]> git.proxmox.com Git - mirror_edk2.git/blob - SignedCapsulePkg/Universal/SystemFirmwareUpdate/SystemFirmwareReportDxe.c
projects / mirror_edk2.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
SignedCapsulePkg: Replace BSD License with BSD+Patent License
[mirror_edk2.git] / SignedCapsulePkg / Universal / SystemFirmwareUpdate / SystemFirmwareReportDxe.c
1 /** @file
2 SetImage instance to report system firmware and act as agent to system update.
3
4 Caution: This module requires additional review when modified.
5 This module will have external input - capsule image.
6 This external input must be validated carefully to avoid security issue like
7 buffer overflow, integer overflow.
8
9 FmpSetImage() will receive untrusted input and do basic validation.
10
11 Copyright (c) 2016 - 2018, Intel Corporation. All rights reserved.<BR>
12 SPDX-License-Identifier: BSD-2-Clause-Patent
13
14 **/
15
16 #include "SystemFirmwareDxe.h"
17
18 //
19 // SystemFmp driver private data
20 //
21 SYSTEM_FMP_PRIVATE_DATA *mSystemFmpPrivate = NULL;
22
23 /**
24 Dispatch system FMP images.
25
26 Caution: This function may receive untrusted input.
27
28 @param[in] Image The EDKII system FMP capsule image.
29 @param[in] ImageSize The size of the EDKII system FMP capsule image in bytes.
30 @param[out] LastAttemptVersion The last attempt version, which will be recorded in ESRT and FMP EFI_FIRMWARE_IMAGE_DESCRIPTOR.
31 @param[out] LastAttemptStatus The last attempt status, which will be recorded in ESRT and FMP EFI_FIRMWARE_IMAGE_DESCRIPTOR.
32
33 @retval EFI_SUCESS Process Capsule Image successfully.
34 @retval EFI_UNSUPPORTED Capsule image is not supported by the firmware.
35 @retval EFI_VOLUME_CORRUPTED FV volume in the capsule is corrupted.
36 @retval EFI_OUT_OF_RESOURCES Not enough memory.
37 **/
38 EFI_STATUS
39 DispatchSystemFmpImages (
40 IN VOID *Image,
41 IN UINTN ImageSize,
42 OUT UINT32 *LastAttemptVersion,
43 OUT UINT32 *LastAttemptStatus
44 )
45 {
46 EFI_STATUS Status;
47 VOID *AuthenticatedImage;
48 UINTN AuthenticatedImageSize;
49 VOID *DispatchFvImage;
50 UINTN DispatchFvImageSize;
51 EFI_HANDLE FvProtocolHandle;
52 EFI_FIRMWARE_VOLUME_HEADER *FvImage;
53 BOOLEAN Result;
54
55 AuthenticatedImage = NULL;
56 AuthenticatedImageSize = 0;
57
58 DEBUG((DEBUG_INFO, "DispatchSystemFmpImages\n"));
59
60 //
61 // Verify
62 //
63 Status = CapsuleAuthenticateSystemFirmware(Image, ImageSize, FALSE, LastAttemptVersion, LastAttemptStatus, &AuthenticatedImage, &AuthenticatedImageSize);
64 if (EFI_ERROR(Status)) {
65 DEBUG((DEBUG_INFO, "SystemFirmwareAuthenticateImage - %r\n", Status));
66 return Status;
67 }
68
69 //
70 // Get FV
71 //
72 Result = ExtractDriverFvImage(AuthenticatedImage, AuthenticatedImageSize, &DispatchFvImage, &DispatchFvImageSize);
73 if (Result) {
74 DEBUG((DEBUG_INFO, "ExtractDriverFvImage\n"));
75 //
76 // Dispatch
77 //
78 if (((EFI_FIRMWARE_VOLUME_HEADER *)DispatchFvImage)->FvLength == DispatchFvImageSize) {
79 FvImage = AllocatePages(EFI_SIZE_TO_PAGES(DispatchFvImageSize));
80 if (FvImage != NULL) {
81 CopyMem(FvImage, DispatchFvImage, DispatchFvImageSize);
82 Status = gDS->ProcessFirmwareVolume(
83 (VOID *)FvImage,
84 (UINTN)FvImage->FvLength,
85 &FvProtocolHandle
86 );
87 DEBUG((DEBUG_INFO, "ProcessFirmwareVolume - %r\n", Status));
88 if (!EFI_ERROR(Status)) {
89 gDS->Dispatch();
90 DEBUG((DEBUG_INFO, "Dispatch Done\n"));
91 }
92 }
93 }
94 }
95
96 return EFI_SUCCESS;
97 }
98
99 /**
100 Updates the firmware image of the device.
101
102 This function updates the hardware with the new firmware image.
103 This function returns EFI_UNSUPPORTED if the firmware image is not updatable.
104 If the firmware image is updatable, the function should perform the following minimal validations
105 before proceeding to do the firmware image update.
106 - Validate the image authentication if image has attribute
107 IMAGE_ATTRIBUTE_AUTHENTICATION_REQUIRED. The function returns
108 EFI_SECURITY_VIOLATION if the validation fails.
109 - Validate the image is a supported image for this device. The function returns EFI_ABORTED if
110 the image is unsupported. The function can optionally provide more detailed information on
111 why the image is not a supported image.
112 - Validate the data from VendorCode if not null. Image validation must be performed before
113 VendorCode data validation. VendorCode data is ignored or considered invalid if image
114 validation failed. The function returns EFI_ABORTED if the data is invalid.
115
116 VendorCode enables vendor to implement vendor-specific firmware image update policy. Null if
117 the caller did not specify the policy or use the default policy. As an example, vendor can implement
118 a policy to allow an option to force a firmware image update when the abort reason is due to the new
119 firmware image version is older than the current firmware image version or bad image checksum.
120 Sensitive operations such as those wiping the entire firmware image and render the device to be
121 non-functional should be encoded in the image itself rather than passed with the VendorCode.
122 AbortReason enables vendor to have the option to provide a more detailed description of the abort
123 reason to the caller.
124
125 @param[in] This A pointer to the EFI_FIRMWARE_MANAGEMENT_PROTOCOL instance.
126 @param[in] ImageIndex A unique number identifying the firmware image(s) within the device.
127 The number is between 1 and DescriptorCount.
128 @param[in] Image Points to the new image.
129 @param[in] ImageSize Size of the new image in bytes.
130 @param[in] VendorCode This enables vendor to implement vendor-specific firmware image update policy.
131 Null indicates the caller did not specify the policy or use the default policy.
132 @param[in] Progress A function used by the driver to report the progress of the firmware update.
133 @param[out] AbortReason A pointer to a pointer to a null-terminated string providing more
134 details for the aborted operation. The buffer is allocated by this function
135 with AllocatePool(), and it is the caller's responsibility to free it with a
136 call to FreePool().
137
138 @retval EFI_SUCCESS The device was successfully updated with the new image.
139 @retval EFI_ABORTED The operation is aborted.
140 @retval EFI_INVALID_PARAMETER The Image was NULL.
141 @retval EFI_UNSUPPORTED The operation is not supported.
142 @retval EFI_SECURITY_VIOLATION The operation could not be performed due to an authentication failure.
143
144 **/
145 EFI_STATUS
146 EFIAPI
147 FmpSetImage (
148 IN EFI_FIRMWARE_MANAGEMENT_PROTOCOL *This,
149 IN UINT8 ImageIndex,
150 IN CONST VOID *Image,
151 IN UINTN ImageSize,
152 IN CONST VOID *VendorCode,
153 IN EFI_FIRMWARE_MANAGEMENT_UPDATE_IMAGE_PROGRESS Progress,
154 OUT CHAR16 **AbortReason
155 )
156 {
157 SYSTEM_FMP_PRIVATE_DATA *SystemFmpPrivate;
158 EFI_FIRMWARE_MANAGEMENT_PROTOCOL *SystemFmp;
159 EFI_STATUS Status;
160 EFI_STATUS VarStatus;
161
162 if (Image == NULL || ImageSize == 0 || AbortReason == NULL) {
163 return EFI_INVALID_PARAMETER;
164 }
165
166 SystemFmpPrivate = SYSTEM_FMP_PRIVATE_DATA_FROM_FMP(This);
167 *AbortReason = NULL;
168
169 if (ImageIndex == 0 || ImageIndex > SystemFmpPrivate->DescriptorCount) {
170 return EFI_INVALID_PARAMETER;
171 }
172
173 //
174 // Process FV
175 //
176 Status = DispatchSystemFmpImages((VOID *)Image, ImageSize, &SystemFmpPrivate->LastAttempt.LastAttemptVersion, &SystemFmpPrivate->LastAttempt.LastAttemptStatus);
177 DEBUG((DEBUG_INFO, "(Agent)SetImage - LastAttemp Version - 0x%x, State - 0x%x\n", SystemFmpPrivate->LastAttempt.LastAttemptVersion, SystemFmpPrivate->LastAttempt.LastAttemptStatus));
178 if (EFI_ERROR(Status)) {
179 VarStatus = gRT->SetVariable(
180 SYSTEM_FMP_LAST_ATTEMPT_VARIABLE_NAME,
181 &gSystemFmpLastAttemptVariableGuid,
182 EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS,
183 sizeof(SystemFmpPrivate->LastAttempt),
184 &SystemFmpPrivate->LastAttempt
185 );
186 DEBUG((DEBUG_INFO, "(Agent)SetLastAttemp - %r\n", VarStatus));
187 return Status;
188 }
189
190 //
191 // Pass Thru to System FMP Protocol on same handle as FMP Protocol
192 //
193 Status = gBS->HandleProtocol(
194 SystemFmpPrivate->Handle,
195 &gSystemFmpProtocolGuid,
196 (VOID **)&SystemFmp
197 );
198 if (EFI_ERROR(Status)) {
199 Status = gBS->LocateProtocol (
200 &gSystemFmpProtocolGuid,
201 NULL,
202 (VOID **)&SystemFmp
203 );
204 if (EFI_ERROR(Status)) {
205 DEBUG((DEBUG_INFO, "(Agent)SetImage - SystemFmpProtocol - %r\n", Status));
206 SystemFmpPrivate->LastAttempt.LastAttemptStatus = LAST_ATTEMPT_STATUS_ERROR_INVALID_FORMAT;
207 VarStatus = gRT->SetVariable(
208 SYSTEM_FMP_LAST_ATTEMPT_VARIABLE_NAME,
209 &gSystemFmpLastAttemptVariableGuid,
210 EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS,
211 sizeof(SystemFmpPrivate->LastAttempt),
212 &SystemFmpPrivate->LastAttempt
213 );
214 DEBUG((DEBUG_INFO, "(Agent)SetLastAttemp - %r\n", VarStatus));
215 return Status;
216 }
217 }
218
219 return SystemFmp->SetImage(SystemFmp, ImageIndex, Image, ImageSize, VendorCode, Progress, AbortReason);
220 }
221
222 /**
223 System FMP module entrypoint
224
225 @param[in] ImageHandle The firmware allocated handle for the EFI image.
226 @param[in] SystemTable A pointer to the EFI System Table.
227
228 @return EFI_SUCCESS System FMP module is initialized.
229 **/
230 EFI_STATUS
231 EFIAPI
232 SystemFirmwareReportMainDxe (
233 IN EFI_HANDLE ImageHandle,
234 IN EFI_SYSTEM_TABLE *SystemTable
235 )
236 {
237 EFI_STATUS Status;
238
239 //
240 // Initialize SystemFmpPrivateData
241 //
242 mSystemFmpPrivate = AllocateZeroPool (sizeof(SYSTEM_FMP_PRIVATE_DATA));
243 if (mSystemFmpPrivate == NULL) {
244 return EFI_OUT_OF_RESOURCES;
245 }
246
247 Status = InitializePrivateData(mSystemFmpPrivate);
248 if (EFI_ERROR(Status)) {
249 FreePool(mSystemFmpPrivate);
250 mSystemFmpPrivate = NULL;
251 return Status;
252 }
253
254 //
255 // Install FMP protocol.
256 //
257 Status = gBS->InstallProtocolInterface (
258 &mSystemFmpPrivate->Handle,
259 &gEfiFirmwareManagementProtocolGuid,
260 EFI_NATIVE_INTERFACE,
261 &mSystemFmpPrivate->Fmp
262 );
263 if (EFI_ERROR (Status)) {
264 FreePool(mSystemFmpPrivate);
265 mSystemFmpPrivate = NULL;
266 return Status;
267 }
268
269 return Status;
270 }
EFI Development Kit II mirror for PVE