From: Ilias Apalodimas <ilias.apalodimas@linaro.org>
To: Jassi Brar <jassisinghbrar@gmail.com>
Cc: Etienne Carriere <etienne.carriere@linaro.org>,
Sughosh Ganu <sughosh.ganu@linaro.org>,
u-boot@lists.denx.de, Heinrich Schuchardt <xypron.glpk@gmx.de>,
Takahiro Akashi <takahiro.akashi@linaro.org>,
Patrick Delaunay <patrick.delaunay@foss.st.com>,
Patrice Chotard <patrice.chotard@foss.st.com>,
Simon Glass <sjg@chromium.org>, Bin Meng <bmeng.cn@gmail.com>,
Tom Rini <trini@konsulko.com>, Michal Simek <monstr@monstr.eu>,
Jassi Brar <jaswinder.singh@linaro.org>
Subject: Re: [PATCH v10 10/15] FWU: Add support for the FWU Multi Bank Update feature
Date: Mon, 3 Oct 2022 15:21:31 +0300 [thread overview]
Message-ID: <YzrTy2nITBZxuWkT@hera> (raw)
In-Reply-To: <CABb+yY0+aX=zgq-jMONWxbCpqZggTa5uT=QNaGyFgQXnUa0GVA@mail.gmail.com>
Hi Jassi,
On Wed, Sep 28, 2022 at 10:16:53AM -0500, Jassi Brar wrote:
> Hi Etienne,
>
> On Wed, Sep 28, 2022 at 2:30 AM Etienne Carriere
> <etienne.carriere@linaro.org> wrote:
> > Hello Jassi, Sughosh and all,
> >
> > >>> But a malicious user may force some old vulnerable image back into use
> > >>> by updating all but that image.
> >
> > When the system boots with accepted images (referring to fwu-mdata
> > regular/trial state), the platform monotonic counter is updated
> > against booted image version number if needed, preventing older images
> > to be booted when an accepted image has been deployed.
> > @Jassi, does this answer your question?
> >
> As I said in my earlier post, I know we can employ security+integrity
> techniques to prevent such misuse.
> My point is FWU should still be implemented assuming no such technique
> might be available due to any reason, and we do the best we can. Just
> as we don't say lets not care about buffer-overflow vulnerabilities
> because the system can implement secure boot and other such
> techniques.
>
> For example, the spec warns : "The metadata can be maliciously
> crafted, it should be treated as an insecure information source." So
> clearly the spec doesn't count on rollback and authentication
> mechanisms to be always available - and that is how it should be.
We've discussed this extensively during drafting the spec. You are right
that we would be better off trying to protect the fwu metadata somehow. In
fact Heinrich had similar concerns when the original RFC was posted. i
But can you think of such a reliable mechanism? The only thing
we could come up without overcomplicating the entire spec was a device that
boots from the secure world and stores the metadata either in a flash there
or a device with such protection mechanisms (e.g an RPMB).
Cheers
/Ilias
>
> cheers.
next prev parent reply other threads:[~2022-10-03 12:21 UTC|newest]
Thread overview: 64+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-09-15 8:14 [PATCH v10 00/15] FWU: Add FWU Multi Bank Update feature support Sughosh Ganu
2022-09-15 8:14 ` [PATCH v10 01/15] dt/bindings: Add bindings for GPT based FWU Metadata storage device Sughosh Ganu
2022-09-15 8:14 ` [PATCH v10 02/15] FWU: Add FWU metadata structure and driver for accessing metadata Sughosh Ganu
2022-09-19 0:33 ` Jassi Brar
2022-09-19 12:39 ` Sughosh Ganu
2022-09-26 2:57 ` Jassi Brar
2022-09-26 10:00 ` Sughosh Ganu
2022-09-26 14:42 ` Jassi Brar
2022-09-27 7:14 ` Sughosh Ganu
2022-09-27 16:25 ` Jassi Brar
2022-09-28 6:00 ` Sughosh Ganu
2022-09-28 19:29 ` Jassi Brar
2022-09-29 6:01 ` Sughosh Ganu
2022-09-15 8:14 ` [PATCH v10 03/15] FWU: Add FWU metadata access driver for GPT partitioned block devices Sughosh Ganu
2022-09-22 8:46 ` Ilias Apalodimas
2022-09-26 8:46 ` Sughosh Ganu
2022-09-27 11:35 ` Etienne Carriere
2022-09-27 11:57 ` Ilias Apalodimas
2022-09-26 2:52 ` Jassi Brar
2022-09-26 8:48 ` Sughosh Ganu
2022-09-26 15:00 ` Jassi Brar
2022-09-15 8:14 ` [PATCH v10 04/15] stm32mp1: dk2: Add a node for the FWU metadata device Sughosh Ganu
2022-09-15 8:14 ` [PATCH v10 05/15] stm32mp1: dk2: Add image information for capsule updates Sughosh Ganu
2022-09-15 8:14 ` [PATCH v10 06/15] FWU: Add helper functions for accessing FWU metadata Sughosh Ganu
2022-09-22 8:59 ` Ilias Apalodimas
2022-09-22 9:35 ` Sughosh Ganu
2022-09-23 6:16 ` Ilias Apalodimas
2022-09-15 8:14 ` [PATCH v10 07/15] FWU: STM32MP1: Add support to read boot index from backup register Sughosh Ganu
2022-09-27 11:35 ` Etienne Carriere
2022-09-15 8:14 ` [PATCH v10 08/15] event: Add an event for main_loop Sughosh Ganu
2022-09-20 7:30 ` Ilias Apalodimas
2022-09-15 8:14 ` [PATCH v10 09/15] FWU: Add boot time checks as highlighted by the FWU specification Sughosh Ganu
2022-09-26 2:59 ` Jassi Brar
2022-09-26 10:08 ` Sughosh Ganu
2022-09-26 14:07 ` Jassi Brar
2022-09-27 7:00 ` Sughosh Ganu
2022-09-15 8:14 ` [PATCH v10 10/15] FWU: Add support for the FWU Multi Bank Update feature Sughosh Ganu
2022-09-16 1:47 ` Takahiro Akashi
2022-09-16 5:22 ` Sughosh Ganu
2022-09-16 6:50 ` Takahiro Akashi
2022-09-16 10:54 ` Sughosh Ganu
2022-09-20 8:16 ` Takahiro Akashi
2022-09-20 13:04 ` Sughosh Ganu
2022-09-21 5:28 ` Takahiro Akashi
2022-09-21 11:26 ` Sughosh Ganu
2022-09-22 5:21 ` Takahiro Akashi
2022-09-26 2:55 ` Jassi Brar
2022-09-26 9:01 ` Sughosh Ganu
2022-09-26 14:53 ` Jassi Brar
2022-09-27 7:22 ` Sughosh Ganu
2022-09-27 16:48 ` Jassi Brar
2022-09-28 6:22 ` Sughosh Ganu
2022-09-28 7:30 ` Etienne Carriere
2022-09-28 15:16 ` Jassi Brar
2022-10-03 11:54 ` Etienne Carriere
2022-10-03 12:21 ` Ilias Apalodimas [this message]
2022-10-03 13:29 ` Jassi Brar
2022-09-15 8:14 ` [PATCH v10 11/15] FWU: cmd: Add a command to read FWU metadata Sughosh Ganu
2022-09-15 8:14 ` [PATCH v10 12/15] test: dm: Add test cases for FWU Metadata uclass Sughosh Ganu
2022-09-15 8:14 ` [PATCH v10 13/15] mkeficapsule: Add support for generating empty capsules Sughosh Ganu
2022-09-15 8:14 ` [PATCH v10 14/15] mkeficapsule: Add support for setting OEM flags in capsule header Sughosh Ganu
2022-09-15 8:14 ` [PATCH v10 15/15] FWU: doc: Add documentation for the FWU feature Sughosh Ganu
2022-09-19 21:37 ` Jassi Brar
2022-09-27 12:01 ` Etienne Carriere
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=YzrTy2nITBZxuWkT@hera \
--to=ilias.apalodimas@linaro.org \
--cc=bmeng.cn@gmail.com \
--cc=etienne.carriere@linaro.org \
--cc=jassisinghbrar@gmail.com \
--cc=jaswinder.singh@linaro.org \
--cc=monstr@monstr.eu \
--cc=patrice.chotard@foss.st.com \
--cc=patrick.delaunay@foss.st.com \
--cc=sjg@chromium.org \
--cc=sughosh.ganu@linaro.org \
--cc=takahiro.akashi@linaro.org \
--cc=trini@konsulko.com \
--cc=u-boot@lists.denx.de \
--cc=xypron.glpk@gmx.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox