REF: https://github.com/tianocore/tianocore.github.io/wiki/
UEFI-Capsule-on-Disk-Introducation
CoDCheckCapsuleOnDiskFlag() is to check if CapsuleOnDisk flag in
"OsIndications" Variable is enabled. It is used to indicate whether
capsule on disk is provisioned in normal boot path.
CoDClearCapsuleOnDiskFlag() is to to clear CapsuleOnDisk flags,
including "OsIndications" and "BootNext" variable.
CoDRelocateCapsule() is to relocate the capsules from EFI system
partition. Depends on PcdCapsuleInRamSupport, there are two solutions
to relocate the capsule on disk images:
When Capsule In Ram is supported, the Capsule On Disk images are
relocated into memory, and call UpdateCapsule() service to deliver
the capsules.
When Capsule In Ram is not supported, the Capsule On Disk images are
relocated into a temp file which will be stored in root directory on
a platform specific storage device. CapsuleOnDiskLoadPei PEIM will
retrieve the capsules from the relocation temp file and report
capsule hobs for them.
CoDRemoveTempFile() is to remove the relocation temp file in the next
boot after capsules are processed.
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Hao A Wu <hao.a.wu@intel.com>
Cc: Chao B Zhang <chao.b.zhang@intel.com>
Signed-off-by: Wei6 Xu <wei6.xu@intel.com>
Reviewed-by: Chao B Zhang <chao.b.zhang@intel.com>
Acked-by: Hao A Wu <hao.a.wu@intel.com>
https://github.com/tianocore/tianocore.github.io/wiki/UEFI-Capsule-
on-Disk-Introducation
CoDCheckCapsuleOnDiskFlag() is to check if CapsuleOnDisk flag in
"OsIndications" Variable is enabled. It is used to indicate whether
capsule on disk is provisioned in normal boot path.
CoDClearCapsuleOnDiskFlag() is to to clear CapsuleOnDisk flags,
including "OsIndications" and "BootNext" variable.
CoDRelocateCapsule() is to relocate the capsules from EFI system
partition. Depends on PcdCapsuleInRamSupport, there are two solutions
to relocate the capsule on disk images:
When Capsule In Ram is supported, the Capsule On Disk images are
relocated into memory, and call UpdateCapsule() service to deliver
the capsules.
When Capsule In Ram is not supported, the Capsule On Disk images are
relocated into a temp file which will be stored in root directory on
a platform specific storage device. CapsuleOnDiskLoadPei PEIM will
retrieve the capsules from the relocation temp file and report
capsule hobs for them.
CoDRemoveTempFile() is to remove the relocation temp file in the next
boot after capsules are processed.
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Hao A Wu <hao.a.wu@intel.com>
Cc: Chao B Zhang <chao.b.zhang@intel.com>
Signed-off-by: Wei6 Xu <wei6.xu@intel.com>
Reviewed-by: Hao A Wu <hao.a.wu@intel.com>
Reviewed-by: Chao B Zhang <chao.b.zhang@intel.com>
The DxeCapsuleLibFmp code accesses the ESRT table to decide whether
a certain capsule is an FMP capsule. Since the UEFI spec mandates
that the ESRT resides in EfiBootServicesData memory, this results
in problems at OS runtime, since the firmware implementation itself
cannot access memory that has not been virtually remapped.
So let's take a private copy of the ESRT at ReadyToBoot, and store
it in EfiRuntimeServicesData memory. The ESRT's size is order 10s
of bytes so the memory footprint is going to be negligigble.
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Acked-by: Hao Wu <hao.a.wu@intel.com>
Reviewed-by: Michael D Kinney <michael.d.kinney@intel.com>
As reported by Gary, the recent LoadImage/StartImage changes to
accommodate dispatching PE/COFF images built for foreign architectures
may result in a crash when loading an IA32 option ROM into a X64 VM
running OVMF:
Loading driver at 0x0007E537000 EntryPoint=0x0007E53C06D 8086100e.efi
InstallProtocolInterface: BC62157E-3E33-4FEC-9920-2D3B36D750DF 7F003B98
ProtectUefiImageCommon - 0x7F002BC0
- 0x000000007E537000 - 0x000000000009F900
Image type IA32 can't be started on X64 UEFI system.
ASSERT MdeModulePkg/Core/Dxe/Mem/Pool.c(698): Head->Signature == ((('p') |
('h' << 8)) | ((('d') | ('0' << 8)) << 16)) || Head->Signature
== ((('p') | ('h' << 8)) | ((('d') | ('1' << 8)) << 16))
This turns out to be caused by the deferred image loading code in BDS,
which ends up trying to free an uninitialized 'ExitData' pointer.
Given that ExitData is never actually used, let's just get rid of it
entirely. While we're at it, drop the pointless assignment of Status
as well.
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Tested-by: Gary Lin <glin@suse.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Hao Wu <hao.a.wu@intel.com>
Allow PE/COFF images that must execute under emulation for Driver####
options, by removing the redundant machine type check from the BDS code.
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Michael D Kinney <michael.d.kinney@intel.com>
Reviewed-by: Hao Wu <hao.a.wu@intel.com>
The system environment: virtual-CDROM(USB interface) via BMC, insert a
iso file to CDROM, like ubuntu-18.04.1-server-arm64.iso, change CDROM
to first boot option.
With release version bios, disconnecting CDROM when boot to
"1 seconds left, Press Esc or F2 to enter Setup"
then system will get a exception.
The root cause is the EFI_BLOCK_IO_PROTOCOL for UsbMass will be uninstalled
in this situation after print some transfer error. The status will be
invalid parameter. This line will get a exception for BlockIo not point
to right address:
AllocatePool (BlockIo->Media->BlockSize)
So, here need to judge the status after ASSERT_EFI_ERROR.
The Bugzilla tracker for this:
https://bugzilla.tianocore.org/show_bug.cgi?id=1631
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Ming Huang <ming.huang@linaro.org>
Reviewed-by: Leif Lindholm <leif.lindholm@linaro.org>
Reviewed-by: Hao Wu <hao.a.wu@intel.com>
In the EFI_RETURN_STATUS_EXTENDED_DATA structure from PI-1.7, there may be
padding between the DataHeader and ReturnStatus members. The
REPORT_STATUS_CODE_EX() macro starts populating the structure immediately
after DataHeader, therefore the source data must provide for the padding.
Extract the BmReportLoadFailure() function from EfiBootManagerBoot(),
prepare a zero padding (if any) in a temporary
EFI_RETURN_STATUS_EXTENDED_DATA object, and fix the
REPORT_STATUS_CODE_EX() macro invocation.
Cc: Dandan Bi <dandan.bi@intel.com>
Cc: Hao Wu <hao.a.wu@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Ray Ni <ray.ni@intel.com>
Cc: Sean Brogan <sean.brogan@microsoft.com>
Cc: Star Zeng <star.zeng@intel.com>
Bugzilla: https://bugzilla.tianocore.org/show_bug.cgi?id=1539
Fixes: c2cf8720a5
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Ray Ni <ray.ni@intel.com>
This commit is out of the scope for BZ-1409. It is a refinement for the
PEI library instance within SmmLockBoxLib.
For the below ASSERT statement within function RestoreLockBox():
Status = SmmCommunicationPpi->Communicate (
SmmCommunicationPpi,
&CommBuffer[0],
&CommSize
);
if (Status == EFI_NOT_STARTED) {
//
// Pei SMM communication not ready yet, so we access SMRAM directly
//
DEBUG ((DEBUG_INFO, "SmmLockBoxPeiLib Communicate - (%r)\n", Status));
Status = InternalRestoreLockBoxFromSmram (Guid, Buffer, Length);
LockBoxParameterRestore->Header.ReturnStatus = (UINT64)Status;
if (Length != NULL) {
LockBoxParameterRestore->Length = (UINT64)*Length;
}
}
ASSERT_EFI_ERROR (Status);
It is possible for previous codes to return an error status that is
possible for happen. One example is that, when the 'if' statement
'if (Status == EFI_NOT_STARTED) {' is entered, function
InternalRestoreLockBoxFromSmram() is possible to return 'BUFFER_TOO_SMALL'
if the caller of RestoreLockBox() provides a buffer that is too small to
hold the content of LockBox.
Thus, this commit will remove the ASSERT here.
Please note that the current implementation of RestoreLockBox() is
handling the above-mentioned error case properly, so no additional error
handling codes are needed here.
Cc: Jian J Wang <jian.j.wang@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Hao Wu <hao.a.wu@intel.com>
Reviewed-by: Ray Ni <ray.ni@intel.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Star Zeng <star.zeng@intel.com>
This commit is out of the scope for BZ-1409. It is a coding style
refinement for the SmmLockBoxLib.
More specifically, the commit will remove all the debug message display
level macros starting with 'EFI_D_' and replace them with macros starting
with 'DEBUG_'.
Cc: Jian J Wang <jian.j.wang@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Hao Wu <hao.a.wu@intel.com>
Reviewed-by: Ray Ni <ray.ni@intel.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Star Zeng <star.zeng@intel.com>
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1114
V2: simplify the code logic.
update
if (!mHaveExitedBootServices &&
(StatusCodeData != (EFI_STATUS_CODE_DATA *) StatusCodeBuffer)) {
gBS->FreePool (StatusCodeData);
}
to
if (StatusCodeData != (EFI_STATUS_CODE_DATA *) StatusCodeBuffer) {
gBS->FreePool (StatusCodeData);
}
V3:
And the code below into the else condition (stack buffer is not enough)
in /DxeReportStatusCodeLib/ReportStatusCodeLib.c
if (gBS == NULL || gBS->AllocatePool == NULL || gBS->FreePool == NULL) {
return EFI_UNSUPPORTED;
}
V4:
Refine code logic.
When report status code with ExtendedData data,
and the extended data can fit in the local static buffer,
there is no need to use AllocatePool to hold the ExtendedData data.
This patch is just to do the enhancement to avoid using AllocatePool.
Cc: Star Zeng <star.zeng@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Hao Wu <hao.a.wu@intel.com>
Cc: Michael Turner <Michael.Turner@microsoft.com>
Cc: Liming Gao <liming.gao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Dandan Bi <dandan.bi@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
Reviewed-by: Star Zeng <star.zeng@intel.com>
In some cases, such as MD RAID1 in Linux, the bootloader may be in a
nested EFI system partition partition. For example, sda1 and sdb1 are
combined as md0 and the first partition of md0, md0p1, is an EFI system
partition. Then, the bootloader can be located by the following device
paths:
PCI()/SATA(sda)/Partition(sda1)/Partition(md0p1)/File(bootloader.efi)
PCI()/SATA(sdb)/Partition(sdb1)/Partition(md0p1)/File(bootloader.efi)
To make the boot option more resilient, we may create a boot option with
the short-form device path like "Partition(md0p1)/File(bootloader.efi)".
However, BmMatchPartitionDevicePathNode() only matched the first
partition node and ignored the nested partitions, so the firmware would
refuse to load bootloader.efi since "Partition(md0p1)" doesn't match
either "Partition(sda1)" or "Partition(sda2)".
This commit modifies BmMatchPartitionDevicePathNode() to iterate all
nested partitions so that the above boot option could work.
v2 - Simplify the node matching logic
Cc: Ruiyu Ni <ruiyu.ni@intel.com>
Cc: Star Zeng <star.zeng@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Hao Wu <hao.a.wu@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Gary Lin <glin@suse.com>
Reviewed-by: Ray Ni <ray.ni@intel.com>
Permit CheckUefiLib to be used by MM_STANDALONE modules. Since this
library has a constructor, change the library's module type into
BASE so its constructor prototype is compatible with MM_STANDALONE
as well.
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
Reviewed-by: Star Zeng <star.zeng@intel.com>
Add MM_STANDALONE to the list of permitted module types of the
VarCheckLib library implementation.
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
Reviewed-by: Star Zeng <star.zeng@intel.com>.
Add MM_STANDALONE to the list of permitted module types of the
AuthVariableLibNull library implementation.
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
Reviewed-by: Star Zeng <star.zeng@intel.com>.
In order to permit MM_STANDALONE modules to be built without relying
on StandaloneMmPkg, provide a BASE type NULL implementation of
MemoryAllocationLib.
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
Reviewed-by: Star Zeng <star.zeng@intel.com>.
In order to permit MM_STANDALONE modules to be built without relying
on StandaloneMmPkg, provide a BASE type NULL implementation of HobLib.
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
Reviewed-by: Star Zeng <star.zeng@intel.com>.
Struct packing is only necessary for data structures whose in-memory
representation is covered by the PI or UEFI specs, and may deviate
from the ordinary C rules for alignment.
So in case of FileExplorerLib, this applies to the device path struct
only, and other structures used to carry program data should not be
packed, or we may end up with alignment faults on architectures such
as ARM, which don't permit load/store double or multiple instructions
to access memory locations that are not 32-bit aligned.
E.g., the following call in FileExplorerLibConstructor()
InitializeListHead (&gFileExplorerPrivate.FsOptionMenu->Head);
which is emitted as follows for 32-bit ARM/Thumb2 by Clang-5.0
3de0: b510 push {r4, lr}
3de2: 4604 mov r4, r0
...
3de8: e9c4 4400 strd r4, r4, [r4]
3dec: bd10 pop {r4, pc}
will perform a double-word store on the first argument, passed in
register r0, assuming that the pointer type of the argument is
enough to guarantee that the value is suitably aligned.
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Hao Wu <hao.a.wu@intel.com>
Remove unused module type restriction for NULL instance.
Cc: Star Zeng <star.zeng@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Jiewen Yao <jiewen.yao@intel.com>
Reviewed-by: Star Zeng <star.zeng@intel.com>
This change is to pass static analysis.
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Liming Gao <liming.gao@intel.com>
Reviewed-by: Star Zeng <star.zeng@intel.com>
