[PATCH 20/25] efi_loader: capsule: Add runtime capsule flags checks

Fri Jul 4 13:41:24 CEST 2025

On 02.07.25 17:25, abdellatif.elkhlifi at arm.com wrote:
> From: Emekcan Aras <emekcan.aras at arm.com>
> 
> Add missing checks according to the UEFI specification [1]
> 
> checks added for these capsule flags:
> 
> CAPSULE_FLAGS_PERSIST_ACROSS_RESET
> CAPSULE_FLAGS_POPULATE_SYSTEM_TABLE
> CAPSULE_FLAGS_INITIATE_RESET
> 
> [1]: Table 8.8 Flag Firmware Behavior,
>          https://uefi.org/specs/UEFI/2.10/08_Services_Runtime_Services.html
> 
> Signed-off-by: Emekcan Aras <emekcan.aras at arm.com>
> Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi at arm.com>
> Cc: Heinrich Schuchardt <xypron.glpk at gmx.de>
> Cc: Ilias Apalodimas <ilias.apalodimas at linaro.org>
> Cc: Tom Rini <trini at konsulko.com>
> Cc: Simon Glass <sjg at chromium.org>
> Cc: Adriano Cordova <adrianox at gmail.com>
> Cc: Sughosh Ganu <sughosh.ganu at linaro.org>
> ---
>   lib/efi_loader/efi_capsule.c | 30 ++++++++++++++++++++++++++++++
>   1 file changed, 30 insertions(+)
> 
> diff --git a/lib/efi_loader/efi_capsule.c b/lib/efi_loader/efi_capsule.c
> index 113cfe30fde..a5ebe4994dc 100644
> --- a/lib/efi_loader/efi_capsule.c
> +++ b/lib/efi_loader/efi_capsule.c
> @@ -769,6 +769,36 @@ efi_status_t EFIAPI efi_update_capsule(
>   			continue;
>   		}
>   
> +		/*
> +		 * ScatterGatherList must point to a list when the
> +		 * CAPSULE_FLAGS_PERSIST_ACROSS_RESET flag is set.
> +		 */
> +		if ((capsule->flags & CAPSULE_FLAGS_PERSIST_ACROSS_RESET) &&
> +		    !scatter_gather_list) {
> +			ret = EFI_INVALID_PARAMETER;
> +			goto out;
> +		}
> +
> +		/*
> +		 * The CAPSULE_FLAGS_PERSIST_ACROSS_RESET flag must be set
> +		 * along with the CAPSULE_FLAGS_POPULATE_SYSTEM_TABLE flag.
> +		 */
> +		if ((capsule->flags & CAPSULE_FLAGS_POPULATE_SYSTEM_TABLE) &&
> +		    !(capsule->flags & CAPSULE_FLAGS_PERSIST_ACROSS_RESET)) {
> +			ret = EFI_INVALID_PARAMETER;
> +			goto out;
> +		}
> +
> +		/*
> +		 * The CAPSULE_FLAGS_PERSIST_ACROSS_RESET flag must be set
> +		 * along with the CAPSULE_FLAGS_INITIATE_RESET flag.
> +		 */
> +		if ((capsule->flags & CAPSULE_FLAGS_INITIATE_RESET) &&
> +		    !(capsule->flags & CAPSULE_FLAGS_PERSIST_ACROSS_RESET)) {
> +			ret = EFI_INVALID_PARAMETER;
> +			goto out;
> +		}
> +

Should we simplify this?

if (capsule->flags & CAPSULE_FLAGS_PERSIST_ACROSS_RESET) {
	if (!scatter_gather flags) {
		ret = EFI_INVALID_PARAMETER;
		goto out;
	}
} else if (capsule->flags &
	   (CAPSULE_FLAGS_INITIATE_RESET |
	    CAPSULE_FLAGS_POPULATE_SYSTEM_TABLE) {
	ret = EFI_INVALID_PARAMETER;
	goto out;
}

Best regards

Heinrich

>   		log_debug("Capsule[%d] (guid:%pUs)\n",
>   			  i, &capsule->capsule_guid);
>   		ret  = efi_capsule_update_firmware(capsule);