[mirror_edk2.git] / SignedCapsulePkg / Universal / SystemFirmwareUpdate / SystemFirmwareReportDxe.c

/** @file\r
  SetImage instance to report system firmware and act as agent to system update.\r
\r
  Caution: This module requires additional review when modified.\r
  This module will have external input - capsule image.\r
  This external input must be validated carefully to avoid security issue like\r
  buffer overflow, integer overflow.\r
\r
  FmpSetImage() will receive untrusted input and do basic validation.\r
\r
  Copyright (c) 2016 - 2018, Intel Corporation. All rights reserved.<BR>\r
  SPDX-License-Identifier: BSD-2-Clause-Patent\r
\r
**/\r
\r
#include "SystemFirmwareDxe.h"\r
\r
//\r
// SystemFmp driver private data\r
//\r
SYSTEM_FMP_PRIVATE_DATA  *mSystemFmpPrivate = NULL;\r
\r
/**\r
  Dispatch system FMP images.\r
\r
  Caution: This function may receive untrusted input.\r
\r
  @param[in]  Image              The EDKII system FMP capsule image.\r
  @param[in]  ImageSize          The size of the EDKII system FMP capsule image in bytes.\r
  @param[out] LastAttemptVersion The last attempt version, which will be recorded in ESRT and FMP EFI_FIRMWARE_IMAGE_DESCRIPTOR.\r
  @param[out] LastAttemptStatus  The last attempt status, which will be recorded in ESRT and FMP EFI_FIRMWARE_IMAGE_DESCRIPTOR.\r
\r
  @retval EFI_SUCCESS           Process Capsule Image successfully.\r
  @retval EFI_UNSUPPORTED       Capsule image is not supported by the firmware.\r
  @retval EFI_VOLUME_CORRUPTED  FV volume in the capsule is corrupted.\r
  @retval EFI_OUT_OF_RESOURCES  Not enough memory.\r
**/\r
EFI_STATUS\r
DispatchSystemFmpImages (\r
  IN VOID     *Image,\r
  IN UINTN    ImageSize,\r
  OUT UINT32  *LastAttemptVersion,\r
  OUT UINT32  *LastAttemptStatus\r
  )\r
{\r
  EFI_STATUS                  Status;\r
  VOID                        *AuthenticatedImage;\r
  UINTN                       AuthenticatedImageSize;\r
  VOID                        *DispatchFvImage;\r
  UINTN                       DispatchFvImageSize;\r
  EFI_HANDLE                  FvProtocolHandle;\r
  EFI_FIRMWARE_VOLUME_HEADER  *FvImage;\r
  BOOLEAN                     Result;\r
\r
  AuthenticatedImage     = NULL;\r
  AuthenticatedImageSize = 0;\r
\r
  DEBUG ((DEBUG_INFO, "DispatchSystemFmpImages\n"));\r
\r
  //\r
  // Verify\r
  //\r
  Status = CapsuleAuthenticateSystemFirmware (Image, ImageSize, FALSE, LastAttemptVersion, LastAttemptStatus, &AuthenticatedImage, &AuthenticatedImageSize);\r
  if (EFI_ERROR (Status)) {\r
    DEBUG ((DEBUG_INFO, "SystemFirmwareAuthenticateImage - %r\n", Status));\r
    return Status;\r
  }\r
\r
  //\r
  // Get FV\r
  //\r
  Result = ExtractDriverFvImage (AuthenticatedImage, AuthenticatedImageSize, &DispatchFvImage, &DispatchFvImageSize);\r
  if (Result) {\r
    DEBUG ((DEBUG_INFO, "ExtractDriverFvImage\n"));\r
    //\r
    // Dispatch\r
    //\r
    if (((EFI_FIRMWARE_VOLUME_HEADER *)DispatchFvImage)->FvLength == DispatchFvImageSize) {\r
      FvImage = AllocatePages (EFI_SIZE_TO_PAGES (DispatchFvImageSize));\r
      if (FvImage != NULL) {\r
        CopyMem (FvImage, DispatchFvImage, DispatchFvImageSize);\r
        Status = gDS->ProcessFirmwareVolume (\r
                        (VOID *)FvImage,\r
                        (UINTN)FvImage->FvLength,\r
                        &FvProtocolHandle\r
                        );\r
        DEBUG ((DEBUG_INFO, "ProcessFirmwareVolume - %r\n", Status));\r
        if (!EFI_ERROR (Status)) {\r
          gDS->Dispatch ();\r
          DEBUG ((DEBUG_INFO, "Dispatch Done\n"));\r
        }\r
      }\r
    }\r
  }\r
\r
  return EFI_SUCCESS;\r
}\r
\r
/**\r
  Updates the firmware image of the device.\r
\r
  This function updates the hardware with the new firmware image.\r
  This function returns EFI_UNSUPPORTED if the firmware image is not updatable.\r
  If the firmware image is updatable, the function should perform the following minimal validations\r
  before proceeding to do the firmware image update.\r
  - Validate the image authentication if image has attribute\r
    IMAGE_ATTRIBUTE_AUTHENTICATION_REQUIRED. The function returns\r
    EFI_SECURITY_VIOLATION if the validation fails.\r
  - Validate the image is a supported image for this device. The function returns EFI_ABORTED if\r
    the image is unsupported. The function can optionally provide more detailed information on\r
    why the image is not a supported image.\r
  - Validate the data from VendorCode if not null. Image validation must be performed before\r
    VendorCode data validation. VendorCode data is ignored or considered invalid if image\r
    validation failed. The function returns EFI_ABORTED if the data is invalid.\r
\r
  VendorCode enables vendor to implement vendor-specific firmware image update policy. Null if\r
  the caller did not specify the policy or use the default policy. As an example, vendor can implement\r
  a policy to allow an option to force a firmware image update when the abort reason is due to the new\r
  firmware image version is older than the current firmware image version or bad image checksum.\r
  Sensitive operations such as those wiping the entire firmware image and render the device to be\r
  non-functional should be encoded in the image itself rather than passed with the VendorCode.\r
  AbortReason enables vendor to have the option to provide a more detailed description of the abort\r
  reason to the caller.\r
\r
  @param[in]  This               A pointer to the EFI_FIRMWARE_MANAGEMENT_PROTOCOL instance.\r
  @param[in]  ImageIndex         A unique number identifying the firmware image(s) within the device.\r
                                 The number is between 1 and DescriptorCount.\r
  @param[in]  Image              Points to the new image.\r
  @param[in]  ImageSize          Size of the new image in bytes.\r
  @param[in]  VendorCode         This enables vendor to implement vendor-specific firmware image update policy.\r
                                 Null indicates the caller did not specify the policy or use the default policy.\r
  @param[in]  Progress           A function used by the driver to report the progress of the firmware update.\r
  @param[out] AbortReason        A pointer to a pointer to a null-terminated string providing more\r
                                 details for the aborted operation. The buffer is allocated by this function\r
                                 with AllocatePool(), and it is the caller's responsibility to free it with a\r
                                 call to FreePool().\r
\r
  @retval EFI_SUCCESS            The device was successfully updated with the new image.\r
  @retval EFI_ABORTED            The operation is aborted.\r
  @retval EFI_INVALID_PARAMETER  The Image was NULL.\r
  @retval EFI_UNSUPPORTED        The operation is not supported.\r
  @retval EFI_SECURITY_VIOLATION The operation could not be performed due to an authentication failure.\r
\r
**/\r
EFI_STATUS\r
EFIAPI\r
FmpSetImage (\r
  IN  EFI_FIRMWARE_MANAGEMENT_PROTOCOL               *This,\r
  IN  UINT8                                          ImageIndex,\r
  IN  CONST VOID                                     *Image,\r
  IN  UINTN                                          ImageSize,\r
  IN  CONST VOID                                     *VendorCode,\r
  IN  EFI_FIRMWARE_MANAGEMENT_UPDATE_IMAGE_PROGRESS  Progress,\r
  OUT CHAR16                                         **AbortReason\r
  )\r
{\r
  SYSTEM_FMP_PRIVATE_DATA           *SystemFmpPrivate;\r
  EFI_FIRMWARE_MANAGEMENT_PROTOCOL  *SystemFmp;\r
  EFI_STATUS                        Status;\r
  EFI_STATUS                        VarStatus;\r
\r
  if ((Image == NULL) || (ImageSize == 0) || (AbortReason == NULL)) {\r
    return EFI_INVALID_PARAMETER;\r
  }\r
\r
  SystemFmpPrivate = SYSTEM_FMP_PRIVATE_DATA_FROM_FMP (This);\r
  *AbortReason     = NULL;\r
\r
  if ((ImageIndex == 0) || (ImageIndex > SystemFmpPrivate->DescriptorCount)) {\r
    return EFI_INVALID_PARAMETER;\r
  }\r
\r
  //\r
  // Process FV\r
  //\r
  Status = DispatchSystemFmpImages ((VOID *)Image, ImageSize, &SystemFmpPrivate->LastAttempt.LastAttemptVersion, &SystemFmpPrivate->LastAttempt.LastAttemptStatus);\r
  DEBUG ((DEBUG_INFO, "(Agent)SetImage - LastAttempt Version - 0x%x, State - 0x%x\n", SystemFmpPrivate->LastAttempt.LastAttemptVersion, SystemFmpPrivate->LastAttempt.LastAttemptStatus));\r
  if (EFI_ERROR (Status)) {\r
    VarStatus = gRT->SetVariable (\r
                       SYSTEM_FMP_LAST_ATTEMPT_VARIABLE_NAME,\r
                       &gSystemFmpLastAttemptVariableGuid,\r
                       EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS,\r
                       sizeof (SystemFmpPrivate->LastAttempt),\r
                       &SystemFmpPrivate->LastAttempt\r
                       );\r
    DEBUG ((DEBUG_INFO, "(Agent)SetLastAttempt - %r\n", VarStatus));\r
    return Status;\r
  }\r
\r
  //\r
  // Pass Thru to System FMP Protocol on same handle as FMP Protocol\r
  //\r
  Status = gBS->HandleProtocol (\r
                  SystemFmpPrivate->Handle,\r
                  &gSystemFmpProtocolGuid,\r
                  (VOID **)&SystemFmp\r
                  );\r
  if (EFI_ERROR (Status)) {\r
    Status = gBS->LocateProtocol (\r
                    &gSystemFmpProtocolGuid,\r
                    NULL,\r
                    (VOID **)&SystemFmp\r
                    );\r
    if (EFI_ERROR (Status)) {\r
      DEBUG ((DEBUG_INFO, "(Agent)SetImage - SystemFmpProtocol - %r\n", Status));\r
      SystemFmpPrivate->LastAttempt.LastAttemptStatus = LAST_ATTEMPT_STATUS_ERROR_INVALID_FORMAT;\r
      VarStatus                                       = gRT->SetVariable (\r
                                                               SYSTEM_FMP_LAST_ATTEMPT_VARIABLE_NAME,\r
                                                               &gSystemFmpLastAttemptVariableGuid,\r
                                                               EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS,\r
                                                               sizeof (SystemFmpPrivate->LastAttempt),\r
                                                               &SystemFmpPrivate->LastAttempt\r
                                                               );\r
      DEBUG ((DEBUG_INFO, "(Agent)SetLastAttempt - %r\n", VarStatus));\r
      return Status;\r
    }\r
  }\r
\r
  return SystemFmp->SetImage (SystemFmp, ImageIndex, Image, ImageSize, VendorCode, Progress, AbortReason);\r
}\r
\r
/**\r
  System FMP module entrypoint\r
\r
  @param[in]  ImageHandle       The firmware allocated handle for the EFI image.\r
  @param[in]  SystemTable       A pointer to the EFI System Table.\r
\r
  @return EFI_SUCCESS System FMP module is initialized.\r
**/\r
EFI_STATUS\r
EFIAPI\r
SystemFirmwareReportMainDxe (\r
  IN EFI_HANDLE        ImageHandle,\r
  IN EFI_SYSTEM_TABLE  *SystemTable\r
  )\r
{\r
  EFI_STATUS  Status;\r
\r
  //\r
  // Initialize SystemFmpPrivateData\r
  //\r
  mSystemFmpPrivate = AllocateZeroPool (sizeof (SYSTEM_FMP_PRIVATE_DATA));\r
  if (mSystemFmpPrivate == NULL) {\r
    return EFI_OUT_OF_RESOURCES;\r
  }\r
\r
  Status = InitializePrivateData (mSystemFmpPrivate);\r
  if (EFI_ERROR (Status)) {\r
    FreePool (mSystemFmpPrivate);\r
    mSystemFmpPrivate = NULL;\r
    return Status;\r
  }\r
\r
  //\r
  // Install FMP protocol.\r
  //\r
  Status = gBS->InstallProtocolInterface (\r
                  &mSystemFmpPrivate->Handle,\r
                  &gEfiFirmwareManagementProtocolGuid,\r
                  EFI_NATIVE_INTERFACE,\r
                  &mSystemFmpPrivate->Fmp\r
                  );\r
  if (EFI_ERROR (Status)) {\r
    FreePool (mSystemFmpPrivate);\r
    mSystemFmpPrivate = NULL;\r
    return Status;\r
  }\r
\r
  return Status;\r
}\r
Commit	Line	Data
f6f91d38 JY	1	/** @file\r
	2	SetImage instance to report system firmware and act as agent to system update.\r
	3	\r
	4	Caution: This module requires additional review when modified.\r
	5	This module will have external input - capsule image.\r
	6	This external input must be validated carefully to avoid security issue like\r
	7	buffer overflow, integer overflow.\r
	8	\r
	9	FmpSetImage() will receive untrusted input and do basic validation.\r
	10	\r
153f5c7a	11	Copyright (c) 2016 - 2018, Intel Corporation. All rights reserved.<BR>\r
fbf06957	12	SPDX-License-Identifier: BSD-2-Clause-Patent\r
f6f91d38 JY	13	\r
	14	**/\r
	15	\r
	16	#include "SystemFirmwareDxe.h"\r
	17	\r
	18	//\r
	19	// SystemFmp driver private data\r
	20	//\r
b8786489	21	SYSTEM_FMP_PRIVATE_DATA *mSystemFmpPrivate = NULL;\r
f6f91d38 JY	22	\r
	23	/**\r
	24	Dispatch system FMP images.\r
	25	\r
	26	Caution: This function may receive untrusted input.\r
	27	\r
	28	@param[in] Image The EDKII system FMP capsule image.\r
	29	@param[in] ImageSize The size of the EDKII system FMP capsule image in bytes.\r
	30	@param[out] LastAttemptVersion The last attempt version, which will be recorded in ESRT and FMP EFI_FIRMWARE_IMAGE_DESCRIPTOR.\r
	31	@param[out] LastAttemptStatus The last attempt status, which will be recorded in ESRT and FMP EFI_FIRMWARE_IMAGE_DESCRIPTOR.\r
	32	\r
c38f0816	33	@retval EFI_SUCCESS Process Capsule Image successfully.\r
f6f91d38 JY	34	@retval EFI_UNSUPPORTED Capsule image is not supported by the firmware.\r
	35	@retval EFI_VOLUME_CORRUPTED FV volume in the capsule is corrupted.\r
	36	@retval EFI_OUT_OF_RESOURCES Not enough memory.\r
	37	**/\r
	38	EFI_STATUS\r
	39	DispatchSystemFmpImages (\r
b8786489 MK	40	IN VOID *Image,\r
	41	IN UINTN ImageSize,\r
	42	OUT UINT32 *LastAttemptVersion,\r
	43	OUT UINT32 *LastAttemptStatus\r
f6f91d38 JY	44	)\r
f6f91d38 JY	45	{\r
b8786489 MK	46	EFI_STATUS Status;\r
	47	VOID *AuthenticatedImage;\r
	48	UINTN AuthenticatedImageSize;\r
	49	VOID *DispatchFvImage;\r
	50	UINTN DispatchFvImageSize;\r
	51	EFI_HANDLE FvProtocolHandle;\r
	52	EFI_FIRMWARE_VOLUME_HEADER *FvImage;\r
	53	BOOLEAN Result;\r
f6f91d38	54	\r
8b66342c HW	55	AuthenticatedImage = NULL;\r
	56	AuthenticatedImageSize = 0;\r
	57	\r
b8786489	58	DEBUG ((DEBUG_INFO, "DispatchSystemFmpImages\n"));\r
f6f91d38 JY	59	\r
	60	//\r
	61	// Verify\r
	62	//\r
b8786489 MK	63	Status = CapsuleAuthenticateSystemFirmware (Image, ImageSize, FALSE, LastAttemptVersion, LastAttemptStatus, &AuthenticatedImage, &AuthenticatedImageSize);\r
	64	if (EFI_ERROR (Status)) {\r
	65	DEBUG ((DEBUG_INFO, "SystemFirmwareAuthenticateImage - %r\n", Status));\r
f6f91d38 JY	66	return Status;\r
	67	}\r
	68	\r
	69	//\r
	70	// Get FV\r
	71	//\r
b8786489	72	Result = ExtractDriverFvImage (AuthenticatedImage, AuthenticatedImageSize, &DispatchFvImage, &DispatchFvImageSize);\r
f6f91d38	73	if (Result) {\r
b8786489	74	DEBUG ((DEBUG_INFO, "ExtractDriverFvImage\n"));\r
f6f91d38 JY	75	//\r
	76	// Dispatch\r
	77	//\r
	78	if (((EFI_FIRMWARE_VOLUME_HEADER *)DispatchFvImage)->FvLength == DispatchFvImageSize) {\r
b8786489	79	FvImage = AllocatePages (EFI_SIZE_TO_PAGES (DispatchFvImageSize));\r
f6f91d38	80	if (FvImage != NULL) {\r
b8786489 MK	81	CopyMem (FvImage, DispatchFvImage, DispatchFvImageSize);\r
b8786489 MK	82	Status = gDS->ProcessFirmwareVolume (\r
f6f91d38 JY	83	(VOID *)FvImage,\r
	84	(UINTN)FvImage->FvLength,\r
	85	&FvProtocolHandle\r
	86	);\r
b8786489 MK	87	DEBUG ((DEBUG_INFO, "ProcessFirmwareVolume - %r\n", Status));\r
	88	if (!EFI_ERROR (Status)) {\r
	89	gDS->Dispatch ();\r
	90	DEBUG ((DEBUG_INFO, "Dispatch Done\n"));\r
f6f91d38 JY	91	}\r
	92	}\r
	93	}\r
	94	}\r
	95	\r
	96	return EFI_SUCCESS;\r
	97	}\r
	98	\r
	99	/**\r
	100	Updates the firmware image of the device.\r
	101	\r
	102	This function updates the hardware with the new firmware image.\r
	103	This function returns EFI_UNSUPPORTED if the firmware image is not updatable.\r
	104	If the firmware image is updatable, the function should perform the following minimal validations\r
	105	before proceeding to do the firmware image update.\r
	106	- Validate the image authentication if image has attribute\r
	107	IMAGE_ATTRIBUTE_AUTHENTICATION_REQUIRED. The function returns\r
	108	EFI_SECURITY_VIOLATION if the validation fails.\r
	109	- Validate the image is a supported image for this device. The function returns EFI_ABORTED if\r
	110	the image is unsupported. The function can optionally provide more detailed information on\r
	111	why the image is not a supported image.\r
	112	- Validate the data from VendorCode if not null. Image validation must be performed before\r
	113	VendorCode data validation. VendorCode data is ignored or considered invalid if image\r
	114	validation failed. The function returns EFI_ABORTED if the data is invalid.\r
	115	\r
	116	VendorCode enables vendor to implement vendor-specific firmware image update policy. Null if\r
	117	the caller did not specify the policy or use the default policy. As an example, vendor can implement\r
	118	a policy to allow an option to force a firmware image update when the abort reason is due to the new\r
	119	firmware image version is older than the current firmware image version or bad image checksum.\r
	120	Sensitive operations such as those wiping the entire firmware image and render the device to be\r
	121	non-functional should be encoded in the image itself rather than passed with the VendorCode.\r
	122	AbortReason enables vendor to have the option to provide a more detailed description of the abort\r
	123	reason to the caller.\r
	124	\r
	125	@param[in] This A pointer to the EFI_FIRMWARE_MANAGEMENT_PROTOCOL instance.\r
	126	@param[in] ImageIndex A unique number identifying the firmware image(s) within the device.\r
	127	The number is between 1 and DescriptorCount.\r
	128	@param[in] Image Points to the new image.\r
	129	@param[in] ImageSize Size of the new image in bytes.\r
	130	@param[in] VendorCode This enables vendor to implement vendor-specific firmware image update policy.\r
	131	Null indicates the caller did not specify the policy or use the default policy.\r
	132	@param[in] Progress A function used by the driver to report the progress of the firmware update.\r
	133	@param[out] AbortReason A pointer to a pointer to a null-terminated string providing more\r
	134	details for the aborted operation. The buffer is allocated by this function\r
	135	with AllocatePool(), and it is the caller's responsibility to free it with a\r
	136	call to FreePool().\r
	137	\r
	138	@retval EFI_SUCCESS The device was successfully updated with the new image.\r
	139	@retval EFI_ABORTED The operation is aborted.\r
	140	@retval EFI_INVALID_PARAMETER The Image was NULL.\r
	141	@retval EFI_UNSUPPORTED The operation is not supported.\r
c8dca871	142	@retval EFI_SECURITY_VIOLATION The operation could not be performed due to an authentication failure.\r
f6f91d38 JY	143	\r
	144	**/\r
	145	EFI_STATUS\r
	146	EFIAPI\r
	147	FmpSetImage (\r
b8786489 MK	148	IN EFI_FIRMWARE_MANAGEMENT_PROTOCOL *This,\r
	149	IN UINT8 ImageIndex,\r
	150	IN CONST VOID *Image,\r
	151	IN UINTN ImageSize,\r
	152	IN CONST VOID *VendorCode,\r
	153	IN EFI_FIRMWARE_MANAGEMENT_UPDATE_IMAGE_PROGRESS Progress,\r
	154	OUT CHAR16 **AbortReason\r
f6f91d38 JY	155	)\r
f6f91d38 JY	156	{\r
b8786489 MK	157	SYSTEM_FMP_PRIVATE_DATA *SystemFmpPrivate;\r
	158	EFI_FIRMWARE_MANAGEMENT_PROTOCOL *SystemFmp;\r
	159	EFI_STATUS Status;\r
	160	EFI_STATUS VarStatus;\r
f6f91d38	161	\r
b8786489	162	if ((Image == NULL) \|\| (ImageSize == 0) \|\| (AbortReason == NULL)) {\r
f6f91d38 JY	163	return EFI_INVALID_PARAMETER;\r
	164	}\r
	165	\r
b8786489	166	SystemFmpPrivate = SYSTEM_FMP_PRIVATE_DATA_FROM_FMP (This);\r
f6f91d38 JY	167	*AbortReason = NULL;\r
f6f91d38 JY	168	\r
b8786489	169	if ((ImageIndex == 0) \|\| (ImageIndex > SystemFmpPrivate->DescriptorCount)) {\r
f6f91d38 JY	170	return EFI_INVALID_PARAMETER;\r
	171	}\r
	172	\r
	173	//\r
	174	// Process FV\r
	175	//\r
b8786489 MK	176	Status = DispatchSystemFmpImages ((VOID *)Image, ImageSize, &SystemFmpPrivate->LastAttempt.LastAttemptVersion, &SystemFmpPrivate->LastAttempt.LastAttemptStatus);\r
	177	DEBUG ((DEBUG_INFO, "(Agent)SetImage - LastAttempt Version - 0x%x, State - 0x%x\n", SystemFmpPrivate->LastAttempt.LastAttemptVersion, SystemFmpPrivate->LastAttempt.LastAttemptStatus));\r
	178	if (EFI_ERROR (Status)) {\r
	179	VarStatus = gRT->SetVariable (\r
f6f91d38 JY	180	SYSTEM_FMP_LAST_ATTEMPT_VARIABLE_NAME,\r
	181	&gSystemFmpLastAttemptVariableGuid,\r
	182	EFI_VARIABLE_NON_VOLATILE \| EFI_VARIABLE_BOOTSERVICE_ACCESS,\r
b8786489	183	sizeof (SystemFmpPrivate->LastAttempt),\r
f6f91d38 JY	184	&SystemFmpPrivate->LastAttempt\r
f6f91d38 JY	185	);\r
b8786489	186	DEBUG ((DEBUG_INFO, "(Agent)SetLastAttempt - %r\n", VarStatus));\r
f6f91d38 JY	187	return Status;\r
	188	}\r
	189	\r
	190	//\r
153f5c7a	191	// Pass Thru to System FMP Protocol on same handle as FMP Protocol\r
f6f91d38	192	//\r
b8786489	193	Status = gBS->HandleProtocol (\r
153f5c7a KM	194	SystemFmpPrivate->Handle,\r
	195	&gSystemFmpProtocolGuid,\r
	196	(VOID **)&SystemFmp\r
	197	);\r
b8786489	198	if (EFI_ERROR (Status)) {\r
fc0494a6 SZ	199	Status = gBS->LocateProtocol (\r
	200	&gSystemFmpProtocolGuid,\r
	201	NULL,\r
	202	(VOID **)&SystemFmp\r
	203	);\r
b8786489 MK	204	if (EFI_ERROR (Status)) {\r
b8786489 MK	205	DEBUG ((DEBUG_INFO, "(Agent)SetImage - SystemFmpProtocol - %r\n", Status));\r
fc0494a6	206	SystemFmpPrivate->LastAttempt.LastAttemptStatus = LAST_ATTEMPT_STATUS_ERROR_INVALID_FORMAT;\r
b8786489 MK	207	VarStatus = gRT->SetVariable (\r
	208	SYSTEM_FMP_LAST_ATTEMPT_VARIABLE_NAME,\r
	209	&gSystemFmpLastAttemptVariableGuid,\r
	210	EFI_VARIABLE_NON_VOLATILE \| EFI_VARIABLE_BOOTSERVICE_ACCESS,\r
	211	sizeof (SystemFmpPrivate->LastAttempt),\r
	212	&SystemFmpPrivate->LastAttempt\r
	213	);\r
	214	DEBUG ((DEBUG_INFO, "(Agent)SetLastAttempt - %r\n", VarStatus));\r
fc0494a6 SZ	215	return Status;\r
fc0494a6 SZ	216	}\r
f6f91d38 JY	217	}\r
f6f91d38 JY	218	\r
b8786489	219	return SystemFmp->SetImage (SystemFmp, ImageIndex, Image, ImageSize, VendorCode, Progress, AbortReason);\r
f6f91d38 JY	220	}\r
	221	\r
	222	/**\r
	223	System FMP module entrypoint\r
	224	\r
	225	@param[in] ImageHandle The firmware allocated handle for the EFI image.\r
	226	@param[in] SystemTable A pointer to the EFI System Table.\r
	227	\r
	228	@return EFI_SUCCESS System FMP module is initialized.\r
	229	**/\r
	230	EFI_STATUS\r
	231	EFIAPI\r
	232	SystemFirmwareReportMainDxe (\r
b8786489 MK	233	IN EFI_HANDLE ImageHandle,\r
b8786489 MK	234	IN EFI_SYSTEM_TABLE *SystemTable\r
f6f91d38 JY	235	)\r
f6f91d38 JY	236	{\r
b8786489	237	EFI_STATUS Status;\r
f6f91d38 JY	238	\r
	239	//\r
	240	// Initialize SystemFmpPrivateData\r
	241	//\r
b8786489	242	mSystemFmpPrivate = AllocateZeroPool (sizeof (SYSTEM_FMP_PRIVATE_DATA));\r
f6f91d38 JY	243	if (mSystemFmpPrivate == NULL) {\r
	244	return EFI_OUT_OF_RESOURCES;\r
	245	}\r
	246	\r
b8786489 MK	247	Status = InitializePrivateData (mSystemFmpPrivate);\r
	248	if (EFI_ERROR (Status)) {\r
	249	FreePool (mSystemFmpPrivate);\r
f6f91d38 JY	250	mSystemFmpPrivate = NULL;\r
	251	return Status;\r
	252	}\r
	253	\r
	254	//\r
	255	// Install FMP protocol.\r
	256	//\r
	257	Status = gBS->InstallProtocolInterface (\r
	258	&mSystemFmpPrivate->Handle,\r
	259	&gEfiFirmwareManagementProtocolGuid,\r
	260	EFI_NATIVE_INTERFACE,\r
	261	&mSystemFmpPrivate->Fmp\r
	262	);\r
	263	if (EFI_ERROR (Status)) {\r
b8786489	264	FreePool (mSystemFmpPrivate);\r
f6f91d38 JY	265	mSystemFmpPrivate = NULL;\r
	266	return Status;\r
	267	}\r
	268	\r
	269	return Status;\r
	270	}\r