From: Ilias Apalodimas <ilias.apalodimas@linaro.org>
To: Sughosh Ganu <sughosh.ganu@linaro.org>
Cc: u-boot@lists.denx.de, Heinrich Schuchardt <xypron.glpk@gmx.de>,
AKASHI Takahiro <takahiro.akashi@linaro.org>,
Ying-Chun Liu <paul.liu@linaro.org>,
Tuomas Tynkkynen <tuomas.tynkkynen@iki.fi>,
Heiko Thiery <heiko.thiery@gmail.com>,
Frieder Schrempf <frieder.schrempf@kontron.de>,
Michael Walle <michael@walle.cc>,
Masami Hiramatsu <masami.hiramatsu@linaro.org>,
Jassi Brar <jaswinder.singh@linaro.org>,
Michal Simek <monstr@monstr.eu>,
Michal Simek <michal.simek@xilinx.com>
Subject: Re: [PATCH v4 3/8] capsule: Put a check for image index before the update
Date: Thu, 31 Mar 2022 21:47:08 +0300 [thread overview]
Message-ID: <YkX3LICJsJQobeJq@hades> (raw)
In-Reply-To: <20220331132750.1532722-4-sughosh.ganu@linaro.org>
On Thu, Mar 31, 2022 at 06:57:45PM +0530, Sughosh Ganu wrote:
> The current capsule update code compares the image GUID value in the
> capsule header with the image GUID value obtained from the
> GetImageInfo function of the Firmware Management Protocol(FMP). This
> comparison is done to ascertain if the FMP's SetImage function can be
> called for the update. Make this checking more robust by comparing the
> image_index value passed through the capsule with that returned by the
> FMP's GetImageInfo function. This protects against the scenario of the
> firmware being updated in a wrong partition/location on the storage
> device if an incorrect value has been passed through the capsule,
> since the image_index is used to determine the location of the update
> on the storage device.
>
> Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
> Reviewed-by: Masami Hiramatsu <masami.hiramatsu@linaro.org>
> ---
>
> Changes since V3: None
>
> lib/efi_loader/efi_capsule.c | 8 +++++---
> 1 file changed, 5 insertions(+), 3 deletions(-)
>
> diff --git a/lib/efi_loader/efi_capsule.c b/lib/efi_loader/efi_capsule.c
> index f00440163d..f03f4c9044 100644
> --- a/lib/efi_loader/efi_capsule.c
> +++ b/lib/efi_loader/efi_capsule.c
> @@ -128,6 +128,7 @@ void set_capsule_result(int index, struct efi_capsule_header *capsule,
> /**
> * efi_fmp_find - search for Firmware Management Protocol drivers
> * @image_type: Image type guid
> + * @image_index: Image Index
> * @instance: Instance number
> * @handles: Handles of FMP drivers
> * @no_handles: Number of handles
> @@ -141,8 +142,8 @@ void set_capsule_result(int index, struct efi_capsule_header *capsule,
> * * NULL - on failure
> */
> static struct efi_firmware_management_protocol *
> -efi_fmp_find(efi_guid_t *image_type, u64 instance, efi_handle_t *handles,
> - efi_uintn_t no_handles)
> +efi_fmp_find(efi_guid_t *image_type, u8 image_index, u64 instance,
> + efi_handle_t *handles, efi_uintn_t no_handles)
> {
> efi_handle_t *handle;
> struct efi_firmware_management_protocol *fmp;
> @@ -203,6 +204,7 @@ efi_fmp_find(efi_guid_t *image_type, u64 instance, efi_handle_t *handles,
> log_debug("+++ desc[%d] index: %d, name: %ls\n",
> j, desc->image_index, desc->image_id_name);
> if (!guidcmp(&desc->image_type_id, image_type) &&
> + (desc->image_index == image_index) &&
> (!instance ||
> !desc->hardware_instance ||
> desc->hardware_instance == instance))
> @@ -449,8 +451,8 @@ static efi_status_t efi_capsule_update_firmware(
> }
>
> /* find a device for update firmware */
> - /* TODO: should we pass index as well, or nothing but type? */
> fmp = efi_fmp_find(&image->update_image_type_id,
> + image->update_image_index,
> image->update_hardware_instance,
> handles, no_handles);
> if (!fmp) {
> --
> 2.25.1
>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
next prev parent reply other threads:[~2022-03-31 18:47 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-03-31 13:27 [PATCH v4 0/8] efi: capsule: Capsule Update fixes and enhancements Sughosh Ganu
2022-03-31 13:27 ` [PATCH v4 1/8] capsule: Add Image GUIDs and image index for platforms using capsule updates Sughosh Ganu
2022-03-31 14:03 ` Ilias Apalodimas
2022-03-31 13:27 ` [PATCH v4 2/8] capsule: FMP: Populate the image descriptor array from platform data Sughosh Ganu
2022-03-31 15:08 ` Ilias Apalodimas
2022-03-31 16:29 ` Sughosh Ganu
2022-03-31 13:27 ` [PATCH v4 3/8] capsule: Put a check for image index before the update Sughosh Ganu
2022-03-31 18:47 ` Ilias Apalodimas [this message]
2022-03-31 13:27 ` [PATCH v4 4/8] board: Define set_dfu_alt_info() for boards with UEFI capsule update enabled Sughosh Ganu
2022-03-31 14:08 ` Masami Hiramatsu
2022-03-31 19:35 ` Ilias Apalodimas
2022-04-01 6:58 ` Sughosh Ganu
2022-04-01 9:55 ` Ilias Apalodimas
2022-03-31 13:27 ` [PATCH v4 5/8] test: capsule: Modify the capsule tests to use GUID values for sandbox Sughosh Ganu
2022-03-31 13:27 ` [PATCH v4 6/8] FMP: Remove GUIDs for FIT and raw images Sughosh Ganu
2022-03-31 18:10 ` Ilias Apalodimas
2022-03-31 13:27 ` [PATCH v4 7/8] mkeficapsule: Remove raw and FIT GUID types Sughosh Ganu
2022-03-31 18:10 ` Ilias Apalodimas
2022-03-31 13:27 ` [PATCH v4 8/8] doc: uefi: Update the capsule update related documentation Sughosh Ganu
2022-03-31 18:14 ` Ilias Apalodimas
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=YkX3LICJsJQobeJq@hades \
--to=ilias.apalodimas@linaro.org \
--cc=frieder.schrempf@kontron.de \
--cc=heiko.thiery@gmail.com \
--cc=jaswinder.singh@linaro.org \
--cc=masami.hiramatsu@linaro.org \
--cc=michael@walle.cc \
--cc=michal.simek@xilinx.com \
--cc=monstr@monstr.eu \
--cc=paul.liu@linaro.org \
--cc=sughosh.ganu@linaro.org \
--cc=takahiro.akashi@linaro.org \
--cc=tuomas.tynkkynen@iki.fi \
--cc=u-boot@lists.denx.de \
--cc=xypron.glpk@gmx.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox