From patchwork Thu Jul 27 00:38:00 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: AKASHI Takahiro <takahiro.akashi@linaro.org>
X-Patchwork-Id: 706993
Delivered-To: patch@linaro.org
Received: by 2002:a5d:6787:0:b0:317:2194:b2bc with SMTP id v7csp58830wru;
 Wed, 26 Jul 2023 17:38:32 -0700 (PDT)
X-Google-Smtp-Source: APBJJlG93zet0A66CrqR/gUx63H2+BxHIGyQhEAf/zoN3NwpXAVJbP6XVjYMFcQ0qgn/QNjoJnrB
X-Received: by 2002:adf:fece:0:b0:314:2735:dc13 with SMTP id
 q14-20020adffece000000b003142735dc13mr496053wrs.47.1690418311859;
 Wed, 26 Jul 2023 17:38:31 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1690418311; cv=none;
 d=google.com; s=arc-20160816;
 b=YV51com6kfYaMrhTkepACLdKyBeSDxXOqqOpn0KfGJl2vCtNXGeOCTR0W1Y2vftnaP
 8PLVv98i+FrG4u5IPaECW0/FX74Y0/S+fdglD6ScWltXMBC+b74OC9wmzc92f81drSBv
 sonKtY87Vul/qfgooWVx2GsJP/XeOPhPH5EuIt9+6QhubLtxiEoYfZpJHM9Oq+hdc2Ve
 eLxA0NzhE6H2t2hVi/ypzibN9r0HH1jppvSmC7H7Ape9B4EDleVdjmuIyuqf/JuWLim+
 Q8UtcQK7OLPexcQBFAQHRJhiwe+w/LRKeZvQ5qtNH2Fh/CZnB4Z/ksNuHwTjha9A/zVZ
 QLHw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816;
 h=sender:errors-to:list-subscribe:list-help:list-post:list-archive
 :list-unsubscribe:list-id:precedence:content-transfer-encoding
 :mime-version:message-id:date:subject:cc:to:from:dkim-signature;
 bh=42TBPEmKasdyE68QPzf+SCyyWkOemc3n0iFMPEz3FXM=;
 fh=eBXV55+PFECL10OD4xzzShXAjaGCihN3fdp7sn9gPfc=;
 b=RVnP86L2CfWtQgo6kOQFNOYMjzgk/IUOCQIZ/sjCg1cHQzwmUARy/B0BO7BjxLzQ/t
 loZAyfrAj5RMhWP+5jOaxNP2pbgtw53kwLiL52s+Ea4wWUZJIv929cvkfj/NwPbKoQaP
 8v0/lRpY6HAMuH+E0VHzjF2gZKnznLrCDRGNh37jqrwXaI5ac30/s0Jfvhvy39r2cSGW
 G6BAXScJAnegS0WcZmCRUltrMYVYopr7FxLTP+vDDxI8kn3Tgn3A6l9vnvgeQ1FrjD8d
 gmgnPn1ogAP+nZc/kQp07Cg24W/JZcHfCUKIB78xjoOXcnz8EQ8lxFfnaO2oV5MQJyU3
 8h6A==
ARC-Authentication-Results: i=1; mx.google.com;
 dkim=pass header.i=@linaro.org header.s=google header.b="StkqD/pt";
 spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates
 85.214.62.61 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; 
 dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org
Return-Path: <u-boot-bounces@lists.denx.de>
Received: from phobos.denx.de (phobos.denx.de. [85.214.62.61])
 by mx.google.com with ESMTPS id
 t4-20020adfdc04000000b003177c3078e4si140299wri.419.2023.07.26.17.38.31
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Wed, 26 Jul 2023 17:38:31 -0700 (PDT)
Received-SPF: pass (google.com: domain of u-boot-bounces@lists.denx.de
 designates 85.214.62.61 as permitted sender) client-ip=85.214.62.61;
Authentication-Results: mx.google.com;
 dkim=pass header.i=@linaro.org header.s=google header.b="StkqD/pt";
 spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates
 85.214.62.61 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; 
 dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org
Received: from h2850616.stratoserver.net (localhost [IPv6:::1])
 by phobos.denx.de (Postfix) with ESMTP id 824B486784;
 Thu, 27 Jul 2023 02:38:28 +0200 (CEST)
Authentication-Results: phobos.denx.de;
 dmarc=pass (p=none dis=none) header.from=linaro.org
Authentication-Results: phobos.denx.de;
 spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de
Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key;
 unprotected) header.d=linaro.org header.i=@linaro.org header.b="StkqD/pt";
 dkim-atps=neutral
Received: by phobos.denx.de (Postfix, from userid 109)
 id A817E8674E; Thu, 27 Jul 2023 02:38:26 +0200 (CEST)
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de
X-Spam-Level: 
X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED,
 DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS,
 T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.2
Received: from mail-pj1-x102f.google.com (mail-pj1-x102f.google.com
 [IPv6:2607:f8b0:4864:20::102f])
 (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits))
 (No client certificate requested)
 by phobos.denx.de (Postfix) with ESMTPS id 5406086784
 for <u-boot@lists.denx.de>; Thu, 27 Jul 2023 02:38:23 +0200 (CEST)
Authentication-Results: phobos.denx.de;
 dmarc=pass (p=none dis=none) header.from=linaro.org
Authentication-Results: phobos.denx.de;
 spf=pass smtp.mailfrom=takahiro.akashi@linaro.org
Received: by mail-pj1-x102f.google.com with SMTP id
 98e67ed59e1d1-268663fb09cso87728a91.0
 for <u-boot@lists.denx.de>; Wed, 26 Jul 2023 17:38:23 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=linaro.org; s=google; t=1690418301; x=1691023101;
 h=content-transfer-encoding:mime-version:message-id:date:subject:cc
 :to:from:from:to:cc:subject:date:message-id:reply-to;
 bh=42TBPEmKasdyE68QPzf+SCyyWkOemc3n0iFMPEz3FXM=;
 b=StkqD/ptoegutVkJjkQ66nKlGigAbw3eZg5CQTmPbqooR4ICwPBH5jjzFLDMPBNmdI
 8PBKl7hIEGw6SKpv3PnEAJ5Kv6yi7UFxrOiOwf0KHylLdvU7qY+TdPeou8kLVn+x8zyG
 eAyzw7d1a8hO7O7cVJZdrpt0zR6/zCpEDL96KJk/clpnvsJBkBiRBzB4UdoT2HbtL51H
 Xk4N9+kYjmVoB8WosE6znStAT0B15kLFpQNXBYk2YuwB74VVjz0ILUyfI18Cap3EUMaq
 gZuoxjMhi5MtjBmUoLTrCWWjTMO99x1aF66R9B7DsrSRJxjxVRCXEpqwEkkf3zl7D+xa
 MnbA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20221208; t=1690418301; x=1691023101;
 h=content-transfer-encoding:mime-version:message-id:date:subject:cc
 :to:from:x-gm-message-state:from:to:cc:subject:date:message-id
 :reply-to;
 bh=42TBPEmKasdyE68QPzf+SCyyWkOemc3n0iFMPEz3FXM=;
 b=Hgrgfagyw8CTsyJ5S7odMSh2APaxCvT8BMlN9k6hnMdRMm88ueU5PY/23zc1ma+w3j
 kt/6vZqOHJ/WvgOQOLUk1uN1PwUS7DIsz853dm3J3PZ75dWnUhA1AjxUH6I7bR1UwOH1
 EQX7sFgQbkPDiydDvXNC4fVgbK7xaiRvCwxPXQ+JFsSiyVJ+sYC8XwJCiqFuxwNlf28h
 8dx+rV8gGc0HeI/laSeIsnOoDMwrO+nr/UrmNUrGCgUGlhaPsCOjqd0g8Y5rIH1/GILJ
 Xm+yX+XJONhnVqKq4/fe3zRPpNJV7e0S45ESzcj1ER2uBLZCglaBRDZXBtllclg4vXtF
 RJiQ==
X-Gm-Message-State: ABy/qLZxIKQM/SwueC2CzPkbkVAdPJAxyXjEee2HlCodA8xvDSGjQu2p
 wIUUDcoGhPMQ+7begis/CMMcHw==
X-Received: by 2002:a17:902:f684:b0:1bb:b832:4be9 with SMTP id
 l4-20020a170902f68400b001bbb8324be9mr4388439plg.1.1690418301445;
 Wed, 26 Jul 2023 17:38:21 -0700 (PDT)
Received: from laputa.. ([2400:4050:c3e1:100:2103:cbda:74f4:860a])
 by smtp.gmail.com with ESMTPSA id
 b3-20020a170902d50300b001b892aac5c9sm129406plg.298.2023.07.26.17.38.19
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Wed, 26 Jul 2023 17:38:21 -0700 (PDT)
From: AKASHI Takahiro <takahiro.akashi@linaro.org>
To: xypron.glpk@gmx.de, ilias.apalodimas@linaro.org, michal.simek@amd.com,
 sughosh.ganu@linaro.org
Cc: u-boot@lists.denx.de,
	AKASHI Takahiro <takahiro.akashi@linaro.org>
Subject: [PATCH] efi_loader: capsule: enforce guid check in api and
 capsule_on_disk
Date: Thu, 27 Jul 2023 09:38:00 +0900
Message-ID: <20230727003800.25105-1-takahiro.akashi@linaro.org>
X-Mailer: git-send-email 2.41.0
MIME-Version: 1.0
X-BeenThere: u-boot@lists.denx.de
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: U-Boot discussion <u-boot.lists.denx.de>
List-Unsubscribe: <https://lists.denx.de/options/u-boot>,
 <mailto:u-boot-request@lists.denx.de?subject=unsubscribe>
List-Archive: <https://lists.denx.de/pipermail/u-boot/>
List-Post: <mailto:u-boot@lists.denx.de>
List-Help: <mailto:u-boot-request@lists.denx.de?subject=help>
List-Subscribe: <https://lists.denx.de/listinfo/u-boot>,
 <mailto:u-boot-request@lists.denx.de?subject=subscribe>
Errors-To: u-boot-bounces@lists.denx.de
Sender: "U-Boot" <u-boot-bounces@lists.denx.de>
X-Virus-Scanned: clamav-milter 0.103.8 at phobos.denx.de
X-Virus-Status: Clean

While UPDATE_CAPSULE api is not fully implemented, this interface and
capsule-on-disk feature should behave in the same way, especially in
handling an empty capsule for fwu multibank, for future enhancement.

So move the guid check into efi_capsule_update_firmware().

Fixed: commit a6aafce494ab ("efi_loader: use efi_update_capsule_firmware()
	for capsule on disk")
Reported-by: Michal Simek <michal.simek@amd.com>
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reported-by: Michal Simek <michal.simek@amd.com>
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Tested-by: Michal Simek <michal.simek@amd.com>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
---
 lib/efi_loader/efi_capsule.c | 17 ++++++++---------
 1 file changed, 8 insertions(+), 9 deletions(-)

diff --git a/lib/efi_loader/efi_capsule.c b/lib/efi_loader/efi_capsule.c
index 7a6f195cbc02..ddf8153e0982 100644
--- a/lib/efi_loader/efi_capsule.c
+++ b/lib/efi_loader/efi_capsule.c
@@ -581,6 +581,13 @@ static efi_status_t efi_capsule_update_firmware(
 		fw_accept_os = capsule_data->flags & FW_ACCEPT_OS ? 0x1 : 0x0;
 	}
 
+	if (guidcmp(&capsule_data->capsule_guid,
+		    &efi_guid_firmware_management_capsule_id)) {
+		log_err("Unsupported capsule type: %pUs\n",
+			&capsule_data->capsule_guid);
+		return EFI_UNSUPPORTED;
+	}
+
 	/* sanity check */
 	if (capsule_data->header_size < sizeof(*capsule) ||
 	    capsule_data->header_size >= capsule_data->capsule_image_size)
@@ -751,15 +758,7 @@ efi_status_t EFIAPI efi_update_capsule(
 
 		log_debug("Capsule[%d] (guid:%pUs)\n",
 			  i, &capsule->capsule_guid);
-		if (!guidcmp(&capsule->capsule_guid,
-			     &efi_guid_firmware_management_capsule_id)) {
-			ret  = efi_capsule_update_firmware(capsule);
-		} else {
-			log_err("Unsupported capsule type: %pUs\n",
-				&capsule->capsule_guid);
-			ret = EFI_UNSUPPORTED;
-		}
-
+		ret  = efi_capsule_update_firmware(capsule);
 		if (ret != EFI_SUCCESS)
 			goto out;
 	}