From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <u-boot-bounces@lists.denx.de>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from phobos.denx.de (phobos.denx.de [85.214.62.61])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.lore.kernel.org (Postfix) with ESMTPS id 7448FEB64D9
	for <u-boot@archiver.kernel.org>; Mon, 19 Jun 2023 05:46:35 +0000 (UTC)
Received: from h2850616.stratoserver.net (localhost [IPv6:::1])
	by phobos.denx.de (Postfix) with ESMTP id DA3CF85C5A;
	Mon, 19 Jun 2023 07:46:32 +0200 (CEST)
Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org
Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de
Authentication-Results: phobos.denx.de;
	dkim=pass (2048-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="fBAX0cmu";
	dkim-atps=neutral
Received: by phobos.denx.de (Postfix, from userid 109)
 id 4D0D68474B; Mon, 19 Jun 2023 07:46:31 +0200 (CEST)
Received: from mail-pj1-x1029.google.com (mail-pj1-x1029.google.com
 [IPv6:2607:f8b0:4864:20::1029])
 (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits))
 (No client certificate requested)
 by phobos.denx.de (Postfix) with ESMTPS id 4F8E585DB6
 for <u-boot@lists.denx.de>; Mon, 19 Jun 2023 07:46:28 +0200 (CEST)
Authentication-Results: phobos.denx.de;
 dmarc=pass (p=none dis=none) header.from=linaro.org
Authentication-Results: phobos.denx.de;
 spf=pass smtp.mailfrom=takahiro.akashi@linaro.org
Received: by mail-pj1-x1029.google.com with SMTP id
 98e67ed59e1d1-25e847bb482so478950a91.1
 for <u-boot@lists.denx.de>; Sun, 18 Jun 2023 22:46:28 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=linaro.org; s=google; t=1687153586; x=1689745586;
 h=in-reply-to:content-disposition:mime-version:references
 :mail-followup-to:message-id:subject:cc:to:from:date:from:to:cc
 :subject:date:message-id:reply-to;
 bh=M5s/HuS7mhUcAdZWfIudGf6XSqbwyevDtJR2yRfCdSM=;
 b=fBAX0cmuxqzwEmEROWg3DW5cUMJBZNegYrdIqMlXVlQwuTr0iKNVHHf5xaNIKVXoZF
 7elQjY/0OSxKz0EjLCAbMl6m/+W3QOwJApjqkiCob1i2VMjCl50U2LJi8LTO/Silhc+/
 bYIVHqlX6/apfPDS7J7Lw7OdNUMqsqCkHFPMvBRJx+Zs7ODSmDPv5uwHjOr0FzwNn9KG
 BczJqymsPS37RGsiPGRZFYJEubXYzPphZ3O1f1aJsGwMxjhMFTnAqTRu3RTSMZ9s9aqU
 FheQqMcQHvoy4LLikpQivz5wU5HOypav+ToONXG68YjjcoC/dQLKlyRBzrovtu3MMG0l
 a2+Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20221208; t=1687153586; x=1689745586;
 h=in-reply-to:content-disposition:mime-version:references
 :mail-followup-to:message-id:subject:cc:to:from:date
 :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
 bh=M5s/HuS7mhUcAdZWfIudGf6XSqbwyevDtJR2yRfCdSM=;
 b=RfLRbuRmr/ZKSpa7x49tJp+WU9qEhTZcGquQGAbDmIVHqNn/VD96SCh+k2HkC/yM4Q
 qIzq8PUPprmeuN0K8LhPO8C7qY9y8zsxwQekcxI1FYpEyZcG45hxxv1Li682vXCm7Tv1
 u9PVoAv8YG+Z50jk/uXJImulr2H/m072D/lsGk6k46zzD2B1anmfTdaqFual9nfRe1+l
 0NQs7Xj2y3DKkOCRRtVPpuRI1iv48uFzAgW4tqhO9j56GEzD2kp647K8WCc5BpuEv6nR
 I9Hd8lCjaZn1T981zWMTWgWFvA998vEzSD8YdHFnHiVt19Z5h9g8h6SIU31Q12MMQuRd
 z0kQ==
X-Gm-Message-State: AC+VfDx96yhw2x1Hj+Sedvjb6134QZKWsu/iRVIrox7pCzikI8NRw6bx
 PrRYcRv8TiZ6r72xFLBIFmzX2A==
X-Google-Smtp-Source: ACHHUZ4/XzwtEzyi1WJZ9IEmCEinDlKpHF2pCuh2/G4Qy330fekiD9hiXNttT5RVUZcCXOhrR66xSA==
X-Received: by 2002:a17:90b:17c3:b0:252:a208:1fef with SMTP id
 me3-20020a17090b17c300b00252a2081fefmr11381968pjb.0.1687153586463; 
 Sun, 18 Jun 2023 22:46:26 -0700 (PDT)
Received: from laputa ([2400:4050:c3e1:100:7540:94e3:d1be:6785])
 by smtp.gmail.com with ESMTPSA id
 nr5-20020a17090b240500b0025dc5749b4csm4908347pjb.21.2023.06.18.22.46.24
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Sun, 18 Jun 2023 22:46:26 -0700 (PDT)
Date: Mon, 19 Jun 2023 14:46:22 +0900
From: Takahiro Akashi <takahiro.akashi@linaro.org>
To: Heinrich Schuchardt <xypron.glpk@gmx.de>
Cc: Masahisa Kojima <masahisa.kojima@linaro.org>,
 Ilias Apalodimas <ilias.apalodimas@linaro.org>, u-boot@lists.denx.de
Subject: Re: [PATCH] doc: uefi: explicitly describe manual dtb update is
 required
Message-ID: <ZI_rrqIUXTS4A4YU@laputa>
Mail-Followup-To: Takahiro Akashi <takahiro.akashi@linaro.org>,
 Heinrich Schuchardt <xypron.glpk@gmx.de>,
 Masahisa Kojima <masahisa.kojima@linaro.org>,
 Ilias Apalodimas <ilias.apalodimas@linaro.org>,
 u-boot@lists.denx.de
References: <20230615080344.106856-1-masahisa.kojima@linaro.org>
 <0cc1670a-ff5e-4c28-9e73-cc1901ffc1d4@gmx.de>
 <ZI-mModM5qT2MgoZ@laputa>
 <FD1DCFAA-E369-4204-A782-FF71B6A97361@gmx.de>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <FD1DCFAA-E369-4204-A782-FF71B6A97361@gmx.de>
X-BeenThere: u-boot@lists.denx.de
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: U-Boot discussion <u-boot.lists.denx.de>
List-Unsubscribe: <https://lists.denx.de/options/u-boot>,
 <mailto:u-boot-request@lists.denx.de?subject=unsubscribe>
List-Archive: <https://lists.denx.de/pipermail/u-boot/>
List-Post: <mailto:u-boot@lists.denx.de>
List-Help: <mailto:u-boot-request@lists.denx.de?subject=help>
List-Subscribe: <https://lists.denx.de/listinfo/u-boot>,
 <mailto:u-boot-request@lists.denx.de?subject=subscribe>
Errors-To: u-boot-bounces@lists.denx.de
Sender: "U-Boot" <u-boot-bounces@lists.denx.de>
X-Virus-Scanned: clamav-milter 0.103.8 at phobos.denx.de
X-Virus-Status: Clean

Hi Heinrich,

On Mon, Jun 19, 2023 at 06:37:14AM +0200, Heinrich Schuchardt wrote:
> 
> 
> Am 19. Juni 2023 02:49:54 MESZ schrieb Takahiro Akashi <takahiro.akashi@linaro.org>:
> >On Sat, Jun 17, 2023 at 09:58:13PM +0200, Heinrich Schuchardt wrote:
> >> On 6/15/23 10:03, Masahisa Kojima wrote:
> >> > To enforce anti-rollback to any older version, dtb must be
> >> > always update manually. This should be described in the
> >> > documentation.
> >> > 
> >> > Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
> >> > ---
> >> >   doc/develop/uefi/uefi.rst | 3 +++
> >> >   1 file changed, 3 insertions(+)
> >> > 
> >> > diff --git a/doc/develop/uefi/uefi.rst b/doc/develop/uefi/uefi.rst
> >> > index ffd13cebe9..d5f8c5f236 100644
> >> > --- a/doc/develop/uefi/uefi.rst
> >> > +++ b/doc/develop/uefi/uefi.rst
> >> > @@ -552,6 +552,9 @@ update using a capsule file with --fw-version of 5, the update will fail.
> >> >   When the --fw-version in the capsule file is updated, lowest-supported-version
> >> >   in the dtb might be updated accordingly.
> >> > 
> >> > +If user needs to enroce anti-rollback to any older version,
> >> > +the lowest-supported-version property in dtb must be always updated manually.
> >> 
> >> Thank you for updating the documentation.
> >> 
> >> Allowing to circumvent the rollback protection is a security issue. On a
> >> secure system you would probably want to disable console commands like
> >> mc and fdt. Shouldn't we provide an advice for safe settings?
> >
> >Is there any case where a user wants to use fdt for some reason,
> >for example, in CONFIG_PREBOOT or CONFIG_BOOTCOMMAND?
> >
> >-Takahiro Akashi
> 
> Dtb overlays can applied via the fdt command.

What I meant to say was that, if there is an useful use case of fdt
command, it would be too restrictive to recommend disabling the command.
(Questioning if a device tree is the right place to put the data.)

-Takahiro Akashi

> Best regards
> 
> Heinrich
> 
> 
> >
> >> E.g.
> >> 
> >> "If a user wanted to enable a rollback to a version forbidden by the
> >> lowest-supported-version property specified in U-Boot's control
> >> device-tree, they could change this property using the fdt command.
> >> Secure systems should not enable this command."
> >> 
> >> Best regards
> >> 
> >> Heinrich
> >> 
> >> > +
> >> >   To insert the lowest supported version into a dtb
> >> > 
> >> >   .. code-block:: console
> >> > 
> >> > base-commit: e350d0c60d413d441cbdfa9432ebadb56f625903
> >>