public inbox for devel@edk2.groups.io
 help / color / mirror / Atom feed
From: Jiewen Yao <jiewen.yao@intel.com>
To: edk2-devel@lists.01.org
Cc: Feng Tian <feng.tian@intel.com>, Star Zeng <star.zeng@intel.com>,
	Michael D Kinney <michael.d.kinney@intel.com>,
	Liming Gao <liming.gao@intel.com>,
	Chao Zhang <chao.b.zhang@intel.com>
Subject: [PATCH V8 08/12] SignedCapsulePkg/EdkiiSystemCapsuleLib: Add EdkiiSystemCapsuleLib.
Date: Wed,  2 Nov 2016 21:59:45 +0800	[thread overview]
Message-ID: <1478095189-17240-9-git-send-email-jiewen.yao@intel.com> (raw)
In-Reply-To: <1478095189-17240-1-git-send-email-jiewen.yao@intel.com>

This library is used to abstract the action for EDKII system FMP capsule,
such as extracting a component from capsule, or authenticate the capsule.

Cc: Feng Tian <feng.tian@intel.com>
Cc: Star Zeng <star.zeng@intel.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Liming Gao <liming.gao@intel.com>
Cc: Chao Zhang <chao.b.zhang@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Jiewen Yao <jiewen.yao@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
---
 SignedCapsulePkg/Library/EdkiiSystemCapsuleLib/EdkiiSystemCapsuleLib.c   | 671 ++++++++++++++++++++
 SignedCapsulePkg/Library/EdkiiSystemCapsuleLib/EdkiiSystemCapsuleLib.inf |  61 ++
 SignedCapsulePkg/Library/EdkiiSystemCapsuleLib/EdkiiSystemCapsuleLib.uni |  22 +
 3 files changed, 754 insertions(+)

diff --git a/SignedCapsulePkg/Library/EdkiiSystemCapsuleLib/EdkiiSystemCapsuleLib.c b/SignedCapsulePkg/Library/EdkiiSystemCapsuleLib/EdkiiSystemCapsuleLib.c
new file mode 100644
index 0000000..27c6f4c
--- /dev/null
+++ b/SignedCapsulePkg/Library/EdkiiSystemCapsuleLib/EdkiiSystemCapsuleLib.c
@@ -0,0 +1,671 @@
+/** @file
+  EDKII System Capsule library.
+
+  EDKII System Capsule library instance.
+
+  CapsuleAuthenticateSystemFirmware(), ExtractAuthenticatedImage() will receive
+  untrusted input and do basic validation.
+
+  Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
+  This program and the accompanying materials
+  are licensed and made available under the terms and conditions of the BSD License
+  which accompanies this distribution.  The full text of the license may be found at
+  http://opensource.org/licenses/bsd-license.php
+
+  THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+  WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+
+**/
+
+#include <PiDxe.h>
+
+#include <Guid/SystemResourceTable.h>
+#include <Guid/FirmwareContentsSigned.h>
+#include <Guid/WinCertificate.h>
+#include <Guid/EdkiiSystemFmpCapsule.h>
+#include <Guid/WinCertificate.h>
+#include <Guid/ImageAuthentication.h>
+
+#include <Library/BaseLib.h>
+#include <Library/BaseMemoryLib.h>
+#include <Library/DebugLib.h>
+#include <Library/MemoryAllocationLib.h>
+#include <Library/EdkiiSystemCapsuleLib.h>
+#include <Library/FmpAuthenticationLib.h>
+
+#include <Protocol/FirmwareManagement.h>
+
+EDKII_SYSTEM_FIRMWARE_IMAGE_DESCRIPTOR   *mImageFmpInfo;
+UINTN                                    mImageFmpInfoSize;
+EFI_GUID                                 mEdkiiSystemFirmwareFileGuid;
+
+/**
+  Check if a block of buffer is erased.
+
+  @param[in] ErasePolarity  Erase polarity attribute of the firmware volume
+  @param[in] InBuffer       The buffer to be checked
+  @param[in] BufferSize     Size of the buffer in bytes
+
+  @retval    TRUE           The block of buffer is erased
+  @retval    FALSE          The block of buffer is not erased
+**/
+BOOLEAN
+IsBufferErased (
+  IN UINT8    ErasePolarity,
+  IN VOID     *InBuffer,
+  IN UINTN    BufferSize
+  )
+{
+  UINTN   Count;
+  UINT8   EraseByte;
+  UINT8   *Buffer;
+
+  if(ErasePolarity == 1) {
+    EraseByte = 0xFF;
+  } else {
+    EraseByte = 0;
+  }
+
+  Buffer = InBuffer;
+  for (Count = 0; Count < BufferSize; Count++) {
+    if (Buffer[Count] != EraseByte) {
+      return FALSE;
+    }
+  }
+
+  return TRUE;
+}
+
+/**
+  Get Section buffer pointer by SectionType and SectionInstance.
+
+  @param[in]   SectionBuffer     The buffer of section
+  @param[in]   SectionBufferSize The size of SectionBuffer in bytes
+  @param[in]   SectionType       The SectionType of Section to be found
+  @param[in]   SectionInstance   The Instance of Section to be found
+  @param[out]  OutSectionBuffer  The section found, including SECTION_HEADER
+  @param[out]  OutSectionSize    The size of section found, including SECTION_HEADER
+
+  @retval TRUE  The FFS buffer is found.
+  @retval FALSE The FFS buffer is not found.
+**/
+BOOLEAN
+GetSectionByType (
+  IN VOID                  *SectionBuffer,
+  IN UINT32                SectionBufferSize,
+  IN EFI_SECTION_TYPE      SectionType,
+  IN UINTN                 SectionInstance,
+  OUT VOID                 **OutSectionBuffer,
+  OUT UINTN                *OutSectionSize
+  )
+{
+  EFI_COMMON_SECTION_HEADER             *SectionHeader;
+  UINTN                                 SectionSize;
+  UINTN                                 Instance;
+
+  DEBUG ((DEBUG_INFO, "GetSectionByType - Buffer: 0x%08x - 0x%08x\n", SectionBuffer, SectionBufferSize));
+
+  //
+  // Find Section
+  //
+  SectionHeader = SectionBuffer;
+
+  Instance = 0;
+  while ((UINTN)SectionHeader < (UINTN)SectionBuffer + SectionBufferSize) {
+    DEBUG ((DEBUG_INFO, "GetSectionByType - Section: 0x%08x\n", SectionHeader));
+    if (IS_SECTION2(SectionHeader)) {
+      SectionSize = SECTION2_SIZE(SectionHeader);
+    } else {
+      SectionSize = SECTION_SIZE(SectionHeader);
+    }
+
+    if (SectionHeader->Type == SectionType) {
+      if (Instance == SectionInstance) {
+        *OutSectionBuffer = (UINT8 *)SectionHeader;
+        *OutSectionSize = SectionSize;
+        DEBUG((DEBUG_INFO, "GetSectionByType - 0x%x - 0x%x\n", *OutSectionBuffer, *OutSectionSize));
+        return TRUE;
+      } else {
+        DEBUG((DEBUG_INFO, "GetSectionByType - find section instance %x\n", Instance));
+        Instance++;
+      }
+    } else {
+      //
+      // Skip other section type
+      //
+      DEBUG ((DEBUG_INFO, "GetSectionByType - other section type 0x%x\n", SectionHeader->Type));
+    }
+
+    //
+    // Next Section
+    //
+    SectionHeader = (EFI_COMMON_SECTION_HEADER *)((UINTN)SectionHeader + ALIGN_VALUE(SectionSize, 4));
+  }
+
+  return FALSE;
+}
+
+/**
+  Get FFS buffer pointer by FileName GUID and FileType.
+
+  @param[in]   FdStart          The System Firmware FD image
+  @param[in]   FdSize           The size of System Firmware FD image
+  @param[in]   FileName         The FileName GUID of FFS to be found
+  @param[in]   Type             The FileType of FFS to be found
+  @param[out]  OutFfsBuffer     The FFS buffer found, including FFS_FILE_HEADER
+  @param[out]  OutFfsBufferSize The size of FFS buffer found, including FFS_FILE_HEADER
+
+  @retval TRUE  The FFS buffer is found.
+  @retval FALSE The FFS buffer is not found.
+**/
+BOOLEAN
+GetFfsByName (
+  IN VOID                  *FdStart,
+  IN UINTN                 FdSize,
+  IN EFI_GUID              *FileName,
+  IN EFI_FV_FILETYPE       Type,
+  OUT VOID                 **OutFfsBuffer,
+  OUT UINTN                *OutFfsBufferSize
+  )
+{
+  UINTN                                     FvSize;
+  EFI_FIRMWARE_VOLUME_HEADER                *FvHeader;
+  EFI_FIRMWARE_VOLUME_EXT_HEADER            *FvExtHeader;
+  EFI_FFS_FILE_HEADER                       *FfsHeader;
+  UINT32                                    FfsSize;
+  UINTN                                     TestLength;
+  BOOLEAN                                   FvFound;
+
+  DEBUG ((DEBUG_INFO, "GetFfsByName - FV: 0x%08x - 0x%08x\n", (UINTN)FdStart, (UINTN)FdSize));
+
+  FvFound = FALSE;
+  FvHeader = (EFI_FIRMWARE_VOLUME_HEADER *)FdStart;
+  while ((UINTN)FvHeader < (UINTN)FdStart + FdSize - 1) {
+    FvSize = (UINTN)FdStart + FdSize - (UINTN)FvHeader;
+
+    if (FvHeader->Signature != EFI_FVH_SIGNATURE) {
+      FvHeader = (EFI_FIRMWARE_VOLUME_HEADER *)((UINTN)FvHeader + SIZE_4KB);
+      continue;
+    }
+    DEBUG((DEBUG_ERROR, "checking FV....0x%08x - 0x%x\n", FvHeader, FvHeader->FvLength));
+    FvFound = TRUE;
+    if (FvHeader->FvLength > FvSize) {
+      DEBUG((DEBUG_ERROR, "GetFfsByName - FvSize: 0x%08x, MaxSize - 0x%08x\n", (UINTN)FvHeader->FvLength, (UINTN)FvSize));
+      return FALSE;
+    }
+    FvSize = (UINTN)FvHeader->FvLength;
+
+    //
+    // Find FFS
+    //
+    if (FvHeader->ExtHeaderOffset != 0) {
+      FvExtHeader = (EFI_FIRMWARE_VOLUME_EXT_HEADER *)((UINT8 *)FvHeader + FvHeader->ExtHeaderOffset);
+      FfsHeader = (EFI_FFS_FILE_HEADER *)((UINT8 *)FvExtHeader + FvExtHeader->ExtHeaderSize);
+    } else {
+      FfsHeader = (EFI_FFS_FILE_HEADER *)((UINT8 *)FvHeader + FvHeader->HeaderLength);
+    }
+    FfsHeader = (EFI_FFS_FILE_HEADER *)((UINTN)FvHeader + ALIGN_VALUE((UINTN)FfsHeader - (UINTN)FvHeader, 8));
+
+    while ((UINTN)FfsHeader < (UINTN)FvHeader + FvSize - 1) {
+      DEBUG((DEBUG_INFO, "GetFfsByName - FFS: 0x%08x\n", FfsHeader));
+      TestLength = (UINTN)((UINTN)FvHeader + FvSize - (UINTN)FfsHeader);
+      if (TestLength > sizeof(EFI_FFS_FILE_HEADER)) {
+        TestLength = sizeof(EFI_FFS_FILE_HEADER);
+      }
+      if (IsBufferErased(1, FfsHeader, TestLength)) {
+        break;
+      }
+
+      if (IS_FFS_FILE2(FfsHeader)) {
+        FfsSize = FFS_FILE2_SIZE(FfsHeader);
+      } else {
+        FfsSize = FFS_FILE_SIZE(FfsHeader);
+      }
+
+      if (CompareGuid(FileName, &FfsHeader->Name) &&
+          ((Type == EFI_FV_FILETYPE_ALL) || (FfsHeader->Type == Type))) {
+        //
+        // Check section
+        //
+        *OutFfsBuffer = FfsHeader;
+        *OutFfsBufferSize = FfsSize;
+        return TRUE;
+      } else {
+        //
+        // Any other type is not allowed
+        //
+        DEBUG((DEBUG_INFO, "GetFfsByName - other FFS type 0x%x, name %g\n", FfsHeader->Type, &FfsHeader->Name));
+      }
+
+      //
+      // Next File
+      //
+      FfsHeader = (EFI_FFS_FILE_HEADER *)((UINTN)FfsHeader + ALIGN_VALUE(FfsSize, 8));
+    }
+
+    //
+    // Next FV
+    //
+    FvHeader = (VOID *)(UINTN)((UINTN)FvHeader + FvHeader->FvLength);
+    DEBUG((DEBUG_ERROR, "Next FV....0x%08x - 0x%x\n", FvHeader, FvHeader->FvLength));
+  }
+
+  if (!FvFound) {
+    DEBUG((DEBUG_ERROR, "GetFfsByName - NO FV Found\n"));
+  }
+  return FALSE;
+}
+
+/**
+  Extract the driver FV from an authenticated image.
+
+  @param[in]  AuthenticatedImage      The authenticated capsule image.
+  @param[in]  AuthenticatedImageSize  The size of the authenticated capsule image in bytes.
+  @param[out] DriverFvImage           The driver FV image.
+  @param[out] DriverFvImageSize       The size of the driver FV image in bytes.
+
+  @retval TRUE  The driver Fv is extracted.
+  @retval FALSE The driver Fv is not extracted.
+**/
+BOOLEAN
+EFIAPI
+ExtractDriverFvImage (
+  IN VOID                         *AuthenticatedImage,
+  IN UINTN                        AuthenticatedImageSize,
+  OUT VOID                        **DriverFvImage,
+  OUT UINTN                       *DriverFvImageSize
+  )
+{
+  BOOLEAN     Result;
+  UINT32      FileHeaderSize;
+
+  *DriverFvImage = NULL;
+  *DriverFvImageSize = 0;
+
+  Result = GetFfsByName(AuthenticatedImage, AuthenticatedImageSize, &gEdkiiSystemFmpCapsuleDriverFvFileGuid, EFI_FV_FILETYPE_RAW, DriverFvImage, DriverFvImageSize);
+  if (!Result) {
+    return FALSE;
+  }
+
+  if (IS_FFS_FILE2(*DriverFvImage)) {
+    FileHeaderSize = sizeof(EFI_FFS_FILE_HEADER2);
+  } else {
+    FileHeaderSize = sizeof(EFI_FFS_FILE_HEADER);
+  }
+  *DriverFvImage = (UINT8 *)*DriverFvImage + FileHeaderSize;
+  *DriverFvImageSize = *DriverFvImageSize - FileHeaderSize;
+
+  return Result;
+}
+
+/**
+  Extract the config image from an authenticated image.
+
+  @param[in]  AuthenticatedImage      The authenticated capsule image.
+  @param[in]  AuthenticatedImageSize  The size of the authenticated capsule image in bytes.
+  @param[out] ConfigImage             The config image.
+  @param[out] ConfigImageSize         The size of the config image in bytes.
+
+  @retval TRUE  The config image is extracted.
+  @retval FALSE The config image is not extracted.
+**/
+BOOLEAN
+EFIAPI
+ExtractConfigImage (
+  IN VOID                         *AuthenticatedImage,
+  IN UINTN                        AuthenticatedImageSize,
+  OUT VOID                        **ConfigImage,
+  OUT UINTN                       *ConfigImageSize
+  )
+{
+  BOOLEAN     Result;
+  UINT32      FileHeaderSize;
+
+  *ConfigImage = NULL;
+  *ConfigImageSize = 0;
+
+  Result = GetFfsByName(AuthenticatedImage, AuthenticatedImageSize, &gEdkiiSystemFmpCapsuleConfigFileGuid, EFI_FV_FILETYPE_RAW, ConfigImage, ConfigImageSize);
+  if (!Result) {
+    return FALSE;
+  }
+
+  if (IS_FFS_FILE2(*ConfigImage)) {
+    FileHeaderSize = sizeof(EFI_FFS_FILE_HEADER2);
+  } else {
+    FileHeaderSize = sizeof(EFI_FFS_FILE_HEADER);
+  }
+  *ConfigImage = (UINT8 *)*ConfigImage + FileHeaderSize;
+  *ConfigImageSize = *ConfigImageSize - FileHeaderSize;
+
+  return Result;
+}
+
+/**
+  Extract the authenticated image from an FMP capsule image.
+
+  Caution: This function may receive untrusted input.
+
+  @param[in]  Image                   The FMP capsule image, including EFI_FIRMWARE_IMAGE_AUTHENTICATION.
+  @param[in]  ImageSize               The size of FMP capsule image in bytes.
+  @param[out] LastAttemptStatus       The last attempt status, which will be recorded in ESRT and FMP EFI_FIRMWARE_IMAGE_DESCRIPTOR.
+  @param[out] AuthenticatedImage      The authenticated capsule image, excluding EFI_FIRMWARE_IMAGE_AUTHENTICATION.
+  @param[out] AuthenticatedImageSize  The size of the authenticated capsule image in bytes.
+
+  @retval TRUE  The authenticated image is extracted.
+  @retval FALSE The authenticated image is not extracted.
+**/
+BOOLEAN
+EFIAPI
+ExtractAuthenticatedImage (
+  IN VOID                         *Image,
+  IN UINTN                        ImageSize,
+  OUT UINT32                      *LastAttemptStatus,
+  OUT VOID                        **AuthenticatedImage,
+  OUT UINTN                       *AuthenticatedImageSize
+  )
+{
+  EFI_FIRMWARE_IMAGE_AUTHENTICATION         *ImageAuth;
+  EFI_STATUS                                Status;
+  GUID                                      *CertType;
+  VOID                                      *PublicKeyData;
+  UINTN                                     PublicKeyDataLength;
+
+  DEBUG((DEBUG_INFO, "ExtractAuthenticatedImage - Image: 0x%08x - 0x%08x\n", (UINTN)Image, (UINTN)ImageSize));
+
+  *LastAttemptStatus = LAST_ATTEMPT_STATUS_ERROR_INVALID_FORMAT;
+  if ((Image == NULL) || (ImageSize == 0)) {
+    return FALSE;
+  }
+
+  ImageAuth = (EFI_FIRMWARE_IMAGE_AUTHENTICATION *)Image;
+  if (ImageSize < sizeof(EFI_FIRMWARE_IMAGE_AUTHENTICATION)) {
+    DEBUG((DEBUG_ERROR, "ExtractAuthenticatedImage - ImageSize too small\n"));
+    return FALSE;
+  }
+  if (ImageAuth->AuthInfo.Hdr.dwLength <= OFFSET_OF(WIN_CERTIFICATE_UEFI_GUID, CertData)) {
+    DEBUG((DEBUG_ERROR, "ExtractAuthenticatedImage - dwLength too small\n"));
+    return FALSE;
+  }
+  if (ImageAuth->AuthInfo.Hdr.dwLength > MAX_UINTN - sizeof(UINT64)) {
+    DEBUG((DEBUG_ERROR, "ExtractAuthenticatedImage - dwLength too big\n"));
+    return FALSE;
+  }
+  if (ImageSize <= sizeof(ImageAuth->MonotonicCount) + ImageAuth->AuthInfo.Hdr.dwLength) {
+    DEBUG((DEBUG_ERROR, "ExtractAuthenticatedImage - ImageSize too small\n"));
+    return FALSE;
+  }
+  if (ImageAuth->AuthInfo.Hdr.wRevision != 0x0200) {
+    DEBUG((DEBUG_ERROR, "ExtractAuthenticatedImage - wRevision: 0x%02x, expect - 0x%02x\n", (UINTN)ImageAuth->AuthInfo.Hdr.wRevision, (UINTN)0x0200));
+    return FALSE;
+  }
+  if (ImageAuth->AuthInfo.Hdr.wCertificateType != WIN_CERT_TYPE_EFI_GUID) {
+    DEBUG((DEBUG_ERROR, "ExtractAuthenticatedImage - wCertificateType: 0x%02x, expect - 0x%02x\n", (UINTN)ImageAuth->AuthInfo.Hdr.wCertificateType, (UINTN)WIN_CERT_TYPE_EFI_GUID));
+    return FALSE;
+  }
+
+  CertType = &ImageAuth->AuthInfo.CertType;
+  DEBUG((DEBUG_INFO, "ExtractAuthenticatedImage - CertType: %g\n", CertType));
+
+  if (CompareGuid(&gEfiCertPkcs7Guid, CertType)) {
+    PublicKeyData   = PcdGetPtr(PcdPkcs7CertBuffer);
+    PublicKeyDataLength = PcdGetSize(PcdPkcs7CertBuffer);
+  } else if (CompareGuid(&gEfiCertTypeRsa2048Sha256Guid, CertType)) {
+    PublicKeyData = PcdGetPtr(PcdRsa2048Sha256PublicKeyBuffer);
+    PublicKeyDataLength = PcdGetSize(PcdRsa2048Sha256PublicKeyBuffer);
+  } else {
+    return FALSE;
+  }
+
+  Status = AuthenticateFmpImage(
+             ImageAuth,
+             ImageSize,
+             PublicKeyData,
+             PublicKeyDataLength
+             );
+  switch (Status) {
+  case RETURN_SUCCESS:
+    *LastAttemptStatus = LAST_ATTEMPT_STATUS_SUCCESS;
+    break;
+  case RETURN_SECURITY_VIOLATION:
+    *LastAttemptStatus = LAST_ATTEMPT_STATUS_ERROR_AUTH_ERROR;
+    break;
+  case RETURN_INVALID_PARAMETER:
+    *LastAttemptStatus = LAST_ATTEMPT_STATUS_ERROR_INVALID_FORMAT;
+    break;
+  case RETURN_UNSUPPORTED:
+    *LastAttemptStatus = LAST_ATTEMPT_STATUS_ERROR_INVALID_FORMAT;
+    break;
+  case RETURN_OUT_OF_RESOURCES:
+    *LastAttemptStatus = LAST_ATTEMPT_STATUS_ERROR_INSUFFICIENT_RESOURCES;
+    break;
+  default:
+    *LastAttemptStatus = LAST_ATTEMPT_STATUS_ERROR_UNSUCCESSFUL;
+    break;
+  }
+  if (EFI_ERROR(Status)) {
+    return FALSE;
+  }
+
+  if (AuthenticatedImage != NULL) {
+    *AuthenticatedImage = (UINT8 *)ImageAuth + ImageAuth->AuthInfo.Hdr.dwLength + sizeof(ImageAuth->MonotonicCount);
+  }
+  if (AuthenticatedImageSize != NULL) {
+    *AuthenticatedImageSize = ImageSize - ImageAuth->AuthInfo.Hdr.dwLength - sizeof(ImageAuth->MonotonicCount);
+  }
+  return TRUE;
+}
+
+/**
+  Extract ImageFmpInfo from system firmware.
+
+  @param[in]  SystemFirmwareImage     The System Firmware image.
+  @param[in]  SystemFirmwareImageSize The size of the System Firmware image in bytes.
+  @param[out] ImageFmpInfo            The ImageFmpInfo.
+  @param[out] ImageFmpInfoSize        The size of the ImageFmpInfo in bytes.
+
+  @retval TRUE  The ImageFmpInfo is extracted.
+  @retval FALSE The ImageFmpInfo is not extracted.
+**/
+BOOLEAN
+EFIAPI
+ExtractSystemFirmwareImageFmpInfo (
+  IN VOID                                      *SystemFirmwareImage,
+  IN UINTN                                     SystemFirmwareImageSize,
+  OUT EDKII_SYSTEM_FIRMWARE_IMAGE_DESCRIPTOR   **ImageFmpInfo,
+  OUT UINTN                                    *ImageFmpInfoSize
+  )
+{
+  BOOLEAN     Result;
+  UINT32      SectionHeaderSize;
+  UINT32      FileHeaderSize;
+
+  *ImageFmpInfo = NULL;
+  *ImageFmpInfoSize = 0;
+
+  Result = GetFfsByName(SystemFirmwareImage, SystemFirmwareImageSize, &gEdkiiSystemFirmwareImageDescriptorFileGuid, EFI_FV_FILETYPE_ALL, (VOID **)ImageFmpInfo, ImageFmpInfoSize);
+  if (!Result) {
+    return FALSE;
+  }
+  if (IS_FFS_FILE2 (*ImageFmpInfo)) {
+    FileHeaderSize = sizeof(EFI_FFS_FILE_HEADER2);
+  } else {
+    FileHeaderSize = sizeof(EFI_FFS_FILE_HEADER);
+  }
+  *ImageFmpInfo = (VOID *)((UINT8 *)*ImageFmpInfo + FileHeaderSize);
+  *ImageFmpInfoSize = *ImageFmpInfoSize - FileHeaderSize;
+
+  Result = GetSectionByType(*ImageFmpInfo, (UINT32)*ImageFmpInfoSize, EFI_SECTION_RAW, 0, (VOID **)ImageFmpInfo, ImageFmpInfoSize);
+  if (!Result) {
+    return FALSE;
+  }
+  if (IS_SECTION2(*ImageFmpInfo)) {
+    SectionHeaderSize = sizeof(EFI_RAW_SECTION2);
+  } else {
+    SectionHeaderSize = sizeof(EFI_RAW_SECTION);
+  }
+  *ImageFmpInfo = (VOID *)((UINT8 *)*ImageFmpInfo + SectionHeaderSize);
+  *ImageFmpInfoSize = *ImageFmpInfoSize - SectionHeaderSize;
+
+  return TRUE;
+}
+
+/**
+  Extract the System Firmware image from an authenticated image.
+
+  @param[in]  AuthenticatedImage      The authenticated capsule image.
+  @param[in]  AuthenticatedImageSize  The size of the authenticated capsule image in bytes.
+  @param[out] SystemFirmwareImage     The System Firmware image.
+  @param[out] SystemFirmwareImageSize The size of the System Firmware image in bytes.
+
+  @retval TRUE  The System Firmware image is extracted.
+  @retval FALSE The System Firmware image is not extracted.
+**/
+BOOLEAN
+EFIAPI
+ExtractSystemFirmwareImage (
+  IN VOID                         *AuthenticatedImage,
+  IN UINTN                        AuthenticatedImageSize,
+  OUT VOID                        **SystemFirmwareImage,
+  OUT UINTN                       *SystemFirmwareImageSize
+  )
+{
+  BOOLEAN     Result;
+  UINT32      FileHeaderSize;
+
+  *SystemFirmwareImage = NULL;
+  *SystemFirmwareImageSize = 0;
+
+  Result = GetFfsByName(AuthenticatedImage, AuthenticatedImageSize, &mEdkiiSystemFirmwareFileGuid, EFI_FV_FILETYPE_RAW, SystemFirmwareImage, SystemFirmwareImageSize);
+  if (!Result) {
+    // no nested FV, just return all data.
+    *SystemFirmwareImage = AuthenticatedImage;
+    *SystemFirmwareImageSize = AuthenticatedImageSize;
+
+    return TRUE;
+  }
+  if (IS_FFS_FILE2 (*SystemFirmwareImage)) {
+    FileHeaderSize = sizeof(EFI_FFS_FILE_HEADER2);
+  } else {
+    FileHeaderSize = sizeof(EFI_FFS_FILE_HEADER);
+  }
+  *SystemFirmwareImage = (UINT8 *)*SystemFirmwareImage + FileHeaderSize;
+  *SystemFirmwareImageSize = *SystemFirmwareImageSize - FileHeaderSize;
+
+  return Result;
+}
+
+/**
+  Authenticated system firmware FMP capsule image.
+
+  Caution: This function may receive untrusted input.
+
+  @param[in]  Image                   The FMP capsule image, including EFI_FIRMWARE_IMAGE_AUTHENTICATION.
+  @param[in]  ImageSize               The size of FMP capsule image in bytes.
+  @param[in]  ForceVersionMatch       TRUE: The version of capsule must be as same as the version of current image.
+                                      FALSE: The version of capsule must be as same as greater than the lowest
+                                             supported version of current image.
+  @param[out] LastAttemptVersion      The last attempt version, which will be recorded in ESRT and FMP EFI_FIRMWARE_IMAGE_DESCRIPTOR.
+  @param[out] LastAttemptStatus       The last attempt status, which will be recorded in ESRT and FMP EFI_FIRMWARE_IMAGE_DESCRIPTOR.
+  @param[out] AuthenticatedImage      The authenticated capsule image, excluding EFI_FIRMWARE_IMAGE_AUTHENTICATION.
+  @param[out] AuthenticatedImageSize  The size of the authenticated capsule image in bytes.
+
+  @retval TRUE  Authentication passes and the authenticated image is extracted.
+  @retval FALSE Authentication fails and the authenticated image is not extracted.
+**/
+EFI_STATUS
+EFIAPI
+CapsuleAuthenticateSystemFirmware (
+  IN VOID                         *Image,
+  IN UINTN                        ImageSize,
+  IN BOOLEAN                      ForceVersionMatch,
+  OUT UINT32                      *LastAttemptVersion,
+  OUT UINT32                      *LastAttemptStatus,
+  OUT VOID                        **AuthenticatedImage,
+  OUT UINTN                       *AuthenticatedImageSize
+  )
+{
+  BOOLEAN                                  Result;
+  EDKII_SYSTEM_FIRMWARE_IMAGE_DESCRIPTOR   *ImageFmpInfo;
+  UINTN                                    ImageFmpInfoSize;
+  EDKII_SYSTEM_FIRMWARE_IMAGE_DESCRIPTOR   *CurrentImageFmpInfo;
+  UINTN                                    CurrentImageFmpInfoSize;
+  VOID                                     *SystemFirmwareImage;
+  UINTN                                    SystemFirmwareImageSize;
+
+  *LastAttemptVersion = 0;
+
+  //
+  // NOTE: This function need run in an isolated environment.
+  // Do not touch FMP protocol and its private structure.
+  //
+
+  Result = ExtractAuthenticatedImage((VOID *)Image, ImageSize, LastAttemptStatus, AuthenticatedImage, AuthenticatedImageSize);
+  if (!Result) {
+    DEBUG((DEBUG_INFO, "ExtractAuthenticatedImage - fail\n"));
+    return EFI_SECURITY_VIOLATION;
+  }
+
+  DEBUG((DEBUG_INFO, "AuthenticatedImage - 0x%x - 0x%x\n", *AuthenticatedImage, *AuthenticatedImageSize));
+
+  Result = ExtractSystemFirmwareImage(*AuthenticatedImage, *AuthenticatedImageSize, &SystemFirmwareImage, &SystemFirmwareImageSize);
+  if (!Result) {
+    *LastAttemptStatus = LAST_ATTEMPT_STATUS_ERROR_INVALID_FORMAT;
+    DEBUG((DEBUG_INFO, "ExtractSystemFirmwareImage - fail\n"));
+    return EFI_SECURITY_VIOLATION;
+  }
+  DEBUG((DEBUG_INFO, "SystemFirmwareImage - 0x%x - 0x%x\n", SystemFirmwareImage, SystemFirmwareImageSize));
+
+  Result = ExtractSystemFirmwareImageFmpInfo(SystemFirmwareImage, SystemFirmwareImageSize, &ImageFmpInfo, &ImageFmpInfoSize);
+  if (!Result) {
+    *LastAttemptStatus = LAST_ATTEMPT_STATUS_ERROR_INVALID_FORMAT;
+    DEBUG((DEBUG_INFO, "ExtractSystemFirmwareImageFmpInfo - fail\n"));
+    return EFI_SECURITY_VIOLATION;
+  }
+
+  *LastAttemptVersion = ImageFmpInfo->Version;
+  DEBUG((DEBUG_INFO, "ImageFmpInfo - 0x%x - 0x%x\n", ImageFmpInfo, ImageFmpInfoSize));
+  DEBUG((DEBUG_INFO, "NewImage Version - 0x%x\n", ImageFmpInfo->Version));
+  DEBUG((DEBUG_INFO, "NewImage LowestSupportedImageVersion - 0x%x\n", ImageFmpInfo->LowestSupportedImageVersion));
+
+  CurrentImageFmpInfo = mImageFmpInfo;
+  CurrentImageFmpInfoSize = mImageFmpInfoSize;
+
+  DEBUG((DEBUG_INFO, "ImageFmpInfo - 0x%x - 0x%x\n", CurrentImageFmpInfo, CurrentImageFmpInfoSize));
+  DEBUG((DEBUG_INFO, "Current Version - 0x%x\n", CurrentImageFmpInfo->Version));
+  DEBUG((DEBUG_INFO, "Current LowestSupportedImageVersion - 0x%x\n", CurrentImageFmpInfo->LowestSupportedImageVersion));
+
+  if (ForceVersionMatch) {
+    if (CurrentImageFmpInfo->Version != ImageFmpInfo->Version) {
+      *LastAttemptStatus = LAST_ATTEMPT_STATUS_ERROR_INCORRECT_VERSION;
+      DEBUG((DEBUG_INFO, "ForceVersionMatch check - fail\n"));
+      return EFI_SECURITY_VIOLATION;
+    }
+  } else {
+    if (CurrentImageFmpInfo->Version < ImageFmpInfo->LowestSupportedImageVersion) {
+      *LastAttemptStatus = LAST_ATTEMPT_STATUS_ERROR_INCORRECT_VERSION;
+      DEBUG((DEBUG_INFO, "LowestSupportedImageVersion check - fail\n"));
+      return EFI_SECURITY_VIOLATION;
+    }
+  }
+
+  *LastAttemptStatus = LAST_ATTEMPT_STATUS_SUCCESS;
+  return EFI_SUCCESS;
+}
+
+/**
+  The constructor function.
+
+  @retval EFI_SUCCESS   The constructor successfully .
+**/
+EFI_STATUS
+EFIAPI
+EdkiiSystemCapsuleLibConstructor (
+  VOID
+  )
+{
+  mImageFmpInfoSize = PcdGetSize(PcdEdkiiSystemFirmwareImageDescriptor);
+  mImageFmpInfo = AllocateCopyPool (mImageFmpInfoSize, PcdGetPtr(PcdEdkiiSystemFirmwareImageDescriptor));
+  ASSERT(mImageFmpInfo != NULL);
+  CopyGuid(&mEdkiiSystemFirmwareFileGuid, PcdGetPtr(PcdEdkiiSystemFirmwareFileGuid));
+  return EFI_SUCCESS;
+}
diff --git a/SignedCapsulePkg/Library/EdkiiSystemCapsuleLib/EdkiiSystemCapsuleLib.inf b/SignedCapsulePkg/Library/EdkiiSystemCapsuleLib/EdkiiSystemCapsuleLib.inf
new file mode 100644
index 0000000..3c629ee
--- /dev/null
+++ b/SignedCapsulePkg/Library/EdkiiSystemCapsuleLib/EdkiiSystemCapsuleLib.inf
@@ -0,0 +1,61 @@
+## @file
+#  EDKII System Capsule library.
+#
+#  EDKII System Capsule library instance for DXE/PEI post memory phase.
+#
+#  Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
+#  This program and the accompanying materials
+#  are licensed and made available under the terms and conditions of the BSD License
+#  which accompanies this distribution.  The full text of the license may be found at
+#  http://opensource.org/licenses/bsd-license.php
+#
+#  THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+#  WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+#
+##
+
+[Defines]
+  INF_VERSION                    = 0x00010005
+  BASE_NAME                      = EdkiiSystemCapsuleLib
+  MODULE_UNI_FILE                = EdkiiSystemCapsuleLib.uni
+  FILE_GUID                      = 109D5FC6-56E6-481A-88EF-0CB828FBE0F6
+  MODULE_TYPE                    = BASE
+  VERSION_STRING                 = 1.0
+  LIBRARY_CLASS                  = EdkiiSystemCapsuleLib
+  CONSTRUCTOR                    = EdkiiSystemCapsuleLibConstructor
+
+#
+# The following information is for reference only and not required by the build tools.
+#
+#  VALID_ARCHITECTURES           = IA32 X64 IPF EBC
+#
+
+[Sources]
+  EdkiiSystemCapsuleLib.c
+
+[Packages]
+  MdePkg/MdePkg.dec
+  MdeModulePkg/MdeModulePkg.dec
+  SecurityPkg/SecurityPkg.dec
+  SignedCapsulePkg/SignedCapsulePkg.dec
+
+[LibraryClasses]
+  BaseLib
+  BaseMemoryLib
+  DebugLib
+  MemoryAllocationLib
+  FmpAuthenticationLib
+
+[Pcd]
+  gEfiSignedCapsulePkgTokenSpaceGuid.PcdEdkiiSystemFirmwareImageDescriptor
+  gEfiSignedCapsulePkgTokenSpaceGuid.PcdEdkiiSystemFirmwareFileGuid
+  gEfiSecurityPkgTokenSpaceGuid.PcdRsa2048Sha256PublicKeyBuffer
+  gEfiSecurityPkgTokenSpaceGuid.PcdPkcs7CertBuffer
+
+[Guids]
+  gEdkiiSystemFirmwareImageDescriptorFileGuid
+  gEdkiiSystemFmpCapsuleConfigFileGuid
+  gEdkiiSystemFmpCapsuleDriverFvFileGuid
+  gEfiCertPkcs7Guid
+  gEfiCertTypeRsa2048Sha256Guid
+
diff --git a/SignedCapsulePkg/Library/EdkiiSystemCapsuleLib/EdkiiSystemCapsuleLib.uni b/SignedCapsulePkg/Library/EdkiiSystemCapsuleLib/EdkiiSystemCapsuleLib.uni
new file mode 100644
index 0000000..93e959e
--- /dev/null
+++ b/SignedCapsulePkg/Library/EdkiiSystemCapsuleLib/EdkiiSystemCapsuleLib.uni
@@ -0,0 +1,22 @@
+// /** @file
+// EDKII System Capsule library.
+//
+// EDKII System Capsule library instance for DXE/PEI post memory phase.
+//
+// Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
+//
+// This program and the accompanying materials
+// are licensed and made available under the terms and conditions of the BSD License
+// which accompanies this distribution.  The full text of the license may be found at
+// http://opensource.org/licenses/bsd-license.php
+//
+// THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+// WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+//
+// **/
+
+
+#string STR_MODULE_ABSTRACT             #language en-US "EDKII System Capsule library."
+
+#string STR_MODULE_DESCRIPTION          #language en-US "EDKII System Capsule library instance for DXE/PEI post memory phase."
+
-- 
2.7.4.windows.1



  parent reply	other threads:[~2016-11-02 14:00 UTC|newest]

Thread overview: 13+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2016-11-02 13:59 [PATCH V8 00/12] Add EDKII signed capsule support Jiewen Yao
2016-11-02 13:59 ` [PATCH 01/12] SignedCapsulePkg: Add license file Jiewen Yao
2016-11-02 13:59 ` [PATCH V8 02/12] SignedCapsulePkg/Include: Add EDKII system FMP capsule header Jiewen Yao
2016-11-02 13:59 ` [PATCH V8 03/12] SignedCapsulePkg/Include: Add EdkiiSystemCapsuleLib definition Jiewen Yao
2016-11-02 13:59 ` [PATCH V8 04/12] SignedCapsulePkg/Include: Add IniParsingLib header Jiewen Yao
2016-11-02 13:59 ` [PATCH V8 05/12] SignedCapsulePkg/Include: Add PlatformFlashAccessLib header Jiewen Yao
2016-11-02 13:59 ` [PATCH V8 06/12] SignedCapsulePkg/CapsulePkg.dec: Add capsule related definition Jiewen Yao
2016-11-02 13:59 ` [PATCH V8 07/12] SignedCapsulePkg/IniParsingLib: Add InitParsingLib instance Jiewen Yao
2016-11-02 13:59 ` Jiewen Yao [this message]
2016-11-02 13:59 ` [PATCH V8 09/12] SignedCapsulePkg/PlatformFlashAccessLib: Add NULL instance Jiewen Yao
2016-11-02 13:59 ` [PATCH V8 10/12] SignedCapsulePkg/SystemFirmwareUpdate: Add SystemFirmwareUpdate Jiewen Yao
2016-11-02 13:59 ` [PATCH V8 11/12] SignedCapsulePkg/RecoveryModuleLoadPei: Add RecoveryModuleLoadPei Jiewen Yao
2016-11-02 13:59 ` [PATCH V8 12/12] SignedCapsulePkg/CapsulePkg.dsc: Add capsule related component Jiewen Yao

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-list from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1478095189-17240-9-git-send-email-jiewen.yao@intel.com \
    --to=devel@edk2.groups.io \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox