From mboxrd@z Thu Jan  1 00:00:00 1970
From: Heinrich Schuchardt <xypron.glpk@gmx.de>
Date: Fri, 14 May 2021 10:45:48 +0200
Subject: [PATCH 1/4] tools: mkeficapsule: add firmwware image signing
In-Reply-To: <20210514071356.GA28950@laputa>
References: <6876a081-8f16-e747-6036-471b48f60318@gmx.de>
 <CAA93ih3rhuWwEfn1GbqPnXc0zZcSe1pw_zc2mX5dP6Hstng4Dw@mail.gmail.com>
 <b25e1fbf-655e-6ed0-5bf5-77714cf48e41@gmx.de> <20210513065054.GF16848@laputa>
 <0686AB79-8431-43A2-8EF6-7853DD29524B@gmx.de> <20210513072359.GI16848@laputa>
 <CAA93ih3aJmgnHiuYOF3vSJeo3CBie6QGNKg70B+0QUTxZytp=g@mail.gmail.com>
 <9d698932-ede5-eeea-b3d4-d2342675ac04@gmx.de> <20210514061949.GE15502@laputa>
 <75d6f7c5-5300-4abc-3c78-02dc062f094c@gmx.de> <20210514071356.GA28950@laputa>
Message-ID: <054f760d-6b03-534c-1b05-0537f5d7a5be@gmx.de>
List-Id: <u-boot.lists.denx.de>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
To: u-boot@lists.denx.de

On 5/14/21 9:13 AM, AKASHI Takahiro wrote:
>> E.g for IMAGE_ATTRIBUTE_IN_USE
>>
>> AttributesSupported | AttributesSetting | Meaning
>> --------------------+-------------------+--------------------
>> 0                   | 0                 | state is unknown
>> 0                   | 1                 | state is unknown
>> 1                   | 0                 | image is not in use
>> 1                   | 1                 | image is in use
> We are discussing *_REQUIRED.
> Can you give me the same table for *_REQUIRED?
>
> -Takahiro Akashi
>
>

IMAGE_ATTRIBUTE_RESET_REQUIRED

AttributesSupported | AttributesSetting | Meaning
--------------------+-------------------+--------------------
0                   | 0                 | state is unknown
0                   | 1                 | state is unknown
1                   | 0                 | reset is not needed
                     |                   | to complete upgrade
1                   | 1                 | reset is needed
                     |                   | to complete upgrade


IMAGE_ATTRIBUTE_AUTHENTICATION_REQUIRED

AttributesSupported | AttributesSetting | Meaning
--------------------+-------------------+--------------------
0                   | 0                 | state is unknown
0                   | 1                 | state is unknown
1                   | 0                 | signed and unsigned
                     |                   | capsules are accepted
1                   | 1                 | capsules are only
                     |                   | accepted after
                     |                   | checking the signature

For both bits AttributesSupported=0 does not make much sense.

IMAGE_ATTRIBUTE_AUTHENTICATION_REQUIRED is a property of the current
image and should only be deleted by installing a new capsule.

A vendor might send you a special firmware image for unlocking your
device after registering as a developer. Xiaomi handled it like this for
one of my routers.

Best regards

Heinrich