public inbox for devel@edk2.groups.io
 help / color / mirror / Atom feed
* [PATCH V6 00/15] Add capsule support lib and app.
@ 2016-10-28  5:46 Jiewen Yao
  2016-10-28  5:46 ` [PATCH V6 01/15] MdeModulePkg/Include: Add FmpAuthenticationLib header Jiewen Yao
                   ` (14 more replies)
  0 siblings, 15 replies; 16+ messages in thread
From: Jiewen Yao @ 2016-10-28  5:46 UTC (permalink / raw)
  To: edk2-devel
  Cc: Feng Tian, Star Zeng, Michael D Kinney, Liming Gao, Chao Zhang,
	Jeff Fan

[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #1: Type: text/plain, Size: 14241 bytes --]

==Below is V6 description==
1) MdeModulePkg/CapsuleApp: Fix -D issue.
2) MdeModulePkg/DEC: Cleanup Capsule related StatusCode.
3) UefiCpuPkg: Remove MicrocodeUpdateApp
4) UefiCpuPkg: Add Microcode FMP build sample

Only series 1 and 3 are sent for update review.
The other series are unchanged.

The code is also in https://github.com/jyao1/edk2
V6 is at Capsule_V6 branch.
V5, V4, V3, V2, V1 are also pushed to coresponding branch.

==Below is V5 description==
1) MdeModulePkg/CapsuleApp: Remove [NR]. Add more description.
2) MdeModulePkg/DEC: Update StatusCode to OEM region.
3) MdeModulePkg/DxeCapsuleLib: Use NULL ProcessCapsules()
for runtime lib, because it is not needed for runtime.
4) MdeModulePkg/FmpAuthenticationLib: Add more description.
5) SignedCapsulePkg/DEC: Add data structure description
for PcdEdkiiSystemFirmwareImageDescriptor.
6) SignedCapsulePkg/DEC: Add Pkcs7 and Rsa2048 Key file PCD.
These 2 PCD are moved from platform pkg to SignedCapsulePkg.
7) QuarkPlatformPkg/FDF: Refine order of capsule section.
8) Fix typo and coding style issue.

Below items are defered to other patch series, because
the tool and library are not ready yet.

A) MdeModulePkg/DxeCapsuleLib: separate BMP parsing logic
to another library.
That is very good suggestion, and we agree it is a right direction.
I discussed with the owner of image decoder.
We prefer adding a generic library class to convert
the image data to GOP BLT buffer. It supports *any* image format,
not only BMP. The owner of image decoder will drive the new design.
I filed https://bugzilla.tianocore.org/show_bug.cgi?id=175 to track that.
I suggest we just keep the current solution as a temp solution and
migrate to the new one once it is ready later.

B) PlatformPkg/Bds: Move test key check logic to generic part.
This is very good suggestion and we are discussing with Tool
team to add such detection at build time and set a PCD to indicate that.
The generic code can use this PCD to know if there is a test key.
I filed https://bugzilla.tianocore.org/show_bug.cgi?id=185 to track that.
Adding such check in the generic code is very complicated, so current
temporary solution is to let platform BDS do such check.
The platform BDS will be cleaned up, once the tool is ready.

==Below is V4 description==
1) SecurityPkg - Refine AuthenticateFmpImage() API to let caller
input PublicKeyData and PublicKeyDataLength, instead of PCD.
The benefit is that then this API can be used for a platform
which stores PublicKeyData in anywhere other than PCD.
2) SecurityPkg - Use OFFSET_OF(WIN_CERTIFICATE_UEFI_GUID, CertData)
for better understanding the code.
3) MdeModulePkg - Update CapsuleApp to let it consume
ShellParameters protocol to get Argc and Argv.
4) UefiCpuPkg - Update MicrocodeCapsuleApp to let it consume
ShellParameters protocol to get Argc and Argv.
5) QuarkPlatformPkg - Merge QuarkCapsule.fdf to Quark.fdf.

==Below is V3 description==
1) We move all EDKII related capsule definition to SignedCapsulePkg.
MdeModulePkg only contains FmAuthenticationLib and CapsuleApp,
because they are generic and follow UEFI specification on FMP/ESRT
and Microsoft platform firmware update document.
Any capsule implementation can use them.

Here is full library classes:
MdeModulePkg:
	FmpAuthenticationLib.h: new lib - follow UEFI spec. (*)
		Verify FMP signature of FMP Capsule
	CapsuleLib.h: new API ¨C ProcessCapsules()
		It processes all the capsules. Remove duplicated code in platform BDS.
UefiCpuPkg:
	MicrocodeFlashAccessLib.h: Update Microcode region.
SignedCapsulePkg:
	EdkiiSystemCapsuleLib.h ¨C Library for EDKII system FMP.
	IniParsingLib.h ¨C Library for INI file parsing.
	PlatformFlashAccessLib.h ¨C Library for write flash.

2) We will submit 5 series.
Series 1: Generic Update (MdeModulePkg/SecurityPkg)
	DxeCapsuleLib
	FmAuthenticationLib (*)
	CapsuleApp (*)
Series 2: EDKII Capsule (SignedCapsulePkg)
	IniParsingLib
	EdkiiSystemCapsuleLib
	PlatformFlashAccessLib
	SystemFirmwareUpdate driver
	RecoveryModuleLoadPei driver
Series 3: Microcode Update (UefiCpuPkg)
	MicrocodeFlashAccessLib
	MicrocodeUpdate driver.
Series 4: Quark update
Series 5: Vlv2 update

3) DxeCapsuleLib: Move code that performs authentication and parsing of
the capsule format into the implementation of the FMP Protocol.
We move the dispatch FV code from CapsuleLib to SystemFirmwareReport.efi.
SystemFirmwareReport.efi supports SetImage() to verify and dispatch the
SystemFirmwareUpdate.efi, then pass thru SetImage() request to
SystemFirmwareUpdate.efi.

Now the DxeCapsuleLib is very clean and it does not have any EDKII
capsule format knowledge.

4) DxeCapsuleLib: Fix issue where a reset may be too soon.
Defer reset to 2nd pass.

5) DxeCapsuleLib: Boot mode check is removed. 
Capsule should be populated to system table even boot mode is not BIOS_UPDATE.

5) FmAuthenticationLib: Add zero ImageSize check.

6) FmAuthenticationLib: Remove Authentication Library Registration.
Each FMP Producer needs to carry its own auth algoritms(s).
Now we have FmpAuthenticationLibPkcs7 and FmpAuthenticationLibRsa2048Sha256.
No registration is needed.

7) FmAuthenticationLib: Move MonotonicCount handling after Payload
We confirmed with USWG to process MonotonicCount after PayLoad.

==Below is V2 description==
The V2 series patch incorporated the feedback for V1.

There are 3 major updates.
1) BDS is update to display a warning message if TEST key
is used to sign recovery image or capsule image.
So a production BIOS should always use its own production singing
key for the capsule image generation. A production BIOS should
never use test key.
2) IniParsingLib is enhanced to do more sanity check for invalid
input. The detail data format is added in IniParsingLib.h header
file. If there is any vialation, the OpenInitFile() API will
return failure.
3) The *Bios* keyword is renamed to *SystemFirmware* in any
header file or c file data structure definition.

The rest is minor update, such as add help info, clean
up debug message, coding style.

==Below is V1 description==
This series patch provides sample on how to do signed capsule update
and recovery in EDKII.

This series patch is also checked into git@github.com:jyao1/edk2.git.

The feature includes:
1) Define EDKII signed system BIOS capsule format.
2) Provide EDKII signed system BIOS update sample.
3) Provide EDKII signed recovery sample.
4) Provide Microcode update sample for X86 system.
5) Update Quark to use new capsule/recovery solution.
6) Update Vlv2(MinnowMax) to use new capsule/recovery solution.

The signed capsule/recovery solution is in MdeModulePkg.
The capsule in IntelFrameworkModulePkg is deprecated.
The Microcode update solution is in UefiCpuPkg.

Cc: Feng Tian <feng.tian@intel.com>
Cc: Star Zeng <star.zeng@intel.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Liming Gao <liming.gao@intel.com>
Cc: Chao Zhang <chao.b.zhang@intel.com>
Cc: Jeff Fan <jeff.fan@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Jiewen Yao <jiewen.yao@intel.com>


Jiewen Yao (15):
  MdeModulePkg/Include: Add FmpAuthenticationLib header.
  MdeModulePkg/CapsuleLib: Add ProcessCapsules() API.
  MdeModulePkg/MdeModulePkg.dec: Add capsule related definition.
  MdeModulePkg/FmpAuthenticationLibNull: Add NULL instance FMP.
  MdeModulePkg/DxeCapsuleLibNull: Add ProcessCapsules() interface.
  MdeModulePkg/DxeCapsuleLibFmp: Add DxeCapsuleLibFmp instance.
  MdeModulePkg/Esrt: Add ESRT_FW_TYPE_SYSTEMFIRMWARE check.
  MdeModulePkg/CapsuleApp: Add CapsuleApp application.
  MdeModulePkg/UiApp: Show test key warning info in FrontPage.
  MdeModulePkg/MdeModulePkg.dsc: Add FMP related component.
  IntelFrameworkModulePkg/DxeCapsuleLib: Add ProcessCapsules()
    interface.
  SecurityPkg/SecurityPkg.dec: Add PcdPkcs7CertBuffer PCD.
  SecurityPkg/FmpAuthenticationLibPkcs7: Add PKCS7 instance for FMP.
  SecurityPkg/FmpAuthenticationLibRsa2048Sha256: Add RSA2048 instance.
  SecurityPkg/SecurityPkg.dsc: Add FmpAuthenticationLib*.

 IntelFrameworkModulePkg/Library/DxeCapsuleLib/DxeCapsuleLib.c                               |   40 +-
 MdeModulePkg/Application/CapsuleApp/AppSupport.c                                            |  445 +++++++
 MdeModulePkg/Application/CapsuleApp/CapsuleApp.c                                            |  849 ++++++++++++
 MdeModulePkg/Application/CapsuleApp/CapsuleApp.inf                                          |   71 +
 MdeModulePkg/Application/CapsuleApp/CapsuleApp.uni                                          |   22 +
 MdeModulePkg/Application/CapsuleApp/CapsuleAppExtra.uni                                     |   19 +
 MdeModulePkg/Application/CapsuleApp/CapsuleDump.c                                           |  732 +++++++++++
 MdeModulePkg/Application/UiApp/FrontPageCustomizedUi.c                                      |   13 +
 MdeModulePkg/Application/UiApp/FrontPageStrings.uni                                         |    4 +-
 MdeModulePkg/Application/UiApp/UiApp.inf                                                    |    3 +-
 MdeModulePkg/Include/Library/CapsuleLib.h                                                   |   46 +-
 MdeModulePkg/Include/Library/FmpAuthenticationLib.h                                         |   66 +
 MdeModulePkg/Library/DxeCapsuleLibFmp/DxeCapsuleLib.c                                       | 1363 ++++++++++++++++++++
 MdeModulePkg/Library/DxeCapsuleLibFmp/DxeCapsuleLib.inf                                     |   80 ++
 MdeModulePkg/Library/DxeCapsuleLibFmp/DxeCapsuleLib.uni                                     |   22 +
 MdeModulePkg/Library/DxeCapsuleLibFmp/DxeCapsuleProcessLib.c                                |  475 +++++++
 MdeModulePkg/Library/DxeCapsuleLibFmp/DxeCapsuleProcessLibNull.c                            |   57 +
 MdeModulePkg/Library/DxeCapsuleLibFmp/DxeCapsuleReportLib.c                                 |  489 +++++++
 MdeModulePkg/Library/DxeCapsuleLibFmp/DxeCapsuleReportLibNull.c                             |   91 ++
 MdeModulePkg/Library/DxeCapsuleLibFmp/DxeCapsuleRuntime.c                                   |  112 ++
 MdeModulePkg/Library/DxeCapsuleLibFmp/DxeRuntimeCapsuleLib.inf                              |   83 ++
 MdeModulePkg/Library/DxeCapsuleLibFmp/DxeRuntimeCapsuleLib.uni                              |   22 +
 MdeModulePkg/Library/DxeCapsuleLibNull/DxeCapsuleLibNull.c                                  |   48 +-
 MdeModulePkg/Library/FmpAuthenticationLibNull/FmpAuthenticationLibNull.c                    |   66 +
 MdeModulePkg/Library/FmpAuthenticationLibNull/FmpAuthenticationLibNull.inf                  |   40 +
 MdeModulePkg/Library/FmpAuthenticationLibNull/FmpAuthenticationLibNull.uni                  |   22 +
 MdeModulePkg/MdeModulePkg.dec                                                               |   66 +
 MdeModulePkg/MdeModulePkg.dsc                                                               |   10 +
 MdeModulePkg/Universal/EsrtDxe/EsrtDxe.inf                                                  |    3 +-
 MdeModulePkg/Universal/EsrtDxe/EsrtImpl.c                                                   |   37 +-
 SecurityPkg/Library/FmpAuthenticationLibPkcs7/FmpAuthenticationLibPkcs7.c                   |  222 ++++
 SecurityPkg/Library/FmpAuthenticationLibPkcs7/FmpAuthenticationLibPkcs7.inf                 |   49 +
 SecurityPkg/Library/FmpAuthenticationLibPkcs7/FmpAuthenticationLibPkcs7.uni                 |   26 +
 SecurityPkg/Library/FmpAuthenticationLibRsa2048Sha256/FmpAuthenticationLibRsa2048Sha256.c   |  355 +++++
 SecurityPkg/Library/FmpAuthenticationLibRsa2048Sha256/FmpAuthenticationLibRsa2048Sha256.inf |   53 +
 SecurityPkg/Library/FmpAuthenticationLibRsa2048Sha256/FmpAuthenticationLibRsa2048Sha256.uni |   26 +
 SecurityPkg/SecurityPkg.dec                                                                 |    8 +-
 SecurityPkg/SecurityPkg.dsc                                                                 |    3 +
 38 files changed, 6125 insertions(+), 13 deletions(-)
 create mode 100644 MdeModulePkg/Application/CapsuleApp/AppSupport.c
 create mode 100644 MdeModulePkg/Application/CapsuleApp/CapsuleApp.c
 create mode 100644 MdeModulePkg/Application/CapsuleApp/CapsuleApp.inf
 create mode 100644 MdeModulePkg/Application/CapsuleApp/CapsuleApp.uni
 create mode 100644 MdeModulePkg/Application/CapsuleApp/CapsuleAppExtra.uni
 create mode 100644 MdeModulePkg/Application/CapsuleApp/CapsuleDump.c
 create mode 100644 MdeModulePkg/Include/Library/FmpAuthenticationLib.h
 create mode 100644 MdeModulePkg/Library/DxeCapsuleLibFmp/DxeCapsuleLib.c
 create mode 100644 MdeModulePkg/Library/DxeCapsuleLibFmp/DxeCapsuleLib.inf
 create mode 100644 MdeModulePkg/Library/DxeCapsuleLibFmp/DxeCapsuleLib.uni
 create mode 100644 MdeModulePkg/Library/DxeCapsuleLibFmp/DxeCapsuleProcessLib.c
 create mode 100644 MdeModulePkg/Library/DxeCapsuleLibFmp/DxeCapsuleProcessLibNull.c
 create mode 100644 MdeModulePkg/Library/DxeCapsuleLibFmp/DxeCapsuleReportLib.c
 create mode 100644 MdeModulePkg/Library/DxeCapsuleLibFmp/DxeCapsuleReportLibNull.c
 create mode 100644 MdeModulePkg/Library/DxeCapsuleLibFmp/DxeCapsuleRuntime.c
 create mode 100644 MdeModulePkg/Library/DxeCapsuleLibFmp/DxeRuntimeCapsuleLib.inf
 create mode 100644 MdeModulePkg/Library/DxeCapsuleLibFmp/DxeRuntimeCapsuleLib.uni
 create mode 100644 MdeModulePkg/Library/FmpAuthenticationLibNull/FmpAuthenticationLibNull.c
 create mode 100644 MdeModulePkg/Library/FmpAuthenticationLibNull/FmpAuthenticationLibNull.inf
 create mode 100644 MdeModulePkg/Library/FmpAuthenticationLibNull/FmpAuthenticationLibNull.uni
 create mode 100644 SecurityPkg/Library/FmpAuthenticationLibPkcs7/FmpAuthenticationLibPkcs7.c
 create mode 100644 SecurityPkg/Library/FmpAuthenticationLibPkcs7/FmpAuthenticationLibPkcs7.inf
 create mode 100644 SecurityPkg/Library/FmpAuthenticationLibPkcs7/FmpAuthenticationLibPkcs7.uni
 create mode 100644 SecurityPkg/Library/FmpAuthenticationLibRsa2048Sha256/FmpAuthenticationLibRsa2048Sha256.c
 create mode 100644 SecurityPkg/Library/FmpAuthenticationLibRsa2048Sha256/FmpAuthenticationLibRsa2048Sha256.inf
 create mode 100644 SecurityPkg/Library/FmpAuthenticationLibRsa2048Sha256/FmpAuthenticationLibRsa2048Sha256.uni

-- 
2.7.4.windows.1



^ permalink raw reply	[flat|nested] 16+ messages in thread

* [PATCH V6 01/15] MdeModulePkg/Include: Add FmpAuthenticationLib header.
  2016-10-28  5:46 [PATCH V6 00/15] Add capsule support lib and app Jiewen Yao
@ 2016-10-28  5:46 ` Jiewen Yao
  2016-10-28  5:46 ` [PATCH V6 02/15] MdeModulePkg/CapsuleLib: Add ProcessCapsules() API Jiewen Yao
                   ` (13 subsequent siblings)
  14 siblings, 0 replies; 16+ messages in thread
From: Jiewen Yao @ 2016-10-28  5:46 UTC (permalink / raw)
  To: edk2-devel; +Cc: Feng Tian, Star Zeng, Michael D Kinney, Liming Gao, Chao Zhang

This library is used to authenticate a UEFI defined FMP Capsule.

Cc: Feng Tian <feng.tian@intel.com>
Cc: Star Zeng <star.zeng@intel.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Liming Gao <liming.gao@intel.com>
Cc: Chao Zhang <chao.b.zhang@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Jiewen Yao <jiewen.yao@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
---
 MdeModulePkg/Include/Library/FmpAuthenticationLib.h | 66 ++++++++++++++++++++
 1 file changed, 66 insertions(+)

diff --git a/MdeModulePkg/Include/Library/FmpAuthenticationLib.h b/MdeModulePkg/Include/Library/FmpAuthenticationLib.h
new file mode 100644
index 0000000..2910c91
--- /dev/null
+++ b/MdeModulePkg/Include/Library/FmpAuthenticationLib.h
@@ -0,0 +1,66 @@
+/** @file
+  FMP capsule authenitcation Library.
+
+Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
+This program and the accompanying materials
+are licensed and made available under the terms and conditions of the BSD License
+which accompanies this distribution.  The full text of the license may be found at
+http://opensource.org/licenses/bsd-license.php
+
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+
+**/
+
+
+#ifndef __FMP_AUTHENTICATION_LIB_H__
+#define __FMP_AUTHENTICATION_LIB_H__
+
+#include <Protocol/FirmwareManagement.h>
+
+/**
+  The function is used to do the authentication for FMP capsule based upon
+  EFI_FIRMWARE_IMAGE_AUTHENTICATION.
+
+  The FMP capsule image should start with EFI_FIRMWARE_IMAGE_AUTHENTICATION,
+  followed by the payload.
+
+  If the return status is RETURN_SUCCESS, the caller may continue the rest
+  FMP update process.
+  If the return status is NOT RETURN_SUCCESS, the caller should stop the FMP
+  update process and convert the return status to LastAttemptStatus
+  to indicate that FMP update fails.
+  The LastAttemptStatus can be got from ESRT table or via
+  EFI_FIRMWARE_MANAGEMENT_PROTOCOL.GetImageInfo().
+
+  Caution: This function may receive untrusted input.
+
+  @param[in]  Image                   Points to an FMP authentication image, started from EFI_FIRMWARE_IMAGE_AUTHENTICATION.
+  @param[in]  ImageSize               Size of the authentication image in bytes.
+  @param[in]  PublicKeyData           The public key data used to validate the signature.
+  @param[in]  PublicKeyDataLength     The length of the public key data.
+
+  @retval RETURN_SUCCESS            Authentication pass.
+                                    The LastAttemptStatus should be LAST_ATTEMPT_STATUS_SUCCESS.
+  @retval RETURN_SECURITY_VIOLATION Authentication fail.
+                                    The LastAttemptStatus should be LAST_ATTEMPT_STATUS_ERROR_AUTH_ERROR.
+  @retval RETURN_INVALID_PARAMETER  The image is in an invalid format.
+                                    The LastAttemptStatus should be LAST_ATTEMPT_STATUS_ERROR_INVALID_FORMAT.
+  @retval RETURN_UNSUPPORTED        No Authentication handler associated with CertType.
+                                    The LastAttemptStatus should be LAST_ATTEMPT_STATUS_ERROR_INVALID_FORMAT.
+  @retval RETURN_UNSUPPORTED        Image or ImageSize is invalid.
+                                    The LastAttemptStatus should be LAST_ATTEMPT_STATUS_ERROR_INVALID_FORMAT.
+  @retval RETURN_OUT_OF_RESOURCES   No Authentication handler associated with CertType.
+                                    The LastAttemptStatus should be LAST_ATTEMPT_STATUS_ERROR_INSUFFICIENT_RESOURCES.
+**/
+RETURN_STATUS
+EFIAPI
+AuthenticateFmpImage (
+  IN EFI_FIRMWARE_IMAGE_AUTHENTICATION  *Image,
+  IN UINTN                              ImageSize,
+  IN CONST UINT8                        *PublicKeyData,
+  IN UINTN                              PublicKeyDataLength
+  );
+
+#endif
+
-- 
2.7.4.windows.1



^ permalink raw reply related	[flat|nested] 16+ messages in thread

* [PATCH V6 02/15] MdeModulePkg/CapsuleLib: Add ProcessCapsules() API.
  2016-10-28  5:46 [PATCH V6 00/15] Add capsule support lib and app Jiewen Yao
  2016-10-28  5:46 ` [PATCH V6 01/15] MdeModulePkg/Include: Add FmpAuthenticationLib header Jiewen Yao
@ 2016-10-28  5:46 ` Jiewen Yao
  2016-10-28  5:46 ` [PATCH V6 03/15] MdeModulePkg/MdeModulePkg.dec: Add capsule related definition Jiewen Yao
                   ` (12 subsequent siblings)
  14 siblings, 0 replies; 16+ messages in thread
From: Jiewen Yao @ 2016-10-28  5:46 UTC (permalink / raw)
  To: edk2-devel; +Cc: Feng Tian, Star Zeng, Michael D Kinney, Liming Gao, Chao Zhang

ProcessCapsules() API can be used by platform BDS to process all capsules.

Cc: Feng Tian <feng.tian@intel.com>
Cc: Star Zeng <star.zeng@intel.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Liming Gao <liming.gao@intel.com>
Cc: Chao Zhang <chao.b.zhang@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Jiewen Yao <jiewen.yao@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
---
 MdeModulePkg/Include/Library/CapsuleLib.h | 46 ++++++++++++++++++--
 1 file changed, 43 insertions(+), 3 deletions(-)

diff --git a/MdeModulePkg/Include/Library/CapsuleLib.h b/MdeModulePkg/Include/Library/CapsuleLib.h
index 487cb0f..26c14a0 100644
--- a/MdeModulePkg/Include/Library/CapsuleLib.h
+++ b/MdeModulePkg/Include/Library/CapsuleLib.h
@@ -2,7 +2,7 @@
 
   This library class defines a set of interfaces for how to process capsule image updates.
 
-Copyright (c) 2007 - 2010, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2007 - 2016, Intel Corporation. All rights reserved.<BR>
 This program and the accompanying materials are licensed and made available under 
 the terms and conditions of the BSD License that accompanies this distribution.  
 The full text of the license may be found at
@@ -20,7 +20,9 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
   The firmware checks whether the capsule image is supported 
   by the CapsuleGuid in CapsuleHeader or if there is other specific information in 
   the capsule image.
-  
+
+  Caution: This function may receive untrusted input.
+
   @param  CapsuleHeader    Pointer to the UEFI capsule image to be checked.
   
   @retval EFI_SUCESS       Input capsule is supported by firmware.
@@ -35,7 +37,9 @@ SupportCapsuleImage (
 /**
   The firmware-specific implementation processes the capsule image
   if it recognized the format of this capsule image.
-  
+
+  Caution: This function may receive untrusted input.
+
   @param  CapsuleHeader    Pointer to the UEFI capsule image to be processed. 
    
   @retval EFI_SUCESS       Capsule Image processed successfully. 
@@ -47,4 +51,40 @@ ProcessCapsuleImage (
   IN EFI_CAPSULE_HEADER *CapsuleHeader
   );
 
+/**
+
+  This routine is called to process capsules.
+
+  Caution: This function may receive untrusted input.
+
+  The capsules reported in EFI_HOB_UEFI_CAPSULE are processed.
+  If there is no EFI_HOB_UEFI_CAPSULE, this routine does nothing.
+
+  This routine should be called twice in BDS.
+  1) The first call must be before EndOfDxe. The system capsules is processed.
+     If device capsule FMP protocols are exposted at this time and device FMP
+     capsule has zero EmbeddedDriverCount, the device capsules are processed.
+     Each individual capsule result is recorded in capsule record variable.
+     System may reset in this function, if reset is required by capsule and
+     all capsules are processed.
+     If not all capsules are processed, reset will be defered to second call.
+
+  2) The second call must be after EndOfDxe and after ConnectAll, so that all
+     device capsule FMP protocols are exposed.
+     The system capsules are skipped. If the device capsules are NOT processed
+     in first call, they are processed here.
+     Each individual capsule result is recorded in capsule record variable.
+     System may reset in this function, if reset is required by capsule
+     processed in first call and second call.
+
+  @retval EFI_SUCCESS             There is no error when processing capsules.
+  @retval EFI_OUT_OF_RESOURCES    No enough resource to process capsules.
+
+**/
+EFI_STATUS
+EFIAPI
+ProcessCapsules (
+  VOID
+  );
+
 #endif
-- 
2.7.4.windows.1



^ permalink raw reply related	[flat|nested] 16+ messages in thread

* [PATCH V6 03/15] MdeModulePkg/MdeModulePkg.dec: Add capsule related definition.
  2016-10-28  5:46 [PATCH V6 00/15] Add capsule support lib and app Jiewen Yao
  2016-10-28  5:46 ` [PATCH V6 01/15] MdeModulePkg/Include: Add FmpAuthenticationLib header Jiewen Yao
  2016-10-28  5:46 ` [PATCH V6 02/15] MdeModulePkg/CapsuleLib: Add ProcessCapsules() API Jiewen Yao
@ 2016-10-28  5:46 ` Jiewen Yao
  2016-10-28  5:46 ` [PATCH V6 04/15] MdeModulePkg/FmpAuthenticationLibNull: Add NULL instance FMP Jiewen Yao
                   ` (11 subsequent siblings)
  14 siblings, 0 replies; 16+ messages in thread
From: Jiewen Yao @ 2016-10-28  5:46 UTC (permalink / raw)
  To: edk2-devel; +Cc: Feng Tian, Star Zeng, Michael D Kinney, Liming Gao, Chao Zhang

1) Add capsule related library.
   FmpAuthenticationLib
2) Add capsule related status code PCD.
   PcdStatusCodeSubClassCapsule
   PcdCapsuleStatusCodeProcessCapsulesBegin
   PcdCapsuleStatusCodeProcessCapsulesEnd
   PcdCapsuleStatusCodeUpdatingFirmware
   PcdCapsuleStatusCodeUpdateFirmwareSuccess
   PcdCapsuleStatusCodeUpdateFirmwareFailed
   PcdCapsuleStatusCodeResettingSystem
3) Add capsule status variable PCD - CapsuleMax value.
   PcdCapsuleMax
4) Add system FMP indicator PCD - used by ESRT.
   PcdSystemFmpCapsuleImageTypeIdGuid
5) Add PcdTestKeyUsed PCD.
This PCD can be set by platform to indicate if there is any
test key used in current BIOS, such as recovery key,
or capsule update key.
Then the generic UI may consume this PCD to show warning information.
Other platform driver may also consume this PCD to know such info,
and report it via platform specific way.

Cc: Feng Tian <feng.tian@intel.com>
Cc: Star Zeng <star.zeng@intel.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Liming Gao <liming.gao@intel.com>
Cc: Chao Zhang <chao.b.zhang@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Jiewen Yao <jiewen.yao@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
---
 MdeModulePkg/MdeModulePkg.dec | 66 ++++++++++++++++++++
 1 file changed, 66 insertions(+)

diff --git a/MdeModulePkg/MdeModulePkg.dec b/MdeModulePkg/MdeModulePkg.dec
index 74b8700..3979815 100644
--- a/MdeModulePkg/MdeModulePkg.dec
+++ b/MdeModulePkg/MdeModulePkg.dec
@@ -157,6 +157,10 @@
   ##
   FrameBufferBltLib|Include/Library/FrameBufferBltLib.h
 
+  ## @libraryclass  Provides services to authenticate a UEFI defined FMP Capsule.
+  #
+  FmpAuthenticationLib|Include/Library/FmpAuthenticationLib.h
+
 [Guids]
   ## MdeModule package token space guid
   # Include/Guid/MdeModulePkgTokenSpace.h
@@ -1141,6 +1145,59 @@
   #  The default value is 0 that means infinite.
   # @Prompt MAX repair count
   gEfiMdeModulePkgTokenSpaceGuid.PcdMaxRepairCount|0x00|UINT32|0x00010076
+  
+  ## Status Code for Capsule subclass definitions.<BR><BR>
+  #  EFI_OEM_SPECIFIC_SUBCLASS_CAPSULE  = 0x00810000<BR>
+  #  NOTE: It might collide with other status codes. If collision, then override value in platform DSC file, please.
+  # @Prompt Status Code for Capsule subclass definitions
+  # @ValidList  0x80000003 | 0x00810000
+  gEfiMdeModulePkgTokenSpaceGuid.PcdStatusCodeSubClassCapsule|0x00810000|UINT32|0x00000100
+
+  ## Status Code for Capsule Process Begin.<BR><BR>
+  #  EFI_CAPSULE_PROCESS_CAPSULES_BEGIN  = (EFI_OEM_SPECIFIC | 0x00000001) = 0x00008001<BR>
+  #  NOTE: It might collide with other status codes. If collision, then override value in platform DSC file, please.
+  # @Prompt Status Code for Capsule Process Begin
+  # @ValidList  0x80000003 | 0x00008001
+  gEfiMdeModulePkgTokenSpaceGuid.PcdCapsuleStatusCodeProcessCapsulesBegin|0x00008001|UINT32|0x00000101
+
+  ## Status Code for Capsule Process End.<BR><BR>
+  #  EFI_CAPSULE_PROCESS_CAPSULES_END    = (EFI_OEM_SPECIFIC | 0x00000002) = 0x00008002<BR>
+  #  NOTE: It might collide with other status codes. If collision, then override value in platform DSC file, please.
+  # @Prompt Status Code for Capsule Process End
+  # @ValidList  0x80000003 | 0x00008002
+  gEfiMdeModulePkgTokenSpaceGuid.PcdCapsuleStatusCodeProcessCapsulesEnd|0x00008002|UINT32|0x00000102
+
+  ## Status Code for Capsule Process Updating Firmware.<BR><BR>
+  #  EFI_CAPSULE_UPDATING_FIRMWARE       = (EFI_OEM_SPECIFIC | 0x00000003) = 0x00008003<BR>
+  #  NOTE: It might collide with other status codes. If collision, then override value in platform DSC file, please.
+  # @Prompt Status Code for Capsule Process Updating Firmware
+  # @ValidList  0x80000003 | 0x00008003
+  gEfiMdeModulePkgTokenSpaceGuid.PcdCapsuleStatusCodeUpdatingFirmware|0x00008003|UINT32|0x00000103
+
+  ## Status Code for Capsule Process Update Firmware Success.<BR><BR>
+  #  EFI_CAPSULE_UPDATE_FIRMWARE_SUCCESS = (EFI_OEM_SPECIFIC | 0x00000004) = 0x00008004<BR>
+  #  NOTE: It might collide with other status codes. If collision, then override value in platform DSC file, please.
+  # @Prompt Status Code for Capsule Process Update Firmware Success
+  # @ValidList  0x80000003 | 0x00008004
+  gEfiMdeModulePkgTokenSpaceGuid.PcdCapsuleStatusCodeUpdateFirmwareSuccess|0x00008004|UINT32|0x00000104
+
+  ## Status Code for Capsule Process Update Firmware Failed.<BR><BR>
+  #  EFI_CAPSULE_UPDATE_FIRMWARE_FAILED  = (EFI_OEM_SPECIFIC | 0x00000005) = 0x00008005<BR>
+  #  NOTE: It might collide with other status codes. If collision, then override value in platform DSC file, please.
+  # @Prompt Status Code for Capsule Process Update Firmware Failed
+  # @ValidList  0x80000003 | 0x00008005
+  gEfiMdeModulePkgTokenSpaceGuid.PcdCapsuleStatusCodeUpdateFirmwareFailed|0x00008005|UINT32|0x00000105
+
+  ## Status Code for Capsule Resetting System.<BR><BR>
+  #  EFI_CAPSULE_RESETTING_SYSTEM        = (EFI_OEM_SPECIFIC | 0x00000006) = 0x00008006<BR>
+  #  NOTE: It might collide with other status codes. If collision, then override value in platform DSC file, please.
+  # @Prompt Status Code for Capsule Resetting System
+  # @ValidList  0x80000003 | 0x00008006
+  gEfiMdeModulePkgTokenSpaceGuid.PcdCapsuleStatusCodeResettingSystem|0x00008006|UINT32|0x00000106
+
+  ## CapsuleMax value in capsule report variable.
+  # @Prompt CapsuleMax value in capsule report variable.
+  gEfiMdeModulePkgTokenSpaceGuid.PcdCapsuleMax|0xFFFF|UINT16|0x00000107
 
 [PcdsPatchableInModule, PcdsDynamic, PcdsDynamicEx]
   ## This PCD defines the Console output row. The default value is 25 according to UEFI spec.
@@ -1587,6 +1644,11 @@
   #  The PCD data must be in UNICODE format.
   gEfiMdeModulePkgTokenSpaceGuid.PcdRecoveryFileName|L"FVMAIN.FV"|VOID*|0x30001045
 
+  ## This PCD hold a list GUIDs for the ImageTypeId to indicate the
+  #  FMP capsule is a system FMP.
+  # @Prompt A list of system FMP ImageTypeId GUIDs
+  gEfiMdeModulePkgTokenSpaceGuid.PcdSystemFmpCapsuleImageTypeIdGuid|{0xd3, 0xee, 0x7e, 0x3f, 0x91, 0xf4, 0x1e, 0x40, 0x9e, 0xce, 0x74, 0x31, 0x32, 0x2e, 0xad, 0xf6}|VOID*|0x30001046
+
 [PcdsPatchableInModule]
   ## Specify memory size with page number for PEI code when
   #  Loading Module at Fixed Address feature is enabled.
@@ -1639,5 +1701,9 @@
   # @ValidList  0x80000001 | 0x0
   gEfiMdeModulePkgTokenSpaceGuid.PcdIdentifyMappingPageTablePtr|0x0|UINT64|0x00030002
 
+  ## This dynamic PCD holds the information if there is any test key used by the platform.
+  # @Prompt If there is any test key used by the platform.
+  gEfiMdeModulePkgTokenSpaceGuid.PcdTestKeyUsed|FALSE|BOOLEAN|0x00030003
+
 [UserExtensions.TianoCore."ExtraFiles"]
   MdeModulePkgExtra.uni
-- 
2.7.4.windows.1



^ permalink raw reply related	[flat|nested] 16+ messages in thread

* [PATCH V6 04/15] MdeModulePkg/FmpAuthenticationLibNull: Add NULL instance FMP.
  2016-10-28  5:46 [PATCH V6 00/15] Add capsule support lib and app Jiewen Yao
                   ` (2 preceding siblings ...)
  2016-10-28  5:46 ` [PATCH V6 03/15] MdeModulePkg/MdeModulePkg.dec: Add capsule related definition Jiewen Yao
@ 2016-10-28  5:46 ` Jiewen Yao
  2016-10-28  5:46 ` [PATCH V6 05/15] MdeModulePkg/DxeCapsuleLibNull: Add ProcessCapsules() interface Jiewen Yao
                   ` (10 subsequent siblings)
  14 siblings, 0 replies; 16+ messages in thread
From: Jiewen Yao @ 2016-10-28  5:46 UTC (permalink / raw)
  To: edk2-devel; +Cc: Feng Tian, Star Zeng, Michael D Kinney, Liming Gao, Chao Zhang

Add NULL instance to pass build.

Cc: Feng Tian <feng.tian@intel.com>
Cc: Star Zeng <star.zeng@intel.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Liming Gao <liming.gao@intel.com>
Cc: Chao Zhang <chao.b.zhang@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Jiewen Yao <jiewen.yao@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
---
 MdeModulePkg/Library/FmpAuthenticationLibNull/FmpAuthenticationLibNull.c   | 66 ++++++++++++++++++++
 MdeModulePkg/Library/FmpAuthenticationLibNull/FmpAuthenticationLibNull.inf | 40 ++++++++++++
 MdeModulePkg/Library/FmpAuthenticationLibNull/FmpAuthenticationLibNull.uni | 22 +++++++
 3 files changed, 128 insertions(+)

diff --git a/MdeModulePkg/Library/FmpAuthenticationLibNull/FmpAuthenticationLibNull.c b/MdeModulePkg/Library/FmpAuthenticationLibNull/FmpAuthenticationLibNull.c
new file mode 100644
index 0000000..e53af90
--- /dev/null
+++ b/MdeModulePkg/Library/FmpAuthenticationLibNull/FmpAuthenticationLibNull.c
@@ -0,0 +1,66 @@
+/** @file
+  NULL FMP authentication library.
+
+  Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
+  This program and the accompanying materials
+  are licensed and made available under the terms and conditions of the BSD License
+  which accompanies this distribution.  The full text of the license may be found at
+  http://opensource.org/licenses/bsd-license.php.
+
+  THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+  WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+
+**/
+
+#include <Uefi.h>
+
+#include <Library/DebugLib.h>
+#include <Library/FmpAuthenticationLib.h>
+
+/**
+  The function is used to do the authentication for FMP capsule based upon
+  EFI_FIRMWARE_IMAGE_AUTHENTICATION.
+
+  The FMP capsule image should start with EFI_FIRMWARE_IMAGE_AUTHENTICATION,
+  followed by the payload.
+
+  If the return status is RETURN_SUCCESS, the caller may continue the rest
+  FMP update process.
+  If the return status is NOT RETURN_SUCCESS, the caller should stop the FMP
+  update process and convert the return status to LastAttemptStatus
+  to indicate that FMP update fails.
+  The LastAttemptStatus can be got from ESRT table or via
+  EFI_FIRMWARE_MANAGEMENT_PROTOCOL.GetImageInfo().
+
+  Caution: This function may receive untrusted input.
+
+  @param[in]  Image                   Points to an FMP authentication image, started from EFI_FIRMWARE_IMAGE_AUTHENTICATION.
+  @param[in]  ImageSize               Size of the authentication image in bytes.
+  @param[in]  PublicKeyData           The public key data used to validate the signature.
+  @param[in]  PublicKeyDataLength     The length of the public key data.
+
+  @retval RETURN_SUCCESS            Authentication pass.
+                                    The LastAttemptStatus should be LAST_ATTEMPT_STATUS_SUCCESS.
+  @retval RETURN_SECURITY_VIOLATION Authentication fail.
+                                    The LastAttemptStatus should be LAST_ATTEMPT_STATUS_ERROR_AUTH_ERROR.
+  @retval RETURN_INVALID_PARAMETER  The image is in an invalid format.
+                                    The LastAttemptStatus should be LAST_ATTEMPT_STATUS_ERROR_INVALID_FORMAT.
+  @retval RETURN_UNSUPPORTED        No Authentication handler associated with CertType.
+                                    The LastAttemptStatus should be LAST_ATTEMPT_STATUS_ERROR_INVALID_FORMAT.
+  @retval RETURN_UNSUPPORTED        Image or ImageSize is invalid.
+                                    The LastAttemptStatus should be LAST_ATTEMPT_STATUS_ERROR_INVALID_FORMAT.
+  @retval RETURN_OUT_OF_RESOURCES   No Authentication handler associated with CertType.
+                                    The LastAttemptStatus should be LAST_ATTEMPT_STATUS_ERROR_INSUFFICIENT_RESOURCES.
+**/
+RETURN_STATUS
+EFIAPI
+AuthenticateFmpImage (
+  IN EFI_FIRMWARE_IMAGE_AUTHENTICATION  *Image,
+  IN UINTN                              ImageSize,
+  IN CONST UINT8                        *PublicKeyData,
+  IN UINTN                              PublicKeyDataLength
+  )
+{
+  ASSERT(FALSE);
+  return RETURN_UNSUPPORTED;
+}
\ No newline at end of file
diff --git a/MdeModulePkg/Library/FmpAuthenticationLibNull/FmpAuthenticationLibNull.inf b/MdeModulePkg/Library/FmpAuthenticationLibNull/FmpAuthenticationLibNull.inf
new file mode 100644
index 0000000..f9b87ca
--- /dev/null
+++ b/MdeModulePkg/Library/FmpAuthenticationLibNull/FmpAuthenticationLibNull.inf
@@ -0,0 +1,40 @@
+## @file
+# FmpAuthentication Library
+#
+# NULL Instance of FmpAuthentication Library.
+#
+# Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
+#
+#  This program and the accompanying materials
+#  are licensed and made available under the terms and conditions of the BSD License
+#  which accompanies this distribution. The full text of the license may be found at
+#  http://opensource.org/licenses/bsd-license.php.
+#  THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+#  WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+#
+##
+
+[Defines]
+  INF_VERSION                    = 0x00010005
+  BASE_NAME                      = FmpAuthenticationLibNull
+  MODULE_UNI_FILE                = FmpAuthenticationLibNull.uni
+  FILE_GUID                      = 5011522C-7B0E-4ACB-8E30-9B1D133CF2E0
+  MODULE_TYPE                    = BASE
+  VERSION_STRING                 = 1.0
+  LIBRARY_CLASS                  = FmpAuthenticationLib
+
+#
+# The following information is for reference only and not required by the build tools.
+#
+#  VALID_ARCHITECTURES           = IA32 X64 IPF EBC
+#
+
+[Sources]
+  FmpAuthenticationLibNull.c
+
+[Packages]
+  MdePkg/MdePkg.dec
+  MdeModulePkg/MdeModulePkg.dec
+
+[LibraryClasses]
+  DebugLib
diff --git a/MdeModulePkg/Library/FmpAuthenticationLibNull/FmpAuthenticationLibNull.uni b/MdeModulePkg/Library/FmpAuthenticationLibNull/FmpAuthenticationLibNull.uni
new file mode 100644
index 0000000..69fd6e1
--- /dev/null
+++ b/MdeModulePkg/Library/FmpAuthenticationLibNull/FmpAuthenticationLibNull.uni
@@ -0,0 +1,22 @@
+// /** @file
+// FmpAuthentication Library
+//
+// NULL Instance of FmpAuthentication Library.
+//
+// Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
+//
+// This program and the accompanying materials
+// are licensed and made available under the terms and conditions of the BSD License
+// which accompanies this distribution.  The full text of the license may be found at
+// http://opensource.org/licenses/bsd-license.php
+//
+// THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+// WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+//
+// **/
+
+
+#string STR_MODULE_ABSTRACT             #language en-US "FmpAuthentication Library"
+
+#string STR_MODULE_DESCRIPTION          #language en-US "NULL Instance of FmpAuthentication Library."
+
-- 
2.7.4.windows.1



^ permalink raw reply related	[flat|nested] 16+ messages in thread

* [PATCH V6 05/15] MdeModulePkg/DxeCapsuleLibNull: Add ProcessCapsules() interface.
  2016-10-28  5:46 [PATCH V6 00/15] Add capsule support lib and app Jiewen Yao
                   ` (3 preceding siblings ...)
  2016-10-28  5:46 ` [PATCH V6 04/15] MdeModulePkg/FmpAuthenticationLibNull: Add NULL instance FMP Jiewen Yao
@ 2016-10-28  5:46 ` Jiewen Yao
  2016-10-28  5:46 ` [PATCH V6 06/15] MdeModulePkg/DxeCapsuleLibFmp: Add DxeCapsuleLibFmp instance Jiewen Yao
                   ` (9 subsequent siblings)
  14 siblings, 0 replies; 16+ messages in thread
From: Jiewen Yao @ 2016-10-28  5:46 UTC (permalink / raw)
  To: edk2-devel; +Cc: Feng Tian, Star Zeng, Michael D Kinney, Liming Gao, Chao Zhang

Add ProcessCapsules() interface for DxeCapsuleLibNull.

Cc: Feng Tian <feng.tian@intel.com>
Cc: Star Zeng <star.zeng@intel.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Liming Gao <liming.gao@intel.com>
Cc: Chao Zhang <chao.b.zhang@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Jiewen Yao <jiewen.yao@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
---
 MdeModulePkg/Library/DxeCapsuleLibNull/DxeCapsuleLibNull.c | 48 ++++++++++++++++++--
 1 file changed, 45 insertions(+), 3 deletions(-)

diff --git a/MdeModulePkg/Library/DxeCapsuleLibNull/DxeCapsuleLibNull.c b/MdeModulePkg/Library/DxeCapsuleLibNull/DxeCapsuleLibNull.c
index fb5c255..b064240 100644
--- a/MdeModulePkg/Library/DxeCapsuleLibNull/DxeCapsuleLibNull.c
+++ b/MdeModulePkg/Library/DxeCapsuleLibNull/DxeCapsuleLibNull.c
@@ -1,7 +1,7 @@
 /** @file
   Null Dxe Capsule Library instance does nothing and returns unsupport status.
 
-Copyright (c) 2007 - 2008, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2007 - 2016, Intel Corporation. All rights reserved.<BR>
 This program and the accompanying materials
 are licensed and made available under the terms and conditions of the BSD License
 which accompanies this distribution.  The full text of the license may be found at
@@ -17,7 +17,9 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
 /**
   The firmware checks whether the capsule image is supported 
   by the CapsuleGuid in CapsuleHeader or other specific information in capsule image.
-  
+
+  Caution: This function may receive untrusted input.
+
   @param  CapsuleHeader    Point to the UEFI capsule image to be checked.
   
   @retval EFI_UNSUPPORTED  Input capsule is not supported by the firmware.
@@ -34,7 +36,9 @@ SupportCapsuleImage (
 /**
   The firmware specific implementation processes the capsule image
   if it recognized the format of this capsule image.
-  
+
+  Caution: This function may receive untrusted input.
+
   @param  CapsuleHeader    Point to the UEFI capsule image to be processed. 
    
   @retval EFI_UNSUPPORTED  Capsule image is not supported by the firmware.
@@ -48,4 +52,42 @@ ProcessCapsuleImage (
   return EFI_UNSUPPORTED;
 }
 
+/**
+
+  This routine is called to process capsules.
+
+  Caution: This function may receive untrusted input.
+
+  The capsules reported in EFI_HOB_UEFI_CAPSULE are processed.
+  If there is no EFI_HOB_UEFI_CAPSULE, this routine does nothing.
+
+  This routine should be called twice in BDS.
+  1) The first call must be before EndOfDxe. The system capsules is processed.
+     If device capsule FMP protocols are exposted at this time and device FMP
+     capsule has zero EmbeddedDriverCount, the device capsules are processed.
+     Each individual capsule result is recorded in capsule record variable.
+     System may reset in this function, if reset is required by capsule and
+     all capsules are processed.
+     If not all capsules are processed, reset will be defered to second call.
+
+  2) The second call must be after EndOfDxe and after ConnectAll, so that all
+     device capsule FMP protocols are exposed.
+     The system capsules are skipped. If the device capsules are NOT processed
+     in first call, they are processed here.
+     Each individual capsule result is recorded in capsule record variable.
+     System may reset in this function, if reset is required by capsule
+     processed in first call and second call.
+
+  @retval EFI_SUCCESS             There is no error when processing capsules.
+  @retval EFI_OUT_OF_RESOURCES    No enough resource to process capsules.
+
+**/
+EFI_STATUS
+EFIAPI
+ProcessCapsules (
+  VOID
+  )
+{
+  return EFI_UNSUPPORTED;
+}
 
-- 
2.7.4.windows.1



^ permalink raw reply related	[flat|nested] 16+ messages in thread

* [PATCH V6 06/15] MdeModulePkg/DxeCapsuleLibFmp: Add DxeCapsuleLibFmp instance.
  2016-10-28  5:46 [PATCH V6 00/15] Add capsule support lib and app Jiewen Yao
                   ` (4 preceding siblings ...)
  2016-10-28  5:46 ` [PATCH V6 05/15] MdeModulePkg/DxeCapsuleLibNull: Add ProcessCapsules() interface Jiewen Yao
@ 2016-10-28  5:46 ` Jiewen Yao
  2016-10-28  5:46 ` [PATCH V6 07/15] MdeModulePkg/Esrt: Add ESRT_FW_TYPE_SYSTEMFIRMWARE check Jiewen Yao
                   ` (8 subsequent siblings)
  14 siblings, 0 replies; 16+ messages in thread
From: Jiewen Yao @ 2016-10-28  5:46 UTC (permalink / raw)
  To: edk2-devel; +Cc: Feng Tian, Star Zeng, Michael D Kinney, Liming Gao, Chao Zhang

This instance handles Microsoft UX capsule, UEFI defined FMP capsule.
This instance should not assume any capsule image format.

Cc: Feng Tian <feng.tian@intel.com>
Cc: Star Zeng <star.zeng@intel.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Liming Gao <liming.gao@intel.com>
Cc: Chao Zhang <chao.b.zhang@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Jiewen Yao <jiewen.yao@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
---
 MdeModulePkg/Library/DxeCapsuleLibFmp/DxeCapsuleLib.c            | 1363 ++++++++++++++++++++
 MdeModulePkg/Library/DxeCapsuleLibFmp/DxeCapsuleLib.inf          |   80 ++
 MdeModulePkg/Library/DxeCapsuleLibFmp/DxeCapsuleLib.uni          |   22 +
 MdeModulePkg/Library/DxeCapsuleLibFmp/DxeCapsuleProcessLib.c     |  475 +++++++
 MdeModulePkg/Library/DxeCapsuleLibFmp/DxeCapsuleProcessLibNull.c |   57 +
 MdeModulePkg/Library/DxeCapsuleLibFmp/DxeCapsuleReportLib.c      |  489 +++++++
 MdeModulePkg/Library/DxeCapsuleLibFmp/DxeCapsuleReportLibNull.c  |   91 ++
 MdeModulePkg/Library/DxeCapsuleLibFmp/DxeCapsuleRuntime.c        |  112 ++
 MdeModulePkg/Library/DxeCapsuleLibFmp/DxeRuntimeCapsuleLib.inf   |   83 ++
 MdeModulePkg/Library/DxeCapsuleLibFmp/DxeRuntimeCapsuleLib.uni   |   22 +
 10 files changed, 2794 insertions(+)

diff --git a/MdeModulePkg/Library/DxeCapsuleLibFmp/DxeCapsuleLib.c b/MdeModulePkg/Library/DxeCapsuleLibFmp/DxeCapsuleLib.c
new file mode 100644
index 0000000..e5dbb74
--- /dev/null
+++ b/MdeModulePkg/Library/DxeCapsuleLibFmp/DxeCapsuleLib.c
@@ -0,0 +1,1363 @@
+/** @file
+  DXE capsule library.
+
+  Caution: This module requires additional review when modified.
+  This module will have external input - capsule image.
+  This external input must be validated carefully to avoid security issue like
+  buffer overflow, integer overflow.
+
+  SupportCapsuleImage(), ProcessCapsuleImage(), IsValidCapsuleHeader(),
+  ValidateFmpCapsule(), DisplayCapsuleImage(), ConvertBmpToGopBlt() will
+  receive untrusted input and do basic validation.
+
+  Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
+  This program and the accompanying materials
+  are licensed and made available under the terms and conditions of the BSD License
+  which accompanies this distribution.  The full text of the license may be found at
+  http://opensource.org/licenses/bsd-license.php
+
+  THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+  WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+
+**/
+
+#include <PiDxe.h>
+
+#include <IndustryStandard/Bmp.h>
+#include <IndustryStandard/WindowsUxCapsule.h>
+
+#include <Guid/FmpCapsule.h>
+#include <Guid/SystemResourceTable.h>
+#include <Guid/EventGroup.h>
+
+#include <Library/BaseLib.h>
+#include <Library/DebugLib.h>
+#include <Library/BaseMemoryLib.h>
+#include <Library/DxeServicesTableLib.h>
+#include <Library/UefiBootServicesTableLib.h>
+#include <Library/UefiRuntimeServicesTableLib.h>
+#include <Library/MemoryAllocationLib.h>
+#include <Library/CapsuleLib.h>
+#include <Library/DevicePathLib.h>
+#include <Library/UefiLib.h>
+#include <Library/PcdLib.h>
+
+#include <Protocol/GraphicsOutput.h>
+#include <Protocol/EsrtManagement.h>
+#include <Protocol/FirmwareManagement.h>
+#include <Protocol/DevicePath.h>
+
+BOOLEAN            mAreAllImagesProcessed;
+
+EFI_SYSTEM_RESOURCE_TABLE *mEsrtTable              = NULL;
+BOOLEAN                   mIsVirtualAddrConverted  = FALSE;
+BOOLEAN                   mDxeCapsuleLibEndOfDxe   = FALSE;
+
+/**
+  Initialize capsule related variables.
+**/
+VOID
+InitCapsuleVariable (
+  VOID
+  );
+
+/**
+  Check if this FMP capsule is processed.
+
+  @param[in] CapsuleHeader  The capsule image header
+  @param[in] PayloadIndex   FMP payload index
+  @param[in] ImageHeader    FMP image header
+
+  @retval TRUE  This FMP capsule is processed.
+  @retval FALSE This FMP capsule is not processed.
+**/
+BOOLEAN
+IsFmpCapsuleProcessed (
+  IN EFI_CAPSULE_HEADER                            *CapsuleHeader,
+  IN UINTN                                         PayloadIndex,
+  IN EFI_FIRMWARE_MANAGEMENT_CAPSULE_IMAGE_HEADER  *ImageHeader
+  );
+
+/**
+  Record capsule status variable.
+
+  @param[in] CapsuleHeader  The capsule image header
+  @param[in] CapsuleStatus  The capsule process stauts
+
+  @retval EFI_SUCCESS          The capsule status variable is recorded.
+  @retval EFI_OUT_OF_RESOURCES No resource to record the capsule status variable.
+**/
+EFI_STATUS
+RecordCapsuleStatusVariable (
+  IN EFI_CAPSULE_HEADER                           *CapsuleHeader,
+  IN EFI_STATUS                                   CapsuleStatus
+  );
+
+/**
+  Record FMP capsule status variable.
+
+  @param[in] CapsuleHeader  The capsule image header
+  @param[in] CapsuleStatus  The capsule process stauts
+  @param[in] PayloadIndex   FMP payload index
+  @param[in] ImageHeader    FMP image header
+
+  @retval EFI_SUCCESS          The capsule status variable is recorded.
+  @retval EFI_OUT_OF_RESOURCES No resource to record the capsule status variable.
+**/
+EFI_STATUS
+RecordFmpCapsuleStatusVariable (
+  IN EFI_CAPSULE_HEADER                            *CapsuleHeader,
+  IN EFI_STATUS                                    CapsuleStatus,
+  IN UINTN                                         PayloadIndex,
+  IN EFI_FIRMWARE_MANAGEMENT_CAPSULE_IMAGE_HEADER  *ImageHeader
+  );
+
+/**
+  Function indicate the current completion progress of the firmware
+  update. Platform may override with own specific progress function.
+
+  @param[in]  Completion    A value between 1 and 100 indicating the current completion progress of the firmware update
+
+  @retval EFI_SUCESS    Input capsule is a correct FMP capsule.
+**/
+EFI_STATUS
+EFIAPI
+Update_Image_Progress (
+  IN UINTN  Completion
+  )
+{
+  return EFI_SUCCESS;
+}
+
+/**
+  Return if this CapsuleGuid is a FMP capsule GUID or not.
+
+  @param[in] CapsuleGuid A pointer to EFI_GUID
+
+  @retval TRUE  It is a FMP capsule GUID.
+  @retval FALSE It is not a FMP capsule GUID.
+**/
+BOOLEAN
+IsFmpCapsuleGuid (
+  IN EFI_GUID  *CapsuleGuid
+  )
+{
+  if (CompareGuid(&gEfiFmpCapsuleGuid, CapsuleGuid)) {
+    return TRUE;
+  }
+
+  return FALSE;
+}
+
+/**
+  Validate if it is valid capsule header
+
+  Caution: This function may receive untrusted input.
+
+  This function assumes the caller provided correct CapsuleHeader pointer
+  and CapsuleSize.
+
+  This function validates the fields in EFI_CAPSULE_HEADER.
+
+  @param[in]  CapsuleHeader    Points to a capsule header.
+  @param[in]  CapsuleSize      Size of the whole capsule image.
+
+**/
+BOOLEAN
+IsValidCapsuleHeader (
+  IN EFI_CAPSULE_HEADER  *CapsuleHeader,
+  IN UINT64              CapsuleSize
+  )
+{
+  if (CapsuleHeader->CapsuleImageSize != CapsuleSize) {
+    return FALSE;
+  }
+  if (CapsuleHeader->HeaderSize >= CapsuleHeader->CapsuleImageSize) {
+    return FALSE;
+  }
+  return TRUE;
+}
+
+/**
+  Validate Fmp capsules layout.
+
+  Caution: This function may receive untrusted input.
+
+  This function assumes the caller validated the capsule by using
+  IsValidCapsuleHeader(), so that all fields in EFI_CAPSULE_HEADER are correct.
+  The capsule buffer size is CapsuleHeader->CapsuleImageSize.
+
+  This function validates the fields in EFI_FIRMWARE_MANAGEMENT_CAPSULE_HEADER
+  and EFI_FIRMWARE_MANAGEMENT_CAPSULE_IMAGE_HEADER.
+
+  This function need support nested FMP capsule.
+
+  @param[in]   CapsuleHeader        Points to a capsule header.
+  @param[out]  EmbeddedDriverCount  The EmbeddedDriverCount in the FMP capsule.
+
+  @retval EFI_SUCESS             Input capsule is a correct FMP capsule.
+  @retval EFI_INVALID_PARAMETER  Input capsule is not a correct FMP capsule.
+**/
+EFI_STATUS
+ValidateFmpCapsule (
+  IN EFI_CAPSULE_HEADER  *CapsuleHeader,
+  OUT UINT16             *EmbeddedDriverCount OPTIONAL
+  )
+{
+  EFI_FIRMWARE_MANAGEMENT_CAPSULE_HEADER       *FmpCapsuleHeader;
+  UINT8                                        *EndOfCapsule;
+  EFI_FIRMWARE_MANAGEMENT_CAPSULE_IMAGE_HEADER *ImageHeader;
+  UINT8                                        *EndOfPayload;
+  UINT64                                       *ItemOffsetList;
+  UINT32                                       ItemNum;
+  UINTN                                        Index;
+  UINTN                                        FmpCapsuleSize;
+  UINTN                                        FmpCapsuleHeaderSize;
+  UINT64                                       FmpImageSize;
+  UINTN                                        FmpImageHeaderSize;
+
+  if (!IsFmpCapsuleGuid(&CapsuleHeader->CapsuleGuid)) {
+    return ValidateFmpCapsule ((EFI_CAPSULE_HEADER *)((UINTN)CapsuleHeader + CapsuleHeader->HeaderSize), EmbeddedDriverCount);
+  }
+
+  if (CapsuleHeader->HeaderSize >= CapsuleHeader->CapsuleImageSize) {
+    DEBUG((EFI_D_ERROR, "HeaderSize(0x%x) >= CapsuleImageSize(0x%x)\n", CapsuleHeader->HeaderSize, CapsuleHeader->CapsuleImageSize));
+    return EFI_INVALID_PARAMETER;
+  }
+
+  FmpCapsuleHeader = (EFI_FIRMWARE_MANAGEMENT_CAPSULE_HEADER *) ((UINT8 *) CapsuleHeader + CapsuleHeader->HeaderSize);
+  EndOfCapsule     = (UINT8 *) CapsuleHeader + CapsuleHeader->CapsuleImageSize;
+  FmpCapsuleSize   = (UINTN)EndOfCapsule - (UINTN)FmpCapsuleHeader;
+
+  if (FmpCapsuleSize < sizeof(EFI_FIRMWARE_MANAGEMENT_CAPSULE_HEADER)) {
+    DEBUG((EFI_D_ERROR, "FmpCapsuleSize(0x%x) < EFI_FIRMWARE_MANAGEMENT_CAPSULE_HEADER\n", FmpCapsuleSize));
+    return EFI_INVALID_PARAMETER;
+  }
+
+  // Check EFI_FIRMWARE_MANAGEMENT_CAPSULE_HEADER
+  if (FmpCapsuleHeader->Version != EFI_FIRMWARE_MANAGEMENT_CAPSULE_HEADER_INIT_VERSION) {
+    DEBUG((EFI_D_ERROR, "FmpCapsuleHeader->Version(0x%x) != EFI_FIRMWARE_MANAGEMENT_CAPSULE_HEADER_INIT_VERSION\n", FmpCapsuleHeader->Version));
+    return EFI_INVALID_PARAMETER;
+  }
+  ItemOffsetList = (UINT64 *)(FmpCapsuleHeader + 1);
+
+  // No overflow
+  ItemNum = FmpCapsuleHeader->EmbeddedDriverCount + FmpCapsuleHeader->PayloadItemCount;
+
+  if ((FmpCapsuleSize - sizeof(EFI_FIRMWARE_MANAGEMENT_CAPSULE_HEADER))/sizeof(UINT64) < ItemNum) {
+    DEBUG((EFI_D_ERROR, "ItemNum(0x%x) too big\n", ItemNum));
+    return EFI_INVALID_PARAMETER;
+  }
+  FmpCapsuleHeaderSize = sizeof(EFI_FIRMWARE_MANAGEMENT_CAPSULE_HEADER) + sizeof(UINT64)*ItemNum;
+
+  // Check ItemOffsetList
+  for (Index = 0; Index < ItemNum; Index++) {
+    if (ItemOffsetList[Index] >= FmpCapsuleSize) {
+      DEBUG((EFI_D_ERROR, "ItemOffsetList[%d](0x%lx) >= FmpCapsuleSize(0x%x)\n", Index, ItemOffsetList[Index], FmpCapsuleSize));
+      return EFI_INVALID_PARAMETER;
+    }
+    if (ItemOffsetList[Index] < FmpCapsuleHeaderSize) {
+      DEBUG((EFI_D_ERROR, "ItemOffsetList[%d](0x%lx) < FmpCapsuleHeaderSize(0x%x)\n", Index, ItemOffsetList[Index], FmpCapsuleHeaderSize));
+      return EFI_INVALID_PARAMETER;
+    }
+    //
+    // All the address in ItemOffsetList must be stored in ascending order
+    //
+    if (Index > 0) {
+      if (ItemOffsetList[Index] <= ItemOffsetList[Index - 1]) {
+        DEBUG((EFI_D_ERROR, "ItemOffsetList[%d](0x%lx) < ItemOffsetList[%d](0x%x)\n", Index, ItemOffsetList[Index], Index, ItemOffsetList[Index - 1]));
+        return EFI_INVALID_PARAMETER;
+      }
+    }
+  }
+
+  // Check EFI_FIRMWARE_MANAGEMENT_CAPSULE_IMAGE_HEADER
+  for (Index = FmpCapsuleHeader->EmbeddedDriverCount; Index < ItemNum; Index++) {
+    ImageHeader  = (EFI_FIRMWARE_MANAGEMENT_CAPSULE_IMAGE_HEADER *)((UINT8 *)FmpCapsuleHeader + ItemOffsetList[Index]);
+    if (Index == ItemNum - 1) {
+      EndOfPayload = (UINT8 *)((UINTN)EndOfCapsule - (UINTN)FmpCapsuleHeader);
+    } else {
+      EndOfPayload = (UINT8 *)(UINTN)ItemOffsetList[Index+1];
+    }
+    FmpImageSize = (UINTN)EndOfPayload - ItemOffsetList[Index];
+
+    if (FmpImageSize < OFFSET_OF(EFI_FIRMWARE_MANAGEMENT_CAPSULE_IMAGE_HEADER, UpdateHardwareInstance)) {
+      DEBUG((EFI_D_ERROR, "FmpImageSize(0x%lx) < EFI_FIRMWARE_MANAGEMENT_CAPSULE_IMAGE_HEADER\n", FmpImageSize));
+      return EFI_INVALID_PARAMETER;
+    }
+    FmpImageHeaderSize = sizeof(EFI_FIRMWARE_MANAGEMENT_CAPSULE_IMAGE_HEADER);
+    if ((ImageHeader->Version > EFI_FIRMWARE_MANAGEMENT_CAPSULE_IMAGE_HEADER_INIT_VERSION) ||
+        (ImageHeader->Version < 1)) {
+      DEBUG((EFI_D_ERROR, "ImageHeader->Version(0x%x) Unknown\n", ImageHeader->Version));
+      return EFI_INVALID_PARAMETER;
+    }
+    if (ImageHeader->Version < EFI_FIRMWARE_MANAGEMENT_CAPSULE_IMAGE_HEADER_INIT_VERSION) {
+      FmpImageHeaderSize = OFFSET_OF(EFI_FIRMWARE_MANAGEMENT_CAPSULE_IMAGE_HEADER, UpdateHardwareInstance);
+    }
+
+    // No overflow
+    if (FmpImageSize != (UINT64)FmpImageHeaderSize + (UINT64)ImageHeader->UpdateImageSize + (UINT64)ImageHeader->UpdateVendorCodeSize) {
+      DEBUG((EFI_D_ERROR, "FmpImageSize(0x%lx) mismatch, UpdateImageSize(0x%x) UpdateVendorCodeSize(0x%x)\n", FmpImageSize, ImageHeader->UpdateImageSize, ImageHeader->UpdateVendorCodeSize));
+      return EFI_INVALID_PARAMETER;
+    }
+  }
+
+  if (ItemNum == 0) {
+    //
+    // No driver & payload element in FMP
+    //
+    EndOfPayload = (UINT8 *)(FmpCapsuleHeader + 1);
+    if (EndOfPayload != EndOfCapsule) {
+      DEBUG((EFI_D_ERROR, "EndOfPayload(0x%x) mismatch, EndOfCapsule(0x%x)\n", EndOfPayload, EndOfCapsule));
+      return EFI_INVALID_PARAMETER;
+    }
+    return EFI_UNSUPPORTED;
+  }
+
+  if (EmbeddedDriverCount != NULL) {
+    *EmbeddedDriverCount = FmpCapsuleHeader->EmbeddedDriverCount;
+  }
+
+  return EFI_SUCCESS;
+}
+
+/**
+  Convert a *.BMP graphics image to a GOP blt buffer. If a NULL Blt buffer
+  is passed in a GopBlt buffer will be allocated by this routine. If a GopBlt
+  buffer is passed in it will be used if it is big enough.
+
+  Caution: This function may receive untrusted input.
+
+  @param[in]       BmpImage      Pointer to BMP file
+  @param[in]       BmpImageSize  Number of bytes in BmpImage
+  @param[in, out]  GopBlt        Buffer containing GOP version of BmpImage.
+  @param[in, out]  GopBltSize    Size of GopBlt in bytes.
+  @param[out]      PixelHeight   Height of GopBlt/BmpImage in pixels
+  @param[out]      PixelWidth    Width of GopBlt/BmpImage in pixels
+
+  @retval EFI_SUCCESS           GopBlt and GopBltSize are returned.
+  @retval EFI_UNSUPPORTED       BmpImage is not a valid *.BMP image
+  @retval EFI_BUFFER_TOO_SMALL  The passed in GopBlt buffer is not big enough.
+                                GopBltSize will contain the required size.
+  @retval EFI_OUT_OF_RESOURCES  No enough buffer to allocate.
+
+**/
+STATIC
+EFI_STATUS
+ConvertBmpToGopBlt (
+  IN     VOID      *BmpImage,
+  IN     UINTN     BmpImageSize,
+  IN OUT VOID      **GopBlt,
+  IN OUT UINTN     *GopBltSize,
+     OUT UINTN     *PixelHeight,
+     OUT UINTN     *PixelWidth
+  )
+{
+  UINT8                         *Image;
+  UINT8                         *ImageHeader;
+  BMP_IMAGE_HEADER              *BmpHeader;
+  BMP_COLOR_MAP                 *BmpColorMap;
+  EFI_GRAPHICS_OUTPUT_BLT_PIXEL *BltBuffer;
+  EFI_GRAPHICS_OUTPUT_BLT_PIXEL *Blt;
+  UINT64                        BltBufferSize;
+  UINTN                         Index;
+  UINTN                         Height;
+  UINTN                         Width;
+  UINTN                         ImageIndex;
+  UINT32                        DataSizePerLine;
+  BOOLEAN                       IsAllocated;
+  UINT32                        ColorMapNum;
+
+  if (sizeof (BMP_IMAGE_HEADER) > BmpImageSize) {
+    return EFI_INVALID_PARAMETER;
+  }
+
+  BmpHeader = (BMP_IMAGE_HEADER *) BmpImage;
+
+  if (BmpHeader->CharB != 'B' || BmpHeader->CharM != 'M') {
+    return EFI_UNSUPPORTED;
+  }
+
+  //
+  // Doesn't support compress.
+  //
+  if (BmpHeader->CompressionType != 0) {
+    return EFI_UNSUPPORTED;
+  }
+
+  //
+  // Only support BITMAPINFOHEADER format.
+  // BITMAPFILEHEADER + BITMAPINFOHEADER = BMP_IMAGE_HEADER
+  //
+  if (BmpHeader->HeaderSize != sizeof (BMP_IMAGE_HEADER) - OFFSET_OF(BMP_IMAGE_HEADER, HeaderSize)) {
+    return EFI_UNSUPPORTED;
+  }
+
+  //
+  // The data size in each line must be 4 byte alignment.
+  //
+  DataSizePerLine = ((BmpHeader->PixelWidth * BmpHeader->BitPerPixel + 31) >> 3) & (~0x3);
+  BltBufferSize = MultU64x32 (DataSizePerLine, BmpHeader->PixelHeight);
+  if (BltBufferSize > (UINT32) ~0) {
+    return EFI_INVALID_PARAMETER;
+  }
+
+  if ((BmpHeader->Size != BmpImageSize) ||
+      (BmpHeader->Size < BmpHeader->ImageOffset) ||
+      (BmpHeader->Size - BmpHeader->ImageOffset !=  BmpHeader->PixelHeight * DataSizePerLine)) {
+    return EFI_INVALID_PARAMETER;
+  }
+
+  //
+  // Calculate Color Map offset in the image.
+  //
+  Image       = BmpImage;
+  BmpColorMap = (BMP_COLOR_MAP *) (Image + sizeof (BMP_IMAGE_HEADER));
+  if (BmpHeader->ImageOffset < sizeof (BMP_IMAGE_HEADER)) {
+    return EFI_INVALID_PARAMETER;
+  }
+
+  if (BmpHeader->ImageOffset > sizeof (BMP_IMAGE_HEADER)) {
+    switch (BmpHeader->BitPerPixel) {
+      case 1:
+        ColorMapNum = 2;
+        break;
+      case 4:
+        ColorMapNum = 16;
+        break;
+      case 8:
+        ColorMapNum = 256;
+        break;
+      default:
+        ColorMapNum = 0;
+        break;
+      }
+    //
+    // BMP file may has padding data between the bmp header section and the bmp data section.
+    //
+    if (BmpHeader->ImageOffset - sizeof (BMP_IMAGE_HEADER) < sizeof (BMP_COLOR_MAP) * ColorMapNum) {
+      return EFI_INVALID_PARAMETER;
+    }
+  }
+
+  //
+  // Calculate graphics image data address in the image
+  //
+  Image         = ((UINT8 *) BmpImage) + BmpHeader->ImageOffset;
+  ImageHeader   = Image;
+
+  //
+  // Calculate the BltBuffer needed size.
+  //
+  BltBufferSize = MultU64x32 ((UINT64) BmpHeader->PixelWidth, BmpHeader->PixelHeight);
+  //
+  // Ensure the BltBufferSize * sizeof (EFI_GRAPHICS_OUTPUT_BLT_PIXEL) doesn't overflow
+  //
+  if (BltBufferSize > DivU64x32 ((UINTN) ~0, sizeof (EFI_GRAPHICS_OUTPUT_BLT_PIXEL))) {
+    return EFI_UNSUPPORTED;
+  }
+  BltBufferSize = MultU64x32 (BltBufferSize, sizeof (EFI_GRAPHICS_OUTPUT_BLT_PIXEL));
+
+  IsAllocated   = FALSE;
+  if (*GopBlt == NULL) {
+    //
+    // GopBlt is not allocated by caller.
+    //
+    *GopBltSize = (UINTN) BltBufferSize;
+    *GopBlt     = AllocatePool (*GopBltSize);
+    IsAllocated = TRUE;
+    if (*GopBlt == NULL) {
+      return EFI_OUT_OF_RESOURCES;
+    }
+  } else {
+    //
+    // GopBlt has been allocated by caller.
+    //
+    if (*GopBltSize < (UINTN) BltBufferSize) {
+      *GopBltSize = (UINTN) BltBufferSize;
+      return EFI_BUFFER_TOO_SMALL;
+    }
+  }
+
+  *PixelWidth   = BmpHeader->PixelWidth;
+  *PixelHeight  = BmpHeader->PixelHeight;
+
+  //
+  // Convert image from BMP to Blt buffer format
+  //
+  BltBuffer = *GopBlt;
+  for (Height = 0; Height < BmpHeader->PixelHeight; Height++) {
+    Blt = &BltBuffer[(BmpHeader->PixelHeight - Height - 1) * BmpHeader->PixelWidth];
+    for (Width = 0; Width < BmpHeader->PixelWidth; Width++, Image++, Blt++) {
+      switch (BmpHeader->BitPerPixel) {
+      case 1:
+        //
+        // Convert 1-bit (2 colors) BMP to 24-bit color
+        //
+        for (Index = 0; Index < 8 && Width < BmpHeader->PixelWidth; Index++) {
+          Blt->Red    = BmpColorMap[((*Image) >> (7 - Index)) & 0x1].Red;
+          Blt->Green  = BmpColorMap[((*Image) >> (7 - Index)) & 0x1].Green;
+          Blt->Blue   = BmpColorMap[((*Image) >> (7 - Index)) & 0x1].Blue;
+          Blt++;
+          Width++;
+        }
+
+        Blt--;
+        Width--;
+        break;
+
+      case 4:
+        //
+        // Convert 4-bit (16 colors) BMP Palette to 24-bit color
+        //
+        Index       = (*Image) >> 4;
+        Blt->Red    = BmpColorMap[Index].Red;
+        Blt->Green  = BmpColorMap[Index].Green;
+        Blt->Blue   = BmpColorMap[Index].Blue;
+        if (Width < (BmpHeader->PixelWidth - 1)) {
+          Blt++;
+          Width++;
+          Index       = (*Image) & 0x0f;
+          Blt->Red    = BmpColorMap[Index].Red;
+          Blt->Green  = BmpColorMap[Index].Green;
+          Blt->Blue   = BmpColorMap[Index].Blue;
+        }
+        break;
+
+      case 8:
+        //
+        // Convert 8-bit (256 colors) BMP Palette to 24-bit color
+        //
+        Blt->Red    = BmpColorMap[*Image].Red;
+        Blt->Green  = BmpColorMap[*Image].Green;
+        Blt->Blue   = BmpColorMap[*Image].Blue;
+        break;
+
+      case 24:
+        //
+        // It is 24-bit BMP.
+        //
+        Blt->Blue   = *Image++;
+        Blt->Green  = *Image++;
+        Blt->Red    = *Image;
+        break;
+
+      case 32:
+        //
+        // it is 32-bit BMP. Skip pixel's highest byte
+        //
+        Blt->Blue  = *Image++;
+        Blt->Green = *Image++;
+        Blt->Red   = *Image++;
+        break;
+
+      default:
+        //
+        // Other bit format BMP is not supported.
+        //
+        if (IsAllocated) {
+          FreePool (*GopBlt);
+          *GopBlt = NULL;
+        }
+        return EFI_UNSUPPORTED;
+      };
+
+    }
+
+    ImageIndex = (UINTN) (Image - ImageHeader);
+    if ((ImageIndex % 4) != 0) {
+      //
+      // Bmp Image starts each row on a 32-bit boundary!
+      //
+      Image = Image + (4 - (ImageIndex % 4));
+    }
+  }
+
+  return EFI_SUCCESS;
+}
+
+
+/**
+  Those capsules supported by the firmwares.
+
+  Caution: This function may receive untrusted input.
+
+  @param[in]  CapsuleHeader    Points to a capsule header.
+
+  @retval EFI_SUCESS       Input capsule is supported by firmware.
+  @retval EFI_UNSUPPORTED  Input capsule is not supported by the firmware.
+**/
+EFI_STATUS
+DisplayCapsuleImage (
+  IN EFI_CAPSULE_HEADER  *CapsuleHeader
+  )
+{
+  DISPLAY_DISPLAY_PAYLOAD       *ImagePayload;
+  UINTN                         PayloadSize;
+  EFI_STATUS                    Status;
+  EFI_GRAPHICS_OUTPUT_BLT_PIXEL *Blt;
+  UINTN                         BltSize;
+  UINTN                         Height;
+  UINTN                         Width;
+  EFI_GRAPHICS_OUTPUT_PROTOCOL  *GraphicsOutput;
+
+  ImagePayload = (DISPLAY_DISPLAY_PAYLOAD *)(CapsuleHeader + 1);
+  PayloadSize = (UINTN)(CapsuleHeader->CapsuleImageSize - sizeof(EFI_CAPSULE_HEADER));
+
+  if (ImagePayload->Version != 1) {
+    return EFI_UNSUPPORTED;
+  }
+  if (CalculateCheckSum8((UINT8 *)CapsuleHeader, CapsuleHeader->CapsuleImageSize) != 0) {
+    return EFI_UNSUPPORTED;
+  }
+  //
+  // Only Support Bitmap by now
+  //
+  if (ImagePayload->ImageType != 0) {
+    return EFI_UNSUPPORTED;
+  }
+
+  //
+  // Try to open GOP
+  //
+  Status = gBS->HandleProtocol (gST->ConsoleOutHandle, &gEfiGraphicsOutputProtocolGuid, (VOID **)&GraphicsOutput);
+  if (EFI_ERROR (Status)) {
+    Status = gBS->LocateProtocol(&gEfiGraphicsOutputProtocolGuid, NULL, (VOID **)&GraphicsOutput);
+    if (EFI_ERROR(Status)) {
+      return EFI_UNSUPPORTED;
+    }
+  }
+
+  if (GraphicsOutput->Mode->Mode != ImagePayload->Mode) {
+    return EFI_UNSUPPORTED;
+  }
+
+  Blt = NULL;
+  Width = 0;
+  Height = 0;
+  Status = ConvertBmpToGopBlt (
+             ImagePayload + 1,
+             PayloadSize - sizeof(DISPLAY_DISPLAY_PAYLOAD),
+             (VOID **)&Blt,
+             &BltSize,
+             &Height,
+             &Width
+             );
+
+  if (EFI_ERROR (Status)) {
+    return Status;
+  }
+
+  Status = GraphicsOutput->Blt (
+                             GraphicsOutput,
+                             Blt,
+                             EfiBltBufferToVideo,
+                             0,
+                             0,
+                             (UINTN) ImagePayload->OffsetX,
+                             (UINTN) ImagePayload->OffsetY,
+                             Width,
+                             Height,
+                             Width * sizeof (EFI_GRAPHICS_OUTPUT_BLT_PIXEL)
+                             );
+
+  FreePool(Blt);
+
+  return Status;
+}
+
+/**
+  Dump FMP information.
+
+  @param[in] ImageInfoSize       The size of ImageInfo, in bytes.
+  @param[in] ImageInfo           A pointer to EFI_FIRMWARE_IMAGE_DESCRIPTOR.
+  @param[in] DescriptorVersion   The version of EFI_FIRMWARE_IMAGE_DESCRIPTOR.
+  @param[in] DescriptorCount     The count of EFI_FIRMWARE_IMAGE_DESCRIPTOR.
+  @param[in] DescriptorSize      The size of an individual EFI_FIRMWARE_IMAGE_DESCRIPTOR, in bytes.
+  @param[in] PackageVersion      The version of package.
+  @param[in] PackageVersionName  The version name of package.
+**/
+VOID
+DumpFmpImageInfo (
+  IN UINTN                           ImageInfoSize,
+  IN EFI_FIRMWARE_IMAGE_DESCRIPTOR   *ImageInfo,
+  IN UINT32                          DescriptorVersion,
+  IN UINT8                           DescriptorCount,
+  IN UINTN                           DescriptorSize,
+  IN UINT32                          PackageVersion,
+  IN CHAR16                          *PackageVersionName
+  )
+{
+  EFI_FIRMWARE_IMAGE_DESCRIPTOR                 *CurrentImageInfo;
+  UINTN                                         Index;
+
+  DEBUG((DEBUG_VERBOSE, "  DescriptorVersion  - 0x%x\n", DescriptorVersion));
+  DEBUG((DEBUG_VERBOSE, "  DescriptorCount    - 0x%x\n", DescriptorCount));
+  DEBUG((DEBUG_VERBOSE, "  DescriptorSize     - 0x%x\n", DescriptorSize));
+  DEBUG((DEBUG_VERBOSE, "  PackageVersion     - 0x%x\n", PackageVersion));
+  DEBUG((DEBUG_VERBOSE, "  PackageVersionName - %s\n\n", PackageVersionName));
+  CurrentImageInfo = ImageInfo;
+  for (Index = 0; Index < DescriptorCount; Index++) {
+    DEBUG((DEBUG_VERBOSE, "  ImageDescriptor (%d)\n", Index));
+    DEBUG((DEBUG_VERBOSE, "    ImageIndex                  - 0x%x\n", CurrentImageInfo->ImageIndex));
+    DEBUG((DEBUG_VERBOSE, "    ImageTypeId                 - %g\n", &CurrentImageInfo->ImageTypeId));
+    DEBUG((DEBUG_VERBOSE, "    ImageId                     - 0x%lx\n", CurrentImageInfo->ImageId));
+    DEBUG((DEBUG_VERBOSE, "    ImageIdName                 - %s\n", CurrentImageInfo->ImageIdName));
+    DEBUG((DEBUG_VERBOSE, "    Version                     - 0x%x\n", CurrentImageInfo->Version));
+    DEBUG((DEBUG_VERBOSE, "    VersionName                 - %s\n", CurrentImageInfo->VersionName));
+    DEBUG((DEBUG_VERBOSE, "    Size                        - 0x%x\n", CurrentImageInfo->Size));
+    DEBUG((DEBUG_VERBOSE, "    AttributesSupported         - 0x%lx\n", CurrentImageInfo->AttributesSupported));
+    DEBUG((DEBUG_VERBOSE, "    AttributesSetting           - 0x%lx\n", CurrentImageInfo->AttributesSetting));
+    DEBUG((DEBUG_VERBOSE, "    Compatibilities             - 0x%lx\n", CurrentImageInfo->Compatibilities));
+    if (DescriptorVersion > 1) {
+      DEBUG((DEBUG_VERBOSE, "    LowestSupportedImageVersion - 0x%x\n", CurrentImageInfo->LowestSupportedImageVersion));
+      if (DescriptorVersion > 2) {
+        DEBUG((DEBUG_VERBOSE, "    LastAttemptVersion          - 0x%x\n", CurrentImageInfo->LastAttemptVersion));
+        DEBUG((DEBUG_VERBOSE, "    LastAttemptStatus           - 0x%x\n", CurrentImageInfo->LastAttemptStatus));
+        DEBUG((DEBUG_VERBOSE, "    HardwareInstance            - 0x%lx\n", CurrentImageInfo->HardwareInstance));
+      }
+    }
+    //
+    // Use DescriptorSize to move ImageInfo Pointer to stay compatible with different ImageInfo version
+    //
+    CurrentImageInfo = (EFI_FIRMWARE_IMAGE_DESCRIPTOR *)((UINT8 *)CurrentImageInfo + DescriptorSize);
+  }
+}
+
+/**
+  Dump a non-nested FMP capsule.
+
+  @param[in]  CapsuleHeader  A pointer to CapsuleHeader
+**/
+VOID
+DumpFmpCapsule (
+  IN EFI_CAPSULE_HEADER                *CapsuleHeader
+  )
+{
+  EFI_FIRMWARE_MANAGEMENT_CAPSULE_HEADER        *FmpCapsuleHeader;
+  EFI_FIRMWARE_MANAGEMENT_CAPSULE_IMAGE_HEADER  *ImageHeader;
+  UINTN                                         Index;
+  UINT64                                        *ItemOffsetList;
+
+  FmpCapsuleHeader = (EFI_FIRMWARE_MANAGEMENT_CAPSULE_HEADER *)((UINT8 *)CapsuleHeader + CapsuleHeader->HeaderSize);
+
+  DEBUG((DEBUG_VERBOSE, "FmpCapsule:\n"));
+  DEBUG((DEBUG_VERBOSE, "  Version                - 0x%x\n", FmpCapsuleHeader->Version));
+  DEBUG((DEBUG_VERBOSE, "  EmbeddedDriverCount    - 0x%x\n", FmpCapsuleHeader->EmbeddedDriverCount));
+  DEBUG((DEBUG_VERBOSE, "  PayloadItemCount       - 0x%x\n", FmpCapsuleHeader->PayloadItemCount));
+
+  ItemOffsetList = (UINT64 *)(FmpCapsuleHeader + 1);
+  for (Index = 0; Index < FmpCapsuleHeader->EmbeddedDriverCount; Index++) {
+    DEBUG((DEBUG_VERBOSE, "  ItemOffsetList[%d]      - 0x%lx\n", Index, ItemOffsetList[Index]));
+  }
+  for (; Index < (UINTN)(FmpCapsuleHeader->EmbeddedDriverCount + FmpCapsuleHeader->PayloadItemCount); Index++) {
+    DEBUG((DEBUG_VERBOSE, "  ItemOffsetList[%d]      - 0x%lx\n", Index, ItemOffsetList[Index]));
+    ImageHeader = (EFI_FIRMWARE_MANAGEMENT_CAPSULE_IMAGE_HEADER *)((UINT8 *)FmpCapsuleHeader + ItemOffsetList[Index]);
+
+    DEBUG((DEBUG_VERBOSE, "  ImageHeader:\n"));
+    DEBUG((DEBUG_VERBOSE, "    Version                - 0x%x\n", ImageHeader->Version));
+    DEBUG((DEBUG_VERBOSE, "    UpdateImageTypeId      - %g\n", &ImageHeader->UpdateImageTypeId));
+    DEBUG((DEBUG_VERBOSE, "    UpdateImageIndex       - 0x%x\n", ImageHeader->UpdateImageIndex));
+    DEBUG((DEBUG_VERBOSE, "    UpdateImageSize        - 0x%x\n", ImageHeader->UpdateImageSize));
+    DEBUG((DEBUG_VERBOSE, "    UpdateVendorCodeSize   - 0x%x\n", ImageHeader->UpdateVendorCodeSize));
+    if (ImageHeader->Version >= EFI_FIRMWARE_MANAGEMENT_CAPSULE_IMAGE_HEADER_INIT_VERSION) {
+      DEBUG((DEBUG_VERBOSE, "    UpdateHardwareInstance - 0x%lx\n", ImageHeader->UpdateHardwareInstance));
+    }
+  }
+}
+
+/**
+  Process Firmware management protocol data capsule.
+
+  This function assumes the caller validated the capsule by using
+  ValidateFmpCapsule(), so that all fields in EFI_CAPSULE_HEADER,
+  EFI_FIRMWARE_MANAGEMENT_CAPSULE_HEADER and
+  EFI_FIRMWARE_MANAGEMENT_CAPSULE_IMAGE_HEADER are correct.
+
+  This function need support nested FMP capsule.
+
+  @param[in]  CapsuleHeader         Points to a capsule header.
+  @param[in]  AreAllImagesProcessed If all the FMP images in the capsule are processed.
+
+  @retval EFI_SUCESS            Process Capsule Image successfully.
+  @retval EFI_UNSUPPORTED       Capsule image is not supported by the firmware.
+  @retval EFI_VOLUME_CORRUPTED  FV volume in the capsule is corrupted.
+  @retval EFI_OUT_OF_RESOURCES  Not enough memory.
+**/
+EFI_STATUS
+ProcessFmpCapsuleImage (
+  IN EFI_CAPSULE_HEADER  *CapsuleHeader,
+  OUT BOOLEAN            *AreAllImagesProcessed
+  )
+{
+  EFI_STATUS                                    Status;
+  EFI_STATUS                                    StatusEsrt;
+  EFI_STATUS                                    StatusRet;
+  EFI_FIRMWARE_MANAGEMENT_CAPSULE_HEADER        *FmpCapsuleHeader;
+  EFI_FIRMWARE_MANAGEMENT_CAPSULE_IMAGE_HEADER  *ImageHeader;
+  UINT8                                         *Image;
+  EFI_HANDLE                                    ImageHandle;
+  UINT64                                        *ItemOffsetList;
+  UINT32                                        ItemNum;
+  UINTN                                         Index;
+  UINTN                                         ExitDataSize;
+  EFI_HANDLE                                    *HandleBuffer;
+  EFI_FIRMWARE_MANAGEMENT_PROTOCOL              *Fmp;
+  UINTN                                         NumberOfHandles;
+  UINTN                                         DescriptorSize;
+  UINT8                                         FmpImageInfoCount;
+  UINT32                                        FmpImageInfoDescriptorVer;
+  UINTN                                         ImageInfoSize;
+  UINT32                                        PackageVersion;
+  CHAR16                                        *PackageVersionName;
+  CHAR16                                        *AbortReason;
+  EFI_FIRMWARE_IMAGE_DESCRIPTOR                 *FmpImageInfoBuf;
+  EFI_FIRMWARE_IMAGE_DESCRIPTOR                 *TempFmpImageInfo;
+  UINTN                                         DriverLen;
+  UINTN                                         Index1;
+  UINTN                                         Index2;
+  MEMMAP_DEVICE_PATH                            MemMapNode;
+  EFI_DEVICE_PATH_PROTOCOL                      *DriverDevicePath;
+  ESRT_MANAGEMENT_PROTOCOL                      *EsrtProtocol;
+  EFI_SYSTEM_RESOURCE_ENTRY                     EsrtEntry;
+  VOID                                          *VendorCode;
+
+  if (!IsFmpCapsuleGuid(&CapsuleHeader->CapsuleGuid)) {
+    return ProcessFmpCapsuleImage ((EFI_CAPSULE_HEADER *)((UINTN)CapsuleHeader + CapsuleHeader->HeaderSize), AreAllImagesProcessed);
+  }
+
+  ASSERT(AreAllImagesProcessed != NULL);
+
+  Status           = EFI_SUCCESS;
+  StatusRet        = EFI_NOT_FOUND;
+  HandleBuffer     = NULL;
+  ExitDataSize     = 0;
+  DriverDevicePath = NULL;
+  EsrtProtocol     = NULL;
+  *AreAllImagesProcessed = FALSE;
+
+  DumpFmpCapsule(CapsuleHeader);
+
+  FmpCapsuleHeader = (EFI_FIRMWARE_MANAGEMENT_CAPSULE_HEADER *) ((UINT8 *) CapsuleHeader + CapsuleHeader->HeaderSize);
+
+  if (FmpCapsuleHeader->Version > EFI_FIRMWARE_MANAGEMENT_CAPSULE_HEADER_INIT_VERSION) {
+    return EFI_INVALID_PARAMETER;
+  }
+  ItemOffsetList = (UINT64 *)(FmpCapsuleHeader + 1);
+
+  ItemNum = FmpCapsuleHeader->EmbeddedDriverCount + FmpCapsuleHeader->PayloadItemCount;
+
+  //
+  // capsule in which driver count and payload count are both zero is not processed.
+  //
+  if (ItemNum == 0) {
+    *AreAllImagesProcessed = TRUE;
+    return EFI_SUCCESS;
+  }
+
+  //
+  // Update corresponding ESRT entry LastAttemp Status
+  //
+  Status = gBS->LocateProtocol(&gEsrtManagementProtocolGuid, NULL, (VOID **)&EsrtProtocol);
+  if (EFI_ERROR (Status)) {
+    EsrtProtocol = NULL;
+  }
+
+  //
+  // 1. Try to load & start all the drivers within capsule
+  //
+  SetDevicePathNodeLength (&MemMapNode.Header, sizeof (MemMapNode));
+  MemMapNode.Header.Type     = HARDWARE_DEVICE_PATH;
+  MemMapNode.Header.SubType  = HW_MEMMAP_DP;
+  MemMapNode.MemoryType      = EfiBootServicesCode;
+  MemMapNode.StartingAddress = (EFI_PHYSICAL_ADDRESS)(UINTN)CapsuleHeader;
+  MemMapNode.EndingAddress   = (EFI_PHYSICAL_ADDRESS)(UINTN)((UINT8 *)CapsuleHeader + CapsuleHeader->CapsuleImageSize - 1);
+
+  DriverDevicePath = AppendDevicePathNode (NULL, &MemMapNode.Header);
+  if (DriverDevicePath == NULL) {
+    return EFI_OUT_OF_RESOURCES;
+  }
+
+  for (Index = 0; Index < FmpCapsuleHeader->EmbeddedDriverCount; Index++) {
+    if (FmpCapsuleHeader->PayloadItemCount == 0 && Index == (UINTN)FmpCapsuleHeader->EmbeddedDriverCount - 1) {
+      //
+      // When driver is last element in the ItemOffsetList array, the driver size is calculated by reference CapsuleImageSize in EFI_CAPSULE_HEADER
+      //
+      DriverLen = CapsuleHeader->CapsuleImageSize - CapsuleHeader->HeaderSize - (UINTN)ItemOffsetList[Index];
+    } else {
+      DriverLen = (UINTN)ItemOffsetList[Index + 1] - (UINTN)ItemOffsetList[Index];
+    }
+
+    DEBUG((EFI_D_INFO, "FmpCapsule: LoadImage ...\n"));
+    Status = gBS->LoadImage(
+                    FALSE,
+                    gImageHandle,
+                    DriverDevicePath,
+                    (UINT8 *)FmpCapsuleHeader + ItemOffsetList[Index],
+                    DriverLen,
+                    &ImageHandle
+                    );
+    DEBUG((EFI_D_INFO, "FmpCapsule: LoadImage - %r\n", Status));
+    if (EFI_ERROR(Status)) {
+      StatusRet = Status;
+      goto EXIT;
+    }
+
+    DEBUG((EFI_D_INFO, "FmpCapsule: StartImage ...\n"));
+    Status = gBS->StartImage(
+                    ImageHandle,
+                    &ExitDataSize,
+                    NULL
+                    );
+    DEBUG((EFI_D_INFO, "FmpCapsule: StartImage - %r\n", Status));
+    if (EFI_ERROR(Status)) {
+      DEBUG ((DEBUG_ERROR, "Driver Return Status = %r\n", Status));
+      StatusRet = Status;
+      goto EXIT;
+    }
+  }
+
+  //
+  // 2. Route payload to right FMP instance
+  //
+  DEBUG((EFI_D_INFO, "FmpCapsule: route payload to right FMP instance ...\n"));
+
+  Status = gBS->LocateHandleBuffer (
+                  ByProtocol,
+                  &gEfiFirmwareManagementProtocolGuid,
+                  NULL,
+                  &NumberOfHandles,
+                  &HandleBuffer
+                  );
+
+  if (!EFI_ERROR(Status)) {
+    for(Index1 = 0; Index1 < NumberOfHandles; Index1++) {
+      Status = gBS->HandleProtocol(
+                      HandleBuffer[Index1],
+                      &gEfiFirmwareManagementProtocolGuid,
+                      (VOID **)&Fmp
+                      );
+      if (EFI_ERROR(Status)) {
+        continue;
+      }
+
+      ImageInfoSize = 0;
+      Status = Fmp->GetImageInfo (
+                      Fmp,
+                      &ImageInfoSize,
+                      NULL,
+                      NULL,
+                      NULL,
+                      NULL,
+                      NULL,
+                      NULL
+                      );
+      if (Status != EFI_BUFFER_TOO_SMALL) {
+        continue;
+      }
+
+      FmpImageInfoBuf = NULL;
+      FmpImageInfoBuf = AllocateZeroPool (ImageInfoSize);
+      if (FmpImageInfoBuf == NULL) {
+        StatusRet = EFI_OUT_OF_RESOURCES;
+        goto EXIT;
+      }
+
+      PackageVersionName = NULL;
+      Status = Fmp->GetImageInfo (
+                      Fmp,
+                      &ImageInfoSize,               // ImageInfoSize
+                      FmpImageInfoBuf,              // ImageInfo
+                      &FmpImageInfoDescriptorVer,   // DescriptorVersion
+                      &FmpImageInfoCount,           // DescriptorCount
+                      &DescriptorSize,              // DescriptorSize
+                      &PackageVersion,              // PackageVersion
+                      &PackageVersionName           // PackageVersionName
+                      );
+
+      //
+      // If FMP GetInformation interface failed, skip this resource
+      //
+      if (EFI_ERROR(Status)) {
+        FreePool(FmpImageInfoBuf);
+        continue;
+      }
+
+      DEBUG((EFI_D_INFO, "FMP (%d) ImageInfo:\n", Index));
+      DumpFmpImageInfo(
+        ImageInfoSize,               // ImageInfoSize
+        FmpImageInfoBuf,             // ImageInfo
+        FmpImageInfoDescriptorVer,   // DescriptorVersion
+        FmpImageInfoCount,           // DescriptorCount
+        DescriptorSize,              // DescriptorSize
+        PackageVersion,              // PackageVersion
+        PackageVersionName           // PackageVersionName
+        );
+
+      if (PackageVersionName != NULL) {
+        FreePool(PackageVersionName);
+      }
+
+      TempFmpImageInfo = FmpImageInfoBuf;
+      for (Index2 = 0; Index2 < FmpImageInfoCount; Index2++) {
+        //
+        // Check all the payload entry in capsule payload list
+        //
+        for (Index = FmpCapsuleHeader->EmbeddedDriverCount; Index < ItemNum; Index++) {
+          ImageHeader  = (EFI_FIRMWARE_MANAGEMENT_CAPSULE_IMAGE_HEADER *)((UINT8 *)FmpCapsuleHeader + ItemOffsetList[Index]);
+
+          if (IsFmpCapsuleProcessed(CapsuleHeader, Index - FmpCapsuleHeader->EmbeddedDriverCount, ImageHeader)) {
+            DEBUG((EFI_D_INFO, "FMP Capsule already processed (%g):", CapsuleHeader));
+            DEBUG((EFI_D_INFO, "ImageTypeId - %g, ", ImageHeader->UpdateImageTypeId));
+            DEBUG((EFI_D_INFO, "PayloadIndex - 0x%x, ImageIndex - 0x%x\n", Index - FmpCapsuleHeader->EmbeddedDriverCount, ImageHeader->UpdateImageIndex));
+            continue;
+          }
+
+          if (CompareGuid(&ImageHeader->UpdateImageTypeId, &TempFmpImageInfo->ImageTypeId) &&
+              ImageHeader->UpdateImageIndex == TempFmpImageInfo->ImageIndex) {
+            AbortReason = NULL;
+            if (ImageHeader->Version >= EFI_FIRMWARE_MANAGEMENT_CAPSULE_IMAGE_HEADER_INIT_VERSION) {
+              if(ImageHeader->UpdateHardwareInstance != 0){
+                //
+                // FMP Version is >=2 & UpdateHardwareInstance Skip 2 case
+                //  1. FMP Image info Version < 3
+                //  2. HardwareInstance doesn't match
+                //
+                if (FmpImageInfoDescriptorVer < EFI_FIRMWARE_IMAGE_DESCRIPTOR_VERSION ||
+                   ImageHeader->UpdateHardwareInstance != TempFmpImageInfo->HardwareInstance) {
+                  continue;
+                }
+              }
+              Image = (UINT8 *)(ImageHeader + 1);
+            } else {
+              //
+              // If the EFI_FIRMWARE_MANAGEMENT_CAPSULE_IMAGE_HEADER is version 1, only match ImageTypeId.
+              // Header should exclude UpdateHardwareInstance field
+              //
+              Image = (UINT8 *)ImageHeader + OFFSET_OF(EFI_FIRMWARE_MANAGEMENT_CAPSULE_IMAGE_HEADER, UpdateHardwareInstance);
+            }
+
+            if (ImageHeader->UpdateVendorCodeSize == 0) {
+              VendorCode = NULL;
+            } else {
+              VendorCode = Image + ImageHeader->UpdateImageSize;
+            }
+            DEBUG((EFI_D_INFO, "Fmp->SetImage ...\n"));
+            Status = Fmp->SetImage(
+                            Fmp,
+                            ImageHeader->UpdateImageIndex,          // ImageIndex
+                            Image,                                  // Image
+                            ImageHeader->UpdateImageSize,           // ImageSize
+                            VendorCode,                                   // VendorCode
+                            Update_Image_Progress,                  // Progress
+                            &AbortReason                            // AbortReason
+                            );
+            DEBUG((EFI_D_INFO, "Fmp->SetImage - %r\n", Status));
+            if (AbortReason != NULL) {
+              DEBUG ((EFI_D_ERROR, "%s\n", AbortReason));
+              FreePool(AbortReason);
+            }
+            RecordFmpCapsuleStatusVariable(
+              CapsuleHeader,                                 // CapsuleGuid
+              Status,                                        // CapsuleStatus
+              Index - FmpCapsuleHeader->EmbeddedDriverCount, // PayloadIndex
+              ImageHeader                                    // ImageHeader
+              );
+            if (StatusRet != EFI_SUCCESS) {
+              StatusRet = Status;
+            }
+            //
+            // Update EsrtEntry For V1, V2 FMP instance. V3 FMP ESRT cache will be synced up through EsrtSyncFmp interface
+            //
+            if (FmpImageInfoDescriptorVer < EFI_FIRMWARE_IMAGE_DESCRIPTOR_VERSION && EsrtProtocol != NULL) {
+               StatusEsrt = EsrtProtocol->GetEsrtEntry(&TempFmpImageInfo->ImageTypeId, &EsrtEntry);
+               if (!EFI_ERROR(StatusEsrt)){
+                 if (!EFI_ERROR(Status)) {
+                   EsrtEntry.LastAttemptStatus = LAST_ATTEMPT_STATUS_SUCCESS;
+                 } else {
+                   EsrtEntry.LastAttemptStatus = LAST_ATTEMPT_STATUS_ERROR_UNSUCCESSFUL;
+                 }
+                 EsrtEntry.LastAttemptVersion = 0;
+                 EsrtProtocol->UpdateEsrtEntry(&EsrtEntry);
+               }
+             }
+          }
+        }
+        //
+        // Use DescriptorSize to move ImageInfo Pointer to stay compatible with different ImageInfo version
+        //
+        TempFmpImageInfo = (EFI_FIRMWARE_IMAGE_DESCRIPTOR *)((UINT8 *)TempFmpImageInfo + DescriptorSize);
+      }
+      FreePool(FmpImageInfoBuf);
+    }
+  }
+
+  //
+  // final check for AreAllImagesProcessed
+  //
+  *AreAllImagesProcessed = TRUE;
+  for (Index = FmpCapsuleHeader->EmbeddedDriverCount; Index < ItemNum; Index++) {
+    ImageHeader = (EFI_FIRMWARE_MANAGEMENT_CAPSULE_IMAGE_HEADER *)((UINT8 *)FmpCapsuleHeader + ItemOffsetList[Index]);
+
+    if (!IsFmpCapsuleProcessed(CapsuleHeader, Index - FmpCapsuleHeader->EmbeddedDriverCount, ImageHeader)) {
+      *AreAllImagesProcessed = FALSE;
+      break;
+    }
+  }
+
+EXIT:
+
+  if (HandleBuffer != NULL) {
+    FreePool(HandleBuffer);
+  }
+
+  if (DriverDevicePath != NULL) {
+    FreePool(DriverDevicePath);
+  }
+
+  return StatusRet;
+}
+
+/**
+  Return if there is a FMP header below capsule header.
+
+  @param[in] CapsuleHeader A pointer to EFI_CAPSULE_HEADER
+
+  @retval TRUE  There is a FMP header below capsule header.
+  @retval FALSE There is not a FMP header below capsule header
+**/
+BOOLEAN
+IsNestedFmpCapsule (
+  IN EFI_CAPSULE_HEADER         *CapsuleHeader
+  )
+{
+  EFI_STATUS                 Status;
+  EFI_SYSTEM_RESOURCE_TABLE  *Esrt;
+  EFI_SYSTEM_RESOURCE_ENTRY  *EsrtEntry;
+  UINTN                      Index;
+  BOOLEAN                    EsrtGuidFound;
+  EFI_CAPSULE_HEADER         *NestedCapsuleHeader;
+  UINTN                      NestedCapsuleSize;
+  ESRT_MANAGEMENT_PROTOCOL   *EsrtProtocol;
+  EFI_SYSTEM_RESOURCE_ENTRY  Entry;
+
+  EsrtGuidFound = FALSE;
+
+  //
+  // Check ESRT protocol
+  //
+  Status = gBS->LocateProtocol(&gEsrtManagementProtocolGuid, NULL, (VOID **)&EsrtProtocol);
+  if (!EFI_ERROR(Status)) {
+    Status = EsrtProtocol->GetEsrtEntry(&CapsuleHeader->CapsuleGuid, &Entry);
+    if (!EFI_ERROR(Status)) {
+      EsrtGuidFound = TRUE;
+    }
+  }
+
+  //
+  // Check ESRT configuration table
+  //
+  if (!EsrtGuidFound) {
+    Status = EfiGetSystemConfigurationTable(&gEfiSystemResourceTableGuid, (VOID **)&Esrt);
+    if (!EFI_ERROR(Status)) {
+      EsrtEntry = (VOID *)(Esrt + 1);
+      for (Index = 0; Index < Esrt->FwResourceCount; Index++, EsrtEntry++) {
+        if (CompareGuid(&EsrtEntry->FwClass, &CapsuleHeader->CapsuleGuid)) {
+          EsrtGuidFound = TRUE;
+          break;
+        }
+      }
+    }
+  }
+  if (!EsrtGuidFound) {
+    return FALSE;
+  }
+
+  //
+  // Check nested capsule header
+  // FMP GUID after ESRT one
+  //
+  NestedCapsuleHeader = (EFI_CAPSULE_HEADER *)((UINT8 *)CapsuleHeader + CapsuleHeader->HeaderSize);
+  NestedCapsuleSize = (UINTN)CapsuleHeader + CapsuleHeader->CapsuleImageSize - (UINTN)NestedCapsuleHeader;
+  if (NestedCapsuleSize < sizeof(EFI_CAPSULE_HEADER)) {
+    return FALSE;
+  }
+  if (!IsValidCapsuleHeader(NestedCapsuleHeader, NestedCapsuleSize)) {
+    return FALSE;
+  }
+  if (!IsFmpCapsuleGuid(&NestedCapsuleHeader->CapsuleGuid)) {
+    return FALSE;
+  }
+  DEBUG ((EFI_D_INFO, "IsNestedFmpCapsule\n"));
+  return TRUE;
+}
+
+/**
+  Return if this FMP is a system FMP or a device FMP, based upon CapsuleHeader.
+
+  @param[in] CapsuleHeader A pointer to EFI_CAPSULE_HEADER
+
+  @retval TRUE  It is a system FMP.
+  @retval FALSE It is a device FMP.
+**/
+BOOLEAN
+IsFmpCapsule (
+  IN EFI_CAPSULE_HEADER         *CapsuleHeader
+  )
+{
+  if (IsFmpCapsuleGuid(&CapsuleHeader->CapsuleGuid)) {
+    return TRUE;
+  }
+  if (IsNestedFmpCapsule(CapsuleHeader)) {
+    return TRUE;
+  }
+  return FALSE;
+}
+
+/**
+  Those capsules supported by the firmwares.
+
+  Caution: This function may receive untrusted input.
+
+  @param[in]  CapsuleHeader    Points to a capsule header.
+
+  @retval EFI_SUCESS       Input capsule is supported by firmware.
+  @retval EFI_UNSUPPORTED  Input capsule is not supported by the firmware.
+  @retval EFI_INVALID_PARAMETER Input capsule layout is not correct
+**/
+EFI_STATUS
+EFIAPI
+SupportCapsuleImage (
+  IN EFI_CAPSULE_HEADER  *CapsuleHeader
+  )
+{
+  //
+  // check Display Capsule Guid
+  //
+  if (CompareGuid (&gWindowsUxCapsuleGuid, &CapsuleHeader->CapsuleGuid)) {
+    return EFI_SUCCESS;
+  }
+
+  if (IsFmpCapsule(CapsuleHeader)) {
+    //
+    // Check layout of FMP capsule
+    //
+    return ValidateFmpCapsule(CapsuleHeader, NULL);
+  }
+  DEBUG((EFI_D_ERROR, "Unknown Capsule Guid - %g\n", &CapsuleHeader->CapsuleGuid));
+  return EFI_UNSUPPORTED;
+}
+
+/**
+  The firmware implements to process the capsule image.
+
+  Caution: This function may receive untrusted input.
+
+  @param[in]  CapsuleHeader         Points to a capsule header.
+
+  @retval EFI_SUCESS            Process Capsule Image successfully.
+  @retval EFI_UNSUPPORTED       Capsule image is not supported by the firmware.
+  @retval EFI_VOLUME_CORRUPTED  FV volume in the capsule is corrupted.
+  @retval EFI_OUT_OF_RESOURCES  Not enough memory.
+**/
+EFI_STATUS
+EFIAPI
+ProcessCapsuleImage (
+  IN EFI_CAPSULE_HEADER  *CapsuleHeader
+  )
+{
+  EFI_STATUS                   Status;
+  BOOLEAN                      AreAllImagesProcessed;
+
+  if (SupportCapsuleImage (CapsuleHeader) != EFI_SUCCESS) {
+    return EFI_UNSUPPORTED;
+  }
+
+  //
+  // Display image in firmware update display capsule
+  //
+  if (CompareGuid (&gWindowsUxCapsuleGuid, &CapsuleHeader->CapsuleGuid)) {
+    DEBUG((EFI_D_INFO, "ProcessCapsuleImage for WindowsUxCapsule ...\n"));
+    Status = DisplayCapsuleImage(CapsuleHeader);
+    RecordCapsuleStatusVariable(CapsuleHeader, Status);
+    return Status;
+  }
+
+  //
+  // Check FMP capsule layout
+  //
+  if (IsFmpCapsule (CapsuleHeader)) {
+    DEBUG((EFI_D_INFO, "ProcessCapsuleImage for FmpCapsule ...\n"));
+    DEBUG((EFI_D_INFO, "ValidateFmpCapsule ...\n"));
+    Status = ValidateFmpCapsule(CapsuleHeader, NULL);
+    DEBUG((EFI_D_INFO, "ValidateFmpCapsule - %r\n", Status));
+    if (EFI_ERROR(Status)) {
+      return Status;
+    }
+
+    //
+    // Press EFI FMP Capsule
+    //
+    DEBUG((EFI_D_INFO, "ProcessFmpCapsuleImage ...\n"));
+    Status = ProcessFmpCapsuleImage(CapsuleHeader, &AreAllImagesProcessed);
+    DEBUG((EFI_D_INFO, "ProcessFmpCapsuleImage - %r\n", Status));
+
+    if (!AreAllImagesProcessed) {
+      mAreAllImagesProcessed = FALSE;
+    }
+
+    return Status;
+  }
+
+  return EFI_UNSUPPORTED;
+}
+
+/**
+  Callback function executed when the EndOfDxe event group is signaled.
+
+  @param[in] Event      Event whose notification function is being invoked.
+  @param[in] Context    The pointer to the notification function's context, which
+                        is implementation-dependent.
+**/
+VOID
+EFIAPI
+DxeCapsuleLibEndOfDxe (
+  IN EFI_EVENT  Event,
+  IN VOID       *Context
+  )
+{
+  mDxeCapsuleLibEndOfDxe = TRUE;
+}
+
+/**
+  The constructor function.
+
+  @param[in]  ImageHandle   The firmware allocated handle for the EFI image.
+  @param[in]  SystemTable   A pointer to the EFI System Table.
+
+  @retval EFI_SUCCESS   The constructor successfully .
+**/
+EFI_STATUS
+EFIAPI
+DxeCapsuleLibConstructor (
+  IN EFI_HANDLE         ImageHandle,
+  IN EFI_SYSTEM_TABLE   *SystemTable
+  )
+{
+  EFI_EVENT     EndOfDxeEvent;
+  EFI_STATUS    Status;
+
+  Status = gBS->CreateEventEx (
+                  EVT_NOTIFY_SIGNAL,
+                  TPL_CALLBACK,
+                  DxeCapsuleLibEndOfDxe,
+                  NULL,
+                  &gEfiEndOfDxeEventGroupGuid,
+                  &EndOfDxeEvent
+                  );
+  ASSERT_EFI_ERROR (Status);
+
+  InitCapsuleVariable();
+
+  return EFI_SUCCESS;
+}
diff --git a/MdeModulePkg/Library/DxeCapsuleLibFmp/DxeCapsuleLib.inf b/MdeModulePkg/Library/DxeCapsuleLibFmp/DxeCapsuleLib.inf
new file mode 100644
index 0000000..5e437dc
--- /dev/null
+++ b/MdeModulePkg/Library/DxeCapsuleLibFmp/DxeCapsuleLib.inf
@@ -0,0 +1,80 @@
+## @file
+#  Capsule library instance for DXE_DRIVER.
+#
+#  Capsule library instance for DXE_DRIVER module types.
+#
+#  Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
+#  This program and the accompanying materials
+#  are licensed and made available under the terms and conditions of the BSD License
+#  which accompanies this distribution.  The full text of the license may be found at
+#  http://opensource.org/licenses/bsd-license.php
+#
+#  THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+#  WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+#
+##
+
+[Defines]
+  INF_VERSION                    = 0x00010005
+  BASE_NAME                      = DxeCapsuleLib
+  MODULE_UNI_FILE                = DxeCapsuleLib.uni
+  FILE_GUID                      = 534E35DE-8EB3-47b3-A4E0-72A571E50733
+  MODULE_TYPE                    = DXE_DRIVER
+  VERSION_STRING                 = 1.0
+  LIBRARY_CLASS                  = CapsuleLib|DXE_DRIVER UEFI_APPLICATION
+  CONSTRUCTOR                    = DxeCapsuleLibConstructor
+
+#
+# The following information is for reference only and not required by the build tools.
+#
+#  VALID_ARCHITECTURES           = IA32 X64 IPF EBC
+#
+
+[Sources]
+  DxeCapsuleLib.c
+  DxeCapsuleProcessLib.c
+  DxeCapsuleReportLib.c
+
+[Packages]
+  MdePkg/MdePkg.dec
+  MdeModulePkg/MdeModulePkg.dec
+
+[LibraryClasses]
+  BaseLib
+  BaseMemoryLib
+  DebugLib
+  MemoryAllocationLib
+  DxeServicesTableLib
+  UefiBootServicesTableLib
+  DevicePathLib
+  ReportStatusCodeLib
+  PrintLib
+  HobLib
+
+[Pcd]
+  gEfiMdeModulePkgTokenSpaceGuid.PcdCapsuleMax                               ## CONSUMES
+  gEfiMdeModulePkgTokenSpaceGuid.PcdSystemRebootAfterCapsuleProcessFlag      ## CONSUMES
+
+  gEfiMdeModulePkgTokenSpaceGuid.PcdStatusCodeSubClassCapsule                ## CONSUMES
+  gEfiMdeModulePkgTokenSpaceGuid.PcdCapsuleStatusCodeProcessCapsulesBegin    ## CONSUMES
+  gEfiMdeModulePkgTokenSpaceGuid.PcdCapsuleStatusCodeProcessCapsulesEnd      ## CONSUMES
+  gEfiMdeModulePkgTokenSpaceGuid.PcdCapsuleStatusCodeUpdatingFirmware        ## CONSUMES
+  gEfiMdeModulePkgTokenSpaceGuid.PcdCapsuleStatusCodeUpdateFirmwareSuccess   ## CONSUMES
+  gEfiMdeModulePkgTokenSpaceGuid.PcdCapsuleStatusCodeUpdateFirmwareFailed    ## CONSUMES
+  gEfiMdeModulePkgTokenSpaceGuid.PcdCapsuleStatusCodeResettingSystem         ## CONSUMES
+
+[Protocols]
+  gEsrtManagementProtocolGuid             ## CONSUMES
+  gEfiFirmwareManagementProtocolGuid      ## SOMETIMES_CONSUMES
+  gEdkiiVariableLockProtocolGuid          ## SOMETIMES_CONSUMES
+
+[Guids]
+  gEfiFmpCapsuleGuid                      ## SOMETIMES_CONSUMES ## GUID
+  gWindowsUxCapsuleGuid                   ## SOMETIMES_CONSUMES ## GUID
+  gEfiSystemResourceTableGuid             ## SOMETIMES_CONSUMES ## GUID
+  gEfiCapsuleReportGuid                   ## CONSUMES ## Variable
+  gEfiCapsuleVendorGuid                   ## CONSUMES ## Variable
+  gEfiEndOfDxeEventGroupGuid              ## CONSUMES ## Event
+
+[Depex]
+  gEfiVariableWriteArchProtocolGuid
diff --git a/MdeModulePkg/Library/DxeCapsuleLibFmp/DxeCapsuleLib.uni b/MdeModulePkg/Library/DxeCapsuleLibFmp/DxeCapsuleLib.uni
new file mode 100644
index 0000000..05a80d0
--- /dev/null
+++ b/MdeModulePkg/Library/DxeCapsuleLibFmp/DxeCapsuleLib.uni
@@ -0,0 +1,22 @@
+// /** @file
+// Capsule library instance for DXE_DRIVER.
+//
+// Capsule library instance for DXE_DRIVER module types.
+//
+// Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
+//
+// This program and the accompanying materials
+// are licensed and made available under the terms and conditions of the BSD License
+// which accompanies this distribution.  The full text of the license may be found at
+// http://opensource.org/licenses/bsd-license.php
+//
+// THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+// WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+//
+// **/
+
+
+#string STR_MODULE_ABSTRACT             #language en-US "Capsule Support Library"
+
+#string STR_MODULE_DESCRIPTION          #language en-US "Capsule library instance for DXE_DRIVER module types."
+
diff --git a/MdeModulePkg/Library/DxeCapsuleLibFmp/DxeCapsuleProcessLib.c b/MdeModulePkg/Library/DxeCapsuleLibFmp/DxeCapsuleProcessLib.c
new file mode 100644
index 0000000..2dab9ce
--- /dev/null
+++ b/MdeModulePkg/Library/DxeCapsuleLibFmp/DxeCapsuleProcessLib.c
@@ -0,0 +1,475 @@
+/** @file
+  DXE capsule process.
+
+  Caution: This module requires additional review when modified.
+  This module will have external input - capsule image.
+  This external input must be validated carefully to avoid security issue like
+  buffer overflow, integer overflow.
+
+  ProcessCapsules(), ProcessTheseCapsules() will receive untrusted
+  input and do basic validation.
+
+  Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
+  This program and the accompanying materials
+  are licensed and made available under the terms and conditions of the BSD License
+  which accompanies this distribution.  The full text of the license may be found at
+  http://opensource.org/licenses/bsd-license.php
+
+  THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+  WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+
+**/
+
+#include <PiDxe.h>
+#include <Protocol/EsrtManagement.h>
+
+#include <Library/BaseLib.h>
+#include <Library/DebugLib.h>
+#include <Library/BaseMemoryLib.h>
+#include <Library/UefiBootServicesTableLib.h>
+#include <Library/UefiRuntimeServicesTableLib.h>
+#include <Library/MemoryAllocationLib.h>
+#include <Library/UefiLib.h>
+#include <Library/PcdLib.h>
+#include <Library/HobLib.h>
+#include <Library/ReportStatusCodeLib.h>
+#include <Library/CapsuleLib.h>
+
+#include <IndustryStandard/WindowsUxCapsule.h>
+
+/**
+  Return if this FMP is a system FMP or a device FMP, based upon CapsuleHeader.
+
+  @param[in] CapsuleHeader A pointer to EFI_CAPSULE_HEADER
+
+  @retval TRUE  It is a system FMP.
+  @retval FALSE It is a device FMP.
+**/
+BOOLEAN
+IsFmpCapsule (
+  IN EFI_CAPSULE_HEADER  *CapsuleHeader
+  );
+
+/**
+  Validate Fmp capsules layout.
+
+  Caution: This function may receive untrusted input.
+
+  This function assumes the caller validated the capsule by using
+  IsValidCapsuleHeader(), so that all fields in EFI_CAPSULE_HEADER are correct.
+  The capsule buffer size is CapsuleHeader->CapsuleImageSize.
+
+  This function validates the fields in EFI_FIRMWARE_MANAGEMENT_CAPSULE_HEADER
+  and EFI_FIRMWARE_MANAGEMENT_CAPSULE_IMAGE_HEADER.
+
+  This function need support nested FMP capsule.
+
+  @param[in]   CapsuleHeader        Points to a capsule header.
+  @param[out]  EmbeddedDriverCount  The EmbeddedDriverCount in the FMP capsule.
+
+  @retval EFI_SUCESS             Input capsule is a correct FMP capsule.
+  @retval EFI_INVALID_PARAMETER  Input capsule is not a correct FMP capsule.
+**/
+EFI_STATUS
+ValidateFmpCapsule (
+  IN EFI_CAPSULE_HEADER  *CapsuleHeader,
+  OUT UINT16             *EmbeddedDriverCount OPTIONAL
+  );
+
+/**
+  Validate if it is valid capsule header
+
+  This function assumes the caller provided correct CapsuleHeader pointer
+  and CapsuleSize.
+
+  This function validates the fields in EFI_CAPSULE_HEADER.
+
+  @param[in]  CapsuleHeader    Points to a capsule header.
+  @param[in]  CapsuleSize      Size of the whole capsule image.
+
+**/
+BOOLEAN
+IsValidCapsuleHeader (
+  IN EFI_CAPSULE_HEADER  *CapsuleHeader,
+  IN UINT64              CapsuleSize
+  );
+
+extern BOOLEAN                   mDxeCapsuleLibEndOfDxe;
+extern BOOLEAN                   mAreAllImagesProcessed;
+BOOLEAN                          mNeedReset;
+
+/**
+
+  This routine is called to process capsules.
+
+  Caution: This function may receive untrusted input.
+
+  Each individual capsule result is recorded in capsule record variable.
+
+  @param[in]  NeedBlockDriver         TRUE: Need skip the FMP capsules with non zero EmbeddedDriverCount.
+                                      FALSE: No need to skip any FMP capsules.
+
+  @retval EFI_SUCCESS             There is no error when processing capsules.
+  @retval EFI_OUT_OF_RESOURCES    No enough resource to process capsules.
+
+**/
+EFI_STATUS
+ProcessTheseCapsules (
+  IN BOOLEAN  NeedBlockDriver
+  )
+{
+  EFI_STATUS                  Status;
+  EFI_PEI_HOB_POINTERS        HobPointer;
+  EFI_CAPSULE_HEADER          *CapsuleHeader;
+  UINT32                      Size;
+  UINT32                      CapsuleNumber;
+  UINT32                      CapsuleTotalNumber;
+  EFI_CAPSULE_TABLE           *CapsuleTable;
+  UINT32                      Index;
+  UINT32                      CacheIndex;
+  UINT32                      CacheNumber;
+  VOID                        **CapsulePtr;
+  VOID                        **CapsulePtrCache;
+  EFI_GUID                    *CapsuleGuidCache;
+  EFI_STATUS                  *CapsuleStatusArray;
+  BOOLEAN                     DisplayCapsuleExist;
+  ESRT_MANAGEMENT_PROTOCOL    *EsrtManagement;
+  UINT16                      EmbeddedDriverCount;
+
+  REPORT_STATUS_CODE(EFI_PROGRESS_CODE, (EFI_SOFTWARE | PcdGet32(PcdStatusCodeSubClassCapsule) | PcdGet32(PcdCapsuleStatusCodeProcessCapsulesBegin)));
+
+  CapsuleNumber       = 0;
+  CapsuleTotalNumber  = 0;
+  CacheIndex          = 0;
+  CacheNumber         = 0;
+  CapsulePtr          = NULL;
+  CapsulePtrCache     = NULL;
+  CapsuleGuidCache    = NULL;
+  DisplayCapsuleExist = FALSE;
+  EsrtManagement      = NULL;
+
+  Status = EFI_SUCCESS;
+  //
+  // Find all capsule images from hob
+  //
+  HobPointer.Raw = GetHobList ();
+  while ((HobPointer.Raw = GetNextHob (EFI_HOB_TYPE_UEFI_CAPSULE, HobPointer.Raw)) != NULL) {
+    if (!IsValidCapsuleHeader((VOID *)(UINTN)HobPointer.Capsule->BaseAddress, HobPointer.Capsule->Length)) {
+      HobPointer.Header->HobType = EFI_HOB_TYPE_UNUSED; // Mark this hob as invalid
+    } else {
+      CapsuleTotalNumber++;
+    }
+    HobPointer.Raw = GET_NEXT_HOB (HobPointer);
+  }
+
+  if (CapsuleTotalNumber == 0) {
+    //
+    // We didn't find a hob, so had no errors.
+    //
+    DEBUG ((EFI_D_ERROR, "We can not find capsule data in capsule update boot mode.\n"));
+    Status = EFI_SUCCESS;
+    goto Done;
+  }
+
+  //
+  // Init temp Capsule Data table.
+  //
+  CapsulePtr       = (VOID **) AllocateZeroPool (sizeof (VOID *) * CapsuleTotalNumber);
+  ASSERT (CapsulePtr != NULL);
+  if (CapsulePtr == NULL) {
+    Status = EFI_OUT_OF_RESOURCES;
+    goto Done;
+  }
+  CapsulePtrCache  = (VOID **) AllocateZeroPool (sizeof (VOID *) * CapsuleTotalNumber);
+  ASSERT (CapsulePtrCache != NULL);
+  if (CapsulePtrCache == NULL) {
+    Status = EFI_OUT_OF_RESOURCES;
+    goto Done;
+  }
+  CapsuleGuidCache = (EFI_GUID *) AllocateZeroPool (sizeof (EFI_GUID) * CapsuleTotalNumber);
+  ASSERT (CapsuleGuidCache != NULL);
+  if (CapsuleGuidCache == NULL) {
+    Status = EFI_OUT_OF_RESOURCES;
+    goto Done;
+  }
+  CapsuleStatusArray = (EFI_STATUS *) AllocateZeroPool (sizeof (EFI_STATUS) * CapsuleTotalNumber);
+  ASSERT (CapsuleStatusArray != NULL);
+  if (CapsuleStatusArray == NULL) {
+    Status = EFI_OUT_OF_RESOURCES;
+    goto Done;
+  }
+
+  //
+  // Find all capsule images from hob
+  //
+  HobPointer.Raw = GetHobList ();
+  while ((HobPointer.Raw = GetNextHob (EFI_HOB_TYPE_UEFI_CAPSULE, HobPointer.Raw)) != NULL) {
+    CapsulePtr [CapsuleNumber++] = (VOID *) (UINTN) HobPointer.Capsule->BaseAddress;
+    HobPointer.Raw = GET_NEXT_HOB (HobPointer);
+  }
+
+  //
+  // Check the capsule flags,if contains CAPSULE_FLAGS_POPULATE_SYSTEM_TABLE, install
+  // capsuleTable to configure table with EFI_CAPSULE_GUID
+  //
+
+  //
+  // Capsules who have CAPSULE_FLAGS_POPULATE_SYSTEM_TABLE always are used for operating
+  // System to have information persist across a system reset. EFI System Table must
+  // point to an array of capsules that contains the same CapsuleGuid value. And agents
+  // searching for this type capsule will look in EFI System Table and search for the
+  // capsule's Guid and associated pointer to retrieve the data. Two steps below describes
+  // how to sorting the capsules by the unique guid and install the array to EFI System Table.
+  // Firstly, Loop for all coalesced capsules, record unique CapsuleGuids and cache them in an
+  // array for later sorting capsules by CapsuleGuid.
+  //
+  for (Index = 0; Index < CapsuleTotalNumber; Index++) {
+    CapsuleStatusArray [Index] = EFI_UNSUPPORTED;
+    CapsuleHeader = (EFI_CAPSULE_HEADER*) CapsulePtr [Index];
+    if ((CapsuleHeader->Flags & CAPSULE_FLAGS_POPULATE_SYSTEM_TABLE) != 0) {
+      //
+      // For each capsule, we compare it with known CapsuleGuid in the CacheArray.
+      // If already has the Guid, skip it. Whereas, record it in the CacheArray as
+      // an additional one.
+      //
+      CacheIndex = 0;
+      while (CacheIndex < CacheNumber) {
+        if (CompareGuid(&CapsuleGuidCache[CacheIndex],&CapsuleHeader->CapsuleGuid)) {
+          break;
+        }
+        CacheIndex++;
+      }
+      if (CacheIndex == CacheNumber) {
+        CopyMem(&CapsuleGuidCache[CacheNumber++],&CapsuleHeader->CapsuleGuid,sizeof(EFI_GUID));
+      }
+    }
+  }
+
+  //
+  // Secondly, for each unique CapsuleGuid in CacheArray, gather all coalesced capsules
+  // whose guid is the same as it, and malloc memory for an array which preceding
+  // with UINT32. The array fills with entry point of capsules that have the same
+  // CapsuleGuid, and UINT32 represents the size of the array of capsules. Then install
+  // this array into EFI System Table, so that agents searching for this type capsule
+  // will look in EFI System Table and search for the capsule's Guid and associated
+  // pointer to retrieve the data.
+  //
+  CacheIndex = 0;
+  while (CacheIndex < CacheNumber) {
+    CapsuleNumber = 0;
+    for (Index = 0; Index < CapsuleTotalNumber; Index++) {
+      CapsuleHeader = (EFI_CAPSULE_HEADER*) CapsulePtr [Index];
+      if ((CapsuleHeader->Flags & CAPSULE_FLAGS_POPULATE_SYSTEM_TABLE) != 0) {
+        if (CompareGuid (&CapsuleGuidCache[CacheIndex], &CapsuleHeader->CapsuleGuid)) {
+          //
+          // Cache Caspuleheader to the array, this array is uniqued with certain CapsuleGuid.
+          //
+          CapsulePtrCache[CapsuleNumber++] = (VOID*)CapsuleHeader;
+          //
+          // When a Capsule is listed in CapsulePtrCache, it will be reported in ConfigurationTable
+          // So, report the CapsuleStatus as "processed successfully".
+          //
+          CapsuleStatusArray [Index] = EFI_SUCCESS;
+        }
+      }
+    }
+    if (CapsuleNumber != 0) {
+      Size = sizeof(EFI_CAPSULE_TABLE) + (CapsuleNumber - 1) * sizeof(VOID*);
+      CapsuleTable = AllocateRuntimePool (Size);
+      ASSERT (CapsuleTable != NULL);
+      if (CapsuleTable == NULL) {
+        return EFI_OUT_OF_RESOURCES;
+      }
+      CapsuleTable->CapsuleArrayNumber =  CapsuleNumber;
+      CopyMem(&CapsuleTable->CapsulePtr[0], CapsulePtrCache, CapsuleNumber * sizeof(VOID*));
+      Status = gBS->InstallConfigurationTable (&CapsuleGuidCache[CacheIndex], (VOID*)CapsuleTable);
+      ASSERT_EFI_ERROR (Status);
+    }
+    CacheIndex++;
+  }
+
+  REPORT_STATUS_CODE(EFI_PROGRESS_CODE, (EFI_SOFTWARE | PcdGet32(PcdStatusCodeSubClassCapsule) | PcdGet32(PcdCapsuleStatusCodeUpdatingFirmware)));
+
+  //
+  // If Windows UX capsule exist, process it first
+  //
+  for (Index = 0; Index < CapsuleTotalNumber; Index++) {
+    CapsuleHeader = (EFI_CAPSULE_HEADER*) CapsulePtr [Index];
+    if (CompareGuid(&CapsuleHeader->CapsuleGuid ,&gWindowsUxCapsuleGuid)) {
+      DEBUG ((EFI_D_INFO, "ProcessCapsuleImage (Ux) - 0x%x\n", CapsuleHeader));
+      DisplayCapsuleExist = TRUE;
+      DEBUG ((DEBUG_INFO, "Display logo capsule is found.\n"));
+      Status = ProcessCapsuleImage (CapsuleHeader);
+      DEBUG((EFI_D_INFO, "ProcessCapsuleImage (Ux) - %r\n", Status));
+      CapsuleStatusArray [Index] = Status;
+      break;
+    }
+  }
+
+  if (!DisplayCapsuleExist) {
+    //
+    // Display Capsule not found. Display the default string.
+    //
+    Print (L"Updating the firmware ......\r\n");
+  }
+
+  //
+  // All capsules left are recognized by platform.
+  //
+  for (Index = 0; Index < CapsuleTotalNumber; Index++) {
+    CapsuleHeader = (EFI_CAPSULE_HEADER*) CapsulePtr [Index];
+    if (!CompareGuid(&CapsuleHeader->CapsuleGuid ,&gWindowsUxCapsuleGuid)) {
+      //
+      // Call capsule library to process capsule image.
+      //
+      EmbeddedDriverCount = 0;
+      if (IsFmpCapsule(CapsuleHeader)) {
+        Status = ValidateFmpCapsule(CapsuleHeader, &EmbeddedDriverCount);
+        if (EFI_ERROR(Status)) {
+          DEBUG((DEBUG_ERROR, "ValidateFmpCapsule failed. Ignore!\n"));
+          continue;
+        }
+      }
+
+      if ((!NeedBlockDriver) || (EmbeddedDriverCount == 0)) {
+        DEBUG((EFI_D_INFO, "ProcessCapsuleImage - 0x%x\n", CapsuleHeader));
+        Status = ProcessCapsuleImage (CapsuleHeader);
+        CapsuleStatusArray [Index] = Status;
+        DEBUG((EFI_D_INFO, "ProcessCapsuleImage - %r\n", Status));
+
+        if (EFI_ERROR(Status)) {
+          REPORT_STATUS_CODE(EFI_ERROR_CODE, (EFI_SOFTWARE | PcdGet32(PcdStatusCodeSubClassCapsule) | PcdGet32(PcdCapsuleStatusCodeUpdateFirmwareFailed)));
+          DEBUG ((DEBUG_ERROR, "Capsule process failed. reset the system!\n"));
+          Print (L"Firmware update failed...\r\n");
+        } else {
+          REPORT_STATUS_CODE(EFI_PROGRESS_CODE, (EFI_SOFTWARE | PcdGet32(PcdStatusCodeSubClassCapsule) | PcdGet32(PcdCapsuleStatusCodeUpdateFirmwareSuccess)));
+        }
+
+        if ((CapsuleHeader->Flags & PcdGet16(PcdSystemRebootAfterCapsuleProcessFlag)) != 0 ||
+            IsFmpCapsule(CapsuleHeader)) {
+          mNeedReset = TRUE;
+        }
+      }
+    }
+  }
+
+  Status = gBS->LocateProtocol(&gEsrtManagementProtocolGuid, NULL, (VOID **)&EsrtManagement);
+  //
+  // Always sync ESRT Cache from FMP Instance
+  //
+  if (!EFI_ERROR(Status)) {
+    EsrtManagement->SyncEsrtFmp();
+  }
+  Status = EFI_SUCCESS;
+
+Done:
+  //
+  // Free the allocated temp memory space.
+  //
+  if (CapsuleGuidCache != NULL) {
+    FreePool(CapsuleGuidCache);
+  }
+  if (CapsulePtrCache != NULL) {
+    FreePool(CapsulePtrCache);
+  }
+  if (CapsulePtr != NULL) {
+    FreePool(CapsulePtr);
+  }
+
+  REPORT_STATUS_CODE(EFI_PROGRESS_CODE, (EFI_SOFTWARE | PcdGet32(PcdStatusCodeSubClassCapsule) | PcdGet32(PcdCapsuleStatusCodeProcessCapsulesEnd)));
+
+  return Status;
+}
+
+/**
+  Do reset system.
+**/
+VOID
+DoResetSystem (
+  VOID
+  )
+{
+  UINTN                         Index;
+
+  REPORT_STATUS_CODE(EFI_PROGRESS_CODE, (EFI_SOFTWARE | PcdGet32(PcdStatusCodeSubClassCapsule) | PcdGet32(PcdCapsuleStatusCodeResettingSystem)));
+
+  Print(L"Capsule Request Cold Reboot.\n");
+  DEBUG((EFI_D_INFO, "Capsule Request Cold Reboot."));
+
+  for (Index = 5; Index > 0; Index--) {
+    Print(L"\rResetting system in %d seconds ...", Index);
+    DEBUG((EFI_D_INFO, "\rResetting system in %d seconds ...", Index));
+    gBS->Stall(1000000);
+  }
+
+  gRT->ResetSystem(EfiResetCold, EFI_SUCCESS, 0, NULL);
+
+  CpuDeadLoop();
+}
+
+/**
+
+  This routine is called to process capsules.
+
+  Caution: This function may receive untrusted input.
+
+  The capsules reported in EFI_HOB_UEFI_CAPSULE are processed.
+  If there is no EFI_HOB_UEFI_CAPSULE, this routine does nothing.
+
+  This routine should be called twice in BDS.
+  1) The first call must be before EndOfDxe. The system capsules is processed.
+     If device capsule FMP protocols are exposted at this time and device FMP
+     capsule has zero EmbeddedDriverCount, the device capsules are processed.
+     Each individual capsule result is recorded in capsule record variable.
+     System may reset in this function, if reset is required by capsule and
+     all capsules are processed.
+     If not all capsules are processed, reset will be defered to second call.
+
+  2) The second call must be after EndOfDxe and after ConnectAll, so that all
+     device capsule FMP protocols are exposed.
+     The system capsules are skipped. If the device capsules are NOT processed
+     in first call, they are processed here.
+     Each individual capsule result is recorded in capsule record variable.
+     System may reset in this function, if reset is required by capsule
+     processed in first call and second call.
+
+  @retval EFI_SUCCESS             There is no error when processing capsules.
+  @retval EFI_OUT_OF_RESOURCES    No enough resource to process capsules.
+
+**/
+EFI_STATUS
+EFIAPI
+ProcessCapsules (
+  VOID
+  )
+{
+  EFI_STATUS                    Status;
+
+  if (!mDxeCapsuleLibEndOfDxe) {
+    //
+    // Initialize mAreAllImagesProcessed to be TRUE.
+    //
+    // It will be updated to FALSE in ProcessTheseCapsules()->ProcessCapsuleImage(),
+    // if there is any FMP image in any FMP capsule not processed.
+    //
+    mAreAllImagesProcessed = TRUE;
+
+    Status = ProcessTheseCapsules(TRUE);
+    //
+    // Reboot System if and only if all capsule processed.
+    // If not, defer reset to 2nd process.
+    //
+    if (mNeedReset && mAreAllImagesProcessed) {
+      DoResetSystem();
+    }
+  } else {
+    Status = ProcessTheseCapsules(FALSE);
+    //
+    // Reboot System if required after all capsule processed
+    //
+    if (mNeedReset) {
+      DoResetSystem();
+    }
+  }
+  return Status;
+}
diff --git a/MdeModulePkg/Library/DxeCapsuleLibFmp/DxeCapsuleProcessLibNull.c b/MdeModulePkg/Library/DxeCapsuleLibFmp/DxeCapsuleProcessLibNull.c
new file mode 100644
index 0000000..07e9e46
--- /dev/null
+++ b/MdeModulePkg/Library/DxeCapsuleLibFmp/DxeCapsuleProcessLibNull.c
@@ -0,0 +1,57 @@
+/** @file
+  DXE capsule process.
+  Dummy function for runtime module, because CapsuleDxeRuntime
+  does not need call ProcessCapsules().
+
+  Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
+  This program and the accompanying materials
+  are licensed and made available under the terms and conditions of the BSD License
+  which accompanies this distribution.  The full text of the license may be found at
+  http://opensource.org/licenses/bsd-license.php
+
+  THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+  WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+
+**/
+
+#include <PiDxe.h>
+#include <Library/CapsuleLib.h>
+
+/**
+
+  This routine is called to process capsules.
+
+  Caution: This function may receive untrusted input.
+
+  The capsules reported in EFI_HOB_UEFI_CAPSULE are processed.
+  If there is no EFI_HOB_UEFI_CAPSULE, this routine does nothing.
+
+  This routine should be called twice in BDS.
+  1) The first call must be before EndOfDxe. The system capsules is processed.
+     If device capsule FMP protocols are exposted at this time and device FMP
+     capsule has zero EmbeddedDriverCount, the device capsules are processed.
+     Each individual capsule result is recorded in capsule record variable.
+     System may reset in this function, if reset is required by capsule and
+     all capsules are processed.
+     If not all capsules are processed, reset will be defered to second call.
+
+  2) The second call must be after EndOfDxe and after ConnectAll, so that all
+     device capsule FMP protocols are exposed.
+     The system capsules are skipped. If the device capsules are NOT processed
+     in first call, they are processed here.
+     Each individual capsule result is recorded in capsule record variable.
+     System may reset in this function, if reset is required by capsule
+     processed in first call and second call.
+
+  @retval EFI_SUCCESS             There is no error when processing capsules.
+  @retval EFI_OUT_OF_RESOURCES    No enough resource to process capsules.
+
+**/
+EFI_STATUS
+EFIAPI
+ProcessCapsules (
+  VOID
+  )
+{
+  return EFI_UNSUPPORTED;
+}
diff --git a/MdeModulePkg/Library/DxeCapsuleLibFmp/DxeCapsuleReportLib.c b/MdeModulePkg/Library/DxeCapsuleLibFmp/DxeCapsuleReportLib.c
new file mode 100644
index 0000000..b6ba404
--- /dev/null
+++ b/MdeModulePkg/Library/DxeCapsuleLibFmp/DxeCapsuleReportLib.c
@@ -0,0 +1,489 @@
+/** @file
+  DXE capsule report related function.
+
+  Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
+  This program and the accompanying materials
+  are licensed and made available under the terms and conditions of the BSD License
+  which accompanies this distribution.  The full text of the license may be found at
+  http://opensource.org/licenses/bsd-license.php
+
+  THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+  WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+
+**/
+
+#include <PiDxe.h>
+#include <Protocol/FirmwareManagement.h>
+#include <Protocol/VariableLock.h>
+#include <Guid/CapsuleReport.h>
+#include <Guid/FmpCapsule.h>
+#include <Guid/CapsuleVendor.h>
+
+#include <Library/BaseLib.h>
+#include <Library/DebugLib.h>
+#include <Library/BaseMemoryLib.h>
+#include <Library/UefiBootServicesTableLib.h>
+#include <Library/UefiRuntimeServicesTableLib.h>
+#include <Library/MemoryAllocationLib.h>
+#include <Library/UefiLib.h>
+#include <Library/PcdLib.h>
+#include <Library/HobLib.h>
+#include <Library/PrintLib.h>
+#include <Library/ReportStatusCodeLib.h>
+#include <Library/CapsuleLib.h>
+
+#include <IndustryStandard/WindowsUxCapsule.h>
+
+typedef struct {
+  EFI_CAPSULE_RESULT_VARIABLE_HEADER  CapsuleResultHeader;
+  EFI_CAPSULE_RESULT_VARIABLE_FMP     CapsuleResultFmp;
+} CAPSULE_RESULT_VARIABLE_CACHE;
+
+#define CAPSULE_RESULT_VARIABLE_CACHE_COUNT   0x10
+
+CAPSULE_RESULT_VARIABLE_CACHE *mCapsuleResultVariableCache;
+UINTN                         mCapsuleResultVariableCacheMaxCount;
+UINTN                         mCapsuleResultVariableCacheCount;
+
+/**
+  Get current capsule last variable index.
+
+  @return Current capsule last variable index.
+  @retval -1  No current capsule last variable.
+**/
+INTN
+GetCurrentCapsuleLastIndex (
+  VOID
+  )
+{
+  UINTN                            Size;
+  CHAR16                           CapsuleLastStr[sizeof("Capsule####")];
+  EFI_STATUS                       Status;
+  UINT16                           CurrentIndex;
+
+  Size = sizeof(L"Capsule####") - sizeof(CHAR16); // no zero terminator
+  Status = gRT->GetVariable(
+                  L"CapsuleLast",
+                  &gEfiCapsuleReportGuid,
+                  NULL,
+                  &Size,
+                  CapsuleLastStr
+                  );
+  if (EFI_ERROR(Status)) {
+    return -1;
+  }
+  CurrentIndex = (UINT16)StrHexToUintn(&CapsuleLastStr[sizeof("Capsule") - 1]);
+  return CurrentIndex;
+}
+
+/**
+  Check if this FMP capsule is processed.
+
+  @param[in] CapsuleHeader  The capsule image header
+  @param[in] PayloadIndex   FMP payload index
+  @param[in] ImageHeader    FMP image header
+
+  @retval TRUE  This FMP capsule is processed.
+  @retval FALSE This FMP capsule is not processed.
+**/
+BOOLEAN
+IsFmpCapsuleProcessed (
+  IN EFI_CAPSULE_HEADER                            *CapsuleHeader,
+  IN UINTN                                         PayloadIndex,
+  IN EFI_FIRMWARE_MANAGEMENT_CAPSULE_IMAGE_HEADER  *ImageHeader
+  )
+{
+  UINTN                               Index;
+  EFI_CAPSULE_RESULT_VARIABLE_HEADER  *CapsuleResult;
+  EFI_CAPSULE_RESULT_VARIABLE_FMP     *CapsuleResultFmp;
+
+  for (Index = 0; Index < mCapsuleResultVariableCacheCount; Index++) {
+    //
+    // Check
+    //
+    CapsuleResult = &mCapsuleResultVariableCache[Index].CapsuleResultHeader;
+    if (CapsuleResult->VariableTotalSize >= sizeof(EFI_CAPSULE_RESULT_VARIABLE_HEADER)) {
+      if (CompareGuid(&CapsuleResult->CapsuleGuid, &gEfiFmpCapsuleGuid)) {
+        if (CapsuleResult->VariableTotalSize >= sizeof(EFI_CAPSULE_RESULT_VARIABLE_HEADER) + sizeof(EFI_CAPSULE_RESULT_VARIABLE_FMP)) {
+          CapsuleResultFmp = (EFI_CAPSULE_RESULT_VARIABLE_FMP *)(CapsuleResult + 1);
+          if (CompareGuid(&CapsuleResultFmp->UpdateImageTypeId, &ImageHeader->UpdateImageTypeId) &&
+              (CapsuleResultFmp->UpdateImageIndex == ImageHeader->UpdateImageIndex) &&
+              (CapsuleResultFmp->PayloadIndex == PayloadIndex) ) {
+            return TRUE;
+          }
+        }
+      }
+    }
+  }
+
+  return FALSE;
+}
+
+/**
+  Write a new capsule status variable cache.
+
+  @param[in] CapsuleResult      The capsule status variable
+  @param[in] CapsuleResultSize  The size of the capsule stauts variable in bytes
+
+  @retval EFI_SUCCESS          The capsule status variable is cached.
+  @retval EFI_OUT_OF_RESOURCES No resource to cache the capsule status variable.
+**/
+EFI_STATUS
+WriteNewCapsuleResultVariableCache (
+  IN VOID    *CapsuleResult,
+  IN UINTN   CapsuleResultSize
+  )
+{
+  if (CapsuleResultSize > sizeof(CAPSULE_RESULT_VARIABLE_CACHE)) {
+    CapsuleResultSize = sizeof(CAPSULE_RESULT_VARIABLE_CACHE);
+  }
+
+  if (mCapsuleResultVariableCacheCount == mCapsuleResultVariableCacheMaxCount) {
+    mCapsuleResultVariableCache = ReallocatePool(
+                                    mCapsuleResultVariableCacheMaxCount * sizeof(CAPSULE_RESULT_VARIABLE_CACHE),
+                                    (mCapsuleResultVariableCacheMaxCount + CAPSULE_RESULT_VARIABLE_CACHE_COUNT) * sizeof(CAPSULE_RESULT_VARIABLE_CACHE),
+                                    mCapsuleResultVariableCache
+                                    );
+    if (mCapsuleResultVariableCache == NULL) {
+      return EFI_OUT_OF_RESOURCES;
+    }
+    mCapsuleResultVariableCacheMaxCount += CAPSULE_RESULT_VARIABLE_CACHE_COUNT;
+  }
+
+  ASSERT(mCapsuleResultVariableCacheCount < mCapsuleResultVariableCacheMaxCount);
+  ASSERT(mCapsuleResultVariableCache != NULL);
+  CopyMem(
+    &mCapsuleResultVariableCache[mCapsuleResultVariableCacheCount],
+    CapsuleResult,
+    CapsuleResultSize
+    );
+  mCapsuleResultVariableCacheCount++;
+
+  return EFI_SUCCESS;
+}
+
+/**
+  Get a new capsule status variable index.
+
+  @return A new capsule status variable index.
+  @retval -1  No new capsule status variable index.
+**/
+INTN
+GetNewCapsuleResultIndex (
+  VOID
+  )
+{
+  INTN                             CurrentIndex;
+
+  CurrentIndex = GetCurrentCapsuleLastIndex();
+  if (CurrentIndex >= PcdGet16(PcdCapsuleMax)) {
+    return -1;
+  }
+
+  return CurrentIndex + 1;
+}
+
+/**
+  Write a new capsule status variable.
+
+  @param[in] CapsuleResult      The capsule status variable
+  @param[in] CapsuleResultSize  The size of the capsule stauts variable in bytes
+
+  @retval EFI_SUCCESS          The capsule status variable is recorded.
+  @retval EFI_OUT_OF_RESOURCES No resource to record the capsule status variable.
+**/
+EFI_STATUS
+WriteNewCapsuleResultVariable (
+  IN VOID    *CapsuleResult,
+  IN UINTN   CapsuleResultSize
+  )
+{
+  INTN                                CapsuleResultIndex;
+  CHAR16                              CapsuleResultStr[sizeof("Capsule####")];
+  UINTN                               Size;
+  EFI_STATUS                          Status;
+
+  CapsuleResultIndex = GetNewCapsuleResultIndex();
+  DEBUG((EFI_D_INFO, "New CapsuleResultIndex - 0x%x\n", CapsuleResultIndex));
+  if (CapsuleResultIndex == -1) {
+    return EFI_OUT_OF_RESOURCES;
+  }
+  UnicodeSPrint(
+    CapsuleResultStr,
+    sizeof(CapsuleResultStr),
+    L"Capsule%04x",
+    CapsuleResultIndex
+    );
+
+  Status = gRT->SetVariable(
+                  CapsuleResultStr,
+                  &gEfiCapsuleReportGuid,
+                  EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS,
+                  CapsuleResultSize,
+                  CapsuleResult
+                  );
+  if (!EFI_ERROR(Status)) {
+    Size = sizeof(L"Capsule####") - sizeof(CHAR16); // no zero terminator
+    DEBUG((EFI_D_INFO, "Set CapsuleLast - %s\n", CapsuleResultStr));
+    Status = gRT->SetVariable(
+                    L"CapsuleLast",
+                    &gEfiCapsuleReportGuid,
+                    EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS,
+                    Size,
+                    CapsuleResultStr
+                    );
+  }
+
+  return Status;
+}
+
+/**
+  Record capsule status variable and to local cache.
+
+  @param[in] CapsuleHeader  The capsule image header
+  @param[in] CapsuleStatus  The capsule process stauts
+
+  @retval EFI_SUCCESS          The capsule status variable is recorded.
+  @retval EFI_OUT_OF_RESOURCES No resource to record the capsule status variable.
+**/
+EFI_STATUS
+RecordCapsuleStatusVariable (
+  IN EFI_CAPSULE_HEADER                           *CapsuleHeader,
+  IN EFI_STATUS                                   CapsuleStatus
+  )
+{
+  EFI_CAPSULE_RESULT_VARIABLE_HEADER  CapsuleResultVariable;
+  EFI_STATUS                          Status;
+
+  CapsuleResultVariable.VariableTotalSize = sizeof(CapsuleResultVariable);
+  CopyGuid (&CapsuleResultVariable.CapsuleGuid, &CapsuleHeader->CapsuleGuid);
+  ZeroMem(&CapsuleResultVariable.CapsuleProcessed, sizeof(CapsuleResultVariable.CapsuleProcessed));
+  gRT->GetTime(&CapsuleResultVariable.CapsuleProcessed, NULL);
+  CapsuleResultVariable.CapsuleStatus = CapsuleStatus;
+
+  //
+  // Save Local Cache
+  //
+  Status = WriteNewCapsuleResultVariableCache(&CapsuleResultVariable, sizeof(CapsuleResultVariable));
+
+  if ((CapsuleHeader->Flags & CAPSULE_FLAGS_PERSIST_ACROSS_RESET) != 0) {
+    Status = WriteNewCapsuleResultVariable(&CapsuleResultVariable, sizeof(CapsuleResultVariable));
+  }
+  return Status;
+}
+
+/**
+  Record FMP capsule status variable and to local cache.
+
+  @param[in] CapsuleHeader  The capsule image header
+  @param[in] CapsuleStatus  The capsule process stauts
+  @param[in] PayloadIndex   FMP payload index
+  @param[in] ImageHeader    FMP image header
+
+  @retval EFI_SUCCESS          The capsule status variable is recorded.
+  @retval EFI_OUT_OF_RESOURCES No resource to record the capsule status variable.
+**/
+EFI_STATUS
+RecordFmpCapsuleStatusVariable (
+  IN EFI_CAPSULE_HEADER                            *CapsuleHeader,
+  IN EFI_STATUS                                    CapsuleStatus,
+  IN UINTN                                         PayloadIndex,
+  IN EFI_FIRMWARE_MANAGEMENT_CAPSULE_IMAGE_HEADER  *ImageHeader
+  )
+{
+  UINT8                               CapsuleResultVariable[sizeof(EFI_CAPSULE_RESULT_VARIABLE_HEADER) + sizeof(EFI_CAPSULE_RESULT_VARIABLE_FMP)];
+  EFI_CAPSULE_RESULT_VARIABLE_HEADER  *CapsuleResultVariableHeader;
+  EFI_CAPSULE_RESULT_VARIABLE_FMP     *CapsuleResultVariableFmp;
+  EFI_STATUS                          Status;
+
+  CapsuleResultVariableHeader = (VOID *)&CapsuleResultVariable[0];
+  CapsuleResultVariableHeader->VariableTotalSize = sizeof(CapsuleResultVariable);
+  CopyGuid(&CapsuleResultVariableHeader->CapsuleGuid, &CapsuleHeader->CapsuleGuid);
+  ZeroMem(&CapsuleResultVariableHeader->CapsuleProcessed, sizeof(CapsuleResultVariableHeader->CapsuleProcessed));
+  gRT->GetTime(&CapsuleResultVariableHeader->CapsuleProcessed, NULL);
+  CapsuleResultVariableHeader->CapsuleStatus = CapsuleStatus;
+
+  CapsuleResultVariableFmp = (VOID *)&CapsuleResultVariable[sizeof(EFI_CAPSULE_RESULT_VARIABLE_HEADER)];
+  CapsuleResultVariableFmp->Version = 0x1;
+  CapsuleResultVariableFmp->PayloadIndex = (UINT8)PayloadIndex;
+  CapsuleResultVariableFmp->UpdateImageIndex = ImageHeader->UpdateImageIndex;
+  CopyGuid (&CapsuleResultVariableFmp->UpdateImageTypeId, &ImageHeader->UpdateImageTypeId);
+
+  //
+  // Save Local Cache
+  //
+  Status = WriteNewCapsuleResultVariableCache(&CapsuleResultVariable, sizeof(CapsuleResultVariable));
+
+  if ((CapsuleHeader->Flags & CAPSULE_FLAGS_PERSIST_ACROSS_RESET) != 0) {
+    Status = WriteNewCapsuleResultVariable(&CapsuleResultVariable, sizeof(CapsuleResultVariable));
+  }
+  return Status;
+}
+
+/**
+  Initialize CapsuleMax variables.
+**/
+VOID
+InitCapsuleMaxVariable (
+  VOID
+  )
+{
+  EFI_STATUS                       Status;
+  UINTN                            Size;
+  CHAR16                           CapsuleMaxStr[sizeof("Capsule####")];
+  EDKII_VARIABLE_LOCK_PROTOCOL     *VariableLock;
+
+  UnicodeSPrint(
+    CapsuleMaxStr,
+    sizeof(CapsuleMaxStr),
+    L"Capsule%04x",
+    PcdGet16(PcdCapsuleMax)
+    );
+
+  Size = sizeof(L"Capsule####") - sizeof(CHAR16); // no zero terminator
+  Status = gRT->SetVariable(
+                  L"CapsuleMax",
+                  &gEfiCapsuleReportGuid,
+                  EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS,
+                  Size,
+                  CapsuleMaxStr
+                  );
+  if (!EFI_ERROR(Status)) {
+    // Lock it per UEFI spec.
+    Status = gBS->LocateProtocol(&gEdkiiVariableLockProtocolGuid, NULL, (VOID **)&VariableLock);
+    if (!EFI_ERROR(Status)) {
+      Status = VariableLock->RequestToLock(VariableLock, L"CapsuleMax", &gEfiCapsuleReportGuid);
+      ASSERT_EFI_ERROR(Status);
+    }
+  }
+}
+
+/**
+  Initialize CapsuleLast variables.
+**/
+VOID
+InitCapsuleLastVariable (
+  VOID
+  )
+{
+  EFI_STATUS                       Status;
+  EFI_BOOT_MODE                    BootMode;
+  EDKII_VARIABLE_LOCK_PROTOCOL     *VariableLock;
+  VOID                             *CapsuleResult;
+  UINTN                            Size;
+  CHAR16                           CapsuleLastStr[sizeof("Capsule####")];
+
+  BootMode = GetBootModeHob();
+  if (BootMode == BOOT_ON_FLASH_UPDATE) {
+    Status = gRT->SetVariable(
+                    L"CapsuleLast",
+                    &gEfiCapsuleReportGuid,
+                    EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS,
+                    0,
+                    NULL
+                    );
+    // Do not lock it because it will be updated later.
+  } else {
+    //
+    // Check if OS/APP cleared L"Capsule####"
+    //
+    ZeroMem(CapsuleLastStr, sizeof(CapsuleLastStr));
+    Size = sizeof(L"Capsule####") - sizeof(CHAR16); // no zero terminator
+    Status = gRT->GetVariable(
+                    L"CapsuleLast",
+                    &gEfiCapsuleReportGuid,
+                    NULL,
+                    &Size,
+                    CapsuleLastStr
+                    );
+    if (!EFI_ERROR(Status)) {
+      //
+      // L"CapsuleLast" is got, check if data is there.
+      //
+      Status = GetVariable2 (
+                 CapsuleLastStr,
+                 &gEfiCapsuleReportGuid,
+                 (VOID **) &CapsuleResult,
+                 NULL
+                 );
+      if (EFI_ERROR(Status)) {
+        //
+        // If no data, delete L"CapsuleLast"
+        //
+        Status = gRT->SetVariable(
+                        L"CapsuleLast",
+                        &gEfiCapsuleReportGuid,
+                        EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS,
+                        0,
+                        NULL
+                        );
+      }
+    }
+
+    // Lock it in normal boot path per UEFI spec.
+    Status = gBS->LocateProtocol(&gEdkiiVariableLockProtocolGuid, NULL, (VOID **)&VariableLock);
+    if (!EFI_ERROR(Status)) {
+      Status = VariableLock->RequestToLock(VariableLock, L"CapsuleLast", &gEfiCapsuleReportGuid);
+      ASSERT_EFI_ERROR(Status);
+    }
+  }
+}
+
+/**
+  Initialize capsule update variables.
+**/
+VOID
+InitCapsuleUpdateVariable (
+  VOID
+  )
+{
+  EFI_STATUS                     Status;
+  UINTN                          Index;
+  CHAR16                         CapsuleVarName[30];
+  CHAR16                         *TempVarName;
+
+  //
+  // Clear all the capsule variables CapsuleUpdateData, CapsuleUpdateData1, CapsuleUpdateData2...
+  // as early as possible which will avoid the next time boot after the capsule update
+  // will still into the capsule loop
+  //
+  StrCpyS (CapsuleVarName, sizeof(CapsuleVarName)/sizeof(CapsuleVarName[0]), EFI_CAPSULE_VARIABLE_NAME);
+  TempVarName = CapsuleVarName + StrLen (CapsuleVarName);
+  Index = 0;
+  while (TRUE) {
+    if (Index > 0) {
+      UnicodeValueToString (TempVarName, 0, Index, 0);
+    }
+    Status = gRT->SetVariable (
+                    CapsuleVarName,
+                    &gEfiCapsuleVendorGuid,
+                    EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS,
+                    0,
+                    (VOID *)NULL
+                    );
+    if (EFI_ERROR (Status)) {
+      //
+      // There is no capsule variables, quit
+      //
+      break;
+    }
+    Index++;
+  }
+}
+
+/**
+  Initialize capsule related variables.
+**/
+VOID
+InitCapsuleVariable (
+  VOID
+  )
+{
+  InitCapsuleUpdateVariable();
+  InitCapsuleMaxVariable();
+  InitCapsuleLastVariable();
+  //
+  // No need to clear L"Capsule####", because OS/APP should refer L"CapsuleLast"
+  // to check status and delete them.
+  //
+}
diff --git a/MdeModulePkg/Library/DxeCapsuleLibFmp/DxeCapsuleReportLibNull.c b/MdeModulePkg/Library/DxeCapsuleLibFmp/DxeCapsuleReportLibNull.c
new file mode 100644
index 0000000..bf550e5
--- /dev/null
+++ b/MdeModulePkg/Library/DxeCapsuleLibFmp/DxeCapsuleReportLibNull.c
@@ -0,0 +1,91 @@
+/** @file
+  DXE capsule report related function.
+  Dummy function for runtime module, because CapsuleDxeRuntime
+  does not need record capsule status variable.
+
+  Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
+  This program and the accompanying materials
+  are licensed and made available under the terms and conditions of the BSD License
+  which accompanies this distribution.  The full text of the license may be found at
+  http://opensource.org/licenses/bsd-license.php
+
+  THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+  WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+
+**/
+
+#include <PiDxe.h>
+#include <Protocol/FirmwareManagement.h>
+#include <Guid/FmpCapsule.h>
+#include <Library/CapsuleLib.h>
+
+/**
+  Check if this FMP capsule is processed.
+
+  @param[in] CapsuleHeader  The capsule image header
+  @param[in] PayloadIndex   FMP payload index
+  @param[in] ImageHeader    FMP image header
+
+  @retval TRUE  This FMP capsule is processed.
+  @retval FALSE This FMP capsule is not processed.
+**/
+BOOLEAN
+IsFmpCapsuleProcessed (
+  IN EFI_CAPSULE_HEADER                            *CapsuleHeader,
+  IN UINTN                                         PayloadIndex,
+  IN EFI_FIRMWARE_MANAGEMENT_CAPSULE_IMAGE_HEADER  *ImageHeader
+  )
+{
+  return FALSE;
+}
+
+/**
+  Record capsule status variable and to local cache.
+
+  @param[in] CapsuleHeader  The capsule image header
+  @param[in] CapsuleStatus  The capsule process stauts
+
+  @retval EFI_SUCCESS          The capsule status variable is recorded.
+  @retval EFI_OUT_OF_RESOURCES No resource to record the capsule status variable.
+**/
+EFI_STATUS
+RecordCapsuleStatusVariable (
+  IN EFI_CAPSULE_HEADER                           *CapsuleHeader,
+  IN EFI_STATUS                                   CapsuleStatus
+  )
+{
+  return EFI_UNSUPPORTED;
+}
+
+/**
+  Record FMP capsule status variable and to local cache.
+
+  @param[in] CapsuleHeader  The capsule image header
+  @param[in] CapsuleStatus  The capsule process stauts
+  @param[in] PayloadIndex   FMP payload index
+  @param[in] ImageHeader    FMP image header
+
+  @retval EFI_SUCCESS          The capsule status variable is recorded.
+  @retval EFI_OUT_OF_RESOURCES No resource to record the capsule status variable.
+**/
+EFI_STATUS
+RecordFmpCapsuleStatusVariable (
+  IN EFI_CAPSULE_HEADER                            *CapsuleHeader,
+  IN EFI_STATUS                                    CapsuleStatus,
+  IN UINTN                                         PayloadIndex,
+  IN EFI_FIRMWARE_MANAGEMENT_CAPSULE_IMAGE_HEADER  *ImageHeader
+  )
+{
+  return EFI_UNSUPPORTED;
+}
+
+/**
+  Initialize capsule related variables.
+**/
+VOID
+InitCapsuleVariable (
+  VOID
+  )
+{
+  return;
+}
diff --git a/MdeModulePkg/Library/DxeCapsuleLibFmp/DxeCapsuleRuntime.c b/MdeModulePkg/Library/DxeCapsuleLibFmp/DxeCapsuleRuntime.c
new file mode 100644
index 0000000..8801439
--- /dev/null
+++ b/MdeModulePkg/Library/DxeCapsuleLibFmp/DxeCapsuleRuntime.c
@@ -0,0 +1,112 @@
+/** @file
+  Capsule library runtime support.
+
+  Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
+  This program and the accompanying materials
+  are licensed and made available under the terms and conditions of the BSD License
+  which accompanies this distribution.  The full text of the license may be found at
+  http://opensource.org/licenses/bsd-license.php
+
+  THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+  WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+
+**/
+
+#include <PiDxe.h>
+
+#include <Guid/FmpCapsule.h>
+#include <Guid/SystemResourceTable.h>
+#include <Guid/EventGroup.h>
+
+#include <Library/BaseLib.h>
+#include <Library/DebugLib.h>
+#include <Library/BaseMemoryLib.h>
+#include <Library/DxeServicesTableLib.h>
+#include <Library/UefiBootServicesTableLib.h>
+#include <Library/UefiRuntimeServicesTableLib.h>
+#include <Library/MemoryAllocationLib.h>
+
+extern EFI_SYSTEM_RESOURCE_TABLE *mEsrtTable;
+extern BOOLEAN                   mIsVirtualAddrConverted;
+
+/**
+  Convert EsrtTable physical address to virtual address.
+
+  @param[in] Event      Event whose notification function is being invoked.
+  @param[in] Context    The pointer to the notification function's context, which
+                        is implementation-dependent.
+**/
+VOID
+EFIAPI
+DxeCapsuleLibVirtualAddressChangeEvent (
+  IN  EFI_EVENT   Event,
+  IN  VOID        *Context
+  )
+{
+  UINTN                    Index;
+  EFI_CONFIGURATION_TABLE  *ConfigEntry;
+
+  //
+  // Get Esrt table first
+  //
+  ConfigEntry = gST->ConfigurationTable;
+  for (Index = 0; Index < gST->NumberOfTableEntries; Index++) {
+    if (CompareGuid(&gEfiSystemResourceTableGuid, &ConfigEntry->VendorGuid)) {
+      break;
+    }
+    ConfigEntry++;
+  }
+
+  //
+  // If no Esrt table installed in Configure Table
+  //
+  if (Index < gST->NumberOfTableEntries) {
+    //
+    // Search Esrt to check given capsule is qualified
+    //
+    mEsrtTable = (EFI_SYSTEM_RESOURCE_TABLE *) ConfigEntry->VendorTable;
+
+    //
+    // Update protocol pointer to Esrt Table.
+    //
+    gRT->ConvertPointer (0x00, (VOID**) &(mEsrtTable));
+  }
+
+  mIsVirtualAddrConverted = TRUE;
+
+}
+
+/**
+  The constructor function hook VirtualAddressChange event to use ESRT table as capsule routing table.
+
+  @param  ImageHandle   The firmware allocated handle for the EFI image.
+  @param  SystemTable   A pointer to the EFI System Table.
+
+  @retval EFI_SUCCESS   The constructor successfully .
+**/
+EFI_STATUS
+EFIAPI
+DxeRuntimeCapsuleLibConstructor (
+  IN EFI_HANDLE         ImageHandle,
+  IN EFI_SYSTEM_TABLE   *SystemTable
+  )
+{
+  EFI_STATUS     Status;
+  EFI_EVENT      Event;
+
+  //
+  // Make sure we can handle virtual address changes.
+  //
+  Event = NULL;
+  Status = gBS->CreateEventEx (
+                  EVT_NOTIFY_SIGNAL,
+                  TPL_NOTIFY,
+                  DxeCapsuleLibVirtualAddressChangeEvent,
+                  NULL,
+                  &gEfiEventVirtualAddressChangeGuid,
+                  &Event
+                  );
+  ASSERT_EFI_ERROR (Status);
+
+  return EFI_SUCCESS;
+}
diff --git a/MdeModulePkg/Library/DxeCapsuleLibFmp/DxeRuntimeCapsuleLib.inf b/MdeModulePkg/Library/DxeCapsuleLibFmp/DxeRuntimeCapsuleLib.inf
new file mode 100644
index 0000000..88a3c61
--- /dev/null
+++ b/MdeModulePkg/Library/DxeCapsuleLibFmp/DxeRuntimeCapsuleLib.inf
@@ -0,0 +1,83 @@
+## @file
+#  Capsule library instance for DXE_RUNTIME_DRIVER.
+#
+#  Capsule library instance for DXE_RUNTIME_DRIVER module types.
+#
+#  Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
+#  This program and the accompanying materials
+#  are licensed and made available under the terms and conditions of the BSD License
+#  which accompanies this distribution.  The full text of the license may be found at
+#  http://opensource.org/licenses/bsd-license.php
+#
+#  THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+#  WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+#
+##
+
+[Defines]
+  INF_VERSION                    = 0x00010005
+  BASE_NAME                      = DxeRuntimeCapsuleLib
+  MODULE_UNI_FILE                = DxeRuntimeCapsuleLib.uni
+  FILE_GUID                      = 19BE1E4B-1A9A-44c1-8F12-32DD0470516A
+  MODULE_TYPE                    = DXE_DRIVER
+  VERSION_STRING                 = 1.0
+  LIBRARY_CLASS                  = CapsuleLib|DXE_RUNTIME_DRIVER
+  CONSTRUCTOR                    = DxeCapsuleLibConstructor
+  CONSTRUCTOR                    = DxeRuntimeCapsuleLibConstructor
+
+#
+# The following information is for reference only and not required by the build tools.
+#
+#  VALID_ARCHITECTURES           = IA32 X64 IPF EBC
+#
+
+[Sources]
+  DxeCapsuleLib.c
+  DxeCapsuleProcessLibNull.c
+  DxeCapsuleReportLibNull.c
+  DxeCapsuleRuntime.c
+
+[Packages]
+  MdePkg/MdePkg.dec
+  MdeModulePkg/MdeModulePkg.dec
+
+[LibraryClasses]
+  BaseLib
+  BaseMemoryLib
+  DebugLib
+  MemoryAllocationLib
+  DxeServicesTableLib
+  UefiBootServicesTableLib
+  DevicePathLib
+  ReportStatusCodeLib
+  PrintLib
+  HobLib
+
+[Pcd]
+  gEfiMdeModulePkgTokenSpaceGuid.PcdCapsuleMax                               ## CONSUMES
+  gEfiMdeModulePkgTokenSpaceGuid.PcdSystemRebootAfterCapsuleProcessFlag      ## CONSUMES
+
+  gEfiMdeModulePkgTokenSpaceGuid.PcdStatusCodeSubClassCapsule                ## CONSUMES
+  gEfiMdeModulePkgTokenSpaceGuid.PcdCapsuleStatusCodeProcessCapsulesBegin    ## CONSUMES
+  gEfiMdeModulePkgTokenSpaceGuid.PcdCapsuleStatusCodeProcessCapsulesEnd      ## CONSUMES
+  gEfiMdeModulePkgTokenSpaceGuid.PcdCapsuleStatusCodeUpdatingFirmware        ## CONSUMES
+  gEfiMdeModulePkgTokenSpaceGuid.PcdCapsuleStatusCodeUpdateFirmwareSuccess   ## CONSUMES
+  gEfiMdeModulePkgTokenSpaceGuid.PcdCapsuleStatusCodeUpdateFirmwareFailed    ## CONSUMES
+  gEfiMdeModulePkgTokenSpaceGuid.PcdCapsuleStatusCodeResettingSystem         ## CONSUMES
+
+[Protocols]
+  gEsrtManagementProtocolGuid             ## CONSUMES
+  gEfiFirmwareManagementProtocolGuid      ## SOMETIMES_CONSUMES
+  gEdkiiVariableLockProtocolGuid          ## SOMETIMES_CONSUMES
+
+[Guids]
+  gEfiFmpCapsuleGuid                      ## SOMETIMES_CONSUMES ## GUID
+  gWindowsUxCapsuleGuid                   ## SOMETIMES_CONSUMES ## GUID
+  gEfiSystemResourceTableGuid             ## SOMETIMES_CONSUMES ## GUID
+  gEfiCapsuleReportGuid                   ## CONSUMES ## Variable
+  gEfiCapsuleVendorGuid                   ## CONSUMES ## Variable
+  gEfiEndOfDxeEventGroupGuid              ## CONSUMES ## Event
+  gEfiEventVirtualAddressChangeGuid       ## CONSUMES ## Event
+
+[Depex]
+  gEfiVariableWriteArchProtocolGuid
diff --git a/MdeModulePkg/Library/DxeCapsuleLibFmp/DxeRuntimeCapsuleLib.uni b/MdeModulePkg/Library/DxeCapsuleLibFmp/DxeRuntimeCapsuleLib.uni
new file mode 100644
index 0000000..cd89b13
--- /dev/null
+++ b/MdeModulePkg/Library/DxeCapsuleLibFmp/DxeRuntimeCapsuleLib.uni
@@ -0,0 +1,22 @@
+// /** @file
+// Capsule library instance for DXE_RUNTIME_DRIVER.
+//
+// Capsule library instance for DXE_RUNTIME_DRIVER module types.
+//
+// Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
+//
+// This program and the accompanying materials
+// are licensed and made available under the terms and conditions of the BSD License
+// which accompanies this distribution.  The full text of the license may be found at
+// http://opensource.org/licenses/bsd-license.php
+//
+// THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+// WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+//
+// **/
+
+
+#string STR_MODULE_ABSTRACT             #language en-US "Capsule Support Library"
+
+#string STR_MODULE_DESCRIPTION          #language en-US "Capsule library instance for DXE_RUNTIME_DRIVER module types."
+
-- 
2.7.4.windows.1



^ permalink raw reply related	[flat|nested] 16+ messages in thread

* [PATCH V6 07/15] MdeModulePkg/Esrt: Add ESRT_FW_TYPE_SYSTEMFIRMWARE check.
  2016-10-28  5:46 [PATCH V6 00/15] Add capsule support lib and app Jiewen Yao
                   ` (5 preceding siblings ...)
  2016-10-28  5:46 ` [PATCH V6 06/15] MdeModulePkg/DxeCapsuleLibFmp: Add DxeCapsuleLibFmp instance Jiewen Yao
@ 2016-10-28  5:46 ` Jiewen Yao
  2016-10-28  5:46 ` [PATCH V6 08/15] MdeModulePkg/CapsuleApp: Add CapsuleApp application Jiewen Yao
                   ` (7 subsequent siblings)
  14 siblings, 0 replies; 16+ messages in thread
From: Jiewen Yao @ 2016-10-28  5:46 UTC (permalink / raw)
  To: edk2-devel; +Cc: Feng Tian, Star Zeng, Michael D Kinney, Liming Gao, Chao Zhang

The previous ESRT driver unconditionally treat FMP to be
ESRT_FW_TYPE_DEVICEFIRMWARE.
EDKII System Capsule reuses FMP, but it is ESRT_FW_TYPE_SYSTEMFIRMWARE.

Add check to ImageTypeId check to see if it is ESRT_FW_TYPE_SYSTEMFIRMWARE.

Cc: Feng Tian <feng.tian@intel.com>
Cc: Star Zeng <star.zeng@intel.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Liming Gao <liming.gao@intel.com>
Cc: Chao Zhang <chao.b.zhang@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Jiewen Yao <jiewen.yao@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
---
 MdeModulePkg/Universal/EsrtDxe/EsrtDxe.inf |  3 +-
 MdeModulePkg/Universal/EsrtDxe/EsrtImpl.c  | 37 ++++++++++++++++++--
 2 files changed, 37 insertions(+), 3 deletions(-)

diff --git a/MdeModulePkg/Universal/EsrtDxe/EsrtDxe.inf b/MdeModulePkg/Universal/EsrtDxe/EsrtDxe.inf
index 8fbc75b..2c66f15 100644
--- a/MdeModulePkg/Universal/EsrtDxe/EsrtDxe.inf
+++ b/MdeModulePkg/Universal/EsrtDxe/EsrtDxe.inf
@@ -4,7 +4,7 @@
 #  This driver produces EsrtManagement protocol to manage cache ESRT repository for FMP/Non-FMP instances.
 #  ESRT table based on repository is published on gEfiEventReadyToBootGuid.
 #
-#  Copyright (c) 2015, Intel Corporation. All rights reserved.<BR>
+#  Copyright (c) 2015 - 2016, Intel Corporation. All rights reserved.<BR>
 #  This program and the accompanying materials
 #  are licensed and made available under the terms and conditions of the BSD License
 #  which accompanies this distribution.  The full text of the license may be found at
@@ -64,6 +64,7 @@
   gEfiMdeModulePkgTokenSpaceGuid.PcdMaxFmpEsrtCacheNum                  ## CONSUMES
   gEfiMdeModulePkgTokenSpaceGuid.PcdMaxNonFmpEsrtCacheNum               ## CONSUMES
   gEfiMdeModulePkgTokenSpaceGuid.PcdSystemRebootAfterCapsuleProcessFlag ## CONSUMES
+  gEfiMdeModulePkgTokenSpaceGuid.PcdSystemFmpCapsuleImageTypeIdGuid     ## CONSUMES
 
 [Depex]
   gEfiVariableArchProtocolGuid AND gEfiVariableWriteArchProtocolGuid
diff --git a/MdeModulePkg/Universal/EsrtDxe/EsrtImpl.c b/MdeModulePkg/Universal/EsrtDxe/EsrtImpl.c
index f6d1e97..35a237e 100644
--- a/MdeModulePkg/Universal/EsrtDxe/EsrtImpl.c
+++ b/MdeModulePkg/Universal/EsrtDxe/EsrtImpl.c
@@ -1,7 +1,7 @@
 /** @file
   Esrt management implementation.
 
-Copyright (c) 2015, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2015 - 2016, Intel Corporation. All rights reserved.<BR>
 This program and the accompanying materials
 are licensed and made available under the terms and conditions of the BSD License
 which accompanies this distribution.  The full text of the license may be found at
@@ -391,6 +391,35 @@ EXIT:
 }
 
 /**
+  Return if this FMP is a system FMP or a device FMP, based upon FmpImageInfo.
+
+  @param[in] FmpImageInfo A pointer to EFI_FIRMWARE_IMAGE_DESCRIPTOR
+
+  @return TRUE  It is a system FMP.
+  @return FALSE It is a device FMP.
+**/
+BOOLEAN
+IsSystemFmp (
+  IN EFI_FIRMWARE_IMAGE_DESCRIPTOR   *FmpImageInfo
+  )
+{
+  GUID      *Guid;
+  UINTN     Count;
+  UINTN     Index;
+
+  Guid = PcdGetPtr(PcdSystemFmpCapsuleImageTypeIdGuid);
+  Count = PcdGetSize(PcdSystemFmpCapsuleImageTypeIdGuid)/sizeof(GUID);
+
+  for (Index = 0; Index < Count; Index++, Guid++) {
+    if (CompareGuid(&FmpImageInfo->ImageTypeId, Guid)) {
+      return TRUE;
+    }
+  }
+
+  return FALSE;
+}
+
+/**
   Init one ESRT entry according to input FmpImageInfo (V1, V2, V3) .
 
   @param[in, out]     EsrtEntry            Esrt entry to be Init
@@ -407,7 +436,11 @@ SetEsrtEntryFromFmpInfo (
 {
   EsrtEntry->FwVersion                = FmpImageInfo->Version;
   EsrtEntry->FwClass                  = FmpImageInfo->ImageTypeId;
-  EsrtEntry->FwType                   = ESRT_FW_TYPE_DEVICEFIRMWARE;
+  if (IsSystemFmp(FmpImageInfo)) {
+    EsrtEntry->FwType                   = ESRT_FW_TYPE_SYSTEMFIRMWARE;
+  } else {
+    EsrtEntry->FwType                   = ESRT_FW_TYPE_DEVICEFIRMWARE;
+  }
   EsrtEntry->LowestSupportedFwVersion = 0;
   EsrtEntry->CapsuleFlags             = 0;
   EsrtEntry->LastAttemptVersion       = 0;
-- 
2.7.4.windows.1



^ permalink raw reply related	[flat|nested] 16+ messages in thread

* [PATCH V6 08/15] MdeModulePkg/CapsuleApp: Add CapsuleApp application.
  2016-10-28  5:46 [PATCH V6 00/15] Add capsule support lib and app Jiewen Yao
                   ` (6 preceding siblings ...)
  2016-10-28  5:46 ` [PATCH V6 07/15] MdeModulePkg/Esrt: Add ESRT_FW_TYPE_SYSTEMFIRMWARE check Jiewen Yao
@ 2016-10-28  5:46 ` Jiewen Yao
  2016-10-28  5:46 ` [PATCH V6 09/15] MdeModulePkg/UiApp: Show test key warning info in FrontPage Jiewen Yao
                   ` (6 subsequent siblings)
  14 siblings, 0 replies; 16+ messages in thread
From: Jiewen Yao @ 2016-10-28  5:46 UTC (permalink / raw)
  To: edk2-devel; +Cc: Feng Tian, Star Zeng, Michael D Kinney, Liming Gao, Chao Zhang

This CapsuleApp can help perform capsule update in UEFI shell environment.
It can also dump capsule information, capsule status variable, ESRT and FMP.

Cc: Feng Tian <feng.tian@intel.com>
Cc: Star Zeng <star.zeng@intel.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Liming Gao <liming.gao@intel.com>
Cc: Chao Zhang <chao.b.zhang@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Jiewen Yao <jiewen.yao@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
---
 MdeModulePkg/Application/CapsuleApp/AppSupport.c        | 445 ++++++++++
 MdeModulePkg/Application/CapsuleApp/CapsuleApp.c        | 849 ++++++++++++++++++++
 MdeModulePkg/Application/CapsuleApp/CapsuleApp.inf      |  71 ++
 MdeModulePkg/Application/CapsuleApp/CapsuleApp.uni      |  22 +
 MdeModulePkg/Application/CapsuleApp/CapsuleAppExtra.uni |  19 +
 MdeModulePkg/Application/CapsuleApp/CapsuleDump.c       | 732 +++++++++++++++++
 6 files changed, 2138 insertions(+)

diff --git a/MdeModulePkg/Application/CapsuleApp/AppSupport.c b/MdeModulePkg/Application/CapsuleApp/AppSupport.c
new file mode 100644
index 0000000..c2fc3c1
--- /dev/null
+++ b/MdeModulePkg/Application/CapsuleApp/AppSupport.c
@@ -0,0 +1,445 @@
+/** @file
+  A shell application that triggers capsule update process.
+
+  Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
+  This program and the accompanying materials
+  are licensed and made available under the terms and conditions of the BSD License
+  which accompanies this distribution.  The full text of the license may be found at
+  http://opensource.org/licenses/bsd-license.php
+
+  THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+  WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+
+**/
+
+#include <Uefi.h>
+#include <Library/BaseLib.h>
+#include <Library/DebugLib.h>
+#include <Library/BaseMemoryLib.h>
+#include <Library/MemoryAllocationLib.h>
+#include <Library/UefiBootServicesTableLib.h>
+#include <Library/UefiRuntimeServicesTableLib.h>
+#include <Library/UefiLib.h>
+#include <Library/PrintLib.h>
+#include <Protocol/LoadedImage.h>
+#include <Protocol/SimpleFileSystem.h>
+#include <Protocol/ShellParameters.h>
+#include <Guid/FileInfo.h>
+#include <Guid/Gpt.h>
+
+#define MAX_ARG_NUM     11
+
+UINTN  Argc;
+CHAR16 **Argv;
+
+/**
+
+  This function parse application ARG.
+
+  @return Status
+**/
+EFI_STATUS
+GetArg (
+  VOID
+  )
+{
+  EFI_STATUS                    Status;
+  EFI_SHELL_PARAMETERS_PROTOCOL *ShellParameters;
+
+  Status = gBS->HandleProtocol (
+                  gImageHandle,
+                  &gEfiShellParametersProtocolGuid,
+                  (VOID**)&ShellParameters
+                  );
+  if (EFI_ERROR(Status)) {
+    return Status;
+  }
+
+  Argc = ShellParameters->Argc;
+  Argv = ShellParameters->Argv;
+  return EFI_SUCCESS;
+}
+
+/**
+  Return File System Volume containing this shell application.
+
+  @return File System Volume containing this shell application.
+**/
+EFI_SIMPLE_FILE_SYSTEM_PROTOCOL *
+GetMyVol (
+  VOID
+  )
+{
+  EFI_STATUS                        Status;
+  EFI_LOADED_IMAGE_PROTOCOL         *LoadedImage;
+  EFI_SIMPLE_FILE_SYSTEM_PROTOCOL   *Vol;
+
+  Status = gBS->HandleProtocol (
+                  gImageHandle,
+                  &gEfiLoadedImageProtocolGuid,
+                  (VOID **)&LoadedImage
+                  );
+  ASSERT_EFI_ERROR (Status);
+
+  Status = gBS->HandleProtocol (
+                  LoadedImage->DeviceHandle,
+                  &gEfiSimpleFileSystemProtocolGuid,
+                  (VOID **)&Vol
+                  );
+  if (!EFI_ERROR (Status)) {
+    return Vol;
+  }
+
+  return NULL;
+}
+
+/**
+  Read a file from this volume.
+
+  @param[in]  Vol             File System Volume
+  @param[in]  FileName        The file to be read.
+  @param[out] BufferSize      The file buffer size
+  @param[out] Buffer          The file buffer
+
+  @retval EFI_SUCCESS    Read file successfully
+  @retval EFI_NOT_FOUND  File not found
+**/
+EFI_STATUS
+ReadFileFromVol (
+  IN  EFI_SIMPLE_FILE_SYSTEM_PROTOCOL   *Vol,
+  IN  CHAR16                            *FileName,
+  OUT UINTN                             *BufferSize,
+  OUT VOID                              **Buffer
+  )
+{
+  EFI_STATUS                        Status;
+  EFI_FILE_HANDLE                   RootDir;
+  EFI_FILE_HANDLE                   Handle;
+  UINTN                             FileInfoSize;
+  EFI_FILE_INFO                     *FileInfo;
+  UINTN                             TempBufferSize;
+  VOID                              *TempBuffer;
+
+  //
+  // Open the root directory
+  //
+  Status = Vol->OpenVolume (Vol, &RootDir);
+  if (EFI_ERROR (Status)) {
+    return Status;
+  }
+
+  //
+  // Open the file
+  //
+  Status = RootDir->Open (
+                      RootDir,
+                      &Handle,
+                      FileName,
+                      EFI_FILE_MODE_READ,
+                      0
+                      );
+  if (EFI_ERROR (Status)) {
+    RootDir->Close (RootDir);
+    return Status;
+  }
+
+  RootDir->Close (RootDir);
+
+  //
+  // Get the file information
+  //
+  FileInfoSize = sizeof(EFI_FILE_INFO) + 1024;
+
+  FileInfo = AllocateZeroPool (FileInfoSize);
+  if (FileInfo == NULL) {
+    Handle->Close (Handle);
+    return Status;
+  }
+
+  Status = Handle->GetInfo (
+                     Handle,
+                     &gEfiFileInfoGuid,
+                     &FileInfoSize,
+                     FileInfo
+                     );
+  if (EFI_ERROR (Status)) {
+    Handle->Close (Handle);
+    gBS->FreePool (FileInfo);
+    return Status;
+  }
+
+  //
+  // Allocate buffer for the file data. The last CHAR16 is for L'\0'
+  //
+  TempBufferSize = (UINTN) FileInfo->FileSize + sizeof(CHAR16);
+  TempBuffer = AllocateZeroPool (TempBufferSize);
+  if (TempBuffer == NULL) {
+    Handle->Close (Handle);
+    gBS->FreePool (FileInfo);
+    return Status;
+  }
+
+  gBS->FreePool (FileInfo);
+
+  //
+  // Read the file data to the buffer
+  //
+  Status = Handle->Read (
+                     Handle,
+                     &TempBufferSize,
+                     TempBuffer
+                     );
+  if (EFI_ERROR (Status)) {
+    Handle->Close (Handle);
+    gBS->FreePool (TempBuffer);
+    return Status;
+  }
+
+  Handle->Close (Handle);
+
+  *BufferSize = TempBufferSize;
+  *Buffer     = TempBuffer;
+  return EFI_SUCCESS;
+}
+
+/**
+  Read a file.
+  If ScanFs is FLASE, it will use this Vol as default Fs.
+  If ScanFs is TRUE, it will scan all FS and check the file.
+    If there is only one file match the name, it will be read.
+    If there is more than one file match the name, it will return Error.
+
+  @param[in]  ThisVol         File System Volume
+  @param[in]  FileName        The file to be read.
+  @param[out] BufferSize      The file buffer size
+  @param[out] Buffer          The file buffer
+  @param[in]  ScanFs          Need Scan all FS
+
+  @retval EFI_SUCCESS    Read file successfully
+  @retval EFI_NOT_FOUND  File not found
+  @retval EFI_NO_MAPPING There is duplicated files found
+**/
+EFI_STATUS
+ReadFileToBufferEx (
+  IN OUT EFI_SIMPLE_FILE_SYSTEM_PROTOCOL   **ThisVol,
+  IN  CHAR16                               *FileName,
+  OUT UINTN                                *BufferSize,
+  OUT VOID                                 **Buffer,
+  IN  BOOLEAN                              ScanFs
+  )
+{
+  EFI_STATUS                        Status;
+  EFI_SIMPLE_FILE_SYSTEM_PROTOCOL   *Vol;
+  UINTN                             TempBufferSize;
+  VOID                              *TempBuffer;
+  UINTN                             NoHandles;
+  EFI_HANDLE                        *HandleBuffer;
+  UINTN                             Index;
+
+  //
+  // Check parameters
+  //
+  if ((FileName == NULL) || (Buffer == NULL) || (ThisVol == NULL)) {
+    return EFI_INVALID_PARAMETER;
+  }
+
+  //
+  // not scan fs
+  //
+  if (!ScanFs) {
+    if (*ThisVol == NULL) {
+      *ThisVol = GetMyVol ();
+      if (*ThisVol == NULL) {
+        return EFI_INVALID_PARAMETER;
+      }
+    }
+    //
+    // Read file directly from Vol
+    //
+    return ReadFileFromVol (*ThisVol, FileName, BufferSize, Buffer);
+  }
+
+  //
+  // need scan fs
+  //
+
+  //
+  // Get all Vol handle
+  //
+  Status = gBS->LocateHandleBuffer (
+                   ByProtocol,
+                   &gEfiSimpleFileSystemProtocolGuid,
+                   NULL,
+                   &NoHandles,
+                   &HandleBuffer
+                   );
+  if (EFI_ERROR (Status) && (NoHandles == 0)) {
+    return EFI_NOT_FOUND;
+  }
+
+  //
+  // Walk through each Vol
+  //
+  *ThisVol = NULL;
+  *BufferSize = 0;
+  *Buffer     = NULL;
+  for (Index = 0; Index < NoHandles; Index++) {
+    Status = gBS->HandleProtocol (
+                    HandleBuffer[Index],
+                    &gEfiSimpleFileSystemProtocolGuid,
+                    (VOID **)&Vol
+                    );
+    if (EFI_ERROR(Status)) {
+      continue;
+    }
+
+    Status = ReadFileFromVol (Vol, FileName, &TempBufferSize, &TempBuffer);
+    if (!EFI_ERROR (Status)) {
+      //
+      // Read file OK, check duplication
+      //
+      if (*ThisVol != NULL) {
+        //
+        // Find the duplicated file
+        //
+        gBS->FreePool (TempBuffer);
+        gBS->FreePool (*Buffer);
+        Print (L"Duplicated FileName found!\n");
+        return EFI_NO_MAPPING;
+      } else {
+        //
+        // Record value
+        //
+        *ThisVol = Vol;
+        *BufferSize = TempBufferSize;
+        *Buffer     = TempBuffer;
+      }
+    }
+  }
+
+  //
+  // Scan Fs done
+  //
+  if (*ThisVol == NULL) {
+    return EFI_NOT_FOUND;
+  }
+
+  //
+  // Done
+  //
+  return EFI_SUCCESS;
+}
+
+/**
+  Read a file.
+
+  @param[in]  FileName        The file to be read.
+  @param[out] BufferSize      The file buffer size
+  @param[out] Buffer          The file buffer
+
+  @retval EFI_SUCCESS    Read file successfully
+  @retval EFI_NOT_FOUND  File not found
+**/
+EFI_STATUS
+ReadFileToBuffer (
+  IN  CHAR16                               *FileName,
+  OUT UINTN                                *BufferSize,
+  OUT VOID                                 **Buffer
+  )
+{
+  EFI_SIMPLE_FILE_SYSTEM_PROTOCOL   *Vol;
+  Vol = NULL;
+  return ReadFileToBufferEx(&Vol, FileName, BufferSize, Buffer, FALSE);
+}
+
+/**
+  Write a file.
+
+  @param[in] FileName        The file to be written.
+  @param[in] BufferSize      The file buffer size
+  @param[in] Buffer          The file buffer
+
+  @retval EFI_SUCCESS    Write file successfully
+**/
+EFI_STATUS
+WriteFileFromBuffer (
+  IN  CHAR16                               *FileName,
+  IN  UINTN                                BufferSize,
+  IN  VOID                                 *Buffer
+  )
+{
+  EFI_STATUS                        Status;
+  EFI_FILE_HANDLE                   RootDir;
+  EFI_FILE_HANDLE                   Handle;
+  UINTN                             TempBufferSize;
+  EFI_SIMPLE_FILE_SYSTEM_PROTOCOL   *Vol;
+
+  Vol = GetMyVol();
+
+  //
+  // Open the root directory
+  //
+  Status = Vol->OpenVolume (Vol, &RootDir);
+  if (EFI_ERROR (Status)) {
+    return Status;
+  }
+
+  //
+  // Open the file
+  //
+  Status = RootDir->Open (
+                      RootDir,
+                      &Handle,
+                      FileName,
+                      EFI_FILE_MODE_READ | EFI_FILE_MODE_WRITE| EFI_FILE_MODE_CREATE,
+                      0
+                      );
+  if (EFI_ERROR (Status)) {
+    RootDir->Close (RootDir);
+    return Status;
+  }
+
+  //
+  // Delete file
+  //
+  Status = Handle->Delete(Handle);
+  if (EFI_ERROR(Status)) {
+    return Status;
+  }
+
+  //
+  // Open the file again
+  //
+  Status = RootDir->Open (
+                      RootDir,
+                      &Handle,
+                      FileName,
+                      EFI_FILE_MODE_READ | EFI_FILE_MODE_WRITE| EFI_FILE_MODE_CREATE,
+                      0
+                      );
+  if (EFI_ERROR (Status)) {
+    RootDir->Close (RootDir);
+    return Status;
+  }
+
+  RootDir->Close (RootDir);
+
+  //
+  // Write the file data from the buffer
+  //
+  TempBufferSize = BufferSize;
+  Status = Handle->Write (
+                     Handle,
+                     &TempBufferSize,
+                     Buffer
+                     );
+  if (EFI_ERROR (Status)) {
+    Handle->Close (Handle);
+    return Status;
+  }
+
+  Handle->Close (Handle);
+
+  return EFI_SUCCESS;
+}
+
diff --git a/MdeModulePkg/Application/CapsuleApp/CapsuleApp.c b/MdeModulePkg/Application/CapsuleApp/CapsuleApp.c
new file mode 100644
index 0000000..8f6335d
--- /dev/null
+++ b/MdeModulePkg/Application/CapsuleApp/CapsuleApp.c
@@ -0,0 +1,849 @@
+/** @file
+  A shell application that triggers capsule update process.
+
+  Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
+  This program and the accompanying materials
+  are licensed and made available under the terms and conditions of the BSD License
+  which accompanies this distribution.  The full text of the license may be found at
+  http://opensource.org/licenses/bsd-license.php
+
+  THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+  WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+
+**/
+
+#include <Uefi.h>
+#include <Library/BaseLib.h>
+#include <Library/DebugLib.h>
+#include <Library/BaseMemoryLib.h>
+#include <Library/MemoryAllocationLib.h>
+#include <Library/UefiBootServicesTableLib.h>
+#include <Library/UefiRuntimeServicesTableLib.h>
+#include <Library/UefiLib.h>
+#include <Library/PrintLib.h>
+#include <Protocol/LoadedImage.h>
+#include <Protocol/SimpleFileSystem.h>
+#include <Protocol/GraphicsOutput.h>
+#include <Guid/FileInfo.h>
+#include <Guid/Gpt.h>
+#include <Guid/GlobalVariable.h>
+#include <Guid/CapsuleReport.h>
+#include <Guid/SystemResourceTable.h>
+#include <Guid/FmpCapsule.h>
+#include <IndustryStandard/WindowsUxCapsule.h>
+
+#define CAPSULE_HEADER_SIZE  0x20
+
+#define NESTED_CAPSULE_HEADER_SIZE  SIZE_4KB
+#define SYSTEM_FIRMWARE_FLAG 0x50000
+#define DEVICE_FIRMWARE_FLAG 0x78010
+
+#define EFI_CAPSULE_FROM_FILE_DIR                           L"\\EFI\\UpdateCapsule\\"
+#define EFI_OS_INDICATIONS_FILE_CAPSULE_DELIVERY_SUPPORTED  0x0000000000000004
+
+#define MAJOR_VERSION   1
+#define MINOR_VERSION   0
+
+#define MAX_CAPSULE_NUM 10
+
+extern UINTN  Argc;
+extern CHAR16 **Argv;
+
+//
+// Define how many block descriptors we want to test with.
+//
+UINTN  NumberOfDescriptors = 1;
+UINTN  CapsuleFirstIndex;
+UINTN  CapsuleLastIndex;
+
+/**
+  Dump capsule information
+
+  @param[in] CapsuleName  The name of the capsule image.
+
+  @retval EFI_SUCCESS            The capsule information is dumped.
+  @retval EFI_UNSUPPORTED        Input parameter is not valid.
+**/
+EFI_STATUS
+DumpCapsule (
+  IN CHAR16                                        *CapsuleName
+  );
+
+/**
+  Dump capsule status variable.
+
+  @retval EFI_SUCCESS            The capsule status variable is dumped.
+  @retval EFI_UNSUPPORTED        Input parameter is not valid.
+**/
+EFI_STATUS
+DmpCapsuleStatusVariable (
+  VOID
+  );
+
+/**
+  Dump FMP protocol info.
+**/
+VOID
+DumpFmpData (
+  VOID
+  );
+
+/**
+  Dump ESRT info.
+**/
+VOID
+DumpEsrtData (
+  VOID
+  );
+
+/**
+  Read a file.
+
+  @param[in]  FileName        The file to be read.
+  @param[out] BufferSize      The file buffer size
+  @param[out] Buffer          The file buffer
+
+  @retval EFI_SUCCESS    Read file successfully
+  @retval EFI_NOT_FOUND  File not found
+**/
+EFI_STATUS
+ReadFileToBuffer (
+  IN  CHAR16                               *FileName,
+  OUT UINTN                                *BufferSize,
+  OUT VOID                                 **Buffer
+  );
+
+/**
+  Write a file.
+
+  @param[in] FileName        The file to be written.
+  @param[in] BufferSize      The file buffer size
+  @param[in] Buffer          The file buffer
+
+  @retval EFI_SUCCESS    Write file successfully
+**/
+EFI_STATUS
+WriteFileFromBuffer (
+  IN  CHAR16                               *FileName,
+  IN  UINTN                                BufferSize,
+  IN  VOID                                 *Buffer
+  );
+
+/**
+
+  This function parse application ARG.
+
+  @return Status
+**/
+EFI_STATUS
+GetArg (
+  VOID
+  );
+
+/**
+  Create UX capsule.
+
+  @retval EFI_SUCCESS            The capsule header is appended.
+  @retval EFI_UNSUPPORTED        Input parameter is not valid.
+  @retval EFI_OUT_OF_RESOURCES   No enough resource to create UX capsule.
+**/
+EFI_STATUS
+CreateBmpFmp (
+  VOID
+  )
+{
+  CHAR16                                        *OutputCapsuleName;
+  VOID                                          *BmpBuffer;
+  UINTN                                         FileSize;
+  CHAR16                                        *BmpName;
+  UINT8                                         *FullCapsuleBuffer;
+  UINTN                                         FullCapsuleBufferSize;
+  EFI_DISPLAY_CAPSULE                           *DisplayCapsule;
+  EFI_STATUS                                    Status;
+  EFI_GRAPHICS_OUTPUT_PROTOCOL                  *Gop;
+
+  Status = gBS->LocateProtocol(&gEfiGraphicsOutputProtocolGuid, NULL, (VOID **)&Gop);
+  if (EFI_ERROR(Status)) {
+    Print(L"CapsuleApp: NO GOP is found.\n");
+    return EFI_UNSUPPORTED;
+  }
+  Print(L"Current GOP: Mode - %d, ", Gop->Mode->Mode);
+  Print(L"HorizontalResolution - %d, ", Gop->Mode->Info->HorizontalResolution);
+  Print(L"VerticalResolution - %d\n", Gop->Mode->Info->VerticalResolution);
+  // HorizontalResolution >= BMP_IMAGE_HEADER.PixelWidth
+  // VerticalResolution   >= BMP_IMAGE_HEADER.PixelHeight
+
+  if (Argc != 5) {
+    Print(L"CapsuleApp: Invalid Parameter.\n");
+    return EFI_UNSUPPORTED;
+  }
+
+  if (StrCmp(Argv[3], L"-O") != 0) {
+    Print(L"CapsuleApp: NO output capsule name.\n");
+    return EFI_UNSUPPORTED;
+  }
+  OutputCapsuleName = Argv[4];
+
+  BmpBuffer = NULL;
+  FileSize = 0;
+  FullCapsuleBuffer = NULL;
+
+  BmpName = Argv[2];
+  Status = ReadFileToBuffer(BmpName, &FileSize, &BmpBuffer);
+  if (EFI_ERROR(Status)) {
+    Print(L"CapsuleApp: BMP image (%s) is not found.\n", BmpName);
+    goto Done;
+  }
+
+  FullCapsuleBufferSize = sizeof(EFI_DISPLAY_CAPSULE) + FileSize;
+  FullCapsuleBuffer = AllocatePool(FullCapsuleBufferSize);
+  if (FullCapsuleBuffer == NULL) {
+    Print(L"CapsuleApp: Capsule Buffer size (0x%x) too big.\n", FullCapsuleBufferSize);
+    Status = EFI_OUT_OF_RESOURCES;
+    goto Done;
+  }
+
+  DisplayCapsule = (EFI_DISPLAY_CAPSULE *)FullCapsuleBuffer;
+  CopyGuid(&DisplayCapsule->CapsuleHeader.CapsuleGuid, &gWindowsUxCapsuleGuid);
+  DisplayCapsule->CapsuleHeader.HeaderSize = sizeof(DisplayCapsule->CapsuleHeader);
+  DisplayCapsule->CapsuleHeader.Flags = CAPSULE_FLAGS_PERSIST_ACROSS_RESET;
+  DisplayCapsule->CapsuleHeader.CapsuleImageSize = (UINT32)FullCapsuleBufferSize;
+
+  DisplayCapsule->ImagePayload.Version = 1;
+  DisplayCapsule->ImagePayload.Checksum = 0;
+  DisplayCapsule->ImagePayload.ImageType = 0; // BMP
+  DisplayCapsule->ImagePayload.Reserved = 0;
+  DisplayCapsule->ImagePayload.Mode = Gop->Mode->Mode;
+  DisplayCapsule->ImagePayload.OffsetX = 0;
+  DisplayCapsule->ImagePayload.OffsetY = 0;
+
+  CopyMem((DisplayCapsule + 1), BmpBuffer, FileSize);
+
+  DisplayCapsule->ImagePayload.Checksum = CalculateCheckSum8(FullCapsuleBuffer, FullCapsuleBufferSize);
+
+  Status = WriteFileFromBuffer(OutputCapsuleName, FullCapsuleBufferSize, FullCapsuleBuffer);
+  Print(L"CapsuleApp: Write %s %r\n", OutputCapsuleName, Status);
+
+Done:
+  if (BmpBuffer != NULL) {
+    FreePool(BmpBuffer);
+  }
+
+  if (FullCapsuleBuffer != NULL) {
+    FreePool(FullCapsuleBuffer);
+  }
+
+  return Status;
+}
+
+/**
+  Get ImageTypeId in the FMP capsule header.
+
+  @param[in] CapsuleHeader  The FMP capsule image header.
+
+  @return ImageTypeId
+**/
+EFI_GUID *
+GetCapsuleImageTypeId (
+  IN EFI_CAPSULE_HEADER                            *CapsuleHeader
+  )
+{
+  EFI_FIRMWARE_MANAGEMENT_CAPSULE_HEADER       *FmpCapsuleHeader;
+  UINT64                                       *ItemOffsetList;
+  EFI_FIRMWARE_MANAGEMENT_CAPSULE_IMAGE_HEADER *ImageHeader;
+
+  FmpCapsuleHeader = (EFI_FIRMWARE_MANAGEMENT_CAPSULE_HEADER *)((UINT8 *)CapsuleHeader + CapsuleHeader->HeaderSize);
+  ItemOffsetList = (UINT64 *)(FmpCapsuleHeader + 1);
+  if (FmpCapsuleHeader->PayloadItemCount == 0) {
+    return NULL;
+  }
+  ImageHeader = (EFI_FIRMWARE_MANAGEMENT_CAPSULE_IMAGE_HEADER *)((UINT8 *)FmpCapsuleHeader + ItemOffsetList[FmpCapsuleHeader->EmbeddedDriverCount]);
+  return &ImageHeader->UpdateImageTypeId;
+}
+
+/**
+  Get ESRT FwType according to ImageTypeId
+
+  @param[in]  ImageTypeId   ImageTypeId of an FMP capsule.
+
+  @return ESRT FwType
+**/
+UINT32
+GetEsrtFwType (
+  IN  EFI_GUID                                      *ImageTypeId
+  )
+{
+  EFI_STATUS                 Status;
+  EFI_SYSTEM_RESOURCE_TABLE  *Esrt;
+  EFI_SYSTEM_RESOURCE_ENTRY  *EsrtEntry;
+  UINTN                      Index;
+
+  //
+  // Check ESRT
+  //
+  Status = EfiGetSystemConfigurationTable(&gEfiSystemResourceTableGuid, (VOID **)&Esrt);
+  if (!EFI_ERROR(Status)) {
+    EsrtEntry = (VOID *)(Esrt + 1);
+    for (Index = 0; Index < Esrt->FwResourceCount; Index++, EsrtEntry++) {
+      if (CompareGuid(&EsrtEntry->FwClass, ImageTypeId)) {
+        return EsrtEntry->FwType;
+      }
+    }
+  }
+
+  return ESRT_FW_TYPE_UNKNOWN;
+}
+
+/**
+  Append a capsule header on top of current image.
+  This function follows Windows UEFI Firmware Update Platform document.
+
+  @retval EFI_SUCCESS            The capsule header is appended.
+  @retval EFI_UNSUPPORTED        Input parameter is not valid.
+  @retval EFI_OUT_OF_RESOURCES   No enough resource to append capsule header.
+**/
+EFI_STATUS
+CreateNestedFmp (
+  VOID
+  )
+{
+  CHAR16                                        *OutputCapsuleName;
+  VOID                                          *CapsuleBuffer;
+  UINTN                                         FileSize;
+  CHAR16                                        *CapsuleName;
+  UINT8                                         *FullCapsuleBuffer;
+  UINTN                                         FullCapsuleBufferSize;
+  EFI_CAPSULE_HEADER                            *NestedCapsuleHeader;
+  EFI_GUID                                      *ImageTypeId;
+  UINT32                                        FwType;
+  EFI_STATUS                                    Status;
+
+  if (Argc != 5) {
+    Print(L"CapsuleApp: Invalid Parameter.\n");
+    return EFI_UNSUPPORTED;
+  }
+
+  if (StrCmp(Argv[3], L"-O") != 0) {
+    Print(L"CapsuleApp: NO output capsule name.\n");
+    return EFI_UNSUPPORTED;
+  }
+  OutputCapsuleName = Argv[4];
+
+  CapsuleBuffer = NULL;
+  FileSize = 0;
+  FullCapsuleBuffer = NULL;
+
+  CapsuleName = Argv[2];
+  Status = ReadFileToBuffer(CapsuleName, &FileSize, &CapsuleBuffer);
+  if (EFI_ERROR(Status)) {
+    Print(L"CapsuleApp: Capsule image (%s) is not found.\n", CapsuleName);
+    goto Done;
+  }
+
+  ImageTypeId = GetCapsuleImageTypeId(CapsuleBuffer);
+  if (ImageTypeId == NULL) {
+    Print(L"CapsuleApp: Capsule ImageTypeId is not found.\n");
+    goto Done;
+  }
+  FwType = GetEsrtFwType(ImageTypeId);
+  if ((FwType != ESRT_FW_TYPE_SYSTEMFIRMWARE) && (FwType != ESRT_FW_TYPE_DEVICEFIRMWARE)) {
+    Print(L"CapsuleApp: Capsule FwType is invalid.\n");
+    goto Done;
+  }
+
+  FullCapsuleBufferSize = NESTED_CAPSULE_HEADER_SIZE + FileSize;
+  FullCapsuleBuffer = AllocatePool(FullCapsuleBufferSize);
+  if (FullCapsuleBuffer == NULL) {
+    Print(L"CapsuleApp: Capsule Buffer size (0x%x) too big.\n", FullCapsuleBufferSize);
+    Status = EFI_OUT_OF_RESOURCES;
+    goto Done;
+  }
+
+  NestedCapsuleHeader = (EFI_CAPSULE_HEADER *)FullCapsuleBuffer;
+  ZeroMem(NestedCapsuleHeader, NESTED_CAPSULE_HEADER_SIZE);
+  CopyGuid(&NestedCapsuleHeader->CapsuleGuid, ImageTypeId);
+  NestedCapsuleHeader->HeaderSize = NESTED_CAPSULE_HEADER_SIZE;
+  NestedCapsuleHeader->Flags = (FwType == ESRT_FW_TYPE_DEVICEFIRMWARE) ? SYSTEM_FIRMWARE_FLAG : DEVICE_FIRMWARE_FLAG;
+  NestedCapsuleHeader->CapsuleImageSize = (UINT32)FullCapsuleBufferSize;
+
+  CopyMem((UINT8 *)NestedCapsuleHeader + NestedCapsuleHeader->HeaderSize, CapsuleBuffer, FileSize);
+
+  Status = WriteFileFromBuffer(OutputCapsuleName, FullCapsuleBufferSize, FullCapsuleBuffer);
+  Print(L"CapsuleApp: Write %s %r\n", OutputCapsuleName, Status);
+
+Done:
+  if (CapsuleBuffer != NULL) {
+    FreePool(CapsuleBuffer);
+  }
+
+  if (FullCapsuleBuffer != NULL) {
+    FreePool(FullCapsuleBuffer);
+  }
+
+  return Status;
+}
+
+
+/**
+  Clear capsule status variable.
+
+  @retval EFI_SUCCESS            The capsule status variable is cleared.
+**/
+EFI_STATUS
+ClearCapsuleStatusVariable (
+  VOID
+  )
+{
+  EFI_STATUS                          Status;
+  UINT32                              Index;
+  CHAR16                              CapsuleVarName[20];
+  CHAR16                              *TempVarName;
+
+  StrCpyS (CapsuleVarName, sizeof(CapsuleVarName)/sizeof(CapsuleVarName[0]), L"Capsule");
+  TempVarName = CapsuleVarName + StrLen (CapsuleVarName);
+  Index = 0;
+
+  while (TRUE) {
+    UnicodeSPrint (TempVarName, 5 * sizeof(CHAR16), L"%04x", Index);
+
+    Status = gRT->SetVariable (
+                    CapsuleVarName,
+                    &gEfiCapsuleReportGuid,
+                    EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS,
+                    0,
+                    (VOID *)NULL
+                    );
+    if (EFI_ERROR(Status)) {
+      //
+      // There is no capsule variables, quit
+      //
+      break;
+    }
+
+    Index++;
+    if (Index > 0xFFFF) {
+      break;
+    }
+  }
+
+  return EFI_SUCCESS;
+}
+
+/**
+  Build Gather list for a list of capsule images.
+
+  @param[in]  CapsuleBuffer    An array of pointer to capsule images
+  @param[in]  FileSize         An array of UINTN to capsule images size
+  @param[in]  CapsuleNum       The count of capsule images
+  @param[out] BlockDescriptors The block descriptors for the capsule images
+
+  @retval EFI_SUCCESS The block descriptors for the capsule images are constructed.
+**/
+EFI_STATUS
+BuildGatherList (
+  IN VOID                          **CapsuleBuffer,
+  IN UINTN                         *FileSize,
+  IN UINTN                         CapsuleNum,
+  OUT EFI_CAPSULE_BLOCK_DESCRIPTOR **BlockDescriptors
+  )
+{
+  EFI_STATUS                    Status;
+  EFI_CAPSULE_BLOCK_DESCRIPTOR  *BlockDescriptors1;
+  EFI_CAPSULE_BLOCK_DESCRIPTOR  *BlockDescriptors2;
+  EFI_CAPSULE_BLOCK_DESCRIPTOR  *BlockDescriptorPre;
+  EFI_CAPSULE_BLOCK_DESCRIPTOR  *BlockDescriptorsHeader;
+  EFI_CAPSULE_BLOCK_DESCRIPTOR  *TempBlockPtr;
+  UINT8                         *TempDataPtr;
+  UINTN                         SizeLeft;
+  UINTN                         Size;
+  INT32                         Count;
+  INT32                         Number;
+  UINTN                         Index;
+
+  TempBlockPtr           = NULL;
+  BlockDescriptors1      = NULL;
+  BlockDescriptors2      = NULL;
+  BlockDescriptorPre     = NULL;
+  BlockDescriptorsHeader = NULL;
+
+  for (Index = 0; Index < CapsuleNum; Index++) {
+    //
+    // Allocate memory for the descriptors.
+    //
+    if (NumberOfDescriptors == 1) {
+      Count = 2;
+    } else {
+      Count = (INT32)(NumberOfDescriptors + 2) / 2;
+    }
+
+    Size               = Count * sizeof (EFI_CAPSULE_BLOCK_DESCRIPTOR);
+    BlockDescriptors1  = AllocateRuntimeZeroPool (Size);
+    if (BlockDescriptors1 == NULL) {
+      Print (L"CapsuleApp: failed to allocate memory for descriptors\n");
+      Status = EFI_OUT_OF_RESOURCES;
+      goto ERREXIT;
+    } else {
+      Print (L"CapsuleApp: creating capsule descriptors at 0x%X\n", (UINTN) BlockDescriptors1);
+      Print (L"CapsuleApp: capsule data starts          at 0x%X with size 0x%X\n", (UINTN) CapsuleBuffer, FileSize);
+    }
+
+    //
+    // Record descirptor header
+    //
+    if (Index == 0) {
+      BlockDescriptorsHeader = BlockDescriptors1;
+    }
+
+    if (BlockDescriptorPre != NULL) {
+      BlockDescriptorPre->Union.ContinuationPointer = (UINTN) BlockDescriptors1;
+      BlockDescriptorPre->Length = 0;
+    }
+
+    //
+    // Fill them in
+    //
+    TempBlockPtr  = BlockDescriptors1;
+    TempDataPtr   = CapsuleBuffer[Index];
+    SizeLeft      = FileSize[Index];
+    for (Number = 0; (Number < Count - 1) && (SizeLeft != 0); Number++) {
+      //
+      // Divide remaining data in half
+      //
+      if (NumberOfDescriptors != 1) {
+        if (SizeLeft == 1) {
+          Size = 1;
+        } else {
+          Size = SizeLeft / 2;
+        }
+      } else {
+        Size = SizeLeft;
+      }
+      TempBlockPtr->Union.DataBlock    = (UINTN)TempDataPtr;
+      TempBlockPtr->Length  = Size;
+      Print (L"CapsuleApp: capsule block/size              0x%X/0x%X\n", (UINTN) TempDataPtr, Size);
+      SizeLeft -= Size;
+      TempDataPtr += Size;
+      TempBlockPtr++;
+    }
+
+    //
+    // Allocate the second list, point the first block's last entry to point
+    // to this one, and fill this one in. Worst case is that the previous
+    // list only had one element that pointed here, so we need at least two
+    // elements -- one to point to all the data, another to terminate the list.
+    //
+    if ((NumberOfDescriptors != 1) && (SizeLeft != 0)) {
+      Count = (INT32)(NumberOfDescriptors + 2) - Count;
+      if (Count == 1) {
+        Count++;
+      }
+
+      Size              = Count * sizeof (EFI_CAPSULE_BLOCK_DESCRIPTOR);
+      BlockDescriptors2 = AllocateRuntimeZeroPool (Size);
+      if (BlockDescriptors2 == NULL) {
+        Print (L"CapsuleApp: failed to allocate memory for descriptors\n");
+        Status = EFI_OUT_OF_RESOURCES;
+        goto ERREXIT;
+      }
+
+      //
+      // Point the first list's last element to point to this second list.
+      //
+      TempBlockPtr->Union.ContinuationPointer   = (UINTN) BlockDescriptors2;
+
+      TempBlockPtr->Length  = 0;
+      TempBlockPtr = BlockDescriptors2;
+      for (Number = 0; Number < Count - 1; Number++) {
+        //
+        // If second-to-last one, then dump rest to this element
+        //
+        if (Number == (Count - 2)) {
+          Size = SizeLeft;
+        } else {
+          //
+          // Divide remaining data in half
+          //
+          if (SizeLeft == 1) {
+            Size = 1;
+          } else {
+            Size = SizeLeft / 2;
+          }
+        }
+
+        TempBlockPtr->Union.DataBlock    = (UINTN)TempDataPtr;
+        TempBlockPtr->Length  = Size;
+        Print (L"CapsuleApp: capsule block/size              0x%X/0x%X\n", (UINTN) TempDataPtr, Size);
+        SizeLeft -= Size;
+        TempDataPtr += Size;
+        TempBlockPtr++;
+        if (SizeLeft == 0) {
+          break;
+        }
+      }
+    }
+
+    BlockDescriptorPre = TempBlockPtr;
+    BlockDescriptors1  = NULL;
+  }
+
+  //
+  // Null-terminate.
+  //
+  if (TempBlockPtr != NULL) {
+    TempBlockPtr->Union.ContinuationPointer    = (UINTN)NULL;
+    TempBlockPtr->Length  = 0;
+    *BlockDescriptors = BlockDescriptorsHeader;
+  }
+
+  return EFI_SUCCESS;
+
+ERREXIT:
+  if (BlockDescriptors1 != NULL) {
+    FreePool(BlockDescriptors1);
+  }
+
+  if (BlockDescriptors2 != NULL) {
+    FreePool(BlockDescriptors2);
+  }
+
+  return Status;
+}
+
+/**
+  Clear the Gather list for a list of capsule images.
+
+  @param[in]  BlockDescriptors The block descriptors for the capsule images
+  @param[in]  CapsuleNum       The count of capsule images
+**/
+VOID
+CleanGatherList (
+  IN EFI_CAPSULE_BLOCK_DESCRIPTOR   *BlockDescriptors,
+  IN UINTN                          CapsuleNum
+  )
+{
+  EFI_CAPSULE_BLOCK_DESCRIPTOR   *TempBlockPtr;
+  EFI_CAPSULE_BLOCK_DESCRIPTOR   *TempBlockPtr1;
+  EFI_CAPSULE_BLOCK_DESCRIPTOR   *TempBlockPtr2;
+  UINTN                          Index;
+
+  if (BlockDescriptors != NULL) {
+    TempBlockPtr1 = BlockDescriptors;
+    while (1){
+      TempBlockPtr = TempBlockPtr1;
+      for (Index = 0; Index < CapsuleNum; Index++) {
+        if (TempBlockPtr[Index].Length == 0) {
+          break;
+        }
+      }
+
+      if (TempBlockPtr[Index].Union.ContinuationPointer == (UINTN)NULL) {
+        break;
+      }
+
+      TempBlockPtr2 = (VOID *) ((UINTN) TempBlockPtr->Union.ContinuationPointer);
+      FreePool(TempBlockPtr1);
+      TempBlockPtr1 = TempBlockPtr2;
+    }
+  }
+}
+
+/**
+  Print APP usage.
+**/
+VOID
+PrintUsage (
+  VOID
+  )
+{
+  Print(L"CapsuleApp:  usage\n");
+  Print(L"  CapsuleApp <Capsule...>\n");
+  Print(L"  CapsuleApp -S\n");
+  Print(L"  CapsuleApp -C\n");
+  Print(L"  CapsuleApp -P\n");
+  Print(L"  CapsuleApp -E\n");
+  Print(L"  CapsuleApp -G <BMP> -O <Capsule>\n");
+  Print(L"  CapsuleApp -N <Capsule> -O <NestedCapsule>\n");
+  Print(L"  CapsuleApp -D <Capsule>\n");
+  Print(L"Parameter:\n");
+  Print(L"  -S:  Dump capsule report variable (EFI_CAPSULE_REPORT_GUID),\n");
+  Print(L"       which is defined in UEFI specification.\n");
+  Print(L"  -C:  Clear capsule report variable (EFI_CAPSULE_RPORT_GUID),\n");
+  Print(L"       which is defined in UEFI specification.\n");
+  Print(L"  -P:  Dump UEFI FMP protocol info.\n");
+  Print(L"  -E:  Dump UEFI ESRT table info.\n");
+  Print(L"  -G:  Convert a BMP file to be a UX capsule,\n");
+  Print(L"       according to Windows Firmware Update document\n");
+  Print(L"  -N:  Append a Capsule Header to an existing capsule image,\n");
+  Print(L"       according to Windows Firmware Update document\n");
+  Print(L"  -O:  Output new Capsule file name\n");
+  Print(L"  -D:  Dump Capsule image header information and FMP header information,\n");
+  Print(L"       if it is an FMP capsule.\n");
+}
+
+/**
+  Update Capsule image.
+
+  @param[in]  ImageHandle     The image handle.
+  @param[in]  SystemTable     The system table.
+
+  @retval EFI_SUCCESS            Command completed successfully.
+  @retval EFI_INVALID_PARAMETER  Command usage error.
+  @retval EFI_NOT_FOUND          The input file can't be found.
+**/
+EFI_STATUS
+EFIAPI
+UefiMain (
+  IN EFI_HANDLE        ImageHandle,
+  IN EFI_SYSTEM_TABLE  *SystemTable
+  )
+{
+  EFI_STATUS                    Status;
+  UINTN                         FileSize[MAX_CAPSULE_NUM];
+  VOID                          *CapsuleBuffer[MAX_CAPSULE_NUM];
+  EFI_CAPSULE_BLOCK_DESCRIPTOR  *BlockDescriptors;
+  EFI_CAPSULE_HEADER             *CapsuleHeaderArray[MAX_CAPSULE_NUM + 1];
+  UINT64                         MaxCapsuleSize;
+  EFI_RESET_TYPE                 ResetType;
+  BOOLEAN                        NeedReset;
+  CHAR16                         *CapsuleName;
+  UINTN                          CapsuleNum;
+  UINTN                          Index;
+
+  Status = GetArg();
+  if (EFI_ERROR(Status)) {
+    Print(L"Please use UEFI SHELL to run this application!\n", Status);
+    return Status;
+  }
+  if (Argc < 2) {
+    PrintUsage();
+    return EFI_INVALID_PARAMETER;
+  }
+  if (StrCmp(Argv[1], L"-D") == 0) {
+    Status = DumpCapsule(Argv[2]);
+    return Status;
+  }
+  if (StrCmp(Argv[1], L"-G") == 0) {
+    Status = CreateBmpFmp();
+    return Status;
+  }
+  if (StrCmp(Argv[1], L"-N") == 0) {
+    Status = CreateNestedFmp();
+    return Status;
+  }
+  if (StrCmp(Argv[1], L"-S") == 0) {
+    Status = DmpCapsuleStatusVariable();
+    return EFI_SUCCESS;
+  }
+  if (StrCmp(Argv[1], L"-C") == 0) {
+    Status = ClearCapsuleStatusVariable();
+    return Status;
+  }
+  if (StrCmp(Argv[1], L"-P") == 0) {
+    DumpFmpData();
+    return EFI_SUCCESS;
+  }
+  if (StrCmp(Argv[1], L"-E") == 0) {
+    DumpEsrtData();
+    return EFI_SUCCESS;
+  }
+  CapsuleFirstIndex = 1;
+  CapsuleLastIndex = Argc - 1;
+  CapsuleNum = CapsuleLastIndex - CapsuleFirstIndex + 1;
+
+  if (CapsuleFirstIndex > CapsuleLastIndex) {
+    Print(L"CapsuleApp: NO capsule image.\n");
+    return EFI_UNSUPPORTED;
+  }
+  if (CapsuleNum > MAX_CAPSULE_NUM) {
+    Print(L"CapsuleApp: Too many capsule images.\n");
+    return EFI_UNSUPPORTED;
+  }
+
+  ZeroMem(&CapsuleBuffer, sizeof(CapsuleBuffer));
+  ZeroMem(&FileSize, sizeof(FileSize));
+  BlockDescriptors = NULL;
+
+  for (Index = 0; Index < CapsuleNum; Index++) {
+    CapsuleName = Argv[CapsuleFirstIndex + Index];
+    Status = ReadFileToBuffer(CapsuleName, &FileSize[Index], &CapsuleBuffer[Index]);
+    if (EFI_ERROR(Status)) {
+      Print(L"CapsuleApp: capsule image (%s) is not found.\n", CapsuleName);
+      goto Done;
+    }
+  }
+
+  //
+  // Every capsule use 2 descriptor 1 for data 1 for end
+  //
+  Status = BuildGatherList(CapsuleBuffer, FileSize, CapsuleNum, &BlockDescriptors);
+  if (EFI_ERROR(Status)) {
+    goto Done;
+  }
+
+  //
+  // Call the runtime service capsule.
+  //
+  NeedReset = FALSE;
+  for (Index = 0; Index < CapsuleNum; Index++) {
+    CapsuleHeaderArray[Index] = (EFI_CAPSULE_HEADER *) CapsuleBuffer[Index];
+    if ((CapsuleHeaderArray[Index]->Flags & CAPSULE_FLAGS_PERSIST_ACROSS_RESET) != 0) {
+      NeedReset = TRUE;
+    }
+  }
+  CapsuleHeaderArray[CapsuleNum] = NULL;
+
+  //
+  // Inquire platform capability of UpdateCapsule.
+  //
+  Status = gRT->QueryCapsuleCapabilities (CapsuleHeaderArray, CapsuleNum, &MaxCapsuleSize, &ResetType);
+  if (EFI_ERROR(Status)) {
+    Print (L"CapsuleApp: failed to query capsule capability - %r\n", Status);
+    goto Done;
+  }
+
+  for (Index = 0; Index < CapsuleNum; Index++) {
+    if (FileSize[Index] > MaxCapsuleSize) {
+      Print (L"CapsuleApp: capsule is too large to update, %ld is allowed\n", MaxCapsuleSize);
+      Status = EFI_UNSUPPORTED;
+      goto Done;
+    }
+  }
+
+  //
+  // Check whether the input capsule image has the flag of persist across system reset.
+  //
+  if (NeedReset) {
+    Status = gRT->UpdateCapsule(CapsuleHeaderArray,CapsuleNum,(UINTN) BlockDescriptors);
+    if (Status != EFI_SUCCESS) {
+      Print (L"CapsuleApp: failed to update capsule - %r\n", Status);
+      goto Done;
+    }
+    //
+    // For capsule who has reset flag, after calling UpdateCapsule service,triger a
+    // system reset to process capsule persist across a system reset.
+    //
+    gRT->ResetSystem (ResetType, EFI_SUCCESS, 0, NULL);
+  } else {
+    //
+    // For capsule who has no reset flag, only call UpdateCapsule Service without a
+    // system reset. The service will process the capsule immediately.
+    //
+    Status = gRT->UpdateCapsule (CapsuleHeaderArray,CapsuleNum,(UINTN) BlockDescriptors);
+    if (Status != EFI_SUCCESS) {
+      Print (L"CapsuleApp: failed to update capsule - %r\n", Status);
+    }
+  }
+
+  Status = EFI_SUCCESS;
+
+Done:
+  for (Index = 0; Index < CapsuleNum; Index++) {
+    if (CapsuleBuffer[Index] != NULL) {
+      FreePool (CapsuleBuffer[Index]);
+    }
+  }
+
+  CleanGatherList(BlockDescriptors, CapsuleNum);
+
+  return Status;
+}
diff --git a/MdeModulePkg/Application/CapsuleApp/CapsuleApp.inf b/MdeModulePkg/Application/CapsuleApp/CapsuleApp.inf
new file mode 100644
index 0000000..2084e5f
--- /dev/null
+++ b/MdeModulePkg/Application/CapsuleApp/CapsuleApp.inf
@@ -0,0 +1,71 @@
+##  @file
+#  A shell application that triggers capsule update process.
+#
+# This application can trigger capsule update process. It can also
+# generate capsule image, or dump capsule variable information.
+#
+#  Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
+#  This program and the accompanying materials
+#  are licensed and made available under the terms and conditions of the BSD License
+#  which accompanies this distribution.  The full text of the license may be found at
+#  http://opensource.org/licenses/bsd-license.php
+#
+#  THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+#  WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+#
+##
+
+[Defines]
+  INF_VERSION                    = 0x00010006
+  BASE_NAME                      = CapsuleApp
+  MODULE_UNI_FILE                = CapsuleApp.uni
+  FILE_GUID                      = 4CEF31DA-8682-4274-9CC4-AEE7516A5E7B
+  MODULE_TYPE                    = UEFI_APPLICATION
+  VERSION_STRING                 = 1.0
+  ENTRY_POINT                    = UefiMain
+
+#
+# The following information is for reference only and not required by the build tools.
+#
+#  VALID_ARCHITECTURES           = IA32 X64
+#
+
+[Sources]
+  CapsuleApp.c
+  CapsuleDump.c
+  AppSupport.c
+
+[Packages]
+  MdePkg/MdePkg.dec
+  MdeModulePkg/MdeModulePkg.dec
+
+[Guids]
+  gEfiFileInfoGuid
+  gEfiPartTypeSystemPartGuid
+  gEfiGlobalVariableGuid
+  gEfiCapsuleReportGuid
+  gEfiFmpCapsuleGuid
+  gWindowsUxCapsuleGuid
+  gEfiCertTypeRsa2048Sha256Guid
+  gEfiCertPkcs7Guid
+  gEfiSystemResourceTableGuid
+
+[Protocols]
+  gEfiLoadedImageProtocolGuid
+  gEfiSimpleFileSystemProtocolGuid
+  gEfiGraphicsOutputProtocolGuid
+  gEfiFirmwareManagementProtocolGuid
+  gEfiShellParametersProtocolGuid
+
+[LibraryClasses]
+  BaseLib
+  UefiApplicationEntryPoint
+  DebugLib
+  MemoryAllocationLib
+  UefiBootServicesTableLib
+  UefiRuntimeServicesTableLib
+  UefiLib
+  PrintLib
+
+[UserExtensions.TianoCore."ExtraFiles"]
+  CapsuleAppExtra.uni
diff --git a/MdeModulePkg/Application/CapsuleApp/CapsuleApp.uni b/MdeModulePkg/Application/CapsuleApp/CapsuleApp.uni
new file mode 100644
index 0000000..54d6e12
--- /dev/null
+++ b/MdeModulePkg/Application/CapsuleApp/CapsuleApp.uni
@@ -0,0 +1,22 @@
+// /** @file
+// A shell application that triggers capsule update process.
+//
+// This application can trigger capsule update process. It can also
+// generate capsule image, or dump capsule variable information.
+//
+// Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
+//
+// This program and the accompanying materials
+// are licensed and made available under the terms and conditions of the BSD License
+// which accompanies this distribution. The full text of the license may be found at
+// http://opensource.org/licenses/bsd-license.php
+// THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+// WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+//
+// **/
+
+
+#string STR_MODULE_ABSTRACT             #language en-US "A shell application that triggers capsule update process."
+
+#string STR_MODULE_DESCRIPTION          #language en-US "This application can trigger capsule update process. It can also generate capsule image, or dump capsule variable information."
+
diff --git a/MdeModulePkg/Application/CapsuleApp/CapsuleAppExtra.uni b/MdeModulePkg/Application/CapsuleApp/CapsuleAppExtra.uni
new file mode 100644
index 0000000..b5a8840
--- /dev/null
+++ b/MdeModulePkg/Application/CapsuleApp/CapsuleAppExtra.uni
@@ -0,0 +1,19 @@
+// /** @file
+// CapsuleApp Localized Strings and Content
+//
+// Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
+//
+// This program and the accompanying materials
+// are licensed and made available under the terms and conditions of the BSD License
+// which accompanies this distribution. The full text of the license may be found at
+// http://opensource.org/licenses/bsd-license.php
+// THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+// WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+//
+// **/
+
+#string STR_PROPERTIES_MODULE_NAME
+#language en-US
+"Capsule Application"
+
+
diff --git a/MdeModulePkg/Application/CapsuleApp/CapsuleDump.c b/MdeModulePkg/Application/CapsuleApp/CapsuleDump.c
new file mode 100644
index 0000000..a690071
--- /dev/null
+++ b/MdeModulePkg/Application/CapsuleApp/CapsuleDump.c
@@ -0,0 +1,732 @@
+/** @file
+  Dump Capsule image information.
+
+  Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
+  This program and the accompanying materials
+  are licensed and made available under the terms and conditions of the BSD License
+  which accompanies this distribution.  The full text of the license may be found at
+  http://opensource.org/licenses/bsd-license.php
+
+  THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+  WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+
+**/
+
+#include <PiDxe.h>
+#include <Library/BaseLib.h>
+#include <Library/DebugLib.h>
+#include <Library/BaseMemoryLib.h>
+#include <Library/MemoryAllocationLib.h>
+#include <Library/UefiBootServicesTableLib.h>
+#include <Library/UefiRuntimeServicesTableLib.h>
+#include <Library/UefiLib.h>
+#include <Library/PrintLib.h>
+#include <Protocol/FirmwareManagement.h>
+#include <Guid/ImageAuthentication.h>
+#include <Guid/CapsuleReport.h>
+#include <Guid/SystemResourceTable.h>
+#include <Guid/FmpCapsule.h>
+#include <IndustryStandard/WindowsUxCapsule.h>
+
+/**
+  Read a file.
+
+  @param[in] FileName        The file to be read.
+  @param[in] BufferSize      The file buffer size
+  @param[in] Buffer          The file buffer
+
+  @retval EFI_SUCCESS    Read file successfully
+  @retval EFI_NOT_FOUND  File not found
+**/
+EFI_STATUS
+ReadFileToBuffer (
+  IN  CHAR16                               *FileName,
+  OUT UINTN                                *BufferSize,
+  OUT VOID                                 **Buffer
+  );
+
+/**
+  Dump UX capsule information.
+
+  @param[in] CapsuleHeader      The UX capsule header
+**/
+VOID
+DumpUxCapsule (
+  IN EFI_CAPSULE_HEADER  *CapsuleHeader
+  )
+{
+  EFI_DISPLAY_CAPSULE                           *DisplayCapsule;
+  DisplayCapsule = (EFI_DISPLAY_CAPSULE *)CapsuleHeader;
+  Print(L"[UxCapusule]\n");
+  Print(L"CapsuleHeader:\n");
+  Print(L"  CapsuleGuid      - %g\n", &DisplayCapsule->CapsuleHeader.CapsuleGuid);
+  Print(L"  HeaderSize       - 0x%x\n", DisplayCapsule->CapsuleHeader.HeaderSize);
+  Print(L"  Flags            - 0x%x\n", DisplayCapsule->CapsuleHeader.Flags);
+  Print(L"  CapsuleImageSize - 0x%x\n", DisplayCapsule->CapsuleHeader.CapsuleImageSize);
+  Print(L"ImagePayload:\n");
+  Print(L"  Version          - 0x%x\n", DisplayCapsule->ImagePayload.Version);
+  Print(L"  Checksum         - 0x%x\n", DisplayCapsule->ImagePayload.Checksum);
+  Print(L"  ImageType        - 0x%x\n", DisplayCapsule->ImagePayload.ImageType);
+  Print(L"  Mode             - 0x%x\n", DisplayCapsule->ImagePayload.Mode);
+  Print(L"  OffsetX          - 0x%x\n", DisplayCapsule->ImagePayload.OffsetX);
+  Print(L"  OffsetY          - 0x%x\n", DisplayCapsule->ImagePayload.OffsetY);
+}
+
+/**
+  Dump FMP image authentication information.
+
+  @param[in] Image      The FMP capsule image
+  @param[in] ImageSize  The size of the FMP capsule image in bytes.
+
+  @return the size of FMP authentication.
+**/
+UINTN
+DumpImageAuthentication (
+  IN VOID   *Image,
+  IN UINTN  ImageSize
+  )
+{
+  EFI_FIRMWARE_IMAGE_AUTHENTICATION             *ImageAuthentication;
+
+  ImageAuthentication = Image;
+  if (CompareGuid(&ImageAuthentication->AuthInfo.CertType, &gEfiCertPkcs7Guid) ||
+      CompareGuid(&ImageAuthentication->AuthInfo.CertType, &gEfiCertTypeRsa2048Sha256Guid)) {
+    Print(L"[ImageAuthentication]\n");
+    Print(L"  MonotonicCount   - 0x%lx\n", ImageAuthentication->MonotonicCount);
+    Print(L"WIN_CERTIFICATE:\n");
+    Print(L"  dwLength         - 0x%x\n", ImageAuthentication->AuthInfo.Hdr.dwLength);
+    Print(L"  wRevision        - 0x%x\n", ImageAuthentication->AuthInfo.Hdr.wRevision);
+    Print(L"  wCertificateType - 0x%x\n", ImageAuthentication->AuthInfo.Hdr.wCertificateType);
+    Print(L"  CertType         - %g\n", &ImageAuthentication->AuthInfo.CertType);
+    return sizeof(ImageAuthentication->MonotonicCount) + ImageAuthentication->AuthInfo.Hdr.dwLength;
+  } else {
+    return 0;
+  }
+}
+
+/**
+  Dump a non-nested FMP capsule.
+
+  @param[in]  CapsuleHeader  A pointer to CapsuleHeader
+**/
+VOID
+DumpFmpCapsule (
+  IN EFI_CAPSULE_HEADER  *CapsuleHeader
+  )
+{
+  EFI_FIRMWARE_MANAGEMENT_CAPSULE_HEADER        *FmpCapsuleHeader;
+  UINT64                                        *ItemOffsetList;
+  UINTN                                         Index;
+  UINTN                                         Count;
+  EFI_FIRMWARE_MANAGEMENT_CAPSULE_IMAGE_HEADER  *FmpImageHeader;
+
+  Print(L"[FmpCapusule]\n");
+  Print(L"CapsuleHeader:\n");
+  Print(L"  CapsuleGuid      - %g\n", &CapsuleHeader->CapsuleGuid);
+  Print(L"  HeaderSize       - 0x%x\n", CapsuleHeader->HeaderSize);
+  Print(L"  Flags            - 0x%x\n", CapsuleHeader->Flags);
+  Print(L"  CapsuleImageSize - 0x%x\n", CapsuleHeader->CapsuleImageSize);
+
+  FmpCapsuleHeader = (EFI_FIRMWARE_MANAGEMENT_CAPSULE_HEADER *)((UINT8 *)CapsuleHeader + CapsuleHeader->HeaderSize);
+  ItemOffsetList = (UINT64 *)(FmpCapsuleHeader + 1);
+  Print(L"FmpHeader:\n");
+  Print(L"  Version             - 0x%x\n", FmpCapsuleHeader->Version);
+  Print(L"  EmbeddedDriverCount - 0x%x\n", FmpCapsuleHeader->EmbeddedDriverCount);
+  Print(L"  PayloadItemCount    - 0x%x\n", FmpCapsuleHeader->PayloadItemCount);
+  Count = FmpCapsuleHeader->EmbeddedDriverCount + FmpCapsuleHeader->PayloadItemCount;
+  for (Index = 0; Index < Count; Index++) {
+    Print(L"  Offset[%d]           - 0x%x\n", Index, ItemOffsetList[Index]);
+  }
+
+  for (Index = FmpCapsuleHeader->EmbeddedDriverCount; Index < Count; Index++) {
+    Print(L"FmpPayload[%d] ImageHeader:\n", Index);
+    FmpImageHeader = (EFI_FIRMWARE_MANAGEMENT_CAPSULE_IMAGE_HEADER *)((UINT8 *)FmpCapsuleHeader + ItemOffsetList[Index]);
+    Print(L"  Version                - 0x%x\n", FmpImageHeader->Version);
+    Print(L"  UpdateImageTypeId      - %g\n", &FmpImageHeader->UpdateImageTypeId);
+    Print(L"  UpdateImageIndex       - 0x%x\n", FmpImageHeader->UpdateImageIndex);
+    Print(L"  UpdateImageSize        - 0x%x\n", FmpImageHeader->UpdateImageSize);
+    Print(L"  UpdateVendorCodeSize   - 0x%x\n", FmpImageHeader->UpdateVendorCodeSize);
+    if (FmpImageHeader->Version >= EFI_FIRMWARE_MANAGEMENT_CAPSULE_IMAGE_HEADER_INIT_VERSION) {
+      Print(L"  UpdateHardwareInstance - 0x%lx\n", FmpImageHeader->UpdateHardwareInstance);
+    }
+  }
+}
+
+/**
+  Return if there is a FMP header below capsule header.
+
+  @param[in] CapsuleHeader A pointer to EFI_CAPSULE_HEADER
+
+  @retval TRUE  There is a FMP header below capsule header.
+  @retval FALSE There is not a FMP header below capsule header
+**/
+BOOLEAN
+IsNestedFmpCapsule (
+  IN EFI_CAPSULE_HEADER         *CapsuleHeader
+  )
+{
+  EFI_STATUS                 Status;
+  EFI_SYSTEM_RESOURCE_TABLE  *Esrt;
+  EFI_SYSTEM_RESOURCE_ENTRY  *EsrtEntry;
+  UINTN                      Index;
+  BOOLEAN                    EsrtGuidFound;
+  EFI_CAPSULE_HEADER         *NestedCapsuleHeader;
+  UINTN                      NestedCapsuleSize;
+
+  //
+  // Check ESRT
+  //
+  EsrtGuidFound = FALSE;
+  Status = EfiGetSystemConfigurationTable(&gEfiSystemResourceTableGuid, (VOID **)&Esrt);
+  if (!EFI_ERROR(Status)) {
+    EsrtEntry = (VOID *)(Esrt + 1);
+    for (Index = 0; Index < Esrt->FwResourceCount; Index++, EsrtEntry++) {
+      if (CompareGuid(&EsrtEntry->FwClass, &CapsuleHeader->CapsuleGuid)) {
+        EsrtGuidFound = TRUE;
+        break;
+      }
+    }
+  }
+
+  if (!EsrtGuidFound) {
+    return FALSE;
+  }
+
+  //
+  // Check nested capsule header
+  // FMP GUID after ESRT one
+  //
+  NestedCapsuleHeader = (EFI_CAPSULE_HEADER *)((UINT8 *)CapsuleHeader + CapsuleHeader->HeaderSize);
+  NestedCapsuleSize = (UINTN)CapsuleHeader + CapsuleHeader->HeaderSize - (UINTN)NestedCapsuleHeader;
+  if (NestedCapsuleSize < sizeof(EFI_CAPSULE_HEADER)) {
+    return FALSE;
+  }
+  if (!CompareGuid(&NestedCapsuleHeader->CapsuleGuid, &gEfiFmpCapsuleGuid)) {
+    return FALSE;
+  }
+  return TRUE;
+}
+
+/**
+  Dump capsule information
+
+  @param[in] CapsuleName  The name of the capsule image.
+
+  @retval EFI_SUCCESS            The capsule information is dumped.
+  @retval EFI_UNSUPPORTED        Input parameter is not valid.
+**/
+EFI_STATUS
+DumpCapsule (
+  IN CHAR16                                        *CapsuleName
+  )
+{
+  VOID                                          *Buffer;
+  UINTN                                         FileSize;
+  EFI_CAPSULE_HEADER                            *CapsuleHeader;
+  EFI_STATUS                                    Status;
+
+  Status = ReadFileToBuffer(CapsuleName, &FileSize, &Buffer);
+  if (EFI_ERROR(Status)) {
+    Print(L"CapsuleApp: Capsule (%s) is not found.\n", CapsuleName);
+    goto Done;
+  }
+
+  CapsuleHeader = Buffer;
+  if (CompareGuid(&CapsuleHeader->CapsuleGuid, &gWindowsUxCapsuleGuid)) {
+    DumpUxCapsule(CapsuleHeader);
+    Status = EFI_SUCCESS;
+    goto Done;
+  }
+
+  if (CompareGuid(&CapsuleHeader->CapsuleGuid, &gEfiFmpCapsuleGuid)) {
+    DumpFmpCapsule(CapsuleHeader);
+  }
+  if (IsNestedFmpCapsule(CapsuleHeader)) {
+    Print(L"[NestedCapusule]\n");
+    Print(L"CapsuleHeader:\n");
+    Print(L"  CapsuleGuid      - %g\n", &CapsuleHeader->CapsuleGuid);
+    Print(L"  HeaderSize       - 0x%x\n", CapsuleHeader->HeaderSize);
+    Print(L"  Flags            - 0x%x\n", CapsuleHeader->Flags);
+    Print(L"  CapsuleImageSize - 0x%x\n", CapsuleHeader->CapsuleImageSize);
+    DumpFmpCapsule((EFI_CAPSULE_HEADER *)((UINTN)CapsuleHeader + CapsuleHeader->HeaderSize));
+  }
+
+Done:
+  FreePool(Buffer);
+  return Status;
+}
+
+/**
+  Dump capsule status variable.
+
+  @retval EFI_SUCCESS            The capsule status variable is dumped.
+  @retval EFI_UNSUPPORTED        Input parameter is not valid.
+**/
+EFI_STATUS
+DmpCapsuleStatusVariable (
+  VOID
+  )
+{
+  EFI_STATUS                          Status;
+  UINT32                              Index;
+  CHAR16                              CapsuleVarName[20];
+  CHAR16                              *TempVarName;
+  EFI_CAPSULE_RESULT_VARIABLE_HEADER  *CapsuleResult;
+  EFI_CAPSULE_RESULT_VARIABLE_FMP     *CapsuleResultFmp;
+  UINTN                               CapsuleFileNameSize;
+  CHAR16                              CapsuleIndexData[12];
+  CHAR16                              *CapsuleIndex;
+
+  Status = GetVariable2(
+             L"CapsuleMax",
+             &gEfiCapsuleReportGuid,
+             (VOID **)&CapsuleIndex,
+             NULL
+             );
+  if (!EFI_ERROR(Status)) {
+    CopyMem(CapsuleIndexData, CapsuleIndex, 11 * sizeof(CHAR16));
+    CapsuleIndexData[11] = 0;
+    Print(L"CapsuleMax - %s\n", CapsuleIndexData);
+    FreePool(CapsuleIndex);
+  }
+  Status = GetVariable2(
+             L"CapsuleLast",
+             &gEfiCapsuleReportGuid,
+             (VOID **)&CapsuleIndex,
+             NULL
+             );
+  if (!EFI_ERROR(Status)) {
+    CopyMem(CapsuleIndexData, CapsuleIndex, 11 * sizeof(CHAR16));
+    CapsuleIndexData[11] = 0;
+    Print(L"CapsuleLast - %s\n", CapsuleIndexData);
+    FreePool(CapsuleIndex);
+  }
+
+
+  StrCpyS (CapsuleVarName, sizeof(CapsuleVarName)/sizeof(CapsuleVarName[0]), L"Capsule");
+  TempVarName = CapsuleVarName + StrLen (CapsuleVarName);
+  Index = 0;
+
+  while (TRUE) {
+    UnicodeSPrint (TempVarName, 5 * sizeof(CHAR16), L"%04x", Index);
+
+    Status = GetVariable2 (
+               CapsuleVarName,
+               &gEfiCapsuleReportGuid,
+               (VOID **) &CapsuleResult,
+               NULL
+               );
+    if (Status == EFI_NOT_FOUND) {
+      break;
+    } else if (EFI_ERROR(Status)) {
+      continue;
+    }
+
+    //
+    // display capsule process status
+    //
+    if (CapsuleResult->VariableTotalSize >= sizeof(EFI_CAPSULE_RESULT_VARIABLE_HEADER)) {
+      Print (L"CapsuleName: %s\n", CapsuleVarName);
+      Print (L"  Capsule Guid: %g\n", &CapsuleResult->CapsuleGuid);
+      Print (L"  Capsule ProcessedTime: %t\n", &CapsuleResult->CapsuleProcessed);
+      Print (L"  Capsule Status: %r\n", CapsuleResult->CapsuleStatus);
+    }
+
+    if (CompareGuid(&CapsuleResult->CapsuleGuid, &gEfiFmpCapsuleGuid)) {
+      if (CapsuleResult->VariableTotalSize >= sizeof(EFI_CAPSULE_RESULT_VARIABLE_HEADER) + sizeof(EFI_CAPSULE_RESULT_VARIABLE_FMP)) {
+        CapsuleResultFmp = (EFI_CAPSULE_RESULT_VARIABLE_FMP *)(CapsuleResult + 1);
+        Print(L"  Capsule FMP Version: 0x%x\n", CapsuleResultFmp->Version);
+        Print(L"  Capsule FMP PayloadIndex: 0x%x\n", CapsuleResultFmp->PayloadIndex);
+        Print(L"  Capsule FMP UpdateImageIndex: 0x%x\n", CapsuleResultFmp->UpdateImageIndex);
+        Print(L"  Capsule FMP UpdateImageTypeId: %g\n", &CapsuleResultFmp->UpdateImageTypeId);
+        if (CapsuleResult->VariableTotalSize > sizeof(EFI_CAPSULE_RESULT_VARIABLE_HEADER) + sizeof(EFI_CAPSULE_RESULT_VARIABLE_FMP)) {
+          Print(L"  Capsule FMP CapsuleFileName: %s\n", (CapsuleResultFmp + 1));
+          CapsuleFileNameSize = StrSize((CHAR16 *)(CapsuleResultFmp + 1));
+          if (CapsuleResult->VariableTotalSize > sizeof(EFI_CAPSULE_RESULT_VARIABLE_HEADER) + sizeof(EFI_CAPSULE_RESULT_VARIABLE_FMP) + CapsuleFileNameSize) {
+            Print(L"  Capsule FMP CapsuleTarget: %s\n", (UINT8 *)(CapsuleResultFmp + 1) + CapsuleFileNameSize);
+          }
+        }
+      }
+    }
+
+    FreePool(CapsuleResult);
+
+    Index++;
+    if (Index > 0xFFFF) {
+      break;
+    }
+  }
+
+  return EFI_SUCCESS;
+}
+
+CHAR8 *mFwTypeString[] = {
+  "Unknown",
+  "SystemFirmware",
+  "DeviceFirmware",
+  "UefiDriver",
+};
+
+CHAR8 *mLastAttemptStatusString[] = {
+  "Success",
+  "Error: Unsuccessful",
+  "Error: Insufficient Resources",
+  "Error: Incorrect Version",
+  "Error: Invalid Format",
+  "Error: Auth Error",
+  "Error: Power Event AC",
+  "Error: Power Event Battery",
+};
+
+/**
+  Convert FwType to a string.
+
+  @param[in] FwType  FwType in ESRT
+
+  @return a string for FwType.
+**/
+CHAR8 *
+FwTypeToString (
+  IN UINT32  FwType
+  )
+{
+  if (FwType < sizeof(mFwTypeString) / sizeof(mFwTypeString[0])) {
+    return mFwTypeString[FwType];
+  } else {
+    return "Invalid";
+  }
+}
+
+/**
+  Convert LastAttemptStatus to a string.
+
+  @param[in] LastAttemptStatus  LastAttemptStatus in FMP or ESRT
+
+  @return a string for LastAttemptStatus.
+**/
+CHAR8 *
+LastAttemptStatusToString (
+  IN UINT32  LastAttemptStatus
+  )
+{
+  if (LastAttemptStatus < sizeof(mLastAttemptStatusString) / sizeof(mLastAttemptStatusString[0])) {
+    return mLastAttemptStatusString[LastAttemptStatus];
+  } else {
+    return "Error: Unknown";
+  }
+}
+
+/**
+  Dump ESRT entry.
+
+  @param[in] EsrtEntry  ESRT entry
+**/
+VOID
+DumpEsrtEntry (
+  IN EFI_SYSTEM_RESOURCE_ENTRY  *EsrtEntry
+  )
+{
+  Print(L"  FwClass                  - %g\n", &EsrtEntry->FwClass);
+  Print(L"  FwType                   - 0x%x (%a)\n", EsrtEntry->FwType, FwTypeToString(EsrtEntry->FwType));
+  Print(L"  FwVersion                - 0x%x\n", EsrtEntry->FwVersion);
+  Print(L"  LowestSupportedFwVersion - 0x%x\n", EsrtEntry->LowestSupportedFwVersion);
+  Print(L"  CapsuleFlags             - 0x%x\n", EsrtEntry->CapsuleFlags);
+  Print(L"    PERSIST_ACROSS_RESET   - 0x%x\n", EsrtEntry->CapsuleFlags & CAPSULE_FLAGS_PERSIST_ACROSS_RESET);
+  Print(L"    POPULATE_SYSTEM_TABLE  - 0x%x\n", EsrtEntry->CapsuleFlags & CAPSULE_FLAGS_POPULATE_SYSTEM_TABLE);
+  Print(L"    INITIATE_RESET         - 0x%x\n", EsrtEntry->CapsuleFlags & CAPSULE_FLAGS_INITIATE_RESET);
+  Print(L"  LastAttemptVersion       - 0x%x\n", EsrtEntry->LastAttemptVersion);
+  Print(L"  LastAttemptStatus        - 0x%x (%a)\n", EsrtEntry->LastAttemptStatus, LastAttemptStatusToString(EsrtEntry->LastAttemptStatus));
+}
+
+/**
+  Dump ESRT table.
+
+  @param[in] Esrt  ESRT table
+**/
+VOID
+DumpEsrt (
+  IN EFI_SYSTEM_RESOURCE_TABLE  *Esrt
+  )
+{
+  UINTN                      Index;
+  EFI_SYSTEM_RESOURCE_ENTRY  *EsrtEntry;
+
+  Print(L"EFI_SYSTEM_RESOURCE_TABLE:\n");
+  Print(L"FwResourceCount    - 0x%x\n", Esrt->FwResourceCount);
+  Print(L"FwResourceCountMax - 0x%x\n", Esrt->FwResourceCountMax);
+  Print(L"FwResourceVersion  - 0x%lx\n", Esrt->FwResourceVersion);
+
+  EsrtEntry = (VOID *)(Esrt + 1);
+  for (Index = 0; Index < Esrt->FwResourceCount; Index++) {
+    Print(L"EFI_SYSTEM_RESOURCE_ENTRY (%d):\n", Index);
+    DumpEsrtEntry(EsrtEntry);
+    EsrtEntry++;
+  }
+}
+
+/**
+  Dump ESRT info.
+**/
+VOID
+DumpEsrtData (
+  VOID
+  )
+{
+  EFI_STATUS                 Status;
+  EFI_SYSTEM_RESOURCE_TABLE  *Esrt;
+
+  Print(L"##############\n");
+  Print(L"# ESRT TABLE #\n");
+  Print(L"##############\n");
+
+  Status = EfiGetSystemConfigurationTable (&gEfiSystemResourceTableGuid, (VOID **)&Esrt);
+  if (EFI_ERROR(Status)) {
+    Print(L"ESRT - %r\n", Status);
+    return;
+  }
+  DumpEsrt(Esrt);
+  Print(L"\n");
+}
+
+/**
+  Dump FMP information.
+
+  @param[in] ImageInfoSize       The size of ImageInfo, in bytes.
+  @param[in] ImageInfo           A pointer to EFI_FIRMWARE_IMAGE_DESCRIPTOR.
+  @param[in] DescriptorVersion   The version of EFI_FIRMWARE_IMAGE_DESCRIPTOR.
+  @param[in] DescriptorCount     The count of EFI_FIRMWARE_IMAGE_DESCRIPTOR.
+  @param[in] DescriptorSize      The size of an individual EFI_FIRMWARE_IMAGE_DESCRIPTOR, in bytes.
+  @param[in] PackageVersion      The version of package.
+  @param[in] PackageVersionName  The version name of package.
+**/
+VOID
+DumpFmpImageInfo (
+  IN UINTN                           ImageInfoSize,
+  IN EFI_FIRMWARE_IMAGE_DESCRIPTOR   *ImageInfo,
+  IN UINT32                          DescriptorVersion,
+  IN UINT8                           DescriptorCount,
+  IN UINTN                           DescriptorSize,
+  IN UINT32                          PackageVersion,
+  IN CHAR16                          *PackageVersionName
+  )
+{
+  EFI_FIRMWARE_IMAGE_DESCRIPTOR                 *CurrentImageInfo;
+  UINTN                                         Index;
+
+  Print(L"  DescriptorVersion  - 0x%x\n", DescriptorVersion);
+  Print(L"  DescriptorCount    - 0x%x\n", DescriptorCount);
+  Print(L"  DescriptorSize     - 0x%x\n", DescriptorSize);
+  Print(L"  PackageVersion     - 0x%x\n", PackageVersion);
+  Print(L"  PackageVersionName - \"%s\"\n", PackageVersionName);
+  CurrentImageInfo = ImageInfo;
+  for (Index = 0; Index < DescriptorCount; Index++) {
+    Print(L"  ImageDescriptor (%d)\n", Index);
+    Print(L"    ImageIndex                  - 0x%x\n", CurrentImageInfo->ImageIndex);
+    Print(L"    ImageTypeId                 - %g\n", &CurrentImageInfo->ImageTypeId);
+    Print(L"    ImageId                     - 0x%lx\n", CurrentImageInfo->ImageId);
+    Print(L"    ImageIdName                 - \"%s\"\n", CurrentImageInfo->ImageIdName);
+    Print(L"    Version                     - 0x%x\n", CurrentImageInfo->Version);
+    Print(L"    VersionName                 - \"%s\"\n", CurrentImageInfo->VersionName);
+    Print(L"    Size                        - 0x%x\n", CurrentImageInfo->Size);
+    Print(L"    AttributesSupported         - 0x%lx\n", CurrentImageInfo->AttributesSupported);
+    Print(L"      IMAGE_UPDATABLE           - 0x%lx\n", CurrentImageInfo->AttributesSupported & IMAGE_ATTRIBUTE_IMAGE_UPDATABLE);
+    Print(L"      RESET_REQUIRED            - 0x%lx\n", CurrentImageInfo->AttributesSupported & IMAGE_ATTRIBUTE_RESET_REQUIRED);
+    Print(L"      AUTHENTICATION_REQUIRED   - 0x%lx\n", CurrentImageInfo->AttributesSupported & IMAGE_ATTRIBUTE_AUTHENTICATION_REQUIRED);
+    Print(L"      IN_USE                    - 0x%lx\n", CurrentImageInfo->AttributesSupported & IMAGE_ATTRIBUTE_IN_USE);
+    Print(L"      UEFI_IMAGE                - 0x%lx\n", CurrentImageInfo->AttributesSupported & IMAGE_ATTRIBUTE_UEFI_IMAGE);
+    Print(L"    AttributesSetting           - 0x%lx\n", CurrentImageInfo->AttributesSetting);
+    Print(L"      IMAGE_UPDATABLE           - 0x%lx\n", CurrentImageInfo->AttributesSetting & IMAGE_ATTRIBUTE_IMAGE_UPDATABLE);
+    Print(L"      RESET_REQUIRED            - 0x%lx\n", CurrentImageInfo->AttributesSetting & IMAGE_ATTRIBUTE_RESET_REQUIRED);
+    Print(L"      AUTHENTICATION_REQUIRED   - 0x%lx\n", CurrentImageInfo->AttributesSetting & IMAGE_ATTRIBUTE_AUTHENTICATION_REQUIRED);
+    Print(L"      IN_USE                    - 0x%lx\n", CurrentImageInfo->AttributesSetting & IMAGE_ATTRIBUTE_IN_USE);
+    Print(L"      UEFI_IMAGE                - 0x%lx\n", CurrentImageInfo->AttributesSetting & IMAGE_ATTRIBUTE_UEFI_IMAGE);
+    Print(L"    Compatibilities             - 0x%lx\n", CurrentImageInfo->Compatibilities);
+    Print(L"      COMPATIB_CHECK_SUPPORTED  - 0x%lx\n", CurrentImageInfo->Compatibilities & IMAGE_COMPATIBILITY_CHECK_SUPPORTED);
+    if (DescriptorVersion > 1) {
+      Print(L"    LowestSupportedImageVersion - 0x%x\n", CurrentImageInfo->LowestSupportedImageVersion);
+      if (DescriptorVersion > 2) {
+        Print(L"    LastAttemptVersion          - 0x%x\n", CurrentImageInfo->LastAttemptVersion);
+        Print(L"    LastAttemptStatus           - 0x%x (%a)\n", CurrentImageInfo->LastAttemptStatus, LastAttemptStatusToString(CurrentImageInfo->LastAttemptStatus));
+        Print(L"    HardwareInstance            - 0x%lx\n", CurrentImageInfo->HardwareInstance);
+      }
+    }
+    //
+    // Use DescriptorSize to move ImageInfo Pointer to stay compatible with different ImageInfo version
+    //
+    CurrentImageInfo = (EFI_FIRMWARE_IMAGE_DESCRIPTOR *)((UINT8 *)CurrentImageInfo + DescriptorSize);
+  }
+}
+
+/**
+  Dump FMP package information.
+
+  @param[in] PackageVersion             The version of package.
+  @param[in] PackageVersionName         The version name of package.
+  @param[in] PackageVersionNameMaxLen   The maximum length of PackageVersionName.
+  @param[in] AttributesSupported        Package attributes that are supported by this device.
+  @param[in] AttributesSetting          Package attributes.
+**/
+VOID
+DumpFmpPackageInfo (
+  IN UINT32                           PackageVersion,
+  IN CHAR16                           *PackageVersionName,
+  IN UINT32                           PackageVersionNameMaxLen,
+  IN UINT64                           AttributesSupported,
+  IN UINT64                           AttributesSetting
+  )
+{
+  Print(L"  PackageVersion              - 0x%x\n", PackageVersion);
+  Print(L"  PackageVersionName          - \"%s\"\n", PackageVersionName);
+  Print(L"  PackageVersionNameMaxLen    - 0x%x\n", PackageVersionNameMaxLen);
+  Print(L"  AttributesSupported         - 0x%lx\n", AttributesSupported);
+  Print(L"    IMAGE_UPDATABLE           - 0x%lx\n", AttributesSupported & IMAGE_ATTRIBUTE_IMAGE_UPDATABLE);
+  Print(L"    RESET_REQUIRED            - 0x%lx\n", AttributesSupported & IMAGE_ATTRIBUTE_RESET_REQUIRED);
+  Print(L"    AUTHENTICATION_REQUIRED   - 0x%lx\n", AttributesSupported & IMAGE_ATTRIBUTE_AUTHENTICATION_REQUIRED);
+  Print(L"  AttributesSetting           - 0x%lx\n", AttributesSetting);
+  Print(L"    IMAGE_UPDATABLE           - 0x%lx\n", AttributesSetting & IMAGE_ATTRIBUTE_IMAGE_UPDATABLE);
+  Print(L"    RESET_REQUIRED            - 0x%lx\n", AttributesSetting & IMAGE_ATTRIBUTE_RESET_REQUIRED);
+  Print(L"    AUTHENTICATION_REQUIRED   - 0x%lx\n", AttributesSetting & IMAGE_ATTRIBUTE_AUTHENTICATION_REQUIRED);
+}
+
+/**
+  Dump FMP protocol info.
+**/
+VOID
+DumpFmpData (
+  VOID
+  )
+{
+  EFI_STATUS                                    Status;
+  EFI_FIRMWARE_MANAGEMENT_PROTOCOL              *Fmp;
+  EFI_HANDLE                                    *HandleBuffer;
+  UINTN                                         NumberOfHandles;
+  UINTN                                         Index;
+  EFI_FIRMWARE_IMAGE_DESCRIPTOR                 *FmpImageInfoBuf;
+  UINTN                                         ImageInfoSize;
+  UINT32                                        FmpImageInfoDescriptorVer;
+  UINT8                                         FmpImageInfoCount;
+  UINTN                                         DescriptorSize;
+  UINT32                                        PackageVersion;
+  CHAR16                                        *PackageVersionName;
+  UINT32                                        PackageVersionNameMaxLen;
+  UINT64                                        AttributesSupported;
+  UINT64                                        AttributesSetting;
+
+  Print(L"############\n");
+  Print(L"# FMP DATA #\n");
+  Print(L"############\n");
+  Status = gBS->LocateHandleBuffer (
+                  ByProtocol,
+                  &gEfiFirmwareManagementProtocolGuid,
+                  NULL,
+                  &NumberOfHandles,
+                  &HandleBuffer
+                  );
+  if (EFI_ERROR(Status)) {
+    Print(L"FMP protocol - %r\n", EFI_NOT_FOUND);
+    return;
+  }
+
+  for (Index = 0; Index < NumberOfHandles; Index++) {
+    Status = gBS->HandleProtocol(
+                    HandleBuffer[Index],
+                    &gEfiFirmwareManagementProtocolGuid,
+                    (VOID **)&Fmp
+                    );
+    if (EFI_ERROR(Status)) {
+      continue;
+    }
+
+    ImageInfoSize = 0;
+    Status = Fmp->GetImageInfo (
+                    Fmp,
+                    &ImageInfoSize,
+                    NULL,
+                    NULL,
+                    NULL,
+                    NULL,
+                    NULL,
+                    NULL
+                    );
+    if (Status != EFI_BUFFER_TOO_SMALL) {
+      continue;
+    }
+
+    FmpImageInfoBuf = NULL;
+    FmpImageInfoBuf = AllocateZeroPool (ImageInfoSize);
+    if (FmpImageInfoBuf == NULL) {
+      Status = EFI_OUT_OF_RESOURCES;
+      goto EXIT;
+    }
+
+    PackageVersionName = NULL;
+    Status = Fmp->GetImageInfo (
+                    Fmp,
+                    &ImageInfoSize,               // ImageInfoSize
+                    FmpImageInfoBuf,              // ImageInfo
+                    &FmpImageInfoDescriptorVer,   // DescriptorVersion
+                    &FmpImageInfoCount,           // DescriptorCount
+                    &DescriptorSize,              // DescriptorSize
+                    &PackageVersion,              // PackageVersion
+                    &PackageVersionName           // PackageVersionName
+                    );
+
+    //
+    // If FMP GetInformation interface failed, skip this resource
+    //
+    if (EFI_ERROR(Status)) {
+      Print(L"FMP (%d) ImageInfo - %r\n", Index, Status);
+      FreePool(FmpImageInfoBuf);
+      continue;
+    }
+
+    Print(L"FMP (%d) ImageInfo:\n", Index);
+    DumpFmpImageInfo(
+      ImageInfoSize,               // ImageInfoSize
+      FmpImageInfoBuf,             // ImageInfo
+      FmpImageInfoDescriptorVer,   // DescriptorVersion
+      FmpImageInfoCount,           // DescriptorCount
+      DescriptorSize,              // DescriptorSize
+      PackageVersion,              // PackageVersion
+      PackageVersionName           // PackageVersionName
+      );
+
+    if (PackageVersionName != NULL) {
+      FreePool(PackageVersionName);
+    }
+    FreePool(FmpImageInfoBuf);
+
+    //
+    // Get package info
+    //
+    PackageVersionName = NULL;
+    Status = Fmp->GetPackageInfo (
+                    Fmp,
+                    &PackageVersion,              // PackageVersion
+                    &PackageVersionName,          // PackageVersionName
+                    &PackageVersionNameMaxLen,    // PackageVersionNameMaxLen
+                    &AttributesSupported,         // AttributesSupported
+                    &AttributesSetting            // AttributesSetting
+                    );
+    if (EFI_ERROR(Status)) {
+      Print(L"FMP (%d) PackageInfo - %r\n", Index, Status);
+    } else {
+      Print(L"FMP (%d) ImageInfo:\n", Index);
+      DumpFmpPackageInfo(
+        PackageVersion,              // PackageVersion
+        PackageVersionName,          // PackageVersionName
+        PackageVersionNameMaxLen,    // PackageVersionNameMaxLen
+        AttributesSupported,         // AttributesSupported
+        AttributesSetting            // AttributesSetting
+        );
+
+      if (PackageVersionName != NULL) {
+        FreePool(PackageVersionName);
+      }
+    }
+  }
+  Print(L"\n");
+
+EXIT:
+  FreePool(HandleBuffer);
+}
-- 
2.7.4.windows.1



^ permalink raw reply related	[flat|nested] 16+ messages in thread

* [PATCH V6 09/15] MdeModulePkg/UiApp: Show test key warning info in FrontPage.
  2016-10-28  5:46 [PATCH V6 00/15] Add capsule support lib and app Jiewen Yao
                   ` (7 preceding siblings ...)
  2016-10-28  5:46 ` [PATCH V6 08/15] MdeModulePkg/CapsuleApp: Add CapsuleApp application Jiewen Yao
@ 2016-10-28  5:46 ` Jiewen Yao
  2016-10-28  5:46 ` [PATCH V6 10/15] MdeModulePkg/MdeModulePkg.dsc: Add FMP related component Jiewen Yao
                   ` (5 subsequent siblings)
  14 siblings, 0 replies; 16+ messages in thread
From: Jiewen Yao @ 2016-10-28  5:46 UTC (permalink / raw)
  To: edk2-devel
  Cc: Eric Dong, Ruiyu Ni, Feng Tian, Star Zeng, Michael D Kinney,
	Liming Gao

The UiApp is updated to consume PcdTestKeyUsed to know if there is any
test key used in current BIOS, such as recovery key,
or capsule update key.
Then UiApp show warning information in front page.

Cc: Eric Dong <eric.dong@intel.com>
Cc: Ruiyu Ni <ruiyu.ni@intel.com>
Cc: Feng Tian <feng.tian@intel.com>
Cc: Star Zeng <star.zeng@intel.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Liming Gao <liming.gao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Jiewen Yao <jiewen.yao@intel.com>
---
 MdeModulePkg/Application/UiApp/FrontPageCustomizedUi.c | 13 +++++++++++++
 MdeModulePkg/Application/UiApp/FrontPageStrings.uni    |  4 +++-
 MdeModulePkg/Application/UiApp/UiApp.inf               |  3 ++-
 3 files changed, 18 insertions(+), 2 deletions(-)

diff --git a/MdeModulePkg/Application/UiApp/FrontPageCustomizedUi.c b/MdeModulePkg/Application/UiApp/FrontPageCustomizedUi.c
index 6e4f7b5..a9d2269 100644
--- a/MdeModulePkg/Application/UiApp/FrontPageCustomizedUi.c
+++ b/MdeModulePkg/Application/UiApp/FrontPageCustomizedUi.c
@@ -16,8 +16,11 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
 #include <Protocol/HiiConfigAccess.h>
 #include <Library/BaseLib.h>
 #include <Library/MemoryAllocationLib.h>
+#include "FrontPage.h"
 #include "FrontPageCustomizedUiSupport.h"
 
+extern FRONT_PAGE_CALLBACK_DATA  gFrontPagePrivate;
+
 /**
   Customize menus in the page.
 
@@ -129,4 +132,14 @@ UiCustomizeFrontPageBanner (
   IN OUT EFI_STRING     *BannerStr
   )
 {
+  if ((LineIndex == 5) && LeftOrRight) {
+    // Update STR_CUSTOMIZE_BANNER_LINE5_LEFT
+    if (PcdGetBool(PcdTestKeyUsed)) {
+      if (BannerStr != NULL) {
+        FreePool(*BannerStr);
+      }
+      *BannerStr = HiiGetString(gFrontPagePrivate.HiiHandle, STRING_TOKEN(STR_TEST_KEY_USED), NULL);
+    }
+  }
+  return;
 }
diff --git a/MdeModulePkg/Application/UiApp/FrontPageStrings.uni b/MdeModulePkg/Application/UiApp/FrontPageStrings.uni
index 71cb788..8080a20 100644
--- a/MdeModulePkg/Application/UiApp/FrontPageStrings.uni
+++ b/MdeModulePkg/Application/UiApp/FrontPageStrings.uni
@@ -2,7 +2,7 @@
 //
 //  String definitions for BdsPlatform formset.
 //
-//  Copyright (c) 2004 - 2015, Intel Corporation. All rights reserved.<BR>
+//  Copyright (c) 2004 - 2016, Intel Corporation. All rights reserved.<BR>
 //  This program and the accompanying materials
 //  are licensed and made available under the terms and conditions of the BSD License
 //  which accompanies this distribution.  The full text of the license may be found at
@@ -68,5 +68,7 @@
                                          #language fr-FR  ""
 #string STR_CUSTOMIZE_BANNER_LINE5_RIGHT #language en-US  ""
                                          #language fr-FR  ""
+#string STR_TEST_KEY_USED                #language en-US  "WARNING: Test key detected."
+                                         #language fr-FR  "WARNING: Test key detected."
 #string STR_NULL_STRING                #language en-US  " "
                                        #language fr-FR  " "
diff --git a/MdeModulePkg/Application/UiApp/UiApp.inf b/MdeModulePkg/Application/UiApp/UiApp.inf
index 6df6e47..d144462 100644
--- a/MdeModulePkg/Application/UiApp/UiApp.inf
+++ b/MdeModulePkg/Application/UiApp/UiApp.inf
@@ -1,7 +1,7 @@
 ## @file
 #  UiApp module is driver for BDS phase.
 #
-#  Copyright (c) 2011 - 2015, Intel Corporation. All rights reserved.<BR>
+#  Copyright (c) 2011 - 2016, Intel Corporation. All rights reserved.<BR>
 #  This program and the accompanying materials
 #  are licensed and made available under the terms and conditions of the BSD License
 #  which accompanies this distribution.  The full text of the license may be found at
@@ -82,6 +82,7 @@
   gEfiMdeModulePkgTokenSpaceGuid.PcdSetupVideoHorizontalResolution  ## CONSUMES
   gEfiMdeModulePkgTokenSpaceGuid.PcdSetupVideoVerticalResolution    ## CONSUMES
   gEfiMdeModulePkgTokenSpaceGuid.PcdFirmwareVersionString           ## CONSUMES
+  gEfiMdeModulePkgTokenSpaceGuid.PcdTestKeyUsed                     ## CONSUMES
 
 [UserExtensions.TianoCore."ExtraFiles"]
   UiAppExtra.uni
-- 
2.7.4.windows.1



^ permalink raw reply related	[flat|nested] 16+ messages in thread

* [PATCH V6 10/15] MdeModulePkg/MdeModulePkg.dsc: Add FMP related component.
  2016-10-28  5:46 [PATCH V6 00/15] Add capsule support lib and app Jiewen Yao
                   ` (8 preceding siblings ...)
  2016-10-28  5:46 ` [PATCH V6 09/15] MdeModulePkg/UiApp: Show test key warning info in FrontPage Jiewen Yao
@ 2016-10-28  5:46 ` Jiewen Yao
  2016-10-28  5:46 ` [PATCH V6 11/15] IntelFrameworkModulePkg/DxeCapsuleLib: Add ProcessCapsules() interface Jiewen Yao
                   ` (4 subsequent siblings)
  14 siblings, 0 replies; 16+ messages in thread
From: Jiewen Yao @ 2016-10-28  5:46 UTC (permalink / raw)
  To: edk2-devel; +Cc: Feng Tian, Star Zeng, Michael D Kinney, Liming Gao, Chao Zhang

Add FMP related component to check build.

Cc: Feng Tian <feng.tian@intel.com>
Cc: Star Zeng <star.zeng@intel.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Liming Gao <liming.gao@intel.com>
Cc: Chao Zhang <chao.b.zhang@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Jiewen Yao <jiewen.yao@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
---
 MdeModulePkg/MdeModulePkg.dsc | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/MdeModulePkg/MdeModulePkg.dsc b/MdeModulePkg/MdeModulePkg.dsc
index 71505d3..a058009 100644
--- a/MdeModulePkg/MdeModulePkg.dsc
+++ b/MdeModulePkg/MdeModulePkg.dsc
@@ -103,6 +103,9 @@
   VarCheckLib|MdeModulePkg/Library/VarCheckLib/VarCheckLib.inf
   FileExplorerLib|MdeModulePkg/Library/FileExplorerLib/FileExplorerLib.inf
 
+  FmpAuthenticationLib|MdeModulePkg/Library/FmpAuthenticationLibNull/FmpAuthenticationLibNull.inf
+  CapsuleLib|MdeModulePkg/Library/DxeCapsuleLibNull/DxeCapsuleLibNull.inf
+
 [LibraryClasses.EBC.PEIM]
   IoLib|MdePkg/Library/PeiIoLibCpuIo/PeiIoLibCpuIo.inf
 
@@ -126,12 +129,14 @@
   LockBoxLib|MdeModulePkg/Library/SmmLockBoxLib/SmmLockBoxDxeLib.inf
   MemoryAllocationLib|MdePkg/Library/UefiMemoryAllocationLib/UefiMemoryAllocationLib.inf
   ExtractGuidedSectionLib|MdePkg/Library/DxeExtractGuidedSectionLib/DxeExtractGuidedSectionLib.inf
+  CapsuleLib|MdeModulePkg/Library/DxeCapsuleLibFmp/DxeCapsuleLib.inf
 
 [LibraryClasses.common.DXE_RUNTIME_DRIVER]
   HobLib|MdePkg/Library/DxeHobLib/DxeHobLib.inf
   MemoryAllocationLib|MdePkg/Library/UefiMemoryAllocationLib/UefiMemoryAllocationLib.inf
   DebugLib|MdePkg/Library/UefiDebugLibConOut/UefiDebugLibConOut.inf
   LockBoxLib|MdeModulePkg/Library/SmmLockBoxLib/SmmLockBoxDxeLib.inf
+  CapsuleLib|MdeModulePkg/Library/DxeCapsuleLibFmp/DxeRuntimeCapsuleLib.inf
 
 [LibraryClasses.common.SMM_CORE]
   HobLib|MdePkg/Library/DxeHobLib/DxeHobLib.inf
@@ -408,6 +413,11 @@
   MdeModulePkg/Universal/SerialDxe/SerialDxe.inf
   MdeModulePkg/Universal/LoadFileOnFv2/LoadFileOnFv2.inf
 
+  MdeModulePkg/Application/CapsuleApp/CapsuleApp.inf
+  MdeModulePkg/Library/FmpAuthenticationLibNull/FmpAuthenticationLibNull.inf
+  MdeModulePkg/Library/DxeCapsuleLibFmp/DxeCapsuleLib.inf
+  MdeModulePkg/Library/DxeCapsuleLibFmp/DxeRuntimeCapsuleLib.inf
+
 [Components.IA32, Components.X64, Components.IPF]  
   MdeModulePkg/Universal/Network/UefiPxeBcDxe/UefiPxeBcDxe.inf
   MdeModulePkg/Universal/DebugSupportDxe/DebugSupportDxe.inf
-- 
2.7.4.windows.1



^ permalink raw reply related	[flat|nested] 16+ messages in thread

* [PATCH V6 11/15] IntelFrameworkModulePkg/DxeCapsuleLib: Add ProcessCapsules() interface.
  2016-10-28  5:46 [PATCH V6 00/15] Add capsule support lib and app Jiewen Yao
                   ` (9 preceding siblings ...)
  2016-10-28  5:46 ` [PATCH V6 10/15] MdeModulePkg/MdeModulePkg.dsc: Add FMP related component Jiewen Yao
@ 2016-10-28  5:46 ` Jiewen Yao
  2016-10-28  5:46 ` [PATCH V6 12/15] SecurityPkg/SecurityPkg.dec: Add PcdPkcs7CertBuffer PCD Jiewen Yao
                   ` (3 subsequent siblings)
  14 siblings, 0 replies; 16+ messages in thread
From: Jiewen Yao @ 2016-10-28  5:46 UTC (permalink / raw)
  To: edk2-devel
  Cc: Jeff Fan, Feng Tian, Star Zeng, Michael D Kinney, Liming Gao,
	Chao Zhang

Add NULL ProcessCapsules() interface for DxeCapsuleLib.
IntelFrameworkModulePkg is under maintenance phase.
We stop adding new feature there.
Just add NULL function to make it pass build.

Cc: Jeff Fan <jeff.fan@intel.com>
Cc: Feng Tian <feng.tian@intel.com>
Cc: Star Zeng <star.zeng@intel.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Liming Gao <liming.gao@intel.com>
Cc: Chao Zhang <chao.b.zhang@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Jiewen Yao <jiewen.yao@intel.com>
Reviewed-by: Jeff Fan <jeff.fan@intel.com>
---
 IntelFrameworkModulePkg/Library/DxeCapsuleLib/DxeCapsuleLib.c | 40 +++++++++++++++++++-
 1 file changed, 39 insertions(+), 1 deletion(-)

diff --git a/IntelFrameworkModulePkg/Library/DxeCapsuleLib/DxeCapsuleLib.c b/IntelFrameworkModulePkg/Library/DxeCapsuleLib/DxeCapsuleLib.c
index fc9b533..eaed06e 100644
--- a/IntelFrameworkModulePkg/Library/DxeCapsuleLib/DxeCapsuleLib.c
+++ b/IntelFrameworkModulePkg/Library/DxeCapsuleLib/DxeCapsuleLib.c
@@ -1,7 +1,7 @@
 /** @file
   Capsule Library instance to process capsule images.
 
-  Copyright (c) 2007 - 2013, Intel Corporation. All rights reserved.<BR>
+  Copyright (c) 2007 - 2016, Intel Corporation. All rights reserved.<BR>
 
   This program and the accompanying materials
   are licensed and made available under the terms and conditions of the BSD License
@@ -515,4 +515,42 @@ ProcessCapsuleImage (
   return Status;
 }
 
+/**
+
+  This routine is called to process capsules.
+
+  Caution: This function may receive untrusted input.
+
+  The capsules reported in EFI_HOB_UEFI_CAPSULE are processed.
+  If there is no EFI_HOB_UEFI_CAPSULE, this routine does nothing.
+
+  This routine should be called twice in BDS.
+  1) The first call must be before EndOfDxe. The system capsules is processed.
+     If device capsule FMP protocols are exposted at this time and device FMP
+     capsule has zero EmbeddedDriverCount, the device capsules are processed.
+     Each individual capsule result is recorded in capsule record variable.
+     System may reset in this function, if reset is required by capsule and
+     all capsules are processed.
+     If not all capsules are processed, reset will be defered to second call.
+
+  2) The second call must be after EndOfDxe and after ConnectAll, so that all
+     device capsule FMP protocols are exposed.
+     The system capsules are skipped. If the device capsules are NOT processed
+     in first call, they are processed here.
+     Each individual capsule result is recorded in capsule record variable.
+     System may reset in this function, if reset is required by capsule
+     processed in first call and second call.
+
+  @retval EFI_SUCCESS             There is no error when processing capsules.
+  @retval EFI_OUT_OF_RESOURCES    No enough resource to process capsules.
+
+**/
+EFI_STATUS
+EFIAPI
+ProcessCapsules (
+  VOID
+  )
+{
+  return EFI_UNSUPPORTED;
+}
 
-- 
2.7.4.windows.1



^ permalink raw reply related	[flat|nested] 16+ messages in thread

* [PATCH V6 12/15] SecurityPkg/SecurityPkg.dec: Add PcdPkcs7CertBuffer PCD.
  2016-10-28  5:46 [PATCH V6 00/15] Add capsule support lib and app Jiewen Yao
                   ` (10 preceding siblings ...)
  2016-10-28  5:46 ` [PATCH V6 11/15] IntelFrameworkModulePkg/DxeCapsuleLib: Add ProcessCapsules() interface Jiewen Yao
@ 2016-10-28  5:46 ` Jiewen Yao
  2016-10-28  5:46 ` [PATCH V6 13/15] SecurityPkg/FmpAuthenticationLibPkcs7: Add PKCS7 instance for FMP Jiewen Yao
                   ` (2 subsequent siblings)
  14 siblings, 0 replies; 16+ messages in thread
From: Jiewen Yao @ 2016-10-28  5:46 UTC (permalink / raw)
  To: edk2-devel; +Cc: Feng Tian, Star Zeng, Michael D Kinney, Liming Gao, Chao Zhang

This PCD is similar to PcdRsa2048Sha256PublicKeyBuffer.
It provides trusted cert for PKCS7 verification.
It can be used for Recovery and Capsule Update images.

We added warning message for both PcdPkcs7CertBuffer and
PcdRsa2048Sha256PublicKeyBuffer. The default value is only for
test purpose.

Cc: Feng Tian <feng.tian@intel.com>
Cc: Star Zeng <star.zeng@intel.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Liming Gao <liming.gao@intel.com>
Cc: Chao Zhang <chao.b.zhang@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Jiewen Yao <jiewen.yao@intel.com>
Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>
---
 SecurityPkg/SecurityPkg.dec | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/SecurityPkg/SecurityPkg.dec b/SecurityPkg/SecurityPkg.dec
index f4f4d19..dab332a 100644
--- a/SecurityPkg/SecurityPkg.dec
+++ b/SecurityPkg/SecurityPkg.dec
@@ -400,11 +400,17 @@
   gEfiSecurityPkgTokenSpaceGuid.PcdTcg2NumberOfPCRBanks|0x0|UINT32|0x00010015
   
   ## Provides one or more SHA 256 Hashes of the RSA 2048 public keys used to verify Recovery and Capsule Update images
-  #
+  #  WARNING: The default value is treated as test key. Please do not use default value in the production.
   # @Prompt One or more SHA 256 Hashes of RSA 2048 bit public keys used to verify Recovery and Capsule Update images
   #
   gEfiSecurityPkgTokenSpaceGuid.PcdRsa2048Sha256PublicKeyBuffer|{0x91, 0x29, 0xc4, 0xbd, 0xea, 0x6d, 0xda, 0xb3, 0xaa, 0x6f, 0x50, 0x16, 0xfc, 0xdb, 0x4b, 0x7e, 0x3c, 0xd6, 0xdc, 0xa4, 0x7a, 0x0e, 0xdd, 0xe6, 0x15, 0x8c, 0x73, 0x96, 0xa2, 0xd4, 0xa6, 0x4d}|VOID*|0x00010013
 
+  ## Provides one PKCS7 cert used to verify Recovery and Capsule Update images
+  #  WARNING: The default value is treated as test key. Please do not use default value in the production.
+  # @Prompt One PKCS7 cert used to verify Recovery and Capsule Update images
+  #
+  gEfiSecurityPkgTokenSpaceGuid.PcdPkcs7CertBuffer|{0x30, 0x82, 0x02, 0xf0, 0x30, 0x82, 0x01, 0xdc, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x10, 0x34, 0x30, 0x27, 0x7f, 0x05, 0x3d, 0x95, 0x85, 0x43, 0xa0, 0xa4, 0xf5, 0x0c, 0x9a, 0xe7, 0xca, 0x30, 0x09, 0x06, 0x05, 0x2b, 0x0e, 0x03, 0x02, 0x1d, 0x05, 0x00, 0x30, 0x13, 0x31, 0x11, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x08, 0x54, 0x65, 0x73, 0x74, 0x52, 0x6f, 0x6f, 0x74, 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x36, 0x30, 0x38, 0x30, 0x34, 0x31, 0x35, 0x30, 0x31, 0x34, 0x38, 0x5a, 0x17, 0x0d, 0x33, 0x39, 0x31, 0x32, 0x33, 0x31, 0x32, 0x33, 0x35, 0x39, 0x35, 0x39, 0x5a, 0x30, 0x13, 0x31, 0x11, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x08, 0x54, 0x65, 0x73, 0x74, 0x52, 0x6f, 0x6f, 0x74, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0x94, 0xe6, 0x33, 0x4f, 0x56, 0xc3, 0x07, 0xa0, 0xd0, 0x99, 0x57, 0xc3, 0xe1, 0x56, 0x42, 0x01, 0x70, 0x59, 0x1c, 0x2f, 0x4a, 0x66, 0x8f, 0x34, 0x9e, 0x93, 0xbd, 0xb6, 0xec, 0x92, 0xa4, 0x90, 0x51, 0x5d, 0xc6, 0x8f, 0xb5, 0xc3, 0x86, 0x15, 0xdf, 0x60, 0x80, 0xbe, 0xb8, 0x78, 0x59, 0x5b, 0x9b, 0xfd, 0x27, 0x92, 0x69, 0xcc, 0xca, 0x8e, 0x3e, 0x9e, 0x81, 0x47, 0x5b, 0x84, 0xef, 0x5c, 0x9b, 0xb3, 0x4a, 0x43, 0x5b, 0x8d, 0x0b, 0x31, 0x04, 0x00, 0xb6, 0x8a, 0xc0, 0xa9, 0xf5, 0x21, 0xd0, 0x3f, 0xcd, 0xb0, 0x67, 0x7d, 0x50, 0x33, 0x2e, 0xfb, 0x1b, 0x2c, 0x16, 0x2e, 0xee, 0x56, 0x01, 0x87, 0xf6, 0xc8, 0xd4, 0x53, 0x07, 0x67, 0x99, 0x0b, 0x46, 0xbf, 0x1d, 0x90, 0xc6, 0xdb, 0x7f, 0x6d, 0x62, 0x0c, 0x4a, 0xac, 0xa8, 0xa2, 0x3c, 0x79, 0x0f, 0xad, 0x8f, 0xfe, 0xc1, 0xe8, 0xe5, 0x27, 0x3d, 0xf9, 0xa6, 0x9a, 0x1d, 0xec, 0x9a, 0x5f, 0x62, 0x51, 0x2e, 0x98, 0x1d, 0x29, 0xba, 0x6b, 0x8a, 0xfb, 0x43, 0x0e, 0x68, 0x29, 0xf5, 0xbe, 0x67, 0x48, 0x44, 0x28, 0x45, 0xfe, 0x1d, 0x3b, 0x50, 0x72, 0x6a, 0xc0, 0xbb, 0x0c, 0x9f, 0x02, 0x61, 0xad, 0x63, 0xa7, 0x87, 0xf6, 0x32, 0x9f, 0x3e, 0x16, 0x5c, 0xee, 0xcc, 0x05, 0xbd, 0x17, 0xe8, 0x46, 0x52, 0xaf, 0x50, 0x8a, 0xa6, 0x7e, 0x16, 0x69, 0x83, 0x69, 0x5b, 0x6e, 0x4d, 0xc7, 0xcf, 0x80, 0xb8, 0xcd, 0xf6, 0x66, 0x3f, 0xbe, 0x6c, 0xa0, 0xe8, 0x9c, 0x26, 0x60, 0xba, 0xa9, 0x05, 0xdd, 0x71, 0x4a, 0xbd, 0x00, 0xa8, 0x0c, 0xf7, 0x50, 0xab, 0x44, 0xd6, 0x3e, 0x87, 0x21, 0x3c, 0x2d, 0xe6, 0x33, 0x27, 0x5e, 0x21, 0x27, 0xb9, 0xdc, 0x38, 0x48, 0xd6, 0x3a, 0x96, 0xe1, 0x17, 0x47, 0x65, 0x65, 0xce, 0x3d, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x48, 0x30, 0x46, 0x30, 0x44, 0x06, 0x03, 0x55, 0x1d, 0x01, 0x04, 0x3d, 0x30, 0x3b, 0x80, 0x10, 0xce, 0xb5, 0x7a, 0xcf, 0xe5, 0x21, 0xc7, 0x6b, 0xf3, 0xec, 0x92, 0xd4, 0xbf, 0x65, 0x2a, 0x35, 0xa1, 0x15, 0x30, 0x13, 0x31, 0x11, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x08, 0x54, 0x65, 0x73, 0x74, 0x52, 0x6f, 0x6f, 0x74, 0x82, 0x10, 0x34, 0x30, 0x27, 0x7f, 0x05, 0x3d, 0x95, 0x85, 0x43, 0xa0, 0xa4, 0xf5, 0x0c, 0x9a, 0xe7, 0xca, 0x30, 0x09, 0x06, 0x05, 0x2b, 0x0e, 0x03, 0x02, 0x1d, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0x6b, 0x0d, 0xe0, 0x0a, 0xd0, 0xee, 0x5b, 0x3f, 0xb6, 0x73, 0x48, 0x62, 0xe8, 0xf4, 0x5b, 0xe1, 0xed, 0xd9, 0x00, 0xc5, 0xe5, 0x0e, 0x68, 0xfb, 0x53, 0x33, 0x30, 0x6a, 0x60, 0xba, 0xee, 0x38, 0x5b, 0x51, 0x63, 0x70, 0xd5, 0x7e, 0x05, 0xfe, 0xe4, 0x45, 0x2a, 0x15, 0x62, 0x1b, 0xfc, 0xd8, 0x75, 0x93, 0x56, 0xf6, 0xe6, 0x06, 0x85, 0x21, 0xf7, 0x08, 0x47, 0x26, 0xb9, 0xfe, 0x05, 0x4e, 0x90, 0x22, 0x54, 0xf4, 0x39, 0x09, 0x4c, 0x5c, 0x8e, 0xcd, 0x7c, 0x3b, 0xaf, 0x4b, 0x2d, 0x18, 0x06, 0xf4, 0x5c, 0x24, 0x2a, 0x64, 0xf7, 0x59, 0x75, 0x28, 0x97, 0xa9, 0x90, 0x2c, 0xba, 0x46, 0x02, 0x6a, 0x64, 0x66, 0x49, 0x32, 0xcb, 0x5d, 0x34, 0xfe, 0x24, 0xe4, 0x44, 0xb0, 0xc2, 0xad, 0x17, 0x1b, 0x05, 0x7d, 0xd3, 0x58, 0x88, 0x2e, 0xbe, 0x0e, 0xd7, 0x2b, 0xca, 0x5c, 0xbf, 0x28, 0x25, 0x3d, 0xd8, 0xbb, 0x3c, 0x38, 0x52, 0xe6, 0x27, 0xfa, 0xd2, 0xb8, 0x45, 0x6b, 0x5f, 0x7f, 0x4b, 0xb0, 0x23, 0x05, 0xe8, 0xaf, 0x67, 0xe8, 0xe2, 0x6c, 0x2f, 0x9f, 0xf8, 0x73, 0x7f, 0xc3, 0x17, 0xbc, 0xb2, 0x6a, 0x5b, 0x2a, 0xf3, 0x6b, 0xd3, 0xdc, 0x7f, 0xdf, 0x2f, 0xd0, 0xab, 0x06, 0x0c, 0xfe, 0x03, 0xe7, 0x8d, 0x82, 0xec, 0x84, 0x3d, 0xc8, 0x7d, 0xed, 0xcb, 0x6a, 0x5b, 0x35, 0x48, 0x55, 0x07, 0xfb, 0xaa, 0x78, 0x1a, 0x01, 0xbb, 0x98, 0x45, 0x8b, 0xda, 0x8a, 0xe3, 0x21, 0x57, 0x86, 0x15, 0x23, 0x17, 0x50, 0x1b, 0x9c, 0xbc, 0x1a, 0x59, 0xa8, 0x2a, 0xad, 0x3a, 0x7e, 0x01, 0x24, 0x83, 0xf7, 0xb0, 0x61, 0xe6, 0xbd, 0x4f, 0xd9, 0x91, 0x90, 0xa7, 0x2a, 0xb9, 0x0c, 0x3b, 0xab, 0x95, 0x20, 0x1c, 0xf0, 0x74, 0xce, 0x02, 0xba, 0x14, 0x5d, 0xf1, 0x91, 0x25, 0x4a}|VOID*|0x00010014
+
   ## This PCD defines minimum length(in bytes) of the system preboot TCG event log area(LAML).
   #  For PC Client Implementation spec up to and including 1.2 the minimum log size is 64KB.
   # @Prompt Minimum length(in bytes) of the system preboot TCG event log area(LAML).
-- 
2.7.4.windows.1



^ permalink raw reply related	[flat|nested] 16+ messages in thread

* [PATCH V6 13/15] SecurityPkg/FmpAuthenticationLibPkcs7: Add PKCS7 instance for FMP.
  2016-10-28  5:46 [PATCH V6 00/15] Add capsule support lib and app Jiewen Yao
                   ` (11 preceding siblings ...)
  2016-10-28  5:46 ` [PATCH V6 12/15] SecurityPkg/SecurityPkg.dec: Add PcdPkcs7CertBuffer PCD Jiewen Yao
@ 2016-10-28  5:46 ` Jiewen Yao
  2016-10-28  5:46 ` [PATCH V6 14/15] SecurityPkg/FmpAuthenticationLibRsa2048Sha256: Add RSA2048 instance Jiewen Yao
  2016-10-28  5:46 ` [PATCH V6 15/15] SecurityPkg/SecurityPkg.dsc: Add FmpAuthenticationLib* Jiewen Yao
  14 siblings, 0 replies; 16+ messages in thread
From: Jiewen Yao @ 2016-10-28  5:46 UTC (permalink / raw)
  To: edk2-devel; +Cc: Feng Tian, Star Zeng, Michael D Kinney, Liming Gao, Chao Zhang

It provides PKCS7 based FMP authentication.

Cc: Feng Tian <feng.tian@intel.com>
Cc: Star Zeng <star.zeng@intel.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Liming Gao <liming.gao@intel.com>
Cc: Chao Zhang <chao.b.zhang@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Jiewen Yao <jiewen.yao@intel.com>
Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>
---
 SecurityPkg/Library/FmpAuthenticationLibPkcs7/FmpAuthenticationLibPkcs7.c   | 222 ++++++++++++++++++++
 SecurityPkg/Library/FmpAuthenticationLibPkcs7/FmpAuthenticationLibPkcs7.inf |  49 +++++
 SecurityPkg/Library/FmpAuthenticationLibPkcs7/FmpAuthenticationLibPkcs7.uni |  26 +++
 3 files changed, 297 insertions(+)

diff --git a/SecurityPkg/Library/FmpAuthenticationLibPkcs7/FmpAuthenticationLibPkcs7.c b/SecurityPkg/Library/FmpAuthenticationLibPkcs7/FmpAuthenticationLibPkcs7.c
new file mode 100644
index 0000000..d79f270
--- /dev/null
+++ b/SecurityPkg/Library/FmpAuthenticationLibPkcs7/FmpAuthenticationLibPkcs7.c
@@ -0,0 +1,222 @@
+/** @file
+  FMP Authentication PKCS7 handler.
+  Provide generic FMP authentication functions for DXE/PEI post memory phase.
+
+  Caution: This module requires additional review when modified.
+  This module will have external input - capsule image.
+  This external input must be validated carefully to avoid security issue like
+  buffer overflow, integer overflow.
+
+  FmpAuthenticatedHandlerPkcs7(), AuthenticateFmpImage() will receive
+  untrusted input and do basic validation.
+
+  Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
+  This program and the accompanying materials
+  are licensed and made available under the terms and conditions of the BSD License
+  which accompanies this distribution.  The full text of the license may be found at
+  http://opensource.org/licenses/bsd-license.php
+
+  THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+  WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+
+**/
+
+#include <Uefi.h>
+
+#include <Guid/SystemResourceTable.h>
+#include <Guid/FirmwareContentsSigned.h>
+#include <Guid/WinCertificate.h>
+
+#include <Library/BaseLib.h>
+#include <Library/BaseMemoryLib.h>
+#include <Library/DebugLib.h>
+#include <Library/MemoryAllocationLib.h>
+#include <Library/BaseCryptLib.h>
+#include <Library/FmpAuthenticationLib.h>
+#include <Library/PcdLib.h>
+#include <Protocol/FirmwareManagement.h>
+#include <Guid/SystemResourceTable.h>
+
+/**
+  The handler is used to do the authentication for FMP capsule based upon
+  EFI_FIRMWARE_IMAGE_AUTHENTICATION.
+
+  Caution: This function may receive untrusted input.
+
+  This function assumes the caller AuthenticateFmpImage()
+  already did basic validation for EFI_FIRMWARE_IMAGE_AUTHENTICATION.
+
+  @param[in]  Image                   Points to an FMP authentication image, started from EFI_FIRMWARE_IMAGE_AUTHENTICATION.
+  @param[in]  ImageSize               Size of the authentication image in bytes.
+  @param[in]  PublicKeyData           The public key data used to validate the signature.
+  @param[in]  PublicKeyDataLength     The length of the public key data.
+
+  @retval RETURN_SUCCESS            Authentication pass.
+                                    The LastAttemptStatus should be LAST_ATTEMPT_STATUS_SUCCESS.
+  @retval RETURN_SECURITY_VIOLATION Authentication fail.
+                                    The LastAttemptStatus should be LAST_ATTEMPT_STATUS_ERROR_AUTH_ERROR.
+  @retval RETURN_INVALID_PARAMETER  The image is in an invalid format.
+                                    The LastAttemptStatus should be LAST_ATTEMPT_STATUS_ERROR_INVALID_FORMAT.
+  @retval RETURN_OUT_OF_RESOURCES   No Authentication handler associated with CertType.
+                                    The LastAttemptStatus should be LAST_ATTEMPT_STATUS_ERROR_INSUFFICIENT_RESOURCES.
+**/
+RETURN_STATUS
+FmpAuthenticatedHandlerPkcs7 (
+  IN EFI_FIRMWARE_IMAGE_AUTHENTICATION  *Image,
+  IN UINTN                              ImageSize,
+  IN CONST UINT8                        *PublicKeyData,
+  IN UINTN                              PublicKeyDataLength
+  )
+{
+  RETURN_STATUS                             Status;
+  BOOLEAN                                   CryptoStatus;
+  VOID                                      *P7Data;
+  UINTN                                     P7Length;
+  VOID                                      *TempBuffer;
+
+  DEBUG((DEBUG_INFO, "FmpAuthenticatedHandlerPkcs7 - Image: 0x%08x - 0x%08x\n", (UINTN)Image, (UINTN)ImageSize));
+
+  P7Length = Image->AuthInfo.Hdr.dwLength - (OFFSET_OF(WIN_CERTIFICATE_UEFI_GUID, CertData));
+  P7Data = Image->AuthInfo.CertData;
+
+  // It is a signature across the variable data and the Monotonic Count value.
+  TempBuffer = AllocatePool(ImageSize - Image->AuthInfo.Hdr.dwLength);
+  if (TempBuffer == NULL) {
+    DEBUG((DEBUG_ERROR, "FmpAuthenticatedHandlerPkcs7: TempBuffer == NULL\n"));
+    Status = RETURN_OUT_OF_RESOURCES;
+    goto Done;
+  }
+
+  CopyMem(
+    TempBuffer,
+    (UINT8 *)Image + sizeof(Image->MonotonicCount) + Image->AuthInfo.Hdr.dwLength,
+    ImageSize - sizeof(Image->MonotonicCount) - Image->AuthInfo.Hdr.dwLength
+    );
+  CopyMem(
+    (UINT8 *)TempBuffer + ImageSize - sizeof(Image->MonotonicCount) - Image->AuthInfo.Hdr.dwLength,
+    &Image->MonotonicCount,
+    sizeof(Image->MonotonicCount)
+    );
+  CryptoStatus = Pkcs7Verify(
+                   P7Data,
+                   P7Length,
+                   PublicKeyData,
+                   PublicKeyDataLength,
+                   (UINT8 *)TempBuffer,
+                   ImageSize - Image->AuthInfo.Hdr.dwLength
+                   );
+  FreePool(TempBuffer);
+  if (!CryptoStatus) {
+    //
+    // If PKCS7 signature verification fails, AUTH tested failed bit is set.
+    //
+    DEBUG((DEBUG_ERROR, "FmpAuthenticatedHandlerPkcs7: Pkcs7Verify() failed\n"));
+    Status = RETURN_SECURITY_VIOLATION;
+    goto Done;
+  }
+  DEBUG((DEBUG_INFO, "FmpAuthenticatedHandlerPkcs7: PASS verification\n"));
+
+  Status = RETURN_SUCCESS;
+
+Done:
+  return Status;
+}
+
+/**
+  The function is used to do the authentication for FMP capsule based upon
+  EFI_FIRMWARE_IMAGE_AUTHENTICATION.
+
+  The FMP capsule image should start with EFI_FIRMWARE_IMAGE_AUTHENTICATION,
+  followed by the payload.
+
+  If the return status is RETURN_SUCCESS, the caller may continue the rest
+  FMP update process.
+  If the return status is NOT RETURN_SUCCESS, the caller should stop the FMP
+  update process and convert the return status to LastAttemptStatus
+  to indicate that FMP update fails.
+  The LastAttemptStatus can be got from ESRT table or via
+  EFI_FIRMWARE_MANAGEMENT_PROTOCOL.GetImageInfo().
+
+  Caution: This function may receive untrusted input.
+
+  @param[in]  Image                   Points to an FMP authentication image, started from EFI_FIRMWARE_IMAGE_AUTHENTICATION.
+  @param[in]  ImageSize               Size of the authentication image in bytes.
+  @param[in]  PublicKeyData           The public key data used to validate the signature.
+  @param[in]  PublicKeyDataLength     The length of the public key data.
+
+  @retval RETURN_SUCCESS            Authentication pass.
+                                    The LastAttemptStatus should be LAST_ATTEMPT_STATUS_SUCCESS.
+  @retval RETURN_SECURITY_VIOLATION Authentication fail.
+                                    The LastAttemptStatus should be LAST_ATTEMPT_STATUS_ERROR_AUTH_ERROR.
+  @retval RETURN_INVALID_PARAMETER  The image is in an invalid format.
+                                    The LastAttemptStatus should be LAST_ATTEMPT_STATUS_ERROR_INVALID_FORMAT.
+  @retval RETURN_UNSUPPORTED        No Authentication handler associated with CertType.
+                                    The LastAttemptStatus should be LAST_ATTEMPT_STATUS_ERROR_INVALID_FORMAT.
+  @retval RETURN_UNSUPPORTED        Image or ImageSize is invalid.
+                                    The LastAttemptStatus should be LAST_ATTEMPT_STATUS_ERROR_INVALID_FORMAT.
+  @retval RETURN_OUT_OF_RESOURCES   No Authentication handler associated with CertType.
+                                    The LastAttemptStatus should be LAST_ATTEMPT_STATUS_ERROR_INSUFFICIENT_RESOURCES.
+**/
+RETURN_STATUS
+EFIAPI
+AuthenticateFmpImage (
+  IN EFI_FIRMWARE_IMAGE_AUTHENTICATION  *Image,
+  IN UINTN                              ImageSize,
+  IN CONST UINT8                        *PublicKeyData,
+  IN UINTN                              PublicKeyDataLength
+  )
+{
+  GUID                                      *CertType;
+  EFI_STATUS                                Status;
+
+  if ((Image == NULL) || (ImageSize == 0)) {
+    return RETURN_UNSUPPORTED;
+  }
+
+  if (ImageSize < sizeof(EFI_FIRMWARE_IMAGE_AUTHENTICATION)) {
+    DEBUG((DEBUG_ERROR, "AuthenticateFmpImage - ImageSize too small\n"));
+    return RETURN_INVALID_PARAMETER;
+  }
+  if (Image->AuthInfo.Hdr.dwLength <= OFFSET_OF(WIN_CERTIFICATE_UEFI_GUID, CertData)) {
+    DEBUG((DEBUG_ERROR, "AuthenticateFmpImage - dwLength too small\n"));
+    return RETURN_INVALID_PARAMETER;
+  }
+  if (Image->AuthInfo.Hdr.dwLength > MAX_UINTN - sizeof(UINT64)) {
+    DEBUG((DEBUG_ERROR, "AuthenticateFmpImage - dwLength too big\n"));
+    return RETURN_INVALID_PARAMETER;
+  }
+  if (ImageSize <= sizeof(Image->MonotonicCount) + Image->AuthInfo.Hdr.dwLength) {
+    DEBUG((DEBUG_ERROR, "AuthenticateFmpImage - ImageSize too small\n"));
+    return RETURN_INVALID_PARAMETER;
+  }
+  if (Image->AuthInfo.Hdr.wRevision != 0x0200) {
+    DEBUG((DEBUG_ERROR, "AuthenticateFmpImage - wRevision: 0x%02x, expect - 0x%02x\n", (UINTN)Image->AuthInfo.Hdr.wRevision, (UINTN)0x0200));
+    return RETURN_INVALID_PARAMETER;
+  }
+  if (Image->AuthInfo.Hdr.wCertificateType != WIN_CERT_TYPE_EFI_GUID) {
+    DEBUG((DEBUG_ERROR, "AuthenticateFmpImage - wCertificateType: 0x%02x, expect - 0x%02x\n", (UINTN)Image->AuthInfo.Hdr.wCertificateType, (UINTN)WIN_CERT_TYPE_EFI_GUID));
+    return RETURN_INVALID_PARAMETER;
+  }
+
+  CertType = &Image->AuthInfo.CertType;
+  DEBUG((DEBUG_INFO, "AuthenticateFmpImage - CertType: %g\n", CertType));
+
+  if (CompareGuid (&gEfiCertPkcs7Guid, CertType)) {
+    //
+    // Call the match handler to extract raw data for the input section data.
+    //
+    Status = FmpAuthenticatedHandlerPkcs7 (
+               Image,
+               ImageSize,
+               PublicKeyData,
+               PublicKeyDataLength
+               );
+    return Status;
+  }
+
+  //
+  // Not found, the input guided section is not supported.
+  //
+  return RETURN_UNSUPPORTED;
+}
+
diff --git a/SecurityPkg/Library/FmpAuthenticationLibPkcs7/FmpAuthenticationLibPkcs7.inf b/SecurityPkg/Library/FmpAuthenticationLibPkcs7/FmpAuthenticationLibPkcs7.inf
new file mode 100644
index 0000000..ac263bf
--- /dev/null
+++ b/SecurityPkg/Library/FmpAuthenticationLibPkcs7/FmpAuthenticationLibPkcs7.inf
@@ -0,0 +1,49 @@
+## @file
+#  FMP Authentication PKCS7 handler.
+#
+# Instance of FmpAuthentication Library for DXE/PEI post memory phase.
+#
+#  Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
+#  This program and the accompanying materials
+#  are licensed and made available under the terms and conditions of the BSD License
+#  which accompanies this distribution.  The full text of the license may be found at
+#  http://opensource.org/licenses/bsd-license.php
+#
+#  THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+#  WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+#
+##
+
+[Defines]
+  INF_VERSION                    = 0x00010005
+  BASE_NAME                      = FmpAuthenticationLibPkcs7
+  MODULE_UNI_FILE                = FmpAuthenticationLibPkcs7.uni
+  FILE_GUID                      = F4EA205B-7345-452C-9D62-53BA6F3B8910
+  MODULE_TYPE                    = BASE
+  VERSION_STRING                 = 1.0
+  LIBRARY_CLASS                  = FmpAuthenticationLib
+
+#
+# The following information is for reference only and not required by the build tools.
+#
+#  VALID_ARCHITECTURES           = IA32 X64 IPF EBC
+#
+
+[Sources]
+  FmpAuthenticationLibPkcs7.c
+
+[Packages]
+  MdePkg/MdePkg.dec
+  MdeModulePkg/MdeModulePkg.dec
+  SecurityPkg/SecurityPkg.dec
+  CryptoPkg/CryptoPkg.dec
+
+[LibraryClasses]
+  BaseLib
+  BaseMemoryLib
+  DebugLib
+  MemoryAllocationLib
+  BaseCryptLib
+
+[Guids]
+  gEfiCertPkcs7Guid
diff --git a/SecurityPkg/Library/FmpAuthenticationLibPkcs7/FmpAuthenticationLibPkcs7.uni b/SecurityPkg/Library/FmpAuthenticationLibPkcs7/FmpAuthenticationLibPkcs7.uni
new file mode 100644
index 0000000..d327e53
--- /dev/null
+++ b/SecurityPkg/Library/FmpAuthenticationLibPkcs7/FmpAuthenticationLibPkcs7.uni
@@ -0,0 +1,26 @@
+// /** @file
+// FMP Authentication PKCS7 handler.
+//
+// This library provide FMP Authentication PKCS7 handler to verify EFI_FIRMWARE_IMAGE_AUTHENTICATION.
+//
+// Caution: This module requires additional review when modified.
+// This library will have external input - capsule image.
+// This external input must be validated carefully to avoid security issues such as
+// buffer overflow or integer overflow.
+//
+// Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
+//
+// This program and the accompanying materials
+// are licensed and made available under the terms and conditions of the BSD License
+// which accompanies this distribution. The full text of the license may be found at
+// http://opensource.org/licenses/bsd-license.php
+// THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+// WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+//
+// **/
+
+
+#string STR_MODULE_ABSTRACT             #language en-US "FMP Authentication PKCS7 handler."
+
+#string STR_MODULE_DESCRIPTION          #language en-US "This library provide FMP Authentication PKCS7 handler to verify EFI_FIRMWARE_IMAGE_AUTHENTICATION."
+
-- 
2.7.4.windows.1



^ permalink raw reply related	[flat|nested] 16+ messages in thread

* [PATCH V6 14/15] SecurityPkg/FmpAuthenticationLibRsa2048Sha256: Add RSA2048 instance.
  2016-10-28  5:46 [PATCH V6 00/15] Add capsule support lib and app Jiewen Yao
                   ` (12 preceding siblings ...)
  2016-10-28  5:46 ` [PATCH V6 13/15] SecurityPkg/FmpAuthenticationLibPkcs7: Add PKCS7 instance for FMP Jiewen Yao
@ 2016-10-28  5:46 ` Jiewen Yao
  2016-10-28  5:46 ` [PATCH V6 15/15] SecurityPkg/SecurityPkg.dsc: Add FmpAuthenticationLib* Jiewen Yao
  14 siblings, 0 replies; 16+ messages in thread
From: Jiewen Yao @ 2016-10-28  5:46 UTC (permalink / raw)
  To: edk2-devel; +Cc: Feng Tian, Star Zeng, Michael D Kinney, Liming Gao, Chao Zhang

It provides Rsa2048Sha256 based FMP authentication.

Cc: Feng Tian <feng.tian@intel.com>
Cc: Star Zeng <star.zeng@intel.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Liming Gao <liming.gao@intel.com>
Cc: Chao Zhang <chao.b.zhang@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Jiewen Yao <jiewen.yao@intel.com>
Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>
---
 SecurityPkg/Library/FmpAuthenticationLibRsa2048Sha256/FmpAuthenticationLibRsa2048Sha256.c   | 355 ++++++++++++++++++++
 SecurityPkg/Library/FmpAuthenticationLibRsa2048Sha256/FmpAuthenticationLibRsa2048Sha256.inf |  53 +++
 SecurityPkg/Library/FmpAuthenticationLibRsa2048Sha256/FmpAuthenticationLibRsa2048Sha256.uni |  26 ++
 3 files changed, 434 insertions(+)

diff --git a/SecurityPkg/Library/FmpAuthenticationLibRsa2048Sha256/FmpAuthenticationLibRsa2048Sha256.c b/SecurityPkg/Library/FmpAuthenticationLibRsa2048Sha256/FmpAuthenticationLibRsa2048Sha256.c
new file mode 100644
index 0000000..d113d58
--- /dev/null
+++ b/SecurityPkg/Library/FmpAuthenticationLibRsa2048Sha256/FmpAuthenticationLibRsa2048Sha256.c
@@ -0,0 +1,355 @@
+/** @file
+  FMP Authentication RSA2048SHA256 handler.
+  Provide generic FMP authentication functions for DXE/PEI post memory phase.
+
+  Caution: This module requires additional review when modified.
+  This module will have external input - capsule image.
+  This external input must be validated carefully to avoid security issue like
+  buffer overflow, integer overflow.
+
+  FmpAuthenticatedHandlerRsa2048Sha256(), AuthenticateFmpImage() will receive
+  untrusted input and do basic validation.
+
+  Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
+  This program and the accompanying materials
+  are licensed and made available under the terms and conditions of the BSD License
+  which accompanies this distribution.  The full text of the license may be found at
+  http://opensource.org/licenses/bsd-license.php
+
+  THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+  WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+
+**/
+
+#include <Uefi.h>
+
+#include <Guid/SystemResourceTable.h>
+#include <Guid/FirmwareContentsSigned.h>
+#include <Guid/WinCertificate.h>
+
+#include <Library/BaseLib.h>
+#include <Library/BaseMemoryLib.h>
+#include <Library/DebugLib.h>
+#include <Library/MemoryAllocationLib.h>
+#include <Library/BaseCryptLib.h>
+#include <Library/FmpAuthenticationLib.h>
+#include <Library/PcdLib.h>
+#include <Protocol/FirmwareManagement.h>
+#include <Guid/SystemResourceTable.h>
+
+///
+/// Public Exponent of RSA Key.
+///
+STATIC CONST UINT8 mRsaE[] = { 0x01, 0x00, 0x01 };
+
+/**
+  The handler is used to do the authentication for FMP capsule based upon
+  EFI_FIRMWARE_IMAGE_AUTHENTICATION.
+
+  Caution: This function may receive untrusted input.
+
+  This function assumes the caller AuthenticateFmpImage()
+  already did basic validation for EFI_FIRMWARE_IMAGE_AUTHENTICATION.
+
+  @param[in]  Image                   Points to an FMP authentication image, started from EFI_FIRMWARE_IMAGE_AUTHENTICATION.
+  @param[in]  ImageSize               Size of the authentication image in bytes.
+  @param[in]  PublicKeyData           The public key data used to validate the signature.
+  @param[in]  PublicKeyDataLength     The length of the public key data.
+
+  @retval RETURN_SUCCESS            Authentication pass.
+                                    The LastAttemptStatus should be LAST_ATTEMPT_STATUS_SUCCESS.
+  @retval RETURN_SECURITY_VIOLATION Authentication fail.
+                                    The LastAttemptStatus should be LAST_ATTEMPT_STATUS_ERROR_AUTH_ERROR.
+  @retval RETURN_INVALID_PARAMETER  The image is in an invalid format.
+                                    The LastAttemptStatus should be LAST_ATTEMPT_STATUS_ERROR_INVALID_FORMAT.
+  @retval RETURN_OUT_OF_RESOURCES   No Authentication handler associated with CertType.
+                                    The LastAttemptStatus should be LAST_ATTEMPT_STATUS_ERROR_INSUFFICIENT_RESOURCES.
+**/
+RETURN_STATUS
+FmpAuthenticatedHandlerRsa2048Sha256 (
+  IN EFI_FIRMWARE_IMAGE_AUTHENTICATION  *Image,
+  IN UINTN                              ImageSize,
+  IN CONST UINT8                        *PublicKeyData,
+  IN UINTN                              PublicKeyDataLength
+  )
+{
+  RETURN_STATUS                             Status;
+  EFI_CERT_BLOCK_RSA_2048_SHA256            *CertBlockRsa2048Sha256;
+  BOOLEAN                                   CryptoStatus;
+  UINT8                                     Digest[SHA256_DIGEST_SIZE];
+  UINT8                                     *PublicKey;
+  UINTN                                     PublicKeyBufferSize;
+  VOID                                      *HashContext;
+  VOID                                      *Rsa;
+
+  DEBUG ((DEBUG_INFO, "FmpAuthenticatedHandlerRsa2048Sha256 - Image: 0x%08x - 0x%08x\n", (UINTN)Image, (UINTN)ImageSize));
+
+  if (Image->AuthInfo.Hdr.dwLength != OFFSET_OF(WIN_CERTIFICATE_UEFI_GUID, CertData) + sizeof(EFI_CERT_BLOCK_RSA_2048_SHA256)) {
+    DEBUG((DEBUG_ERROR, "FmpAuthenticatedHandlerRsa2048Sha256 - dwLength: 0x%04x, dwLength - 0x%04x\n", (UINTN)Image->AuthInfo.Hdr.dwLength, (UINTN)OFFSET_OF(WIN_CERTIFICATE_UEFI_GUID, CertData) + sizeof(EFI_CERT_BLOCK_RSA_2048_SHA256)));
+    return RETURN_INVALID_PARAMETER;
+  }
+
+  CertBlockRsa2048Sha256 = (EFI_CERT_BLOCK_RSA_2048_SHA256 *)Image->AuthInfo.CertData;
+  if (!CompareGuid(&CertBlockRsa2048Sha256->HashType, &gEfiHashAlgorithmSha256Guid)) {
+    DEBUG((DEBUG_ERROR, "FmpAuthenticatedHandlerRsa2048Sha256 - HashType: %g, expect - %g\n", &CertBlockRsa2048Sha256->HashType, &gEfiHashAlgorithmSha256Guid));
+    return RETURN_INVALID_PARAMETER;
+  }
+
+  HashContext = NULL;
+  Rsa = NULL;
+
+  //
+  // Allocate hash context buffer required for SHA 256
+  //
+  HashContext = AllocatePool (Sha256GetContextSize ());
+  if (HashContext == NULL) {
+    CryptoStatus = FALSE;
+    DEBUG ((DEBUG_ERROR, "FmpAuthenticatedHandlerRsa2048Sha256: Can not allocate hash context\n"));
+    Status = RETURN_OUT_OF_RESOURCES;
+    goto Done;
+  }
+
+  //
+  // Hash public key from data payload with SHA256.
+  //
+  ZeroMem (Digest, SHA256_DIGEST_SIZE);
+  CryptoStatus = Sha256Init (HashContext);
+  if (!CryptoStatus) {
+    DEBUG ((DEBUG_ERROR, "FmpAuthenticatedHandlerRsa2048Sha256: Sha256Init() failed\n"));
+    Status = RETURN_OUT_OF_RESOURCES;
+    goto Done;
+  }
+  CryptoStatus = Sha256Update (HashContext, &CertBlockRsa2048Sha256->PublicKey, sizeof(CertBlockRsa2048Sha256->PublicKey));
+  if (!CryptoStatus) {
+    DEBUG ((DEBUG_ERROR, "FmpAuthenticatedHandlerRsa2048Sha256: Sha256Update() failed\n"));
+    Status = RETURN_OUT_OF_RESOURCES;
+    goto Done;
+  }
+  CryptoStatus  = Sha256Final (HashContext, Digest);
+  if (!CryptoStatus) {
+    DEBUG ((DEBUG_ERROR, "FmpAuthenticatedHandlerRsa2048Sha256: Sha256Final() failed\n"));
+    Status = RETURN_OUT_OF_RESOURCES;
+    goto Done;
+  }
+
+  //
+  // Fail if the PublicKey is not one of the public keys in PcdRsa2048Sha256PublicKeyBuffer
+  //
+  PublicKey = (VOID *)PublicKeyData;
+  PublicKeyBufferSize = PublicKeyDataLength;
+  CryptoStatus = FALSE;
+  while (PublicKeyBufferSize != 0) {
+    if (CompareMem (Digest, PublicKey, SHA256_DIGEST_SIZE) == 0) {
+      CryptoStatus = TRUE;
+      break;
+    }
+    PublicKey = PublicKey + SHA256_DIGEST_SIZE;
+    PublicKeyBufferSize = PublicKeyBufferSize - SHA256_DIGEST_SIZE;
+  }
+  if (!CryptoStatus) {
+    DEBUG ((DEBUG_ERROR, "FmpAuthenticatedHandlerRsa2048Sha256: Public key in section is not supported\n"));
+    Status = RETURN_SECURITY_VIOLATION;
+    goto Done;
+  }
+
+  //
+  // Generate & Initialize RSA Context.
+  //
+  Rsa = RsaNew ();
+  if (Rsa == NULL) {
+    CryptoStatus = FALSE;
+    DEBUG ((DEBUG_ERROR, "FmpAuthenticatedHandlerRsa2048Sha256: RsaNew() failed\n"));
+    Status = RETURN_OUT_OF_RESOURCES;
+    goto Done;
+  }
+
+  //
+  // Set RSA Key Components.
+  // NOTE: Only N and E are needed to be set as RSA public key for signature verification.
+  //
+  CryptoStatus = RsaSetKey (Rsa, RsaKeyN, CertBlockRsa2048Sha256->PublicKey, sizeof(CertBlockRsa2048Sha256->PublicKey));
+  if (!CryptoStatus) {
+    DEBUG ((DEBUG_ERROR, "FmpAuthenticatedHandlerRsa2048Sha256: RsaSetKey(RsaKeyN) failed\n"));
+    Status = RETURN_OUT_OF_RESOURCES;
+    goto Done;
+  }
+  CryptoStatus = RsaSetKey (Rsa, RsaKeyE, mRsaE, sizeof (mRsaE));
+  if (!CryptoStatus) {
+    DEBUG ((DEBUG_ERROR, "FmpAuthenticatedHandlerRsa2048Sha256: RsaSetKey(RsaKeyE) failed\n"));
+    Status = RETURN_OUT_OF_RESOURCES;
+    goto Done;
+  }
+
+  //
+  // Hash data payload with SHA256.
+  //
+  ZeroMem (Digest, SHA256_DIGEST_SIZE);
+  CryptoStatus = Sha256Init (HashContext);
+  if (!CryptoStatus) {
+    DEBUG ((DEBUG_ERROR, "FmpAuthenticatedHandlerRsa2048Sha256: Sha256Init() failed\n"));
+    Status = RETURN_OUT_OF_RESOURCES;
+    goto Done;
+  }
+
+  // It is a signature across the variable data and the Monotonic Count value.
+  CryptoStatus = Sha256Update (
+                   HashContext,
+                   (UINT8 *)Image + sizeof(Image->MonotonicCount) + Image->AuthInfo.Hdr.dwLength,
+                   ImageSize - sizeof(Image->MonotonicCount) - Image->AuthInfo.Hdr.dwLength
+                   );
+  if (!CryptoStatus) {
+    DEBUG((DEBUG_ERROR, "FmpAuthenticatedHandlerRsa2048Sha256: Sha256Update() failed\n"));
+    Status = RETURN_OUT_OF_RESOURCES;
+    goto Done;
+  }
+  CryptoStatus = Sha256Update (
+                   HashContext,
+                   (UINT8 *)&Image->MonotonicCount,
+                   sizeof(Image->MonotonicCount)
+                   );
+  if (!CryptoStatus) {
+    DEBUG ((DEBUG_ERROR, "FmpAuthenticatedHandlerRsa2048Sha256: Sha256Update() failed\n"));
+    Status = RETURN_OUT_OF_RESOURCES;
+    goto Done;
+  }
+  CryptoStatus  = Sha256Final (HashContext, Digest);
+  if (!CryptoStatus) {
+    DEBUG ((DEBUG_ERROR, "FmpAuthenticatedHandlerRsa2048Sha256: Sha256Final() failed\n"));
+    Status = RETURN_OUT_OF_RESOURCES;
+    goto Done;
+  }
+
+  //
+  // Verify the RSA 2048 SHA 256 signature.
+  //
+  CryptoStatus = RsaPkcs1Verify (
+                   Rsa,
+                   Digest,
+                   SHA256_DIGEST_SIZE,
+                   CertBlockRsa2048Sha256->Signature,
+                   sizeof (CertBlockRsa2048Sha256->Signature)
+                   );
+  if (!CryptoStatus) {
+    //
+    // If RSA 2048 SHA 256 signature verification fails, AUTH tested failed bit is set.
+    //
+    DEBUG ((DEBUG_ERROR, "FmpAuthenticatedHandlerRsa2048Sha256: RsaPkcs1Verify() failed\n"));
+    Status = RETURN_SECURITY_VIOLATION;
+    goto Done;
+  }
+  DEBUG ((DEBUG_INFO, "FmpAuthenticatedHandlerRsa2048Sha256: PASS verification\n"));
+
+  Status = RETURN_SUCCESS;
+
+Done:
+  //
+  // Free allocated resources used to perform RSA 2048 SHA 256 signature verification
+  //
+  if (Rsa != NULL) {
+    RsaFree (Rsa);
+  }
+  if (HashContext != NULL) {
+    FreePool (HashContext);
+  }
+
+  return Status;
+}
+
+/**
+  The function is used to do the authentication for FMP capsule based upon
+  EFI_FIRMWARE_IMAGE_AUTHENTICATION.
+
+  The FMP capsule image should start with EFI_FIRMWARE_IMAGE_AUTHENTICATION,
+  followed by the payload.
+
+  If the return status is RETURN_SUCCESS, the caller may continue the rest
+  FMP update process.
+  If the return status is NOT RETURN_SUCCESS, the caller should stop the FMP
+  update process and convert the return status to LastAttemptStatus
+  to indicate that FMP update fails.
+  The LastAttemptStatus can be got from ESRT table or via
+  EFI_FIRMWARE_MANAGEMENT_PROTOCOL.GetImageInfo().
+
+  Caution: This function may receive untrusted input.
+
+  @param[in]  Image                   Points to an FMP authentication image, started from EFI_FIRMWARE_IMAGE_AUTHENTICATION.
+  @param[in]  ImageSize               Size of the authentication image in bytes.
+  @param[in]  PublicKeyData           The public key data used to validate the signature.
+  @param[in]  PublicKeyDataLength     The length of the public key data.
+
+  @retval RETURN_SUCCESS            Authentication pass.
+                                    The LastAttemptStatus should be LAST_ATTEMPT_STATUS_SUCCESS.
+  @retval RETURN_SECURITY_VIOLATION Authentication fail.
+                                    The LastAttemptStatus should be LAST_ATTEMPT_STATUS_ERROR_AUTH_ERROR.
+  @retval RETURN_INVALID_PARAMETER  The image is in an invalid format.
+                                    The LastAttemptStatus should be LAST_ATTEMPT_STATUS_ERROR_INVALID_FORMAT.
+  @retval RETURN_UNSUPPORTED        No Authentication handler associated with CertType.
+                                    The LastAttemptStatus should be LAST_ATTEMPT_STATUS_ERROR_INVALID_FORMAT.
+  @retval RETURN_UNSUPPORTED        Image or ImageSize is invalid.
+                                    The LastAttemptStatus should be LAST_ATTEMPT_STATUS_ERROR_INVALID_FORMAT.
+  @retval RETURN_OUT_OF_RESOURCES   No Authentication handler associated with CertType.
+                                    The LastAttemptStatus should be LAST_ATTEMPT_STATUS_ERROR_INSUFFICIENT_RESOURCES.
+**/
+RETURN_STATUS
+EFIAPI
+AuthenticateFmpImage (
+  IN EFI_FIRMWARE_IMAGE_AUTHENTICATION  *Image,
+  IN UINTN                              ImageSize,
+  IN CONST UINT8                        *PublicKeyData,
+  IN UINTN                              PublicKeyDataLength
+  )
+{
+  GUID                                      *CertType;
+  EFI_STATUS                                Status;
+
+  if ((Image == NULL) || (ImageSize == 0)) {
+    return RETURN_UNSUPPORTED;
+  }
+
+  if (ImageSize < sizeof(EFI_FIRMWARE_IMAGE_AUTHENTICATION)) {
+    DEBUG((DEBUG_ERROR, "AuthenticateFmpImage - ImageSize too small\n"));
+    return RETURN_INVALID_PARAMETER;
+  }
+  if (Image->AuthInfo.Hdr.dwLength <= OFFSET_OF(WIN_CERTIFICATE_UEFI_GUID, CertData)) {
+    DEBUG((DEBUG_ERROR, "AuthenticateFmpImage - dwLength too small\n"));
+    return RETURN_INVALID_PARAMETER;
+  }
+  if (Image->AuthInfo.Hdr.dwLength > MAX_UINTN - sizeof(UINT64)) {
+    DEBUG((DEBUG_ERROR, "AuthenticateFmpImage - dwLength too big\n"));
+    return RETURN_INVALID_PARAMETER;
+  }
+  if (ImageSize <= sizeof(Image->MonotonicCount) + Image->AuthInfo.Hdr.dwLength) {
+    DEBUG((DEBUG_ERROR, "AuthenticateFmpImage - ImageSize too small\n"));
+    return RETURN_INVALID_PARAMETER;
+  }
+  if (Image->AuthInfo.Hdr.wRevision != 0x0200) {
+    DEBUG((DEBUG_ERROR, "AuthenticateFmpImage - wRevision: 0x%02x, expect - 0x%02x\n", (UINTN)Image->AuthInfo.Hdr.wRevision, (UINTN)0x0200));
+    return RETURN_INVALID_PARAMETER;
+  }
+  if (Image->AuthInfo.Hdr.wCertificateType != WIN_CERT_TYPE_EFI_GUID) {
+    DEBUG((DEBUG_ERROR, "AuthenticateFmpImage - wCertificateType: 0x%02x, expect - 0x%02x\n", (UINTN)Image->AuthInfo.Hdr.wCertificateType, (UINTN)WIN_CERT_TYPE_EFI_GUID));
+    return RETURN_INVALID_PARAMETER;
+  }
+
+  CertType = &Image->AuthInfo.CertType;
+  DEBUG((DEBUG_INFO, "AuthenticateFmpImage - CertType: %g\n", CertType));
+
+  if (CompareGuid (&gEfiCertTypeRsa2048Sha256Guid, CertType)) {
+    //
+    // Call the match handler to extract raw data for the input section data.
+    //
+    Status = FmpAuthenticatedHandlerRsa2048Sha256 (
+               Image,
+               ImageSize,
+               PublicKeyData,
+               PublicKeyDataLength
+               );
+    return Status;
+  }
+
+  //
+  // Not found, the input guided section is not supported.
+  //
+  return RETURN_UNSUPPORTED;
+}
+
diff --git a/SecurityPkg/Library/FmpAuthenticationLibRsa2048Sha256/FmpAuthenticationLibRsa2048Sha256.inf b/SecurityPkg/Library/FmpAuthenticationLibRsa2048Sha256/FmpAuthenticationLibRsa2048Sha256.inf
new file mode 100644
index 0000000..fbff00e
--- /dev/null
+++ b/SecurityPkg/Library/FmpAuthenticationLibRsa2048Sha256/FmpAuthenticationLibRsa2048Sha256.inf
@@ -0,0 +1,53 @@
+## @file
+#  FMP Authentication RSA2048SHA256 handler.
+#
+# Instance of FmpAuthentication Library for DXE/PEI post memory phase.
+#
+#  Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
+#  This program and the accompanying materials
+#  are licensed and made available under the terms and conditions of the BSD License
+#  which accompanies this distribution.  The full text of the license may be found at
+#  http://opensource.org/licenses/bsd-license.php
+#
+#  THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+#  WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+#
+##
+
+[Defines]
+  INF_VERSION                    = 0x00010005
+  BASE_NAME                      = FmpAuthenticationLibRsa2048Sha256
+  MODULE_UNI_FILE                = FmpAuthenticationLibRsa2048Sha256.uni
+  FILE_GUID                      = 105FF0EA-A0C0-48A8-B8F7-E8B4D62A1019
+  MODULE_TYPE                    = BASE
+  VERSION_STRING                 = 1.0
+  LIBRARY_CLASS                  = FmpAuthenticationLib
+
+#
+# The following information is for reference only and not required by the build tools.
+#
+#  VALID_ARCHITECTURES           = IA32 X64 IPF EBC
+#
+
+[Sources]
+  FmpAuthenticationLibRsa2048Sha256.c
+
+[Packages]
+  MdePkg/MdePkg.dec
+  MdeModulePkg/MdeModulePkg.dec
+  SecurityPkg/SecurityPkg.dec
+  CryptoPkg/CryptoPkg.dec
+
+[LibraryClasses]
+  BaseLib
+  BaseMemoryLib
+  DebugLib
+  MemoryAllocationLib
+  BaseCryptLib
+
+[Pcd]
+  gEfiSecurityPkgTokenSpaceGuid.PcdRsa2048Sha256PublicKeyBuffer
+
+[Guids]
+  gEfiCertTypeRsa2048Sha256Guid
+  gEfiHashAlgorithmSha256Guid
diff --git a/SecurityPkg/Library/FmpAuthenticationLibRsa2048Sha256/FmpAuthenticationLibRsa2048Sha256.uni b/SecurityPkg/Library/FmpAuthenticationLibRsa2048Sha256/FmpAuthenticationLibRsa2048Sha256.uni
new file mode 100644
index 0000000..902edef
--- /dev/null
+++ b/SecurityPkg/Library/FmpAuthenticationLibRsa2048Sha256/FmpAuthenticationLibRsa2048Sha256.uni
@@ -0,0 +1,26 @@
+// /** @file
+// FMP Authentication RSA2048SHA256 handler.
+//
+// This library provide FMP Authentication RSA2048SHA256 handler to verify EFI_FIRMWARE_IMAGE_AUTHENTICATION.
+//
+// Caution: This module requires additional review when modified.
+// This library will have external input - capsule image.
+// This external input must be validated carefully to avoid security issues such as
+// buffer overflow or integer overflow.
+//
+// Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
+//
+// This program and the accompanying materials
+// are licensed and made available under the terms and conditions of the BSD License
+// which accompanies this distribution. The full text of the license may be found at
+// http://opensource.org/licenses/bsd-license.php
+// THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+// WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+//
+// **/
+
+
+#string STR_MODULE_ABSTRACT             #language en-US "FMP Authentication RSA2048SHA256 handler."
+
+#string STR_MODULE_DESCRIPTION          #language en-US "This library provide FMP Authentication RSA2048SHA256 handler to verify EFI_FIRMWARE_IMAGE_AUTHENTICATION."
+
-- 
2.7.4.windows.1



^ permalink raw reply related	[flat|nested] 16+ messages in thread

* [PATCH V6 15/15] SecurityPkg/SecurityPkg.dsc: Add FmpAuthenticationLib*.
  2016-10-28  5:46 [PATCH V6 00/15] Add capsule support lib and app Jiewen Yao
                   ` (13 preceding siblings ...)
  2016-10-28  5:46 ` [PATCH V6 14/15] SecurityPkg/FmpAuthenticationLibRsa2048Sha256: Add RSA2048 instance Jiewen Yao
@ 2016-10-28  5:46 ` Jiewen Yao
  14 siblings, 0 replies; 16+ messages in thread
From: Jiewen Yao @ 2016-10-28  5:46 UTC (permalink / raw)
  To: edk2-devel; +Cc: Feng Tian, Star Zeng, Michael D Kinney, Liming Gao, Chao Zhang

Add FmpAuthenticationLib* to check build.

Cc: Feng Tian <feng.tian@intel.com>
Cc: Star Zeng <star.zeng@intel.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Liming Gao <liming.gao@intel.com>
Cc: Chao Zhang <chao.b.zhang@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Jiewen Yao <jiewen.yao@intel.com>
Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>
---
 SecurityPkg/SecurityPkg.dsc | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/SecurityPkg/SecurityPkg.dsc b/SecurityPkg/SecurityPkg.dsc
index 2ebd0a4..e5cce21 100644
--- a/SecurityPkg/SecurityPkg.dsc
+++ b/SecurityPkg/SecurityPkg.dsc
@@ -212,6 +212,9 @@
   SecurityPkg/Library/DxeRsa2048Sha256GuidedSectionExtractLib/DxeRsa2048Sha256GuidedSectionExtractLib.inf
   SecurityPkg/Library/PeiRsa2048Sha256GuidedSectionExtractLib/PeiRsa2048Sha256GuidedSectionExtractLib.inf
 
+  SecurityPkg/Library/FmpAuthenticationLibPkcs7/FmpAuthenticationLibPkcs7.inf
+  SecurityPkg/Library/FmpAuthenticationLibRsa2048Sha256/FmpAuthenticationLibRsa2048Sha256.inf
+
   SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf
 
 [Components.IA32, Components.X64, Components.IPF]
-- 
2.7.4.windows.1



^ permalink raw reply related	[flat|nested] 16+ messages in thread

end of thread, other threads:[~2016-10-28  6:54 UTC | newest]

Thread overview: 16+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2016-10-28  5:46 [PATCH V6 00/15] Add capsule support lib and app Jiewen Yao
2016-10-28  5:46 ` [PATCH V6 01/15] MdeModulePkg/Include: Add FmpAuthenticationLib header Jiewen Yao
2016-10-28  5:46 ` [PATCH V6 02/15] MdeModulePkg/CapsuleLib: Add ProcessCapsules() API Jiewen Yao
2016-10-28  5:46 ` [PATCH V6 03/15] MdeModulePkg/MdeModulePkg.dec: Add capsule related definition Jiewen Yao
2016-10-28  5:46 ` [PATCH V6 04/15] MdeModulePkg/FmpAuthenticationLibNull: Add NULL instance FMP Jiewen Yao
2016-10-28  5:46 ` [PATCH V6 05/15] MdeModulePkg/DxeCapsuleLibNull: Add ProcessCapsules() interface Jiewen Yao
2016-10-28  5:46 ` [PATCH V6 06/15] MdeModulePkg/DxeCapsuleLibFmp: Add DxeCapsuleLibFmp instance Jiewen Yao
2016-10-28  5:46 ` [PATCH V6 07/15] MdeModulePkg/Esrt: Add ESRT_FW_TYPE_SYSTEMFIRMWARE check Jiewen Yao
2016-10-28  5:46 ` [PATCH V6 08/15] MdeModulePkg/CapsuleApp: Add CapsuleApp application Jiewen Yao
2016-10-28  5:46 ` [PATCH V6 09/15] MdeModulePkg/UiApp: Show test key warning info in FrontPage Jiewen Yao
2016-10-28  5:46 ` [PATCH V6 10/15] MdeModulePkg/MdeModulePkg.dsc: Add FMP related component Jiewen Yao
2016-10-28  5:46 ` [PATCH V6 11/15] IntelFrameworkModulePkg/DxeCapsuleLib: Add ProcessCapsules() interface Jiewen Yao
2016-10-28  5:46 ` [PATCH V6 12/15] SecurityPkg/SecurityPkg.dec: Add PcdPkcs7CertBuffer PCD Jiewen Yao
2016-10-28  5:46 ` [PATCH V6 13/15] SecurityPkg/FmpAuthenticationLibPkcs7: Add PKCS7 instance for FMP Jiewen Yao
2016-10-28  5:46 ` [PATCH V6 14/15] SecurityPkg/FmpAuthenticationLibRsa2048Sha256: Add RSA2048 instance Jiewen Yao
2016-10-28  5:46 ` [PATCH V6 15/15] SecurityPkg/SecurityPkg.dsc: Add FmpAuthenticationLib* Jiewen Yao

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox