Hi Michal, Sughosh, On Wed, Jul 26, 2023 at 06:36:56PM +0200, Michal Simek wrote: > > > On 7/26/23 15:07, Ilias Apalodimas wrote: > > Hi all > > > > [...] > > > > > > > > > > > > > > > Hello Sugosh, > > > > > > > > fwu_empty_capsule() detects an empty capsule as one with a GUID > > > > fwu_guid_os_request_fw_revert or fwu_guid_os_request_fw_accept. > > > > > > > > I am not aware of a requirement in the UEFI specification to treat > > > > capsules read from file in a different way than capsules passed via > > > > UpdateCapsule(). Is there any reason why UpdateCapsule() should not > > > > process an empty capsule when called from a boot-time EFI application? > > > > > > Here is a story behind efi_update_capsule(): > > > === > > > commit a6aafce494ab > > > Author: Masami Hiramatsu <masami.hirama...@linaro.org> > > > Date: Wed Feb 16 15:15:42 2022 +0900 > > > > > > efi_loader: use efi_update_capsule_firmware() for capsule on disk > > > === > > > > > > I still believe that this is a valid change, but we should have > > > moved 'capsule->capsule_guid' check into efi_update_capsule_firmware() > > > at the same time. > > > > I agree with Akashi-san here. I am also fine with this patchset since > > running the A/B update from an EFI app should work. But can we do a v2 > > with 2 patches? > > #1 move the capsule check along with the empty capsule checks in > > efi_update_capsule_firmware() > > #2 fix the a/b updates via the runtime calls and adjust the commit > > message accordingly, explaining why this change is needed? > > Can someone from Linaro create v2 on this? > I just wanted to pointed to it.
Yes, I posted "efi_loader: capsule: enforce guid check in api and capsule_on_disk". Since I didn't run any test against A/B update, can you please confirm that this patch works in your environment? Unlike Ilias suggested, I made a single patch because an empty capsule will be handled any way at the beginning of efi_capsule_update_firmware() and we process only normal capsules after that. -Takahiro Akashi > Thanks, > Michal