2 Produces a Firmware Management Protocol that supports updates to a firmware
3 image stored in a firmware device with platform and firmware device specific
4 information provided through PCDs and libraries.
6 Copyright (c) 2016, Microsoft Corporation. All rights reserved.<BR>
7 Copyright (c) 2018 - 2019, Intel Corporation. All rights reserved.<BR>
9 SPDX-License-Identifier: BSD-2-Clause-Patent
14 #include "VariableSupport.h"
17 /// FILE_GUID from FmpDxe.inf. When FmpDxe.inf is used in a platform, the
18 /// FILE_GUID must always be overridden in the <Defines> section to provide
19 /// the ESRT GUID value associated with the updatable firmware image. A
20 /// check is made in this module's driver entry point to verify that a
21 /// new FILE_GUID value has been defined.
23 const EFI_GUID mDefaultModuleFileGuid
= {
24 0x78ef0a56, 0x1cf0, 0x4535, { 0xb5, 0xda, 0xf6, 0xfd, 0x2f, 0x40, 0x5a, 0x11 }
28 /// TRUE if FmpDeviceLib manages a single firmware storage device.
30 BOOLEAN mFmpSingleInstance
= FALSE
;
33 /// Firmware Management Protocol instance that is initialized in the entry
34 /// point from PCD settings.
36 EDKII_FIRMWARE_MANAGEMENT_PROGRESS_PROTOCOL mFmpProgress
;
39 // Template of the private context structure for the Firmware Management
42 const FIRMWARE_MANAGEMENT_PRIVATE_DATA mFirmwareManagementPrivateDataTemplate
= {
43 FIRMWARE_MANAGEMENT_PRIVATE_DATA_SIGNATURE
, // Signature
53 FALSE
, // DescriptorPopulated
59 { 0x00000000, 0x0000, 0x0000, {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00} },
65 0, // AttributesSupported
66 0, // AttributesSetting
68 0, // LowestSupportedImageVersion
69 0, // LastAttemptVersion
70 0, // LastAttemptStatus
75 TRUE
, // RuntimeVersionSupported
76 NULL
, // FmpDeviceLockEvent
77 FALSE
, // FmpDeviceLocked
78 NULL
, // FmpDeviceContext
79 NULL
, // VersionVariableName
80 NULL
, // LsvVariableName
81 NULL
, // LastAttemptStatusVariableName
82 NULL
, // LastAttemptVersionVariableName
83 NULL
// FmpStateVariableName
87 /// GUID that is used to create event used to lock the firmware storage device.
89 EFI_GUID
*mLockGuid
= NULL
;
92 /// Progress() function pointer passed into SetTheImage()
94 EFI_FIRMWARE_MANAGEMENT_UPDATE_IMAGE_PROGRESS mProgressFunc
= NULL
;
97 /// Null-terminated Unicode string retrieved from PcdFmpDeviceImageIdName.
99 CHAR16
*mImageIdName
= NULL
;
102 Callback function to report the process of the firmware updating.
104 Wrap the caller's version in this so that progress from the device lib is
105 within the expected range. Convert device lib 0% - 100% to 6% - 98%.
107 FmpDxe 1% - 5% for validation
108 FmpDeviceLib 6% - 98% for flashing/update
109 FmpDxe 99% - 100% finish
111 @param[in] Completion A value between 1 and 100 indicating the current
112 completion progress of the firmware update. Completion
113 progress is reported as from 1 to 100 percent. A value
114 of 0 is used by the driver to indicate that progress
115 reporting is not supported.
117 @retval EFI_SUCCESS The progress was updated.
118 @retval EFI_UNSUPPORTED Updating progress is not supported.
129 Status
= EFI_UNSUPPORTED
;
131 if (mProgressFunc
== NULL
) {
136 // Reserve 6% - 98% for the FmpDeviceLib. Call the real progress function.
138 Status
= mProgressFunc (((Completion
* 92) / 100) + 6);
140 if (Status
== EFI_UNSUPPORTED
) {
141 mProgressFunc
= NULL
;
148 Returns a pointer to the ImageTypeId GUID value. An attempt is made to get
149 the GUID value from the FmpDeviceLib. If the FmpDeviceLib does not provide
150 a GUID value, then PcdFmpDeviceImageTypeIdGuid is used. If the size of
151 PcdFmpDeviceImageTypeIdGuid is not the size of EFI_GUID, then gEfiCallerIdGuid
154 @retval The ImageTypeId GUID
163 EFI_GUID
*FmpDeviceLibGuid
;
164 UINTN ImageTypeIdGuidSize
;
166 FmpDeviceLibGuid
= NULL
;
167 Status
= FmpDeviceGetImageTypeIdGuidPtr (&FmpDeviceLibGuid
);
168 if (EFI_ERROR (Status
)) {
169 if (Status
!= EFI_UNSUPPORTED
) {
170 DEBUG ((DEBUG_ERROR
, "FmpDxe(%s): FmpDeviceLib GetImageTypeIdGuidPtr() returned invalid error %r\n", mImageIdName
, Status
));
172 } else if (FmpDeviceLibGuid
== NULL
) {
173 DEBUG ((DEBUG_ERROR
, "FmpDxe(%s): FmpDeviceLib GetImageTypeIdGuidPtr() returned invalid GUID\n", mImageIdName
));
174 Status
= EFI_NOT_FOUND
;
176 if (EFI_ERROR (Status
)) {
177 ImageTypeIdGuidSize
= PcdGetSize (PcdFmpDeviceImageTypeIdGuid
);
178 if (ImageTypeIdGuidSize
== sizeof (EFI_GUID
)) {
179 FmpDeviceLibGuid
= (EFI_GUID
*)PcdGetPtr (PcdFmpDeviceImageTypeIdGuid
);
181 DEBUG ((DEBUG_INFO
, "FmpDxe(%s): Fall back to ImageTypeIdGuid of gEfiCallerIdGuid\n", mImageIdName
));
182 FmpDeviceLibGuid
= &gEfiCallerIdGuid
;
185 return FmpDeviceLibGuid
;
189 Returns a pointer to the Null-terminated Unicode ImageIdName string.
191 @retval Null-terminated Unicode ImageIdName string.
195 GetImageTypeNameString (
203 Lowest supported version is a combo of three parts.
204 1. Check if the device lib has a lowest supported version
205 2. Check if we have a variable for lowest supported version (this will be updated with each capsule applied)
206 3. Check Fixed at build PCD
208 @param[in] Private Pointer to the private context structure for the
209 Firmware Management Protocol instance.
211 @retval The largest value
215 GetLowestSupportedVersion (
216 FIRMWARE_MANAGEMENT_PRIVATE_DATA
*Private
220 UINT32 DeviceLibLowestSupportedVersion
;
221 UINT32 VariableLowestSupportedVersion
;
225 // Get the LowestSupportedVersion.
228 if (!IsLowestSupportedVersionCheckRequired ()) {
230 // Any Version can pass the 0 LowestSupportedVersion check.
235 ReturnLsv
= PcdGet32 (PcdFmpDeviceBuildTimeLowestSupportedVersion
);
238 // Check the FmpDeviceLib
240 DeviceLibLowestSupportedVersion
= DEFAULT_LOWESTSUPPORTEDVERSION
;
241 Status
= FmpDeviceGetLowestSupportedVersion (&DeviceLibLowestSupportedVersion
);
242 if (EFI_ERROR (Status
)) {
243 DeviceLibLowestSupportedVersion
= DEFAULT_LOWESTSUPPORTEDVERSION
;
246 if (DeviceLibLowestSupportedVersion
> ReturnLsv
) {
247 ReturnLsv
= DeviceLibLowestSupportedVersion
;
251 // Check the lowest supported version UEFI variable for this device
253 VariableLowestSupportedVersion
= GetLowestSupportedVersionFromVariable (Private
);
254 if (VariableLowestSupportedVersion
> ReturnLsv
) {
255 ReturnLsv
= VariableLowestSupportedVersion
;
259 // Return the largest value
265 Populates the EFI_FIRMWARE_IMAGE_DESCRIPTOR structure in the private
268 @param[in] Private Pointer to the private context structure for the
269 Firmware Management Protocol instance.
274 FIRMWARE_MANAGEMENT_PRIVATE_DATA
*Private
279 if (Private
->DescriptorPopulated
) {
283 Private
->Descriptor
.ImageIndex
= 1;
284 CopyGuid (&Private
->Descriptor
.ImageTypeId
, GetImageTypeIdGuid());
285 Private
->Descriptor
.ImageId
= Private
->Descriptor
.ImageIndex
;
286 Private
->Descriptor
.ImageIdName
= GetImageTypeNameString();
289 // Get the hardware instance from FmpDeviceLib
291 Status
= FmpDeviceGetHardwareInstance (&Private
->Descriptor
.HardwareInstance
);
292 if (Status
== EFI_UNSUPPORTED
) {
293 Private
->Descriptor
.HardwareInstance
= 0;
297 // Generate UEFI Variable names used to store status information for this
300 GenerateFmpVariableNames (Private
);
303 // Get the version. Some devices don't support getting the firmware version
304 // at runtime. If FmpDeviceLib does not support returning a version, then
305 // it is stored in a UEFI variable.
307 Status
= FmpDeviceGetVersion (&Private
->Descriptor
.Version
);
308 if (Status
== EFI_UNSUPPORTED
) {
309 Private
->RuntimeVersionSupported
= FALSE
;
310 Private
->Descriptor
.Version
= GetVersionFromVariable (Private
);
311 } else if (EFI_ERROR (Status
)) {
313 // Unexpected error. Use default version.
315 DEBUG ((DEBUG_ERROR
, "FmpDxe(%s): GetVersion() from FmpDeviceLib (%s) returned %r\n", mImageIdName
, GetImageTypeNameString(), Status
));
316 Private
->Descriptor
.Version
= DEFAULT_VERSION
;
320 // Free the current version name. Shouldn't really happen but this populate
321 // function could be called multiple times (to refresh).
323 if (Private
->Descriptor
.VersionName
!= NULL
) {
324 FreePool (Private
->Descriptor
.VersionName
);
325 Private
->Descriptor
.VersionName
= NULL
;
329 // Attempt to get the version string from the FmpDeviceLib
331 Status
= FmpDeviceGetVersionString (&Private
->Descriptor
.VersionName
);
332 if (Status
== EFI_UNSUPPORTED
) {
333 DEBUG ((DEBUG_INFO
, "FmpDxe(%s): GetVersionString() unsupported in FmpDeviceLib.\n", mImageIdName
));
334 Private
->Descriptor
.VersionName
= AllocateCopyPool (
335 sizeof (VERSION_STRING_NOT_SUPPORTED
),
336 VERSION_STRING_NOT_SUPPORTED
338 } else if (EFI_ERROR (Status
)) {
339 DEBUG ((DEBUG_INFO
, "FmpDxe(%s): GetVersionString() not available in FmpDeviceLib.\n", mImageIdName
));
340 Private
->Descriptor
.VersionName
= AllocateCopyPool (
341 sizeof (VERSION_STRING_NOT_AVAILABLE
),
342 VERSION_STRING_NOT_AVAILABLE
346 Private
->Descriptor
.LowestSupportedImageVersion
= GetLowestSupportedVersion (Private
);
349 // Get attributes from the FmpDeviceLib
351 FmpDeviceGetAttributes (
352 &Private
->Descriptor
.AttributesSupported
,
353 &Private
->Descriptor
.AttributesSetting
357 // Force set the updatable bits in the attributes;
359 Private
->Descriptor
.AttributesSupported
|= IMAGE_ATTRIBUTE_IMAGE_UPDATABLE
;
360 Private
->Descriptor
.AttributesSetting
|= IMAGE_ATTRIBUTE_IMAGE_UPDATABLE
;
363 // Force set the authentication bits in the attributes;
365 Private
->Descriptor
.AttributesSupported
|= (IMAGE_ATTRIBUTE_AUTHENTICATION_REQUIRED
);
366 Private
->Descriptor
.AttributesSetting
|= (IMAGE_ATTRIBUTE_AUTHENTICATION_REQUIRED
);
368 Private
->Descriptor
.Compatibilities
= 0;
371 // Get the size of the firmware image from the FmpDeviceLib
373 Status
= FmpDeviceGetSize (&Private
->Descriptor
.Size
);
374 if (EFI_ERROR (Status
)) {
375 Private
->Descriptor
.Size
= 0;
378 Private
->Descriptor
.LastAttemptVersion
= GetLastAttemptVersionFromVariable (Private
);
379 Private
->Descriptor
.LastAttemptStatus
= GetLastAttemptStatusFromVariable (Private
);
381 Private
->DescriptorPopulated
= TRUE
;
385 Returns information about the current firmware image(s) of the device.
387 This function allows a copy of the current firmware image to be created and saved.
388 The saved copy could later been used, for example, in firmware image recovery or rollback.
390 @param[in] This A pointer to the EFI_FIRMWARE_MANAGEMENT_PROTOCOL instance.
391 @param[in, out] ImageInfoSize A pointer to the size, in bytes, of the ImageInfo buffer.
392 On input, this is the size of the buffer allocated by the caller.
393 On output, it is the size of the buffer returned by the firmware
394 if the buffer was large enough, or the size of the buffer needed
395 to contain the image(s) information if the buffer was too small.
396 @param[in, out] ImageInfo A pointer to the buffer in which firmware places the current image(s)
397 information. The information is an array of EFI_FIRMWARE_IMAGE_DESCRIPTORs.
398 @param[out] DescriptorVersion A pointer to the location in which firmware returns the version number
399 associated with the EFI_FIRMWARE_IMAGE_DESCRIPTOR.
400 @param[out] DescriptorCount A pointer to the location in which firmware returns the number of
401 descriptors or firmware images within this device.
402 @param[out] DescriptorSize A pointer to the location in which firmware returns the size, in bytes,
403 of an individual EFI_FIRMWARE_IMAGE_DESCRIPTOR.
404 @param[out] PackageVersion A version number that represents all the firmware images in the device.
405 The format is vendor specific and new version must have a greater value
406 than the old version. If PackageVersion is not supported, the value is
407 0xFFFFFFFF. A value of 0xFFFFFFFE indicates that package version comparison
408 is to be performed using PackageVersionName. A value of 0xFFFFFFFD indicates
409 that package version update is in progress.
410 @param[out] PackageVersionName A pointer to a pointer to a null-terminated string representing the
411 package version name. The buffer is allocated by this function with
412 AllocatePool(), and it is the caller's responsibility to free it with a call
415 @retval EFI_SUCCESS The device was successfully updated with the new image.
416 @retval EFI_BUFFER_TOO_SMALL The ImageInfo buffer was too small. The current buffer size
417 needed to hold the image(s) information is returned in ImageInfoSize.
418 @retval EFI_INVALID_PARAMETER ImageInfoSize is NULL.
419 @retval EFI_DEVICE_ERROR Valid information could not be returned. Possible corrupted image.
425 IN EFI_FIRMWARE_MANAGEMENT_PROTOCOL
*This
,
426 IN OUT UINTN
*ImageInfoSize
,
427 IN OUT EFI_FIRMWARE_IMAGE_DESCRIPTOR
*ImageInfo
,
428 OUT UINT32
*DescriptorVersion
,
429 OUT UINT8
*DescriptorCount
,
430 OUT UINTN
*DescriptorSize
,
431 OUT UINT32
*PackageVersion
,
432 OUT CHAR16
**PackageVersionName
436 FIRMWARE_MANAGEMENT_PRIVATE_DATA
*Private
;
438 Status
= EFI_SUCCESS
;
441 // Retrieve the private context structure
443 Private
= FIRMWARE_MANAGEMENT_PRIVATE_DATA_FROM_THIS (This
);
444 FmpDeviceSetContext (Private
->Handle
, &Private
->FmpDeviceContext
);
447 // Check for valid pointer
449 if (ImageInfoSize
== NULL
) {
450 DEBUG ((DEBUG_ERROR
, "FmpDxe(%s): GetImageInfo() - ImageInfoSize is NULL.\n", mImageIdName
));
451 Status
= EFI_INVALID_PARAMETER
;
456 // Check the buffer size
457 // NOTE: Check this first so caller can get the necessary memory size it must allocate.
459 if (*ImageInfoSize
< (sizeof (EFI_FIRMWARE_IMAGE_DESCRIPTOR
))) {
460 *ImageInfoSize
= sizeof (EFI_FIRMWARE_IMAGE_DESCRIPTOR
);
461 DEBUG ((DEBUG_VERBOSE
, "FmpDxe(%s): GetImageInfo() - ImageInfoSize is to small.\n", mImageIdName
));
462 Status
= EFI_BUFFER_TOO_SMALL
;
467 // Confirm that buffer isn't null
469 if ( (ImageInfo
== NULL
) || (DescriptorVersion
== NULL
) || (DescriptorCount
== NULL
) || (DescriptorSize
== NULL
)
470 || (PackageVersion
== NULL
)) {
471 DEBUG ((DEBUG_ERROR
, "FmpDxe(%s): GetImageInfo() - Pointer Parameter is NULL.\n", mImageIdName
));
472 Status
= EFI_INVALID_PARAMETER
;
477 // Set the size to whatever we need
479 *ImageInfoSize
= sizeof (EFI_FIRMWARE_IMAGE_DESCRIPTOR
);
482 // Make sure the descriptor has already been loaded or refreshed
484 PopulateDescriptor (Private
);
487 // Copy the image descriptor
489 CopyMem (ImageInfo
, &Private
->Descriptor
, sizeof (EFI_FIRMWARE_IMAGE_DESCRIPTOR
));
491 *DescriptorVersion
= EFI_FIRMWARE_IMAGE_DESCRIPTOR_VERSION
;
492 *DescriptorCount
= 1;
493 *DescriptorSize
= sizeof (EFI_FIRMWARE_IMAGE_DESCRIPTOR
);
497 *PackageVersion
= 0xFFFFFFFF;
500 // Do not update PackageVersionName since it is not supported in this instance.
509 Retrieves a copy of the current firmware image of the device.
511 This function allows a copy of the current firmware image to be created and saved.
512 The saved copy could later been used, for example, in firmware image recovery or rollback.
514 @param[in] This A pointer to the EFI_FIRMWARE_MANAGEMENT_PROTOCOL instance.
515 @param[in] ImageIndex A unique number identifying the firmware image(s) within the device.
516 The number is between 1 and DescriptorCount.
517 @param[in, out] Image Points to the buffer where the current image is copied to.
518 @param[in, out] ImageSize On entry, points to the size of the buffer pointed to by Image, in bytes.
519 On return, points to the length of the image, in bytes.
521 @retval EFI_SUCCESS The device was successfully updated with the new image.
522 @retval EFI_BUFFER_TOO_SMALL The buffer specified by ImageSize is too small to hold the
523 image. The current buffer size needed to hold the image is returned
525 @retval EFI_INVALID_PARAMETER The Image was NULL.
526 @retval EFI_NOT_FOUND The current image is not copied to the buffer.
527 @retval EFI_UNSUPPORTED The operation is not supported.
528 @retval EFI_SECURITY_VIOLATION The operation could not be performed due to an authentication failure.
534 IN EFI_FIRMWARE_MANAGEMENT_PROTOCOL
*This
,
537 IN OUT UINTN
*ImageSize
541 FIRMWARE_MANAGEMENT_PRIVATE_DATA
*Private
;
544 if (!FeaturePcdGet (PcdFmpDeviceStorageAccessEnable
)) {
545 return EFI_UNSUPPORTED
;
548 Status
= EFI_SUCCESS
;
551 // Retrieve the private context structure
553 Private
= FIRMWARE_MANAGEMENT_PRIVATE_DATA_FROM_THIS (This
);
554 FmpDeviceSetContext (Private
->Handle
, &Private
->FmpDeviceContext
);
557 // Check to make sure index is 1 (only 1 image for this device)
559 if (ImageIndex
!= 1) {
560 DEBUG ((DEBUG_ERROR
, "FmpDxe(%s): GetImage() - Image Index Invalid.\n", mImageIdName
));
561 Status
= EFI_INVALID_PARAMETER
;
565 if (ImageSize
== NULL
) {
566 DEBUG ((DEBUG_ERROR
, "FmpDxe(%s): GetImage() - ImageSize Pointer Parameter is NULL.\n", mImageIdName
));
567 Status
= EFI_INVALID_PARAMETER
;
572 // Check the buffer size
574 Status
= FmpDeviceGetSize (&Size
);
575 if (EFI_ERROR (Status
)) {
578 if (*ImageSize
< Size
) {
580 DEBUG ((DEBUG_VERBOSE
, "FmpDxe(%s): GetImage() - ImageSize is to small.\n", mImageIdName
));
581 Status
= EFI_BUFFER_TOO_SMALL
;
586 DEBUG ((DEBUG_ERROR
, "FmpDxe(%s): GetImage() - Image Pointer Parameter is NULL.\n", mImageIdName
));
587 Status
= EFI_INVALID_PARAMETER
;
591 Status
= FmpDeviceGetImage (Image
, ImageSize
);
598 Helper function to safely retrieve the FMP header from
599 within an EFI_FIRMWARE_IMAGE_AUTHENTICATION structure.
601 @param[in] Image Pointer to the image.
602 @param[in] ImageSize Size of the image.
603 @param[out] PayloadSize
605 @retval !NULL Valid pointer to the header.
606 @retval NULL Structure is bad and pointer cannot be found.
611 IN CONST EFI_FIRMWARE_IMAGE_AUTHENTICATION
*Image
,
612 IN CONST UINTN ImageSize
,
613 OUT UINTN
*PayloadSize
617 // Check to make sure that operation can be safely performed.
619 if (((UINTN
)Image
+ sizeof (Image
->MonotonicCount
) + Image
->AuthInfo
.Hdr
.dwLength
) < (UINTN
)Image
|| \
620 ((UINTN
)Image
+ sizeof (Image
->MonotonicCount
) + Image
->AuthInfo
.Hdr
.dwLength
) >= (UINTN
)Image
+ ImageSize
) {
622 // Pointer overflow. Invalid image.
627 *PayloadSize
= ImageSize
- (sizeof (Image
->MonotonicCount
) + Image
->AuthInfo
.Hdr
.dwLength
);
628 return (VOID
*)((UINT8
*)Image
+ sizeof (Image
->MonotonicCount
) + Image
->AuthInfo
.Hdr
.dwLength
);
632 Helper function to safely calculate the size of all headers
633 within an EFI_FIRMWARE_IMAGE_AUTHENTICATION structure.
635 @param[in] Image Pointer to the image.
636 @param[in] AdditionalHeaderSize Size of any headers that cannot be calculated by this function.
638 @retval UINT32>0 Valid size of all the headers.
639 @retval 0 Structure is bad and size cannot be found.
644 IN CONST EFI_FIRMWARE_IMAGE_AUTHENTICATION
*Image
,
645 IN UINT32 AdditionalHeaderSize
648 UINT32 CalculatedSize
;
650 CalculatedSize
= sizeof (Image
->MonotonicCount
) +
651 AdditionalHeaderSize
+
652 Image
->AuthInfo
.Hdr
.dwLength
;
655 // Check to make sure that operation can be safely performed.
657 if (CalculatedSize
< sizeof (Image
->MonotonicCount
) ||
658 CalculatedSize
< AdditionalHeaderSize
||
659 CalculatedSize
< Image
->AuthInfo
.Hdr
.dwLength
) {
661 // Integer overflow. Invalid image.
666 return CalculatedSize
;
670 Checks if the firmware image is valid for the device.
672 This function allows firmware update application to validate the firmware image without
673 invoking the SetImage() first.
675 @param[in] This A pointer to the EFI_FIRMWARE_MANAGEMENT_PROTOCOL instance.
676 @param[in] ImageIndex A unique number identifying the firmware image(s) within the device.
677 The number is between 1 and DescriptorCount.
678 @param[in] Image Points to the new image.
679 @param[in] ImageSize Size of the new image in bytes.
680 @param[out] ImageUpdatable Indicates if the new image is valid for update. It also provides,
681 if available, additional information if the image is invalid.
683 @retval EFI_SUCCESS The image was successfully checked.
684 @retval EFI_ABORTED The operation is aborted.
685 @retval EFI_INVALID_PARAMETER The Image was NULL.
686 @retval EFI_UNSUPPORTED The operation is not supported.
687 @retval EFI_SECURITY_VIOLATION The operation could not be performed due to an authentication failure.
693 IN EFI_FIRMWARE_MANAGEMENT_PROTOCOL
*This
,
695 IN CONST VOID
*Image
,
697 OUT UINT32
*ImageUpdatable
701 FIRMWARE_MANAGEMENT_PRIVATE_DATA
*Private
;
703 VOID
*FmpPayloadHeader
;
704 UINTN FmpPayloadSize
;
706 UINT32 FmpHeaderSize
;
710 UINTN PublicKeyDataLength
;
711 UINT8
*PublicKeyDataXdr
;
712 UINT8
*PublicKeyDataXdrEnd
;
714 Status
= EFI_SUCCESS
;
716 FmpPayloadHeader
= NULL
;
722 if (!FeaturePcdGet (PcdFmpDeviceStorageAccessEnable
)) {
723 return EFI_UNSUPPORTED
;
727 // Retrieve the private context structure
729 Private
= FIRMWARE_MANAGEMENT_PRIVATE_DATA_FROM_THIS (This
);
730 FmpDeviceSetContext (Private
->Handle
, &Private
->FmpDeviceContext
);
733 // Make sure the descriptor has already been loaded or refreshed
735 PopulateDescriptor (Private
);
737 if (ImageUpdatable
== NULL
) {
738 DEBUG ((DEBUG_ERROR
, "FmpDxe(%s): CheckImage() - ImageUpdatable Pointer Parameter is NULL.\n", mImageIdName
));
739 Status
= EFI_INVALID_PARAMETER
;
744 //Set to valid and then if any tests fail it will update this flag.
746 *ImageUpdatable
= IMAGE_UPDATABLE_VALID
;
749 DEBUG ((DEBUG_ERROR
, "FmpDxe(%s): CheckImage() - Image Pointer Parameter is NULL.\n", mImageIdName
));
751 // not sure if this is needed
753 *ImageUpdatable
= IMAGE_UPDATABLE_INVALID
;
754 return EFI_INVALID_PARAMETER
;
757 PublicKeyDataXdr
= PcdGetPtr (PcdFmpDevicePkcs7CertBufferXdr
);
758 PublicKeyDataXdrEnd
= PublicKeyDataXdr
+ PcdGetSize (PcdFmpDevicePkcs7CertBufferXdr
);
760 if (PublicKeyDataXdr
== NULL
|| (PublicKeyDataXdr
== PublicKeyDataXdrEnd
)) {
761 DEBUG ((DEBUG_ERROR
, "FmpDxe(%s): Invalid certificate, skipping it.\n", mImageIdName
));
762 Status
= EFI_ABORTED
;
765 // Try each key from PcdFmpDevicePkcs7CertBufferXdr
767 for (Index
= 1; PublicKeyDataXdr
< PublicKeyDataXdrEnd
; Index
++) {
771 "FmpDxe(%s): Certificate #%d [%p..%p].\n",
779 if ((PublicKeyDataXdr
+ sizeof (UINT32
)) > PublicKeyDataXdrEnd
) {
781 // Key data extends beyond end of PCD
783 DEBUG ((DEBUG_ERROR
, "FmpDxe(%s): Certificate size extends beyond end of PCD, skipping it.\n", mImageIdName
));
784 Status
= EFI_ABORTED
;
788 // Read key length stored in big-endian format
790 PublicKeyDataLength
= SwapBytes32 (*(UINT32
*)(PublicKeyDataXdr
));
792 // Point to the start of the key data
794 PublicKeyDataXdr
+= sizeof (UINT32
);
795 if (PublicKeyDataXdr
+ PublicKeyDataLength
> PublicKeyDataXdrEnd
) {
797 // Key data extends beyond end of PCD
799 DEBUG ((DEBUG_ERROR
, "FmpDxe(%s): Certificate extends beyond end of PCD, skipping it.\n", mImageIdName
));
800 Status
= EFI_ABORTED
;
803 PublicKeyData
= PublicKeyDataXdr
;
804 Status
= AuthenticateFmpImage (
805 (EFI_FIRMWARE_IMAGE_AUTHENTICATION
*)Image
,
810 if (!EFI_ERROR (Status
)) {
813 PublicKeyDataXdr
+= PublicKeyDataLength
;
814 PublicKeyDataXdr
= (UINT8
*)ALIGN_POINTER (PublicKeyDataXdr
, sizeof (UINT32
));
818 if (EFI_ERROR (Status
)) {
819 DEBUG ((DEBUG_ERROR
, "FmpDxe(%s): CheckTheImage() - Authentication Failed %r.\n", mImageIdName
, Status
));
824 // Check to make sure index is 1
826 if (ImageIndex
!= 1) {
827 DEBUG ((DEBUG_ERROR
, "FmpDxe(%s): CheckImage() - Image Index Invalid.\n", mImageIdName
));
828 *ImageUpdatable
= IMAGE_UPDATABLE_INVALID_TYPE
;
829 Status
= EFI_SUCCESS
;
835 // Check the FmpPayloadHeader
837 FmpPayloadHeader
= GetFmpHeader ( (EFI_FIRMWARE_IMAGE_AUTHENTICATION
*)Image
, ImageSize
, &FmpPayloadSize
);
838 if (FmpPayloadHeader
== NULL
) {
839 DEBUG ((DEBUG_ERROR
, "FmpDxe(%s): CheckTheImage() - GetFmpHeader failed.\n", mImageIdName
));
840 Status
= EFI_ABORTED
;
843 Status
= GetFmpPayloadHeaderVersion (FmpPayloadHeader
, FmpPayloadSize
, &Version
);
844 if (EFI_ERROR (Status
)) {
845 DEBUG ((DEBUG_ERROR
, "FmpDxe(%s): CheckTheImage() - GetFmpPayloadHeaderVersion failed %r.\n", mImageIdName
, Status
));
846 *ImageUpdatable
= IMAGE_UPDATABLE_INVALID
;
847 Status
= EFI_SUCCESS
;
852 // Check the lowest supported version
854 if (Version
< Private
->Descriptor
.LowestSupportedImageVersion
) {
857 "FmpDxe(%s): CheckTheImage() - Version Lower than lowest supported version. 0x%08X < 0x%08X\n",
858 mImageIdName
, Version
, Private
->Descriptor
.LowestSupportedImageVersion
)
860 *ImageUpdatable
= IMAGE_UPDATABLE_INVALID_OLD
;
861 Status
= EFI_SUCCESS
;
866 // Get the FmpHeaderSize so we can determine the real payload size
868 Status
= GetFmpPayloadHeaderSize (FmpPayloadHeader
, FmpPayloadSize
, &FmpHeaderSize
);
869 if (EFI_ERROR (Status
)) {
870 DEBUG ((DEBUG_ERROR
, "FmpDxe: CheckTheImage() - GetFmpPayloadHeaderSize failed %r.\n", Status
));
871 *ImageUpdatable
= IMAGE_UPDATABLE_INVALID
;
872 Status
= EFI_SUCCESS
;
877 // Call FmpDevice Lib Check Image on the
878 // Raw payload. So all headers need stripped off
880 AllHeaderSize
= GetAllHeaderSize ( (EFI_FIRMWARE_IMAGE_AUTHENTICATION
*)Image
, FmpHeaderSize
);
881 if (AllHeaderSize
== 0) {
882 DEBUG ((DEBUG_ERROR
, "FmpDxe(%s): CheckTheImage() - GetAllHeaderSize failed.\n", mImageIdName
));
883 Status
= EFI_ABORTED
;
886 RawSize
= ImageSize
- AllHeaderSize
;
889 // FmpDeviceLib CheckImage function to do any specific checks
891 Status
= FmpDeviceCheckImage ((((UINT8
*)Image
) + AllHeaderSize
), RawSize
, ImageUpdatable
);
892 if (EFI_ERROR (Status
)) {
893 DEBUG ((DEBUG_ERROR
, "FmpDxe(%s): CheckTheImage() - FmpDeviceLib CheckImage failed. Status = %r\n", mImageIdName
, Status
));
901 Updates the firmware image of the device.
903 This function updates the hardware with the new firmware image.
904 This function returns EFI_UNSUPPORTED if the firmware image is not updatable.
905 If the firmware image is updatable, the function should perform the following minimal validations
906 before proceeding to do the firmware image update.
907 - Validate the image authentication if image has attribute
908 IMAGE_ATTRIBUTE_AUTHENTICATION_REQUIRED. The function returns
909 EFI_SECURITY_VIOLATION if the validation fails.
910 - Validate the image is a supported image for this device. The function returns EFI_ABORTED if
911 the image is unsupported. The function can optionally provide more detailed information on
912 why the image is not a supported image.
913 - Validate the data from VendorCode if not null. Image validation must be performed before
914 VendorCode data validation. VendorCode data is ignored or considered invalid if image
915 validation failed. The function returns EFI_ABORTED if the data is invalid.
917 VendorCode enables vendor to implement vendor-specific firmware image update policy. Null if
918 the caller did not specify the policy or use the default policy. As an example, vendor can implement
919 a policy to allow an option to force a firmware image update when the abort reason is due to the new
920 firmware image version is older than the current firmware image version or bad image checksum.
921 Sensitive operations such as those wiping the entire firmware image and render the device to be
922 non-functional should be encoded in the image itself rather than passed with the VendorCode.
923 AbortReason enables vendor to have the option to provide a more detailed description of the abort
924 reason to the caller.
926 @param[in] This A pointer to the EFI_FIRMWARE_MANAGEMENT_PROTOCOL instance.
927 @param[in] ImageIndex A unique number identifying the firmware image(s) within the device.
928 The number is between 1 and DescriptorCount.
929 @param[in] Image Points to the new image.
930 @param[in] ImageSize Size of the new image in bytes.
931 @param[in] VendorCode This enables vendor to implement vendor-specific firmware image update policy.
932 Null indicates the caller did not specify the policy or use the default policy.
933 @param[in] Progress A function used by the driver to report the progress of the firmware update.
934 @param[out] AbortReason A pointer to a pointer to a null-terminated string providing more
935 details for the aborted operation. The buffer is allocated by this function
936 with AllocatePool(), and it is the caller's responsibility to free it with a
939 @retval EFI_SUCCESS The device was successfully updated with the new image.
940 @retval EFI_ABORTED The operation is aborted.
941 @retval EFI_INVALID_PARAMETER The Image was NULL.
942 @retval EFI_UNSUPPORTED The operation is not supported.
943 @retval EFI_SECURITY_VIOLATION The operation could not be performed due to an authentication failure.
949 IN EFI_FIRMWARE_MANAGEMENT_PROTOCOL
*This
,
951 IN CONST VOID
*Image
,
953 IN CONST VOID
*VendorCode
,
954 IN EFI_FIRMWARE_MANAGEMENT_UPDATE_IMAGE_PROGRESS Progress
,
955 OUT CHAR16
**AbortReason
959 FIRMWARE_MANAGEMENT_PRIVATE_DATA
*Private
;
961 BOOLEAN BooleanValue
;
962 UINT32 FmpHeaderSize
;
964 UINTN FmpPayloadSize
;
965 UINT32 AllHeaderSize
;
966 UINT32 IncommingFwVersion
;
967 UINT32 LastAttemptStatus
;
969 UINT32 LowestSupportedVersion
;
971 Status
= EFI_SUCCESS
;
973 BooleanValue
= FALSE
;
978 IncommingFwVersion
= 0;
979 LastAttemptStatus
= LAST_ATTEMPT_STATUS_ERROR_UNSUCCESSFUL
;
981 if (!FeaturePcdGet (PcdFmpDeviceStorageAccessEnable
)) {
982 return EFI_UNSUPPORTED
;
986 // Retrieve the private context structure
988 Private
= FIRMWARE_MANAGEMENT_PRIVATE_DATA_FROM_THIS (This
);
989 FmpDeviceSetContext (Private
->Handle
, &Private
->FmpDeviceContext
);
992 // Make sure the descriptor has already been loaded or refreshed
994 PopulateDescriptor (Private
);
997 // Set to 0 to clear any previous results.
999 SetLastAttemptVersionInVariable (Private
, IncommingFwVersion
);
1002 // if we have locked the device, then skip the set operation.
1003 // it should be blocked by hardware too but we can catch here even faster
1005 if (Private
->FmpDeviceLocked
) {
1006 DEBUG ((DEBUG_ERROR
, "FmpDxe(%s): SetTheImage() - Device is already locked. Can't update.\n", mImageIdName
));
1007 Status
= EFI_UNSUPPORTED
;
1012 // Call check image to verify the image
1014 Status
= CheckTheImage (This
, ImageIndex
, Image
, ImageSize
, &Updateable
);
1015 if (EFI_ERROR (Status
)) {
1016 DEBUG ((DEBUG_ERROR
, "FmpDxe(%s): SetTheImage() - Check The Image failed with %r.\n", mImageIdName
, Status
));
1017 if (Status
== EFI_SECURITY_VIOLATION
) {
1018 LastAttemptStatus
= LAST_ATTEMPT_STATUS_ERROR_AUTH_ERROR
;
1024 // No functional error in CheckTheImage. Attempt to get the Version to
1025 // support better error reporting.
1027 FmpHeader
= GetFmpHeader ( (EFI_FIRMWARE_IMAGE_AUTHENTICATION
*)Image
, ImageSize
, &FmpPayloadSize
);
1028 if (FmpHeader
== NULL
) {
1029 DEBUG ((DEBUG_ERROR
, "FmpDxe(%s): SetTheImage() - GetFmpHeader failed.\n", mImageIdName
));
1030 Status
= EFI_ABORTED
;
1033 Status
= GetFmpPayloadHeaderVersion (FmpHeader
, FmpPayloadSize
, &IncommingFwVersion
);
1034 if (!EFI_ERROR (Status
)) {
1036 // Set to actual value
1038 SetLastAttemptVersionInVariable (Private
, IncommingFwVersion
);
1042 if (Updateable
!= IMAGE_UPDATABLE_VALID
) {
1045 "FmpDxe(%s): SetTheImage() - Check The Image returned that the Image was not valid for update. Updatable value = 0x%X.\n",
1046 mImageIdName
, Updateable
)
1048 Status
= EFI_ABORTED
;
1052 if (Progress
== NULL
) {
1053 DEBUG ((DEBUG_ERROR
, "FmpDxe(%s): SetTheImage() - Invalid progress callback\n", mImageIdName
));
1054 Status
= EFI_INVALID_PARAMETER
;
1058 mProgressFunc
= Progress
;
1061 // Checking the image is at least 1%
1063 Status
= Progress (1);
1064 if (EFI_ERROR (Status
)) {
1065 DEBUG ((DEBUG_ERROR
, "FmpDxe(%s): SetTheImage() - Progress Callback failed with Status %r.\n", mImageIdName
, Status
));
1069 //Check System Power
1071 Status
= CheckSystemPower (&BooleanValue
);
1072 if (EFI_ERROR (Status
)) {
1073 DEBUG ((DEBUG_ERROR
, "FmpDxe(%s): SetTheImage() - CheckSystemPower - API call failed %r.\n", mImageIdName
, Status
));
1076 if (!BooleanValue
) {
1077 Status
= EFI_ABORTED
;
1080 "FmpDxe(%s): SetTheImage() - CheckSystemPower - returned False. Update not allowed due to System Power.\n", mImageIdName
)
1082 LastAttemptStatus
= LAST_ATTEMPT_STATUS_ERROR_PWR_EVT_BATT
;
1089 //Check System Thermal
1091 Status
= CheckSystemThermal (&BooleanValue
);
1092 if (EFI_ERROR (Status
)) {
1093 DEBUG ((DEBUG_ERROR
, "FmpDxe(%s): SetTheImage() - CheckSystemThermal - API call failed %r.\n", mImageIdName
, Status
));
1096 if (!BooleanValue
) {
1097 Status
= EFI_ABORTED
;
1100 "FmpDxe(%s): SetTheImage() - CheckSystemThermal - returned False. Update not allowed due to System Thermal.\n", mImageIdName
)
1108 //Check System Environment
1110 Status
= CheckSystemEnvironment (&BooleanValue
);
1111 if (EFI_ERROR (Status
)) {
1112 DEBUG ((DEBUG_ERROR
, "FmpDxe(%s): SetTheImage() - CheckSystemEnvironment - API call failed %r.\n", mImageIdName
, Status
));
1115 if (!BooleanValue
) {
1116 Status
= EFI_ABORTED
;
1119 "FmpDxe(%s): SetTheImage() - CheckSystemEnvironment - returned False. Update not allowed due to System Environment.\n", mImageIdName
)
1127 // Save LastAttemptStatus as error so that if SetImage never returns the error
1128 // state is recorded.
1130 SetLastAttemptStatusInVariable (Private
, LastAttemptStatus
);
1133 // Strip off all the headers so the device can process its firmware
1135 Status
= GetFmpPayloadHeaderSize (FmpHeader
, FmpPayloadSize
, &FmpHeaderSize
);
1136 if (EFI_ERROR (Status
)) {
1137 DEBUG ((DEBUG_ERROR
, "FmpDxe(%s): SetTheImage() - GetFmpPayloadHeaderSize failed %r.\n", mImageIdName
, Status
));
1141 AllHeaderSize
= GetAllHeaderSize ( (EFI_FIRMWARE_IMAGE_AUTHENTICATION
*)Image
, FmpHeaderSize
);
1142 if (AllHeaderSize
== 0) {
1143 DEBUG ((DEBUG_ERROR
, "FmpDxe(%s): SetTheImage() - GetAllHeaderSize failed.\n", mImageIdName
));
1144 Status
= EFI_ABORTED
;
1149 // Indicate that control is handed off to FmpDeviceLib
1154 //Copy the requested image to the firmware using the FmpDeviceLib
1156 Status
= FmpDeviceSetImage (
1157 (((UINT8
*)Image
) + AllHeaderSize
),
1158 ImageSize
- AllHeaderSize
,
1164 if (EFI_ERROR (Status
)) {
1165 DEBUG ((DEBUG_ERROR
, "FmpDxe(%s): SetTheImage() SetImage from FmpDeviceLib failed. Status = %r.\n", mImageIdName
, Status
));
1171 // Finished the update without error
1172 // Indicate that control has been returned from FmpDeviceLib
1177 // Update the version stored in variable
1179 if (!Private
->RuntimeVersionSupported
) {
1180 Version
= DEFAULT_VERSION
;
1181 GetFmpPayloadHeaderVersion (FmpHeader
, FmpPayloadSize
, &Version
);
1182 SetVersionInVariable (Private
, Version
);
1186 // Update lowest supported variable
1188 LowestSupportedVersion
= DEFAULT_LOWESTSUPPORTEDVERSION
;
1189 GetFmpPayloadHeaderLowestSupportedVersion (FmpHeader
, FmpPayloadSize
, &LowestSupportedVersion
);
1190 SetLowestSupportedVersionInVariable (Private
, LowestSupportedVersion
);
1192 LastAttemptStatus
= LAST_ATTEMPT_STATUS_SUCCESS
;
1195 mProgressFunc
= NULL
;
1196 SetLastAttemptStatusInVariable (Private
, LastAttemptStatus
);
1198 if (Progress
!= NULL
) {
1200 // Set progress to 100 after everything is done including recording Status.
1206 // Need repopulate after SetImage is called to
1207 // update LastAttemptVersion and LastAttemptStatus.
1209 Private
->DescriptorPopulated
= FALSE
;
1215 Returns information about the firmware package.
1217 This function returns package information.
1219 @param[in] This A pointer to the EFI_FIRMWARE_MANAGEMENT_PROTOCOL instance.
1220 @param[out] PackageVersion A version number that represents all the firmware images in the device.
1221 The format is vendor specific and new version must have a greater value
1222 than the old version. If PackageVersion is not supported, the value is
1223 0xFFFFFFFF. A value of 0xFFFFFFFE indicates that package version
1224 comparison is to be performed using PackageVersionName. A value of
1225 0xFFFFFFFD indicates that package version update is in progress.
1226 @param[out] PackageVersionName A pointer to a pointer to a null-terminated string representing
1227 the package version name. The buffer is allocated by this function with
1228 AllocatePool(), and it is the caller's responsibility to free it with a
1230 @param[out] PackageVersionNameMaxLen The maximum length of package version name if device supports update of
1231 package version name. A value of 0 indicates the device does not support
1232 update of package version name. Length is the number of Unicode characters,
1233 including the terminating null character.
1234 @param[out] AttributesSupported Package attributes that are supported by this device. See 'Package Attribute
1235 Definitions' for possible returned values of this parameter. A value of 1
1236 indicates the attribute is supported and the current setting value is
1237 indicated in AttributesSetting. A value of 0 indicates the attribute is not
1238 supported and the current setting value in AttributesSetting is meaningless.
1239 @param[out] AttributesSetting Package attributes. See 'Package Attribute Definitions' for possible returned
1240 values of this parameter
1242 @retval EFI_SUCCESS The package information was successfully returned.
1243 @retval EFI_UNSUPPORTED The operation is not supported.
1249 IN EFI_FIRMWARE_MANAGEMENT_PROTOCOL
*This
,
1250 OUT UINT32
*PackageVersion
,
1251 OUT CHAR16
**PackageVersionName
,
1252 OUT UINT32
*PackageVersionNameMaxLen
,
1253 OUT UINT64
*AttributesSupported
,
1254 OUT UINT64
*AttributesSetting
1257 return EFI_UNSUPPORTED
;
1261 Updates information about the firmware package.
1263 This function updates package information.
1264 This function returns EFI_UNSUPPORTED if the package information is not updatable.
1265 VendorCode enables vendor to implement vendor-specific package information update policy.
1266 Null if the caller did not specify this policy or use the default policy.
1268 @param[in] This A pointer to the EFI_FIRMWARE_MANAGEMENT_PROTOCOL instance.
1269 @param[in] Image Points to the authentication image.
1270 Null if authentication is not required.
1271 @param[in] ImageSize Size of the authentication image in bytes.
1272 0 if authentication is not required.
1273 @param[in] VendorCode This enables vendor to implement vendor-specific firmware
1274 image update policy.
1275 Null indicates the caller did not specify this policy or use
1277 @param[in] PackageVersion The new package version.
1278 @param[in] PackageVersionName A pointer to the new null-terminated Unicode string representing
1279 the package version name.
1280 The string length is equal to or less than the value returned in
1281 PackageVersionNameMaxLen.
1283 @retval EFI_SUCCESS The device was successfully updated with the new package
1285 @retval EFI_INVALID_PARAMETER The PackageVersionName length is longer than the value
1286 returned in PackageVersionNameMaxLen.
1287 @retval EFI_UNSUPPORTED The operation is not supported.
1288 @retval EFI_SECURITY_VIOLATION The operation could not be performed due to an authentication failure.
1294 IN EFI_FIRMWARE_MANAGEMENT_PROTOCOL
*This
,
1295 IN CONST VOID
*Image
,
1297 IN CONST VOID
*VendorCode
,
1298 IN UINT32 PackageVersion
,
1299 IN CONST CHAR16
*PackageVersionName
1302 return EFI_UNSUPPORTED
;
1306 Event notification function that is invoked when the event GUID specified by
1307 PcdFmpDeviceLockEventGuid is signaled.
1309 @param[in] Event Event whose notification function is being invoked.
1310 @param[in] Context The pointer to the notification function's context,
1311 which is implementation-dependent.
1315 FmpDxeLockEventNotify (
1321 FIRMWARE_MANAGEMENT_PRIVATE_DATA
*Private
;
1323 Private
= (FIRMWARE_MANAGEMENT_PRIVATE_DATA
*)Context
;
1325 if (!Private
->FmpDeviceLocked
) {
1327 // Lock the firmware device
1329 FmpDeviceSetContext (Private
->Handle
, &Private
->FmpDeviceContext
);
1330 Status
= FmpDeviceLock();
1331 if (EFI_ERROR (Status
)) {
1332 if (Status
!= EFI_UNSUPPORTED
) {
1333 DEBUG ((DEBUG_ERROR
, "FmpDxe(%s): FmpDeviceLock() returned error. Status = %r\n", mImageIdName
, Status
));
1335 DEBUG ((DEBUG_WARN
, "FmpDxe(%s): FmpDeviceLock() returned error. Status = %r\n", mImageIdName
, Status
));
1338 Private
->FmpDeviceLocked
= TRUE
;
1343 Function to install FMP instance.
1345 @param[in] Handle The device handle to install a FMP instance on.
1347 @retval EFI_SUCCESS FMP Installed
1348 @retval EFI_INVALID_PARAMETER Handle was invalid
1349 @retval other Error installing FMP
1354 InstallFmpInstance (
1355 IN EFI_HANDLE Handle
1359 EFI_FIRMWARE_MANAGEMENT_PROTOCOL
*Fmp
;
1360 FIRMWARE_MANAGEMENT_PRIVATE_DATA
*Private
;
1363 // Only allow a single FMP Protocol instance to be installed
1365 Status
= gBS
->OpenProtocol (
1367 &gEfiFirmwareManagementProtocolGuid
,
1371 EFI_OPEN_PROTOCOL_GET_PROTOCOL
1373 if (!EFI_ERROR (Status
)) {
1374 return EFI_ALREADY_STARTED
;
1378 // Allocate FMP Protocol instance
1380 Private
= AllocateCopyPool (
1381 sizeof (mFirmwareManagementPrivateDataTemplate
),
1382 &mFirmwareManagementPrivateDataTemplate
1384 if (Private
== NULL
) {
1385 DEBUG ((DEBUG_ERROR
, "FmpDxe(%s): Failed to allocate memory for private structure.\n", mImageIdName
));
1386 Status
= EFI_OUT_OF_RESOURCES
;
1391 // Initialize private context data structure
1393 Private
->Handle
= Handle
;
1394 Private
->FmpDeviceContext
= NULL
;
1395 Status
= FmpDeviceSetContext (Private
->Handle
, &Private
->FmpDeviceContext
);
1396 if (Status
== EFI_UNSUPPORTED
) {
1397 Private
->FmpDeviceContext
= NULL
;
1398 } else if (EFI_ERROR (Status
)) {
1403 // Make sure the descriptor has already been loaded or refreshed
1405 PopulateDescriptor (Private
);
1407 if (IsLockFmpDeviceAtLockEventGuidRequired ()) {
1409 // Register all UEFI Variables used by this module to be locked.
1411 Status
= LockAllFmpVariables (Private
);
1412 if (EFI_ERROR (Status
)) {
1413 DEBUG ((DEBUG_ERROR
, "FmpDxe(%s): Failed to register variables to lock. Status = %r.\n", mImageIdName
, Status
));
1415 DEBUG ((DEBUG_INFO
, "FmpDxe(%s): All variables registered to lock\n", mImageIdName
));
1419 // Create and register notify function to lock the FMP device.
1421 Status
= gBS
->CreateEventEx (
1424 FmpDxeLockEventNotify
,
1427 &Private
->FmpDeviceLockEvent
1429 if (EFI_ERROR (Status
)) {
1430 DEBUG ((DEBUG_ERROR
, "FmpDxe(%s): Failed to register notification. Status = %r\n", mImageIdName
, Status
));
1432 ASSERT_EFI_ERROR (Status
);
1434 DEBUG ((DEBUG_VERBOSE
, "FmpDxe(%s): Not registering notification to call FmpDeviceLock() because mfg mode\n", mImageIdName
));
1438 // Install FMP Protocol and FMP Progress Protocol
1440 Status
= gBS
->InstallMultipleProtocolInterfaces (
1442 &gEfiFirmwareManagementProtocolGuid
, &Private
->Fmp
,
1443 &gEdkiiFirmwareManagementProgressProtocolGuid
, &mFmpProgress
,
1446 if (EFI_ERROR (Status
)) {
1447 DEBUG ((DEBUG_ERROR
, "FmpDxe(%s): Protocol install error. Status = %r.\n", mImageIdName
, Status
));
1453 if (EFI_ERROR (Status
)) {
1454 if (Private
!= NULL
) {
1455 if (Private
->FmpDeviceLockEvent
!= NULL
) {
1456 gBS
->CloseEvent (Private
->FmpDeviceLockEvent
);
1458 if (Private
->Descriptor
.VersionName
!= NULL
) {
1459 FreePool (Private
->Descriptor
.VersionName
);
1461 if (Private
->FmpDeviceContext
!= NULL
) {
1462 FmpDeviceSetContext (NULL
, &Private
->FmpDeviceContext
);
1464 if (Private
->VersionVariableName
!= NULL
) {
1465 FreePool (Private
->VersionVariableName
);
1467 if (Private
->LsvVariableName
!= NULL
) {
1468 FreePool (Private
->LsvVariableName
);
1470 if (Private
->LastAttemptStatusVariableName
!= NULL
) {
1471 FreePool (Private
->LastAttemptStatusVariableName
);
1473 if (Private
->LastAttemptVersionVariableName
!= NULL
) {
1474 FreePool (Private
->LastAttemptVersionVariableName
);
1476 if (Private
->FmpStateVariableName
!= NULL
) {
1477 FreePool (Private
->FmpStateVariableName
);
1487 Function to uninstall FMP instance.
1489 @param[in] Handle The device handle to install a FMP instance on.
1491 @retval EFI_SUCCESS FMP Installed
1492 @retval EFI_INVALID_PARAMETER Handle was invalid
1493 @retval other Error installing FMP
1498 UninstallFmpInstance (
1499 IN EFI_HANDLE Handle
1503 EFI_FIRMWARE_MANAGEMENT_PROTOCOL
*Fmp
;
1504 FIRMWARE_MANAGEMENT_PRIVATE_DATA
*Private
;
1506 Status
= gBS
->OpenProtocol (
1508 &gEfiFirmwareManagementProtocolGuid
,
1512 EFI_OPEN_PROTOCOL_GET_PROTOCOL
1514 if (EFI_ERROR (Status
)) {
1515 DEBUG ((DEBUG_ERROR
, "FmpDxe(%s): Protocol open error. Status = %r.\n", mImageIdName
, Status
));
1519 Private
= FIRMWARE_MANAGEMENT_PRIVATE_DATA_FROM_THIS (Fmp
);
1520 FmpDeviceSetContext (Private
->Handle
, &Private
->FmpDeviceContext
);
1522 if (Private
->FmpDeviceLockEvent
!= NULL
) {
1523 gBS
->CloseEvent (Private
->FmpDeviceLockEvent
);
1526 Status
= gBS
->UninstallMultipleProtocolInterfaces (
1528 &gEfiFirmwareManagementProtocolGuid
, &Private
->Fmp
,
1529 &gEdkiiFirmwareManagementProgressProtocolGuid
, &mFmpProgress
,
1532 if (EFI_ERROR (Status
)) {
1533 DEBUG ((DEBUG_ERROR
, "FmpDxe(%s): Protocol uninstall error. Status = %r.\n", mImageIdName
, Status
));
1537 if (Private
->Descriptor
.VersionName
!= NULL
) {
1538 FreePool (Private
->Descriptor
.VersionName
);
1540 if (Private
->FmpDeviceContext
!= NULL
) {
1541 FmpDeviceSetContext (NULL
, &Private
->FmpDeviceContext
);
1543 if (Private
->VersionVariableName
!= NULL
) {
1544 FreePool (Private
->VersionVariableName
);
1546 if (Private
->LsvVariableName
!= NULL
) {
1547 FreePool (Private
->LsvVariableName
);
1549 if (Private
->LastAttemptStatusVariableName
!= NULL
) {
1550 FreePool (Private
->LastAttemptStatusVariableName
);
1552 if (Private
->LastAttemptVersionVariableName
!= NULL
) {
1553 FreePool (Private
->LastAttemptVersionVariableName
);
1555 if (Private
->FmpStateVariableName
!= NULL
) {
1556 FreePool (Private
->FmpStateVariableName
);
1564 Unloads the application and its installed protocol.
1566 @param ImageHandle Handle that identifies the image to be unloaded.
1567 @param SystemTable The system table.
1569 @retval EFI_SUCCESS The image has been unloaded.
1574 FmpDxeLibDestructor (
1575 IN EFI_HANDLE ImageHandle
,
1576 IN EFI_SYSTEM_TABLE
*SystemTable
1579 if (mFmpSingleInstance
) {
1580 return UninstallFmpInstance (ImageHandle
);
1586 Main entry for this driver/library.
1588 @param[in] ImageHandle Image handle this driver.
1589 @param[in] SystemTable Pointer to SystemTable.
1595 IN EFI_HANDLE ImageHandle
,
1596 IN EFI_SYSTEM_TABLE
*SystemTable
1602 // Verify that a new FILE_GUID value has been provided in the <Defines>
1603 // section of this module. The FILE_GUID is the ESRT GUID that must be
1604 // unique for each updatable firmware image.
1606 if (CompareGuid (&mDefaultModuleFileGuid
, &gEfiCallerIdGuid
)) {
1607 DEBUG ((DEBUG_ERROR
, "FmpDxe: Use of default FILE_GUID detected. FILE_GUID must be set to a unique value.\n"));
1609 return EFI_UNSUPPORTED
;
1613 // Get the ImageIdName value for the EFI_FIRMWARE_IMAGE_DESCRIPTOR from a PCD.
1615 mImageIdName
= (CHAR16
*) PcdGetPtr (PcdFmpDeviceImageIdName
);
1616 if (PcdGetSize (PcdFmpDeviceImageIdName
) <= 2 || mImageIdName
[0] == 0) {
1618 // PcdFmpDeviceImageIdName must be set to a non-empty Unicode string
1620 DEBUG ((DEBUG_ERROR
, "FmpDxe: PcdFmpDeviceImageIdName is an empty string.\n"));
1622 return EFI_UNSUPPORTED
;
1626 // Detects if PcdFmpDevicePkcs7CertBufferXdr contains a test key.
1631 // Fill in FMP Progress Protocol fields for Version 1
1633 mFmpProgress
.Version
= 1;
1634 mFmpProgress
.ProgressBarForegroundColor
.Raw
= PcdGet32 (PcdFmpDeviceProgressColor
);
1635 mFmpProgress
.WatchdogSeconds
= PcdGet8 (PcdFmpDeviceProgressWatchdogTimeInSeconds
);
1637 // The lock event GUID is retrieved from PcdFmpDeviceLockEventGuid.
1638 // If PcdFmpDeviceLockEventGuid is not the size of an EFI_GUID, then
1639 // gEfiEndOfDxeEventGroupGuid is used.
1641 mLockGuid
= &gEfiEndOfDxeEventGroupGuid
;
1642 if (PcdGetSize (PcdFmpDeviceLockEventGuid
) == sizeof (EFI_GUID
)) {
1643 mLockGuid
= (EFI_GUID
*)PcdGetPtr (PcdFmpDeviceLockEventGuid
);
1645 DEBUG ((DEBUG_INFO
, "FmpDxe(%s): Lock GUID: %g\n", mImageIdName
, mLockGuid
));
1648 // Register with library the install function so if the library uses
1649 // UEFI driver model/driver binding protocol it can install FMP on its device handle
1650 // If library is simple lib that does not use driver binding then it should return
1651 // unsupported and this will install the FMP instance on the ImageHandle
1653 Status
= RegisterFmpInstaller (InstallFmpInstance
);
1654 if (Status
== EFI_UNSUPPORTED
) {
1655 mFmpSingleInstance
= TRUE
;
1656 DEBUG ((DEBUG_INFO
, "FmpDxe(%s): FmpDeviceLib registration returned EFI_UNSUPPORTED. Installing single FMP instance.\n", mImageIdName
));
1657 Status
= RegisterFmpUninstaller (UninstallFmpInstance
);
1658 if (Status
== EFI_UNSUPPORTED
) {
1659 Status
= InstallFmpInstance (ImageHandle
);
1661 DEBUG ((DEBUG_ERROR
, "FmpDxe(%s): FmpDeviceLib RegisterFmpInstaller and RegisterFmpUninstaller do not match.\n", mImageIdName
));
1662 Status
= EFI_UNSUPPORTED
;
1664 } else if (EFI_ERROR (Status
)) {
1665 DEBUG ((DEBUG_ERROR
, "FmpDxe(%s): FmpDeviceLib registration returned %r. No FMP installed.\n", mImageIdName
, Status
));
1669 "FmpDxe(%s): FmpDeviceLib registration returned EFI_SUCCESS. Expect FMP to be installed during the BDS/Device connection phase.\n",
1672 Status
= RegisterFmpUninstaller (UninstallFmpInstance
);
1673 if (EFI_ERROR (Status
)) {
1674 DEBUG ((DEBUG_ERROR
, "FmpDxe(%s): FmpDeviceLib RegisterFmpInstaller and RegisterFmpUninstaller do not match.\n", mImageIdName
));