1
2
3
4
5
6
7
8
9#define LOG_CATEGORY LOGC_EFI
10
11#include <common.h>
12#include <efi_loader.h>
13#include <efi_variable.h>
14#include <env.h>
15#include <fdtdec.h>
16#include <fs.h>
17#include <fwu.h>
18#include <hang.h>
19#include <malloc.h>
20#include <mapmem.h>
21#include <sort.h>
22#include <sysreset.h>
23#include <asm/global_data.h>
24
25#include <crypto/pkcs7.h>
26#include <crypto/pkcs7_parser.h>
27#include <linux/err.h>
28
29DECLARE_GLOBAL_DATA_PTR;
30
31const efi_guid_t efi_guid_capsule_report = EFI_CAPSULE_REPORT_GUID;
32static const efi_guid_t efi_guid_firmware_management_capsule_id =
33 EFI_FIRMWARE_MANAGEMENT_CAPSULE_ID_GUID;
34const efi_guid_t efi_guid_firmware_management_protocol =
35 EFI_FIRMWARE_MANAGEMENT_PROTOCOL_GUID;
36const efi_guid_t fwu_guid_os_request_fw_revert =
37 FWU_OS_REQUEST_FW_REVERT_GUID;
38const efi_guid_t fwu_guid_os_request_fw_accept =
39 FWU_OS_REQUEST_FW_ACCEPT_GUID;
40
41#define FW_ACCEPT_OS (u32)0x8000
42
43#ifdef CONFIG_EFI_CAPSULE_ON_DISK
44
45static struct efi_file_handle *bootdev_root;
46#endif
47
48static __maybe_unused unsigned int get_capsule_index(const u16 *variable_name)
49{
50 u16 value16[11];
51 char value[5];
52 efi_uintn_t size;
53 unsigned long index = 0xffff;
54 efi_status_t ret;
55 int i;
56
57 size = sizeof(value16);
58 ret = efi_get_variable_int(variable_name, &efi_guid_capsule_report,
59 NULL, &size, value16, NULL);
60 if (ret != EFI_SUCCESS || size != 22 ||
61 u16_strncmp(value16, u"Capsule", 7))
62 goto err;
63 for (i = 0; i < 4; ++i) {
64 u16 c = value16[i + 7];
65
66 if (!c || c > 0x7f)
67 goto err;
68 value[i] = c;
69 }
70 value[4] = 0;
71 if (strict_strtoul(value, 16, &index))
72 index = 0xffff;
73err:
74 return index;
75}
76
77
78
79
80
81
82
83
84
85
86
87static __maybe_unused unsigned int get_last_capsule(void)
88{
89 return get_capsule_index(u"CapsuleLast");
90}
91
92
93
94
95
96
97
98
99
100
101static __maybe_unused unsigned int get_max_capsule(void)
102{
103 return get_capsule_index(u"CapsuleMax");
104}
105
106
107
108
109
110
111
112
113
114static __maybe_unused
115void set_capsule_result(int index, struct efi_capsule_header *capsule,
116 efi_status_t return_status)
117{
118 u16 variable_name16[12];
119 struct efi_capsule_result_variable_header result;
120 struct efi_time time;
121 efi_status_t ret;
122
123 efi_create_indexed_name(variable_name16, sizeof(variable_name16),
124 "Capsule", index);
125 result.variable_total_size = sizeof(result);
126 result.capsule_guid = capsule->capsule_guid;
127 ret = EFI_CALL((*efi_runtime_services.get_time)(&time, NULL));
128 if (ret == EFI_SUCCESS)
129 memcpy(&result.capsule_processed, &time, sizeof(time));
130 else
131 memset(&result.capsule_processed, 0, sizeof(time));
132 result.capsule_status = return_status;
133 ret = efi_set_variable_int(variable_name16, &efi_guid_capsule_report,
134 EFI_VARIABLE_NON_VOLATILE |
135 EFI_VARIABLE_BOOTSERVICE_ACCESS |
136 EFI_VARIABLE_RUNTIME_ACCESS,
137 sizeof(result), &result, false);
138 if (ret != EFI_SUCCESS) {
139 log_err("Setting %ls failed\n", variable_name16);
140 return;
141 }
142
143
144 ret = efi_set_variable_int(u"CapsuleLast", &efi_guid_capsule_report,
145 EFI_VARIABLE_READ_ONLY |
146 EFI_VARIABLE_NON_VOLATILE |
147 EFI_VARIABLE_BOOTSERVICE_ACCESS |
148 EFI_VARIABLE_RUNTIME_ACCESS,
149 22, variable_name16, false);
150 if (ret != EFI_SUCCESS)
151 log_err("Setting %ls failed\n", u"CapsuleLast");
152}
153
154#ifdef CONFIG_EFI_CAPSULE_FIRMWARE_MANAGEMENT
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171static struct efi_firmware_management_protocol *
172efi_fmp_find(efi_guid_t *image_type, u8 image_index, u64 instance,
173 efi_handle_t *handles, efi_uintn_t no_handles)
174{
175 efi_handle_t *handle;
176 struct efi_firmware_management_protocol *fmp;
177 struct efi_firmware_image_descriptor *image_info, *desc;
178 efi_uintn_t info_size, descriptor_size;
179 u32 descriptor_version;
180 u8 descriptor_count;
181 u32 package_version;
182 u16 *package_version_name;
183 bool found = false;
184 int i, j;
185 efi_status_t ret;
186
187 for (i = 0, handle = handles; i < no_handles; i++, handle++) {
188 struct efi_handler *fmp_handler;
189
190 ret = efi_search_protocol(
191 *handle, &efi_guid_firmware_management_protocol,
192 &fmp_handler);
193 if (ret != EFI_SUCCESS)
194 continue;
195 fmp = fmp_handler->protocol_interface;
196
197
198 info_size = 0;
199 image_info = NULL;
200 descriptor_version = 0;
201 descriptor_count = 0;
202 descriptor_size = 0;
203 package_version = 0;
204 package_version_name = NULL;
205 ret = EFI_CALL(fmp->get_image_info(fmp, &info_size,
206 image_info,
207 &descriptor_version,
208 &descriptor_count,
209 &descriptor_size,
210 &package_version,
211 &package_version_name));
212 if (ret != EFI_BUFFER_TOO_SMALL)
213 goto skip;
214
215 image_info = malloc(info_size);
216 if (!image_info)
217 goto skip;
218
219 ret = EFI_CALL(fmp->get_image_info(fmp, &info_size,
220 image_info,
221 &descriptor_version,
222 &descriptor_count,
223 &descriptor_size,
224 &package_version,
225 &package_version_name));
226 if (ret != EFI_SUCCESS ||
227 descriptor_version != EFI_FIRMWARE_IMAGE_DESCRIPTOR_VERSION)
228 goto skip;
229
230
231 for (j = 0, desc = image_info; j < descriptor_count;
232 j++, desc = (void *)desc + descriptor_size) {
233 log_debug("+++ desc[%d] index: %d, name: %ls\n",
234 j, desc->image_index, desc->image_id_name);
235 if (!guidcmp(&desc->image_type_id, image_type) &&
236 (desc->image_index == image_index) &&
237 (!instance ||
238 !desc->hardware_instance ||
239 desc->hardware_instance == instance))
240 found = true;
241 }
242
243skip:
244 efi_free_pool(package_version_name);
245 free(image_info);
246 if (found)
247 return fmp;
248 }
249
250 return NULL;
251}
252
253
254
255
256
257
258
259
260
261
262
263static efi_status_t efi_remove_auth_hdr(void **image, efi_uintn_t *image_size)
264{
265 struct efi_firmware_image_authentication *auth_hdr;
266 efi_status_t ret = EFI_INVALID_PARAMETER;
267
268 auth_hdr = (struct efi_firmware_image_authentication *)*image;
269 if (*image_size < sizeof(*auth_hdr))
270 goto out;
271
272 if (auth_hdr->auth_info.hdr.dwLength <=
273 offsetof(struct win_certificate_uefi_guid, cert_data))
274 goto out;
275
276 *image = (uint8_t *)*image + sizeof(auth_hdr->monotonic_count) +
277 auth_hdr->auth_info.hdr.dwLength;
278 *image_size = *image_size - auth_hdr->auth_info.hdr.dwLength -
279 sizeof(auth_hdr->monotonic_count);
280
281 ret = EFI_SUCCESS;
282out:
283 return ret;
284}
285
286#if defined(CONFIG_EFI_CAPSULE_AUTHENTICATE)
287int efi_get_public_key_data(void **pkey, efi_uintn_t *pkey_len)
288{
289 const void *fdt_blob = gd->fdt_blob;
290 const void *blob;
291 const char *cnode_name = "capsule-key";
292 const char *snode_name = "signature";
293 int sig_node;
294 int len;
295
296 sig_node = fdt_subnode_offset(fdt_blob, 0, snode_name);
297 if (sig_node < 0) {
298 log_err("Unable to get signature node offset\n");
299
300 return -FDT_ERR_NOTFOUND;
301 }
302
303 blob = fdt_getprop(fdt_blob, sig_node, cnode_name, &len);
304
305 if (!blob || len < 0) {
306 log_err("Unable to get capsule-key value\n");
307 *pkey = NULL;
308 *pkey_len = 0;
309
310 return -FDT_ERR_NOTFOUND;
311 }
312
313 *pkey = (void *)blob;
314 *pkey_len = len;
315
316 return 0;
317}
318
319efi_status_t efi_capsule_authenticate(const void *capsule, efi_uintn_t capsule_size,
320 void **image, efi_uintn_t *image_size)
321{
322 u8 *buf;
323 int ret;
324 void *fdt_pkey, *pkey;
325 efi_uintn_t pkey_len;
326 uint64_t monotonic_count;
327 struct efi_signature_store *truststore;
328 struct pkcs7_message *capsule_sig;
329 struct efi_image_regions *regs;
330 struct efi_firmware_image_authentication *auth_hdr;
331 efi_status_t status;
332
333 status = EFI_SECURITY_VIOLATION;
334 capsule_sig = NULL;
335 truststore = NULL;
336 regs = NULL;
337
338
339 if (capsule == NULL || capsule_size == 0)
340 goto out;
341
342 *image = (uint8_t *)capsule;
343 *image_size = capsule_size;
344 if (efi_remove_auth_hdr(image, image_size) != EFI_SUCCESS)
345 goto out;
346
347 auth_hdr = (struct efi_firmware_image_authentication *)capsule;
348 if (guidcmp(&auth_hdr->auth_info.cert_type, &efi_guid_cert_type_pkcs7))
349 goto out;
350
351 memcpy(&monotonic_count, &auth_hdr->monotonic_count,
352 sizeof(monotonic_count));
353
354
355 regs = calloc(sizeof(*regs) + sizeof(struct image_region) * 2, 1);
356 if (!regs)
357 goto out;
358
359 regs->max = 2;
360 efi_image_region_add(regs, (uint8_t *)*image,
361 (uint8_t *)*image + *image_size, 1);
362
363 efi_image_region_add(regs, (uint8_t *)&monotonic_count,
364 (uint8_t *)&monotonic_count + sizeof(monotonic_count),
365 1);
366
367 capsule_sig = efi_parse_pkcs7_header(auth_hdr->auth_info.cert_data,
368 auth_hdr->auth_info.hdr.dwLength
369 - sizeof(auth_hdr->auth_info),
370 &buf);
371 if (IS_ERR(capsule_sig)) {
372 debug("Parsing variable's pkcs7 header failed\n");
373 capsule_sig = NULL;
374 goto out;
375 }
376
377 ret = efi_get_public_key_data(&fdt_pkey, &pkey_len);
378 if (ret < 0)
379 goto out;
380
381 pkey = malloc(pkey_len);
382 if (!pkey)
383 goto out;
384
385 memcpy(pkey, fdt_pkey, pkey_len);
386 truststore = efi_build_signature_store(pkey, pkey_len);
387 if (!truststore)
388 goto out;
389
390
391 if (efi_signature_verify(regs, capsule_sig, truststore, NULL)) {
392 debug("Verified\n");
393 } else {
394 debug("Verifying variable's signature failed\n");
395 goto out;
396 }
397
398 status = EFI_SUCCESS;
399
400out:
401 efi_sigstore_free(truststore);
402 pkcs7_free_message(capsule_sig);
403 free(regs);
404
405 return status;
406}
407#endif
408
409static __maybe_unused bool fwu_empty_capsule(struct efi_capsule_header *capsule)
410{
411 return !guidcmp(&capsule->capsule_guid,
412 &fwu_guid_os_request_fw_revert) ||
413 !guidcmp(&capsule->capsule_guid,
414 &fwu_guid_os_request_fw_accept);
415}
416
417static __maybe_unused efi_status_t fwu_to_efi_error(int err)
418{
419 efi_status_t ret;
420
421 switch(err) {
422 case 0:
423 ret = EFI_SUCCESS;
424 break;
425 case -ERANGE:
426 case -EIO:
427 ret = EFI_DEVICE_ERROR;
428 break;
429 case -EINVAL:
430 ret = EFI_INVALID_PARAMETER;
431 break;
432 case -ENODEV:
433 ret = EFI_NOT_FOUND;
434 break;
435 default:
436 ret = EFI_OUT_OF_RESOURCES;
437 }
438
439 return ret;
440}
441
442static __maybe_unused efi_status_t fwu_empty_capsule_process(
443 struct efi_capsule_header *capsule)
444{
445 int status;
446 u32 active_idx;
447 efi_guid_t *image_guid;
448 efi_status_t ret = EFI_INVALID_PARAMETER;
449
450 if (!guidcmp(&capsule->capsule_guid,
451 &fwu_guid_os_request_fw_revert)) {
452
453
454
455
456
457
458 status = fwu_revert_boot_index();
459 ret = fwu_to_efi_error(status);
460 if (ret == EFI_SUCCESS)
461 log_debug("Reverted the FWU active_index. Recommend rebooting the system\n");
462 else
463 log_err("Failed to revert the FWU boot index\n");
464 } else if (!guidcmp(&capsule->capsule_guid,
465 &fwu_guid_os_request_fw_accept)) {
466
467
468
469
470 image_guid = (void *)(char *)capsule +
471 capsule->header_size;
472
473 status = fwu_get_active_index(&active_idx);
474 ret = fwu_to_efi_error(status);
475 if (ret != EFI_SUCCESS) {
476 log_err("Unable to get the active_index from the FWU metadata\n");
477 return ret;
478 }
479
480 status = fwu_accept_image(image_guid, active_idx);
481 ret = fwu_to_efi_error(status);
482 if (ret != EFI_SUCCESS)
483 log_err("Unable to set the Accept bit for the image %pUs\n",
484 image_guid);
485 }
486
487 return ret;
488}
489
490static __maybe_unused void fwu_post_update_checks(
491 struct efi_capsule_header *capsule,
492 bool *fw_accept_os, bool *capsule_update)
493{
494 if (fwu_empty_capsule(capsule))
495 *capsule_update = false;
496 else
497 if (!*fw_accept_os)
498 *fw_accept_os =
499 capsule->flags & FW_ACCEPT_OS ? true : false;
500}
501
502static __maybe_unused efi_status_t fwu_post_update_process(bool fw_accept_os)
503{
504 int status;
505 uint update_index;
506 efi_status_t ret;
507
508 status = fwu_plat_get_update_index(&update_index);
509 if (status < 0) {
510 log_err("Failed to get the FWU update_index value\n");
511 return EFI_DEVICE_ERROR;
512 }
513
514
515
516
517
518 log_debug("Update Complete. Now updating active_index to %u\n",
519 update_index);
520 status = fwu_set_active_index(update_index);
521 ret = fwu_to_efi_error(status);
522 if (ret != EFI_SUCCESS) {
523 log_err("Failed to update FWU metadata index values\n");
524 } else {
525 log_debug("Successfully updated the active_index\n");
526 if (fw_accept_os) {
527 status = fwu_trial_state_ctr_start();
528 if (status < 0)
529 ret = EFI_DEVICE_ERROR;
530 }
531 }
532
533 return ret;
534}
535
536
537
538
539
540
541
542
543
544
545static efi_status_t efi_capsule_update_firmware(
546 struct efi_capsule_header *capsule_data)
547{
548 struct efi_firmware_management_capsule_header *capsule;
549 struct efi_firmware_management_capsule_image_header *image;
550 size_t capsule_size, image_binary_size;
551 void *image_binary, *vendor_code;
552 efi_handle_t *handles;
553 efi_uintn_t no_handles;
554 int item;
555 struct efi_firmware_management_protocol *fmp;
556 u16 *abort_reason;
557 efi_guid_t *image_type_id;
558 efi_status_t ret = EFI_SUCCESS;
559 int status;
560 uint update_index;
561 bool fw_accept_os;
562
563 if (IS_ENABLED(CONFIG_FWU_MULTI_BANK_UPDATE)) {
564 if (fwu_empty_capsule_checks_pass() &&
565 fwu_empty_capsule(capsule_data))
566 return fwu_empty_capsule_process(capsule_data);
567
568 if (!fwu_update_checks_pass()) {
569 log_err("FWU checks failed. Cannot start update\n");
570 return EFI_INVALID_PARAMETER;
571 }
572
573
574
575 status = fwu_plat_get_update_index(&update_index);
576 if (status < 0) {
577 log_err("Failed to get the FWU update_index value\n");
578 return EFI_DEVICE_ERROR;
579 }
580
581 fw_accept_os = capsule_data->flags & FW_ACCEPT_OS ? 0x1 : 0x0;
582 }
583
584
585 if (capsule_data->header_size < sizeof(*capsule) ||
586 capsule_data->header_size >= capsule_data->capsule_image_size)
587 return EFI_INVALID_PARAMETER;
588
589 capsule = (void *)capsule_data + capsule_data->header_size;
590 capsule_size = capsule_data->capsule_image_size
591 - capsule_data->header_size;
592
593 if (capsule->version != 0x00000001)
594 return EFI_UNSUPPORTED;
595
596 handles = NULL;
597 ret = EFI_CALL(efi_locate_handle_buffer(
598 BY_PROTOCOL,
599 &efi_guid_firmware_management_protocol,
600 NULL, &no_handles, (efi_handle_t **)&handles));
601 if (ret != EFI_SUCCESS)
602 return EFI_UNSUPPORTED;
603
604
605 for (item = capsule->embedded_driver_count;
606 item < capsule->embedded_driver_count
607 + capsule->payload_item_count; item++) {
608
609 if ((capsule->item_offset_list[item] + sizeof(*image)
610 >= capsule_size)) {
611 log_err("Capsule does not have enough data\n");
612 ret = EFI_INVALID_PARAMETER;
613 goto out;
614 }
615
616 image = (void *)capsule + capsule->item_offset_list[item];
617
618 if (image->version != 0x00000003) {
619 ret = EFI_UNSUPPORTED;
620 goto out;
621 }
622
623
624 fmp = efi_fmp_find(&image->update_image_type_id,
625 image->update_image_index,
626 image->update_hardware_instance,
627 handles, no_handles);
628 if (!fmp) {
629 log_err("FMP driver not found for firmware type %pUs, hardware instance %lld\n",
630 &image->update_image_type_id,
631 image->update_hardware_instance);
632 ret = EFI_UNSUPPORTED;
633 goto out;
634 }
635
636
637 if (IS_ENABLED(CONFIG_EFI_CAPSULE_AUTHENTICATE) &&
638 !(image->image_capsule_support &
639 CAPSULE_SUPPORT_AUTHENTICATION)) {
640
641 ret = EFI_SECURITY_VIOLATION;
642 goto out;
643 }
644
645 image_binary = (void *)image + sizeof(*image);
646 image_binary_size = image->update_image_size;
647 vendor_code = image_binary + image_binary_size;
648 if (!IS_ENABLED(CONFIG_EFI_CAPSULE_AUTHENTICATE) &&
649 (image->image_capsule_support &
650 CAPSULE_SUPPORT_AUTHENTICATION)) {
651 ret = efi_remove_auth_hdr(&image_binary,
652 &image_binary_size);
653 if (ret != EFI_SUCCESS)
654 goto out;
655 }
656
657 abort_reason = NULL;
658 ret = EFI_CALL(fmp->set_image(fmp, image->update_image_index,
659 image_binary,
660 image_binary_size,
661 vendor_code, NULL,
662 &abort_reason));
663 if (ret != EFI_SUCCESS) {
664 log_err("Firmware update failed: %ls\n",
665 abort_reason);
666 efi_free_pool(abort_reason);
667 goto out;
668 }
669
670 if (IS_ENABLED(CONFIG_FWU_MULTI_BANK_UPDATE)) {
671 image_type_id = &image->update_image_type_id;
672 if (!fw_accept_os) {
673
674
675
676
677
678 status = fwu_accept_image(image_type_id,
679 update_index);
680 } else {
681 status = fwu_clear_accept_image(image_type_id,
682 update_index);
683 }
684 ret = fwu_to_efi_error(status);
685 if (ret != EFI_SUCCESS) {
686 log_err("Unable to %s the accept bit for the image %pUs\n",
687 fw_accept_os ? "clear" : "set",
688 image_type_id);
689 goto out;
690 }
691
692 log_debug("%s the accepted bit for Image %pUs\n",
693 fw_accept_os ? "Cleared" : "Set",
694 image_type_id);
695 }
696
697 }
698
699out:
700 efi_free_pool(handles);
701
702 return ret;
703}
704#else
705static efi_status_t efi_capsule_update_firmware(
706 struct efi_capsule_header *capsule_data)
707{
708 return EFI_UNSUPPORTED;
709}
710#endif
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725efi_status_t EFIAPI efi_update_capsule(
726 struct efi_capsule_header **capsule_header_array,
727 efi_uintn_t capsule_count,
728 u64 scatter_gather_list)
729{
730 struct efi_capsule_header *capsule;
731 unsigned int i;
732 efi_status_t ret;
733
734 EFI_ENTRY("%p, %zu, %llu\n", capsule_header_array, capsule_count,
735 scatter_gather_list);
736
737 if (!capsule_count) {
738 ret = EFI_INVALID_PARAMETER;
739 goto out;
740 }
741
742 ret = EFI_SUCCESS;
743 for (i = 0, capsule = *capsule_header_array; i < capsule_count;
744 i++, capsule = *(++capsule_header_array)) {
745
746 if (capsule->header_size < sizeof(*capsule) ||
747 capsule->capsule_image_size < sizeof(*capsule)) {
748 log_err("Capsule does not have enough data\n");
749 continue;
750 }
751
752 log_debug("Capsule[%d] (guid:%pUs)\n",
753 i, &capsule->capsule_guid);
754 if (!guidcmp(&capsule->capsule_guid,
755 &efi_guid_firmware_management_capsule_id)) {
756 ret = efi_capsule_update_firmware(capsule);
757 } else {
758 log_err("Unsupported capsule type: %pUs\n",
759 &capsule->capsule_guid);
760 ret = EFI_UNSUPPORTED;
761 }
762
763 if (ret != EFI_SUCCESS)
764 goto out;
765 }
766
767 if (IS_ENABLED(CONFIG_EFI_ESRT)) {
768
769 ret = efi_esrt_populate();
770 if (ret != EFI_SUCCESS)
771 log_warning("ESRT update failed\n");
772 }
773out:
774
775 return EFI_EXIT(ret);
776}
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792efi_status_t EFIAPI efi_query_capsule_caps(
793 struct efi_capsule_header **capsule_header_array,
794 efi_uintn_t capsule_count,
795 u64 *maximum_capsule_size,
796 u32 *reset_type)
797{
798 struct efi_capsule_header *capsule __attribute__((unused));
799 unsigned int i;
800 efi_status_t ret;
801
802 EFI_ENTRY("%p, %zu, %p, %p\n", capsule_header_array, capsule_count,
803 maximum_capsule_size, reset_type);
804
805 if (!maximum_capsule_size) {
806 ret = EFI_INVALID_PARAMETER;
807 goto out;
808 }
809
810 *maximum_capsule_size = U64_MAX;
811 *reset_type = EFI_RESET_COLD;
812
813 ret = EFI_SUCCESS;
814 for (i = 0, capsule = *capsule_header_array; i < capsule_count;
815 i++, capsule = *(++capsule_header_array)) {
816
817 }
818out:
819 return EFI_EXIT(ret);
820}
821
822
823
824
825
826
827
828
829efi_status_t __weak efi_load_capsule_drivers(void)
830{
831 __maybe_unused efi_handle_t handle;
832 efi_status_t ret = EFI_SUCCESS;
833
834 if (IS_ENABLED(CONFIG_EFI_CAPSULE_FIRMWARE_FIT)) {
835 handle = NULL;
836 ret = efi_install_multiple_protocol_interfaces(&handle,
837 &efi_guid_firmware_management_protocol,
838 &efi_fmp_fit,
839 NULL);
840 }
841
842 if (IS_ENABLED(CONFIG_EFI_CAPSULE_FIRMWARE_RAW)) {
843 handle = NULL;
844 ret = efi_install_multiple_protocol_interfaces(&handle,
845 &efi_guid_firmware_management_protocol,
846 &efi_fmp_raw,
847 NULL);
848 }
849
850 return ret;
851}
852
853#ifdef CONFIG_EFI_CAPSULE_ON_DISK
854
855
856
857
858
859
860
861
862
863static efi_status_t get_dp_device(u16 *boot_var,
864 struct efi_device_path **device_dp)
865{
866 void *buf = NULL;
867 efi_uintn_t size;
868 struct efi_load_option lo;
869 struct efi_device_path *file_dp;
870 efi_status_t ret;
871
872 size = 0;
873 ret = efi_get_variable_int(boot_var, &efi_global_variable_guid,
874 NULL, &size, NULL, NULL);
875 if (ret == EFI_BUFFER_TOO_SMALL) {
876 buf = malloc(size);
877 if (!buf)
878 return EFI_OUT_OF_RESOURCES;
879 ret = efi_get_variable_int(boot_var, &efi_global_variable_guid,
880 NULL, &size, buf, NULL);
881 }
882 if (ret != EFI_SUCCESS)
883 return ret;
884
885 efi_deserialize_load_option(&lo, buf, &size);
886
887 if (lo.attributes & LOAD_OPTION_ACTIVE) {
888 efi_dp_split_file_path(lo.file_path, device_dp, &file_dp);
889 efi_free_pool(file_dp);
890
891 ret = EFI_SUCCESS;
892 } else {
893 ret = EFI_NOT_FOUND;
894 }
895
896 free(buf);
897
898 return ret;
899}
900
901
902
903
904
905
906
907
908
909
910static bool device_is_present_and_system_part(struct efi_device_path *dp)
911{
912 efi_handle_t handle;
913 struct efi_device_path *rem;
914
915
916 handle = efi_dp_find_obj(dp, NULL, NULL);
917 if (!handle)
918 return false;
919
920
921 handle = efi_dp_find_obj(dp, &efi_system_partition_guid, &rem);
922 if (!handle)
923 return false;
924
925 return true;
926}
927
928
929
930
931
932
933
934
935
936static efi_status_t find_boot_device(void)
937{
938 char boot_var[9];
939 u16 boot_var16[9], *p, bootnext, *boot_order = NULL;
940 efi_uintn_t size;
941 int i, num;
942 struct efi_simple_file_system_protocol *volume;
943 struct efi_device_path *boot_dev = NULL;
944 efi_status_t ret;
945
946
947 bootnext = 0;
948 size = sizeof(bootnext);
949 ret = efi_get_variable_int(u"BootNext",
950 (efi_guid_t *)&efi_global_variable_guid,
951 NULL, &size, &bootnext, NULL);
952 if (ret == EFI_SUCCESS || ret == EFI_BUFFER_TOO_SMALL) {
953
954 if (ret == EFI_BUFFER_TOO_SMALL || size != sizeof(u16)) {
955 log_err("BootNext must be 16-bit integer\n");
956 goto skip;
957 }
958 sprintf((char *)boot_var, "Boot%04X", bootnext);
959 p = boot_var16;
960 utf8_utf16_strcpy(&p, boot_var);
961
962 ret = get_dp_device(boot_var16, &boot_dev);
963 if (ret == EFI_SUCCESS) {
964 if (device_is_present_and_system_part(boot_dev)) {
965 goto found;
966 } else {
967 efi_free_pool(boot_dev);
968 boot_dev = NULL;
969 }
970 }
971 }
972
973skip:
974
975 size = 0;
976 ret = efi_get_variable_int(u"BootOrder", &efi_global_variable_guid,
977 NULL, &size, NULL, NULL);
978 if (ret == EFI_BUFFER_TOO_SMALL) {
979 boot_order = malloc(size);
980 if (!boot_order) {
981 ret = EFI_OUT_OF_RESOURCES;
982 goto out;
983 }
984
985 ret = efi_get_variable_int(u"BootOrder",
986 &efi_global_variable_guid,
987 NULL, &size, boot_order, NULL);
988 }
989 if (ret != EFI_SUCCESS)
990 goto out;
991
992
993 num = size / sizeof(u16);
994 for (i = 0; i < num; i++) {
995 sprintf((char *)boot_var, "Boot%04X", boot_order[i]);
996 p = boot_var16;
997 utf8_utf16_strcpy(&p, boot_var);
998 ret = get_dp_device(boot_var16, &boot_dev);
999 if (ret != EFI_SUCCESS)
1000 continue;
1001
1002 if (device_is_present_and_system_part(boot_dev))
1003 break;
1004
1005 efi_free_pool(boot_dev);
1006 boot_dev = NULL;
1007 }
1008found:
1009 if (boot_dev) {
1010 log_debug("Boot device %pD\n", boot_dev);
1011
1012 volume = efi_fs_from_path(boot_dev);
1013 if (!volume)
1014 ret = EFI_DEVICE_ERROR;
1015 else
1016 ret = EFI_CALL(volume->open_volume(volume,
1017 &bootdev_root));
1018 efi_free_pool(boot_dev);
1019 } else {
1020 ret = EFI_NOT_FOUND;
1021 }
1022out:
1023 free(boot_order);
1024
1025 return ret;
1026}
1027
1028
1029
1030
1031
1032
1033
1034
1035
1036
1037
1038
1039static efi_status_t efi_capsule_scan_dir(u16 ***files, unsigned int *num)
1040{
1041 struct efi_file_handle *dirh;
1042 struct efi_file_info *dirent;
1043 efi_uintn_t dirent_size, tmp_size;
1044 unsigned int count;
1045 u16 **tmp_files;
1046 efi_status_t ret;
1047
1048 ret = find_boot_device();
1049 if (ret == EFI_NOT_FOUND) {
1050 log_debug("Boot device is not set\n");
1051 *num = 0;
1052 return EFI_SUCCESS;
1053 } else if (ret != EFI_SUCCESS) {
1054 return EFI_DEVICE_ERROR;
1055 }
1056
1057
1058 ret = EFI_CALL((*bootdev_root->open)(bootdev_root, &dirh,
1059 EFI_CAPSULE_DIR,
1060 EFI_FILE_MODE_READ, 0));
1061 if (ret != EFI_SUCCESS) {
1062 *num = 0;
1063 return EFI_SUCCESS;
1064 }
1065
1066 dirent_size = 256;
1067 dirent = malloc(dirent_size);
1068 if (!dirent)
1069 return EFI_OUT_OF_RESOURCES;
1070
1071 count = 0;
1072 while (1) {
1073 tmp_size = dirent_size;
1074 ret = EFI_CALL((*dirh->read)(dirh, &tmp_size, dirent));
1075 if (ret == EFI_BUFFER_TOO_SMALL) {
1076 struct efi_file_info *old_dirent = dirent;
1077
1078 dirent = realloc(dirent, tmp_size);
1079 if (!dirent) {
1080 dirent = old_dirent;
1081 ret = EFI_OUT_OF_RESOURCES;
1082 goto err;
1083 }
1084 dirent_size = tmp_size;
1085 ret = EFI_CALL((*dirh->read)(dirh, &tmp_size, dirent));
1086 }
1087 if (ret != EFI_SUCCESS)
1088 goto err;
1089 if (!tmp_size)
1090 break;
1091
1092 if (!(dirent->attribute & EFI_FILE_DIRECTORY))
1093 count++;
1094 }
1095
1096 ret = EFI_CALL((*dirh->setpos)(dirh, 0));
1097 if (ret != EFI_SUCCESS)
1098 goto err;
1099
1100
1101 tmp_files = malloc(count * sizeof(*tmp_files));
1102 if (!tmp_files) {
1103 ret = EFI_OUT_OF_RESOURCES;
1104 goto err;
1105 }
1106
1107 count = 0;
1108 while (1) {
1109 tmp_size = dirent_size;
1110 ret = EFI_CALL((*dirh->read)(dirh, &tmp_size, dirent));
1111 if (ret != EFI_SUCCESS)
1112 goto err;
1113 if (!tmp_size)
1114 break;
1115
1116 if (!(dirent->attribute & EFI_FILE_DIRECTORY) &&
1117 u16_strcmp(dirent->file_name, u".") &&
1118 u16_strcmp(dirent->file_name, u".."))
1119 tmp_files[count++] = u16_strdup(dirent->file_name);
1120 }
1121
1122 EFI_CALL((*dirh->close)(dirh));
1123
1124
1125
1126
1127
1128
1129 qsort(tmp_files, count, sizeof(*tmp_files),
1130 (int (*)(const void *, const void *))u16_strcasecmp);
1131 *files = tmp_files;
1132 *num = count;
1133 ret = EFI_SUCCESS;
1134err:
1135 free(dirent);
1136
1137 return ret;
1138}
1139
1140
1141
1142
1143
1144
1145
1146
1147
1148
1149static efi_status_t efi_capsule_read_file(const u16 *filename,
1150 struct efi_capsule_header **capsule)
1151{
1152 struct efi_file_handle *dirh, *fh;
1153 struct efi_file_info *file_info = NULL;
1154 struct efi_capsule_header *buf = NULL;
1155 efi_uintn_t size;
1156 efi_status_t ret;
1157
1158 ret = EFI_CALL((*bootdev_root->open)(bootdev_root, &dirh,
1159 EFI_CAPSULE_DIR,
1160 EFI_FILE_MODE_READ, 0));
1161 if (ret != EFI_SUCCESS)
1162 return ret;
1163 ret = EFI_CALL((*dirh->open)(dirh, &fh, (u16 *)filename,
1164 EFI_FILE_MODE_READ, 0));
1165
1166 EFI_CALL((*dirh->close)(dirh));
1167 if (ret != EFI_SUCCESS)
1168 return ret;
1169
1170
1171 size = 0;
1172 ret = EFI_CALL((*fh->getinfo)(fh, &efi_file_info_guid,
1173 &size, file_info));
1174 if (ret == EFI_BUFFER_TOO_SMALL) {
1175 file_info = malloc(size);
1176 if (!file_info) {
1177 ret = EFI_OUT_OF_RESOURCES;
1178 goto err;
1179 }
1180 ret = EFI_CALL((*fh->getinfo)(fh, &efi_file_info_guid,
1181 &size, file_info));
1182 }
1183 if (ret != EFI_SUCCESS)
1184 goto err;
1185 size = file_info->file_size;
1186 free(file_info);
1187 buf = malloc(size);
1188 if (!buf) {
1189 ret = EFI_OUT_OF_RESOURCES;
1190 goto err;
1191 }
1192
1193
1194 ret = EFI_CALL((*fh->read)(fh, &size, buf));
1195 if (ret == EFI_SUCCESS) {
1196 if (size >= buf->capsule_image_size) {
1197 *capsule = buf;
1198 } else {
1199 free(buf);
1200 ret = EFI_INVALID_PARAMETER;
1201 }
1202 } else {
1203 free(buf);
1204 }
1205err:
1206 EFI_CALL((*fh->close)(fh));
1207
1208 return ret;
1209}
1210
1211
1212
1213
1214
1215
1216
1217
1218
1219static efi_status_t efi_capsule_delete_file(const u16 *filename)
1220{
1221 struct efi_file_handle *dirh, *fh;
1222 efi_status_t ret;
1223
1224 ret = EFI_CALL((*bootdev_root->open)(bootdev_root, &dirh,
1225 EFI_CAPSULE_DIR,
1226 EFI_FILE_MODE_READ, 0));
1227 if (ret != EFI_SUCCESS)
1228 return ret;
1229 ret = EFI_CALL((*dirh->open)(dirh, &fh, (u16 *)filename,
1230 EFI_FILE_MODE_READ, 0));
1231
1232 EFI_CALL((*dirh->close)(dirh));
1233
1234 if (ret == EFI_SUCCESS)
1235 ret = EFI_CALL((*fh->delete)(fh));
1236
1237 return ret;
1238}
1239
1240
1241
1242
1243
1244
1245static void efi_capsule_scan_done(void)
1246{
1247 EFI_CALL((*bootdev_root->close)(bootdev_root));
1248 bootdev_root = NULL;
1249}
1250
1251
1252
1253
1254
1255
1256
1257
1258
1259
1260static efi_status_t check_run_capsules(void)
1261{
1262 u64 os_indications = 0x0;
1263 efi_uintn_t size;
1264 efi_status_t r;
1265
1266 size = sizeof(os_indications);
1267 r = efi_get_variable_int(u"OsIndications", &efi_global_variable_guid,
1268 NULL, &size, &os_indications, NULL);
1269 if (!IS_ENABLED(CONFIG_EFI_IGNORE_OSINDICATIONS) &&
1270 (r != EFI_SUCCESS || size != sizeof(os_indications)))
1271 return EFI_NOT_FOUND;
1272
1273 if (os_indications &
1274 EFI_OS_INDICATIONS_FILE_CAPSULE_DELIVERY_SUPPORTED) {
1275 os_indications &=
1276 ~EFI_OS_INDICATIONS_FILE_CAPSULE_DELIVERY_SUPPORTED;
1277 r = efi_set_variable_int(u"OsIndications",
1278 &efi_global_variable_guid,
1279 EFI_VARIABLE_NON_VOLATILE |
1280 EFI_VARIABLE_BOOTSERVICE_ACCESS |
1281 EFI_VARIABLE_RUNTIME_ACCESS,
1282 sizeof(os_indications),
1283 &os_indications, false);
1284 if (r != EFI_SUCCESS)
1285 log_err("Setting %ls failed\n", L"OsIndications");
1286 return EFI_SUCCESS;
1287 } else if (IS_ENABLED(CONFIG_EFI_IGNORE_OSINDICATIONS)) {
1288 return EFI_SUCCESS;
1289 } else {
1290 return EFI_NOT_FOUND;
1291 }
1292}
1293
1294
1295
1296
1297
1298
1299
1300
1301
1302efi_status_t efi_launch_capsules(void)
1303{
1304 struct efi_capsule_header *capsule = NULL;
1305 u16 **files;
1306 unsigned int nfiles, index, index_max, i;
1307 efi_status_t ret;
1308 bool capsule_update = true;
1309 bool update_status = true;
1310 bool fw_accept_os = false;
1311
1312 if (check_run_capsules() != EFI_SUCCESS)
1313 return EFI_SUCCESS;
1314
1315 index_max = get_max_capsule();
1316 index = get_last_capsule();
1317
1318
1319
1320
1321
1322
1323 nfiles = 0;
1324 files = NULL;
1325 ret = efi_capsule_scan_dir(&files, &nfiles);
1326 if (ret != EFI_SUCCESS)
1327 return ret;
1328 if (!nfiles)
1329 return EFI_SUCCESS;
1330
1331
1332 for (i = 0, ++index; i < nfiles; i++, index++) {
1333 log_debug("Applying %ls\n", files[i]);
1334 if (index > index_max)
1335 index = 0;
1336 ret = efi_capsule_read_file(files[i], &capsule);
1337 if (ret == EFI_SUCCESS) {
1338 ret = efi_capsule_update_firmware(capsule);
1339 if (ret != EFI_SUCCESS) {
1340 log_err("Applying capsule %ls failed.\n",
1341 files[i]);
1342 update_status = false;
1343 } else {
1344 log_info("Applying capsule %ls succeeded.\n",
1345 files[i]);
1346 if (IS_ENABLED(CONFIG_FWU_MULTI_BANK_UPDATE)) {
1347 fwu_post_update_checks(capsule,
1348 &fw_accept_os,
1349 &capsule_update);
1350 }
1351 }
1352
1353
1354 set_capsule_result(index, capsule, ret);
1355
1356 free(capsule);
1357 } else {
1358 log_err("Reading capsule %ls failed\n", files[i]);
1359 update_status = false;
1360 }
1361
1362 ret = efi_capsule_delete_file(files[i]);
1363 if (ret != EFI_SUCCESS)
1364 log_err("Deleting capsule %ls failed\n",
1365 files[i]);
1366 }
1367
1368 efi_capsule_scan_done();
1369
1370 if (IS_ENABLED(CONFIG_FWU_MULTI_BANK_UPDATE)) {
1371 if (capsule_update == true && update_status == true) {
1372 ret = fwu_post_update_process(fw_accept_os);
1373 } else if (capsule_update == true && update_status == false) {
1374 log_err("All capsules were not updated. Not updating FWU metadata\n");
1375 }
1376 }
1377
1378 for (i = 0; i < nfiles; i++)
1379 free(files[i]);
1380 free(files);
1381
1382
1383
1384
1385
1386 log_info("Reboot after firmware update.\n");
1387
1388 sysreset_walk_halt(SYSRESET_COLD);
1389 hang();
1390
1391
1392 return 0;
1393}
1394#endif
1395
