[PATCH 4/8] common: Add OS anti-rollback grace version

All of lore.kernel.org
 help / color / mirror / Atom feed

From: seanedmond@linux.microsoft.com
To: u-boot@lists.denx.de
Cc: sjg@chromium.org, stcarlso@linux.microsoft.com,
	ilias.apalodimas@linaro.org
Subject: [PATCH 4/8] common: Add OS anti-rollback grace version
Date: Tue, 12 Sep 2023 02:47:27 -0700	[thread overview]
Message-ID: <20230912094731.51413-5-seanedmond@linux.microsoft.com> (raw)
In-Reply-To: <20230912094731.51413-1-seanedmond@linux.microsoft.com>

From: Stephen Carlson <stcarlso@microsoft.com>

New config CONFIG_FIT_ROLLBACK_CHECK_GRACE to add a one unit grace version
to OS anti-rollback protection, allowing images with anti-rollback
counters exactly one less than the platform value to still be loaded. No
update to the platform anti-rollback counter will be performed in this
case.

Signed-off-by: Stephen Carlson <stcarlso@microsoft.com>
Signed-off-by: Sean Edmond <seanedmond@microsoft.com>
---
 boot/Kconfig         | 10 ++++++++++
 boot/image-fit-sig.c |  7 ++++++-
 2 files changed, 16 insertions(+), 1 deletion(-)

diff --git a/boot/Kconfig b/boot/Kconfig
index 9180a1c8dc..95a717765c 100644
--- a/boot/Kconfig
+++ b/boot/Kconfig
@@ -112,6 +112,16 @@ config FIT_ROLLBACK_CHECK
 	  when a platform needs to retire previous versions of FIT images due to
 	  security flaws and prevent devices from being reverted to them.
 
+config FIT_ROLLBACK_CHECK_GRACE
+	bool "Enable FIT Anti rollback grace version"
+	depends on FIT_ARBP
+	default n
+	help
+	  Enables a one unit grace version for FIT image anti-rollback protection,
+	  where anti-rollback protection will still accept a FIT image with an
+	  anti-rollback version one less than the current number, but will not
+	  update the platform anti-rollback counter in that case.
+
 config FIT_VERBOSE
 	bool "Show verbose messages when FIT images fail"
 	depends on FIT
diff --git a/boot/image-fit-sig.c b/boot/image-fit-sig.c
index 91eaf4baa8..5689a316b6 100644
--- a/boot/image-fit-sig.c
+++ b/boot/image-fit-sig.c
@@ -70,6 +70,7 @@ static int fit_image_verify_rollback(const void *fit, int image_noffset)
 #if !defined(USE_HOSTCC)
 	u64 image_rollback;
 	u64 plat_rollback = 0ULL;
+	u64 target_rollback;
 	struct udevice *dev;
 	int ret;
 
@@ -90,7 +91,11 @@ static int fit_image_verify_rollback(const void *fit, int image_noffset)
 	if (ret)
 		return -EIO;
 
-	if (image_rollback < plat_rollback) {
+	target_rollback = plat_rollback;
+	/* Calculate target anti-rollback version, including grace version if enabled */
+	if (CONFIG_IS_ENABLED(FIT_ROLLBACK_CHECK_GRACE) && plat_rollback > 0ULL)
+		target_rollback = plat_rollback - 1ULL;
+	if (image_rollback < target_rollback) {
 		return -EPERM;
 	} else if (image_rollback > plat_rollback) {
 		ret = rollback_idx_set(dev, image_rollback);
-- 
2.40.0

next prev parent reply	other threads:[~2023-09-12  9:47 UTC|newest]

Thread overview: 13+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2023-09-12  9:47 [PATCH 0/5] Add anti-rollback validation feature seanedmond
2023-09-12  9:47 ` [PATCH 1/8] drivers: rollback: Add rollback devices to driver model seanedmond
2023-12-01 14:16   ` Ilias Apalodimas
2023-12-01 18:32   ` Simon Glass
2023-09-12  9:47 ` [PATCH 2/8] drivers: rollback: Add TPM2 implementation of rollback devices seanedmond
2023-12-01 14:52   ` Ilias Apalodimas
2023-12-01 18:32     ` Simon Glass
2023-09-12  9:47 ` [PATCH 3/8] common: Add OS anti-rollback validation using " seanedmond
2023-09-12  9:47 ` seanedmond [this message]
2023-09-12  9:47 ` [PATCH 5/8] dm: test: Add a test for rollback driver seanedmond
2023-09-12  9:47 ` [PATCH 6/8] tpm: Fix issues relating to NV Indexes seanedmond
2023-09-12  9:47 ` [PATCH 7/8] sandbox: tpm: Fix TPM2_CC_NV_DEFINE_SPACE command seanedmond
2023-09-12  9:47 ` [PATCH 8/8] doc: rollback: anti-rollback verification seanedmond

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:9180a1c8d dfblob:95a717765 dfblob:91eaf4baa dfblob:5689a316b )
 OR (
bs:"[PATCH 4/8] common: Add OS anti-rollback grace version" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20230912094731.51413-5-seanedmond@linux.microsoft.com \
    --to=seanedmond@linux.microsoft.com \
    --cc=ilias.apalodimas@linaro.org \
    --cc=sjg@chromium.org \
    --cc=stcarlso@linux.microsoft.com \
    --cc=u-boot@lists.denx.de \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.