Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1752301AbdC0Kha (ORCPT <rfc822;w@1wt.eu>);
        Mon, 27 Mar 2017 06:37:30 -0400
Received: from mail-wr0-f181.google.com ([209.85.128.181]:34085 "EHLO
        mail-wr0-f181.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1752145AbdC0KhZ (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 27 Mar 2017 06:37:25 -0400
Subject: Re: [PATCH v2 0/7] efi: Enhance capsule loader to support signed
 Quark images
To: Jan Kiszka <jan.kiszka@siemens.com>,
        Matt Fleming <matt@codeblueprint.co.uk>,
        Ard Biesheuvel <ard.biesheuvel@linaro.org>
References: <cover.1490376860.git.jan.kiszka@siemens.com>
Cc: linux-efi@vger.kernel.org,
        Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
        Andy Shevchenko <andy.shevchenko@gmail.com>,
        Hock Leong Kweh <hock.leong.kweh@intel.com>,
        Borislav Petkov <bp@alien8.de>,
        Sascha Weisenberger <sascha.weisenberger@siemens.com>
From: "Bryan O'Donoghue" <pure.logic@nexus-software.ie>
Message-ID: <d3c887cb-fede-bfc6-8b1d-a6dca262b5bc@nexus-software.ie>
Date: Mon, 27 Mar 2017 11:29:36 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101
 Thunderbird/45.7.0
MIME-Version: 1.0
In-Reply-To: <cover.1490376860.git.jan.kiszka@siemens.com>
Content-Type: text/plain; charset=windows-1252; format=flowed
Content-Transfer-Encoding: 7bit
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
Content-Length: 2222
Lines: 56



On 24/03/17 17:34, Jan Kiszka wrote:
> This addresses the review feedback provided on round 1, specifically
> - refactored queue to keep the Quark mess in
> - only check for CSH on Quark CPUs
> - added some smaller cleanups of the capsule loader
> - documented capsule header / linked to original code
>
> See last patch for the background of the series.
>
> The series has been tested on the Galileo Gen2, to exclude regressions,
> with a firmware.cap with AND without security header and the SIMATIC
> IOT2040 which requires the header because of its mandatory secure boot.
>
> Jan
>
> Jan Kiszka (7):
>   efi/capsule: Fix return code on failing kmap/vmap
>   efi/capsule: Remove pr_debug on ENOMEM or EFAULT
>   efi/capsule: Clean up pr_err/info messages
>   efi/capsule: Adjust return type of efi_capsule_setup_info
>   efi/capsule: Prepare for loading images with security header
>   efi/capsule: Factor out overloadable efi_capsule_identify_image
>   efi/capsule: Add support for Quark security header
>
>  arch/x86/platform/efi/quirks.c        |  95 ++++++++++++++++++++++++
>  drivers/firmware/efi/capsule-loader.c | 136 +++++++++++++++++++---------------
>  drivers/firmware/efi/capsule.c        |  21 +++++-
>  include/linux/efi.h                   |  19 +++++
>  4 files changed, 208 insertions(+), 63 deletions(-)
>

BTW,

Thanks for taking the time to remove the __func__ stuff all over the place.

I'll try to test this out for you. I found that the current BSP Intel is 
releasing has some sort of GUI that downloads an image to a board (which 
completely fails for me on the Galileo I have)... not sure if you have 
different results with the stuff from the Intel website but it's 
non-functional for me :(

I'd like to suggest to you adding something to Documentation describing 
how to load and trigger a capsule update. For example on Quark you need 
to use the EFI reset method to cause capsule update to work.

Could you add a patch to your series for Documentation detailing:

1. Entry criteria (needing to boot in EFI reset mode)
1. Description of loading a capsule
3. Description of triggering the update (reboot)
4. Verifying the update succeeded (actually is this possible right now?)

---
bod