| Message ID | 20230615080344.106856-1-masahisa.kojima@linaro.org |
|---|---|
| State | New |
| Headers | show |
| Series | doc: uefi: explicitly describe manual dtb update is required | expand |
On 6/15/23 10:03, Masahisa Kojima wrote: > To enforce anti-rollback to any older version, dtb must be > always update manually. This should be described in the > documentation. > > Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> > --- > doc/develop/uefi/uefi.rst | 3 +++ > 1 file changed, 3 insertions(+) > > diff --git a/doc/develop/uefi/uefi.rst b/doc/develop/uefi/uefi.rst > index ffd13cebe9..d5f8c5f236 100644 > --- a/doc/develop/uefi/uefi.rst > +++ b/doc/develop/uefi/uefi.rst > @@ -552,6 +552,9 @@ update using a capsule file with --fw-version of 5, the update will fail. > When the --fw-version in the capsule file is updated, lowest-supported-version > in the dtb might be updated accordingly. > > +If user needs to enroce anti-rollback to any older version, > +the lowest-supported-version property in dtb must be always updated manually. Thank you for updating the documentation. Allowing to circumvent the rollback protection is a security issue. On a secure system you would probably want to disable console commands like mc and fdt. Shouldn't we provide an advice for safe settings? E.g. "If a user wanted to enable a rollback to a version forbidden by the lowest-supported-version property specified in U-Boot's control device-tree, they could change this property using the fdt command. Secure systems should not enable this command." Best regards Heinrich > + > To insert the lowest supported version into a dtb > > .. code-block:: console > > base-commit: e350d0c60d413d441cbdfa9432ebadb56f625903
On Sat, Jun 17, 2023 at 09:58:13PM +0200, Heinrich Schuchardt wrote: > On 6/15/23 10:03, Masahisa Kojima wrote: > > To enforce anti-rollback to any older version, dtb must be > > always update manually. This should be described in the > > documentation. > > > > Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> > > --- > > doc/develop/uefi/uefi.rst | 3 +++ > > 1 file changed, 3 insertions(+) > > > > diff --git a/doc/develop/uefi/uefi.rst b/doc/develop/uefi/uefi.rst > > index ffd13cebe9..d5f8c5f236 100644 > > --- a/doc/develop/uefi/uefi.rst > > +++ b/doc/develop/uefi/uefi.rst > > @@ -552,6 +552,9 @@ update using a capsule file with --fw-version of 5, the update will fail. > > When the --fw-version in the capsule file is updated, lowest-supported-version > > in the dtb might be updated accordingly. > > > > +If user needs to enroce anti-rollback to any older version, > > +the lowest-supported-version property in dtb must be always updated manually. > > Thank you for updating the documentation. > > Allowing to circumvent the rollback protection is a security issue. On a > secure system you would probably want to disable console commands like > mc and fdt. Shouldn't we provide an advice for safe settings? Is there any case where a user wants to use fdt for some reason, for example, in CONFIG_PREBOOT or CONFIG_BOOTCOMMAND? -Takahiro Akashi > E.g. > > "If a user wanted to enable a rollback to a version forbidden by the > lowest-supported-version property specified in U-Boot's control > device-tree, they could change this property using the fdt command. > Secure systems should not enable this command." > > Best regards > > Heinrich > > > + > > To insert the lowest supported version into a dtb > > > > .. code-block:: console > > > > base-commit: e350d0c60d413d441cbdfa9432ebadb56f625903 >
Am 19. Juni 2023 02:49:54 MESZ schrieb Takahiro Akashi <takahiro.akashi@linaro.org>: >On Sat, Jun 17, 2023 at 09:58:13PM +0200, Heinrich Schuchardt wrote: >> On 6/15/23 10:03, Masahisa Kojima wrote: >> > To enforce anti-rollback to any older version, dtb must be >> > always update manually. This should be described in the >> > documentation. >> > >> > Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> >> > --- >> > doc/develop/uefi/uefi.rst | 3 +++ >> > 1 file changed, 3 insertions(+) >> > >> > diff --git a/doc/develop/uefi/uefi.rst b/doc/develop/uefi/uefi.rst >> > index ffd13cebe9..d5f8c5f236 100644 >> > --- a/doc/develop/uefi/uefi.rst >> > +++ b/doc/develop/uefi/uefi.rst >> > @@ -552,6 +552,9 @@ update using a capsule file with --fw-version of 5, the update will fail. >> > When the --fw-version in the capsule file is updated, lowest-supported-version >> > in the dtb might be updated accordingly. >> > >> > +If user needs to enroce anti-rollback to any older version, >> > +the lowest-supported-version property in dtb must be always updated manually. >> >> Thank you for updating the documentation. >> >> Allowing to circumvent the rollback protection is a security issue. On a >> secure system you would probably want to disable console commands like >> mc and fdt. Shouldn't we provide an advice for safe settings? > >Is there any case where a user wants to use fdt for some reason, >for example, in CONFIG_PREBOOT or CONFIG_BOOTCOMMAND? > >-Takahiro Akashi Dtb overlays can applied via the fdt command. Best regards Heinrich > >> E.g. >> >> "If a user wanted to enable a rollback to a version forbidden by the >> lowest-supported-version property specified in U-Boot's control >> device-tree, they could change this property using the fdt command. >> Secure systems should not enable this command." >> >> Best regards >> >> Heinrich >> >> > + >> > To insert the lowest supported version into a dtb >> > >> > .. code-block:: console >> > >> > base-commit: e350d0c60d413d441cbdfa9432ebadb56f625903 >>
Hi Heinrich, On Mon, Jun 19, 2023 at 06:37:14AM +0200, Heinrich Schuchardt wrote: > > > Am 19. Juni 2023 02:49:54 MESZ schrieb Takahiro Akashi <takahiro.akashi@linaro.org>: > >On Sat, Jun 17, 2023 at 09:58:13PM +0200, Heinrich Schuchardt wrote: > >> On 6/15/23 10:03, Masahisa Kojima wrote: > >> > To enforce anti-rollback to any older version, dtb must be > >> > always update manually. This should be described in the > >> > documentation. > >> > > >> > Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> > >> > --- > >> > doc/develop/uefi/uefi.rst | 3 +++ > >> > 1 file changed, 3 insertions(+) > >> > > >> > diff --git a/doc/develop/uefi/uefi.rst b/doc/develop/uefi/uefi.rst > >> > index ffd13cebe9..d5f8c5f236 100644 > >> > --- a/doc/develop/uefi/uefi.rst > >> > +++ b/doc/develop/uefi/uefi.rst > >> > @@ -552,6 +552,9 @@ update using a capsule file with --fw-version of 5, the update will fail. > >> > When the --fw-version in the capsule file is updated, lowest-supported-version > >> > in the dtb might be updated accordingly. > >> > > >> > +If user needs to enroce anti-rollback to any older version, > >> > +the lowest-supported-version property in dtb must be always updated manually. > >> > >> Thank you for updating the documentation. > >> > >> Allowing to circumvent the rollback protection is a security issue. On a > >> secure system you would probably want to disable console commands like > >> mc and fdt. Shouldn't we provide an advice for safe settings? > > > >Is there any case where a user wants to use fdt for some reason, > >for example, in CONFIG_PREBOOT or CONFIG_BOOTCOMMAND? > > > >-Takahiro Akashi > > Dtb overlays can applied via the fdt command. What I meant to say was that, if there is an useful use case of fdt command, it would be too restrictive to recommend disabling the command. (Questioning if a device tree is the right place to put the data.) -Takahiro Akashi > Best regards > > Heinrich > > > > > >> E.g. > >> > >> "If a user wanted to enable a rollback to a version forbidden by the > >> lowest-supported-version property specified in U-Boot's control > >> device-tree, they could change this property using the fdt command. > >> Secure systems should not enable this command." > >> > >> Best regards > >> > >> Heinrich > >> > >> > + > >> > To insert the lowest supported version into a dtb > >> > > >> > .. code-block:: console > >> > > >> > base-commit: e350d0c60d413d441cbdfa9432ebadb56f625903 > >>
diff --git a/doc/develop/uefi/uefi.rst b/doc/develop/uefi/uefi.rst index ffd13cebe9..d5f8c5f236 100644 --- a/doc/develop/uefi/uefi.rst +++ b/doc/develop/uefi/uefi.rst @@ -552,6 +552,9 @@ update using a capsule file with --fw-version of 5, the update will fail. When the --fw-version in the capsule file is updated, lowest-supported-version in the dtb might be updated accordingly. +If user needs to enroce anti-rollback to any older version, +the lowest-supported-version property in dtb must be always updated manually. + To insert the lowest supported version into a dtb .. code-block:: console
To enforce anti-rollback to any older version, dtb must be always update manually. This should be described in the documentation. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> --- doc/develop/uefi/uefi.rst | 3 +++ 1 file changed, 3 insertions(+) base-commit: e350d0c60d413d441cbdfa9432ebadb56f625903