lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Tue, 10 Oct 2017 12:30:57 +0100
From:   Ard Biesheuvel <ard.biesheuvel@...aro.org>
To:     Mark Rutland <mark.rutland@....com>
Cc:     Sudeep Holla <sudeep.holla@....com>,
        Chris Metcalf <cmetcalf@...lanox.com>,
        Grant Likely <Grant.Likely@....com>,
        Ingo Molnar <mingo@...nel.org>,
        "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
        "Paul E. McKenney" <paulmck@...ux.vnet.ibm.com>,
        Kevin Brodsky <kevin.brodsky@....com>,
        Thierry Reding <treding@...dia.com>,
        Nishanth Menon <nm@...com>, Jean Delvare <jdelvare@...e.de>,
        Lorenzo Pieralisi <lorenzo.pieralisi@....com>,
        Leif Lindholm <leif.lindholm@...aro.org>
Subject: Re: [PATCH] firmware: bluefield: add boot control driver

On 10 October 2017 at 11:23, Mark Rutland <mark.rutland@....com> wrote:
> On Tue, Oct 10, 2017 at 11:15:39AM +0100, Sudeep Holla wrote:
>> (+Mark, Grant)
>>
>> On 09/10/17 18:16, Chris Metcalf wrote:
>> > The Mellanox BlueField SoC firmware supports a safe upgrade mode as
>> > part of the flow where users put new firmware on the secondary eMMC
>> > boot partition (the one not currently in use), tell the eMMC to make
>> > the secondary boot partition primary, and reset.
>
> When you say "firmware", are you referreind to actual firmware, or a
> platform-specific OS image?
>
> For the former, the preferred update mechanism would be UpdateCapsule().
>
> For the latter, I'm not sure what the usual mechanism for doing this
> with EFI would be.
>
> Ard, Leif?
>

UEFI does not really care how you manage your OS images, that is up to
the OS itself. UpdateCapsule() does allow you to update system
firmware (UEFI and what executes before it), device firmware (options
ROMs), and actually, anything the platform vendor thought would be
useful to have as a capsule-updatable image.

UEFI does have the notion of SysPrep and PlatformRecovery variables,
and an ephemeral BootNext variable, so the logic of booting into an
alternative OS loader just once is made available by UEFI to the OS.

Of course, for some vendors, especially in the ARM world, 'firmware'
means ARM-TF + UEFI + kernel + initrd + rootfs, so it does make sense
to clarify what you are updating here.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ