From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <u-boot-bounces@lists.denx.de>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from phobos.denx.de (phobos.denx.de [85.214.62.61])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.lore.kernel.org (Postfix) with ESMTPS id 3E0B7C7EE29
	for <u-boot@archiver.kernel.org>; Wed,  7 Jun 2023 10:22:12 +0000 (UTC)
Received: from h2850616.stratoserver.net (localhost [IPv6:::1])
	by phobos.denx.de (Postfix) with ESMTP id 7F9A685F13;
	Wed,  7 Jun 2023 12:22:09 +0200 (CEST)
Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org
Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de
Authentication-Results: phobos.denx.de;
	dkim=pass (2048-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="OluiVrMJ";
	dkim-atps=neutral
Received: by phobos.denx.de (Postfix, from userid 109)
 id 03AB985F72; Wed,  7 Jun 2023 12:22:08 +0200 (CEST)
Received: from mail-pf1-x433.google.com (mail-pf1-x433.google.com
 [IPv6:2607:f8b0:4864:20::433])
 (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits))
 (No client certificate requested)
 by phobos.denx.de (Postfix) with ESMTPS id 275208206E
 for <u-boot@lists.denx.de>; Wed,  7 Jun 2023 12:22:05 +0200 (CEST)
Authentication-Results: phobos.denx.de;
 dmarc=pass (p=none dis=none) header.from=linaro.org
Authentication-Results: phobos.denx.de;
 spf=pass smtp.mailfrom=takahiro.akashi@linaro.org
Received: by mail-pf1-x433.google.com with SMTP id
 d2e1a72fcca58-657c4bcad0bso870585b3a.1
 for <u-boot@lists.denx.de>; Wed, 07 Jun 2023 03:22:05 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=linaro.org; s=google; t=1686133323; x=1688725323;
 h=in-reply-to:content-disposition:mime-version:references
 :mail-followup-to:message-id:subject:cc:to:from:date:from:to:cc
 :subject:date:message-id:reply-to;
 bh=diG69SDOQm72vGcFYbDTGdW7mkmds7Ov/O9NKMylaFE=;
 b=OluiVrMJYgv4DF0qaev5GRa40s5PJSsS0fNQHnD05HQal+Zva1rAkjicGAPsxoLg6d
 6EpQJa9HFbefPf/zN5yQOkPOcAwQ7wesIUWkcLPa3jlqFZCR4r6wO570jOrCI01oeqKX
 TTnYEfjJgGmUwZJwH9RLFs/jz22ADm7efKSfgB/IDWLcAMHl8R12XcBH62NcV7rJTjYl
 ngrH6C4sRbf7vRyL3EaTdshuHt++XuEWCyZNO8ZzQY8ftiXq+hYB1V7nwif0fsG6UXcs
 lri0mwc4kQa2ka55oF9uhW5uvyjqMBEekndmEvo8R//ohlQWbdwJpUoSXoIONnD+j6QZ
 AM3g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20221208; t=1686133323; x=1688725323;
 h=in-reply-to:content-disposition:mime-version:references
 :mail-followup-to:message-id:subject:cc:to:from:date
 :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
 bh=diG69SDOQm72vGcFYbDTGdW7mkmds7Ov/O9NKMylaFE=;
 b=fxviBcqNIqAHo8A31jTrCdWZpuq20dI/sH7KqxhiEh/cVLTpOXgT6rBGMHxS4x+de8
 7CU5MZJci4TuYw4hV01EJsk8n8jods/L7EhBcAzOl9jIcbV0+j98f1V7MpMk+NHFAnUw
 7FP+zAzmaUTClA42D2PNLbtET2Tovu8JwEaRqwetcb6XHpGADMPqZA7D5FnGDOKg26NI
 /Nvc7c7JcVgBjcIeSqrUo8c4nyqkmUTYByivINVjDA63spQvIvfLR2FnsAwjK48rxwW2
 gMJEIDZelgGNWQyhYDGbNwkPlC5GsojXxmsZm/Qul1Htb8l5ZsCE+MpTDNQEeAYtqwES
 SETA==
X-Gm-Message-State: AC+VfDyad8N8TX3/lu72xjlfDDf+V/Q/WvLKGstCwAths3Of99PZjPCd
 C+Ja5X9TAXT+/Cx8hpshi7Ied4v0TKisCjTThW8=
X-Google-Smtp-Source: ACHHUZ5fLbI3Z1JLb+bnaqo9dVX6YoZP7jvDRVudteemhCR9K+mc6HFqUDIzh/yruhzk9712CCDCRQ==
X-Received: by 2002:a05:6a21:32a2:b0:100:eb1e:3939 with SMTP id
 yt34-20020a056a2132a200b00100eb1e3939mr1626250pzb.1.1686133323305; 
 Wed, 07 Jun 2023 03:22:03 -0700 (PDT)
Received: from laputa ([2400:4050:c3e1:100:fc03:17ce:85e7:750])
 by smtp.gmail.com with ESMTPSA id
 e10-20020a63d94a000000b005308b255502sm8763304pgj.68.2023.06.07.03.22.01
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Wed, 07 Jun 2023 03:22:03 -0700 (PDT)
Date: Wed, 7 Jun 2023 19:21:59 +0900
From: Takahiro Akashi <takahiro.akashi@linaro.org>
To: Masahisa Kojima <masahisa.kojima@linaro.org>
Cc: u-boot@lists.denx.de, Heinrich Schuchardt <xypron.glpk@gmx.de>,
 Ilias Apalodimas <ilias.apalodimas@linaro.org>,
 Simon Glass <sjg@chromium.org>, malte.schmidt-oss@weidmueller.com
Subject: Re: [PATCH v9 08/10] doc: uefi: add anti-rollback documentation
Message-ID: <ZIBaR2XWTNeKhGMi@laputa>
Mail-Followup-To: Takahiro Akashi <takahiro.akashi@linaro.org>,
 Masahisa Kojima <masahisa.kojima@linaro.org>, u-boot@lists.denx.de,
 Heinrich Schuchardt <xypron.glpk@gmx.de>,
 Ilias Apalodimas <ilias.apalodimas@linaro.org>,
 Simon Glass <sjg@chromium.org>, malte.schmidt-oss@weidmueller.com
References: <20230607054201.42702-1-masahisa.kojima@linaro.org>
 <20230607054201.42702-9-masahisa.kojima@linaro.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20230607054201.42702-9-masahisa.kojima@linaro.org>
X-BeenThere: u-boot@lists.denx.de
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: U-Boot discussion <u-boot.lists.denx.de>
List-Unsubscribe: <https://lists.denx.de/options/u-boot>,
 <mailto:u-boot-request@lists.denx.de?subject=unsubscribe>
List-Archive: <https://lists.denx.de/pipermail/u-boot/>
List-Post: <mailto:u-boot@lists.denx.de>
List-Help: <mailto:u-boot-request@lists.denx.de?subject=help>
List-Subscribe: <https://lists.denx.de/listinfo/u-boot>,
 <mailto:u-boot-request@lists.denx.de?subject=subscribe>
Errors-To: u-boot-bounces@lists.denx.de
Sender: "U-Boot" <u-boot-bounces@lists.denx.de>
X-Virus-Scanned: clamav-milter 0.103.8 at phobos.denx.de
X-Virus-Status: Clean

On Wed, Jun 07, 2023 at 02:41:58PM +0900, Masahisa Kojima wrote:
> This commit describe the procedure to configure lowest supported
> version in the device tree for anti-rollback protection.
> 
> Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
> ---
> No update since v7
> 
> Changes in v7:
> - describe the usage
> 
> Newly created in v6
> 
>  doc/develop/uefi/uefi.rst | 39 +++++++++++++++++++++++++++++++++++++++
>  1 file changed, 39 insertions(+)
> 
> diff --git a/doc/develop/uefi/uefi.rst b/doc/develop/uefi/uefi.rst
> index 30b90a09d5..ffd13cebe9 100644
> --- a/doc/develop/uefi/uefi.rst
> +++ b/doc/develop/uefi/uefi.rst
> @@ -537,6 +537,45 @@ where signature.dts looks like::
>              };
>      };
>  
> +Anti-rollback Protection
> +************************
> +
> +Anti-rollback prevents unintentional installation of outdated firmware.
> +To enable anti-rollback, you must add the lowest-supported-version property
> +to dtb and specify --fw-version when creating a capsule file with the
> +mkeficapsule tool.
> +When executing capsule update, U-Boot checks if fw_version is greater than
> +or equal to lowest-supported-version. If fw_version is less than
> +lowest-supported-version, the update will fail.
> +For example, if lowest-supported-version is set to 7 and you run capsule
> +update using a capsule file with --fw-version of 5, the update will fail.
> +When the --fw-version in the capsule file is updated, lowest-supported-version
> +in the dtb might be updated accordingly.
              ^^^^^^^^^^^^^^^^^^^^^^^^^^^^

I think that you should explicitly mention that a user always needs to update dtb
*manually* in order to enforce anti-rollback to *any* older version.
Otherwise, people may recognize that dtb be updated by the system (U-Boot).

-Takahiro Akashi

> +
> +To insert the lowest supported version into a dtb
> +
> +.. code-block:: console
> +
> +    $ dtc -@ -I dts -O dtb -o version.dtbo version.dts
> +    $ fdtoverlay -i orig.dtb -o new.dtb -v version.dtbo
> +
> +where version.dts looks like::
> +
> +    /dts-v1/;
> +    /plugin/;
> +    &{/} {
> +            firmware-version {
> +                    image1 {
> +                            image-type-id = "09D7CF52-0720-4710-91D1-08469B7FE9C8";
> +                            image-index = <1>;
> +                            lowest-supported-version = <3>;
> +                    };
> +            };
> +    };
> +
> +The properties of image-type-id and image-index must match the value
> +defined in the efi_fw_image array as image_type_id and image_index.
> +
>  Executing the boot manager
>  ~~~~~~~~~~~~~~~~~~~~~~~~~~
>  
> -- 
> 2.34.1
>