--- /dev/null
+/** @file\r
+ Produces a Firmware Management Protocol that supports updates to a firmware\r
+ image stored in a firmware device with platform and firmware device specific\r
+ information provided through PCDs and libraries.\r
+\r
+ Copyright (c) 2016, Microsoft Corporation. All rights reserved.<BR>\r
+ Copyright (c) 2018 - 2019, Intel Corporation. All rights reserved.<BR>\r
+\r
+ SPDX-License-Identifier: BSD-2-Clause-Patent\r
+\r
+**/\r
+\r
+#ifndef _FMP_DXE_H_\r
+#define _FMP_DXE_H_\r
+\r
+#include <PiDxe.h>\r
+#include <Library/DebugLib.h>\r
+#include <Library/BaseLib.h>\r
+#include <Library/BaseMemoryLib.h>\r
+#include <Library/UefiBootServicesTableLib.h>\r
+#include <Library/MemoryAllocationLib.h>\r
+#include <Library/UefiLib.h>\r
+#include <Library/FmpAuthenticationLib.h>\r
+#include <Library/FmpDeviceLib.h>\r
+#include <Library/FmpPayloadHeaderLib.h>\r
+#include <Library/CapsuleUpdatePolicyLib.h>\r
+#include <Protocol/FirmwareManagement.h>\r
+#include <Protocol/FirmwareManagementProgress.h>\r
+#include <Guid/SystemResourceTable.h>\r
+#include <Guid/EventGroup.h>\r
+#include "VariableSupport.h"\r
+\r
+#define VERSION_STRING_NOT_SUPPORTED L"VERSION STRING NOT SUPPORTED"\r
+#define VERSION_STRING_NOT_AVAILABLE L"VERSION STRING NOT AVAILABLE"\r
+\r
+///\r
+///\r
+///\r
+#define FIRMWARE_MANAGEMENT_PRIVATE_DATA_SIGNATURE SIGNATURE_32 ('f','m','p','p')\r
+\r
+typedef struct {\r
+ UINTN Signature;\r
+ EFI_HANDLE Handle;\r
+ EFI_FIRMWARE_MANAGEMENT_PROTOCOL Fmp;\r
+ BOOLEAN DescriptorPopulated;\r
+ EFI_FIRMWARE_IMAGE_DESCRIPTOR Descriptor;\r
+ CHAR16 *ImageIdName;\r
+ CHAR16 *VersionName;\r
+ BOOLEAN RuntimeVersionSupported;\r
+ EFI_EVENT FmpDeviceLockEvent;\r
+ //\r
+ // Indicates if an attempt has been made to lock a\r
+ // FLASH storage device by calling FmpDeviceLock().\r
+ // A FLASH storage device may not support being locked,\r
+ // so this variable is set to TRUE even if FmpDeviceLock()\r
+ // returns an error.\r
+ //\r
+ BOOLEAN FmpDeviceLocked;\r
+ VOID *FmpDeviceContext;\r
+} FIRMWARE_MANAGEMENT_PRIVATE_DATA;\r
+\r
+///\r
+///\r
+///\r
+#define FIRMWARE_MANAGEMENT_PRIVATE_DATA_FROM_THIS(a) \\r
+ CR (a, FIRMWARE_MANAGEMENT_PRIVATE_DATA, Fmp, FIRMWARE_MANAGEMENT_PRIVATE_DATA_SIGNATURE)\r
+\r
+/**\r
+ Check to see if any of the keys in PcdFmpDevicePkcs7CertBufferXdr matches\r
+ the test key. PcdFmpDeviceTestKeySha256Digest contains the SHA256 hash of\r
+ the test key. For each key in PcdFmpDevicePkcs7CertBufferXdr, compute the\r
+ SHA256 hash and compare it to PcdFmpDeviceTestKeySha256Digest. If the\r
+ SHA256 hash matches or there is then error computing the SHA256 hash, then\r
+ set PcdTestKeyUsed to TRUE. Skip this check if PcdTestKeyUsed is already\r
+ TRUE or PcdFmpDeviceTestKeySha256Digest is not exactly SHA256_DIGEST_SIZE\r
+ bytes.\r
+**/\r
+VOID\r
+DetectTestKey (\r
+ VOID\r
+ );\r
+\r
+/**\r
+ Returns information about the current firmware image(s) of the device.\r
+\r
+ This function allows a copy of the current firmware image to be created and saved.\r
+ The saved copy could later been used, for example, in firmware image recovery or rollback.\r
+\r
+ @param[in] This A pointer to the EFI_FIRMWARE_MANAGEMENT_PROTOCOL instance.\r
+ @param[in, out] ImageInfoSize A pointer to the size, in bytes, of the ImageInfo buffer.\r
+ On input, this is the size of the buffer allocated by the caller.\r
+ On output, it is the size of the buffer returned by the firmware\r
+ if the buffer was large enough, or the size of the buffer needed\r
+ to contain the image(s) information if the buffer was too small.\r
+ @param[in, out] ImageInfo A pointer to the buffer in which firmware places the current image(s)\r
+ information. The information is an array of EFI_FIRMWARE_IMAGE_DESCRIPTORs.\r
+ @param[out] DescriptorVersion A pointer to the location in which firmware returns the version number\r
+ associated with the EFI_FIRMWARE_IMAGE_DESCRIPTOR.\r
+ @param[out] DescriptorCount A pointer to the location in which firmware returns the number of\r
+ descriptors or firmware images within this device.\r
+ @param[out] DescriptorSize A pointer to the location in which firmware returns the size, in bytes,\r
+ of an individual EFI_FIRMWARE_IMAGE_DESCRIPTOR.\r
+ @param[out] PackageVersion A version number that represents all the firmware images in the device.\r
+ The format is vendor specific and new version must have a greater value\r
+ than the old version. If PackageVersion is not supported, the value is\r
+ 0xFFFFFFFF. A value of 0xFFFFFFFE indicates that package version comparison\r
+ is to be performed using PackageVersionName. A value of 0xFFFFFFFD indicates\r
+ that package version update is in progress.\r
+ @param[out] PackageVersionName A pointer to a pointer to a null-terminated string representing the\r
+ package version name. The buffer is allocated by this function with\r
+ AllocatePool(), and it is the caller's responsibility to free it with a call\r
+ to FreePool().\r
+\r
+ @retval EFI_SUCCESS The device was successfully updated with the new image.\r
+ @retval EFI_BUFFER_TOO_SMALL The ImageInfo buffer was too small. The current buffer size\r
+ needed to hold the image(s) information is returned in ImageInfoSize.\r
+ @retval EFI_INVALID_PARAMETER ImageInfoSize is NULL.\r
+ @retval EFI_DEVICE_ERROR Valid information could not be returned. Possible corrupted image.\r
+\r
+**/\r
+EFI_STATUS\r
+EFIAPI\r
+GetTheImageInfo (\r
+ IN EFI_FIRMWARE_MANAGEMENT_PROTOCOL *This,\r
+ IN OUT UINTN *ImageInfoSize,\r
+ IN OUT EFI_FIRMWARE_IMAGE_DESCRIPTOR *ImageInfo,\r
+ OUT UINT32 *DescriptorVersion,\r
+ OUT UINT8 *DescriptorCount,\r
+ OUT UINTN *DescriptorSize,\r
+ OUT UINT32 *PackageVersion,\r
+ OUT CHAR16 **PackageVersionName\r
+ );\r
+\r
+/**\r
+ Retrieves a copy of the current firmware image of the device.\r
+\r
+ This function allows a copy of the current firmware image to be created and saved.\r
+ The saved copy could later been used, for example, in firmware image recovery or rollback.\r
+\r
+ @param[in] This A pointer to the EFI_FIRMWARE_MANAGEMENT_PROTOCOL instance.\r
+ @param[in] ImageIndex A unique number identifying the firmware image(s) within the device.\r
+ The number is between 1 and DescriptorCount.\r
+ @param[in, out] Image Points to the buffer where the current image is copied to.\r
+ @param[in, out] ImageSize On entry, points to the size of the buffer pointed to by Image, in bytes.\r
+ On return, points to the length of the image, in bytes.\r
+\r
+ @retval EFI_SUCCESS The device was successfully updated with the new image.\r
+ @retval EFI_BUFFER_TOO_SMALL The buffer specified by ImageSize is too small to hold the\r
+ image. The current buffer size needed to hold the image is returned\r
+ in ImageSize.\r
+ @retval EFI_INVALID_PARAMETER The Image was NULL.\r
+ @retval EFI_NOT_FOUND The current image is not copied to the buffer.\r
+ @retval EFI_UNSUPPORTED The operation is not supported.\r
+ @retval EFI_SECURITY_VIOLATION The operation could not be performed due to an authentication failure.\r
+\r
+**/\r
+EFI_STATUS\r
+EFIAPI\r
+GetTheImage (\r
+ IN EFI_FIRMWARE_MANAGEMENT_PROTOCOL *This,\r
+ IN UINT8 ImageIndex,\r
+ IN OUT VOID *Image,\r
+ IN OUT UINTN *ImageSize\r
+ );\r
+\r
+\r
+/**\r
+ Checks if the firmware image is valid for the device.\r
+\r
+ This function allows firmware update application to validate the firmware image without\r
+ invoking the SetImage() first.\r
+\r
+ @param[in] This A pointer to the EFI_FIRMWARE_MANAGEMENT_PROTOCOL instance.\r
+ @param[in] ImageIndex A unique number identifying the firmware image(s) within the device.\r
+ The number is between 1 and DescriptorCount.\r
+ @param[in] Image Points to the new image.\r
+ @param[in] ImageSize Size of the new image in bytes.\r
+ @param[out] ImageUpdatable Indicates if the new image is valid for update. It also provides,\r
+ if available, additional information if the image is invalid.\r
+\r
+ @retval EFI_SUCCESS The image was successfully checked.\r
+ @retval EFI_ABORTED The operation is aborted.\r
+ @retval EFI_INVALID_PARAMETER The Image was NULL.\r
+ @retval EFI_UNSUPPORTED The operation is not supported.\r
+ @retval EFI_SECURITY_VIOLATION The operation could not be performed due to an authentication failure.\r
+\r
+**/\r
+EFI_STATUS\r
+EFIAPI\r
+CheckTheImage (\r
+ IN EFI_FIRMWARE_MANAGEMENT_PROTOCOL *This,\r
+ IN UINT8 ImageIndex,\r
+ IN CONST VOID *Image,\r
+ IN UINTN ImageSize,\r
+ OUT UINT32 *ImageUpdatable\r
+ );\r
+\r
+/**\r
+ Updates the firmware image of the device.\r
+\r
+ This function updates the hardware with the new firmware image.\r
+ This function returns EFI_UNSUPPORTED if the firmware image is not updatable.\r
+ If the firmware image is updatable, the function should perform the following minimal validations\r
+ before proceeding to do the firmware image update.\r
+ - Validate the image authentication if image has attribute\r
+ IMAGE_ATTRIBUTE_AUTHENTICATION_REQUIRED. The function returns\r
+ EFI_SECURITY_VIOLATION if the validation fails.\r
+ - Validate the image is a supported image for this device. The function returns EFI_ABORTED if\r
+ the image is unsupported. The function can optionally provide more detailed information on\r
+ why the image is not a supported image.\r
+ - Validate the data from VendorCode if not null. Image validation must be performed before\r
+ VendorCode data validation. VendorCode data is ignored or considered invalid if image\r
+ validation failed. The function returns EFI_ABORTED if the data is invalid.\r
+\r
+ VendorCode enables vendor to implement vendor-specific firmware image update policy. Null if\r
+ the caller did not specify the policy or use the default policy. As an example, vendor can implement\r
+ a policy to allow an option to force a firmware image update when the abort reason is due to the new\r
+ firmware image version is older than the current firmware image version or bad image checksum.\r
+ Sensitive operations such as those wiping the entire firmware image and render the device to be\r
+ non-functional should be encoded in the image itself rather than passed with the VendorCode.\r
+ AbortReason enables vendor to have the option to provide a more detailed description of the abort\r
+ reason to the caller.\r
+\r
+ @param[in] This A pointer to the EFI_FIRMWARE_MANAGEMENT_PROTOCOL instance.\r
+ @param[in] ImageIndex A unique number identifying the firmware image(s) within the device.\r
+ The number is between 1 and DescriptorCount.\r
+ @param[in] Image Points to the new image.\r
+ @param[in] ImageSize Size of the new image in bytes.\r
+ @param[in] VendorCode This enables vendor to implement vendor-specific firmware image update policy.\r
+ Null indicates the caller did not specify the policy or use the default policy.\r
+ @param[in] Progress A function used by the driver to report the progress of the firmware update.\r
+ @param[out] AbortReason A pointer to a pointer to a null-terminated string providing more\r
+ details for the aborted operation. The buffer is allocated by this function\r
+ with AllocatePool(), and it is the caller's responsibility to free it with a\r
+ call to FreePool().\r
+\r
+ @retval EFI_SUCCESS The device was successfully updated with the new image.\r
+ @retval EFI_ABORTED The operation is aborted.\r
+ @retval EFI_INVALID_PARAMETER The Image was NULL.\r
+ @retval EFI_UNSUPPORTED The operation is not supported.\r
+ @retval EFI_SECURITY_VIOLATION The operation could not be performed due to an authentication failure.\r
+\r
+**/\r
+EFI_STATUS\r
+EFIAPI\r
+SetTheImage (\r
+ IN EFI_FIRMWARE_MANAGEMENT_PROTOCOL *This,\r
+ IN UINT8 ImageIndex,\r
+ IN CONST VOID *Image,\r
+ IN UINTN ImageSize,\r
+ IN CONST VOID *VendorCode,\r
+ IN EFI_FIRMWARE_MANAGEMENT_UPDATE_IMAGE_PROGRESS Progress,\r
+ OUT CHAR16 **AbortReason\r
+ );\r
+\r
+/**\r
+ Returns information about the firmware package.\r
+\r
+ This function returns package information.\r
+\r
+ @param[in] This A pointer to the EFI_FIRMWARE_MANAGEMENT_PROTOCOL instance.\r
+ @param[out] PackageVersion A version number that represents all the firmware images in the device.\r
+ The format is vendor specific and new version must have a greater value\r
+ than the old version. If PackageVersion is not supported, the value is\r
+ 0xFFFFFFFF. A value of 0xFFFFFFFE indicates that package version\r
+ comparison is to be performed using PackageVersionName. A value of\r
+ 0xFFFFFFFD indicates that package version update is in progress.\r
+ @param[out] PackageVersionName A pointer to a pointer to a null-terminated string representing\r
+ the package version name. The buffer is allocated by this function with\r
+ AllocatePool(), and it is the caller's responsibility to free it with a\r
+ call to FreePool().\r
+ @param[out] PackageVersionNameMaxLen The maximum length of package version name if device supports update of\r
+ package version name. A value of 0 indicates the device does not support\r
+ update of package version name. Length is the number of Unicode characters,\r
+ including the terminating null character.\r
+ @param[out] AttributesSupported Package attributes that are supported by this device. See 'Package Attribute\r
+ Definitions' for possible returned values of this parameter. A value of 1\r
+ indicates the attribute is supported and the current setting value is\r
+ indicated in AttributesSetting. A value of 0 indicates the attribute is not\r
+ supported and the current setting value in AttributesSetting is meaningless.\r
+ @param[out] AttributesSetting Package attributes. See 'Package Attribute Definitions' for possible returned\r
+ values of this parameter\r
+\r
+ @retval EFI_SUCCESS The package information was successfully returned.\r
+ @retval EFI_UNSUPPORTED The operation is not supported.\r
+\r
+**/\r
+EFI_STATUS\r
+EFIAPI\r
+GetPackageInfo (\r
+ IN EFI_FIRMWARE_MANAGEMENT_PROTOCOL *This,\r
+ OUT UINT32 *PackageVersion,\r
+ OUT CHAR16 **PackageVersionName,\r
+ OUT UINT32 *PackageVersionNameMaxLen,\r
+ OUT UINT64 *AttributesSupported,\r
+ OUT UINT64 *AttributesSetting\r
+ );\r
+\r
+/**\r
+ Updates information about the firmware package.\r
+\r
+ This function updates package information.\r
+ This function returns EFI_UNSUPPORTED if the package information is not updatable.\r
+ VendorCode enables vendor to implement vendor-specific package information update policy.\r
+ Null if the caller did not specify this policy or use the default policy.\r
+\r
+ @param[in] This A pointer to the EFI_FIRMWARE_MANAGEMENT_PROTOCOL instance.\r
+ @param[in] Image Points to the authentication image.\r
+ Null if authentication is not required.\r
+ @param[in] ImageSize Size of the authentication image in bytes.\r
+ 0 if authentication is not required.\r
+ @param[in] VendorCode This enables vendor to implement vendor-specific firmware\r
+ image update policy.\r
+ Null indicates the caller did not specify this policy or use\r
+ the default policy.\r
+ @param[in] PackageVersion The new package version.\r
+ @param[in] PackageVersionName A pointer to the new null-terminated Unicode string representing\r
+ the package version name.\r
+ The string length is equal to or less than the value returned in\r
+ PackageVersionNameMaxLen.\r
+\r
+ @retval EFI_SUCCESS The device was successfully updated with the new package\r
+ information.\r
+ @retval EFI_INVALID_PARAMETER The PackageVersionName length is longer than the value\r
+ returned in PackageVersionNameMaxLen.\r
+ @retval EFI_UNSUPPORTED The operation is not supported.\r
+ @retval EFI_SECURITY_VIOLATION The operation could not be performed due to an authentication failure.\r
+\r
+**/\r
+EFI_STATUS\r
+EFIAPI\r
+SetPackageInfo (\r
+ IN EFI_FIRMWARE_MANAGEMENT_PROTOCOL *This,\r
+ IN CONST VOID *Image,\r
+ IN UINTN ImageSize,\r
+ IN CONST VOID *VendorCode,\r
+ IN UINT32 PackageVersion,\r
+ IN CONST CHAR16 *PackageVersionName\r
+ );\r
+\r
+#endif\r