From 1b7e469a66521d90b6f51fe0a27abada664471ba Mon Sep 17 00:00:00 2001 From: AKASHI Takahiro Date: Thu, 27 Jul 2023 09:38:00 +0900 Subject: [PATCH] efi_loader: capsule: enforce guid check in api and capsule_on_disk While UPDATE_CAPSULE api is not fully implemented, this interface and capsule-on-disk feature should behave in the same way, especially in handling an empty capsule for fwu multibank, for future enhancement. So move the guid check into efi_capsule_update_firmware(). Fixed: commit a6aafce494ab ("efi_loader: use efi_update_capsule_firmware() for capsule on disk") Reported-by: Michal Simek Signed-off-by: AKASHI Takahiro Reported-by: Michal Simek Signed-off-by: AKASHI Takahiro Tested-by: Michal Simek Reviewed-by: Ilias Apalodimas --- lib/efi_loader/efi_capsule.c | 17 ++++++++--------- 1 file changed, 8 insertions(+), 9 deletions(-) diff --git a/lib/efi_loader/efi_capsule.c b/lib/efi_loader/efi_capsule.c index 7a6f195cbc..ddf8153e09 100644 --- a/lib/efi_loader/efi_capsule.c +++ b/lib/efi_loader/efi_capsule.c @@ -581,6 +581,13 @@ static efi_status_t efi_capsule_update_firmware( fw_accept_os = capsule_data->flags & FW_ACCEPT_OS ? 0x1 : 0x0; } + if (guidcmp(&capsule_data->capsule_guid, + &efi_guid_firmware_management_capsule_id)) { + log_err("Unsupported capsule type: %pUs\n", + &capsule_data->capsule_guid); + return EFI_UNSUPPORTED; + } + /* sanity check */ if (capsule_data->header_size < sizeof(*capsule) || capsule_data->header_size >= capsule_data->capsule_image_size) @@ -751,15 +758,7 @@ efi_status_t EFIAPI efi_update_capsule( log_debug("Capsule[%d] (guid:%pUs)\n", i, &capsule->capsule_guid); - if (!guidcmp(&capsule->capsule_guid, - &efi_guid_firmware_management_capsule_id)) { - ret = efi_capsule_update_firmware(capsule); - } else { - log_err("Unsupported capsule type: %pUs\n", - &capsule->capsule_guid); - ret = EFI_UNSUPPORTED; - } - + ret = efi_capsule_update_firmware(capsule); if (ret != EFI_SUCCESS) goto out; } -- 2.39.5