From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received-SPF: Pass (sender SPF authorized) identity=mailfrom; client-ip=134.134.136.20; helo=mga02.intel.com; envelope-from=jiewen.yao@intel.com; receiver=edk2-devel@lists.01.org Received: from mga02.intel.com (mga02.intel.com [134.134.136.20]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 75B28222DE135 for ; Wed, 7 Feb 2018 16:12:01 -0800 (PST) X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga004.fm.intel.com ([10.253.24.48]) by orsmga101.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 07 Feb 2018 16:17:45 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.46,476,1511856000"; d="scan'208";a="28272039" Received: from fmsmsx105.amr.corp.intel.com ([10.18.124.203]) by fmsmga004.fm.intel.com with ESMTP; 07 Feb 2018 16:17:45 -0800 Received: from fmsmsx116.amr.corp.intel.com (10.18.116.20) by FMSMSX105.amr.corp.intel.com (10.18.124.203) with Microsoft SMTP Server (TLS) id 14.3.319.2; Wed, 7 Feb 2018 16:17:45 -0800 Received: from shsmsx103.ccr.corp.intel.com (10.239.4.69) by fmsmsx116.amr.corp.intel.com (10.18.116.20) with Microsoft SMTP Server (TLS) id 14.3.319.2; Wed, 7 Feb 2018 16:17:44 -0800 Received: from shsmsx102.ccr.corp.intel.com ([169.254.2.124]) by SHSMSX103.ccr.corp.intel.com ([169.254.4.116]) with mapi id 14.03.0319.002; Thu, 8 Feb 2018 08:17:43 +0800 From: "Yao, Jiewen" To: "Kinney, Michael D" , "edk2-devel@lists.01.org" CC: "Zeng, Star" , "Dong, Eric" Thread-Topic: [Patch] MdeModulePkg/DxeCapsuleLibFmp: Verify nested capsule with FMP Thread-Index: AQHToERuRHU/bOeOJ0OIbwBx/jVT9qOZo+Rw Date: Thu, 8 Feb 2018 00:17:42 +0000 Message-ID: <74D8A39837DF1E4DA445A8C0B3885C503AABC058@shsmsx102.ccr.corp.intel.com> References: <20180207184943.20324-1-michael.d.kinney@intel.com> In-Reply-To: <20180207184943.20324-1-michael.d.kinney@intel.com> Accept-Language: zh-CN, en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-titus-metadata-40: eyJDYXRlZ29yeUxhYmVscyI6IiIsIk1ldGFkYXRhIjp7Im5zIjoiaHR0cDpcL1wvd3d3LnRpdHVzLmNvbVwvbnNcL0ludGVsMyIsImlkIjoiNzZkYWY5NzAtOWZjMS00MzA5LTg1OTUtYTBlN2JiMmMzOTdjIiwicHJvcHMiOlt7Im4iOiJDVFBDbGFzc2lmaWNhdGlvbiIsInZhbHMiOlt7InZhbHVlIjoiQ1RQX05UIn1dfV19LCJTdWJqZWN0TGFiZWxzIjpbXSwiVE1DVmVyc2lvbiI6IjE3LjIuNS4xOCIsIlRydXN0ZWRMYWJlbEhhc2giOiJSQXd5NTRqNE5JRU81NnJ4VFBhVG4zbjZUZ1VCNjBpSlNEbW9CcFlzejdkY0tqbXp2bmkzdEF1SWxvQ2N6dHp0In0= x-ctpclassification: CTP_NT dlp-product: dlpe-windows dlp-version: 11.0.0.116 dlp-reaction: no-action x-originating-ip: [10.239.127.40] MIME-Version: 1.0 Subject: Re: [Patch] MdeModulePkg/DxeCapsuleLibFmp: Verify nested capsule with FMP X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 08 Feb 2018 00:12:01 -0000 Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Reviewed-by: Jiewen.yao@intel.com > -----Original Message----- > From: Kinney, Michael D > Sent: Thursday, February 8, 2018 2:50 AM > To: edk2-devel@lists.01.org > Cc: Yao, Jiewen ; Zeng, Star ; > Dong, Eric ; Kinney, Michael D > > Subject: [Patch] MdeModulePkg/DxeCapsuleLibFmp: Verify nested capsule wit= h > FMP >=20 > https://bugzilla.tianocore.org/show_bug.cgi?id=3D873 >=20 > Update IsNestedFmpCapsule() to verify the CapsuleGuid in > the CapsuleHeader against the installed Firmware Management > Protocol instances. The current logic that uses the ESRT > Table does not work because capsules are processed before > the ESRT Table is published at the Ready To Boot event. >=20 > Cc: Jiewen Yao > Cc: Star Zeng > Cc: Eric Dong > Contributed-under: TianoCore Contribution Agreement 1.1 > Signed-off-by: Michael D Kinney > --- > .../Library/DxeCapsuleLibFmp/DxeCapsuleLib.c | 27 > ++++++++++++---------- > .../Library/DxeCapsuleLibFmp/DxeCapsuleLib.inf | 3 +-- > 2 files changed, 16 insertions(+), 14 deletions(-) >=20 > diff --git a/MdeModulePkg/Library/DxeCapsuleLibFmp/DxeCapsuleLib.c > b/MdeModulePkg/Library/DxeCapsuleLibFmp/DxeCapsuleLib.c > index 2f397789b5..87e1deec03 100644 > --- a/MdeModulePkg/Library/DxeCapsuleLibFmp/DxeCapsuleLib.c > +++ b/MdeModulePkg/Library/DxeCapsuleLibFmp/DxeCapsuleLib.c > @@ -10,7 +10,7 @@ > ValidateFmpCapsule(), DisplayCapsuleImage(), ConvertBmpToGopBlt() will > receive untrusted input and do basic validation. >=20 > - Copyright (c) 2016 - 2017, Intel Corporation. All rights reserved.
> + Copyright (c) 2016 - 2018, Intel Corporation. All rights reserved.
> This program and the accompanying materials > are licensed and made available under the terms and conditions of the = BSD > License > which accompanies this distribution. The full text of the license may= be > found at > @@ -1446,7 +1446,6 @@ IsNestedFmpCapsule ( > ) > { > EFI_STATUS Status; > - EFI_SYSTEM_RESOURCE_TABLE *Esrt; > EFI_SYSTEM_RESOURCE_ENTRY *EsrtEntry; > UINTN Index; > BOOLEAN EsrtGuidFound; > @@ -1454,6 +1453,8 @@ IsNestedFmpCapsule ( > UINTN NestedCapsuleSize; > ESRT_MANAGEMENT_PROTOCOL *EsrtProtocol; > EFI_SYSTEM_RESOURCE_ENTRY Entry; > + EFI_HANDLE *HandleBuffer; > + UINTN NumberOfHandles; >=20 > EsrtGuidFound =3D FALSE; > if (mIsVirtualAddrConverted) { > @@ -1479,19 +1480,21 @@ IsNestedFmpCapsule ( > } >=20 > // > - // Check ESRT configuration table > + // Check Firmware Management Protocols > // > if (!EsrtGuidFound) { > - Status =3D EfiGetSystemConfigurationTable(&gEfiSystemResourceTable= Guid, > (VOID **)&Esrt); > + HandleBuffer =3D NULL; > + Status =3D GetFmpHandleBufferByType ( > + &CapsuleHeader->CapsuleGuid, > + 0, > + &NumberOfHandles, > + &HandleBuffer > + ); > if (!EFI_ERROR(Status)) { > - ASSERT (Esrt !=3D NULL); > - EsrtEntry =3D (VOID *)(Esrt + 1); > - for (Index =3D 0; Index < Esrt->FwResourceCount; Index++, EsrtEn= try++) > { > - if (CompareGuid(&EsrtEntry->FwClass, > &CapsuleHeader->CapsuleGuid)) { > - EsrtGuidFound =3D TRUE; > - break; > - } > - } > + EsrtGuidFound =3D TRUE; > + } > + if (HandleBuffer !=3D NULL) { > + FreePool (HandleBuffer); > } > } > } > diff --git a/MdeModulePkg/Library/DxeCapsuleLibFmp/DxeCapsuleLib.inf > b/MdeModulePkg/Library/DxeCapsuleLibFmp/DxeCapsuleLib.inf > index a7c36993c4..90edc52ee0 100644 > --- a/MdeModulePkg/Library/DxeCapsuleLibFmp/DxeCapsuleLib.inf > +++ b/MdeModulePkg/Library/DxeCapsuleLibFmp/DxeCapsuleLib.inf > @@ -3,7 +3,7 @@ > # > # Capsule library instance for DXE_DRIVER module types. > # > -# Copyright (c) 2016 - 2017, Intel Corporation. All rights reserved. > +# Copyright (c) 2016 - 2018, Intel Corporation. All rights reserved. > # This program and the accompanying materials > # are licensed and made available under the terms and conditions of the= BSD > License > # which accompanies this distribution. The full text of the license ma= y be > found at > @@ -72,7 +72,6 @@ > [Guids] > gEfiFmpCapsuleGuid ## SOMETIMES_CONSUMES > ## GUID > gWindowsUxCapsuleGuid ## SOMETIMES_CONSUMES > ## GUID > - gEfiSystemResourceTableGuid ## SOMETIMES_CONSUMES ## > GUID > ## SOMETIMES_CONSUMES ## Variable:L"CapsuleMax" > ## SOMETIMES_PRODUCES ## Variable:L"CapsuleMax" > gEfiCapsuleReportGuid > -- > 2.14.2.windows.3