On Thu, May 13, 2021 at 08:25:56PM +0200, Heinrich Schuchardt wrote: > On 5/13/21 10:18 AM, Masami Hiramatsu wrote: > > 2021年5月13日(木) 16:24 AKASHI Takahiro <[email protected]>: > > > > > > > > > BTW, IMHO, if u-boot.bin can not find the ESL in the device tree, > > > > > > > it should skip authentication too. > > > > > > > > > > > > In this case the capsule should be rejected (if > > > > > > CONFIG_EFI_CAPSULE_AUTHENTICATE=y). > > > > > > > > > > That's basically right. > > > > > But as I mentioned in my comment against Sughosh's patch, > > > > > the authentication process will be enforced only if the capsule has > > > > > an attribute, IMAGE_ATTRIBUTE_AUTHENTICATION_REQUIRED. > > > > > > > > > > > > > That would be a security desaster. > > > > > > The requirement that I mentioned above is clearly described > > > in UEFI specification. > > > If you think that it is a disaster, please discuss the topic > > > in UEFI Forum first. > > > > I confirmed UEFI specification, version 2.7, Section.23.1 > > the last of EFI_FIRMWARE_MANAGEMENT_PROTOCOL.GetImageInfo() > > > > ----------------- > > If IMAGE_ATTRIBUTE_AUTHENTICATION_REQUIRED is supported and clear, then > > authentication is not required to perform the firmware image operations. > > ----------------- > > IMAGE_ATTRIBUTE_AUTHENTICATION_REQUIRED bit is a property of the FMP driver.
Yes, it is. But if the attribute is not changeable at all, why do we need this flag? Why does a "firmware image descriptor" hold two distinct member fields, "AttributesSupported" and "AttributesSetting"? What does "Setting" mean? Who sets what, and when? -Takahiro Akashi > Best regards > > Heinrich > > > > > Oh, this is really crazy because deciding whether to authenticate the > > suspicious > > package or not, depends on whether the package said "please > > authenticate me" or not. :D > > > > Anyway, since this behavior follows the specification, it should be > > kept by default, > > but also IMHO, there should be a CONFIG option to enforce capsule > > authentication always. > > > > Thank you, > > > > > > >
