From: Jiewen Yao <jiewen.yao@intel.com>
To: edk2-devel@lists.01.org
Cc: Michael D Kinney <michael.d.kinney@intel.com>,
Kelly Steele <kelly.steele@intel.com>,
Feng Tian <feng.tian@intel.com>, Star Zeng <star.zeng@intel.com>,
Liming Gao <liming.gao@intel.com>,
Chao Zhang <chao.b.zhang@intel.com>
Subject: [PATCH V8 5/7] QuarkPlatformPkg/PlatformBootManager: Add capsule/recovery handling.
Date: Wed, 2 Nov 2016 22:08:33 +0800 [thread overview]
Message-ID: <1478095715-8632-6-git-send-email-jiewen.yao@intel.com> (raw)
In-Reply-To: <1478095715-8632-1-git-send-email-jiewen.yao@intel.com>
1) Add capsule and recovery boot path handling in platform BDS.
2) Add check if the platform is using default test key for capsule.
Produce PcdTestKeyUsed to indicate if there is any
test key used in current BIOS, such as recovery key,
or capsule update key.
Then the generic UI may consume this PCD to show warning information.
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Kelly Steele <kelly.steele@intel.com>
Cc: Feng Tian <feng.tian@intel.com>
Cc: Star Zeng <star.zeng@intel.com>
Cc: Liming Gao <liming.gao@intel.com>
Cc: Chao Zhang <chao.b.zhang@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Jiewen Yao <jiewen.yao@intel.com>
---
QuarkPlatformPkg/Library/PlatformBootManagerLib/PlatformBootManager.c | 131 +++++++++++++++++++-
QuarkPlatformPkg/Library/PlatformBootManagerLib/PlatformBootManager.h | 9 +-
QuarkPlatformPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf | 17 ++-
3 files changed, 152 insertions(+), 5 deletions(-)
diff --git a/QuarkPlatformPkg/Library/PlatformBootManagerLib/PlatformBootManager.c b/QuarkPlatformPkg/Library/PlatformBootManagerLib/PlatformBootManager.c
index 19ff3d0..7cb9628 100644
--- a/QuarkPlatformPkg/Library/PlatformBootManagerLib/PlatformBootManager.c
+++ b/QuarkPlatformPkg/Library/PlatformBootManagerLib/PlatformBootManager.c
@@ -2,7 +2,7 @@
This file include all platform action which can be customized
by IBV/OEM.
-Copyright (c) 2015, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2015 - 2016, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
@@ -205,6 +205,8 @@ PlatformBootManagerBeforeConsole (
EFI_INPUT_KEY Enter;
EFI_INPUT_KEY F2;
EFI_BOOT_MANAGER_LOAD_OPTION BootOption;
+ ESRT_MANAGEMENT_PROTOCOL *EsrtManagement;
+ EFI_BOOT_MODE BootMode;
EFI_ACPI_S3_SAVE_PROTOCOL *AcpiS3Save;
EFI_HANDLE Handle;
EFI_EVENT EndOfDxeEvent;
@@ -246,6 +248,40 @@ PlatformBootManagerBeforeConsole (
//
PlatformRegisterFvBootOption (&mUefiShellFileGuid, L"UEFI Shell", LOAD_OPTION_ACTIVE);
+ Status = gBS->LocateProtocol(&gEsrtManagementProtocolGuid, NULL, (VOID **)&EsrtManagement);
+ if (EFI_ERROR(Status)) {
+ EsrtManagement = NULL;
+ }
+
+ BootMode = GetBootModeHob();
+ switch (BootMode) {
+ case BOOT_ON_FLASH_UPDATE:
+ DEBUG((DEBUG_INFO, "ProcessCapsules Before EndOfDxe ......\n"));
+ Status = ProcessCapsules ();
+ DEBUG((DEBUG_INFO, "ProcessCapsules %r\n", Status));
+ break;
+ case BOOT_IN_RECOVERY_MODE:
+ break;
+ case BOOT_ASSUMING_NO_CONFIGURATION_CHANGES:
+ case BOOT_WITH_MINIMAL_CONFIGURATION:
+ case BOOT_ON_S4_RESUME:
+ if (EsrtManagement != NULL) {
+ //
+ // Lock ESRT cache repository before EndofDxe if ESRT sync is not needed
+ //
+ EsrtManagement->LockEsrtRepository();
+ }
+ break;
+ default:
+ //
+ // Require to sync ESRT from FMP in a new boot
+ //
+ if (EsrtManagement != NULL) {
+ EsrtManagement->SyncEsrtFmp();
+ }
+ break;
+ }
+
//
// Prepare for S3
//
@@ -303,7 +339,64 @@ PlatformBootManagerAfterConsole (
VOID
)
{
- EFI_STATUS Status;
+ EFI_STATUS Status;
+ EFI_BOOT_MODE BootMode;
+ ESRT_MANAGEMENT_PROTOCOL *EsrtManagement;
+ VOID *Buffer;
+ UINTN Size;
+
+ Status = gBS->LocateProtocol(&gEsrtManagementProtocolGuid, NULL, (VOID **)&EsrtManagement);
+ if (EFI_ERROR(Status)) {
+ EsrtManagement = NULL;
+ }
+
+ BootMode = GetBootModeHob();
+ switch (BootMode) {
+ case BOOT_ON_FLASH_UPDATE:
+ DEBUG((DEBUG_INFO, "Capsule Mode detected\n"));
+ if (FeaturePcdGet(PcdSupportUpdateCapsuleReset)) {
+ EfiBootManagerConnectAll ();
+ EfiBootManagerRefreshAllBootOption ();
+
+ //
+ // Always sync ESRT Cache from FMP Instances after connect all and before capsule process
+ //
+ if (EsrtManagement != NULL) {
+ EsrtManagement->SyncEsrtFmp();
+ }
+
+ DEBUG((DEBUG_INFO, "ProcessCapsules After ConnectAll ......\n"));
+ Status = ProcessCapsules();
+ DEBUG((DEBUG_INFO, "ProcessCapsules %r\n", Status));
+ }
+ break;
+
+ case BOOT_IN_RECOVERY_MODE:
+ DEBUG((DEBUG_INFO, "Recovery Mode detected\n"));
+ // Passthrough
+
+ case BOOT_ASSUMING_NO_CONFIGURATION_CHANGES:
+ case BOOT_WITH_MINIMAL_CONFIGURATION:
+ case BOOT_WITH_FULL_CONFIGURATION:
+ case BOOT_WITH_FULL_CONFIGURATION_PLUS_DIAGNOSTICS:
+ case BOOT_WITH_DEFAULT_SETTINGS:
+ default:
+ EfiBootManagerConnectAll ();
+ EfiBootManagerRefreshAllBootOption ();
+
+ //
+ // Sync ESRT Cache from FMP Instance on demand after Connect All
+ //
+ if ((BootMode != BOOT_ASSUMING_NO_CONFIGURATION_CHANGES) &&
+ (BootMode != BOOT_WITH_MINIMAL_CONFIGURATION) &&
+ (BootMode != BOOT_ON_S4_RESUME)) {
+ if (EsrtManagement != NULL) {
+ EsrtManagement->SyncEsrtFmp();
+ }
+ }
+
+ break;
+ }
Print (
L"\n"
@@ -313,6 +406,40 @@ PlatformBootManagerAfterConsole (
);
//
+ // Check if the platform is using test key.
+ //
+ Status = GetSectionFromAnyFv(
+ PcdGetPtr(PcdEdkiiRsa2048Sha256TestPublicKeyFileGuid),
+ EFI_SECTION_RAW,
+ 0,
+ &Buffer,
+ &Size
+ );
+ if (!EFI_ERROR(Status)) {
+ if ((Size == PcdGetSize(PcdRsa2048Sha256PublicKeyBuffer)) &&
+ (CompareMem(Buffer, PcdGetPtr(PcdRsa2048Sha256PublicKeyBuffer), Size) == 0)) {
+ Print(L"WARNING: Recovery Test Key is used.\n");
+ PcdSetBoolS(PcdTestKeyUsed, TRUE);
+ }
+ FreePool(Buffer);
+ }
+ Status = GetSectionFromAnyFv(
+ PcdGetPtr(PcdEdkiiPkcs7TestPublicKeyFileGuid),
+ EFI_SECTION_RAW,
+ 0,
+ &Buffer,
+ &Size
+ );
+ if (!EFI_ERROR(Status)) {
+ if ((Size == PcdGetSize(PcdPkcs7CertBuffer)) &&
+ (CompareMem(Buffer, PcdGetPtr(PcdPkcs7CertBuffer), Size) == 0)) {
+ Print(L"WARNING: Capsule Test Key is used.\n");
+ PcdSetBoolS(PcdTestKeyUsed, TRUE);
+ }
+ FreePool(Buffer);
+ }
+
+ //
// Use a DynamicHii type pcd to save the boot status, which is used to
// control configuration mode, such as FULL/MINIMAL/NO_CHANGES configuration.
//
diff --git a/QuarkPlatformPkg/Library/PlatformBootManagerLib/PlatformBootManager.h b/QuarkPlatformPkg/Library/PlatformBootManagerLib/PlatformBootManager.h
index 7413883..395f78b 100644
--- a/QuarkPlatformPkg/Library/PlatformBootManagerLib/PlatformBootManager.h
+++ b/QuarkPlatformPkg/Library/PlatformBootManagerLib/PlatformBootManager.h
@@ -1,7 +1,7 @@
/** @file
Head file for BDS Platform specific code
-Copyright (c) 2015, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2015 - 2016, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
@@ -21,6 +21,7 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
#include <Protocol/FirmwareVolume2.h>
#include <Protocol/AcpiS3Save.h>
#include <Protocol/DxeSmmReadyToLock.h>
+#include <Protocol/EsrtManagement.h>
#include <Guid/DebugAgentGuid.h>
#include <Guid/EventGroup.h>
#include <Guid/PcAnsi.h>
@@ -32,9 +33,13 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
#include <Library/DevicePathLib.h>
#include <Library/MemoryAllocationLib.h>
#include <Library/UefiBootServicesTableLib.h>
+#include <Library/UefiRuntimeServicesTableLib.h>
#include <Library/UefiLib.h>
#include <Library/UefiBootManagerLib.h>
-
+#include <Library/PrintLib.h>
+#include <Library/HobLib.h>
+#include <Library/CapsuleLib.h>
+#include <Library/DxeServicesLib.h>
typedef struct {
EFI_DEVICE_PATH_PROTOCOL *DevicePath;
diff --git a/QuarkPlatformPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf b/QuarkPlatformPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf
index d59f14a..af399e5 100644
--- a/QuarkPlatformPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf
+++ b/QuarkPlatformPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf
@@ -1,7 +1,7 @@
## @file
# Include all platform action which can be customized by IBV/OEM.
#
-# Copyright (c) 2012 - 2015, Intel Corporation. All rights reserved.<BR>
+# Copyright (c) 2012 - 2016, Intel Corporation. All rights reserved.<BR>
# This program and the accompanying materials
# are licensed and made available under the terms and conditions of the BSD License
# which accompanies this distribution. The full text of the license may be found at
@@ -38,6 +38,9 @@
IntelFrameworkPkg/IntelFrameworkPkg.dec
IntelFrameworkModulePkg/IntelFrameworkModulePkg.dec
SourceLevelDebugPkg/SourceLevelDebugPkg.dec
+ QuarkPlatformPkg/QuarkPlatformPkg.dec
+ SecurityPkg/SecurityPkg.dec
+ SignedCapsulePkg/SignedCapsulePkg.dec
[LibraryClasses]
BaseLib
@@ -49,11 +52,16 @@
UefiBootServicesTableLib
UefiLib
UefiBootManagerLib
+ PrintLib
+ HobLib
+ CapsuleLib
+ DxeServicesLib
[Protocols]
gEfiFirmwareVolume2ProtocolGuid
gEfiAcpiS3SaveProtocolGuid
gEfiDxeSmmReadyToLockProtocolGuid
+ gEsrtManagementProtocolGuid
[Guids]
gEfiPcAnsiGuid
@@ -70,3 +78,10 @@
gEfiMdePkgTokenSpaceGuid.PcdUartDefaultStopBits
gEfiMdePkgTokenSpaceGuid.PcdDefaultTerminalType
gEfiIntelFrameworkModulePkgTokenSpaceGuid.PcdBootState
+ gEfiMdeModulePkgTokenSpaceGuid.PcdSupportUpdateCapsuleReset
+ gEfiSignedCapsulePkgTokenSpaceGuid.PcdEdkiiRsa2048Sha256TestPublicKeyFileGuid
+ gEfiSignedCapsulePkgTokenSpaceGuid.PcdEdkiiPkcs7TestPublicKeyFileGuid
+ gEfiSecurityPkgTokenSpaceGuid.PcdRsa2048Sha256PublicKeyBuffer
+ gEfiSecurityPkgTokenSpaceGuid.PcdPkcs7CertBuffer
+ gEfiMdeModulePkgTokenSpaceGuid.PcdTestKeyUsed
+
--
2.7.4.windows.1
next prev parent reply other threads:[~2016-11-02 14:08 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-11-02 14:08 [PATCH V8 0/7] Add capsule support for Quark Jiewen Yao
2016-11-02 14:08 ` [PATCH 1/7] QuarkPlatformPkg/PlatformFlashAccessLib: Add instance for capsule update Jiewen Yao
2016-11-02 14:08 ` [PATCH V8 2/7] QuarkPlatformPkg/SystemFirmwareDescriptor: Add Descriptor for capsule Jiewen Yao
2016-11-02 14:08 ` [PATCH V8 3/7] QuarkPlatformPkg/SystemFirmwareUpdateConfig: Add capsule config file Jiewen Yao
2016-11-02 14:08 ` [PATCH V8 4/7] QuarkPlatformPkg/PlatformInit: Remove recovery PPI installation Jiewen Yao
2016-11-02 14:08 ` Jiewen Yao [this message]
2016-11-02 14:08 ` [PATCH V8 6/7] QuarkPlatformPkg/dsc/fdf: Add capsule/recovery support Jiewen Yao
2016-11-02 14:08 ` [PATCH V8 7/7] QuarkPlatformPkg/Readme: add capsule/recovery related content Jiewen Yao
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1478095715-8632-6-git-send-email-jiewen.yao@intel.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox