2 SetImage instance to update Microcode.
4 Caution: This module requires additional review when modified.
5 This module will have external input - capsule image.
6 This external input must be validated carefully to avoid security issue like
7 buffer overflow, integer overflow.
9 MicrocodeWrite() and VerifyMicrocode() will receive untrusted input and do basic validation.
11 Copyright (c) 2016 - 2018, Intel Corporation. All rights reserved.<BR>
12 This program and the accompanying materials
13 are licensed and made available under the terms and conditions of the BSD License
14 which accompanies this distribution. The full text of the license may be found at
15 http://opensource.org/licenses/bsd-license.php
17 THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
18 WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
22 #include "MicrocodeUpdate.h"
27 @param[out] MicrocodePatchAddress The address of Microcode
28 @param[out] MicrocodePatchRegionSize The region size of Microcode
30 @retval TRUE The Microcode region is returned.
31 @retval FALSE No Microcode region.
35 OUT VOID
**MicrocodePatchAddress
,
36 OUT UINTN
*MicrocodePatchRegionSize
39 *MicrocodePatchAddress
= (VOID
*)(UINTN
)PcdGet64(PcdCpuMicrocodePatchAddress
);
40 *MicrocodePatchRegionSize
= (UINTN
)PcdGet64(PcdCpuMicrocodePatchRegionSize
);
42 if ((*MicrocodePatchAddress
== NULL
) || (*MicrocodePatchRegionSize
== 0)) {
50 Get Microcode update signature of currently loaded Microcode update.
52 @return Microcode signature.
56 GetCurrentMicrocodeSignature (
62 AsmWriteMsr64(MSR_IA32_BIOS_SIGN_ID
, 0);
63 AsmCpuid(CPUID_VERSION_INFO
, NULL
, NULL
, NULL
, NULL
);
64 Signature
= AsmReadMsr64(MSR_IA32_BIOS_SIGN_ID
);
65 return (UINT32
)RShiftU64(Signature
, 32);
69 Get current processor signature.
71 @return current processor signature.
74 GetCurrentProcessorSignature (
79 AsmCpuid(CPUID_VERSION_INFO
, &RegEax
, NULL
, NULL
, NULL
);
84 Get current platform ID.
86 @return current platform ID.
89 GetCurrentPlatformId (
95 PlatformId
= (UINT8
)AsmMsrBitFieldRead64(MSR_IA32_PLATFORM_ID
, 50, 52);
102 @param[in] Address The address of new Microcode.
104 @return Loaded Microcode signature.
112 AsmWriteMsr64(MSR_IA32_BIOS_UPDT_TRIG
, Address
);
113 return GetCurrentMicrocodeSignature();
117 Load Microcode on an Application Processor.
118 The function prototype for invoking a function on an Application Processor.
120 @param[in,out] Buffer The pointer to private data buffer.
128 MICROCODE_LOAD_BUFFER
*MicrocodeLoadBuffer
;
130 MicrocodeLoadBuffer
= Buffer
;
131 MicrocodeLoadBuffer
->Revision
= LoadMicrocode (MicrocodeLoadBuffer
->Address
);
135 Load new Microcode on this processor
137 @param[in] MicrocodeFmpPrivate The Microcode driver private data
138 @param[in] CpuIndex The index of the processor.
139 @param[in] Address The address of new Microcode.
141 @return Loaded Microcode signature.
145 LoadMicrocodeOnThis (
146 IN MICROCODE_FMP_PRIVATE_DATA
*MicrocodeFmpPrivate
,
152 EFI_MP_SERVICES_PROTOCOL
*MpService
;
153 MICROCODE_LOAD_BUFFER MicrocodeLoadBuffer
;
155 if (CpuIndex
== MicrocodeFmpPrivate
->BspIndex
) {
156 return LoadMicrocode (Address
);
158 MpService
= MicrocodeFmpPrivate
->MpService
;
159 MicrocodeLoadBuffer
.Address
= Address
;
160 MicrocodeLoadBuffer
.Revision
= 0;
161 Status
= MpService
->StartupThisAP (
167 &MicrocodeLoadBuffer
,
170 ASSERT_EFI_ERROR(Status
);
171 return MicrocodeLoadBuffer
.Revision
;
176 Collect processor information.
177 The function prototype for invoking a function on an Application Processor.
179 @param[in,out] Buffer The pointer to private data buffer.
183 CollectProcessorInfo (
187 PROCESSOR_INFO
*ProcessorInfo
;
189 ProcessorInfo
= Buffer
;
190 ProcessorInfo
->ProcessorSignature
= GetCurrentProcessorSignature();
191 ProcessorInfo
->PlatformId
= GetCurrentPlatformId();
192 ProcessorInfo
->MicrocodeRevision
= GetCurrentMicrocodeSignature();
196 Get current Microcode information.
198 The ProcessorInformation (BspIndex/ProcessorCount/ProcessorInfo)
199 in MicrocodeFmpPrivate must be initialized.
201 The MicrocodeInformation (DescriptorCount/ImageDescriptor/MicrocodeInfo)
202 in MicrocodeFmpPrivate may not be avaiable in this function.
204 @param[in] MicrocodeFmpPrivate The Microcode driver private data
205 @param[in] DescriptorCount The count of Microcode ImageDescriptor allocated.
206 @param[out] ImageDescriptor Microcode ImageDescriptor
207 @param[out] MicrocodeInfo Microcode information
209 @return Microcode count
213 IN MICROCODE_FMP_PRIVATE_DATA
*MicrocodeFmpPrivate
,
214 IN UINTN DescriptorCount
, OPTIONAL
215 OUT EFI_FIRMWARE_IMAGE_DESCRIPTOR
*ImageDescriptor
, OPTIONAL
216 OUT MICROCODE_INFO
*MicrocodeInfo OPTIONAL
219 VOID
*MicrocodePatchAddress
;
220 UINTN MicrocodePatchRegionSize
;
221 CPU_MICROCODE_HEADER
*MicrocodeEntryPoint
;
225 UINT64 ImageAttributes
;
228 UINT32 AttemptStatus
;
229 UINTN TargetCpuIndex
;
231 MicrocodePatchAddress
= MicrocodeFmpPrivate
->MicrocodePatchAddress
;
232 MicrocodePatchRegionSize
= MicrocodeFmpPrivate
->MicrocodePatchRegionSize
;
234 DEBUG((DEBUG_INFO
, "Microcode Region - 0x%x - 0x%x\n", MicrocodePatchAddress
, MicrocodePatchRegionSize
));
238 MicrocodeEnd
= (UINTN
)MicrocodePatchAddress
+ MicrocodePatchRegionSize
;
239 MicrocodeEntryPoint
= (CPU_MICROCODE_HEADER
*) (UINTN
) MicrocodePatchAddress
;
241 if (MicrocodeEntryPoint
->HeaderVersion
== 0x1 && MicrocodeEntryPoint
->LoaderRevision
== 0x1) {
243 // It is the microcode header. It is not the padding data between microcode patches
244 // becasue the padding data should not include 0x00000001 and it should be the repeated
245 // byte format (like 0xXYXYXYXY....).
247 if (MicrocodeEntryPoint
->DataSize
== 0) {
250 TotalSize
= MicrocodeEntryPoint
->TotalSize
;
253 TargetCpuIndex
= (UINTN
)-1;
254 Status
= VerifyMicrocode(MicrocodeFmpPrivate
, MicrocodeEntryPoint
, TotalSize
, FALSE
, &AttemptStatus
, NULL
, &TargetCpuIndex
);
255 if (!EFI_ERROR(Status
)) {
257 ASSERT (TargetCpuIndex
< MicrocodeFmpPrivate
->ProcessorCount
);
258 MicrocodeFmpPrivate
->ProcessorInfo
[TargetCpuIndex
].MicrocodeIndex
= Count
;
263 if (ImageDescriptor
!= NULL
&& DescriptorCount
> Count
) {
264 ImageDescriptor
[Count
].ImageIndex
= (UINT8
)(Count
+ 1);
265 CopyGuid (&ImageDescriptor
[Count
].ImageTypeId
, &gMicrocodeFmpImageTypeIdGuid
);
266 ImageDescriptor
[Count
].ImageId
= LShiftU64(MicrocodeEntryPoint
->ProcessorFlags
, 32) + MicrocodeEntryPoint
->ProcessorSignature
.Uint32
;
267 ImageDescriptor
[Count
].ImageIdName
= NULL
;
268 ImageDescriptor
[Count
].Version
= MicrocodeEntryPoint
->UpdateRevision
;
269 ImageDescriptor
[Count
].VersionName
= NULL
;
270 ImageDescriptor
[Count
].Size
= TotalSize
;
271 ImageAttributes
= IMAGE_ATTRIBUTE_IMAGE_UPDATABLE
| IMAGE_ATTRIBUTE_RESET_REQUIRED
;
273 ImageAttributes
|= IMAGE_ATTRIBUTE_IN_USE
;
275 ImageDescriptor
[Count
].AttributesSupported
= ImageAttributes
| IMAGE_ATTRIBUTE_IN_USE
;
276 ImageDescriptor
[Count
].AttributesSetting
= ImageAttributes
;
277 ImageDescriptor
[Count
].Compatibilities
= 0;
278 ImageDescriptor
[Count
].LowestSupportedImageVersion
= MicrocodeEntryPoint
->UpdateRevision
; // do not support rollback
279 ImageDescriptor
[Count
].LastAttemptVersion
= 0;
280 ImageDescriptor
[Count
].LastAttemptStatus
= 0;
281 ImageDescriptor
[Count
].HardwareInstance
= 0;
283 if (MicrocodeInfo
!= NULL
&& DescriptorCount
> Count
) {
284 MicrocodeInfo
[Count
].MicrocodeEntryPoint
= MicrocodeEntryPoint
;
285 MicrocodeInfo
[Count
].TotalSize
= TotalSize
;
286 MicrocodeInfo
[Count
].InUse
= IsInUse
;
290 // It is the padding data between the microcode patches for microcode patches alignment.
291 // Because the microcode patch is the multiple of 1-KByte, the padding data should not
292 // exist if the microcode patch alignment value is not larger than 1-KByte. So, the microcode
293 // alignment value should be larger than 1-KByte. We could skip SIZE_1KB padding data to
294 // find the next possible microcode patch header.
296 MicrocodeEntryPoint
= (CPU_MICROCODE_HEADER
*) (((UINTN
) MicrocodeEntryPoint
) + SIZE_1KB
);
301 ASSERT(Count
< 0xFF);
304 // Get the next patch.
306 MicrocodeEntryPoint
= (CPU_MICROCODE_HEADER
*) (((UINTN
) MicrocodeEntryPoint
) + TotalSize
);
307 } while (((UINTN
) MicrocodeEntryPoint
< MicrocodeEnd
));
313 Return matched processor information.
315 @param[in] MicrocodeFmpPrivate The Microcode driver private data
316 @param[in] ProcessorSignature The processor signature to be matched
317 @param[in] ProcessorFlags The processor flags to be matched
318 @param[in, out] TargetCpuIndex On input, the index of target CPU which tries to match the Microcode. (UINTN)-1 means to try all.
319 On output, the index of target CPU which matches the Microcode.
321 @return matched processor information.
324 GetMatchedProcessor (
325 IN MICROCODE_FMP_PRIVATE_DATA
*MicrocodeFmpPrivate
,
326 IN UINT32 ProcessorSignature
,
327 IN UINT32 ProcessorFlags
,
328 IN OUT UINTN
*TargetCpuIndex
333 if (*TargetCpuIndex
!= (UINTN
)-1) {
334 Index
= *TargetCpuIndex
;
335 if ((ProcessorSignature
== MicrocodeFmpPrivate
->ProcessorInfo
[Index
].ProcessorSignature
) &&
336 ((ProcessorFlags
& (1 << MicrocodeFmpPrivate
->ProcessorInfo
[Index
].PlatformId
)) != 0)) {
337 return &MicrocodeFmpPrivate
->ProcessorInfo
[Index
];
343 for (Index
= 0; Index
< MicrocodeFmpPrivate
->ProcessorCount
; Index
++) {
344 if ((ProcessorSignature
== MicrocodeFmpPrivate
->ProcessorInfo
[Index
].ProcessorSignature
) &&
345 ((ProcessorFlags
& (1 << MicrocodeFmpPrivate
->ProcessorInfo
[Index
].PlatformId
)) != 0)) {
346 *TargetCpuIndex
= Index
;
347 return &MicrocodeFmpPrivate
->ProcessorInfo
[Index
];
356 Caution: This function may receive untrusted input.
358 @param[in] MicrocodeFmpPrivate The Microcode driver private data
359 @param[in] Image The Microcode image buffer.
360 @param[in] ImageSize The size of Microcode image buffer in bytes.
361 @param[in] TryLoad Try to load Microcode or not.
362 @param[out] LastAttemptStatus The last attempt status, which will be recorded in ESRT and FMP EFI_FIRMWARE_IMAGE_DESCRIPTOR.
363 @param[out] AbortReason A pointer to a pointer to a null-terminated string providing more
364 details for the aborted operation. The buffer is allocated by this function
365 with AllocatePool(), and it is the caller's responsibility to free it with a
367 @param[in, out] TargetCpuIndex On input, the index of target CPU which tries to match the Microcode. (UINTN)-1 means to try all.
368 On output, the index of target CPU which matches the Microcode.
370 @retval EFI_SUCCESS The Microcode image passes verification.
371 @retval EFI_VOLUME_CORRUPTED The Microcode image is corrupt.
372 @retval EFI_INCOMPATIBLE_VERSION The Microcode image version is incorrect.
373 @retval EFI_UNSUPPORTED The Microcode ProcessorSignature or ProcessorFlags is incorrect.
374 @retval EFI_SECURITY_VIOLATION The Microcode image fails to load.
378 IN MICROCODE_FMP_PRIVATE_DATA
*MicrocodeFmpPrivate
,
382 OUT UINT32
*LastAttemptStatus
,
383 OUT CHAR16
**AbortReason
, OPTIONAL
384 IN OUT UINTN
*TargetCpuIndex
388 CPU_MICROCODE_HEADER
*MicrocodeEntryPoint
;
391 UINT32 CurrentRevision
;
392 PROCESSOR_INFO
*ProcessorInfo
;
394 UINTN ExtendedTableLength
;
395 UINT32 ExtendedTableCount
;
396 CPU_MICROCODE_EXTENDED_TABLE
*ExtendedTable
;
397 CPU_MICROCODE_EXTENDED_TABLE_HEADER
*ExtendedTableHeader
;
398 BOOLEAN CorrectMicrocode
;
401 // Check HeaderVersion
403 MicrocodeEntryPoint
= Image
;
404 if (MicrocodeEntryPoint
->HeaderVersion
!= 0x1) {
405 DEBUG((DEBUG_ERROR
, "VerifyMicrocode - fail on HeaderVersion\n"));
406 *LastAttemptStatus
= LAST_ATTEMPT_STATUS_ERROR_INVALID_FORMAT
;
407 if (AbortReason
!= NULL
) {
408 *AbortReason
= AllocateCopyPool(sizeof(L
"InvalidHeaderVersion"), L
"InvalidHeaderVersion");
410 return EFI_INCOMPATIBLE_VERSION
;
413 // Check LoaderRevision
415 if (MicrocodeEntryPoint
->LoaderRevision
!= 0x1) {
416 DEBUG((DEBUG_ERROR
, "VerifyMicrocode - fail on LoaderRevision\n"));
417 *LastAttemptStatus
= LAST_ATTEMPT_STATUS_ERROR_INVALID_FORMAT
;
418 if (AbortReason
!= NULL
) {
419 *AbortReason
= AllocateCopyPool(sizeof(L
"InvalidLoaderVersion"), L
"InvalidLoaderVersion");
421 return EFI_INCOMPATIBLE_VERSION
;
426 if (MicrocodeEntryPoint
->DataSize
== 0) {
429 TotalSize
= MicrocodeEntryPoint
->TotalSize
;
431 if (TotalSize
<= sizeof(CPU_MICROCODE_HEADER
)) {
432 DEBUG((DEBUG_ERROR
, "VerifyMicrocode - TotalSize too small\n"));
433 *LastAttemptStatus
= LAST_ATTEMPT_STATUS_ERROR_INVALID_FORMAT
;
434 if (AbortReason
!= NULL
) {
435 *AbortReason
= AllocateCopyPool(sizeof(L
"InvalidTotalSize"), L
"InvalidTotalSize");
437 return EFI_VOLUME_CORRUPTED
;
439 if ((TotalSize
& (SIZE_1KB
- 1)) != 0) {
440 DEBUG((DEBUG_ERROR
, "VerifyMicrocode - TotalSize is not multiples of 1024 bytes (1 KBytes)\n"));
441 *LastAttemptStatus
= LAST_ATTEMPT_STATUS_ERROR_INVALID_FORMAT
;
442 if (AbortReason
!= NULL
) {
443 *AbortReason
= AllocateCopyPool(sizeof(L
"InvalidTotalSize"), L
"InvalidTotalSize");
445 return EFI_VOLUME_CORRUPTED
;
447 if (TotalSize
!= ImageSize
) {
448 DEBUG((DEBUG_ERROR
, "VerifyMicrocode - TotalSize not equal to ImageSize\n"));
449 *LastAttemptStatus
= LAST_ATTEMPT_STATUS_ERROR_INVALID_FORMAT
;
450 if (AbortReason
!= NULL
) {
451 *AbortReason
= AllocateCopyPool(sizeof(L
"InvalidTotalSize"), L
"InvalidTotalSize");
453 return EFI_VOLUME_CORRUPTED
;
458 if (MicrocodeEntryPoint
->DataSize
== 0) {
459 DataSize
= 2048 - sizeof(CPU_MICROCODE_HEADER
);
461 DataSize
= MicrocodeEntryPoint
->DataSize
;
463 if (DataSize
> TotalSize
- sizeof(CPU_MICROCODE_HEADER
)) {
464 DEBUG((DEBUG_ERROR
, "VerifyMicrocode - DataSize too big\n"));
465 *LastAttemptStatus
= LAST_ATTEMPT_STATUS_ERROR_INVALID_FORMAT
;
466 if (AbortReason
!= NULL
) {
467 *AbortReason
= AllocateCopyPool(sizeof(L
"InvalidDataSize"), L
"InvalidDataSize");
469 return EFI_VOLUME_CORRUPTED
;
471 if ((DataSize
& 0x3) != 0) {
472 DEBUG((DEBUG_ERROR
, "VerifyMicrocode - DataSize is not multiples of DWORDs\n"));
473 *LastAttemptStatus
= LAST_ATTEMPT_STATUS_ERROR_INVALID_FORMAT
;
474 if (AbortReason
!= NULL
) {
475 *AbortReason
= AllocateCopyPool(sizeof(L
"InvalidDataSize"), L
"InvalidDataSize");
477 return EFI_VOLUME_CORRUPTED
;
482 CheckSum32
= CalculateSum32((UINT32
*)MicrocodeEntryPoint
, DataSize
+ sizeof(CPU_MICROCODE_HEADER
));
483 if (CheckSum32
!= 0) {
484 DEBUG((DEBUG_ERROR
, "VerifyMicrocode - fail on CheckSum32\n"));
485 *LastAttemptStatus
= LAST_ATTEMPT_STATUS_ERROR_INVALID_FORMAT
;
486 if (AbortReason
!= NULL
) {
487 *AbortReason
= AllocateCopyPool(sizeof(L
"InvalidChecksum"), L
"InvalidChecksum");
489 return EFI_VOLUME_CORRUPTED
;
493 // Check ProcessorSignature/ProcessorFlags
496 ProcessorInfo
= GetMatchedProcessor (MicrocodeFmpPrivate
, MicrocodeEntryPoint
->ProcessorSignature
.Uint32
, MicrocodeEntryPoint
->ProcessorFlags
, TargetCpuIndex
);
497 if (ProcessorInfo
== NULL
) {
498 CorrectMicrocode
= FALSE
;
499 ExtendedTableLength
= TotalSize
- (DataSize
+ sizeof(CPU_MICROCODE_HEADER
));
500 if (ExtendedTableLength
!= 0) {
502 // Extended Table exist, check if the CPU in support list
504 ExtendedTableHeader
= (CPU_MICROCODE_EXTENDED_TABLE_HEADER
*)((UINT8
*)(MicrocodeEntryPoint
) + DataSize
+ sizeof(CPU_MICROCODE_HEADER
));
506 // Calculate Extended Checksum
508 if ((ExtendedTableLength
> sizeof(CPU_MICROCODE_EXTENDED_TABLE_HEADER
)) && ((ExtendedTableLength
& 0x3) == 0)) {
509 CheckSum32
= CalculateSum32((UINT32
*)ExtendedTableHeader
, ExtendedTableLength
);
510 if (CheckSum32
!= 0) {
512 // Checksum incorrect
514 DEBUG((DEBUG_ERROR
, "VerifyMicrocode - The checksum for extended table is incorrect\n"));
519 ExtendedTableCount
= ExtendedTableHeader
->ExtendedSignatureCount
;
520 if (ExtendedTableCount
> (ExtendedTableLength
- sizeof(CPU_MICROCODE_EXTENDED_TABLE_HEADER
)) / sizeof(CPU_MICROCODE_EXTENDED_TABLE
)) {
521 DEBUG((DEBUG_ERROR
, "VerifyMicrocode - ExtendedTableCount too big\n"));
523 ExtendedTable
= (CPU_MICROCODE_EXTENDED_TABLE
*)(ExtendedTableHeader
+ 1);
524 for (Index
= 0; Index
< ExtendedTableCount
; Index
++) {
525 CheckSum32
= CalculateSum32((UINT32
*)ExtendedTable
, sizeof(CPU_MICROCODE_EXTENDED_TABLE
));
526 if (CheckSum32
!= 0) {
527 DEBUG((DEBUG_ERROR
, "VerifyMicrocode - The checksum for ExtendedTable entry with index 0x%x is incorrect\n", Index
));
532 ProcessorInfo
= GetMatchedProcessor (MicrocodeFmpPrivate
, ExtendedTable
->ProcessorSignature
.Uint32
, ExtendedTable
->ProcessorFlag
, TargetCpuIndex
);
533 if (ProcessorInfo
!= NULL
) {
537 CorrectMicrocode
= TRUE
;
547 if (!CorrectMicrocode
) {
549 DEBUG((DEBUG_ERROR
, "VerifyMicrocode - fail on Current ProcessorSignature/ProcessorFlags\n"));
551 *LastAttemptStatus
= LAST_ATTEMPT_STATUS_ERROR_INCORRECT_VERSION
;
552 if (AbortReason
!= NULL
) {
553 *AbortReason
= AllocateCopyPool(sizeof(L
"UnsupportedProcessSignature/ProcessorFlags"), L
"UnsupportedProcessSignature/ProcessorFlags");
555 return EFI_UNSUPPORTED
;
560 // Check UpdateRevision
562 CurrentRevision
= ProcessorInfo
->MicrocodeRevision
;
563 if ((MicrocodeEntryPoint
->UpdateRevision
< CurrentRevision
) ||
564 (TryLoad
&& (MicrocodeEntryPoint
->UpdateRevision
== CurrentRevision
))) {
566 DEBUG((DEBUG_ERROR
, "VerifyMicrocode - fail on UpdateRevision\n"));
568 *LastAttemptStatus
= LAST_ATTEMPT_STATUS_ERROR_INCORRECT_VERSION
;
569 if (AbortReason
!= NULL
) {
570 *AbortReason
= AllocateCopyPool(sizeof(L
"IncorrectRevision"), L
"IncorrectRevision");
572 return EFI_INCOMPATIBLE_VERSION
;
579 CurrentRevision
= LoadMicrocodeOnThis(MicrocodeFmpPrivate
, ProcessorInfo
->CpuIndex
, (UINTN
)MicrocodeEntryPoint
+ sizeof(CPU_MICROCODE_HEADER
));
580 if (MicrocodeEntryPoint
->UpdateRevision
!= CurrentRevision
) {
581 DEBUG((DEBUG_ERROR
, "VerifyMicrocode - fail on LoadMicrocode\n"));
582 *LastAttemptStatus
= LAST_ATTEMPT_STATUS_ERROR_AUTH_ERROR
;
583 if (AbortReason
!= NULL
) {
584 *AbortReason
= AllocateCopyPool(sizeof(L
"InvalidData"), L
"InvalidData");
586 return EFI_SECURITY_VIOLATION
;
594 Get next Microcode entrypoint.
596 @param[in] MicrocodeFmpPrivate The Microcode driver private data
597 @param[in] MicrocodeEntryPoint Current Microcode entrypoint
599 @return next Microcode entrypoint.
601 CPU_MICROCODE_HEADER
*
603 IN MICROCODE_FMP_PRIVATE_DATA
*MicrocodeFmpPrivate
,
604 IN CPU_MICROCODE_HEADER
*MicrocodeEntryPoint
609 for (Index
= 0; Index
< MicrocodeFmpPrivate
->DescriptorCount
; Index
++) {
610 if (MicrocodeEntryPoint
== MicrocodeFmpPrivate
->MicrocodeInfo
[Index
].MicrocodeEntryPoint
) {
611 if (Index
== (UINTN
)MicrocodeFmpPrivate
->DescriptorCount
- 1) {
616 return MicrocodeFmpPrivate
->MicrocodeInfo
[Index
+ 1].MicrocodeEntryPoint
;
626 Get current Microcode used region size.
628 @param[in] MicrocodeFmpPrivate The Microcode driver private data
630 @return current Microcode used region size.
633 GetCurrentMicrocodeUsedRegionSize (
634 IN MICROCODE_FMP_PRIVATE_DATA
*MicrocodeFmpPrivate
637 if (MicrocodeFmpPrivate
->DescriptorCount
== 0) {
641 return (UINTN
)MicrocodeFmpPrivate
->MicrocodeInfo
[MicrocodeFmpPrivate
->DescriptorCount
- 1].MicrocodeEntryPoint
642 + (UINTN
)MicrocodeFmpPrivate
->MicrocodeInfo
[MicrocodeFmpPrivate
->DescriptorCount
- 1].TotalSize
643 - (UINTN
)MicrocodeFmpPrivate
->MicrocodePatchAddress
;
649 @param[in] Address The flash address of Microcode.
650 @param[in] Image The Microcode image buffer.
651 @param[in] ImageSize The size of Microcode image buffer in bytes.
652 @param[out] LastAttemptStatus The last attempt status, which will be recorded in ESRT and FMP EFI_FIRMWARE_IMAGE_DESCRIPTOR.
654 @retval EFI_SUCCESS The Microcode image is updated.
655 @retval EFI_WRITE_PROTECTED The flash device is read only.
662 OUT UINT32
*LastAttemptStatus
667 DEBUG((DEBUG_INFO
, "PlatformUpdate:"));
668 DEBUG((DEBUG_INFO
, " Address - 0x%lx,", Address
));
669 DEBUG((DEBUG_INFO
, " Legnth - 0x%x\n", ImageSize
));
671 Status
= MicrocodeFlashWrite (
676 if (!EFI_ERROR(Status
)) {
677 *LastAttemptStatus
= LAST_ATTEMPT_STATUS_SUCCESS
;
679 *LastAttemptStatus
= LAST_ATTEMPT_STATUS_ERROR_UNSUCCESSFUL
;
685 Update Microcode flash region.
687 @param[in] MicrocodeFmpPrivate The Microcode driver private data
688 @param[in] TargetMicrocodeEntryPoint Target Microcode entrypoint to be updated
689 @param[in] Image The Microcode image buffer.
690 @param[in] ImageSize The size of Microcode image buffer in bytes.
691 @param[out] LastAttemptStatus The last attempt status, which will be recorded in ESRT and FMP EFI_FIRMWARE_IMAGE_DESCRIPTOR.
693 @retval EFI_SUCCESS The Microcode image is written.
694 @retval EFI_WRITE_PROTECTED The flash device is read only.
697 UpdateMicrocodeFlashRegion (
698 IN MICROCODE_FMP_PRIVATE_DATA
*MicrocodeFmpPrivate
,
699 IN CPU_MICROCODE_HEADER
*TargetMicrocodeEntryPoint
,
702 OUT UINT32
*LastAttemptStatus
705 VOID
*MicrocodePatchAddress
;
706 UINTN MicrocodePatchRegionSize
;
707 UINTN TargetTotalSize
;
708 UINTN UsedRegionSize
;
710 VOID
*MicrocodePatchScratchBuffer
;
711 UINT8
*ScratchBufferPtr
;
712 UINTN ScratchBufferSize
;
715 VOID
*NextMicrocodeEntryPoint
;
716 MICROCODE_INFO
*MicrocodeInfo
;
717 UINTN MicrocodeCount
;
720 DEBUG((DEBUG_INFO
, "UpdateMicrocodeFlashRegion: Image - 0x%x, size - 0x%x\n", Image
, ImageSize
));
722 MicrocodePatchAddress
= MicrocodeFmpPrivate
->MicrocodePatchAddress
;
723 MicrocodePatchRegionSize
= MicrocodeFmpPrivate
->MicrocodePatchRegionSize
;
725 MicrocodePatchScratchBuffer
= AllocateZeroPool (MicrocodePatchRegionSize
);
726 if (MicrocodePatchScratchBuffer
== NULL
) {
727 DEBUG((DEBUG_ERROR
, "Fail to allocate Microcode Scratch buffer\n"));
728 *LastAttemptStatus
= LAST_ATTEMPT_STATUS_ERROR_INSUFFICIENT_RESOURCES
;
729 return EFI_OUT_OF_RESOURCES
;
731 ScratchBufferPtr
= MicrocodePatchScratchBuffer
;
732 ScratchBufferSize
= 0;
735 // Target data collection
739 NextMicrocodeEntryPoint
= NULL
;
740 if (TargetMicrocodeEntryPoint
!= NULL
) {
741 if (TargetMicrocodeEntryPoint
->DataSize
== 0) {
742 TargetTotalSize
= 2048;
744 TargetTotalSize
= TargetMicrocodeEntryPoint
->TotalSize
;
746 DEBUG((DEBUG_INFO
, " TargetTotalSize - 0x%x\n", TargetTotalSize
));
747 NextMicrocodeEntryPoint
= GetNextMicrocode(MicrocodeFmpPrivate
, TargetMicrocodeEntryPoint
);
748 DEBUG((DEBUG_INFO
, " NextMicrocodeEntryPoint - 0x%x\n", NextMicrocodeEntryPoint
));
749 if (NextMicrocodeEntryPoint
!= NULL
) {
750 ASSERT ((UINTN
)NextMicrocodeEntryPoint
>= ((UINTN
)TargetMicrocodeEntryPoint
+ TargetTotalSize
));
751 AvailableSize
= (UINTN
)NextMicrocodeEntryPoint
- (UINTN
)TargetMicrocodeEntryPoint
;
753 AvailableSize
= (UINTN
)MicrocodePatchAddress
+ MicrocodePatchRegionSize
- (UINTN
)TargetMicrocodeEntryPoint
;
755 DEBUG((DEBUG_INFO
, " AvailableSize - 0x%x\n", AvailableSize
));
757 ASSERT (AvailableSize
>= TargetTotalSize
);
758 UsedRegionSize
= GetCurrentMicrocodeUsedRegionSize(MicrocodeFmpPrivate
);
759 DEBUG((DEBUG_INFO
, " UsedRegionSize - 0x%x\n", UsedRegionSize
));
760 ASSERT (UsedRegionSize
>= TargetTotalSize
);
761 if (TargetMicrocodeEntryPoint
!= NULL
) {
762 ASSERT ((UINTN
)MicrocodePatchAddress
+ UsedRegionSize
>= ((UINTN
)TargetMicrocodeEntryPoint
+ TargetTotalSize
));
765 // Total Size means the Microcode data size.
766 // Available Size means the Microcode data size plus the pad till (1) next Microcode or (2) the end.
769 // +------+-----------+-----+------+===================+
770 // | MCU1 | Microcode | PAD | MCU2 | Empty |
771 // +------+-----------+-----+------+===================+
773 // |<-AvailableSize->|
774 // |<- UsedRegionSize ->|
777 // +------+-----------+===================+
778 // | MCU | Microcode | Empty |
779 // +------+-----------+===================+
781 // |<- AvailableSize ->|
782 // |<-UsedRegionSize->|
786 // Update based on policy
790 // 1. If there is enough space to update old one in situ, replace old microcode in situ.
792 if (AvailableSize
>= ImageSize
) {
793 DEBUG((DEBUG_INFO
, "Replace old microcode in situ\n"));
795 // +------+------------+------+===================+
796 // |Other1| Old Image |Other2| Empty |
797 // +------+------------+------+===================+
799 // +------+---------+--+------+===================+
800 // |Other1|New Image|FF|Other2| Empty |
801 // +------+---------+--+------+===================+
803 // 1.1. Copy new image
804 CopyMem (ScratchBufferPtr
, Image
, ImageSize
);
805 ScratchBufferSize
+= ImageSize
;
806 ScratchBufferPtr
= (UINT8
*)MicrocodePatchScratchBuffer
+ ScratchBufferSize
;
808 RestSize
= AvailableSize
- ImageSize
;
810 SetMem (ScratchBufferPtr
, RestSize
, 0xFF);
811 ScratchBufferSize
+= RestSize
;
812 ScratchBufferPtr
= (UINT8
*)MicrocodePatchScratchBuffer
+ ScratchBufferSize
;
814 Status
= UpdateMicrocode((UINTN
)TargetMicrocodeEntryPoint
, MicrocodePatchScratchBuffer
, ScratchBufferSize
, LastAttemptStatus
);
819 // 2. If there is enough space to remove old one and add new one, reorg and replace old microcode.
821 if (MicrocodePatchRegionSize
- (UsedRegionSize
- TargetTotalSize
) >= ImageSize
) {
822 if (TargetMicrocodeEntryPoint
== NULL
) {
823 DEBUG((DEBUG_INFO
, "Append new microcode\n"));
825 // +------+------------+------+===================+
826 // |Other1| Other |Other2| Empty |
827 // +------+------------+------+===================+
829 // +------+------------+------+-----------+=======+
830 // |Other1| Other |Other2| New Image | Empty |
831 // +------+------------+------+-----------+=======+
833 Status
= UpdateMicrocode((UINTN
)MicrocodePatchAddress
+ UsedRegionSize
, Image
, ImageSize
, LastAttemptStatus
);
835 DEBUG((DEBUG_INFO
, "Reorg and replace old microcode\n"));
837 // +------+------------+------+===================+
838 // |Other1| Old Image |Other2| Empty |
839 // +------+------------+------+===================+
841 // +------+---------------+------+================+
842 // |Other1| New Image |Other2| Empty |
843 // +------+---------------+------+================+
845 // 2.1. Copy new image
846 CopyMem (ScratchBufferPtr
, Image
, ImageSize
);
847 ScratchBufferSize
+= ImageSize
;
848 ScratchBufferPtr
= (UINT8
*)MicrocodePatchScratchBuffer
+ ScratchBufferSize
;
849 // 2.2. Copy rest images after the old image.
850 if (NextMicrocodeEntryPoint
!= 0) {
851 RestSize
= (UINTN
)MicrocodePatchAddress
+ UsedRegionSize
- ((UINTN
)NextMicrocodeEntryPoint
);
852 CopyMem (ScratchBufferPtr
, (UINT8
*)TargetMicrocodeEntryPoint
+ TargetTotalSize
, RestSize
);
853 ScratchBufferSize
+= RestSize
;
854 ScratchBufferPtr
= (UINT8
*)MicrocodePatchScratchBuffer
+ ScratchBufferSize
;
856 Status
= UpdateMicrocode((UINTN
)TargetMicrocodeEntryPoint
, MicrocodePatchScratchBuffer
, ScratchBufferSize
, LastAttemptStatus
);
862 // 3. The new image can be put in MCU region, but not all others can be put.
863 // So all the unused MCU is removed.
865 if (MicrocodePatchRegionSize
>= ImageSize
) {
867 // +------+------------+------+===================+
868 // |Other1| Old Image |Other2| Empty |
869 // +------+------------+------+===================+
871 // +-------------------------------------+--------+
872 // | New Image | Other |
873 // +-------------------------------------+--------+
875 DEBUG((DEBUG_INFO
, "Add new microcode from beginning\n"));
877 MicrocodeCount
= MicrocodeFmpPrivate
->DescriptorCount
;
878 MicrocodeInfo
= MicrocodeFmpPrivate
->MicrocodeInfo
;
880 // 3.1. Copy new image
881 CopyMem (ScratchBufferPtr
, Image
, ImageSize
);
882 ScratchBufferSize
+= ImageSize
;
883 ScratchBufferPtr
= (UINT8
*)MicrocodePatchScratchBuffer
+ ScratchBufferSize
;
884 // 3.2. Copy some others to rest buffer
885 for (Index
= 0; Index
< MicrocodeCount
; Index
++) {
886 if (!MicrocodeInfo
[Index
].InUse
) {
889 if (MicrocodeInfo
[Index
].MicrocodeEntryPoint
== TargetMicrocodeEntryPoint
) {
892 if (MicrocodeInfo
[Index
].TotalSize
<= MicrocodePatchRegionSize
- ScratchBufferSize
) {
893 CopyMem (ScratchBufferPtr
, MicrocodeInfo
[Index
].MicrocodeEntryPoint
, MicrocodeInfo
[Index
].TotalSize
);
894 ScratchBufferSize
+= MicrocodeInfo
[Index
].TotalSize
;
895 ScratchBufferPtr
= (UINT8
*)MicrocodePatchScratchBuffer
+ ScratchBufferSize
;
899 RestSize
= MicrocodePatchRegionSize
- ScratchBufferSize
;
901 SetMem (ScratchBufferPtr
, RestSize
, 0xFF);
902 ScratchBufferSize
+= RestSize
;
903 ScratchBufferPtr
= (UINT8
*)MicrocodePatchScratchBuffer
+ ScratchBufferSize
;
905 Status
= UpdateMicrocode((UINTN
)MicrocodePatchAddress
, MicrocodePatchScratchBuffer
, ScratchBufferSize
, LastAttemptStatus
);
910 // 4. The new image size is bigger than the whole MCU region.
912 DEBUG((DEBUG_ERROR
, "Microcode too big\n"));
913 *LastAttemptStatus
= LAST_ATTEMPT_STATUS_ERROR_INSUFFICIENT_RESOURCES
;
914 Status
= EFI_OUT_OF_RESOURCES
;
922 Caution: This function may receive untrusted input.
924 @param[in] MicrocodeFmpPrivate The Microcode driver private data
925 @param[in] Image The Microcode image buffer.
926 @param[in] ImageSize The size of Microcode image buffer in bytes.
927 @param[out] LastAttemptVersion The last attempt version, which will be recorded in ESRT and FMP EFI_FIRMWARE_IMAGE_DESCRIPTOR.
928 @param[out] LastAttemptStatus The last attempt status, which will be recorded in ESRT and FMP EFI_FIRMWARE_IMAGE_DESCRIPTOR.
929 @param[out] AbortReason A pointer to a pointer to a null-terminated string providing more
930 details for the aborted operation. The buffer is allocated by this function
931 with AllocatePool(), and it is the caller's responsibility to free it with a
934 @retval EFI_SUCCESS The Microcode image is written.
935 @retval EFI_VOLUME_CORRUPTED The Microcode image is corrupt.
936 @retval EFI_INCOMPATIBLE_VERSION The Microcode image version is incorrect.
937 @retval EFI_SECURITY_VIOLATION The Microcode image fails to load.
938 @retval EFI_WRITE_PROTECTED The flash device is read only.
942 IN MICROCODE_FMP_PRIVATE_DATA
*MicrocodeFmpPrivate
,
945 OUT UINT32
*LastAttemptVersion
,
946 OUT UINT32
*LastAttemptStatus
,
947 OUT CHAR16
**AbortReason
952 CPU_MICROCODE_HEADER
*TargetMicrocodeEntryPoint
;
953 UINTN TargetCpuIndex
;
954 UINTN TargetMicrcodeIndex
;
957 // MCU must be 16 bytes aligned
959 AlignedImage
= AllocateCopyPool(ImageSize
, Image
);
960 if (AlignedImage
== NULL
) {
961 DEBUG((DEBUG_ERROR
, "Fail to allocate aligned image\n"));
962 *LastAttemptStatus
= LAST_ATTEMPT_STATUS_ERROR_INSUFFICIENT_RESOURCES
;
963 return EFI_OUT_OF_RESOURCES
;
966 *LastAttemptVersion
= ((CPU_MICROCODE_HEADER
*)Image
)->UpdateRevision
;
967 TargetCpuIndex
= (UINTN
)-1;
968 Status
= VerifyMicrocode(MicrocodeFmpPrivate
, AlignedImage
, ImageSize
, TRUE
, LastAttemptStatus
, AbortReason
, &TargetCpuIndex
);
969 if (EFI_ERROR(Status
)) {
970 DEBUG((DEBUG_ERROR
, "Fail to verify Microcode Region\n"));
971 FreePool(AlignedImage
);
974 DEBUG((DEBUG_INFO
, "Pass VerifyMicrocode\n"));
976 DEBUG((DEBUG_INFO
, " TargetCpuIndex - 0x%x\n", TargetCpuIndex
));
977 ASSERT (TargetCpuIndex
< MicrocodeFmpPrivate
->ProcessorCount
);
978 TargetMicrcodeIndex
= MicrocodeFmpPrivate
->ProcessorInfo
[TargetCpuIndex
].MicrocodeIndex
;
979 DEBUG((DEBUG_INFO
, " TargetMicrcodeIndex - 0x%x\n", TargetMicrcodeIndex
));
980 if (TargetMicrcodeIndex
!= (UINTN
)-1) {
981 ASSERT (TargetMicrcodeIndex
< MicrocodeFmpPrivate
->DescriptorCount
);
982 TargetMicrocodeEntryPoint
= MicrocodeFmpPrivate
->MicrocodeInfo
[TargetMicrcodeIndex
].MicrocodeEntryPoint
;
984 TargetMicrocodeEntryPoint
= NULL
;
986 DEBUG((DEBUG_INFO
, " TargetMicrocodeEntryPoint - 0x%x\n", TargetMicrocodeEntryPoint
));
988 Status
= UpdateMicrocodeFlashRegion(
990 TargetMicrocodeEntryPoint
,
996 FreePool(AlignedImage
);