+ | | | + | | | | | Load | | | | + | | | | | tispl.bin | | | | + | | | | +-------------+ | | | + | | | | | Load R5 | | | | + | | | | | firmware | | | | + | | | | +-------------+ | | | + | | |<--------|---| Start A72 | | | | + | | | | | and jump to | | | | + | | | | | DM fw image | | | | + | | | | +-------------+ | | | + | | | | | +-----------+ | | + | | |---------|-----------------------|---->| Reset rls | | | + | | | | | +-----------+ | | + | | TIFS | | | : | | + | |Services | | | +-----------+ | | + | | |<--------|-----------------------|---->|*ATF/OPTEE*| | | + | | | | | +-----------+ | | + | | | | | : | | + | | | | | +-----------+ | | + | | |<--------|-----------------------|---->| *A72 SPL* | | | + | | | | | +-----------+ | | + | | | | | | Load | | | + | | | | | | u-boot.img| | | + | | | | | +-----------+ | | + | | | | | : | | + | | | | | +-----------+ | | + | | |<--------|-----------------------|---->| *U-Boot* | | | + | | | | | +-----------+ | | + | | | | | | prompt | | | + | | | | | +-----------+ | | + | | | | | | Load R5 | | | + | | | | | | Firmware | | | + | | | | | +-----------+ | | + | | |<--------|-----------------------|-----| Start R5 | | +-----------+ | + | | |---------|-----------------------|-----+-----------+-----|----->| R5 starts | | + | | | | | | Load C7 | | +-----------+ | + | | | | | | Firmware | | | + | | | | | +-----------+ | | + | | |<--------|-----------------------|-----| Start C7 | | +-----------+ | + | | |---------|-----------------------|-----+-----------+-----|----->| C7 starts | | + | | | | | | +-----------+ | + | | | | | | | + | +---------+ | | | | + | | | | | + +------------------------------------------------------------------------+-----------------------+ + +- Here DMSC acts as master and provides all the critical services. R5/A72 + requests DMSC to get these services done as shown in the above diagram. + +Sources: +-------- +1. SYSFW: + Tree: git://git.ti.com/k3-image-gen/k3-image-gen.git + Branch: master + +2. ATF: + Tree: https://github.com/ARM-software/arm-trusted-firmware.git + Branch: master + +3. OPTEE: + Tree: https://github.com/OP-TEE/optee_os.git + Branch: master + +4. DM Firmware: + Tree: git://git.ti.com/processor-firmware/ti-linux-firmware.git + Branch: ti-linux-firmware + +5. U-Boot: + Tree: https://source.denx.de/u-boot/u-boot + Branch: master + +Build procedure: +---------------- +1. SYSFW: + +.. code-block:: bash + + make ARCH=arm CROSS_COMPILE=arm-none-linux-gnueabihf- SOC=j7200 SBL=u-boot-spl.bin SYSFW_PATH=<path to sysfw>/ti-fs-firmware-j7200-gp.bin + u-boot-spl.bin is generated at step 4. + +2. ATF: + +.. code-block:: bash + + make CROSS_COMPILE=aarch64-linux-gnu- ARCH=aarch64 PLAT=k3 TARGET_BOARD=generic SPD=opteed + +3. OPTEE: + +.. code-block:: bash + + make PLATFORM=k3-j7200 CFG_ARM64_core=y + +4. U-Boot: + +* 4.1 R5: + +.. code-block:: bash + + make CROSS_COMPILE=arm-linux-gnueabihf- j7200_evm_r5_defconfig O=build/r5 + make CROSS_COMPILE=arm-linux-gnueabihf- O=build/r5 + +* 4.2 A72: + +.. code-block:: bash + + make CROSS_COMPILE=aarch64-linux-gnu- j7200_evm_a72_defconfig O=build/a72 + make CROSS_COMPILE=aarch64-linux-gnu- ATF=<ATF dir>/build/k3/generic/release/bl31.bin TEE=<OPTEE OS dir>/out/arm-plat-k3/core/tee-pager_v2.bin DM=<DM firmware>/ti-dm/j7200/ipc_echo_testb_mcu1_0_release_strip.xer5f O=build/a72 + +Target Images +-------------- +Copy the below images to an SD card and boot: + - tiboot3.bin from step 1 + - tispl.bin, u-boot.img from 4.2 + +Image formats: +-------------- + +- tiboot3.bin: + +.. code-block:: console + + +-----------------------+ + | X.509 | + | Certificate | + | +-------------------+ | + | | | | + | | R5 | | + | | u-boot-spl.bin | | + | | | | + | +-------------------+ | + | | | | + | | FIT header | | + | | +---------------+ | | + | | | | | | + | | | DTB 1...N | | | + | | +---------------+ | | + | +-------------------+ | + | | | | + | | FIT HEADER | | + | | +---------------+ | | + | | | | | | + | | | sysfw.bin | | | + | | +---------------+ | | + | | | | | | + | | | board config | | | + | | +---------------+ | | + | | | | | | + | | | PM config | | | + | | +---------------+ | | + | | | | | | + | | | RM config | | | + | | +---------------+ | | + | | | | | | + | | | Secure config | | | + | | +---------------+ | | + | +-------------------+ | + +-----------------------+ + +- tispl.bin + +.. code-block:: console + + +-----------------------+ + | | + | FIT HEADER | + | +-------------------+ | + | | | | + | | A72 ATF | | + | +-------------------+ | + | | | | + | | A72 OPTEE | | + | +-------------------+ | + | | | | + | | R5 DM FW | | + | +-------------------+ | + | | | | + | | A72 SPL | | + | +-------------------+ | + | | | | + | | SPL DTB 1...N | | + | +-------------------+ | + +-----------------------+ + + +Switch Setting for Boot Mode +---------------------------- + +Boot Mode pins provide means to select the boot mode and options before the +device is powered up. After every POR, they are the main source to populate +the Boot Parameter Tables. + +The following table shows some common boot modes used on J7200 platform. More +details can be found in the Technical Reference Manual: +https://www.ti.com/lit/pdf/spruiu1 under the `Boot Mode Pins` section. + + +*Boot Modes* + +============ ============= ============= +Switch Label SW9: 12345678 SW8: 12345678 +============ ============= ============= +SD 00000000 10000010 +EMMC 01000000 10000000 +OSPI 01000000 00000110 +UART 01110000 00000000 +USB DFU 00100000 10000000 +============ ============= ============= + +For SW8 and SW9, the switch state in the "ON" position = 1. + +eMMC: +----- +ROM supports booting from eMMC raw read or UDA FS mode. + +Below is memory layout in case of booting from +boot 0/1 partition in raw mode. + +Current allocated size for tiboot3 size is 1MB, tispl is 2MB. + +Size of u-boot.img is taken 4MB for refernece, +But this is subject to change depending upon atf, optee size + +.. code-block:: console + + boot0/1 partition (8 MB) user partition + 0x0+----------------------------------+ 0x0+------------------------+ + | tiboot3.bin (1 MB) | | | + 0x800+----------------------------------+ | | + | tispl.bin (2 MB) | | | + 0x1800+----------------------------------+ | | + | u-boot.img (4MB) | | | + 0x3800+----------------------------------+ | | + | | | | + 0x3900+ environment | | | + | | | | + 0x3A00+----------------------------------+ +-------------------------+ + +In case of UDA FS mode booting, following is layout. + +All boot images tiboot3.bin, tispl and u-boot should be written to +fat formatted UDA FS as file. + +.. code-block:: console + + boot0/1 partition (8 MB) user partition + 0x0+---------------------------------+ 0x0+-------------------------+ + | | | tiboot3.bin* | + 0x800+----------------------------------+ | | + | | | tispl.bin | + 0x1800+----------------------------------+ | | + | | | u-boot.img | + 0x3800+----------------------------------+ | | + | | | | + 0x3900+ | | environment | + | | | | + 0x3A00+----------------------------------+ +-------------------------+ + + + +In case of booting from eMMC, write above images into raw or UDA FS. +and set mmc partconf accordingly. diff --git a/doc/board/ti/k3.rst b/doc/board/ti/k3.rst index b49a60caf1..2b2f4bb8bb 100644 --- a/doc/board/ti/k3.rst +++ b/doc/board/ti/k3.rst @@ -31,6 +31,7 @@ K3 Based SoCs :maxdepth: 1 j721e_evm + j7200_evm am62x_sk Boot Flow Overview diff --git a/doc/build/clang.rst b/doc/build/clang.rst index 1d35616eb5..cc265506c2 100644 --- a/doc/build/clang.rst +++ b/doc/build/clang.rst @@ -74,3 +74,39 @@ simplified with a simple wrapper script - saved as #!/bin/sh exec clang -target arm-freebsd-eabi --sysroot /usr/arm-freebsd "$@" + + +Known Issues +------------ + +When build U-boot for `xenguest_arm64_defconfig` target, it reports linkage +error: + +.. code-block:: bash + + aarch64-linux-gnu-ld.bfd: drivers/xen/hypervisor.o: in function `do_hypervisor_callback': + /home/leoy/Dev2/u-boot/drivers/xen/hypervisor.c:188: undefined reference to `__aarch64_swp8_acq_rel' + aarch64-linux-gnu-ld.bfd: drivers/xen/hypervisor.o: in function `synch_test_and_set_bit': + /home/leoy/Dev2/u-boot/./arch/arm/include/asm/xen/system.h:40: undefined reference to `__aarch64_ldset1_acq_rel' + aarch64-linux-gnu-ld.bfd: drivers/xen/hypervisor.o: in function `synch_test_and_clear_bit': + /home/leoy/Dev2/u-boot/./arch/arm/include/asm/xen/system.h:28: undefined reference to `__aarch64_ldclr1_acq_rel' + aarch64-linux-gnu-ld.bfd: drivers/xen/hypervisor.o: in function `synch_test_and_set_bit': + /home/leoy/Dev2/u-boot/./arch/arm/include/asm/xen/system.h:40: undefined reference to `__aarch64_ldset1_acq_rel' + aarch64-linux-gnu-ld.bfd: drivers/xen/hypervisor.o: in function `synch_test_and_clear_bit': + /home/leoy/Dev2/u-boot/./arch/arm/include/asm/xen/system.h:28: undefined reference to `__aarch64_ldclr1_acq_rel' + aarch64-linux-gnu-ld.bfd: drivers/xen/events.o: in function `synch_test_and_clear_bit': + /home/leoy/Dev2/u-boot/./arch/arm/include/asm/xen/system.h:28: undefined reference to `__aarch64_ldclr1_acq_rel' + aarch64-linux-gnu-ld.bfd: drivers/xen/events.o: in function `synch_test_and_set_bit': + /home/leoy/Dev2/u-boot/./arch/arm/include/asm/xen/system.h:40: undefined reference to `__aarch64_ldset1_acq_rel' + aarch64-linux-gnu-ld.bfd: drivers/xen/gnttab.o: in function `gnttab_end_access': + /home/leoy/Dev2/u-boot/drivers/xen/gnttab.c:109: undefined reference to `__aarch64_cas2_acq_rel' + Segmentation fault + +To fix the failure, we need to append option `-mno-outline-atomics` in Clang +command to not generate local calls to out-of-line atomic operations: + +.. code-block:: bash + + make HOSTCC=clang xenguest_arm64_defconfig + make HOSTCC=clang CROSS_COMPILE=aarch64-linux-gnu- \ + CC="clang -target aarch64-linux-gnueabi -mno-outline-atomics" -j8 diff --git a/doc/develop/uefi/uefi.rst b/doc/develop/uefi/uefi.rst index ffe25ca231..ffd13cebe9 100644 --- a/doc/develop/uefi/uefi.rst +++ b/doc/develop/uefi/uefi.rst @@ -318,6 +318,33 @@ Run the following command --guid <image GUID> \ <capsule_file_name> +The UEFI specification does not define the firmware versioning mechanism. +EDK II reference implementation inserts the FMP Payload Header right before +the payload. It coutains the fw_version and lowest supported version, +EDK II reference implementation uses these information to implement the +firmware versioning and anti-rollback protection, the firmware version and +lowest supported version is stored into EFI non-volatile variable. + +In U-Boot, the firmware versioning is implemented utilizing +the FMP Payload Header same as EDK II reference implementation, +reads the FMP Payload Header and stores the firmware version into +"FmpStateXXXX" EFI non-volatile variable. XXXX indicates the image index, +since FMP protocol handles multiple image indexes. + +To add the fw_version into the FMP Payload Header, +add --fw-version option in mkeficapsule tool. + +.. code-block:: console + + $ mkeficapsule \ + --index <index> --instance 0 \ + --guid <image GUID> \ + --fw-version 5 \ + <capsule_file_name> + +If the --fw-version option is not set, FMP Payload Header is not inserted +and fw_version is set as 0. + Performing the update ********************* @@ -510,6 +537,45 @@ where signature.dts looks like:: }; }; +Anti-rollback Protection +************************ + +Anti-rollback prevents unintentional installation of outdated firmware. +To enable anti-rollback, you must add the lowest-supported-version property +to dtb and specify --fw-version when creating a capsule file with the +mkeficapsule tool. +When executing capsule update, U-Boot checks if fw_version is greater than +or equal to lowest-supported-version. If fw_version is less than +lowest-supported-version, the update will fail. +For example, if lowest-supported-version is set to 7 and you run capsule +update using a capsule file with --fw-version of 5, the update will fail. +When the --fw-version in the capsule file is updated, lowest-supported-version +in the dtb might be updated accordingly. + +To insert the lowest supported version into a dtb + +.. code-block:: console + + $ dtc -@ -I dts -O dtb -o version.dtbo version.dts + $ fdtoverlay -i orig.dtb -o new.dtb -v version.dtbo + +where version.dts looks like:: + + /dts-v1/; + /plugin/; + &{/} { + firmware-version { + image1 { + image-type-id = "09D7CF52-0720-4710-91D1-08469B7FE9C8"; + image-index = <1>; + lowest-supported-version = <3>; + }; + }; + }; + +The properties of image-type-id and image-index must match the value +defined in the efi_fw_image array as image_type_id and image_index. + Executing the boot manager ~~~~~~~~~~~~~~~~~~~~~~~~~~ diff --git a/doc/device-tree-bindings/firmware/firmware-version.txt b/doc/device-tree-bindings/firmware/firmware-version.txt new file mode 100644 index 0000000000..ee90ce3117 --- /dev/null +++ b/doc/device-tree-bindings/firmware/firmware-version.txt @@ -0,0 +1,22 @@ +firmware-version bindings +------------------------------- + +Required properties: +- image-type-id : guid for image blob type +- image-index : image index +- lowest-supported-version : lowest supported version + +Example: + + firmware-version { + image1 { + image-type-id = "09D7CF52-0720-4710-91D1-08469B7FE9C8"; + image-index = <1>; + lowest-supported-version = <3>; + }; + image2 { + image-type-id = "5A7021F5-FEF2-48B4-AABA-832E777418C0"; + image-index = <2>; + lowest-supported-version = <7>; + }; + }; diff --git a/doc/device-tree-bindings/firmware/fwu-mdata-mtd.yaml b/doc/device-tree-bindings/firmware/fwu-mdata-mtd.yaml index 4f5404f999..6a22aeea30 100644 --- a/doc/device-tree-bindings/firmware/fwu-mdata-mtd.yaml +++ b/doc/device-tree-bindings/firmware/fwu-mdata-mtd.yaml @@ -1,13 +1,13 @@ # SPDX-License-Identifier: (GPL-2.0 OR BSD-2-Clause) %YAML 1.2 --- -$id: http://devicetree.org/schemas/firmware/u-boot,fwu-mdata-sf.yaml# -$schema: http://devicetree.org/meta-schemas/core.yaml# +$id: http://devicetree.org/schemas/firmware/u-boot,fwu-mdata-mtd.yaml# +$schema: http://devicetree.org/meta-schemas/base.yaml# title: FWU metadata on MTD device without GPT maintainers: - - Masami Hiramatsu <masami.hiramatsu@linaro.org> + - Jassi Brar <jaswinder.singh@linaro.org> properties: compatible: @@ -15,24 +15,101 @@ properties: - const: u-boot,fwu-mdata-mtd fwu-mdata-store: - maxItems: 1 - description: Phandle of the MTD device which contains the FWU medatata. + $ref: /schemas/types.yaml#/definitions/phandle + description: Phandle of the MTD device which contains the FWU MetaData and Banks. - mdata-offsets: + mdata-parts: + $ref: /schemas/types.yaml#/definitions/non-unique-string-array minItems: 2 - description: Offsets of the primary and secondary FWU metadata in the NOR flash. + maxItems: 2 + description: labels of the primary and secondary FWU metadata partitions in the 'fixed-partitions' subnode of the 'jedec,spi-nor' flash device node. + + patternProperties: + "fwu-bank[0-9]": + type: object + description: List of FWU mtd-backed banks. Typically two banks. + + properties: + id: + $ref: /schemas/types.yaml#/definitions/uint32 + description: Index of the bank. + + label: + $ref: /schemas/types.yaml#/definitions/non-unique-string-array + minItems: 1 + maxItems: 1 + description: label of the partition, in the 'fixed-partitions' subnode of the 'jedec,spi-nor' flash device node, that holds this bank. + + patternProperties: + "fwu-image[0-9]": + type: object + description: List of images in the FWU mtd-backed bank. + + properties: + id: + $ref: /schemas/types.yaml#/definitions/uint32 + description: Index of the bank. + + offset: + $ref: /schemas/types.yaml#/definitions/uint32 + description: Offset, from start of the bank, where the image is located. + + size: + $ref: /schemas/types.yaml#/definitions/uint32 + description: Size reserved for the image. + + uuid: + $ref: /schemas/types.yaml#/definitions/non-unique-string-array + minItems: 1 + maxItems: 1 + description: UUID of the image. + + required: + - id + - offset + - size + - uuid + additionalProperties: false + + required: + - id + - label + - fwu-images + additionalProperties: false required: - compatible - fwu-mdata-store - - mdata-offsets - + - mdata-parts + - fwu-banks additionalProperties: false examples: - | - fwu-mdata { - compatible = "u-boot,fwu-mdata-mtd"; - fwu-mdata-store = <&spi-flash>; - mdata-offsets = <0x500000 0x530000>; - }; + fwu-mdata { + compatible = "u-boot,fwu-mdata-mtd"; + fwu-mdata-store = <&flash0>; + mdata-parts = "MDATA-Pri", "MDATA-Sec"; + + fwu-bank0 { + id = <0>; + label = "FIP-Bank0"; + fwu-image0 { + id = <0>; + offset = <0x0>; + size = <0x400000>; + uuid = "5a66a702-99fd-4fef-a392-c26e261a2828"; + }; + }; + fwu-bank1 { + id = <1>; + label = "FIP-Bank1"; + fwu-image0 { + id = <0>; + offset = <0x0>; + size = <0x400000>; + uuid = "a8f868a1-6e5c-4757-878d-ce63375ef2c0"; + }; + }; + }; +... diff --git a/doc/mkeficapsule.1 b/doc/mkeficapsule.1 index 1ca245a10f..c4c2057d5c 100644 --- a/doc/mkeficapsule.1 +++ b/doc/mkeficapsule.1 @@ -62,6 +62,16 @@ Specify an image index Specify a hardware instance .PP +FMP Payload Header is inserted right before the payload if +.BR --fw-version +is specified + + +.TP +.BI "-v\fR,\fB --fw-version " firmware-version +Specify a firmware version, 0 if omitted + +.PP For generation of firmware accept empty capsule .BR --guid is mandatory diff --git a/doc/mkfwumdata.1 b/doc/mkfwumdata.1 new file mode 100644 index 0000000000..7dd718b26e --- /dev/null +++ b/doc/mkfwumdata.1 @@ -0,0 +1,89 @@ +.\" SPDX-License-Identifier: GPL-2.0-or-later +.\" Copyright (C) 2023 Jassi Brar <jaswinder.singh@linaro.org> +.TH MKFWUMDATA 1 2023-04-10 U-Boot +.SH NAME +mkfwumdata \- create FWU metadata image +. +.SH SYNOPSIS +.SY mkfwumdata +.OP \-a activeidx +.OP \-p previousidx +.OP \-g +.BI \-i\~ imagecount +.BI \-b\~ bankcount +.I UUIDs +.I outputimage +.YS +.SY mkfwumdata +.B \-h +.YS +. +.SH DESCRIPTION +.B mkfwumdata +creates metadata info to be used with FWU. +. +.SH OPTIONS +.TP +.B \-h +Print usage information and exit. +. +.TP +.B \-a +Set +.IR activeidx +as the currently active Bank. Default is 0. +. +.TP +.B \-p +Set +.IR previousidx +as the previous active Bank. Default is +.IR activeidx "-1" +or +.IR bankcount "-1," +whichever is non-negative. +. +.TP +.B \-g +Convert the +.IR UUIDs +as GUIDs before use. +. +.TP +.B \-i +Specify there are +.IR imagecount +images in each bank. +. +.TP +.B \-b +Specify there are a total of +.IR bankcount +banks. +. +.TP +.IR UUIDs +Comma-separated list of UUIDs required to create the metadata :- +location_uuid,image_type_uuid,<images per bank uuid list of all banks> +. +.TP +.IR outputimage +Specify the name of the metadata image file to be created. +. +.SH BUGS +Please report bugs to the +.UR https://\:source\:.denx\:.de/\:u-boot/\:u-boot/\:issues +U-Boot bug tracker +.UE . +.SH EXAMPLES +Create a metadata image with 2 banks and 1 image/bank, BankAct=0, BankPrev=1: +.PP +.EX +.in +4 +$ \c +.B mkfwumdata \-a 0 \-p 1 \-b 2 \-i 1 \\\\\& +.in +6 +.B 17e86d77-41f9-4fd7-87ec-a55df9842de5,\\\\\& +.B 10c36d7d-ca52-b843-b7b9-f9d6c501d108,\\\\\& +.B 5a66a702-99fd-4fef-a392-c26e261a2828,a8f868a1-6e5c-4757-878d-ce63375ef2c0 \\\\\& +.B fwu-mdata.img |