From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <u-boot-bounces@lists.denx.de>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from phobos.denx.de (phobos.denx.de [85.214.62.61])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.lore.kernel.org (Postfix) with ESMTPS id 8561AC77B73
	for <u-boot@archiver.kernel.org>; Mon, 22 May 2023 00:27:36 +0000 (UTC)
Received: from h2850616.stratoserver.net (localhost [IPv6:::1])
	by phobos.denx.de (Postfix) with ESMTP id 214A88445D;
	Mon, 22 May 2023 02:27:34 +0200 (CEST)
Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org
Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de
Authentication-Results: phobos.denx.de;
	dkim=pass (2048-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="NO65Tfgr";
	dkim-atps=neutral
Received: by phobos.denx.de (Postfix, from userid 109)
 id 854C184659; Mon, 22 May 2023 02:27:33 +0200 (CEST)
Received: from mail-pf1-x432.google.com (mail-pf1-x432.google.com
 [IPv6:2607:f8b0:4864:20::432])
 (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits))
 (No client certificate requested)
 by phobos.denx.de (Postfix) with ESMTPS id 0AAEE842D0
 for <u-boot@lists.denx.de>; Mon, 22 May 2023 02:27:31 +0200 (CEST)
Authentication-Results: phobos.denx.de;
 dmarc=pass (p=none dis=none) header.from=linaro.org
Authentication-Results: phobos.denx.de;
 spf=pass smtp.mailfrom=takahiro.akashi@linaro.org
Received: by mail-pf1-x432.google.com with SMTP id
 d2e1a72fcca58-645cfeead3cso618891b3a.1
 for <u-boot@lists.denx.de>; Sun, 21 May 2023 17:27:30 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=linaro.org; s=google; t=1684715249; x=1687307249;
 h=in-reply-to:content-disposition:mime-version:references
 :mail-followup-to:message-id:subject:cc:to:from:date:from:to:cc
 :subject:date:message-id:reply-to;
 bh=k6NaCgTNaWxmnZq1JfpPOqHhH7+rJVqIm+Uv/1Ma7kA=;
 b=NO65TfgrzpAt0ZwoM2/nW5L/o/0iELDevnzPid1T74kSJvJooj02U/u2NgmK4wX+LV
 zmVGy8HRTbepa2EOq5Y7/x/D++xamYptOXb9PlFiXfAPfEZA8drFSGDzK7LRqms51KCm
 HHJkB43LWq9Hyfm+mUJJY4hJVXs19bFC8mlUVsIqVvi+lPpcoCFkJMB3jGvtPBMBmYxr
 P+ZGPolOkalJHRyxeryDWlIp9B45UtDX/gHzzKsPxIkEcRaa6eNkjsaKXdMs77aait1z
 krn9EOgYosxgPl7PucC6f/t/yzgFa3lk13iOHhbuSE7EeiQnVZrcGQkwCsFNrO4nwJpz
 V8sg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20221208; t=1684715249; x=1687307249;
 h=in-reply-to:content-disposition:mime-version:references
 :mail-followup-to:message-id:subject:cc:to:from:date
 :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
 bh=k6NaCgTNaWxmnZq1JfpPOqHhH7+rJVqIm+Uv/1Ma7kA=;
 b=U8udbzR7Hvq1bBbYscTRMwQV01jL78dpBUvhrfkMPJ0corx9diiawhlnoPkQWQRLtE
 y2eCZ6lmp3UFtKwNcSIybDudAVA92CV2xuv05n/R65XHmGbFIIe4cJpmQgzZbpfDjBqt
 NsNZcJywvOieIfDpPl1OJvvhJrt3NdWsCqKC4DzSHe62Lh/wSnlTmM8ilznDhp6Gr4Bw
 60/Z95wrUc46YxCRt2R2bI87o8pF1xCgQxPlitgcexa21+yI4L9cVHZ4oe4LMV+I6eZm
 rvxtXEA1DTHTJma3MmIuZm8FRgEVNyN/BqzHHE7iCfZeXALsFQR4XPLcnKdXQoLy9bZw
 7R8Q==
X-Gm-Message-State: AC+VfDyblY+Ynj86aSbLADXdOszYozQFbeq9JXmE9MTaSZr6Pb9/TZCG
 989860WmoHfJZ+1FNpais5bKyA==
X-Google-Smtp-Source: ACHHUZ7MjV99v4JKVQ0zE7e+Q4OwVb2odAjF/R61u+589VyBsqNUTTFlme8JlJxsKFxFBouyVWHxag==
X-Received: by 2002:aa7:9009:0:b0:643:62e4:75 with SMTP id
 m9-20020aa79009000000b0064362e40075mr9485153pfo.1.1684715249203; 
 Sun, 21 May 2023 17:27:29 -0700 (PDT)
Received: from laputa ([2400:4050:c3e1:100:2448:ce5f:9dc0:677b])
 by smtp.gmail.com with ESMTPSA id
 j25-20020aa78dd9000000b0063f18ae1d84sm2985019pfr.202.2023.05.21.17.27.26
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Sun, 21 May 2023 17:27:27 -0700 (PDT)
Date: Mon, 22 May 2023 09:27:24 +0900
From: Takahiro Akashi <takahiro.akashi@linaro.org>
To: Masahisa Kojima <masahisa.kojima@linaro.org>
Cc: u-boot@lists.denx.de, Heinrich Schuchardt <xypron.glpk@gmx.de>,
 Ilias Apalodimas <ilias.apalodimas@linaro.org>,
 Simon Glass <sjg@chromium.org>
Subject: Re: [PATCH v6 8/8] doc: uefi: add anti-rollback documentation
Message-ID: <20230522002724.GA10198@laputa>
Mail-Followup-To: Takahiro Akashi <takahiro.akashi@linaro.org>,
 Masahisa Kojima <masahisa.kojima@linaro.org>, u-boot@lists.denx.de,
 Heinrich Schuchardt <xypron.glpk@gmx.de>,
 Ilias Apalodimas <ilias.apalodimas@linaro.org>,
 Simon Glass <sjg@chromium.org>
References: <20230519103214.1239656-1-masahisa.kojima@linaro.org>
 <20230519103214.1239656-9-masahisa.kojima@linaro.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20230519103214.1239656-9-masahisa.kojima@linaro.org>
X-BeenThere: u-boot@lists.denx.de
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: U-Boot discussion <u-boot.lists.denx.de>
List-Unsubscribe: <https://lists.denx.de/options/u-boot>,
 <mailto:u-boot-request@lists.denx.de?subject=unsubscribe>
List-Archive: <https://lists.denx.de/pipermail/u-boot/>
List-Post: <mailto:u-boot@lists.denx.de>
List-Help: <mailto:u-boot-request@lists.denx.de?subject=help>
List-Subscribe: <https://lists.denx.de/listinfo/u-boot>,
 <mailto:u-boot-request@lists.denx.de?subject=subscribe>
Errors-To: u-boot-bounces@lists.denx.de
Sender: "U-Boot" <u-boot-bounces@lists.denx.de>
X-Virus-Scanned: clamav-milter 0.103.8 at phobos.denx.de
X-Virus-Status: Clean

Hi Kojima-san,

On Fri, May 19, 2023 at 07:32:14PM +0900, Masahisa Kojima wrote:
> This commit describe the procedure to configure lowest supported
> version in the device tree for anti-rollback protection.
> 
> Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
> ---
> Newly created in v6
> 
>  doc/develop/uefi/uefi.rst | 32 ++++++++++++++++++++++++++++++++
>  1 file changed, 32 insertions(+)
> 
> diff --git a/doc/develop/uefi/uefi.rst b/doc/develop/uefi/uefi.rst
> index efab0fc7b1..f1f13bb993 100644
> --- a/doc/develop/uefi/uefi.rst
> +++ b/doc/develop/uefi/uefi.rst
> @@ -539,6 +539,38 @@ since FMP protocol handles multiple image indexes.
>        [--fit | --raw | --guid <guid-string] \
>        <image_blob> <capsule_file_name>
>  
> +Anti-rollback Protection
> +~~~~~~~~~~~~~~~~~~~~~~~~
> +
> +The anti-rollback protection is implemented differently from firmware versioning.
> +U-Boot implements the file-based EFI variable storage, it can be tampered
> +and not the right place to store the lowest supported version.
> +U-Boot uses device tree to store the lowest supported version, it is secured
> +as long as dtb is authenticated together with U-Boot image by the authenticated
> +capsule update, and the former stage boot loader verifies the image containing the dtb
> +when the system boots.

This is details of implementation.
You should rather mention the usage, i.e. how "anti-rollback" can be managed
and achieved using firmware-version and lowest-supported-version and that users
should always update their device tree to enforce the protection.
(If the lowest-supported-version is kept the same even after the firmware update,
anti-rollback won't work.)

-Takahiro Akashi

> +1. Insert the lowest supported version into a device tree
> +
> +.. code-block:: console
> +
> +    $ dtc -@ -I dts -O dtb -o version.dtbo version.dts
> +    $ fdtoverlay -i orig.dtb -o new.dtb -v version.dtbo
> +
> +where version.dts looks like::
> +
> +    /dts-v1/;
> +    /plugin/;
> +    &{/} {
> +            firmware-version {
> +                    image1 {
> +                            image-type-id = "09D7CF52-0720-4710-91D1-08469B7FE9C8";
> +                            image-index = <1>;
> +                            lowest-supported-version = <3>;
> +                    };
> +            };
> +    };
> +
>  Executing the boot manager
>  ~~~~~~~~~~~~~~~~~~~~~~~~~~
>  
> -- 
> 2.17.1
>