SignedCapsulePkg: Update EdkiiSystemCapsuleLib to check PCD value
[mirror_edk2.git] / SignedCapsulePkg / Library / EdkiiSystemCapsuleLib / EdkiiSystemCapsuleLib.c
1 /** @file
2 EDKII System Capsule library.
3
4 EDKII System Capsule library instance.
5
6 CapsuleAuthenticateSystemFirmware(), ExtractAuthenticatedImage() will receive
7 untrusted input and do basic validation.
8
9 Copyright (c) 2016 - 2017, Intel Corporation. All rights reserved.<BR>
10 This program and the accompanying materials
11 are licensed and made available under the terms and conditions of the BSD License
12 which accompanies this distribution. The full text of the license may be found at
13 http://opensource.org/licenses/bsd-license.php
14
15 THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
16 WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
17
18 **/
19
20 #include <PiDxe.h>
21
22 #include <Guid/SystemResourceTable.h>
23 #include <Guid/FirmwareContentsSigned.h>
24 #include <Guid/WinCertificate.h>
25 #include <Guid/EdkiiSystemFmpCapsule.h>
26 #include <Guid/WinCertificate.h>
27 #include <Guid/ImageAuthentication.h>
28
29 #include <Library/BaseLib.h>
30 #include <Library/BaseMemoryLib.h>
31 #include <Library/DebugLib.h>
32 #include <Library/PcdLib.h>
33 #include <Library/MemoryAllocationLib.h>
34 #include <Library/EdkiiSystemCapsuleLib.h>
35 #include <Library/FmpAuthenticationLib.h>
36
37 #include <Protocol/FirmwareManagement.h>
38
39 EDKII_SYSTEM_FIRMWARE_IMAGE_DESCRIPTOR *mImageFmpInfo;
40 UINTN mImageFmpInfoSize;
41 EFI_GUID mEdkiiSystemFirmwareFileGuid;
42
43 /**
44 Check if a block of buffer is erased.
45
46 @param[in] ErasePolarity Erase polarity attribute of the firmware volume
47 @param[in] InBuffer The buffer to be checked
48 @param[in] BufferSize Size of the buffer in bytes
49
50 @retval TRUE The block of buffer is erased
51 @retval FALSE The block of buffer is not erased
52 **/
53 BOOLEAN
54 IsBufferErased (
55 IN UINT8 ErasePolarity,
56 IN VOID *InBuffer,
57 IN UINTN BufferSize
58 )
59 {
60 UINTN Count;
61 UINT8 EraseByte;
62 UINT8 *Buffer;
63
64 if(ErasePolarity == 1) {
65 EraseByte = 0xFF;
66 } else {
67 EraseByte = 0;
68 }
69
70 Buffer = InBuffer;
71 for (Count = 0; Count < BufferSize; Count++) {
72 if (Buffer[Count] != EraseByte) {
73 return FALSE;
74 }
75 }
76
77 return TRUE;
78 }
79
80 /**
81 Get Section buffer pointer by SectionType and SectionInstance.
82
83 @param[in] SectionBuffer The buffer of section
84 @param[in] SectionBufferSize The size of SectionBuffer in bytes
85 @param[in] SectionType The SectionType of Section to be found
86 @param[in] SectionInstance The Instance of Section to be found
87 @param[out] OutSectionBuffer The section found, including SECTION_HEADER
88 @param[out] OutSectionSize The size of section found, including SECTION_HEADER
89
90 @retval TRUE The FFS buffer is found.
91 @retval FALSE The FFS buffer is not found.
92 **/
93 BOOLEAN
94 GetSectionByType (
95 IN VOID *SectionBuffer,
96 IN UINT32 SectionBufferSize,
97 IN EFI_SECTION_TYPE SectionType,
98 IN UINTN SectionInstance,
99 OUT VOID **OutSectionBuffer,
100 OUT UINTN *OutSectionSize
101 )
102 {
103 EFI_COMMON_SECTION_HEADER *SectionHeader;
104 UINTN SectionSize;
105 UINTN Instance;
106
107 DEBUG ((DEBUG_INFO, "GetSectionByType - Buffer: 0x%08x - 0x%08x\n", SectionBuffer, SectionBufferSize));
108
109 //
110 // Find Section
111 //
112 SectionHeader = SectionBuffer;
113
114 Instance = 0;
115 while ((UINTN)SectionHeader < (UINTN)SectionBuffer + SectionBufferSize) {
116 DEBUG ((DEBUG_INFO, "GetSectionByType - Section: 0x%08x\n", SectionHeader));
117 if (IS_SECTION2(SectionHeader)) {
118 SectionSize = SECTION2_SIZE(SectionHeader);
119 } else {
120 SectionSize = SECTION_SIZE(SectionHeader);
121 }
122
123 if (SectionHeader->Type == SectionType) {
124 if (Instance == SectionInstance) {
125 *OutSectionBuffer = (UINT8 *)SectionHeader;
126 *OutSectionSize = SectionSize;
127 DEBUG((DEBUG_INFO, "GetSectionByType - 0x%x - 0x%x\n", *OutSectionBuffer, *OutSectionSize));
128 return TRUE;
129 } else {
130 DEBUG((DEBUG_INFO, "GetSectionByType - find section instance %x\n", Instance));
131 Instance++;
132 }
133 } else {
134 //
135 // Skip other section type
136 //
137 DEBUG ((DEBUG_INFO, "GetSectionByType - other section type 0x%x\n", SectionHeader->Type));
138 }
139
140 //
141 // Next Section
142 //
143 SectionHeader = (EFI_COMMON_SECTION_HEADER *)((UINTN)SectionHeader + ALIGN_VALUE(SectionSize, 4));
144 }
145
146 return FALSE;
147 }
148
149 /**
150 Get FFS buffer pointer by FileName GUID and FileType.
151
152 @param[in] FdStart The System Firmware FD image
153 @param[in] FdSize The size of System Firmware FD image
154 @param[in] FileName The FileName GUID of FFS to be found
155 @param[in] Type The FileType of FFS to be found
156 @param[out] OutFfsBuffer The FFS buffer found, including FFS_FILE_HEADER
157 @param[out] OutFfsBufferSize The size of FFS buffer found, including FFS_FILE_HEADER
158
159 @retval TRUE The FFS buffer is found.
160 @retval FALSE The FFS buffer is not found.
161 **/
162 BOOLEAN
163 GetFfsByName (
164 IN VOID *FdStart,
165 IN UINTN FdSize,
166 IN EFI_GUID *FileName,
167 IN EFI_FV_FILETYPE Type,
168 OUT VOID **OutFfsBuffer,
169 OUT UINTN *OutFfsBufferSize
170 )
171 {
172 UINTN FvSize;
173 EFI_FIRMWARE_VOLUME_HEADER *FvHeader;
174 EFI_FIRMWARE_VOLUME_EXT_HEADER *FvExtHeader;
175 EFI_FFS_FILE_HEADER *FfsHeader;
176 UINT32 FfsSize;
177 UINTN TestLength;
178 BOOLEAN FvFound;
179
180 DEBUG ((DEBUG_INFO, "GetFfsByName - FV: 0x%08x - 0x%08x\n", (UINTN)FdStart, (UINTN)FdSize));
181
182 FvFound = FALSE;
183 FvHeader = (EFI_FIRMWARE_VOLUME_HEADER *)FdStart;
184 while ((UINTN)FvHeader < (UINTN)FdStart + FdSize - 1) {
185 FvSize = (UINTN)FdStart + FdSize - (UINTN)FvHeader;
186
187 if (FvHeader->Signature != EFI_FVH_SIGNATURE) {
188 FvHeader = (EFI_FIRMWARE_VOLUME_HEADER *)((UINTN)FvHeader + SIZE_4KB);
189 continue;
190 }
191 DEBUG((DEBUG_ERROR, "checking FV....0x%08x - 0x%x\n", FvHeader, FvHeader->FvLength));
192 FvFound = TRUE;
193 if (FvHeader->FvLength > FvSize) {
194 DEBUG((DEBUG_ERROR, "GetFfsByName - FvSize: 0x%08x, MaxSize - 0x%08x\n", (UINTN)FvHeader->FvLength, (UINTN)FvSize));
195 return FALSE;
196 }
197 FvSize = (UINTN)FvHeader->FvLength;
198
199 //
200 // Find FFS
201 //
202 if (FvHeader->ExtHeaderOffset != 0) {
203 FvExtHeader = (EFI_FIRMWARE_VOLUME_EXT_HEADER *)((UINT8 *)FvHeader + FvHeader->ExtHeaderOffset);
204 FfsHeader = (EFI_FFS_FILE_HEADER *)((UINT8 *)FvExtHeader + FvExtHeader->ExtHeaderSize);
205 } else {
206 FfsHeader = (EFI_FFS_FILE_HEADER *)((UINT8 *)FvHeader + FvHeader->HeaderLength);
207 }
208 FfsHeader = (EFI_FFS_FILE_HEADER *)((UINTN)FvHeader + ALIGN_VALUE((UINTN)FfsHeader - (UINTN)FvHeader, 8));
209
210 while ((UINTN)FfsHeader < (UINTN)FvHeader + FvSize - 1) {
211 DEBUG((DEBUG_INFO, "GetFfsByName - FFS: 0x%08x\n", FfsHeader));
212 TestLength = (UINTN)((UINTN)FvHeader + FvSize - (UINTN)FfsHeader);
213 if (TestLength > sizeof(EFI_FFS_FILE_HEADER)) {
214 TestLength = sizeof(EFI_FFS_FILE_HEADER);
215 }
216 if (IsBufferErased(1, FfsHeader, TestLength)) {
217 break;
218 }
219
220 if (IS_FFS_FILE2(FfsHeader)) {
221 FfsSize = FFS_FILE2_SIZE(FfsHeader);
222 } else {
223 FfsSize = FFS_FILE_SIZE(FfsHeader);
224 }
225
226 if (CompareGuid(FileName, &FfsHeader->Name) &&
227 ((Type == EFI_FV_FILETYPE_ALL) || (FfsHeader->Type == Type))) {
228 //
229 // Check section
230 //
231 *OutFfsBuffer = FfsHeader;
232 *OutFfsBufferSize = FfsSize;
233 return TRUE;
234 } else {
235 //
236 // Any other type is not allowed
237 //
238 DEBUG((DEBUG_INFO, "GetFfsByName - other FFS type 0x%x, name %g\n", FfsHeader->Type, &FfsHeader->Name));
239 }
240
241 //
242 // Next File
243 //
244 FfsHeader = (EFI_FFS_FILE_HEADER *)((UINTN)FfsHeader + ALIGN_VALUE(FfsSize, 8));
245 }
246
247 //
248 // Next FV
249 //
250 FvHeader = (VOID *)(UINTN)((UINTN)FvHeader + FvHeader->FvLength);
251 DEBUG((DEBUG_ERROR, "Next FV....0x%08x - 0x%x\n", FvHeader, FvHeader->FvLength));
252 }
253
254 if (!FvFound) {
255 DEBUG((DEBUG_ERROR, "GetFfsByName - NO FV Found\n"));
256 }
257 return FALSE;
258 }
259
260 /**
261 Extract the driver FV from an authenticated image.
262
263 @param[in] AuthenticatedImage The authenticated capsule image.
264 @param[in] AuthenticatedImageSize The size of the authenticated capsule image in bytes.
265 @param[out] DriverFvImage The driver FV image.
266 @param[out] DriverFvImageSize The size of the driver FV image in bytes.
267
268 @retval TRUE The driver Fv is extracted.
269 @retval FALSE The driver Fv is not extracted.
270 **/
271 BOOLEAN
272 EFIAPI
273 ExtractDriverFvImage (
274 IN VOID *AuthenticatedImage,
275 IN UINTN AuthenticatedImageSize,
276 OUT VOID **DriverFvImage,
277 OUT UINTN *DriverFvImageSize
278 )
279 {
280 BOOLEAN Result;
281 UINT32 FileHeaderSize;
282
283 *DriverFvImage = NULL;
284 *DriverFvImageSize = 0;
285
286 Result = GetFfsByName(AuthenticatedImage, AuthenticatedImageSize, &gEdkiiSystemFmpCapsuleDriverFvFileGuid, EFI_FV_FILETYPE_RAW, DriverFvImage, DriverFvImageSize);
287 if (!Result) {
288 return FALSE;
289 }
290
291 if (IS_FFS_FILE2(*DriverFvImage)) {
292 FileHeaderSize = sizeof(EFI_FFS_FILE_HEADER2);
293 } else {
294 FileHeaderSize = sizeof(EFI_FFS_FILE_HEADER);
295 }
296 *DriverFvImage = (UINT8 *)*DriverFvImage + FileHeaderSize;
297 *DriverFvImageSize = *DriverFvImageSize - FileHeaderSize;
298
299 return Result;
300 }
301
302 /**
303 Extract the config image from an authenticated image.
304
305 @param[in] AuthenticatedImage The authenticated capsule image.
306 @param[in] AuthenticatedImageSize The size of the authenticated capsule image in bytes.
307 @param[out] ConfigImage The config image.
308 @param[out] ConfigImageSize The size of the config image in bytes.
309
310 @retval TRUE The config image is extracted.
311 @retval FALSE The config image is not extracted.
312 **/
313 BOOLEAN
314 EFIAPI
315 ExtractConfigImage (
316 IN VOID *AuthenticatedImage,
317 IN UINTN AuthenticatedImageSize,
318 OUT VOID **ConfigImage,
319 OUT UINTN *ConfigImageSize
320 )
321 {
322 BOOLEAN Result;
323 UINT32 FileHeaderSize;
324
325 *ConfigImage = NULL;
326 *ConfigImageSize = 0;
327
328 Result = GetFfsByName(AuthenticatedImage, AuthenticatedImageSize, &gEdkiiSystemFmpCapsuleConfigFileGuid, EFI_FV_FILETYPE_RAW, ConfigImage, ConfigImageSize);
329 if (!Result) {
330 return FALSE;
331 }
332
333 if (IS_FFS_FILE2(*ConfigImage)) {
334 FileHeaderSize = sizeof(EFI_FFS_FILE_HEADER2);
335 } else {
336 FileHeaderSize = sizeof(EFI_FFS_FILE_HEADER);
337 }
338 *ConfigImage = (UINT8 *)*ConfigImage + FileHeaderSize;
339 *ConfigImageSize = *ConfigImageSize - FileHeaderSize;
340
341 return Result;
342 }
343
344 /**
345 Extract the authenticated image from an FMP capsule image.
346
347 Caution: This function may receive untrusted input.
348
349 @param[in] Image The FMP capsule image, including EFI_FIRMWARE_IMAGE_AUTHENTICATION.
350 @param[in] ImageSize The size of FMP capsule image in bytes.
351 @param[out] LastAttemptStatus The last attempt status, which will be recorded in ESRT and FMP EFI_FIRMWARE_IMAGE_DESCRIPTOR.
352 @param[out] AuthenticatedImage The authenticated capsule image, excluding EFI_FIRMWARE_IMAGE_AUTHENTICATION.
353 @param[out] AuthenticatedImageSize The size of the authenticated capsule image in bytes.
354
355 @retval TRUE The authenticated image is extracted.
356 @retval FALSE The authenticated image is not extracted.
357 **/
358 BOOLEAN
359 EFIAPI
360 ExtractAuthenticatedImage (
361 IN VOID *Image,
362 IN UINTN ImageSize,
363 OUT UINT32 *LastAttemptStatus,
364 OUT VOID **AuthenticatedImage,
365 OUT UINTN *AuthenticatedImageSize
366 )
367 {
368 EFI_FIRMWARE_IMAGE_AUTHENTICATION *ImageAuth;
369 EFI_STATUS Status;
370 GUID *CertType;
371 VOID *PublicKeyData;
372 UINTN PublicKeyDataLength;
373
374 DEBUG((DEBUG_INFO, "ExtractAuthenticatedImage - Image: 0x%08x - 0x%08x\n", (UINTN)Image, (UINTN)ImageSize));
375
376 *LastAttemptStatus = LAST_ATTEMPT_STATUS_ERROR_INVALID_FORMAT;
377 if ((Image == NULL) || (ImageSize == 0)) {
378 return FALSE;
379 }
380
381 ImageAuth = (EFI_FIRMWARE_IMAGE_AUTHENTICATION *)Image;
382 if (ImageSize < sizeof(EFI_FIRMWARE_IMAGE_AUTHENTICATION)) {
383 DEBUG((DEBUG_ERROR, "ExtractAuthenticatedImage - ImageSize too small\n"));
384 return FALSE;
385 }
386 if (ImageAuth->AuthInfo.Hdr.dwLength <= OFFSET_OF(WIN_CERTIFICATE_UEFI_GUID, CertData)) {
387 DEBUG((DEBUG_ERROR, "ExtractAuthenticatedImage - dwLength too small\n"));
388 return FALSE;
389 }
390 if ((UINTN) ImageAuth->AuthInfo.Hdr.dwLength > MAX_UINTN - sizeof(UINT64)) {
391 DEBUG((DEBUG_ERROR, "ExtractAuthenticatedImage - dwLength too big\n"));
392 return FALSE;
393 }
394 if (ImageSize <= sizeof(ImageAuth->MonotonicCount) + ImageAuth->AuthInfo.Hdr.dwLength) {
395 DEBUG((DEBUG_ERROR, "ExtractAuthenticatedImage - ImageSize too small\n"));
396 return FALSE;
397 }
398 if (ImageAuth->AuthInfo.Hdr.wRevision != 0x0200) {
399 DEBUG((DEBUG_ERROR, "ExtractAuthenticatedImage - wRevision: 0x%02x, expect - 0x%02x\n", (UINTN)ImageAuth->AuthInfo.Hdr.wRevision, (UINTN)0x0200));
400 return FALSE;
401 }
402 if (ImageAuth->AuthInfo.Hdr.wCertificateType != WIN_CERT_TYPE_EFI_GUID) {
403 DEBUG((DEBUG_ERROR, "ExtractAuthenticatedImage - wCertificateType: 0x%02x, expect - 0x%02x\n", (UINTN)ImageAuth->AuthInfo.Hdr.wCertificateType, (UINTN)WIN_CERT_TYPE_EFI_GUID));
404 return FALSE;
405 }
406
407 CertType = &ImageAuth->AuthInfo.CertType;
408 DEBUG((DEBUG_INFO, "ExtractAuthenticatedImage - CertType: %g\n", CertType));
409
410 if (CompareGuid(&gEfiCertPkcs7Guid, CertType)) {
411 PublicKeyData = PcdGetPtr(PcdPkcs7CertBuffer);
412 PublicKeyDataLength = PcdGetSize(PcdPkcs7CertBuffer);
413 } else if (CompareGuid(&gEfiCertTypeRsa2048Sha256Guid, CertType)) {
414 PublicKeyData = PcdGetPtr(PcdRsa2048Sha256PublicKeyBuffer);
415 PublicKeyDataLength = PcdGetSize(PcdRsa2048Sha256PublicKeyBuffer);
416 } else {
417 return FALSE;
418 }
419 ASSERT (PublicKeyData != NULL);
420 ASSERT (PublicKeyDataLength != 0);
421
422 Status = AuthenticateFmpImage(
423 ImageAuth,
424 ImageSize,
425 PublicKeyData,
426 PublicKeyDataLength
427 );
428 switch (Status) {
429 case RETURN_SUCCESS:
430 *LastAttemptStatus = LAST_ATTEMPT_STATUS_SUCCESS;
431 break;
432 case RETURN_SECURITY_VIOLATION:
433 *LastAttemptStatus = LAST_ATTEMPT_STATUS_ERROR_AUTH_ERROR;
434 break;
435 case RETURN_INVALID_PARAMETER:
436 *LastAttemptStatus = LAST_ATTEMPT_STATUS_ERROR_INVALID_FORMAT;
437 break;
438 case RETURN_UNSUPPORTED:
439 *LastAttemptStatus = LAST_ATTEMPT_STATUS_ERROR_INVALID_FORMAT;
440 break;
441 case RETURN_OUT_OF_RESOURCES:
442 *LastAttemptStatus = LAST_ATTEMPT_STATUS_ERROR_INSUFFICIENT_RESOURCES;
443 break;
444 default:
445 *LastAttemptStatus = LAST_ATTEMPT_STATUS_ERROR_UNSUCCESSFUL;
446 break;
447 }
448 if (EFI_ERROR(Status)) {
449 return FALSE;
450 }
451
452 if (AuthenticatedImage != NULL) {
453 *AuthenticatedImage = (UINT8 *)ImageAuth + ImageAuth->AuthInfo.Hdr.dwLength + sizeof(ImageAuth->MonotonicCount);
454 }
455 if (AuthenticatedImageSize != NULL) {
456 *AuthenticatedImageSize = ImageSize - ImageAuth->AuthInfo.Hdr.dwLength - sizeof(ImageAuth->MonotonicCount);
457 }
458 return TRUE;
459 }
460
461 /**
462 Extract ImageFmpInfo from system firmware.
463
464 @param[in] SystemFirmwareImage The System Firmware image.
465 @param[in] SystemFirmwareImageSize The size of the System Firmware image in bytes.
466 @param[out] ImageFmpInfo The ImageFmpInfo.
467 @param[out] ImageFmpInfoSize The size of the ImageFmpInfo in bytes.
468
469 @retval TRUE The ImageFmpInfo is extracted.
470 @retval FALSE The ImageFmpInfo is not extracted.
471 **/
472 BOOLEAN
473 EFIAPI
474 ExtractSystemFirmwareImageFmpInfo (
475 IN VOID *SystemFirmwareImage,
476 IN UINTN SystemFirmwareImageSize,
477 OUT EDKII_SYSTEM_FIRMWARE_IMAGE_DESCRIPTOR **ImageFmpInfo,
478 OUT UINTN *ImageFmpInfoSize
479 )
480 {
481 BOOLEAN Result;
482 UINT32 SectionHeaderSize;
483 UINT32 FileHeaderSize;
484
485 *ImageFmpInfo = NULL;
486 *ImageFmpInfoSize = 0;
487
488 Result = GetFfsByName(SystemFirmwareImage, SystemFirmwareImageSize, &gEdkiiSystemFirmwareImageDescriptorFileGuid, EFI_FV_FILETYPE_ALL, (VOID **)ImageFmpInfo, ImageFmpInfoSize);
489 if (!Result) {
490 return FALSE;
491 }
492 if (IS_FFS_FILE2 (*ImageFmpInfo)) {
493 FileHeaderSize = sizeof(EFI_FFS_FILE_HEADER2);
494 } else {
495 FileHeaderSize = sizeof(EFI_FFS_FILE_HEADER);
496 }
497 *ImageFmpInfo = (VOID *)((UINT8 *)*ImageFmpInfo + FileHeaderSize);
498 *ImageFmpInfoSize = *ImageFmpInfoSize - FileHeaderSize;
499
500 Result = GetSectionByType(*ImageFmpInfo, (UINT32)*ImageFmpInfoSize, EFI_SECTION_RAW, 0, (VOID **)ImageFmpInfo, ImageFmpInfoSize);
501 if (!Result) {
502 return FALSE;
503 }
504 if (IS_SECTION2(*ImageFmpInfo)) {
505 SectionHeaderSize = sizeof(EFI_RAW_SECTION2);
506 } else {
507 SectionHeaderSize = sizeof(EFI_RAW_SECTION);
508 }
509 *ImageFmpInfo = (VOID *)((UINT8 *)*ImageFmpInfo + SectionHeaderSize);
510 *ImageFmpInfoSize = *ImageFmpInfoSize - SectionHeaderSize;
511
512 return TRUE;
513 }
514
515 /**
516 Extract the System Firmware image from an authenticated image.
517
518 @param[in] AuthenticatedImage The authenticated capsule image.
519 @param[in] AuthenticatedImageSize The size of the authenticated capsule image in bytes.
520 @param[out] SystemFirmwareImage The System Firmware image.
521 @param[out] SystemFirmwareImageSize The size of the System Firmware image in bytes.
522
523 @retval TRUE The System Firmware image is extracted.
524 @retval FALSE The System Firmware image is not extracted.
525 **/
526 BOOLEAN
527 EFIAPI
528 ExtractSystemFirmwareImage (
529 IN VOID *AuthenticatedImage,
530 IN UINTN AuthenticatedImageSize,
531 OUT VOID **SystemFirmwareImage,
532 OUT UINTN *SystemFirmwareImageSize
533 )
534 {
535 BOOLEAN Result;
536 UINT32 FileHeaderSize;
537
538 *SystemFirmwareImage = NULL;
539 *SystemFirmwareImageSize = 0;
540
541 Result = GetFfsByName(AuthenticatedImage, AuthenticatedImageSize, &mEdkiiSystemFirmwareFileGuid, EFI_FV_FILETYPE_RAW, SystemFirmwareImage, SystemFirmwareImageSize);
542 if (!Result) {
543 // no nested FV, just return all data.
544 *SystemFirmwareImage = AuthenticatedImage;
545 *SystemFirmwareImageSize = AuthenticatedImageSize;
546
547 return TRUE;
548 }
549 if (IS_FFS_FILE2 (*SystemFirmwareImage)) {
550 FileHeaderSize = sizeof(EFI_FFS_FILE_HEADER2);
551 } else {
552 FileHeaderSize = sizeof(EFI_FFS_FILE_HEADER);
553 }
554 *SystemFirmwareImage = (UINT8 *)*SystemFirmwareImage + FileHeaderSize;
555 *SystemFirmwareImageSize = *SystemFirmwareImageSize - FileHeaderSize;
556
557 return Result;
558 }
559
560 /**
561 Authenticated system firmware FMP capsule image.
562
563 Caution: This function may receive untrusted input.
564
565 @param[in] Image The FMP capsule image, including EFI_FIRMWARE_IMAGE_AUTHENTICATION.
566 @param[in] ImageSize The size of FMP capsule image in bytes.
567 @param[in] ForceVersionMatch TRUE: The version of capsule must be as same as the version of current image.
568 FALSE: The version of capsule must be as same as greater than the lowest
569 supported version of current image.
570 @param[out] LastAttemptVersion The last attempt version, which will be recorded in ESRT and FMP EFI_FIRMWARE_IMAGE_DESCRIPTOR.
571 @param[out] LastAttemptStatus The last attempt status, which will be recorded in ESRT and FMP EFI_FIRMWARE_IMAGE_DESCRIPTOR.
572 @param[out] AuthenticatedImage The authenticated capsule image, excluding EFI_FIRMWARE_IMAGE_AUTHENTICATION.
573 @param[out] AuthenticatedImageSize The size of the authenticated capsule image in bytes.
574
575 @retval TRUE Authentication passes and the authenticated image is extracted.
576 @retval FALSE Authentication fails and the authenticated image is not extracted.
577 **/
578 EFI_STATUS
579 EFIAPI
580 CapsuleAuthenticateSystemFirmware (
581 IN VOID *Image,
582 IN UINTN ImageSize,
583 IN BOOLEAN ForceVersionMatch,
584 OUT UINT32 *LastAttemptVersion,
585 OUT UINT32 *LastAttemptStatus,
586 OUT VOID **AuthenticatedImage,
587 OUT UINTN *AuthenticatedImageSize
588 )
589 {
590 BOOLEAN Result;
591 EDKII_SYSTEM_FIRMWARE_IMAGE_DESCRIPTOR *ImageFmpInfo;
592 UINTN ImageFmpInfoSize;
593 EDKII_SYSTEM_FIRMWARE_IMAGE_DESCRIPTOR *CurrentImageFmpInfo;
594 UINTN CurrentImageFmpInfoSize;
595 VOID *SystemFirmwareImage;
596 UINTN SystemFirmwareImageSize;
597
598 *LastAttemptVersion = 0;
599
600 //
601 // NOTE: This function need run in an isolated environment.
602 // Do not touch FMP protocol and its private structure.
603 //
604 if (mImageFmpInfo == NULL) {
605 DEBUG((DEBUG_INFO, "ImageFmpInfo is not set\n"));
606 return EFI_SECURITY_VIOLATION;
607 }
608
609 Result = ExtractAuthenticatedImage((VOID *)Image, ImageSize, LastAttemptStatus, AuthenticatedImage, AuthenticatedImageSize);
610 if (!Result) {
611 DEBUG((DEBUG_INFO, "ExtractAuthenticatedImage - fail\n"));
612 return EFI_SECURITY_VIOLATION;
613 }
614
615 DEBUG((DEBUG_INFO, "AuthenticatedImage - 0x%x - 0x%x\n", *AuthenticatedImage, *AuthenticatedImageSize));
616
617 Result = ExtractSystemFirmwareImage(*AuthenticatedImage, *AuthenticatedImageSize, &SystemFirmwareImage, &SystemFirmwareImageSize);
618 if (!Result) {
619 *LastAttemptStatus = LAST_ATTEMPT_STATUS_ERROR_INVALID_FORMAT;
620 DEBUG((DEBUG_INFO, "ExtractSystemFirmwareImage - fail\n"));
621 return EFI_SECURITY_VIOLATION;
622 }
623 DEBUG((DEBUG_INFO, "SystemFirmwareImage - 0x%x - 0x%x\n", SystemFirmwareImage, SystemFirmwareImageSize));
624
625 Result = ExtractSystemFirmwareImageFmpInfo(SystemFirmwareImage, SystemFirmwareImageSize, &ImageFmpInfo, &ImageFmpInfoSize);
626 if (!Result) {
627 *LastAttemptStatus = LAST_ATTEMPT_STATUS_ERROR_INVALID_FORMAT;
628 DEBUG((DEBUG_INFO, "ExtractSystemFirmwareImageFmpInfo - fail\n"));
629 return EFI_SECURITY_VIOLATION;
630 }
631
632 *LastAttemptVersion = ImageFmpInfo->Version;
633 DEBUG((DEBUG_INFO, "ImageFmpInfo - 0x%x - 0x%x\n", ImageFmpInfo, ImageFmpInfoSize));
634 DEBUG((DEBUG_INFO, "NewImage Version - 0x%x\n", ImageFmpInfo->Version));
635 DEBUG((DEBUG_INFO, "NewImage LowestSupportedImageVersion - 0x%x\n", ImageFmpInfo->LowestSupportedImageVersion));
636
637 CurrentImageFmpInfo = mImageFmpInfo;
638 CurrentImageFmpInfoSize = mImageFmpInfoSize;
639
640 DEBUG((DEBUG_INFO, "ImageFmpInfo - 0x%x - 0x%x\n", CurrentImageFmpInfo, CurrentImageFmpInfoSize));
641 DEBUG((DEBUG_INFO, "Current Version - 0x%x\n", CurrentImageFmpInfo->Version));
642 DEBUG((DEBUG_INFO, "Current LowestSupportedImageVersion - 0x%x\n", CurrentImageFmpInfo->LowestSupportedImageVersion));
643
644 if (ForceVersionMatch) {
645 if (CurrentImageFmpInfo->Version != ImageFmpInfo->Version) {
646 *LastAttemptStatus = LAST_ATTEMPT_STATUS_ERROR_INCORRECT_VERSION;
647 DEBUG((DEBUG_INFO, "ForceVersionMatch check - fail\n"));
648 return EFI_SECURITY_VIOLATION;
649 }
650 } else {
651 if (ImageFmpInfo->Version < CurrentImageFmpInfo->LowestSupportedImageVersion) {
652 *LastAttemptStatus = LAST_ATTEMPT_STATUS_ERROR_INCORRECT_VERSION;
653 DEBUG((DEBUG_INFO, "LowestSupportedImageVersion check - fail\n"));
654 return EFI_SECURITY_VIOLATION;
655 }
656 }
657
658 *LastAttemptStatus = LAST_ATTEMPT_STATUS_SUCCESS;
659 return EFI_SUCCESS;
660 }
661
662 /**
663 PcdCallBack gets the real set PCD value
664
665 @param[in] CallBackGuid The PCD token GUID being set.
666 @param[in] CallBackToken The PCD token number being set.
667 @param[in, out] TokenData A pointer to the token data being set.
668 @param[in] TokenDataSize The size, in bytes, of the data being set.
669
670 **/
671 VOID
672 EFIAPI
673 EdkiiSystemCapsuleLibPcdCallBack (
674 IN CONST GUID *CallBackGuid, OPTIONAL
675 IN UINTN CallBackToken,
676 IN OUT VOID *TokenData,
677 IN UINTN TokenDataSize
678 )
679 {
680 if (CompareGuid (CallBackGuid, &gEfiSignedCapsulePkgTokenSpaceGuid) &&
681 CallBackToken == PcdToken (PcdEdkiiSystemFirmwareImageDescriptor)) {
682 mImageFmpInfoSize = TokenDataSize;
683 mImageFmpInfo = AllocateCopyPool (mImageFmpInfoSize, TokenData);
684 ASSERT(mImageFmpInfo != NULL);
685 //
686 // Cancel Callback after get the real set value
687 //
688 LibPcdCancelCallback (
689 &gEfiSignedCapsulePkgTokenSpaceGuid,
690 PcdToken (PcdEdkiiSystemFirmwareImageDescriptor),
691 EdkiiSystemCapsuleLibPcdCallBack
692 );
693 }
694
695 if (CompareGuid (CallBackGuid, &gEfiSignedCapsulePkgTokenSpaceGuid) &&
696 CallBackToken == PcdToken (PcdEdkiiSystemFirmwareFileGuid)) {
697 CopyGuid(&mEdkiiSystemFirmwareFileGuid, TokenData);
698 //
699 // Cancel Callback after get the real set value
700 //
701 LibPcdCancelCallback (
702 &gEfiSignedCapsulePkgTokenSpaceGuid,
703 PcdToken (PcdEdkiiSystemFirmwareFileGuid),
704 EdkiiSystemCapsuleLibPcdCallBack
705 );
706 }
707 }
708
709 /**
710 The constructor function.
711
712 @retval EFI_SUCCESS The constructor successfully .
713 **/
714 EFI_STATUS
715 EFIAPI
716 EdkiiSystemCapsuleLibConstructor (
717 VOID
718 )
719 {
720 mImageFmpInfoSize = PcdGetSize(PcdEdkiiSystemFirmwareImageDescriptor);
721 mImageFmpInfo = PcdGetPtr(PcdEdkiiSystemFirmwareImageDescriptor);
722 //
723 // Verify Firmware Image Descriptor first
724 //
725 if (mImageFmpInfoSize < sizeof (EDKII_SYSTEM_FIRMWARE_IMAGE_DESCRIPTOR) ||
726 mImageFmpInfo->Signature != EDKII_SYSTEM_FIRMWARE_IMAGE_DESCRIPTOR_SIGNATURE) {
727 //
728 // SystemFirmwareImageDescriptor is not set.
729 // Register PCD set callback to hook PCD value set.
730 //
731 mImageFmpInfo = NULL;
732 mImageFmpInfoSize = 0;
733 LibPcdCallbackOnSet (
734 &gEfiSignedCapsulePkgTokenSpaceGuid,
735 PcdToken (PcdEdkiiSystemFirmwareImageDescriptor),
736 EdkiiSystemCapsuleLibPcdCallBack
737 );
738 } else {
739 mImageFmpInfo = AllocateCopyPool (mImageFmpInfoSize, mImageFmpInfo);
740 ASSERT(mImageFmpInfo != NULL);
741 }
742
743 CopyGuid(&mEdkiiSystemFirmwareFileGuid, PcdGetPtr(PcdEdkiiSystemFirmwareFileGuid));
744 //
745 // Verify GUID value first
746 //
747 if (CompareGuid (&mEdkiiSystemFirmwareFileGuid, &gZeroGuid)) {
748 LibPcdCallbackOnSet (
749 &gEfiSignedCapsulePkgTokenSpaceGuid,
750 PcdToken (PcdEdkiiSystemFirmwareFileGuid),
751 EdkiiSystemCapsuleLibPcdCallBack
752 );
753 }
754 return EFI_SUCCESS;
755 }