From: Ilias Apalodimas <ilias.apalodimas@linaro.org>
To: Masahisa Kojima <masahisa.kojima@linaro.org>
Cc: u-boot@lists.denx.de, Heinrich Schuchardt <xypron.glpk@gmx.de>,
Simon Glass <sjg@chromium.org>,
Takahiro Akashi <takahiro.akashi@linaro.org>
Subject: Re: [PATCH v6 5/8] efi_loader: check lowest supported version
Date: Tue, 23 May 2023 00:36:02 +0300 [thread overview]
Message-ID: <ZGvgQiorA8rqs0t0@hera> (raw)
In-Reply-To: <20230519103214.1239656-6-masahisa.kojima@linaro.org>
On Fri, May 19, 2023 at 07:32:11PM +0900, Masahisa Kojima wrote:
> The FMP Payload Header which EDK II capsule generation scripts
> insert has a firmware version.
> This commit reads the lowest supported version stored in the
> device tree, then check if the firmware version in FMP payload header
> of the ongoing capsule is equal or greater than the
> lowest supported version. If the firmware version is lower than
> lowest supported version, capsule update will not be performed.
>
> Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
> ---
> Changes in v6:
> - get aligned to the latest implementation
>
> Changes in v5:
> - newly implement the device tree based versioning
>
> Changes in v4:
> - use log_err() instead of printf()
>
> Changes in v2:
> - add error message when the firmware version is lower than
> lowest supported version
>
> lib/efi_loader/efi_firmware.c | 19 ++++++++++++++++++-
> 1 file changed, 18 insertions(+), 1 deletion(-)
>
> diff --git a/lib/efi_loader/efi_firmware.c b/lib/efi_loader/efi_firmware.c
> index 00cf9a088a..7cd0016765 100644
> --- a/lib/efi_loader/efi_firmware.c
> +++ b/lib/efi_loader/efi_firmware.c
> @@ -424,7 +424,8 @@ static void efi_firmware_get_fw_version(const void **p_image,
> * @image_index Image index
> * @state Pointer to fmp state
> *
> - * Verify the capsule file
> + * Verify the capsule authentication and check if the fw_version
> + * is equal or greater than the lowest supported version.
> *
> * Return: status code
> */
> @@ -434,11 +435,27 @@ efi_status_t efi_firmware_verify_image(const void **p_image,
> u8 image_index,
> struct fmp_state *state)
> {
> + u32 lsv;
> efi_status_t ret;
> + efi_guid_t *image_type_id;
>
> ret = efi_firmware_capsule_authenticate(p_image, p_image_size);
> efi_firmware_get_fw_version(p_image, p_image_size, state);
>
> + /* check lowest_supported_version if capsule authentication passes */
> + if (ret == EFI_SUCCESS) {
What's the point of this here? Can;'t we move this check right after
efi_firmware_capsule_authenticate() and return a security violation if that
failed?
> + image_type_id = efi_firmware_get_image_type_id(image_index);
> + if (!image_type_id)
> + return EFI_INVALID_PARAMETER;
> +
> + efi_firmware_get_lsv_from_dtb(image_index, image_type_id, &lsv);
> + if (state->fw_version < lsv) {
> + log_err("Firmware version %u too low. Expecting >= %u. Aborting update\n",
> + state->fw_version, lsv);
> + return EFI_INVALID_PARAMETER;
> + }
> + }
> +
> return ret;
> }
>
> --
> 2.17.1
>
Thanks
/Ilias
next prev parent reply other threads:[~2023-05-22 21:36 UTC|newest]
Thread overview: 27+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-05-19 10:32 [PATCH v6 0/8] FMP versioning support Masahisa Kojima
2023-05-19 10:32 ` [PATCH v6 1/8] efi_loader: add the number of image entries in efi_capsule_update_info Masahisa Kojima
2023-05-22 7:34 ` Ilias Apalodimas
2023-05-22 20:42 ` Ilias Apalodimas
2023-05-19 10:32 ` [PATCH v6 2/8] efi_loader: store firmware version into FmpState variable Masahisa Kojima
2023-05-22 21:24 ` Ilias Apalodimas
2023-05-23 1:55 ` Masahisa Kojima
2023-05-28 8:39 ` Heinrich Schuchardt
2023-05-30 0:31 ` Masahisa Kojima
2023-05-19 10:32 ` [PATCH v6 3/8] efi_loader: versioning support in GetImageInfo Masahisa Kojima
2023-05-22 21:29 ` Ilias Apalodimas
2023-05-19 10:32 ` [PATCH v6 4/8] efi_loader: get lowest supported version from device tree Masahisa Kojima
2023-05-22 21:33 ` Ilias Apalodimas
2023-05-19 10:32 ` [PATCH v6 5/8] efi_loader: check lowest supported version Masahisa Kojima
2023-05-22 21:36 ` Ilias Apalodimas [this message]
2023-05-23 1:56 ` Masahisa Kojima
2023-05-19 10:32 ` [PATCH v6 6/8] mkeficapsule: add FMP Payload Header Masahisa Kojima
2023-05-22 21:29 ` Ilias Apalodimas
2023-05-19 10:32 ` [PATCH v6 7/8] doc: uefi: add firmware versioning documentation Masahisa Kojima
2023-05-22 0:35 ` Takahiro Akashi
2023-05-22 4:25 ` Masahisa Kojima
2023-05-19 10:32 ` [PATCH v6 8/8] doc: uefi: add anti-rollback documentation Masahisa Kojima
2023-05-22 0:27 ` Takahiro Akashi
2023-05-22 4:30 ` Masahisa Kojima
2023-05-22 4:32 ` [PATCH v6 0/8] FMP versioning support Masahisa Kojima
2023-05-28 8:54 ` Heinrich Schuchardt
2023-05-30 0:32 ` Masahisa Kojima
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ZGvgQiorA8rqs0t0@hera \
--to=ilias.apalodimas@linaro.org \
--cc=masahisa.kojima@linaro.org \
--cc=sjg@chromium.org \
--cc=takahiro.akashi@linaro.org \
--cc=u-boot@lists.denx.de \
--cc=xypron.glpk@gmx.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.