On Wed, Sep 02, 2020 at 01:49:40PM +0100, Grant Likely wrote:
On 01/09/2020 15:54, Daniel Thompson wrote:
On Tue, Sep 01, 2020 at 11:59:09AM +0100, Grant Likely wrote:
The existing language around how firmware and an OS can share a storage device doesn't go into sufficient detail on how the firmware should protect firmware data on the device. Add language for both the GPT and MBR partitioning schemes on how firmware images should be described in the partition table.
[...]
@@ -71,15 +77,14 @@ the partition(s) containing firmware. However, some SoCs load firmware from a fixed offset into the storage media. In this case, to protect against partitioning tools overwriting firmware, the -firmware image shall either reside entirely within the first 1MiB of storage, -or should be covered by a protective partition entry in the partition table as +partition table must be formed in a way to protect the firmware image(s) as described in sections :ref:`section-gpt-parts` and :ref:`section-mbr-parts`. -Automatic partitioning tools (e.g. an OS installer) must not create -partitions within the first 1MiB of storage, or delete, move, or modify -protective partition entries. +Automatic partitioning tools (e.g. an OS installer) must not +delete the protective information in the partition table, or +delete, move, or modify protective partition entries. Manual partitioning tools should provide warnings when modifying -protective partitions or creating partitions within the first 1MiB. +protective partitions.
[...]
MBR partitioning ^^^^^^^^^^^^^^^^ -Protective partitions should have a partition type of 0xF8 unless some +If firmware is at a fixed location entirely within the first 1MiB of +storage (<= LBA2047) then no protective partitions are required. +If firmware resides in a fixed location outside the first 1MiB, +then a protective partition must be used to cover the firmware LBAs. +Protective partitions should have a partition type of 0xF8 unless an immutable feature of the platform makes this impossible. +OS partitioning tools must not create partitions in the first 1MiB +of the storage device, and must not remove protective partitions.
What is this last paragraph for? It duplicates (and could even be read as contradicting) the earlier paragraph commencing "Automatic partitioning tools (e.g. an OS installer) must not delete..." which applies to both GPT and MBR systems.
The other paragraph states that protective partitions (maybe they should be called 'firmware partitions'?) must not be moved or removed.
Perhaps we should have independent text in GPT and MBR sub-sections. Then we can use obvious language ("Required Partitions" for GPT, and "Partition type 0xF8" for MBR).
This paragraph also adds the requirements to stay out of the first 1MB of storage because we're not requiring firmware partition entries for the first 1MB. Partition entries are precious in an MBR, so don't want to consume one entry to protect a region that the OS isn't supposed to use anyway.
Thanks. I hadn't spotted that bit of text moving out of its original position.
What's the contradictory bit? Would there be a better way for me to phrase the requirement?
Only that the language used above discusses strong restrictions on automatic partitioning tools (never modify a recognisable protective partition) and much weaker ones on manual partitioning tools (an informed user remains sovereign).
Here we talk about "OS partitioning tools" which can be read as covering both cases.
Daniel.