From patchwork Fri Apr 26 14:19:35 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Caleb Connolly X-Patchwork-Id: 792340 Delivered-To: patch@linaro.org Received: by 2002:adf:cc13:0:b0:346:15ad:a2a with SMTP id x19csp479467wrh; Fri, 26 Apr 2024 07:19:58 -0700 (PDT) X-Forwarded-Encrypted: i=2; AJvYcCWMKuUTL6W8zZUIprgZLYL1e+aUpCZ2kA6lE7nt6V52izjUr/jNXrDh4msmNqdtUG5DvghJ/1uYLiuG0rWkjlcf X-Google-Smtp-Source: AGHT+IFDJy7uLcZLGrEpoTpMhKISrAwdrCPW/OQ0uSK/uhC/p7UjGtAwL9bh9yBpH1zayBPVJOkf X-Received: by 2002:a05:600c:4f11:b0:419:87ab:f6db with SMTP id l17-20020a05600c4f1100b0041987abf6dbmr2220725wmq.23.1714141197781; Fri, 26 Apr 2024 07:19:57 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1714141197; cv=none; d=google.com; s=arc-20160816; b=EJNmJUTxGJwZMNw/k0sGYqpLlMzu5Nq/hogqrHAm9CvBeKtKR6M1UKf3W2JYPIFZ3C oYe8zPmK2cBUwYYZ7mFw2r1UoxuvjExUd84YFzEdyoNQuJ8aZjs9vTg+31pQ6LoIHnoD C9nNnv9x+Dion2YRgjhXWHMmUMcPKIGsRGAJ6Jb02OphlsvcPhn6ofY6t4KjakNnl+ev uBzArzUcptROnmbreRgbDiDDL3i3r1fQMDqWtj4ffAX8yoUTZL+Z/9hZNI+Rg045QShs ZTr5+5IdoK+sh/aQNGy6qfSNvmtvIbyhKATmk8r938F6Jl8R9QU91GBTCUXRRtSJl2qX e+iQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:cc:to:in-reply-to:references :message-id:content-transfer-encoding:mime-version:subject:date:from :dkim-signature; bh=+ScOBSUPYQXRqu9uQCWgEfTwcS0jSDSxjEPh1D2tP14=; fh=JifUN0ywmJGy8vEw5EHVVF15ah/755mzh2rCn/BztPM=; b=sAleMMEMiMEosA0HKXkseu8ylDAqKcqG1n8I5ZL9phLMr3k9zR40zbLvpXy3zPHDpt TLreuVrXrwKCBgeTjAEIM84bvbgZ+7DGVMKNDK2b+Z3UKUqtZRrKOM6dLGwa1Mp6JMfN K3Sa89GN6UbM9fjbWLvXw4tE9PnCajKNG7ZOtKE5Gf4KweV/pUPbURz5sjFiNkzhxgPf PLk7zwX9HSpHGt8L7A1jJkXOYhbK0IOi6sjvtMqFUalcjPe52EdHtmXJV/Ljghlu5vkZ 1Mit6n6LpElHjsM8IoRJpsEI4rxV7Bc/zMc4LesycZLypKlkQJ5e2c/j4tiDYKSGRFng jnXQ==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=bOaXzmwa; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from phobos.denx.de (phobos.denx.de. [2a01:238:438b:c500:173d:9f52:ddab:ee01]) by mx.google.com with ESMTPS id r1-20020a5d4981000000b00343b13f3cefsi9767535wrq.214.2024.04.26.07.19.56 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 26 Apr 2024 07:19:57 -0700 (PDT) Received-SPF: pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) client-ip=2a01:238:438b:c500:173d:9f52:ddab:ee01; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=bOaXzmwa; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id B859C89172; Fri, 26 Apr 2024 16:19:49 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="bOaXzmwa"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id 5738989175; Fri, 26 Apr 2024 16:19:46 +0200 (CEST) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.2 Received: from mail-ed1-x529.google.com (mail-ed1-x529.google.com [IPv6:2a00:1450:4864:20::529]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id 634318916C for ; Fri, 26 Apr 2024 16:19:44 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=caleb.connolly@linaro.org Received: by mail-ed1-x529.google.com with SMTP id 4fb4d7f45d1cf-56e69a51a33so2289467a12.1 for ; Fri, 26 Apr 2024 07:19:44 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1714141184; x=1714745984; darn=lists.denx.de; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:from:to:cc:subject:date:message-id :reply-to; bh=+ScOBSUPYQXRqu9uQCWgEfTwcS0jSDSxjEPh1D2tP14=; b=bOaXzmwaA6Tn2tUCGxFLrE9LwxzLE9N6x2f0L8nOaO+JJoAyw0BY5r3D+feUuBGmsh 1xdVeEtfE4iYplLtLOdC6fgSLsXg6t9SSoGwPd70P5qYl9xGoKFx5aURZ9qw5tRWsnuP lUFBs7bFuholotCVjT3U3o0BgKL8PHY2i67qw6/Dp7AAH3z1zSNRHmXNq5YbSI9eho0n FW0rdFNFnZWcQVl1+v0HhlZ3dp+XlpAPV2RXzWy6VHKnHUOFS9DcsKCo1jeDmT/lWgx6 9Tn1Agc2p3eyd2sBR77H9zu3AmGpGoS93iqi+4eRQwePlnRY5rzKvCemeDWNXtXp85bX 1bbQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1714141184; x=1714745984; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=+ScOBSUPYQXRqu9uQCWgEfTwcS0jSDSxjEPh1D2tP14=; b=pRX6+qm0fqC5UD3t+n+8P4FfRx+1Ie1D0HJlD7bFv4uJSA/cG2BAKG+reU8Df/Wltx h14iwUR3K61SPHcTHvnRTJupegCY/Mm5A8StCdzlOgEDKgB/uquAs5aumA05dzseju7/ EhuegEc2hXA5JfPIzXCPnU8QJg4nGwXhtgR+frCUa0njGA6FNSna2lp8pt5Jbhn8fKqf QJy43RFXVXs1xXvgpFNmUb9n29W8GrPMZdtYgE4kVob5+e80R+YthzCpPWAaQMgN5jDZ ImHextnpuY3rmQ2Xs82glUpAoak8iCo1JOfjyjPtNH/ObJer8e0Hxm04p+MlZAEHikQy t+1A== X-Gm-Message-State: AOJu0YyYQQ3Ct/r5325wwqXWvAJGo7eXT5Hv2xUOeeC2feQPyBU/05lJ LHxDEfiywdpG2/Pz+zgE457KCTCv7b+j7MY3MrWIdATUfheJ8+5J5fyO7txFg+k= X-Received: by 2002:a50:a412:0:b0:56e:4676:aa3a with SMTP id u18-20020a50a412000000b0056e4676aa3amr1958720edb.16.1714141183721; Fri, 26 Apr 2024 07:19:43 -0700 (PDT) Received: from [192.168.0.113] ([2a02:8109:aa0d:be00::9b06]) by smtp.gmail.com with ESMTPSA id ds2-20020a0564021cc200b0057059d26756sm10041182edb.76.2024.04.26.07.19.42 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 26 Apr 2024 07:19:43 -0700 (PDT) From: Caleb Connolly Date: Fri, 26 Apr 2024 16:19:35 +0200 Subject: [PATCH RFC 1/4] lib: uuid: add UUID v5 support MIME-Version: 1.0 Message-Id: <20240426-b4-dynamic-uuid-v1-1-e8154e00ec44@linaro.org> References: <20240426-b4-dynamic-uuid-v1-0-e8154e00ec44@linaro.org> In-Reply-To: <20240426-b4-dynamic-uuid-v1-0-e8154e00ec44@linaro.org> To: Tom Rini , Heinrich Schuchardt , Ilias Apalodimas , Richard Hughes Cc: u-boot@lists.denx.de, Caleb Connolly X-Mailer: b4 0.14-dev X-Developer-Signature: v=1; a=openpgp-sha256; l=3632; i=caleb.connolly@linaro.org; h=from:subject:message-id; bh=aV5bH35ybwlKtxSbQ79Rylaa2GjcuTfETF6uF8NdPD8=; b=owEBbQKS/ZANAwAIAQWDMSsZX2S2AcsmYgBmK7f95Pb4O+Gxi2/fjdzoBFfDtT0Psee7c5Op3 bVlu2DdawmJAjMEAAEIAB0WIQS2UaFGPGq+0GkMVc0FgzErGV9ktgUCZiu3/QAKCRAFgzErGV9k tieoD/9OGhKSb3Ap+olqSIJenxzlV3rRh41GtDPjmzlvgBMMJsC+NLSnmGCNJdym4fvBfebarkT /LjxQ8zAem5eSkEzDkB2eZtSJqt5Pg0z+eNsRkoj5kOurHTTofeATUC4otPjuVFnd+eRcHKn5+T dUOf1gpTB8R+fCPJO/whi7AQIdJ9NF7dlxh6eoWUe23BiGElXIII5/jR3sIb8TO2QJZWHLgtVcI G62u8VnI28lmR8lzz9vM1F/5oJaYKCmpmIErPYvHAr72/BDKf989L5/jqw/0rDMHMSqgLwPmbUZ FW9U4bgBsdho+jmB88Fqc6vH4Q5ly/TemdUCr8fBLulW0BBmctEztLyhRgUmqHyAO9V+1U6yXR1 MRpKpZlVUsJXJjZ5BgnTy0EYKomk2X+ZXZi7aZy3LaU0J2zl22ewqeldbUh/HJdYjZczEP09Md+ /OL/OttptCJiaMhd7kBsrI+zAfOvDT3Bt5QRBRvqZ8j1gqQCcQ8tnWHTlnDeb0IjKPQtiEQVeVZ UAVB4E31Y6hVN53KSCRUmUwUzJhLVL+9sHy8pC4dQ0qovKefJCdxpIoXY0LPaRPUIltH0gp5Ef1 dC6utDxdqysLqBCm0jH/DDc4xpxLJ7ZpnImXsZMWmdOiDC6Bup6Gu4EqpTs0rtH4wkM+BcIp46Z 2a/WIBWn45wE97Q== X-Developer-Key: i=caleb.connolly@linaro.org; a=openpgp; fpr=83B24DA7FE145076BC38BB250CD904EB673A7C47 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.39 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.8 at phobos.denx.de X-Virus-Status: Clean Add support for generate version 5 UUIDs, these are determistic and work by hashing a "namespace" UUID together with some unique data. One intended usecase is to allow for dynamically generate payload UUIDs for UEFI capsule updates, so that supported boards can have their own UUIDs without needing to hardcode them. Signed-off-by: Caleb Connolly --- include/uuid.h | 16 ++++++++++++++++ lib/Kconfig | 8 ++++++++ lib/uuid.c | 33 +++++++++++++++++++++++++++++++++ 3 files changed, 57 insertions(+) diff --git a/include/uuid.h b/include/uuid.h index f5a941250f48..229b938d866a 100644 --- a/include/uuid.h +++ b/include/uuid.h @@ -142,8 +142,24 @@ void gen_rand_uuid(unsigned char *uuid_bin); * @param - uuid output type: UUID - 0, GUID - 1 */ void gen_rand_uuid_str(char *uuid_str, int str_format); +#if CONFIG_IS_ENABLED(UUID_GEN_V5) +/** + * gen_uuid_v5() - generate UUID v5 from namespace and other seed data. + * + * @namespace: pointer to UUID namespace salt + * @uuid: pointer to allocated UUID output + * @...: NULL terminated list of seed data as pairs of pointers + * to data and their lengths + */ +void gen_uuid_v5(struct uuid *namespace, struct uuid *uuid, ...); +#else +static inline void gen_uuid_v5(struct uuid *namespace, struct uuid *uuid, ...) +{ +} +#endif + /** * uuid_str_to_le_bin() - Convert string UUID to little endian binary data. * @uuid_str: pointer to UUID string * @uuid_bin: pointer to allocated array for little endian output [16B] diff --git a/lib/Kconfig b/lib/Kconfig index 189e6eb31aa1..2941532f25cf 100644 --- a/lib/Kconfig +++ b/lib/Kconfig @@ -80,8 +80,16 @@ config RANDOM_UUID help Enable the generation of partitions with random UUIDs if none are provided. +config UUID_GEN_V5 + bool "Enable UUID version 5 generation" + select LIB_UUID + depends on SHA1 + help + Enable the generation of version 5 UUIDs, these are determistic and + generated from a namespace UUID, and a string (such as a board name). + config SPL_LIB_UUID depends on SPL bool diff --git a/lib/uuid.c b/lib/uuid.c index 2d7d99535e72..e7fda8dc736d 100644 --- a/lib/uuid.c +++ b/lib/uuid.c @@ -21,8 +21,9 @@ #include #include #include #include +#include int uuid_str_valid(const char *uuid) { int i, valid; @@ -368,8 +369,40 @@ void uuid_bin_to_str(const unsigned char *uuid_bin, char *uuid_str, } } } +#if CONFIG_IS_ENABLED(UUID_GEN_V5) +void gen_uuid_v5(struct uuid *namespace, struct uuid *uuid, ...) +{ + sha1_context ctx; + va_list args; + const u8 *data; + u8 hash[SHA1_SUM_LEN]; + + sha1_starts(&ctx); + /* Hash the namespace UUID as salt */ + sha1_update(&ctx, (char *)namespace, UUID_BIN_LEN); + va_start(args, uuid); + + while ((data = va_arg(args, const u8 *))) + sha1_update(&ctx, (char *)data, va_arg(args, int)); + + va_end(args); + sha1_finish(&ctx, hash); + + /* Truncate the hash into output UUID and convert it to big endian */ + cpu_to_be32_array((u32 *)uuid, (u32 *)hash, 4); + + /* Configure variant/version bits */ + clrsetbits_be16(&uuid->time_hi_and_version, + UUID_VERSION_MASK, + 5 << UUID_VERSION_SHIFT); + clrsetbits_8(&uuid->clock_seq_hi_and_reserved, + UUID_VARIANT_MASK, + UUID_VARIANT << UUID_VARIANT_SHIFT); +} +#endif + #if defined(CONFIG_RANDOM_UUID) || defined(CONFIG_CMD_UUID) void gen_rand_uuid(unsigned char *uuid_bin) { u32 ptr[4]; From patchwork Fri Apr 26 14:19:36 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Caleb Connolly X-Patchwork-Id: 792341 Delivered-To: patch@linaro.org Received: by 2002:adf:cc13:0:b0:346:15ad:a2a with SMTP id x19csp479571wrh; Fri, 26 Apr 2024 07:20:07 -0700 (PDT) X-Forwarded-Encrypted: i=2; AJvYcCXyuq99dQJtknS3MKtV3akPNgMNNbIU69BYXfhTNNreDgKSoBBncP00iWWJbD91LrYNo/oTcbTxScRXviSviwuw X-Google-Smtp-Source: AGHT+IHxH1OmaEmTd8faUgOJO3fMMqz8C35SHx3Th+8Y0WSv5zE7wKe05Im5EwCbi05Dxcvh1tx+ X-Received: by 2002:adf:a152:0:b0:34c:4d5b:1734 with SMTP id r18-20020adfa152000000b0034c4d5b1734mr1681464wrr.14.1714141207518; Fri, 26 Apr 2024 07:20:07 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1714141207; cv=none; d=google.com; s=arc-20160816; b=q9tqkpBiaIaY6GSJbJ8x9WFO82H698O023MelrWJGUY4bpRxpoOd5VIUNt6fyODOFa 42pOdp9WhQm6Yxu+cp2ynoB3qqfBhMIDjSWzr3/NaMdiXTDOIpKei8Ypswz4dfbeJ7DB m8ouhhsshRF6bdksxTKM7Imz+NwbblX0Dq4xpyvBpq5TuX7MorsqBSQA427ceCqyveLC ej5x6puH7k0N4fg6kfxRlf8ZxVVugy5vRUxAjGuvKQcs8FZwR7oOg4zpMKGfgzKdhpas +x8qcio9r0c2QmFglgxENDuyo8nmu/2plPJt+9Jo8tV5x6rTvjBHpKAeAA08F3C1t1rM lKcw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:cc:to:in-reply-to:references :message-id:content-transfer-encoding:mime-version:subject:date:from :dkim-signature; bh=I96UQMKCMZVk9G/+8NZaXHuNSujSrUJjsebt41L2Rkc=; fh=JifUN0ywmJGy8vEw5EHVVF15ah/755mzh2rCn/BztPM=; b=keeVMnfhR1FFy+qjb3z6NjW60rhlIZEtIf7sIAPr4XvnRGn9BB/HXyuVxFpgdUtTz3 Fae/2b3SgiW7KPxceTip0uG7XIvKmgQpv9/XsyBJx8Yhr1uTZznKKabnZk7/B4c3vdfc HOzu4ms2CayDgaZnGCrlprU9yHL57zXgr2OaV00sYQN/3hVy5RNopOfbSUWkcEnN9jyU nYaJK+Nsy+K/bsb75mZt3vmRD08IYtCMcHGoM297g1MW0+vJ6AKgVf3SNJZsUfBaZxxH m7KC9clHFHT81LCytc7rYAfMgFBzidgUvtkkkWQprq+q7jHkA0r4MXZllSZgcBL/8uSs IXtQ==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=um1UMJXD; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from phobos.denx.de (phobos.denx.de. [2a01:238:438b:c500:173d:9f52:ddab:ee01]) by mx.google.com with ESMTPS id b14-20020adfe64e000000b0034c34e3a7desi1515112wrn.316.2024.04.26.07.20.06 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 26 Apr 2024 07:20:07 -0700 (PDT) Received-SPF: pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) client-ip=2a01:238:438b:c500:173d:9f52:ddab:ee01; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=um1UMJXD; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 1E43F89175; Fri, 26 Apr 2024 16:19:50 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="um1UMJXD"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id E0F908917E; Fri, 26 Apr 2024 16:19:47 +0200 (CEST) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.2 Received: from mail-ed1-x52d.google.com (mail-ed1-x52d.google.com [IPv6:2a00:1450:4864:20::52d]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id 2A6D089173 for ; Fri, 26 Apr 2024 16:19:45 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=caleb.connolly@linaro.org Received: by mail-ed1-x52d.google.com with SMTP id 4fb4d7f45d1cf-572347c2ba8so2545145a12.3 for ; Fri, 26 Apr 2024 07:19:45 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1714141184; x=1714745984; darn=lists.denx.de; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:from:to:cc:subject:date:message-id :reply-to; bh=I96UQMKCMZVk9G/+8NZaXHuNSujSrUJjsebt41L2Rkc=; b=um1UMJXD6a8mDKXiWGZohOYvidhjdZdIY5uK9zK2/u8/bnTSHH82FN4twYnbe978vc YGrlo9ZCaKBh+V14Wr3ubWLLO9r4RRuURJ4tkff0yeSStyckMS2zMcAS36L9Q65BHfWn Lwi7hCwIVCMJF8clw/S+0Aug6A1iuI5PdWYn9WxN5oRC7j6C6sabmAY7fH7+U3ZKiedS CCiGmFXbFlJTXUz2JA/JJmsWMEcxPUGmoVIs7kYkbUqOVCoTeDrQs0T4xbw+THvpzx4t gCjhrpmIvuyrc+pWc3cxqieC6A2JqOlwbsL1Y5J0hAfitC+vkJ9+6FFdJyXxJ8ZjzCdj hnNg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1714141184; x=1714745984; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=I96UQMKCMZVk9G/+8NZaXHuNSujSrUJjsebt41L2Rkc=; b=EKvD1Zj7YamHFY0RPLJbcegpQhhcPLukDnd4XcRFXwgDU6pnVAx48/9WNOCrFLHUMM JXBW7q/V4G1huKkCohZiCYEdK//71+vKqlWTFoHTQQ2K2PiUq+Xs3L8rAkKS+yxSsHj0 u2E6bCqUTNQJyVt5sIelHkNehYDxdZ4k3L8aRUai3q2mYFyMOZDKLq+Y2YugfPlZPDoP 31IwIqyJipn9L5Nd5Bu/bP/lq5P/VKx17DHMjAMY43zs6zSuZ57WtI7YDOdYwf3NxATI UB95aeLvnRkLTVpJ5AeDs/mp94w8WNYfLDIytNdvEyRshy31Dg8erA9p7FDIXZLtKCDC /ZAw== X-Gm-Message-State: AOJu0YxE4TK2rUT9GX6yc+nHItdj8OkwPC9ai0fvFUB2oE7t23oGnvuR TR+3b4k8CodQkpZ3LCjY8X9U1tpd8GfnPAOZjvviqcKOpzPE7G3CBA+cs3KVW3QzNdIVNe8r84l UpZoQ5Q== X-Received: by 2002:a50:c049:0:b0:571:b9ac:ff3d with SMTP id u9-20020a50c049000000b00571b9acff3dmr1903100edd.4.1714141184729; Fri, 26 Apr 2024 07:19:44 -0700 (PDT) Received: from [192.168.0.113] ([2a02:8109:aa0d:be00::9b06]) by smtp.gmail.com with ESMTPSA id ds2-20020a0564021cc200b0057059d26756sm10041182edb.76.2024.04.26.07.19.43 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 26 Apr 2024 07:19:44 -0700 (PDT) From: Caleb Connolly Date: Fri, 26 Apr 2024 16:19:36 +0200 Subject: [PATCH RFC 2/4] efi: add a helper to generate dynamic UUIDs MIME-Version: 1.0 Message-Id: <20240426-b4-dynamic-uuid-v1-2-e8154e00ec44@linaro.org> References: <20240426-b4-dynamic-uuid-v1-0-e8154e00ec44@linaro.org> In-Reply-To: <20240426-b4-dynamic-uuid-v1-0-e8154e00ec44@linaro.org> To: Tom Rini , Heinrich Schuchardt , Ilias Apalodimas , Richard Hughes Cc: u-boot@lists.denx.de, Caleb Connolly X-Mailer: b4 0.14-dev X-Developer-Signature: v=1; a=openpgp-sha256; l=5086; i=caleb.connolly@linaro.org; h=from:subject:message-id; bh=BZqycRWqMsd1O7DfnNQx1DsKBKBx7coL3xHbhjoYLhQ=; b=owEBbQKS/ZANAwAIAQWDMSsZX2S2AcsmYgBmK7f9AIoUrzKS6tMKURnTGxWyl/MxAjvmMwmAb OZG5uGfdYmJAjMEAAEIAB0WIQS2UaFGPGq+0GkMVc0FgzErGV9ktgUCZiu3/QAKCRAFgzErGV9k tq88D/0QM7HGqxnyM6gZGqDaDvJ/qi1JH/inwxF/55FP3N67WJi23Hi4Ocq4BdvJXYUq75ZTE4K ph2ZggF35qAWawIIBgYSBoQuxHBQj05eqa2vfUYY1EQEkS6QLepTwqkln4gqcIpnhdx7eFCL822 YU8S0dqa3AJrb/PG1PnAqfnJI9AVIjZiQnJdSdP2ZJPVceAYnUKO0BVByFH3edFvAsFOd/Kh30f Ia1N4O+LAuWPjI+XE3LeTcOj4yskdwPATT3Ul3CTzqkSr3L3a2wPgjiD0HOP2dibcGpRkmMZ4sl tbLnkcgmay2wtgNEgbulLBo/xb8WPvGHVbWYHNFolz9AKOoPC3p4mktyGuWTx2FwCOn6ug1sZOM 3Sjdl9DEGcuxntqZBepVgjPsvIFOibrGfo/ARR43yrVM45LVuOf3SH7VB4SvNKoe9O5GBzzD4yE toE9EamE7bOfAmj9OCDGhux44DhKuaxzPEoa5UgOTGCfmmIaM8D0K6AZRnfgAKOL/p77D0lERIS yFxyTYMYFQ1nBKvTQ45wkjbjEo7gAG+udnau8w99rGjEr2hJVojE8iHnzJoEmadir+ENHA994qd 6FPQ+xK5hlc+ui24S94ZFeaLfaidFN+ayrvAfop3O92YmCsQDtGrHbq+hir6DPOmhIkoJCP9225 YH1/XtMGHjP5dPw== X-Developer-Key: i=caleb.connolly@linaro.org; a=openpgp; fpr=83B24DA7FE145076BC38BB250CD904EB673A7C47 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.39 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.8 at phobos.denx.de X-Virus-Status: Clean Introduce a new helper efi_capsule_update_info_gen_ids() which takes several strings to identify the currently running board as well as a platform specific salt UUID and uses this data to populate the capsule update fw images image_type_id field. This allows for determinstic UUIDs to be used that can scale to a large number of different boards and board variants without the need to maintain a big list. Generating capsule updates can be done using the same namespace, soc, model, compatible, and fw_image name strings. This is behind an additional config option as it depends on V5 UUIDs and the SHA1 implementation. Signed-off-by: Caleb Connolly --- include/efi_loader.h | 28 ++++++++++++++++++++++++++++ lib/efi_loader/Kconfig | 14 ++++++++++++++ lib/efi_loader/efi_capsule.c | 33 +++++++++++++++++++++++++++++++++ 3 files changed, 75 insertions(+) diff --git a/include/efi_loader.h b/include/efi_loader.h index 69442f4e58de..7d6b6ff83229 100644 --- a/include/efi_loader.h +++ b/include/efi_loader.h @@ -1125,8 +1125,36 @@ struct efi_capsule_update_info { }; extern struct efi_capsule_update_info update_info; +#if CONFIG_IS_ENABLED(EFI_CAPSULE_DYNAMIC_UUIDS) +/** + * efi_capsule_update_info_gen_ids - Generate image_type_id UUIDs + * for all firmware images based on a platform namespace UUID. + * + * @namespace: The arch/platform specific namespace salt. This should be + * hardcoded per platform and replaced by vendors. + * @soc: A string identifying the SoC used on this board. + * @model: The model string for the board. + * @compatible: The most specific (first) root compatible string. + * + * This can be called by board code to populate the image_type_id + * UUID fields deterministically based on the board's model. Allowing + * many boards to be supported without the need for a large hardcoded + * array of fw images. This works using v5 UUIDs. + */ +int efi_capsule_update_info_gen_ids(efi_guid_t *namespace, const char *soc, + const char *model, + const char *compatible); +#else +static inline int efi_capsule_update_info_gen_ids(efi_guid_t *namespace, const char *soc, + const char *model, + const char *compatible) +{ + return -ENOSYS; +} +#endif + /** * Install the ESRT system table. * * Return: status code diff --git a/lib/efi_loader/Kconfig b/lib/efi_loader/Kconfig index 430bb7f0f7dc..dd8fc1b08812 100644 --- a/lib/efi_loader/Kconfig +++ b/lib/efi_loader/Kconfig @@ -235,8 +235,22 @@ config EFI_CAPSULE_ON_DISK_EARLY If this option is enabled, capsules will be enforced to be executed as part of U-Boot initialisation so that they will surely take place whatever is set to distro_bootcmd. +config EFI_CAPSULE_DYNAMIC_UUIDS + bool "Dynamic UUIDs for capsules" + depends on EFI_HAVE_CAPSULE_SUPPORT + select UUID_GEN_V5 + help + Select this option if you want to use dynamically generated v5 + UUIDs for your board. To make use of this feature, your board + code should call efi_capsule_update_info_gen_ids() with a seed + UUID to generate the image_type_id field for each fw_image. + + The CapsuleUpdate payloads are expected to generate matching UUIDs + using the same scheme. + + config EFI_CAPSULE_FIRMWARE bool config EFI_CAPSULE_FIRMWARE_MANAGEMENT diff --git a/lib/efi_loader/efi_capsule.c b/lib/efi_loader/efi_capsule.c index de0d49ebebda..9ef67d1b4405 100644 --- a/lib/efi_loader/efi_capsule.c +++ b/lib/efi_loader/efi_capsule.c @@ -19,8 +19,9 @@ #include #include #include #include +#include #include #include #include @@ -403,8 +404,40 @@ out: return status; } #endif /* CONFIG_EFI_CAPSULE_AUTHENTICATE */ +#if CONFIG_IS_ENABLED(EFI_CAPSULE_DYNAMIC_UUIDS) +int efi_capsule_update_info_gen_ids(efi_guid_t *namespace, const char *soc, const char *model, const char *compatible) +{ + int i; + + if (!soc || !model || !compatible) { + log_err("%s: soc, model, or compatible not defined\n", __func__); + return -EINVAL; + } + + if (!update_info.num_images) { + log_err("%s: no fw_images, make sure update_info.num_images is set\n", __func__); + return -ENODATA; + } + + for (i = 0; i < update_info.num_images; i++) { + gen_uuid_v5((struct uuid*)namespace, + (struct uuid *)&update_info.images[i].image_type_id, + soc, strlen(soc), + model, strlen(model), + compatible, strlen(compatible), + update_info.images[i].fw_name, u16_strlen(update_info.images[i].fw_name), + NULL); + + log_debug("Image %ls generated UUID %pUs\n", update_info.images[i].fw_name, + &update_info.images[i].image_type_id); + } + + return 0; +} +#endif + static __maybe_unused bool fwu_empty_capsule(struct efi_capsule_header *capsule) { return !guidcmp(&capsule->capsule_guid, &fwu_guid_os_request_fw_revert) || From patchwork Fri Apr 26 14:19:37 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Caleb Connolly X-Patchwork-Id: 792342 Delivered-To: patch@linaro.org Received: by 2002:adf:cc13:0:b0:346:15ad:a2a with SMTP id x19csp479675wrh; Fri, 26 Apr 2024 07:20:17 -0700 (PDT) X-Forwarded-Encrypted: i=2; AJvYcCVC7A8kpJU63gdY6NuRmwV8YgOEcYiXit70X64euJajzyoo72/gLDJyOl/ya1bUfwrbq6RN4q/xoNxHRRMggF7C X-Google-Smtp-Source: AGHT+IH4jS+IMTatXh35zv+11dCeGO3/T/XXkHiwkEkIknGvZ6eYDGgvwupxw7gi6jks7QFVn7LG X-Received: by 2002:a2e:6e08:0:b0:2da:c3a:2546 with SMTP id j8-20020a2e6e08000000b002da0c3a2546mr1872592ljc.21.1714141216865; Fri, 26 Apr 2024 07:20:16 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1714141216; cv=none; d=google.com; s=arc-20160816; b=rzgMXYuJKUvnDn/qOGLqmTi1vF+vh9N9mD5r7lEOYnSE/+PedP42BCVj7GUOlc5/NV vlUdG/CRzzfJPU3eUCHmUnwvrASrHZf0EIRcqrhZ7rqHRfyGcTF8zyz+f76BW2OOAlf/ ONWaQ1yycGhGO3B+NTELbr2GGi16BM1R7IsDJb9WqhTVQbtizsSfLWosBMMAOD30pbOn XCoRJDffTaXmUU83YzuM8V8yEEk8+MUw18yNhJ0TgcH5+4oWqlC0r054Glmnz1wJSSJW z0R/raTdDOepL7J8oq94FsmumqttoJXhP39HeGRSXlo7pBbMc1tNrixk+27r254FzCNx EF7w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:cc:to:in-reply-to:references :message-id:content-transfer-encoding:mime-version:subject:date:from :dkim-signature; bh=CwTsInjpjudXn53fHxDK4wIbcKysXTmFLjOh/p+RuRs=; fh=JifUN0ywmJGy8vEw5EHVVF15ah/755mzh2rCn/BztPM=; b=aIAkfK077gIiKXzqtMLa5x0eN78tDWOIMHG2gev1cSFQNiUDpDuMvG9Lsu7e2IwQ4N zNVRHFk3ZucILxr1rCNHIuPzszEnVPgT2zn0S1Yry06Rf9bDboktb7L+JB9kSptPyp0d adldHTj1rtdKooV3B7uKz3zygvOZJQU/Ft5agq8eNeatyDo+MavFTQqVMfLxSPQsuEYG debmzXNRGJ3YVMKfa7eEjMvHernS0bWdM3poC784VGD1xVTAdGKHU4aM/3aZIxMLvC4I IDbTTr7Swa9WZl8Cqh598yMPd3sUs0oCgVw1XFVpWQvEQzNJfFnX7sHz5A3GDaHTR9Is mLHg==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b="jL+/Wlvi"; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from phobos.denx.de (phobos.denx.de. [2a01:238:438b:c500:173d:9f52:ddab:ee01]) by mx.google.com with ESMTPS id p22-20020a05600c1d9600b0041b96f87850si753139wms.117.2024.04.26.07.20.16 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 26 Apr 2024 07:20:16 -0700 (PDT) Received-SPF: pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) client-ip=2a01:238:438b:c500:173d:9f52:ddab:ee01; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b="jL+/Wlvi"; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 7B33289188; Fri, 26 Apr 2024 16:19:50 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="jL+/Wlvi"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id ED3EF89173; Fri, 26 Apr 2024 16:19:47 +0200 (CEST) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.2 Received: from mail-ed1-x52c.google.com (mail-ed1-x52c.google.com [IPv6:2a00:1450:4864:20::52c]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id EDD7C87F4A for ; Fri, 26 Apr 2024 16:19:45 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=caleb.connolly@linaro.org Received: by mail-ed1-x52c.google.com with SMTP id 4fb4d7f45d1cf-57225322312so3164316a12.1 for ; Fri, 26 Apr 2024 07:19:45 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1714141185; x=1714745985; darn=lists.denx.de; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:from:to:cc:subject:date:message-id :reply-to; bh=CwTsInjpjudXn53fHxDK4wIbcKysXTmFLjOh/p+RuRs=; b=jL+/WlviIWlzcTVd0Cgh562J6dVidgRL1sSFkTVX1rIUIx1bo3K1/NU4JiOYK/oE3i ON+as+SF94jwnPGq3BBCXr/nLEo13GD6jbrTB7XdF7XQJW6/P+ilJuc3EpDRwBkclkFa a4Kzk+b+Th21uqyBSISxthG3D3KsfGqeYIomIPYFoDozYMHjHBgZ8l2lCSqn6QgGk2hK sfzV9sfpUpJhutI4U8zeYcYIMMD74G/En59BwRdCqEED0g3sErTL64fB/uI0890xnLHS +GfkJo2isRGk0p09KYdh4OcY+T6flAmoFSNA+v5vOdI2WcVfuoEVJlV37F2SN4FRHp44 paYA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1714141185; x=1714745985; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=CwTsInjpjudXn53fHxDK4wIbcKysXTmFLjOh/p+RuRs=; b=CpOSaqr9NDN9HEUPTeHtF/IKfBdIfhdL5oniLoRSLTnLrlJgIVlOluCW65CBSHUAT4 LBCrOp0aV5mf5DbfMyNMwRQvsP4HFSFph7gZ7x7SL0X4zSCDEpbZR/UKO+ZNJRMiFHbZ +6kKFRsNd2EXDHPNVetfDHq8FDFGAxieIf4/Stl4mAqiWL/7ffEtavGy88r6+xEER8qz dZ2qQ5YbyNBFcWAM/KwnHdAd6iKE5bOUBwXlXkFBvDfkK//uAUjhgveFNIINnQxFPVl4 CmOTFzdqzw1JqTOwV6BHuFzs3+fSMWqQtTmsQYgBpAd8D1S1FXdg9LASCZaAhUHuVZ+s Rn9g== X-Gm-Message-State: AOJu0Yw05OuE33hn9J93HTwEbqA/ZfSBsnfA4j4nXvVwzcz1jZXRZXFf /aseNHneC3fC4nfDI7MY7GD+xx0L38B0VIO9MDx5u4i+V6ARnFw0BO9OwLk3eT4= X-Received: by 2002:a50:cd54:0:b0:56d:e6f6:f73c with SMTP id d20-20020a50cd54000000b0056de6f6f73cmr1650219edj.42.1714141185591; Fri, 26 Apr 2024 07:19:45 -0700 (PDT) Received: from [192.168.0.113] ([2a02:8109:aa0d:be00::9b06]) by smtp.gmail.com with ESMTPSA id ds2-20020a0564021cc200b0057059d26756sm10041182edb.76.2024.04.26.07.19.44 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 26 Apr 2024 07:19:45 -0700 (PDT) From: Caleb Connolly Date: Fri, 26 Apr 2024 16:19:37 +0200 Subject: [PATCH RFC 3/4] doc: uefi: document dynamic GUID generation MIME-Version: 1.0 Message-Id: <20240426-b4-dynamic-uuid-v1-3-e8154e00ec44@linaro.org> References: <20240426-b4-dynamic-uuid-v1-0-e8154e00ec44@linaro.org> In-Reply-To: <20240426-b4-dynamic-uuid-v1-0-e8154e00ec44@linaro.org> To: Tom Rini , Heinrich Schuchardt , Ilias Apalodimas , Richard Hughes Cc: u-boot@lists.denx.de, Caleb Connolly X-Mailer: b4 0.14-dev X-Developer-Signature: v=1; a=openpgp-sha256; l=2582; i=caleb.connolly@linaro.org; h=from:subject:message-id; bh=LpTzTY0m1P+CE2jca2MTSIniF4NLea/ir3Ovry4WRWk=; b=owEBbQKS/ZANAwAIAQWDMSsZX2S2AcsmYgBmK7f9MiwAwCGbX6eJYwWMR+rrF0dW0TgKFn7mv lPMPhjhgDSJAjMEAAEIAB0WIQS2UaFGPGq+0GkMVc0FgzErGV9ktgUCZiu3/QAKCRAFgzErGV9k tkxKD/4hiSFC3tQndAMvuplSrWO5N+u5e7AYG6vlBp/L71l//aGgwdAfS9ALvaA+/sR/y+Kdt5S dw1oTTrdEBIm8HnTKGN8b8sz5nX/mHUbDbiPuqO9+5gglDdp9p14ruGxu8EZkS6yqXrsheXd9Vf RvNYMg9FuxWB0q/Klbr++4FR7hUe8sqkXfJgUl233CJqJfv9Qdj044WC0MxHG3UCVUXWQJIsZVP 1tpnwp2149T5QeQT0RlmGPRLF+rLOsddjYxqmB3AFWcblzpNQVnihfye0bUkZYutHV1mTWCXrGm gUEdzMk7RK5TbtoVN+3+c8AXnx10LGsqgz14EC1qO+aVRqGrsyq3L9Dlnobbcsx1o3TEZTT6kBj DreuDummaO+jSs9OU8SGpIAngT9fCfN2+nbjRViL/eCzna79zi1cI4qG2+d21/I/fq0TjKnTw2l fmXVSaSUD1Quf4zT76ijWdyJRyhxjmOx7uDcPDmN6d9hAaAigZ/lQ4l4/TpfXbfSVGmQvZcQnBM VSzKe5ALr5K4L83S38pLwVyN6HBgMwNV/FLJeN8qVBasbts++uPEBnmkqO21alUPIiZrjEnUaDp rN7pSUj6r5KgiGQwX1QQB7vzREQ5RNc9S2zs6BxLOGEPsqmGjpbykL2yOj1c/Wk0ghEsKITTxQ6 e5E9A43KjfKRcYA== X-Developer-Key: i=caleb.connolly@linaro.org; a=openpgp; fpr=83B24DA7FE145076BC38BB250CD904EB673A7C47 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.39 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.8 at phobos.denx.de X-Virus-Status: Clean Document how platforms can generate GUIDs at runtime rather than maintaining a list of GUIDs per-board. Signed-off-by: Caleb Connolly Reviewed-by: Ilias Apalodimas --- doc/develop/uefi/uefi.rst | 35 +++++++++++++++++++++++++++++++++++ 1 file changed, 35 insertions(+) diff --git a/doc/develop/uefi/uefi.rst b/doc/develop/uefi/uefi.rst index 0389b269c01b..52076fb4c106 100644 --- a/doc/develop/uefi/uefi.rst +++ b/doc/develop/uefi/uefi.rst @@ -448,8 +448,43 @@ the location of the firmware updates is not a very secure practice. Getting this information from the firmware itself is more secure, assuming the firmware has been verified by a previous stage boot loader. +The image_type_id contains a GUID value which is specific to the image +and board being updated, that is to say it should uniquely identify the +board model (and revision if relevant) and image pair. Traditionally, +these GUIDs are generated manually and hardcoded on a per-board basis, +however this scheme makes it difficult to scale up to support many +boards. + +To address this, v5 GUIDs can be used to generate board-specific GUIDs +at runtime, based on a set of persistent identifiable information: + +.. code-block:: c + + /** + * efi_capsule_update_info_gen_ids - Generate image_type_id UUIDs + * for all firmware images based on a platform namespace UUID. + * + * @namespace: The arch/platform specific namespace salt. This should be + * hardcoded per platform and replaced by vendors. + * @soc: A string identifying the SoC used on this board. + * @model: The model string for the board. + * @compatible: The most specific (first) root compatible string. + * + * This can be called by board code to populate the image_type_id + * UUID fields deterministically based on the board's model. Allowing + * many boards to be supported without the need for a large hardcoded + * array of fw images. This works using v5 UUIDs. + */ + int efi_capsule_update_info_gen_ids(efi_guid_t *namespace, const char *soc, + const char *model, + const char *compatible); + +These strings are combined with the fw_image name to generate GUIDs for +each image. This function should be called during board init, before the +EFI subsystem is initialised. + The firmware images structure defines the GUID values, image index values and the name of the images that are to be updated through the capsule update feature. These values are to be defined as part of an array. These GUID values would be used by the Firmware Management From patchwork Fri Apr 26 14:19:38 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Caleb Connolly X-Patchwork-Id: 792343 Delivered-To: patch@linaro.org Received: by 2002:adf:cc13:0:b0:346:15ad:a2a with SMTP id x19csp479786wrh; Fri, 26 Apr 2024 07:20:28 -0700 (PDT) X-Forwarded-Encrypted: i=2; AJvYcCXvszOXsNXVcw3R4NGknxNcNamtVNITLs56S9ENvlWj+o0YBY3536FWO+mDuN1cqHvctFCkri6xjFrqL+yA/3QW X-Google-Smtp-Source: AGHT+IEmtw0xhSaSDVzPGZrgHSVOB+jEOzK4n3E9x9SYO/rlSYLeI9PxhUZgofgC4ZOCH6gzrdHx X-Received: by 2002:adf:e00d:0:b0:34a:5663:40b with SMTP id s13-20020adfe00d000000b0034a5663040bmr2368321wrh.3.1714141228221; Fri, 26 Apr 2024 07:20:28 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1714141228; cv=none; d=google.com; s=arc-20160816; b=NgnN//pUV7DSizH4ZJeTzpgcvBHKMst6NgBB7FyhEcV/hdsUDHQDrOQaQZzy/aZJXg bGPEOUyU0GRch25U6OrNcoSJoEnzkIdlOlTTcR1GnDgLxcSTC3w3gxtBUF+b9quwt1aX FVEdXwsQqM1ONcvcd7HA4SHs98BqIXeSuqV1LWO5yPBgpSHheyXa/tIwo+j8wTJ7qU9g 4phOf4RspakDt5ABFBmpM6mkyOanjDvlPhfwdXgaX+lcbQRLma4vRc89XQqzc1dqlDpC 9+WVSGkq4BYL7+BmcF4Gfz2X+4CoWmNy2kf0rLEEhtHLL5mDW3qqNxR9s4YdsNJxevLD 2ISA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:cc:to:in-reply-to:references :message-id:content-transfer-encoding:mime-version:subject:date:from :dkim-signature; bh=3Y8/39cJ/XbEfKQUYQpKfPZueeODoQuUVuK6ghcCumU=; fh=JifUN0ywmJGy8vEw5EHVVF15ah/755mzh2rCn/BztPM=; b=etEjMEW7zJK3Ky55M6ao5voQMnOMG6bQmf3zVR0HPjwkJlrXHSlqGIRMMX+sF7MKeH FbLqaUSjUUQJB3ZcdofslEnz9ayr8AtlFVa2/XlBi8RYRg4GlHZwWB3PLXV79SFSz4rY HhynHTKlvxnobybdTyqzz3iZSHHb0Ziexv7MxOfQz5fn7nxlOtLyKgY9p6irDq/NyWbe WkfPkjeKBeyhS5ix3VekZafLd9wYZlDv6jsCdvcwJfqxKdjbO0Sh0Jj7Za5fEP8Gq0rR puuiEsGk1LlJ+O8X6r17Mx2hBaqu1/WH/xCnDIapNIjEwk6SZrOJOCjv7GzTBNN9FWxf RO4A==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=tHR2vagO; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 85.214.62.61 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from phobos.denx.de (phobos.denx.de. [85.214.62.61]) by mx.google.com with ESMTPS id l16-20020adfe9d0000000b0034782d86a85si9717584wrn.970.2024.04.26.07.20.27 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 26 Apr 2024 07:20:28 -0700 (PDT) Received-SPF: pass (google.com: domain of u-boot-bounces@lists.denx.de designates 85.214.62.61 as permitted sender) client-ip=85.214.62.61; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=tHR2vagO; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 85.214.62.61 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id DB44989191; Fri, 26 Apr 2024 16:19:50 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="tHR2vagO"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id E14BD8915E; Fri, 26 Apr 2024 16:19:48 +0200 (CEST) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.2 Received: from mail-ej1-x631.google.com (mail-ej1-x631.google.com [IPv6:2a00:1450:4864:20::631]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id F06128916C for ; Fri, 26 Apr 2024 16:19:46 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=caleb.connolly@linaro.org Received: by mail-ej1-x631.google.com with SMTP id a640c23a62f3a-a51f9ad7684so148452766b.2 for ; Fri, 26 Apr 2024 07:19:46 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1714141186; x=1714745986; darn=lists.denx.de; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:from:to:cc:subject:date:message-id :reply-to; bh=3Y8/39cJ/XbEfKQUYQpKfPZueeODoQuUVuK6ghcCumU=; b=tHR2vagO2RiEqEKvabBsdDe5WhjFRONxfaDuszmaZWo4Fn0EBVBZ9Zay+DAKrsVE8n PTey7xalGKiz6oS4quyhlqs9nzgc3IxlCWm83k0fFNn0XJTPmKPqw9A5keWbXGH2W1Sv xHQxseJv7ZikRRJjeZoAO+UsFZpk2pDyhJaQkN3QeynlhqBUWTheqPWYWMUhskapKE+N yzyYfaPyjN4b+joQ1LXpNv7OXObobNWC4sPJAGEjPCckMcZcmPb+1zesRUA5Dj1Z3V/F fEjSbcXiOLa3VZxQnTr6/rPA+Ip6eSnw+qk/q1C1ltFLy3z0ry6c4ZuWhApmlzNqSO09 nwKA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1714141186; x=1714745986; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=3Y8/39cJ/XbEfKQUYQpKfPZueeODoQuUVuK6ghcCumU=; b=nuJa4M778fQ8TTxC46F0rcWt7A3JTn1BMKgGdzU4mk1XtLNpEqHaPIiIlKXAECvgws 4iUjuEru6vqk9koxbUDIA63m/QxwiUn9AEN01jBpH8w/irxwVtA6TIJD1D80swe6HVBe Ybpymf9OsFpg7dBQuh45/yU98MD5iMRQhbM0b/He4isvSleK6ObQEoichCRj0efyfVpM QYRmQs3eW6E9uDp8/zWtKVXMu51+kO3cvhYlbn2gr/bZ/UKsUsRLJjqL7Zosn8UqwV4Y zrRDvrSOOROkmDbHWjKVZE4hu3urtW2DRLIikxnw/HwHjnCYXW/9597dgwYVJfLaB/kU H4jQ== X-Gm-Message-State: AOJu0YxLOsSFD8H7Wk8q8siauttBhyI6omdBxTai2hRUHmAXl5Oxq3iT dEzeT68ZMFQNcDuM72P6jWCx0iEz5ursw43MDkyIdH/5/afsN2OvkYI3LOpT0Dl9k6IYa7McRcb /VlRdJg== X-Received: by 2002:a50:ba88:0:b0:570:3bb:e099 with SMTP id x8-20020a50ba88000000b0057003bbe099mr2755189ede.1.1714141186485; Fri, 26 Apr 2024 07:19:46 -0700 (PDT) Received: from [192.168.0.113] ([2a02:8109:aa0d:be00::9b06]) by smtp.gmail.com with ESMTPSA id ds2-20020a0564021cc200b0057059d26756sm10041182edb.76.2024.04.26.07.19.45 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 26 Apr 2024 07:19:46 -0700 (PDT) From: Caleb Connolly Date: Fri, 26 Apr 2024 16:19:38 +0200 Subject: [PATCH RFC 4/4] sandbox: switch to dynamic UUIDs MIME-Version: 1.0 Message-Id: <20240426-b4-dynamic-uuid-v1-4-e8154e00ec44@linaro.org> References: <20240426-b4-dynamic-uuid-v1-0-e8154e00ec44@linaro.org> In-Reply-To: <20240426-b4-dynamic-uuid-v1-0-e8154e00ec44@linaro.org> To: Tom Rini , Heinrich Schuchardt , Ilias Apalodimas , Richard Hughes Cc: u-boot@lists.denx.de, Caleb Connolly X-Mailer: b4 0.14-dev X-Developer-Signature: v=1; a=openpgp-sha256; l=2566; i=caleb.connolly@linaro.org; h=from:subject:message-id; bh=E29aV3hWmEHhJMw6u12fMNE/7DMvKk2T1uEAZEN8hmQ=; b=owEBbQKS/ZANAwAIAQWDMSsZX2S2AcsmYgBmK7f9/WvzgTExC96OZ6YMZwevx7rRdWSIRFLbL nA/E6V4oHSJAjMEAAEIAB0WIQS2UaFGPGq+0GkMVc0FgzErGV9ktgUCZiu3/QAKCRAFgzErGV9k tm+vEAChI75+4mOd76OnwamKWAUljhRgq5sA8I720VtLs1Avsa7mEwwKVZXd1NUTH5FqyOKQfzi vb44NmYVJsV1SVH9dbqxknAIyJsRkj9Y8od7q9zK9Mj4fZwmV4LtZ4GI8CWufTu6NQAcB8KXkVU OUKg4eaR1HHWuxTsHr/6TocZnQd4dNI0aIYPjDMz9Zipo4N54DXjWTmgeqcLcyzfhY6DqTYaKoo E/y1q8qI8XVIQVglRyJWL8vovCCW21/cCHx0XfVQ5LMSVnJboxgJGUkfS7HXBbG6KzF09wqVpEq I3NWrjPc6I2Ud0PEJ8mfuWLRWMIUb9oFloIEXRuxUU71ySsOAgy1MyEplTyHzmGRkx8zE15JGkD qWh/XNqEqMPXmxLB297E2lYDQML4kO2CoysCl+plZqGXqB2ORIaWpEC2GocJdMi9plpXziMKuWK R/d5+gUnMCqk4nE1uHKpw0y5bKKzlQWSKvXRZsbnS2q7idFt8yOMlJxoZ74C3kS8ETEXlTyqj8Q ELfIscsvN8ctkTPLSF6JLkEDUXlsTNn04rLJCuRQy90LUhGW0yIEg8QHXEWXaaMSOImLiXGXS6f hFT4nCim1fbT+/MlqngkzTiCJu2RPweM0Oc8m7UUID/lHp/C4+wHNQNN8qXnRWOFaCpvg4JTnqC IHyajdku7/DVADQ== X-Developer-Key: i=caleb.connolly@linaro.org; a=openpgp; fpr=83B24DA7FE145076BC38BB250CD904EB673A7C47 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.39 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.8 at phobos.denx.de X-Virus-Status: Clean Migrate sandbox over to generating it's capsule update image GUIDs dynamically rather than using a set of hardcoded ones. Signed-off-by: Caleb Connolly Reviewed-by: Ilias Apalodimas --- arch/Kconfig | 1 + board/sandbox/sandbox.c | 28 +++++++++++++++------------- 2 files changed, 16 insertions(+), 13 deletions(-) diff --git a/arch/Kconfig b/arch/Kconfig index abd406d48841..0558c90540b6 100644 --- a/arch/Kconfig +++ b/arch/Kconfig @@ -164,8 +164,9 @@ config SANDBOX select SYS_CACHE_SHIFT_4 select IRQ select SUPPORT_EXTENSION_SCAN if CMDLINE select SUPPORT_ACPI + select EFI_CAPSULE_DYNAMIC_UUIDS if EFI_HAVE_CAPSULE_SUPPORT imply BITREVERSE select BLOBLIST imply LTO imply CMD_DM diff --git a/board/sandbox/sandbox.c b/board/sandbox/sandbox.c index 802596569c64..68a99ce1fc07 100644 --- a/board/sandbox/sandbox.c +++ b/board/sandbox/sandbox.c @@ -31,36 +31,24 @@ */ gd_t *gd; #if IS_ENABLED(CONFIG_EFI_HAVE_CAPSULE_SUPPORT) -/* GUIDs for capsule updatable firmware images */ -#define SANDBOX_UBOOT_IMAGE_GUID \ +#define SANDBOX_CAPSULE_UPDATE_SALT \ EFI_GUID(0x09d7cf52, 0x0720, 0x4710, 0x91, 0xd1, \ 0x08, 0x46, 0x9b, 0x7f, 0xe9, 0xc8) -#define SANDBOX_UBOOT_ENV_IMAGE_GUID \ - EFI_GUID(0x5a7021f5, 0xfef2, 0x48b4, 0xaa, 0xba, \ - 0x83, 0x2e, 0x77, 0x74, 0x18, 0xc0) - -#define SANDBOX_FIT_IMAGE_GUID \ - EFI_GUID(0x3673b45d, 0x6a7c, 0x46f3, 0x9e, 0x60, \ - 0xad, 0xab, 0xb0, 0x3f, 0x79, 0x37) - struct efi_fw_image fw_images[] = { #if defined(CONFIG_EFI_CAPSULE_FIRMWARE_RAW) { - .image_type_id = SANDBOX_UBOOT_IMAGE_GUID, .fw_name = u"SANDBOX-UBOOT", .image_index = 1, }, { - .image_type_id = SANDBOX_UBOOT_ENV_IMAGE_GUID, .fw_name = u"SANDBOX-UBOOT-ENV", .image_index = 2, }, #elif defined(CONFIG_EFI_CAPSULE_FIRMWARE_FIT) { - .image_type_id = SANDBOX_FIT_IMAGE_GUID, .fw_name = u"SANDBOX-FIT", .image_index = 1, }, #endif @@ -122,8 +110,22 @@ int dram_init(void) } int board_init(void) { + int ret; + + if (CONFIG_IS_ENABLED(EFI_HAVE_CAPSULE_SUPPORT)) { + efi_guid_t salt_guid = SANDBOX_CAPSULE_UPDATE_SALT; + + ret = efi_capsule_update_info_gen_ids(&salt_guid, + "sandbox", + ofnode_read_string(ofnode_root(), "model"), + ofnode_read_string(ofnode_root(), "compatible")); + if (ret) { + printf("Failed to generate GUIDs: %d\n", ret); + return ret; + } + } return 0; } int ft_board_setup(void *fdt, struct bd_info *bd)