8e66aedf627d6d0ad1166cb40980c44dc17849c0
[mirror_edk2.git] / SignedCapsulePkg / Universal / SystemFirmwareUpdate / SystemFirmwareUpdateDxe.c
1 /** @file
2 SetImage instance to update system firmware.
3
4 Caution: This module requires additional review when modified.
5 This module will have external input - capsule image.
6 This external input must be validated carefully to avoid security issue like
7 buffer overflow, integer overflow.
8
9 FmpSetImage() will receive untrusted input and do basic validation.
10
11 Copyright (c) 2016 - 2018, Intel Corporation. All rights reserved.<BR>
12 This program and the accompanying materials
13 are licensed and made available under the terms and conditions of the BSD License
14 which accompanies this distribution. The full text of the license may be found at
15 http://opensource.org/licenses/bsd-license.php
16
17 THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
18 WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
19
20 **/
21
22 #include "SystemFirmwareDxe.h"
23
24 //
25 // SystemFmp driver private data
26 //
27 SYSTEM_FMP_PRIVATE_DATA *mSystemFmpPrivate = NULL;
28
29 EFI_GUID mCurrentImageTypeId;
30
31 BOOLEAN mNvRamUpdated = FALSE;
32
33 /**
34 Parse Config data file to get the updated data array.
35
36 @param[in] DataBuffer Config raw file buffer.
37 @param[in] BufferSize Size of raw buffer.
38 @param[in, out] ConfigHeader Pointer to the config header.
39 @param[in, out] UpdateArray Pointer to the config of update data.
40
41 @retval EFI_NOT_FOUND No config data is found.
42 @retval EFI_OUT_OF_RESOURCES No enough memory is allocated.
43 @retval EFI_SUCCESS Parse the config file successfully.
44
45 **/
46 EFI_STATUS
47 ParseUpdateDataFile (
48 IN UINT8 *DataBuffer,
49 IN UINTN BufferSize,
50 IN OUT CONFIG_HEADER *ConfigHeader,
51 IN OUT UPDATE_CONFIG_DATA **UpdateArray
52 );
53
54 /**
55 Update System Firmware image component.
56
57 @param[in] SystemFirmwareImage Points to the System Firmware image.
58 @param[in] SystemFirmwareImageSize The length of the System Firmware image in bytes.
59 @param[in] ConfigData Points to the component configuration structure.
60 @param[out] LastAttemptVersion The last attempt version, which will be recorded in ESRT and FMP EFI_FIRMWARE_IMAGE_DESCRIPTOR.
61 @param[out] LastAttemptStatus The last attempt status, which will be recorded in ESRT and FMP EFI_FIRMWARE_IMAGE_DESCRIPTOR.
62
63 @retval EFI_SUCCESS The System Firmware image is updated.
64 @retval EFI_WRITE_PROTECTED The flash device is read only.
65 **/
66 EFI_STATUS
67 PerformUpdate (
68 IN VOID *SystemFirmwareImage,
69 IN UINTN SystemFirmwareImageSize,
70 IN UPDATE_CONFIG_DATA *ConfigData,
71 OUT UINT32 *LastAttemptVersion,
72 OUT UINT32 *LastAttemptStatus,
73 IN EFI_FIRMWARE_MANAGEMENT_UPDATE_IMAGE_PROGRESS Progress,
74 IN UINTN StartPercentage,
75 IN UINTN EndPercentage
76 )
77 {
78 EFI_STATUS Status;
79
80 DEBUG((DEBUG_INFO, "PlatformUpdate:"));
81 DEBUG((DEBUG_INFO, " BaseAddress - 0x%lx,", ConfigData->BaseAddress));
82 DEBUG((DEBUG_INFO, " ImageOffset - 0x%x,", ConfigData->ImageOffset));
83 DEBUG((DEBUG_INFO, " Legnth - 0x%x\n", ConfigData->Length));
84 if (Progress != NULL) {
85 Progress (StartPercentage);
86 }
87 Status = PerformFlashWriteWithProgress (
88 ConfigData->FirmwareType,
89 ConfigData->BaseAddress,
90 ConfigData->AddressType,
91 (VOID *)((UINTN)SystemFirmwareImage + (UINTN)ConfigData->ImageOffset),
92 ConfigData->Length,
93 Progress,
94 StartPercentage,
95 EndPercentage
96 );
97 if (Progress != NULL) {
98 Progress (EndPercentage);
99 }
100 if (!EFI_ERROR(Status)) {
101 *LastAttemptStatus = LAST_ATTEMPT_STATUS_SUCCESS;
102 if (ConfigData->FirmwareType == PlatformFirmwareTypeNvRam) {
103 mNvRamUpdated = TRUE;
104 }
105 } else {
106 *LastAttemptStatus = LAST_ATTEMPT_STATUS_ERROR_UNSUCCESSFUL;
107 }
108 return Status;
109 }
110
111 /**
112 Update System Firmware image.
113
114 @param[in] SystemFirmwareImage Points to the System Firmware image.
115 @param[in] SystemFirmwareImageSize The length of the System Firmware image in bytes.
116 @param[in] ConfigImage Points to the config file image.
117 @param[in] ConfigImageSize The length of the config file image in bytes.
118 @param[out] LastAttemptVersion The last attempt version, which will be recorded in ESRT and FMP EFI_FIRMWARE_IMAGE_DESCRIPTOR.
119 @param[out] LastAttemptStatus The last attempt status, which will be recorded in ESRT and FMP EFI_FIRMWARE_IMAGE_DESCRIPTOR.
120
121 @retval EFI_SUCCESS The System Firmware image is updated.
122 @retval EFI_WRITE_PROTECTED The flash device is read only.
123 **/
124 EFI_STATUS
125 UpdateImage (
126 IN VOID *SystemFirmwareImage,
127 IN UINTN SystemFirmwareImageSize,
128 IN VOID *ConfigImage,
129 IN UINTN ConfigImageSize,
130 OUT UINT32 *LastAttemptVersion,
131 OUT UINT32 *LastAttemptStatus,
132 IN EFI_FIRMWARE_MANAGEMENT_UPDATE_IMAGE_PROGRESS Progress
133 )
134 {
135 EFI_STATUS Status;
136 UPDATE_CONFIG_DATA *ConfigData;
137 UPDATE_CONFIG_DATA *UpdateConfigData;
138 CONFIG_HEADER ConfigHeader;
139 UINTN Index;
140 UINTN TotalSize;
141 UINTN BytesWritten;
142 UINTN StartPercentage;
143 UINTN EndPercentage;
144
145 if (ConfigImage == NULL) {
146 DEBUG((DEBUG_INFO, "PlatformUpdate (NoConfig):"));
147 DEBUG((DEBUG_INFO, " BaseAddress - 0x%x,", 0));
148 DEBUG((DEBUG_INFO, " Length - 0x%x\n", SystemFirmwareImageSize));
149 // ASSUME the whole System Firmware include NVRAM region.
150 StartPercentage = 0;
151 EndPercentage = 100;
152 if (Progress != NULL) {
153 Progress (StartPercentage);
154 }
155 Status = PerformFlashWriteWithProgress (
156 PlatformFirmwareTypeNvRam,
157 0,
158 FlashAddressTypeRelativeAddress,
159 SystemFirmwareImage,
160 SystemFirmwareImageSize,
161 Progress,
162 StartPercentage,
163 EndPercentage
164 );
165 if (Progress != NULL) {
166 Progress (EndPercentage);
167 }
168 if (!EFI_ERROR(Status)) {
169 *LastAttemptStatus = LAST_ATTEMPT_STATUS_SUCCESS;
170 mNvRamUpdated = TRUE;
171 } else {
172 *LastAttemptStatus = LAST_ATTEMPT_STATUS_ERROR_UNSUCCESSFUL;
173 }
174 return Status;
175 }
176
177 DEBUG((DEBUG_INFO, "PlatformUpdate (With Config):\n"));
178 ConfigData = NULL;
179 ZeroMem (&ConfigHeader, sizeof(ConfigHeader));
180 Status = ParseUpdateDataFile (
181 ConfigImage,
182 ConfigImageSize,
183 &ConfigHeader,
184 &ConfigData
185 );
186 DEBUG((DEBUG_INFO, "ParseUpdateDataFile - %r\n", Status));
187 if (EFI_ERROR(Status)) {
188 *LastAttemptStatus = LAST_ATTEMPT_STATUS_ERROR_UNSUCCESSFUL;
189 return EFI_INVALID_PARAMETER;
190 }
191 DEBUG((DEBUG_INFO, "ConfigHeader.NumOfUpdates - 0x%x\n", ConfigHeader.NumOfUpdates));
192 DEBUG((DEBUG_INFO, "PcdEdkiiSystemFirmwareFileGuid - %g\n", PcdGetPtr(PcdEdkiiSystemFirmwareFileGuid)));
193
194 TotalSize = 0;
195 for (Index = 0; Index < ConfigHeader.NumOfUpdates; Index++) {
196 if (CompareGuid(&ConfigData[Index].FileGuid, PcdGetPtr(PcdEdkiiSystemFirmwareFileGuid))) {
197 TotalSize = TotalSize + ConfigData[Index].Length;
198 }
199 }
200
201 BytesWritten = 0;
202 Index = 0;
203 UpdateConfigData = ConfigData;
204 while (Index < ConfigHeader.NumOfUpdates) {
205 if (CompareGuid(&UpdateConfigData->FileGuid, PcdGetPtr(PcdEdkiiSystemFirmwareFileGuid))) {
206 DEBUG((DEBUG_INFO, "FileGuid - %g (processing)\n", &UpdateConfigData->FileGuid));
207 StartPercentage = (BytesWritten * 100) / TotalSize;
208 EndPercentage = ((BytesWritten + UpdateConfigData->Length) * 100) / TotalSize;
209 Status = PerformUpdate (
210 SystemFirmwareImage,
211 SystemFirmwareImageSize,
212 UpdateConfigData,
213 LastAttemptVersion,
214 LastAttemptStatus,
215 Progress,
216 StartPercentage,
217 EndPercentage
218 );
219 //
220 // Shall updates be serialized so that if an update is not successfully completed,
221 // the remaining updates won't be performed.
222 //
223 if (EFI_ERROR (Status)) {
224 break;
225 }
226 } else {
227 DEBUG((DEBUG_INFO, "FileGuid - %g (ignored)\n", &UpdateConfigData->FileGuid));
228 }
229
230 BytesWritten += UpdateConfigData->Length;
231
232 Index++;
233 UpdateConfigData++;
234 }
235
236 return Status;
237 }
238
239 /**
240 Authenticate and update System Firmware image.
241
242 Caution: This function may receive untrusted input.
243
244 @param[in] Image The EDKII system FMP capsule image.
245 @param[in] ImageSize The size of the EDKII system FMP capsule image in bytes.
246 @param[out] LastAttemptVersion The last attempt version, which will be recorded in ESRT and FMP EFI_FIRMWARE_IMAGE_DESCRIPTOR.
247 @param[out] LastAttemptStatus The last attempt status, which will be recorded in ESRT and FMP EFI_FIRMWARE_IMAGE_DESCRIPTOR.
248
249 @retval EFI_SUCCESS EDKII system FMP capsule passes authentication and the System Firmware image is updated.
250 @retval EFI_SECURITY_VIOLATION EDKII system FMP capsule fails authentication and the System Firmware image is not updated.
251 @retval EFI_WRITE_PROTECTED The flash device is read only.
252 **/
253 EFI_STATUS
254 SystemFirmwareAuthenticatedUpdate (
255 IN VOID *Image,
256 IN UINTN ImageSize,
257 OUT UINT32 *LastAttemptVersion,
258 OUT UINT32 *LastAttemptStatus,
259 IN EFI_FIRMWARE_MANAGEMENT_UPDATE_IMAGE_PROGRESS Progress
260 )
261 {
262 EFI_STATUS Status;
263 VOID *SystemFirmwareImage;
264 UINTN SystemFirmwareImageSize;
265 VOID *ConfigImage;
266 UINTN ConfigImageSize;
267 VOID *AuthenticatedImage;
268 UINTN AuthenticatedImageSize;
269
270 AuthenticatedImage = NULL;
271 AuthenticatedImageSize = 0;
272
273 DEBUG((DEBUG_INFO, "SystemFirmwareAuthenticatedUpdate...\n"));
274
275 Status = CapsuleAuthenticateSystemFirmware(Image, ImageSize, FALSE, LastAttemptVersion, LastAttemptStatus, &AuthenticatedImage, &AuthenticatedImageSize);
276 if (EFI_ERROR(Status)) {
277 DEBUG((DEBUG_INFO, "SystemFirmwareAuthenticateImage - %r\n", Status));
278 return Status;
279 }
280
281 DEBUG((DEBUG_INFO, "ExtractSystemFirmwareImage ...\n"));
282 ExtractSystemFirmwareImage(AuthenticatedImage, AuthenticatedImageSize, &SystemFirmwareImage, &SystemFirmwareImageSize);
283 DEBUG((DEBUG_INFO, "ExtractConfigImage ...\n"));
284 ExtractConfigImage(AuthenticatedImage, AuthenticatedImageSize, &ConfigImage, &ConfigImageSize);
285
286 DEBUG((DEBUG_INFO, "UpdateImage ...\n"));
287 Status = UpdateImage(SystemFirmwareImage, SystemFirmwareImageSize, ConfigImage, ConfigImageSize, LastAttemptVersion, LastAttemptStatus, Progress);
288 if (EFI_ERROR(Status)) {
289 DEBUG((DEBUG_INFO, "UpdateImage - %r\n", Status));
290 return Status;
291 }
292
293 DEBUG((DEBUG_INFO, "SystemFirmwareAuthenticatedUpdate Done\n"));
294
295 return EFI_SUCCESS;
296 }
297
298 /**
299
300 This code finds variable in storage blocks (Volatile or Non-Volatile).
301
302 @param[in] VariableName Name of Variable to be found.
303 @param[in] VendorGuid Variable vendor GUID.
304 @param[out] Attributes Attribute value of the variable found.
305 @param[in, out] DataSize Size of Data found. If size is less than the
306 data, this value contains the required size.
307 @param[out] Data Data pointer.
308
309 @return EFI_INVALID_PARAMETER Invalid parameter.
310 @return EFI_SUCCESS Find the specified variable.
311 @return EFI_NOT_FOUND Not found.
312 @return EFI_BUFFER_TO_SMALL DataSize is too small for the result.
313
314 **/
315 EFI_STATUS
316 EFIAPI
317 GetVariableHook (
318 IN CHAR16 *VariableName,
319 IN EFI_GUID *VendorGuid,
320 OUT UINT32 *Attributes OPTIONAL,
321 IN OUT UINTN *DataSize,
322 OUT VOID *Data
323 )
324 {
325 DEBUG((DEBUG_INFO, "GetVariableHook - %S, %g\n", VariableName, VendorGuid));
326 return EFI_NOT_AVAILABLE_YET;
327 }
328
329 /**
330
331 This code Finds the Next available variable.
332
333 @param[in, out] VariableNameSize Size of the variable name.
334 @param[in, out] VariableName Pointer to variable name.
335 @param[in, out] VendorGuid Variable Vendor Guid.
336
337 @return EFI_INVALID_PARAMETER Invalid parameter.
338 @return EFI_SUCCESS Find the specified variable.
339 @return EFI_NOT_FOUND Not found.
340 @return EFI_BUFFER_TO_SMALL DataSize is too small for the result.
341
342 **/
343 EFI_STATUS
344 EFIAPI
345 GetNextVariableNameHook (
346 IN OUT UINTN *VariableNameSize,
347 IN OUT CHAR16 *VariableName,
348 IN OUT EFI_GUID *VendorGuid
349 )
350 {
351 DEBUG((DEBUG_INFO, "GetNextVariableNameHook - %S, %g\n", VariableName, VendorGuid));
352 return EFI_NOT_AVAILABLE_YET;
353 }
354
355 /**
356
357 This code sets variable in storage blocks (Volatile or Non-Volatile).
358
359 @param[in] VariableName Name of Variable to be found.
360 @param[in] VendorGuid Variable vendor GUID.
361 @param[in] Attributes Attribute value of the variable found
362 @param[in] DataSize Size of Data found. If size is less than the
363 data, this value contains the required size.
364 @param[in] Data Data pointer.
365
366 @return EFI_INVALID_PARAMETER Invalid parameter.
367 @return EFI_SUCCESS Set successfully.
368 @return EFI_OUT_OF_RESOURCES Resource not enough to set variable.
369 @return EFI_NOT_FOUND Not found.
370 @return EFI_WRITE_PROTECTED Variable is read-only.
371
372 **/
373 EFI_STATUS
374 EFIAPI
375 SetVariableHook (
376 IN CHAR16 *VariableName,
377 IN EFI_GUID *VendorGuid,
378 IN UINT32 Attributes,
379 IN UINTN DataSize,
380 IN VOID *Data
381 )
382 {
383 DEBUG((DEBUG_INFO, "SetVariableHook - %S, %g, 0x%x (0x%x)\n", VariableName, VendorGuid, Attributes, DataSize));
384 return EFI_NOT_AVAILABLE_YET;
385 }
386
387 /**
388
389 This code returns information about the EFI variables.
390
391 @param[in] Attributes Attributes bitmask to specify the type of variables
392 on which to return information.
393 @param[out] MaximumVariableStorageSize Pointer to the maximum size of the storage space available
394 for the EFI variables associated with the attributes specified.
395 @param[out] RemainingVariableStorageSize Pointer to the remaining size of the storage space available
396 for EFI variables associated with the attributes specified.
397 @param[out] MaximumVariableSize Pointer to the maximum size of an individual EFI variables
398 associated with the attributes specified.
399
400 @return EFI_SUCCESS Query successfully.
401
402 **/
403 EFI_STATUS
404 EFIAPI
405 QueryVariableInfoHook (
406 IN UINT32 Attributes,
407 OUT UINT64 *MaximumVariableStorageSize,
408 OUT UINT64 *RemainingVariableStorageSize,
409 OUT UINT64 *MaximumVariableSize
410 )
411 {
412 DEBUG((DEBUG_INFO, "QueryVariableInfoHook - 0x%x\n", Attributes));
413 return EFI_NOT_AVAILABLE_YET;
414 }
415
416 /**
417 Updates the firmware image of the device.
418
419 This function updates the hardware with the new firmware image.
420 This function returns EFI_UNSUPPORTED if the firmware image is not updatable.
421 If the firmware image is updatable, the function should perform the following minimal validations
422 before proceeding to do the firmware image update.
423 - Validate the image authentication if image has attribute
424 IMAGE_ATTRIBUTE_AUTHENTICATION_REQUIRED. The function returns
425 EFI_SECURITY_VIOLATION if the validation fails.
426 - Validate the image is a supported image for this device. The function returns EFI_ABORTED if
427 the image is unsupported. The function can optionally provide more detailed information on
428 why the image is not a supported image.
429 - Validate the data from VendorCode if not null. Image validation must be performed before
430 VendorCode data validation. VendorCode data is ignored or considered invalid if image
431 validation failed. The function returns EFI_ABORTED if the data is invalid.
432
433 VendorCode enables vendor to implement vendor-specific firmware image update policy. Null if
434 the caller did not specify the policy or use the default policy. As an example, vendor can implement
435 a policy to allow an option to force a firmware image update when the abort reason is due to the new
436 firmware image version is older than the current firmware image version or bad image checksum.
437 Sensitive operations such as those wiping the entire firmware image and render the device to be
438 non-functional should be encoded in the image itself rather than passed with the VendorCode.
439 AbortReason enables vendor to have the option to provide a more detailed description of the abort
440 reason to the caller.
441
442 @param[in] This A pointer to the EFI_FIRMWARE_MANAGEMENT_PROTOCOL instance.
443 @param[in] ImageIndex A unique number identifying the firmware image(s) within the device.
444 The number is between 1 and DescriptorCount.
445 @param[in] Image Points to the new image.
446 @param[in] ImageSize Size of the new image in bytes.
447 @param[in] VendorCode This enables vendor to implement vendor-specific firmware image update policy.
448 Null indicates the caller did not specify the policy or use the default policy.
449 @param[in] Progress A function used by the driver to report the progress of the firmware update.
450 @param[out] AbortReason A pointer to a pointer to a null-terminated string providing more
451 details for the aborted operation. The buffer is allocated by this function
452 with AllocatePool(), and it is the caller's responsibility to free it with a
453 call to FreePool().
454
455 @retval EFI_SUCCESS The device was successfully updated with the new image.
456 @retval EFI_ABORTED The operation is aborted.
457 @retval EFI_INVALID_PARAMETER The Image was NULL.
458 @retval EFI_UNSUPPORTED The operation is not supported.
459 @retval EFI_SECURITY_VIOLATION The operation could not be performed due to an authentication failure.
460
461 **/
462 EFI_STATUS
463 EFIAPI
464 FmpSetImage (
465 IN EFI_FIRMWARE_MANAGEMENT_PROTOCOL *This,
466 IN UINT8 ImageIndex,
467 IN CONST VOID *Image,
468 IN UINTN ImageSize,
469 IN CONST VOID *VendorCode,
470 IN EFI_FIRMWARE_MANAGEMENT_UPDATE_IMAGE_PROGRESS Progress,
471 OUT CHAR16 **AbortReason
472 )
473 {
474 EFI_STATUS Status;
475 EFI_STATUS VarStatus;
476 SYSTEM_FMP_PRIVATE_DATA *SystemFmpPrivate;
477
478 if (Image == NULL || ImageSize == 0 || AbortReason == NULL) {
479 return EFI_INVALID_PARAMETER;
480 }
481
482 SystemFmpPrivate = SYSTEM_FMP_PRIVATE_DATA_FROM_FMP(This);
483 *AbortReason = NULL;
484
485 if (ImageIndex == 0 || ImageIndex > SystemFmpPrivate->DescriptorCount) {
486 return EFI_INVALID_PARAMETER;
487 }
488
489 Status = SystemFirmwareAuthenticatedUpdate((VOID *)Image, ImageSize, &SystemFmpPrivate->LastAttempt.LastAttemptVersion, &SystemFmpPrivate->LastAttempt.LastAttemptStatus, Progress);
490 DEBUG((DEBUG_INFO, "SetImage - LastAttempt Version - 0x%x, State - 0x%x\n", SystemFmpPrivate->LastAttempt.LastAttemptVersion, SystemFmpPrivate->LastAttempt.LastAttemptStatus));
491
492 //
493 // If NVRAM is updated, we should no longer touch variable services, because
494 // the current variable driver may not manage the new NVRAM region.
495 //
496 if (mNvRamUpdated) {
497 DEBUG ((DEBUG_INFO, "NvRamUpdated, Update Variable Serivces\n"));
498 gRT->GetVariable = GetVariableHook;
499 gRT->GetNextVariableName = GetNextVariableNameHook;
500 gRT->SetVariable = SetVariableHook;
501 gRT->QueryVariableInfo = QueryVariableInfoHook;
502
503 gRT->Hdr.CRC32 = 0;
504 gBS->CalculateCrc32 (
505 (UINT8 *) &gRT->Hdr,
506 gRT->Hdr.HeaderSize,
507 &gRT->Hdr.CRC32
508 );
509 }
510
511 VarStatus = gRT->SetVariable(
512 SYSTEM_FMP_LAST_ATTEMPT_VARIABLE_NAME,
513 &gSystemFmpLastAttemptVariableGuid,
514 EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS,
515 sizeof(SystemFmpPrivate->LastAttempt),
516 &SystemFmpPrivate->LastAttempt
517 );
518 DEBUG((DEBUG_INFO, "SetLastAttemp - %r\n", VarStatus));
519
520 return Status;
521 }
522
523 /**
524 Get the set of EFI_FIRMWARE_IMAGE_DESCRIPTOR structures from an FMP Protocol.
525
526 @param[in] Handle Handle with an FMP Protocol or a System FMP
527 Protocol.
528 @param[in] ProtocolGuid Pointer to the FMP Protocol GUID or System FMP
529 Protocol GUID.
530 @param[out] FmpImageInfoCount Pointer to the number of
531 EFI_FIRMWARE_IMAGE_DESCRIPTOR structures.
532 @param[out] DescriptorSize Pointer to the size, in bytes, of each
533 EFI_FIRMWARE_IMAGE_DESCRIPTOR structure.
534
535 @return NULL No EFI_FIRMWARE_IMAGE_DESCRIPTOR structures found.
536 @return !NULL Pointer to a buffer of EFI_FIRMWARE_IMAGE_DESCRIPTOR structures
537 allocated using AllocatePool(). Caller must free buffer with
538 FreePool().
539 **/
540 EFI_FIRMWARE_IMAGE_DESCRIPTOR *
541 GetFmpImageDescriptors (
542 IN EFI_HANDLE Handle,
543 IN EFI_GUID *ProtocolGuid,
544 OUT UINT8 *FmpImageInfoCount,
545 OUT UINTN *DescriptorSize
546 )
547 {
548 EFI_STATUS Status;
549 EFI_FIRMWARE_MANAGEMENT_PROTOCOL *Fmp;
550 UINTN ImageInfoSize;
551 EFI_FIRMWARE_IMAGE_DESCRIPTOR *FmpImageInfoBuf;
552 UINT32 FmpImageInfoDescriptorVer;
553 UINT32 PackageVersion;
554 CHAR16 *PackageVersionName;
555
556 *FmpImageInfoCount = 0;
557 *DescriptorSize = 0;
558
559 Status = gBS->HandleProtocol (
560 Handle,
561 ProtocolGuid,
562 (VOID **)&Fmp
563 );
564 if (EFI_ERROR (Status)) {
565 return NULL;
566 }
567
568 //
569 // Determine the size required for the set of EFI_FIRMWARE_IMAGE_DESCRIPTORs.
570 //
571 ImageInfoSize = 0;
572 Status = Fmp->GetImageInfo (
573 Fmp, // FMP Pointer
574 &ImageInfoSize, // Buffer Size (in this case 0)
575 NULL, // NULL so we can get size
576 &FmpImageInfoDescriptorVer, // DescriptorVersion
577 FmpImageInfoCount, // DescriptorCount
578 DescriptorSize, // DescriptorSize
579 &PackageVersion, // PackageVersion
580 &PackageVersionName // PackageVersionName
581 );
582 if (Status != EFI_BUFFER_TOO_SMALL) {
583 DEBUG ((DEBUG_ERROR, "SystemFirmwareUpdateDxe: Unexpected Failure. Status = %r\n", Status));
584 return NULL;
585 }
586
587 //
588 // Allocate buffer for the set of EFI_FIRMWARE_IMAGE_DESCRIPTORs.
589 //
590 FmpImageInfoBuf = NULL;
591 FmpImageInfoBuf = AllocateZeroPool (ImageInfoSize);
592 if (FmpImageInfoBuf == NULL) {
593 DEBUG ((DEBUG_ERROR, "SystemFirmwareUpdateDxe: Failed to allocate memory for descriptors.\n"));
594 return NULL;
595 }
596
597 //
598 // Retrieve the set of EFI_FIRMWARE_IMAGE_DESCRIPTORs.
599 //
600 PackageVersionName = NULL;
601 Status = Fmp->GetImageInfo (
602 Fmp,
603 &ImageInfoSize, // ImageInfoSize
604 FmpImageInfoBuf, // ImageInfo
605 &FmpImageInfoDescriptorVer, // DescriptorVersion
606 FmpImageInfoCount, // DescriptorCount
607 DescriptorSize, // DescriptorSize
608 &PackageVersion, // PackageVersion
609 &PackageVersionName // PackageVersionName
610 );
611
612 //
613 // Free unused PackageVersionName return buffer
614 //
615 if (PackageVersionName != NULL) {
616 FreePool (PackageVersionName);
617 PackageVersionName = NULL;
618 }
619
620 if (EFI_ERROR (Status)) {
621 DEBUG ((DEBUG_ERROR, "SystemFirmwareUpdateDxe: Failure in GetImageInfo. Status = %r\n", Status));
622 if (FmpImageInfoBuf != NULL) {
623 FreePool (FmpImageInfoBuf);
624 }
625 return NULL;
626 }
627
628 return FmpImageInfoBuf;
629 }
630
631 /**
632 Search for handles with an FMP protocol whose EFI_FIRMWARE_IMAGE_DESCRIPTOR
633 ImageTypeId matches the ImageTypeId produced by this module.
634
635 @param[in] ProtocolGuid Pointer to the GUID of the protocol to search.
636 @param[out] HandleCount Pointer to the number of returned handles.
637
638 @return NULL No matching handles found.
639 @return !NULL Pointer to a buffer of handles allocated using AllocatePool().
640 Caller must free buffer with FreePool().
641 **/
642 EFI_HANDLE *
643 FindMatchingFmpHandles (
644 IN EFI_GUID *ProtocolGuid,
645 OUT UINTN *HandleCount
646 )
647 {
648 EFI_STATUS Status;
649 UINTN TempHandleCount;
650 EFI_HANDLE *HandleBuffer;
651 UINTN Index;
652 UINTN Index2;
653 UINTN Index3;
654 EFI_FIRMWARE_IMAGE_DESCRIPTOR *OriginalFmpImageInfoBuf;
655 EFI_FIRMWARE_IMAGE_DESCRIPTOR *FmpImageInfoBuf;
656 UINT8 FmpImageInfoCount;
657 UINTN DescriptorSize;
658 BOOLEAN MatchFound;
659
660 *HandleCount = 0;
661 TempHandleCount = 0;
662 HandleBuffer = NULL;
663 Status = gBS->LocateHandleBuffer (
664 ByProtocol,
665 ProtocolGuid,
666 NULL,
667 &TempHandleCount,
668 &HandleBuffer
669 );
670 if (EFI_ERROR (Status)) {
671 return NULL;
672 }
673
674 for (Index = 0; Index < TempHandleCount; Index++) {
675 OriginalFmpImageInfoBuf = GetFmpImageDescriptors (
676 HandleBuffer[Index],
677 ProtocolGuid,
678 &FmpImageInfoCount,
679 &DescriptorSize
680 );
681
682 //
683 // Loop through the set of EFI_FIRMWARE_IMAGE_DESCRIPTORs.
684 //
685 FmpImageInfoBuf = OriginalFmpImageInfoBuf;
686 MatchFound = FALSE;
687 for (Index2 = 0; Index2 < FmpImageInfoCount; Index2++) {
688 for (Index3 = 0; Index3 < mSystemFmpPrivate->DescriptorCount; Index3++) {
689 MatchFound = CompareGuid (
690 &FmpImageInfoBuf->ImageTypeId,
691 &mSystemFmpPrivate->ImageDescriptor[Index3].ImageTypeId
692 );
693 if (MatchFound) {
694 break;
695 }
696 }
697 if (MatchFound) {
698 break;
699 }
700 //
701 // Increment the buffer pointer ahead by the size of the descriptor
702 //
703 FmpImageInfoBuf = (EFI_FIRMWARE_IMAGE_DESCRIPTOR *)(((UINT8 *)FmpImageInfoBuf) + DescriptorSize);
704 }
705 if (MatchFound) {
706 HandleBuffer[*HandleCount] = HandleBuffer[Index];
707 (*HandleCount)++;
708 }
709
710 FreePool (OriginalFmpImageInfoBuf);
711 }
712
713 if ((*HandleCount) == 0) {
714 //
715 // No any matching handle.
716 //
717 FreePool (HandleBuffer);
718 return NULL;
719 }
720 return HandleBuffer;
721 }
722
723 /**
724 Uninstall System FMP Protocol instances that may have been installed by
725 SystemFirmwareUpdateDxe drivers dispatches by other capsules.
726
727 @retval EFI_SUCCESS All System FMP Protocols found were uninstalled.
728 @return Other One or more System FMP Protocols could not be uninstalled.
729
730 **/
731 EFI_STATUS
732 UninstallMatchingSystemFmpProtocols (
733 VOID
734 )
735 {
736 EFI_STATUS Status;
737 EFI_HANDLE *HandleBuffer;
738 UINTN HandleCount;
739 UINTN Index;
740 EFI_FIRMWARE_MANAGEMENT_PROTOCOL *SystemFmp;
741
742 //
743 // Uninstall SystemFmpProtocol instances that may have been produced by
744 // the SystemFirmwareUpdate drivers in FVs dispatched by other capsules.
745 //
746 HandleBuffer = FindMatchingFmpHandles (
747 &gSystemFmpProtocolGuid,
748 &HandleCount
749 );
750 DEBUG ((DEBUG_INFO, "SystemFirmwareUpdateDxe: Found %d matching System FMP instances\n", HandleCount));
751
752 for (Index = 0; Index < HandleCount; Index++) {
753 Status = gBS->HandleProtocol(
754 HandleBuffer[Index],
755 &gSystemFmpProtocolGuid,
756 (VOID **)&SystemFmp
757 );
758 if (EFI_ERROR (Status)) {
759 continue;
760 }
761 DEBUG ((DEBUG_INFO, "SystemFirmwareUpdateDxe: Uninstall SystemFmp produced by another capsule\n"));
762 Status = gBS->UninstallProtocolInterface (
763 HandleBuffer[Index],
764 &gSystemFmpProtocolGuid,
765 SystemFmp
766 );
767 if (EFI_ERROR (Status)) {
768 DEBUG ((DEBUG_ERROR, "SystemFirmwareUpdateDxe: Failed to uninstall SystemFmp %r. Exiting.\n", Status));
769 FreePool (HandleBuffer);
770 return Status;
771 }
772 }
773 if (HandleBuffer != NULL) {
774 FreePool (HandleBuffer);
775 }
776
777 return EFI_SUCCESS;
778 }
779
780 /**
781 System FMP module entrypoint
782
783 @param[in] ImageHandle The firmware allocated handle for the EFI image.
784 @param[in] SystemTable A pointer to the EFI System Table.
785
786 @retval EFI_SUCCESS System FMP module is initialized.
787 @retval EFI_OUT_OF_RESOURCES There are not enough resources avaulable to
788 initialize this module.
789 @retval Other System FMP Protocols could not be uninstalled.
790 @retval Other System FMP Protocol could not be installed.
791 @retval Other FMP Protocol could not be installed.
792 **/
793 EFI_STATUS
794 EFIAPI
795 SystemFirmwareUpdateMainDxe (
796 IN EFI_HANDLE ImageHandle,
797 IN EFI_SYSTEM_TABLE *SystemTable
798 )
799 {
800 EFI_STATUS Status;
801 EFI_HANDLE *HandleBuffer;
802 UINTN HandleCount;
803
804 //
805 // Initialize SystemFmpPrivateData
806 //
807 mSystemFmpPrivate = AllocateZeroPool (sizeof (SYSTEM_FMP_PRIVATE_DATA));
808 if (mSystemFmpPrivate == NULL) {
809 return EFI_OUT_OF_RESOURCES;
810 }
811
812 Status = InitializePrivateData (mSystemFmpPrivate);
813 if (EFI_ERROR (Status)) {
814 FreePool (mSystemFmpPrivate);
815 mSystemFmpPrivate = NULL;
816 return Status;
817 }
818
819 //
820 // Uninstall SystemFmpProtocol instances that may have been produced by
821 // the SystemFirmwareUpdate drivers in FVs dispatched by other capsules.
822 //
823 Status = UninstallMatchingSystemFmpProtocols ();
824 if (EFI_ERROR (Status)) {
825 FreePool (mSystemFmpPrivate);
826 mSystemFmpPrivate = NULL;
827 return Status;
828 }
829
830 //
831 // Look for a handle with matching Firmware Management Protocol
832 //
833 HandleCount = 0;
834 HandleBuffer = FindMatchingFmpHandles (
835 &gEfiFirmwareManagementProtocolGuid,
836 &HandleCount
837 );
838 DEBUG ((DEBUG_INFO, "SystemFirmwareUpdateDxe: Found %d matching FMP instances\n", HandleCount));
839
840 switch (HandleCount) {
841 case 0:
842 //
843 // Install FMP protocol onto a new handle.
844 //
845 DEBUG ((DEBUG_INFO, "SystemFirmwareUpdateDxe: Install FMP onto a new handle\n"));
846 Status = gBS->InstallMultipleProtocolInterfaces (
847 &mSystemFmpPrivate->Handle,
848 &gEfiFirmwareManagementProtocolGuid,
849 &mSystemFmpPrivate->Fmp,
850 NULL
851 );
852 break;
853 case 1:
854 //
855 // Install System FMP protocol onto handle with matching FMP Protocol
856 //
857 DEBUG ((DEBUG_INFO, "SystemFirmwareUpdateDxe: Install System FMP onto matching FMP handle\n"));
858 mSystemFmpPrivate->Handle = HandleBuffer[0];
859 Status = gBS->InstallMultipleProtocolInterfaces (
860 &HandleBuffer[0],
861 &gSystemFmpProtocolGuid,
862 &mSystemFmpPrivate->Fmp,
863 NULL
864 );
865 break;
866 default:
867 //
868 // More than one matching handle is not expected. Unload driver.
869 //
870 DEBUG ((DEBUG_ERROR, "SystemFirmwareUpdateDxe: More than one matching FMP handle. Unload driver.\n"));
871 Status = EFI_DEVICE_ERROR;
872 break;
873 }
874
875 if (HandleBuffer != NULL) {
876 FreePool (HandleBuffer);
877 }
878
879 if (EFI_ERROR (Status)) {
880 FreePool (mSystemFmpPrivate);
881 mSystemFmpPrivate = NULL;
882 }
883
884 return Status;
885 }