From patchwork Thu Apr 14 10:54:43 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sughosh Ganu X-Patchwork-Id: 561200 Delivered-To: patch@linaro.org Received: by 2002:a05:7000:6886:0:0:0:0 with SMTP id m6csp896633map; Thu, 14 Apr 2022 03:55:55 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzVvLcEymCw/1wyvES38q620mDfYWUquiupog4LECRoDN0AHp62L2BptYV27QrZLrz5tddt X-Received: by 2002:a17:907:6eac:b0:6ec:db9:a0de with SMTP id sh44-20020a1709076eac00b006ec0db9a0demr252440ejc.448.1649933754892; Thu, 14 Apr 2022 03:55:54 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1649933754; cv=none; d=google.com; s=arc-20160816; b=Lj+/p3pT6cekgn23twD+QH0je3/Wx53tqiaT4fZjAGvbsdwAj2HwXYWogvJUlPTWgi 0ulkExR7o9ox+UB6lrNyxxf77CModkltuP+3tSLxU1U4aJXPekCzihWiZLV54dE/VSIA 9kpXVq9/OXc5JQxl+/sD9p+M/53UvnfGCjH/OcI1tLxlmTzPN6qUV/sndJoLsYGkqtqo zbMVZVNsJiGN5A56hTm+mIwZAdct3zxQJOqEWFkXI6fINApViiaKr6/O9HKniS9AVEMh Js+IxE6L1nnyiLLkuoqMrzOTJQmyXUEPEz6U0qd78tbjpJSLZO5SiCsm/YuxePgoofOJ pAAg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:content-transfer-encoding :mime-version:references:in-reply-to:message-id:date:subject:cc:to :from; bh=PArbZh2dOCUBuOMM88l8Z4wgmai3wSAJ9PdUWlTl0nE=; b=Wyz6+5zx2b4HDhhomRcZoqdAxMdTeYjmoJk4XvQu+Kp8ro0Wc/fLkXvhLUliZpTMFF JwsrPx8onYRHySl2wNO/cPk7gNzopCoM20e8AxZSucjx9tr7wdixk6th5G/Y3MD9F9YC DmdAeQQpJBZ8tuBMf7QyiVCbwBt5dOwp/kCs9lYqe0nYb/7p3FCY/By2AIytLQ8JiLFi Ydn4O55mgLUCF9HUzdorYCrcg1bXRRe8CtV4MNTxIN8cfRSUhhM1He0Pysk4tMZQ9EWT w0uI2ZPIz3MkgL+bnY4qzkxoAFFLb5NUsayM+HE044IopjMvLjLsRnU6LbOP4ja2C9uK cfLA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from phobos.denx.de (phobos.denx.de. [2a01:238:438b:c500:173d:9f52:ddab:ee01]) by mx.google.com with ESMTPS id ds16-20020a170907725000b006e86b1da268si1848946ejc.489.2022.04.14.03.55.54 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 14 Apr 2022 03:55:54 -0700 (PDT) Received-SPF: pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) client-ip=2a01:238:438b:c500:173d:9f52:ddab:ee01; Authentication-Results: mx.google.com; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id CC24283E9F; Thu, 14 Apr 2022 12:55:37 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=fail (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Received: by phobos.denx.de (Postfix, from userid 109) id D474F83E6E; Thu, 14 Apr 2022 12:55:27 +0200 (CEST) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-1.2 required=5.0 tests=BAYES_00,SPF_HELO_NONE, SPF_SOFTFAIL,T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=3.4.2 Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by phobos.denx.de (Postfix) with ESMTP id 1004083AFF for ; Thu, 14 Apr 2022 12:55:22 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=fail (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=fail smtp.mailfrom=sughosh.ganu@linaro.org Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 7DF971424; Thu, 14 Apr 2022 03:55:21 -0700 (PDT) Received: from a076522.blr.arm.com (a076522.blr.arm.com [10.162.16.44]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id 95E563F70D; Thu, 14 Apr 2022 03:55:17 -0700 (PDT) From: Sughosh Ganu To: u-boot@lists.denx.de Cc: Heinrich Schuchardt , Ilias Apalodimas , AKASHI Takahiro , Ying-Chun Liu , Tuomas Tynkkynen , Heiko Thiery , Frieder Schrempf , Michael Walle , Masami Hiramatsu , Jassi Brar , Michal Simek , Michal Simek , Sughosh Ganu Subject: [PATCH v7 3/8] capsule: Put a check for image index before the update Date: Thu, 14 Apr 2022 16:24:43 +0530 Message-Id: <20220414105448.559043-4-sughosh.ganu@linaro.org> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20220414105448.559043-1-sughosh.ganu@linaro.org> References: <20220414105448.559043-1-sughosh.ganu@linaro.org> MIME-Version: 1.0 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.39 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.5 at phobos.denx.de X-Virus-Status: Clean The current capsule update code compares the image GUID value in the capsule header with the image GUID value obtained from the GetImageInfo function of the Firmware Management Protocol(FMP). This comparison is done to ascertain if the FMP's SetImage function can be called for the update. Make this checking more robust by comparing the image_index value passed through the capsule with that returned by the FMP's GetImageInfo function. This protects against the scenario of the firmware being updated in a wrong partition/location on the storage device if an incorrect value has been passed through the capsule, since the image_index is used to determine the location of the update on the storage device. Signed-off-by: Sughosh Ganu Reviewed-by: Masami Hiramatsu Reviewed-by: Ilias Apalodimas --- Changes since V6: None lib/efi_loader/efi_capsule.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/lib/efi_loader/efi_capsule.c b/lib/efi_loader/efi_capsule.c index a107f285dd..c76a5f3570 100644 --- a/lib/efi_loader/efi_capsule.c +++ b/lib/efi_loader/efi_capsule.c @@ -129,6 +129,7 @@ void set_capsule_result(int index, struct efi_capsule_header *capsule, /** * efi_fmp_find - search for Firmware Management Protocol drivers * @image_type: Image type guid + * @image_index: Image Index * @instance: Instance number * @handles: Handles of FMP drivers * @no_handles: Number of handles @@ -142,8 +143,8 @@ void set_capsule_result(int index, struct efi_capsule_header *capsule, * * NULL - on failure */ static struct efi_firmware_management_protocol * -efi_fmp_find(efi_guid_t *image_type, u64 instance, efi_handle_t *handles, - efi_uintn_t no_handles) +efi_fmp_find(efi_guid_t *image_type, u8 image_index, u64 instance, + efi_handle_t *handles, efi_uintn_t no_handles) { efi_handle_t *handle; struct efi_firmware_management_protocol *fmp; @@ -204,6 +205,7 @@ efi_fmp_find(efi_guid_t *image_type, u64 instance, efi_handle_t *handles, log_debug("+++ desc[%d] index: %d, name: %ls\n", j, desc->image_index, desc->image_id_name); if (!guidcmp(&desc->image_type_id, image_type) && + (desc->image_index == image_index) && (!instance || !desc->hardware_instance || desc->hardware_instance == instance)) @@ -450,8 +452,8 @@ static efi_status_t efi_capsule_update_firmware( } /* find a device for update firmware */ - /* TODO: should we pass index as well, or nothing but type? */ fmp = efi_fmp_find(&image->update_image_type_id, + image->update_image_index, image->update_hardware_instance, handles, no_handles); if (!fmp) {