Re: [Patch] MdeModulePkg/DxeCapsuleLibFmp: Verify nested capsule with FMP

public inbox for devel@edk2.groups.io
 help / color / mirror / Atom feed

From: "Zeng, Star" <star.zeng@intel.com>
To: "Yao, Jiewen" <jiewen.yao@intel.com>,
	"Kinney, Michael D" <michael.d.kinney@intel.com>,
	"edk2-devel@lists.01.org" <edk2-devel@lists.01.org>
Cc: "Dong, Eric" <eric.dong@intel.com>, "Zeng, Star" <star.zeng@intel.com>
Subject: Re: [Patch] MdeModulePkg/DxeCapsuleLibFmp: Verify nested capsule with FMP
Date: Thu, 8 Feb 2018 05:32:32 +0000	[thread overview]
Message-ID: <0C09AFA07DD0434D9E2A0C6AEB0483103BA3D80F@shsmsx102.ccr.corp.intel.com> (raw)
In-Reply-To: <74D8A39837DF1E4DA445A8C0B3885C503AABC058@shsmsx102.ccr.corp.intel.com>

Reviewed-by: Star Zeng <star.zeng@intel.com>

Thanks,
Star
-----Original Message-----
From: Yao, Jiewen 
Sent: Thursday, February 8, 2018 8:18 AM
To: Kinney, Michael D <michael.d.kinney@intel.com>; edk2-devel@lists.01.org
Cc: Zeng, Star <star.zeng@intel.com>; Dong, Eric <eric.dong@intel.com>
Subject: RE: [Patch] MdeModulePkg/DxeCapsuleLibFmp: Verify nested capsule with FMP

Reviewed-by: Jiewen.yao@intel.com

> -----Original Message-----
> From: Kinney, Michael D
> Sent: Thursday, February 8, 2018 2:50 AM
> To: edk2-devel@lists.01.org
> Cc: Yao, Jiewen <jiewen.yao@intel.com>; Zeng, Star 
> <star.zeng@intel.com>; Dong, Eric <eric.dong@intel.com>; Kinney, 
> Michael D <michael.d.kinney@intel.com>
> Subject: [Patch] MdeModulePkg/DxeCapsuleLibFmp: Verify nested capsule 
> with FMP
> 
> https://bugzilla.tianocore.org/show_bug.cgi?id=873
> 
> Update IsNestedFmpCapsule() to verify the CapsuleGuid in the 
> CapsuleHeader against the installed Firmware Management Protocol 
> instances.  The current logic that uses the ESRT Table does not work 
> because capsules are processed before the ESRT Table is published at 
> the Ready To Boot event.
> 
> Cc: Jiewen Yao <jiewen.yao@intel.com>
> Cc: Star Zeng <star.zeng@intel.com>
> Cc: Eric Dong <eric.dong@intel.com>
> Contributed-under: TianoCore Contribution Agreement 1.1
> Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com>
> ---
>  .../Library/DxeCapsuleLibFmp/DxeCapsuleLib.c       | 27
> ++++++++++++----------
>  .../Library/DxeCapsuleLibFmp/DxeCapsuleLib.inf     |  3 +--
>  2 files changed, 16 insertions(+), 14 deletions(-)
> 
> diff --git a/MdeModulePkg/Library/DxeCapsuleLibFmp/DxeCapsuleLib.c
> b/MdeModulePkg/Library/DxeCapsuleLibFmp/DxeCapsuleLib.c
> index 2f397789b5..87e1deec03 100644
> --- a/MdeModulePkg/Library/DxeCapsuleLibFmp/DxeCapsuleLib.c
> +++ b/MdeModulePkg/Library/DxeCapsuleLibFmp/DxeCapsuleLib.c
> @@ -10,7 +10,7 @@
>    ValidateFmpCapsule(), DisplayCapsuleImage(), ConvertBmpToGopBlt() will
>    receive untrusted input and do basic validation.
> 
> -  Copyright (c) 2016 - 2017, Intel Corporation. All rights 
> reserved.<BR>
> +  Copyright (c) 2016 - 2018, Intel Corporation. All rights 
> + reserved.<BR>
>    This program and the accompanying materials
>    are licensed and made available under the terms and conditions of 
> the BSD License
>    which accompanies this distribution.  The full text of the license 
> may be found at @@ -1446,7 +1446,6 @@ IsNestedFmpCapsule (
>    )
>  {
>    EFI_STATUS                 Status;
> -  EFI_SYSTEM_RESOURCE_TABLE  *Esrt;
>    EFI_SYSTEM_RESOURCE_ENTRY  *EsrtEntry;
>    UINTN                      Index;
>    BOOLEAN                    EsrtGuidFound;
> @@ -1454,6 +1453,8 @@ IsNestedFmpCapsule (
>    UINTN                      NestedCapsuleSize;
>    ESRT_MANAGEMENT_PROTOCOL   *EsrtProtocol;
>    EFI_SYSTEM_RESOURCE_ENTRY  Entry;
> +  EFI_HANDLE                 *HandleBuffer;
> +  UINTN                      NumberOfHandles;
> 
>    EsrtGuidFound = FALSE;
>    if (mIsVirtualAddrConverted) {
> @@ -1479,19 +1480,21 @@ IsNestedFmpCapsule (
>      }
> 
>      //
> -    // Check ESRT configuration table
> +    // Check Firmware Management Protocols
>      //
>      if (!EsrtGuidFound) {
> -      Status = EfiGetSystemConfigurationTable(&gEfiSystemResourceTableGuid,
> (VOID **)&Esrt);
> +      HandleBuffer = NULL;
> +      Status = GetFmpHandleBufferByType (
> +                 &CapsuleHeader->CapsuleGuid,
> +                 0,
> +                 &NumberOfHandles,
> +                 &HandleBuffer
> +                 );
>        if (!EFI_ERROR(Status)) {
> -        ASSERT (Esrt != NULL);
> -        EsrtEntry = (VOID *)(Esrt + 1);
> -        for (Index = 0; Index < Esrt->FwResourceCount; Index++, EsrtEntry++)
> {
> -          if (CompareGuid(&EsrtEntry->FwClass,
> &CapsuleHeader->CapsuleGuid)) {
> -            EsrtGuidFound = TRUE;
> -            break;
> -          }
> -        }
> +        EsrtGuidFound = TRUE;
> +      }
> +      if (HandleBuffer != NULL) {
> +        FreePool (HandleBuffer);
>        }
>      }
>    }
> diff --git a/MdeModulePkg/Library/DxeCapsuleLibFmp/DxeCapsuleLib.inf
> b/MdeModulePkg/Library/DxeCapsuleLibFmp/DxeCapsuleLib.inf
> index a7c36993c4..90edc52ee0 100644
> --- a/MdeModulePkg/Library/DxeCapsuleLibFmp/DxeCapsuleLib.inf
> +++ b/MdeModulePkg/Library/DxeCapsuleLibFmp/DxeCapsuleLib.inf
> @@ -3,7 +3,7 @@
>  #
>  #  Capsule library instance for DXE_DRIVER module types.
>  #
> -#  Copyright (c) 2016 - 2017, Intel Corporation. All rights 
> reserved.<BR>
> +#  Copyright (c) 2016 - 2018, Intel Corporation. All rights 
> +reserved.<BR>
>  #  This program and the accompanying materials  #  are licensed and 
> made available under the terms and conditions of the BSD License  #  
> which accompanies this distribution.  The full text of the license may 
> be found at @@ -72,7 +72,6 @@  [Guids]
>    gEfiFmpCapsuleGuid                      ## SOMETIMES_CONSUMES
> ## GUID
>    gWindowsUxCapsuleGuid                   ## SOMETIMES_CONSUMES
> ## GUID
> -  gEfiSystemResourceTableGuid             ## SOMETIMES_CONSUMES ##
> GUID
>    ## SOMETIMES_CONSUMES ## Variable:L"CapsuleMax"
>    ## SOMETIMES_PRODUCES ## Variable:L"CapsuleMax"
>    gEfiCapsuleReportGuid
> --
> 2.14.2.windows.3

next prev parent reply	other threads:[~2018-02-08  5:26 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2018-02-07 18:49 [Patch] MdeModulePkg/DxeCapsuleLibFmp: Verify nested capsule with FMP Kinney, Michael D
2018-02-08  0:17 ` Yao, Jiewen
2018-02-08  5:32   ` Zeng, Star [this message]
2018-02-11  0:18     ` Bret Barkelew

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-list from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=0C09AFA07DD0434D9E2A0C6AEB0483103BA3D80F@shsmsx102.ccr.corp.intel.com \
    --to=devel@edk2.groups.io \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox