FmpDevicePkg: Add Capsule Update Policy Protocol

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1525

* Add Capsule Update Policy Protocol to FmpDevicePkg
* Add CapsuleUpdatePolicyLib instance that uses the services
  of the Capsule Update Policy Protocol
* Add module that produces the Capsule Update Policy
  Protocol using the services of the CapsuleUpdatePolicyLib
  class.
* Update FmpDevicePkg DSC to build the new library instance
  and the new module and update builds of FmpDxe modules
  to demonstrate the use of the different CapsuleUpdatePolicyLib
  instances.

Cc: Sean Brogan <sean.brogan@microsoft.com>
Cc: Bret Barkelew <Bret.Barkelew@microsoft.com>
Cc: Liming Gao <liming.gao@intel.com>
Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com>
Signed-off-by: Wang Fan <fan.wang@intel.com>
Reviewed-by: Eric Jin <eric.jin@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>

diff --git a/FmpDevicePkg/CapsuleUpdatePolicyDxe/CapsuleUpdatePolicyDxe.c b/FmpDevicePkg/CapsuleUpdatePolicyDxe/CapsuleUpdatePolicyDxe.c
new file mode 100644 (file)
index 0000000..d2571fd
--- /dev/null
+++ b/FmpDevicePkg/CapsuleUpdatePolicyDxe/CapsuleUpdatePolicyDxe.c
@@ -0,0 +1,173 @@
+/** @file\r
+  Provides platform policy services used during a capsule update that uses the\r
+  services of the EDKII_CAPSULE_UPDATE_POLICY_PROTOCOL.\r
+\r
+  Copyright (c) 2019, Intel Corporation. All rights reserved.<BR>\r
+\r
+  SPDX-License-Identifier: BSD-2-Clause-Patent\r
+\r
+**/\r
+\r
+#include "CapsuleUpdatePolicyDxe.h"\r
+\r
+///\r
+/// Handle for the Capsule Update Policy Protocol\r
+///\r
+EFI_HANDLE  mHandle = NULL;\r
+\r
+///\r
+/// Capsule Update Policy Protocol instance\r
+///\r
+EDKII_CAPSULE_UPDATE_POLICY_PROTOCOL  mCapsuleUpdatePolicy = {\r
+  CapsuleUpdatePolicyCheckSystemPower,\r
+  CapsuleUpdatePolicyCheckSystemThermal,\r
+  CapsuleUpdatePolicyCheckSystemEnvironment,\r
+  CapsuleUpdatePolicyIsLowestSupportedVersionCheckRequired,\r
+  CapsuleUpdatePolicyIsLockFmpDeviceAtLockEventGuidRequired\r
+};\r
+\r
+/**\r
+  Determine if the system power state supports a capsule update.\r
+\r
+  @param[in]  This  A pointer to the EDKII_CAPSULE_UPDATE_POLICY_PROTOCOL instance.\r
+  @param[out] Good  Returns TRUE if system power state supports a capsule\r
+                    update.  Returns FALSE if system power state does not\r
+                    support a capsule update.  Return value is only valid if\r
+                    return status is EFI_SUCCESS.\r
+\r
+  @retval EFI_SUCCESS            Good parameter has been updated with result.\r
+  @retval EFI_INVALID_PARAMETER  Good is NULL.\r
+  @retval EFI_DEVICE_ERROR       System power state can not be determined.\r
+\r
+**/\r
+EFI_STATUS\r
+EFIAPI\r
+CapsuleUpdatePolicyCheckSystemPower (\r
+  IN  EDKII_CAPSULE_UPDATE_POLICY_PROTOCOL  *This,\r
+  OUT BOOLEAN                               *Good\r
+  )\r
+{\r
+  return CheckSystemPower (Good);\r
+}\r
+\r
+\r
+/**\r
+  Determines if the system thermal state supports a capsule update.\r
+\r
+  @param[in]  This  A pointer to the EDKII_CAPSULE_UPDATE_POLICY_PROTOCOL instance.\r
+  @param[out] Good  Returns TRUE if system thermal state supports a capsule\r
+                    update.  Returns FALSE if system thermal state does not\r
+                    support a capsule update.  Return value is only valid if\r
+                    return status is EFI_SUCCESS.\r
+\r
+  @retval EFI_SUCCESS            Good parameter has been updated with result.\r
+  @retval EFI_INVALID_PARAMETER  Good is NULL.\r
+  @retval EFI_DEVICE_ERROR       System thermal state can not be determined.\r
+\r
+**/\r
+EFI_STATUS\r
+EFIAPI\r
+CapsuleUpdatePolicyCheckSystemThermal (\r
+  IN  EDKII_CAPSULE_UPDATE_POLICY_PROTOCOL  *This,\r
+  OUT BOOLEAN                               *Good\r
+  )\r
+{\r
+  return CheckSystemThermal (Good);\r
+}\r
+\r
+/**\r
+  Determines if the system environment state supports a capsule update.\r
+\r
+  @param[in]  This  A pointer to the EDKII_CAPSULE_UPDATE_POLICY_PROTOCOL instance.\r
+  @param[out] Good  Returns TRUE if system environment state supports a capsule\r
+                    update.  Returns FALSE if system environment state does not\r
+                    support a capsule update.  Return value is only valid if\r
+                    return status is EFI_SUCCESS.\r
+\r
+  @retval EFI_SUCCESS            Good parameter has been updated with result.\r
+  @retval EFI_INVALID_PARAMETER  Good is NULL.\r
+  @retval EFI_DEVICE_ERROR       System environment state can not be determined.\r
+\r
+**/\r
+EFI_STATUS\r
+EFIAPI\r
+CapsuleUpdatePolicyCheckSystemEnvironment (\r
+  IN  EDKII_CAPSULE_UPDATE_POLICY_PROTOCOL  *This,\r
+  OUT BOOLEAN                               *Good\r
+  )\r
+{\r
+  return CheckSystemEnvironment (Good);\r
+}\r
+\r
+/**\r
+  Determines if the Lowest Supported Version checks should be performed.  The\r
+  expected result from this function is TRUE.  A platform can choose to return\r
+  FALSE (e.g. during manufacturing or servicing) to allow a capsule update to a\r
+  version below the current Lowest Supported Version.\r
+\r
+  @param[in]  This  A pointer to the EDKII_CAPSULE_UPDATE_POLICY_PROTOCOL instance.\r
+\r
+  @retval TRUE   The lowest supported version check is required.\r
+  @retval FALSE  Do not perform lowest support version check.\r
+\r
+**/\r
+BOOLEAN\r
+EFIAPI\r
+CapsuleUpdatePolicyIsLowestSupportedVersionCheckRequired (\r
+  IN  EDKII_CAPSULE_UPDATE_POLICY_PROTOCOL  *This\r
+  )\r
+{\r
+  return IsLowestSupportedVersionCheckRequired ();\r
+}\r
+\r
+/**\r
+  Determines if the FMP device should be locked when the event specified by\r
+  PcdFmpDeviceLockEventGuid is signaled. The expected result from this function\r
+  is TRUE so the FMP device is always locked.  A platform can choose to return\r
+  FALSE (e.g. during manufacturing) to allow FMP devices to remain unlocked.\r
+\r
+  @param[in]  This  A pointer to the EDKII_CAPSULE_UPDATE_POLICY_PROTOCOL instance.\r
+\r
+  @retval TRUE   The FMP device lock action is required at lock event guid.\r
+  @retval FALSE  Do not perform FMP device lock at lock event guid.\r
+\r
+**/\r
+BOOLEAN\r
+EFIAPI\r
+CapsuleUpdatePolicyIsLockFmpDeviceAtLockEventGuidRequired (\r
+  IN  EDKII_CAPSULE_UPDATE_POLICY_PROTOCOL  *This\r
+  )\r
+{\r
+  return IsLockFmpDeviceAtLockEventGuidRequired ();\r
+}\r
+\r
+/**\r
+  The user Entry Point for module CapsuleUpdatePolicyDxe. The user code starts\r
+  with this function.\r
+\r
+  @param[in] ImageHandle    The firmware allocated handle for the EFI image.\r
+  @param[in] SystemTable    A pointer to the EFI System Table.\r
+\r
+  @retval EFI_SUCCESS       The entry point is executed successfully.\r
+  @retval other             Some error occurs when executing this entry point.\r
+\r
+**/\r
+EFI_STATUS\r
+EFIAPI\r
+CapsuleUpdatePolicyInitialize (\r
+  IN EFI_HANDLE        ImageHandle,\r
+  IN EFI_SYSTEM_TABLE  *SystemTable\r
+  )\r
+{\r
+  EFI_STATUS Status;\r
+\r
+  ASSERT_PROTOCOL_ALREADY_INSTALLED (NULL, &gEdkiiCapuleUpdatePolicyProtocolGuid);\r
+  Status = gBS->InstallMultipleProtocolInterfaces (\r
+                  &mHandle,\r
+                  &gEdkiiCapuleUpdatePolicyProtocolGuid, &mCapsuleUpdatePolicy,\r
+                  NULL\r
+                  );\r
+  ASSERT_EFI_ERROR (Status);\r
+\r
+  return Status;\r
+}\r

diff --git a/FmpDevicePkg/CapsuleUpdatePolicyDxe/CapsuleUpdatePolicyDxe.h b/FmpDevicePkg/CapsuleUpdatePolicyDxe/CapsuleUpdatePolicyDxe.h
new file mode 100644 (file)
index 0000000..1be15a4
--- /dev/null
+++ b/FmpDevicePkg/CapsuleUpdatePolicyDxe/CapsuleUpdatePolicyDxe.h
@@ -0,0 +1,140 @@
+/** @file\r
+  Provides platform policy services used during a capsule update that uses the\r
+  services of the EDKII_CAPSULE_UPDATE_POLICY_PROTOCOL.\r
+\r
+  Copyright (c) 2019, Intel Corporation. All rights reserved.<BR>\r
+\r
+  SPDX-License-Identifier: BSD-2-Clause-Patent\r
+\r
+**/\r
+\r
+#ifndef __CAPSULE_UPDATE_POLICY_DXE_H__\r
+#define __CAPSULE_UPDATE_POLICY_DXE_H__\r
+\r
+#include <PiDxe.h>\r
+\r
+#include <Protocol/CapsuleUpdatePolicy.h>\r
+\r
+#include <Library/BaseLib.h>\r
+#include <Library/DebugLib.h>\r
+#include <Library/UefiBootServicesTableLib.h>\r
+#include <Library/CapsuleUpdatePolicyLib.h>\r
+\r
+/**\r
+  Determine if the system power state supports a capsule update.\r
+\r
+  @param[in]  This  A pointer to the EDKII_CAPSULE_UPDATE_POLICY_PROTOCOL instance.\r
+  @param[out] Good  Returns TRUE if system power state supports a capsule\r
+                    update.  Returns FALSE if system power state does not\r
+                    support a capsule update.  Return value is only valid if\r
+                    return status is EFI_SUCCESS.\r
+\r
+  @retval EFI_SUCCESS            Good parameter has been updated with result.\r
+  @retval EFI_INVALID_PARAMETER  Good is NULL.\r
+  @retval EFI_DEVICE_ERROR       System power state can not be determined.\r
+\r
+**/\r
+EFI_STATUS\r
+EFIAPI\r
+CapsuleUpdatePolicyCheckSystemPower (\r
+  IN  EDKII_CAPSULE_UPDATE_POLICY_PROTOCOL  *This,\r
+  OUT BOOLEAN                               *Good\r
+  );\r
+\r
+/**\r
+  Determines if the system thermal state supports a capsule update.\r
+\r
+  @param[in]  This  A pointer to the EDKII_CAPSULE_UPDATE_POLICY_PROTOCOL instance.\r
+  @param[out] Good  Returns TRUE if system thermal state supports a capsule\r
+                    update.  Returns FALSE if system thermal state does not\r
+                    support a capsule update.  Return value is only valid if\r
+                    return status is EFI_SUCCESS.\r
+\r
+  @retval EFI_SUCCESS            Good parameter has been updated with result.\r
+  @retval EFI_INVALID_PARAMETER  Good is NULL.\r
+  @retval EFI_DEVICE_ERROR       System thermal state can not be determined.\r
+\r
+**/\r
+EFI_STATUS\r
+EFIAPI\r
+CapsuleUpdatePolicyCheckSystemThermal (\r
+  IN  EDKII_CAPSULE_UPDATE_POLICY_PROTOCOL  *This,\r
+  OUT BOOLEAN                               *Good\r
+  );\r
+\r
+/**\r
+  Determines if the system environment state supports a capsule update.\r
+\r
+  @param[in]  This  A pointer to the EDKII_CAPSULE_UPDATE_POLICY_PROTOCOL instance.\r
+  @param[out] Good  Returns TRUE if system environment state supports a capsule\r
+                    update.  Returns FALSE if system environment state does not\r
+                    support a capsule update.  Return value is only valid if\r
+                    return status is EFI_SUCCESS.\r
+\r
+  @retval EFI_SUCCESS            Good parameter has been updated with result.\r
+  @retval EFI_INVALID_PARAMETER  Good is NULL.\r
+  @retval EFI_DEVICE_ERROR       System environment state can not be determined.\r
+\r
+**/\r
+EFI_STATUS\r
+EFIAPI\r
+CapsuleUpdatePolicyCheckSystemEnvironment (\r
+  IN  EDKII_CAPSULE_UPDATE_POLICY_PROTOCOL  *This,\r
+  OUT BOOLEAN                               *Good\r
+  );\r
+\r
+/**\r
+  Determines if the Lowest Supported Version checks should be performed.  The\r
+  expected result from this function is TRUE.  A platform can choose to return\r
+  FALSE (e.g. during manufacturing or servicing) to allow a capsule update to a\r
+  version below the current Lowest Supported Version.\r
+\r
+  @param[in]  This  A pointer to the EDKII_CAPSULE_UPDATE_POLICY_PROTOCOL instance.\r
+\r
+  @retval TRUE   The lowest supported version check is required.\r
+  @retval FALSE  Do not perform lowest support version check.\r
+\r
+**/\r
+BOOLEAN\r
+EFIAPI\r
+CapsuleUpdatePolicyIsLowestSupportedVersionCheckRequired (\r
+  IN  EDKII_CAPSULE_UPDATE_POLICY_PROTOCOL  *This\r
+  );\r
+\r
+/**\r
+  Determines if the FMP device should be locked when the event specified by\r
+  PcdFmpDeviceLockEventGuid is signaled. The expected result from this function\r
+  is TRUE so the FMP device is always locked.  A platform can choose to return\r
+  FALSE (e.g. during manufacturing) to allow FMP devices to remain unlocked.\r
+\r
+  @param[in]  This  A pointer to the EDKII_CAPSULE_UPDATE_POLICY_PROTOCOL instance.\r
+\r
+  @retval TRUE   The FMP device lock action is required at lock event guid.\r
+  @retval FALSE  Do not perform FMP device lock at lock event guid.\r
+\r
+**/\r
+BOOLEAN\r
+EFIAPI\r
+CapsuleUpdatePolicyIsLockFmpDeviceAtLockEventGuidRequired (\r
+  IN  EDKII_CAPSULE_UPDATE_POLICY_PROTOCOL  *This\r
+  );\r
+\r
+/**\r
+  The user Entry Point for module CapsuleUpdatePolicyDxe. The user code starts\r
+  with this function.\r
+\r
+  @param[in] ImageHandle    The firmware allocated handle for the EFI image.\r
+  @param[in] SystemTable    A pointer to the EFI System Table.\r
+\r
+  @retval EFI_SUCCESS       The entry point is executed successfully.\r
+  @retval other             Some error occurs when executing this entry point.\r
+\r
+**/\r
+EFI_STATUS\r
+EFIAPI\r
+CapsuleUpdatePolicyInitialize (\r
+  IN EFI_HANDLE        ImageHandle,\r
+  IN EFI_SYSTEM_TABLE  *SystemTable\r
+  );\r
+\r
+#endif\r

diff --git a/FmpDevicePkg/CapsuleUpdatePolicyDxe/CapsuleUpdatePolicyDxe.inf b/FmpDevicePkg/CapsuleUpdatePolicyDxe/CapsuleUpdatePolicyDxe.inf
new file mode 100644 (file)
index 0000000..d168780
--- /dev/null
+++ b/FmpDevicePkg/CapsuleUpdatePolicyDxe/CapsuleUpdatePolicyDxe.inf
@@ -0,0 +1,48 @@
+## @file\r
+#  Produce the Capsule Update Policy Protocol using the services of the Capsule\r
+#  Update Policy Library.\r
+#\r
+#  Copyright (c) 2019, Intel Corporation. All rights reserved.<BR>\r
+#\r
+#  SPDX-License-Identifier: BSD-2-Clause-Patent\r
+#\r
+##\r
+\r
+[Defines]\r
+  INF_VERSION     = 0x00010005\r
+  BASE_NAME       = CapsuleUpdatePolicyDxe\r
+  MODULE_UNI_FILE = CapsuleUpdatePolicyDxe.uni\r
+  FILE_GUID       = 86F67A12-2E32-44FC-8D6C-7901E2B5649A\r
+  MODULE_TYPE     = DXE_DRIVER\r
+  VERSION_STRING  = 1.0\r
+  ENTRY_POINT     = CapsuleUpdatePolicyInitialize\r
+\r
+#\r
+# The following information is for reference only and not required by the build tools.\r
+#\r
+#  VALID_ARCHITECTURES           = IA32 X64 EBC\r
+#\r
+\r
+[Sources]\r
+  CapsuleUpdatePolicyDxe.c\r
+  CapsuleUpdatePolicyDxe.h\r
+\r
+[Packages]\r
+  MdePkg/MdePkg.dec\r
+  FmpDevicePkg/FmpDevicePkg.dec\r
+\r
+[LibraryClasses]\r
+  UefiDriverEntryPoint\r
+  BaseLib\r
+  DebugLib\r
+  UefiBootServicesTableLib\r
+  CapsuleUpdatePolicyLib\r
+\r
+[Protocols]\r
+  gEdkiiCapuleUpdatePolicyProtocolGuid  ## PRODUCES\r
+\r
+[Depex]\r
+  TRUE\r
+\r
+[UserExtensions.TianoCore."ExtraFiles"]\r
+  CapsuleUpdatePolicyDxeExtra.uni\r

diff --git a/FmpDevicePkg/CapsuleUpdatePolicyDxe/CapsuleUpdatePolicyDxe.uni b/FmpDevicePkg/CapsuleUpdatePolicyDxe/CapsuleUpdatePolicyDxe.uni
new file mode 100644 (file)
index 0000000..12f50c0
--- /dev/null
+++ b/FmpDevicePkg/CapsuleUpdatePolicyDxe/CapsuleUpdatePolicyDxe.uni
@@ -0,0 +1,14 @@
+// /** @file\r
+// Produce the Capsule Update Policy Protocol using the services of the Capsule\r
+// Update Policy Library.\r
+//\r
+// Copyright (c) 2019, Intel Corporation. All rights reserved.<BR>\r
+//\r
+// SPDX-License-Identifier: BSD-2-Clause-Patent\r
+//\r
+// **/\r
+\r
+#string STR_MODULE_ABSTRACT             #language en-US "Produce the Capsule Update Policy Protocol using the services of the Capsule Update Policy Library"\r
+\r
+#string STR_MODULE_DESCRIPTION          #language en-US "Produce the Capsule Update Policy Protocol using the services of the Capsule Update Policy Library."\r
+\r

diff --git a/FmpDevicePkg/CapsuleUpdatePolicyDxe/CapsuleUpdatePolicyDxeExtra.uni b/FmpDevicePkg/CapsuleUpdatePolicyDxe/CapsuleUpdatePolicyDxeExtra.uni
new file mode 100644 (file)
index 0000000..46d8f34
--- /dev/null
+++ b/FmpDevicePkg/CapsuleUpdatePolicyDxe/CapsuleUpdatePolicyDxeExtra.uni
@@ -0,0 +1,14 @@
+// /** @file\r
+// CapsuleUpdatePolicyDxe Localized Strings and Content\r
+//\r
+// Copyright (c) 2019, Intel Corporation. All rights reserved.<BR>\r
+//\r
+// SPDX-License-Identifier: BSD-2-Clause-Patent\r
+//\r
+// **/\r
+\r
+#string STR_PROPERTIES_MODULE_NAME\r
+#language en-US\r
+"Capsule Update Policy DXE Driver"\r
+\r
+\r

diff --git a/FmpDevicePkg/FmpDevicePkg.dec b/FmpDevicePkg/FmpDevicePkg.dec
index fb183cddff760d9b5b312dc1e64f8ad46bed0dd6..c68dbb71533ebe86f11eb8c90ad1608cedc84241 100644 (file)
--- a/FmpDevicePkg/FmpDevicePkg.dec
+++ b/FmpDevicePkg/FmpDevicePkg.dec
@@ -7,7 +7,7 @@
 # customized using libraries and PCDs.\r
 #\r
 # Copyright (c) 2016, Microsoft Corporation. All rights reserved.<BR>\r
-# Copyright (c) 2018, Intel Corporation. All rights reserved.<BR>\r
+# Copyright (c) 2018 - 2019, Intel Corporation. All rights reserved.<BR>\r
 #\r
 # SPDX-License-Identifier: BSD-2-Clause-Patent\r
 #\r
@@ -23,15 +23,10 @@
 [Includes]\r
   Include\r
 \r
-[LibraryClasses]\r
-  ##  @libraryclass  Provides services to retrieve values from a capsule's FMP\r
-  #                  Payload Header.  The structure is not included in the\r
-  #                  library class.  Instead, services are provided to retrieve\r
-  #                  information from the FMP Payload Header.  If information is\r
-  #                  added to the FMP Payload Header, then new services may be\r
-  #                  added to this library class to retrieve the new information.\r
-  FmpPayloadHeaderLib|Include/Library/FmpPayloadHeaderLib.h\r
+[Includes.Common.Private]\r
+  PrivateInclude\r
 \r
+[LibraryClasses]\r
   ##  @libraryclass  Provides platform policy services used during a capsule\r
   #                  update.\r
   CapsuleUpdatePolicyLib|Include/Library/CapsuleUpdatePolicyLib.h\r
@@ -40,10 +35,23 @@
   #                  updates of a firmware image stored in a firmware device.\r
   FmpDeviceLib|Include/Library/FmpDeviceLib.h\r
 \r
+[LibraryClasses.Common.Private]\r
+  ##  @libraryclass  Provides services to retrieve values from a capsule's FMP\r
+  #                  Payload Header.  The structure is not included in the\r
+  #                  library class.  Instead, services are provided to retrieve\r
+  #                  information from the FMP Payload Header.  If information is\r
+  #                  added to the FMP Payload Header, then new services may be\r
+  #                  added to this library class to retrieve the new information.\r
+  FmpPayloadHeaderLib|PrivateInclude/Library/FmpPayloadHeaderLib.h\r
+\r
 [Guids]\r
   ## Firmware Management Protocol Device Package Token Space GUID\r
   gFmpDevicePkgTokenSpaceGuid = { 0x40b2d964, 0xfe11, 0x40dc, { 0x82, 0x83, 0x2e, 0xfb, 0xda, 0x29, 0x53, 0x56 } }\r
 \r
+[Protocols.Common.Private]\r
+  ## Capsule Update Policy Protocol\r
+  gEdkiiCapuleUpdatePolicyProtocolGuid = { 0x487784c5, 0x6299, 0x4ba6, { 0xb0, 0x96, 0x5c, 0xc5, 0x27, 0x7c, 0xf7, 0x57 } }\r
+\r
 [PcdsFixedAtBuild]\r
   ## The SHA-256 hash of a PKCS7 test key that is used to detect if a test key\r
   #  is being used to authenticate capsules.  Test key detection is disabled by\r

diff --git a/FmpDevicePkg/FmpDevicePkg.dsc b/FmpDevicePkg/FmpDevicePkg.dsc
index c9513135cbd2e9f4c82aa56b70059a4c86e799f7..3356571fffc65e75c744b3c6bfd296df861fe1fc 100644 (file)
--- a/FmpDevicePkg/FmpDevicePkg.dsc
+++ b/FmpDevicePkg/FmpDevicePkg.dsc
@@ -7,7 +7,7 @@
 # customized using libraries and PCDs.\r
 #\r
 # Copyright (c) 2016, Microsoft Corporation. All rights reserved.<BR>\r
-# Copyright (c) 2018, Intel Corporation. All rights reserved.<BR>\r
+# Copyright (c) 2018 - 2019, Intel Corporation. All rights reserved.<BR>\r
 #\r
 # SPDX-License-Identifier: BSD-2-Clause-Patent\r
 #\r
@@ -71,6 +71,7 @@
   # Libraries\r
   #\r
   FmpDevicePkg/Library/CapsuleUpdatePolicyLibNull/CapsuleUpdatePolicyLibNull.inf\r
+  FmpDevicePkg/Library/CapsuleUpdatePolicyLibOnProtocol/CapsuleUpdatePolicyLibOnProtocol.inf\r
   FmpDevicePkg/Library/FmpPayloadHeaderLibV1/FmpPayloadHeaderLibV1.inf\r
   FmpDevicePkg/Library/FmpDeviceLibNull/FmpDeviceLibNull.inf\r
   FmpDevicePkg/FmpDxe/FmpDxeLib.inf\r
@@ -78,12 +79,23 @@
   #\r
   # Modules\r
   #\r
+  FmpDevicePkg/CapsuleUpdatePolicyDxe/CapsuleUpdatePolicyDxe.inf {\r
+    <LibraryClasses>\r
+      CapsuleUpdatePolicyLib|FmpDevicePkg/Library/CapsuleUpdatePolicyLibNull/CapsuleUpdatePolicyLibNull.inf\r
+  }\r
   FmpDevicePkg/FmpDxe/FmpDxe.inf {\r
     <Defines>\r
       #\r
       # FILE_GUID is used as ESRT GUID\r
       #\r
       FILE_GUID = $(SYSTEM_FMP_ESRT_GUID)\r
+    <LibraryClasses>\r
+      #\r
+      # Use CapsuleUpdatePolicyLib that calls the Capsule Update Policy Protocol.\r
+      # Depends on the CapsuleUpdatePolicyDxe module to produce the protocol.\r
+      # Required for FmpDxe modules that are intended to be platform independent.\r
+      #\r
+      CapsuleUpdatePolicyLib|FmpDevicePkg/Library/CapsuleUpdatePolicyLibOnProtocol/CapsuleUpdatePolicyLibOnProtocol.inf\r
   }\r
 \r
   FmpDevicePkg/FmpDxe/FmpDxe.inf {\r
@@ -92,6 +104,13 @@
       # FILE_GUID is used as ESRT GUID\r
       #\r
       FILE_GUID = $(DEVICE_FMP_ESRT_GUID)\r
+    <LibraryClasses>\r
+      #\r
+      # Directly use a platform specific CapsuleUpdatePolicyLib instance.\r
+      # Only works for FmpDxe modules that are build from sources and included\r
+      # in a system firmware image.\r
+      #\r
+      CapsuleUpdatePolicyLib|FmpDevicePkg/Library/CapsuleUpdatePolicyLibNull/CapsuleUpdatePolicyLibNull.inf\r
   }\r
 \r
 [BuildOptions]\r

diff --git a/FmpDevicePkg/Include/Library/FmpPayloadHeaderLib.h b/FmpDevicePkg/Include/Library/FmpPayloadHeaderLib.h
deleted file mode 100644 (file)
index 24afd5e..0000000
--- a/FmpDevicePkg/Include/Library/FmpPayloadHeaderLib.h
+++ /dev/null
@@ -1,83 +0,0 @@
-/** @file\r
-  Provides services to retrieve values from a capsule's FMP Payload Header.\r
-  The structure is not included in the library class.  Instead, services are\r
-  provided to retrieve information from the FMP Payload Header.  If information\r
-  is added to the FMP Payload Header, then new services may be added to this\r
-  library class to retrieve the new information.\r
-\r
-  Copyright (c) 2016, Microsoft Corporation. All rights reserved.<BR>\r
-  Copyright (c) 2018, Intel Corporation. All rights reserved.<BR>\r
-\r
-  SPDX-License-Identifier: BSD-2-Clause-Patent\r
-\r
-**/\r
-\r
-#ifndef _FMP_PAYLOAD_HEADER_LIB_H__\r
-#define _FMP_PAYLOAD_HEADER_LIB_H__\r
-\r
-/**\r
-  Returns the FMP Payload Header size in bytes.\r
-\r
-  @param[in]  Header          FMP Payload Header to evaluate\r
-  @param[in]  FmpPayloadSize  Size of FMP payload\r
-  @param[out] Size            The size, in bytes, of the FMP Payload Header.\r
-\r
-  @retval EFI_SUCCESS            The firmware version was returned.\r
-  @retval EFI_INVALID_PARAMETER  Header is NULL.\r
-  @retval EFI_INVALID_PARAMETER  Size is NULL.\r
-  @retval EFI_INVALID_PARAMETER  Header is not a valid FMP Payload Header.\r
-\r
-**/\r
-EFI_STATUS\r
-EFIAPI\r
-GetFmpPayloadHeaderSize (\r
-  IN  CONST VOID   *Header,\r
-  IN  CONST UINTN  FmpPayloadSize,\r
-  OUT UINT32       *Size\r
-  );\r
-\r
-/**\r
-  Returns the version described in the FMP Payload Header.\r
-\r
-  @param[in]  Header          FMP Payload Header to evaluate\r
-  @param[in]  FmpPayloadSize  Size of FMP payload\r
-  @param[out] Version         The firmware version described in the FMP Payload\r
-                              Header.\r
-\r
-  @retval EFI_SUCCESS            The firmware version was returned.\r
-  @retval EFI_INVALID_PARAMETER  Header is NULL.\r
-  @retval EFI_INVALID_PARAMETER  Version is NULL.\r
-  @retval EFI_INVALID_PARAMETER  Header is not a valid FMP Payload Header.\r
-\r
-**/\r
-EFI_STATUS\r
-EFIAPI\r
-GetFmpPayloadHeaderVersion (\r
-  IN  CONST VOID   *Header,\r
-  IN  CONST UINTN  FmpPayloadSize,\r
-  OUT UINT32       *Version\r
-  );\r
-\r
-/**\r
-  Returns the lowest supported version described in the FMP Payload Header.\r
-\r
-  @param[in]  Header                  FMP Payload Header to evaluate\r
-  @param[in]  FmpPayloadSize          Size of FMP payload\r
-  @param[out] LowestSupportedVersion  The lowest supported version described in\r
-                                      the FMP Payload Header.\r
-\r
-  @retval EFI_SUCCESS            The lowest support version was returned.\r
-  @retval EFI_INVALID_PARAMETER  Header is NULL.\r
-  @retval EFI_INVALID_PARAMETER  LowestSupportedVersion is NULL.\r
-  @retval EFI_INVALID_PARAMETER  Header is not a valid FMP Payload Header.\r
-\r
-**/\r
-EFI_STATUS\r
-EFIAPI\r
-GetFmpPayloadHeaderLowestSupportedVersion (\r
-  IN  CONST VOID    *Header,\r
-  IN  CONST UINTN   FmpPayloadSize,\r
-  OUT UINT32        *LowestSupportedVersion\r
-  );\r
-\r
-#endif\r

diff --git a/FmpDevicePkg/Library/CapsuleUpdatePolicyLibOnProtocol/CapsuleUpdatePolicyLibOnProtocol.c b/FmpDevicePkg/Library/CapsuleUpdatePolicyLibOnProtocol/CapsuleUpdatePolicyLibOnProtocol.c
new file mode 100644 (file)
index 0000000..2c7c37f
--- /dev/null
+++ b/FmpDevicePkg/Library/CapsuleUpdatePolicyLibOnProtocol/CapsuleUpdatePolicyLibOnProtocol.c
@@ -0,0 +1,171 @@
+/** @file\r
+  Provides platform policy services used during a capsule update that uses the\r
+  services of the EDKII_CAPSULE_UPDATE_POLICY_PROTOCOL. If the\r
+  EDKII_CAPSULE_UPDATE_POLICY_PROTOCOL is not available, then assume the\r
+  platform is in a state that supports a firmware update.\r
+\r
+  Copyright (c) 2016, Microsoft Corporation. All rights reserved.<BR>\r
+  Copyright (c) 2018-2019, Intel Corporation. All rights reserved.<BR>\r
+\r
+  SPDX-License-Identifier: BSD-2-Clause-Patent\r
+\r
+**/\r
+\r
+#include <PiDxe.h>\r
+#include <Library/CapsuleUpdatePolicyLib.h>\r
+#include <Library/DebugLib.h>\r
+#include <Library/UefiBootServicesTableLib.h>\r
+#include <Protocol/CapsuleUpdatePolicy.h>\r
+\r
+///\r
+/// Pointer to the EDK II Capsule Update Policy Protocol instances that is\r
+/// optionally installed by a platform.\r
+///\r
+EDKII_CAPSULE_UPDATE_POLICY_PROTOCOL  *mCapsuleUpdatePolicy = NULL;\r
+\r
+/**\r
+  Lookup the EDK II Capsule Update Policy Protocol.\r
+**/\r
+BOOLEAN\r
+LookupCapsuleUpdatePolicyProtocol (\r
+  VOID\r
+  )\r
+{\r
+  EFI_STATUS  Status;\r
+\r
+  if (mCapsuleUpdatePolicy != NULL) {\r
+    return TRUE;\r
+  }\r
+  Status = gBS->LocateProtocol (\r
+                  &gEdkiiCapuleUpdatePolicyProtocolGuid,\r
+                  NULL,\r
+                  (VOID **)&mCapsuleUpdatePolicy\r
+                  );\r
+  if (EFI_ERROR (Status)) {\r
+    mCapsuleUpdatePolicy = NULL;\r
+    return FALSE;\r
+  }\r
+  return TRUE;\r
+}\r
+\r
+/**\r
+  Determine if the system power state supports a capsule update.\r
+\r
+  @param[out] Good  Returns TRUE if system power state supports a capsule\r
+                    update.  Returns FALSE if system power state does not\r
+                    support a capsule update.  Return value is only valid if\r
+                    return status is EFI_SUCCESS.\r
+\r
+  @retval EFI_SUCCESS            Good parameter has been updated with result.\r
+  @retval EFI_INVALID_PARAMETER  Good is NULL.\r
+  @retval EFI_DEVICE_ERROR       System power state can not be determined.\r
+\r
+**/\r
+EFI_STATUS\r
+EFIAPI\r
+CheckSystemPower (\r
+  OUT BOOLEAN  *Good\r
+  )\r
+{\r
+  if (LookupCapsuleUpdatePolicyProtocol ()) {\r
+    return mCapsuleUpdatePolicy->CheckSystemPower (mCapsuleUpdatePolicy, Good);\r
+  }\r
+  *Good = TRUE;\r
+  return EFI_SUCCESS;\r
+}\r
+\r
+/**\r
+  Determines if the system thermal state supports a capsule update.\r
+\r
+  @param[out] Good  Returns TRUE if system thermal state supports a capsule\r
+                    update.  Returns FALSE if system thermal state does not\r
+                    support a capsule update.  Return value is only valid if\r
+                    return status is EFI_SUCCESS.\r
+\r
+  @retval EFI_SUCCESS            Good parameter has been updated with result.\r
+  @retval EFI_INVALID_PARAMETER  Good is NULL.\r
+  @retval EFI_DEVICE_ERROR       System thermal state can not be determined.\r
+\r
+**/\r
+EFI_STATUS\r
+EFIAPI\r
+CheckSystemThermal (\r
+  OUT BOOLEAN   *Good\r
+  )\r
+{\r
+  if (LookupCapsuleUpdatePolicyProtocol ()) {\r
+    return mCapsuleUpdatePolicy->CheckSystemThermal (mCapsuleUpdatePolicy, Good);\r
+  }\r
+  *Good = TRUE;\r
+  return EFI_SUCCESS;\r
+}\r
+\r
+/**\r
+  Determines if the system environment state supports a capsule update.\r
+\r
+  @param[out] Good  Returns TRUE if system environment state supports a capsule\r
+                    update.  Returns FALSE if system environment state does not\r
+                    support a capsule update.  Return value is only valid if\r
+                    return status is EFI_SUCCESS.\r
+\r
+  @retval EFI_SUCCESS            Good parameter has been updated with result.\r
+  @retval EFI_INVALID_PARAMETER  Good is NULL.\r
+  @retval EFI_DEVICE_ERROR       System environment state can not be determined.\r
+\r
+**/\r
+EFI_STATUS\r
+EFIAPI\r
+CheckSystemEnvironment (\r
+  OUT BOOLEAN   *Good\r
+  )\r
+{\r
+  if (LookupCapsuleUpdatePolicyProtocol ()) {\r
+    return mCapsuleUpdatePolicy->CheckSystemEnvironment (mCapsuleUpdatePolicy, Good);\r
+  }\r
+  *Good = TRUE;\r
+  return EFI_SUCCESS;\r
+}\r
+\r
+/**\r
+  Determines if the Lowest Supported Version checks should be performed.  The\r
+  expected result from this function is TRUE.  A platform can choose to return\r
+  FALSE (e.g. during manufacturing or servicing) to allow a capsule update to a\r
+  version below the current Lowest Supported Version.\r
+\r
+  @retval TRUE   The lowest supported version check is required.\r
+  @retval FALSE  Do not perform lowest support version check.\r
+\r
+**/\r
+BOOLEAN\r
+EFIAPI\r
+IsLowestSupportedVersionCheckRequired (\r
+  VOID\r
+  )\r
+{\r
+  if (LookupCapsuleUpdatePolicyProtocol ()) {\r
+    return mCapsuleUpdatePolicy->IsLowestSupportedVersionCheckRequired (mCapsuleUpdatePolicy);\r
+  }\r
+  return TRUE;\r
+}\r
+\r
+/**\r
+  Determines if the FMP device should be locked when the event specified by\r
+  PcdFmpDeviceLockEventGuid is signaled. The expected result from this function\r
+  is TRUE so the FMP device is always locked.  A platform can choose to return\r
+  FALSE (e.g. during manufacturing) to allow FMP devices to remain unlocked.\r
+\r
+  @retval TRUE   The FMP device lock action is required at lock event guid.\r
+  @retval FALSE  Do not perform FMP device lock at lock event guid.\r
+\r
+**/\r
+BOOLEAN\r
+EFIAPI\r
+IsLockFmpDeviceAtLockEventGuidRequired (\r
+  VOID\r
+  )\r
+{\r
+  if (LookupCapsuleUpdatePolicyProtocol ()) {\r
+    return mCapsuleUpdatePolicy->IsLockFmpDeviceAtLockEventGuidRequired (mCapsuleUpdatePolicy);\r
+  }\r
+  return TRUE;\r
+}\r

diff --git a/FmpDevicePkg/Library/CapsuleUpdatePolicyLibOnProtocol/CapsuleUpdatePolicyLibOnProtocol.inf b/FmpDevicePkg/Library/CapsuleUpdatePolicyLibOnProtocol/CapsuleUpdatePolicyLibOnProtocol.inf
new file mode 100644 (file)
index 0000000..042daaa
--- /dev/null
+++ b/FmpDevicePkg/Library/CapsuleUpdatePolicyLibOnProtocol/CapsuleUpdatePolicyLibOnProtocol.inf
@@ -0,0 +1,40 @@
+## @file\r
+#  Provides platform policy services used during a capsule update that uses the\r
+#  services of the EDKII_CAPSULE_UPDATE_POLICY_PROTOCOL.  If the\r
+#  EDKII_CAPSULE_UPDATE_POLICY_PROTOCOL is not available, then assume the\r
+#  platform is in a state that supports a firmware update.\r
+#\r
+#  Copyright (c) 2016, Microsoft Corporation. All rights reserved.<BR>\r
+#  Copyright (c) 2018-2019, Intel Corporation. All rights reserved.<BR>\r
+#\r
+#  SPDX-License-Identifier: BSD-2-Clause-Patent\r
+#\r
+##\r
+\r
+[Defines]\r
+  INF_VERSION     = 0x00010005\r
+  BASE_NAME       = CapsuleUpdatePolicyLibOnProtocol\r
+  MODULE_UNI_FILE = CapsuleUpdatePolicyLibOnProtocol.uni\r
+  FILE_GUID       = 0EA4C03F-D91B-4929-AAA5-B2FC8D69E2F4\r
+  MODULE_TYPE     = DXE_DRIVER\r
+  VERSION_STRING  = 1.0\r
+  LIBRARY_CLASS   = CapsuleUpdatePolicyLib\r
+\r
+#\r
+#  VALID_ARCHITECTURES           = IA32 X64 ARM AARCH64\r
+#\r
+\r
+[Sources]\r
+  CapsuleUpdatePolicyLibOnProtocol.c\r
+\r
+[Packages]\r
+  MdePkg/MdePkg.dec\r
+  FmpDevicePkg/FmpDevicePkg.dec\r
+\r
+[LibraryClasses]\r
+  BaseLib\r
+  DebugLib\r
+  UefiBootServicesTableLib\r
+\r
+[Protocols]\r
+  gEdkiiCapuleUpdatePolicyProtocolGuid  ## CONSUMES\r

diff --git a/FmpDevicePkg/Library/CapsuleUpdatePolicyLibOnProtocol/CapsuleUpdatePolicyLibOnProtocol.uni b/FmpDevicePkg/Library/CapsuleUpdatePolicyLibOnProtocol/CapsuleUpdatePolicyLibOnProtocol.uni
new file mode 100644 (file)
index 0000000..58d0783
--- /dev/null
+++ b/FmpDevicePkg/Library/CapsuleUpdatePolicyLibOnProtocol/CapsuleUpdatePolicyLibOnProtocol.uni
@@ -0,0 +1,15 @@
+// /** @file\r
+// Provides platform policy services used during a capsule update that uses the\r
+// services of the EDKII_CAPSULE_UPDATE_POLICY_PROTOCOL.  If the\r
+// EDKII_CAPSULE_UPDATE_POLICY_PROTOCOL is not available, then assume the\r
+// platform is in a state that supports a firmware update.\r
+//\r
+// Copyright (c) 2018-2019, Intel Corporation. All rights reserved.<BR>\r
+//\r
+// SPDX-License-Identifier: BSD-2-Clause-Patent\r
+//\r
+// **/\r
+\r
+#string STR_MODULE_ABSTRACT     #language en-US  "Provides platform policy services used during a capsule update that uses the services of the EDKII_CAPSULE_UPDATE_POLICY_PROTOCOL."\r
+\r
+#string STR_MODULE_DESCRIPTION  #language en-US  "Provides platform policy services used during a capsule update that uses the services of the EDKII_CAPSULE_UPDATE_POLICY_PROTOCOL."\r

diff --git a/FmpDevicePkg/PrivateInclude/Library/FmpPayloadHeaderLib.h b/FmpDevicePkg/PrivateInclude/Library/FmpPayloadHeaderLib.h
new file mode 100644 (file)
index 0000000..24afd5e
--- /dev/null
+++ b/FmpDevicePkg/PrivateInclude/Library/FmpPayloadHeaderLib.h
@@ -0,0 +1,83 @@
+/** @file\r
+  Provides services to retrieve values from a capsule's FMP Payload Header.\r
+  The structure is not included in the library class.  Instead, services are\r
+  provided to retrieve information from the FMP Payload Header.  If information\r
+  is added to the FMP Payload Header, then new services may be added to this\r
+  library class to retrieve the new information.\r
+\r
+  Copyright (c) 2016, Microsoft Corporation. All rights reserved.<BR>\r
+  Copyright (c) 2018, Intel Corporation. All rights reserved.<BR>\r
+\r
+  SPDX-License-Identifier: BSD-2-Clause-Patent\r
+\r
+**/\r
+\r
+#ifndef _FMP_PAYLOAD_HEADER_LIB_H__\r
+#define _FMP_PAYLOAD_HEADER_LIB_H__\r
+\r
+/**\r
+  Returns the FMP Payload Header size in bytes.\r
+\r
+  @param[in]  Header          FMP Payload Header to evaluate\r
+  @param[in]  FmpPayloadSize  Size of FMP payload\r
+  @param[out] Size            The size, in bytes, of the FMP Payload Header.\r
+\r
+  @retval EFI_SUCCESS            The firmware version was returned.\r
+  @retval EFI_INVALID_PARAMETER  Header is NULL.\r
+  @retval EFI_INVALID_PARAMETER  Size is NULL.\r
+  @retval EFI_INVALID_PARAMETER  Header is not a valid FMP Payload Header.\r
+\r
+**/\r
+EFI_STATUS\r
+EFIAPI\r
+GetFmpPayloadHeaderSize (\r
+  IN  CONST VOID   *Header,\r
+  IN  CONST UINTN  FmpPayloadSize,\r
+  OUT UINT32       *Size\r
+  );\r
+\r
+/**\r
+  Returns the version described in the FMP Payload Header.\r
+\r
+  @param[in]  Header          FMP Payload Header to evaluate\r
+  @param[in]  FmpPayloadSize  Size of FMP payload\r
+  @param[out] Version         The firmware version described in the FMP Payload\r
+                              Header.\r
+\r
+  @retval EFI_SUCCESS            The firmware version was returned.\r
+  @retval EFI_INVALID_PARAMETER  Header is NULL.\r
+  @retval EFI_INVALID_PARAMETER  Version is NULL.\r
+  @retval EFI_INVALID_PARAMETER  Header is not a valid FMP Payload Header.\r
+\r
+**/\r
+EFI_STATUS\r
+EFIAPI\r
+GetFmpPayloadHeaderVersion (\r
+  IN  CONST VOID   *Header,\r
+  IN  CONST UINTN  FmpPayloadSize,\r
+  OUT UINT32       *Version\r
+  );\r
+\r
+/**\r
+  Returns the lowest supported version described in the FMP Payload Header.\r
+\r
+  @param[in]  Header                  FMP Payload Header to evaluate\r
+  @param[in]  FmpPayloadSize          Size of FMP payload\r
+  @param[out] LowestSupportedVersion  The lowest supported version described in\r
+                                      the FMP Payload Header.\r
+\r
+  @retval EFI_SUCCESS            The lowest support version was returned.\r
+  @retval EFI_INVALID_PARAMETER  Header is NULL.\r
+  @retval EFI_INVALID_PARAMETER  LowestSupportedVersion is NULL.\r
+  @retval EFI_INVALID_PARAMETER  Header is not a valid FMP Payload Header.\r
+\r
+**/\r
+EFI_STATUS\r
+EFIAPI\r
+GetFmpPayloadHeaderLowestSupportedVersion (\r
+  IN  CONST VOID    *Header,\r
+  IN  CONST UINTN   FmpPayloadSize,\r
+  OUT UINT32        *LowestSupportedVersion\r
+  );\r
+\r
+#endif\r

diff --git a/FmpDevicePkg/PrivateInclude/Protocol/CapsuleUpdatePolicy.h b/FmpDevicePkg/PrivateInclude/Protocol/CapsuleUpdatePolicy.h
new file mode 100644 (file)
index 0000000..871f0a1
--- /dev/null
+++ b/FmpDevicePkg/PrivateInclude/Protocol/CapsuleUpdatePolicy.h
@@ -0,0 +1,132 @@
+/** @file\r
+  Provides platform policy services used during a capsule update.\r
+\r
+  Copyright (c) 2019, Intel Corporation. All rights reserved.<BR>\r
+\r
+  SPDX-License-Identifier: BSD-2-Clause-Patent\r
+\r
+**/\r
+\r
+#ifndef __CAPSULE_UPDATE_POLICY_H__\r
+#define __CAPSULE_UPDATE_POLICY_H__\r
+\r
+#define EDKII_CAPSULE_UPDATE_POLICY_PROTOCOL_GUID \\r
+  { \\r
+    0x487784c5, 0x6299, 0x4ba6, { 0xb0, 0x96, 0x5c, 0xc5, 0x27, 0x7c, 0xf7, 0x57 } \\r
+  }\r
+\r
+typedef struct _EDKII_CAPSULE_UPDATE_POLICY_PROTOCOL  EDKII_CAPSULE_UPDATE_POLICY_PROTOCOL;\r
+\r
+/**\r
+  Determine if the system power state supports a capsule update.\r
+\r
+  @param[in]  This  A pointer to the EDKII_CAPSULE_UPDATE_POLICY_PROTOCOL instance.\r
+  @param[out] Good  Returns TRUE if system power state supports a capsule\r
+                    update.  Returns FALSE if system power state does not\r
+                    support a capsule update.  Return value is only valid if\r
+                    return status is EFI_SUCCESS.\r
+\r
+  @retval EFI_SUCCESS            Good parameter has been updated with result.\r
+  @retval EFI_INVALID_PARAMETER  Good is NULL.\r
+  @retval EFI_DEVICE_ERROR       System power state can not be determined.\r
+\r
+**/\r
+typedef\r
+EFI_STATUS\r
+(EFIAPI * EDKII_CAPSULE_UPDATE_POLICY_CHECK_SYSTEM_POWER) (\r
+  IN  EDKII_CAPSULE_UPDATE_POLICY_PROTOCOL  *This,\r
+  OUT BOOLEAN                               *Good\r
+  );\r
+\r
+/**\r
+  Determines if the system thermal state supports a capsule update.\r
+\r
+  @param[in]  This  A pointer to the EDKII_CAPSULE_UPDATE_POLICY_PROTOCOL instance.\r
+  @param[out] Good  Returns TRUE if system thermal state supports a capsule\r
+                    update.  Returns FALSE if system thermal state does not\r
+                    support a capsule update.  Return value is only valid if\r
+                    return status is EFI_SUCCESS.\r
+\r
+  @retval EFI_SUCCESS            Good parameter has been updated with result.\r
+  @retval EFI_INVALID_PARAMETER  Good is NULL.\r
+  @retval EFI_DEVICE_ERROR       System thermal state can not be determined.\r
+\r
+**/\r
+typedef\r
+EFI_STATUS\r
+(EFIAPI * EDKII_CAPSULE_UPDATE_POLICY_CHECK_SYSTEM_THERMAL) (\r
+  IN  EDKII_CAPSULE_UPDATE_POLICY_PROTOCOL  *This,\r
+  OUT BOOLEAN                               *Good\r
+  );\r
+\r
+/**\r
+  Determines if the system environment state supports a capsule update.\r
+\r
+  @param[in]  This  A pointer to the EDKII_CAPSULE_UPDATE_POLICY_PROTOCOL instance.\r
+  @param[out] Good  Returns TRUE if system environment state supports a capsule\r
+                    update.  Returns FALSE if system environment state does not\r
+                    support a capsule update.  Return value is only valid if\r
+                    return status is EFI_SUCCESS.\r
+\r
+  @retval EFI_SUCCESS            Good parameter has been updated with result.\r
+  @retval EFI_INVALID_PARAMETER  Good is NULL.\r
+  @retval EFI_DEVICE_ERROR       System environment state can not be determined.\r
+\r
+**/\r
+typedef\r
+EFI_STATUS\r
+(EFIAPI * EDKII_CAPSULE_UPDATE_POLICY_CHECK_SYSTEM_ENVIRONMENT) (\r
+  IN  EDKII_CAPSULE_UPDATE_POLICY_PROTOCOL  *This,\r
+  OUT BOOLEAN                               *Good\r
+  );\r
+\r
+/**\r
+  Determines if the Lowest Supported Version checks should be performed.  The\r
+  expected result from this function is TRUE.  A platform can choose to return\r
+  FALSE (e.g. during manufacturing or servicing) to allow a capsule update to a\r
+  version below the current Lowest Supported Version.\r
+\r
+  @param[in]  This  A pointer to the EDKII_CAPSULE_UPDATE_POLICY_PROTOCOL instance.\r
+\r
+  @retval TRUE   The lowest supported version check is required.\r
+  @retval FALSE  Do not perform lowest support version check.\r
+\r
+**/\r
+typedef\r
+BOOLEAN\r
+(EFIAPI * EDKII_CAPSULE_UPDATE_POLICY_IS_LOWEST_SUPPORTED_VERSION_CHECK_REQUIRED) (\r
+  IN  EDKII_CAPSULE_UPDATE_POLICY_PROTOCOL  *This\r
+  );\r
+\r
+/**\r
+  Determines if the FMP device should be locked when the event specified by\r
+  PcdFmpDeviceLockEventGuid is signaled. The expected result from this function\r
+  is TRUE so the FMP device is always locked.  A platform can choose to return\r
+  FALSE (e.g. during manufacturing) to allow FMP devices to remain unlocked.\r
+\r
+  @param[in]  This  A pointer to the EDKII_CAPSULE_UPDATE_POLICY_PROTOCOL instance.\r
+\r
+  @retval TRUE   The FMP device lock action is required at lock event guid.\r
+  @retval FALSE  Do not perform FMP device lock at lock event guid.\r
+\r
+**/\r
+typedef\r
+BOOLEAN\r
+(EFIAPI * EDKII_CAPSULE_UPDATE_POLICY_IS_FMP_DEVICE_AT_LOCK_EVENT_REQUIRED) (\r
+  IN  EDKII_CAPSULE_UPDATE_POLICY_PROTOCOL  *This\r
+  );\r
+\r
+///\r
+/// This protocol provides platform policy services used during a capsule update.\r
+///\r
+struct _EDKII_CAPSULE_UPDATE_POLICY_PROTOCOL {\r
+  EDKII_CAPSULE_UPDATE_POLICY_CHECK_SYSTEM_POWER                          CheckSystemPower;\r
+  EDKII_CAPSULE_UPDATE_POLICY_CHECK_SYSTEM_THERMAL                        CheckSystemThermal;\r
+  EDKII_CAPSULE_UPDATE_POLICY_CHECK_SYSTEM_ENVIRONMENT                    CheckSystemEnvironment;\r
+  EDKII_CAPSULE_UPDATE_POLICY_IS_LOWEST_SUPPORTED_VERSION_CHECK_REQUIRED  IsLowestSupportedVersionCheckRequired;\r
+  EDKII_CAPSULE_UPDATE_POLICY_IS_FMP_DEVICE_AT_LOCK_EVENT_REQUIRED        IsLockFmpDeviceAtLockEventGuidRequired;\r
+};\r
+\r
+extern EFI_GUID gEdkiiCapuleUpdatePolicyProtocolGuid;\r
+\r
+#endif\r