From: Takahiro Akashi <takahiro.akashi@linaro.org>
To: Masahisa Kojima <masahisa.kojima@linaro.org>
Cc: u-boot@lists.denx.de, Heinrich Schuchardt <xypron.glpk@gmx.de>,
Ilias Apalodimas <ilias.apalodimas@linaro.org>,
Simon Glass <sjg@chromium.org>
Subject: Re: [PATCH v6 8/8] doc: uefi: add anti-rollback documentation
Date: Mon, 22 May 2023 09:27:24 +0900 [thread overview]
Message-ID: <20230522002724.GA10198@laputa> (raw)
In-Reply-To: <20230519103214.1239656-9-masahisa.kojima@linaro.org>
Hi Kojima-san,
On Fri, May 19, 2023 at 07:32:14PM +0900, Masahisa Kojima wrote:
> This commit describe the procedure to configure lowest supported
> version in the device tree for anti-rollback protection.
>
> Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
> ---
> Newly created in v6
>
> doc/develop/uefi/uefi.rst | 32 ++++++++++++++++++++++++++++++++
> 1 file changed, 32 insertions(+)
>
> diff --git a/doc/develop/uefi/uefi.rst b/doc/develop/uefi/uefi.rst
> index efab0fc7b1..f1f13bb993 100644
> --- a/doc/develop/uefi/uefi.rst
> +++ b/doc/develop/uefi/uefi.rst
> @@ -539,6 +539,38 @@ since FMP protocol handles multiple image indexes.
> [--fit | --raw | --guid <guid-string] \
> <image_blob> <capsule_file_name>
>
> +Anti-rollback Protection
> +~~~~~~~~~~~~~~~~~~~~~~~~
> +
> +The anti-rollback protection is implemented differently from firmware versioning.
> +U-Boot implements the file-based EFI variable storage, it can be tampered
> +and not the right place to store the lowest supported version.
> +U-Boot uses device tree to store the lowest supported version, it is secured
> +as long as dtb is authenticated together with U-Boot image by the authenticated
> +capsule update, and the former stage boot loader verifies the image containing the dtb
> +when the system boots.
This is details of implementation.
You should rather mention the usage, i.e. how "anti-rollback" can be managed
and achieved using firmware-version and lowest-supported-version and that users
should always update their device tree to enforce the protection.
(If the lowest-supported-version is kept the same even after the firmware update,
anti-rollback won't work.)
-Takahiro Akashi
> +1. Insert the lowest supported version into a device tree
> +
> +.. code-block:: console
> +
> + $ dtc -@ -I dts -O dtb -o version.dtbo version.dts
> + $ fdtoverlay -i orig.dtb -o new.dtb -v version.dtbo
> +
> +where version.dts looks like::
> +
> + /dts-v1/;
> + /plugin/;
> + &{/} {
> + firmware-version {
> + image1 {
> + image-type-id = "09D7CF52-0720-4710-91D1-08469B7FE9C8";
> + image-index = <1>;
> + lowest-supported-version = <3>;
> + };
> + };
> + };
> +
> Executing the boot manager
> ~~~~~~~~~~~~~~~~~~~~~~~~~~
>
> --
> 2.17.1
>
next prev parent reply other threads:[~2023-05-22 0:27 UTC|newest]
Thread overview: 27+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-05-19 10:32 [PATCH v6 0/8] FMP versioning support Masahisa Kojima
2023-05-19 10:32 ` [PATCH v6 1/8] efi_loader: add the number of image entries in efi_capsule_update_info Masahisa Kojima
2023-05-22 7:34 ` Ilias Apalodimas
2023-05-22 20:42 ` Ilias Apalodimas
2023-05-19 10:32 ` [PATCH v6 2/8] efi_loader: store firmware version into FmpState variable Masahisa Kojima
2023-05-22 21:24 ` Ilias Apalodimas
2023-05-23 1:55 ` Masahisa Kojima
2023-05-28 8:39 ` Heinrich Schuchardt
2023-05-30 0:31 ` Masahisa Kojima
2023-05-19 10:32 ` [PATCH v6 3/8] efi_loader: versioning support in GetImageInfo Masahisa Kojima
2023-05-22 21:29 ` Ilias Apalodimas
2023-05-19 10:32 ` [PATCH v6 4/8] efi_loader: get lowest supported version from device tree Masahisa Kojima
2023-05-22 21:33 ` Ilias Apalodimas
2023-05-19 10:32 ` [PATCH v6 5/8] efi_loader: check lowest supported version Masahisa Kojima
2023-05-22 21:36 ` Ilias Apalodimas
2023-05-23 1:56 ` Masahisa Kojima
2023-05-19 10:32 ` [PATCH v6 6/8] mkeficapsule: add FMP Payload Header Masahisa Kojima
2023-05-22 21:29 ` Ilias Apalodimas
2023-05-19 10:32 ` [PATCH v6 7/8] doc: uefi: add firmware versioning documentation Masahisa Kojima
2023-05-22 0:35 ` Takahiro Akashi
2023-05-22 4:25 ` Masahisa Kojima
2023-05-19 10:32 ` [PATCH v6 8/8] doc: uefi: add anti-rollback documentation Masahisa Kojima
2023-05-22 0:27 ` Takahiro Akashi [this message]
2023-05-22 4:30 ` Masahisa Kojima
2023-05-22 4:32 ` [PATCH v6 0/8] FMP versioning support Masahisa Kojima
2023-05-28 8:54 ` Heinrich Schuchardt
2023-05-30 0:32 ` Masahisa Kojima
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230522002724.GA10198@laputa \
--to=takahiro.akashi@linaro.org \
--cc=ilias.apalodimas@linaro.org \
--cc=masahisa.kojima@linaro.org \
--cc=sjg@chromium.org \
--cc=u-boot@lists.denx.de \
--cc=xypron.glpk@gmx.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.