From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mga02.intel.com (mga02.intel.com [134.134.136.20]) (using TLSv1 with cipher CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id D8CA01A1E8E for ; Tue, 11 Oct 2016 07:13:31 -0700 (PDT) Received: from fmsmga001.fm.intel.com ([10.253.24.23]) by orsmga101.jf.intel.com with ESMTP; 11 Oct 2016 07:13:31 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.31,329,1473145200"; d="scan'208,217";a="1052332911" Received: from fmsmsx106.amr.corp.intel.com ([10.18.124.204]) by fmsmga001.fm.intel.com with ESMTP; 11 Oct 2016 07:13:31 -0700 Received: from fmsmsx154.amr.corp.intel.com (10.18.116.70) by FMSMSX106.amr.corp.intel.com (10.18.124.204) with Microsoft SMTP Server (TLS) id 14.3.248.2; Tue, 11 Oct 2016 07:13:30 -0700 Received: from shsmsx104.ccr.corp.intel.com (10.239.4.70) by FMSMSX154.amr.corp.intel.com (10.18.116.70) with Microsoft SMTP Server (TLS) id 14.3.248.2; Tue, 11 Oct 2016 07:13:30 -0700 Received: from shsmsx102.ccr.corp.intel.com ([169.254.2.15]) by SHSMSX104.ccr.corp.intel.com ([169.254.5.101]) with mapi id 14.03.0248.002; Tue, 11 Oct 2016 22:13:28 +0800 From: "Yao, Jiewen" To: Sean Brogan , "edk2-devel@lists.01.org" CC: "Kinney, Michael D" , "Tian, Feng" , "Zhang, Chao B" , "Gao, Liming" , "Zeng, Star" Thread-Topic: [edk2] [PATCH V2 06/50] MdeModulePkg/CapsuleLib: Add ProcessCapsules() API. Thread-Index: AQHSGxVaEdExuEN6skmAhn/B2xszJqCjDXGAgABNzHA= Date: Tue, 11 Oct 2016 14:13:27 +0000 Message-ID: <74D8A39837DF1E4DA445A8C0B3885C50386A1400@shsmsx102.ccr.corp.intel.com> References: <1475238128-22448-1-git-send-email-jiewen.yao@intel.com> <1475238128-22448-7-git-send-email-jiewen.yao@intel.com> In-Reply-To: Accept-Language: zh-CN, en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [10.239.127.40] MIME-Version: 1.0 X-Content-Filtered-By: Mailman/MimeDel 2.1.21 Subject: Re: [PATCH V2 06/50] MdeModulePkg/CapsuleLib: Add ProcessCapsules() API. X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 11 Oct 2016 14:13:32 -0000 Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable HI Sean We choose to process capsule twice purposely - for security consideration, = as I mentioned in the comment section. We did design review in detail in Intel technical sync meeting. And it is a= greed by Mike Kinney and Vincent Zimmer. To resolve your concern: 1) For example windows capsule update will stage multiple capsules at = once. If it mixes capsules from both stages and you use memory to preserve= capsule contents you will lose your non system capsule because of the rebo= ot. [Jiewen] That is good feedback. I think we can hold the reset request in first process and defer that to se= cond process. 2) For capsules that are not FMP or update capsules but capsules being= requested to be put in the system table you will still need to process the= m even though the boot mode should not be BOOT_ON_FLASH_UPDATE. [Jiewen] In current EDKII, as long as there is in capsule, the platform set= s BOOT_ON_FLASH_UPDATE. That is done before my patch, I believe. Of course we can do enhancement to always check capsule_hob, no matter what= boot mode is. But it is not related to process capsule twice. Thank you Yao Jiewen From: Sean Brogan [mailto:sean.brogan@microsoft.com] Sent: Tuesday, October 11, 2016 5:33 PM To: Yao, Jiewen ; edk2-devel@lists.01.org Cc: Kinney, Michael D ; Tian, Feng ; Zhang, Chao B ; Gao, Liming ; Zeng, Star Subject: RE: [edk2] [PATCH V2 06/50] MdeModulePkg/CapsuleLib: Add ProcessCa= psules() API. Comment about calling ProcessCapsules twice will break in some scenarios. = For example windows capsule update will stage multiple capsules at once. I= f it mixes capsules from both stages and you use memory to preserve capsule= contents you will lose your non system capsule because of the reboot. 2nd - For capsules that are not FMP or update capsules but capsules being r= equested to be put in the system table you will still need to process them = even though the boot mode should not be BOOT_ON_FLASH_UPDATE. Thanks Sean > -----Original Message----- > From: edk2-devel [mailto:edk2-devel-bounces@lists.01.org] On Behalf Of > Jiewen Yao > Sent: Friday, September 30, 2016 5:21 AM > To: edk2-devel@lists.01.org > Cc: Michael D Kinney >; Feng Tian > >; Chao Zhang >; Liming Gao > >; Star Zeng > > Subject: [edk2] [PATCH V2 06/50] MdeModulePkg/CapsuleLib: Add > ProcessCapsules() API. > > ProcessCapsules() API can be used by platform BDS to process all capsules= . > > Cc: Feng Tian > > Cc: Star Zeng > > Cc: Michael D Kinney > > Cc: Liming Gao > > Cc: Chao Zhang > > Contributed-under: TianoCore Contribution Agreement 1.0 > Signed-off-by: Jiewen Yao > > Reviewed-by: Liming Gao > > --- > MdeModulePkg/Include/Library/CapsuleLib.h | 45 ++++++++++++++++++-- > 1 file changed, 42 insertions(+), 3 deletions(-) > > diff --git a/MdeModulePkg/Include/Library/CapsuleLib.h > b/MdeModulePkg/Include/Library/CapsuleLib.h > index 487cb0f..659c077 100644 > --- a/MdeModulePkg/Include/Library/CapsuleLib.h > +++ b/MdeModulePkg/Include/Library/CapsuleLib.h > @@ -2,7 +2,7 @@ > > This library class defines a set of interfaces for how to process caps= ule image > updates. > > -Copyright (c) 2007 - 2010, Intel Corporation. All rights reserved.
> +Copyright (c) 2007 - 2016, Intel Corporation. All rights reserved.
> This program and the accompanying materials are licensed and made availa= ble > under the terms and conditions of the BSD License that accompanies this > distribution. > The full text of the license may be found at @@ -20,7 +20,9 @@ WITHOUT > WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR > IMPLIED. > The firmware checks whether the capsule image is supported > by the CapsuleGuid in CapsuleHeader or if there is other specific info= rmation > in > the capsule image. > - > + > + Caution: This function may receive untrusted input. > + > @param CapsuleHeader Pointer to the UEFI capsule image to be check= ed. > > @retval EFI_SUCESS Input capsule is supported by firmware. > @@ -35,7 +37,9 @@ SupportCapsuleImage ( > /** > The firmware-specific implementation processes the capsule image > if it recognized the format of this capsule image. > - > + > + Caution: This function may receive untrusted input. > + > @param CapsuleHeader Pointer to the UEFI capsule image to be proce= ssed. > > @retval EFI_SUCESS Capsule Image processed successfully. > @@ -47,4 +51,39 @@ ProcessCapsuleImage ( > IN EFI_CAPSULE_HEADER *CapsuleHeader > ); > > +/** > + > + This routine is called to process capsules. > + > + Caution: This function may receive untrusted input. > + > + If the current boot mode is NOT BOOT_ON_FLASH_UPDATE, this routine doe= s > nothing. > + If the current boot mode is BOOT_ON_FLASH_UPDATE, the capsules > + reported in EFI_HOB_UEFI_CAPSULE are processed. If there is no > + EFI_HOB_UEFI_CAPSULE, this routine does nothing. > + > + This routine should be called twice in BDS. > + 1) The first call must be before EndOfDxe. The system capsules is proc= essed. > + If device capsule FMP protocols are exposted at this time, the devi= ce > + capsules are processed. > + Each individual capsule result is recorded in capsule record variab= le. > + System may reset in this function, if reset is required by capsule. > + > + 2) The second call must be after EndOfDxe and after ConnectAll, so tha= t all > + device capsule FMP protocols are exposed. > + The system capsules are skipped. If the device capsules are NOT pro= cessed > + in first call, they are processed here. > + Each individual capsule result is recorded in capsule record variab= le. > + System may reset in this function, if reset is required by capsule. > + > + @retval EFI_SUCCESS There is no error when processing caps= ules. > + @retval EFI_OUT_OF_RESOURCES No enough resource to process capsules= . > + > +**/ > +EFI_STATUS > +EFIAPI > +ProcessCapsules( > + VOID > + ); > + > #endif > -- > 2.7.4.windows.1 > > _______________________________________________ > edk2-devel mailing list > edk2-devel@lists.01.org > https://lists.01.org/mailman/listinfo/edk2-devel