Update the logic handling last attempt status codes from
FmpDeviceCheckImageWithStatus() implementations to account for
cases when the function return status code is EFI_SUCCESS
(since the image was checked successfully) but the ImageUpdatable
value is not valid.
In addition the following sentence is removed from the
LastAttemptStatus parameter definition for
FmpDeviceCheckImageWithStatus() since it can lead to confusion.
The expected status code value range is sufficient to implement
the library API.
"This value will only be checked when this
function returns an error."
Cc: Liming Gao <gaoliming@byosoft.com.cn>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Guomin Jiang <guomin.jiang@intel.com>
Cc: Wei6 Xu <wei6.xu@intel.com>
Signed-off-by: Michael Kubacki <michael.kubacki@microsoft.com>
Reviewed-by: Guomin Jiang <guomin.jiang@intel.com>
Commit 6ad819c introduced two new functions in FmpDeviceLib:
1. FmpDeviceCheckImageWithStatus ()
2. FmpDeviceSetImageWithStatus ()
These functions allow an FmpDeviceLib implementation to return a
Last Attempt Status code value within the Device Library range from
LAST_ATTEMPT_STATUS_DEVICE_LIBRARY_MIN_ERROR_CODE_VALUE to
LAST_ATTEMPT_STATUS_DEVICE_LIBRARY_MAX_ERROR_CODE_VALUE.
To maintain backward compatibility, commit 6ad819c did not update
the FmpDxe driver to invoke these functions. FmpDeviceLib instances
should update their FmpDeviceCheckImage () function to simply call
FmpDeviceCheckImageWithStatus (). Similarly, FmpDeviceSetImage ()
should simply call FmpDeviceSetImageWithStatus (). This is
demonstrated in the implementation of these functions in
FmpDevicePkg/Library/FmpDeviceLibNull/FmpDeviceLib.c. By doing so,
the library can remain compatible with FmpDxe implementations before
and after this transition.
This commit updates FmpDxe to call the WithStatus () version of
these functions enabling the Last Attempt Status code returned to
be accessible to FmpDxe.
Cc: Liming Gao <gaoliming@byosoft.com.cn>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Guomin Jiang <guomin.jiang@intel.com>
Cc: Wei6 Xu <wei6.xu@intel.com>
Signed-off-by: Michael Kubacki <michael.kubacki@microsoft.com>
Reviewed-by: Wei6 Xu <wei6.xu@intel.com>
Acked-by: Liming Gao <gaoliming@byosoft.com.cn>
CheckTheImage() is currently used to provide the CheckImage()
implementation for the EFI_FIRMWARE_MANAGEMENT_PROTOCOL instance
produced by FmpDxe in addition to being called internally in the
SetImage() path.
Since CheckTheImage() plays a major role in determining the
validity of a given firmware image, an internal version of the
function is introduced - CheckTheImageInternal() that is capable
of returning a Last Attempt Status code to internal callers such
as SetTheImage().
The CheckImage() API as defined in the UEFI Specification for
EFI_FIRMWARE_MANAGEMENT_PROTOCOL is not impacted by this change.
CheckTheImageInternal() contains unique Last Attempt Status codes
during error paths in the function so it is easier to identify
the issue with a particular image through the Last Attempt Status
code value.
Cc: Liming Gao <gaoliming@byosoft.com.cn>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Guomin Jiang <guomin.jiang@intel.com>
Cc: Wei6 Xu <wei6.xu@intel.com>
Signed-off-by: Michael Kubacki <michael.kubacki@microsoft.com>
Acked-by: Liming Gao <gaoliming@byosoft.com.cn>
Reviewed-by: Wei6 Xu <wei6.xu@intel.com>
Reviewed-by: Michael D Kinney <michael.d.kinney@intel.com>
A user may fall through to the case they depend on the
PcdFmpDeviceImageTypeIdGuid value to get the ImageTypeId GUID
value. The default PCD value is 0 (NULL) so the code would
further fall back on the gEfiCallerIdGuid value.
This change modifies the print error level for the message that
indicates this occurred to DEBUG_WARN from DEBUG_INFO to better
warn the user that this occurred.
Cc: Liming Gao <liming.gao@intel.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Guomin Jiang <guomin.jiang@intel.com>
Cc: Wei6 Xu <wei6.xu@intel.com>
Signed-off-by: Michael Kubacki <michael.kubacki@microsoft.com>
Reviewed-by: Michael D Kinney <michael.d.kinney@intel.com>
Reviewed-by: Guomin Jiang <guomin.jiang@intel.com>
Reviewed-by: Wei6 Xu <wei6.xu@intel.com>
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2421
Capsule Dependency is an incremental change of Fmp Capsule Update. The
capsule format is extended to include a set of binary encoded dependency
expression. The dependency expression is signed together with the Fmp
payload and evaluated before update is applied.
This feature is defined in UEFI Spec 2.8.
The dependency evaluation has two steps:
1. Validate platform existing Fmp images' version satisfy the dependency
expression in capsule image.
2. Validate the capsule image version satisfy all the platform existing
Fmp image's dependency expression.
If the dependency expression evaluates to FALSE, then the capsule update
fails and last attempt status is set to
LAST_ATTEMPT_STATUS_ERROR_UNSATISFIED_DEPENDENCIES.
The dependency saving and getting is FmpDeviceLib implementation scope.
The parameter "Image" of FmpDeviceSetImage and FmpDeviceGetImage function
is extended to contain the dependency. The layout:
+--------------------------+
| Dependency Op-codes |
+--------------------------+
| Fmp Payload Image |
+--------------------------+
1. FmpDeviceSetImage is responsible for retrieving the dependency from the
parameter "Image" and saving it to a protected storage.
2. FmpDeviceGetImage is responsible for retrieving the dependency from the
storage where FmpDeviceSetImage saves dependency and combining it with the
Fmp Payload Image into one buffer which is returned to the caller. This
dependency will be populated into EFI_FIRMWARE_IMAGE_DESCRIPTOR and used
for dependency evaluation.
3. FmpDeviceGetAttributes must set the bit IMAGE_ATTRIBUTE_DEPENDENCY to
indicate the Fmp device supports Fmp Capsule Dependency feature.
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Liming Gao <liming.gao@intel.com>
Signed-off-by: Wei6 Xu <wei6.xu@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1525
Add PCD PcdFmpDeviceStorageAccessEnable. If this PCD is
TRUE, then the Firmware Management Protocol supports access
to the firmware storage device. This is the default setting.
If FALSE, then Firmware Management Protocol services that
access the firmware storage device return EFI_UNSUPPORTED
except GetImageInfo(). Setting this value to FALSE produces
the smallest possible FmpDxe driver that still advertises the
updatable firmware component in the ESRT.
Cc: Sean Brogan <sean.brogan@microsoft.com>
Cc: Bret Barkelew <Bret.Barkelew@microsoft.com>
Cc: Liming Gao <liming.gao@intel.com>
Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com>
Reviewed-by: Eric Jin <eric.jin@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
Current code locks variables in PcdFmpDeviceLockEventGuid callback by
VariableLock protocol whose interface will be closed at EndOfDxe.
So the PcdFmpDeviceLockEventGuid callback needs be executed before
the EndOfDxe callback in Variable driver.
When PcdFmpDeviceLockEventGuid = gEfiEndOfDxeEventGroupGuid, the
callback's execution sequence depends on the callback's TPL and
registration sequence.
When PcdFmpDeviceLockEventGuid = gEfiEventReadyToBootGuid, the
PcdFmpDeviceLockEventGuid callback will be executed after the
EndOfDxe callback in Variable driver, the locking will fail.
The patch moves the variables locking logic to entrypoint.
The patch also moves the IsLockFmpDeviceAtLockEventGuidRequired ()
checking to entrypoint.
The entrypoint's final return status should be better to depend on
the return status of RegisterFmpInstaller/InstallFmpInstance, but not
gBS->CreateEventEx.
So the patch also moves the RegisterFmpInstaller/InstallFmpInstance
calling to the end of entrypoint.
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Michael D Kinney <michael.d.kinney@intel.com>
No need repopulate if SetImage is not called.
But need repopulate after SetImage is called to update
LastAttemptVersion and LastAttemptStatus
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Michael D Kinney <michael.d.kinney@intel.com>
Some static tool reports "DeviceLibLowestSupportedVersion" is used,
but is uninitialized. It is false positive reporting based because
DeviceLibLowestSupportedVersion will have assigned value after
FmpDeviceGetLowestSupportedVersion() returns SUCCESS.
This patch updates the code to initialize
DeviceLibLowestSupportedVersion
to DEFAULT_LOWESTSUPPORTEDVERSION before calling
FmpDeviceGetLowestSupportedVersion().
It can pass the static tool's check.
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Michael D Kinney <michael.d.kinney@intel.com>
Instead of EFI_ACCESS_DENIED which is not defined in retval by
UEFI spec, return UNSUPPORTED if device has been locked in
SetTheImage().
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Michael D Kinney <michael.d.kinney@intel.com>
It does not make sense to check the Image/ImageSize if ImageIndex
has been invalid.
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Michael D Kinney <michael.d.kinney@intel.com>
Current code return 1 when LSV check is not required,
but 1 LSV will make 0 Version capsule image update failed.
0 LSV is valid, this patch updates the code to return 0 when
LSV check is not required
We can see even the DEFAULT_LOWESTSUPPORTEDVERSION is 0.
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Michael D Kinney <michael.d.kinney@intel.com>
https://bugzilla.tianocore.org/show_bug.cgi?id=922
Based on content from the following branch:
https://github.com/Microsoft/MS_UEFI/tree/share/MsCapsuleSupport/MsCapsuleUpdatePkg
The FmpDxe directory contains 2 INF files. FmpDxe.inf
is a DXE driver that is used in a platform to add a
Firmware Management Protocol for firmware device that
supports firmware updates.
FmpDxeLib.inf is a NULL library instance with the exact
same functionality as FmpDxe.inf, but allows the the
Firmware Management Protocol feature to be added to
an existing device driver.
The FmpDxe component is intended to be used "as is"
with no need for any device specific or platform specific
changes.
Cc: Sean Brogan <sean.brogan@microsoft.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com>
Reviewed-by: Star Zeng <star.zeng@intel.com>
