Skip to content

Commit

Permalink
chapter2: require authenticated capsules
Browse files Browse the repository at this point in the history 
Require to accept only authenticated in-band firmware updates and mention
the corresponding attribute for FMP.

Signed-off-by: Vincent Stehlé <vincent.stehle@arm.com>
  • Loading branch information
@vstehle
vstehle committed Feb 29, 2024
1 parent 7834395 commit 8f97675
Showing 1 changed file with 4 additions and 0 deletions.
4 changes: 4 additions & 0 deletions source/chapter2-uefi.rst
View file
Original file line number Diff line number Diff line change
Expand Up @@ -569,6 +569,10 @@ service and accept updates in the "Firmware Management Protocol Data Capsule
Structure" format as described in :UEFI:`23.3`. [#FMPNote]_
`UpdateCapsule()` is only required before `ExitBootServices()` is called.

The firmware shall accept only authenticated updates.
For updates in the FMP format, the firmware shall only accept updates with
`IMAGE_ATTRIBUTE_AUTHENTICATION_REQUIRED` set.

Firmware is also required to provide an EFI System Resource Table (ESRT) as
described in :UEFI:`23.4`.
Every firmware image that can be updated in-band must be described in the ESRT.
Expand Down

0 comments on commit 8f97675

Please sign in to comment.