--- /dev/null
+/** @file\r
+ EDKII System Capsule library.\r
+\r
+ EDKII System Capsule library instance.\r
+\r
+ CapsuleAuthenticateSystemFirmware(), ExtractAuthenticatedImage() will receive\r
+ untrusted input and do basic validation.\r
+\r
+ Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>\r
+ This program and the accompanying materials\r
+ are licensed and made available under the terms and conditions of the BSD License\r
+ which accompanies this distribution. The full text of the license may be found at\r
+ http://opensource.org/licenses/bsd-license.php\r
+\r
+ THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,\r
+ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
+\r
+**/\r
+\r
+#include <PiDxe.h>\r
+\r
+#include <Guid/SystemResourceTable.h>\r
+#include <Guid/FirmwareContentsSigned.h>\r
+#include <Guid/WinCertificate.h>\r
+#include <Guid/EdkiiSystemFmpCapsule.h>\r
+#include <Guid/WinCertificate.h>\r
+#include <Guid/ImageAuthentication.h>\r
+\r
+#include <Library/BaseLib.h>\r
+#include <Library/BaseMemoryLib.h>\r
+#include <Library/DebugLib.h>\r
+#include <Library/MemoryAllocationLib.h>\r
+#include <Library/EdkiiSystemCapsuleLib.h>\r
+#include <Library/FmpAuthenticationLib.h>\r
+\r
+#include <Protocol/FirmwareManagement.h>\r
+\r
+EDKII_SYSTEM_FIRMWARE_IMAGE_DESCRIPTOR *mImageFmpInfo;\r
+UINTN mImageFmpInfoSize;\r
+EFI_GUID mEdkiiSystemFirmwareFileGuid;\r
+\r
+/**\r
+ Check if a block of buffer is erased.\r
+\r
+ @param[in] ErasePolarity Erase polarity attribute of the firmware volume\r
+ @param[in] InBuffer The buffer to be checked\r
+ @param[in] BufferSize Size of the buffer in bytes\r
+\r
+ @retval TRUE The block of buffer is erased\r
+ @retval FALSE The block of buffer is not erased\r
+**/\r
+BOOLEAN\r
+IsBufferErased (\r
+ IN UINT8 ErasePolarity,\r
+ IN VOID *InBuffer,\r
+ IN UINTN BufferSize\r
+ )\r
+{\r
+ UINTN Count;\r
+ UINT8 EraseByte;\r
+ UINT8 *Buffer;\r
+\r
+ if(ErasePolarity == 1) {\r
+ EraseByte = 0xFF;\r
+ } else {\r
+ EraseByte = 0;\r
+ }\r
+\r
+ Buffer = InBuffer;\r
+ for (Count = 0; Count < BufferSize; Count++) {\r
+ if (Buffer[Count] != EraseByte) {\r
+ return FALSE;\r
+ }\r
+ }\r
+\r
+ return TRUE;\r
+}\r
+\r
+/**\r
+ Get Section buffer pointer by SectionType and SectionInstance.\r
+\r
+ @param[in] SectionBuffer The buffer of section\r
+ @param[in] SectionBufferSize The size of SectionBuffer in bytes\r
+ @param[in] SectionType The SectionType of Section to be found\r
+ @param[in] SectionInstance The Instance of Section to be found\r
+ @param[out] OutSectionBuffer The section found, including SECTION_HEADER\r
+ @param[out] OutSectionSize The size of section found, including SECTION_HEADER\r
+\r
+ @retval TRUE The FFS buffer is found.\r
+ @retval FALSE The FFS buffer is not found.\r
+**/\r
+BOOLEAN\r
+GetSectionByType (\r
+ IN VOID *SectionBuffer,\r
+ IN UINT32 SectionBufferSize,\r
+ IN EFI_SECTION_TYPE SectionType,\r
+ IN UINTN SectionInstance,\r
+ OUT VOID **OutSectionBuffer,\r
+ OUT UINTN *OutSectionSize\r
+ )\r
+{\r
+ EFI_COMMON_SECTION_HEADER *SectionHeader;\r
+ UINTN SectionSize;\r
+ UINTN Instance;\r
+\r
+ DEBUG ((DEBUG_INFO, "GetSectionByType - Buffer: 0x%08x - 0x%08x\n", SectionBuffer, SectionBufferSize));\r
+\r
+ //\r
+ // Find Section\r
+ //\r
+ SectionHeader = SectionBuffer;\r
+\r
+ Instance = 0;\r
+ while ((UINTN)SectionHeader < (UINTN)SectionBuffer + SectionBufferSize) {\r
+ DEBUG ((DEBUG_INFO, "GetSectionByType - Section: 0x%08x\n", SectionHeader));\r
+ if (IS_SECTION2(SectionHeader)) {\r
+ SectionSize = SECTION2_SIZE(SectionHeader);\r
+ } else {\r
+ SectionSize = SECTION_SIZE(SectionHeader);\r
+ }\r
+\r
+ if (SectionHeader->Type == SectionType) {\r
+ if (Instance == SectionInstance) {\r
+ *OutSectionBuffer = (UINT8 *)SectionHeader;\r
+ *OutSectionSize = SectionSize;\r
+ DEBUG((DEBUG_INFO, "GetSectionByType - 0x%x - 0x%x\n", *OutSectionBuffer, *OutSectionSize));\r
+ return TRUE;\r
+ } else {\r
+ DEBUG((DEBUG_INFO, "GetSectionByType - find section instance %x\n", Instance));\r
+ Instance++;\r
+ }\r
+ } else {\r
+ //\r
+ // Skip other section type\r
+ //\r
+ DEBUG ((DEBUG_INFO, "GetSectionByType - other section type 0x%x\n", SectionHeader->Type));\r
+ }\r
+\r
+ //\r
+ // Next Section\r
+ //\r
+ SectionHeader = (EFI_COMMON_SECTION_HEADER *)((UINTN)SectionHeader + ALIGN_VALUE(SectionSize, 4));\r
+ }\r
+\r
+ return FALSE;\r
+}\r
+\r
+/**\r
+ Get FFS buffer pointer by FileName GUID and FileType.\r
+\r
+ @param[in] FdStart The System Firmware FD image\r
+ @param[in] FdSize The size of System Firmware FD image\r
+ @param[in] FileName The FileName GUID of FFS to be found\r
+ @param[in] Type The FileType of FFS to be found\r
+ @param[out] OutFfsBuffer The FFS buffer found, including FFS_FILE_HEADER\r
+ @param[out] OutFfsBufferSize The size of FFS buffer found, including FFS_FILE_HEADER\r
+\r
+ @retval TRUE The FFS buffer is found.\r
+ @retval FALSE The FFS buffer is not found.\r
+**/\r
+BOOLEAN\r
+GetFfsByName (\r
+ IN VOID *FdStart,\r
+ IN UINTN FdSize,\r
+ IN EFI_GUID *FileName,\r
+ IN EFI_FV_FILETYPE Type,\r
+ OUT VOID **OutFfsBuffer,\r
+ OUT UINTN *OutFfsBufferSize\r
+ )\r
+{\r
+ UINTN FvSize;\r
+ EFI_FIRMWARE_VOLUME_HEADER *FvHeader;\r
+ EFI_FIRMWARE_VOLUME_EXT_HEADER *FvExtHeader;\r
+ EFI_FFS_FILE_HEADER *FfsHeader;\r
+ UINT32 FfsSize;\r
+ UINTN TestLength;\r
+ BOOLEAN FvFound;\r
+\r
+ DEBUG ((DEBUG_INFO, "GetFfsByName - FV: 0x%08x - 0x%08x\n", (UINTN)FdStart, (UINTN)FdSize));\r
+\r
+ FvFound = FALSE;\r
+ FvHeader = (EFI_FIRMWARE_VOLUME_HEADER *)FdStart;\r
+ while ((UINTN)FvHeader < (UINTN)FdStart + FdSize - 1) {\r
+ FvSize = (UINTN)FdStart + FdSize - (UINTN)FvHeader;\r
+\r
+ if (FvHeader->Signature != EFI_FVH_SIGNATURE) {\r
+ FvHeader = (EFI_FIRMWARE_VOLUME_HEADER *)((UINTN)FvHeader + SIZE_4KB);\r
+ continue;\r
+ }\r
+ DEBUG((DEBUG_ERROR, "checking FV....0x%08x - 0x%x\n", FvHeader, FvHeader->FvLength));\r
+ FvFound = TRUE;\r
+ if (FvHeader->FvLength > FvSize) {\r
+ DEBUG((DEBUG_ERROR, "GetFfsByName - FvSize: 0x%08x, MaxSize - 0x%08x\n", (UINTN)FvHeader->FvLength, (UINTN)FvSize));\r
+ return FALSE;\r
+ }\r
+ FvSize = (UINTN)FvHeader->FvLength;\r
+\r
+ //\r
+ // Find FFS\r
+ //\r
+ if (FvHeader->ExtHeaderOffset != 0) {\r
+ FvExtHeader = (EFI_FIRMWARE_VOLUME_EXT_HEADER *)((UINT8 *)FvHeader + FvHeader->ExtHeaderOffset);\r
+ FfsHeader = (EFI_FFS_FILE_HEADER *)((UINT8 *)FvExtHeader + FvExtHeader->ExtHeaderSize);\r
+ } else {\r
+ FfsHeader = (EFI_FFS_FILE_HEADER *)((UINT8 *)FvHeader + FvHeader->HeaderLength);\r
+ }\r
+ FfsHeader = (EFI_FFS_FILE_HEADER *)((UINTN)FvHeader + ALIGN_VALUE((UINTN)FfsHeader - (UINTN)FvHeader, 8));\r
+\r
+ while ((UINTN)FfsHeader < (UINTN)FvHeader + FvSize - 1) {\r
+ DEBUG((DEBUG_INFO, "GetFfsByName - FFS: 0x%08x\n", FfsHeader));\r
+ TestLength = (UINTN)((UINTN)FvHeader + FvSize - (UINTN)FfsHeader);\r
+ if (TestLength > sizeof(EFI_FFS_FILE_HEADER)) {\r
+ TestLength = sizeof(EFI_FFS_FILE_HEADER);\r
+ }\r
+ if (IsBufferErased(1, FfsHeader, TestLength)) {\r
+ break;\r
+ }\r
+\r
+ if (IS_FFS_FILE2(FfsHeader)) {\r
+ FfsSize = FFS_FILE2_SIZE(FfsHeader);\r
+ } else {\r
+ FfsSize = FFS_FILE_SIZE(FfsHeader);\r
+ }\r
+\r
+ if (CompareGuid(FileName, &FfsHeader->Name) &&\r
+ ((Type == EFI_FV_FILETYPE_ALL) || (FfsHeader->Type == Type))) {\r
+ //\r
+ // Check section\r
+ //\r
+ *OutFfsBuffer = FfsHeader;\r
+ *OutFfsBufferSize = FfsSize;\r
+ return TRUE;\r
+ } else {\r
+ //\r
+ // Any other type is not allowed\r
+ //\r
+ DEBUG((DEBUG_INFO, "GetFfsByName - other FFS type 0x%x, name %g\n", FfsHeader->Type, &FfsHeader->Name));\r
+ }\r
+\r
+ //\r
+ // Next File\r
+ //\r
+ FfsHeader = (EFI_FFS_FILE_HEADER *)((UINTN)FfsHeader + ALIGN_VALUE(FfsSize, 8));\r
+ }\r
+\r
+ //\r
+ // Next FV\r
+ //\r
+ FvHeader = (VOID *)(UINTN)((UINTN)FvHeader + FvHeader->FvLength);\r
+ DEBUG((DEBUG_ERROR, "Next FV....0x%08x - 0x%x\n", FvHeader, FvHeader->FvLength));\r
+ }\r
+\r
+ if (!FvFound) {\r
+ DEBUG((DEBUG_ERROR, "GetFfsByName - NO FV Found\n"));\r
+ }\r
+ return FALSE;\r
+}\r
+\r
+/**\r
+ Extract the driver FV from an authenticated image.\r
+\r
+ @param[in] AuthenticatedImage The authenticated capsule image.\r
+ @param[in] AuthenticatedImageSize The size of the authenticated capsule image in bytes.\r
+ @param[out] DriverFvImage The driver FV image.\r
+ @param[out] DriverFvImageSize The size of the driver FV image in bytes.\r
+\r
+ @retval TRUE The driver Fv is extracted.\r
+ @retval FALSE The driver Fv is not extracted.\r
+**/\r
+BOOLEAN\r
+EFIAPI\r
+ExtractDriverFvImage (\r
+ IN VOID *AuthenticatedImage,\r
+ IN UINTN AuthenticatedImageSize,\r
+ OUT VOID **DriverFvImage,\r
+ OUT UINTN *DriverFvImageSize\r
+ )\r
+{\r
+ BOOLEAN Result;\r
+ UINT32 FileHeaderSize;\r
+\r
+ *DriverFvImage = NULL;\r
+ *DriverFvImageSize = 0;\r
+\r
+ Result = GetFfsByName(AuthenticatedImage, AuthenticatedImageSize, &gEdkiiSystemFmpCapsuleDriverFvFileGuid, EFI_FV_FILETYPE_RAW, DriverFvImage, DriverFvImageSize);\r
+ if (!Result) {\r
+ return FALSE;\r
+ }\r
+\r
+ if (IS_FFS_FILE2(*DriverFvImage)) {\r
+ FileHeaderSize = sizeof(EFI_FFS_FILE_HEADER2);\r
+ } else {\r
+ FileHeaderSize = sizeof(EFI_FFS_FILE_HEADER);\r
+ }\r
+ *DriverFvImage = (UINT8 *)*DriverFvImage + FileHeaderSize;\r
+ *DriverFvImageSize = *DriverFvImageSize - FileHeaderSize;\r
+\r
+ return Result;\r
+}\r
+\r
+/**\r
+ Extract the config image from an authenticated image.\r
+\r
+ @param[in] AuthenticatedImage The authenticated capsule image.\r
+ @param[in] AuthenticatedImageSize The size of the authenticated capsule image in bytes.\r
+ @param[out] ConfigImage The config image.\r
+ @param[out] ConfigImageSize The size of the config image in bytes.\r
+\r
+ @retval TRUE The config image is extracted.\r
+ @retval FALSE The config image is not extracted.\r
+**/\r
+BOOLEAN\r
+EFIAPI\r
+ExtractConfigImage (\r
+ IN VOID *AuthenticatedImage,\r
+ IN UINTN AuthenticatedImageSize,\r
+ OUT VOID **ConfigImage,\r
+ OUT UINTN *ConfigImageSize\r
+ )\r
+{\r
+ BOOLEAN Result;\r
+ UINT32 FileHeaderSize;\r
+\r
+ *ConfigImage = NULL;\r
+ *ConfigImageSize = 0;\r
+\r
+ Result = GetFfsByName(AuthenticatedImage, AuthenticatedImageSize, &gEdkiiSystemFmpCapsuleConfigFileGuid, EFI_FV_FILETYPE_RAW, ConfigImage, ConfigImageSize);\r
+ if (!Result) {\r
+ return FALSE;\r
+ }\r
+\r
+ if (IS_FFS_FILE2(*ConfigImage)) {\r
+ FileHeaderSize = sizeof(EFI_FFS_FILE_HEADER2);\r
+ } else {\r
+ FileHeaderSize = sizeof(EFI_FFS_FILE_HEADER);\r
+ }\r
+ *ConfigImage = (UINT8 *)*ConfigImage + FileHeaderSize;\r
+ *ConfigImageSize = *ConfigImageSize - FileHeaderSize;\r
+\r
+ return Result;\r
+}\r
+\r
+/**\r
+ Extract the authenticated image from an FMP capsule image.\r
+\r
+ Caution: This function may receive untrusted input.\r
+\r
+ @param[in] Image The FMP capsule image, including EFI_FIRMWARE_IMAGE_AUTHENTICATION.\r
+ @param[in] ImageSize The size of FMP capsule image in bytes.\r
+ @param[out] LastAttemptStatus The last attempt status, which will be recorded in ESRT and FMP EFI_FIRMWARE_IMAGE_DESCRIPTOR.\r
+ @param[out] AuthenticatedImage The authenticated capsule image, excluding EFI_FIRMWARE_IMAGE_AUTHENTICATION.\r
+ @param[out] AuthenticatedImageSize The size of the authenticated capsule image in bytes.\r
+\r
+ @retval TRUE The authenticated image is extracted.\r
+ @retval FALSE The authenticated image is not extracted.\r
+**/\r
+BOOLEAN\r
+EFIAPI\r
+ExtractAuthenticatedImage (\r
+ IN VOID *Image,\r
+ IN UINTN ImageSize,\r
+ OUT UINT32 *LastAttemptStatus,\r
+ OUT VOID **AuthenticatedImage,\r
+ OUT UINTN *AuthenticatedImageSize\r
+ )\r
+{\r
+ EFI_FIRMWARE_IMAGE_AUTHENTICATION *ImageAuth;\r
+ EFI_STATUS Status;\r
+ GUID *CertType;\r
+ VOID *PublicKeyData;\r
+ UINTN PublicKeyDataLength;\r
+\r
+ DEBUG((DEBUG_INFO, "ExtractAuthenticatedImage - Image: 0x%08x - 0x%08x\n", (UINTN)Image, (UINTN)ImageSize));\r
+\r
+ *LastAttemptStatus = LAST_ATTEMPT_STATUS_ERROR_INVALID_FORMAT;\r
+ if ((Image == NULL) || (ImageSize == 0)) {\r
+ return FALSE;\r
+ }\r
+\r
+ ImageAuth = (EFI_FIRMWARE_IMAGE_AUTHENTICATION *)Image;\r
+ if (ImageSize < sizeof(EFI_FIRMWARE_IMAGE_AUTHENTICATION)) {\r
+ DEBUG((DEBUG_ERROR, "ExtractAuthenticatedImage - ImageSize too small\n"));\r
+ return FALSE;\r
+ }\r
+ if (ImageAuth->AuthInfo.Hdr.dwLength <= OFFSET_OF(WIN_CERTIFICATE_UEFI_GUID, CertData)) {\r
+ DEBUG((DEBUG_ERROR, "ExtractAuthenticatedImage - dwLength too small\n"));\r
+ return FALSE;\r
+ }\r
+ if (ImageAuth->AuthInfo.Hdr.dwLength > MAX_UINTN - sizeof(UINT64)) {\r
+ DEBUG((DEBUG_ERROR, "ExtractAuthenticatedImage - dwLength too big\n"));\r
+ return FALSE;\r
+ }\r
+ if (ImageSize <= sizeof(ImageAuth->MonotonicCount) + ImageAuth->AuthInfo.Hdr.dwLength) {\r
+ DEBUG((DEBUG_ERROR, "ExtractAuthenticatedImage - ImageSize too small\n"));\r
+ return FALSE;\r
+ }\r
+ if (ImageAuth->AuthInfo.Hdr.wRevision != 0x0200) {\r
+ DEBUG((DEBUG_ERROR, "ExtractAuthenticatedImage - wRevision: 0x%02x, expect - 0x%02x\n", (UINTN)ImageAuth->AuthInfo.Hdr.wRevision, (UINTN)0x0200));\r
+ return FALSE;\r
+ }\r
+ if (ImageAuth->AuthInfo.Hdr.wCertificateType != WIN_CERT_TYPE_EFI_GUID) {\r
+ DEBUG((DEBUG_ERROR, "ExtractAuthenticatedImage - wCertificateType: 0x%02x, expect - 0x%02x\n", (UINTN)ImageAuth->AuthInfo.Hdr.wCertificateType, (UINTN)WIN_CERT_TYPE_EFI_GUID));\r
+ return FALSE;\r
+ }\r
+\r
+ CertType = &ImageAuth->AuthInfo.CertType;\r
+ DEBUG((DEBUG_INFO, "ExtractAuthenticatedImage - CertType: %g\n", CertType));\r
+\r
+ if (CompareGuid(&gEfiCertPkcs7Guid, CertType)) {\r
+ PublicKeyData = PcdGetPtr(PcdPkcs7CertBuffer);\r
+ PublicKeyDataLength = PcdGetSize(PcdPkcs7CertBuffer);\r
+ } else if (CompareGuid(&gEfiCertTypeRsa2048Sha256Guid, CertType)) {\r
+ PublicKeyData = PcdGetPtr(PcdRsa2048Sha256PublicKeyBuffer);\r
+ PublicKeyDataLength = PcdGetSize(PcdRsa2048Sha256PublicKeyBuffer);\r
+ } else {\r
+ return FALSE;\r
+ }\r
+\r
+ Status = AuthenticateFmpImage(\r
+ ImageAuth,\r
+ ImageSize,\r
+ PublicKeyData,\r
+ PublicKeyDataLength\r
+ );\r
+ switch (Status) {\r
+ case RETURN_SUCCESS:\r
+ *LastAttemptStatus = LAST_ATTEMPT_STATUS_SUCCESS;\r
+ break;\r
+ case RETURN_SECURITY_VIOLATION:\r
+ *LastAttemptStatus = LAST_ATTEMPT_STATUS_ERROR_AUTH_ERROR;\r
+ break;\r
+ case RETURN_INVALID_PARAMETER:\r
+ *LastAttemptStatus = LAST_ATTEMPT_STATUS_ERROR_INVALID_FORMAT;\r
+ break;\r
+ case RETURN_UNSUPPORTED:\r
+ *LastAttemptStatus = LAST_ATTEMPT_STATUS_ERROR_INVALID_FORMAT;\r
+ break;\r
+ case RETURN_OUT_OF_RESOURCES:\r
+ *LastAttemptStatus = LAST_ATTEMPT_STATUS_ERROR_INSUFFICIENT_RESOURCES;\r
+ break;\r
+ default:\r
+ *LastAttemptStatus = LAST_ATTEMPT_STATUS_ERROR_UNSUCCESSFUL;\r
+ break;\r
+ }\r
+ if (EFI_ERROR(Status)) {\r
+ return FALSE;\r
+ }\r
+\r
+ if (AuthenticatedImage != NULL) {\r
+ *AuthenticatedImage = (UINT8 *)ImageAuth + ImageAuth->AuthInfo.Hdr.dwLength + sizeof(ImageAuth->MonotonicCount);\r
+ }\r
+ if (AuthenticatedImageSize != NULL) {\r
+ *AuthenticatedImageSize = ImageSize - ImageAuth->AuthInfo.Hdr.dwLength - sizeof(ImageAuth->MonotonicCount);\r
+ }\r
+ return TRUE;\r
+}\r
+\r
+/**\r
+ Extract ImageFmpInfo from system firmware.\r
+\r
+ @param[in] SystemFirmwareImage The System Firmware image.\r
+ @param[in] SystemFirmwareImageSize The size of the System Firmware image in bytes.\r
+ @param[out] ImageFmpInfo The ImageFmpInfo.\r
+ @param[out] ImageFmpInfoSize The size of the ImageFmpInfo in bytes.\r
+\r
+ @retval TRUE The ImageFmpInfo is extracted.\r
+ @retval FALSE The ImageFmpInfo is not extracted.\r
+**/\r
+BOOLEAN\r
+EFIAPI\r
+ExtractSystemFirmwareImageFmpInfo (\r
+ IN VOID *SystemFirmwareImage,\r
+ IN UINTN SystemFirmwareImageSize,\r
+ OUT EDKII_SYSTEM_FIRMWARE_IMAGE_DESCRIPTOR **ImageFmpInfo,\r
+ OUT UINTN *ImageFmpInfoSize\r
+ )\r
+{\r
+ BOOLEAN Result;\r
+ UINT32 SectionHeaderSize;\r
+ UINT32 FileHeaderSize;\r
+\r
+ *ImageFmpInfo = NULL;\r
+ *ImageFmpInfoSize = 0;\r
+\r
+ Result = GetFfsByName(SystemFirmwareImage, SystemFirmwareImageSize, &gEdkiiSystemFirmwareImageDescriptorFileGuid, EFI_FV_FILETYPE_ALL, (VOID **)ImageFmpInfo, ImageFmpInfoSize);\r
+ if (!Result) {\r
+ return FALSE;\r
+ }\r
+ if (IS_FFS_FILE2 (*ImageFmpInfo)) {\r
+ FileHeaderSize = sizeof(EFI_FFS_FILE_HEADER2);\r
+ } else {\r
+ FileHeaderSize = sizeof(EFI_FFS_FILE_HEADER);\r
+ }\r
+ *ImageFmpInfo = (VOID *)((UINT8 *)*ImageFmpInfo + FileHeaderSize);\r
+ *ImageFmpInfoSize = *ImageFmpInfoSize - FileHeaderSize;\r
+\r
+ Result = GetSectionByType(*ImageFmpInfo, (UINT32)*ImageFmpInfoSize, EFI_SECTION_RAW, 0, (VOID **)ImageFmpInfo, ImageFmpInfoSize);\r
+ if (!Result) {\r
+ return FALSE;\r
+ }\r
+ if (IS_SECTION2(*ImageFmpInfo)) {\r
+ SectionHeaderSize = sizeof(EFI_RAW_SECTION2);\r
+ } else {\r
+ SectionHeaderSize = sizeof(EFI_RAW_SECTION);\r
+ }\r
+ *ImageFmpInfo = (VOID *)((UINT8 *)*ImageFmpInfo + SectionHeaderSize);\r
+ *ImageFmpInfoSize = *ImageFmpInfoSize - SectionHeaderSize;\r
+\r
+ return TRUE;\r
+}\r
+\r
+/**\r
+ Extract the System Firmware image from an authenticated image.\r
+\r
+ @param[in] AuthenticatedImage The authenticated capsule image.\r
+ @param[in] AuthenticatedImageSize The size of the authenticated capsule image in bytes.\r
+ @param[out] SystemFirmwareImage The System Firmware image.\r
+ @param[out] SystemFirmwareImageSize The size of the System Firmware image in bytes.\r
+\r
+ @retval TRUE The System Firmware image is extracted.\r
+ @retval FALSE The System Firmware image is not extracted.\r
+**/\r
+BOOLEAN\r
+EFIAPI\r
+ExtractSystemFirmwareImage (\r
+ IN VOID *AuthenticatedImage,\r
+ IN UINTN AuthenticatedImageSize,\r
+ OUT VOID **SystemFirmwareImage,\r
+ OUT UINTN *SystemFirmwareImageSize\r
+ )\r
+{\r
+ BOOLEAN Result;\r
+ UINT32 FileHeaderSize;\r
+\r
+ *SystemFirmwareImage = NULL;\r
+ *SystemFirmwareImageSize = 0;\r
+\r
+ Result = GetFfsByName(AuthenticatedImage, AuthenticatedImageSize, &mEdkiiSystemFirmwareFileGuid, EFI_FV_FILETYPE_RAW, SystemFirmwareImage, SystemFirmwareImageSize);\r
+ if (!Result) {\r
+ // no nested FV, just return all data.\r
+ *SystemFirmwareImage = AuthenticatedImage;\r
+ *SystemFirmwareImageSize = AuthenticatedImageSize;\r
+\r
+ return TRUE;\r
+ }\r
+ if (IS_FFS_FILE2 (*SystemFirmwareImage)) {\r
+ FileHeaderSize = sizeof(EFI_FFS_FILE_HEADER2);\r
+ } else {\r
+ FileHeaderSize = sizeof(EFI_FFS_FILE_HEADER);\r
+ }\r
+ *SystemFirmwareImage = (UINT8 *)*SystemFirmwareImage + FileHeaderSize;\r
+ *SystemFirmwareImageSize = *SystemFirmwareImageSize - FileHeaderSize;\r
+\r
+ return Result;\r
+}\r
+\r
+/**\r
+ Authenticated system firmware FMP capsule image.\r
+\r
+ Caution: This function may receive untrusted input.\r
+\r
+ @param[in] Image The FMP capsule image, including EFI_FIRMWARE_IMAGE_AUTHENTICATION.\r
+ @param[in] ImageSize The size of FMP capsule image in bytes.\r
+ @param[in] ForceVersionMatch TRUE: The version of capsule must be as same as the version of current image.\r
+ FALSE: The version of capsule must be as same as greater than the lowest\r
+ supported version of current image.\r
+ @param[out] LastAttemptVersion The last attempt version, which will be recorded in ESRT and FMP EFI_FIRMWARE_IMAGE_DESCRIPTOR.\r
+ @param[out] LastAttemptStatus The last attempt status, which will be recorded in ESRT and FMP EFI_FIRMWARE_IMAGE_DESCRIPTOR.\r
+ @param[out] AuthenticatedImage The authenticated capsule image, excluding EFI_FIRMWARE_IMAGE_AUTHENTICATION.\r
+ @param[out] AuthenticatedImageSize The size of the authenticated capsule image in bytes.\r
+\r
+ @retval TRUE Authentication passes and the authenticated image is extracted.\r
+ @retval FALSE Authentication fails and the authenticated image is not extracted.\r
+**/\r
+EFI_STATUS\r
+EFIAPI\r
+CapsuleAuthenticateSystemFirmware (\r
+ IN VOID *Image,\r
+ IN UINTN ImageSize,\r
+ IN BOOLEAN ForceVersionMatch,\r
+ OUT UINT32 *LastAttemptVersion,\r
+ OUT UINT32 *LastAttemptStatus,\r
+ OUT VOID **AuthenticatedImage,\r
+ OUT UINTN *AuthenticatedImageSize\r
+ )\r
+{\r
+ BOOLEAN Result;\r
+ EDKII_SYSTEM_FIRMWARE_IMAGE_DESCRIPTOR *ImageFmpInfo;\r
+ UINTN ImageFmpInfoSize;\r
+ EDKII_SYSTEM_FIRMWARE_IMAGE_DESCRIPTOR *CurrentImageFmpInfo;\r
+ UINTN CurrentImageFmpInfoSize;\r
+ VOID *SystemFirmwareImage;\r
+ UINTN SystemFirmwareImageSize;\r
+\r
+ *LastAttemptVersion = 0;\r
+\r
+ //\r
+ // NOTE: This function need run in an isolated environment.\r
+ // Do not touch FMP protocol and its private structure.\r
+ //\r
+\r
+ Result = ExtractAuthenticatedImage((VOID *)Image, ImageSize, LastAttemptStatus, AuthenticatedImage, AuthenticatedImageSize);\r
+ if (!Result) {\r
+ DEBUG((DEBUG_INFO, "ExtractAuthenticatedImage - fail\n"));\r
+ return EFI_SECURITY_VIOLATION;\r
+ }\r
+\r
+ DEBUG((DEBUG_INFO, "AuthenticatedImage - 0x%x - 0x%x\n", *AuthenticatedImage, *AuthenticatedImageSize));\r
+\r
+ Result = ExtractSystemFirmwareImage(*AuthenticatedImage, *AuthenticatedImageSize, &SystemFirmwareImage, &SystemFirmwareImageSize);\r
+ if (!Result) {\r
+ *LastAttemptStatus = LAST_ATTEMPT_STATUS_ERROR_INVALID_FORMAT;\r
+ DEBUG((DEBUG_INFO, "ExtractSystemFirmwareImage - fail\n"));\r
+ return EFI_SECURITY_VIOLATION;\r
+ }\r
+ DEBUG((DEBUG_INFO, "SystemFirmwareImage - 0x%x - 0x%x\n", SystemFirmwareImage, SystemFirmwareImageSize));\r
+\r
+ Result = ExtractSystemFirmwareImageFmpInfo(SystemFirmwareImage, SystemFirmwareImageSize, &ImageFmpInfo, &ImageFmpInfoSize);\r
+ if (!Result) {\r
+ *LastAttemptStatus = LAST_ATTEMPT_STATUS_ERROR_INVALID_FORMAT;\r
+ DEBUG((DEBUG_INFO, "ExtractSystemFirmwareImageFmpInfo - fail\n"));\r
+ return EFI_SECURITY_VIOLATION;\r
+ }\r
+\r
+ *LastAttemptVersion = ImageFmpInfo->Version;\r
+ DEBUG((DEBUG_INFO, "ImageFmpInfo - 0x%x - 0x%x\n", ImageFmpInfo, ImageFmpInfoSize));\r
+ DEBUG((DEBUG_INFO, "NewImage Version - 0x%x\n", ImageFmpInfo->Version));\r
+ DEBUG((DEBUG_INFO, "NewImage LowestSupportedImageVersion - 0x%x\n", ImageFmpInfo->LowestSupportedImageVersion));\r
+\r
+ CurrentImageFmpInfo = mImageFmpInfo;\r
+ CurrentImageFmpInfoSize = mImageFmpInfoSize;\r
+\r
+ DEBUG((DEBUG_INFO, "ImageFmpInfo - 0x%x - 0x%x\n", CurrentImageFmpInfo, CurrentImageFmpInfoSize));\r
+ DEBUG((DEBUG_INFO, "Current Version - 0x%x\n", CurrentImageFmpInfo->Version));\r
+ DEBUG((DEBUG_INFO, "Current LowestSupportedImageVersion - 0x%x\n", CurrentImageFmpInfo->LowestSupportedImageVersion));\r
+\r
+ if (ForceVersionMatch) {\r
+ if (CurrentImageFmpInfo->Version != ImageFmpInfo->Version) {\r
+ *LastAttemptStatus = LAST_ATTEMPT_STATUS_ERROR_INCORRECT_VERSION;\r
+ DEBUG((DEBUG_INFO, "ForceVersionMatch check - fail\n"));\r
+ return EFI_SECURITY_VIOLATION;\r
+ }\r
+ } else {\r
+ if (CurrentImageFmpInfo->Version < ImageFmpInfo->LowestSupportedImageVersion) {\r
+ *LastAttemptStatus = LAST_ATTEMPT_STATUS_ERROR_INCORRECT_VERSION;\r
+ DEBUG((DEBUG_INFO, "LowestSupportedImageVersion check - fail\n"));\r
+ return EFI_SECURITY_VIOLATION;\r
+ }\r
+ }\r
+\r
+ *LastAttemptStatus = LAST_ATTEMPT_STATUS_SUCCESS;\r
+ return EFI_SUCCESS;\r
+}\r
+\r
+/**\r
+ The constructor function.\r
+\r
+ @retval EFI_SUCCESS The constructor successfully .\r
+**/\r
+EFI_STATUS\r
+EFIAPI\r
+EdkiiSystemCapsuleLibConstructor (\r
+ VOID\r
+ )\r
+{\r
+ mImageFmpInfoSize = PcdGetSize(PcdEdkiiSystemFirmwareImageDescriptor);\r
+ mImageFmpInfo = AllocateCopyPool (mImageFmpInfoSize, PcdGetPtr(PcdEdkiiSystemFirmwareImageDescriptor));\r
+ ASSERT(mImageFmpInfo != NULL);\r
+ CopyGuid(&mEdkiiSystemFirmwareFileGuid, PcdGetPtr(PcdEdkiiSystemFirmwareFileGuid));\r
+ return EFI_SUCCESS;\r
+}\r