public inbox for devel@edk2.groups.io
 help / color / mirror / Atom feed
From: Jiewen Yao <jiewen.yao@intel.com>
To: edk2-devel@lists.01.org
Cc: David Wei <david.wei@intel.com>, Feng Tian <feng.tian@intel.com>,
	Star Zeng <star.zeng@intel.com>,
	Michael D Kinney <michael.d.kinney@intel.com>,
	Liming Gao <liming.gao@intel.com>,
	Chao Zhang <chao.b.zhang@intel.com>
Subject: [PATCH V8 5/9] Vlv2TbltDevicePkg/PlatformBootManager: Add capsule/recovery handling.
Date: Wed,  2 Nov 2016 22:09:20 +0800	[thread overview]
Message-ID: <1478095764-9436-6-git-send-email-jiewen.yao@intel.com> (raw)
In-Reply-To: <1478095764-9436-1-git-send-email-jiewen.yao@intel.com>

1) Add capsule and recovery boot path handling in platform BDS.
2) Add check if the platform is using default test key for capsule.
Produce PcdTestKeyUsed to indicate if there is any
test key used in current BIOS, such as recovery key,
or capsule update key.
Then the generic UI may consume this PCD to show warning information.

Cc: David Wei <david.wei@intel.com>
Cc: Feng Tian <feng.tian@intel.com>
Cc: Star Zeng <star.zeng@intel.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Liming Gao <liming.gao@intel.com>
Cc: Chao Zhang <chao.b.zhang@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Jiewen Yao <jiewen.yao@intel.com>
Reviewed-by: David Wei <david.wei@intel.com>
---
 Vlv2TbltDevicePkg/Library/PlatformBdsLib/BdsPlatform.c      | 181 ++++++++++++++------
 Vlv2TbltDevicePkg/Library/PlatformBdsLib/PlatformBdsLib.inf |   8 +
 2 files changed, 134 insertions(+), 55 deletions(-)

diff --git a/Vlv2TbltDevicePkg/Library/PlatformBdsLib/BdsPlatform.c b/Vlv2TbltDevicePkg/Library/PlatformBdsLib/BdsPlatform.c
index e1f3524..004c5f5 100644
--- a/Vlv2TbltDevicePkg/Library/PlatformBdsLib/BdsPlatform.c
+++ b/Vlv2TbltDevicePkg/Library/PlatformBdsLib/BdsPlatform.c
@@ -1,15 +1,15 @@
 /** @file
 
   Copyright (c) 2004  - 2016, Intel Corporation. All rights reserved.<BR>
-                                                                                   

-  This program and the accompanying materials are licensed and made available under

-  the terms and conditions of the BSD License that accompanies this distribution.  

-  The full text of the license may be found at                                     

-  http://opensource.org/licenses/bsd-license.php.                                  

-                                                                                   

-  THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,            

-  WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.    

-                                                                                   

+                                                                                   
+  This program and the accompanying materials are licensed and made available under
+  the terms and conditions of the BSD License that accompanies this distribution.  
+  The full text of the license may be found at                                     
+  http://opensource.org/licenses/bsd-license.php.                                  
+                                                                                   
+  THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,            
+  WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.    
+                                                                                   
 
 
 Module Name:
@@ -45,6 +45,9 @@ Abstract:
 #include <Library/GenericBdsLib/String.h>
 #include <Library/NetLib.h>
 
+#include <Library/CapsuleLib.h>
+#include <Protocol/EsrtManagement.h>
+
 EFI_GUID *ConnectDriverTable[] = {
   &gEfiMmioDeviceProtocolGuid,
   &gEfiI2cMasterProtocolGuid,
@@ -1585,7 +1588,7 @@ EFIAPI
 PlatformBdsPolicyBehavior (
   IN OUT LIST_ENTRY                  *DriverOptionList,
   IN OUT LIST_ENTRY                  *BootOptionList,
-  IN PROCESS_CAPSULES                ProcessCapsules,
+  IN PROCESS_CAPSULES                BdsProcessCapsules,
   IN BASEM_MEMORY_TEST               BaseMemoryTest
   )
 {
@@ -1594,11 +1597,8 @@ PlatformBdsPolicyBehavior (
   EFI_BOOT_MODE                      BootMode;
   BOOLEAN                            DeferredImageExist;
   UINTN                              Index;
-  CHAR16                             CapsuleVarName[36];
-  CHAR16                             *TempVarName;
   SYSTEM_CONFIGURATION               SystemConfiguration;
   UINTN                              VarSize;
-  BOOLEAN                            SetVariableFlag;
   PLATFORM_PCI_DEVICE_PATH           *EmmcBootDevPath;
   EFI_GLOBAL_NVS_AREA_PROTOCOL       *GlobalNvsArea;
   EFI_HANDLE                         FvProtocolHandle;
@@ -1612,13 +1612,14 @@ PlatformBdsPolicyBehavior (
   BOOLEAN                            IsFirstBoot;
   UINT16                             *BootOrder;
   UINTN                              BootOrderSize;
+  ESRT_MANAGEMENT_PROTOCOL           *EsrtManagement;
 
   Timeout = PcdGet16 (PcdPlatformBootTimeOut);
   if (Timeout > 10 ) {
     //we think the Timeout variable is corrupted
     Timeout = 10;
   }
-  	
+
   VarSize = sizeof(SYSTEM_CONFIGURATION);
   Status = gRT->GetVariable(
                   NORMAL_SETUP_NAME,
@@ -1639,7 +1640,7 @@ PlatformBdsPolicyBehavior (
               &SystemConfiguration
               );
     ASSERT_EFI_ERROR (Status);
-  }  
+  }
 
   //
   // Load the driver option as the driver option list
@@ -1652,37 +1653,6 @@ PlatformBdsPolicyBehavior (
   BootMode = GetBootModeHob();
 
   //
-  // Clear all the capsule variables CapsuleUpdateData, CapsuleUpdateData1, CapsuleUpdateData2...
-  // as early as possible which will avoid the next time boot after the capsule update
-  // will still into the capsule loop
-  //
-  StrCpy (CapsuleVarName, EFI_CAPSULE_VARIABLE_NAME);
-  TempVarName = CapsuleVarName + StrLen (CapsuleVarName);
-  Index = 0;
-  SetVariableFlag = TRUE;
-  while (SetVariableFlag) {
-    if (Index > 0) {
-      UnicodeValueToString (TempVarName, 0, Index, 0);
-    }
-    Status = gRT->SetVariable (
-                    CapsuleVarName,
-                    &gEfiCapsuleVendorGuid,
-                    EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS |
-                    EFI_VARIABLE_BOOTSERVICE_ACCESS,
-                    0,
-                    (VOID *)NULL
-                    );
-    if (EFI_ERROR (Status)) {
-      //
-      // There is no capsule variables, quit
-      //
-      SetVariableFlag = FALSE;
-      continue;
-    }
-    Index++;
-  }
-
-  //
   // No deferred images exist by default
   //
   DeferredImageExist = FALSE;
@@ -1733,6 +1703,11 @@ PlatformBdsPolicyBehavior (
     }
   }
 
+  Status = gBS->LocateProtocol(&gEsrtManagementProtocolGuid, NULL, (VOID **)&EsrtManagement);
+  if (EFI_ERROR(Status)) {
+    EsrtManagement = NULL;
+  }
+
   switch (BootMode) {
 
   case BOOT_WITH_MINIMAL_CONFIGURATION:
@@ -1822,13 +1797,18 @@ PlatformBdsPolicyBehavior (
     #ifdef FTPM_ENABLE
     TrEEPhysicalPresenceLibProcessRequest(NULL);
     #endif
+
+    if (EsrtManagement != NULL) {
+      EsrtManagement->LockEsrtRepository();
+    }
+
     //
     // Close boot script and install ready to lock
     //
     InstallReadyToLock ();
 
     //
-    // Give one chance to enter the setup if we 
+    // Give one chance to enter the setup if we
     // select Gummiboot "Reboot Into Firmware Interface" and Fast Boot is enabled.
     //
     BootIntoFirmwareInterface();
@@ -1863,6 +1843,10 @@ PlatformBdsPolicyBehavior (
       }
     }
 
+    if (EsrtManagement != NULL) {
+      EsrtManagement->LockEsrtRepository();
+    }
+
     //
     // Close boot script and install ready to lock
     //
@@ -1887,6 +1871,16 @@ PlatformBdsPolicyBehavior (
     //
     PlatformBdsConnectConsole (gPlatformConsole);
     PlatformBdsDiagnostics (EXTENSIVE, FALSE, BaseMemoryTest);
+
+    DEBUG((DEBUG_INFO, "ProcessCapsules Before EndOfDxe......\n"));
+    ProcessCapsules ();
+    DEBUG((DEBUG_INFO, "ProcessCapsules Done\n"));
+
+    //
+    // Close boot script and install ready to lock
+    //
+    InstallReadyToLock ();
+
     BdsLibConnectAll ();
 
     //
@@ -1903,12 +1897,13 @@ PlatformBdsPolicyBehavior (
       }
     }
 
-    //
-    // Close boot script and install ready to lock
-    //
-    InstallReadyToLock ();
+    if (EsrtManagement != NULL) {
+      EsrtManagement->SyncEsrtFmp();
+    }
 
-    ProcessCapsules (BOOT_ON_FLASH_UPDATE);
+    DEBUG((DEBUG_INFO, "ProcessCapsules After ConnectAll......\n"));
+    ProcessCapsules();
+    DEBUG((DEBUG_INFO, "ProcessCapsules Done\n"));
     break;
 
   case BOOT_IN_RECOVERY_MODE:
@@ -2012,6 +2007,10 @@ FULL_CONFIGURATION:
    #ifdef FTPM_ENABLE
    TrEEPhysicalPresenceLibProcessRequest(NULL);
    #endif
+
+    if (EsrtManagement != NULL) {
+      EsrtManagement->SyncEsrtFmp();
+    }
     //
     // Close boot script and install ready to lock
     //
@@ -2029,7 +2028,7 @@ FULL_CONFIGURATION:
     PlatformBdsEnterFrontPageWithHotKey (Timeout, FALSE);
 
 	//
-	// Give one chance to enter the setup if we 
+	// Give one chance to enter the setup if we
 	// select Gummiboot "Reboot Into Firmware Interface"
 	//
 	BootIntoFirmwareInterface();
@@ -2047,7 +2046,7 @@ FULL_CONFIGURATION:
       return;
     }
 
-    
+
     break;
   }
 
@@ -2412,6 +2411,12 @@ ShowProgressHotKey (
   EFI_GRAPHICS_OUTPUT_BLT_PIXEL Background;
   EFI_GRAPHICS_OUTPUT_BLT_PIXEL Color;
   UINT32                        GpioValue;
+  CHAR16                        *TmpStr1;
+  CHAR16                        *TmpStr2;
+  CHAR16                        *TmpStr3;
+  UINTN                         TmpStrSize;
+  VOID                          *Buffer;
+  UINTN                         Size;
 
   if (TimeoutDefault == 0) {
     return EFI_TIMEOUT;
@@ -2435,10 +2440,76 @@ ShowProgressHotKey (
   SetMem (&Background, sizeof (EFI_GRAPHICS_OUTPUT_BLT_PIXEL), 0x0);
   SetMem (&Color, sizeof (EFI_GRAPHICS_OUTPUT_BLT_PIXEL), 0xff);
 
+  TmpStr2 = NULL;
+  TmpStr3 = NULL;
+
+  //
+  // Check if the platform is using test key.
+  //
+  Status = GetSectionFromAnyFv(
+             PcdGetPtr(PcdEdkiiRsa2048Sha256TestPublicKeyFileGuid),
+             EFI_SECTION_RAW,
+             0,
+             &Buffer,
+             &Size
+             );
+  if (!EFI_ERROR(Status)) {
+    if ((Size == PcdGetSize(PcdRsa2048Sha256PublicKeyBuffer)) &&
+        (CompareMem(Buffer, PcdGetPtr(PcdRsa2048Sha256PublicKeyBuffer), Size) == 0)) {
+      TmpStr2 = L"WARNING: Recovery Test Key is used.\r\n";
+      if (DebugAssertEnabled()) {
+        DEBUG ((DEBUG_INFO, "\n\nWARNING: Recovery Test Key is used.\n"));
+      } else {
+        SerialPortWrite((UINT8 *)"\n\nWARNING: Recovery Test Key is used.", sizeof("\n\nWARNING: Recovery Test Key is used."));
+      }
+      PcdSetBoolS(PcdTestKeyUsed, TRUE);
+    }
+    FreePool(Buffer);
+  }
+  Status = GetSectionFromAnyFv(
+             PcdGetPtr(PcdEdkiiPkcs7TestPublicKeyFileGuid),
+             EFI_SECTION_RAW,
+             0,
+             &Buffer,
+             &Size
+             );
+  if (!EFI_ERROR(Status)) {
+    if ((Size == PcdGetSize(PcdPkcs7CertBuffer)) &&
+        (CompareMem(Buffer, PcdGetPtr(PcdPkcs7CertBuffer), Size) == 0)) {
+      TmpStr3 = L"WARNING: Capsule Test Key is used.\r\n";
+      if (DebugAssertEnabled()) {
+        DEBUG ((DEBUG_INFO, "\n\nWARNING: Capsule Test Key is used.\r\n"));
+      } else {
+        SerialPortWrite((UINT8 *)"\n\nWARNING: Capsule Test Key is used.", sizeof("\n\nWARNING: Capsule Test Key is used."));
+      }
+      PcdSetBoolS(PcdTestKeyUsed, TRUE);
+    }
+    FreePool(Buffer);
+  }
+
   //
   // Clear the progress status bar first
   //
-  TmpStr = L"Start boot option, Press <F2> or <DEL> to enter setup page.";
+  TmpStr1 = L"Start boot option, Press <F2> or <DEL> to enter setup page.\r\n";
+  TmpStrSize = StrSize(TmpStr1);
+  if (TmpStr2 != NULL) {
+    TmpStrSize += StrSize(TmpStr2);
+  }
+  if (TmpStr3 != NULL) {
+    TmpStrSize += StrSize(TmpStr3);
+  }
+  TmpStr = AllocatePool (TmpStrSize);
+  if (TmpStr == NULL) {
+    TmpStr = TmpStr1;
+  } else {
+    StrCpyS(TmpStr, TmpStrSize/sizeof(CHAR16), TmpStr1);
+    if (TmpStr2 != NULL) {
+      StrCatS(TmpStr, TmpStrSize/sizeof(CHAR16), TmpStr2);
+    }
+    if (TmpStr3 != NULL) {
+      StrCatS(TmpStr, TmpStrSize/sizeof(CHAR16), TmpStr3);
+    }
+  }
   PlatformBdsShowProgress (Foreground, Background, TmpStr, Color, 0, 0);
 
   TimeoutRemain = TimeoutDefault;
diff --git a/Vlv2TbltDevicePkg/Library/PlatformBdsLib/PlatformBdsLib.inf b/Vlv2TbltDevicePkg/Library/PlatformBdsLib/PlatformBdsLib.inf
index c64bab9..3e45a31 100644
--- a/Vlv2TbltDevicePkg/Library/PlatformBdsLib/PlatformBdsLib.inf
+++ b/Vlv2TbltDevicePkg/Library/PlatformBdsLib/PlatformBdsLib.inf
@@ -49,6 +49,7 @@
   ShellPkg/ShellPkg.dec
   CryptoPkg/CryptoPkg.dec
   SecurityPkg/SecurityPkg.dec
+  SignedCapsulePkg/SignedCapsulePkg.dec
 
 [LibraryClasses]
   DxeServicesTableLib
@@ -72,6 +73,7 @@
   FileHandleLib
   S3BootScriptLib
   SerialPortLib
+  CapsuleLib
 
 [Protocols]
   gEfiFirmwareVolume2ProtocolGuid
@@ -90,6 +92,7 @@
   gEfiMmioDeviceProtocolGuid
   gEfiI2cMasterProtocolGuid
   gEfiI2cHostProtocolGuid
+  gEsrtManagementProtocolGuid
 
 [Guids]
   gEfiMemoryTypeInformationGuid
@@ -100,6 +103,11 @@
   gEfiEndOfDxeEventGroupGuid
 
 [Pcd]
+  gEfiSignedCapsulePkgTokenSpaceGuid.PcdEdkiiRsa2048Sha256TestPublicKeyFileGuid
+  gEfiSignedCapsulePkgTokenSpaceGuid.PcdEdkiiPkcs7TestPublicKeyFileGuid
+  gEfiSecurityPkgTokenSpaceGuid.PcdRsa2048Sha256PublicKeyBuffer
+  gEfiSecurityPkgTokenSpaceGuid.PcdPkcs7CertBuffer
+  gEfiMdeModulePkgTokenSpaceGuid.PcdTestKeyUsed
   gPlatformModuleTokenSpaceGuid.PcdFlashFvRecovery2Base
   gPlatformModuleTokenSpaceGuid.PcdFlashFvMainBase
   gPlatformModuleTokenSpaceGuid.PcdFlashFvRecoveryBase
-- 
2.7.4.windows.1



  parent reply	other threads:[~2016-11-02 14:09 UTC|newest]

Thread overview: 10+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2016-11-02 14:09 [PATCH V8 0/9] Add capsule support for Vlv2 Jiewen Yao
2016-11-02 14:09 ` [PATCH 1/9] Vlv2TbltDevicePkg/PlatformFlashAccessLib: Add instance for capsule update Jiewen Yao
2016-11-02 14:09 ` [PATCH V8 2/9] Vlv2TbltDevicePkg/SystemFirmwareDescriptor: Add Descriptor for capsule Jiewen Yao
2016-11-02 14:09 ` [PATCH V8 3/9] Vlv2TbltDevicePkg/SystemFirmwareUpdateConfig: Add capsule config file Jiewen Yao
2016-11-02 14:09 ` [PATCH V8 4/9] Vlv2TbltDevicePkg/FlashDeviceLib: Add DXE flash device lib Jiewen Yao
2016-11-02 14:09 ` Jiewen Yao [this message]
2016-11-02 14:09 ` [PATCH V8 6/9] Vlv2TbltDevicePkg/dsc/fdf: Add capsule/recovery support Jiewen Yao
2016-11-02 14:09 ` [PATCH V8 7/9] Vlv2TbltDevicePkg/dsc/fdf: add capsule generation DSC/FDF Jiewen Yao
2016-11-02 14:09 ` [PATCH V8 8/9] Vlv2TbltDevicePkg/bat: add capsule generation in bat Jiewen Yao
2016-11-02 14:09 ` [PATCH V8 9/9] Vlv2TbltDevicePkg/Build: Add capsule/recovery in help info Jiewen Yao

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-list from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1478095764-9436-6-git-send-email-jiewen.yao@intel.com \
    --to=devel@edk2.groups.io \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox