]> git.proxmox.com Git - mirror_edk2.git/blob - MdeModulePkg/Library/DxeCapsuleLibFmp/DxeCapsuleProcessLib.c
projects / mirror_edk2.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
MdeModulePkg/DxeCapsuleLibFmp: Add DxeCapsuleLibFmp instance.
[mirror_edk2.git] / MdeModulePkg / Library / DxeCapsuleLibFmp / DxeCapsuleProcessLib.c
1 /** @file
2 DXE capsule process.
3
4 Caution: This module requires additional review when modified.
5 This module will have external input - capsule image.
6 This external input must be validated carefully to avoid security issue like
7 buffer overflow, integer overflow.
8
9 ProcessCapsules(), ProcessTheseCapsules() will receive untrusted
10 input and do basic validation.
11
12 Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
13 This program and the accompanying materials
14 are licensed and made available under the terms and conditions of the BSD License
15 which accompanies this distribution. The full text of the license may be found at
16 http://opensource.org/licenses/bsd-license.php
17
18 THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
19 WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
20
21 **/
22
23 #include <PiDxe.h>
24 #include <Protocol/EsrtManagement.h>
25
26 #include <Library/BaseLib.h>
27 #include <Library/DebugLib.h>
28 #include <Library/BaseMemoryLib.h>
29 #include <Library/UefiBootServicesTableLib.h>
30 #include <Library/UefiRuntimeServicesTableLib.h>
31 #include <Library/MemoryAllocationLib.h>
32 #include <Library/UefiLib.h>
33 #include <Library/PcdLib.h>
34 #include <Library/HobLib.h>
35 #include <Library/ReportStatusCodeLib.h>
36 #include <Library/CapsuleLib.h>
37
38 #include <IndustryStandard/WindowsUxCapsule.h>
39
40 /**
41 Return if this FMP is a system FMP or a device FMP, based upon CapsuleHeader.
42
43 @param[in] CapsuleHeader A pointer to EFI_CAPSULE_HEADER
44
45 @retval TRUE It is a system FMP.
46 @retval FALSE It is a device FMP.
47 **/
48 BOOLEAN
49 IsFmpCapsule (
50 IN EFI_CAPSULE_HEADER *CapsuleHeader
51 );
52
53 /**
54 Validate Fmp capsules layout.
55
56 Caution: This function may receive untrusted input.
57
58 This function assumes the caller validated the capsule by using
59 IsValidCapsuleHeader(), so that all fields in EFI_CAPSULE_HEADER are correct.
60 The capsule buffer size is CapsuleHeader->CapsuleImageSize.
61
62 This function validates the fields in EFI_FIRMWARE_MANAGEMENT_CAPSULE_HEADER
63 and EFI_FIRMWARE_MANAGEMENT_CAPSULE_IMAGE_HEADER.
64
65 This function need support nested FMP capsule.
66
67 @param[in] CapsuleHeader Points to a capsule header.
68 @param[out] EmbeddedDriverCount The EmbeddedDriverCount in the FMP capsule.
69
70 @retval EFI_SUCESS Input capsule is a correct FMP capsule.
71 @retval EFI_INVALID_PARAMETER Input capsule is not a correct FMP capsule.
72 **/
73 EFI_STATUS
74 ValidateFmpCapsule (
75 IN EFI_CAPSULE_HEADER *CapsuleHeader,
76 OUT UINT16 *EmbeddedDriverCount OPTIONAL
77 );
78
79 /**
80 Validate if it is valid capsule header
81
82 This function assumes the caller provided correct CapsuleHeader pointer
83 and CapsuleSize.
84
85 This function validates the fields in EFI_CAPSULE_HEADER.
86
87 @param[in] CapsuleHeader Points to a capsule header.
88 @param[in] CapsuleSize Size of the whole capsule image.
89
90 **/
91 BOOLEAN
92 IsValidCapsuleHeader (
93 IN EFI_CAPSULE_HEADER *CapsuleHeader,
94 IN UINT64 CapsuleSize
95 );
96
97 extern BOOLEAN mDxeCapsuleLibEndOfDxe;
98 extern BOOLEAN mAreAllImagesProcessed;
99 BOOLEAN mNeedReset;
100
101 /**
102
103 This routine is called to process capsules.
104
105 Caution: This function may receive untrusted input.
106
107 Each individual capsule result is recorded in capsule record variable.
108
109 @param[in] NeedBlockDriver TRUE: Need skip the FMP capsules with non zero EmbeddedDriverCount.
110 FALSE: No need to skip any FMP capsules.
111
112 @retval EFI_SUCCESS There is no error when processing capsules.
113 @retval EFI_OUT_OF_RESOURCES No enough resource to process capsules.
114
115 **/
116 EFI_STATUS
117 ProcessTheseCapsules (
118 IN BOOLEAN NeedBlockDriver
119 )
120 {
121 EFI_STATUS Status;
122 EFI_PEI_HOB_POINTERS HobPointer;
123 EFI_CAPSULE_HEADER *CapsuleHeader;
124 UINT32 Size;
125 UINT32 CapsuleNumber;
126 UINT32 CapsuleTotalNumber;
127 EFI_CAPSULE_TABLE *CapsuleTable;
128 UINT32 Index;
129 UINT32 CacheIndex;
130 UINT32 CacheNumber;
131 VOID **CapsulePtr;
132 VOID **CapsulePtrCache;
133 EFI_GUID *CapsuleGuidCache;
134 EFI_STATUS *CapsuleStatusArray;
135 BOOLEAN DisplayCapsuleExist;
136 ESRT_MANAGEMENT_PROTOCOL *EsrtManagement;
137 UINT16 EmbeddedDriverCount;
138
139 REPORT_STATUS_CODE(EFI_PROGRESS_CODE, (EFI_SOFTWARE | PcdGet32(PcdStatusCodeSubClassCapsule) | PcdGet32(PcdCapsuleStatusCodeProcessCapsulesBegin)));
140
141 CapsuleNumber = 0;
142 CapsuleTotalNumber = 0;
143 CacheIndex = 0;
144 CacheNumber = 0;
145 CapsulePtr = NULL;
146 CapsulePtrCache = NULL;
147 CapsuleGuidCache = NULL;
148 DisplayCapsuleExist = FALSE;
149 EsrtManagement = NULL;
150
151 Status = EFI_SUCCESS;
152 //
153 // Find all capsule images from hob
154 //
155 HobPointer.Raw = GetHobList ();
156 while ((HobPointer.Raw = GetNextHob (EFI_HOB_TYPE_UEFI_CAPSULE, HobPointer.Raw)) != NULL) {
157 if (!IsValidCapsuleHeader((VOID *)(UINTN)HobPointer.Capsule->BaseAddress, HobPointer.Capsule->Length)) {
158 HobPointer.Header->HobType = EFI_HOB_TYPE_UNUSED; // Mark this hob as invalid
159 } else {
160 CapsuleTotalNumber++;
161 }
162 HobPointer.Raw = GET_NEXT_HOB (HobPointer);
163 }
164
165 if (CapsuleTotalNumber == 0) {
166 //
167 // We didn't find a hob, so had no errors.
168 //
169 DEBUG ((DEBUG_ERROR, "We can not find capsule data in capsule update boot mode.\n"));
170 Status = EFI_SUCCESS;
171 goto Done;
172 }
173
174 //
175 // Init temp Capsule Data table.
176 //
177 CapsulePtr = (VOID **) AllocateZeroPool (sizeof (VOID *) * CapsuleTotalNumber);
178 ASSERT (CapsulePtr != NULL);
179 if (CapsulePtr == NULL) {
180 Status = EFI_OUT_OF_RESOURCES;
181 goto Done;
182 }
183 CapsulePtrCache = (VOID **) AllocateZeroPool (sizeof (VOID *) * CapsuleTotalNumber);
184 ASSERT (CapsulePtrCache != NULL);
185 if (CapsulePtrCache == NULL) {
186 Status = EFI_OUT_OF_RESOURCES;
187 goto Done;
188 }
189 CapsuleGuidCache = (EFI_GUID *) AllocateZeroPool (sizeof (EFI_GUID) * CapsuleTotalNumber);
190 ASSERT (CapsuleGuidCache != NULL);
191 if (CapsuleGuidCache == NULL) {
192 Status = EFI_OUT_OF_RESOURCES;
193 goto Done;
194 }
195 CapsuleStatusArray = (EFI_STATUS *) AllocateZeroPool (sizeof (EFI_STATUS) * CapsuleTotalNumber);
196 ASSERT (CapsuleStatusArray != NULL);
197 if (CapsuleStatusArray == NULL) {
198 Status = EFI_OUT_OF_RESOURCES;
199 goto Done;
200 }
201
202 //
203 // Find all capsule images from hob
204 //
205 HobPointer.Raw = GetHobList ();
206 while ((HobPointer.Raw = GetNextHob (EFI_HOB_TYPE_UEFI_CAPSULE, HobPointer.Raw)) != NULL) {
207 CapsulePtr [CapsuleNumber++] = (VOID *) (UINTN) HobPointer.Capsule->BaseAddress;
208 HobPointer.Raw = GET_NEXT_HOB (HobPointer);
209 }
210
211 //
212 // Check the capsule flags,if contains CAPSULE_FLAGS_POPULATE_SYSTEM_TABLE, install
213 // capsuleTable to configure table with EFI_CAPSULE_GUID
214 //
215
216 //
217 // Capsules who have CAPSULE_FLAGS_POPULATE_SYSTEM_TABLE always are used for operating
218 // System to have information persist across a system reset. EFI System Table must
219 // point to an array of capsules that contains the same CapsuleGuid value. And agents
220 // searching for this type capsule will look in EFI System Table and search for the
221 // capsule's Guid and associated pointer to retrieve the data. Two steps below describes
222 // how to sorting the capsules by the unique guid and install the array to EFI System Table.
223 // Firstly, Loop for all coalesced capsules, record unique CapsuleGuids and cache them in an
224 // array for later sorting capsules by CapsuleGuid.
225 //
226 for (Index = 0; Index < CapsuleTotalNumber; Index++) {
227 CapsuleStatusArray [Index] = EFI_UNSUPPORTED;
228 CapsuleHeader = (EFI_CAPSULE_HEADER*) CapsulePtr [Index];
229 if ((CapsuleHeader->Flags & CAPSULE_FLAGS_POPULATE_SYSTEM_TABLE) != 0) {
230 //
231 // For each capsule, we compare it with known CapsuleGuid in the CacheArray.
232 // If already has the Guid, skip it. Whereas, record it in the CacheArray as
233 // an additional one.
234 //
235 CacheIndex = 0;
236 while (CacheIndex < CacheNumber) {
237 if (CompareGuid(&CapsuleGuidCache[CacheIndex],&CapsuleHeader->CapsuleGuid)) {
238 break;
239 }
240 CacheIndex++;
241 }
242 if (CacheIndex == CacheNumber) {
243 CopyMem(&CapsuleGuidCache[CacheNumber++],&CapsuleHeader->CapsuleGuid,sizeof(EFI_GUID));
244 }
245 }
246 }
247
248 //
249 // Secondly, for each unique CapsuleGuid in CacheArray, gather all coalesced capsules
250 // whose guid is the same as it, and malloc memory for an array which preceding
251 // with UINT32. The array fills with entry point of capsules that have the same
252 // CapsuleGuid, and UINT32 represents the size of the array of capsules. Then install
253 // this array into EFI System Table, so that agents searching for this type capsule
254 // will look in EFI System Table and search for the capsule's Guid and associated
255 // pointer to retrieve the data.
256 //
257 CacheIndex = 0;
258 while (CacheIndex < CacheNumber) {
259 CapsuleNumber = 0;
260 for (Index = 0; Index < CapsuleTotalNumber; Index++) {
261 CapsuleHeader = (EFI_CAPSULE_HEADER*) CapsulePtr [Index];
262 if ((CapsuleHeader->Flags & CAPSULE_FLAGS_POPULATE_SYSTEM_TABLE) != 0) {
263 if (CompareGuid (&CapsuleGuidCache[CacheIndex], &CapsuleHeader->CapsuleGuid)) {
264 //
265 // Cache Caspuleheader to the array, this array is uniqued with certain CapsuleGuid.
266 //
267 CapsulePtrCache[CapsuleNumber++] = (VOID*)CapsuleHeader;
268 //
269 // When a Capsule is listed in CapsulePtrCache, it will be reported in ConfigurationTable
270 // So, report the CapsuleStatus as "processed successfully".
271 //
272 CapsuleStatusArray [Index] = EFI_SUCCESS;
273 }
274 }
275 }
276 if (CapsuleNumber != 0) {
277 Size = sizeof(EFI_CAPSULE_TABLE) + (CapsuleNumber - 1) * sizeof(VOID*);
278 CapsuleTable = AllocateRuntimePool (Size);
279 ASSERT (CapsuleTable != NULL);
280 if (CapsuleTable == NULL) {
281 return EFI_OUT_OF_RESOURCES;
282 }
283 CapsuleTable->CapsuleArrayNumber = CapsuleNumber;
284 CopyMem(&CapsuleTable->CapsulePtr[0], CapsulePtrCache, CapsuleNumber * sizeof(VOID*));
285 Status = gBS->InstallConfigurationTable (&CapsuleGuidCache[CacheIndex], (VOID*)CapsuleTable);
286 ASSERT_EFI_ERROR (Status);
287 }
288 CacheIndex++;
289 }
290
291 REPORT_STATUS_CODE(EFI_PROGRESS_CODE, (EFI_SOFTWARE | PcdGet32(PcdStatusCodeSubClassCapsule) | PcdGet32(PcdCapsuleStatusCodeUpdatingFirmware)));
292
293 //
294 // If Windows UX capsule exist, process it first
295 //
296 for (Index = 0; Index < CapsuleTotalNumber; Index++) {
297 CapsuleHeader = (EFI_CAPSULE_HEADER*) CapsulePtr [Index];
298 if (CompareGuid(&CapsuleHeader->CapsuleGuid ,&gWindowsUxCapsuleGuid)) {
299 DEBUG ((DEBUG_INFO, "ProcessCapsuleImage (Ux) - 0x%x\n", CapsuleHeader));
300 DisplayCapsuleExist = TRUE;
301 DEBUG ((DEBUG_INFO, "Display logo capsule is found.\n"));
302 Status = ProcessCapsuleImage (CapsuleHeader);
303 DEBUG((DEBUG_INFO, "ProcessCapsuleImage (Ux) - %r\n", Status));
304 CapsuleStatusArray [Index] = Status;
305 break;
306 }
307 }
308
309 if (!DisplayCapsuleExist) {
310 //
311 // Display Capsule not found. Display the default string.
312 //
313 Print (L"Updating the firmware ......\r\n");
314 }
315
316 //
317 // All capsules left are recognized by platform.
318 //
319 for (Index = 0; Index < CapsuleTotalNumber; Index++) {
320 CapsuleHeader = (EFI_CAPSULE_HEADER*) CapsulePtr [Index];
321 if (!CompareGuid(&CapsuleHeader->CapsuleGuid ,&gWindowsUxCapsuleGuid)) {
322 //
323 // Call capsule library to process capsule image.
324 //
325 EmbeddedDriverCount = 0;
326 if (IsFmpCapsule(CapsuleHeader)) {
327 Status = ValidateFmpCapsule(CapsuleHeader, &EmbeddedDriverCount);
328 if (EFI_ERROR(Status)) {
329 DEBUG((DEBUG_ERROR, "ValidateFmpCapsule failed. Ignore!\n"));
330 continue;
331 }
332 }
333
334 if ((!NeedBlockDriver) || (EmbeddedDriverCount == 0)) {
335 DEBUG((DEBUG_INFO, "ProcessCapsuleImage - 0x%x\n", CapsuleHeader));
336 Status = ProcessCapsuleImage (CapsuleHeader);
337 CapsuleStatusArray [Index] = Status;
338 DEBUG((DEBUG_INFO, "ProcessCapsuleImage - %r\n", Status));
339
340 if (EFI_ERROR(Status)) {
341 REPORT_STATUS_CODE(EFI_ERROR_CODE, (EFI_SOFTWARE | PcdGet32(PcdStatusCodeSubClassCapsule) | PcdGet32(PcdCapsuleStatusCodeUpdateFirmwareFailed)));
342 DEBUG ((DEBUG_ERROR, "Capsule process failed. reset the system!\n"));
343 Print (L"Firmware update failed...\r\n");
344 } else {
345 REPORT_STATUS_CODE(EFI_PROGRESS_CODE, (EFI_SOFTWARE | PcdGet32(PcdStatusCodeSubClassCapsule) | PcdGet32(PcdCapsuleStatusCodeUpdateFirmwareSuccess)));
346 }
347
348 if ((CapsuleHeader->Flags & PcdGet16(PcdSystemRebootAfterCapsuleProcessFlag)) != 0 ||
349 IsFmpCapsule(CapsuleHeader)) {
350 mNeedReset = TRUE;
351 }
352 }
353 }
354 }
355
356 Status = gBS->LocateProtocol(&gEsrtManagementProtocolGuid, NULL, (VOID **)&EsrtManagement);
357 //
358 // Always sync ESRT Cache from FMP Instance
359 //
360 if (!EFI_ERROR(Status)) {
361 EsrtManagement->SyncEsrtFmp();
362 }
363 Status = EFI_SUCCESS;
364
365 Done:
366 //
367 // Free the allocated temp memory space.
368 //
369 if (CapsuleGuidCache != NULL) {
370 FreePool(CapsuleGuidCache);
371 }
372 if (CapsulePtrCache != NULL) {
373 FreePool(CapsulePtrCache);
374 }
375 if (CapsulePtr != NULL) {
376 FreePool(CapsulePtr);
377 }
378
379 REPORT_STATUS_CODE(EFI_PROGRESS_CODE, (EFI_SOFTWARE | PcdGet32(PcdStatusCodeSubClassCapsule) | PcdGet32(PcdCapsuleStatusCodeProcessCapsulesEnd)));
380
381 return Status;
382 }
383
384 /**
385 Do reset system.
386 **/
387 VOID
388 DoResetSystem (
389 VOID
390 )
391 {
392 UINTN Index;
393
394 REPORT_STATUS_CODE(EFI_PROGRESS_CODE, (EFI_SOFTWARE | PcdGet32(PcdStatusCodeSubClassCapsule) | PcdGet32(PcdCapsuleStatusCodeResettingSystem)));
395
396 Print(L"Capsule Request Cold Reboot.\n");
397 DEBUG((DEBUG_INFO, "Capsule Request Cold Reboot."));
398
399 for (Index = 5; Index > 0; Index--) {
400 Print(L"\rResetting system in %d seconds ...", Index);
401 DEBUG((DEBUG_INFO, "\rResetting system in %d seconds ...", Index));
402 gBS->Stall(1000000);
403 }
404
405 gRT->ResetSystem(EfiResetCold, EFI_SUCCESS, 0, NULL);
406
407 CpuDeadLoop();
408 }
409
410 /**
411
412 This routine is called to process capsules.
413
414 Caution: This function may receive untrusted input.
415
416 The capsules reported in EFI_HOB_UEFI_CAPSULE are processed.
417 If there is no EFI_HOB_UEFI_CAPSULE, this routine does nothing.
418
419 This routine should be called twice in BDS.
420 1) The first call must be before EndOfDxe. The system capsules is processed.
421 If device capsule FMP protocols are exposted at this time and device FMP
422 capsule has zero EmbeddedDriverCount, the device capsules are processed.
423 Each individual capsule result is recorded in capsule record variable.
424 System may reset in this function, if reset is required by capsule and
425 all capsules are processed.
426 If not all capsules are processed, reset will be defered to second call.
427
428 2) The second call must be after EndOfDxe and after ConnectAll, so that all
429 device capsule FMP protocols are exposed.
430 The system capsules are skipped. If the device capsules are NOT processed
431 in first call, they are processed here.
432 Each individual capsule result is recorded in capsule record variable.
433 System may reset in this function, if reset is required by capsule
434 processed in first call and second call.
435
436 @retval EFI_SUCCESS There is no error when processing capsules.
437 @retval EFI_OUT_OF_RESOURCES No enough resource to process capsules.
438
439 **/
440 EFI_STATUS
441 EFIAPI
442 ProcessCapsules (
443 VOID
444 )
445 {
446 EFI_STATUS Status;
447
448 if (!mDxeCapsuleLibEndOfDxe) {
449 //
450 // Initialize mAreAllImagesProcessed to be TRUE.
451 //
452 // It will be updated to FALSE in ProcessTheseCapsules()->ProcessCapsuleImage(),
453 // if there is any FMP image in any FMP capsule not processed.
454 //
455 mAreAllImagesProcessed = TRUE;
456
457 Status = ProcessTheseCapsules(TRUE);
458 //
459 // Reboot System if and only if all capsule processed.
460 // If not, defer reset to 2nd process.
461 //
462 if (mNeedReset && mAreAllImagesProcessed) {
463 DoResetSystem();
464 }
465 } else {
466 Status = ProcessTheseCapsules(FALSE);
467 //
468 // Reboot System if required after all capsule processed
469 //
470 if (mNeedReset) {
471 DoResetSystem();
472 }
473 }
474 return Status;
475 }
EFI Development Kit II mirror for PVE