diff options
| author | Sughosh Ganu <sughosh.ganu@linaro.org> | 2022-04-15 11:29:36 +0530 |
|---|---|---|
| committer | Heinrich Schuchardt <heinrich.schuchardt@canonical.com> | 2022-04-15 10:43:18 +0200 |
| commit | 7cf06f09cc516c276ce7ad5f2c7c2b0a5110dd34 (patch) | |
| tree | b6e5b941c0aa651933a29f4b20443ed0406b6632 | |
| parent | 1ea06bc929ad1ce3350e2184ad81872c87d9fad4 (diff) | |
| download | u-boot-7cf06f09cc516c276ce7ad5f2c7c2b0a5110dd34.zip u-boot-7cf06f09cc516c276ce7ad5f2c7c2b0a5110dd34.tar.gz u-boot-7cf06f09cc516c276ce7ad5f2c7c2b0a5110dd34.tar.bz2 | |
capsule: Put a check for image index before the update
The current capsule update code compares the image GUID value in the
capsule header with the image GUID value obtained from the
GetImageInfo function of the Firmware Management Protocol(FMP). This
comparison is done to ascertain if the FMP's SetImage function can be
called for the update. Make this checking more robust by comparing the
image_index value passed through the capsule with that returned by the
FMP's GetImageInfo function. This protects against the scenario of the
firmware being updated in a wrong partition/location on the storage
device if an incorrect value has been passed through the capsule,
since the image_index is used to determine the location of the update
on the storage device.
Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Reviewed-by: Masami Hiramatsu <masami.hiramatsu@linaro.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
| -rw-r--r-- | lib/efi_loader/efi_capsule.c | 8 |
1 files changed, 5 insertions, 3 deletions
diff --git a/lib/efi_loader/efi_capsule.c b/lib/efi_loader/efi_capsule.c index a107f28..c76a5f3 100644 --- a/lib/efi_loader/efi_capsule.c +++ b/lib/efi_loader/efi_capsule.c @@ -129,6 +129,7 @@ void set_capsule_result(int index, struct efi_capsule_header *capsule, /** * efi_fmp_find - search for Firmware Management Protocol drivers * @image_type: Image type guid + * @image_index: Image Index * @instance: Instance number * @handles: Handles of FMP drivers * @no_handles: Number of handles @@ -142,8 +143,8 @@ void set_capsule_result(int index, struct efi_capsule_header *capsule, * * NULL - on failure */ static struct efi_firmware_management_protocol * -efi_fmp_find(efi_guid_t *image_type, u64 instance, efi_handle_t *handles, - efi_uintn_t no_handles) +efi_fmp_find(efi_guid_t *image_type, u8 image_index, u64 instance, + efi_handle_t *handles, efi_uintn_t no_handles) { efi_handle_t *handle; struct efi_firmware_management_protocol *fmp; @@ -204,6 +205,7 @@ efi_fmp_find(efi_guid_t *image_type, u64 instance, efi_handle_t *handles, log_debug("+++ desc[%d] index: %d, name: %ls\n", j, desc->image_index, desc->image_id_name); if (!guidcmp(&desc->image_type_id, image_type) && + (desc->image_index == image_index) && (!instance || !desc->hardware_instance || desc->hardware_instance == instance)) @@ -450,8 +452,8 @@ static efi_status_t efi_capsule_update_firmware( } /* find a device for update firmware */ - /* TODO: should we pass index as well, or nothing but type? */ fmp = efi_fmp_find(&image->update_image_type_id, + image->update_image_index, image->update_hardware_instance, handles, no_handles); if (!fmp) { |