Re: [PATCH] efi/capsule: Make efi_capsule_pending() lockless

[Bryan O'Donoghue]

On Thu, 2016-05-05 at 14:27 +0000, Kweh, Hock Leong wrote:
> > -----Original Message-----
> > From: Matt Fleming [mailto:matt@xxxxxxxxxxxxxxxxxxx]
> > Sent: Wednesday, May 04, 2016 10:36 PM
> > To: Kweh, Hock Leong; Bryan O'Donoghue
> > Cc: linux-efi@xxxxxxxxxxxxxxx; linux-kernel@xxxxxxxxxxxxxxx; Ard
> > Biesheuvel;
> > joeyli; Borislav Petkov
> > Subject: Re: [PATCH] efi/capsule: Make efi_capsule_pending()
> > lockless
> > 
> > On Wed, 04 May, at 02:20:42PM, Borislav Petkov wrote:
> > > 
> > > Blergh.
> > 
> > Wilson, Bryan, what kind of rollback support does the Intel Quark
> > have if its
> > firmware update is interrupted?
> > 
> > The interruption could be for a number of reasons including power
> > loss, or
> > the example in this case, rebooting due to panic().
> 
> If not mistaken, the EFI firmware will not update a partially
> uploaded binary due to checksum error.
> User is required to re-update the efi capsule again on the next boot
> up.
> 

If the checksum fails then you're fine since you won't update flash.

OTOH if you pull the plug we actually have a backup image - so even a
partially flashed update shouldn't brick the system.

How well that actually works i.e. is it tested in anger ? Meh - YMMV
there fore sure.

---
bod