From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received-SPF: Pass (sender SPF authorized) identity=mailfrom; client-ip=2a00:1450:400c:c09::244; helo=mail-wm0-x244.google.com; envelope-from=ard.biesheuvel@linaro.org; receiver=edk2-devel@lists.01.org Received: from mail-wm0-x244.google.com (mail-wm0-x244.google.com [IPv6:2a00:1450:400c:c09::244]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id DE8FA211EFEFD for ; Wed, 13 Jun 2018 01:09:06 -0700 (PDT) Received: by mail-wm0-x244.google.com with SMTP id 69-v6so3507989wmf.3 for ; Wed, 13 Jun 2018 01:09:06 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id; bh=+w9OMCl3AGNZfeZrCaLnuX+WK4o5O/Mu2TZwLo/KKTk=; b=j5bD8YM621ZV/SwbyvxfuHqOkrf7dSaXg4oIE/HvYTIrsrFpxzKT2L1ysMr1YzfPTb cg53afldxF6Ta3zDoWo+GyZRrHo2hsEeU8EYpebyK2AxvvMFnpK04pqeGwf+CQ/In/sD s/IXxOcpYnokUS7zDEfYUETQIU6SoZoThkAJ8= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=+w9OMCl3AGNZfeZrCaLnuX+WK4o5O/Mu2TZwLo/KKTk=; b=GCqKQ9kloK/BZGugScDIC4CgQGyOOizvjz01l+ca4yDM1IiI1DkrZdYaXg/jWpk0CY zkfs9ppN9lmFDdYVkms1ahZXzIK0poFDXn4OrpBOc4++FT/IqIudoJw1EdipJTVpw7vm THz1xt6tasK9XuY7yxUjoPrZkdqRu1OUPZh5mMOIEALgKIKL0gGcw/3w1+qTg2RYDeZV 1CB0ou5r8gFJ8H0xKqQuIxSvvO7/+mCiFHnoRBLB98Wv3c+sP1evw9JQqKwQbNAbgSoo mPwKTm3QWIFnfKrXrsf0+I6dexufowp1FiF9+8thtHveP93rvcwol8akW7UJymsJLbvi bp6Q== X-Gm-Message-State: APt69E2RpMMhsUNzJMarxHwSiHmr71FlGJWx/q97Mz6fJprdzbNE4gZ4 DpE/sOVdEXDUGDUR3P2f493fePvHIeM= X-Google-Smtp-Source: ADUXVKIBQtRNqeW1mbQ8BHU930ynL/8lmFYtmoymG/B9sWYgW3EQinj18Xxkquw99QS3b+aBLffJPw== X-Received: by 2002:a1c:7401:: with SMTP id p1-v6mr2695237wmc.14.1528877344730; Wed, 13 Jun 2018 01:09:04 -0700 (PDT) Received: from dogfood.home ([2a01:cb1d:112:6f00:6dfc:b76c:4240:35ff]) by smtp.gmail.com with ESMTPSA id v31-v6sm4974772wrc.80.2018.06.13.01.09.03 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 13 Jun 2018 01:09:03 -0700 (PDT) From: Ard Biesheuvel To: edk2-devel@lists.01.org Cc: leif.lindholm@linaro.org, star.zeng@intel.com, jiewen.yao@intel.com, michael.d.kinney@intel.com, Ard Biesheuvel Date: Wed, 13 Jun 2018 10:08:57 +0200 Message-Id: <20180613080901.7156-1-ard.biesheuvel@linaro.org> X-Mailer: git-send-email 2.17.1 Subject: [PATCH v4 0/4] MdeModulePkg ArmPkg: support for persistent capsules and progress reporting X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.26 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 13 Jun 2018 08:09:07 -0000 This is the delta of code required to implement PersistAcrossReset on ARM systems, and to wire up the capsule handling routines in a way that makes the new progress reporting code do something meaningful on such platforms. Changes since v3: - let both UpdateCapsule() and QueryCapsuleCapabilities() return EFI_UNSUPPORTED when called at OS runtime on an ARM system - reset the system unconditionally after having processed any capsules (#3) - re-add Leif's ack (#3) Changes since v2: - move cache handling from CapsulePei to CapsuleRuntimeDxe, and make it ARM only - drop patch to change ProcessCapsules() logic in DxeCapsuleLibFmp; instead, the platform BDS code is modified to perform the ProcessCapsuleImage() call directly Changes since v1: - incorporate Star's feedback (#1, #2) - add Leif's ack (#4) Patch #1 ensures that the capsule data which is preserved in DRAM across a reboot is written back to main memory before attempting to access it with the caches off. Patch #2 updates DxeCapsuleLibFmp so it does not pass down the progress indication callback if its own attempt to invoke it has already failed. Patch #3 updates ArmPkg's generic PlatformBootManagerLib implementation to only call ProcessCapsules() after the [potentially non-trusted] console is up and running, to ensure that firmware update progress can be reported to the user. Patch #4 modifies ArmSmcPsciResetSystemLib to emulate a proper warm reboot by reentering PEI with interrupts, MMU and caches enabled. This works around the lack of an architected warm reboot in most current implementations. (The PSCI spec does cover warm reboot, but it was added recently and most secure firmware implementations haven't caught up yet) Ard Biesheuvel (4): MdeModulePkg/CapsuleRuntimeDxe: clean the capsule payload to DRAM MdeModulePkg/DxeCapsuleLibFmp: pass progress callback only if it works ArmPkg/PlatformBootManagerLib: call ProcessCapsules() only once ArmPkg/ArmSmcPsciResetSystemLib: implement fallback for warm reboot ArmPkg/ArmPkg.dec | 4 + .../ArmSmcPsciResetSystemLib.c | 21 ++++- .../ArmSmcPsciResetSystemLib.inf | 9 ++ .../PlatformBootManagerLib/PlatformBm.c | 86 +++++++++++++------ .../PlatformBootManagerLib.inf | 1 + .../Library/DxeCapsuleLibFmp/DxeCapsuleLib.c | 13 ++- .../CapsuleRuntimeDxe/Arm/CapsuleReset.c | 77 +++++++++++++++++ .../CapsuleRuntimeDxe/CapsuleReset.c | 51 +++++++++++ .../CapsuleRuntimeDxe/CapsuleRuntimeDxe.inf | 14 ++- .../CapsuleRuntimeDxe/CapsuleService.c | 33 ++----- .../CapsuleRuntimeDxe/CapsuleService.h | 73 ++++++++++++++++ 11 files changed, 321 insertions(+), 61 deletions(-) create mode 100644 MdeModulePkg/Universal/CapsuleRuntimeDxe/Arm/CapsuleReset.c create mode 100644 MdeModulePkg/Universal/CapsuleRuntimeDxe/CapsuleReset.c create mode 100644 MdeModulePkg/Universal/CapsuleRuntimeDxe/CapsuleService.h -- 2.17.1