// SPDX-License-Identifier: GPL-2.0+ /* * EFI Firmware management protocol * * Copyright (c) 2020 Linaro Limited * Author: AKASHI Takahiro */ #include #include #include #include #include #include #include #include #include #define FMP_PAYLOAD_HDR_SIGNATURE SIGNATURE_32('M', 'S', 'S', '1') /** * struct fmp_payload_header - EDK2 header for the FMP payload * * This structure describes the header which is preprended to the * FMP payload by the edk2 capsule generation scripts. * * @signature: Header signature used to identify the header * @header_size: Size of the structure * @fw_version: Firmware versions used * @lowest_supported_version: Lowest supported version */ struct fmp_payload_header { u32 signature; u32 header_size; u32 fw_version; u32 lowest_supported_version; }; /** * struct fmp_state - fmp firmware update state * * This structure describes the state of the firmware update * through FMP protocol. * * @fw_version: Firmware versions used * @lowest_supported_version: Lowest supported version * @last_attempt_version: Last attempt version * @last_attempt_status: Last attempt status */ struct fmp_state { u32 fw_version; u32 lowest_supported_version; /* not used */ u32 last_attempt_version; /* not used */ u32 last_attempt_status; /* not used */ }; __weak void set_dfu_alt_info(char *interface, char *devstr) { env_set("dfu_alt_info", update_info.dfu_string); } /** * efi_firmware_get_image_type_id - get image_type_id * @image_index: image index * * Return the image_type_id identified by the image index. * * Return: pointer to the image_type_id, NULL if image_index is invalid */ static efi_guid_t *efi_firmware_get_image_type_id(u8 image_index) { int i; struct efi_fw_image *fw_array; fw_array = update_info.images; for (i = 0; i < update_info.num_images; i++) { if (fw_array[i].image_index == image_index) return &fw_array[i].image_type_id; } return NULL; } /* Place holder; not supported */ static efi_status_t EFIAPI efi_firmware_get_image_unsupported( struct efi_firmware_management_protocol *this, u8 image_index, void *image, efi_uintn_t *image_size) { EFI_ENTRY("%p %d %p %p\n", this, image_index, image, image_size); return EFI_EXIT(EFI_UNSUPPORTED); } /* Place holder; not supported */ static efi_status_t EFIAPI efi_firmware_check_image_unsupported( struct efi_firmware_management_protocol *this, u8 image_index, const void *image, efi_uintn_t *image_size, u32 *image_updatable) { EFI_ENTRY("%p %d %p %p %p\n", this, image_index, image, image_size, image_updatable); return EFI_EXIT(EFI_UNSUPPORTED); } /* Place holder; not supported */ static efi_status_t EFIAPI efi_firmware_get_package_info_unsupported( struct efi_firmware_management_protocol *this, u32 *package_version, u16 **package_version_name, u32 *package_version_name_maxlen, u64 *attributes_supported, u64 *attributes_setting) { EFI_ENTRY("%p %p %p %p %p %p\n", this, package_version, package_version_name, package_version_name_maxlen, attributes_supported, attributes_setting); return EFI_EXIT(EFI_UNSUPPORTED); } /* Place holder; not supported */ static efi_status_t EFIAPI efi_firmware_set_package_info_unsupported( struct efi_firmware_management_protocol *this, const void *image, efi_uintn_t *image_size, const void *vendor_code, u32 package_version, const u16 *package_version_name) { EFI_ENTRY("%p %p %p %p %x %p\n", this, image, image_size, vendor_code, package_version, package_version_name); return EFI_EXIT(EFI_UNSUPPORTED); } /** * efi_firmware_get_lsv_from_dtb - get lowest supported version from dtb * @image_index: Image index * @image_type_id: Image type id * @lsv: Pointer to store the lowest supported version * * Read the firmware version information from dtb. */ static void efi_firmware_get_lsv_from_dtb(u8 image_index, efi_guid_t *image_type_id, u32 *lsv) { const void *fdt = gd->fdt_blob; const fdt32_t *val; const char *guid_str; int len, offset, index; int parent, ret; *lsv = 0; parent = fdt_subnode_offset(fdt, 0, "firmware-version"); if (parent < 0) return; fdt_for_each_subnode(offset, fdt, parent) { efi_guid_t guid; guid_str = fdt_getprop(fdt, offset, "image-type-id", &len); if (!guid_str) continue; ret = uuid_str_to_bin(guid_str, guid.b, UUID_STR_FORMAT_GUID); if (ret < 0) { log_warning("Wrong image-type-id format.\n"); continue; } val = fdt_getprop(fdt, offset, "image-index", &len); if (!val) continue; index = fdt32_to_cpu(*val); if (!guidcmp(&guid, image_type_id) && index == image_index) { val = fdt_getprop(fdt, offset, "lowest-supported-version", &len); if (val) *lsv = fdt32_to_cpu(*val); } } } /** * efi_firmware_fill_version_info - fill the version information * @image_info: Image information * @fw_array: Pointer to size of new image * * Fill the version information into image_info strucrure. * */ static void efi_firmware_fill_version_info(struct efi_firmware_image_descriptor *image_info, struct efi_fw_image *fw_array) { u16 varname[13]; /* u"FmpStateXXXX" */ efi_status_t ret; efi_uintn_t size; struct fmp_state var_state = { 0 }; efi_create_indexed_name(varname, sizeof(varname), "FmpState", fw_array->image_index); size = sizeof(var_state); ret = efi_get_variable_int(varname, &fw_array->image_type_id, NULL, &size, &var_state, NULL); if (ret == EFI_SUCCESS) image_info->version = var_state.fw_version; else image_info->version = 0; efi_firmware_get_lsv_from_dtb(fw_array->image_index, &fw_array->image_type_id, &image_info->lowest_supported_image_version); image_info->version_name = NULL; /* not supported */ image_info->last_attempt_version = 0; image_info->last_attempt_status = LAST_ATTEMPT_STATUS_SUCCESS; } /** * efi_fill_image_desc_array - populate image descriptor array * @image_info_size: Size of @image_info * @image_info: Image information * @descriptor_version: Pointer to version number * @descriptor_count: Image count * @descriptor_size: Pointer to descriptor size * @package_version: Package version * @package_version_name: Package version's name * * Return information about the current firmware image in @image_info. * @image_info will consist of a number of descriptors. * Each descriptor will be created based on efi_fw_image array. * * Return status code */ static efi_status_t efi_fill_image_desc_array( efi_uintn_t *image_info_size, struct efi_firmware_image_descriptor *image_info, u32 *descriptor_version, u8 *descriptor_count, efi_uintn_t *descriptor_size, u32 *package_version, u16 **package_version_name) { size_t total_size; struct efi_fw_image *fw_array; int i; total_size = sizeof(*image_info) * update_info.num_images; if (*image_info_size < total_size) { *image_info_size = total_size; return EFI_BUFFER_TOO_SMALL; } *image_info_size = total_size; fw_array = update_info.images; *descriptor_count = update_info.num_images; *descriptor_version = EFI_FIRMWARE_IMAGE_DESCRIPTOR_VERSION; *descriptor_size = sizeof(*image_info); *package_version = 0xffffffff; /* not supported */ *package_version_name = NULL; /* not supported */ for (i = 0; i < update_info.num_images; i++) { image_info[i].image_index = fw_array[i].image_index; image_info[i].image_type_id = fw_array[i].image_type_id; image_info[i].image_id = fw_array[i].image_index; image_info[i].image_id_name = fw_array[i].fw_name; efi_firmware_fill_version_info(&image_info[i], &fw_array[i]); image_info[i].size = 0; image_info[i].attributes_supported = IMAGE_ATTRIBUTE_IMAGE_UPDATABLE | IMAGE_ATTRIBUTE_AUTHENTICATION_REQUIRED; image_info[i].attributes_setting = IMAGE_ATTRIBUTE_IMAGE_UPDATABLE; /* Check if the capsule authentication is enabled */ if (IS_ENABLED(CONFIG_EFI_CAPSULE_AUTHENTICATE)) image_info[0].attributes_setting |= IMAGE_ATTRIBUTE_AUTHENTICATION_REQUIRED; image_info[i].hardware_instance = 1; image_info[i].dependencies = NULL; } return EFI_SUCCESS; } /** * efi_firmware_capsule_authenticate - authenticate the capsule if enabled * @p_image: Pointer to new image * @p_image_size: Pointer to size of new image * * Authenticate the capsule if authentication is enabled. * The image pointer and the image size are updated in case of success. * * Return: status code */ static efi_status_t efi_firmware_capsule_authenticate(const void **p_image, efi_uintn_t *p_image_size) { const void *image = *p_image; efi_uintn_t image_size = *p_image_size; void *capsule_payload; efi_status_t status; efi_uintn_t capsule_payload_size; if (IS_ENABLED(CONFIG_EFI_CAPSULE_AUTHENTICATE)) { capsule_payload = NULL; capsule_payload_size = 0; status = efi_capsule_authenticate(image, image_size, &capsule_payload, &capsule_payload_size); if (status == EFI_SECURITY_VIOLATION) { printf("Capsule authentication check failed. Aborting update\n"); return status; } else if (status != EFI_SUCCESS) { return status; } debug("Capsule authentication successful\n"); image = capsule_payload; image_size = capsule_payload_size; } else { debug("Capsule authentication disabled. "); debug("Updating capsule without authenticating.\n"); } *p_image = image; *p_image_size = image_size; return EFI_SUCCESS; } /** * efi_firmware_set_fmp_state_var - set FmpStateXXXX variable * @state: Pointer to fmp state * @image_index: image index * * Update the FmpStateXXXX variable with the firmware update state. * * Return: status code */ static efi_status_t efi_firmware_set_fmp_state_var(struct fmp_state *state, u8 image_index) { u16 varname[13]; /* u"FmpStateXXXX" */ efi_status_t ret; efi_guid_t *image_type_id; struct fmp_state var_state = { 0 }; image_type_id = efi_firmware_get_image_type_id(image_index); if (!image_type_id) return EFI_INVALID_PARAMETER; efi_create_indexed_name(varname, sizeof(varname), "FmpState", image_index); /* * Only the fw_version is set here. * lowest_supported_version in FmpState variable is ignored since * it can be tampered if the file based EFI variable storage is used. */ var_state.fw_version = state->fw_version; ret = efi_set_variable_int(varname, image_type_id, EFI_VARIABLE_READ_ONLY | EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS, sizeof(var_state), &var_state, false); return ret; } /** * efi_firmware_get_fw_version - get fw_version from FMP payload header * @p_image: Pointer to new image * @p_image_size: Pointer to size of new image * @state: Pointer to fmp state * * Parse the FMP payload header and fill the fmp_state structure. * If no FMP payload header is found, fmp_state structure is not updated. * */ static void efi_firmware_get_fw_version(const void **p_image, efi_uintn_t *p_image_size, struct fmp_state *state) { const struct fmp_payload_header *header; u32 fmp_hdr_signature = FMP_PAYLOAD_HDR_SIGNATURE; header = *p_image; if (header->signature == fmp_hdr_signature) { /* FMP header is inserted above the capsule payload */ state->fw_version = header->fw_version; *p_image += header->header_size; *p_image_size -= header->header_size; } } /** * efi_firmware_verify_image - verify image * @p_image: Pointer to new image * @p_image_size: Pointer to size of new image * @image_index: Image index * @state: Pointer to fmp state * * Verify the capsule authentication and check if the fw_version * is equal or greater than the lowest supported version. * * Return: status code */ static efi_status_t efi_firmware_verify_image(const void **p_image, efi_uintn_t *p_image_size, u8 image_index, struct fmp_state *state) { u32 lsv; efi_status_t ret; efi_guid_t *image_type_id; ret = efi_firmware_capsule_authenticate(p_image, p_image_size); if (ret != EFI_SUCCESS) return ret; efi_firmware_get_fw_version(p_image, p_image_size, state); image_type_id = efi_firmware_get_image_type_id(image_index); if (!image_type_id) return EFI_INVALID_PARAMETER; efi_firmware_get_lsv_from_dtb(image_index, image_type_id, &lsv); if (state->fw_version < lsv) { log_err("Firmware version %u too low. Expecting >= %u. Aborting update\n", state->fw_version, lsv); return EFI_INVALID_PARAMETER; } return ret; } /** * efi_firmware_get_image_info - return information about the current * firmware image * @this: Protocol instance * @image_info_size: Size of @image_info * @image_info: Image information * @descriptor_version: Pointer to version number * @descriptor_count: Pointer to number of descriptors * @descriptor_size: Pointer to descriptor size * @package_version: Package version * @package_version_name: Package version's name * * Return information bout the current firmware image in @image_info. * @image_info will consist of a number of descriptors. * Each descriptor will be created based on "dfu_alt_info" variable. * * Return status code */ static efi_status_t EFIAPI efi_firmware_get_image_info( struct efi_firmware_management_protocol *this, efi_uintn_t *image_info_size, struct efi_firmware_image_descriptor *image_info, u32 *descriptor_version, u8 *descriptor_count, efi_uintn_t *descriptor_size, u32 *package_version, u16 **package_version_name) { efi_status_t ret; EFI_ENTRY("%p %p %p %p %p %p %p %p\n", this, image_info_size, image_info, descriptor_version, descriptor_count, descriptor_size, package_version, package_version_name); if (!image_info_size) return EFI_EXIT(EFI_INVALID_PARAMETER); if (*image_info_size && (!image_info || !descriptor_version || !descriptor_count || !descriptor_size || !package_version || !package_version_name)) return EFI_EXIT(EFI_INVALID_PARAMETER); ret = efi_fill_image_desc_array(image_info_size, image_info, descriptor_version, descriptor_count, descriptor_size, package_version, package_version_name); return EFI_EXIT(ret); } #ifdef CONFIG_EFI_CAPSULE_FIRMWARE_FIT /* * This FIRMWARE_MANAGEMENT_PROTOCOL driver provides a firmware update * method with existing FIT image format, and handles * - multiple regions of firmware via DFU * but doesn't support * - versioning of firmware image * - package information */ /** * efi_firmware_fit_set_image - update the firmware image * @this: Protocol instance * @image_index: Image index number * @image: New image * @image_size: Size of new image * @vendor_code: Vendor-specific update policy * @progress: Function to report the progress of update * @abort_reason: Pointer to string of abort reason * * Update the firmware to new image, using dfu. The new image should * have FIT image format commonly used in U-Boot. * @vendor_code, @progress and @abort_reason are not supported. * * Return: status code */ static efi_status_t EFIAPI efi_firmware_fit_set_image( struct efi_firmware_management_protocol *this, u8 image_index, const void *image, efi_uintn_t image_size, const void *vendor_code, efi_status_t (*progress)(efi_uintn_t completion), u16 **abort_reason) { efi_status_t status; struct fmp_state state = { 0 }; EFI_ENTRY("%p %d %p %zu %p %p %p\n", this, image_index, image, image_size, vendor_code, progress, abort_reason); if (!image || image_index != 1) return EFI_EXIT(EFI_INVALID_PARAMETER); status = efi_firmware_verify_image(&image, &image_size, image_index, &state); if (status != EFI_SUCCESS) return EFI_EXIT(status); if (fit_update(image)) return EFI_EXIT(EFI_DEVICE_ERROR); efi_firmware_set_fmp_state_var(&state, image_index); return EFI_EXIT(EFI_SUCCESS); } const struct efi_firmware_management_protocol efi_fmp_fit = { .get_image_info = efi_firmware_get_image_info, .get_image = efi_firmware_get_image_unsupported, .set_image = efi_firmware_fit_set_image, .check_image = efi_firmware_check_image_unsupported, .get_package_info = efi_firmware_get_package_info_unsupported, .set_package_info = efi_firmware_set_package_info_unsupported, }; #endif /* CONFIG_EFI_CAPSULE_FIRMWARE_FIT */ #ifdef CONFIG_EFI_CAPSULE_FIRMWARE_RAW /* * This FIRMWARE_MANAGEMENT_PROTOCOL driver provides a firmware update * method with raw data. */ /** * efi_firmware_raw_set_image - update the firmware image * @this: Protocol instance * @image_index: Image index number * @image: New image * @image_size: Size of new image * @vendor_code: Vendor-specific update policy * @progress: Function to report the progress of update * @abort_reason: Pointer to string of abort reason * * Update the firmware to new image, using dfu. The new image should * be a single raw image. * @vendor_code, @progress and @abort_reason are not supported. * * Return: status code */ static efi_status_t EFIAPI efi_firmware_raw_set_image( struct efi_firmware_management_protocol *this, u8 image_index, const void *image, efi_uintn_t image_size, const void *vendor_code, efi_status_t (*progress)(efi_uintn_t completion), u16 **abort_reason) { int ret; efi_status_t status; struct fmp_state state = { 0 }; EFI_ENTRY("%p %d %p %zu %p %p %p\n", this, image_index, image, image_size, vendor_code, progress, abort_reason); if (!image) return EFI_EXIT(EFI_INVALID_PARAMETER); status = efi_firmware_verify_image(&image, &image_size, image_index, &state); if (status != EFI_SUCCESS) return EFI_EXIT(status); if (IS_ENABLED(CONFIG_FWU_MULTI_BANK_UPDATE)) { /* * Based on the value of update bank, derive the * image index value. */ ret = fwu_get_image_index(&image_index); if (ret) { log_debug("Unable to get FWU image_index\n"); return EFI_EXIT(EFI_DEVICE_ERROR); } } if (dfu_write_by_alt(image_index - 1, (void *)image, image_size, NULL, NULL)) return EFI_EXIT(EFI_DEVICE_ERROR); efi_firmware_set_fmp_state_var(&state, image_index); return EFI_EXIT(EFI_SUCCESS); } const struct efi_firmware_management_protocol efi_fmp_raw = { .get_image_info = efi_firmware_get_image_info, .get_image = efi_firmware_get_image_unsupported, .set_image = efi_firmware_raw_set_image, .check_image = efi_firmware_check_image_unsupported, .get_package_info = efi_firmware_get_package_info_unsupported, .set_package_info = efi_firmware_set_package_info_unsupported, }; #endif /* CONFIG_EFI_CAPSULE_FIRMWARE_RAW */