From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received-SPF: Pass (sender SPF authorized) identity=mailfrom; client-ip=2a00:1450:400c:c0c::244; helo=mail-wr0-x244.google.com; envelope-from=ard.biesheuvel@linaro.org; receiver=edk2-devel@lists.01.org Received: from mail-wr0-x244.google.com (mail-wr0-x244.google.com [IPv6:2a00:1450:400c:c0c::244]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 7A4F7212143C3 for ; Tue, 12 Jun 2018 04:23:36 -0700 (PDT) Received: by mail-wr0-x244.google.com with SMTP id f16-v6so23681076wrm.3 for ; Tue, 12 Jun 2018 04:23:36 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id; bh=fGcvurV3POiVZ7m8mL4cptJCXTlepsbDtk2b7f/U9+s=; b=G7awQ2ohdSqv8utDNx48gJWB4RcD2YW+UlQkQwi8ESc1K25UYpfc4exwtEDqSvuvWO NHv32MDE9BEfN0xph968EkqNaATW8fls1/hklG124MZBxnHUqdAhnMxzhrOsctKAu9BL SlkOG+5vKm7Brq3/HS/kIZUC6QzguesHLgjho= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=fGcvurV3POiVZ7m8mL4cptJCXTlepsbDtk2b7f/U9+s=; b=nT4MzcGGSNqXEXpPg0Gs8pR4LTPK7959VNVagplc24P3Z92ptV7Ne7ZLe20Pb/FDzs 5HsUoRHkVsTsblvvu7LfaGZdI18vsKO+oZkNMoU18jGVi4F+JIdE169MpaX30DhUD1qh wXu43DhNK6dFrAX8jsvdnFfNKkCW2Rj91JzgVMFOiMykwGEF5yvkCAfb2hzxbyBI4fjQ Bdq5gDoPD+GZi5GmcqAlwkoBiN4ncYhwfzjPwZL+7kGsFYYJz08v0YZHIxI/PpeNGsFR P08bZiq/DtsctgicPo5Pse+t5VndnDoce5G7fzLochk9qYSxvIyNPkZEH3jBOnR3VjWe wnmw== X-Gm-Message-State: APt69E2a/nS69xVzFwFVseOU+V9k8I/U5igII9VwcACfTzQok63RoN6t n5dpgS4efM/vr864kHSHuplLB5f4YrQ= X-Google-Smtp-Source: ADUXVKJN8zw7zpkk+WEJGpcDTatiOulkSck1NbDYdvXZfvMYVf1/V5Q75YdxWyOm9gvpSgxAG27Vcw== X-Received: by 2002:adf:b0da:: with SMTP id j26-v6mr2196755wra.3.1528802613835; Tue, 12 Jun 2018 04:23:33 -0700 (PDT) Received: from dogfood.home ([2a01:cb1d:112:6f00:3c84:18ae:27f2:d03]) by smtp.gmail.com with ESMTPSA id o16-v6sm1177202wrp.8.2018.06.12.04.23.31 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 12 Jun 2018 04:23:32 -0700 (PDT) From: Ard Biesheuvel To: edk2-devel@lists.01.org Cc: leif.lindholm@linaro.org, star.zeng@intel.com, jiewen.yao@intel.com, michael.d.kinney@intel.com, Ard Biesheuvel Date: Tue, 12 Jun 2018 13:23:25 +0200 Message-Id: <20180612112329.664-1-ard.biesheuvel@linaro.org> X-Mailer: git-send-email 2.17.1 Subject: [PATCH v3 0/4] MdeModulePkg ArmPkg: support for persistent capsules and progress reporting X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.26 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 12 Jun 2018 11:23:36 -0000 This is the delta of code required to implement PersistAcrossReset on ARM systems, and to wire up the capsule handling routines in a way that makes the new progress reporting code do something meaningful on such platforms. Changes since v2: - move cache handling from CapsulePei to CapsuleRuntimeDxe, and make it ARM only - drop patch to change ProcessCapsules() logic in DxeCapsuleLibFmp; instead, the platform BDS code is modified to perform the ProcessCapsuleImage() call directly Changes since v1: - incorporate Star's feedback (#1, #2) - add Leif's ack (#4) Patch #1 ensures that the capsule data which is preserved in DRAM across a reboot is written back to main memory before attempting to access it with the caches off. Patch #2 updates DxeCapsuleLibFmp so it does not pass down the progress indication callback if its own attempt to invoke it has already failed. Patch #3 updates ArmPkg's generic PlatformBootManagerLib implementation to only call ProcessCapsules() after the [potentially non-trusted] console is up and running, to ensure that firmware update progress can be reported to the user. Patch #4 modifies ArmSmcPsciResetSystemLib to emulate a proper warm reboot by reentering PEI with interrupts, MMU and caches enabled. This works around the lack of an architected warm reboot in most current implementations. (The PSCI spec does cover warm reboot, but it was added recently and most secure firmware implementations haven't caught up yet) Ard Biesheuvel (4): MdeModulePkg/CapsuleRuntimeDxe: clean the capsule payload to DRAM MdeModulePkg/DxeCapsuleLibFmp: pass progress callback only if it works ArmPkg/PlatformBootManagerLib: call ProcessCapsules() only once ArmPkg/ArmSmcPsciResetSystemLib: implement fallback for warm reboot ArmPkg/ArmPkg.dec | 4 + .../ArmSmcPsciResetSystemLib.c | 21 ++++- .../ArmSmcPsciResetSystemLib.inf | 9 ++ .../PlatformBootManagerLib/PlatformBm.c | 87 +++++++++++++------ .../PlatformBootManagerLib.inf | 1 + .../Library/DxeCapsuleLibFmp/DxeCapsuleLib.c | 13 ++- .../CapsuleRuntimeDxe/Arm/CacheMaintenance.c | 70 +++++++++++++++ .../CapsuleRuntimeDxe/CacheMaintenance.c | 39 +++++++++ .../CapsuleRuntimeDxe/CapsuleRuntimeDxe.inf | 13 ++- .../CapsuleRuntimeDxe/CapsuleService.c | 24 +++++ 10 files changed, 247 insertions(+), 34 deletions(-) create mode 100644 MdeModulePkg/Universal/CapsuleRuntimeDxe/Arm/CacheMaintenance.c create mode 100644 MdeModulePkg/Universal/CapsuleRuntimeDxe/CacheMaintenance.c -- 2.17.1