REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2421
Capsule Dependency is an incremental change of Fmp Capsule Update. The
capsule format is extended to include a set of binary encoded dependency
expression. The dependency expression is signed together with the Fmp
payload and evaluated before update is applied.
This feature is defined in UEFI Spec 2.8.
The dependency evaluation has two steps:
1. Validate platform existing Fmp images' version satisfy the dependency
expression in capsule image.
2. Validate the capsule image version satisfy all the platform existing
Fmp image's dependency expression.
If the dependency expression evaluates to FALSE, then the capsule update
fails and last attempt status is set to
LAST_ATTEMPT_STATUS_ERROR_UNSATISFIED_DEPENDENCIES.
The dependency saving and getting is FmpDeviceLib implementation scope.
The parameter "Image" of FmpDeviceSetImage and FmpDeviceGetImage function
is extended to contain the dependency. The layout:
+--------------------------+
| Dependency Op-codes |
+--------------------------+
| Fmp Payload Image |
+--------------------------+
1. FmpDeviceSetImage is responsible for retrieving the dependency from the
parameter "Image" and saving it to a protected storage.
2. FmpDeviceGetImage is responsible for retrieving the dependency from the
storage where FmpDeviceSetImage saves dependency and combining it with the
Fmp Payload Image into one buffer which is returned to the caller. This
dependency will be populated into EFI_FIRMWARE_IMAGE_DESCRIPTOR and used
for dependency evaluation.
3. FmpDeviceGetAttributes must set the bit IMAGE_ATTRIBUTE_DEPENDENCY to
indicate the Fmp device supports Fmp Capsule Dependency feature.
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Liming Gao <liming.gao@intel.com>
Signed-off-by: Wei6 Xu <wei6.xu@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
https://bugzilla.tianocore.org/show_bug.cgi?id=2262
Cc: Liming Gao <liming.gao@intel.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com>
Reviewed-by: Philippe Mathieu-Daude <philmd@redhat.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1525
The size overhead for CatSPrint() is large. This function
is only used to generate variable names with HardwareInstance
value appended. Use UnicodeValueToStringS() instead that is
much smaller.
Cc: Sean Brogan <sean.brogan@microsoft.com>
Cc: Bret Barkelew <Bret.Barkelew@microsoft.com>
Cc: Liming Gao <liming.gao@intel.com>
Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com>
Reviewed-by: Eric Jin <eric.jin@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1525
Add PCD PcdFmpDeviceStorageAccessEnable. If this PCD is
TRUE, then the Firmware Management Protocol supports access
to the firmware storage device. This is the default setting.
If FALSE, then Firmware Management Protocol services that
access the firmware storage device return EFI_UNSUPPORTED
except GetImageInfo(). Setting this value to FALSE produces
the smallest possible FmpDxe driver that still advertises the
updatable firmware component in the ESRT.
Cc: Sean Brogan <sean.brogan@microsoft.com>
Cc: Bret Barkelew <Bret.Barkelew@microsoft.com>
Cc: Liming Gao <liming.gao@intel.com>
Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com>
Reviewed-by: Eric Jin <eric.jin@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1525
Add PCD PcdFmpDeviceImageTypeIdGuid that contains an Image
Type ID GUID value that is used if one is not provided by
FmpDeviceLib. If this PCD is not a valid GUID value, then
gEfiCallerIdGuid is used.
Update FmpDevicePkg DSC to use PcdFmpDeviceImageTypeIdGuid
as a PatchableInModule PCD.
This content is based on the following commit.
a2c7da88d3 (diff-025d4889f6d3a482b49638a25e432d6d)
Cc: Sean Brogan <sean.brogan@microsoft.com>
Cc: Michael Turner <Michael.Turner@microsoft.com>
Cc: Bret Barkelew <Bret.Barkelew@microsoft.com>
Cc: Liming Gao <liming.gao@intel.com>
Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com>
Reviewed-by: Eric Jin <eric.jin@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1525
Update all DEBUG() messages to include the name of the
FMP device from PcdFmpDeviceImageIdName.
Based on content from the following commit, but expanded
to cover all DEBUG() messages.
a2c7da88d3 (diff-025d4889f6d3a482b49638a25e432d6d)
Cc: Sean Brogan <sean.brogan@microsoft.com>
Cc: Michael Turner <Michael.Turner@microsoft.com>
Cc: Bret Barkelew <Bret.Barkelew@microsoft.com>
Cc: Liming Gao <liming.gao@intel.com>
Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com>
Reviewed-by: Eric Jin <eric.jin@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1525
Update FmpDxe to support multiple controllers and use
new FmpDeviceLib APIs to support Stop/Unload and to
set the context for the worker functions in the
FmpDeviceLib.
Cc: Sean Brogan <sean.brogan@microsoft.com>
Cc: Bret Barkelew <Bret.Barkelew@microsoft.com>
Cc: Liming Gao <liming.gao@intel.com>
Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com>
Reviewed-by: Eric Jin <eric.jin@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
Current code locks variables in PcdFmpDeviceLockEventGuid callback by
VariableLock protocol whose interface will be closed at EndOfDxe.
So the PcdFmpDeviceLockEventGuid callback needs be executed before
the EndOfDxe callback in Variable driver.
When PcdFmpDeviceLockEventGuid = gEfiEndOfDxeEventGroupGuid, the
callback's execution sequence depends on the callback's TPL and
registration sequence.
When PcdFmpDeviceLockEventGuid = gEfiEventReadyToBootGuid, the
PcdFmpDeviceLockEventGuid callback will be executed after the
EndOfDxe callback in Variable driver, the locking will fail.
The patch moves the variables locking logic to entrypoint.
The patch also moves the IsLockFmpDeviceAtLockEventGuidRequired ()
checking to entrypoint.
The entrypoint's final return status should be better to depend on
the return status of RegisterFmpInstaller/InstallFmpInstance, but not
gBS->CreateEventEx.
So the patch also moves the RegisterFmpInstaller/InstallFmpInstance
calling to the end of entrypoint.
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Michael D Kinney <michael.d.kinney@intel.com>
No need repopulate if SetImage is not called.
But need repopulate after SetImage is called to update
LastAttemptVersion and LastAttemptStatus
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Michael D Kinney <michael.d.kinney@intel.com>
FmpDxe.c:517:18: error: equality comparison with extraneous
parentheses [-Werror,-Wparentheses-equality]
NOTE: This patch is based on thread
https://lists.01.org/pipermail/edk2-devel/2018-July/027810.html.
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Michael D Kinney <michael.d.kinney@intel.com>
Some static tool reports "the condition in 'if' statement is constant".
This patch updates the code to use local variable to store test key
digest size. It can pass the static tool's check.
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Michael D Kinney <michael.d.kinney@intel.com>
Some static tool reports "DeviceLibLowestSupportedVersion" is used,
but is uninitialized. It is false positive reporting based because
DeviceLibLowestSupportedVersion will have assigned value after
FmpDeviceGetLowestSupportedVersion() returns SUCCESS.
This patch updates the code to initialize
DeviceLibLowestSupportedVersion
to DEFAULT_LOWESTSUPPORTEDVERSION before calling
FmpDeviceGetLowestSupportedVersion().
It can pass the static tool's check.
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Michael D Kinney <michael.d.kinney@intel.com>
Instead of EFI_ACCESS_DENIED which is not defined in retval by
UEFI spec, return UNSUPPORTED if device has been locked in
SetTheImage().
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Michael D Kinney <michael.d.kinney@intel.com>
Add comment in mFmpDeviceLocked's declaration to make it more clear.
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Michael D Kinney <michael.d.kinney@intel.com>
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1040
Use Attributes to know whether reset is required and remove
PcdFmpDeviceSystemResetRequired.
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Michael D Kinney <michael.d.kinney@intel.com>
It does not make sense to check the Image/ImageSize if ImageIndex
has been invalid.
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Michael D Kinney <michael.d.kinney@intel.com>
Fix typo "EFI_SECURITY_VIOLATIO" to "EFI_SECURITY_VIOLATION".
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Michael D Kinney <michael.d.kinney@intel.com>
Current code return 1 when LSV check is not required,
but 1 LSV will make 0 Version capsule image update failed.
0 LSV is valid, this patch updates the code to return 0 when
LSV check is not required
We can see even the DEFAULT_LOWESTSUPPORTEDVERSION is 0.
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Michael D Kinney <michael.d.kinney@intel.com>
FmpDxeEntryPoint is used by both FmpDxe and FmpDxeLib.
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Michael D Kinney <michael.d.kinney@intel.com>
https://bugzilla.tianocore.org/show_bug.cgi?id=922
Based on content from the following branch:
https://github.com/Microsoft/MS_UEFI/tree/share/MsCapsuleSupport/MsCapsuleUpdatePkg
The FmpDxe directory contains 2 INF files. FmpDxe.inf
is a DXE driver that is used in a platform to add a
Firmware Management Protocol for firmware device that
supports firmware updates.
FmpDxeLib.inf is a NULL library instance with the exact
same functionality as FmpDxe.inf, but allows the the
Firmware Management Protocol feature to be added to
an existing device driver.
The FmpDxe component is intended to be used "as is"
with no need for any device specific or platform specific
changes.
Cc: Sean Brogan <sean.brogan@microsoft.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com>
Reviewed-by: Star Zeng <star.zeng@intel.com>
Xu, Wei6
Sean Brogan
Eric Jin
Antoine Cœur
Michael D Kinney
Star Zeng