Re: [PATCH v9 08/10] doc: uefi: add anti-rollback documentation

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Takahiro Akashi <takahiro.akashi@linaro.org>
To: Masahisa Kojima <masahisa.kojima@linaro.org>
Cc: u-boot@lists.denx.de, Heinrich Schuchardt <xypron.glpk@gmx.de>,
	Ilias Apalodimas <ilias.apalodimas@linaro.org>,
	Simon Glass <sjg@chromium.org>,
	malte.schmidt-oss@weidmueller.com
Subject: Re: [PATCH v9 08/10] doc: uefi: add anti-rollback documentation
Date: Wed, 7 Jun 2023 19:21:59 +0900	[thread overview]
Message-ID: <ZIBaR2XWTNeKhGMi@laputa> (raw)
In-Reply-To: <20230607054201.42702-9-masahisa.kojima@linaro.org>

On Wed, Jun 07, 2023 at 02:41:58PM +0900, Masahisa Kojima wrote:
> This commit describe the procedure to configure lowest supported
> version in the device tree for anti-rollback protection.
> 
> Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
> ---
> No update since v7
> 
> Changes in v7:
> - describe the usage
> 
> Newly created in v6
> 
>  doc/develop/uefi/uefi.rst | 39 +++++++++++++++++++++++++++++++++++++++
>  1 file changed, 39 insertions(+)
> 
> diff --git a/doc/develop/uefi/uefi.rst b/doc/develop/uefi/uefi.rst
> index 30b90a09d5..ffd13cebe9 100644
> --- a/doc/develop/uefi/uefi.rst
> +++ b/doc/develop/uefi/uefi.rst
> @@ -537,6 +537,45 @@ where signature.dts looks like::
>              };
>      };
>  
> +Anti-rollback Protection
> +************************
> +
> +Anti-rollback prevents unintentional installation of outdated firmware.
> +To enable anti-rollback, you must add the lowest-supported-version property
> +to dtb and specify --fw-version when creating a capsule file with the
> +mkeficapsule tool.
> +When executing capsule update, U-Boot checks if fw_version is greater than
> +or equal to lowest-supported-version. If fw_version is less than
> +lowest-supported-version, the update will fail.
> +For example, if lowest-supported-version is set to 7 and you run capsule
> +update using a capsule file with --fw-version of 5, the update will fail.
> +When the --fw-version in the capsule file is updated, lowest-supported-version
> +in the dtb might be updated accordingly.
              ^^^^^^^^^^^^^^^^^^^^^^^^^^^^

I think that you should explicitly mention that a user always needs to update dtb
*manually* in order to enforce anti-rollback to *any* older version.
Otherwise, people may recognize that dtb be updated by the system (U-Boot).

-Takahiro Akashi

> +
> +To insert the lowest supported version into a dtb
> +
> +.. code-block:: console
> +
> +    $ dtc -@ -I dts -O dtb -o version.dtbo version.dts
> +    $ fdtoverlay -i orig.dtb -o new.dtb -v version.dtbo
> +
> +where version.dts looks like::
> +
> +    /dts-v1/;
> +    /plugin/;
> +    &{/} {
> +            firmware-version {
> +                    image1 {
> +                            image-type-id = "09D7CF52-0720-4710-91D1-08469B7FE9C8";
> +                            image-index = <1>;
> +                            lowest-supported-version = <3>;
> +                    };
> +            };
> +    };
> +
> +The properties of image-type-id and image-index must match the value
> +defined in the efi_fw_image array as image_type_id and image_index.
> +
>  Executing the boot manager
>  ~~~~~~~~~~~~~~~~~~~~~~~~~~
>  
> -- 
> 2.34.1
>

next prev parent reply	other threads:[~2023-06-07 10:22 UTC|newest]

Thread overview: 15+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2023-06-07  5:41 [PATCH v9 00/10] FMP versioning support Masahisa Kojima
2023-06-07  5:41 ` [PATCH v9 01/10] efi_loader: add the number of image entries in efi_capsule_update_info Masahisa Kojima
2023-06-07  5:41 ` [PATCH v9 02/10] efi_loader: store firmware version into FmpState variable Masahisa Kojima
2023-06-07  5:41 ` [PATCH v9 03/10] efi_loader: versioning support in GetImageInfo Masahisa Kojima
2023-06-07  5:41 ` [PATCH v9 04/10] efi_loader: get lowest supported version from device tree Masahisa Kojima
2023-06-07  5:41 ` [PATCH v9 05/10] efi_loader: check lowest supported version Masahisa Kojima
2023-06-07  5:41 ` [PATCH v9 06/10] mkeficapsule: add FMP Payload Header Masahisa Kojima
2023-06-07  5:41 ` [PATCH v9 07/10] doc: uefi: add firmware versioning documentation Masahisa Kojima
2023-06-07  5:41 ` [PATCH v9 08/10] doc: uefi: add anti-rollback documentation Masahisa Kojima
2023-06-07 10:21   ` Takahiro Akashi [this message]
2023-06-15  6:49     ` Masahisa Kojima
2023-06-07  5:41 ` [PATCH v9 09/10] test: efi_capsule: refactor efi_capsule test Masahisa Kojima
2023-06-07  9:52   ` Ilias Apalodimas
2023-06-07  5:42 ` [PATCH v9 10/10] test/py: efi_capsule: test for FMP versioning Masahisa Kojima
2023-06-07  9:52   ` Ilias Apalodimas

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=ZIBaR2XWTNeKhGMi@laputa \
    --to=takahiro.akashi@linaro.org \
    --cc=ilias.apalodimas@linaro.org \
    --cc=malte.schmidt-oss@weidmueller.com \
    --cc=masahisa.kojima@linaro.org \
    --cc=sjg@chromium.org \
    --cc=u-boot@lists.denx.de \
    --cc=xypron.glpk@gmx.de \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.