]>
Commit | Line | Data |
---|---|---|
4f0544b1 EJ |
1 | /** @file\r |
2 | Produces a Firmware Management Protocol that supports updates to a firmware\r | |
3 | image stored in a firmware device with platform and firmware device specific\r | |
4 | information provided through PCDs and libraries.\r | |
5 | \r | |
5550f4d3 | 6 | Copyright (c) Microsoft Corporation.<BR>\r |
2f6f3329 | 7 | Copyright (c) 2018 - 2021, Intel Corporation. All rights reserved.<BR>\r |
4f0544b1 EJ |
8 | \r |
9 | SPDX-License-Identifier: BSD-2-Clause-Patent\r | |
10 | \r | |
11 | **/\r | |
12 | \r | |
13 | #ifndef _FMP_DXE_H_\r | |
14 | #define _FMP_DXE_H_\r | |
15 | \r | |
16 | #include <PiDxe.h>\r | |
17 | #include <Library/DebugLib.h>\r | |
18 | #include <Library/BaseLib.h>\r | |
19 | #include <Library/BaseMemoryLib.h>\r | |
e0961677 EJ |
20 | #include <Library/BaseCryptLib.h>\r |
21 | #include <Library/PcdLib.h>\r | |
4f0544b1 | 22 | #include <Library/UefiBootServicesTableLib.h>\r |
67c1e5ee | 23 | #include <Library/UefiRuntimeServicesTableLib.h>\r |
4f0544b1 EJ |
24 | #include <Library/MemoryAllocationLib.h>\r |
25 | #include <Library/UefiLib.h>\r | |
a5944b6a | 26 | #include <Library/PrintLib.h>\r |
4f0544b1 EJ |
27 | #include <Library/FmpAuthenticationLib.h>\r |
28 | #include <Library/FmpDeviceLib.h>\r | |
29 | #include <Library/FmpPayloadHeaderLib.h>\r | |
30 | #include <Library/CapsuleUpdatePolicyLib.h>\r | |
0f30087b WX |
31 | #include <Library/FmpDependencyLib.h>\r |
32 | #include <Library/FmpDependencyCheckLib.h>\r | |
33 | #include <Library/FmpDependencyDeviceLib.h>\r | |
4f0544b1 EJ |
34 | #include <Protocol/FirmwareManagement.h>\r |
35 | #include <Protocol/FirmwareManagementProgress.h>\r | |
36 | #include <Guid/SystemResourceTable.h>\r | |
37 | #include <Guid/EventGroup.h>\r | |
5550f4d3 MK |
38 | #include <LastAttemptStatus.h>\r |
39 | #include <FmpLastAttemptStatus.h>\r | |
2f6f3329 | 40 | #include <Library/VariablePolicyHelperLib.h>\r |
4f0544b1 EJ |
41 | \r |
42 | #define VERSION_STRING_NOT_SUPPORTED L"VERSION STRING NOT SUPPORTED"\r | |
43 | #define VERSION_STRING_NOT_AVAILABLE L"VERSION STRING NOT AVAILABLE"\r | |
44 | \r | |
45 | ///\r | |
46 | ///\r | |
47 | ///\r | |
45ce0a67 | 48 | #define FIRMWARE_MANAGEMENT_PRIVATE_DATA_SIGNATURE SIGNATURE_32 ('f','m','p','p')\r |
4f0544b1 EJ |
49 | \r |
50 | typedef struct {\r | |
45ce0a67 MK |
51 | UINTN Signature;\r |
52 | EFI_HANDLE Handle;\r | |
53 | EFI_FIRMWARE_MANAGEMENT_PROTOCOL Fmp;\r | |
54 | BOOLEAN DescriptorPopulated;\r | |
55 | EFI_FIRMWARE_IMAGE_DESCRIPTOR Descriptor;\r | |
56 | CHAR16 *ImageIdName;\r | |
57 | CHAR16 *VersionName;\r | |
58 | BOOLEAN RuntimeVersionSupported;\r | |
59 | EFI_EVENT FmpDeviceLockEvent;\r | |
4f0544b1 EJ |
60 | //\r |
61 | // Indicates if an attempt has been made to lock a\r | |
62 | // FLASH storage device by calling FmpDeviceLock().\r | |
63 | // A FLASH storage device may not support being locked,\r | |
64 | // so this variable is set to TRUE even if FmpDeviceLock()\r | |
65 | // returns an error.\r | |
66 | //\r | |
45ce0a67 MK |
67 | BOOLEAN FmpDeviceLocked;\r |
68 | VOID *FmpDeviceContext;\r | |
69 | CHAR16 *VersionVariableName;\r | |
70 | CHAR16 *LsvVariableName;\r | |
71 | CHAR16 *LastAttemptStatusVariableName;\r | |
72 | CHAR16 *LastAttemptVersionVariableName;\r | |
73 | CHAR16 *FmpStateVariableName;\r | |
74 | BOOLEAN DependenciesSatisfied;\r | |
4f0544b1 EJ |
75 | } FIRMWARE_MANAGEMENT_PRIVATE_DATA;\r |
76 | \r | |
77 | ///\r | |
78 | ///\r | |
79 | ///\r | |
80 | #define FIRMWARE_MANAGEMENT_PRIVATE_DATA_FROM_THIS(a) \\r | |
81 | CR (a, FIRMWARE_MANAGEMENT_PRIVATE_DATA, Fmp, FIRMWARE_MANAGEMENT_PRIVATE_DATA_SIGNATURE)\r | |
82 | \r | |
e0961677 EJ |
83 | ///\r |
84 | /// Null-terminated Unicode string retrieved from PcdFmpDeviceImageIdName.\r | |
85 | ///\r | |
86 | extern CHAR16 *mImageIdName;\r | |
87 | \r | |
4f0544b1 EJ |
88 | /**\r |
89 | Check to see if any of the keys in PcdFmpDevicePkcs7CertBufferXdr matches\r | |
90 | the test key. PcdFmpDeviceTestKeySha256Digest contains the SHA256 hash of\r | |
91 | the test key. For each key in PcdFmpDevicePkcs7CertBufferXdr, compute the\r | |
92 | SHA256 hash and compare it to PcdFmpDeviceTestKeySha256Digest. If the\r | |
93 | SHA256 hash matches or there is then error computing the SHA256 hash, then\r | |
94 | set PcdTestKeyUsed to TRUE. Skip this check if PcdTestKeyUsed is already\r | |
95 | TRUE or PcdFmpDeviceTestKeySha256Digest is not exactly SHA256_DIGEST_SIZE\r | |
96 | bytes.\r | |
97 | **/\r | |
98 | VOID\r | |
99 | DetectTestKey (\r | |
100 | VOID\r | |
101 | );\r | |
102 | \r | |
103 | /**\r | |
104 | Returns information about the current firmware image(s) of the device.\r | |
105 | \r | |
106 | This function allows a copy of the current firmware image to be created and saved.\r | |
107 | The saved copy could later been used, for example, in firmware image recovery or rollback.\r | |
108 | \r | |
109 | @param[in] This A pointer to the EFI_FIRMWARE_MANAGEMENT_PROTOCOL instance.\r | |
110 | @param[in, out] ImageInfoSize A pointer to the size, in bytes, of the ImageInfo buffer.\r | |
111 | On input, this is the size of the buffer allocated by the caller.\r | |
112 | On output, it is the size of the buffer returned by the firmware\r | |
113 | if the buffer was large enough, or the size of the buffer needed\r | |
114 | to contain the image(s) information if the buffer was too small.\r | |
115 | @param[in, out] ImageInfo A pointer to the buffer in which firmware places the current image(s)\r | |
116 | information. The information is an array of EFI_FIRMWARE_IMAGE_DESCRIPTORs.\r | |
117 | @param[out] DescriptorVersion A pointer to the location in which firmware returns the version number\r | |
118 | associated with the EFI_FIRMWARE_IMAGE_DESCRIPTOR.\r | |
119 | @param[out] DescriptorCount A pointer to the location in which firmware returns the number of\r | |
120 | descriptors or firmware images within this device.\r | |
121 | @param[out] DescriptorSize A pointer to the location in which firmware returns the size, in bytes,\r | |
122 | of an individual EFI_FIRMWARE_IMAGE_DESCRIPTOR.\r | |
123 | @param[out] PackageVersion A version number that represents all the firmware images in the device.\r | |
124 | The format is vendor specific and new version must have a greater value\r | |
125 | than the old version. If PackageVersion is not supported, the value is\r | |
126 | 0xFFFFFFFF. A value of 0xFFFFFFFE indicates that package version comparison\r | |
127 | is to be performed using PackageVersionName. A value of 0xFFFFFFFD indicates\r | |
128 | that package version update is in progress.\r | |
129 | @param[out] PackageVersionName A pointer to a pointer to a null-terminated string representing the\r | |
130 | package version name. The buffer is allocated by this function with\r | |
131 | AllocatePool(), and it is the caller's responsibility to free it with a call\r | |
132 | to FreePool().\r | |
133 | \r | |
134 | @retval EFI_SUCCESS The device was successfully updated with the new image.\r | |
135 | @retval EFI_BUFFER_TOO_SMALL The ImageInfo buffer was too small. The current buffer size\r | |
136 | needed to hold the image(s) information is returned in ImageInfoSize.\r | |
137 | @retval EFI_INVALID_PARAMETER ImageInfoSize is NULL.\r | |
138 | @retval EFI_DEVICE_ERROR Valid information could not be returned. Possible corrupted image.\r | |
139 | \r | |
140 | **/\r | |
141 | EFI_STATUS\r | |
142 | EFIAPI\r | |
143 | GetTheImageInfo (\r | |
144 | IN EFI_FIRMWARE_MANAGEMENT_PROTOCOL *This,\r | |
145 | IN OUT UINTN *ImageInfoSize,\r | |
146 | IN OUT EFI_FIRMWARE_IMAGE_DESCRIPTOR *ImageInfo,\r | |
147 | OUT UINT32 *DescriptorVersion,\r | |
148 | OUT UINT8 *DescriptorCount,\r | |
149 | OUT UINTN *DescriptorSize,\r | |
150 | OUT UINT32 *PackageVersion,\r | |
151 | OUT CHAR16 **PackageVersionName\r | |
152 | );\r | |
153 | \r | |
154 | /**\r | |
155 | Retrieves a copy of the current firmware image of the device.\r | |
156 | \r | |
157 | This function allows a copy of the current firmware image to be created and saved.\r | |
158 | The saved copy could later been used, for example, in firmware image recovery or rollback.\r | |
159 | \r | |
160 | @param[in] This A pointer to the EFI_FIRMWARE_MANAGEMENT_PROTOCOL instance.\r | |
161 | @param[in] ImageIndex A unique number identifying the firmware image(s) within the device.\r | |
162 | The number is between 1 and DescriptorCount.\r | |
163 | @param[in, out] Image Points to the buffer where the current image is copied to.\r | |
164 | @param[in, out] ImageSize On entry, points to the size of the buffer pointed to by Image, in bytes.\r | |
165 | On return, points to the length of the image, in bytes.\r | |
166 | \r | |
167 | @retval EFI_SUCCESS The device was successfully updated with the new image.\r | |
168 | @retval EFI_BUFFER_TOO_SMALL The buffer specified by ImageSize is too small to hold the\r | |
169 | image. The current buffer size needed to hold the image is returned\r | |
170 | in ImageSize.\r | |
171 | @retval EFI_INVALID_PARAMETER The Image was NULL.\r | |
172 | @retval EFI_NOT_FOUND The current image is not copied to the buffer.\r | |
173 | @retval EFI_UNSUPPORTED The operation is not supported.\r | |
174 | @retval EFI_SECURITY_VIOLATION The operation could not be performed due to an authentication failure.\r | |
175 | \r | |
176 | **/\r | |
177 | EFI_STATUS\r | |
178 | EFIAPI\r | |
179 | GetTheImage (\r | |
180 | IN EFI_FIRMWARE_MANAGEMENT_PROTOCOL *This,\r | |
181 | IN UINT8 ImageIndex,\r | |
182 | IN OUT VOID *Image,\r | |
183 | IN OUT UINTN *ImageSize\r | |
184 | );\r | |
185 | \r | |
4f0544b1 EJ |
186 | /**\r |
187 | Checks if the firmware image is valid for the device.\r | |
188 | \r | |
189 | This function allows firmware update application to validate the firmware image without\r | |
190 | invoking the SetImage() first.\r | |
191 | \r | |
192 | @param[in] This A pointer to the EFI_FIRMWARE_MANAGEMENT_PROTOCOL instance.\r | |
193 | @param[in] ImageIndex A unique number identifying the firmware image(s) within the device.\r | |
194 | The number is between 1 and DescriptorCount.\r | |
195 | @param[in] Image Points to the new image.\r | |
196 | @param[in] ImageSize Size of the new image in bytes.\r | |
197 | @param[out] ImageUpdatable Indicates if the new image is valid for update. It also provides,\r | |
198 | if available, additional information if the image is invalid.\r | |
199 | \r | |
200 | @retval EFI_SUCCESS The image was successfully checked.\r | |
201 | @retval EFI_ABORTED The operation is aborted.\r | |
202 | @retval EFI_INVALID_PARAMETER The Image was NULL.\r | |
203 | @retval EFI_UNSUPPORTED The operation is not supported.\r | |
204 | @retval EFI_SECURITY_VIOLATION The operation could not be performed due to an authentication failure.\r | |
205 | \r | |
206 | **/\r | |
207 | EFI_STATUS\r | |
208 | EFIAPI\r | |
209 | CheckTheImage (\r | |
210 | IN EFI_FIRMWARE_MANAGEMENT_PROTOCOL *This,\r | |
211 | IN UINT8 ImageIndex,\r | |
212 | IN CONST VOID *Image,\r | |
213 | IN UINTN ImageSize,\r | |
214 | OUT UINT32 *ImageUpdatable\r | |
215 | );\r | |
216 | \r | |
217 | /**\r | |
218 | Updates the firmware image of the device.\r | |
219 | \r | |
220 | This function updates the hardware with the new firmware image.\r | |
221 | This function returns EFI_UNSUPPORTED if the firmware image is not updatable.\r | |
222 | If the firmware image is updatable, the function should perform the following minimal validations\r | |
223 | before proceeding to do the firmware image update.\r | |
224 | - Validate the image authentication if image has attribute\r | |
225 | IMAGE_ATTRIBUTE_AUTHENTICATION_REQUIRED. The function returns\r | |
226 | EFI_SECURITY_VIOLATION if the validation fails.\r | |
227 | - Validate the image is a supported image for this device. The function returns EFI_ABORTED if\r | |
228 | the image is unsupported. The function can optionally provide more detailed information on\r | |
229 | why the image is not a supported image.\r | |
230 | - Validate the data from VendorCode if not null. Image validation must be performed before\r | |
231 | VendorCode data validation. VendorCode data is ignored or considered invalid if image\r | |
232 | validation failed. The function returns EFI_ABORTED if the data is invalid.\r | |
233 | \r | |
234 | VendorCode enables vendor to implement vendor-specific firmware image update policy. Null if\r | |
235 | the caller did not specify the policy or use the default policy. As an example, vendor can implement\r | |
236 | a policy to allow an option to force a firmware image update when the abort reason is due to the new\r | |
237 | firmware image version is older than the current firmware image version or bad image checksum.\r | |
238 | Sensitive operations such as those wiping the entire firmware image and render the device to be\r | |
239 | non-functional should be encoded in the image itself rather than passed with the VendorCode.\r | |
240 | AbortReason enables vendor to have the option to provide a more detailed description of the abort\r | |
241 | reason to the caller.\r | |
242 | \r | |
243 | @param[in] This A pointer to the EFI_FIRMWARE_MANAGEMENT_PROTOCOL instance.\r | |
244 | @param[in] ImageIndex A unique number identifying the firmware image(s) within the device.\r | |
245 | The number is between 1 and DescriptorCount.\r | |
246 | @param[in] Image Points to the new image.\r | |
247 | @param[in] ImageSize Size of the new image in bytes.\r | |
248 | @param[in] VendorCode This enables vendor to implement vendor-specific firmware image update policy.\r | |
249 | Null indicates the caller did not specify the policy or use the default policy.\r | |
250 | @param[in] Progress A function used by the driver to report the progress of the firmware update.\r | |
251 | @param[out] AbortReason A pointer to a pointer to a null-terminated string providing more\r | |
252 | details for the aborted operation. The buffer is allocated by this function\r | |
253 | with AllocatePool(), and it is the caller's responsibility to free it with a\r | |
254 | call to FreePool().\r | |
255 | \r | |
256 | @retval EFI_SUCCESS The device was successfully updated with the new image.\r | |
257 | @retval EFI_ABORTED The operation is aborted.\r | |
258 | @retval EFI_INVALID_PARAMETER The Image was NULL.\r | |
259 | @retval EFI_UNSUPPORTED The operation is not supported.\r | |
260 | @retval EFI_SECURITY_VIOLATION The operation could not be performed due to an authentication failure.\r | |
261 | \r | |
262 | **/\r | |
263 | EFI_STATUS\r | |
264 | EFIAPI\r | |
265 | SetTheImage (\r | |
266 | IN EFI_FIRMWARE_MANAGEMENT_PROTOCOL *This,\r | |
267 | IN UINT8 ImageIndex,\r | |
268 | IN CONST VOID *Image,\r | |
269 | IN UINTN ImageSize,\r | |
270 | IN CONST VOID *VendorCode,\r | |
271 | IN EFI_FIRMWARE_MANAGEMENT_UPDATE_IMAGE_PROGRESS Progress,\r | |
272 | OUT CHAR16 **AbortReason\r | |
273 | );\r | |
274 | \r | |
275 | /**\r | |
276 | Returns information about the firmware package.\r | |
277 | \r | |
278 | This function returns package information.\r | |
279 | \r | |
280 | @param[in] This A pointer to the EFI_FIRMWARE_MANAGEMENT_PROTOCOL instance.\r | |
281 | @param[out] PackageVersion A version number that represents all the firmware images in the device.\r | |
282 | The format is vendor specific and new version must have a greater value\r | |
283 | than the old version. If PackageVersion is not supported, the value is\r | |
284 | 0xFFFFFFFF. A value of 0xFFFFFFFE indicates that package version\r | |
285 | comparison is to be performed using PackageVersionName. A value of\r | |
286 | 0xFFFFFFFD indicates that package version update is in progress.\r | |
287 | @param[out] PackageVersionName A pointer to a pointer to a null-terminated string representing\r | |
288 | the package version name. The buffer is allocated by this function with\r | |
289 | AllocatePool(), and it is the caller's responsibility to free it with a\r | |
290 | call to FreePool().\r | |
291 | @param[out] PackageVersionNameMaxLen The maximum length of package version name if device supports update of\r | |
292 | package version name. A value of 0 indicates the device does not support\r | |
293 | update of package version name. Length is the number of Unicode characters,\r | |
294 | including the terminating null character.\r | |
295 | @param[out] AttributesSupported Package attributes that are supported by this device. See 'Package Attribute\r | |
296 | Definitions' for possible returned values of this parameter. A value of 1\r | |
297 | indicates the attribute is supported and the current setting value is\r | |
298 | indicated in AttributesSetting. A value of 0 indicates the attribute is not\r | |
299 | supported and the current setting value in AttributesSetting is meaningless.\r | |
300 | @param[out] AttributesSetting Package attributes. See 'Package Attribute Definitions' for possible returned\r | |
301 | values of this parameter\r | |
302 | \r | |
303 | @retval EFI_SUCCESS The package information was successfully returned.\r | |
304 | @retval EFI_UNSUPPORTED The operation is not supported.\r | |
305 | \r | |
306 | **/\r | |
307 | EFI_STATUS\r | |
308 | EFIAPI\r | |
309 | GetPackageInfo (\r | |
310 | IN EFI_FIRMWARE_MANAGEMENT_PROTOCOL *This,\r | |
311 | OUT UINT32 *PackageVersion,\r | |
312 | OUT CHAR16 **PackageVersionName,\r | |
313 | OUT UINT32 *PackageVersionNameMaxLen,\r | |
314 | OUT UINT64 *AttributesSupported,\r | |
315 | OUT UINT64 *AttributesSetting\r | |
316 | );\r | |
317 | \r | |
318 | /**\r | |
319 | Updates information about the firmware package.\r | |
320 | \r | |
321 | This function updates package information.\r | |
322 | This function returns EFI_UNSUPPORTED if the package information is not updatable.\r | |
323 | VendorCode enables vendor to implement vendor-specific package information update policy.\r | |
324 | Null if the caller did not specify this policy or use the default policy.\r | |
325 | \r | |
326 | @param[in] This A pointer to the EFI_FIRMWARE_MANAGEMENT_PROTOCOL instance.\r | |
327 | @param[in] Image Points to the authentication image.\r | |
328 | Null if authentication is not required.\r | |
329 | @param[in] ImageSize Size of the authentication image in bytes.\r | |
330 | 0 if authentication is not required.\r | |
331 | @param[in] VendorCode This enables vendor to implement vendor-specific firmware\r | |
332 | image update policy.\r | |
333 | Null indicates the caller did not specify this policy or use\r | |
334 | the default policy.\r | |
335 | @param[in] PackageVersion The new package version.\r | |
336 | @param[in] PackageVersionName A pointer to the new null-terminated Unicode string representing\r | |
337 | the package version name.\r | |
338 | The string length is equal to or less than the value returned in\r | |
339 | PackageVersionNameMaxLen.\r | |
340 | \r | |
341 | @retval EFI_SUCCESS The device was successfully updated with the new package\r | |
342 | information.\r | |
343 | @retval EFI_INVALID_PARAMETER The PackageVersionName length is longer than the value\r | |
344 | returned in PackageVersionNameMaxLen.\r | |
345 | @retval EFI_UNSUPPORTED The operation is not supported.\r | |
346 | @retval EFI_SECURITY_VIOLATION The operation could not be performed due to an authentication failure.\r | |
347 | \r | |
348 | **/\r | |
349 | EFI_STATUS\r | |
350 | EFIAPI\r | |
351 | SetPackageInfo (\r | |
352 | IN EFI_FIRMWARE_MANAGEMENT_PROTOCOL *This,\r | |
353 | IN CONST VOID *Image,\r | |
354 | IN UINTN ImageSize,\r | |
355 | IN CONST VOID *VendorCode,\r | |
356 | IN UINT32 PackageVersion,\r | |
357 | IN CONST CHAR16 *PackageVersionName\r | |
358 | );\r | |
359 | \r | |
360 | #endif\r |