From mboxrd@z Thu Jan 1 00:00:00 1970 Authentication-Results: mx.groups.io; dkim=missing; spf=pass (domain: intel.com, ip: 192.55.52.151, mailfrom: ray.ni@intel.com) Received: from mga17.intel.com (mga17.intel.com [192.55.52.151]) by groups.io with SMTP; Wed, 19 Jun 2019 01:59:41 -0700 X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga003.jf.intel.com ([10.7.209.27]) by fmsmga107.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 19 Jun 2019 01:59:40 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.63,392,1557212400"; d="scan'208";a="162152164" Received: from fmsmsx103.amr.corp.intel.com ([10.18.124.201]) by orsmga003.jf.intel.com with ESMTP; 19 Jun 2019 01:59:40 -0700 Received: from fmsmsx111.amr.corp.intel.com (10.18.116.5) by FMSMSX103.amr.corp.intel.com (10.18.124.201) with Microsoft SMTP Server (TLS) id 14.3.439.0; Wed, 19 Jun 2019 01:59:40 -0700 Received: from shsmsx153.ccr.corp.intel.com (10.239.6.53) by fmsmsx111.amr.corp.intel.com (10.18.116.5) with Microsoft SMTP Server (TLS) id 14.3.439.0; Wed, 19 Jun 2019 01:59:39 -0700 Received: from shsmsx104.ccr.corp.intel.com ([169.254.5.185]) by SHSMSX153.ccr.corp.intel.com ([169.254.12.76]) with mapi id 14.03.0439.000; Wed, 19 Jun 2019 16:59:37 +0800 From: "Ni, Ray" To: "devel@edk2.groups.io" , "Xu, Wei6" , "Wu, Hao A" CC: "Wang, Jian J" , "Zhang, Chao B" Subject: Re: [edk2-devel][Patch v2 3/7] MdeModulePkg: Add CapsuleOnDiskLoadPei PEIM. Thread-Topic: [edk2-devel][Patch v2 3/7] MdeModulePkg: Add CapsuleOnDiskLoadPei PEIM. Thread-Index: AQHVG7VIg0hA3GiQKEyGg0ECGi0Er6aXKRmAgAsOxQCAAIsVIA== Date: Wed, 19 Jun 2019 08:59:37 +0000 Message-ID: <734D49CCEBEEF84792F5B80ED585239D5C1DAD46@SHSMSX104.ccr.corp.intel.com> References: <20190605154203.11012-1-wei6.xu@intel.com> <20190605154203.11012-4-wei6.xu@intel.com> <59B8EAB3797CDB4091332F0685A110ED50D974C0@SHSMSX104.ccr.corp.intel.com> In-Reply-To: <59B8EAB3797CDB4091332F0685A110ED50D974C0@SHSMSX104.ccr.corp.intel.com> Accept-Language: en-US, zh-CN X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [10.239.127.40] MIME-Version: 1.0 Return-Path: ray.ni@intel.com Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable > -----Original Message----- > From: devel@edk2.groups.io On Behalf Of Xu, > Wei6 > Sent: Wednesday, June 19, 2019 4:41 PM > To: Wu, Hao A ; devel@edk2.groups.io > Cc: Wang, Jian J ; Zhang, Chao B > > Subject: Re: [edk2-devel][Patch v2 3/7] MdeModulePkg: Add > CapsuleOnDiskLoadPei PEIM. >=20 > > > + ASSERT_EFI_ERROR (Status); > > > + > > > + FileNameSize =3D PcdGetSize (PcdCoDRelocationFileName); Status = =3D > > > + PcdSetPtrS (PcdRecoveryFileName, &FileNameSize, (VOID *) > > > PcdGetPtr(PcdCoDRelocationFileName)); > > > > > > Buffer for 'PcdRecoveryFileName' may not be big enough to hold the > > content in 'PcdCoDRelocationFileName'. > > > > I think there might be a chance for the above PcdSetPtrS() call to fai= l. > > >=20 >=20 > Thanks a lot for the comments. > Yes, 'PcdRecoveryFileName' should be larger than > 'PcdCoDRelocationFileName'. > I think no need to update the code, since these two PCDs are fixed durin= g > build time. > I will update the description of 'PcdCoDRelocationFileName' to mention: = it > must be smaller than 'PcdRecoveryFileName', otherwise failure may occur. But your code doesn't check the status of PcdSetPtrS(). >=20 > Do you have comments about it? > Thanks again. >=20 >=20 > BR, > Wei >=20 > > -----Original Message----- > > From: Wu, Hao A > > Sent: Wednesday, June 12, 2019 3:49 PM > > To: devel@edk2.groups.io; Xu, Wei6 > > Cc: Wang, Jian J ; Zhang, Chao B > > > > Subject: RE: [edk2-devel][Patch v2 3/7] MdeModulePkg: Add > > CapsuleOnDiskLoadPei PEIM. > > > > > -----Original Message----- > > > From: devel@edk2.groups.io [mailto:devel@edk2.groups.io] On Behalf > > > Of Xu, > > > Wei6 > > > Sent: Wednesday, June 05, 2019 11:42 PM > > > To: devel@edk2.groups.io > > > Cc: Wang, Jian J; Wu, Hao A; Zhang, Chao B; Xu, Wei6 > > > Subject: [edk2-devel][Patch v2 3/7] MdeModulePkg: Add > > > CapsuleOnDiskLoadPei PEIM. > > > > > > BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D1852 > > > > > > This module provides PPI to load Capsule On Disk temp relocation > > > file from Root Directory file system, retrieve the capsules from the > > > temp file and create capsule hobs for these capsules. > > > > > > Cc: Jian J Wang > > > Cc: Hao A Wu > > > Cc: Chao B Zhang > > > Signed-off-by: Wei6 Xu > > > --- > > > MdeModulePkg/MdeModulePkg.dsc | 4 + > > > .../CapsuleOnDiskLoadPei/CapsuleOnDiskLoadPei.c | 442 > > > +++++++++++++++++++++ > > > .../CapsuleOnDiskLoadPei/CapsuleOnDiskLoadPei.inf | 64 +++ > > > .../CapsuleOnDiskLoadPei/CapsuleOnDiskLoadPei.uni | 15 + > > > .../CapsuleOnDiskLoadPeiExtra.uni | 14 + > > > 5 files changed, 539 insertions(+) > > > create mode 100644 > > > > > > MdeModulePkg/Universal/CapsuleOnDiskLoadPei/CapsuleOnDiskLoadPei.c > > > create mode 100644 > > > > > > MdeModulePkg/Universal/CapsuleOnDiskLoadPei/CapsuleOnDiskLoadPei.in > > > f > > > create mode 100644 > > > > > > MdeModulePkg/Universal/CapsuleOnDiskLoadPei/CapsuleOnDiskLoadPei.u > > > ni > > > create mode 100644 > > > > > > MdeModulePkg/Universal/CapsuleOnDiskLoadPei/CapsuleOnDiskLoadPeiEx > > > tra.uni > > > > Since this a new module, could you help to follow the recommendation > > in > > https://edk2.groups.io/g/devel/message/39655?p=3D,,,20,0,0,0::Created,= ,U > > efi > > DebugLibStdErr,20,2,0,31318888 > > > > to add/update 'static' (lower case) for global variables/functions > > whose scope is limited within a single file? > > > > > > > > diff --git a/MdeModulePkg/MdeModulePkg.dsc > > > b/MdeModulePkg/MdeModulePkg.dsc index 995fd805e1..615edddbcc > > 100644 > > > --- a/MdeModulePkg/MdeModulePkg.dsc > > > +++ b/MdeModulePkg/MdeModulePkg.dsc > > > @@ -197,10 +197,13 @@ > > > gEfiMdePkgTokenSpaceGuid.PcdReportStatusCodePropertyMask|0x06 > > > > > gEfiMdeModulePkgTokenSpaceGuid.PcdMaxSizeNonPopulateCapsule|0x0 > > > gEfiMdeModulePkgTokenSpaceGuid.PcdMaxSizePopulateCapsule|0x0 > > > > > > gEfiMdeModulePkgTokenSpaceGuid.PcdMaxPeiPerformanceLogEntries|28 > > > > > > +[PcdsDynamicExDefault] > > > + > > > > > > gEfiMdeModulePkgTokenSpaceGuid.PcdRecoveryFileName|L"FVMAIN.FV" > > > + > > > [Components] > > > MdeModulePkg/Application/HelloWorld/HelloWorld.inf > > > MdeModulePkg/Application/DumpDynPcd/DumpDynPcd.inf > > > > MdeModulePkg/Application/MemoryProfileInfo/MemoryProfileInfo.inf > > > > > > @@ -315,10 +318,11 @@ > > > > > > > > > NULL|MdeModulePkg/Library/BootMaintenanceManagerUiLib/BootMainte > > > nanceManagerUiLib.inf > > > } > > > > > > > > > MdeModulePkg/Universal/DriverHealthManagerDxe/DriverHealthManager > > > Dxe.inf > > > > > > > > > MdeModulePkg/Universal/BootManagerPolicyDxe/BootManagerPolicyDxe.i > > > nf > > > MdeModulePkg/Universal/CapsulePei/CapsulePei.inf > > > + > > > > > > MdeModulePkg/Universal/CapsuleOnDiskLoadPei/CapsuleOnDiskLoadPei.in > > > f > > > > MdeModulePkg/Universal/CapsuleRuntimeDxe/CapsuleRuntimeDxe.inf > > > > > MdeModulePkg/Universal/Console/ConPlatformDxe/ConPlatformDxe.inf > > > MdeModulePkg/Universal/Console/ConSplitterDxe/ConSplitterDxe.inf > > > > > > > > > MdeModulePkg/Universal/Console/GraphicsConsoleDxe/GraphicsConsoleD > > > xe.inf > > > > > > > > > MdeModulePkg/Universal/Console/GraphicsOutputDxe/GraphicsOutputDx > > > e.inf > > > diff --git > > > > > > a/MdeModulePkg/Universal/CapsuleOnDiskLoadPei/CapsuleOnDiskLoadPei. > > > c > > > > > > b/MdeModulePkg/Universal/CapsuleOnDiskLoadPei/CapsuleOnDiskLoadPei. > > > c > > > new file mode 100644 > > > index 0000000000..40d25f3d3b > > > --- /dev/null > > > +++ > > > > > > b/MdeModulePkg/Universal/CapsuleOnDiskLoadPei/CapsuleOnDiskLoadPei. > > > c > > > @@ -0,0 +1,442 @@ > > > +/** @file > > > + Recovery module. > > > + > > > + Caution: This module requires additional review when modified. > > > + This module will have external input - Capsule-on-Disk Temp > > > + Relocation > > > image. > > > + This external input must be validated carefully to avoid security > > > + issue like buffer overflow, integer overflow. > > > + > > > + RetrieveRelocatedCapsule() will receive untrusted input and do > > > + basic > > > validation. > > > + > > > + Copyright (c) 2019, Intel Corporation. All rights reserved.
> > > + SPDX-License-Identifier: BSD-2-Clause-Patent > > > + > > > +**/ > > > + > > > +// > > > +// The package level header files this module uses // #include > > > + #include > > > + > > > +// > > > +// The protocols, PPI and GUID defintions for this module // > > > +#include #include > > > #include > > > + #include #include > > > + #include > > > + > > > +#include // // The Library classes > > > +this module consumes // #include #include > > > + #include > > > +#include #include > > > +#include #include > > > + #include #include > > > + > > > + > > > +/** > > > + Loads a DXE capsule from some media into memory and updates the > > HOB > > > table > > > + with the DXE firmware volume information. > > > + > > > + @param[in] PeiServices General-purpose services that are avail= able > to > > > every PEIM. > > > + @param[in] This Indicates the EFI_PEI_RECOVERY_MODULE_P= PI > > > instance. > > > + > > > + @retval EFI_SUCCESS The capsule was loaded correctly. > > > + @retval EFI_DEVICE_ERROR A device error occurred. > > > + @retval EFI_NOT_FOUND A recovery DXE capsule cannot be found= . > > > + > > > +**/ > > > +EFI_STATUS > > > +EFIAPI > > > +LoadCapsuleOnDisk ( > > > + IN EFI_PEI_SERVICES **PeiServices, > > > + IN EFI_PEI_CAPSULE_ON_DISK_PPI *This > > > + ); > > > + > > > +EFI_PEI_CAPSULE_ON_DISK_PPI mCapsuleOnDiskPpi =3D { > > > + LoadCapsuleOnDisk > > > +}; > > > + > > > +EFI_PEI_PPI_DESCRIPTOR mCapsuleOnDiskPpiList =3D { > > > + (EFI_PEI_PPI_DESCRIPTOR_PPI | > > > EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST), > > > + &gEdkiiPeiCapsuleOnDiskPpiGuid, > > > + &mCapsuleOnDiskPpi > > > +}; > > > + > > > +/** > > > + Determine if capsule comes from memory by checking Capsule PPI. > > > + > > > + @param[in] PeiServices General purpose services available to > > > + every > > PEIM. > > > + > > > + @retval TRUE Capsule comes from memory. > > > + @retval FALSE No capsule comes from memory. > > > + > > > +**/ > > > +STATIC > > > +BOOLEAN > > > +CheckCapsuleFromRam ( > > > + IN CONST EFI_PEI_SERVICES **PeiServices > > > + ) > > > +{ > > > + EFI_STATUS Status; > > > + PEI_CAPSULE_PPI *Capsule; > > > + > > > + Status =3D PeiServicesLocatePpi ( > > > + &gPeiCapsulePpiGuid, > > > > > > Suggest to use gEfiPeiCapsulePpiGuid here. > > gPeiCapsulePpiGuid is kept for compatibility before PI Version 1.4. > > > > > > > + 0, > > > + NULL, > > > + (VOID **) &Capsule > > > + ); > > > + if (!EFI_ERROR(Status)) { > > > + Status =3D Capsule->CheckCapsuleUpdate ((EFI_PEI_SERVICES > > > **)PeiServices); > > > + if (!EFI_ERROR(Status)) { > > > + return TRUE; > > > + } > > > + } > > > + > > > + return FALSE; > > > +} > > > + > > > +/** > > > + Determine if it is a Capsule On Disk mode. > > > + > > > + @retval TRUE Capsule On Disk mode. > > > + @retval FALSE Not capsule On Disk mode. > > > + > > > +**/ > > > +BOOLEAN > > > +IsCapsuleOnDiskMode ( > > > + VOID > > > + ) > > > +{ > > > + EFI_STATUS Status; > > > + UINTN Size; > > > + EFI_PEI_READ_ONLY_VARIABLE2_PPI *PPIVariableServices; > > > + BOOLEAN CodRelocInfo; > > > + > > > + Status =3D PeiServicesLocatePpi ( > > > + &gEfiPeiReadOnlyVariable2PpiGuid, > > > + 0, > > > + NULL, > > > + (VOID **) &PPIVariableServices > > > + ); > > > + ASSERT_EFI_ERROR (Status); > > > + > > > + Size =3D sizeof (BOOLEAN); > > > + Status =3D PPIVariableServices->GetVariable ( > > > + PPIVariableServices, > > > + COD_RELOCATION_INFO_VAR_NAME, > > > + &gEfiCapsuleVendorGuid, > > > + NULL, > > > + &Size, > > > + &CodRelocInfo > > > + ); > > > + > > > + if (EFI_ERROR (Status) || Size !=3D sizeof(BOOLEAN) || CodRelocIn= fo > > > + !=3D TRUE) > > > > > > For 'CodRelocInfo !=3D TRUE', variable of BOOLEAN type can be directly > > used in the 'if' statement without comparing with 'TRUE' or 'FALSE'. > > > > > > > { > > > + DEBUG (( DEBUG_ERROR, "Error Get CodRelocationInfo variable > > > + %r!\n", > > > Status)); > > > + return FALSE; > > > + } > > > + > > > + return TRUE; > > > +} > > > + > > > +/** > > > + Gets capsule images from relocated capsule buffer. > > > + Create Capsule hob for each Capsule. > > > + > > > + Caution: This function may receive untrusted input. > > > + Capsule-on-Disk Temp Relocation image is external input, so this > > > + function will validate Capsule-on-Disk Temp Relocation image to > > > + make sure the > > > content > > > + is read within the buffer. > > > + > > > + @param[in] RelocCapsuleBuf Buffer pointer to the relocate= d > capsule. > > > + @param[in] RelocCapsuleTotalSize Total size of the relocated ca= psule. > > > + > > > + @retval EFI_SUCCESS Succeed to get capsules and create hob. > > > + @retval Others Fail to get capsules and create hob. > > > + > > > +**/ > > > +EFI_STATUS > > > +EFIAPI > > > +RetrieveRelocatedCapsule ( > > > + IN UINT8 *RelocCapsuleBuf, > > > + IN UINTN RelocCapsuleTotalSize > > > + ) > > > +{ > > > + EFI_STATUS Status; > > > + UINTN Index; > > > + UINT8 *CapsuleDataBufEnd; > > > + UINT8 *CapsulePtr; > > > + UINT32 CapsuleSize; > > > + UINT64 TotalImageSize; > > > + UINTN CapsuleNum; > > > + > > > + CapsuleNum =3D 0; > > > + > > > + // > > > + // Temp file contains at least 2 capsule (including 1 capsule > > > + name > > > + capsule) > > > & 1 UINT64 > > > + // > > > + if (RelocCapsuleTotalSize < sizeof(UINT64) + > > > + sizeof(EFI_CAPSULE_HEADER) > > > * 2) { > > > + return EFI_INVALID_PARAMETER; > > > + } > > > + > > > + CopyMem(&TotalImageSize, RelocCapsuleBuf, sizeof(UINT64)); > > > + > > > + DEBUG ((DEBUG_INFO, "ProcessRelocatedCapsule CapsuleBuf %x > > > TotalCapSize %lx\n", > > > + RelocCapsuleBuf, TotalImageSize)); > > > + > > > + RelocCapsuleBuf +=3D sizeof(UINT64); > > > + > > > + // > > > + // TempCaspule file length check > > > + // > > > + if (MAX_ADDRESS - TotalImageSize <=3D sizeof(UINT64) || > > > + (UINT64)RelocCapsuleTotalSize !=3D TotalImageSize + sizeof(UI= NT64) > || > > > + (UINTN)(MAX_ADDRESS - > > > (PHYSICAL_ADDRESS)(UINTN)RelocCapsuleBuf) <=3D TotalImageSize) { > > > + return EFI_INVALID_PARAMETER; > > > + } > > > + > > > + CapsuleDataBufEnd =3D RelocCapsuleBuf + TotalImageSize; > > > + > > > + // > > > + // TempCapsule file integrity check over Capsule Header to ensure > > > + no data > > > corruption in NV Var & Relocation storage > > > + // > > > + CapsulePtr =3D RelocCapsuleBuf; > > > + > > > + while (CapsulePtr < CapsuleDataBufEnd) { > > > + if ((CapsuleDataBufEnd - CapsulePtr) < sizeof(EFI_CAPSULE_HEADE= R) > || > > > + ((EFI_CAPSULE_HEADER *)CapsulePtr)->CapsuleImageSize < > > > sizeof(EFI_CAPSULE_HEADER) || > > > + (UINTN)(MAX_ADDRESS - (PHYSICAL_ADDRESS)(UINTN)CapsulePtr) > > > + < > > > ((EFI_CAPSULE_HEADER *)CapsulePtr)->CapsuleImageSize > > > + ) { > > > + break; > > > + } > > > + CapsulePtr +=3D ((EFI_CAPSULE_HEADER *)CapsulePtr)- > > >CapsuleImageSize; > > > + CapsuleNum ++; > > > + } > > > + > > > + if (CapsulePtr !=3D CapsuleDataBufEnd) { > > > + Status =3D EFI_INVALID_PARAMETER; > > > + goto EXIT; > > > + } > > > + > > > + // > > > + // Capsule count must be less than PcdCapsuleMax, avoid building > > > + too > > > many CvHobs to occupy all the free space in HobList. > > > + // > > > + if (CapsuleNum > PcdGet16 (PcdCapsuleMax)) { > > > + Status =3D EFI_INVALID_PARAMETER; > > > + goto EXIT; > > > + } > > > + > > > + // > > > + // Re-iterate the capsule buffer to create Capsule hob & Capsule > > > + Name Str > > > Hob for each Capsule saved in relocated capsule file > > > + // > > > + CapsulePtr =3D RelocCapsuleBuf; > > > + Index =3D 0; > > > + while (CapsulePtr < CapsuleDataBufEnd) { > > > + CapsuleSize =3D ((EFI_CAPSULE_HEADER *)CapsulePtr)- > > >CapsuleImageSize; > > > + BuildCvHob ((EFI_PHYSICAL_ADDRESS)(UINTN)CapsulePtr, > > > + CapsuleSize); > > > + > > > + DEBUG((DEBUG_INFO, "Capsule saved in address %x size %x\n", > > > CapsulePtr, CapsuleSize)); > > > + > > > + CapsulePtr +=3D CapsuleSize; > > > + Index++; > > > + } > > > + > > > +EXIT: > > > + > > > + return Status; > > > +} > > > + > > > +/** > > > + Recovery module entrypoint > > > + > > > + @param[in] FileHandle Handle of the file being invoked. > > > + @param[in] PeiServices Describes the list of possible PEI Servic= es. > > > + > > > + @return EFI_SUCCESS Recovery module is initialized. > > > +**/ > > > +EFI_STATUS > > > +EFIAPI > > > +InitializeCapsuleOnDiskLoad ( > > > + IN EFI_PEI_FILE_HANDLE FileHandle, > > > + IN CONST EFI_PEI_SERVICES **PeiServices > > > + ) > > > +{ > > > + EFI_STATUS Status; > > > + UINTN BootMode; > > > + UINTN FileNameSize; > > > + > > > + BootMode =3D GetBootModeHob(); > > > + ASSERT(BootMode =3D=3D BOOT_ON_FLASH_UPDATE); > > > + > > > + // > > > + // If there are capsules provisioned in memory, quit. > > > + // Only one capsule resource is accept, CapsuleOnRam's priority > > > + is higher > > > than CapsuleOnDisk. > > > + // > > > + if (CheckCapsuleFromRam(PeiServices)) { > > > + DEBUG((DEBUG_ERROR, "Capsule On Memory Detected! Quit.\n")); > > > + return EFI_ABORTED; > > > + } > > > + > > > + DEBUG_CODE ( > > > + VOID *CapsuleOnDiskModePpi; > > > + > > > + if (!IsCapsuleOnDiskMode()){ > > > + return EFI_NOT_FOUND; > > > + } > > > + > > > + // > > > + // Check Capsule On Disk Relocation flag. If exists, load capsule > > > + & create > > > Capsule Hob > > > + // > > > + Status =3D PeiServicesLocatePpi ( > > > + &gEfiPeiBootInCapsuleOnDiskModePpiGuid, > > > + 0, > > > + NULL, > > > + (VOID **)&CapsuleOnDiskModePpi > > > + ); > > > + if (EFI_ERROR(Status)) { > > > + DEBUG((DEBUG_ERROR, "Locate CapsuleOnDiskModePpi > error %x\n", > > > Status)); > > > + return Status; > > > + } > > > + ); > > > + > > > + Status =3D (**PeiServices).InstallPpi (PeiServices, > > > + &mCapsuleOnDiskPpiList); > > > > > > Minor one, suggest to directly use PeiServicesInstallPpi(). > > > > > > > + ASSERT_EFI_ERROR (Status); > > > + > > > + FileNameSize =3D PcdGetSize (PcdCoDRelocationFileName); Status = =3D > > > + PcdSetPtrS (PcdRecoveryFileName, &FileNameSize, (VOID *) > > > PcdGetPtr(PcdCoDRelocationFileName)); > > > > > > Buffer for 'PcdRecoveryFileName' may not be big enough to hold the > > content in 'PcdCoDRelocationFileName'. > > > > I think there might be a chance for the above PcdSetPtrS() call to fai= l. > > > > > > > + ASSERT_EFI_ERROR (Status); > > > + > > > + return Status; > > > +} > > > + > > > +/** > > > + Loads a DXE capsule from some media into memory and updates the > > HOB > > > table > > > + with the DXE firmware volume information. > > > + > > > + @param[in] PeiServices General-purpose services that are avail= able > to > > > every PEIM. > > > + @param[in] This Indicates the EFI_PEI_RECOVERY_MODULE_P= PI > > > instance. > > > + > > > + @retval EFI_SUCCESS The capsule was loaded correctly. > > > + @retval EFI_DEVICE_ERROR A device error occurred. > > > + @retval EFI_NOT_FOUND A recovery DXE capsule cannot be found= . > > > + > > > +**/ > > > +EFI_STATUS > > > +EFIAPI > > > +LoadCapsuleOnDisk ( > > > + IN EFI_PEI_SERVICES **PeiServices, > > > + IN EFI_PEI_CAPSULE_ON_DISK_PPI *This > > > + ) > > > +{ > > > + EFI_STATUS Status; > > > + EFI_PEI_DEVICE_RECOVERY_MODULE_PPI *DeviceRecoveryPpi; > > > + UINTN NumberRecoveryCapsules; > > > + UINTN Instance; > > > + UINTN CapsuleInstance; > > > + UINTN CapsuleSize; > > > + EFI_GUID CapsuleType; > > > + VOID *CapsuleBuffer; > > > + > > > + DEBUG ((DEBUG_INFO | DEBUG_LOAD, "Load Capsule On Disk > > Entry\n")); > > > + > > > + for (Instance =3D 0; ; Instance++) { > > > + Status =3D PeiServicesLocatePpi ( > > > + &gEfiPeiDeviceRecoveryModulePpiGuid, > > > + Instance, > > > + NULL, > > > + (VOID **)&DeviceRecoveryPpi > > > + ); > > > + DEBUG ((DEBUG_INFO, "LoadCapsuleOnDisk - LocateRecoveryPpi (%d) > > - > > > %r\n", Instance, Status)); > > > + if (EFI_ERROR (Status)) { > > > + if (Instance =3D=3D 0) { > > > + REPORT_STATUS_CODE ( > > > + EFI_ERROR_CODE | EFI_ERROR_MAJOR, > > > + (EFI_SOFTWARE_PEI_MODULE | > > > EFI_SW_PEI_EC_RECOVERY_PPI_NOT_FOUND) > > > + ); > > > + } > > > + break; > > > + } > > > + NumberRecoveryCapsules =3D 0; > > > + Status =3D DeviceRecoveryPpi->GetNumberRecoveryCapsules ( > > > + (EFI_PEI_SERVICES **)PeiServices, > > > + DeviceRecoveryPpi, > > > + &NumberRecoveryCapsules > > > + ); > > > + DEBUG ((DEBUG_INFO, "LoadCapsuleOnDisk - > > > GetNumberRecoveryCapsules (%d) - %r\n", NumberRecoveryCapsules, > > > Status)); > > > + if (EFI_ERROR (Status)) { > > > + continue; > > > + } > > > + > > > + for (CapsuleInstance =3D 1; CapsuleInstance <=3D > > > + NumberRecoveryCapsules; > > > CapsuleInstance++) { > > > + CapsuleSize =3D 0; > > > + Status =3D DeviceRecoveryPpi->GetRecoveryCapsuleInfo ( > > > + (EFI_PEI_SERVICES **)PeiService= s, > > > + DeviceRecoveryPpi, > > > + CapsuleInstance, > > > + &CapsuleSize, > > > + &CapsuleType > > > + ); > > > + DEBUG ((DEBUG_INFO, "LoadCapsuleOnDisk - > > GetRecoveryCapsuleInfo > > > (%d - %x) - %r\n", CapsuleInstance, CapsuleSize, Status)); > > > + if (EFI_ERROR (Status)) { > > > + break; > > > + } > > > + > > > + // > > > + // Allocate the memory so that it gets preserved into DXE. > > > + // Capsule is special because it may need to populate to syst= em table > > > + // > > > + CapsuleBuffer =3D AllocateRuntimePages (EFI_SIZE_TO_PAGES > > > (CapsuleSize)); > > > + > > > + if (CapsuleBuffer =3D=3D NULL) { > > > + DEBUG ((DEBUG_ERROR, "LoadCapsuleOnDisk - > > > + AllocateRuntimePages > > > fail\n")); > > > + continue; > > > + } > > > + > > > + Status =3D DeviceRecoveryPpi->LoadRecoveryCapsule ( > > > + (EFI_PEI_SERVICES **)PeiService= s, > > > + DeviceRecoveryPpi, > > > + CapsuleInstance, > > > + CapsuleBuffer > > > + ); > > > + DEBUG ((DEBUG_INFO, "LoadCapsuleOnDisk - LoadRecoveryCapsule > > > (%d) - %r\n", CapsuleInstance, Status)); > > > + if (EFI_ERROR (Status)) { > > > + FreePages (CapsuleBuffer, EFI_SIZE_TO_PAGES(CapsuleSize)); > > > + break; > > > + } > > > + > > > + // > > > + // Capsule Update Mode, Split relocated Capsule buffer into > > > + different > > > capsule vehical hobs. > > > + // > > > + Status =3D RetrieveRelocatedCapsule(CapsuleBuffer, > > > + CapsuleSize); > > > + > > > + break; > > > + } > > > + > > > + if (EFI_ERROR (Status)) { > > > + REPORT_STATUS_CODE ( > > > + EFI_ERROR_CODE | EFI_ERROR_MAJOR, > > > + (EFI_SOFTWARE_PEI_MODULE | > > > EFI_SW_PEI_EC_NO_RECOVERY_CAPSULE) > > > + ); > > > + } > > > + > > > + return Status; > > > + } > > > + > > > + // > > > + // Any attack against GPT, Relocation Info Variable or temp > > > + relocation file > > > will result in no Capsule HOB and return EFI_NOT_FOUND. > > > + // After flow to DXE phase. since no capsule hob is detected. > > > + Platform will > > > clear Info flag and force restart. > > > + // No volunerability will be exposed // > > > + > > > + return EFI_NOT_FOUND; > > > +} > > > diff --git > > > > > > a/MdeModulePkg/Universal/CapsuleOnDiskLoadPei/CapsuleOnDiskLoadPei. > > > inf > > > > > > b/MdeModulePkg/Universal/CapsuleOnDiskLoadPei/CapsuleOnDiskLoadPei. > > > inf > > > new file mode 100644 > > > index 0000000000..4af07440b7 > > > --- /dev/null > > > +++ > > > > > > b/MdeModulePkg/Universal/CapsuleOnDiskLoadPei/CapsuleOnDiskLoadPei. > > > inf > > > @@ -0,0 +1,64 @@ > > > +## @file > > > +# Load Capsule on Disk module. > > > +# > > > +# Load Capsule On Disk from Root Directory file system. Create CV > > > +hob # based on temporary Capsule On Disk file. > > > +# > > > +# Copyright (c) 2019, Intel Corporation. All rights reserved.
# > > > +# > > > +SPDX-License-Identifier: BSD-2-Clause-Patent # ## > > > + > > > +[Defines] > > > + INF_VERSION =3D 0x00010005 > > > + BASE_NAME =3D CapsuleOnDiskLoadPei > > > + MODULE_UNI_FILE =3D CapsuleOnDiskLoadPei.uni > > > + FILE_GUID =3D 8ADEDF9E-2EC8-40fb-AE56-B76D90= 225D2D > > > + MODULE_TYPE =3D PEIM > > > + VERSION_STRING =3D 1.0 > > > + ENTRY_POINT =3D InitializeCapsuleOnDiskLoad > > > + > > > +# > > > +# The following information is for reference only and not required > > > +by the > > > build tools. > > > +# > > > +# VALID_ARCHITECTURES =3D IA32 X64 EBC > > > +# > > > + > > > +[Sources] > > > + CapsuleOnDiskLoadPei.c > > > + > > > +[Packages] > > > + MdePkg/MdePkg.dec > > > + MdeModulePkg/MdeModulePkg.dec > > > + > > > +[LibraryClasses] > > > + PeimEntryPoint > > > + DebugLib > > > + HobLib > > > + BaseMemoryLib > > > + MemoryAllocationLib > > > + ReportStatusCodeLib > > > + > > > +[Ppis] > > > + gEdkiiPeiCapsuleOnDiskPpiGuid ## PRODUCES > > > + gEfiPeiReadOnlyVariable2PpiGuid ## CONSUMES > > > + gEfiPeiBootInCapsuleOnDiskModePpiGuid ## > SOMETIMES_CONSUMES > > > + gEfiPeiDeviceRecoveryModulePpiGuid ## CONSUMES > > > + gPeiCapsulePpiGuid ## CONSUMES > > > > > > Suggest to use gEfiPeiCapsulePpiGuid here. > > gPeiCapsulePpiGuid is kept for compatibility before PI Version 1.4. > > > > > > > + > > > +[Guids] > > > + gEfiCapsuleVendorGuid ## SOMETIMES_CONSUMES ## > > Variable > > > L"CodRelocationInfo" > > > + > > > +[Pcd] > > > + gEfiMdeModulePkgTokenSpaceGuid.PcdCoDRelocationFileName > > > ## CONSUMES > > > + gEfiMdeModulePkgTokenSpaceGuid.PcdCapsuleMax = ## > > > CONSUMES > > > + > > > +[PcdEx] > > > + gEfiMdeModulePkgTokenSpaceGuid.PcdRecoveryFileName > > ## > > > PRODUCES > > > + > > > +[depex] > > > > > > Minor comment: > > [depex] -> [Depex] > > > > Best Regards, > > Hao Wu > > > > > > > + gEfiPeiBootInCapsuleOnD > > iskModePpiGuid > > > + > > > +[UserExtensions.TianoCore."ExtraFiles"] > > > + CapsuleOnDiskLoadPeiExtra.uni > > > diff --git > > > > > > a/MdeModulePkg/Universal/CapsuleOnDiskLoadPei/CapsuleOnDiskLoadPei. > > > uni > > > > > > b/MdeModulePkg/Universal/CapsuleOnDiskLoadPei/CapsuleOnDiskLoadPei. > > > uni > > > new file mode 100644 > > > index 0000000000..c3eae6a5c2 > > > --- /dev/null > > > +++ > > > > > > b/MdeModulePkg/Universal/CapsuleOnDiskLoadPei/CapsuleOnDiskLoadPei. > > > uni > > > @@ -0,0 +1,15 @@ > > > +// /** @file > > > +// Caspule On Disk Load module. > > > +// > > > +// Load Capsule On Disk and build CV hob. > > > +// > > > +// Copyright (c) 2019, Intel Corporation. All rights reserved.
> > > +// // SPDX-License-Identifier: BSD-2-Clause-Patent // // **/ > > > + > > > + > > > +#string STR_MODULE_ABSTRACT #language en-US "Caspule On > Disk > > > Load module." > > > + > > > +#string STR_MODULE_DESCRIPTION #language en-US "Load > Capsule > > > On Disk and build CV hob." > > > diff --git > > > > > > a/MdeModulePkg/Universal/CapsuleOnDiskLoadPei/CapsuleOnDiskLoadPei > > > Extra.uni > > > > > > b/MdeModulePkg/Universal/CapsuleOnDiskLoadPei/CapsuleOnDiskLoadPei > > > Extra.uni > > > new file mode 100644 > > > index 0000000000..81034f6294 > > > --- /dev/null > > > +++ > > > > > > b/MdeModulePkg/Universal/CapsuleOnDiskLoadPei/CapsuleOnDiskLoadPei > > > Extra.uni > > > @@ -0,0 +1,14 @@ > > > +// /** @file > > > +// CapsuleOnDiskLoadPei Localized Strings and Content // // > > > +Copyright > > > +(c) 2019, Intel Corporation. All rights reserved.
// // > > > +SPDX-License-Identifier: BSD-2-Clause-Patent // // **/ > > > + > > > +#string STR_PROPERTIES_MODULE_NAME > > > +#language en-US > > > +"CapsuleOnDiskLoad PEI Driver" > > > + > > > + > > > -- > > > 2.16.2.windows.1 > > > > > > > > > >=20 >=20 >=20