[PATCH v2] doc: uefi: enhance anti-rollback documentation
Masahisa Kojima
masahisa.kojima at linaro.org
Thu Jun 22 09:56:55 CEST 2023
On Thu, 22 Jun 2023 at 16:21, Ilias Apalodimas
<ilias.apalodimas at linaro.org> wrote:
>
> Hi Kojima-san
>
> On Thu, 22 Jun 2023 at 08:51, Masahisa Kojima
> <masahisa.kojima at linaro.org> wrote:
> >
> > To enforce anti-rollback to any older version, dtb must be
> > always update manually. This should be described in the
> > documentation.
> >
> > This commit also adds the recommendation that secure system should not
> > enable the fdt command because lowest-supported-version
> > property in device tree can be changed by fdt command.
> >
> > Signed-off-by: Masahisa Kojima <masahisa.kojima at linaro.org>
> > ---
> > doc/develop/uefi/uefi.rst | 7 +++++++
> > 1 file changed, 7 insertions(+)
> >
> > diff --git a/doc/develop/uefi/uefi.rst b/doc/develop/uefi/uefi.rst
> > index ffd13cebe9..7407f178f5 100644
> > --- a/doc/develop/uefi/uefi.rst
> > +++ b/doc/develop/uefi/uefi.rst
> > @@ -552,6 +552,13 @@ update using a capsule file with --fw-version of 5, the update will fail.
> > When the --fw-version in the capsule file is updated, lowest-supported-version
> > in the dtb might be updated accordingly.
> >
> > +If user needs to enroce anti-rollback to any older version,
>
> enforce*
>
> > +the lowest-supported-version property in dtb must be always updated manually.
> > +
> > +Note that the lowest-supported-version property specified in U-Boot's control
> > +device tree can be changed by U-Boot fdt command.
> > +Secure systems should not enable this command.
> > +
>
> Other than than
> Reviewed-by: Ilias Apalodimas <ilias.apalodimas at linaro.org>
Thank you for pointing out the typo.
I will fix and send v3 soon.
Thanks,
Masahisa Kojima
>
> > To insert the lowest supported version into a dtb
> >
> > .. code-block:: console
> > --
> > 2.34.1
> >
More information about the U-Boot
mailing list