From patchwork Thu Mar 31 13:27:45 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sughosh Ganu X-Patchwork-Id: 555278 Delivered-To: patch@linaro.org Received: by 2002:a05:7000:1248:0:0:0:0 with SMTP id z8csp639557mag; Thu, 31 Mar 2022 06:28:52 -0700 (PDT) X-Google-Smtp-Source: ABdhPJw7ZSqppoEq3g0iLkkFCqNhsBEkNoz9oixlEIuEKb1z5mdfWJ4tT2Z4w7xXs/IMlZ5GJwZl X-Received: by 2002:a05:6402:1c1e:b0:416:5b93:eacf with SMTP id ck30-20020a0564021c1e00b004165b93eacfmr16808781edb.302.1648733332399; Thu, 31 Mar 2022 06:28:52 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1648733332; cv=none; d=google.com; s=arc-20160816; b=Ij2s041eHWK/B5MT5YuvB3+7hJrZ3Bj4Me+2gtFzEbku/BYCK+7c9mphnb2LSophXr Sv4eV4/JpBhPQvt4vLKJCDBkDMl/ZBDpR+CBonOLsat3/F8KPJ1oUzwVsL2NkP1Eak76 PsZ9MXRDVFjCibSd2nQdCsPECDQntzrJ3g8ptQ8sr22Sy6j9vzoI/tflc9dKGzKUXXD3 4dO6KwaA45QXiiRTapdsmt2QcIlj0M5Jibj8d9/yQVttszXsYlHtsMKDp7uDVju4BLp8 2Q1fCaUo7V0616iIi7q4GvOltDKHxgpL12BOIafDcwLg0fx1LnwGBOttx/XT6q/FZVr0 aczg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:content-transfer-encoding :mime-version:references:in-reply-to:message-id:date:subject:cc:to :from; bh=cxGHqFBpSbun54akvuBkvYwPFOTppq2TkWgcubLoe8I=; b=qzsRglZb/gw1P/+IIngB+XfBu8bDSEyWpRgFFWr+SjWe++DjrwdQ7bXYvRxKuVwwSu luOggR66D6l2nYe74FJE7Ut3ESrqugclV1a3rbaGxrDFPDfYB6iV1ycE2cLAi/b8vcTL xdKg2A/puTsZN/D50uNvv6Bb2cGTFVU/deO6Vvy1m31pDdz6tbrXmb6imPCSyXKL4eyx fBYN84aKPkbhbZZvJN21C1J9sC8IRIR1XeH6kByPZ9sjISPmWsGBisF2rPNKGiOq6qh+ jZn/2KbTg0jS03u4z4TkyySrPnpXCWk0D8weTudR5Y3WrjZnBHDoZBER1oFJaYohwbZT HgqQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from phobos.denx.de (phobos.denx.de. [2a01:238:438b:c500:173d:9f52:ddab:ee01]) by mx.google.com with ESMTPS id x24-20020a170906149800b006df76385b8fsi23026686ejc.47.2022.03.31.06.28.52 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 31 Mar 2022 06:28:52 -0700 (PDT) Received-SPF: pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) client-ip=2a01:238:438b:c500:173d:9f52:ddab:ee01; Authentication-Results: mx.google.com; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 843F78422C; Thu, 31 Mar 2022 15:28:45 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=fail (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Received: by phobos.denx.de (Postfix, from userid 109) id 9358484228; Thu, 31 Mar 2022 15:28:42 +0200 (CEST) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,SPF_HELO_NONE, T_SCC_BODY_TEXT_LINE,T_SPF_TEMPERROR autolearn=ham autolearn_force=no version=3.4.2 Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by phobos.denx.de (Postfix) with ESMTP id 8FB118421A for ; Thu, 31 Mar 2022 15:28:35 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=fail (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=fail smtp.mailfrom=sughosh.ganu@linaro.org Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id CEEB013D5; Thu, 31 Mar 2022 06:28:34 -0700 (PDT) Received: from a076522.blr.arm.com (a076522.blr.arm.com [10.162.16.44]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id 1BAB73F73B; Thu, 31 Mar 2022 06:28:30 -0700 (PDT) From: Sughosh Ganu To: u-boot@lists.denx.de Cc: Heinrich Schuchardt , Ilias Apalodimas , AKASHI Takahiro , Ying-Chun Liu , Tuomas Tynkkynen , Heiko Thiery , Frieder Schrempf , Michael Walle , Masami Hiramatsu , Jassi Brar , Michal Simek , Michal Simek , Sughosh Ganu Subject: [PATCH v4 3/8] capsule: Put a check for image index before the update Date: Thu, 31 Mar 2022 18:57:45 +0530 Message-Id: <20220331132750.1532722-4-sughosh.ganu@linaro.org> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20220331132750.1532722-1-sughosh.ganu@linaro.org> References: <20220331132750.1532722-1-sughosh.ganu@linaro.org> MIME-Version: 1.0 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.39 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.5 at phobos.denx.de X-Virus-Status: Clean The current capsule update code compares the image GUID value in the capsule header with the image GUID value obtained from the GetImageInfo function of the Firmware Management Protocol(FMP). This comparison is done to ascertain if the FMP's SetImage function can be called for the update. Make this checking more robust by comparing the image_index value passed through the capsule with that returned by the FMP's GetImageInfo function. This protects against the scenario of the firmware being updated in a wrong partition/location on the storage device if an incorrect value has been passed through the capsule, since the image_index is used to determine the location of the update on the storage device. Signed-off-by: Sughosh Ganu Reviewed-by: Masami Hiramatsu Reviewed-by: Ilias Apalodimas --- Changes since V3: None lib/efi_loader/efi_capsule.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/lib/efi_loader/efi_capsule.c b/lib/efi_loader/efi_capsule.c index f00440163d..f03f4c9044 100644 --- a/lib/efi_loader/efi_capsule.c +++ b/lib/efi_loader/efi_capsule.c @@ -128,6 +128,7 @@ void set_capsule_result(int index, struct efi_capsule_header *capsule, /** * efi_fmp_find - search for Firmware Management Protocol drivers * @image_type: Image type guid + * @image_index: Image Index * @instance: Instance number * @handles: Handles of FMP drivers * @no_handles: Number of handles @@ -141,8 +142,8 @@ void set_capsule_result(int index, struct efi_capsule_header *capsule, * * NULL - on failure */ static struct efi_firmware_management_protocol * -efi_fmp_find(efi_guid_t *image_type, u64 instance, efi_handle_t *handles, - efi_uintn_t no_handles) +efi_fmp_find(efi_guid_t *image_type, u8 image_index, u64 instance, + efi_handle_t *handles, efi_uintn_t no_handles) { efi_handle_t *handle; struct efi_firmware_management_protocol *fmp; @@ -203,6 +204,7 @@ efi_fmp_find(efi_guid_t *image_type, u64 instance, efi_handle_t *handles, log_debug("+++ desc[%d] index: %d, name: %ls\n", j, desc->image_index, desc->image_id_name); if (!guidcmp(&desc->image_type_id, image_type) && + (desc->image_index == image_index) && (!instance || !desc->hardware_instance || desc->hardware_instance == instance)) @@ -449,8 +451,8 @@ static efi_status_t efi_capsule_update_firmware( } /* find a device for update firmware */ - /* TODO: should we pass index as well, or nothing but type? */ fmp = efi_fmp_find(&image->update_image_type_id, + image->update_image_index, image->update_hardware_instance, handles, no_handles); if (!fmp) {