[PATCH] doc: uefi: explicitly describe manual dtb update is required

public inbox for u-boot@lists.denx.de
 help / color / mirror / Atom feed

* [PATCH] doc: uefi: explicitly describe manual dtb update is required
@ 2023-06-15  8:03 Masahisa Kojima
  2023-06-17 19:58 ` Heinrich Schuchardt
  0 siblings, 1 reply; 5+ messages in thread
From: Masahisa Kojima @ 2023-06-15  8:03 UTC (permalink / raw)
  To: u-boot
  Cc: Heinrich Schuchardt, Ilias Apalodimas, Takahiro Akashi,
	Masahisa Kojima

To enforce anti-rollback to any older version, dtb must be
always update manually. This should be described in the
documentation.

Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
---
 doc/develop/uefi/uefi.rst | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/doc/develop/uefi/uefi.rst b/doc/develop/uefi/uefi.rst
index ffd13cebe9..d5f8c5f236 100644
--- a/doc/develop/uefi/uefi.rst
+++ b/doc/develop/uefi/uefi.rst
@@ -552,6 +552,9 @@ update using a capsule file with --fw-version of 5, the update will fail.
 When the --fw-version in the capsule file is updated, lowest-supported-version
 in the dtb might be updated accordingly.
 
+If user needs to enroce anti-rollback to any older version,
+the lowest-supported-version property in dtb must be always updated manually.
+
 To insert the lowest supported version into a dtb
 
 .. code-block:: console

base-commit: e350d0c60d413d441cbdfa9432ebadb56f625903
-- 
2.34.1


^ permalink raw reply related	[flat|nested] 5+ messages in thread

* Re: [PATCH] doc: uefi: explicitly describe manual dtb update is required
  2023-06-15  8:03 [PATCH] doc: uefi: explicitly describe manual dtb update is required Masahisa Kojima
@ 2023-06-17 19:58 ` Heinrich Schuchardt
  2023-06-19  0:49   ` Takahiro Akashi
  0 siblings, 1 reply; 5+ messages in thread
From: Heinrich Schuchardt @ 2023-06-17 19:58 UTC (permalink / raw)
  To: Masahisa Kojima; +Cc: Ilias Apalodimas, Takahiro Akashi, u-boot

On 6/15/23 10:03, Masahisa Kojima wrote:
> To enforce anti-rollback to any older version, dtb must be
> always update manually. This should be described in the
> documentation.
>
> Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
> ---
>   doc/develop/uefi/uefi.rst | 3 +++
>   1 file changed, 3 insertions(+)
>
> diff --git a/doc/develop/uefi/uefi.rst b/doc/develop/uefi/uefi.rst
> index ffd13cebe9..d5f8c5f236 100644
> --- a/doc/develop/uefi/uefi.rst
> +++ b/doc/develop/uefi/uefi.rst
> @@ -552,6 +552,9 @@ update using a capsule file with --fw-version of 5, the update will fail.
>   When the --fw-version in the capsule file is updated, lowest-supported-version
>   in the dtb might be updated accordingly.
>
> +If user needs to enroce anti-rollback to any older version,
> +the lowest-supported-version property in dtb must be always updated manually.

Thank you for updating the documentation.

Allowing to circumvent the rollback protection is a security issue. On a
secure system you would probably want to disable console commands like
mc and fdt. Shouldn't we provide an advice for safe settings?

E.g.

"If a user wanted to enable a rollback to a version forbidden by the
lowest-supported-version property specified in U-Boot's control
device-tree, they could change this property using the fdt command.
Secure systems should not enable this command."

Best regards

Heinrich

> +
>   To insert the lowest supported version into a dtb
>
>   .. code-block:: console
>
> base-commit: e350d0c60d413d441cbdfa9432ebadb56f625903


^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [PATCH] doc: uefi: explicitly describe manual dtb update is required
  2023-06-17 19:58 ` Heinrich Schuchardt
@ 2023-06-19  0:49   ` Takahiro Akashi
  2023-06-19  4:37     ` Heinrich Schuchardt
  0 siblings, 1 reply; 5+ messages in thread
From: Takahiro Akashi @ 2023-06-19  0:49 UTC (permalink / raw)
  To: Heinrich Schuchardt; +Cc: Masahisa Kojima, Ilias Apalodimas, u-boot

On Sat, Jun 17, 2023 at 09:58:13PM +0200, Heinrich Schuchardt wrote:
> On 6/15/23 10:03, Masahisa Kojima wrote:
> > To enforce anti-rollback to any older version, dtb must be
> > always update manually. This should be described in the
> > documentation.
> > 
> > Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
> > ---
> >   doc/develop/uefi/uefi.rst | 3 +++
> >   1 file changed, 3 insertions(+)
> > 
> > diff --git a/doc/develop/uefi/uefi.rst b/doc/develop/uefi/uefi.rst
> > index ffd13cebe9..d5f8c5f236 100644
> > --- a/doc/develop/uefi/uefi.rst
> > +++ b/doc/develop/uefi/uefi.rst
> > @@ -552,6 +552,9 @@ update using a capsule file with --fw-version of 5, the update will fail.
> >   When the --fw-version in the capsule file is updated, lowest-supported-version
> >   in the dtb might be updated accordingly.
> > 
> > +If user needs to enroce anti-rollback to any older version,
> > +the lowest-supported-version property in dtb must be always updated manually.
> 
> Thank you for updating the documentation.
> 
> Allowing to circumvent the rollback protection is a security issue. On a
> secure system you would probably want to disable console commands like
> mc and fdt. Shouldn't we provide an advice for safe settings?

Is there any case where a user wants to use fdt for some reason,
for example, in CONFIG_PREBOOT or CONFIG_BOOTCOMMAND?

-Takahiro Akashi

> E.g.
> 
> "If a user wanted to enable a rollback to a version forbidden by the
> lowest-supported-version property specified in U-Boot's control
> device-tree, they could change this property using the fdt command.
> Secure systems should not enable this command."
> 
> Best regards
> 
> Heinrich
> 
> > +
> >   To insert the lowest supported version into a dtb
> > 
> >   .. code-block:: console
> > 
> > base-commit: e350d0c60d413d441cbdfa9432ebadb56f625903
> 

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [PATCH] doc: uefi: explicitly describe manual dtb update is required
  2023-06-19  0:49   ` Takahiro Akashi
@ 2023-06-19  4:37     ` Heinrich Schuchardt
  2023-06-19  5:46       ` Takahiro Akashi
  0 siblings, 1 reply; 5+ messages in thread
From: Heinrich Schuchardt @ 2023-06-19  4:37 UTC (permalink / raw)
  To: Takahiro Akashi; +Cc: Masahisa Kojima, Ilias Apalodimas, u-boot



Am 19. Juni 2023 02:49:54 MESZ schrieb Takahiro Akashi <takahiro.akashi@linaro.org>:
>On Sat, Jun 17, 2023 at 09:58:13PM +0200, Heinrich Schuchardt wrote:
>> On 6/15/23 10:03, Masahisa Kojima wrote:
>> > To enforce anti-rollback to any older version, dtb must be
>> > always update manually. This should be described in the
>> > documentation.
>> > 
>> > Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
>> > ---
>> >   doc/develop/uefi/uefi.rst | 3 +++
>> >   1 file changed, 3 insertions(+)
>> > 
>> > diff --git a/doc/develop/uefi/uefi.rst b/doc/develop/uefi/uefi.rst
>> > index ffd13cebe9..d5f8c5f236 100644
>> > --- a/doc/develop/uefi/uefi.rst
>> > +++ b/doc/develop/uefi/uefi.rst
>> > @@ -552,6 +552,9 @@ update using a capsule file with --fw-version of 5, the update will fail.
>> >   When the --fw-version in the capsule file is updated, lowest-supported-version
>> >   in the dtb might be updated accordingly.
>> > 
>> > +If user needs to enroce anti-rollback to any older version,
>> > +the lowest-supported-version property in dtb must be always updated manually.
>> 
>> Thank you for updating the documentation.
>> 
>> Allowing to circumvent the rollback protection is a security issue. On a
>> secure system you would probably want to disable console commands like
>> mc and fdt. Shouldn't we provide an advice for safe settings?
>
>Is there any case where a user wants to use fdt for some reason,
>for example, in CONFIG_PREBOOT or CONFIG_BOOTCOMMAND?
>
>-Takahiro Akashi

Dtb overlays can applied via the fdt command.

Best regards

Heinrich


>
>> E.g.
>> 
>> "If a user wanted to enable a rollback to a version forbidden by the
>> lowest-supported-version property specified in U-Boot's control
>> device-tree, they could change this property using the fdt command.
>> Secure systems should not enable this command."
>> 
>> Best regards
>> 
>> Heinrich
>> 
>> > +
>> >   To insert the lowest supported version into a dtb
>> > 
>> >   .. code-block:: console
>> > 
>> > base-commit: e350d0c60d413d441cbdfa9432ebadb56f625903
>> 

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [PATCH] doc: uefi: explicitly describe manual dtb update is required
  2023-06-19  4:37     ` Heinrich Schuchardt
@ 2023-06-19  5:46       ` Takahiro Akashi
  0 siblings, 0 replies; 5+ messages in thread
From: Takahiro Akashi @ 2023-06-19  5:46 UTC (permalink / raw)
  To: Heinrich Schuchardt; +Cc: Masahisa Kojima, Ilias Apalodimas, u-boot

Hi Heinrich,

On Mon, Jun 19, 2023 at 06:37:14AM +0200, Heinrich Schuchardt wrote:
> 
> 
> Am 19. Juni 2023 02:49:54 MESZ schrieb Takahiro Akashi <takahiro.akashi@linaro.org>:
> >On Sat, Jun 17, 2023 at 09:58:13PM +0200, Heinrich Schuchardt wrote:
> >> On 6/15/23 10:03, Masahisa Kojima wrote:
> >> > To enforce anti-rollback to any older version, dtb must be
> >> > always update manually. This should be described in the
> >> > documentation.
> >> > 
> >> > Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
> >> > ---
> >> >   doc/develop/uefi/uefi.rst | 3 +++
> >> >   1 file changed, 3 insertions(+)
> >> > 
> >> > diff --git a/doc/develop/uefi/uefi.rst b/doc/develop/uefi/uefi.rst
> >> > index ffd13cebe9..d5f8c5f236 100644
> >> > --- a/doc/develop/uefi/uefi.rst
> >> > +++ b/doc/develop/uefi/uefi.rst
> >> > @@ -552,6 +552,9 @@ update using a capsule file with --fw-version of 5, the update will fail.
> >> >   When the --fw-version in the capsule file is updated, lowest-supported-version
> >> >   in the dtb might be updated accordingly.
> >> > 
> >> > +If user needs to enroce anti-rollback to any older version,
> >> > +the lowest-supported-version property in dtb must be always updated manually.
> >> 
> >> Thank you for updating the documentation.
> >> 
> >> Allowing to circumvent the rollback protection is a security issue. On a
> >> secure system you would probably want to disable console commands like
> >> mc and fdt. Shouldn't we provide an advice for safe settings?
> >
> >Is there any case where a user wants to use fdt for some reason,
> >for example, in CONFIG_PREBOOT or CONFIG_BOOTCOMMAND?
> >
> >-Takahiro Akashi
> 
> Dtb overlays can applied via the fdt command.

What I meant to say was that, if there is an useful use case of fdt
command, it would be too restrictive to recommend disabling the command.
(Questioning if a device tree is the right place to put the data.)

-Takahiro Akashi

> Best regards
> 
> Heinrich
> 
> 
> >
> >> E.g.
> >> 
> >> "If a user wanted to enable a rollback to a version forbidden by the
> >> lowest-supported-version property specified in U-Boot's control
> >> device-tree, they could change this property using the fdt command.
> >> Secure systems should not enable this command."
> >> 
> >> Best regards
> >> 
> >> Heinrich
> >> 
> >> > +
> >> >   To insert the lowest supported version into a dtb
> >> > 
> >> >   .. code-block:: console
> >> > 
> >> > base-commit: e350d0c60d413d441cbdfa9432ebadb56f625903
> >> 

^ permalink raw reply	[flat|nested] 5+ messages in thread

end of thread, other threads:[~2023-06-19  5:46 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2023-06-15  8:03 [PATCH] doc: uefi: explicitly describe manual dtb update is required Masahisa Kojima
2023-06-17 19:58 ` Heinrich Schuchardt
2023-06-19  0:49   ` Takahiro Akashi
2023-06-19  4:37     ` Heinrich Schuchardt
2023-06-19  5:46       ` Takahiro Akashi

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox