From 11d354945c204588c98f74cfd8b6d18433d621c4 Mon Sep 17 00:00:00 2001 From: Eric Jin Date: Fri, 26 Jul 2019 15:45:19 +0800 Subject: [PATCH] FmpDevicePkg/FmpDxe: Add PcdFmpDeviceStorageAccessEnable REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1525 Add PCD PcdFmpDeviceStorageAccessEnable. If this PCD is TRUE, then the Firmware Management Protocol supports access to the firmware storage device. This is the default setting. If FALSE, then Firmware Management Protocol services that access the firmware storage device return EFI_UNSUPPORTED except GetImageInfo(). Setting this value to FALSE produces the smallest possible FmpDxe driver that still advertises the updatable firmware component in the ESRT. Cc: Sean Brogan Cc: Bret Barkelew Cc: Liming Gao Signed-off-by: Michael D Kinney Reviewed-by: Eric Jin Reviewed-by: Liming Gao --- FmpDevicePkg/FmpDevicePkg.dec | 12 ++++++++++++ FmpDevicePkg/FmpDevicePkg.dsc | 18 ++++++++++++++++++ FmpDevicePkg/FmpDevicePkg.uni | 10 ++++++++++ FmpDevicePkg/FmpDxe/FmpDxe.c | 12 ++++++++++++ FmpDevicePkg/FmpDxe/FmpDxe.inf | 1 + FmpDevicePkg/FmpDxe/FmpDxeLib.inf | 1 + 6 files changed, 54 insertions(+) diff --git a/FmpDevicePkg/FmpDevicePkg.dec b/FmpDevicePkg/FmpDevicePkg.dec index 56ed5fbb4a..8312b7cb22 100644 --- a/FmpDevicePkg/FmpDevicePkg.dec +++ b/FmpDevicePkg/FmpDevicePkg.dec @@ -52,6 +52,18 @@ ## Capsule Update Policy Protocol gEdkiiCapuleUpdatePolicyProtocolGuid = { 0x487784c5, 0x6299, 0x4ba6, { 0xb0, 0x96, 0x5c, 0xc5, 0x27, 0x7c, 0xf7, 0x57 } } +[PcdsFeatureFlag] + ## Indicates if the Firmware Management Protocol supports access to + # to a firmware storage device. If set to FALSE, then only GetImageInfo() + # is supported. This is used by FMP drivers that require the samllest + # possible Firmware Management Protocol implementation that supports + # advertising the updatable firmware device in the ESRT.
+ # TRUE - All Firmware Management Protocol services supported.
+ # FALSE - Firmware Management Protocol returns EFI_UNSUPPORTED for + # all services except GetImageInfo().
+ # @Prompt Firmware Device Storage Access Enabled. + gFmpDevicePkgTokenSpaceGuid.PcdFmpDeviceStorageAccessEnable|TRUE|BOOLEAN|0x40000011 + [PcdsFixedAtBuild] ## The SHA-256 hash of a PKCS7 test key that is used to detect if a test key # is being used to authenticate capsules. Test key detection is disabled by diff --git a/FmpDevicePkg/FmpDevicePkg.dsc b/FmpDevicePkg/FmpDevicePkg.dsc index 4e2bd8de3d..bf283b93ea 100644 --- a/FmpDevicePkg/FmpDevicePkg.dsc +++ b/FmpDevicePkg/FmpDevicePkg.dsc @@ -29,6 +29,12 @@ DEFINE SYSTEM_FMP_ESRT_GUID = B461B3BD-E62A-4A71-841C-50BA4E500267 DEFINE DEVICE_FMP_ESRT_GUID = 226034C4-8B67-4536-8653-D6EE7CE5A316 + # + # TRUE - Build FmpDxe module for with storage access enabled + # FALSE - Build FmpDxe module for with storage access disabled + # + DEFINE DEVICE_FMP_STORAGE_ACCESS_ENABLE = TRUE + [LibraryClasses] UefiDriverEntryPoint|MdePkg/Library/UefiDriverEntryPoint/UefiDriverEntryPoint.inf UefiBootServicesTableLib|MdePkg/Library/UefiBootServicesTableLib/UefiBootServicesTableLib.inf @@ -118,11 +124,23 @@ # FILE_GUID is used as ESRT GUID # FILE_GUID = $(DEVICE_FMP_ESRT_GUID) + + gFmpDevicePkgTokenSpaceGuid.PcdFmpDeviceStorageAccessEnable|$(DEVICE_FMP_STORAGE_ACCESS_ENABLE) +!if $(DEVICE_FMP_STORAGE_ACCESS_ENABLE) == FALSE + # + # Disable test key detection + # + gFmpDevicePkgTokenSpaceGuid.PcdFmpDeviceTestKeySha256Digest|{0} +!endif # # Unicode name string that is used to populate FMP Image Descriptor for this capsule update module # +!if $(DEVICE_FMP_STORAGE_ACCESS_ENABLE) == TRUE gFmpDevicePkgTokenSpaceGuid.PcdFmpDeviceImageIdName|L"Sample Firmware Device" +!else + gFmpDevicePkgTokenSpaceGuid.PcdFmpDeviceImageIdName|L"Sample Firmware Device No Storage Access" +!endif # # Certificates used to authenticate capsule update image # diff --git a/FmpDevicePkg/FmpDevicePkg.uni b/FmpDevicePkg/FmpDevicePkg.uni index b7fe643186..9e21130fae 100644 --- a/FmpDevicePkg/FmpDevicePkg.uni +++ b/FmpDevicePkg/FmpDevicePkg.uni @@ -16,6 +16,16 @@ #string STR_PACKAGE_DESCRIPTION #language en-US "This package provides libraries that support the implementation of a module that produces the Firmware Management Protocol to support the update of a system firmware component." +#string STR_gFmpDevicePkgTokenSpaceGuid_PcdFmpDeviceStorageAccessEnable_PROMPT #language en-US "Firmware Device Storage Access Enabled." +#string STR_gFmpDevicePkgTokenSpaceGuid_PcdFmpDeviceStorageAccessEnable_HELP #language en-US "Indicates if the Firmware Management Protocol supports access to" + "to a firmware storage device. If set to FALSE, then only GetImageInfo()" + "is supported. This is used by FMP drivers that require the samllest" + "possible Firmware Management Protocol implementation that supports" + "advertising the updatable firmware device in the ESRT.
" + " TRUE - All Firmware Management Protocol services supported.
" + " FALSE - Firmware Management Protocol returns EFI_UNSUPPORTED for" + " all services except GetImageInfo().
" + #string STR_gFmpDevicePkgTokenSpaceGuid_PcdFmpDeviceTestKeySha256Digest_PROMPT #language en-US "SHA-256 hash of PKCS7 test key." #string STR_gFmpDevicePkgTokenSpaceGuid_PcdFmpDeviceTestKeySha256Digest_HELP #language en-US "The SHA-256 hash of a PKCS7 test key that is used to detect if a test key" "is being used to authenticate capsules. Test key detection can be disabled" diff --git a/FmpDevicePkg/FmpDxe/FmpDxe.c b/FmpDevicePkg/FmpDxe/FmpDxe.c index a53ded7380..3ca9d3526a 100644 --- a/FmpDevicePkg/FmpDxe/FmpDxe.c +++ b/FmpDevicePkg/FmpDxe/FmpDxe.c @@ -541,6 +541,10 @@ GetTheImage ( FIRMWARE_MANAGEMENT_PRIVATE_DATA *Private; UINTN Size; + if (!FeaturePcdGet (PcdFmpDeviceStorageAccessEnable)) { + return EFI_UNSUPPORTED; + } + Status = EFI_SUCCESS; // @@ -715,6 +719,10 @@ CheckTheImage ( FmpHeaderSize = 0; AllHeaderSize = 0; + if (!FeaturePcdGet (PcdFmpDeviceStorageAccessEnable)) { + return EFI_UNSUPPORTED; + } + // // Retrieve the private context structure // @@ -970,6 +978,10 @@ SetTheImage ( IncommingFwVersion = 0; LastAttemptStatus = LAST_ATTEMPT_STATUS_ERROR_UNSUCCESSFUL; + if (!FeaturePcdGet (PcdFmpDeviceStorageAccessEnable)) { + return EFI_UNSUPPORTED; + } + // // Retrieve the private context structure // diff --git a/FmpDevicePkg/FmpDxe/FmpDxe.inf b/FmpDevicePkg/FmpDxe/FmpDxe.inf index 65535a7f43..5487123935 100644 --- a/FmpDevicePkg/FmpDxe/FmpDxe.inf +++ b/FmpDevicePkg/FmpDxe/FmpDxe.inf @@ -61,6 +61,7 @@ gEdkiiFirmwareManagementProgressProtocolGuid ## PRODUCES [Pcd] + gFmpDevicePkgTokenSpaceGuid.PcdFmpDeviceStorageAccessEnable ## CONSUMES gFmpDevicePkgTokenSpaceGuid.PcdFmpDeviceImageIdName ## CONSUMES gFmpDevicePkgTokenSpaceGuid.PcdFmpDeviceBuildTimeLowestSupportedVersion ## CONSUMES gFmpDevicePkgTokenSpaceGuid.PcdFmpDeviceLockEventGuid ## CONSUMES diff --git a/FmpDevicePkg/FmpDxe/FmpDxeLib.inf b/FmpDevicePkg/FmpDxe/FmpDxeLib.inf index 3b10b57377..ba762b0b77 100644 --- a/FmpDevicePkg/FmpDxe/FmpDxeLib.inf +++ b/FmpDevicePkg/FmpDxe/FmpDxeLib.inf @@ -61,6 +61,7 @@ gEdkiiFirmwareManagementProgressProtocolGuid ## PRODUCES [Pcd] + gFmpDevicePkgTokenSpaceGuid.PcdFmpDeviceStorageAccessEnable ## CONSUMES gFmpDevicePkgTokenSpaceGuid.PcdFmpDeviceImageIdName ## CONSUMES gFmpDevicePkgTokenSpaceGuid.PcdFmpDeviceBuildTimeLowestSupportedVersion ## CONSUMES gFmpDevicePkgTokenSpaceGuid.PcdFmpDeviceLockEventGuid ## CONSUMES -- 2.39.2