From: Ilias Apalodimas <ilias.apalodimas@linaro.org>
To: Heinrich Schuchardt <xypron.glpk@gmx.de>
Cc: Sughosh Ganu <sughosh.ganu@linaro.org>,
Patrick Delaunay <patrick.delaunay@foss.st.com>,
Patrice Chotard <patrice.chotard@foss.st.com>,
Alexander Graf <agraf@csgraf.de>, Simon Glass <sjg@chromium.org>,
Bin Meng <bmeng.cn@gmail.com>, Peng Fan <peng.fan@nxp.com>,
AKASHI Takahiro <takahiro.akashi@linaro.org>,
Jose Marinho <Jose.Marinho@arm.com>,
Grant Likely <grant.likely@arm.com>,
Jason Liu <jason.hui.liu@nxp.com>,
u-boot@lists.denx.de
Subject: Re: [RESEND RFC PATCH 03/10] FWU: Add metadata structure and functions for accessing metadata
Date: Wed, 1 Dec 2021 09:46:09 +0200 [thread overview]
Message-ID: <CAC_iWjLUbE-TPSHzTrDrvLtkEST0asvHq8SDOHMw0PJ+XB9DzQ@mail.gmail.com> (raw)
In-Reply-To: <d97b7ebe-01a2-98ce-4717-c61d85ac1d85@gmx.de>
Hi Heinrich,
[...]
> > +/**
> > + * fwu_get_image_alt_num() - Get the dfu alt number to be used for capsule update
> > + * @image_type_id: image guid as passed in the capsule
> > + * @update_bank: Bank to which the update is to be made
> > + * @alt_num: The alt_num for the image
> > + *
> > + * Based on the guid value passed in the capsule, along with the bank to which the
> > + * image needs to be updated, get the dfu alt number which will be used for the
> > + * capsule update
> > + *
> > + * Return: 0 if OK, -ve on error
> > + *
> > + */
> > +int fwu_get_image_alt_num(efi_guid_t image_type_id, u32 update_bank,
> > + int *alt_num)
> > +{
> > + struct fwu_metadata_ops *ops;
>
> The metadata is an untrusted information source and hence MUST NOT be
> used to map the image_type_id to the DFU alt_number. Don't invite for an
> denial of service attack.
You are assuming here an attacker can manipulate the metada to trigger
a DoS by overwriting wrong parts of the flash. However there's an
easier way to trigger that. If he already has access, he can
completely erase the metadata and their backup GPT. You then get the
same result a device that cant boot. Is there any scenario you have
in mind that storing those as part fo the capsule would help? The way
I see it unless we have the metadata and the firmware stored in a
flash in the secure world, I don't see a sensible way to protect
against those kind of attacks.
>
> The signed capsule would be a good place for storing the DFU mapping.
>
[...]
Thanks for taking the time with this!
Regards
/Ilias
next prev parent reply other threads:[~2021-12-01 7:46 UTC|newest]
Thread overview: 36+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-11-25 7:12 [RESEND RFC PATCH 00/10] FWU: Add support for FWU Multi Bank Update feature Sughosh Ganu
2021-11-25 7:12 ` [RESEND RFC PATCH 01/10] GPT: Add function to get gpt header and partition entries Sughosh Ganu
2021-11-25 7:12 ` [RESEND RFC PATCH 02/10] stm32mp: dfu: Move the ram partitions to the end of the dfu_alt_info variable Sughosh Ganu
2021-11-25 7:12 ` [RESEND RFC PATCH 03/10] FWU: Add metadata structure and functions for accessing metadata Sughosh Ganu
2021-11-26 11:35 ` Ilias Apalodimas
2021-11-29 6:38 ` Sughosh Ganu
2021-11-30 12:57 ` Heinrich Schuchardt
2021-12-01 5:36 ` Sughosh Ganu
2021-12-01 7:50 ` Ilias Apalodimas
2021-12-01 8:31 ` Sughosh Ganu
2021-12-01 7:46 ` Ilias Apalodimas [this message]
2021-12-01 6:26 ` Simon Glass
2021-12-01 6:42 ` Sughosh Ganu
2021-11-25 7:12 ` [RESEND RFC PATCH 04/10] FWU: Add metadata access functions for GPT partitioned block devices Sughosh Ganu
2021-12-01 12:26 ` Ilias Apalodimas
2021-12-02 7:43 ` Sughosh Ganu
2021-12-08 14:17 ` Etienne Carriere
2021-12-09 2:32 ` Simon Glass
2021-12-09 7:37 ` Ilias Apalodimas
2021-12-13 9:29 ` Etienne Carriere
2021-12-01 18:02 ` Simon Glass
2021-12-02 8:05 ` Sughosh Ganu
2021-12-02 13:34 ` Simon Glass
2021-12-03 5:43 ` Sughosh Ganu
2021-11-25 7:12 ` [RESEND RFC PATCH 05/10] FWU: stm32mp1: Add helper functions for accessing metadata Sughosh Ganu
2021-11-25 7:12 ` [RESEND RFC PATCH 06/10] FWU: STM32MP1: Add support to read boot index from backup register Sughosh Ganu
2021-11-25 7:12 ` [RESEND RFC PATCH 07/10] EFI: FMP: Add provision to update image's ImageTypeId in image descriptor Sughosh Ganu
2021-11-26 12:43 ` Heinrich Schuchardt
2021-11-29 11:38 ` Sughosh Ganu
2021-11-25 7:13 ` [RESEND RFC PATCH 08/10] FWU: Add boot time checks as highlighted by the FWU specification Sughosh Ganu
2021-11-25 7:13 ` [RESEND RFC PATCH 09/10] FWU: Add support for FWU Multi Bank Update feature Sughosh Ganu
2021-11-26 12:55 ` Heinrich Schuchardt
2021-11-29 11:44 ` Sughosh Ganu
2021-11-25 7:13 ` [RESEND RFC PATCH 10/10] FWU: cmd: Add a command to read metadata Sughosh Ganu
2021-11-26 12:29 ` [RESEND RFC PATCH 00/10] FWU: Add support for FWU Multi Bank Update feature Heinrich Schuchardt
2021-11-26 12:48 ` Ilias Apalodimas
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CAC_iWjLUbE-TPSHzTrDrvLtkEST0asvHq8SDOHMw0PJ+XB9DzQ@mail.gmail.com \
--to=ilias.apalodimas@linaro.org \
--cc=Jose.Marinho@arm.com \
--cc=agraf@csgraf.de \
--cc=bmeng.cn@gmail.com \
--cc=grant.likely@arm.com \
--cc=jason.hui.liu@nxp.com \
--cc=patrice.chotard@foss.st.com \
--cc=patrick.delaunay@foss.st.com \
--cc=peng.fan@nxp.com \
--cc=sjg@chromium.org \
--cc=sughosh.ganu@linaro.org \
--cc=takahiro.akashi@linaro.org \
--cc=u-boot@lists.denx.de \
--cc=xypron.glpk@gmx.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.