fwup icon indicating copy to clipboard operation
fwup copied to clipboard
verified publisher icon fwup-home

Add require-execute to provide an escape-hatch for custom requirements

Open lawik opened this issue 3 months ago • 3 comments

lawik avatar Dec 03 '25 10:12 lawik

Thanks! I understand your use case. Give me a week or two to get past a project and then I'll get to this.

fhunleth avatar Dec 03 '25 12:12 fhunleth

Yeah, not urgent in that way. I think we can make progress by using uboot as a proxy in the meantime.

If you need to make changes, feel free. I'd love to hear a bit of detail where possible since I want to learn more of this stuff :)

lawik avatar Dec 03 '25 14:12 lawik

Super. Thanks for the review. Happy to go through it during the week :)

lawik avatar Dec 15 '25 09:12 lawik

There we go. I think I've addressed the points. Noted some questions above :)

I didn't remove the strcspn call for now.

lawik avatar Dec 16 '25 10:12 lawik

I added a couple comments, but I just went back to the original issue and was wondering how the running slot was exposed in the device tree. Since Linux lets you view the device tree as simple files under /sys/firmware/devicetree/base/, perhaps you could just look for the file and read it? If the operation is just to compare the contents of a file, then this wouldn't need to be an "unsafe" operation.

fhunleth avatar Dec 16 '25 13:12 fhunleth

I added a couple comments, but I just went back to the original issue and was wondering how the running slot was exposed in the device tree. Since Linux lets you view the device tree as simple files under /sys/firmware/devicetree/base/, perhaps you could just look for the file and read it? If the operation is just to compare the contents of a file, then this wouldn't need to be an "unsafe" operation.

So the env information is packed into a dtb which is then written to a partition. I don't believe it is loaded/mounted anywhere. Just a raw block device and a small binary application to manipulate it, including dealing with the CRC calculations when changing it. It doesn't contain any of the typical hardware details of a device tree. I think it is fully intended to stand alone. There is a separate kernel dtb.

lawik avatar Dec 18 '25 06:12 lawik

Happy to make it free and close in all the appropriate place of course. Thanks for clairyfing :)

lawik avatar Dec 18 '25 06:12 lawik

Bummer. I feel like I don't completely understand their motivations, but it doesn't matter. What you're doing here with using an execute seems like the right approach. Now I just want to make sure I have a good story on execute to support all cases. I might just be easiest to brainstorm live so that we can wrap this all up quickly. The main alternative is to do something like require-execute("[ checking_program = 'string_to_match' ]"). In other words, avoid any string matching logic in fwup and just have fwup look at the exit status. This seems like the most generic option.

fhunleth avatar Dec 18 '25 13:12 fhunleth