From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from phobos.denx.de (phobos.denx.de [85.214.62.61]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id E6B35C77B73 for ; Mon, 22 May 2023 21:36:11 +0000 (UTC) Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id E17A582153; Mon, 22 May 2023 23:36:09 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="z6weGGSs"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id 0637F847A1; Mon, 22 May 2023 23:36:08 +0200 (CEST) Received: from mail-wr1-x429.google.com (mail-wr1-x429.google.com [IPv6:2a00:1450:4864:20::429]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id B7F1B81D65 for ; Mon, 22 May 2023 23:36:05 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=ilias.apalodimas@linaro.org Received: by mail-wr1-x429.google.com with SMTP id ffacd0b85a97d-30a8fa6e6fcso1223729f8f.1 for ; Mon, 22 May 2023 14:36:05 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1684791365; x=1687383365; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:from:to:cc:subject:date:message-id:reply-to; bh=5QRh3xFmaLqpkkgvc/nF8+gkqEPJ6Dy2znL70D4PJuw=; b=z6weGGSsbNaBDsMkoYskzzHWpCyOoXaVD9QF7FnnEs78SGDO/lcI/L331b18b9V2Jn WKp8Z3xC16xxTH+kWBhtGuj8bW+7xQr1S6qk4AbtSzN9/dh7k32//+4K51U2RQkPKq9T /sviK19qaR4sgqaOvZCKRAJMMbNOi4HNJukvqaSwKofegRgVlBqs4YkH1JLWk7IhETwW W99AYDtXiYqdXATz6lSFO3fTYbD4rVYLkvvNmbAG7xjiSJsCTtj2w0eyDfoDCIC+2rG0 bAFOqSzzEsvejFsSnAPvZAFCoEgiertJMcrGws/aeHFyuNvMuyM8VpsTwuFlErLd2drS omNw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1684791365; x=1687383365; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=5QRh3xFmaLqpkkgvc/nF8+gkqEPJ6Dy2znL70D4PJuw=; b=Go8La3rb8HH0sCu2BRi/soS3pdpUxyGHHGThkDYicF+Hwq/NVhatoa8VBdWDd8wv8Z wi9M9ufRBzXcUvGhg+ceHilJrPySZFUMDJMo31Ax7SFV8yX6CXSHhH/BI7JxfxxLpe1u n9/W61XORMy3rgJt2UY6t2iiyOwydlm9R76TORVSNXlF1nKtIjaKo4jE6m06YKTmaSoy 2B6OBIEYo/eg2oY0V8w2SvLLpjw15lw+PTKs4bcwZfsy+8NrpygohvLhJRf+qiWJUq3u EqbIEwrb5xIMkH+bnXZ4ltJWDPdvvXgdntsxJVK5DiFzFYeRmx6wiWrHpx4sheogQguT 1qMA== X-Gm-Message-State: AC+VfDxvi8HR3yjfzPhn7afUeClWf534tCdMW5pvZ46YPExCwxRPwyT3 70tvvhTq7U/shHEuzwhBZ/oVEw== X-Google-Smtp-Source: ACHHUZ53ztllnr0ChQvcJokE3zEj+6xWLHtxw0J9maDS2LfJS/XlL8eLhfgtIO9voIRvrpK11QgAKg== X-Received: by 2002:a05:6000:1041:b0:306:4125:8bc0 with SMTP id c1-20020a056000104100b0030641258bc0mr7777707wrx.29.1684791365145; Mon, 22 May 2023 14:36:05 -0700 (PDT) Received: from hera (ppp176092130041.access.hol.gr. [176.92.130.41]) by smtp.gmail.com with ESMTPSA id e5-20020a5d4e85000000b003047dc162f7sm8859529wru.67.2023.05.22.14.36.04 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 22 May 2023 14:36:04 -0700 (PDT) Date: Tue, 23 May 2023 00:36:02 +0300 From: Ilias Apalodimas To: Masahisa Kojima Cc: u-boot@lists.denx.de, Heinrich Schuchardt , Simon Glass , Takahiro Akashi Subject: Re: [PATCH v6 5/8] efi_loader: check lowest supported version Message-ID: References: <20230519103214.1239656-1-masahisa.kojima@linaro.org> <20230519103214.1239656-6-masahisa.kojima@linaro.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20230519103214.1239656-6-masahisa.kojima@linaro.org> X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.39 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.8 at phobos.denx.de X-Virus-Status: Clean On Fri, May 19, 2023 at 07:32:11PM +0900, Masahisa Kojima wrote: > The FMP Payload Header which EDK II capsule generation scripts > insert has a firmware version. > This commit reads the lowest supported version stored in the > device tree, then check if the firmware version in FMP payload header > of the ongoing capsule is equal or greater than the > lowest supported version. If the firmware version is lower than > lowest supported version, capsule update will not be performed. > > Signed-off-by: Masahisa Kojima > --- > Changes in v6: > - get aligned to the latest implementation > > Changes in v5: > - newly implement the device tree based versioning > > Changes in v4: > - use log_err() instead of printf() > > Changes in v2: > - add error message when the firmware version is lower than > lowest supported version > > lib/efi_loader/efi_firmware.c | 19 ++++++++++++++++++- > 1 file changed, 18 insertions(+), 1 deletion(-) > > diff --git a/lib/efi_loader/efi_firmware.c b/lib/efi_loader/efi_firmware.c > index 00cf9a088a..7cd0016765 100644 > --- a/lib/efi_loader/efi_firmware.c > +++ b/lib/efi_loader/efi_firmware.c > @@ -424,7 +424,8 @@ static void efi_firmware_get_fw_version(const void **p_image, > * @image_index Image index > * @state Pointer to fmp state > * > - * Verify the capsule file > + * Verify the capsule authentication and check if the fw_version > + * is equal or greater than the lowest supported version. > * > * Return: status code > */ > @@ -434,11 +435,27 @@ efi_status_t efi_firmware_verify_image(const void **p_image, > u8 image_index, > struct fmp_state *state) > { > + u32 lsv; > efi_status_t ret; > + efi_guid_t *image_type_id; > > ret = efi_firmware_capsule_authenticate(p_image, p_image_size); > efi_firmware_get_fw_version(p_image, p_image_size, state); > > + /* check lowest_supported_version if capsule authentication passes */ > + if (ret == EFI_SUCCESS) { What's the point of this here? Can;'t we move this check right after efi_firmware_capsule_authenticate() and return a security violation if that failed? > + image_type_id = efi_firmware_get_image_type_id(image_index); > + if (!image_type_id) > + return EFI_INVALID_PARAMETER; > + > + efi_firmware_get_lsv_from_dtb(image_index, image_type_id, &lsv); > + if (state->fw_version < lsv) { > + log_err("Firmware version %u too low. Expecting >= %u. Aborting update\n", > + state->fw_version, lsv); > + return EFI_INVALID_PARAMETER; > + } > + } > + > return ret; > } > > -- > 2.17.1 > Thanks /Ilias