From mboxrd@z Thu Jan 1 00:00:00 1970 Authentication-Results: mx.groups.io; dkim=missing; spf=pass (domain: intel.com, ip: 134.134.136.65, mailfrom: wei6.xu@intel.com) Received: from mga03.intel.com (mga03.intel.com [134.134.136.65]) by groups.io with SMTP; Wed, 19 Jun 2019 01:40:55 -0700 X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga008.jf.intel.com ([10.7.209.65]) by orsmga103.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 19 Jun 2019 01:40:54 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.63,392,1557212400"; d="scan'208";a="153743130" Received: from fmsmsx104.amr.corp.intel.com ([10.18.124.202]) by orsmga008.jf.intel.com with ESMTP; 19 Jun 2019 01:40:54 -0700 Received: from fmsmsx115.amr.corp.intel.com (10.18.116.19) by fmsmsx104.amr.corp.intel.com (10.18.124.202) with Microsoft SMTP Server (TLS) id 14.3.439.0; Wed, 19 Jun 2019 01:40:53 -0700 Received: from shsmsx102.ccr.corp.intel.com (10.239.4.154) by fmsmsx115.amr.corp.intel.com (10.18.116.19) with Microsoft SMTP Server (TLS) id 14.3.439.0; Wed, 19 Jun 2019 01:40:53 -0700 Received: from shsmsx104.ccr.corp.intel.com ([169.254.5.185]) by shsmsx102.ccr.corp.intel.com ([169.254.2.33]) with mapi id 14.03.0439.000; Wed, 19 Jun 2019 16:40:51 +0800 From: "Xu, Wei6" To: "Wu, Hao A" , "devel@edk2.groups.io" CC: "Wang, Jian J" , "Zhang, Chao B" Subject: Re: [edk2-devel][Patch v2 3/7] MdeModulePkg: Add CapsuleOnDiskLoadPei PEIM. Thread-Topic: [edk2-devel][Patch v2 3/7] MdeModulePkg: Add CapsuleOnDiskLoadPei PEIM. Thread-Index: AQHVG7VWDRH77tard06o03RP9CjAuqaXKRmAgAuTrqA= Date: Wed, 19 Jun 2019 08:40:50 +0000 Message-ID: <59B8EAB3797CDB4091332F0685A110ED50D974C0@SHSMSX104.ccr.corp.intel.com> References: <20190605154203.11012-1-wei6.xu@intel.com> <20190605154203.11012-4-wei6.xu@intel.com> In-Reply-To: Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [10.239.127.40] MIME-Version: 1.0 Return-Path: wei6.xu@intel.com Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable > > + ASSERT_EFI_ERROR (Status); > > + > > + FileNameSize =3D PcdGetSize (PcdCoDRelocationFileName); Status =3D > > + PcdSetPtrS (PcdRecoveryFileName, &FileNameSize, (VOID *) > > PcdGetPtr(PcdCoDRelocationFileName)); >=20 >=20 > Buffer for 'PcdRecoveryFileName' may not be big enough to hold the conte= nt > in 'PcdCoDRelocationFileName'. >=20 > I think there might be a chance for the above PcdSetPtrS() call to fail. > Thanks a lot for the comments. Yes, 'PcdRecoveryFileName' should be larger than 'PcdCoDRelocationFileName= '. I think no need to update the code, since these two PCDs are fixed during = build time. I will update the description of 'PcdCoDRelocationFileName' to mention: it= must be smaller than 'PcdRecoveryFileName', otherwise failure may occur. Do you have comments about it? Thanks again. BR, Wei > -----Original Message----- > From: Wu, Hao A > Sent: Wednesday, June 12, 2019 3:49 PM > To: devel@edk2.groups.io; Xu, Wei6 > Cc: Wang, Jian J ; Zhang, Chao B > > Subject: RE: [edk2-devel][Patch v2 3/7] MdeModulePkg: Add > CapsuleOnDiskLoadPei PEIM. >=20 > > -----Original Message----- > > From: devel@edk2.groups.io [mailto:devel@edk2.groups.io] On Behalf Of > > Xu, > > Wei6 > > Sent: Wednesday, June 05, 2019 11:42 PM > > To: devel@edk2.groups.io > > Cc: Wang, Jian J; Wu, Hao A; Zhang, Chao B; Xu, Wei6 > > Subject: [edk2-devel][Patch v2 3/7] MdeModulePkg: Add > > CapsuleOnDiskLoadPei PEIM. > > > > BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D1852 > > > > This module provides PPI to load Capsule On Disk temp relocation file > > from Root Directory file system, retrieve the capsules from the temp > > file and create capsule hobs for these capsules. > > > > Cc: Jian J Wang > > Cc: Hao A Wu > > Cc: Chao B Zhang > > Signed-off-by: Wei6 Xu > > --- > > MdeModulePkg/MdeModulePkg.dsc | 4 + > > .../CapsuleOnDiskLoadPei/CapsuleOnDiskLoadPei.c | 442 > > +++++++++++++++++++++ > > .../CapsuleOnDiskLoadPei/CapsuleOnDiskLoadPei.inf | 64 +++ > > .../CapsuleOnDiskLoadPei/CapsuleOnDiskLoadPei.uni | 15 + > > .../CapsuleOnDiskLoadPeiExtra.uni | 14 + > > 5 files changed, 539 insertions(+) > > create mode 100644 > > > MdeModulePkg/Universal/CapsuleOnDiskLoadPei/CapsuleOnDiskLoadPei.c > > create mode 100644 > > > MdeModulePkg/Universal/CapsuleOnDiskLoadPei/CapsuleOnDiskLoadPei.in > > f > > create mode 100644 > > > MdeModulePkg/Universal/CapsuleOnDiskLoadPei/CapsuleOnDiskLoadPei.u > > ni > > create mode 100644 > > > MdeModulePkg/Universal/CapsuleOnDiskLoadPei/CapsuleOnDiskLoadPeiEx > > tra.uni >=20 > Since this a new module, could you help to follow the recommendation in > https://edk2.groups.io/g/devel/message/39655?p=3D,,,20,0,0,0::Created,,U= efi > DebugLibStdErr,20,2,0,31318888 >=20 > to add/update 'static' (lower case) for global variables/functions whose > scope is limited within a single file? >=20 > > > > diff --git a/MdeModulePkg/MdeModulePkg.dsc > > b/MdeModulePkg/MdeModulePkg.dsc index 995fd805e1..615edddbcc > 100644 > > --- a/MdeModulePkg/MdeModulePkg.dsc > > +++ b/MdeModulePkg/MdeModulePkg.dsc > > @@ -197,10 +197,13 @@ > > gEfiMdePkgTokenSpaceGuid.PcdReportStatusCodePropertyMask|0x06 > > > gEfiMdeModulePkgTokenSpaceGuid.PcdMaxSizeNonPopulateCapsule|0x0 > > gEfiMdeModulePkgTokenSpaceGuid.PcdMaxSizePopulateCapsule|0x0 > > > gEfiMdeModulePkgTokenSpaceGuid.PcdMaxPeiPerformanceLogEntries|28 > > > > +[PcdsDynamicExDefault] > > + > > > gEfiMdeModulePkgTokenSpaceGuid.PcdRecoveryFileName|L"FVMAIN.FV" > > + > > [Components] > > MdeModulePkg/Application/HelloWorld/HelloWorld.inf > > MdeModulePkg/Application/DumpDynPcd/DumpDynPcd.inf > > MdeModulePkg/Application/MemoryProfileInfo/MemoryProfileInfo.inf > > > > @@ -315,10 +318,11 @@ > > > > > NULL|MdeModulePkg/Library/BootMaintenanceManagerUiLib/BootMainte > > nanceManagerUiLib.inf > > } > > > > > MdeModulePkg/Universal/DriverHealthManagerDxe/DriverHealthManager > > Dxe.inf > > > > > MdeModulePkg/Universal/BootManagerPolicyDxe/BootManagerPolicyDxe.i > > nf > > MdeModulePkg/Universal/CapsulePei/CapsulePei.inf > > + > > > MdeModulePkg/Universal/CapsuleOnDiskLoadPei/CapsuleOnDiskLoadPei.in > > f > > MdeModulePkg/Universal/CapsuleRuntimeDxe/CapsuleRuntimeDxe.inf > > > MdeModulePkg/Universal/Console/ConPlatformDxe/ConPlatformDxe.inf > > MdeModulePkg/Universal/Console/ConSplitterDxe/ConSplitterDxe.inf > > > > > MdeModulePkg/Universal/Console/GraphicsConsoleDxe/GraphicsConsoleD > > xe.inf > > > > > MdeModulePkg/Universal/Console/GraphicsOutputDxe/GraphicsOutputDx > > e.inf > > diff --git > > > a/MdeModulePkg/Universal/CapsuleOnDiskLoadPei/CapsuleOnDiskLoadPei. > > c > > > b/MdeModulePkg/Universal/CapsuleOnDiskLoadPei/CapsuleOnDiskLoadPei. > > c > > new file mode 100644 > > index 0000000000..40d25f3d3b > > --- /dev/null > > +++ > > > b/MdeModulePkg/Universal/CapsuleOnDiskLoadPei/CapsuleOnDiskLoadPei. > > c > > @@ -0,0 +1,442 @@ > > +/** @file > > + Recovery module. > > + > > + Caution: This module requires additional review when modified. > > + This module will have external input - Capsule-on-Disk Temp > > + Relocation > > image. > > + This external input must be validated carefully to avoid security > > + issue like buffer overflow, integer overflow. > > + > > + RetrieveRelocatedCapsule() will receive untrusted input and do > > + basic > > validation. > > + > > + Copyright (c) 2019, Intel Corporation. All rights reserved.
> > + SPDX-License-Identifier: BSD-2-Clause-Patent > > + > > +**/ > > + > > +// > > +// The package level header files this module uses // #include > > + #include > > + > > +// > > +// The protocols, PPI and GUID defintions for this module // #include > > + #include > #include > > + #include #include > > + #include > > + > > +#include // // The Library classes this > > +module consumes // #include #include > > + #include > > +#include #include > > +#include #include > > +#include #include > > + > > + > > +/** > > + Loads a DXE capsule from some media into memory and updates the > HOB > > table > > + with the DXE firmware volume information. > > + > > + @param[in] PeiServices General-purpose services that are availab= le to > > every PEIM. > > + @param[in] This Indicates the EFI_PEI_RECOVERY_MODULE_PPI > > instance. > > + > > + @retval EFI_SUCCESS The capsule was loaded correctly. > > + @retval EFI_DEVICE_ERROR A device error occurred. > > + @retval EFI_NOT_FOUND A recovery DXE capsule cannot be found. > > + > > +**/ > > +EFI_STATUS > > +EFIAPI > > +LoadCapsuleOnDisk ( > > + IN EFI_PEI_SERVICES **PeiServices, > > + IN EFI_PEI_CAPSULE_ON_DISK_PPI *This > > + ); > > + > > +EFI_PEI_CAPSULE_ON_DISK_PPI mCapsuleOnDiskPpi =3D { > > + LoadCapsuleOnDisk > > +}; > > + > > +EFI_PEI_PPI_DESCRIPTOR mCapsuleOnDiskPpiList =3D { > > + (EFI_PEI_PPI_DESCRIPTOR_PPI | > > EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST), > > + &gEdkiiPeiCapsuleOnDiskPpiGuid, > > + &mCapsuleOnDiskPpi > > +}; > > + > > +/** > > + Determine if capsule comes from memory by checking Capsule PPI. > > + > > + @param[in] PeiServices General purpose services available to every > PEIM. > > + > > + @retval TRUE Capsule comes from memory. > > + @retval FALSE No capsule comes from memory. > > + > > +**/ > > +STATIC > > +BOOLEAN > > +CheckCapsuleFromRam ( > > + IN CONST EFI_PEI_SERVICES **PeiServices > > + ) > > +{ > > + EFI_STATUS Status; > > + PEI_CAPSULE_PPI *Capsule; > > + > > + Status =3D PeiServicesLocatePpi ( > > + &gPeiCapsulePpiGuid, >=20 >=20 > Suggest to use gEfiPeiCapsulePpiGuid here. > gPeiCapsulePpiGuid is kept for compatibility before PI Version 1.4. >=20 >=20 > > + 0, > > + NULL, > > + (VOID **) &Capsule > > + ); > > + if (!EFI_ERROR(Status)) { > > + Status =3D Capsule->CheckCapsuleUpdate ((EFI_PEI_SERVICES > > **)PeiServices); > > + if (!EFI_ERROR(Status)) { > > + return TRUE; > > + } > > + } > > + > > + return FALSE; > > +} > > + > > +/** > > + Determine if it is a Capsule On Disk mode. > > + > > + @retval TRUE Capsule On Disk mode. > > + @retval FALSE Not capsule On Disk mode. > > + > > +**/ > > +BOOLEAN > > +IsCapsuleOnDiskMode ( > > + VOID > > + ) > > +{ > > + EFI_STATUS Status; > > + UINTN Size; > > + EFI_PEI_READ_ONLY_VARIABLE2_PPI *PPIVariableServices; > > + BOOLEAN CodRelocInfo; > > + > > + Status =3D PeiServicesLocatePpi ( > > + &gEfiPeiReadOnlyVariable2PpiGuid, > > + 0, > > + NULL, > > + (VOID **) &PPIVariableServices > > + ); > > + ASSERT_EFI_ERROR (Status); > > + > > + Size =3D sizeof (BOOLEAN); > > + Status =3D PPIVariableServices->GetVariable ( > > + PPIVariableServices, > > + COD_RELOCATION_INFO_VAR_NAME, > > + &gEfiCapsuleVendorGuid, > > + NULL, > > + &Size, > > + &CodRelocInfo > > + ); > > + > > + if (EFI_ERROR (Status) || Size !=3D sizeof(BOOLEAN) || CodRelocInfo > > + !=3D TRUE) >=20 >=20 > For 'CodRelocInfo !=3D TRUE', variable of BOOLEAN type can be directly u= sed in > the 'if' statement without comparing with 'TRUE' or 'FALSE'. >=20 >=20 > > { > > + DEBUG (( DEBUG_ERROR, "Error Get CodRelocationInfo variable > > + %r!\n", > > Status)); > > + return FALSE; > > + } > > + > > + return TRUE; > > +} > > + > > +/** > > + Gets capsule images from relocated capsule buffer. > > + Create Capsule hob for each Capsule. > > + > > + Caution: This function may receive untrusted input. > > + Capsule-on-Disk Temp Relocation image is external input, so this > > + function will validate Capsule-on-Disk Temp Relocation image to > > + make sure the > > content > > + is read within the buffer. > > + > > + @param[in] RelocCapsuleBuf Buffer pointer to the relocated = capsule. > > + @param[in] RelocCapsuleTotalSize Total size of the relocated caps= ule. > > + > > + @retval EFI_SUCCESS Succeed to get capsules and create hob. > > + @retval Others Fail to get capsules and create hob. > > + > > +**/ > > +EFI_STATUS > > +EFIAPI > > +RetrieveRelocatedCapsule ( > > + IN UINT8 *RelocCapsuleBuf, > > + IN UINTN RelocCapsuleTotalSize > > + ) > > +{ > > + EFI_STATUS Status; > > + UINTN Index; > > + UINT8 *CapsuleDataBufEnd; > > + UINT8 *CapsulePtr; > > + UINT32 CapsuleSize; > > + UINT64 TotalImageSize; > > + UINTN CapsuleNum; > > + > > + CapsuleNum =3D 0; > > + > > + // > > + // Temp file contains at least 2 capsule (including 1 capsule name > > + capsule) > > & 1 UINT64 > > + // > > + if (RelocCapsuleTotalSize < sizeof(UINT64) + > > + sizeof(EFI_CAPSULE_HEADER) > > * 2) { > > + return EFI_INVALID_PARAMETER; > > + } > > + > > + CopyMem(&TotalImageSize, RelocCapsuleBuf, sizeof(UINT64)); > > + > > + DEBUG ((DEBUG_INFO, "ProcessRelocatedCapsule CapsuleBuf %x > > TotalCapSize %lx\n", > > + RelocCapsuleBuf, TotalImageSize)); > > + > > + RelocCapsuleBuf +=3D sizeof(UINT64); > > + > > + // > > + // TempCaspule file length check > > + // > > + if (MAX_ADDRESS - TotalImageSize <=3D sizeof(UINT64) || > > + (UINT64)RelocCapsuleTotalSize !=3D TotalImageSize + sizeof(UINT= 64) || > > + (UINTN)(MAX_ADDRESS - > > (PHYSICAL_ADDRESS)(UINTN)RelocCapsuleBuf) <=3D TotalImageSize) { > > + return EFI_INVALID_PARAMETER; > > + } > > + > > + CapsuleDataBufEnd =3D RelocCapsuleBuf + TotalImageSize; > > + > > + // > > + // TempCapsule file integrity check over Capsule Header to ensure > > + no data > > corruption in NV Var & Relocation storage > > + // > > + CapsulePtr =3D RelocCapsuleBuf; > > + > > + while (CapsulePtr < CapsuleDataBufEnd) { > > + if ((CapsuleDataBufEnd - CapsulePtr) < sizeof(EFI_CAPSULE_HEADER)= || > > + ((EFI_CAPSULE_HEADER *)CapsulePtr)->CapsuleImageSize < > > sizeof(EFI_CAPSULE_HEADER) || > > + (UINTN)(MAX_ADDRESS - (PHYSICAL_ADDRESS)(UINTN)CapsulePtr) < > > ((EFI_CAPSULE_HEADER *)CapsulePtr)->CapsuleImageSize > > + ) { > > + break; > > + } > > + CapsulePtr +=3D ((EFI_CAPSULE_HEADER *)CapsulePtr)- > >CapsuleImageSize; > > + CapsuleNum ++; > > + } > > + > > + if (CapsulePtr !=3D CapsuleDataBufEnd) { > > + Status =3D EFI_INVALID_PARAMETER; > > + goto EXIT; > > + } > > + > > + // > > + // Capsule count must be less than PcdCapsuleMax, avoid building > > + too > > many CvHobs to occupy all the free space in HobList. > > + // > > + if (CapsuleNum > PcdGet16 (PcdCapsuleMax)) { > > + Status =3D EFI_INVALID_PARAMETER; > > + goto EXIT; > > + } > > + > > + // > > + // Re-iterate the capsule buffer to create Capsule hob & Capsule > > + Name Str > > Hob for each Capsule saved in relocated capsule file > > + // > > + CapsulePtr =3D RelocCapsuleBuf; > > + Index =3D 0; > > + while (CapsulePtr < CapsuleDataBufEnd) { > > + CapsuleSize =3D ((EFI_CAPSULE_HEADER *)CapsulePtr)- > >CapsuleImageSize; > > + BuildCvHob ((EFI_PHYSICAL_ADDRESS)(UINTN)CapsulePtr, > > + CapsuleSize); > > + > > + DEBUG((DEBUG_INFO, "Capsule saved in address %x size %x\n", > > CapsulePtr, CapsuleSize)); > > + > > + CapsulePtr +=3D CapsuleSize; > > + Index++; > > + } > > + > > +EXIT: > > + > > + return Status; > > +} > > + > > +/** > > + Recovery module entrypoint > > + > > + @param[in] FileHandle Handle of the file being invoked. > > + @param[in] PeiServices Describes the list of possible PEI Services= . > > + > > + @return EFI_SUCCESS Recovery module is initialized. > > +**/ > > +EFI_STATUS > > +EFIAPI > > +InitializeCapsuleOnDiskLoad ( > > + IN EFI_PEI_FILE_HANDLE FileHandle, > > + IN CONST EFI_PEI_SERVICES **PeiServices > > + ) > > +{ > > + EFI_STATUS Status; > > + UINTN BootMode; > > + UINTN FileNameSize; > > + > > + BootMode =3D GetBootModeHob(); > > + ASSERT(BootMode =3D=3D BOOT_ON_FLASH_UPDATE); > > + > > + // > > + // If there are capsules provisioned in memory, quit. > > + // Only one capsule resource is accept, CapsuleOnRam's priority is > > + higher > > than CapsuleOnDisk. > > + // > > + if (CheckCapsuleFromRam(PeiServices)) { > > + DEBUG((DEBUG_ERROR, "Capsule On Memory Detected! Quit.\n")); > > + return EFI_ABORTED; > > + } > > + > > + DEBUG_CODE ( > > + VOID *CapsuleOnDiskModePpi; > > + > > + if (!IsCapsuleOnDiskMode()){ > > + return EFI_NOT_FOUND; > > + } > > + > > + // > > + // Check Capsule On Disk Relocation flag. If exists, load capsule & > > + create > > Capsule Hob > > + // > > + Status =3D PeiServicesLocatePpi ( > > + &gEfiPeiBootInCapsuleOnDiskModePpiGuid, > > + 0, > > + NULL, > > + (VOID **)&CapsuleOnDiskModePpi > > + ); > > + if (EFI_ERROR(Status)) { > > + DEBUG((DEBUG_ERROR, "Locate CapsuleOnDiskModePpi error %x\n", > > Status)); > > + return Status; > > + } > > + ); > > + > > + Status =3D (**PeiServices).InstallPpi (PeiServices, > > + &mCapsuleOnDiskPpiList); >=20 >=20 > Minor one, suggest to directly use PeiServicesInstallPpi(). >=20 >=20 > > + ASSERT_EFI_ERROR (Status); > > + > > + FileNameSize =3D PcdGetSize (PcdCoDRelocationFileName); Status =3D > > + PcdSetPtrS (PcdRecoveryFileName, &FileNameSize, (VOID *) > > PcdGetPtr(PcdCoDRelocationFileName)); >=20 >=20 > Buffer for 'PcdRecoveryFileName' may not be big enough to hold the conte= nt > in 'PcdCoDRelocationFileName'. >=20 > I think there might be a chance for the above PcdSetPtrS() call to fail. >=20 >=20 > > + ASSERT_EFI_ERROR (Status); > > + > > + return Status; > > +} > > + > > +/** > > + Loads a DXE capsule from some media into memory and updates the > HOB > > table > > + with the DXE firmware volume information. > > + > > + @param[in] PeiServices General-purpose services that are availab= le to > > every PEIM. > > + @param[in] This Indicates the EFI_PEI_RECOVERY_MODULE_PPI > > instance. > > + > > + @retval EFI_SUCCESS The capsule was loaded correctly. > > + @retval EFI_DEVICE_ERROR A device error occurred. > > + @retval EFI_NOT_FOUND A recovery DXE capsule cannot be found. > > + > > +**/ > > +EFI_STATUS > > +EFIAPI > > +LoadCapsuleOnDisk ( > > + IN EFI_PEI_SERVICES **PeiServices, > > + IN EFI_PEI_CAPSULE_ON_DISK_PPI *This > > + ) > > +{ > > + EFI_STATUS Status; > > + EFI_PEI_DEVICE_RECOVERY_MODULE_PPI *DeviceRecoveryPpi; > > + UINTN NumberRecoveryCapsules; > > + UINTN Instance; > > + UINTN CapsuleInstance; > > + UINTN CapsuleSize; > > + EFI_GUID CapsuleType; > > + VOID *CapsuleBuffer; > > + > > + DEBUG ((DEBUG_INFO | DEBUG_LOAD, "Load Capsule On Disk > Entry\n")); > > + > > + for (Instance =3D 0; ; Instance++) { > > + Status =3D PeiServicesLocatePpi ( > > + &gEfiPeiDeviceRecoveryModulePpiGuid, > > + Instance, > > + NULL, > > + (VOID **)&DeviceRecoveryPpi > > + ); > > + DEBUG ((DEBUG_INFO, "LoadCapsuleOnDisk - LocateRecoveryPpi (%d) > - > > %r\n", Instance, Status)); > > + if (EFI_ERROR (Status)) { > > + if (Instance =3D=3D 0) { > > + REPORT_STATUS_CODE ( > > + EFI_ERROR_CODE | EFI_ERROR_MAJOR, > > + (EFI_SOFTWARE_PEI_MODULE | > > EFI_SW_PEI_EC_RECOVERY_PPI_NOT_FOUND) > > + ); > > + } > > + break; > > + } > > + NumberRecoveryCapsules =3D 0; > > + Status =3D DeviceRecoveryPpi->GetNumberRecoveryCapsules ( > > + (EFI_PEI_SERVICES **)PeiServices, > > + DeviceRecoveryPpi, > > + &NumberRecoveryCapsules > > + ); > > + DEBUG ((DEBUG_INFO, "LoadCapsuleOnDisk - > > GetNumberRecoveryCapsules (%d) - %r\n", NumberRecoveryCapsules, > > Status)); > > + if (EFI_ERROR (Status)) { > > + continue; > > + } > > + > > + for (CapsuleInstance =3D 1; CapsuleInstance <=3D > > + NumberRecoveryCapsules; > > CapsuleInstance++) { > > + CapsuleSize =3D 0; > > + Status =3D DeviceRecoveryPpi->GetRecoveryCapsuleInfo ( > > + (EFI_PEI_SERVICES **)PeiServices, > > + DeviceRecoveryPpi, > > + CapsuleInstance, > > + &CapsuleSize, > > + &CapsuleType > > + ); > > + DEBUG ((DEBUG_INFO, "LoadCapsuleOnDisk - > GetRecoveryCapsuleInfo > > (%d - %x) - %r\n", CapsuleInstance, CapsuleSize, Status)); > > + if (EFI_ERROR (Status)) { > > + break; > > + } > > + > > + // > > + // Allocate the memory so that it gets preserved into DXE. > > + // Capsule is special because it may need to populate to system= table > > + // > > + CapsuleBuffer =3D AllocateRuntimePages (EFI_SIZE_TO_PAGES > > (CapsuleSize)); > > + > > + if (CapsuleBuffer =3D=3D NULL) { > > + DEBUG ((DEBUG_ERROR, "LoadCapsuleOnDisk - > > + AllocateRuntimePages > > fail\n")); > > + continue; > > + } > > + > > + Status =3D DeviceRecoveryPpi->LoadRecoveryCapsule ( > > + (EFI_PEI_SERVICES **)PeiServices, > > + DeviceRecoveryPpi, > > + CapsuleInstance, > > + CapsuleBuffer > > + ); > > + DEBUG ((DEBUG_INFO, "LoadCapsuleOnDisk - LoadRecoveryCapsule > > (%d) - %r\n", CapsuleInstance, Status)); > > + if (EFI_ERROR (Status)) { > > + FreePages (CapsuleBuffer, EFI_SIZE_TO_PAGES(CapsuleSize)); > > + break; > > + } > > + > > + // > > + // Capsule Update Mode, Split relocated Capsule buffer into > > + different > > capsule vehical hobs. > > + // > > + Status =3D RetrieveRelocatedCapsule(CapsuleBuffer, CapsuleSize)= ; > > + > > + break; > > + } > > + > > + if (EFI_ERROR (Status)) { > > + REPORT_STATUS_CODE ( > > + EFI_ERROR_CODE | EFI_ERROR_MAJOR, > > + (EFI_SOFTWARE_PEI_MODULE | > > EFI_SW_PEI_EC_NO_RECOVERY_CAPSULE) > > + ); > > + } > > + > > + return Status; > > + } > > + > > + // > > + // Any attack against GPT, Relocation Info Variable or temp > > + relocation file > > will result in no Capsule HOB and return EFI_NOT_FOUND. > > + // After flow to DXE phase. since no capsule hob is detected. > > + Platform will > > clear Info flag and force restart. > > + // No volunerability will be exposed // > > + > > + return EFI_NOT_FOUND; > > +} > > diff --git > > > a/MdeModulePkg/Universal/CapsuleOnDiskLoadPei/CapsuleOnDiskLoadPei. > > inf > > > b/MdeModulePkg/Universal/CapsuleOnDiskLoadPei/CapsuleOnDiskLoadPei. > > inf > > new file mode 100644 > > index 0000000000..4af07440b7 > > --- /dev/null > > +++ > > > b/MdeModulePkg/Universal/CapsuleOnDiskLoadPei/CapsuleOnDiskLoadPei. > > inf > > @@ -0,0 +1,64 @@ > > +## @file > > +# Load Capsule on Disk module. > > +# > > +# Load Capsule On Disk from Root Directory file system. Create CV hob > > +# based on temporary Capsule On Disk file. > > +# > > +# Copyright (c) 2019, Intel Corporation. All rights reserved.
# # > > +SPDX-License-Identifier: BSD-2-Clause-Patent # ## > > + > > +[Defines] > > + INF_VERSION =3D 0x00010005 > > + BASE_NAME =3D CapsuleOnDiskLoadPei > > + MODULE_UNI_FILE =3D CapsuleOnDiskLoadPei.uni > > + FILE_GUID =3D 8ADEDF9E-2EC8-40fb-AE56-B76D9022= 5D2D > > + MODULE_TYPE =3D PEIM > > + VERSION_STRING =3D 1.0 > > + ENTRY_POINT =3D InitializeCapsuleOnDiskLoad > > + > > +# > > +# The following information is for reference only and not required by > > +the > > build tools. > > +# > > +# VALID_ARCHITECTURES =3D IA32 X64 EBC > > +# > > + > > +[Sources] > > + CapsuleOnDiskLoadPei.c > > + > > +[Packages] > > + MdePkg/MdePkg.dec > > + MdeModulePkg/MdeModulePkg.dec > > + > > +[LibraryClasses] > > + PeimEntryPoint > > + DebugLib > > + HobLib > > + BaseMemoryLib > > + MemoryAllocationLib > > + ReportStatusCodeLib > > + > > +[Ppis] > > + gEdkiiPeiCapsuleOnDiskPpiGuid ## PRODUCES > > + gEfiPeiReadOnlyVariable2PpiGuid ## CONSUMES > > + gEfiPeiBootInCapsuleOnDiskModePpiGuid ## SOMETIMES_CONSUMES > > + gEfiPeiDeviceRecoveryModulePpiGuid ## CONSUMES > > + gPeiCapsulePpiGuid ## CONSUMES >=20 >=20 > Suggest to use gEfiPeiCapsulePpiGuid here. > gPeiCapsulePpiGuid is kept for compatibility before PI Version 1.4. >=20 >=20 > > + > > +[Guids] > > + gEfiCapsuleVendorGuid ## SOMETIMES_CONSUMES ## > Variable > > L"CodRelocationInfo" > > + > > +[Pcd] > > + gEfiMdeModulePkgTokenSpaceGuid.PcdCoDRelocationFileName > > ## CONSUMES > > + gEfiMdeModulePkgTokenSpaceGuid.PcdCapsuleMax = ## > > CONSUMES > > + > > +[PcdEx] > > + gEfiMdeModulePkgTokenSpaceGuid.PcdRecoveryFileName > ## > > PRODUCES > > + > > +[depex] >=20 >=20 > Minor comment: > [depex] -> [Depex] >=20 > Best Regards, > Hao Wu >=20 >=20 > > + gEfiPeiBootInCapsuleOnD > iskModePpiGuid > > + > > +[UserExtensions.TianoCore."ExtraFiles"] > > + CapsuleOnDiskLoadPeiExtra.uni > > diff --git > > > a/MdeModulePkg/Universal/CapsuleOnDiskLoadPei/CapsuleOnDiskLoadPei. > > uni > > > b/MdeModulePkg/Universal/CapsuleOnDiskLoadPei/CapsuleOnDiskLoadPei. > > uni > > new file mode 100644 > > index 0000000000..c3eae6a5c2 > > --- /dev/null > > +++ > > > b/MdeModulePkg/Universal/CapsuleOnDiskLoadPei/CapsuleOnDiskLoadPei. > > uni > > @@ -0,0 +1,15 @@ > > +// /** @file > > +// Caspule On Disk Load module. > > +// > > +// Load Capsule On Disk and build CV hob. > > +// > > +// Copyright (c) 2019, Intel Corporation. All rights reserved.
// > > +// SPDX-License-Identifier: BSD-2-Clause-Patent // // **/ > > + > > + > > +#string STR_MODULE_ABSTRACT #language en-US "Caspule On D= isk > > Load module." > > + > > +#string STR_MODULE_DESCRIPTION #language en-US "Load Capsule > > On Disk and build CV hob." > > diff --git > > > a/MdeModulePkg/Universal/CapsuleOnDiskLoadPei/CapsuleOnDiskLoadPei > > Extra.uni > > > b/MdeModulePkg/Universal/CapsuleOnDiskLoadPei/CapsuleOnDiskLoadPei > > Extra.uni > > new file mode 100644 > > index 0000000000..81034f6294 > > --- /dev/null > > +++ > > > b/MdeModulePkg/Universal/CapsuleOnDiskLoadPei/CapsuleOnDiskLoadPei > > Extra.uni > > @@ -0,0 +1,14 @@ > > +// /** @file > > +// CapsuleOnDiskLoadPei Localized Strings and Content // // Copyright > > +(c) 2019, Intel Corporation. All rights reserved.
// // > > +SPDX-License-Identifier: BSD-2-Clause-Patent // // **/ > > + > > +#string STR_PROPERTIES_MODULE_NAME > > +#language en-US > > +"CapsuleOnDiskLoad PEI Driver" > > + > > + > > -- > > 2.16.2.windows.1 > > > > > >=20