From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from phobos.denx.de (phobos.denx.de [85.214.62.61]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 53B56C433F5 for ; Thu, 31 Mar 2022 18:47:25 +0000 (UTC) Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id A679284239; Thu, 31 Mar 2022 20:47:18 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="BG+8C8NF"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id 8C39284215; Thu, 31 Mar 2022 20:47:16 +0200 (CEST) Received: from mail-wr1-x433.google.com (mail-wr1-x433.google.com [IPv6:2a00:1450:4864:20::433]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id 8C46784189 for ; Thu, 31 Mar 2022 20:47:12 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=ilias.apalodimas@linaro.org Received: by mail-wr1-x433.google.com with SMTP id u16so1047371wru.4 for ; Thu, 31 Mar 2022 11:47:12 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=date:from:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to; bh=spBmWt2ZBOkuQiKy2HYdr6dUMjrYGZepfzxfhxoFQfI=; b=BG+8C8NFWmKm3biiGi50yr+zIk1ei9Qwy4EZLLy0vXlkUvfZzSgPPfdn3TBZs1YJjj enxHd550PxklsfRo1afrMK+2I5GJc0buFiP54TIcpHmP2QLNpE1yPZ4Mfe//1yGfG+Nj HfALX74F4g+BNOYJ6XLXQ7MRe2GHO6nd6I7QCWvZUn6YFValegvaX4x82eVQkJgKDpDg +M/+J4u0fftN3dyLSAbTU2dWTxRXHcFd/9kHRwOAzAyGhu7YEHDxONmRYk7THm/iQ1uN QHNLKquULPNGxFcrKlDvZPZ3ESrdgY6eDMqgLQb/rtUJQifA+lIabsOzJ2dCGbI/Gydq qbnw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to; bh=spBmWt2ZBOkuQiKy2HYdr6dUMjrYGZepfzxfhxoFQfI=; b=3HFGPRO9tNrrTlUjPZC/FqiZ4NelnuLt8lhhe69s9tEsHgDN6P/vGrddAi0szDqlNb 90fB/jsb/pCQcNa/aDVwhH6tPgMPK7vBxKsg++z+xgBd1ahzsF/XLs36caoFjzasWB1C w9Hl1fxRHBGdcQAltpYKhY7XF2cQIbpJcMFNDKfcSpkwLlKtLO1bhXPtIbjPuWhe0Ljt 6fYafbH4t8UKtbKK5R36XAiKmgZGpvniO0kqjO2HRqK+JciZihevzxkTb/u+BMzhdWop iabfHnQn/ApI+nviup7+ubVBto3exvNJEH+4uFL0CbZJis4orgOAZnjQrxUVbAU7w46z lA7A== X-Gm-Message-State: AOAM533va4vljI2uE9VqnHv0qEC9j8GDfkZBUUdzRfRvTNPK2DCwISgo Yo6Cu7XROD/On76AgrIk+M833g== X-Google-Smtp-Source: ABdhPJypEKvF60RoZy9EPTYiS043RHy4+CKgZPcqk5Jyjal3ZQMLgkzT5cj6KMT9+kx0QTT4IZggvQ== X-Received: by 2002:a5d:4570:0:b0:204:34e:71cb with SMTP id a16-20020a5d4570000000b00204034e71cbmr5213060wrc.129.1648752432113; Thu, 31 Mar 2022 11:47:12 -0700 (PDT) Received: from hades (athedsl-4461682.home.otenet.gr. [94.71.4.98]) by smtp.gmail.com with ESMTPSA id w8-20020a1cf608000000b0038c8fdc93d6sm7669485wmc.28.2022.03.31.11.47.10 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 31 Mar 2022 11:47:11 -0700 (PDT) Date: Thu, 31 Mar 2022 21:47:08 +0300 From: Ilias Apalodimas To: Sughosh Ganu Cc: u-boot@lists.denx.de, Heinrich Schuchardt , AKASHI Takahiro , Ying-Chun Liu , Tuomas Tynkkynen , Heiko Thiery , Frieder Schrempf , Michael Walle , Masami Hiramatsu , Jassi Brar , Michal Simek , Michal Simek Subject: Re: [PATCH v4 3/8] capsule: Put a check for image index before the update Message-ID: References: <20220331132750.1532722-1-sughosh.ganu@linaro.org> <20220331132750.1532722-4-sughosh.ganu@linaro.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20220331132750.1532722-4-sughosh.ganu@linaro.org> X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.39 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.5 at phobos.denx.de X-Virus-Status: Clean On Thu, Mar 31, 2022 at 06:57:45PM +0530, Sughosh Ganu wrote: > The current capsule update code compares the image GUID value in the > capsule header with the image GUID value obtained from the > GetImageInfo function of the Firmware Management Protocol(FMP). This > comparison is done to ascertain if the FMP's SetImage function can be > called for the update. Make this checking more robust by comparing the > image_index value passed through the capsule with that returned by the > FMP's GetImageInfo function. This protects against the scenario of the > firmware being updated in a wrong partition/location on the storage > device if an incorrect value has been passed through the capsule, > since the image_index is used to determine the location of the update > on the storage device. > > Signed-off-by: Sughosh Ganu > Reviewed-by: Masami Hiramatsu > --- > > Changes since V3: None > > lib/efi_loader/efi_capsule.c | 8 +++++--- > 1 file changed, 5 insertions(+), 3 deletions(-) > > diff --git a/lib/efi_loader/efi_capsule.c b/lib/efi_loader/efi_capsule.c > index f00440163d..f03f4c9044 100644 > --- a/lib/efi_loader/efi_capsule.c > +++ b/lib/efi_loader/efi_capsule.c > @@ -128,6 +128,7 @@ void set_capsule_result(int index, struct efi_capsule_header *capsule, > /** > * efi_fmp_find - search for Firmware Management Protocol drivers > * @image_type: Image type guid > + * @image_index: Image Index > * @instance: Instance number > * @handles: Handles of FMP drivers > * @no_handles: Number of handles > @@ -141,8 +142,8 @@ void set_capsule_result(int index, struct efi_capsule_header *capsule, > * * NULL - on failure > */ > static struct efi_firmware_management_protocol * > -efi_fmp_find(efi_guid_t *image_type, u64 instance, efi_handle_t *handles, > - efi_uintn_t no_handles) > +efi_fmp_find(efi_guid_t *image_type, u8 image_index, u64 instance, > + efi_handle_t *handles, efi_uintn_t no_handles) > { > efi_handle_t *handle; > struct efi_firmware_management_protocol *fmp; > @@ -203,6 +204,7 @@ efi_fmp_find(efi_guid_t *image_type, u64 instance, efi_handle_t *handles, > log_debug("+++ desc[%d] index: %d, name: %ls\n", > j, desc->image_index, desc->image_id_name); > if (!guidcmp(&desc->image_type_id, image_type) && > + (desc->image_index == image_index) && > (!instance || > !desc->hardware_instance || > desc->hardware_instance == instance)) > @@ -449,8 +451,8 @@ static efi_status_t efi_capsule_update_firmware( > } > > /* find a device for update firmware */ > - /* TODO: should we pass index as well, or nothing but type? */ > fmp = efi_fmp_find(&image->update_image_type_id, > + image->update_image_index, > image->update_hardware_instance, > handles, no_handles); > if (!fmp) { > -- > 2.25.1 > Reviewed-by: Ilias Apalodimas