1// SPDX-License-Identifier: GPL-2.0+ 2/* 3 * EFI Capsule 4 * 5 * Copyright (c) 2018 Linaro Limited 6 * Author: AKASHI Takahiro 7 */ 8 9#define LOG_CATEGORY LOGC_EFI 10 11#include <efi_loader.h> 12#include <efi_variable.h> 13#include <env.h> 14#include <fdtdec.h> 15#include <fs.h> 16#include <fwu.h> 17#include <hang.h> 18#include <malloc.h> 19#include <mapmem.h> 20#include <sort.h> 21#include <sysreset.h> 22#include <asm/global_data.h> 23 24#include <crypto/pkcs7.h> 25#include <crypto/pkcs7_parser.h> 26#include <linux/err.h> 27 28DECLARE_GLOBAL_DATA_PTR; 29 30const efi_guid_t efi_guid_capsule_report = EFI_CAPSULE_REPORT_GUID; 31static const efi_guid_t efi_guid_firmware_management_capsule_id = 32 EFI_FIRMWARE_MANAGEMENT_CAPSULE_ID_GUID; 33const efi_guid_t efi_guid_firmware_management_protocol = 34 EFI_FIRMWARE_MANAGEMENT_PROTOCOL_GUID; 35const efi_guid_t fwu_guid_os_request_fw_revert = 36 FWU_OS_REQUEST_FW_REVERT_GUID; 37const efi_guid_t fwu_guid_os_request_fw_accept = 38 FWU_OS_REQUEST_FW_ACCEPT_GUID; 39 40#define FW_ACCEPT_OS (u32)0x8000 41 42#ifdef CONFIG_EFI_CAPSULE_ON_DISK 43/* for file system access */ 44static struct efi_file_handle *bootdev_root; 45#endif 46 47static __maybe_unused unsigned int get_capsule_index(const u16 *variable_name) 48{ 49 u16 value16[11]; /* "CapsuleXXXX": non-null-terminated */ 50 char value[5]; 51 efi_uintn_t size; 52 unsigned long index = 0xffff; 53 efi_status_t ret; 54 int i; 55 56 size = sizeof(value16); 57 ret = efi_get_variable_int(variable_name, &efi_guid_capsule_report, 58 NULL, &size, value16, NULL); 59 if (ret != EFI_SUCCESS || size != 22 || 60 u16_strncmp(value16, u"Capsule", 7)) 61 goto err; 62 for (i = 0; i < 4; ++i) { 63 u16 c = value16[i + 7]; 64 65 if (!c || c > 0x7f) 66 goto err; 67 value[i] = c; 68 } 69 value[4] = 0; 70 if (strict_strtoul(value, 16, &index)) 71 index = 0xffff; 72err: 73 return index; 74} 75 76/** 77 * get_last_capsule - get the last capsule index 78 * 79 * Retrieve the index of the capsule invoked last time from "CapsuleLast" 80 * variable. 81 * 82 * Return: 83 * * > 0 - the last capsule index invoked 84 * * 0xffff - on error, or no capsule invoked yet 85 */ 86static __maybe_unused unsigned int get_last_capsule(void) 87{ 88 return get_capsule_index(u"CapsuleLast"); 89} 90 91/** 92 * get_max_capsule - get the max capsule index 93 * 94 * Retrieve the max capsule index value from "CapsuleMax" variable. 95 * 96 * Return: 97 * * > 0 - the max capsule index 98 * * 0xffff - on error, or "CapsuleMax" variable does not exist 99 */ 100static __maybe_unused unsigned int get_max_capsule(void) 101{ 102 return get_capsule_index(u"CapsuleMax"); 103} 104 105/** 106 * set_capsule_result - set a result variable 107 * @capsule: Capsule 108 * @return_status: Return status 109 * 110 * Create and set a result variable, "CapsuleXXXX", for the capsule, 111 * @capsule. 112 */ 113static __maybe_unused 114void set_capsule_result(int index, struct efi_capsule_header *capsule, 115 efi_status_t return_status) 116{ 117 u16 variable_name16[12]; 118 struct efi_capsule_result_variable_header result; 119 struct efi_time time; 120 efi_status_t ret; 121 122 efi_create_indexed_name(variable_name16, sizeof(variable_name16), 123 "Capsule", index); 124 result.variable_total_size = sizeof(result); 125 result.capsule_guid = capsule->capsule_guid; 126 ret = EFI_CALL((*efi_runtime_services.get_time)(&time, NULL)); 127 if (ret == EFI_SUCCESS) 128 memcpy(&result.capsule_processed, &time, sizeof(time)); 129 else 130 memset(&result.capsule_processed, 0, sizeof(time)); 131 result.capsule_status = return_status; 132 ret = efi_set_variable_int(variable_name16, &efi_guid_capsule_report, 133 EFI_VARIABLE_NON_VOLATILE | 134 EFI_VARIABLE_BOOTSERVICE_ACCESS | 135 EFI_VARIABLE_RUNTIME_ACCESS, 136 sizeof(result), &result, false); 137 if (ret != EFI_SUCCESS) { 138 log_err("Setting %ls failed\n", variable_name16); 139 return; 140 } 141 142 /* Variable CapsuleLast must not include terminating 0x0000 */ 143 ret = efi_set_variable_int(u"CapsuleLast", &efi_guid_capsule_report, 144 EFI_VARIABLE_READ_ONLY | 145 EFI_VARIABLE_NON_VOLATILE | 146 EFI_VARIABLE_BOOTSERVICE_ACCESS | 147 EFI_VARIABLE_RUNTIME_ACCESS, 148 22, variable_name16, false); 149 if (ret != EFI_SUCCESS) 150 log_err("Setting %ls failed\n", u"CapsuleLast"); 151} 152 153#ifdef CONFIG_EFI_CAPSULE_FIRMWARE_MANAGEMENT 154/** 155 * efi_fmp_find - search for Firmware Management Protocol drivers 156 * @image_type: Image type guid 157 * @image_index: Image Index 158 * @instance: Instance number 159 * @handles: Handles of FMP drivers 160 * @no_handles: Number of handles 161 * 162 * Search for Firmware Management Protocol drivers, matching the image 163 * type, @image_type and the machine instance, @instance, from the list, 164 * @handles. 165 * 166 * Return: 167 * * Protocol instance - on success 168 * * NULL - on failure 169 */ 170static struct efi_firmware_management_protocol * 171efi_fmp_find(efi_guid_t *image_type, u8 image_index, u64 instance, 172 efi_handle_t *handles, efi_uintn_t no_handles) 173{ 174 efi_handle_t *handle; 175 struct efi_firmware_management_protocol *fmp; 176 struct efi_firmware_image_descriptor *image_info, *desc; 177 efi_uintn_t info_size, descriptor_size; 178 u32 descriptor_version; 179 u8 descriptor_count; 180 u32 package_version; 181 u16 *package_version_name; 182 bool found = false; 183 int i, j; 184 efi_status_t ret; 185 186 for (i = 0, handle = handles; i < no_handles; i++, handle++) { 187 struct efi_handler *fmp_handler; 188 189 ret = efi_search_protocol( 190 *handle, &efi_guid_firmware_management_protocol, 191 &fmp_handler); 192 if (ret != EFI_SUCCESS) 193 continue; 194 fmp = fmp_handler->protocol_interface; 195 196 /* get device's image info */ 197 info_size = 0; 198 image_info = NULL; 199 descriptor_version = 0; 200 descriptor_count = 0; 201 descriptor_size = 0; 202 package_version = 0; 203 package_version_name = NULL; 204 ret = EFI_CALL(fmp->get_image_info(fmp, &info_size, 205 image_info, 206 &descriptor_version, 207 &descriptor_count, 208 &descriptor_size, 209 &package_version, 210 &package_version_name)); 211 if (ret != EFI_BUFFER_TOO_SMALL) 212 goto skip; 213 214 image_info = malloc(info_size); 215 if (!image_info) 216 goto skip; 217 218 ret = EFI_CALL(fmp->get_image_info(fmp, &info_size, 219 image_info, 220 &descriptor_version, 221 &descriptor_count, 222 &descriptor_size, 223 &package_version, 224 &package_version_name)); 225 if (ret != EFI_SUCCESS || 226 descriptor_version != EFI_FIRMWARE_IMAGE_DESCRIPTOR_VERSION) 227 goto skip; 228 229 /* matching */ 230 for (j = 0, desc = image_info; j < descriptor_count; 231 j++, desc = (void *)desc + descriptor_size) { 232 log_debug("+++ desc[%d] index: %d, name: %ls\n", 233 j, desc->image_index, desc->image_id_name); 234 if (!guidcmp(&desc->image_type_id, image_type) && 235 (desc->image_index == image_index) && 236 (!instance || 237 !desc->hardware_instance || 238 desc->hardware_instance == instance)) 239 found = true; 240 } 241 242skip: 243 efi_free_pool(package_version_name); 244 free(image_info); 245 if (found) 246 return fmp; 247 } 248 249 return NULL; 250} 251 252/** 253 * efi_remove_auth_hdr - remove authentication data from image 254 * @image: Pointer to pointer to Image 255 * @image_size: Pointer to Image size 256 * 257 * Remove the authentication data from image if possible. 258 * Update @image and @image_size. 259 * 260 * Return: status code 261 */ 262static efi_status_t efi_remove_auth_hdr(void **image, efi_uintn_t *image_size) 263{ 264 struct efi_firmware_image_authentication *auth_hdr; 265 efi_status_t ret = EFI_INVALID_PARAMETER; 266 267 auth_hdr = (struct efi_firmware_image_authentication *)*image; 268 if (*image_size < sizeof(*auth_hdr)) 269 goto out; 270 271 if (auth_hdr->auth_info.hdr.dwLength <= 272 offsetof(struct win_certificate_uefi_guid, cert_data)) 273 goto out; 274 275 *image = (uint8_t *)*image + sizeof(auth_hdr->monotonic_count) + 276 auth_hdr->auth_info.hdr.dwLength; 277 *image_size = *image_size - auth_hdr->auth_info.hdr.dwLength - 278 sizeof(auth_hdr->monotonic_count); 279 280 ret = EFI_SUCCESS; 281out: 282 return ret; 283} 284 285#if defined(CONFIG_EFI_CAPSULE_AUTHENTICATE) 286int efi_get_public_key_data(void **pkey, efi_uintn_t *pkey_len) 287{ 288 const void *fdt_blob = gd->fdt_blob; 289 const void *blob; 290 const char *cnode_name = "capsule-key"; 291 const char *snode_name = "signature"; 292 int sig_node; 293 int len; 294 295 sig_node = fdt_subnode_offset(fdt_blob, 0, snode_name); 296 if (sig_node < 0) { 297 log_err("Unable to get signature node offset\n"); 298 299 return -FDT_ERR_NOTFOUND; 300 } 301 302 blob = fdt_getprop(fdt_blob, sig_node, cnode_name, &len); 303 304 if (!blob || len < 0) { 305 log_err("Unable to get capsule-key value\n"); 306 *pkey = NULL; 307 *pkey_len = 0; 308 309 return -FDT_ERR_NOTFOUND; 310 } 311 312 *pkey = (void *)blob; 313 *pkey_len = len; 314 315 return 0; 316} 317 318efi_status_t efi_capsule_authenticate(const void *capsule, efi_uintn_t capsule_size, 319 void **image, efi_uintn_t *image_size) 320{ 321 u8 *buf; 322 int ret; 323 void *fdt_pkey, *pkey; 324 efi_uintn_t pkey_len; 325 uint64_t monotonic_count; 326 struct efi_signature_store *truststore; 327 struct pkcs7_message *capsule_sig; 328 struct efi_image_regions *regs; 329 struct efi_firmware_image_authentication *auth_hdr; 330 efi_status_t status; 331 332 status = EFI_SECURITY_VIOLATION; 333 capsule_sig = NULL; 334 truststore = NULL; 335 regs = NULL; 336 337 /* Sanity checks */ 338 if (capsule == NULL || capsule_size == 0) 339 goto out; 340 341 *image = (uint8_t *)capsule; 342 *image_size = capsule_size; 343 if (efi_remove_auth_hdr(image, image_size) != EFI_SUCCESS) 344 goto out; 345 346 auth_hdr = (struct efi_firmware_image_authentication *)capsule; 347 if (guidcmp(&auth_hdr->auth_info.cert_type, &efi_guid_cert_type_pkcs7)) 348 goto out; 349 350 memcpy(&monotonic_count, &auth_hdr->monotonic_count, 351 sizeof(monotonic_count)); 352 353 /* data to be digested */ 354 regs = calloc(sizeof(*regs) + sizeof(struct image_region) * 2, 1); 355 if (!regs) 356 goto out; 357 358 regs->max = 2; 359 efi_image_region_add(regs, (uint8_t *)*image, 360 (uint8_t *)*image + *image_size, 1); 361 362 efi_image_region_add(regs, (uint8_t *)&monotonic_count, 363 (uint8_t *)&monotonic_count + sizeof(monotonic_count), 364 1); 365 366 capsule_sig = efi_parse_pkcs7_header(auth_hdr->auth_info.cert_data, 367 auth_hdr->auth_info.hdr.dwLength 368 - sizeof(auth_hdr->auth_info), 369 &buf); 370 if (!capsule_sig) { 371 debug("Parsing variable's pkcs7 header failed\n"); 372 goto out; 373 } 374 375 ret = efi_get_public_key_data(&fdt_pkey, &pkey_len); 376 if (ret < 0) 377 goto out; 378 379 pkey = malloc(pkey_len); 380 if (!pkey) 381 goto out; 382 383 memcpy(pkey, fdt_pkey, pkey_len); 384 truststore = efi_build_signature_store(pkey, pkey_len); 385 if (!truststore) 386 goto out; 387 388 /* verify signature */ 389 if (efi_signature_verify(regs, capsule_sig, truststore, NULL)) { 390 debug("Verified\n"); 391 } else { 392 debug("Verifying variable's signature failed\n"); 393 goto out; 394 } 395 396 status = EFI_SUCCESS; 397 398out: 399 efi_sigstore_free(truststore); 400 pkcs7_free_message(capsule_sig); 401 free(regs); 402 403 return status; 404} 405#endif /* CONFIG_EFI_CAPSULE_AUTHENTICATE */ 406 407static __maybe_unused bool fwu_empty_capsule(struct efi_capsule_header *capsule) 408{ 409 return !guidcmp(&capsule->capsule_guid, 410 &fwu_guid_os_request_fw_revert) || 411 !guidcmp(&capsule->capsule_guid, 412 &fwu_guid_os_request_fw_accept); 413} 414 415static __maybe_unused efi_status_t fwu_to_efi_error(int err) 416{ 417 efi_status_t ret; 418 419 switch(err) { 420 case 0: 421 ret = EFI_SUCCESS; 422 break; 423 case -ERANGE: 424 case -EIO: 425 ret = EFI_DEVICE_ERROR; 426 break; 427 case -EINVAL: 428 ret = EFI_INVALID_PARAMETER; 429 break; 430 case -ENODEV: 431 ret = EFI_NOT_FOUND; 432 break; 433 default: 434 ret = EFI_OUT_OF_RESOURCES; 435 } 436 437 return ret; 438} 439 440static __maybe_unused efi_status_t fwu_empty_capsule_process( 441 struct efi_capsule_header *capsule) 442{ 443 int status; 444 u32 active_idx; 445 efi_guid_t *image_guid; 446 efi_status_t ret = EFI_INVALID_PARAMETER; 447 448 if (!guidcmp(&capsule->capsule_guid, 449 &fwu_guid_os_request_fw_revert)) { 450 /* 451 * One of the previously updated image has 452 * failed the OS acceptance test. OS has 453 * requested to revert back to the earlier 454 * boot index 455 */ 456 status = fwu_revert_boot_index(); 457 ret = fwu_to_efi_error(status); 458 if (ret == EFI_SUCCESS) 459 log_debug("Reverted the FWU active_index. Recommend rebooting the system\n"); 460 else 461 log_err("Failed to revert the FWU boot index\n"); 462 } else if (!guidcmp(&capsule->capsule_guid, 463 &fwu_guid_os_request_fw_accept)) { 464 /* 465 * Image accepted by the OS. Set the acceptance 466 * status for the image. 467 */ 468 image_guid = (void *)(char *)capsule + 469 capsule->header_size; 470 471 status = fwu_get_active_index(&active_idx); 472 ret = fwu_to_efi_error(status); 473 if (ret != EFI_SUCCESS) { 474 log_err("Unable to get the active_index from the FWU metadata\n"); 475 return ret; 476 } 477 478 status = fwu_accept_image(image_guid, active_idx); 479 ret = fwu_to_efi_error(status); 480 if (ret != EFI_SUCCESS) 481 log_err("Unable to set the Accept bit for the image %pUs\n", 482 image_guid); 483 } 484 485 return ret; 486} 487 488static __maybe_unused void fwu_post_update_checks( 489 struct efi_capsule_header *capsule, 490 bool *fw_accept_os, bool *capsule_update) 491{ 492 if (fwu_empty_capsule(capsule)) 493 *capsule_update = false; 494 else 495 if (!*fw_accept_os) 496 *fw_accept_os = 497 capsule->flags & FW_ACCEPT_OS ? true : false; 498} 499 500static __maybe_unused efi_status_t fwu_post_update_process(bool fw_accept_os) 501{ 502 int status; 503 uint update_index; 504 efi_status_t ret; 505 506 status = fwu_plat_get_update_index(&update_index); 507 if (status < 0) { 508 log_err("Failed to get the FWU update_index value\n"); 509 return EFI_DEVICE_ERROR; 510 } 511 512 /* 513 * All the capsules have been updated successfully, 514 * update the FWU metadata. 515 */ 516 log_debug("Update Complete. Now updating active_index to %u\n", 517 update_index); 518 status = fwu_set_active_index(update_index); 519 ret = fwu_to_efi_error(status); 520 if (ret != EFI_SUCCESS) { 521 log_err("Failed to update FWU metadata index values\n"); 522 } else { 523 log_debug("Successfully updated the active_index\n"); 524 if (fw_accept_os) { 525 status = fwu_trial_state_ctr_start(); 526 if (status < 0) 527 ret = EFI_DEVICE_ERROR; 528 } 529 } 530 531 return ret; 532} 533 534/** 535 * efi_capsule_update_firmware - update firmware from capsule 536 * @capsule_data: Capsule 537 * 538 * Update firmware, using a capsule, @capsule_data. Loading any FMP 539 * drivers embedded in a capsule is not supported. 540 * 541 * Return: status code 542 */ 543static efi_status_t efi_capsule_update_firmware( 544 struct efi_capsule_header *capsule_data) 545{ 546 struct efi_firmware_management_capsule_header *capsule; 547 struct efi_firmware_management_capsule_image_header *image; 548 size_t capsule_size, image_binary_size; 549 void *image_binary, *vendor_code; 550 efi_handle_t *handles; 551 efi_uintn_t no_handles; 552 int item; 553 struct efi_firmware_management_protocol *fmp; 554 u16 *abort_reason; 555 efi_guid_t *image_type_id; 556 efi_status_t ret = EFI_SUCCESS; 557 int status; 558 uint update_index; 559 bool fw_accept_os; 560 561 if (IS_ENABLED(CONFIG_FWU_MULTI_BANK_UPDATE)) { 562 if (fwu_empty_capsule_checks_pass() && 563 fwu_empty_capsule(capsule_data)) 564 return fwu_empty_capsule_process(capsule_data); 565 566 if (!fwu_update_checks_pass()) { 567 log_err("FWU checks failed. Cannot start update\n"); 568 return EFI_INVALID_PARAMETER; 569 } 570 571 572 /* Obtain the update_index from the platform */ 573 status = fwu_plat_get_update_index(&update_index); 574 if (status < 0) { 575 log_err("Failed to get the FWU update_index value\n"); 576 return EFI_DEVICE_ERROR; 577 } 578 579 fw_accept_os = capsule_data->flags & FW_ACCEPT_OS ? 0x1 : 0x0; 580 } 581 582 if (guidcmp(&capsule_data->capsule_guid, 583 &efi_guid_firmware_management_capsule_id)) { 584 log_err("Unsupported capsule type: %pUs\n", 585 &capsule_data->capsule_guid); 586 return EFI_UNSUPPORTED; 587 } 588 589 /* sanity check */ 590 if (capsule_data->header_size < sizeof(*capsule) || 591 capsule_data->header_size >= capsule_data->capsule_image_size) 592 return EFI_INVALID_PARAMETER; 593 594 capsule = (void *)capsule_data + capsule_data->header_size; 595 capsule_size = capsule_data->capsule_image_size 596 - capsule_data->header_size; 597 598 if (capsule->version != 0x00000001) 599 return EFI_UNSUPPORTED; 600 601 handles = NULL; 602 ret = EFI_CALL(efi_locate_handle_buffer( 603 BY_PROTOCOL, 604 &efi_guid_firmware_management_protocol, 605 NULL, &no_handles, (efi_handle_t **)&handles)); 606 if (ret != EFI_SUCCESS) 607 return EFI_UNSUPPORTED; 608 609 /* Payload */ 610 for (item = capsule->embedded_driver_count; 611 item < capsule->embedded_driver_count 612 + capsule->payload_item_count; item++) { 613 /* sanity check */ 614 if ((capsule->item_offset_list[item] + sizeof(*image) 615 >= capsule_size)) { 616 log_err("Capsule does not have enough data\n"); 617 ret = EFI_INVALID_PARAMETER; 618 goto out; 619 } 620 621 image = (void *)capsule + capsule->item_offset_list[item]; 622 623 if (image->version != 0x00000003) { 624 ret = EFI_UNSUPPORTED; 625 goto out; 626 } 627 628 /* find a device for update firmware */ 629 fmp = efi_fmp_find(&image->update_image_type_id, 630 image->update_image_index, 631 image->update_hardware_instance, 632 handles, no_handles); 633 if (!fmp) { 634 log_err("FMP driver not found for firmware type %pUs, hardware instance %lld\n", 635 &image->update_image_type_id, 636 image->update_hardware_instance); 637 ret = EFI_UNSUPPORTED; 638 goto out; 639 } 640 641 /* do update */ 642 if (IS_ENABLED(CONFIG_EFI_CAPSULE_AUTHENTICATE) && 643 !(image->image_capsule_support & 644 CAPSULE_SUPPORT_AUTHENTICATION)) { 645 /* no signature */ 646 ret = EFI_SECURITY_VIOLATION; 647 goto out; 648 } 649 650 image_binary = (void *)image + sizeof(*image); 651 image_binary_size = image->update_image_size; 652 vendor_code = image_binary + image_binary_size; 653 if (!IS_ENABLED(CONFIG_EFI_CAPSULE_AUTHENTICATE) && 654 (image->image_capsule_support & 655 CAPSULE_SUPPORT_AUTHENTICATION)) { 656 ret = efi_remove_auth_hdr(&image_binary, 657 &image_binary_size); 658 if (ret != EFI_SUCCESS) 659 goto out; 660 } 661 662 abort_reason = NULL; 663 ret = EFI_CALL(fmp->set_image(fmp, image->update_image_index, 664 image_binary, 665 image_binary_size, 666 vendor_code, NULL, 667 &abort_reason)); 668 if (ret != EFI_SUCCESS) { 669 log_err("Firmware update failed: %ls\n", 670 abort_reason); 671 efi_free_pool(abort_reason); 672 goto out; 673 } 674 675 if (IS_ENABLED(CONFIG_FWU_MULTI_BANK_UPDATE)) { 676 image_type_id = &image->update_image_type_id; 677 if (!fw_accept_os) { 678 /* 679 * The OS will not be accepting the firmware 680 * images. Set the accept bit of all the 681 * images contained in this capsule. 682 */ 683 status = fwu_accept_image(image_type_id, 684 update_index); 685 } else { 686 status = fwu_clear_accept_image(image_type_id, 687 update_index); 688 } 689 ret = fwu_to_efi_error(status); 690 if (ret != EFI_SUCCESS) { 691 log_err("Unable to %s the accept bit for the image %pUs\n", 692 fw_accept_os ? "clear" : "set", 693 image_type_id); 694 goto out; 695 } 696 697 log_debug("%s the accepted bit for Image %pUs\n", 698 fw_accept_os ? "Cleared" : "Set", 699 image_type_id); 700 } 701 702 } 703 704out: 705 efi_free_pool(handles); 706 707 return ret; 708} 709#else 710static efi_status_t efi_capsule_update_firmware( 711 struct efi_capsule_header *capsule_data) 712{ 713 return EFI_UNSUPPORTED; 714} 715#endif /* CONFIG_EFI_CAPSULE_FIRMWARE_MANAGEMENT */ 716 717/** 718 * efi_update_capsule() - process information from operating system 719 * @capsule_header_array: Array of virtual address pointers 720 * @capsule_count: Number of pointers in capsule_header_array 721 * @scatter_gather_list: Array of physical address pointers 722 * 723 * This function implements the UpdateCapsule() runtime service. 724 * 725 * See the Unified Extensible Firmware Interface (UEFI) specification for 726 * details. 727 * 728 * Return: status code 729 */ 730efi_status_t EFIAPI efi_update_capsule( 731 struct efi_capsule_header **capsule_header_array, 732 efi_uintn_t capsule_count, 733 u64 scatter_gather_list) 734{ 735 struct efi_capsule_header *capsule; 736 unsigned int i; 737 efi_status_t ret; 738 739 EFI_ENTRY("%p, %zu, %llu\n", capsule_header_array, capsule_count, 740 scatter_gather_list); 741 742 if (!capsule_count) { 743 ret = EFI_INVALID_PARAMETER; 744 goto out; 745 } 746 747 ret = EFI_SUCCESS; 748 for (i = 0, capsule = *capsule_header_array; i < capsule_count; 749 i++, capsule = *(++capsule_header_array)) { 750 /* sanity check */ 751 if (capsule->header_size < sizeof(*capsule) || 752 capsule->capsule_image_size < sizeof(*capsule)) { 753 log_err("Capsule does not have enough data\n"); 754 continue; 755 } 756 757 log_debug("Capsule[%d] (guid:%pUs)\n", 758 i, &capsule->capsule_guid); 759 ret = efi_capsule_update_firmware(capsule); 760 if (ret != EFI_SUCCESS) 761 goto out; 762 } 763 764 if (IS_ENABLED(CONFIG_EFI_ESRT)) { 765 /* Rebuild the ESRT to reflect any updated FW images. */ 766 ret = efi_esrt_populate(); 767 if (ret != EFI_SUCCESS) 768 log_warning("ESRT update failed\n"); 769 } 770out: 771 772 return EFI_EXIT(ret); 773} 774 775/** 776 * efi_query_capsule_caps() - check if capsule is supported 777 * @capsule_header_array: Array of virtual pointers 778 * @capsule_count: Number of pointers in capsule_header_array 779 * @maximum_capsule_size: Maximum capsule size 780 * @reset_type: Type of reset needed for capsule update 781 * 782 * This function implements the QueryCapsuleCapabilities() runtime service. 783 * 784 * See the Unified Extensible Firmware Interface (UEFI) specification for 785 * details. 786 * 787 * Return: status code 788 */ 789efi_status_t EFIAPI efi_query_capsule_caps( 790 struct efi_capsule_header **capsule_header_array, 791 efi_uintn_t capsule_count, 792 u64 *maximum_capsule_size, 793 u32 *reset_type) 794{ 795 struct efi_capsule_header *capsule __attribute__((unused)); 796 unsigned int i; 797 efi_status_t ret; 798 799 EFI_ENTRY("%p, %zu, %p, %p\n", capsule_header_array, capsule_count, 800 maximum_capsule_size, reset_type); 801 802 if (!maximum_capsule_size) { 803 ret = EFI_INVALID_PARAMETER; 804 goto out; 805 } 806 807 *maximum_capsule_size = U64_MAX; 808 *reset_type = EFI_RESET_COLD; 809 810 ret = EFI_SUCCESS; 811 for (i = 0, capsule = *capsule_header_array; i < capsule_count; 812 i++, capsule = *(++capsule_header_array)) { 813 /* TODO */ 814 } 815out: 816 return EFI_EXIT(ret); 817} 818 819/** 820 * efi_load_capsule_drivers - initialize capsule drivers 821 * 822 * Generic FMP drivers backed by DFU 823 * 824 * Return: status code 825 */ 826efi_status_t __weak efi_load_capsule_drivers(void) 827{ 828 __maybe_unused efi_handle_t handle; 829 efi_status_t ret = EFI_SUCCESS; 830 831 if (IS_ENABLED(CONFIG_EFI_CAPSULE_FIRMWARE_FIT)) { 832 handle = NULL; 833 ret = efi_install_multiple_protocol_interfaces(&handle, 834 &efi_guid_firmware_management_protocol, 835 &efi_fmp_fit, 836 NULL); 837 } 838 839 if (IS_ENABLED(CONFIG_EFI_CAPSULE_FIRMWARE_RAW)) { 840 handle = NULL; 841 ret = efi_install_multiple_protocol_interfaces(&handle, 842 &efi_guid_firmware_management_protocol, 843 &efi_fmp_raw, 844 NULL); 845 } 846 847 return ret; 848} 849 850#ifdef CONFIG_EFI_CAPSULE_ON_DISK 851/** 852 * get_dp_device - retrieve a device path from boot variable 853 * @boot_var: Boot variable name 854 * @device_dp Device path 855 * 856 * Retrieve a device patch from boot variable, @boot_var. 857 * 858 * Return: status code 859 */ 860static efi_status_t get_dp_device(u16 *boot_var, 861 struct efi_device_path **device_dp) 862{ 863 void *buf = NULL; 864 efi_uintn_t size; 865 struct efi_load_option lo; 866 struct efi_device_path *file_dp; 867 efi_status_t ret; 868 869 size = 0; 870 ret = efi_get_variable_int(boot_var, &efi_global_variable_guid, 871 NULL, &size, NULL, NULL); 872 if (ret == EFI_BUFFER_TOO_SMALL) { 873 buf = malloc(size); 874 if (!buf) 875 return EFI_OUT_OF_RESOURCES; 876 ret = efi_get_variable_int(boot_var, &efi_global_variable_guid, 877 NULL, &size, buf, NULL); 878 } 879 if (ret != EFI_SUCCESS) 880 return ret; 881 882 efi_deserialize_load_option(&lo, buf, &size); 883 884 if (lo.attributes & LOAD_OPTION_ACTIVE) { 885 efi_dp_split_file_path(lo.file_path, device_dp, &file_dp); 886 efi_free_pool(file_dp); 887 888 ret = EFI_SUCCESS; 889 } else { 890 ret = EFI_NOT_FOUND; 891 } 892 893 free(buf); 894 895 return ret; 896} 897 898/** 899 * device_is_present_and_system_part - check if a device exists 900 * 901 * Check if a device pointed to by the device path, @dp, exists and is 902 * located in UEFI system partition. 903 * 904 * @dp device path 905 * Return: true - yes, false - no 906 */ 907static bool device_is_present_and_system_part(struct efi_device_path *dp) 908{ 909 efi_handle_t handle; 910 struct efi_device_path *rem; 911 912 /* Check device exists */ 913 handle = efi_dp_find_obj(dp, NULL, NULL); 914 if (!handle) 915 return false; 916 917 /* Check device is on system partition */ 918 handle = efi_dp_find_obj(dp, &efi_system_partition_guid, &rem); 919 if (!handle) 920 return false; 921 922 return true; 923} 924 925/** 926 * find_boot_device - identify the boot device 927 * 928 * Identify the boot device from boot-related variables as UEFI 929 * specification describes and put its handle into bootdev_root. 930 * 931 * Return: status code 932 */ 933static efi_status_t find_boot_device(void) 934{ 935 char boot_var[9]; 936 u16 boot_var16[9], *p, bootnext, *boot_order = NULL; 937 efi_uintn_t size; 938 int i, num; 939 struct efi_simple_file_system_protocol *volume; 940 struct efi_device_path *boot_dev = NULL; 941 efi_status_t ret; 942 943 /* find active boot device in BootNext */ 944 bootnext = 0; 945 size = sizeof(bootnext); 946 ret = efi_get_variable_int(u"BootNext", 947 (efi_guid_t *)&efi_global_variable_guid, 948 NULL, &size, &bootnext, NULL); 949 if (ret == EFI_SUCCESS || ret == EFI_BUFFER_TOO_SMALL) { 950 /* BootNext does exist here */ 951 if (ret == EFI_BUFFER_TOO_SMALL || size != sizeof(u16)) { 952 log_err("BootNext must be 16-bit integer\n"); 953 goto skip; 954 } 955 sprintf((char *)boot_var, "Boot%04X", bootnext); 956 p = boot_var16; 957 utf8_utf16_strcpy(&p, boot_var); 958 959 ret = get_dp_device(boot_var16, &boot_dev); 960 if (ret == EFI_SUCCESS) { 961 if (device_is_present_and_system_part(boot_dev)) { 962 goto found; 963 } else { 964 efi_free_pool(boot_dev); 965 boot_dev = NULL; 966 } 967 } 968 } 969 970skip: 971 /* find active boot device in BootOrder */ 972 size = 0; 973 ret = efi_get_variable_int(u"BootOrder", &efi_global_variable_guid, 974 NULL, &size, NULL, NULL); 975 if (ret == EFI_BUFFER_TOO_SMALL) { 976 boot_order = malloc(size); 977 if (!boot_order) { 978 ret = EFI_OUT_OF_RESOURCES; 979 goto out; 980 } 981 982 ret = efi_get_variable_int(u"BootOrder", 983 &efi_global_variable_guid, 984 NULL, &size, boot_order, NULL); 985 } 986 if (ret != EFI_SUCCESS) 987 goto out; 988 989 /* check in higher order */ 990 num = size / sizeof(u16); 991 for (i = 0; i < num; i++) { 992 sprintf((char *)boot_var, "Boot%04X", boot_order[i]); 993 p = boot_var16; 994 utf8_utf16_strcpy(&p, boot_var); 995 ret = get_dp_device(boot_var16, &boot_dev); 996 if (ret != EFI_SUCCESS) 997 continue; 998 999 if (device_is_present_and_system_part(boot_dev)) 1000 break; 1001 1002 efi_free_pool(boot_dev); 1003 boot_dev = NULL; 1004 } 1005found: 1006 if (boot_dev) { 1007 log_debug("Boot device %pD\n", boot_dev); 1008 1009 volume = efi_fs_from_path(boot_dev); 1010 if (!volume) 1011 ret = EFI_DEVICE_ERROR; 1012 else 1013 ret = EFI_CALL(volume->open_volume(volume, 1014 &bootdev_root)); 1015 efi_free_pool(boot_dev); 1016 } else { 1017 ret = EFI_NOT_FOUND; 1018 } 1019out: 1020 free(boot_order); 1021 1022 return ret; 1023} 1024 1025/** 1026 * efi_capsule_scan_dir - traverse a capsule directory in boot device 1027 * @files: Array of file names 1028 * @num: Number of elements in @files 1029 * 1030 * Traverse a capsule directory in boot device. 1031 * Called by initialization code, and returns an array of capsule file 1032 * names in @files. 1033 * 1034 * Return: status code 1035 */ 1036static efi_status_t efi_capsule_scan_dir(u16 ***files, unsigned int *num) 1037{ 1038 struct efi_file_handle *dirh; 1039 struct efi_file_info *dirent; 1040 efi_uintn_t dirent_size, tmp_size; 1041 unsigned int count; 1042 u16 **tmp_files; 1043 efi_status_t ret; 1044 1045 ret = find_boot_device(); 1046 if (ret == EFI_NOT_FOUND) { 1047 log_debug("Boot device is not set\n"); 1048 *num = 0; 1049 return EFI_SUCCESS; 1050 } else if (ret != EFI_SUCCESS) { 1051 return EFI_DEVICE_ERROR; 1052 } 1053 1054 /* count capsule files */ 1055 ret = EFI_CALL((*bootdev_root->open)(bootdev_root, &dirh, 1056 EFI_CAPSULE_DIR, 1057 EFI_FILE_MODE_READ, 0)); 1058 if (ret != EFI_SUCCESS) { 1059 *num = 0; 1060 return EFI_SUCCESS; 1061 } 1062 1063 dirent_size = 256; 1064 dirent = malloc(dirent_size); 1065 if (!dirent) 1066 return EFI_OUT_OF_RESOURCES; 1067 1068 count = 0; 1069 while (1) { 1070 tmp_size = dirent_size; 1071 ret = EFI_CALL((*dirh->read)(dirh, &tmp_size, dirent)); 1072 if (ret == EFI_BUFFER_TOO_SMALL) { 1073 struct efi_file_info *old_dirent = dirent; 1074 1075 dirent = realloc(dirent, tmp_size); 1076 if (!dirent) { 1077 dirent = old_dirent; 1078 ret = EFI_OUT_OF_RESOURCES; 1079 goto err; 1080 } 1081 dirent_size = tmp_size; 1082 ret = EFI_CALL((*dirh->read)(dirh, &tmp_size, dirent)); 1083 } 1084 if (ret != EFI_SUCCESS) 1085 goto err; 1086 if (!tmp_size) 1087 break; 1088 1089 if (!(dirent->attribute & EFI_FILE_DIRECTORY)) 1090 count++; 1091 } 1092 1093 ret = EFI_CALL((*dirh->setpos)(dirh, 0)); 1094 if (ret != EFI_SUCCESS) 1095 goto err; 1096 1097 /* make a list */ 1098 tmp_files = malloc(count * sizeof(*tmp_files)); 1099 if (!tmp_files) { 1100 ret = EFI_OUT_OF_RESOURCES; 1101 goto err; 1102 } 1103 1104 count = 0; 1105 while (1) { 1106 tmp_size = dirent_size; 1107 ret = EFI_CALL((*dirh->read)(dirh, &tmp_size, dirent)); 1108 if (ret != EFI_SUCCESS) 1109 goto err; 1110 if (!tmp_size) 1111 break; 1112 1113 if (!(dirent->attribute & EFI_FILE_DIRECTORY) && 1114 u16_strcmp(dirent->file_name, u".") && 1115 u16_strcmp(dirent->file_name, u"..")) 1116 tmp_files[count++] = u16_strdup(dirent->file_name); 1117 } 1118 /* ignore an error */ 1119 EFI_CALL((*dirh->close)(dirh)); 1120 1121 /* 1122 * Capsule files are applied in case insensitive alphabetic order 1123 * 1124 * TODO: special handling of rightmost period 1125 */ 1126 qsort(tmp_files, count, sizeof(*tmp_files), 1127 (int (*)(const void *, const void *))u16_strcasecmp); 1128 *files = tmp_files; 1129 *num = count; 1130 ret = EFI_SUCCESS; 1131err: 1132 free(dirent); 1133 1134 return ret; 1135} 1136 1137/** 1138 * efi_capsule_read_file - read in a capsule file 1139 * @filename: File name 1140 * @capsule: Pointer to buffer for capsule 1141 * 1142 * Read a capsule file and put its content in @capsule. 1143 * 1144 * Return: status code 1145 */ 1146static efi_status_t efi_capsule_read_file(const u16 *filename, 1147 struct efi_capsule_header **capsule) 1148{ 1149 struct efi_file_handle *dirh, *fh; 1150 struct efi_file_info *file_info = NULL; 1151 struct efi_capsule_header *buf = NULL; 1152 efi_uintn_t size; 1153 efi_status_t ret; 1154 1155 ret = EFI_CALL((*bootdev_root->open)(bootdev_root, &dirh, 1156 EFI_CAPSULE_DIR, 1157 EFI_FILE_MODE_READ, 0)); 1158 if (ret != EFI_SUCCESS) 1159 return ret; 1160 ret = EFI_CALL((*dirh->open)(dirh, &fh, (u16 *)filename, 1161 EFI_FILE_MODE_READ, 0)); 1162 /* ignore an error */ 1163 EFI_CALL((*dirh->close)(dirh)); 1164 if (ret != EFI_SUCCESS) 1165 return ret; 1166 1167 /* file size */ 1168 size = 0; 1169 ret = EFI_CALL((*fh->getinfo)(fh, &efi_file_info_guid, 1170 &size, file_info)); 1171 if (ret == EFI_BUFFER_TOO_SMALL) { 1172 file_info = malloc(size); 1173 if (!file_info) { 1174 ret = EFI_OUT_OF_RESOURCES; 1175 goto err; 1176 } 1177 ret = EFI_CALL((*fh->getinfo)(fh, &efi_file_info_guid, 1178 &size, file_info)); 1179 } 1180 if (ret != EFI_SUCCESS) 1181 goto err; 1182 size = file_info->file_size; 1183 free(file_info); 1184 buf = malloc(size); 1185 if (!buf) { 1186 ret = EFI_OUT_OF_RESOURCES; 1187 goto err; 1188 } 1189 1190 /* fetch data */ 1191 ret = EFI_CALL((*fh->read)(fh, &size, buf)); 1192 if (ret == EFI_SUCCESS) { 1193 if (size >= buf->capsule_image_size) { 1194 *capsule = buf; 1195 } else { 1196 free(buf); 1197 ret = EFI_INVALID_PARAMETER; 1198 } 1199 } else { 1200 free(buf); 1201 } 1202err: 1203 EFI_CALL((*fh->close)(fh)); 1204 1205 return ret; 1206} 1207 1208/** 1209 * efi_capsule_delete_file - delete a capsule file 1210 * @filename: File name 1211 * 1212 * Delete a capsule file from capsule directory. 1213 * 1214 * Return: status code 1215 */ 1216static efi_status_t efi_capsule_delete_file(const u16 *filename) 1217{ 1218 struct efi_file_handle *dirh, *fh; 1219 efi_status_t ret; 1220 1221 ret = EFI_CALL((*bootdev_root->open)(bootdev_root, &dirh, 1222 EFI_CAPSULE_DIR, 1223 EFI_FILE_MODE_READ, 0)); 1224 if (ret != EFI_SUCCESS) 1225 return ret; 1226 ret = EFI_CALL((*dirh->open)(dirh, &fh, (u16 *)filename, 1227 EFI_FILE_MODE_READ, 0)); 1228 /* ignore an error */ 1229 EFI_CALL((*dirh->close)(dirh)); 1230 1231 if (ret == EFI_SUCCESS) 1232 ret = EFI_CALL((*fh->delete)(fh)); 1233 1234 return ret; 1235} 1236 1237/** 1238 * efi_capsule_scan_done - reset a scan help function 1239 * 1240 * Reset a scan help function 1241 */ 1242static void efi_capsule_scan_done(void) 1243{ 1244 EFI_CALL((*bootdev_root->close)(bootdev_root)); 1245 bootdev_root = NULL; 1246} 1247 1248/** 1249 * check_run_capsules() - check whether capsule update should run 1250 * 1251 * The spec says OsIndications must be set in order to run the capsule update 1252 * on-disk. Since U-Boot doesn't support runtime SetVariable, allow capsules to 1253 * run explicitly if CONFIG_EFI_IGNORE_OSINDICATIONS is selected 1254 * 1255 * Return: EFI_SUCCESS if update to run, EFI_NOT_FOUND otherwise 1256 */ 1257static efi_status_t check_run_capsules(void) 1258{ 1259 u64 os_indications = 0x0; 1260 efi_uintn_t size; 1261 efi_status_t r; 1262 1263 size = sizeof(os_indications); 1264 r = efi_get_variable_int(u"OsIndications", &efi_global_variable_guid, 1265 NULL, &size, &os_indications, NULL); 1266 if (!IS_ENABLED(CONFIG_EFI_IGNORE_OSINDICATIONS) && 1267 (r != EFI_SUCCESS || size != sizeof(os_indications))) 1268 return EFI_NOT_FOUND; 1269 1270 if (os_indications & 1271 EFI_OS_INDICATIONS_FILE_CAPSULE_DELIVERY_SUPPORTED) { 1272 os_indications &= 1273 ~EFI_OS_INDICATIONS_FILE_CAPSULE_DELIVERY_SUPPORTED; 1274 r = efi_set_variable_int(u"OsIndications", 1275 &efi_global_variable_guid, 1276 EFI_VARIABLE_NON_VOLATILE | 1277 EFI_VARIABLE_BOOTSERVICE_ACCESS | 1278 EFI_VARIABLE_RUNTIME_ACCESS, 1279 sizeof(os_indications), 1280 &os_indications, false); 1281 if (r != EFI_SUCCESS) 1282 log_err("Setting %ls failed\n", L"OsIndications"); 1283 return EFI_SUCCESS; 1284 } else if (IS_ENABLED(CONFIG_EFI_IGNORE_OSINDICATIONS)) { 1285 return EFI_SUCCESS; 1286 } else { 1287 return EFI_NOT_FOUND; 1288 } 1289} 1290 1291/** 1292 * efi_launch_capsule - launch capsules 1293 * 1294 * Launch all the capsules in system at boot time. 1295 * Called by efi init code 1296 * 1297 * Return: status codde 1298 */ 1299efi_status_t efi_launch_capsules(void) 1300{ 1301 struct efi_capsule_header *capsule = NULL; 1302 u16 **files; 1303 unsigned int nfiles, index, index_max, i; 1304 efi_status_t ret; 1305 bool capsule_update = true; 1306 bool update_status = true; 1307 bool fw_accept_os = false; 1308 1309 if (check_run_capsules() != EFI_SUCCESS) 1310 return EFI_SUCCESS; 1311 1312 index_max = get_max_capsule(); 1313 index = get_last_capsule(); 1314 1315 /* 1316 * Find capsules on disk. 1317 * All the capsules are collected at the beginning because 1318 * capsule files will be removed instantly. 1319 */ 1320 nfiles = 0; 1321 files = NULL; 1322 ret = efi_capsule_scan_dir(&files, &nfiles); 1323 if (ret != EFI_SUCCESS) 1324 return ret; 1325 if (!nfiles) 1326 return EFI_SUCCESS; 1327 1328 /* Launch capsules */ 1329 for (i = 0, ++index; i < nfiles; i++, index++) { 1330 log_debug("Applying %ls\n", files[i]); 1331 if (index > index_max) 1332 index = 0; 1333 ret = efi_capsule_read_file(files[i], &capsule); 1334 if (ret == EFI_SUCCESS) { 1335 ret = efi_capsule_update_firmware(capsule); 1336 if (ret != EFI_SUCCESS) { 1337 log_err("Applying capsule %ls failed.\n", 1338 files[i]); 1339 update_status = false; 1340 } else { 1341 log_info("Applying capsule %ls succeeded.\n", 1342 files[i]); 1343 if (IS_ENABLED(CONFIG_FWU_MULTI_BANK_UPDATE)) { 1344 fwu_post_update_checks(capsule, 1345 &fw_accept_os, 1346 &capsule_update); 1347 } 1348 } 1349 1350 /* create CapsuleXXXX */ 1351 set_capsule_result(index, capsule, ret); 1352 1353 free(capsule); 1354 } else { 1355 log_err("Reading capsule %ls failed\n", files[i]); 1356 update_status = false; 1357 } 1358 /* delete a capsule either in case of success or failure */ 1359 ret = efi_capsule_delete_file(files[i]); 1360 if (ret != EFI_SUCCESS) 1361 log_err("Deleting capsule %ls failed\n", 1362 files[i]); 1363 } 1364 1365 efi_capsule_scan_done(); 1366 1367 if (IS_ENABLED(CONFIG_FWU_MULTI_BANK_UPDATE)) { 1368 if (capsule_update == true && update_status == true) { 1369 ret = fwu_post_update_process(fw_accept_os); 1370 } else if (capsule_update == true && update_status == false) { 1371 log_err("All capsules were not updated. Not updating FWU metadata\n"); 1372 } 1373 } 1374 1375 for (i = 0; i < nfiles; i++) 1376 free(files[i]); 1377 free(files); 1378 1379 /* 1380 * UEFI spec requires to reset system after complete processing capsule 1381 * update on the storage. 1382 */ 1383 log_info("Reboot after firmware update.\n"); 1384 /* Cold reset is required for loading the new firmware. */ 1385 sysreset_walk_halt(SYSRESET_COLD); 1386 hang(); 1387 /* not reach here */ 1388 1389 return 0; 1390} 1391#endif /* CONFIG_EFI_CAPSULE_ON_DISK */ 1392