ArmPkg: support firmware update feature #11507
Open
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
tianocore-assign-reviewers
bot
requested review from
ardbiesheuvel,
kuqin12,
leiflindholm,
lgao4,
mdkinney,
samimujawar and
vishalo
LeviYeoReum
force-pushed
the
levi/fwu_phase_1
branch
2 times, most recently
from
7398f67 to
4617bc9
Compare
|
The documentation link does not point to what it claims to, it points to the FVP marketing overview page. |
I can find DEN011 through internet search, but not when looking through the armdeveloper documentation library. |
Oh sorry. I'll update the reference correctly. Thanks |
LeviYeoReum
force-pushed
the
levi/fwu_phase_1
branch
from
4617bc9 to
af765fd
Compare
According to the FF-A specification, bit 15 of the partition ID indicates the partition type: - Bit[15] == 0: Identifies a Virtual Machine (VM), used by the Hypervisor. - Bit[15] == 1: Identifies a Secure Partition, used by the SPM. In other words, if bit 15 of the partition ID is set to 1, it represents a Secure Partition; if it is 0, it represents a Normal World partition. Based on this spec, add helper to check partition id is secure partition or not. Signed-off-by: Yeoreum Yun <[email protected]>
…ment Introduce ArmMmHandlerContext.h, which defines the ARM_MM_HANDLER_CONTEXT structure passed to each MmHandler’s Context argument. This structure provides: - The current communication protocol type - The service type - Protocol-specific details This enables MM drivers to differentiate requests from MM communication versus DIRECT_MSG_REQ2, support both SPM_MM and FF-A v1.2, and determine whether a request originated from the secure world. Signed-off-by: Yeoreum Yun <[email protected]>
Pass ARM_MM_HANDLER_CONTEXT to MmHandler so it can determine: - whether the request came via FF-A or SPM_MM mode - the service type - whether it is a secure request or the source partition ID Signed-off-by: Yeoreum Yun <[email protected]>
…text gGuidedEventContext is only used in EventHandle.c not other. Therefore change it to static mGuidedEventContext and remove export. Signed-off-by: Yeoreum Yun <[email protected]>
…aders The Platform Security Firmware Update specification, 1.0 for A-profile (https://developer.arm.com/documentation/den0118/latest) describes a standard mechanism for performing firmware updates on Arm platform. This mechanism utilises the Arm Firmware Framework for Arm A-profile specification to transfer the firmware update binaries from the Normal World to the Secure World. An update agent on the Secure world then updates the flash area with the new update image. Add related headers for firmware update feature. Signed-off-by: Yeoreum Yun <[email protected]>
Add firmware update feature related GUID used in UEFI/StandaloneMm. Signed-off-by: Yeoreum Yun <[email protected]>
FmpDeviceLib is platform specific library which is used to update
firmware using CapsuleUpdate framework via FmpDevicePkg in edk2.
According to Platform Security Firmware Update for A-profile:
https://developer.arm.com/documentation/den0118/latest,
FmpPsaFwuLib is implementation of FmpDeviceLib using PsaFwuLib
implementing firmware update ABI.
Here is brief view how it works
UEFI (Normal world) | StandAloneMm (Secure world)
-------------------------------|--------------------------------------
| +-------+
| ---------| Fws |
| | +-------+
+------------------+ | | (Gpt parted)
| FmpDevicePkg | | Read /Write Image |
+------------------+ | |
| | +-------------------+
| SetTheImage and etc | | FwsPlatformLib |
| progress via FmpDeviceLib | +-------------------+
| | |
| | Parsing Request | Access Fws via
| | | FwsPlatformLib
| |
-> +----------------+ PSA ABI (MMC) +-------------------+
| FmpPsaFwuLib |<------------------> | FwuSmm.c |
+----------------+ PSA Error code +-------------------+
Signed-off-by: Yeoreum Yun <[email protected]>
LeviYeoReum
force-pushed
the
levi/fwu_phase_1
branch
from
af765fd to
a1ec8ad
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Introduction
The Firmware Update Feature is based on
[Platform Security Firmware Update for the A-profile Specification 1.0][1] specification.
To update firmware, Firmware Update Feature uses FmpDevicePkg framework
for the firmware to be updated via capsule update framework.
Updates firmware with Capsule update framework in Arm with following steps:
according to PSA specification.
This is slight different from other architecture which using
coalescing update firmware with following steps:
for preventing arbitrary access to firmware storage device locked after EndofDxe phase.
It's the reason Arm doesn't supports coalescing way because
- According to platform UEFI doesn't run in ROM but
it loaded to memory by TF-A
- According to platform, it can skip PEICORE (See EDK2_SKIP_PEICORE)
- Arm doesn't need to lock the firmware storage device because
it's completely isolated in StandaloneMm (at S-EL0).
Therefore, operating system, uefi or any other software components running in
normal world cannot access isolated firmware storage.
By doing so, it can remove WarmReset for unlocking device and support runtime
firmware update in the future.
This implementation is written for platforms where firmware storage's layout
(typical platform is Base FVP platform):
and uses FwsGptSystemFipLib used to access above firmware storage.
Overview
Here is an overview of Firmware Update Feature.
When UEFI calls UpdateCapsule(), FmpDevicePkg->SetTheImage() is called.
Through FmpDeviceLib, FmpDevicePkg requests a firmware update to StandaloneMm
according to Firmware Store Update ABI defined in [PSA][1] spec via PsaFwuLib.
Then FwuStMm StandaloneMm driver parses requests from PsaFwuLib and access to firmware
storage via FwsPlatformLib which is platform specific library.
See together:
- tianocore/edk2-platforms#873
Patch Sequence
Patch #1 adds partition helper macro for FF-A
Patch #2 - #4 adds MmiContext used for arm platform
Patch #5 - #6 adds firmware update feature related header and GUID.
Patch #7 adds FmpDeviceLib used with firmware update ABI.
References
[1] https://developer.arm.com/documentation/den0118/latest/