| Message ID | 20220414105448.559043-5-sughosh.ganu@linaro.org |
|---|---|
| State | Superseded |
| Headers | show |
| Series | efi: capsule: Capsule Update fixes and enhancements | expand |
2022年4月14日(木) 19:55 Sughosh Ganu <sughosh.ganu@linaro.org>: > > Currently, there are a bunch of boards which enable the UEFI capsule > update feature. The actual update of the firmware images is done > through the dfu framework which uses the dfu_alt_info environment > variable for getting information on the update, like device, partition > number/address etc. The dfu framework allows the variable to be set > through the set_dfu_alt_info function defined by the platform, or if > the function is not defined, it gets the variable from the > environment. Using the value set in the environment is not very > robust, since the variable can be modified from the u-boot command > line and this can cause an incorrect update. > > To prevent this from happening, define the set_dfu_alt_info function > when the capsule update feature is enabled. A weak function is defined > which sets the dfu_alt_info environment variable by getting the string > for the variable from the platform. This sounds reasonable. Reviewed-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Thank you, > > Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> > --- > > Changes since V6: None > > lib/efi_loader/Kconfig | 2 ++ > lib/efi_loader/efi_firmware.c | 5 +++++ > 2 files changed, 7 insertions(+) > > diff --git a/lib/efi_loader/Kconfig b/lib/efi_loader/Kconfig > index 559b95a599..d50cd2563d 100644 > --- a/lib/efi_loader/Kconfig > +++ b/lib/efi_loader/Kconfig > @@ -181,6 +181,7 @@ config EFI_CAPSULE_FIRMWARE_FIT > depends on EFI_CAPSULE_FIRMWARE_MANAGEMENT > select UPDATE_FIT > select DFU > + select SET_DFU_ALT_INFO > select EFI_CAPSULE_FIRMWARE > help > Select this option if you want to enable firmware management protocol > @@ -192,6 +193,7 @@ config EFI_CAPSULE_FIRMWARE_RAW > depends on SANDBOX || (!SANDBOX && !EFI_CAPSULE_FIRMWARE_FIT) > select DFU_WRITE_ALT > select DFU > + select SET_DFU_ALT_INFO > select EFI_CAPSULE_FIRMWARE > help > Select this option if you want to enable firmware management protocol > diff --git a/lib/efi_loader/efi_firmware.c b/lib/efi_loader/efi_firmware.c > index 46aa7a001a..aff5519e54 100644 > --- a/lib/efi_loader/efi_firmware.c > +++ b/lib/efi_loader/efi_firmware.c > @@ -35,6 +35,11 @@ struct fmp_payload_header { > u32 lowest_supported_version; > }; > > +__weak void set_dfu_alt_info(char *interface, char *devstr) > +{ > + env_set("dfu_alt_info", update_info.dfu_string); > +} > + > /* Place holder; not supported */ > static > efi_status_t EFIAPI efi_firmware_get_image_unsupported( > -- > 2.25.1 >
diff --git a/lib/efi_loader/Kconfig b/lib/efi_loader/Kconfig index 559b95a599..d50cd2563d 100644 --- a/lib/efi_loader/Kconfig +++ b/lib/efi_loader/Kconfig @@ -181,6 +181,7 @@ config EFI_CAPSULE_FIRMWARE_FIT depends on EFI_CAPSULE_FIRMWARE_MANAGEMENT select UPDATE_FIT select DFU + select SET_DFU_ALT_INFO select EFI_CAPSULE_FIRMWARE help Select this option if you want to enable firmware management protocol @@ -192,6 +193,7 @@ config EFI_CAPSULE_FIRMWARE_RAW depends on SANDBOX || (!SANDBOX && !EFI_CAPSULE_FIRMWARE_FIT) select DFU_WRITE_ALT select DFU + select SET_DFU_ALT_INFO select EFI_CAPSULE_FIRMWARE help Select this option if you want to enable firmware management protocol diff --git a/lib/efi_loader/efi_firmware.c b/lib/efi_loader/efi_firmware.c index 46aa7a001a..aff5519e54 100644 --- a/lib/efi_loader/efi_firmware.c +++ b/lib/efi_loader/efi_firmware.c @@ -35,6 +35,11 @@ struct fmp_payload_header { u32 lowest_supported_version; }; +__weak void set_dfu_alt_info(char *interface, char *devstr) +{ + env_set("dfu_alt_info", update_info.dfu_string); +} + /* Place holder; not supported */ static efi_status_t EFIAPI efi_firmware_get_image_unsupported(
Currently, there are a bunch of boards which enable the UEFI capsule update feature. The actual update of the firmware images is done through the dfu framework which uses the dfu_alt_info environment variable for getting information on the update, like device, partition number/address etc. The dfu framework allows the variable to be set through the set_dfu_alt_info function defined by the platform, or if the function is not defined, it gets the variable from the environment. Using the value set in the environment is not very robust, since the variable can be modified from the u-boot command line and this can cause an incorrect update. To prevent this from happening, define the set_dfu_alt_info function when the capsule update feature is enabled. A weak function is defined which sets the dfu_alt_info environment variable by getting the string for the variable from the platform. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> --- Changes since V6: None lib/efi_loader/Kconfig | 2 ++ lib/efi_loader/efi_firmware.c | 5 +++++ 2 files changed, 7 insertions(+)