Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Require authenticated FMP firmware updates #119

Merged
merged 1 commit into from
Jul 1, 2024
Merged

Require authenticated FMP firmware updates #119

merged 1 commit into from
Jul 1, 2024

Conversation

vstehle
Copy link
Collaborator

@vstehle vstehle commented Feb 29, 2024
edited
Loading

Require to accept only authenticated in-band firmware updates and mention the corresponding attribute for FMP.

This is supported in U-Boot since a while now.
Also, we require it in SystemReady IR since v2.0.

@vstehle vstehle changed the title chapter2: require authenticated capsules Require authenticated capsules Feb 29, 2024
@vstehle
Copy link
Collaborator Author

vstehle commented Mar 12, 2024

Moving to draft after call of 11 Mar.

@vstehle vstehle marked this pull request as draft March 12, 2024 13:32
@vstehle
Copy link
Collaborator Author

vstehle commented Jun 14, 2024

Adapt a bit to stay compatible with dependable boot:

  • Require authenticated fmp firmware updates
  • Explicitly allow non-firmware updates in any format

@vstehle vstehle marked this pull request as ready for review June 14, 2024 09:45
@vstehle vstehle changed the title Require authenticated capsules Require authenticated FMP firmware updates Jun 14, 2024
xypron
xypron approved these changes Jun 17, 2024
View reviewed changes
Copy link
Contributor

@xypron xypron left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good to me.

@vstehle vstehle force-pushed the authcaps branch 2 times, most recently from 1804279 to 3a41a94 Compare June 19, 2024 09:06
@vstehle
chapter2: require authenticated fmp capsules for fw update
e055eba 
- Require to accept only authenticated in-band firmware updates in FMP
  format.
- Explicitly allow non-firmware update capsules in any format and refer to
  the Dependable Boot Specification.

Signed-off-by: Vincent Stehlé <vincent.stehle@arm.com>
@vstehle
Copy link
Collaborator Author

vstehle commented Jul 1, 2024

Thanks @xypron for your review.
As discussed during the call of Jul 1, I have removed the change to .typos.txt from this pull request. With that, merging as approved.

@vstehle vstehle merged commit 56ba630 into ARM-software:main Jul 1, 2024
1 check passed
@vstehle vstehle deleted the authcaps branch July 1, 2024 14:40
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@xypron xypron xypron approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@vstehle @xypron