[mirror_edk2.git] / MdeModulePkg / Library / DxeCapsuleLibFmp / DxeCapsuleProcessLib.c

/** @file\r
  DXE capsule process.\r
\r
  Caution: This module requires additional review when modified.\r
  This module will have external input - capsule image.\r
  This external input must be validated carefully to avoid security issue like\r
  buffer overflow, integer overflow.\r
\r
  ProcessCapsules(), ProcessTheseCapsules() will receive untrusted\r
  input and do basic validation.\r
\r
  Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>\r
  This program and the accompanying materials\r
  are licensed and made available under the terms and conditions of the BSD License\r
  which accompanies this distribution.  The full text of the license may be found at\r
  http://opensource.org/licenses/bsd-license.php\r
\r
  THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,\r
  WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
\r
**/\r
\r
#include <PiDxe.h>\r
#include <Protocol/EsrtManagement.h>\r
\r
#include <Library/BaseLib.h>\r
#include <Library/DebugLib.h>\r
#include <Library/BaseMemoryLib.h>\r
#include <Library/UefiBootServicesTableLib.h>\r
#include <Library/UefiRuntimeServicesTableLib.h>\r
#include <Library/MemoryAllocationLib.h>\r
#include <Library/UefiLib.h>\r
#include <Library/PcdLib.h>\r
#include <Library/HobLib.h>\r
#include <Library/ReportStatusCodeLib.h>\r
#include <Library/CapsuleLib.h>\r
\r
#include <IndustryStandard/WindowsUxCapsule.h>\r
\r
/**\r
  Return if this FMP is a system FMP or a device FMP, based upon CapsuleHeader.\r
\r
  @param[in] CapsuleHeader A pointer to EFI_CAPSULE_HEADER\r
\r
  @retval TRUE  It is a system FMP.\r
  @retval FALSE It is a device FMP.\r
**/\r
BOOLEAN\r
IsFmpCapsule (\r
  IN EFI_CAPSULE_HEADER  *CapsuleHeader\r
  );\r
\r
/**\r
  Validate Fmp capsules layout.\r
\r
  Caution: This function may receive untrusted input.\r
\r
  This function assumes the caller validated the capsule by using\r
  IsValidCapsuleHeader(), so that all fields in EFI_CAPSULE_HEADER are correct.\r
  The capsule buffer size is CapsuleHeader->CapsuleImageSize.\r
\r
  This function validates the fields in EFI_FIRMWARE_MANAGEMENT_CAPSULE_HEADER\r
  and EFI_FIRMWARE_MANAGEMENT_CAPSULE_IMAGE_HEADER.\r
\r
  This function need support nested FMP capsule.\r
\r
  @param[in]   CapsuleHeader        Points to a capsule header.\r
  @param[out]  EmbeddedDriverCount  The EmbeddedDriverCount in the FMP capsule.\r
\r
  @retval EFI_SUCESS             Input capsule is a correct FMP capsule.\r
  @retval EFI_INVALID_PARAMETER  Input capsule is not a correct FMP capsule.\r
**/\r
EFI_STATUS\r
ValidateFmpCapsule (\r
  IN EFI_CAPSULE_HEADER  *CapsuleHeader,\r
  OUT UINT16             *EmbeddedDriverCount OPTIONAL\r
  );\r
\r
/**\r
  Validate if it is valid capsule header\r
\r
  This function assumes the caller provided correct CapsuleHeader pointer\r
  and CapsuleSize.\r
\r
  This function validates the fields in EFI_CAPSULE_HEADER.\r
\r
  @param[in]  CapsuleHeader    Points to a capsule header.\r
  @param[in]  CapsuleSize      Size of the whole capsule image.\r
\r
**/\r
BOOLEAN\r
IsValidCapsuleHeader (\r
  IN EFI_CAPSULE_HEADER  *CapsuleHeader,\r
  IN UINT64              CapsuleSize\r
  );\r
\r
extern BOOLEAN                   mDxeCapsuleLibEndOfDxe;\r
extern BOOLEAN                   mAreAllImagesProcessed;\r
BOOLEAN                          mNeedReset;\r
\r
/**\r
\r
  This routine is called to process capsules.\r
\r
  Caution: This function may receive untrusted input.\r
\r
  Each individual capsule result is recorded in capsule record variable.\r
\r
  @param[in]  NeedBlockDriver         TRUE: Need skip the FMP capsules with non zero EmbeddedDriverCount.\r
                                      FALSE: No need to skip any FMP capsules.\r
\r
  @retval EFI_SUCCESS             There is no error when processing capsules.\r
  @retval EFI_OUT_OF_RESOURCES    No enough resource to process capsules.\r
\r
**/\r
EFI_STATUS\r
ProcessTheseCapsules (\r
  IN BOOLEAN  NeedBlockDriver\r
  )\r
{\r
  EFI_STATUS                  Status;\r
  EFI_PEI_HOB_POINTERS        HobPointer;\r
  EFI_CAPSULE_HEADER          *CapsuleHeader;\r
  UINT32                      Size;\r
  UINT32                      CapsuleNumber;\r
  UINT32                      CapsuleTotalNumber;\r
  EFI_CAPSULE_TABLE           *CapsuleTable;\r
  UINT32                      Index;\r
  UINT32                      CacheIndex;\r
  UINT32                      CacheNumber;\r
  VOID                        **CapsulePtr;\r
  VOID                        **CapsulePtrCache;\r
  EFI_GUID                    *CapsuleGuidCache;\r
  EFI_STATUS                  *CapsuleStatusArray;\r
  BOOLEAN                     DisplayCapsuleExist;\r
  ESRT_MANAGEMENT_PROTOCOL    *EsrtManagement;\r
  UINT16                      EmbeddedDriverCount;\r
\r
  REPORT_STATUS_CODE(EFI_PROGRESS_CODE, (EFI_SOFTWARE | PcdGet32(PcdStatusCodeSubClassCapsule) | PcdGet32(PcdCapsuleStatusCodeProcessCapsulesBegin)));\r
\r
  CapsuleNumber       = 0;\r
  CapsuleTotalNumber  = 0;\r
  CacheIndex          = 0;\r
  CacheNumber         = 0;\r
  CapsulePtr          = NULL;\r
  CapsulePtrCache     = NULL;\r
  CapsuleGuidCache    = NULL;\r
  DisplayCapsuleExist = FALSE;\r
  EsrtManagement      = NULL;\r
\r
  Status = EFI_SUCCESS;\r
  //\r
  // Find all capsule images from hob\r
  //\r
  HobPointer.Raw = GetHobList ();\r
  while ((HobPointer.Raw = GetNextHob (EFI_HOB_TYPE_UEFI_CAPSULE, HobPointer.Raw)) != NULL) {\r
    if (!IsValidCapsuleHeader((VOID *)(UINTN)HobPointer.Capsule->BaseAddress, HobPointer.Capsule->Length)) {\r
      HobPointer.Header->HobType = EFI_HOB_TYPE_UNUSED; // Mark this hob as invalid\r
    } else {\r
      CapsuleTotalNumber++;\r
    }\r
    HobPointer.Raw = GET_NEXT_HOB (HobPointer);\r
  }\r
\r
  if (CapsuleTotalNumber == 0) {\r
    //\r
    // We didn't find a hob, so had no errors.\r
    //\r
    DEBUG ((DEBUG_ERROR, "We can not find capsule data in capsule update boot mode.\n"));\r
    Status = EFI_SUCCESS;\r
    goto Done;\r
  }\r
\r
  //\r
  // Init temp Capsule Data table.\r
  //\r
  CapsulePtr       = (VOID **) AllocateZeroPool (sizeof (VOID *) * CapsuleTotalNumber);\r
  ASSERT (CapsulePtr != NULL);\r
  if (CapsulePtr == NULL) {\r
    Status = EFI_OUT_OF_RESOURCES;\r
    goto Done;\r
  }\r
  CapsulePtrCache  = (VOID **) AllocateZeroPool (sizeof (VOID *) * CapsuleTotalNumber);\r
  ASSERT (CapsulePtrCache != NULL);\r
  if (CapsulePtrCache == NULL) {\r
    Status = EFI_OUT_OF_RESOURCES;\r
    goto Done;\r
  }\r
  CapsuleGuidCache = (EFI_GUID *) AllocateZeroPool (sizeof (EFI_GUID) * CapsuleTotalNumber);\r
  ASSERT (CapsuleGuidCache != NULL);\r
  if (CapsuleGuidCache == NULL) {\r
    Status = EFI_OUT_OF_RESOURCES;\r
    goto Done;\r
  }\r
  CapsuleStatusArray = (EFI_STATUS *) AllocateZeroPool (sizeof (EFI_STATUS) * CapsuleTotalNumber);\r
  ASSERT (CapsuleStatusArray != NULL);\r
  if (CapsuleStatusArray == NULL) {\r
    Status = EFI_OUT_OF_RESOURCES;\r
    goto Done;\r
  }\r
\r
  //\r
  // Find all capsule images from hob\r
  //\r
  HobPointer.Raw = GetHobList ();\r
  while ((HobPointer.Raw = GetNextHob (EFI_HOB_TYPE_UEFI_CAPSULE, HobPointer.Raw)) != NULL) {\r
    CapsulePtr [CapsuleNumber++] = (VOID *) (UINTN) HobPointer.Capsule->BaseAddress;\r
    HobPointer.Raw = GET_NEXT_HOB (HobPointer);\r
  }\r
\r
  //\r
  // Check the capsule flags,if contains CAPSULE_FLAGS_POPULATE_SYSTEM_TABLE, install\r
  // capsuleTable to configure table with EFI_CAPSULE_GUID\r
  //\r
\r
  //\r
  // Capsules who have CAPSULE_FLAGS_POPULATE_SYSTEM_TABLE always are used for operating\r
  // System to have information persist across a system reset. EFI System Table must\r
  // point to an array of capsules that contains the same CapsuleGuid value. And agents\r
  // searching for this type capsule will look in EFI System Table and search for the\r
  // capsule's Guid and associated pointer to retrieve the data. Two steps below describes\r
  // how to sorting the capsules by the unique guid and install the array to EFI System Table.\r
  // Firstly, Loop for all coalesced capsules, record unique CapsuleGuids and cache them in an\r
  // array for later sorting capsules by CapsuleGuid.\r
  //\r
  for (Index = 0; Index < CapsuleTotalNumber; Index++) {\r
    CapsuleStatusArray [Index] = EFI_UNSUPPORTED;\r
    CapsuleHeader = (EFI_CAPSULE_HEADER*) CapsulePtr [Index];\r
    if ((CapsuleHeader->Flags & CAPSULE_FLAGS_POPULATE_SYSTEM_TABLE) != 0) {\r
      //\r
      // For each capsule, we compare it with known CapsuleGuid in the CacheArray.\r
      // If already has the Guid, skip it. Whereas, record it in the CacheArray as\r
      // an additional one.\r
      //\r
      CacheIndex = 0;\r
      while (CacheIndex < CacheNumber) {\r
        if (CompareGuid(&CapsuleGuidCache[CacheIndex],&CapsuleHeader->CapsuleGuid)) {\r
          break;\r
        }\r
        CacheIndex++;\r
      }\r
      if (CacheIndex == CacheNumber) {\r
        CopyMem(&CapsuleGuidCache[CacheNumber++],&CapsuleHeader->CapsuleGuid,sizeof(EFI_GUID));\r
      }\r
    }\r
  }\r
\r
  //\r
  // Secondly, for each unique CapsuleGuid in CacheArray, gather all coalesced capsules\r
  // whose guid is the same as it, and malloc memory for an array which preceding\r
  // with UINT32. The array fills with entry point of capsules that have the same\r
  // CapsuleGuid, and UINT32 represents the size of the array of capsules. Then install\r
  // this array into EFI System Table, so that agents searching for this type capsule\r
  // will look in EFI System Table and search for the capsule's Guid and associated\r
  // pointer to retrieve the data.\r
  //\r
  CacheIndex = 0;\r
  while (CacheIndex < CacheNumber) {\r
    CapsuleNumber = 0;\r
    for (Index = 0; Index < CapsuleTotalNumber; Index++) {\r
      CapsuleHeader = (EFI_CAPSULE_HEADER*) CapsulePtr [Index];\r
      if ((CapsuleHeader->Flags & CAPSULE_FLAGS_POPULATE_SYSTEM_TABLE) != 0) {\r
        if (CompareGuid (&CapsuleGuidCache[CacheIndex], &CapsuleHeader->CapsuleGuid)) {\r
          //\r
          // Cache Caspuleheader to the array, this array is uniqued with certain CapsuleGuid.\r
          //\r
          CapsulePtrCache[CapsuleNumber++] = (VOID*)CapsuleHeader;\r
          //\r
          // When a Capsule is listed in CapsulePtrCache, it will be reported in ConfigurationTable\r
          // So, report the CapsuleStatus as "processed successfully".\r
          //\r
          CapsuleStatusArray [Index] = EFI_SUCCESS;\r
        }\r
      }\r
    }\r
    if (CapsuleNumber != 0) {\r
      Size = sizeof(EFI_CAPSULE_TABLE) + (CapsuleNumber - 1) * sizeof(VOID*);\r
      CapsuleTable = AllocateRuntimePool (Size);\r
      ASSERT (CapsuleTable != NULL);\r
      if (CapsuleTable == NULL) {\r
        return EFI_OUT_OF_RESOURCES;\r
      }\r
      CapsuleTable->CapsuleArrayNumber =  CapsuleNumber;\r
      CopyMem(&CapsuleTable->CapsulePtr[0], CapsulePtrCache, CapsuleNumber * sizeof(VOID*));\r
      Status = gBS->InstallConfigurationTable (&CapsuleGuidCache[CacheIndex], (VOID*)CapsuleTable);\r
      ASSERT_EFI_ERROR (Status);\r
    }\r
    CacheIndex++;\r
  }\r
\r
  REPORT_STATUS_CODE(EFI_PROGRESS_CODE, (EFI_SOFTWARE | PcdGet32(PcdStatusCodeSubClassCapsule) | PcdGet32(PcdCapsuleStatusCodeUpdatingFirmware)));\r
\r
  //\r
  // If Windows UX capsule exist, process it first\r
  //\r
  for (Index = 0; Index < CapsuleTotalNumber; Index++) {\r
    CapsuleHeader = (EFI_CAPSULE_HEADER*) CapsulePtr [Index];\r
    if (CompareGuid(&CapsuleHeader->CapsuleGuid ,&gWindowsUxCapsuleGuid)) {\r
      DEBUG ((DEBUG_INFO, "ProcessCapsuleImage (Ux) - 0x%x\n", CapsuleHeader));\r
      DisplayCapsuleExist = TRUE;\r
      DEBUG ((DEBUG_INFO, "Display logo capsule is found.\n"));\r
      Status = ProcessCapsuleImage (CapsuleHeader);\r
      DEBUG((DEBUG_INFO, "ProcessCapsuleImage (Ux) - %r\n", Status));\r
      CapsuleStatusArray [Index] = Status;\r
      break;\r
    }\r
  }\r
\r
  if (!DisplayCapsuleExist) {\r
    //\r
    // Display Capsule not found. Display the default string.\r
    //\r
    Print (L"Updating the firmware ......\r\n");\r
  }\r
\r
  //\r
  // All capsules left are recognized by platform.\r
  //\r
  for (Index = 0; Index < CapsuleTotalNumber; Index++) {\r
    CapsuleHeader = (EFI_CAPSULE_HEADER*) CapsulePtr [Index];\r
    if (!CompareGuid(&CapsuleHeader->CapsuleGuid ,&gWindowsUxCapsuleGuid)) {\r
      //\r
      // Call capsule library to process capsule image.\r
      //\r
      EmbeddedDriverCount = 0;\r
      if (IsFmpCapsule(CapsuleHeader)) {\r
        Status = ValidateFmpCapsule(CapsuleHeader, &EmbeddedDriverCount);\r
        if (EFI_ERROR(Status)) {\r
          DEBUG((DEBUG_ERROR, "ValidateFmpCapsule failed. Ignore!\n"));\r
          continue;\r
        }\r
      }\r
\r
      if ((!NeedBlockDriver) || (EmbeddedDriverCount == 0)) {\r
        DEBUG((DEBUG_INFO, "ProcessCapsuleImage - 0x%x\n", CapsuleHeader));\r
        Status = ProcessCapsuleImage (CapsuleHeader);\r
        CapsuleStatusArray [Index] = Status;\r
        DEBUG((DEBUG_INFO, "ProcessCapsuleImage - %r\n", Status));\r
\r
        if (EFI_ERROR(Status)) {\r
          REPORT_STATUS_CODE(EFI_ERROR_CODE, (EFI_SOFTWARE | PcdGet32(PcdStatusCodeSubClassCapsule) | PcdGet32(PcdCapsuleStatusCodeUpdateFirmwareFailed)));\r
          DEBUG ((DEBUG_ERROR, "Capsule process failed. reset the system!\n"));\r
          Print (L"Firmware update failed...\r\n");\r
        } else {\r
          REPORT_STATUS_CODE(EFI_PROGRESS_CODE, (EFI_SOFTWARE | PcdGet32(PcdStatusCodeSubClassCapsule) | PcdGet32(PcdCapsuleStatusCodeUpdateFirmwareSuccess)));\r
        }\r
\r
        if ((CapsuleHeader->Flags & PcdGet16(PcdSystemRebootAfterCapsuleProcessFlag)) != 0 ||\r
            IsFmpCapsule(CapsuleHeader)) {\r
          mNeedReset = TRUE;\r
        }\r
      }\r
    }\r
  }\r
\r
  Status = gBS->LocateProtocol(&gEsrtManagementProtocolGuid, NULL, (VOID **)&EsrtManagement);\r
  //\r
  // Always sync ESRT Cache from FMP Instance\r
  //\r
  if (!EFI_ERROR(Status)) {\r
    EsrtManagement->SyncEsrtFmp();\r
  }\r
  Status = EFI_SUCCESS;\r
\r
Done:\r
  //\r
  // Free the allocated temp memory space.\r
  //\r
  if (CapsuleGuidCache != NULL) {\r
    FreePool(CapsuleGuidCache);\r
  }\r
  if (CapsulePtrCache != NULL) {\r
    FreePool(CapsulePtrCache);\r
  }\r
  if (CapsulePtr != NULL) {\r
    FreePool(CapsulePtr);\r
  }\r
\r
  REPORT_STATUS_CODE(EFI_PROGRESS_CODE, (EFI_SOFTWARE | PcdGet32(PcdStatusCodeSubClassCapsule) | PcdGet32(PcdCapsuleStatusCodeProcessCapsulesEnd)));\r
\r
  return Status;\r
}\r
\r
/**\r
  Do reset system.\r
**/\r
VOID\r
DoResetSystem (\r
  VOID\r
  )\r
{\r
  UINTN                         Index;\r
\r
  REPORT_STATUS_CODE(EFI_PROGRESS_CODE, (EFI_SOFTWARE | PcdGet32(PcdStatusCodeSubClassCapsule) | PcdGet32(PcdCapsuleStatusCodeResettingSystem)));\r
\r
  Print(L"Capsule Request Cold Reboot.\n");\r
  DEBUG((DEBUG_INFO, "Capsule Request Cold Reboot."));\r
\r
  for (Index = 5; Index > 0; Index--) {\r
    Print(L"\rResetting system in %d seconds ...", Index);\r
    DEBUG((DEBUG_INFO, "\rResetting system in %d seconds ...", Index));\r
    gBS->Stall(1000000);\r
  }\r
\r
  gRT->ResetSystem(EfiResetCold, EFI_SUCCESS, 0, NULL);\r
\r
  CpuDeadLoop();\r
}\r
\r
/**\r
\r
  This routine is called to process capsules.\r
\r
  Caution: This function may receive untrusted input.\r
\r
  The capsules reported in EFI_HOB_UEFI_CAPSULE are processed.\r
  If there is no EFI_HOB_UEFI_CAPSULE, this routine does nothing.\r
\r
  This routine should be called twice in BDS.\r
  1) The first call must be before EndOfDxe. The system capsules is processed.\r
     If device capsule FMP protocols are exposted at this time and device FMP\r
     capsule has zero EmbeddedDriverCount, the device capsules are processed.\r
     Each individual capsule result is recorded in capsule record variable.\r
     System may reset in this function, if reset is required by capsule and\r
     all capsules are processed.\r
     If not all capsules are processed, reset will be defered to second call.\r
\r
  2) The second call must be after EndOfDxe and after ConnectAll, so that all\r
     device capsule FMP protocols are exposed.\r
     The system capsules are skipped. If the device capsules are NOT processed\r
     in first call, they are processed here.\r
     Each individual capsule result is recorded in capsule record variable.\r
     System may reset in this function, if reset is required by capsule\r
     processed in first call and second call.\r
\r
  @retval EFI_SUCCESS             There is no error when processing capsules.\r
  @retval EFI_OUT_OF_RESOURCES    No enough resource to process capsules.\r
\r
**/\r
EFI_STATUS\r
EFIAPI\r
ProcessCapsules (\r
  VOID\r
  )\r
{\r
  EFI_STATUS                    Status;\r
\r
  if (!mDxeCapsuleLibEndOfDxe) {\r
    //\r
    // Initialize mAreAllImagesProcessed to be TRUE.\r
    //\r
    // It will be updated to FALSE in ProcessTheseCapsules()->ProcessCapsuleImage(),\r
    // if there is any FMP image in any FMP capsule not processed.\r
    //\r
    mAreAllImagesProcessed = TRUE;\r
\r
    Status = ProcessTheseCapsules(TRUE);\r
    //\r
    // Reboot System if and only if all capsule processed.\r
    // If not, defer reset to 2nd process.\r
    //\r
    if (mNeedReset && mAreAllImagesProcessed) {\r
      DoResetSystem();\r
    }\r
  } else {\r
    Status = ProcessTheseCapsules(FALSE);\r
    //\r
    // Reboot System if required after all capsule processed\r
    //\r
    if (mNeedReset) {\r
      DoResetSystem();\r
    }\r
  }\r
  return Status;\r
}\r
Commit	Line	Data
d2a16030 JY	1	/** @file\r
	2	DXE capsule process.\r
	3	\r
	4	Caution: This module requires additional review when modified.\r
	5	This module will have external input - capsule image.\r
	6	This external input must be validated carefully to avoid security issue like\r
	7	buffer overflow, integer overflow.\r
	8	\r
	9	ProcessCapsules(), ProcessTheseCapsules() will receive untrusted\r
	10	input and do basic validation.\r
	11	\r
	12	Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>\r
	13	This program and the accompanying materials\r
	14	are licensed and made available under the terms and conditions of the BSD License\r
	15	which accompanies this distribution. The full text of the license may be found at\r
	16	http://opensource.org/licenses/bsd-license.php\r
	17	\r
	18	THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,\r
	19	WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
	20	\r
	21	**/\r
	22	\r
	23	#include <PiDxe.h>\r
	24	#include <Protocol/EsrtManagement.h>\r
	25	\r
	26	#include <Library/BaseLib.h>\r
	27	#include <Library/DebugLib.h>\r
	28	#include <Library/BaseMemoryLib.h>\r
	29	#include <Library/UefiBootServicesTableLib.h>\r
	30	#include <Library/UefiRuntimeServicesTableLib.h>\r
	31	#include <Library/MemoryAllocationLib.h>\r
	32	#include <Library/UefiLib.h>\r
	33	#include <Library/PcdLib.h>\r
	34	#include <Library/HobLib.h>\r
	35	#include <Library/ReportStatusCodeLib.h>\r
	36	#include <Library/CapsuleLib.h>\r
	37	\r
	38	#include <IndustryStandard/WindowsUxCapsule.h>\r
	39	\r
	40	/**\r
	41	Return if this FMP is a system FMP or a device FMP, based upon CapsuleHeader.\r
	42	\r
	43	@param[in] CapsuleHeader A pointer to EFI_CAPSULE_HEADER\r
	44	\r
	45	@retval TRUE It is a system FMP.\r
	46	@retval FALSE It is a device FMP.\r
	47	**/\r
	48	BOOLEAN\r
	49	IsFmpCapsule (\r
	50	IN EFI_CAPSULE_HEADER *CapsuleHeader\r
	51	);\r
	52	\r
	53	/**\r
	54	Validate Fmp capsules layout.\r
	55	\r
	56	Caution: This function may receive untrusted input.\r
	57	\r
	58	This function assumes the caller validated the capsule by using\r
	59	IsValidCapsuleHeader(), so that all fields in EFI_CAPSULE_HEADER are correct.\r
	60	The capsule buffer size is CapsuleHeader->CapsuleImageSize.\r
	61	\r
	62	This function validates the fields in EFI_FIRMWARE_MANAGEMENT_CAPSULE_HEADER\r
	63	and EFI_FIRMWARE_MANAGEMENT_CAPSULE_IMAGE_HEADER.\r
	64	\r
65	This function need support nested FMP capsule.\r
66	\r
67	@param[in] CapsuleHeader Points to a capsule header.\r
68	@param[out] EmbeddedDriverCount The EmbeddedDriverCount in the FMP capsule.\r
69	\r
70	@retval EFI_SUCESS Input capsule is a correct FMP capsule.\r
71	@retval EFI_INVALID_PARAMETER Input capsule is not a correct FMP capsule.\r
72	**/\r
73	EFI_STATUS\r
74	ValidateFmpCapsule (\r
75	IN EFI_CAPSULE_HEADER *CapsuleHeader,\r
76	OUT UINT16 *EmbeddedDriverCount OPTIONAL\r
77	);\r
78	\r
79	/**\r
80	Validate if it is valid capsule header\r
81	\r
82	This function assumes the caller provided correct CapsuleHeader pointer\r
83	and CapsuleSize.\r
84	\r
85	This function validates the fields in EFI_CAPSULE_HEADER.\r
86	\r
87	@param[in] CapsuleHeader Points to a capsule header.\r
88	@param[in] CapsuleSize Size of the whole capsule image.\r
89	\r
90	**/\r
91	BOOLEAN\r
92	IsValidCapsuleHeader (\r
93	IN EFI_CAPSULE_HEADER *CapsuleHeader,\r
94	IN UINT64 CapsuleSize\r
95	);\r
96	\r
97	extern BOOLEAN mDxeCapsuleLibEndOfDxe;\r
98	extern BOOLEAN mAreAllImagesProcessed;\r
99	BOOLEAN mNeedReset;\r
100	\r
101	/**\r
102	\r
103	This routine is called to process capsules.\r
104	\r
105	Caution: This function may receive untrusted input.\r
106	\r
107	Each individual capsule result is recorded in capsule record variable.\r
108	\r
109	@param[in] NeedBlockDriver TRUE: Need skip the FMP capsules with non zero EmbeddedDriverCount.\r
110	FALSE: No need to skip any FMP capsules.\r
111	\r
112	@retval EFI_SUCCESS There is no error when processing capsules.\r
113	@retval EFI_OUT_OF_RESOURCES No enough resource to process capsules.\r
114	\r
115	**/\r
116	EFI_STATUS\r
117	ProcessTheseCapsules (\r
118	IN BOOLEAN NeedBlockDriver\r
119	)\r
120	{\r
121	EFI_STATUS Status;\r
122	EFI_PEI_HOB_POINTERS HobPointer;\r
123	EFI_CAPSULE_HEADER *CapsuleHeader;\r
124	UINT32 Size;\r
125	UINT32 CapsuleNumber;\r
126	UINT32 CapsuleTotalNumber;\r
127	EFI_CAPSULE_TABLE *CapsuleTable;\r
128	UINT32 Index;\r
129	UINT32 CacheIndex;\r
130	UINT32 CacheNumber;\r
131	VOID **CapsulePtr;\r
132	VOID **CapsulePtrCache;\r
133	EFI_GUID *CapsuleGuidCache;\r
134	EFI_STATUS *CapsuleStatusArray;\r
135	BOOLEAN DisplayCapsuleExist;\r
136	ESRT_MANAGEMENT_PROTOCOL *EsrtManagement;\r
137	UINT16 EmbeddedDriverCount;\r
138	\r
139	REPORT_STATUS_CODE(EFI_PROGRESS_CODE, (EFI_SOFTWARE \| PcdGet32(PcdStatusCodeSubClassCapsule) \| PcdGet32(PcdCapsuleStatusCodeProcessCapsulesBegin)));\r
140	\r
141	CapsuleNumber = 0;\r
142	CapsuleTotalNumber = 0;\r
143	CacheIndex = 0;\r
144	CacheNumber = 0;\r
145	CapsulePtr = NULL;\r
146	CapsulePtrCache = NULL;\r
147	CapsuleGuidCache = NULL;\r
148	DisplayCapsuleExist = FALSE;\r
149	EsrtManagement = NULL;\r
150	\r
151	Status = EFI_SUCCESS;\r
152	//\r
153	// Find all capsule images from hob\r
154	//\r
155	HobPointer.Raw = GetHobList ();\r
156	while ((HobPointer.Raw = GetNextHob (EFI_HOB_TYPE_UEFI_CAPSULE, HobPointer.Raw)) != NULL) {\r
157	if (!IsValidCapsuleHeader((VOID *)(UINTN)HobPointer.Capsule->BaseAddress, HobPointer.Capsule->Length)) {\r
158	HobPointer.Header->HobType = EFI_HOB_TYPE_UNUSED; // Mark this hob as invalid\r
159	} else {\r
160	CapsuleTotalNumber++;\r
161	}\r
162	HobPointer.Raw = GET_NEXT_HOB (HobPointer);\r
163	}\r
164	\r
165	if (CapsuleTotalNumber == 0) {\r
166	//\r
167	// We didn't find a hob, so had no errors.\r
168	//\r
169	DEBUG ((DEBUG_ERROR, "We can not find capsule data in capsule update boot mode.\n"));\r
170	Status = EFI_SUCCESS;\r
171	goto Done;\r
172	}\r
173	\r
174	//\r
175	// Init temp Capsule Data table.\r
176	//\r
177	CapsulePtr = (VOID *) AllocateZeroPool (sizeof (VOID ) * CapsuleTotalNumber);\r
178	ASSERT (CapsulePtr != NULL);\r
179	if (CapsulePtr == NULL) {\r
180	Status = EFI_OUT_OF_RESOURCES;\r
181	goto Done;\r
182	}\r
183	CapsulePtrCache = (VOID *) AllocateZeroPool (sizeof (VOID ) * CapsuleTotalNumber);\r
184	ASSERT (CapsulePtrCache != NULL);\r
185	if (CapsulePtrCache == NULL) {\r
186	Status = EFI_OUT_OF_RESOURCES;\r
187	goto Done;\r
188	}\r
189	CapsuleGuidCache = (EFI_GUID ) AllocateZeroPool (sizeof (EFI_GUID) CapsuleTotalNumber);\r
190	ASSERT (CapsuleGuidCache != NULL);\r
191	if (CapsuleGuidCache == NULL) {\r
192	Status = EFI_OUT_OF_RESOURCES;\r
193	goto Done;\r
194	}\r
195	CapsuleStatusArray = (EFI_STATUS ) AllocateZeroPool (sizeof (EFI_STATUS) CapsuleTotalNumber);\r
196	ASSERT (CapsuleStatusArray != NULL);\r
197	if (CapsuleStatusArray == NULL) {\r
198	Status = EFI_OUT_OF_RESOURCES;\r
199	goto Done;\r
200	}\r
201	\r
202	//\r
203	// Find all capsule images from hob\r
204	//\r
205	HobPointer.Raw = GetHobList ();\r
206	while ((HobPointer.Raw = GetNextHob (EFI_HOB_TYPE_UEFI_CAPSULE, HobPointer.Raw)) != NULL) {\r
207	CapsulePtr [CapsuleNumber++] = (VOID *) (UINTN) HobPointer.Capsule->BaseAddress;\r
208	HobPointer.Raw = GET_NEXT_HOB (HobPointer);\r
209	}\r
210	\r
211	//\r
212	// Check the capsule flags,if contains CAPSULE_FLAGS_POPULATE_SYSTEM_TABLE, install\r
213	// capsuleTable to configure table with EFI_CAPSULE_GUID\r
214	//\r
215	\r
216	//\r
217	// Capsules who have CAPSULE_FLAGS_POPULATE_SYSTEM_TABLE always are used for operating\r
218	// System to have information persist across a system reset. EFI System Table must\r
219	// point to an array of capsules that contains the same CapsuleGuid value. And agents\r
220	// searching for this type capsule will look in EFI System Table and search for the\r
221	// capsule's Guid and associated pointer to retrieve the data. Two steps below describes\r
222	// how to sorting the capsules by the unique guid and install the array to EFI System Table.\r
223	// Firstly, Loop for all coalesced capsules, record unique CapsuleGuids and cache them in an\r
224	// array for later sorting capsules by CapsuleGuid.\r
225	//\r
226	for (Index = 0; Index < CapsuleTotalNumber; Index++) {\r
227	CapsuleStatusArray [Index] = EFI_UNSUPPORTED;\r
228	CapsuleHeader = (EFI_CAPSULE_HEADER*) CapsulePtr [Index];\r
229	if ((CapsuleHeader->Flags & CAPSULE_FLAGS_POPULATE_SYSTEM_TABLE) != 0) {\r
230	//\r
231	// For each capsule, we compare it with known CapsuleGuid in the CacheArray.\r
232	// If already has the Guid, skip it. Whereas, record it in the CacheArray as\r
233	// an additional one.\r
234	//\r
235	CacheIndex = 0;\r
236	while (CacheIndex < CacheNumber) {\r
237	if (CompareGuid(&CapsuleGuidCache[CacheIndex],&CapsuleHeader->CapsuleGuid)) {\r
238	break;\r
239	}\r
240	CacheIndex++;\r
241	}\r
242	if (CacheIndex == CacheNumber) {\r
243	CopyMem(&CapsuleGuidCache[CacheNumber++],&CapsuleHeader->CapsuleGuid,sizeof(EFI_GUID));\r
244	}\r
245	}\r
246	}\r
247	\r
248	//\r
249	// Secondly, for each unique CapsuleGuid in CacheArray, gather all coalesced capsules\r
250	// whose guid is the same as it, and malloc memory for an array which preceding\r
251	// with UINT32. The array fills with entry point of capsules that have the same\r
252	// CapsuleGuid, and UINT32 represents the size of the array of capsules. Then install\r
253	// this array into EFI System Table, so that agents searching for this type capsule\r
254	// will look in EFI System Table and search for the capsule's Guid and associated\r
255	// pointer to retrieve the data.\r
256	//\r
257	CacheIndex = 0;\r
258	while (CacheIndex < CacheNumber) {\r
259	CapsuleNumber = 0;\r
260	for (Index = 0; Index < CapsuleTotalNumber; Index++) {\r
261	CapsuleHeader = (EFI_CAPSULE_HEADER*) CapsulePtr [Index];\r
262	if ((CapsuleHeader->Flags & CAPSULE_FLAGS_POPULATE_SYSTEM_TABLE) != 0) {\r
263	if (CompareGuid (&CapsuleGuidCache[CacheIndex], &CapsuleHeader->CapsuleGuid)) {\r
264	//\r
265	// Cache Caspuleheader to the array, this array is uniqued with certain CapsuleGuid.\r
266	//\r
267	CapsulePtrCache[CapsuleNumber++] = (VOID*)CapsuleHeader;\r
268	//\r
269	// When a Capsule is listed in CapsulePtrCache, it will be reported in ConfigurationTable\r
270	// So, report the CapsuleStatus as "processed successfully".\r
271	//\r
272	CapsuleStatusArray [Index] = EFI_SUCCESS;\r
273	}\r
274	}\r
275	}\r
276	if (CapsuleNumber != 0) {\r
277	Size = sizeof(EFI_CAPSULE_TABLE) + (CapsuleNumber - 1) * sizeof(VOID*);\r
278	CapsuleTable = AllocateRuntimePool (Size);\r
279	ASSERT (CapsuleTable != NULL);\r
280	if (CapsuleTable == NULL) {\r
281	return EFI_OUT_OF_RESOURCES;\r
282	}\r
283	CapsuleTable->CapsuleArrayNumber = CapsuleNumber;\r
284	CopyMem(&CapsuleTable->CapsulePtr[0], CapsulePtrCache, CapsuleNumber * sizeof(VOID*));\r
285	Status = gBS->InstallConfigurationTable (&CapsuleGuidCache[CacheIndex], (VOID*)CapsuleTable);\r
286	ASSERT_EFI_ERROR (Status);\r
287	}\r
288	CacheIndex++;\r
289	}\r
290	\r
291	REPORT_STATUS_CODE(EFI_PROGRESS_CODE, (EFI_SOFTWARE \| PcdGet32(PcdStatusCodeSubClassCapsule) \| PcdGet32(PcdCapsuleStatusCodeUpdatingFirmware)));\r
292	\r
293	//\r
294	// If Windows UX capsule exist, process it first\r
295	//\r
296	for (Index = 0; Index < CapsuleTotalNumber; Index++) {\r
297	CapsuleHeader = (EFI_CAPSULE_HEADER*) CapsulePtr [Index];\r
298	if (CompareGuid(&CapsuleHeader->CapsuleGuid ,&gWindowsUxCapsuleGuid)) {\r
299	DEBUG ((DEBUG_INFO, "ProcessCapsuleImage (Ux) - 0x%x\n", CapsuleHeader));\r
300	DisplayCapsuleExist = TRUE;\r
301	DEBUG ((DEBUG_INFO, "Display logo capsule is found.\n"));\r
302	Status = ProcessCapsuleImage (CapsuleHeader);\r
303	DEBUG((DEBUG_INFO, "ProcessCapsuleImage (Ux) - %r\n", Status));\r
304	CapsuleStatusArray [Index] = Status;\r
305	break;\r
306	}\r
307	}\r
308	\r
309	if (!DisplayCapsuleExist) {\r
310	//\r
311	// Display Capsule not found. Display the default string.\r
312	//\r
313	Print (L"Updating the firmware ......\r\n");\r
314	}\r
315	\r
316	//\r
317	// All capsules left are recognized by platform.\r
318	//\r
319	for (Index = 0; Index < CapsuleTotalNumber; Index++) {\r
320	CapsuleHeader = (EFI_CAPSULE_HEADER*) CapsulePtr [Index];\r
321	if (!CompareGuid(&CapsuleHeader->CapsuleGuid ,&gWindowsUxCapsuleGuid)) {\r
322	//\r
323	// Call capsule library to process capsule image.\r
324	//\r
325	EmbeddedDriverCount = 0;\r
326	if (IsFmpCapsule(CapsuleHeader)) {\r
327	Status = ValidateFmpCapsule(CapsuleHeader, &EmbeddedDriverCount);\r
328	if (EFI_ERROR(Status)) {\r
329	DEBUG((DEBUG_ERROR, "ValidateFmpCapsule failed. Ignore!\n"));\r
330	continue;\r
331	}\r
332	}\r
333	\r
334	if ((!NeedBlockDriver) \|\| (EmbeddedDriverCount == 0)) {\r
335	DEBUG((DEBUG_INFO, "ProcessCapsuleImage - 0x%x\n", CapsuleHeader));\r
336	Status = ProcessCapsuleImage (CapsuleHeader);\r
337	CapsuleStatusArray [Index] = Status;\r
338	DEBUG((DEBUG_INFO, "ProcessCapsuleImage - %r\n", Status));\r
339	\r
340	if (EFI_ERROR(Status)) {\r
341	REPORT_STATUS_CODE(EFI_ERROR_CODE, (EFI_SOFTWARE \| PcdGet32(PcdStatusCodeSubClassCapsule) \| PcdGet32(PcdCapsuleStatusCodeUpdateFirmwareFailed)));\r
342	DEBUG ((DEBUG_ERROR, "Capsule process failed. reset the system!\n"));\r
343	Print (L"Firmware update failed...\r\n");\r
344	} else {\r
345	REPORT_STATUS_CODE(EFI_PROGRESS_CODE, (EFI_SOFTWARE \| PcdGet32(PcdStatusCodeSubClassCapsule) \| PcdGet32(PcdCapsuleStatusCodeUpdateFirmwareSuccess)));\r
346	}\r
347	\r
348	if ((CapsuleHeader->Flags & PcdGet16(PcdSystemRebootAfterCapsuleProcessFlag)) != 0 \|\|\r
349	IsFmpCapsule(CapsuleHeader)) {\r
350	mNeedReset = TRUE;\r
351	}\r
352	}\r
353	}\r
354	}\r
355	\r
356	Status = gBS->LocateProtocol(&gEsrtManagementProtocolGuid, NULL, (VOID **)&EsrtManagement);\r
357	//\r
358	// Always sync ESRT Cache from FMP Instance\r
359	//\r
360	if (!EFI_ERROR(Status)) {\r
361	EsrtManagement->SyncEsrtFmp();\r
362	}\r
363	Status = EFI_SUCCESS;\r
364	\r
365	Done:\r
366	//\r
367	// Free the allocated temp memory space.\r
368	//\r
369	if (CapsuleGuidCache != NULL) {\r
370	FreePool(CapsuleGuidCache);\r
371	}\r
372	if (CapsulePtrCache != NULL) {\r
373	FreePool(CapsulePtrCache);\r
374	}\r
375	if (CapsulePtr != NULL) {\r
376	FreePool(CapsulePtr);\r
377	}\r
378	\r
379	REPORT_STATUS_CODE(EFI_PROGRESS_CODE, (EFI_SOFTWARE \| PcdGet32(PcdStatusCodeSubClassCapsule) \| PcdGet32(PcdCapsuleStatusCodeProcessCapsulesEnd)));\r
380	\r
381	return Status;\r
382	}\r
383	\r
384	/**\r
385	Do reset system.\r
386	**/\r
387	VOID\r
388	DoResetSystem (\r
389	VOID\r
390	)\r
391	{\r
392	UINTN Index;\r
393	\r
394	REPORT_STATUS_CODE(EFI_PROGRESS_CODE, (EFI_SOFTWARE \| PcdGet32(PcdStatusCodeSubClassCapsule) \| PcdGet32(PcdCapsuleStatusCodeResettingSystem)));\r
395	\r
396	Print(L"Capsule Request Cold Reboot.\n");\r
397	DEBUG((DEBUG_INFO, "Capsule Request Cold Reboot."));\r
398	\r
399	for (Index = 5; Index > 0; Index--) {\r
400	Print(L"\rResetting system in %d seconds ...", Index);\r
401	DEBUG((DEBUG_INFO, "\rResetting system in %d seconds ...", Index));\r
402	gBS->Stall(1000000);\r
403	}\r
404	\r
405	gRT->ResetSystem(EfiResetCold, EFI_SUCCESS, 0, NULL);\r
406	\r
407	CpuDeadLoop();\r
408	}\r
409	\r
410	/**\r
411	\r
412	This routine is called to process capsules.\r
413	\r
414	Caution: This function may receive untrusted input.\r
415	\r
416	The capsules reported in EFI_HOB_UEFI_CAPSULE are processed.\r
417	If there is no EFI_HOB_UEFI_CAPSULE, this routine does nothing.\r
418	\r
419	This routine should be called twice in BDS.\r
420	1) The first call must be before EndOfDxe. The system capsules is processed.\r
421	If device capsule FMP protocols are exposted at this time and device FMP\r
422	capsule has zero EmbeddedDriverCount, the device capsules are processed.\r
423	Each individual capsule result is recorded in capsule record variable.\r
424	System may reset in this function, if reset is required by capsule and\r
425	all capsules are processed.\r
426	If not all capsules are processed, reset will be defered to second call.\r
427	\r
428	2) The second call must be after EndOfDxe and after ConnectAll, so that all\r
429	device capsule FMP protocols are exposed.\r
430	The system capsules are skipped. If the device capsules are NOT processed\r
431	in first call, they are processed here.\r
432	Each individual capsule result is recorded in capsule record variable.\r
433	System may reset in this function, if reset is required by capsule\r
434	processed in first call and second call.\r
435	\r
436	@retval EFI_SUCCESS There is no error when processing capsules.\r
437	@retval EFI_OUT_OF_RESOURCES No enough resource to process capsules.\r
438	\r
439	**/\r
440	EFI_STATUS\r
441	EFIAPI\r
442	ProcessCapsules (\r
443	VOID\r
444	)\r
445	{\r
446	EFI_STATUS Status;\r
447	\r
448	if (!mDxeCapsuleLibEndOfDxe) {\r
449	//\r
450	// Initialize mAreAllImagesProcessed to be TRUE.\r
451	//\r
452	// It will be updated to FALSE in ProcessTheseCapsules()->ProcessCapsuleImage(),\r
453	// if there is any FMP image in any FMP capsule not processed.\r
454	//\r
455	mAreAllImagesProcessed = TRUE;\r
456	\r
457	Status = ProcessTheseCapsules(TRUE);\r
458	//\r
459	// Reboot System if and only if all capsule processed.\r
460	// If not, defer reset to 2nd process.\r
461	//\r
462	if (mNeedReset && mAreAllImagesProcessed) {\r
463	DoResetSystem();\r
464	}\r
465	} else {\r
466	Status = ProcessTheseCapsules(FALSE);\r
467	//\r
468	// Reboot System if required after all capsule processed\r
469	//\r
470	if (mNeedReset) {\r
471	DoResetSystem();\r
472	}\r
473	}\r
474	return Status;\r
475	}\r