chapter2: require authenticated fmp capsules for fw update

- Require to accept only authenticated in-band firmware updates in FMP format. - Explicitly allow non-firmware update capsules in any format and refer to the Dependable Boot Specification. Signed-off-by: Vincent Stehlé <vincent.stehle@arm.com>
ARM-software · Jun 19, 2024 · 3a41a94 · 3a41a94
1 parent 2efd1cd
commit 3a41a94
Show file tree

Hide file tree

Showing 3 changed files with 15 additions and 2 deletions.
diff --git a/.typos.txt b/.typos.txt
@@ -6,3 +6,4 @@ recored
 veriable
 virtulized
 authenticaed
+conaining
diff --git a/source/chapter2-uefi.rst b/source/chapter2-uefi.rst
@@ -606,8 +606,9 @@ In-band firmware update
 
 If firmware update is performed in-band (firmware on the application processor
 updates itself), then the firmware shall implement the `UpdateCapsule()` runtime
-service and accept updates in the "Firmware Management Protocol Data Capsule
-Structure" format as described in :UEFI:`23.3`. [#FMPNote]_
+service and accept only authenticated updates in the "Firmware Management
+Protocol Data Capsule Structure" format as described in :UEFI:`23.3`, with
+`IMAGE_ATTRIBUTE_AUTHENTICATION_REQUIRED` set. [#FMPNote]_
 `UpdateCapsule()` is only required before `ExitBootServices()` is called.
 
 .. [#FMPNote] The `UpdateCapsule()` runtime service is expected to be suitable
@@ -618,6 +619,13 @@ Structure" format as described in :UEFI:`23.3`. [#FMPNote]_
 
    https://fwupd.org/
 
+Firmware is allowed to accept capsules not containing firmware updates in any
+format, with or without authentication. [#SignalingNote]_
+
+.. [#SignalingNote] Capsules not containing firmware updates can be used as a
+   signaling mean between OS and firmware, as described in [DEPBOOT]_ for
+   example.
+
 Firmware is also required to provide an EFI System Resource Table (ESRT) as
 described in :UEFI:`23.4`.
 Every firmware image that can be updated in-band must be described in the ESRT.

diff --git a/source/references.rst b/source/references.rst
@@ -17,6 +17,10 @@ Bibliography
    <https://uefi.org/sites/default/files/resources/ACPI_Spec_6_5_Aug29.pdf>`_,
    August 2022, `UEFI Forum <https://uefi.org/>`_
 
+.. [DEPBOOT] `Dependable Boot Specification version 0.1-alpha.
+   <https://gitlab.com/Linaro/trustedsubstrate/mbfw/uploads/3d0d7d11ca9874dc9115616b418aa330/mbfw.pdf>`_
+   November 2021, `Linaro Limited and contributors <https://www.linaro.org>`_
+
 .. [DTSCHEMA] `Devicetree schema tools v2024.02
    <https://github.com/devicetree-org/dt-schema/releases/tag/v2024.02>`_,
    `Devicetree.org <https://www.devicetree.org/>`_