From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from NAM04-BN8-obe.outbound.protection.outlook.com (NAM04-BN8-obe.outbound.protection.outlook.com [40.92.47.96]) by mx.groups.io with SMTP id smtpd.web10.451.1602796316393089526 for ; Thu, 15 Oct 2020 14:11:56 -0700 Authentication-Results: mx.groups.io; dkim=fail reason="body hash did not verify" header.i=@outlook.com header.s=selector1 header.b=YwjiaojB; spf=pass (domain: outlook.com, ip: 40.92.47.96, mailfrom: michael.kubacki@outlook.com) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Wei5h41V14xbmoNpLLuW8SjY/zfuamGpwj7XEb1DSJ0OblZC0neN4Bx2F8rGxr6WBNEVeXj5yphCqpHohGVkj/BwivYiQsq2zARfwnE3Rwp7Miy3YrjsdPYFwuYpYOYL+y8nHbxnUOtArmF6CI7mfJjvpedX4IwL0qHLEXcdO5ibd1M+cCWeGSPp2XY0Jsks23R8LyCcar8DkuTfC2M08NgL1mz0v5JB+3N0DMy6hBXvT0XMJl3nHSG2dd6nl2e4nPCHpwwihJUcMXB/ECgx1yuI8s+D61DZ6qDT8oR6orgim2e7ck6kWVXproj7+u1tVfk5/C/tOq7TMy/XtF/fVA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=IH0NAUptXZDFqu30MrOP9pkpfxl4/A3A41R5vGMTlwI=; b=J9tC9AhFWuQD8bjU6E9ugapHDZyBoUYZoZUrM7o9ZlAf9XaCcLfLGuhqbGqDOrFpKGDf+MHD9tWA5hgtbCyGeqYp69k3e647h9EvVZf5qM55VeoVQEqLPVoZhcp3iIVpdrbkVC+yXYlNInlz3QcE2Gz5wMIfE8Eo7iLs+rgs1ThgQB9y+TiUXDs/57hIBL/ux0XnnsztKlit6QcD6jPwWseenjQ+u7exueiSl3RdDpUNL0HZajaLE+3HPWNtxRASLK6x/3boRpk1cIL7wYJV9RcYZe5GaPkAADmqGu5nMEA4M+QLXFDm3mI6IsL+7Nvmn2chYh5xZD03GnqWjk3Ckg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none; dkim=none; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=outlook.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=IH0NAUptXZDFqu30MrOP9pkpfxl4/A3A41R5vGMTlwI=; b=YwjiaojBv0OyQgqmeyhNrmPe8LNSfQQmADjCDH+EBCh2GvzikiCAXsvhYaErtntb+DUaqtlhFPt0W9Z5SgIk2QTbK5IhzH4KgD+dfsnx+eaV2/rV6Ct3eHVXOlV3wntHcBUfZW6uALfkDqu1NaROTf4LB7dTuuDXfB9yR1YDFezjnr1ugl+sTrJCH5SVzsAw1TViy/XJUHKiRd6k6J6Jc1fFBBNEO1E/WDr6wYujjPnzgwinX/HlTJpKlyZ5bNaBDyylc83El85sOWyStdphXQ8E+MIpkk9qXYHgpCsBTf+KLMxwexbLFti0740nVJVyOB8sU8Suxvl8gL4vSCsTfg== Received: from DM6NAM04FT027.eop-NAM04.prod.protection.outlook.com (2a01:111:e400:7ea3::42) by DM6NAM04HT158.eop-NAM04.prod.protection.outlook.com (2a01:111:e400:7ea3::399) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3455.27; Thu, 15 Oct 2020 21:11:55 +0000 Received: from MWHPR07MB3440.namprd07.prod.outlook.com (2a01:111:e400:7ea3::53) by DM6NAM04FT027.mail.protection.outlook.com (2a01:111:e400:7ea3::334) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3455.27 via Frontend Transport; Thu, 15 Oct 2020 21:11:55 +0000 X-IncomingTopHeaderMarker: OriginalChecksum:BC3FA6343EB4B7151B542A6553C71369A9D214C833578131A7FE12FB6A9D1219;UpperCasedChecksum:7D5875F44B5F1C17E2BF6A37D118E2B6ABEC6BF6CC859F5325D56042B61F6FCB;SizeAsReceived:7547;Count:45 Received: from MWHPR07MB3440.namprd07.prod.outlook.com ([fe80::858f:bd50:1b65:e803]) by MWHPR07MB3440.namprd07.prod.outlook.com ([fe80::858f:bd50:1b65:e803%7]) with mapi id 15.20.3455.031; Thu, 15 Oct 2020 21:11:55 +0000 From: "Michael Kubacki" To: devel@edk2.groups.io CC: Liming Gao , Michael D Kinney , Guomin Jiang , Wei6 Xu , Zhiguang Liu Subject: [PATCH v5 0/6] Extend Last Attempt Status Usage Date: Thu, 15 Oct 2020 14:11:15 -0700 Message-ID: X-Mailer: git-send-email 2.28.0.windows.1 X-TMN: [xodgNviMkNo3bLmHtQUVVNv7VhyOItHBwmuZ2DNQ7fli2cGHT/sSNzrV98XhRJur] X-ClientProxiedBy: MWHPR22CA0029.namprd22.prod.outlook.com (2603:10b6:300:69::15) To MWHPR07MB3440.namprd07.prod.outlook.com (2603:10b6:301:69::28) Return-Path: michael.kubacki@outlook.com X-Microsoft-Original-Message-ID: <20201015211121.1927-1-michael.kubacki@outlook.com> MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from localhost.localdomain (2001:4898:80e8:8:d168:ab8a:5f17:7fc6) by MWHPR22CA0029.namprd22.prod.outlook.com (2603:10b6:300:69::15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3477.20 via Frontend Transport; Thu, 15 Oct 2020 21:11:54 +0000 X-MS-PublicTrafficType: Email X-IncomingHeaderCount: 45 X-EOPAttributedMessage: 0 X-MS-Office365-Filtering-Correlation-Id: b0c4d723-43fe-461a-09cc-08d8714ef1b1 X-MS-TrafficTypeDiagnostic: DM6NAM04HT158: X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: OpWA11i6FluoEhxIgEonHLzjsnB3e0rzlfJMxeY82LQkt96OuK6cVU4bR50ANA0twwOM9hzJnQ+YHXiTI8te75VAdRunXJqZt/CGJ4op3rxdOtYOe82TlSDVgRO4iWHg62/DZwTIMYXKXohwFwmqXL2wwMYZALI0c35/duoCOYfIShNmAtVjbO+1TiQlMNM++4ftsZavlPhI8EGC8dn6QbSm7yGoVGEYtfCYyYXu4zw+ekVgQ5LEm7IAORbU7xmN X-MS-Exchange-AntiSpam-MessageData: NEcD4tDn4Ast6KWYT6Sc2UdLQjHUFRk1ufUpiFtDGziv8zjHgSv1+pTdJC+W4hceO8M2dcvyR2k5xehxTY1y7Vh4vjb5WdOL3g6T6VSL1G4jUwEzhpEaFUoXXGnWrjppCO38zIOkehWdTqBZNXijqt9BUalbInmoq7XiUDNSLKVdnDWxJr6Aq4usOfIM8D8ESoKu/C/SxiAJ9q45XT9r0A== X-OriginatorOrg: outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: b0c4d723-43fe-461a-09cc-08d8714ef1b1 X-MS-Exchange-CrossTenant-OriginalArrivalTime: 15 Oct 2020 21:11:55.1603 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa X-MS-Exchange-CrossTenant-AuthSource: DM6NAM04FT027.eop-NAM04.prod.protection.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: Internet X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 00000000-0000-0000-0000-000000000000 X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6NAM04HT158 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain From: Michael Kubacki REF:https://bugzilla.tianocore.org/show_bug.cgi?id=3D2802 This patch series adds more granularity to Last Attempt Status codes reported during FMP check image and set image operations that greatly improve precision of the status codes. The unsuccessful vendor range (0x1000 - 0x4000) was introduced in UEFI Specification 2.8. At a high-level, two subranges are defined within that range in this patch series: 1. The FMP Reserved range - reserved for components implemented in FmpDevicePkg. 2. The FMP Device Library Reserved range - reserved for FmpDeviceLib instance-specific usage. The ranges are described in a public header file LastAttemptStatus.h while the specific codes used within FmpDevicePkg implementation are defined in a private header file FmpLastAttemptStatus.h. FmpDeviceLib instances should use the range definition from the public header file to define Last Attempt Status codes local to their library instance. Of note, there's multiple approaches to assigning private status codes in the FMP Reserved range. For example, individual components could define their last attempt status codes locally with the range allocated to the component defined in a package-wide private header file. However, one goal of the granularity being introduced is to provide straightforward traceability to an error source. For that reason, it was chosen to define a constant set of codes at the package level in FmpLastAttemptStatus.h. For example, if a new FmpDependencyLib instance is added, it would not be able to reassign status code values in the pre-existing FMP Dependency range; it would reuse codes for the same error source and be able to add new codes onto the range for its usage. V5 changes: 1. Fixed an issue where LAST_ATTEMPT_STATUS_DRIVER_ERROR_INVALID_CERTIFICATE is changed to LAST_ATTEMPT_STATUS_DRIVER_ERROR_IMAGE_AUTH_FAILURE in the logic to return the last attempt status code in CheckTheImageInternal(). V4 changes: 1. Simplified range value definitions in LastAttemptStatus.h. Directly assign the values in the macro definition instead of using calculations. 2. Adjusted range sizes to leave more room for future expansion. OLD: START | END | Usage ------------------------------------------------| 0x1000 | 0x1FFF | FmpDevicePkg | 0x1000 | 0x107F | FmpDxe driver | 0x1080 | 0x109F | FMP dependency Libs | 0x2000 | 0x3FFF | FmpDeviceLib instances | NEW: START | END | Usage ----------------------------------------------------------------| 0x1000 | 0x17FF | FmpDevicePkg | 0x1000 | 0x107F | FmpDxe driver | 0x1080 | 0x109F | FmpDependencyLib | 0x10A0 | 0x10BF | FmpDependencyCheckLib | 0x10C0 | 0x17FF | Unused. Available for future expansion. | 0x1800 | 0x1FFF | FmpDeviceLib instances implementation | 0x2000 | 0x3FFF | Unused. Available for future expansion. | 3. Broke the single range in v3 for FMP Dependency libraries into separate ranges. 4. Clarified LastAttemptStatus return values in each function description. 5. Returned an expected LastAttemptStatus value for some functions that previously did not return a value. 6. Reverted changes in FmpDxe to call the new FmpDeviceLib APIs for FmpDeviceCheckImage () and FmpDeviceSetImage (). These will be added in a future series after impacted platforms in edk2-platforms are updated to use the new APIs. 7. Instead of directly changing the pre-existing APIs in FmpDeviceLib to add a LastAttemptStatus parameter, the new functions were added to the library interface: * FmpDeviceCheckImageWithStatus () * FmpDeviceSetImageWithStatus () V3 changes: 1. Enhanced range definitions in LastAttemptStatus.h with more completeness providing length, min, and max values. 2. Moved the actual Last Attempt Status code assignments to a private header file PrivateInclude/FmpLastAttemptStatus.h. 3. Changed the value of LAST_ATTEMPT_STATUS_ERROR_UNSUCCESSFUL_VENDOR_RANGE_MAX to 0x3FFF instead of 0x4000 even though 0x4000 is defined in the UEFI specification. The length is 0x4000 but the max allowed value should be 0x3FFF. This change was made now to prevent implementation compatibility issues in the future. 4. Included "DEVICE" in the following macro name to clearly associate it with the FmpDeviceLib library class: LAST_ATTEMPT_STATUS_DEVICE_LIBRARY_ERROR_xxx 5. Included a map to help the reader better visualize the range definitions in LastAttemptStatus.h. 6. Included additional documentation describing the enum in FmpLastAttemptStatus.h. An explicit statement stating that new codes should be added onto the end of ranges to preserve the values was added. 7. Simplified error handling logic in FmpDxe for FmpDeviceLib calls that return Last Attempt Status. 8. V2 had a single memory allocation failure code used for different memory allocations in CheckFmpDependency () in FmpDependencyLib. Each potential allocation failure was assigned a unique code. V2 changes: 1. Consolidate all previous incremental updates to=20 LastAttemptStatus.h into one patch (patch 2) 2. Move LastAttemptStatus.h from Include to PrivateInclude 3. Correct patch 1 subject from "FmpDevicePkg" to "MdePkg" Cc: Liming Gao Cc: Michael D Kinney Cc: Guomin Jiang Cc: Wei6 Xu Cc: Zhiguang Liu Signed-off-by: Michael Kubacki Michael Kubacki (6): MdePkg/SystemResourceTable.h: Add vendor range values FmpDevicePkg: Add Last Attempt Status header files FmpDevicePkg/FmpDxe: Add check image path Last Attempt Status capability FmpDevicePkg/FmpDxe: Improve set image path Last Attempt Status granularity FmpDevicePkg: Add Last Attempt Status support to dependency libs FmpDevicePkg/FmpDeviceLib: Add Last Attempt Status to Check/Set API FmpDevicePkg/FmpDxe/FmpDxe.c = | 146 +++++++++++++++++--- FmpDevicePkg/Library/FmpDependencyCheckLib/FmpDependencyCheckLib.c = | 39 ++++-- FmpDevicePkg/Library/FmpDependencyCheckLibNull/FmpDependencyCheckLibNull.c= | 14 +- FmpDevicePkg/Library/FmpDependencyLib/FmpDependencyLib.c = | 93 +++++++++++-- FmpDevicePkg/Library/FmpDeviceLibNull/FmpDeviceLib.c = | 132 +++++++++++++++++- FmpDevicePkg/Test/UnitTest/Library/FmpDependencyLib/EvaluateDependencyUnit= Test.c | 7 +- FmpDevicePkg/FmpDxe/FmpDxe.h = | 4 +- FmpDevicePkg/Include/LastAttemptStatus.h = | 81 +++++++++++ FmpDevicePkg/Include/Library/FmpDependencyCheckLib.h = | 8 +- FmpDevicePkg/Include/Library/FmpDependencyLib.h = | 44 ++++-- FmpDevicePkg/Include/Library/FmpDeviceLib.h = | 121 +++++++++++++++- FmpDevicePkg/PrivateInclude/FmpLastAttemptStatus.h = | 81 +++++++++++ MdePkg/Include/Guid/SystemResourceTable.h = | 13 ++ 13 files changed, 718 insertions(+), 65 deletions(-) create mode 100644 FmpDevicePkg/Include/LastAttemptStatus.h create mode 100644 FmpDevicePkg/PrivateInclude/FmpLastAttemptStatus.h --=20 2.28.0.windows.1