From 8f97675f9d9c25f550e8f82b1fb717716cd24001 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Vincent=20Stehl=C3=A9?= <vincent.stehle@arm.com>
Date: Wed, 22 Jun 2022 19:03:09 +0200
Subject: [PATCH] chapter2: require authenticated capsules
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Require to accept only authenticated in-band firmware updates and mention
the corresponding attribute for FMP.

Signed-off-by: Vincent Stehlé <vincent.stehle@arm.com>
---
 source/chapter2-uefi.rst | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/source/chapter2-uefi.rst b/source/chapter2-uefi.rst
index f8bfae0..5295ca3 100644
--- a/source/chapter2-uefi.rst
+++ b/source/chapter2-uefi.rst
@@ -569,6 +569,10 @@ service and accept updates in the "Firmware Management Protocol Data Capsule
 Structure" format as described in :UEFI:`23.3`. [#FMPNote]_
 `UpdateCapsule()` is only required before `ExitBootServices()` is called.
 
+The firmware shall accept only authenticated updates.
+For updates in the FMP format, the firmware shall only accept updates with
+`IMAGE_ATTRIBUTE_AUTHENTICATION_REQUIRED` set.
+
 Firmware is also required to provide an EFI System Resource Table (ESRT) as
 described in :UEFI:`23.4`.
 Every firmware image that can be updated in-band must be described in the ESRT.