Platform/ARM/VExpressPkg: support firmware update feature. #873
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
LeviYeoReum
force-pushed
the
levi/fwu_phase_1
branch
from
4d0fcbf to
0092496
Compare
LeviYeoReum
force-pushed
the
levi/fwu_phase_1
branch
from
0092496 to
09b3418
Compare
LeviYeoReum
force-pushed
the
levi/fwu_phase_1
branch
2 times, most recently
from
0cf1d92 to
19ceea7
Compare
CapsuleUpdatePolicyLib is used to control the CapsuleUpdate process.
Normaly, it's enough to use CapsuleUpdatePolicyLibNull if platform
updates firmware via the CapsuleUpdate with Coalescing.
However, if the platform updates the firmware without coalescing,
it would follow one of the approach listed below:
1. fwupdate (using capsule on disk) - ReadyToBoot phase.
2. CapsuleApp (in UEFI Shell) - ReadyToBoot phase.
3. Runtime Capsule Update - Runtime phase.
The implementation of IsLockFmpDeviceAtLockEventGuidRequired() in
CapsuleUpdatePolicyLibNull, returns TRUE. Which means the
FmpDevicePkg Variables (i.e FmpVersionX, FmpLsvX, LastAttemptStatusX,
LastAttemptVersionX and etc) are locked to prevent any updates. Therefore,
FmpDevicePkg cannot access the Variable after the EndofDxe phase.
Arm does not update the firmware using capsule coalescing. It updates
the firmware by streaming the update data to StandaloneMm which has
an update client that manages the firmware storage device. This means
device locking is not required.
Therefore, add platform specific library that returns FALSE for
IsLockFmpDeviceAtLockEventGuidRequired() so that FmpDevicePkg
can access the variable data. This also means FmpDeviceLib does
not need to implement the FmpDeviceLock().
Signed-off-by: Yeoreum Yun <yeoreum.yun@arm.com>
Add firmware update feature related GUID used in UEFI/StandaloneMm. Signed-off-by: Yeoreum Yun <yeoreum.yun@arm.com>
For platform that use A/B firmware storage layout with system fip image for firmware update feature, introduce FmpSystemFipImage.dsc.inc that adds the FmpDevicePkg driver to perform firmware update. Signed-off-by: Yeoreum Yun <yeoreum.yun@arm.com>
…rmVExpressLib
This is preparation patch for FwsGptSystemFipLib which uses
firmware storage with GPT partitions with system fip image..
Here is brief view how it works:
UEFI (Normal world) | StandaloneMm (Secure world)
---------------------------------|--------------------------------------
| +-------+
| ---------| Fws |
| | +-------+
+------------------+ | | (Gpt parted)
| FmpDevicePkg | | Read /Write Image |
+------------------+ | |
| | +-------------------+
| SetTheImage and etc | | FwsPlatformLib |
| progress via FmpDeviceLib | +-------------------+
| | |
| | Parsing Request | Access Fws via
| | | FwsPlatformLib
| | |
| | |
-> +---------------------+ PSA ABI (FF-A) +-------------------+
| FmpDevicePsaFwuLib |<------------------> | FwuSmm.c |
| (FmpDeviceLib) | PSA Error code +-------------------+
+---------------------+ |
The following diagram depicts the GPT partition layout of the FLASH
area defined ny TF-A.
+----------------------+
| GPT-HEADER |
+----------------------+
| FIP_A (bank0) |
+----------------------+
| FIP_B (bank1) |
+----------------------+
| FWU-Metadata |
+----------------------+
| Bkup-FWU-Metadata |
+----------------------+
each image bank contains 1 image (only fip image).
To access each bank and firmware update metadata,
we need a standard API. Therefore, define a
standard mechanism for accessing these partitions
in the FwsGptSystemFipLib which implementing FwsPlatformLib.
Signed-off-by: Yeoreum Yun <yeoreum.yun@arm.com>
…sGptSystemFipLib Platform Firwmare security firmware Update for the A-profile Arm Architecture defines two versions of firwmare update storage metadata. In real world, Arm only uses firmware update storagae metadata version 2. In light of the above, and to support future versions, introduce a firmware update storage metadata API by defining an operation interface that can be used to select version specific handling. Signed-off-by: Yeoreum Yun <yeoreum.yun@arm.com>
FwsPlatformLib is platform specific library class used to access the firmware storage. In case of Base FVP, this is implemented with FwsGptSystemFipLib which uses GPT partitions and system fip image. Following is the PSA-FWU GPT-partition layout for the flash as defined by TF-A: +----------------------+ | GPT-HEADER | +----------------------+ | FIP_A (bank0) | +----------------------+ | FIP_B (bank1) | +----------------------+ | FWU-Metadata | +----------------------+ | Bkup-FWU-Metadata | +----------------------+ FwsGptSystemFipLib defines API to access the GPT partitions for updating the images in the banks and to read/update the Metadata. Signed-off-by: Yeoreum Yun <yeoreum.yun@arm.com>
FwuSmm Driver is driver providing Firmware Update Service.
First, It parses the normal world request and
It accesses firmware storage using FwStore's protocol to handle
request of FmpDeviceLib according to
Platform Security Firmware Update for A-profile's ABI:
https://developer.arm.com/documentation/den0118/latest
Here is brief view how it works:
UEFI (Normal world) | StandaloneMm (Secure world)
---------------------------------|--------------------------------------
| +-------+
| ---------| Fws |
| | +-------+
+------------------+ | | (Gpt parted)
| FmpDevicePkg | | Read /Write Image |
+------------------+ | |
| | +-------------------+
| SetTheImage and etc | | FwsPlatformLib |
| progress via FmpDeviceLib | +-------------------+
| | |
| | Parsing Request | Access Fws via
| | | FwsPlatformLib
| | |
| | |
-> +---------------------+ PSA ABI (FF-A) +-------------------+
| FmpDevicePsaFwuLib |<------------------> | FwuSmm.c |
| (FmpDeviceLib) | PSA Error code +-------------------+
+---------------------+ |
Signed-off-by: Yeoreum Yun <yeoreum.yun@arm.com>
To update firmware in StandAloneMm, StandAloneMm should access the firmware update storage. This patch adds firmware storage information. Signed-off-by: Yeoreum Yun <yeoreum.yun@arm.com>
Firmware Update feature using the CapsuleUpdate framework with
FmpDevicePkg in edk2.
To build FmpDevicePkg updating system fip image,
It needs:
- Test Certificate file.
- FmpDevicePkg build file for System Fip Image update.
This patch adds required files used build Base FVP image with FmpDevicePkg
and enable FmpDevicePkg on Base FVP.
Signed-off-by: Yeoreum Yun <yeoreum.yun@arm.com>
…andaloneMm Add firmware update feature StandaloneMm on Base FVP. When firmware update feature is used, Base FVP must use StnadAloneMm. Signed-off-by: Yeoreum Yun <yeoreum.yun@arm.com>
To make firmware update test easier, add useful tools for firmware
update feature.
- GenFwuMetadata.py
> Generate firmware update metadata version 2 only.
- gen_gpt_flash.sh
> Generate initial firmware update storage.
- GenTestCert.py
> Generate test certificate chain to build FmpDevicePkg.
Signed-off-by: Yeoreum Yun <yeoreum.yun@arm.com>
Add Readme.txt file for describing and how to build to use firmware update feature. Signed-off-by: Yeoreum Yun <yeoreum.yun@arm.com>
LeviYeoReum
force-pushed
the
levi/fwu_phase_1
branch
from
19ceea7 to
b8d21a3
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Introduction
The Firmware Update Feature is based on
[Platform Security Firmware Update for the A-profile Specification 1.0][1] specification.
To update firmware, Firmware Update Feature uses FmpDevicePkg framework
for the firmware to be updated via capsule update framework.
Updates firmware with Capsule update framework in Arm with following steps:
according to PSA specification.
This is slight different from other architecture which using
coalescing update firmware with following steps:
for preventing arbitrary access to firmware storage device locked after EndofDxe phase.
It's the reason Arm doesn't supports coalescing way because
- According to platform UEFI doesn't run in ROM but
it loaded to memory by TF-A
- According to platform, it can skip PEICORE (See EDK2_SKIP_PEICORE)
- Arm doesn't need to lock the firmware storage device because
it's completely isolated in StandaloneMm (at S-EL0).
Therefore, operating system, uefi or any other software components running in
normal world cannot access isolated firmware storage.
By doing so, it can remove WarmReset for unlocking device and support runtime
firmware update in the future.
This implementation is written for platforms where firmware storage's layout
(typical platform is Base FVP platform):
and uses FwsGptSystemFipLib used to access above firmware storage.
Overview
Here is an overview of Firmware Update Feature.
When UEFI calls UpdateCapsule(), FmpDevicePkg->SetTheImage() is called.
Through FmpDeviceLib, FmpDevicePkg requests a firmware update to StandaloneMm
according to Firmware Store Update ABI defined in [PSA][1] spec via PsaFwuLib.
Then FwuStMm StandaloneMm driver parses requests from PsaFwuLib and access to firmware
storage via FwsPlatformLib which is platform specific library.
Patch Sequence
Patch #1 adds CapsuleUpdateRuntimePolicyLib for Arm platform.
Patch #2 adds related GUID used for firmware update
Patch #3 adds FmpDevicePkg.dsc for firwmare update
Patch #4-#6 implements FwsGptSystemFipLib
Patch #7 adds FwuDriver which is firmware update agent
Patch #8 - #12 enables firmware update feature in FVP RevC platform.
References
[1] https://developer.arm.com/documentation/den0118/latest/
[2] https://developer.arm.com/products/system-design/fixed-virtual-platforms