From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <star.zeng@intel.com>
Received-SPF: Pass (sender SPF authorized) identity=mailfrom;
 client-ip=134.134.136.126; helo=mga18.intel.com;
 envelope-from=star.zeng@intel.com; receiver=edk2-devel@lists.01.org 
Received: from mga18.intel.com (mga18.intel.com [134.134.136.126])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by ml01.01.org (Postfix) with ESMTPS id 45B78207E36C6
 for <edk2-devel@lists.01.org>; Thu,  7 Jun 2018 19:57:49 -0700 (PDT)
X-Amp-Result: SKIPPED(no attachment in message)
X-Amp-File-Uploaded: False
Received: from orsmga002.jf.intel.com ([10.7.209.21])
 by orsmga106.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384;
 07 Jun 2018 19:57:48 -0700
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.49,489,1520924400"; d="scan'208";a="65296659"
Received: from fmsmsx103.amr.corp.intel.com ([10.18.124.201])
 by orsmga002.jf.intel.com with ESMTP; 07 Jun 2018 19:57:48 -0700
Received: from FMSMSX109.amr.corp.intel.com (10.18.116.9) by
 FMSMSX103.amr.corp.intel.com (10.18.124.201) with Microsoft SMTP Server (TLS)
 id 14.3.319.2; Thu, 7 Jun 2018 19:57:48 -0700
Received: from shsmsx151.ccr.corp.intel.com (10.239.6.50) by
 fmsmsx109.amr.corp.intel.com (10.18.116.9) with Microsoft SMTP Server (TLS)
 id 14.3.319.2; Thu, 7 Jun 2018 19:57:48 -0700
Received: from shsmsx102.ccr.corp.intel.com ([169.254.2.223]) by
 SHSMSX151.ccr.corp.intel.com ([169.254.3.116]) with mapi id 14.03.0319.002;
 Fri, 8 Jun 2018 10:57:45 +0800
From: "Zeng, Star" <star.zeng@intel.com>
To: Ard Biesheuvel <ard.biesheuvel@linaro.org>, "edk2-devel@lists.01.org"
 <edk2-devel@lists.01.org>
CC: "leif.lindholm@linaro.org" <leif.lindholm@linaro.org>, "Kinney, Michael D"
 <michael.d.kinney@intel.com>, "Yao, Jiewen" <jiewen.yao@intel.com>, "Zeng, 
 Star" <star.zeng@intel.com>
Thread-Topic: [PATCH 2/5] MdeModulePkg/DxeCapsuleLibFmp: permit
 ProcessCapsules () to be called once
Thread-Index: AQHT/k/fJo6SlBKe2kmiCA73dI3pQqRVq4aw
Date: Fri, 8 Jun 2018 02:57:45 +0000
Message-ID: <0C09AFA07DD0434D9E2A0C6AEB0483103BB54B6F@shsmsx102.ccr.corp.intel.com>
References: <20180607110812.26778-1-ard.biesheuvel@linaro.org>
 <20180607110812.26778-3-ard.biesheuvel@linaro.org>
In-Reply-To: <20180607110812.26778-3-ard.biesheuvel@linaro.org>
Accept-Language: zh-CN, en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-originating-ip: [10.239.127.40]
MIME-Version: 1.0
Subject: Re: [PATCH 2/5] MdeModulePkg/DxeCapsuleLibFmp: permit ProcessCapsules () to be called once
X-BeenThere: edk2-devel@lists.01.org
X-Mailman-Version: 2.1.26
Precedence: list
List-Id: EDK II Development  <edk2-devel.lists.01.org>
List-Unsubscribe: <https://lists.01.org/mailman/options/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=unsubscribe>
List-Archive: <http://lists.01.org/pipermail/edk2-devel/>
List-Post: <mailto:edk2-devel@lists.01.org>
List-Help: <mailto:edk2-devel-request@lists.01.org?subject=help>
List-Subscribe: <https://lists.01.org/mailman/listinfo/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=subscribe>
X-List-Received-Date: Fri, 08 Jun 2018 02:57:49 -0000
Content-Language: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

Without the patch, PopulateCapsuleInConfigurationTable is only run at first=
 round.
With the patch, PopulateCapsuleInConfigurationTable is only run at last rou=
nd.

Is that expected?

Jiewen, could you help check whether the patch meets the original design pu=
rpose or any security concern?


Thanks,
Star
-----Original Message-----
From: Ard Biesheuvel [mailto:ard.biesheuvel@linaro.org]=20
Sent: Thursday, June 7, 2018 7:08 PM
To: edk2-devel@lists.01.org
Cc: leif.lindholm@linaro.org; Kinney, Michael D <michael.d.kinney@intel.com=
>; Yao, Jiewen <jiewen.yao@intel.com>; Zeng, Star <star.zeng@intel.com>; Ar=
d Biesheuvel <ard.biesheuvel@linaro.org>
Subject: [PATCH 2/5] MdeModulePkg/DxeCapsuleLibFmp: permit ProcessCapsules =
() to be called once

Permit ProcessCapsules () to be called only a single time, after EndOfDxe. =
This allows platforms that are able to update system firmware after EndOfDx=
e (e.g., because the flash ROM is not locked
down) to do so at a time when a non-trusted console is up and running, and =
progress can be reported to the user.

Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
---
 MdeModulePkg/Library/DxeCapsuleLibFmp/DxeCapsuleProcessLib.c | 20 ++++++++=
++++--------
 1 file changed, 12 insertions(+), 8 deletions(-)

diff --git a/MdeModulePkg/Library/DxeCapsuleLibFmp/DxeCapsuleProcessLib.c b=
/MdeModulePkg/Library/DxeCapsuleLibFmp/DxeCapsuleProcessLib.c
index 26ca4e295f20..52691fa68be4 100644
--- a/MdeModulePkg/Library/DxeCapsuleLibFmp/DxeCapsuleProcessLib.c
+++ b/MdeModulePkg/Library/DxeCapsuleLibFmp/DxeCapsuleProcessLib.c
@@ -100,6 +100,7 @@ IsValidCapsuleHeader (
=20
 extern BOOLEAN                   mDxeCapsuleLibEndOfDxe;
 BOOLEAN                          mNeedReset;
+BOOLEAN                          mFirstRound =3D TRUE;
=20
 VOID                        **mCapsulePtr;
 EFI_STATUS                  *mCapsuleStatusArray;
@@ -364,8 +365,10 @@ PopulateCapsuleInConfigurationTable (
=20
   Each individual capsule result is recorded in capsule record variable.
=20
-  @param[in]  FirstRound         TRUE:  First round. Need skip the FMP cap=
sules with non zero EmbeddedDriverCount.
-                                 FALSE: Process rest FMP capsules.
+  @param[in]  LastRound          FALSE:  First of multiple rounds. Need sk=
ip the
+                                         FMP capsules with non zero
+                                         EmbeddedDriverCount.
+                                 TRUE:   Process rest FMP capsules.
=20
   @retval EFI_SUCCESS             There is no error when processing capsul=
es.
   @retval EFI_OUT_OF_RESOURCES    No enough resource to process capsules.
@@ -373,7 +376,7 @@ PopulateCapsuleInConfigurationTable (  **/  EFI_STATUS =
 ProcessTheseCapsules (
-  IN BOOLEAN  FirstRound
+  IN BOOLEAN  LastRound
   )
 {
   EFI_STATUS                  Status;
@@ -384,8 +387,9 @@ ProcessTheseCapsules (
=20
   REPORT_STATUS_CODE(EFI_PROGRESS_CODE, (EFI_SOFTWARE | PcdGet32(PcdStatus=
CodeSubClassCapsule) | PcdGet32(PcdCapsuleStatusCodeProcessCapsulesBegin)))=
;
=20
-  if (FirstRound) {
+  if (mFirstRound) {
     InitCapsulePtr ();
+    mFirstRound =3D FALSE;
   }
=20
   if (mCapsuleTotalNumber =3D=3D 0) {
@@ -404,7 +408,7 @@ ProcessTheseCapsules (
   // Check the capsule flags,if contains CAPSULE_FLAGS_POPULATE_SYSTEM_TAB=
LE, install
   // capsuleTable to configure table with EFI_CAPSULE_GUID
   //
-  if (FirstRound) {
+  if (LastRound) {
     PopulateCapsuleInConfigurationTable ();
   }
=20
@@ -453,7 +457,7 @@ ProcessTheseCapsules (
         continue;
       }
=20
-      if ((!FirstRound) || (EmbeddedDriverCount =3D=3D 0)) {
+      if (LastRound || (EmbeddedDriverCount =3D=3D 0)) {
         DEBUG((DEBUG_INFO, "ProcessCapsuleImage - 0x%x\n", CapsuleHeader))=
;
         Status =3D ProcessCapsuleImage (CapsuleHeader);
         mCapsuleStatusArray [Index] =3D Status; @@ -546,7 +550,7 @@ Proces=
sCapsules (
   EFI_STATUS                    Status;
=20
   if (!mDxeCapsuleLibEndOfDxe) {
-    Status =3D ProcessTheseCapsules(TRUE);
+    Status =3D ProcessTheseCapsules(FALSE);
=20
     //
     // Reboot System if and only if all capsule processed.
@@ -556,7 +560,7 @@ ProcessCapsules (
       DoResetSystem();
     }
   } else {
-    Status =3D ProcessTheseCapsules(FALSE);
+    Status =3D ProcessTheseCapsules(TRUE);
     //
     // Reboot System if required after all capsule processed
     //
--
2.17.0