1 /** @file
2   Capsule Runtime Driver produces two UEFI capsule runtime services.
3   (UpdateCapsule, QueryCapsuleCapabilities)
4   It installs the Capsule Architectural Protocol defined in PI1.0a to signify
5   the capsule runtime services are ready.
6 
7 Copyright (c) 2006 - 2015, Intel Corporation. All rights reserved.<BR>
8 This program and the accompanying materials
9 are licensed and made available under the terms and conditions of the BSD License
10 which accompanies this distribution.  The full text of the license may be found at
11 http://opensource.org/licenses/bsd-license.php
12 
13 THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
14 WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
15 
16 **/
17 
18 #include <Uefi.h>
19 
20 #include <Protocol/Capsule.h>
21 #include <Guid/CapsuleVendor.h>
22 #include <Guid/FmpCapsule.h>
23 
24 #include <Library/DebugLib.h>
25 #include <Library/PcdLib.h>
26 #include <Library/CapsuleLib.h>
27 #include <Library/UefiDriverEntryPoint.h>
28 #include <Library/UefiBootServicesTableLib.h>
29 #include <Library/UefiRuntimeServicesTableLib.h>
30 #include <Library/UefiRuntimeLib.h>
31 #include <Library/BaseLib.h>
32 #include <Library/PrintLib.h>
33 #include <Library/BaseMemoryLib.h>
34 //
35 // Handle for the installation of Capsule Architecture Protocol.
36 //
37 EFI_HANDLE  mNewHandle = NULL;
38 
39 //
40 // The times of calling UpdateCapsule ()
41 //
42 UINTN       mTimes      = 0;
43 
44 UINT32      mMaxSizePopulateCapsule     = 0;
45 UINT32      mMaxSizeNonPopulateCapsule  = 0;
46 
47 /**
48   Create the variable to save the base address of page table and stack
49   for transferring into long mode in IA32 PEI.
50 **/
51 VOID
52 SaveLongModeContext (
53   VOID
54   );
55 
56 /**
57   Passes capsules to the firmware with both virtual and physical mapping. Depending on the intended
58   consumption, the firmware may process the capsule immediately. If the payload should persist
59   across a system reset, the reset value returned from EFI_QueryCapsuleCapabilities must
60   be passed into ResetSystem() and will cause the capsule to be processed by the firmware as
61   part of the reset process.
62 
63   @param  CapsuleHeaderArray    Virtual pointer to an array of virtual pointers to the capsules
64                                 being passed into update capsule.
65   @param  CapsuleCount          Number of pointers to EFI_CAPSULE_HEADER in
66                                 CaspuleHeaderArray.
67   @param  ScatterGatherList     Physical pointer to a set of
68                                 EFI_CAPSULE_BLOCK_DESCRIPTOR that describes the
69                                 location in physical memory of a set of capsules.
70 
71   @retval EFI_SUCCESS           Valid capsule was passed. If
72                                 CAPSULE_FLAGS_PERSIT_ACROSS_RESET is not set, the
73                                 capsule has been successfully processed by the firmware.
74   @retval EFI_DEVICE_ERROR      The capsule update was started, but failed due to a device error.
75   @retval EFI_INVALID_PARAMETER CapsuleSize is NULL, or an incompatible set of flags were
76                                 set in the capsule header.
77   @retval EFI_INVALID_PARAMETER CapsuleCount is Zero.
78   @retval EFI_INVALID_PARAMETER For across reset capsule image, ScatterGatherList is NULL.
79   @retval EFI_UNSUPPORTED       CapsuleImage is not recognized by the firmware.
80   @retval EFI_OUT_OF_RESOURCES  When ExitBootServices() has been previously called this error indicates the capsule
81                                 is compatible with this platform but is not capable of being submitted or processed
82                                 in runtime. The caller may resubmit the capsule prior to ExitBootServices().
83   @retval EFI_OUT_OF_RESOURCES  When ExitBootServices() has not been previously called then this error indicates
84                                 the capsule is compatible with this platform but there are insufficient resources to process.
85 
86 **/
87 EFI_STATUS
88 EFIAPI
UpdateCapsule(IN EFI_CAPSULE_HEADER ** CapsuleHeaderArray,IN UINTN CapsuleCount,IN EFI_PHYSICAL_ADDRESS ScatterGatherList OPTIONAL)89 UpdateCapsule (
90   IN EFI_CAPSULE_HEADER      **CapsuleHeaderArray,
91   IN UINTN                   CapsuleCount,
92   IN EFI_PHYSICAL_ADDRESS    ScatterGatherList OPTIONAL
93   )
94 {
95   UINTN                     ArrayNumber;
96   EFI_STATUS                Status;
97   EFI_CAPSULE_HEADER        *CapsuleHeader;
98   BOOLEAN                   NeedReset;
99   BOOLEAN                   InitiateReset;
100   CHAR16                    CapsuleVarName[30];
101   CHAR16                    *TempVarName;
102 
103   //
104   // Capsule Count can't be less than one.
105   //
106   if (CapsuleCount < 1) {
107     return EFI_INVALID_PARAMETER;
108   }
109 
110   NeedReset         = FALSE;
111   InitiateReset     = FALSE;
112   CapsuleHeader     = NULL;
113   CapsuleVarName[0] = 0;
114 
115   for (ArrayNumber = 0; ArrayNumber < CapsuleCount; ArrayNumber++) {
116     //
117     // A capsule which has the CAPSULE_FLAGS_POPULATE_SYSTEM_TABLE flag must have
118     // CAPSULE_FLAGS_PERSIST_ACROSS_RESET set in its header as well.
119     //
120     CapsuleHeader = CapsuleHeaderArray[ArrayNumber];
121     if ((CapsuleHeader->Flags & (CAPSULE_FLAGS_PERSIST_ACROSS_RESET | CAPSULE_FLAGS_POPULATE_SYSTEM_TABLE)) == CAPSULE_FLAGS_POPULATE_SYSTEM_TABLE) {
122       return EFI_INVALID_PARAMETER;
123     }
124     //
125     // A capsule which has the CAPSULE_FLAGS_INITIATE_RESET flag must have
126     // CAPSULE_FLAGS_PERSIST_ACROSS_RESET set in its header as well.
127     //
128     if ((CapsuleHeader->Flags & (CAPSULE_FLAGS_PERSIST_ACROSS_RESET | CAPSULE_FLAGS_INITIATE_RESET)) == CAPSULE_FLAGS_INITIATE_RESET) {
129       return EFI_INVALID_PARAMETER;
130     }
131 
132     //
133     // Check FMP capsule flag
134     //
135     if (CompareGuid(&CapsuleHeader->CapsuleGuid, &gEfiFmpCapsuleGuid)
136      && (CapsuleHeader->Flags & CAPSULE_FLAGS_POPULATE_SYSTEM_TABLE) != 0 ) {
137        return EFI_INVALID_PARAMETER;
138     }
139 
140     //
141     // Check Capsule image without populate flag by firmware support capsule function
142     //
143     if ((CapsuleHeader->Flags & CAPSULE_FLAGS_POPULATE_SYSTEM_TABLE) == 0) {
144       Status = SupportCapsuleImage (CapsuleHeader);
145       if (EFI_ERROR(Status)) {
146         return Status;
147       }
148     }
149   }
150 
151   //
152   // Walk through all capsules, record whether there is a capsule needs reset
153   // or initiate reset. And then process capsules which has no reset flag directly.
154   //
155   for (ArrayNumber = 0; ArrayNumber < CapsuleCount ; ArrayNumber++) {
156     CapsuleHeader = CapsuleHeaderArray[ArrayNumber];
157     //
158     // Here should be in the boot-time for non-reset capsule image
159     // Platform specific update for the non-reset capsule image.
160     //
161     if ((CapsuleHeader->Flags & CAPSULE_FLAGS_PERSIST_ACROSS_RESET) == 0) {
162       if (EfiAtRuntime ()) {
163         Status = EFI_OUT_OF_RESOURCES;
164       } else {
165         Status = ProcessCapsuleImage(CapsuleHeader);
166       }
167       if (EFI_ERROR(Status)) {
168         return Status;
169       }
170     } else {
171       NeedReset = TRUE;
172       if ((CapsuleHeader->Flags & CAPSULE_FLAGS_INITIATE_RESET) != 0) {
173         InitiateReset = TRUE;
174       }
175     }
176   }
177 
178   //
179   // After launching all capsules who has no reset flag, if no more capsules claims
180   // for a system reset just return.
181   //
182   if (!NeedReset) {
183     return EFI_SUCCESS;
184   }
185 
186   //
187   // ScatterGatherList is only referenced if the capsules are defined to persist across
188   // system reset.
189   //
190   if (ScatterGatherList == (EFI_PHYSICAL_ADDRESS) (UINTN) NULL) {
191     return EFI_INVALID_PARAMETER;
192   }
193 
194   //
195   // Check if the platform supports update capsule across a system reset
196   //
197   if (!FeaturePcdGet(PcdSupportUpdateCapsuleReset)) {
198     return EFI_UNSUPPORTED;
199   }
200 
201   //
202   // Construct variable name CapsuleUpdateData, CapsuleUpdateData1, CapsuleUpdateData2...
203   // if user calls UpdateCapsule multiple times.
204   //
205   StrCpyS (CapsuleVarName, sizeof(CapsuleVarName)/sizeof(CHAR16), EFI_CAPSULE_VARIABLE_NAME);
206   TempVarName = CapsuleVarName + StrLen (CapsuleVarName);
207   if (mTimes > 0) {
208     UnicodeValueToString (TempVarName, 0, mTimes, 0);
209   }
210 
211   //
212   // ScatterGatherList is only referenced if the capsules are defined to persist across
213   // system reset. Set its value into NV storage to let pre-boot driver to pick it up
214   // after coming through a system reset.
215   //
216   Status = EfiSetVariable (
217              CapsuleVarName,
218              &gEfiCapsuleVendorGuid,
219              EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS,
220              sizeof (UINTN),
221              (VOID *) &ScatterGatherList
222              );
223   if (!EFI_ERROR (Status)) {
224      //
225      // Variable has been set successfully, increase variable index.
226      //
227      mTimes++;
228      if(InitiateReset) {
229        //
230        // Firmware that encounters a capsule which has the CAPSULE_FLAGS_INITIATE_RESET Flag set in its header
231        // will initiate a reset of the platform which is compatible with the passed-in capsule request and will
232        // not return back to the caller.
233        //
234        EfiResetSystem (EfiResetWarm, EFI_SUCCESS, 0, NULL);
235      }
236   }
237   return Status;
238 }
239 
240 /**
241   Returns if the capsule can be supported via UpdateCapsule().
242 
243   @param  CapsuleHeaderArray    Virtual pointer to an array of virtual pointers to the capsules
244                                 being passed into update capsule.
245   @param  CapsuleCount          Number of pointers to EFI_CAPSULE_HEADER in
246                                 CaspuleHeaderArray.
247   @param  MaxiumCapsuleSize     On output the maximum size that UpdateCapsule() can
248                                 support as an argument to UpdateCapsule() via
249                                 CapsuleHeaderArray and ScatterGatherList.
250   @param  ResetType             Returns the type of reset required for the capsule update.
251 
252   @retval EFI_SUCCESS           Valid answer returned.
253   @retval EFI_UNSUPPORTED       The capsule image is not supported on this platform, and
254                                 MaximumCapsuleSize and ResetType are undefined.
255   @retval EFI_INVALID_PARAMETER MaximumCapsuleSize is NULL, or ResetTyep is NULL,
256                                 Or CapsuleCount is Zero, or CapsuleImage is not valid.
257 
258 **/
259 EFI_STATUS
260 EFIAPI
QueryCapsuleCapabilities(IN EFI_CAPSULE_HEADER ** CapsuleHeaderArray,IN UINTN CapsuleCount,OUT UINT64 * MaxiumCapsuleSize,OUT EFI_RESET_TYPE * ResetType)261 QueryCapsuleCapabilities (
262   IN  EFI_CAPSULE_HEADER   **CapsuleHeaderArray,
263   IN  UINTN                CapsuleCount,
264   OUT UINT64               *MaxiumCapsuleSize,
265   OUT EFI_RESET_TYPE       *ResetType
266   )
267 {
268   EFI_STATUS                Status;
269   UINTN                     ArrayNumber;
270   EFI_CAPSULE_HEADER        *CapsuleHeader;
271   BOOLEAN                   NeedReset;
272 
273   //
274   // Capsule Count can't be less than one.
275   //
276   if (CapsuleCount < 1) {
277     return EFI_INVALID_PARAMETER;
278   }
279 
280   //
281   // Check whether input parameter is valid
282   //
283   if ((MaxiumCapsuleSize == NULL) ||(ResetType == NULL)) {
284     return EFI_INVALID_PARAMETER;
285   }
286 
287   CapsuleHeader = NULL;
288   NeedReset     = FALSE;
289 
290   for (ArrayNumber = 0; ArrayNumber < CapsuleCount; ArrayNumber++) {
291     CapsuleHeader = CapsuleHeaderArray[ArrayNumber];
292     //
293     // A capsule which has the CAPSULE_FLAGS_POPULATE_SYSTEM_TABLE flag must have
294     // CAPSULE_FLAGS_PERSIST_ACROSS_RESET set in its header as well.
295     //
296     if ((CapsuleHeader->Flags & (CAPSULE_FLAGS_PERSIST_ACROSS_RESET | CAPSULE_FLAGS_POPULATE_SYSTEM_TABLE)) == CAPSULE_FLAGS_POPULATE_SYSTEM_TABLE) {
297       return EFI_INVALID_PARAMETER;
298     }
299     //
300     // A capsule which has the CAPSULE_FLAGS_INITIATE_RESET flag must have
301     // CAPSULE_FLAGS_PERSIST_ACROSS_RESET set in its header as well.
302     //
303     if ((CapsuleHeader->Flags & (CAPSULE_FLAGS_PERSIST_ACROSS_RESET | CAPSULE_FLAGS_INITIATE_RESET)) == CAPSULE_FLAGS_INITIATE_RESET) {
304       return EFI_INVALID_PARAMETER;
305     }
306 
307     //
308     // Check FMP capsule flag
309     //
310     if (CompareGuid(&CapsuleHeader->CapsuleGuid, &gEfiFmpCapsuleGuid)
311      && (CapsuleHeader->Flags & CAPSULE_FLAGS_POPULATE_SYSTEM_TABLE) != 0 ) {
312        return EFI_INVALID_PARAMETER;
313     }
314 
315     //
316     // Check Capsule image without populate flag is supported by firmware
317     //
318     if ((CapsuleHeader->Flags & CAPSULE_FLAGS_POPULATE_SYSTEM_TABLE) == 0) {
319       Status = SupportCapsuleImage (CapsuleHeader);
320       if (EFI_ERROR(Status)) {
321         return Status;
322       }
323     }
324   }
325 
326   //
327   // Find out whether there is any capsule defined to persist across system reset.
328   //
329   for (ArrayNumber = 0; ArrayNumber < CapsuleCount ; ArrayNumber++) {
330     CapsuleHeader = CapsuleHeaderArray[ArrayNumber];
331     if ((CapsuleHeader->Flags & CAPSULE_FLAGS_PERSIST_ACROSS_RESET) != 0) {
332       NeedReset = TRUE;
333       break;
334     }
335   }
336 
337   if (NeedReset) {
338     //
339     //Check if the platform supports update capsule across a system reset
340     //
341     if (!FeaturePcdGet(PcdSupportUpdateCapsuleReset)) {
342       return EFI_UNSUPPORTED;
343     }
344     *ResetType = EfiResetWarm;
345     *MaxiumCapsuleSize = (UINT64) mMaxSizePopulateCapsule;
346   } else {
347     //
348     // For non-reset capsule image.
349     //
350     *ResetType = EfiResetCold;
351     *MaxiumCapsuleSize = (UINT64) mMaxSizeNonPopulateCapsule;
352   }
353 
354   return EFI_SUCCESS;
355 }
356 
357 
358 /**
359 
360   This code installs UEFI capsule runtime service.
361 
362   @param  ImageHandle    The firmware allocated handle for the EFI image.
363   @param  SystemTable    A pointer to the EFI System Table.
364 
365   @retval EFI_SUCCESS    UEFI Capsule Runtime Services are installed successfully.
366 
367 **/
368 EFI_STATUS
369 EFIAPI
CapsuleServiceInitialize(IN EFI_HANDLE ImageHandle,IN EFI_SYSTEM_TABLE * SystemTable)370 CapsuleServiceInitialize (
371   IN EFI_HANDLE         ImageHandle,
372   IN EFI_SYSTEM_TABLE   *SystemTable
373   )
374 {
375   EFI_STATUS  Status;
376 
377   mMaxSizePopulateCapsule = PcdGet32(PcdMaxSizePopulateCapsule);
378   mMaxSizeNonPopulateCapsule = PcdGet32(PcdMaxSizeNonPopulateCapsule);
379 
380   //
381   // When PEI phase is IA32, DXE phase is X64, it is possible that capsule data are
382   // put above 4GB, so capsule PEI will transfer to long mode to get capsule data.
383   // The page table and stack is used to transfer processor mode from IA32 to long mode.
384   // Create the base address of page table and stack, and save them into variable.
385   // This is not needed when capsule with reset type is not supported.
386   //
387   SaveLongModeContext ();
388 
389   //
390   // Install capsule runtime services into UEFI runtime service tables.
391   //
392   gRT->UpdateCapsule                    = UpdateCapsule;
393   gRT->QueryCapsuleCapabilities         = QueryCapsuleCapabilities;
394 
395   //
396   // Install the Capsule Architectural Protocol on a new handle
397   // to signify the capsule runtime services are ready.
398   //
399   Status = gBS->InstallMultipleProtocolInterfaces (
400                   &mNewHandle,
401                   &gEfiCapsuleArchProtocolGuid,
402                   NULL,
403                   NULL
404                   );
405   ASSERT_EFI_ERROR (Status);
406 
407   return Status;
408 }
409