2 UEFI Firmware Management Protocol definition
3 Firmware Management Protocol provides an abstraction for device to provide firmware
4 management support. The base requirements for managing device firmware images include
5 identifying firmware image revision level and programming the image into the device.
7 GetImageInfo() is the only required function. GetImage(), SetImage(),
8 CheckImage(), GetPackageInfo(), and SetPackageInfo() shall return
9 EFI_UNSUPPORTED if not supported by the driver.
11 Copyright (c) 2009 - 2020, Intel Corporation. All rights reserved.<BR>
12 Copyright (c) 2013 - 2014, Hewlett-Packard Development Company, L.P.<BR>
13 SPDX-License-Identifier: BSD-2-Clause-Patent
15 @par Revision Reference:
16 This Protocol is introduced in UEFI Specification 2.3
20 #ifndef __EFI_FIRMWARE_MANAGEMENT_PROTOCOL_H__
21 #define __EFI_FIRMWARE_MANAGEMENT_PROTOCOL_H__
23 #define EFI_FIRMWARE_MANAGEMENT_PROTOCOL_GUID \
25 0x86c77a67, 0xb97, 0x4633, {0xa1, 0x87, 0x49, 0x10, 0x4d, 0x6, 0x85, 0xc7 } \
28 typedef struct _EFI_FIRMWARE_MANAGEMENT_PROTOCOL EFI_FIRMWARE_MANAGEMENT_PROTOCOL
;
31 /// Dependency Expression Opcode
33 #define EFI_FMP_DEP_PUSH_GUID 0x00
34 #define EFI_FMP_DEP_PUSH_VERSION 0x01
35 #define EFI_FMP_DEP_VERSION_STR 0x02
36 #define EFI_FMP_DEP_AND 0x03
37 #define EFI_FMP_DEP_OR 0x04
38 #define EFI_FMP_DEP_NOT 0x05
39 #define EFI_FMP_DEP_TRUE 0x06
40 #define EFI_FMP_DEP_FALSE 0x07
41 #define EFI_FMP_DEP_EQ 0x08
42 #define EFI_FMP_DEP_GT 0x09
43 #define EFI_FMP_DEP_GTE 0x0A
44 #define EFI_FMP_DEP_LT 0x0B
45 #define EFI_FMP_DEP_LTE 0x0C
46 #define EFI_FMP_DEP_END 0x0D
49 /// Image Attribute - Dependency
52 UINT8 Dependencies
[1];
53 } EFI_FIRMWARE_IMAGE_DEP
;
56 /// EFI_FIRMWARE_IMAGE_DESCRIPTOR
60 /// A unique number identifying the firmware image within the device. The number is
61 /// between 1 and DescriptorCount.
65 /// A unique GUID identifying the firmware image type.
69 /// A unique number identifying the firmware image.
73 /// A pointer to a null-terminated string representing the firmware image name.
77 /// Identifies the version of the device firmware. The format is vendor specific and new
78 /// version must have a greater value than an old version.
82 /// A pointer to a null-terminated string representing the firmware image version name.
86 /// Size of the image in bytes. If size=0, then only ImageIndex and ImageTypeId are valid.
90 /// Image attributes that are supported by this device. See 'Image Attribute Definitions'
91 /// for possible returned values of this parameter. A value of 1 indicates the attribute is
92 /// supported and the current setting value is indicated in AttributesSetting. A
93 /// value of 0 indicates the attribute is not supported and the current setting value in
94 /// AttributesSetting is meaningless.
96 UINT64 AttributesSupported
;
98 /// Image attributes. See 'Image Attribute Definitions' for possible returned values of
101 UINT64 AttributesSetting
;
103 /// Image compatibilities. See 'Image Compatibility Definitions' for possible returned
104 /// values of this parameter.
106 UINT64 Compatibilities
;
108 /// Describes the lowest ImageDescriptor version that the device will accept. Only
109 /// present in version 2 or higher.
111 UINT32 LowestSupportedImageVersion
;
113 /// Describes the version that was last attempted to update. If no update attempted the
114 /// value will be 0. If the update attempted was improperly formatted and no version
115 /// number was available then the value will be zero. Only present in version 3 or higher.
116 UINT32 LastAttemptVersion
;
118 /// Describes the status that was last attempted to update. If no update has been attempted
119 /// the value will be LAST_ATTEMPT_STATUS_SUCCESS. Only present in version 3 or higher.
121 UINT32 LastAttemptStatus
;
123 /// An optional number to identify the unique hardware instance within the system for
124 /// devices that may have multiple instances (Example: a plug in pci network card). This
125 /// number must be unique within the namespace of the ImageTypeId GUID and
126 /// ImageIndex. For FMP instances that have multiple descriptors for a single
127 /// hardware instance, all descriptors must have the same HardwareInstance value.
128 /// This number must be consistent between boots and should be based on some sort of
129 /// hardware identified unique id (serial number, etc) whenever possible. If a hardware
130 /// based number is not available the FMP provider may use some other characteristic
131 /// such as device path, bus/dev/function, slot num, etc for generating the
132 /// HardwareInstance. For implementations that will never have more than one
133 /// instance a zero can be used. A zero means the FMP provider is not able to determine a
134 /// unique hardware instance number or a hardware instance number is not needed. Only
135 /// present in version 3 or higher.
137 UINT64 HardwareInstance
;
138 EFI_FIRMWARE_IMAGE_DEP
*Dependencies
;
139 } EFI_FIRMWARE_IMAGE_DESCRIPTOR
;
142 // Image Attribute Definitions
145 /// The attribute IMAGE_ATTRIBUTE_IMAGE_UPDATABLE indicates this device supports firmware
148 #define IMAGE_ATTRIBUTE_IMAGE_UPDATABLE 0x0000000000000001
150 /// The attribute IMAGE_ATTRIBUTE_RESET_REQUIRED indicates a reset of the device is required
151 /// for the new firmware image to take effect after a firmware update. The device is the device hosting
152 /// the firmware image.
154 #define IMAGE_ATTRIBUTE_RESET_REQUIRED 0x0000000000000002
156 /// The attribute IMAGE_ATTRIBUTE_AUTHENTICATION_REQUIRED indicates authentication is
157 /// required to perform the following image operations: GetImage(), SetImage(), and
158 /// CheckImage(). See 'Image Attribute - Authentication'.
160 #define IMAGE_ATTRIBUTE_AUTHENTICATION_REQUIRED 0x0000000000000004
162 /// The attribute IMAGE_ATTRIBUTE_IN_USE indicates the current state of the firmware image.
163 /// This distinguishes firmware images in a device that supports redundant images.
165 #define IMAGE_ATTRIBUTE_IN_USE 0x0000000000000008
167 /// The attribute IMAGE_ATTRIBUTE_UEFI_IMAGE indicates that this image is an EFI compatible image.
169 #define IMAGE_ATTRIBUTE_UEFI_IMAGE 0x0000000000000010
171 /// The attribute IMAGE_ATTRIBUTE_DEPENDENCY indicates that there is an EFI_FIRMWARE_IMAGE_DEP
172 /// section associated with the image.
174 #define IMAGE_ATTRIBUTE_DEPENDENCY 0x0000000000000020
177 // Image Compatibility Definitions
180 /// Values from 0x0000000000000002 thru 0x000000000000FFFF are reserved for future assignments.
181 /// Values from 0x0000000000010000 thru 0xFFFFFFFFFFFFFFFF are used by firmware vendor for
182 /// compatibility check.
184 #define IMAGE_COMPATIBILITY_CHECK_SUPPORTED 0x0000000000000001
187 /// Descriptor Version exposed by GetImageInfo() function
189 #define EFI_FIRMWARE_IMAGE_DESCRIPTOR_VERSION 4
192 /// Image Attribute - Authentication Required
196 /// It is included in the signature of AuthInfo. It is used to ensure freshness/no replay.
197 /// It is incremented during each firmware image operation.
199 UINT64 MonotonicCount
;
201 /// Provides the authorization for the firmware image operations. It is a signature across
202 /// the image data and the Monotonic Count value. Caller uses the private key that is
203 /// associated with a public key that has been provisioned via the key exchange.
204 /// Because this is defined as a signature, WIN_CERTIFICATE_UEFI_GUID.CertType must
205 /// be EFI_CERT_TYPE_PKCS7_GUID.
207 WIN_CERTIFICATE_UEFI_GUID AuthInfo
;
208 } EFI_FIRMWARE_IMAGE_AUTHENTICATION
;
211 // ImageUpdatable Definitions
214 /// IMAGE_UPDATABLE_VALID indicates SetImage() will accept the new image and update the
215 /// device with the new image. The version of the new image could be higher or lower than
216 /// the current image. SetImage VendorCode is optional but can be used for vendor
219 #define IMAGE_UPDATABLE_VALID 0x0000000000000001
221 /// IMAGE_UPDATABLE_INVALID indicates SetImage() will reject the new image. No additional
222 /// information is provided for the rejection.
224 #define IMAGE_UPDATABLE_INVALID 0x0000000000000002
226 /// IMAGE_UPDATABLE_INVALID_TYPE indicates SetImage() will reject the new image. The
227 /// rejection is due to the new image is not a firmware image recognized for this device.
229 #define IMAGE_UPDATABLE_INVALID_TYPE 0x0000000000000004
231 /// IMAGE_UPDATABLE_INVALID_OLD indicates SetImage() will reject the new image. The
232 /// rejection is due to the new image version is older than the current firmware image
233 /// version in the device. The device firmware update policy does not support firmware
234 /// version downgrade.
236 #define IMAGE_UPDATABLE_INVALID_OLD 0x0000000000000008
238 /// IMAGE_UPDATABLE_VALID_WITH_VENDOR_CODE indicates SetImage() will accept and update
239 /// the new image only if a correct VendorCode is provided or else image would be
240 /// rejected and SetImage will return appropriate error.
242 #define IMAGE_UPDATABLE_VALID_WITH_VENDOR_CODE 0x0000000000000010
245 // Package Attribute Definitions
248 /// The attribute PACKAGE_ATTRIBUTE_VERSION_UPDATABLE indicates this device supports the
249 /// update of the firmware package version.
251 #define PACKAGE_ATTRIBUTE_VERSION_UPDATABLE 0x0000000000000001
253 /// The attribute PACKAGE_ATTRIBUTE_RESET_REQUIRED indicates a reset of the device is
254 /// required for the new package info to take effect after an update.
256 #define PACKAGE_ATTRIBUTE_RESET_REQUIRED 0x0000000000000002
258 /// The attribute PACKAGE_ATTRIBUTE_AUTHENTICATION_REQUIRED indicates authentication
259 /// is required to update the package info.
261 #define PACKAGE_ATTRIBUTE_AUTHENTICATION_REQUIRED 0x0000000000000004
264 Callback function to report the process of the firmware updating.
266 @param[in] Completion A value between 1 and 100 indicating the current completion
267 progress of the firmware update. Completion progress is
268 reported as from 1 to 100 percent. A value of 0 is used by
269 the driver to indicate that progress reporting is not supported.
271 @retval EFI_SUCCESS SetImage() continues to do the callback if supported.
272 @retval other SetImage() discontinues the callback and completes
273 the update and returns.
278 (EFIAPI
*EFI_FIRMWARE_MANAGEMENT_UPDATE_IMAGE_PROGRESS
)(
283 Returns information about the current firmware image(s) of the device.
285 This function allows a copy of the current firmware image to be created and saved.
286 The saved copy could later been used, for example, in firmware image recovery or rollback.
288 @param[in] This A pointer to the EFI_FIRMWARE_MANAGEMENT_PROTOCOL instance.
289 @param[in, out] ImageInfoSize A pointer to the size, in bytes, of the ImageInfo buffer.
290 On input, this is the size of the buffer allocated by the caller.
291 On output, it is the size of the buffer returned by the firmware
292 if the buffer was large enough, or the size of the buffer needed
293 to contain the image(s) information if the buffer was too small.
294 @param[in, out] ImageInfo A pointer to the buffer in which firmware places the current image(s)
295 information. The information is an array of EFI_FIRMWARE_IMAGE_DESCRIPTORs.
296 @param[out] DescriptorVersion A pointer to the location in which firmware returns the version number
297 associated with the EFI_FIRMWARE_IMAGE_DESCRIPTOR.
298 @param[out] DescriptorCount A pointer to the location in which firmware returns the number of
299 descriptors or firmware images within this device.
300 @param[out] DescriptorSize A pointer to the location in which firmware returns the size, in bytes,
301 of an individual EFI_FIRMWARE_IMAGE_DESCRIPTOR.
302 @param[out] PackageVersion A version number that represents all the firmware images in the device.
303 The format is vendor specific and new version must have a greater value
304 than the old version. If PackageVersion is not supported, the value is
305 0xFFFFFFFF. A value of 0xFFFFFFFE indicates that package version comparison
306 is to be performed using PackageVersionName. A value of 0xFFFFFFFD indicates
307 that package version update is in progress.
308 @param[out] PackageVersionName A pointer to a pointer to a null-terminated string representing the
309 package version name. The buffer is allocated by this function with
310 AllocatePool(), and it is the caller's responsibility to free it with a call
313 @retval EFI_SUCCESS The device was successfully updated with the new image.
314 @retval EFI_BUFFER_TOO_SMALL The ImageInfo buffer was too small. The current buffer size
315 needed to hold the image(s) information is returned in ImageInfoSize.
316 @retval EFI_INVALID_PARAMETER ImageInfoSize is NULL.
317 @retval EFI_DEVICE_ERROR Valid information could not be returned. Possible corrupted image.
322 (EFIAPI
*EFI_FIRMWARE_MANAGEMENT_PROTOCOL_GET_IMAGE_INFO
)(
323 IN EFI_FIRMWARE_MANAGEMENT_PROTOCOL
*This
,
324 IN OUT UINTN
*ImageInfoSize
,
325 IN OUT EFI_FIRMWARE_IMAGE_DESCRIPTOR
*ImageInfo
,
326 OUT UINT32
*DescriptorVersion
,
327 OUT UINT8
*DescriptorCount
,
328 OUT UINTN
*DescriptorSize
,
329 OUT UINT32
*PackageVersion
,
330 OUT CHAR16
**PackageVersionName
334 Retrieves a copy of the current firmware image of the device.
336 This function allows a copy of the current firmware image to be created and saved.
337 The saved copy could later been used, for example, in firmware image recovery or rollback.
339 @param[in] This A pointer to the EFI_FIRMWARE_MANAGEMENT_PROTOCOL instance.
340 @param[in] ImageIndex A unique number identifying the firmware image(s) within the device.
341 The number is between 1 and DescriptorCount.
342 @param[out] Image Points to the buffer where the current image is copied to.
343 @param[in, out] ImageSize On entry, points to the size of the buffer pointed to by Image, in bytes.
344 On return, points to the length of the image, in bytes.
346 @retval EFI_SUCCESS The device was successfully updated with the new image.
347 @retval EFI_BUFFER_TOO_SMALL The buffer specified by ImageSize is too small to hold the
348 image. The current buffer size needed to hold the image is returned
350 @retval EFI_INVALID_PARAMETER The Image was NULL.
351 @retval EFI_NOT_FOUND The current image is not copied to the buffer.
352 @retval EFI_UNSUPPORTED The operation is not supported.
353 @retval EFI_SECURITY_VIOLATION The operation could not be performed due to an authentication failure.
358 (EFIAPI
*EFI_FIRMWARE_MANAGEMENT_PROTOCOL_GET_IMAGE
)(
359 IN EFI_FIRMWARE_MANAGEMENT_PROTOCOL
*This
,
362 IN OUT UINTN
*ImageSize
366 Updates the firmware image of the device.
368 This function updates the hardware with the new firmware image.
369 This function returns EFI_UNSUPPORTED if the firmware image is not updatable.
370 If the firmware image is updatable, the function should perform the following minimal validations
371 before proceeding to do the firmware image update.
372 - Validate the image authentication if image has attribute
373 IMAGE_ATTRIBUTE_AUTHENTICATION_REQUIRED. The function returns
374 EFI_SECURITY_VIOLATION if the validation fails.
375 - Validate the image is a supported image for this device. The function returns EFI_ABORTED if
376 the image is unsupported. The function can optionally provide more detailed information on
377 why the image is not a supported image.
378 - Validate the data from VendorCode if not null. Image validation must be performed before
379 VendorCode data validation. VendorCode data is ignored or considered invalid if image
380 validation failed. The function returns EFI_ABORTED if the data is invalid.
382 VendorCode enables vendor to implement vendor-specific firmware image update policy. Null if
383 the caller did not specify the policy or use the default policy. As an example, vendor can implement
384 a policy to allow an option to force a firmware image update when the abort reason is due to the new
385 firmware image version is older than the current firmware image version or bad image checksum.
386 Sensitive operations such as those wiping the entire firmware image and render the device to be
387 non-functional should be encoded in the image itself rather than passed with the VendorCode.
388 AbortReason enables vendor to have the option to provide a more detailed description of the abort
389 reason to the caller.
391 @param[in] This A pointer to the EFI_FIRMWARE_MANAGEMENT_PROTOCOL instance.
392 @param[in] ImageIndex A unique number identifying the firmware image(s) within the device.
393 The number is between 1 and DescriptorCount.
394 @param[in] Image Points to the new image.
395 @param[in] ImageSize Size of the new image in bytes.
396 @param[in] VendorCode This enables vendor to implement vendor-specific firmware image update policy.
397 Null indicates the caller did not specify the policy or use the default policy.
398 @param[in] Progress A function used by the driver to report the progress of the firmware update.
399 @param[out] AbortReason A pointer to a pointer to a null-terminated string providing more
400 details for the aborted operation. The buffer is allocated by this function
401 with AllocatePool(), and it is the caller's responsibility to free it with a
404 @retval EFI_SUCCESS The device was successfully updated with the new image.
405 @retval EFI_ABORTED The operation is aborted.
406 @retval EFI_INVALID_PARAMETER The Image was NULL.
407 @retval EFI_UNSUPPORTED The operation is not supported.
408 @retval EFI_SECURITY_VIOLATION The operation could not be performed due to an authentication failure.
413 (EFIAPI
*EFI_FIRMWARE_MANAGEMENT_PROTOCOL_SET_IMAGE
)(
414 IN EFI_FIRMWARE_MANAGEMENT_PROTOCOL
*This
,
416 IN CONST VOID
*Image
,
418 IN CONST VOID
*VendorCode
,
419 IN EFI_FIRMWARE_MANAGEMENT_UPDATE_IMAGE_PROGRESS Progress
,
420 OUT CHAR16
**AbortReason
424 Checks if the firmware image is valid for the device.
426 This function allows firmware update application to validate the firmware image without
427 invoking the SetImage() first.
429 @param[in] This A pointer to the EFI_FIRMWARE_MANAGEMENT_PROTOCOL instance.
430 @param[in] ImageIndex A unique number identifying the firmware image(s) within the device.
431 The number is between 1 and DescriptorCount.
432 @param[in] Image Points to the new image.
433 @param[in] ImageSize Size of the new image in bytes.
434 @param[out] ImageUpdatable Indicates if the new image is valid for update. It also provides,
435 if available, additional information if the image is invalid.
437 @retval EFI_SUCCESS The image was successfully checked.
438 @retval EFI_INVALID_PARAMETER The Image was NULL.
439 @retval EFI_UNSUPPORTED The operation is not supported.
440 @retval EFI_SECURITY_VIOLATION The operation could not be performed due to an authentication failure.
445 (EFIAPI
*EFI_FIRMWARE_MANAGEMENT_PROTOCOL_CHECK_IMAGE
)(
446 IN EFI_FIRMWARE_MANAGEMENT_PROTOCOL
*This
,
448 IN CONST VOID
*Image
,
450 OUT UINT32
*ImageUpdatable
454 Returns information about the firmware package.
456 This function returns package information.
458 @param[in] This A pointer to the EFI_FIRMWARE_MANAGEMENT_PROTOCOL instance.
459 @param[out] PackageVersion A version number that represents all the firmware images in the device.
460 The format is vendor specific and new version must have a greater value
461 than the old version. If PackageVersion is not supported, the value is
462 0xFFFFFFFF. A value of 0xFFFFFFFE indicates that package version
463 comparison is to be performed using PackageVersionName. A value of
464 0xFFFFFFFD indicates that package version update is in progress.
465 @param[out] PackageVersionName A pointer to a pointer to a null-terminated string representing
466 the package version name. The buffer is allocated by this function with
467 AllocatePool(), and it is the caller's responsibility to free it with a
469 @param[out] PackageVersionNameMaxLen The maximum length of package version name if device supports update of
470 package version name. A value of 0 indicates the device does not support
471 update of package version name. Length is the number of Unicode characters,
472 including the terminating null character.
473 @param[out] AttributesSupported Package attributes that are supported by this device. See 'Package Attribute
474 Definitions' for possible returned values of this parameter. A value of 1
475 indicates the attribute is supported and the current setting value is
476 indicated in AttributesSetting. A value of 0 indicates the attribute is not
477 supported and the current setting value in AttributesSetting is meaningless.
478 @param[out] AttributesSetting Package attributes. See 'Package Attribute Definitions' for possible returned
479 values of this parameter
481 @retval EFI_SUCCESS The package information was successfully returned.
482 @retval EFI_UNSUPPORTED The operation is not supported.
487 (EFIAPI
*EFI_FIRMWARE_MANAGEMENT_PROTOCOL_GET_PACKAGE_INFO
)(
488 IN EFI_FIRMWARE_MANAGEMENT_PROTOCOL
*This
,
489 OUT UINT32
*PackageVersion
,
490 OUT CHAR16
**PackageVersionName
,
491 OUT UINT32
*PackageVersionNameMaxLen
,
492 OUT UINT64
*AttributesSupported
,
493 OUT UINT64
*AttributesSetting
497 Updates information about the firmware package.
499 This function updates package information.
500 This function returns EFI_UNSUPPORTED if the package information is not updatable.
501 VendorCode enables vendor to implement vendor-specific package information update policy.
502 Null if the caller did not specify this policy or use the default policy.
504 @param[in] This A pointer to the EFI_FIRMWARE_MANAGEMENT_PROTOCOL instance.
505 @param[in] Image Points to the authentication image.
506 Null if authentication is not required.
507 @param[in] ImageSize Size of the authentication image in bytes.
508 0 if authentication is not required.
509 @param[in] VendorCode This enables vendor to implement vendor-specific firmware
511 Null indicates the caller did not specify this policy or use
513 @param[in] PackageVersion The new package version.
514 @param[in] PackageVersionName A pointer to the new null-terminated Unicode string representing
515 the package version name.
516 The string length is equal to or less than the value returned in
517 PackageVersionNameMaxLen.
519 @retval EFI_SUCCESS The device was successfully updated with the new package
521 @retval EFI_INVALID_PARAMETER The PackageVersionName length is longer than the value
522 returned in PackageVersionNameMaxLen.
523 @retval EFI_UNSUPPORTED The operation is not supported.
524 @retval EFI_SECURITY_VIOLATION The operation could not be performed due to an authentication failure.
529 (EFIAPI
*EFI_FIRMWARE_MANAGEMENT_PROTOCOL_SET_PACKAGE_INFO
)(
530 IN EFI_FIRMWARE_MANAGEMENT_PROTOCOL
*This
,
531 IN CONST VOID
*Image
,
533 IN CONST VOID
*VendorCode
,
534 IN UINT32 PackageVersion
,
535 IN CONST CHAR16
*PackageVersionName
539 /// EFI_FIRMWARE_MANAGEMENT_PROTOCOL
540 /// The protocol for managing firmware provides the following services.
541 /// - Get the attributes of the current firmware image. Attributes include revision level.
542 /// - Get a copy of the current firmware image. As an example, this service could be used by a
543 /// management application to facilitate a firmware roll-back.
544 /// - Program the device with a firmware image supplied by the user.
545 /// - Label all the firmware images within a device with a single version.
547 struct _EFI_FIRMWARE_MANAGEMENT_PROTOCOL
{
548 EFI_FIRMWARE_MANAGEMENT_PROTOCOL_GET_IMAGE_INFO GetImageInfo
;
549 EFI_FIRMWARE_MANAGEMENT_PROTOCOL_GET_IMAGE GetImage
;
550 EFI_FIRMWARE_MANAGEMENT_PROTOCOL_SET_IMAGE SetImage
;
551 EFI_FIRMWARE_MANAGEMENT_PROTOCOL_CHECK_IMAGE CheckImage
;
552 EFI_FIRMWARE_MANAGEMENT_PROTOCOL_GET_PACKAGE_INFO GetPackageInfo
;
553 EFI_FIRMWARE_MANAGEMENT_PROTOCOL_SET_PACKAGE_INFO SetPackageInfo
;
556 extern EFI_GUID gEfiFirmwareManagementProtocolGuid
;