From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received-SPF: Pass (sender SPF authorized) identity=mailfrom; client-ip=104.47.1.76; helo=eur01-ve1-obe.outbound.protection.outlook.com; envelope-from=udit.kumar@nxp.com; receiver=edk2-devel@lists.01.org Received: from EUR01-VE1-obe.outbound.protection.outlook.com (mail-ve1eur01on0076.outbound.protection.outlook.com [104.47.1.76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 4DB95210C0F7D for ; Mon, 18 Jun 2018 03:35:53 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nxp.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=AhsiENHpoyVE0QTMT7EeFbbuLnmr6yZaD3jvNuDx9q4=; b=sY0CxpOPi99xJ+3jd3YMdyajzH2tos8ZC6eMtVlu4J5HNey25dPzEVhOZwtrFxd6vitJJB4u164FR3Fn2rHcmQGiIPOD3waiQbzrT1+wTwFHVSkb5roqHQmT8KDRt28dJUk8C9H5yiLUk8DERN/V7roFdtSwNiMMdjIhqrKcllQ= Received: from AM6PR0402MB3334.eurprd04.prod.outlook.com (52.133.18.151) by AM6PR0402MB3462.eurprd04.prod.outlook.com (52.133.19.31) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.863.16; Mon, 18 Jun 2018 10:35:50 +0000 Received: from AM6PR0402MB3334.eurprd04.prod.outlook.com ([fe80::397b:61de:4465:b93c]) by AM6PR0402MB3334.eurprd04.prod.outlook.com ([fe80::397b:61de:4465:b93c%2]) with mapi id 15.20.0841.019; Mon, 18 Jun 2018 10:35:50 +0000 From: Udit Kumar To: "Yao, Jiewen" CC: Ard Biesheuvel , "Kinney, Michael D" , "edk2-devel@lists.01.org" , "leif.lindholm@linaro.org" , "Zeng, Star" Thread-Topic: [edk2] [PATCH v2 2/5] MdeModulePkg/DxeCapsuleLibFmp: permit ProcessCapsules () to be called once Thread-Index: AQHT/vYbbSADsfB+hEWX7Kwk2kNBmKRWSrdAgA+ViEA= Date: Mon, 18 Jun 2018 10:35:50 +0000 Message-ID: References: <20180608065811.2065-1-ard.biesheuvel@linaro.org> <20180608065811.2065-3-ard.biesheuvel@linaro.org> <74D8A39837DF1E4DA445A8C0B3885C503AC3515B@shsmsx102.ccr.corp.intel.com> In-Reply-To: <74D8A39837DF1E4DA445A8C0B3885C503AC3515B@shsmsx102.ccr.corp.intel.com> Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [14.142.187.166] x-ms-publictraffictype: Email x-microsoft-exchange-diagnostics: 1; AM6PR0402MB3462; 7:wG23CYWnnWVnFYFIKNGnS8aek/v/5/aSEtGNYFeiJpBOiP2yM0TELe3Qo/N0n0Mb2sAqV8FZ7rq4pCZ0lZbZfWNc4Hkuzo/sl5B0rCy89EjKc4RJELaHPnkLREBizVrRgitgeBtUNhLugPNVL4rKYXVelym2OS/tOhr+b26SRda5sa/BAgDSAPVxUiIHnerkE+z42jzWjz0QRGEedPSMDjaBAFSu6VnojOrvWtPiM+d/a9HqrUBLP/TGh0cuAA71 x-ms-exchange-antispam-srfa-diagnostics: SOS; x-ms-office365-filtering-correlation-id: 446148bf-a42f-4d8b-3dcd-08d5d50742bb x-ms-office365-filtering-ht: Tenant x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(4534165)(7168020)(4627221)(201703031133081)(201702281549075)(5600026)(711020)(48565401081)(2017052603328)(7153060)(7193020); SRVR:AM6PR0402MB3462; x-ms-traffictypediagnostic: AM6PR0402MB3462: authentication-results: spf=none (sender IP is ) smtp.mailfrom=udit.kumar@nxp.com; x-microsoft-antispam-prvs: x-exchange-antispam-report-test: UriScan:(192374486261705)(189930954265078)(162533806227266)(45079756050767)(228905959029699); x-ms-exchange-senderadcheck: 1 x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(8211001083)(6040522)(2401047)(8121501046)(5005006)(10201501046)(3002001)(93006095)(93001095)(3231254)(944501410)(52105095)(6055026)(149027)(150027)(6041310)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123560045)(20161123562045)(20161123558120)(20161123564045)(6072148)(201708071742011)(7699016); SRVR:AM6PR0402MB3462; BCL:0; PCL:0; RULEID:; SRVR:AM6PR0402MB3462; x-forefront-prvs: 0707248B64 x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(366004)(346002)(39860400002)(39380400002)(376002)(396003)(13464003)(189003)(199004)(74316002)(53936002)(3846002)(6916009)(105586002)(55016002)(99286004)(86362001)(102836004)(68736007)(106356001)(6116002)(4326008)(305945005)(7736002)(26005)(6436002)(229853002)(6306002)(25786009)(6246003)(54906003)(316002)(9686003)(5250100002)(478600001)(186003)(45080400002)(33656002)(3280700002)(44832011)(3660700001)(486006)(966005)(14454004)(476003)(81166006)(2906002)(66066001)(2900100001)(8676002)(11346002)(7696005)(446003)(59450400001)(55236004)(6506007)(53546011)(8936002)(81156014)(97736004)(5660300001)(76176011); DIR:OUT; SFP:1101; SCL:1; SRVR:AM6PR0402MB3462; H:AM6PR0402MB3334.eurprd04.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1; received-spf: None (protection.outlook.com: nxp.com does not designate permitted sender hosts) x-microsoft-antispam-message-info: NImwYko3iZSqzZFhkwLpEWXDzLx070D4gqpucmLQ9QlV3Gpcu9mJz1OCSKuPaCEJWWHzAjH1syAZLInOyy+mL7Dfsk8JX+3/Vz/d6wGwhWzct0La4p+7wQJm5lQLSmOSTDddZBhD/Hab/kkkfBAavLBF4mDf4mfC7p/eSMkAf3PqLHP9qjx8mhkvbNeWZxKN spamdiagnosticoutput: 1:99 spamdiagnosticmetadata: NSPM MIME-Version: 1.0 X-OriginatorOrg: nxp.com X-MS-Exchange-CrossTenant-Network-Message-Id: 446148bf-a42f-4d8b-3dcd-08d5d50742bb X-MS-Exchange-CrossTenant-originalarrivaltime: 18 Jun 2018 10:35:50.3137 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 686ea1d3-bc2b-4c6f-a92c-d99c5c301635 X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM6PR0402MB3462 Subject: Re: [PATCH v2 2/5] MdeModulePkg/DxeCapsuleLibFmp: permit ProcessCapsules () to be called once X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.26 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 18 Jun 2018 10:35:54 -0000 Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Hi Jiewen,=20 I don't know x86 in details , so ignore stupid question,=20 Also thanks to bear with unrelated question. > In our X86 system design, we lock flash part *before* EndOfDxe in any boo= t > mode. > Even in CapsuleUpdate boot mode, we also lock flash part at EndOfDxe, jus= t > in case the capsule update does not indicate a reset. On x86, we have SMM mode and I think this is assumed to be secured . What is restriction that flash update is done after reset. This could be=20 done in same call of OS in SMM mode.=20 Regards Udit=20 > -----Original Message----- > From: edk2-devel [mailto:edk2-devel-bounces@lists.01.org] On Behalf Of > Yao, Jiewen > Sent: Friday, June 8, 2018 6:05 PM > To: Ard Biesheuvel ; edk2-devel@lists.01.org > Cc: Kinney, Michael D ; > leif.lindholm@linaro.org; Zeng, Star > Subject: Re: [edk2] [PATCH v2 2/5] MdeModulePkg/DxeCapsuleLibFmp: > permit ProcessCapsules () to be called once >=20 > Hi Ard > We don't allow platform to update system firmware *after* EndOfDxe. >=20 > According to PI spec, after EndOfDxe, 3rd part code start running. It bri= ngs > security risk if we allow system firmware after EndOfDxe. >=20 > In our X86 system design, we lock flash part *before* EndOfDxe in any boo= t > mode. > Even in CapsuleUpdate boot mode, we also lock flash part at EndOfDxe, jus= t > in case the capsule update does not indicate a reset. >=20 > Would you please share the info, why your platform need update system > firmware after EndOfDxe? > Is that possible to make it earlier? >=20 >=20 > Thank you > Yao Jiewen >=20 > > -----Original Message----- > > From: edk2-devel [mailto:edk2-devel-bounces@lists.01.org] On Behalf Of > > Ard Biesheuvel > > Sent: Friday, June 8, 2018 2:58 AM > > To: edk2-devel@lists.01.org > > Cc: Kinney, Michael D ; Yao, Jiewen > > ; Zeng, Star ; > > leif.lindholm@linaro.org; Ard Biesheuvel > > Subject: [edk2] [PATCH v2 2/5] MdeModulePkg/DxeCapsuleLibFmp: > permit > > ProcessCapsules () to be called once > > > > Permit ProcessCapsules () to be called only a single time, after > > EndOfDxe. This allows platforms that are able to update system > > firmware after EndOfDxe (e.g., because the flash ROM is not locked > > down) to do so at a time when a non-trusted console is up and running, > > and progress can be reported to the user. > > > > Contributed-under: TianoCore Contribution Agreement 1.1 > > Signed-off-by: Ard Biesheuvel > > --- > > MdeModulePkg/Library/DxeCapsuleLibFmp/DxeCapsuleProcessLib.c | 18 > > ++++++++++++------ > > 1 file changed, 12 insertions(+), 6 deletions(-) > > > > diff --git > > a/MdeModulePkg/Library/DxeCapsuleLibFmp/DxeCapsuleProcessLib.c > > b/MdeModulePkg/Library/DxeCapsuleLibFmp/DxeCapsuleProcessLib.c > > index 26ca4e295f20..ad83660f1737 100644 > > --- a/MdeModulePkg/Library/DxeCapsuleLibFmp/DxeCapsuleProcessLib.c > > +++ > b/MdeModulePkg/Library/DxeCapsuleLibFmp/DxeCapsuleProcessLib.c > > @@ -100,6 +100,7 @@ IsValidCapsuleHeader ( > > > > extern BOOLEAN mDxeCapsuleLibEndOfDxe; > > BOOLEAN mNeedReset; > > +BOOLEAN mFirstRound =3D TRUE; > > > > VOID **mCapsulePtr; > > EFI_STATUS *mCapsuleStatusArray; > > @@ -364,8 +365,11 @@ PopulateCapsuleInConfigurationTable ( > > > > Each individual capsule result is recorded in capsule record variabl= e. > > > > - @param[in] FirstRound TRUE: First round. Need skip the FMP > > capsules with non zero EmbeddedDriverCount. > > - FALSE: Process rest FMP capsules. > > + @param[in] FirstRound Whether this is the first invocation > > + @param[in] LastRound Whether this is the last invocation > > + FALSE: First of 2 rounds. Need skip > > + the > > FMP > > + capsules with non zero > > EmbeddedDriverCount. > > + TRUE: Process rest FMP capsules. > > > > @retval EFI_SUCCESS There is no error when processing > > capsules. > > @retval EFI_OUT_OF_RESOURCES No enough resource to process > > capsules. > > @@ -373,7 +377,8 @@ PopulateCapsuleInConfigurationTable ( **/ > > EFI_STATUS ProcessTheseCapsules ( > > - IN BOOLEAN FirstRound > > + IN BOOLEAN FirstRound, > > + IN BOOLEAN LastRound > > ) > > { > > EFI_STATUS Status; > > @@ -453,7 +458,7 @@ ProcessTheseCapsules ( > > continue; > > } > > > > - if ((!FirstRound) || (EmbeddedDriverCount =3D=3D 0)) { > > + if (LastRound || (EmbeddedDriverCount =3D=3D 0)) { > > DEBUG((DEBUG_INFO, "ProcessCapsuleImage - 0x%x\n", > > CapsuleHeader)); > > Status =3D ProcessCapsuleImage (CapsuleHeader); > > mCapsuleStatusArray [Index] =3D Status; @@ -546,7 +551,7 @@ > > ProcessCapsules ( > > EFI_STATUS Status; > > > > if (!mDxeCapsuleLibEndOfDxe) { > > - Status =3D ProcessTheseCapsules(TRUE); > > + Status =3D ProcessTheseCapsules(TRUE, FALSE); > > > > // > > // Reboot System if and only if all capsule processed. > > @@ -555,8 +560,9 @@ ProcessCapsules ( > > if (mNeedReset && AreAllImagesProcessed()) { > > DoResetSystem(); > > } > > + mFirstRound =3D FALSE; > > } else { > > - Status =3D ProcessTheseCapsules(FALSE); > > + Status =3D ProcessTheseCapsules(mFirstRound, TRUE); > > // > > // Reboot System if required after all capsule processed > > // > > -- > > 2.17.0 > > > > _______________________________________________ > > edk2-devel mailing list > > edk2-devel@lists.01.org > > > https://emea01.safelinks.protection.outlook.com/?url=3Dhttps%3A%2F%2Flis > > ts.01.org%2Fmailman%2Flistinfo%2Fedk2- > devel&data=3D02%7C01%7Cudit.kumar% > > > 40nxp.com%7C0701a8fc1bd5448675df08d5cd3c3827%7C686ea1d3bc2b4 > c6fa92cd99 > > > c5c301635%7C0%7C0%7C636640580906249469&sdata=3DFi56Xg%2B1p5e6 > 9qbD5ITsw8v > > ve397ThhomLr9wcY9Ljc%3D&reserved=3D0 > _______________________________________________ > edk2-devel mailing list > edk2-devel@lists.01.org > https://emea01.safelinks.protection.outlook.com/?url=3Dhttps%3A%2F%2Flis > ts.01.org%2Fmailman%2Flistinfo%2Fedk2- > devel&data=3D02%7C01%7Cudit.kumar%40nxp.com%7C0701a8fc1bd544867 > 5df08d5cd3c3827%7C686ea1d3bc2b4c6fa92cd99c5c301635%7C0%7C0%7 > C636640580906249469&sdata=3DFi56Xg%2B1p5e69qbD5ITsw8vve397Thho > mLr9wcY9Ljc%3D&reserved=3D0