2 UEFI Firmware Management Protocol definition
3 Firmware Management Protocol provides an abstraction for device to provide firmware
4 management support. The base requirements for managing device firmware images include
5 identifying firmware image revision level and programming the image into the device.
7 GetImageInfo() is the only required function. GetImage(), SetImage(),
8 CheckImage(), GetPackageInfo(), and SetPackageInfo() shall return
9 EFI_UNSUPPORTED if not supported by the driver.
11 Copyright (c) 2009 - 2020, Intel Corporation. All rights reserved.<BR>
12 Copyright (c) 2013 - 2014, Hewlett-Packard Development Company, L.P.<BR>
13 SPDX-License-Identifier: BSD-2-Clause-Patent
15 @par Revision Reference:
16 This Protocol is introduced in UEFI Specification 2.3
20 #ifndef __EFI_FIRMWARE_MANAGEMENT_PROTOCOL_H__
21 #define __EFI_FIRMWARE_MANAGEMENT_PROTOCOL_H__
24 #define EFI_FIRMWARE_MANAGEMENT_PROTOCOL_GUID \
26 0x86c77a67, 0xb97, 0x4633, {0xa1, 0x87, 0x49, 0x10, 0x4d, 0x6, 0x85, 0xc7 } \
29 typedef struct _EFI_FIRMWARE_MANAGEMENT_PROTOCOL EFI_FIRMWARE_MANAGEMENT_PROTOCOL
;
32 /// Dependency Expression Opcode
34 #define EFI_FMP_DEP_PUSH_GUID 0x00
35 #define EFI_FMP_DEP_PUSH_VERSION 0x01
36 #define EFI_FMP_DEP_VERSION_STR 0x02
37 #define EFI_FMP_DEP_AND 0x03
38 #define EFI_FMP_DEP_OR 0x04
39 #define EFI_FMP_DEP_NOT 0x05
40 #define EFI_FMP_DEP_TRUE 0x06
41 #define EFI_FMP_DEP_FALSE 0x07
42 #define EFI_FMP_DEP_EQ 0x08
43 #define EFI_FMP_DEP_GT 0x09
44 #define EFI_FMP_DEP_GTE 0x0A
45 #define EFI_FMP_DEP_LT 0x0B
46 #define EFI_FMP_DEP_LTE 0x0C
47 #define EFI_FMP_DEP_END 0x0D
50 /// Image Attribute - Dependency
53 UINT8 Dependencies
[1];
54 } EFI_FIRMWARE_IMAGE_DEP
;
57 /// EFI_FIRMWARE_IMAGE_DESCRIPTOR
61 /// A unique number identifying the firmware image within the device. The number is
62 /// between 1 and DescriptorCount.
66 /// A unique GUID identifying the firmware image type.
70 /// A unique number identifying the firmware image.
74 /// A pointer to a null-terminated string representing the firmware image name.
78 /// Identifies the version of the device firmware. The format is vendor specific and new
79 /// version must have a greater value than an old version.
83 /// A pointer to a null-terminated string representing the firmware image version name.
87 /// Size of the image in bytes. If size=0, then only ImageIndex and ImageTypeId are valid.
91 /// Image attributes that are supported by this device. See 'Image Attribute Definitions'
92 /// for possible returned values of this parameter. A value of 1 indicates the attribute is
93 /// supported and the current setting value is indicated in AttributesSetting. A
94 /// value of 0 indicates the attribute is not supported and the current setting value in
95 /// AttributesSetting is meaningless.
97 UINT64 AttributesSupported
;
99 /// Image attributes. See 'Image Attribute Definitions' for possible returned values of
102 UINT64 AttributesSetting
;
104 /// Image compatibilities. See 'Image Compatibility Definitions' for possible returned
105 /// values of this parameter.
107 UINT64 Compatibilities
;
109 /// Describes the lowest ImageDescriptor version that the device will accept. Only
110 /// present in version 2 or higher.
112 UINT32 LowestSupportedImageVersion
;
114 /// Describes the version that was last attempted to update. If no update attempted the
115 /// value will be 0. If the update attempted was improperly formatted and no version
116 /// number was available then the value will be zero. Only present in version 3 or higher.
117 UINT32 LastAttemptVersion
;
119 /// Describes the status that was last attempted to update. If no update has been attempted
120 /// the value will be LAST_ATTEMPT_STATUS_SUCCESS. Only present in version 3 or higher.
122 UINT32 LastAttemptStatus
;
124 /// An optional number to identify the unique hardware instance within the system for
125 /// devices that may have multiple instances (Example: a plug in pci network card). This
126 /// number must be unique within the namespace of the ImageTypeId GUID and
127 /// ImageIndex. For FMP instances that have multiple descriptors for a single
128 /// hardware instance, all descriptors must have the same HardwareInstance value.
129 /// This number must be consistent between boots and should be based on some sort of
130 /// hardware identified unique id (serial number, etc) whenever possible. If a hardware
131 /// based number is not available the FMP provider may use some other characteristic
132 /// such as device path, bus/dev/function, slot num, etc for generating the
133 /// HardwareInstance. For implementations that will never have more than one
134 /// instance a zero can be used. A zero means the FMP provider is not able to determine a
135 /// unique hardware instance number or a hardware instance number is not needed. Only
136 /// present in version 3 or higher.
138 UINT64 HardwareInstance
;
139 EFI_FIRMWARE_IMAGE_DEP
*Dependencies
;
140 } EFI_FIRMWARE_IMAGE_DESCRIPTOR
;
144 // Image Attribute Definitions
147 /// The attribute IMAGE_ATTRIBUTE_IMAGE_UPDATABLE indicates this device supports firmware
150 #define IMAGE_ATTRIBUTE_IMAGE_UPDATABLE 0x0000000000000001
152 /// The attribute IMAGE_ATTRIBUTE_RESET_REQUIRED indicates a reset of the device is required
153 /// for the new firmware image to take effect after a firmware update. The device is the device hosting
154 /// the firmware image.
156 #define IMAGE_ATTRIBUTE_RESET_REQUIRED 0x0000000000000002
158 /// The attribute IMAGE_ATTRIBUTE_AUTHENTICATION_REQUIRED indicates authentication is
159 /// required to perform the following image operations: GetImage(), SetImage(), and
160 /// CheckImage(). See 'Image Attribute - Authentication'.
162 #define IMAGE_ATTRIBUTE_AUTHENTICATION_REQUIRED 0x0000000000000004
164 /// The attribute IMAGE_ATTRIBUTE_IN_USE indicates the current state of the firmware image.
165 /// This distinguishes firmware images in a device that supports redundant images.
167 #define IMAGE_ATTRIBUTE_IN_USE 0x0000000000000008
169 /// The attribute IMAGE_ATTRIBUTE_UEFI_IMAGE indicates that this image is an EFI compatible image.
171 #define IMAGE_ATTRIBUTE_UEFI_IMAGE 0x0000000000000010
173 /// The attribute IMAGE_ATTRIBUTE_DEPENDENCY indicates that there is an EFI_FIRMWARE_IMAGE_DEP
174 /// section associated with the image.
176 #define IMAGE_ATTRIBUTE_DEPENDENCY 0x0000000000000020
180 // Image Compatibility Definitions
183 /// Values from 0x0000000000000002 thru 0x000000000000FFFF are reserved for future assignments.
184 /// Values from 0x0000000000010000 thru 0xFFFFFFFFFFFFFFFF are used by firmware vendor for
185 /// compatibility check.
187 #define IMAGE_COMPATIBILITY_CHECK_SUPPORTED 0x0000000000000001
190 /// Descriptor Version exposed by GetImageInfo() function
192 #define EFI_FIRMWARE_IMAGE_DESCRIPTOR_VERSION 4
196 /// Image Attribute - Authentication Required
200 /// It is included in the signature of AuthInfo. It is used to ensure freshness/no replay.
201 /// It is incremented during each firmware image operation.
203 UINT64 MonotonicCount
;
205 /// Provides the authorization for the firmware image operations. It is a signature across
206 /// the image data and the Monotonic Count value. Caller uses the private key that is
207 /// associated with a public key that has been provisioned via the key exchange.
208 /// Because this is defined as a signature, WIN_CERTIFICATE_UEFI_GUID.CertType must
209 /// be EFI_CERT_TYPE_PKCS7_GUID.
211 WIN_CERTIFICATE_UEFI_GUID AuthInfo
;
212 } EFI_FIRMWARE_IMAGE_AUTHENTICATION
;
216 // ImageUpdatable Definitions
219 /// IMAGE_UPDATABLE_VALID indicates SetImage() will accept the new image and update the
220 /// device with the new image. The version of the new image could be higher or lower than
221 /// the current image. SetImage VendorCode is optional but can be used for vendor
224 #define IMAGE_UPDATABLE_VALID 0x0000000000000001
226 /// IMAGE_UPDATABLE_INVALID indicates SetImage() will reject the new image. No additional
227 /// information is provided for the rejection.
229 #define IMAGE_UPDATABLE_INVALID 0x0000000000000002
231 /// IMAGE_UPDATABLE_INVALID_TYPE indicates SetImage() will reject the new image. The
232 /// rejection is due to the new image is not a firmware image recognized for this device.
234 #define IMAGE_UPDATABLE_INVALID_TYPE 0x0000000000000004
236 /// IMAGE_UPDATABLE_INVALID_OLD indicates SetImage() will reject the new image. The
237 /// rejection is due to the new image version is older than the current firmware image
238 /// version in the device. The device firmware update policy does not support firmware
239 /// version downgrade.
241 #define IMAGE_UPDATABLE_INVALID_OLD 0x0000000000000008
243 /// IMAGE_UPDATABLE_VALID_WITH_VENDOR_CODE indicates SetImage() will accept and update
244 /// the new image only if a correct VendorCode is provided or else image would be
245 /// rejected and SetImage will return appropriate error.
247 #define IMAGE_UPDATABLE_VALID_WITH_VENDOR_CODE 0x0000000000000010
251 // Package Attribute Definitions
254 /// The attribute PACKAGE_ATTRIBUTE_VERSION_UPDATABLE indicates this device supports the
255 /// update of the firmware package version.
257 #define PACKAGE_ATTRIBUTE_VERSION_UPDATABLE 0x0000000000000001
259 /// The attribute PACKAGE_ATTRIBUTE_RESET_REQUIRED indicates a reset of the device is
260 /// required for the new package info to take effect after an update.
262 #define PACKAGE_ATTRIBUTE_RESET_REQUIRED 0x0000000000000002
264 /// The attribute PACKAGE_ATTRIBUTE_AUTHENTICATION_REQUIRED indicates authentication
265 /// is required to update the package info.
267 #define PACKAGE_ATTRIBUTE_AUTHENTICATION_REQUIRED 0x0000000000000004
270 Callback function to report the process of the firmware updating.
272 @param[in] Completion A value between 1 and 100 indicating the current completion
273 progress of the firmware update. Completion progress is
274 reported as from 1 to 100 percent. A value of 0 is used by
275 the driver to indicate that progress reporting is not supported.
277 @retval EFI_SUCCESS SetImage() continues to do the callback if supported.
278 @retval other SetImage() discontinues the callback and completes
279 the update and returns.
284 (EFIAPI
*EFI_FIRMWARE_MANAGEMENT_UPDATE_IMAGE_PROGRESS
)(
289 Returns information about the current firmware image(s) of the device.
291 This function allows a copy of the current firmware image to be created and saved.
292 The saved copy could later been used, for example, in firmware image recovery or rollback.
294 @param[in] This A pointer to the EFI_FIRMWARE_MANAGEMENT_PROTOCOL instance.
295 @param[in, out] ImageInfoSize A pointer to the size, in bytes, of the ImageInfo buffer.
296 On input, this is the size of the buffer allocated by the caller.
297 On output, it is the size of the buffer returned by the firmware
298 if the buffer was large enough, or the size of the buffer needed
299 to contain the image(s) information if the buffer was too small.
300 @param[in, out] ImageInfo A pointer to the buffer in which firmware places the current image(s)
301 information. The information is an array of EFI_FIRMWARE_IMAGE_DESCRIPTORs.
302 @param[out] DescriptorVersion A pointer to the location in which firmware returns the version number
303 associated with the EFI_FIRMWARE_IMAGE_DESCRIPTOR.
304 @param[out] DescriptorCount A pointer to the location in which firmware returns the number of
305 descriptors or firmware images within this device.
306 @param[out] DescriptorSize A pointer to the location in which firmware returns the size, in bytes,
307 of an individual EFI_FIRMWARE_IMAGE_DESCRIPTOR.
308 @param[out] PackageVersion A version number that represents all the firmware images in the device.
309 The format is vendor specific and new version must have a greater value
310 than the old version. If PackageVersion is not supported, the value is
311 0xFFFFFFFF. A value of 0xFFFFFFFE indicates that package version comparison
312 is to be performed using PackageVersionName. A value of 0xFFFFFFFD indicates
313 that package version update is in progress.
314 @param[out] PackageVersionName A pointer to a pointer to a null-terminated string representing the
315 package version name. The buffer is allocated by this function with
316 AllocatePool(), and it is the caller's responsibility to free it with a call
319 @retval EFI_SUCCESS The device was successfully updated with the new image.
320 @retval EFI_BUFFER_TOO_SMALL The ImageInfo buffer was too small. The current buffer size
321 needed to hold the image(s) information is returned in ImageInfoSize.
322 @retval EFI_INVALID_PARAMETER ImageInfoSize is NULL.
323 @retval EFI_DEVICE_ERROR Valid information could not be returned. Possible corrupted image.
328 (EFIAPI
*EFI_FIRMWARE_MANAGEMENT_PROTOCOL_GET_IMAGE_INFO
)(
329 IN EFI_FIRMWARE_MANAGEMENT_PROTOCOL
*This
,
330 IN OUT UINTN
*ImageInfoSize
,
331 IN OUT EFI_FIRMWARE_IMAGE_DESCRIPTOR
*ImageInfo
,
332 OUT UINT32
*DescriptorVersion
,
333 OUT UINT8
*DescriptorCount
,
334 OUT UINTN
*DescriptorSize
,
335 OUT UINT32
*PackageVersion
,
336 OUT CHAR16
**PackageVersionName
340 Retrieves a copy of the current firmware image of the device.
342 This function allows a copy of the current firmware image to be created and saved.
343 The saved copy could later been used, for example, in firmware image recovery or rollback.
345 @param[in] This A pointer to the EFI_FIRMWARE_MANAGEMENT_PROTOCOL instance.
346 @param[in] ImageIndex A unique number identifying the firmware image(s) within the device.
347 The number is between 1 and DescriptorCount.
348 @param[in, out] Image Points to the buffer where the current image is copied to.
349 @param[in, out] ImageSize On entry, points to the size of the buffer pointed to by Image, in bytes.
350 On return, points to the length of the image, in bytes.
352 @retval EFI_SUCCESS The device was successfully updated with the new image.
353 @retval EFI_BUFFER_TOO_SMALL The buffer specified by ImageSize is too small to hold the
354 image. The current buffer size needed to hold the image is returned
356 @retval EFI_INVALID_PARAMETER The Image was NULL.
357 @retval EFI_NOT_FOUND The current image is not copied to the buffer.
358 @retval EFI_UNSUPPORTED The operation is not supported.
359 @retval EFI_SECURITY_VIOLATION The operation could not be performed due to an authentication failure.
364 (EFIAPI
*EFI_FIRMWARE_MANAGEMENT_PROTOCOL_GET_IMAGE
)(
365 IN EFI_FIRMWARE_MANAGEMENT_PROTOCOL
*This
,
368 IN OUT UINTN
*ImageSize
372 Updates the firmware image of the device.
374 This function updates the hardware with the new firmware image.
375 This function returns EFI_UNSUPPORTED if the firmware image is not updatable.
376 If the firmware image is updatable, the function should perform the following minimal validations
377 before proceeding to do the firmware image update.
378 - Validate the image authentication if image has attribute
379 IMAGE_ATTRIBUTE_AUTHENTICATION_REQUIRED. The function returns
380 EFI_SECURITY_VIOLATION if the validation fails.
381 - Validate the image is a supported image for this device. The function returns EFI_ABORTED if
382 the image is unsupported. The function can optionally provide more detailed information on
383 why the image is not a supported image.
384 - Validate the data from VendorCode if not null. Image validation must be performed before
385 VendorCode data validation. VendorCode data is ignored or considered invalid if image
386 validation failed. The function returns EFI_ABORTED if the data is invalid.
388 VendorCode enables vendor to implement vendor-specific firmware image update policy. Null if
389 the caller did not specify the policy or use the default policy. As an example, vendor can implement
390 a policy to allow an option to force a firmware image update when the abort reason is due to the new
391 firmware image version is older than the current firmware image version or bad image checksum.
392 Sensitive operations such as those wiping the entire firmware image and render the device to be
393 non-functional should be encoded in the image itself rather than passed with the VendorCode.
394 AbortReason enables vendor to have the option to provide a more detailed description of the abort
395 reason to the caller.
397 @param[in] This A pointer to the EFI_FIRMWARE_MANAGEMENT_PROTOCOL instance.
398 @param[in] ImageIndex A unique number identifying the firmware image(s) within the device.
399 The number is between 1 and DescriptorCount.
400 @param[in] Image Points to the new image.
401 @param[in] ImageSize Size of the new image in bytes.
402 @param[in] VendorCode This enables vendor to implement vendor-specific firmware image update policy.
403 Null indicates the caller did not specify the policy or use the default policy.
404 @param[in] Progress A function used by the driver to report the progress of the firmware update.
405 @param[out] AbortReason A pointer to a pointer to a null-terminated string providing more
406 details for the aborted operation. The buffer is allocated by this function
407 with AllocatePool(), and it is the caller's responsibility to free it with a
410 @retval EFI_SUCCESS The device was successfully updated with the new image.
411 @retval EFI_ABORTED The operation is aborted.
412 @retval EFI_INVALID_PARAMETER The Image was NULL.
413 @retval EFI_UNSUPPORTED The operation is not supported.
414 @retval EFI_SECURITY_VIOLATION The operation could not be performed due to an authentication failure.
419 (EFIAPI
*EFI_FIRMWARE_MANAGEMENT_PROTOCOL_SET_IMAGE
)(
420 IN EFI_FIRMWARE_MANAGEMENT_PROTOCOL
*This
,
422 IN CONST VOID
*Image
,
424 IN CONST VOID
*VendorCode
,
425 IN EFI_FIRMWARE_MANAGEMENT_UPDATE_IMAGE_PROGRESS Progress
,
426 OUT CHAR16
**AbortReason
430 Checks if the firmware image is valid for the device.
432 This function allows firmware update application to validate the firmware image without
433 invoking the SetImage() first.
435 @param[in] This A pointer to the EFI_FIRMWARE_MANAGEMENT_PROTOCOL instance.
436 @param[in] ImageIndex A unique number identifying the firmware image(s) within the device.
437 The number is between 1 and DescriptorCount.
438 @param[in] Image Points to the new image.
439 @param[in] ImageSize Size of the new image in bytes.
440 @param[out] ImageUpdatable Indicates if the new image is valid for update. It also provides,
441 if available, additional information if the image is invalid.
443 @retval EFI_SUCCESS The image was successfully checked.
444 @retval EFI_INVALID_PARAMETER The Image was NULL.
445 @retval EFI_UNSUPPORTED The operation is not supported.
446 @retval EFI_SECURITY_VIOLATION The operation could not be performed due to an authentication failure.
451 (EFIAPI
*EFI_FIRMWARE_MANAGEMENT_PROTOCOL_CHECK_IMAGE
)(
452 IN EFI_FIRMWARE_MANAGEMENT_PROTOCOL
*This
,
454 IN CONST VOID
*Image
,
456 OUT UINT32
*ImageUpdatable
460 Returns information about the firmware package.
462 This function returns package information.
464 @param[in] This A pointer to the EFI_FIRMWARE_MANAGEMENT_PROTOCOL instance.
465 @param[out] PackageVersion A version number that represents all the firmware images in the device.
466 The format is vendor specific and new version must have a greater value
467 than the old version. If PackageVersion is not supported, the value is
468 0xFFFFFFFF. A value of 0xFFFFFFFE indicates that package version
469 comparison is to be performed using PackageVersionName. A value of
470 0xFFFFFFFD indicates that package version update is in progress.
471 @param[out] PackageVersionName A pointer to a pointer to a null-terminated string representing
472 the package version name. The buffer is allocated by this function with
473 AllocatePool(), and it is the caller's responsibility to free it with a
475 @param[out] PackageVersionNameMaxLen The maximum length of package version name if device supports update of
476 package version name. A value of 0 indicates the device does not support
477 update of package version name. Length is the number of Unicode characters,
478 including the terminating null character.
479 @param[out] AttributesSupported Package attributes that are supported by this device. See 'Package Attribute
480 Definitions' for possible returned values of this parameter. A value of 1
481 indicates the attribute is supported and the current setting value is
482 indicated in AttributesSetting. A value of 0 indicates the attribute is not
483 supported and the current setting value in AttributesSetting is meaningless.
484 @param[out] AttributesSetting Package attributes. See 'Package Attribute Definitions' for possible returned
485 values of this parameter
487 @retval EFI_SUCCESS The package information was successfully returned.
488 @retval EFI_UNSUPPORTED The operation is not supported.
493 (EFIAPI
*EFI_FIRMWARE_MANAGEMENT_PROTOCOL_GET_PACKAGE_INFO
)(
494 IN EFI_FIRMWARE_MANAGEMENT_PROTOCOL
*This
,
495 OUT UINT32
*PackageVersion
,
496 OUT CHAR16
**PackageVersionName
,
497 OUT UINT32
*PackageVersionNameMaxLen
,
498 OUT UINT64
*AttributesSupported
,
499 OUT UINT64
*AttributesSetting
503 Updates information about the firmware package.
505 This function updates package information.
506 This function returns EFI_UNSUPPORTED if the package information is not updatable.
507 VendorCode enables vendor to implement vendor-specific package information update policy.
508 Null if the caller did not specify this policy or use the default policy.
510 @param[in] This A pointer to the EFI_FIRMWARE_MANAGEMENT_PROTOCOL instance.
511 @param[in] Image Points to the authentication image.
512 Null if authentication is not required.
513 @param[in] ImageSize Size of the authentication image in bytes.
514 0 if authentication is not required.
515 @param[in] VendorCode This enables vendor to implement vendor-specific firmware
517 Null indicates the caller did not specify this policy or use
519 @param[in] PackageVersion The new package version.
520 @param[in] PackageVersionName A pointer to the new null-terminated Unicode string representing
521 the package version name.
522 The string length is equal to or less than the value returned in
523 PackageVersionNameMaxLen.
525 @retval EFI_SUCCESS The device was successfully updated with the new package
527 @retval EFI_INVALID_PARAMETER The PackageVersionName length is longer than the value
528 returned in PackageVersionNameMaxLen.
529 @retval EFI_UNSUPPORTED The operation is not supported.
530 @retval EFI_SECURITY_VIOLATION The operation could not be performed due to an authentication failure.
535 (EFIAPI
*EFI_FIRMWARE_MANAGEMENT_PROTOCOL_SET_PACKAGE_INFO
)(
536 IN EFI_FIRMWARE_MANAGEMENT_PROTOCOL
*This
,
537 IN CONST VOID
*Image
,
539 IN CONST VOID
*VendorCode
,
540 IN UINT32 PackageVersion
,
541 IN CONST CHAR16
*PackageVersionName
545 /// EFI_FIRMWARE_MANAGEMENT_PROTOCOL
546 /// The protocol for managing firmware provides the following services.
547 /// - Get the attributes of the current firmware image. Attributes include revision level.
548 /// - Get a copy of the current firmware image. As an example, this service could be used by a
549 /// management application to facilitate a firmware roll-back.
550 /// - Program the device with a firmware image supplied by the user.
551 /// - Label all the firmware images within a device with a single version.
553 struct _EFI_FIRMWARE_MANAGEMENT_PROTOCOL
{
554 EFI_FIRMWARE_MANAGEMENT_PROTOCOL_GET_IMAGE_INFO GetImageInfo
;
555 EFI_FIRMWARE_MANAGEMENT_PROTOCOL_GET_IMAGE GetImage
;
556 EFI_FIRMWARE_MANAGEMENT_PROTOCOL_SET_IMAGE SetImage
;
557 EFI_FIRMWARE_MANAGEMENT_PROTOCOL_CHECK_IMAGE CheckImage
;
558 EFI_FIRMWARE_MANAGEMENT_PROTOCOL_GET_PACKAGE_INFO GetPackageInfo
;
559 EFI_FIRMWARE_MANAGEMENT_PROTOCOL_SET_PACKAGE_INFO SetPackageInfo
;
562 extern EFI_GUID gEfiFirmwareManagementProtocolGuid
;