public inbox for devel@edk2.groups.io
 help / color / mirror / Atom feed
From: "Zhang, Chao B" <chao.b.zhang@intel.com>
To: "Kinney, Michael D" <michael.d.kinney@intel.com>,
	Felix Polyudov <Felixp@ami.com>,
	"devel@edk2.groups.io" <devel@edk2.groups.io>,
	"Xu, Wei6" <wei6.xu@intel.com>
Cc: "Wang, Jian J" <jian.j.wang@intel.com>,
	"Wu, Hao A" <hao.a.wu@intel.com>,
	"Gao, Liming" <liming.gao@intel.com>
Subject: Re: [edk2-devel][Patch v2 0/7] Implement Capsule On Disk.
Date: Thu, 6 Jun 2019 01:23:45 +0000	[thread overview]
Message-ID: <FF72C7E4248F3C4E9BDF19D4918E90F24DECA62D@shsmsx102.ccr.corp.intel.com> (raw)
In-Reply-To: <E92EE9817A31E24EB0585FDF735412F5B9D249E4@ORSMSX113.amr.corp.intel.com>

[-- Attachment #1: Type: text/plain, Size: 8627 bytes --]

Hi Felix:
   We did this design for security consideration.
    For Solution B:

1)      We don't want to introduce PartitionDxe and FatDxe into our trust boundary. It brings in new attack surface

2)      We reuse PEI storage stack as it is simple. But PEI FAT reduced attach surface by only accessing files in RootDir. That is why relocation happens
  For Solution A:

3)      It is considered securer with a smaller attack surface.  Because in Solution B, we may suffer from DMA attack when accessing PEI storage device

  Solution B is still valuable option as some platform may don't have Capsule in RAM support. That is why we provide both solution and leave option to user
We have a WIKI page to describe all cases https://github.com/tianocore/tianocore.github.io/wiki/UEFI-Capsule-on-Disk-Introducation
  Just feel free to ask question if anything is not clear

From: Kinney, Michael D
Sent: Thursday, June 6, 2019 6:37 AM
To: Felix Polyudov <Felixp@ami.com>; devel@edk2.groups.io; Xu, Wei6 <wei6.xu@intel.com>; Kinney, Michael D <michael.d.kinney@intel.com>
Cc: Wang, Jian J <jian.j.wang@intel.com>; Wu, Hao A <hao.a.wu@intel.com>; Gao, Liming <liming.gao@intel.com>; Zhang, Chao B <chao.b.zhang@intel.com>
Subject: RE: [edk2-devel][Patch v2 0/7] Implement Capsule On Disk.

Hi Felix,

For (1), this is a limitation of UEFI Capsule On Disk
for capsules that must be processed before End of DXE.
This solution only work for EFI System Partitions that
can be accessed from PEI.  Platforms that require the
use of a UEFI Driver loaded from a PCI Option ROM to
access the EFI System Partition can not use the UEFI
Capsule On Disk feature.  They must use the UEFI Capsule
In Memory feature.

For (2), in order to access the capsule file in the
UEFI Spec defines location, the FAT PEIM would have to
be extended to support reading files from subdirectories.
The current FAT PEIM only supports reading files from the
root directory.  This is sufficient for reading recovery
images.  In order to minimize the size of complexity of
PEI phase modules, this solution uses the FAT PEIM "as is"
and uses the features of the UEFI FAT driver to move the
Capsule On Disk content into a location that is compatible
with the existing FAT PEIM.

Thanks,

Mike

> -----Original Message-----
> From: Felix Polyudov [mailto:Felixp@ami.com]
> Sent: Wednesday, June 5, 2019 2:53 PM
> To: devel@edk2.groups.io<mailto:devel@edk2.groups.io>; Xu, Wei6 <wei6.xu@intel.com<mailto:wei6.xu@intel.com>>
> Cc: Wang, Jian J <jian.j.wang@intel.com<mailto:jian.j.wang@intel.com>>; Wu, Hao A
> <hao.a.wu@intel.com<mailto:hao.a.wu@intel.com>>; Kinney, Michael D
> <michael.d.kinney@intel.com<mailto:michael.d.kinney@intel.com>>; Gao, Liming
> <liming.gao@intel.com<mailto:liming.gao@intel.com>>; Zhang, Chao B
> <chao.b.zhang@intel.com<mailto:chao.b.zhang@intel.com>>
> Subject: RE: [edk2-devel][Patch v2 0/7] Implement
> Capsule On Disk.
>
> 1. It looks like the implementation processes capsule
> files in PEI.
> According to UEFI specification capsule files are stored
> on the active ESP.
> Not every UEFI boot device can be accessed in PEI.
> For example, RAID connected to the PCI plug in card
> cannot be accessed in PEI.
>
> 2. Solution B) below relocates capsule to "a temp file
> which will be stored in root directory". I think it is
> cleaner to reuse UEFI capsule-on-disk infrastructure and
> keep capsule file in  the dedicated \EFI\UpdateCapsule
> folder (refer to "Delivery of Capsules via file on Mass
> Storage device" section of the UEFI specification).
>
> -----Original Message-----
> From: devel@edk2.groups.io<mailto:devel@edk2.groups.io> [mailto:devel@edk2.groups.io]
> On Behalf Of Xu, Wei6
> Sent: Wednesday, June 05, 2019 11:42 AM
> To: devel@edk2.groups.io<mailto:devel@edk2.groups.io>
> Cc: Jian J Wang; Hao A Wu; Michael D Kinney; Liming Gao;
> Chao B Zhang
> Subject: [edk2-devel][Patch v2 0/7] Implement Capsule On
> Disk.
>
> V2:
> Fix Ecc check failure.
>
> V1:
> BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=1852
>
> This patch set implements Capsule On Disk.
> Depends on whether platform supports Capsule-In-Ram,
> Capsule On Disk feature is composed of 2 solutions:
> Solution A): Load capsules out of TCB, rely on
> UpdateCapsule() runtime service to deliver Capsule-On-
> Disk.
> Solution B): Relocate capsules into a temp file which
> will be stored in root directory on a platform specific
> storage device.
> Leverage existing storage stack in PEI to load all
> capsule on disk images and create capsule hobs for the
> capsules.
> This solution has bigger TCB, but can work without
> Capsule-In-RAM support.
>
>
> Cc: Jian J Wang <jian.j.wang@intel.com<mailto:jian.j.wang@intel.com>>
> Cc: Hao A Wu <hao.a.wu@intel.com<mailto:hao.a.wu@intel.com>>
> Cc: Michael D Kinney <michael.d.kinney@intel.com<mailto:michael.d.kinney@intel.com>>
> Cc: Liming Gao <liming.gao@intel.com<mailto:liming.gao@intel.com>>
> Cc: Chao B Zhang <chao.b.zhang@intel.com<mailto:chao.b.zhang@intel.com>>
>
> xuwei6 (7):
>   MdePkg: Add Pei Boot In CapsuleOnDisk Mode Ppi
> definition.
>   MdeModulePkg: Add Capsule On Disk related definition.
>   MdeModulePkg: Add CapsuleOnDiskLoadPei PEIM.
>   MdeModulePkg/BdsDxe: Support Capsule On Disk.
>   MdeModulePkg/CapsuleRuntimeDxe: Introduce PCD to
> control this feature.
>   MdeModulePkg/DxeIpl: Support Capsule On Disk.
>   MdeModulePkg: Add Capsule On Disk APIs into
> CapsuleLib.
>
>  MdeModulePkg/Core/DxeIplPeim/DxeIpl.h              |
> 3 +-
>  MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf            |
> 20 +-
>  MdeModulePkg/Core/DxeIplPeim/DxeLoad.c             |
> 37 +-
>  MdeModulePkg/Include/Library/CapsuleLib.h          |
> 94 +-
>  MdeModulePkg/Include/Ppi/CapsuleOnDisk.h           |
> 48 +
>  .../Library/DxeCapsuleLibFmp/CapsuleOnDisk.c       |
> 1983 ++++++++++++++++++++
>  .../Library/DxeCapsuleLibFmp/CapsuleOnDisk.h       |
> 63 +
>  .../Library/DxeCapsuleLibFmp/DxeCapsuleLib.c       |
> 56 +-
>  .../Library/DxeCapsuleLibFmp/DxeCapsuleLib.inf     |
> 21 +-
>  .../DxeCapsuleLibFmp/DxeCapsuleProcessLib.c        |
> 121 +-
>  .../Library/DxeCapsuleLibFmp/DxeCapsuleReportLib.c |
> 67 +-
>  .../DxeCapsuleLibFmp/DxeRuntimeCapsuleLib.inf      |
> 3 +-
>  .../Library/DxeCapsuleLibNull/DxeCapsuleLibNull.c  |
> 85 +-
>  MdeModulePkg/MdeModulePkg.dec                      |
> 43 +
>  MdeModulePkg/MdeModulePkg.dsc                      |
> 4 +
>  MdeModulePkg/MdeModulePkg.uni                      |
> 32 +
>  MdeModulePkg/Universal/BdsDxe/BdsDxe.inf           |
> 3 +-
>  MdeModulePkg/Universal/BdsDxe/BdsEntry.c           |
> 6 +-
>  .../CapsuleOnDiskLoadPei/CapsuleOnDiskLoadPei.c    |
> 442 +++++
>  .../CapsuleOnDiskLoadPei/CapsuleOnDiskLoadPei.inf  |
> 64 +
>  .../CapsuleOnDiskLoadPei/CapsuleOnDiskLoadPei.uni  |
> 15 +
>  .../CapsuleOnDiskLoadPeiExtra.uni                  |
> 14 +
>  .../CapsuleRuntimeDxe/CapsuleRuntimeDxe.inf        |
> 1 +
>  .../Universal/CapsuleRuntimeDxe/CapsuleService.c   |
> 10 +-
>  MdePkg/Include/Ppi/BootInRecoveryMode.h            |
> 9 +-
>  MdePkg/MdePkg.dec                                  |
> 3 +
>  26 files changed, 3205 insertions(+), 42 deletions(-)
> create mode 100644
> MdeModulePkg/Include/Ppi/CapsuleOnDisk.h
>  create mode 100644
> MdeModulePkg/Library/DxeCapsuleLibFmp/CapsuleOnDisk.c
>  create mode 100644
> MdeModulePkg/Library/DxeCapsuleLibFmp/CapsuleOnDisk.h
>  create mode 100644
> MdeModulePkg/Universal/CapsuleOnDiskLoadPei/CapsuleOnDis
> kLoadPei.c
>  create mode 100644
> MdeModulePkg/Universal/CapsuleOnDiskLoadPei/CapsuleOnDis
> kLoadPei.inf
>  create mode 100644
> MdeModulePkg/Universal/CapsuleOnDiskLoadPei/CapsuleOnDis
> kLoadPei.uni
>  create mode 100644
> MdeModulePkg/Universal/CapsuleOnDiskLoadPei/CapsuleOnDis
> kLoadPeiExtra.uni
>
> --
> 2.16.2.windows.1
>
>
> 
>
>
> Please consider the environment before printing this
> email.
>
> The information contained in this message may be
> confidential and proprietary to American Megatrends,
> Inc.  This communication is intended to be read only by
> the individual or entity to whom it is addressed or by
> their designee. If the reader of this message is not the
> intended recipient, you are on notice that any
> distribution of this message, in any form, is strictly
> prohibited.  Please promptly notify the sender by reply
> e-mail or by telephone at 770-246-8600, and then delete
> or destroy all copies of the transmission.

[-- Attachment #2: Type: text/html, Size: 29497 bytes --]

  reply	other threads:[~2019-06-06  1:23 UTC|newest]

Thread overview: 33+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-06-05 15:41 [edk2-devel][Patch v2 0/7] Implement Capsule On Disk Xu, Wei6
2019-06-05 15:41 ` [edk2-devel][Patch v2 1/7] MdePkg: Add Pei Boot In CapsuleOnDisk Mode Ppi definition Xu, Wei6
2019-06-05 21:42   ` Felix Polyudov
2019-06-12  7:48   ` Wu, Hao A
2019-06-12  8:28     ` Liming Gao
2019-06-05 15:41 ` [edk2-devel][Patch v2 2/7] MdeModulePkg: Add Capsule On Disk related definition Xu, Wei6
2019-06-12  7:48   ` Wu, Hao A
2019-06-12  8:43     ` Xu, Wei6
2019-06-05 15:41 ` [edk2-devel][Patch v2 3/7] MdeModulePkg: Add CapsuleOnDiskLoadPei PEIM Xu, Wei6
2019-06-12  7:49   ` Wu, Hao A
2019-06-19  8:40     ` Xu, Wei6
2019-06-19  8:59       ` Ni, Ray
2019-06-20  0:59         ` Wu, Hao A
2019-06-05 15:42 ` [edk2-devel][Patch v2 4/7] MdeModulePkg/BdsDxe: Support Capsule On Disk Xu, Wei6
2019-06-05 15:42 ` [edk2-devel][Patch v2 5/7] MdeModulePkg/CapsuleRuntimeDxe: Introduce PCD to control this feature Xu, Wei6
2019-06-12  7:49   ` Wu, Hao A
2019-06-19  0:41     ` Zhang, Chao B
2019-06-19  0:59       ` Wu, Hao A
2019-06-19  1:13         ` Zhang, Chao B
2019-06-19  2:22           ` Wu, Hao A
2019-06-05 15:42 ` [edk2-devel][Patch v2 6/7] MdeModulePkg/DxeIpl: Support Capsule On Disk Xu, Wei6
2019-06-12  7:49   ` Wu, Hao A
2019-06-05 15:42 ` [edk2-devel][Patch v2 7/7] MdeModulePkg: Add Capsule On Disk APIs into CapsuleLib Xu, Wei6
2019-06-12  7:49   ` Wu, Hao A
2019-06-19  7:55     ` Xu, Wei6
2019-06-19  8:16       ` Wu, Hao A
2019-06-19  8:19         ` Wu, Hao A
2019-06-19  8:23           ` Xu, Wei6
2019-06-05 21:53 ` [edk2-devel][Patch v2 0/7] Implement Capsule On Disk Felix Polyudov
2019-06-05 22:36   ` Michael D Kinney
2019-06-06  1:23     ` Zhang, Chao B [this message]
2019-06-12  7:47 ` Wu, Hao A
2019-06-12  8:13   ` Zhang, Chao B

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-list from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=FF72C7E4248F3C4E9BDF19D4918E90F24DECA62D@shsmsx102.ccr.corp.intel.com \
    --to=devel@edk2.groups.io \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox