]> git.proxmox.com Git - mirror_edk2.git/blob - MdeModulePkg/Library/DxeCapsuleLibFmp/DxeCapsuleProcessLib.c
projects / mirror_edk2.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
MdeModulePkg/DxeCapsuleLibFmp: Add progress bar support
[mirror_edk2.git] / MdeModulePkg / Library / DxeCapsuleLibFmp / DxeCapsuleProcessLib.c
1 /** @file
2 DXE capsule process.
3
4 Caution: This module requires additional review when modified.
5 This module will have external input - capsule image.
6 This external input must be validated carefully to avoid security issue like
7 buffer overflow, integer overflow.
8
9 ProcessCapsules(), ProcessTheseCapsules() will receive untrusted
10 input and do basic validation.
11
12 Copyright (c) 2016 - 2018, Intel Corporation. All rights reserved.<BR>
13 This program and the accompanying materials
14 are licensed and made available under the terms and conditions of the BSD License
15 which accompanies this distribution. The full text of the license may be found at
16 http://opensource.org/licenses/bsd-license.php
17
18 THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
19 WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
20
21 **/
22
23 #include <PiDxe.h>
24 #include <Protocol/EsrtManagement.h>
25 #include <Protocol/FirmwareManagementProgress.h>
26
27 #include <Library/BaseLib.h>
28 #include <Library/DebugLib.h>
29 #include <Library/BaseMemoryLib.h>
30 #include <Library/UefiBootServicesTableLib.h>
31 #include <Library/UefiRuntimeServicesTableLib.h>
32 #include <Library/MemoryAllocationLib.h>
33 #include <Library/UefiLib.h>
34 #include <Library/PcdLib.h>
35 #include <Library/HobLib.h>
36 #include <Library/ReportStatusCodeLib.h>
37 #include <Library/CapsuleLib.h>
38 #include <Library/DisplayUpdateProgressLib.h>
39
40 #include <IndustryStandard/WindowsUxCapsule.h>
41
42 extern EDKII_FIRMWARE_MANAGEMENT_PROGRESS_PROTOCOL *mFmpProgress;
43
44 /**
45 Return if this FMP is a system FMP or a device FMP, based upon CapsuleHeader.
46
47 @param[in] CapsuleHeader A pointer to EFI_CAPSULE_HEADER
48
49 @retval TRUE It is a system FMP.
50 @retval FALSE It is a device FMP.
51 **/
52 BOOLEAN
53 IsFmpCapsule (
54 IN EFI_CAPSULE_HEADER *CapsuleHeader
55 );
56
57 /**
58 Validate Fmp capsules layout.
59
60 Caution: This function may receive untrusted input.
61
62 This function assumes the caller validated the capsule by using
63 IsValidCapsuleHeader(), so that all fields in EFI_CAPSULE_HEADER are correct.
64 The capsule buffer size is CapsuleHeader->CapsuleImageSize.
65
66 This function validates the fields in EFI_FIRMWARE_MANAGEMENT_CAPSULE_HEADER
67 and EFI_FIRMWARE_MANAGEMENT_CAPSULE_IMAGE_HEADER.
68
69 This function need support nested FMP capsule.
70
71 @param[in] CapsuleHeader Points to a capsule header.
72 @param[out] EmbeddedDriverCount The EmbeddedDriverCount in the FMP capsule.
73
74 @retval EFI_SUCESS Input capsule is a correct FMP capsule.
75 @retval EFI_INVALID_PARAMETER Input capsule is not a correct FMP capsule.
76 **/
77 EFI_STATUS
78 ValidateFmpCapsule (
79 IN EFI_CAPSULE_HEADER *CapsuleHeader,
80 OUT UINT16 *EmbeddedDriverCount OPTIONAL
81 );
82
83 /**
84 Validate if it is valid capsule header
85
86 This function assumes the caller provided correct CapsuleHeader pointer
87 and CapsuleSize.
88
89 This function validates the fields in EFI_CAPSULE_HEADER.
90
91 @param[in] CapsuleHeader Points to a capsule header.
92 @param[in] CapsuleSize Size of the whole capsule image.
93
94 **/
95 BOOLEAN
96 IsValidCapsuleHeader (
97 IN EFI_CAPSULE_HEADER *CapsuleHeader,
98 IN UINT64 CapsuleSize
99 );
100
101 extern BOOLEAN mDxeCapsuleLibEndOfDxe;
102 BOOLEAN mNeedReset;
103
104 VOID **mCapsulePtr;
105 EFI_STATUS *mCapsuleStatusArray;
106 UINT32 mCapsuleTotalNumber;
107
108 /**
109 Function indicate the current completion progress of the firmware
110 update. Platform may override with own specific progress function.
111
112 @param[in] Completion A value between 1 and 100 indicating the current
113 completion progress of the firmware update
114
115 @retval EFI_SUCESS The capsule update progress was updated.
116 @retval EFI_INVALID_PARAMETER Completion is greater than 100%.
117 **/
118 EFI_STATUS
119 EFIAPI
120 UpdateImageProgress (
121 IN UINTN Completion
122 )
123 {
124 EFI_STATUS Status;
125 UINTN Seconds;
126 EFI_GRAPHICS_OUTPUT_BLT_PIXEL_UNION *Color;
127
128 DEBUG((DEBUG_INFO, "Update Progress - %d%%\n", Completion));
129
130 if (Completion > 100) {
131 return EFI_INVALID_PARAMETER;
132 }
133
134 //
135 // Use a default timeout of 5 minutes if there is not FMP Progress Protocol.
136 //
137 Seconds = 5 * 60;
138 Color = NULL;
139 if (mFmpProgress != NULL) {
140 Seconds = mFmpProgress->WatchdogSeconds;
141 Color = &mFmpProgress->ProgressBarForegroundColor;
142 }
143
144 //
145 // Cancel the watchdog timer
146 //
147 gBS->SetWatchdogTimer (0, 0x0000, 0, NULL);
148
149 if (Completion != 100) {
150 //
151 // Arm the watchdog timer from PCD setting
152 //
153 if (Seconds != 0) {
154 DEBUG ((DEBUG_VERBOSE, "Arm watchdog timer %d seconds\n", Seconds));
155 gBS->SetWatchdogTimer (Seconds, 0x0000, 0, NULL);
156 }
157 }
158
159 Status = DisplayUpdateProgress (Completion, Color);
160
161 return Status;
162 }
163
164 /**
165 This function initializes the mCapsulePtr, mCapsuleStatusArray and mCapsuleTotalNumber.
166 **/
167 VOID
168 InitCapsulePtr (
169 VOID
170 )
171 {
172 EFI_PEI_HOB_POINTERS HobPointer;
173 UINTN Index;
174
175 //
176 // Find all capsule images from hob
177 //
178 HobPointer.Raw = GetHobList ();
179 while ((HobPointer.Raw = GetNextHob (EFI_HOB_TYPE_UEFI_CAPSULE, HobPointer.Raw)) != NULL) {
180 if (!IsValidCapsuleHeader((VOID *)(UINTN)HobPointer.Capsule->BaseAddress, HobPointer.Capsule->Length)) {
181 HobPointer.Header->HobType = EFI_HOB_TYPE_UNUSED; // Mark this hob as invalid
182 } else {
183 mCapsuleTotalNumber++;
184 }
185 HobPointer.Raw = GET_NEXT_HOB (HobPointer);
186 }
187
188 DEBUG ((DEBUG_INFO, "mCapsuleTotalNumber - 0x%x\n", mCapsuleTotalNumber));
189
190 if (mCapsuleTotalNumber == 0) {
191 return ;
192 }
193
194 //
195 // Init temp Capsule Data table.
196 //
197 mCapsulePtr = (VOID **) AllocateZeroPool (sizeof (VOID *) * mCapsuleTotalNumber);
198 if (mCapsulePtr == NULL) {
199 DEBUG ((DEBUG_ERROR, "Allocate mCapsulePtr fail!\n"));
200 mCapsuleTotalNumber = 0;
201 return ;
202 }
203 mCapsuleStatusArray = (EFI_STATUS *) AllocateZeroPool (sizeof (EFI_STATUS) * mCapsuleTotalNumber);
204 if (mCapsuleStatusArray == NULL) {
205 DEBUG ((DEBUG_ERROR, "Allocate mCapsuleStatusArray fail!\n"));
206 FreePool (mCapsulePtr);
207 mCapsulePtr = NULL;
208 mCapsuleTotalNumber = 0;
209 return ;
210 }
211 SetMemN (mCapsuleStatusArray, sizeof (EFI_STATUS) * mCapsuleTotalNumber, EFI_NOT_READY);
212
213 //
214 // Find all capsule images from hob
215 //
216 HobPointer.Raw = GetHobList ();
217 Index = 0;
218 while ((HobPointer.Raw = GetNextHob (EFI_HOB_TYPE_UEFI_CAPSULE, HobPointer.Raw)) != NULL) {
219 mCapsulePtr [Index++] = (VOID *) (UINTN) HobPointer.Capsule->BaseAddress;
220 HobPointer.Raw = GET_NEXT_HOB (HobPointer);
221 }
222 }
223
224 /**
225 This function returns if all capsule images are processed.
226
227 @retval TRUE All capsule images are processed.
228 @retval FALSE Not all capsule images are processed.
229 **/
230 BOOLEAN
231 AreAllImagesProcessed (
232 VOID
233 )
234 {
235 UINTN Index;
236
237 for (Index = 0; Index < mCapsuleTotalNumber; Index++) {
238 if (mCapsuleStatusArray[Index] == EFI_NOT_READY) {
239 return FALSE;
240 }
241 }
242
243 return TRUE;
244 }
245
246 /**
247 This function populates capsule in the configuration table.
248 **/
249 VOID
250 PopulateCapsuleInConfigurationTable (
251 VOID
252 )
253 {
254 VOID **CapsulePtrCache;
255 EFI_GUID *CapsuleGuidCache;
256 EFI_CAPSULE_HEADER *CapsuleHeader;
257 EFI_CAPSULE_TABLE *CapsuleTable;
258 UINT32 CacheIndex;
259 UINT32 CacheNumber;
260 UINT32 CapsuleNumber;
261 UINTN Index;
262 UINTN Size;
263 EFI_STATUS Status;
264
265 if (mCapsuleTotalNumber == 0) {
266 return ;
267 }
268
269 CapsulePtrCache = NULL;
270 CapsuleGuidCache = NULL;
271 CacheIndex = 0;
272 CacheNumber = 0;
273
274 CapsulePtrCache = (VOID **) AllocateZeroPool (sizeof (VOID *) * mCapsuleTotalNumber);
275 if (CapsulePtrCache == NULL) {
276 DEBUG ((DEBUG_ERROR, "Allocate CapsulePtrCache fail!\n"));
277 return ;
278 }
279 CapsuleGuidCache = (EFI_GUID *) AllocateZeroPool (sizeof (EFI_GUID) * mCapsuleTotalNumber);
280 if (CapsuleGuidCache == NULL) {
281 DEBUG ((DEBUG_ERROR, "Allocate CapsuleGuidCache fail!\n"));
282 FreePool (CapsulePtrCache);
283 return ;
284 }
285
286 //
287 // Capsules who have CAPSULE_FLAGS_POPULATE_SYSTEM_TABLE always are used for operating
288 // System to have information persist across a system reset. EFI System Table must
289 // point to an array of capsules that contains the same CapsuleGuid value. And agents
290 // searching for this type capsule will look in EFI System Table and search for the
291 // capsule's Guid and associated pointer to retrieve the data. Two steps below describes
292 // how to sorting the capsules by the unique guid and install the array to EFI System Table.
293 // Firstly, Loop for all coalesced capsules, record unique CapsuleGuids and cache them in an
294 // array for later sorting capsules by CapsuleGuid.
295 //
296 for (Index = 0; Index < mCapsuleTotalNumber; Index++) {
297 CapsuleHeader = (EFI_CAPSULE_HEADER*) mCapsulePtr [Index];
298 if ((CapsuleHeader->Flags & CAPSULE_FLAGS_POPULATE_SYSTEM_TABLE) != 0) {
299 //
300 // For each capsule, we compare it with known CapsuleGuid in the CacheArray.
301 // If already has the Guid, skip it. Whereas, record it in the CacheArray as
302 // an additional one.
303 //
304 CacheIndex = 0;
305 while (CacheIndex < CacheNumber) {
306 if (CompareGuid(&CapsuleGuidCache[CacheIndex],&CapsuleHeader->CapsuleGuid)) {
307 break;
308 }
309 CacheIndex++;
310 }
311 if (CacheIndex == CacheNumber) {
312 CopyMem(&CapsuleGuidCache[CacheNumber++],&CapsuleHeader->CapsuleGuid,sizeof(EFI_GUID));
313 }
314 }
315 }
316
317 //
318 // Secondly, for each unique CapsuleGuid in CacheArray, gather all coalesced capsules
319 // whose guid is the same as it, and malloc memory for an array which preceding
320 // with UINT32. The array fills with entry point of capsules that have the same
321 // CapsuleGuid, and UINT32 represents the size of the array of capsules. Then install
322 // this array into EFI System Table, so that agents searching for this type capsule
323 // will look in EFI System Table and search for the capsule's Guid and associated
324 // pointer to retrieve the data.
325 //
326 for (CacheIndex = 0; CacheIndex < CacheNumber; CacheIndex++) {
327 CapsuleNumber = 0;
328 for (Index = 0; Index < mCapsuleTotalNumber; Index++) {
329 CapsuleHeader = (EFI_CAPSULE_HEADER*) mCapsulePtr [Index];
330 if ((CapsuleHeader->Flags & CAPSULE_FLAGS_POPULATE_SYSTEM_TABLE) != 0) {
331 if (CompareGuid (&CapsuleGuidCache[CacheIndex], &CapsuleHeader->CapsuleGuid)) {
332 //
333 // Cache Caspuleheader to the array, this array is uniqued with certain CapsuleGuid.
334 //
335 CapsulePtrCache[CapsuleNumber++] = (VOID*)CapsuleHeader;
336 }
337 }
338 }
339 if (CapsuleNumber != 0) {
340 Size = sizeof(EFI_CAPSULE_TABLE) + (CapsuleNumber - 1) * sizeof(VOID*);
341 CapsuleTable = AllocateRuntimePool (Size);
342 if (CapsuleTable == NULL) {
343 DEBUG ((DEBUG_ERROR, "Allocate CapsuleTable (%g) fail!\n", &CapsuleGuidCache[CacheIndex]));
344 continue;
345 }
346 CapsuleTable->CapsuleArrayNumber = CapsuleNumber;
347 CopyMem(&CapsuleTable->CapsulePtr[0], CapsulePtrCache, CapsuleNumber * sizeof(VOID*));
348 Status = gBS->InstallConfigurationTable (&CapsuleGuidCache[CacheIndex], (VOID*)CapsuleTable);
349 if (EFI_ERROR (Status)) {
350 DEBUG ((DEBUG_ERROR, "InstallConfigurationTable (%g) fail!\n", &CapsuleGuidCache[CacheIndex]));
351 }
352 }
353 }
354
355 FreePool(CapsuleGuidCache);
356 FreePool(CapsulePtrCache);
357 }
358
359 /**
360
361 This routine is called to process capsules.
362
363 Caution: This function may receive untrusted input.
364
365 Each individual capsule result is recorded in capsule record variable.
366
367 @param[in] FirstRound TRUE: First round. Need skip the FMP capsules with non zero EmbeddedDriverCount.
368 FALSE: Process rest FMP capsules.
369
370 @retval EFI_SUCCESS There is no error when processing capsules.
371 @retval EFI_OUT_OF_RESOURCES No enough resource to process capsules.
372
373 **/
374 EFI_STATUS
375 ProcessTheseCapsules (
376 IN BOOLEAN FirstRound
377 )
378 {
379 EFI_STATUS Status;
380 EFI_CAPSULE_HEADER *CapsuleHeader;
381 UINT32 Index;
382 ESRT_MANAGEMENT_PROTOCOL *EsrtManagement;
383 UINT16 EmbeddedDriverCount;
384
385 REPORT_STATUS_CODE(EFI_PROGRESS_CODE, (EFI_SOFTWARE | PcdGet32(PcdStatusCodeSubClassCapsule) | PcdGet32(PcdCapsuleStatusCodeProcessCapsulesBegin)));
386
387 if (FirstRound) {
388 InitCapsulePtr ();
389 }
390
391 if (mCapsuleTotalNumber == 0) {
392 //
393 // We didn't find a hob, so had no errors.
394 //
395 DEBUG ((DEBUG_ERROR, "We can not find capsule data in capsule update boot mode.\n"));
396 return EFI_SUCCESS;
397 }
398
399 if (AreAllImagesProcessed ()) {
400 return EFI_SUCCESS;
401 }
402
403 //
404 // Check the capsule flags,if contains CAPSULE_FLAGS_POPULATE_SYSTEM_TABLE, install
405 // capsuleTable to configure table with EFI_CAPSULE_GUID
406 //
407 if (FirstRound) {
408 PopulateCapsuleInConfigurationTable ();
409 }
410
411 REPORT_STATUS_CODE(EFI_PROGRESS_CODE, (EFI_SOFTWARE | PcdGet32(PcdStatusCodeSubClassCapsule) | PcdGet32(PcdCapsuleStatusCodeUpdatingFirmware)));
412
413 //
414 // If Windows UX capsule exist, process it first
415 //
416 for (Index = 0; Index < mCapsuleTotalNumber; Index++) {
417 CapsuleHeader = (EFI_CAPSULE_HEADER*) mCapsulePtr [Index];
418 if (CompareGuid (&CapsuleHeader->CapsuleGuid, &gWindowsUxCapsuleGuid)) {
419 DEBUG ((DEBUG_INFO, "ProcessCapsuleImage (Ux) - 0x%x\n", CapsuleHeader));
420 DEBUG ((DEBUG_INFO, "Display logo capsule is found.\n"));
421 Status = ProcessCapsuleImage (CapsuleHeader);
422 mCapsuleStatusArray [Index] = EFI_SUCCESS;
423 DEBUG((DEBUG_INFO, "ProcessCapsuleImage (Ux) - %r\n", Status));
424 break;
425 }
426 }
427
428 DEBUG ((DEBUG_INFO, "Updating the firmware ......\n"));
429
430 //
431 // All capsules left are recognized by platform.
432 //
433 for (Index = 0; Index < mCapsuleTotalNumber; Index++) {
434 if (mCapsuleStatusArray [Index] != EFI_NOT_READY) {
435 // already processed
436 continue;
437 }
438 CapsuleHeader = (EFI_CAPSULE_HEADER*) mCapsulePtr [Index];
439 if (!CompareGuid (&CapsuleHeader->CapsuleGuid, &gWindowsUxCapsuleGuid)) {
440 //
441 // Call capsule library to process capsule image.
442 //
443 EmbeddedDriverCount = 0;
444 if (IsFmpCapsule(CapsuleHeader)) {
445 Status = ValidateFmpCapsule (CapsuleHeader, &EmbeddedDriverCount);
446 if (EFI_ERROR(Status)) {
447 DEBUG((DEBUG_ERROR, "ValidateFmpCapsule failed. Ignore!\n"));
448 mCapsuleStatusArray [Index] = EFI_ABORTED;
449 continue;
450 }
451 } else {
452 mCapsuleStatusArray [Index] = EFI_ABORTED;
453 continue;
454 }
455
456 if ((!FirstRound) || (EmbeddedDriverCount == 0)) {
457 DEBUG((DEBUG_INFO, "ProcessCapsuleImage - 0x%x\n", CapsuleHeader));
458 Status = ProcessCapsuleImage (CapsuleHeader);
459 mCapsuleStatusArray [Index] = Status;
460 DEBUG((DEBUG_INFO, "ProcessCapsuleImage - %r\n", Status));
461
462 if (Status != EFI_NOT_READY) {
463 if (EFI_ERROR(Status)) {
464 REPORT_STATUS_CODE(EFI_ERROR_CODE, (EFI_SOFTWARE | PcdGet32(PcdStatusCodeSubClassCapsule) | PcdGet32(PcdCapsuleStatusCodeUpdateFirmwareFailed)));
465 DEBUG ((DEBUG_ERROR, "Capsule process failed!\n"));
466 } else {
467 REPORT_STATUS_CODE(EFI_PROGRESS_CODE, (EFI_SOFTWARE | PcdGet32(PcdStatusCodeSubClassCapsule) | PcdGet32(PcdCapsuleStatusCodeUpdateFirmwareSuccess)));
468 }
469
470 if ((CapsuleHeader->Flags & PcdGet16(PcdSystemRebootAfterCapsuleProcessFlag)) != 0 ||
471 IsFmpCapsule(CapsuleHeader)) {
472 mNeedReset = TRUE;
473 }
474 }
475 }
476 }
477 }
478
479 Status = gBS->LocateProtocol(&gEsrtManagementProtocolGuid, NULL, (VOID **)&EsrtManagement);
480 //
481 // Always sync ESRT Cache from FMP Instance
482 //
483 if (!EFI_ERROR(Status)) {
484 EsrtManagement->SyncEsrtFmp();
485 }
486 Status = EFI_SUCCESS;
487
488 REPORT_STATUS_CODE(EFI_PROGRESS_CODE, (EFI_SOFTWARE | PcdGet32(PcdStatusCodeSubClassCapsule) | PcdGet32(PcdCapsuleStatusCodeProcessCapsulesEnd)));
489
490 return Status;
491 }
492
493 /**
494 Do reset system.
495 **/
496 VOID
497 DoResetSystem (
498 VOID
499 )
500 {
501 DEBUG((DEBUG_INFO, "Capsule Request Cold Reboot."));
502
503 REPORT_STATUS_CODE(EFI_PROGRESS_CODE, (EFI_SOFTWARE | PcdGet32(PcdStatusCodeSubClassCapsule) | PcdGet32(PcdCapsuleStatusCodeResettingSystem)));
504
505 gRT->ResetSystem(EfiResetCold, EFI_SUCCESS, 0, NULL);
506
507 CpuDeadLoop();
508 }
509
510 /**
511
512 This routine is called to process capsules.
513
514 Caution: This function may receive untrusted input.
515
516 The capsules reported in EFI_HOB_UEFI_CAPSULE are processed.
517 If there is no EFI_HOB_UEFI_CAPSULE, this routine does nothing.
518
519 This routine should be called twice in BDS.
520 1) The first call must be before EndOfDxe. The system capsules is processed.
521 If device capsule FMP protocols are exposted at this time and device FMP
522 capsule has zero EmbeddedDriverCount, the device capsules are processed.
523 Each individual capsule result is recorded in capsule record variable.
524 System may reset in this function, if reset is required by capsule and
525 all capsules are processed.
526 If not all capsules are processed, reset will be defered to second call.
527
528 2) The second call must be after EndOfDxe and after ConnectAll, so that all
529 device capsule FMP protocols are exposed.
530 The system capsules are skipped. If the device capsules are NOT processed
531 in first call, they are processed here.
532 Each individual capsule result is recorded in capsule record variable.
533 System may reset in this function, if reset is required by capsule
534 processed in first call and second call.
535
536 @retval EFI_SUCCESS There is no error when processing capsules.
537 @retval EFI_OUT_OF_RESOURCES No enough resource to process capsules.
538
539 **/
540 EFI_STATUS
541 EFIAPI
542 ProcessCapsules (
543 VOID
544 )
545 {
546 EFI_STATUS Status;
547
548 if (!mDxeCapsuleLibEndOfDxe) {
549 Status = ProcessTheseCapsules(TRUE);
550
551 //
552 // Reboot System if and only if all capsule processed.
553 // If not, defer reset to 2nd process.
554 //
555 if (mNeedReset && AreAllImagesProcessed()) {
556 DoResetSystem();
557 }
558 } else {
559 Status = ProcessTheseCapsules(FALSE);
560 //
561 // Reboot System if required after all capsule processed
562 //
563 if (mNeedReset) {
564 DoResetSystem();
565 }
566 }
567 return Status;
568 }
EFI Development Kit II mirror for PVE