9dc306324e627fe590ad3fb95f620ff73baaa941
[mirror_edk2.git] / IntelSiliconPkg / Feature / Capsule / MicrocodeUpdateDxe / MicrocodeUpdate.h
1 /** @file
2 Microcode update header file.
3
4 Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
5 This program and the accompanying materials
6 are licensed and made available under the terms and conditions of the BSD License
7 which accompanies this distribution. The full text of the license may be found at
8 http://opensource.org/licenses/bsd-license.php
9
10 THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
11 WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
12
13 **/
14
15 #ifndef _MICROCODE_FMP_H_
16 #define _MICROCODE_FMP_H_
17
18 #include <PiDxe.h>
19
20 #include <Guid/SystemResourceTable.h>
21 #include <Guid/MicrocodeFmp.h>
22
23 #include <Protocol/FirmwareManagement.h>
24 #include <Protocol/MpService.h>
25
26 #include <Library/BaseLib.h>
27 #include <Library/BaseMemoryLib.h>
28 #include <Library/DebugLib.h>
29 #include <Library/MemoryAllocationLib.h>
30 #include <Library/PcdLib.h>
31 #include <Library/UefiBootServicesTableLib.h>
32 #include <Library/UefiLib.h>
33 #include <Library/UefiRuntimeServicesTableLib.h>
34 #include <Library/UefiDriverEntryPoint.h>
35 #include <Library/DevicePathLib.h>
36 #include <Library/HobLib.h>
37 #include <Library/MicrocodeFlashAccessLib.h>
38
39 #include <Register/Cpuid.h>
40 #include <Register/Msr.h>
41 #include <Register/Microcode.h>
42
43 #define MICROCODE_FMP_PRIVATE_DATA_SIGNATURE SIGNATURE_32('M', 'C', 'U', 'F')
44
45 //
46 // Microcode FMP private data structure.
47 //
48
49 typedef struct {
50 UINT32 LastAttemptVersion;
51 UINT32 LastAttemptStatus;
52 } MICROCODE_FMP_LAST_ATTEMPT_VARIABLE;
53
54 typedef struct {
55 CPU_MICROCODE_HEADER *MicrocodeEntryPoint;
56 UINTN TotalSize;
57 BOOLEAN InUse;
58 } MICROCODE_INFO;
59
60 typedef struct {
61 UINTN CpuIndex;
62 UINT32 ProcessorSignature;
63 UINT8 PlatformId;
64 UINT32 MicrocodeRevision;
65 UINTN MicrocodeIndex;
66 } PROCESSOR_INFO;
67
68 typedef struct {
69 UINT64 Address;
70 UINT32 Revision;
71 } MICROCODE_LOAD_BUFFER;
72
73 struct _MICROCODE_FMP_PRIVATE_DATA {
74 UINT32 Signature;
75 EFI_FIRMWARE_MANAGEMENT_PROTOCOL Fmp;
76 EFI_HANDLE Handle;
77 VOID *MicrocodePatchAddress;
78 UINTN MicrocodePatchRegionSize;
79 UINT8 DescriptorCount;
80 EFI_FIRMWARE_IMAGE_DESCRIPTOR *ImageDescriptor;
81 MICROCODE_INFO *MicrocodeInfo;
82 UINT32 PackageVersion;
83 CHAR16 *PackageVersionName;
84 MICROCODE_FMP_LAST_ATTEMPT_VARIABLE LastAttempt;
85 EFI_MP_SERVICES_PROTOCOL *MpService;
86 UINTN BspIndex;
87 UINTN ProcessorCount;
88 PROCESSOR_INFO *ProcessorInfo;
89 };
90
91 typedef struct _MICROCODE_FMP_PRIVATE_DATA MICROCODE_FMP_PRIVATE_DATA;
92
93 #define MICROCODE_FMP_LAST_ATTEMPT_VARIABLE_NAME L"MicrocodeLastAttempVar"
94
95 /**
96 Returns a pointer to the MICROCODE_FMP_PRIVATE_DATA structure from the input a as Fmp.
97
98 If the signatures matches, then a pointer to the data structure that contains
99 a specified field of that data structure is returned.
100
101 @param a Pointer to the field specified by ServiceBinding within
102 a data structure of type MICROCODE_FMP_PRIVATE_DATA.
103
104 **/
105 #define MICROCODE_FMP_PRIVATE_DATA_FROM_FMP(a) \
106 CR ( \
107 (a), \
108 MICROCODE_FMP_PRIVATE_DATA, \
109 Fmp, \
110 MICROCODE_FMP_PRIVATE_DATA_SIGNATURE \
111 )
112
113 /**
114 Get Microcode Region.
115
116 @param[out] MicrocodePatchAddress The address of Microcode
117 @param[out] MicrocodePatchRegionSize The region size of Microcode
118
119 @retval TRUE The Microcode region is returned.
120 @retval FALSE No Microcode region.
121 **/
122 BOOLEAN
123 GetMicrocodeRegion (
124 OUT VOID **MicrocodePatchAddress,
125 OUT UINTN *MicrocodePatchRegionSize
126 );
127
128 /**
129 Collect processor information.
130 The function prototype for invoking a function on an Application Processor.
131
132 @param[in,out] Buffer The pointer to private data buffer.
133 **/
134 VOID
135 EFIAPI
136 CollectProcessorInfo (
137 IN OUT VOID *Buffer
138 );
139
140 /**
141 Get current Microcode information.
142
143 The ProcessorInformation (BspIndex/ProcessorCount/ProcessorInfo)
144 in MicrocodeFmpPrivate must be initialized.
145
146 The MicrocodeInformation (DescriptorCount/ImageDescriptor/MicrocodeInfo)
147 in MicrocodeFmpPrivate may not be avaiable in this function.
148
149 @param[in] MicrocodeFmpPrivate The Microcode driver private data
150 @param[in] DescriptorCount The count of Microcode ImageDescriptor allocated.
151 @param[out] ImageDescriptor Microcode ImageDescriptor
152 @param[out] MicrocodeInfo Microcode information
153
154 @return Microcode count
155 **/
156 UINTN
157 GetMicrocodeInfo (
158 IN MICROCODE_FMP_PRIVATE_DATA *MicrocodeFmpPrivate,
159 IN UINTN DescriptorCount, OPTIONAL
160 OUT EFI_FIRMWARE_IMAGE_DESCRIPTOR *ImageDescriptor, OPTIONAL
161 OUT MICROCODE_INFO *MicrocodeInfo OPTIONAL
162 );
163
164 /**
165 Verify Microcode.
166
167 Caution: This function may receive untrusted input.
168
169 @param[in] MicrocodeFmpPrivate The Microcode driver private data
170 @param[in] Image The Microcode image buffer.
171 @param[in] ImageSize The size of Microcode image buffer in bytes.
172 @param[in] TryLoad Try to load Microcode or not.
173 @param[out] LastAttemptStatus The last attempt status, which will be recorded in ESRT and FMP EFI_FIRMWARE_IMAGE_DESCRIPTOR.
174 @param[out] AbortReason A pointer to a pointer to a null-terminated string providing more
175 details for the aborted operation. The buffer is allocated by this function
176 with AllocatePool(), and it is the caller's responsibility to free it with a
177 call to FreePool().
178 @param[in, out] TargetCpuIndex On input, the index of target CPU which tries to match the Microcode. (UINTN)-1 means to try all.
179 On output, the index of target CPU which matches the Microcode.
180
181 @retval EFI_SUCCESS The Microcode image passes verification.
182 @retval EFI_VOLUME_CORRUPTED The Microcode image is corrupt.
183 @retval EFI_INCOMPATIBLE_VERSION The Microcode image version is incorrect.
184 @retval EFI_UNSUPPORTED The Microcode ProcessorSignature or ProcessorFlags is incorrect.
185 @retval EFI_SECURITY_VIOLATION The Microcode image fails to load.
186 **/
187 EFI_STATUS
188 VerifyMicrocode (
189 IN MICROCODE_FMP_PRIVATE_DATA *MicrocodeFmpPrivate,
190 IN VOID *Image,
191 IN UINTN ImageSize,
192 IN BOOLEAN TryLoad,
193 OUT UINT32 *LastAttemptStatus,
194 OUT CHAR16 **AbortReason, OPTIONAL
195 IN OUT UINTN *TargetCpuIndex OPTIONAL
196 );
197
198 /**
199 Write Microcode.
200
201 @param[in] MicrocodeFmpPrivate The Microcode driver private data
202 @param[in] Image The Microcode image buffer.
203 @param[in] ImageSize The size of Microcode image buffer in bytes.
204 @param[out] LastAttemptVersion The last attempt version, which will be recorded in ESRT and FMP EFI_FIRMWARE_IMAGE_DESCRIPTOR.
205 @param[out] LastAttemptStatus The last attempt status, which will be recorded in ESRT and FMP EFI_FIRMWARE_IMAGE_DESCRIPTOR.
206 @param[out] AbortReason A pointer to a pointer to a null-terminated string providing more
207 details for the aborted operation. The buffer is allocated by this function
208 with AllocatePool(), and it is the caller's responsibility to free it with a
209 call to FreePool().
210
211 @retval EFI_SUCCESS The Microcode image is written.
212 @retval EFI_VOLUME_CORRUPTED The Microcode image is corrupt.
213 @retval EFI_INCOMPATIBLE_VERSION The Microcode image version is incorrect.
214 @retval EFI_SECURITY_VIOLATION The Microcode image fails to load.
215 @retval EFI_WRITE_PROTECTED The flash device is read only.
216 **/
217 EFI_STATUS
218 MicrocodeWrite (
219 IN MICROCODE_FMP_PRIVATE_DATA *MicrocodeFmpPrivate,
220 IN VOID *Image,
221 IN UINTN ImageSize,
222 OUT UINT32 *LastAttemptVersion,
223 OUT UINT32 *LastAttemptStatus,
224 OUT CHAR16 **AbortReason
225 );
226
227 /**
228 Dump private information.
229
230 @param[in] MicrocodeFmpPrivate private data structure.
231 **/
232 VOID
233 DumpPrivateInfo (
234 IN MICROCODE_FMP_PRIVATE_DATA *MicrocodeFmpPrivate
235 );
236
237 /**
238 Returns information about the current firmware image(s) of the device.
239
240 This function allows a copy of the current firmware image to be created and saved.
241 The saved copy could later been used, for example, in firmware image recovery or rollback.
242
243 @param[in] This A pointer to the EFI_FIRMWARE_MANAGEMENT_PROTOCOL instance.
244 @param[in, out] ImageInfoSize A pointer to the size, in bytes, of the ImageInfo buffer.
245 On input, this is the size of the buffer allocated by the caller.
246 On output, it is the size of the buffer returned by the firmware
247 if the buffer was large enough, or the size of the buffer needed
248 to contain the image(s) information if the buffer was too small.
249 @param[in, out] ImageInfo A pointer to the buffer in which firmware places the current image(s)
250 information. The information is an array of EFI_FIRMWARE_IMAGE_DESCRIPTORs.
251 @param[out] DescriptorVersion A pointer to the location in which firmware returns the version number
252 associated with the EFI_FIRMWARE_IMAGE_DESCRIPTOR.
253 @param[out] DescriptorCount A pointer to the location in which firmware returns the number of
254 descriptors or firmware images within this device.
255 @param[out] DescriptorSize A pointer to the location in which firmware returns the size, in bytes,
256 of an individual EFI_FIRMWARE_IMAGE_DESCRIPTOR.
257 @param[out] PackageVersion A version number that represents all the firmware images in the device.
258 The format is vendor specific and new version must have a greater value
259 than the old version. If PackageVersion is not supported, the value is
260 0xFFFFFFFF. A value of 0xFFFFFFFE indicates that package version comparison
261 is to be performed using PackageVersionName. A value of 0xFFFFFFFD indicates
262 that package version update is in progress.
263 @param[out] PackageVersionName A pointer to a pointer to a null-terminated string representing the
264 package version name. The buffer is allocated by this function with
265 AllocatePool(), and it is the caller's responsibility to free it with a call
266 to FreePool().
267
268 @retval EFI_SUCCESS The device was successfully updated with the new image.
269 @retval EFI_BUFFER_TOO_SMALL The ImageInfo buffer was too small. The current buffer size
270 needed to hold the image(s) information is returned in ImageInfoSize.
271 @retval EFI_INVALID_PARAMETER ImageInfoSize is NULL.
272 @retval EFI_DEVICE_ERROR Valid information could not be returned. Possible corrupted image.
273
274 **/
275 EFI_STATUS
276 EFIAPI
277 FmpGetImageInfo (
278 IN EFI_FIRMWARE_MANAGEMENT_PROTOCOL *This,
279 IN OUT UINTN *ImageInfoSize,
280 IN OUT EFI_FIRMWARE_IMAGE_DESCRIPTOR *ImageInfo,
281 OUT UINT32 *DescriptorVersion,
282 OUT UINT8 *DescriptorCount,
283 OUT UINTN *DescriptorSize,
284 OUT UINT32 *PackageVersion,
285 OUT CHAR16 **PackageVersionName
286 );
287
288 /**
289 Retrieves a copy of the current firmware image of the device.
290
291 This function allows a copy of the current firmware image to be created and saved.
292 The saved copy could later been used, for example, in firmware image recovery or rollback.
293
294 @param[in] This A pointer to the EFI_FIRMWARE_MANAGEMENT_PROTOCOL instance.
295 @param[in] ImageIndex A unique number identifying the firmware image(s) within the device.
296 The number is between 1 and DescriptorCount.
297 @param[in,out] Image Points to the buffer where the current image is copied to.
298 @param[in,out] ImageSize On entry, points to the size of the buffer pointed to by Image, in bytes.
299 On return, points to the length of the image, in bytes.
300
301 @retval EFI_SUCCESS The device was successfully updated with the new image.
302 @retval EFI_BUFFER_TOO_SMALL The buffer specified by ImageSize is too small to hold the
303 image. The current buffer size needed to hold the image is returned
304 in ImageSize.
305 @retval EFI_INVALID_PARAMETER The Image was NULL.
306 @retval EFI_NOT_FOUND The current image is not copied to the buffer.
307 @retval EFI_UNSUPPORTED The operation is not supported.
308 @retval EFI_SECURITY_VIOLATIO The operation could not be performed due to an authentication failure.
309
310 **/
311 EFI_STATUS
312 EFIAPI
313 FmpGetImage (
314 IN EFI_FIRMWARE_MANAGEMENT_PROTOCOL *This,
315 IN UINT8 ImageIndex,
316 IN OUT VOID *Image,
317 IN OUT UINTN *ImageSize
318 );
319
320 /**
321 Updates the firmware image of the device.
322
323 This function updates the hardware with the new firmware image.
324 This function returns EFI_UNSUPPORTED if the firmware image is not updatable.
325 If the firmware image is updatable, the function should perform the following minimal validations
326 before proceeding to do the firmware image update.
327 - Validate the image authentication if image has attribute
328 IMAGE_ATTRIBUTE_AUTHENTICATION_REQUIRED. The function returns
329 EFI_SECURITY_VIOLATION if the validation fails.
330 - Validate the image is a supported image for this device. The function returns EFI_ABORTED if
331 the image is unsupported. The function can optionally provide more detailed information on
332 why the image is not a supported image.
333 - Validate the data from VendorCode if not null. Image validation must be performed before
334 VendorCode data validation. VendorCode data is ignored or considered invalid if image
335 validation failed. The function returns EFI_ABORTED if the data is invalid.
336
337 VendorCode enables vendor to implement vendor-specific firmware image update policy. Null if
338 the caller did not specify the policy or use the default policy. As an example, vendor can implement
339 a policy to allow an option to force a firmware image update when the abort reason is due to the new
340 firmware image version is older than the current firmware image version or bad image checksum.
341 Sensitive operations such as those wiping the entire firmware image and render the device to be
342 non-functional should be encoded in the image itself rather than passed with the VendorCode.
343 AbortReason enables vendor to have the option to provide a more detailed description of the abort
344 reason to the caller.
345
346 @param[in] This A pointer to the EFI_FIRMWARE_MANAGEMENT_PROTOCOL instance.
347 @param[in] ImageIndex A unique number identifying the firmware image(s) within the device.
348 The number is between 1 and DescriptorCount.
349 @param[in] Image Points to the new image.
350 @param[in] ImageSize Size of the new image in bytes.
351 @param[in] VendorCode This enables vendor to implement vendor-specific firmware image update policy.
352 Null indicates the caller did not specify the policy or use the default policy.
353 @param[in] Progress A function used by the driver to report the progress of the firmware update.
354 @param[out] AbortReason A pointer to a pointer to a null-terminated string providing more
355 details for the aborted operation. The buffer is allocated by this function
356 with AllocatePool(), and it is the caller's responsibility to free it with a
357 call to FreePool().
358
359 @retval EFI_SUCCESS The device was successfully updated with the new image.
360 @retval EFI_ABORTED The operation is aborted.
361 @retval EFI_INVALID_PARAMETER The Image was NULL.
362 @retval EFI_UNSUPPORTED The operation is not supported.
363 @retval EFI_SECURITY_VIOLATIO The operation could not be performed due to an authentication failure.
364
365 **/
366 EFI_STATUS
367 EFIAPI
368 FmpSetImage (
369 IN EFI_FIRMWARE_MANAGEMENT_PROTOCOL *This,
370 IN UINT8 ImageIndex,
371 IN CONST VOID *Image,
372 IN UINTN ImageSize,
373 IN CONST VOID *VendorCode,
374 IN EFI_FIRMWARE_MANAGEMENT_UPDATE_IMAGE_PROGRESS Progress,
375 OUT CHAR16 **AbortReason
376 );
377
378 /**
379 Checks if the firmware image is valid for the device.
380
381 This function allows firmware update application to validate the firmware image without
382 invoking the SetImage() first.
383
384 @param[in] This A pointer to the EFI_FIRMWARE_MANAGEMENT_PROTOCOL instance.
385 @param[in] ImageIndex A unique number identifying the firmware image(s) within the device.
386 The number is between 1 and DescriptorCount.
387 @param[in] Image Points to the new image.
388 @param[in] ImageSize Size of the new image in bytes.
389 @param[out] ImageUpdatable Indicates if the new image is valid for update. It also provides,
390 if available, additional information if the image is invalid.
391
392 @retval EFI_SUCCESS The image was successfully checked.
393 @retval EFI_INVALID_PARAMETER The Image was NULL.
394 @retval EFI_UNSUPPORTED The operation is not supported.
395 @retval EFI_SECURITY_VIOLATIO The operation could not be performed due to an authentication failure.
396
397 **/
398 EFI_STATUS
399 EFIAPI
400 FmpCheckImage (
401 IN EFI_FIRMWARE_MANAGEMENT_PROTOCOL *This,
402 IN UINT8 ImageIndex,
403 IN CONST VOID *Image,
404 IN UINTN ImageSize,
405 OUT UINT32 *ImageUpdatable
406 );
407
408 /**
409 Returns information about the firmware package.
410
411 This function returns package information.
412
413 @param[in] This A pointer to the EFI_FIRMWARE_MANAGEMENT_PROTOCOL instance.
414 @param[out] PackageVersion A version number that represents all the firmware images in the device.
415 The format is vendor specific and new version must have a greater value
416 than the old version. If PackageVersion is not supported, the value is
417 0xFFFFFFFF. A value of 0xFFFFFFFE indicates that package version
418 comparison is to be performed using PackageVersionName. A value of
419 0xFFFFFFFD indicates that package version update is in progress.
420 @param[out] PackageVersionName A pointer to a pointer to a null-terminated string representing
421 the package version name. The buffer is allocated by this function with
422 AllocatePool(), and it is the caller's responsibility to free it with a
423 call to FreePool().
424 @param[out] PackageVersionNameMaxLen The maximum length of package version name if device supports update of
425 package version name. A value of 0 indicates the device does not support
426 update of package version name. Length is the number of Unicode characters,
427 including the terminating null character.
428 @param[out] AttributesSupported Package attributes that are supported by this device. See 'Package Attribute
429 Definitions' for possible returned values of this parameter. A value of 1
430 indicates the attribute is supported and the current setting value is
431 indicated in AttributesSetting. A value of 0 indicates the attribute is not
432 supported and the current setting value in AttributesSetting is meaningless.
433 @param[out] AttributesSetting Package attributes. See 'Package Attribute Definitions' for possible returned
434 values of this parameter
435
436 @retval EFI_SUCCESS The package information was successfully returned.
437 @retval EFI_UNSUPPORTED The operation is not supported.
438
439 **/
440 EFI_STATUS
441 EFIAPI
442 FmpGetPackageInfo (
443 IN EFI_FIRMWARE_MANAGEMENT_PROTOCOL *This,
444 OUT UINT32 *PackageVersion,
445 OUT CHAR16 **PackageVersionName,
446 OUT UINT32 *PackageVersionNameMaxLen,
447 OUT UINT64 *AttributesSupported,
448 OUT UINT64 *AttributesSetting
449 );
450
451 /**
452 Updates information about the firmware package.
453
454 This function updates package information.
455 This function returns EFI_UNSUPPORTED if the package information is not updatable.
456 VendorCode enables vendor to implement vendor-specific package information update policy.
457 Null if the caller did not specify this policy or use the default policy.
458
459 @param[in] This A pointer to the EFI_FIRMWARE_MANAGEMENT_PROTOCOL instance.
460 @param[in] Image Points to the authentication image.
461 Null if authentication is not required.
462 @param[in] ImageSize Size of the authentication image in bytes.
463 0 if authentication is not required.
464 @param[in] VendorCode This enables vendor to implement vendor-specific firmware
465 image update policy.
466 Null indicates the caller did not specify this policy or use
467 the default policy.
468 @param[in] PackageVersion The new package version.
469 @param[in] PackageVersionName A pointer to the new null-terminated Unicode string representing
470 the package version name.
471 The string length is equal to or less than the value returned in
472 PackageVersionNameMaxLen.
473
474 @retval EFI_SUCCESS The device was successfully updated with the new package
475 information.
476 @retval EFI_INVALID_PARAMETER The PackageVersionName length is longer than the value
477 returned in PackageVersionNameMaxLen.
478 @retval EFI_UNSUPPORTED The operation is not supported.
479 @retval EFI_SECURITY_VIOLATIO The operation could not be performed due to an authentication failure.
480
481 **/
482 EFI_STATUS
483 EFIAPI
484 FmpSetPackageInfo (
485 IN EFI_FIRMWARE_MANAGEMENT_PROTOCOL *This,
486 IN CONST VOID *Image,
487 IN UINTN ImageSize,
488 IN CONST VOID *VendorCode,
489 IN UINT32 PackageVersion,
490 IN CONST CHAR16 *PackageVersionName
491 );
492
493 #endif
494