SignedCapsulePkg/EdkiiSystemCapsuleLib: Add EdkiiSystemCapsuleLib.
authorJiewen Yao <jiewen.yao@intel.com>
Wed, 21 Sep 2016 02:02:21 +0000 (10:02 +0800)
committerJiewen Yao <jiewen.yao@intel.com>
Tue, 8 Nov 2016 14:40:58 +0000 (22:40 +0800)
This library is used to abstract the action for EDKII system FMP capsule,
such as extracting a component from capsule, or authenticate the capsule.

Cc: Feng Tian <feng.tian@intel.com>
Cc: Star Zeng <star.zeng@intel.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Liming Gao <liming.gao@intel.com>
Cc: Chao Zhang <chao.b.zhang@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Jiewen Yao <jiewen.yao@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
Reviewed-by: Michael Kinney <michael.d.kinney@intel.com>
Tested-by: Michael Kinney <michael.d.kinney@intel.com>
SignedCapsulePkg/Library/EdkiiSystemCapsuleLib/EdkiiSystemCapsuleLib.c [new file with mode: 0644]
SignedCapsulePkg/Library/EdkiiSystemCapsuleLib/EdkiiSystemCapsuleLib.inf [new file with mode: 0644]
SignedCapsulePkg/Library/EdkiiSystemCapsuleLib/EdkiiSystemCapsuleLib.uni [new file with mode: 0644]

diff --git a/SignedCapsulePkg/Library/EdkiiSystemCapsuleLib/EdkiiSystemCapsuleLib.c b/SignedCapsulePkg/Library/EdkiiSystemCapsuleLib/EdkiiSystemCapsuleLib.c
new file mode 100644 (file)
index 0000000..27c6f4c
--- /dev/null
@@ -0,0 +1,671 @@
+/** @file\r
+  EDKII System Capsule library.\r
+\r
+  EDKII System Capsule library instance.\r
+\r
+  CapsuleAuthenticateSystemFirmware(), ExtractAuthenticatedImage() will receive\r
+  untrusted input and do basic validation.\r
+\r
+  Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>\r
+  This program and the accompanying materials\r
+  are licensed and made available under the terms and conditions of the BSD License\r
+  which accompanies this distribution.  The full text of the license may be found at\r
+  http://opensource.org/licenses/bsd-license.php\r
+\r
+  THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,\r
+  WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
+\r
+**/\r
+\r
+#include <PiDxe.h>\r
+\r
+#include <Guid/SystemResourceTable.h>\r
+#include <Guid/FirmwareContentsSigned.h>\r
+#include <Guid/WinCertificate.h>\r
+#include <Guid/EdkiiSystemFmpCapsule.h>\r
+#include <Guid/WinCertificate.h>\r
+#include <Guid/ImageAuthentication.h>\r
+\r
+#include <Library/BaseLib.h>\r
+#include <Library/BaseMemoryLib.h>\r
+#include <Library/DebugLib.h>\r
+#include <Library/MemoryAllocationLib.h>\r
+#include <Library/EdkiiSystemCapsuleLib.h>\r
+#include <Library/FmpAuthenticationLib.h>\r
+\r
+#include <Protocol/FirmwareManagement.h>\r
+\r
+EDKII_SYSTEM_FIRMWARE_IMAGE_DESCRIPTOR   *mImageFmpInfo;\r
+UINTN                                    mImageFmpInfoSize;\r
+EFI_GUID                                 mEdkiiSystemFirmwareFileGuid;\r
+\r
+/**\r
+  Check if a block of buffer is erased.\r
+\r
+  @param[in] ErasePolarity  Erase polarity attribute of the firmware volume\r
+  @param[in] InBuffer       The buffer to be checked\r
+  @param[in] BufferSize     Size of the buffer in bytes\r
+\r
+  @retval    TRUE           The block of buffer is erased\r
+  @retval    FALSE          The block of buffer is not erased\r
+**/\r
+BOOLEAN\r
+IsBufferErased (\r
+  IN UINT8    ErasePolarity,\r
+  IN VOID     *InBuffer,\r
+  IN UINTN    BufferSize\r
+  )\r
+{\r
+  UINTN   Count;\r
+  UINT8   EraseByte;\r
+  UINT8   *Buffer;\r
+\r
+  if(ErasePolarity == 1) {\r
+    EraseByte = 0xFF;\r
+  } else {\r
+    EraseByte = 0;\r
+  }\r
+\r
+  Buffer = InBuffer;\r
+  for (Count = 0; Count < BufferSize; Count++) {\r
+    if (Buffer[Count] != EraseByte) {\r
+      return FALSE;\r
+    }\r
+  }\r
+\r
+  return TRUE;\r
+}\r
+\r
+/**\r
+  Get Section buffer pointer by SectionType and SectionInstance.\r
+\r
+  @param[in]   SectionBuffer     The buffer of section\r
+  @param[in]   SectionBufferSize The size of SectionBuffer in bytes\r
+  @param[in]   SectionType       The SectionType of Section to be found\r
+  @param[in]   SectionInstance   The Instance of Section to be found\r
+  @param[out]  OutSectionBuffer  The section found, including SECTION_HEADER\r
+  @param[out]  OutSectionSize    The size of section found, including SECTION_HEADER\r
+\r
+  @retval TRUE  The FFS buffer is found.\r
+  @retval FALSE The FFS buffer is not found.\r
+**/\r
+BOOLEAN\r
+GetSectionByType (\r
+  IN VOID                  *SectionBuffer,\r
+  IN UINT32                SectionBufferSize,\r
+  IN EFI_SECTION_TYPE      SectionType,\r
+  IN UINTN                 SectionInstance,\r
+  OUT VOID                 **OutSectionBuffer,\r
+  OUT UINTN                *OutSectionSize\r
+  )\r
+{\r
+  EFI_COMMON_SECTION_HEADER             *SectionHeader;\r
+  UINTN                                 SectionSize;\r
+  UINTN                                 Instance;\r
+\r
+  DEBUG ((DEBUG_INFO, "GetSectionByType - Buffer: 0x%08x - 0x%08x\n", SectionBuffer, SectionBufferSize));\r
+\r
+  //\r
+  // Find Section\r
+  //\r
+  SectionHeader = SectionBuffer;\r
+\r
+  Instance = 0;\r
+  while ((UINTN)SectionHeader < (UINTN)SectionBuffer + SectionBufferSize) {\r
+    DEBUG ((DEBUG_INFO, "GetSectionByType - Section: 0x%08x\n", SectionHeader));\r
+    if (IS_SECTION2(SectionHeader)) {\r
+      SectionSize = SECTION2_SIZE(SectionHeader);\r
+    } else {\r
+      SectionSize = SECTION_SIZE(SectionHeader);\r
+    }\r
+\r
+    if (SectionHeader->Type == SectionType) {\r
+      if (Instance == SectionInstance) {\r
+        *OutSectionBuffer = (UINT8 *)SectionHeader;\r
+        *OutSectionSize = SectionSize;\r
+        DEBUG((DEBUG_INFO, "GetSectionByType - 0x%x - 0x%x\n", *OutSectionBuffer, *OutSectionSize));\r
+        return TRUE;\r
+      } else {\r
+        DEBUG((DEBUG_INFO, "GetSectionByType - find section instance %x\n", Instance));\r
+        Instance++;\r
+      }\r
+    } else {\r
+      //\r
+      // Skip other section type\r
+      //\r
+      DEBUG ((DEBUG_INFO, "GetSectionByType - other section type 0x%x\n", SectionHeader->Type));\r
+    }\r
+\r
+    //\r
+    // Next Section\r
+    //\r
+    SectionHeader = (EFI_COMMON_SECTION_HEADER *)((UINTN)SectionHeader + ALIGN_VALUE(SectionSize, 4));\r
+  }\r
+\r
+  return FALSE;\r
+}\r
+\r
+/**\r
+  Get FFS buffer pointer by FileName GUID and FileType.\r
+\r
+  @param[in]   FdStart          The System Firmware FD image\r
+  @param[in]   FdSize           The size of System Firmware FD image\r
+  @param[in]   FileName         The FileName GUID of FFS to be found\r
+  @param[in]   Type             The FileType of FFS to be found\r
+  @param[out]  OutFfsBuffer     The FFS buffer found, including FFS_FILE_HEADER\r
+  @param[out]  OutFfsBufferSize The size of FFS buffer found, including FFS_FILE_HEADER\r
+\r
+  @retval TRUE  The FFS buffer is found.\r
+  @retval FALSE The FFS buffer is not found.\r
+**/\r
+BOOLEAN\r
+GetFfsByName (\r
+  IN VOID                  *FdStart,\r
+  IN UINTN                 FdSize,\r
+  IN EFI_GUID              *FileName,\r
+  IN EFI_FV_FILETYPE       Type,\r
+  OUT VOID                 **OutFfsBuffer,\r
+  OUT UINTN                *OutFfsBufferSize\r
+  )\r
+{\r
+  UINTN                                     FvSize;\r
+  EFI_FIRMWARE_VOLUME_HEADER                *FvHeader;\r
+  EFI_FIRMWARE_VOLUME_EXT_HEADER            *FvExtHeader;\r
+  EFI_FFS_FILE_HEADER                       *FfsHeader;\r
+  UINT32                                    FfsSize;\r
+  UINTN                                     TestLength;\r
+  BOOLEAN                                   FvFound;\r
+\r
+  DEBUG ((DEBUG_INFO, "GetFfsByName - FV: 0x%08x - 0x%08x\n", (UINTN)FdStart, (UINTN)FdSize));\r
+\r
+  FvFound = FALSE;\r
+  FvHeader = (EFI_FIRMWARE_VOLUME_HEADER *)FdStart;\r
+  while ((UINTN)FvHeader < (UINTN)FdStart + FdSize - 1) {\r
+    FvSize = (UINTN)FdStart + FdSize - (UINTN)FvHeader;\r
+\r
+    if (FvHeader->Signature != EFI_FVH_SIGNATURE) {\r
+      FvHeader = (EFI_FIRMWARE_VOLUME_HEADER *)((UINTN)FvHeader + SIZE_4KB);\r
+      continue;\r
+    }\r
+    DEBUG((DEBUG_ERROR, "checking FV....0x%08x - 0x%x\n", FvHeader, FvHeader->FvLength));\r
+    FvFound = TRUE;\r
+    if (FvHeader->FvLength > FvSize) {\r
+      DEBUG((DEBUG_ERROR, "GetFfsByName - FvSize: 0x%08x, MaxSize - 0x%08x\n", (UINTN)FvHeader->FvLength, (UINTN)FvSize));\r
+      return FALSE;\r
+    }\r
+    FvSize = (UINTN)FvHeader->FvLength;\r
+\r
+    //\r
+    // Find FFS\r
+    //\r
+    if (FvHeader->ExtHeaderOffset != 0) {\r
+      FvExtHeader = (EFI_FIRMWARE_VOLUME_EXT_HEADER *)((UINT8 *)FvHeader + FvHeader->ExtHeaderOffset);\r
+      FfsHeader = (EFI_FFS_FILE_HEADER *)((UINT8 *)FvExtHeader + FvExtHeader->ExtHeaderSize);\r
+    } else {\r
+      FfsHeader = (EFI_FFS_FILE_HEADER *)((UINT8 *)FvHeader + FvHeader->HeaderLength);\r
+    }\r
+    FfsHeader = (EFI_FFS_FILE_HEADER *)((UINTN)FvHeader + ALIGN_VALUE((UINTN)FfsHeader - (UINTN)FvHeader, 8));\r
+\r
+    while ((UINTN)FfsHeader < (UINTN)FvHeader + FvSize - 1) {\r
+      DEBUG((DEBUG_INFO, "GetFfsByName - FFS: 0x%08x\n", FfsHeader));\r
+      TestLength = (UINTN)((UINTN)FvHeader + FvSize - (UINTN)FfsHeader);\r
+      if (TestLength > sizeof(EFI_FFS_FILE_HEADER)) {\r
+        TestLength = sizeof(EFI_FFS_FILE_HEADER);\r
+      }\r
+      if (IsBufferErased(1, FfsHeader, TestLength)) {\r
+        break;\r
+      }\r
+\r
+      if (IS_FFS_FILE2(FfsHeader)) {\r
+        FfsSize = FFS_FILE2_SIZE(FfsHeader);\r
+      } else {\r
+        FfsSize = FFS_FILE_SIZE(FfsHeader);\r
+      }\r
+\r
+      if (CompareGuid(FileName, &FfsHeader->Name) &&\r
+          ((Type == EFI_FV_FILETYPE_ALL) || (FfsHeader->Type == Type))) {\r
+        //\r
+        // Check section\r
+        //\r
+        *OutFfsBuffer = FfsHeader;\r
+        *OutFfsBufferSize = FfsSize;\r
+        return TRUE;\r
+      } else {\r
+        //\r
+        // Any other type is not allowed\r
+        //\r
+        DEBUG((DEBUG_INFO, "GetFfsByName - other FFS type 0x%x, name %g\n", FfsHeader->Type, &FfsHeader->Name));\r
+      }\r
+\r
+      //\r
+      // Next File\r
+      //\r
+      FfsHeader = (EFI_FFS_FILE_HEADER *)((UINTN)FfsHeader + ALIGN_VALUE(FfsSize, 8));\r
+    }\r
+\r
+    //\r
+    // Next FV\r
+    //\r
+    FvHeader = (VOID *)(UINTN)((UINTN)FvHeader + FvHeader->FvLength);\r
+    DEBUG((DEBUG_ERROR, "Next FV....0x%08x - 0x%x\n", FvHeader, FvHeader->FvLength));\r
+  }\r
+\r
+  if (!FvFound) {\r
+    DEBUG((DEBUG_ERROR, "GetFfsByName - NO FV Found\n"));\r
+  }\r
+  return FALSE;\r
+}\r
+\r
+/**\r
+  Extract the driver FV from an authenticated image.\r
+\r
+  @param[in]  AuthenticatedImage      The authenticated capsule image.\r
+  @param[in]  AuthenticatedImageSize  The size of the authenticated capsule image in bytes.\r
+  @param[out] DriverFvImage           The driver FV image.\r
+  @param[out] DriverFvImageSize       The size of the driver FV image in bytes.\r
+\r
+  @retval TRUE  The driver Fv is extracted.\r
+  @retval FALSE The driver Fv is not extracted.\r
+**/\r
+BOOLEAN\r
+EFIAPI\r
+ExtractDriverFvImage (\r
+  IN VOID                         *AuthenticatedImage,\r
+  IN UINTN                        AuthenticatedImageSize,\r
+  OUT VOID                        **DriverFvImage,\r
+  OUT UINTN                       *DriverFvImageSize\r
+  )\r
+{\r
+  BOOLEAN     Result;\r
+  UINT32      FileHeaderSize;\r
+\r
+  *DriverFvImage = NULL;\r
+  *DriverFvImageSize = 0;\r
+\r
+  Result = GetFfsByName(AuthenticatedImage, AuthenticatedImageSize, &gEdkiiSystemFmpCapsuleDriverFvFileGuid, EFI_FV_FILETYPE_RAW, DriverFvImage, DriverFvImageSize);\r
+  if (!Result) {\r
+    return FALSE;\r
+  }\r
+\r
+  if (IS_FFS_FILE2(*DriverFvImage)) {\r
+    FileHeaderSize = sizeof(EFI_FFS_FILE_HEADER2);\r
+  } else {\r
+    FileHeaderSize = sizeof(EFI_FFS_FILE_HEADER);\r
+  }\r
+  *DriverFvImage = (UINT8 *)*DriverFvImage + FileHeaderSize;\r
+  *DriverFvImageSize = *DriverFvImageSize - FileHeaderSize;\r
+\r
+  return Result;\r
+}\r
+\r
+/**\r
+  Extract the config image from an authenticated image.\r
+\r
+  @param[in]  AuthenticatedImage      The authenticated capsule image.\r
+  @param[in]  AuthenticatedImageSize  The size of the authenticated capsule image in bytes.\r
+  @param[out] ConfigImage             The config image.\r
+  @param[out] ConfigImageSize         The size of the config image in bytes.\r
+\r
+  @retval TRUE  The config image is extracted.\r
+  @retval FALSE The config image is not extracted.\r
+**/\r
+BOOLEAN\r
+EFIAPI\r
+ExtractConfigImage (\r
+  IN VOID                         *AuthenticatedImage,\r
+  IN UINTN                        AuthenticatedImageSize,\r
+  OUT VOID                        **ConfigImage,\r
+  OUT UINTN                       *ConfigImageSize\r
+  )\r
+{\r
+  BOOLEAN     Result;\r
+  UINT32      FileHeaderSize;\r
+\r
+  *ConfigImage = NULL;\r
+  *ConfigImageSize = 0;\r
+\r
+  Result = GetFfsByName(AuthenticatedImage, AuthenticatedImageSize, &gEdkiiSystemFmpCapsuleConfigFileGuid, EFI_FV_FILETYPE_RAW, ConfigImage, ConfigImageSize);\r
+  if (!Result) {\r
+    return FALSE;\r
+  }\r
+\r
+  if (IS_FFS_FILE2(*ConfigImage)) {\r
+    FileHeaderSize = sizeof(EFI_FFS_FILE_HEADER2);\r
+  } else {\r
+    FileHeaderSize = sizeof(EFI_FFS_FILE_HEADER);\r
+  }\r
+  *ConfigImage = (UINT8 *)*ConfigImage + FileHeaderSize;\r
+  *ConfigImageSize = *ConfigImageSize - FileHeaderSize;\r
+\r
+  return Result;\r
+}\r
+\r
+/**\r
+  Extract the authenticated image from an FMP capsule image.\r
+\r
+  Caution: This function may receive untrusted input.\r
+\r
+  @param[in]  Image                   The FMP capsule image, including EFI_FIRMWARE_IMAGE_AUTHENTICATION.\r
+  @param[in]  ImageSize               The size of FMP capsule image in bytes.\r
+  @param[out] LastAttemptStatus       The last attempt status, which will be recorded in ESRT and FMP EFI_FIRMWARE_IMAGE_DESCRIPTOR.\r
+  @param[out] AuthenticatedImage      The authenticated capsule image, excluding EFI_FIRMWARE_IMAGE_AUTHENTICATION.\r
+  @param[out] AuthenticatedImageSize  The size of the authenticated capsule image in bytes.\r
+\r
+  @retval TRUE  The authenticated image is extracted.\r
+  @retval FALSE The authenticated image is not extracted.\r
+**/\r
+BOOLEAN\r
+EFIAPI\r
+ExtractAuthenticatedImage (\r
+  IN VOID                         *Image,\r
+  IN UINTN                        ImageSize,\r
+  OUT UINT32                      *LastAttemptStatus,\r
+  OUT VOID                        **AuthenticatedImage,\r
+  OUT UINTN                       *AuthenticatedImageSize\r
+  )\r
+{\r
+  EFI_FIRMWARE_IMAGE_AUTHENTICATION         *ImageAuth;\r
+  EFI_STATUS                                Status;\r
+  GUID                                      *CertType;\r
+  VOID                                      *PublicKeyData;\r
+  UINTN                                     PublicKeyDataLength;\r
+\r
+  DEBUG((DEBUG_INFO, "ExtractAuthenticatedImage - Image: 0x%08x - 0x%08x\n", (UINTN)Image, (UINTN)ImageSize));\r
+\r
+  *LastAttemptStatus = LAST_ATTEMPT_STATUS_ERROR_INVALID_FORMAT;\r
+  if ((Image == NULL) || (ImageSize == 0)) {\r
+    return FALSE;\r
+  }\r
+\r
+  ImageAuth = (EFI_FIRMWARE_IMAGE_AUTHENTICATION *)Image;\r
+  if (ImageSize < sizeof(EFI_FIRMWARE_IMAGE_AUTHENTICATION)) {\r
+    DEBUG((DEBUG_ERROR, "ExtractAuthenticatedImage - ImageSize too small\n"));\r
+    return FALSE;\r
+  }\r
+  if (ImageAuth->AuthInfo.Hdr.dwLength <= OFFSET_OF(WIN_CERTIFICATE_UEFI_GUID, CertData)) {\r
+    DEBUG((DEBUG_ERROR, "ExtractAuthenticatedImage - dwLength too small\n"));\r
+    return FALSE;\r
+  }\r
+  if (ImageAuth->AuthInfo.Hdr.dwLength > MAX_UINTN - sizeof(UINT64)) {\r
+    DEBUG((DEBUG_ERROR, "ExtractAuthenticatedImage - dwLength too big\n"));\r
+    return FALSE;\r
+  }\r
+  if (ImageSize <= sizeof(ImageAuth->MonotonicCount) + ImageAuth->AuthInfo.Hdr.dwLength) {\r
+    DEBUG((DEBUG_ERROR, "ExtractAuthenticatedImage - ImageSize too small\n"));\r
+    return FALSE;\r
+  }\r
+  if (ImageAuth->AuthInfo.Hdr.wRevision != 0x0200) {\r
+    DEBUG((DEBUG_ERROR, "ExtractAuthenticatedImage - wRevision: 0x%02x, expect - 0x%02x\n", (UINTN)ImageAuth->AuthInfo.Hdr.wRevision, (UINTN)0x0200));\r
+    return FALSE;\r
+  }\r
+  if (ImageAuth->AuthInfo.Hdr.wCertificateType != WIN_CERT_TYPE_EFI_GUID) {\r
+    DEBUG((DEBUG_ERROR, "ExtractAuthenticatedImage - wCertificateType: 0x%02x, expect - 0x%02x\n", (UINTN)ImageAuth->AuthInfo.Hdr.wCertificateType, (UINTN)WIN_CERT_TYPE_EFI_GUID));\r
+    return FALSE;\r
+  }\r
+\r
+  CertType = &ImageAuth->AuthInfo.CertType;\r
+  DEBUG((DEBUG_INFO, "ExtractAuthenticatedImage - CertType: %g\n", CertType));\r
+\r
+  if (CompareGuid(&gEfiCertPkcs7Guid, CertType)) {\r
+    PublicKeyData   = PcdGetPtr(PcdPkcs7CertBuffer);\r
+    PublicKeyDataLength = PcdGetSize(PcdPkcs7CertBuffer);\r
+  } else if (CompareGuid(&gEfiCertTypeRsa2048Sha256Guid, CertType)) {\r
+    PublicKeyData = PcdGetPtr(PcdRsa2048Sha256PublicKeyBuffer);\r
+    PublicKeyDataLength = PcdGetSize(PcdRsa2048Sha256PublicKeyBuffer);\r
+  } else {\r
+    return FALSE;\r
+  }\r
+\r
+  Status = AuthenticateFmpImage(\r
+             ImageAuth,\r
+             ImageSize,\r
+             PublicKeyData,\r
+             PublicKeyDataLength\r
+             );\r
+  switch (Status) {\r
+  case RETURN_SUCCESS:\r
+    *LastAttemptStatus = LAST_ATTEMPT_STATUS_SUCCESS;\r
+    break;\r
+  case RETURN_SECURITY_VIOLATION:\r
+    *LastAttemptStatus = LAST_ATTEMPT_STATUS_ERROR_AUTH_ERROR;\r
+    break;\r
+  case RETURN_INVALID_PARAMETER:\r
+    *LastAttemptStatus = LAST_ATTEMPT_STATUS_ERROR_INVALID_FORMAT;\r
+    break;\r
+  case RETURN_UNSUPPORTED:\r
+    *LastAttemptStatus = LAST_ATTEMPT_STATUS_ERROR_INVALID_FORMAT;\r
+    break;\r
+  case RETURN_OUT_OF_RESOURCES:\r
+    *LastAttemptStatus = LAST_ATTEMPT_STATUS_ERROR_INSUFFICIENT_RESOURCES;\r
+    break;\r
+  default:\r
+    *LastAttemptStatus = LAST_ATTEMPT_STATUS_ERROR_UNSUCCESSFUL;\r
+    break;\r
+  }\r
+  if (EFI_ERROR(Status)) {\r
+    return FALSE;\r
+  }\r
+\r
+  if (AuthenticatedImage != NULL) {\r
+    *AuthenticatedImage = (UINT8 *)ImageAuth + ImageAuth->AuthInfo.Hdr.dwLength + sizeof(ImageAuth->MonotonicCount);\r
+  }\r
+  if (AuthenticatedImageSize != NULL) {\r
+    *AuthenticatedImageSize = ImageSize - ImageAuth->AuthInfo.Hdr.dwLength - sizeof(ImageAuth->MonotonicCount);\r
+  }\r
+  return TRUE;\r
+}\r
+\r
+/**\r
+  Extract ImageFmpInfo from system firmware.\r
+\r
+  @param[in]  SystemFirmwareImage     The System Firmware image.\r
+  @param[in]  SystemFirmwareImageSize The size of the System Firmware image in bytes.\r
+  @param[out] ImageFmpInfo            The ImageFmpInfo.\r
+  @param[out] ImageFmpInfoSize        The size of the ImageFmpInfo in bytes.\r
+\r
+  @retval TRUE  The ImageFmpInfo is extracted.\r
+  @retval FALSE The ImageFmpInfo is not extracted.\r
+**/\r
+BOOLEAN\r
+EFIAPI\r
+ExtractSystemFirmwareImageFmpInfo (\r
+  IN VOID                                      *SystemFirmwareImage,\r
+  IN UINTN                                     SystemFirmwareImageSize,\r
+  OUT EDKII_SYSTEM_FIRMWARE_IMAGE_DESCRIPTOR   **ImageFmpInfo,\r
+  OUT UINTN                                    *ImageFmpInfoSize\r
+  )\r
+{\r
+  BOOLEAN     Result;\r
+  UINT32      SectionHeaderSize;\r
+  UINT32      FileHeaderSize;\r
+\r
+  *ImageFmpInfo = NULL;\r
+  *ImageFmpInfoSize = 0;\r
+\r
+  Result = GetFfsByName(SystemFirmwareImage, SystemFirmwareImageSize, &gEdkiiSystemFirmwareImageDescriptorFileGuid, EFI_FV_FILETYPE_ALL, (VOID **)ImageFmpInfo, ImageFmpInfoSize);\r
+  if (!Result) {\r
+    return FALSE;\r
+  }\r
+  if (IS_FFS_FILE2 (*ImageFmpInfo)) {\r
+    FileHeaderSize = sizeof(EFI_FFS_FILE_HEADER2);\r
+  } else {\r
+    FileHeaderSize = sizeof(EFI_FFS_FILE_HEADER);\r
+  }\r
+  *ImageFmpInfo = (VOID *)((UINT8 *)*ImageFmpInfo + FileHeaderSize);\r
+  *ImageFmpInfoSize = *ImageFmpInfoSize - FileHeaderSize;\r
+\r
+  Result = GetSectionByType(*ImageFmpInfo, (UINT32)*ImageFmpInfoSize, EFI_SECTION_RAW, 0, (VOID **)ImageFmpInfo, ImageFmpInfoSize);\r
+  if (!Result) {\r
+    return FALSE;\r
+  }\r
+  if (IS_SECTION2(*ImageFmpInfo)) {\r
+    SectionHeaderSize = sizeof(EFI_RAW_SECTION2);\r
+  } else {\r
+    SectionHeaderSize = sizeof(EFI_RAW_SECTION);\r
+  }\r
+  *ImageFmpInfo = (VOID *)((UINT8 *)*ImageFmpInfo + SectionHeaderSize);\r
+  *ImageFmpInfoSize = *ImageFmpInfoSize - SectionHeaderSize;\r
+\r
+  return TRUE;\r
+}\r
+\r
+/**\r
+  Extract the System Firmware image from an authenticated image.\r
+\r
+  @param[in]  AuthenticatedImage      The authenticated capsule image.\r
+  @param[in]  AuthenticatedImageSize  The size of the authenticated capsule image in bytes.\r
+  @param[out] SystemFirmwareImage     The System Firmware image.\r
+  @param[out] SystemFirmwareImageSize The size of the System Firmware image in bytes.\r
+\r
+  @retval TRUE  The System Firmware image is extracted.\r
+  @retval FALSE The System Firmware image is not extracted.\r
+**/\r
+BOOLEAN\r
+EFIAPI\r
+ExtractSystemFirmwareImage (\r
+  IN VOID                         *AuthenticatedImage,\r
+  IN UINTN                        AuthenticatedImageSize,\r
+  OUT VOID                        **SystemFirmwareImage,\r
+  OUT UINTN                       *SystemFirmwareImageSize\r
+  )\r
+{\r
+  BOOLEAN     Result;\r
+  UINT32      FileHeaderSize;\r
+\r
+  *SystemFirmwareImage = NULL;\r
+  *SystemFirmwareImageSize = 0;\r
+\r
+  Result = GetFfsByName(AuthenticatedImage, AuthenticatedImageSize, &mEdkiiSystemFirmwareFileGuid, EFI_FV_FILETYPE_RAW, SystemFirmwareImage, SystemFirmwareImageSize);\r
+  if (!Result) {\r
+    // no nested FV, just return all data.\r
+    *SystemFirmwareImage = AuthenticatedImage;\r
+    *SystemFirmwareImageSize = AuthenticatedImageSize;\r
+\r
+    return TRUE;\r
+  }\r
+  if (IS_FFS_FILE2 (*SystemFirmwareImage)) {\r
+    FileHeaderSize = sizeof(EFI_FFS_FILE_HEADER2);\r
+  } else {\r
+    FileHeaderSize = sizeof(EFI_FFS_FILE_HEADER);\r
+  }\r
+  *SystemFirmwareImage = (UINT8 *)*SystemFirmwareImage + FileHeaderSize;\r
+  *SystemFirmwareImageSize = *SystemFirmwareImageSize - FileHeaderSize;\r
+\r
+  return Result;\r
+}\r
+\r
+/**\r
+  Authenticated system firmware FMP capsule image.\r
+\r
+  Caution: This function may receive untrusted input.\r
+\r
+  @param[in]  Image                   The FMP capsule image, including EFI_FIRMWARE_IMAGE_AUTHENTICATION.\r
+  @param[in]  ImageSize               The size of FMP capsule image in bytes.\r
+  @param[in]  ForceVersionMatch       TRUE: The version of capsule must be as same as the version of current image.\r
+                                      FALSE: The version of capsule must be as same as greater than the lowest\r
+                                             supported version of current image.\r
+  @param[out] LastAttemptVersion      The last attempt version, which will be recorded in ESRT and FMP EFI_FIRMWARE_IMAGE_DESCRIPTOR.\r
+  @param[out] LastAttemptStatus       The last attempt status, which will be recorded in ESRT and FMP EFI_FIRMWARE_IMAGE_DESCRIPTOR.\r
+  @param[out] AuthenticatedImage      The authenticated capsule image, excluding EFI_FIRMWARE_IMAGE_AUTHENTICATION.\r
+  @param[out] AuthenticatedImageSize  The size of the authenticated capsule image in bytes.\r
+\r
+  @retval TRUE  Authentication passes and the authenticated image is extracted.\r
+  @retval FALSE Authentication fails and the authenticated image is not extracted.\r
+**/\r
+EFI_STATUS\r
+EFIAPI\r
+CapsuleAuthenticateSystemFirmware (\r
+  IN VOID                         *Image,\r
+  IN UINTN                        ImageSize,\r
+  IN BOOLEAN                      ForceVersionMatch,\r
+  OUT UINT32                      *LastAttemptVersion,\r
+  OUT UINT32                      *LastAttemptStatus,\r
+  OUT VOID                        **AuthenticatedImage,\r
+  OUT UINTN                       *AuthenticatedImageSize\r
+  )\r
+{\r
+  BOOLEAN                                  Result;\r
+  EDKII_SYSTEM_FIRMWARE_IMAGE_DESCRIPTOR   *ImageFmpInfo;\r
+  UINTN                                    ImageFmpInfoSize;\r
+  EDKII_SYSTEM_FIRMWARE_IMAGE_DESCRIPTOR   *CurrentImageFmpInfo;\r
+  UINTN                                    CurrentImageFmpInfoSize;\r
+  VOID                                     *SystemFirmwareImage;\r
+  UINTN                                    SystemFirmwareImageSize;\r
+\r
+  *LastAttemptVersion = 0;\r
+\r
+  //\r
+  // NOTE: This function need run in an isolated environment.\r
+  // Do not touch FMP protocol and its private structure.\r
+  //\r
+\r
+  Result = ExtractAuthenticatedImage((VOID *)Image, ImageSize, LastAttemptStatus, AuthenticatedImage, AuthenticatedImageSize);\r
+  if (!Result) {\r
+    DEBUG((DEBUG_INFO, "ExtractAuthenticatedImage - fail\n"));\r
+    return EFI_SECURITY_VIOLATION;\r
+  }\r
+\r
+  DEBUG((DEBUG_INFO, "AuthenticatedImage - 0x%x - 0x%x\n", *AuthenticatedImage, *AuthenticatedImageSize));\r
+\r
+  Result = ExtractSystemFirmwareImage(*AuthenticatedImage, *AuthenticatedImageSize, &SystemFirmwareImage, &SystemFirmwareImageSize);\r
+  if (!Result) {\r
+    *LastAttemptStatus = LAST_ATTEMPT_STATUS_ERROR_INVALID_FORMAT;\r
+    DEBUG((DEBUG_INFO, "ExtractSystemFirmwareImage - fail\n"));\r
+    return EFI_SECURITY_VIOLATION;\r
+  }\r
+  DEBUG((DEBUG_INFO, "SystemFirmwareImage - 0x%x - 0x%x\n", SystemFirmwareImage, SystemFirmwareImageSize));\r
+\r
+  Result = ExtractSystemFirmwareImageFmpInfo(SystemFirmwareImage, SystemFirmwareImageSize, &ImageFmpInfo, &ImageFmpInfoSize);\r
+  if (!Result) {\r
+    *LastAttemptStatus = LAST_ATTEMPT_STATUS_ERROR_INVALID_FORMAT;\r
+    DEBUG((DEBUG_INFO, "ExtractSystemFirmwareImageFmpInfo - fail\n"));\r
+    return EFI_SECURITY_VIOLATION;\r
+  }\r
+\r
+  *LastAttemptVersion = ImageFmpInfo->Version;\r
+  DEBUG((DEBUG_INFO, "ImageFmpInfo - 0x%x - 0x%x\n", ImageFmpInfo, ImageFmpInfoSize));\r
+  DEBUG((DEBUG_INFO, "NewImage Version - 0x%x\n", ImageFmpInfo->Version));\r
+  DEBUG((DEBUG_INFO, "NewImage LowestSupportedImageVersion - 0x%x\n", ImageFmpInfo->LowestSupportedImageVersion));\r
+\r
+  CurrentImageFmpInfo = mImageFmpInfo;\r
+  CurrentImageFmpInfoSize = mImageFmpInfoSize;\r
+\r
+  DEBUG((DEBUG_INFO, "ImageFmpInfo - 0x%x - 0x%x\n", CurrentImageFmpInfo, CurrentImageFmpInfoSize));\r
+  DEBUG((DEBUG_INFO, "Current Version - 0x%x\n", CurrentImageFmpInfo->Version));\r
+  DEBUG((DEBUG_INFO, "Current LowestSupportedImageVersion - 0x%x\n", CurrentImageFmpInfo->LowestSupportedImageVersion));\r
+\r
+  if (ForceVersionMatch) {\r
+    if (CurrentImageFmpInfo->Version != ImageFmpInfo->Version) {\r
+      *LastAttemptStatus = LAST_ATTEMPT_STATUS_ERROR_INCORRECT_VERSION;\r
+      DEBUG((DEBUG_INFO, "ForceVersionMatch check - fail\n"));\r
+      return EFI_SECURITY_VIOLATION;\r
+    }\r
+  } else {\r
+    if (CurrentImageFmpInfo->Version < ImageFmpInfo->LowestSupportedImageVersion) {\r
+      *LastAttemptStatus = LAST_ATTEMPT_STATUS_ERROR_INCORRECT_VERSION;\r
+      DEBUG((DEBUG_INFO, "LowestSupportedImageVersion check - fail\n"));\r
+      return EFI_SECURITY_VIOLATION;\r
+    }\r
+  }\r
+\r
+  *LastAttemptStatus = LAST_ATTEMPT_STATUS_SUCCESS;\r
+  return EFI_SUCCESS;\r
+}\r
+\r
+/**\r
+  The constructor function.\r
+\r
+  @retval EFI_SUCCESS   The constructor successfully .\r
+**/\r
+EFI_STATUS\r
+EFIAPI\r
+EdkiiSystemCapsuleLibConstructor (\r
+  VOID\r
+  )\r
+{\r
+  mImageFmpInfoSize = PcdGetSize(PcdEdkiiSystemFirmwareImageDescriptor);\r
+  mImageFmpInfo = AllocateCopyPool (mImageFmpInfoSize, PcdGetPtr(PcdEdkiiSystemFirmwareImageDescriptor));\r
+  ASSERT(mImageFmpInfo != NULL);\r
+  CopyGuid(&mEdkiiSystemFirmwareFileGuid, PcdGetPtr(PcdEdkiiSystemFirmwareFileGuid));\r
+  return EFI_SUCCESS;\r
+}\r
diff --git a/SignedCapsulePkg/Library/EdkiiSystemCapsuleLib/EdkiiSystemCapsuleLib.inf b/SignedCapsulePkg/Library/EdkiiSystemCapsuleLib/EdkiiSystemCapsuleLib.inf
new file mode 100644 (file)
index 0000000..3c629ee
--- /dev/null
@@ -0,0 +1,61 @@
+## @file\r
+#  EDKII System Capsule library.\r
+#\r
+#  EDKII System Capsule library instance for DXE/PEI post memory phase.\r
+#\r
+#  Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>\r
+#  This program and the accompanying materials\r
+#  are licensed and made available under the terms and conditions of the BSD License\r
+#  which accompanies this distribution.  The full text of the license may be found at\r
+#  http://opensource.org/licenses/bsd-license.php\r
+#\r
+#  THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,\r
+#  WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
+#\r
+##\r
+\r
+[Defines]\r
+  INF_VERSION                    = 0x00010005\r
+  BASE_NAME                      = EdkiiSystemCapsuleLib\r
+  MODULE_UNI_FILE                = EdkiiSystemCapsuleLib.uni\r
+  FILE_GUID                      = 109D5FC6-56E6-481A-88EF-0CB828FBE0F6\r
+  MODULE_TYPE                    = BASE\r
+  VERSION_STRING                 = 1.0\r
+  LIBRARY_CLASS                  = EdkiiSystemCapsuleLib\r
+  CONSTRUCTOR                    = EdkiiSystemCapsuleLibConstructor\r
+\r
+#\r
+# The following information is for reference only and not required by the build tools.\r
+#\r
+#  VALID_ARCHITECTURES           = IA32 X64 IPF EBC\r
+#\r
+\r
+[Sources]\r
+  EdkiiSystemCapsuleLib.c\r
+\r
+[Packages]\r
+  MdePkg/MdePkg.dec\r
+  MdeModulePkg/MdeModulePkg.dec\r
+  SecurityPkg/SecurityPkg.dec\r
+  SignedCapsulePkg/SignedCapsulePkg.dec\r
+\r
+[LibraryClasses]\r
+  BaseLib\r
+  BaseMemoryLib\r
+  DebugLib\r
+  MemoryAllocationLib\r
+  FmpAuthenticationLib\r
+\r
+[Pcd]\r
+  gEfiSignedCapsulePkgTokenSpaceGuid.PcdEdkiiSystemFirmwareImageDescriptor\r
+  gEfiSignedCapsulePkgTokenSpaceGuid.PcdEdkiiSystemFirmwareFileGuid\r
+  gEfiSecurityPkgTokenSpaceGuid.PcdRsa2048Sha256PublicKeyBuffer\r
+  gEfiSecurityPkgTokenSpaceGuid.PcdPkcs7CertBuffer\r
+\r
+[Guids]\r
+  gEdkiiSystemFirmwareImageDescriptorFileGuid\r
+  gEdkiiSystemFmpCapsuleConfigFileGuid\r
+  gEdkiiSystemFmpCapsuleDriverFvFileGuid\r
+  gEfiCertPkcs7Guid\r
+  gEfiCertTypeRsa2048Sha256Guid\r
+\r
diff --git a/SignedCapsulePkg/Library/EdkiiSystemCapsuleLib/EdkiiSystemCapsuleLib.uni b/SignedCapsulePkg/Library/EdkiiSystemCapsuleLib/EdkiiSystemCapsuleLib.uni
new file mode 100644 (file)
index 0000000..93e959e
--- /dev/null
@@ -0,0 +1,22 @@
+// /** @file\r
+// EDKII System Capsule library.\r
+//\r
+// EDKII System Capsule library instance for DXE/PEI post memory phase.\r
+//\r
+// Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>\r
+//\r
+// This program and the accompanying materials\r
+// are licensed and made available under the terms and conditions of the BSD License\r
+// which accompanies this distribution.  The full text of the license may be found at\r
+// http://opensource.org/licenses/bsd-license.php\r
+//\r
+// THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,\r
+// WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
+//\r
+// **/\r
+\r
+\r
+#string STR_MODULE_ABSTRACT             #language en-US "EDKII System Capsule library."\r
+\r
+#string STR_MODULE_DESCRIPTION          #language en-US "EDKII System Capsule library instance for DXE/PEI post memory phase."\r
+\r