From: KASHI Takahiro <takahiro.akashi@linaro.org>
To: Simon Glass <sjg@chromium.org>
Cc: Heinrich Schuchardt <xypron.glpk@gmx.de>,
U-Boot Mailing List <u-boot@lists.denx.de>,
Ilias Apalodimas <ilias.apalodimas@linaro.org>,
Alexander Graf <agraf@csgraf.de>,
Masami Hiramatsu <masami.hiramatsu@linaro.org>,
Sughosh Ganu <sughosh.ganu@linaro.org>
Subject: Re: [PATCH v2 0/3] efi: Minimal revert to rodata change
Date: Fri, 6 Aug 2021 09:13:21 +0900 [thread overview]
Message-ID: <20210806001321.GA44938@laputa> (raw)
In-Reply-To: <CAPnjgZ1NKqkagRqpLU0C6W91JKpDPkrCBksr4dRxQVhgG2XN_A@mail.gmail.com>
On Thu, Aug 05, 2021 at 09:46:07AM -0600, Simon Glass wrote:
> Hi Heinrich,
>
> On Thu, 5 Aug 2021 at 09:29, Heinrich Schuchardt <xypron.glpk@gmx.de> wrote:
> >
> >
> >
> > On 02.08.21 16:44, Simon Glass wrote:
> > > The changes to move from devicetree to rodata take things in the wrong
> > > direction for various reasons:
> > >
> > > - devicetree is where config should be stored
> >
> > We are not talking about configuration here at all.
>
> I thought we were talking about the public key. That is run-time
> config in my book, just like the devicetree itself, which controls all
> the devices.
>
> >
> > > - it provides no memory production in any case, particularly when U-Boot
> >
> > No clue what you mean by "memory production".
>
> memory protection. But it turns out this is pointless anyway. We
> discussed it at length in the contributor call. We came down to one
What was clarified and decided in that meeting?
I know you have a meeting note, but it was not very clear for me
which direction the discussion is heading now.
# Yes, I should have been there, but ...
# Simon, if possible, please announce the agenda a bit earlier
# so that I can notice that. I'm usually in the bed at that time :)
I don't think that memory protection is really a matter if there is
no assumption that the storage where the firmware resides are
securely protected.
-Takahiro Akashi
> issue with the way the firmware is packaged by users (with U-Boot
> coming from one place and TF-A another). I think Ilias is going to
> write something up to help get to the bottom of it.
>
> >
> > > is relocated
> > > - testing becomes harder, with the suggestion of adding an entire new
> > > sandbox build just for this
> >
> > Having an extra config is not required when putting the certificate into
> > .rodata.
>
> The certificate should not go in rodata, period. Please just fix it.
> It use to be fine a few weeks ago so it should not be hard.
>
> Regards,
> Simon
>
> >
> > Best regards
> >
> > Heinrich
> >
> > >
> > > Revert this until a new direction can be established.
> > >
> > > Changes in v2:
> > > - Also revert two other patches, based on comment from Takahiro
> > >
> > > Simon Glass (3):
> > > Revert "doc: Update CapsuleUpdate READMEs"
> > > Revert "mkeficapsule: Remove dtb related options"
> > > Revert "efi_capsule: Move signature from DTB to .rodata"
> > >
> > > board/emulation/common/Makefile | 1 +
> > > board/emulation/common/qemu_capsule.c | 43 ++++
> > > doc/board/emulation/qemu_capsule_update.rst | 203 +++++++++++++++++
> > > doc/develop/uefi/uefi.rst | 125 -----------
> > > include/asm-generic/sections.h | 2 -
> > > lib/efi_loader/Kconfig | 7 -
> > > lib/efi_loader/Makefile | 8 -
> > > lib/efi_loader/efi_capsule.c | 18 +-
> > > lib/efi_loader/efi_capsule_key.S | 17 --
> > > tools/mkeficapsule.c | 229 +++++++++++++++++++-
> > > 10 files changed, 472 insertions(+), 181 deletions(-)
> > > create mode 100644 board/emulation/common/qemu_capsule.c
> > > create mode 100644 doc/board/emulation/qemu_capsule_update.rst
> > > delete mode 100644 lib/efi_loader/efi_capsule_key.S
> > >
next prev parent reply other threads:[~2021-08-06 0:13 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-08-02 14:44 [PATCH v2 0/3] efi: Minimal revert to rodata change Simon Glass
2021-08-02 14:44 ` [PATCH v2 1/3] Revert "doc: Update CapsuleUpdate READMEs" Simon Glass
2021-08-02 14:44 ` [PATCH v2 2/3] Revert "mkeficapsule: Remove dtb related options" Simon Glass
2021-08-03 5:29 ` KASHI Takahiro
2021-08-04 16:08 ` Simon Glass
2021-08-02 14:44 ` [PATCH v2 3/3] Revert "efi_capsule: Move signature from DTB to .rodata" Simon Glass
2021-08-02 15:37 ` [PATCH v2 0/3] efi: Minimal revert to rodata change Ilias Apalodimas
2021-08-02 20:02 ` Simon Glass
2021-08-03 5:43 ` Ilias Apalodimas
2021-08-03 15:27 ` Simon Glass
2021-08-02 17:30 ` Heinrich Schuchardt
2021-08-02 19:22 ` Simon Glass
2021-08-03 5:46 ` [PATCH v2 0/3] efi: Minimal revert to rodata change\ Ilias Apalodimas
2021-08-03 15:27 ` Simon Glass
2021-08-05 15:24 ` [PATCH v2 0/3] efi: Minimal revert to rodata change Heinrich Schuchardt
2021-08-05 15:46 ` Simon Glass
2021-08-06 0:13 ` KASHI Takahiro [this message]
2021-08-06 0:33 ` Simon Glass
2021-08-09 16:01 ` Tom Rini
2021-08-13 12:37 ` Tom Rini
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210806001321.GA44938@laputa \
--to=takahiro.akashi@linaro.org \
--cc=agraf@csgraf.de \
--cc=ilias.apalodimas@linaro.org \
--cc=masami.hiramatsu@linaro.org \
--cc=sjg@chromium.org \
--cc=sughosh.ganu@linaro.org \
--cc=u-boot@lists.denx.de \
--cc=xypron.glpk@gmx.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.