1 // SPDX-License-Identifier: GPL-2.0+
5 * Copyright (c) 2018 Linaro Limited
6 * Author: AKASHI Takahiro
9 #define LOG_CATEGORY LOGC_EFI
12 #include <efi_loader.h>
13 #include <efi_variable.h>
22 #include <asm/global_data.h>
24 #include <crypto/pkcs7.h>
25 #include <crypto/pkcs7_parser.h>
26 #include <linux/err.h>
28 DECLARE_GLOBAL_DATA_PTR;
30 const efi_guid_t efi_guid_capsule_report = EFI_CAPSULE_REPORT_GUID;
31 static const efi_guid_t efi_guid_firmware_management_capsule_id =
32 EFI_FIRMWARE_MANAGEMENT_CAPSULE_ID_GUID;
33 const efi_guid_t efi_guid_firmware_management_protocol =
34 EFI_FIRMWARE_MANAGEMENT_PROTOCOL_GUID;
36 #ifdef CONFIG_EFI_CAPSULE_ON_DISK
37 /* for file system access */
38 static struct efi_file_handle *bootdev_root;
42 * get_last_capsule - get the last capsule index
44 * Retrieve the index of the capsule invoked last time from "CapsuleLast"
48 * * > 0 - the last capsule index invoked
49 * * 0xffff - on error, or no capsule invoked yet
51 static __maybe_unused unsigned int get_last_capsule(void)
53 u16 value16[11]; /* "CapsuleXXXX": non-null-terminated */
56 unsigned long index = 0xffff;
60 size = sizeof(value16);
61 ret = efi_get_variable_int(u"CapsuleLast", &efi_guid_capsule_report,
62 NULL, &size, value16, NULL);
63 if (ret != EFI_SUCCESS || size != 22 ||
64 u16_strncmp(value16, u"Capsule", 7))
66 for (i = 0; i < 4; ++i) {
67 u16 c = value16[i + 7];
74 if (strict_strtoul(value, 16, &index))
81 * set_capsule_result - set a result variable
83 * @return_status: Return status
85 * Create and set a result variable, "CapsuleXXXX", for the capsule,
89 void set_capsule_result(int index, struct efi_capsule_header *capsule,
90 efi_status_t return_status)
92 u16 variable_name16[12];
93 struct efi_capsule_result_variable_header result;
97 efi_create_indexed_name(variable_name16, sizeof(variable_name16),
99 result.variable_total_size = sizeof(result);
100 result.capsule_guid = capsule->capsule_guid;
101 ret = EFI_CALL((*efi_runtime_services.get_time)(&time, NULL));
102 if (ret == EFI_SUCCESS)
103 memcpy(&result.capsule_processed, &time, sizeof(time));
105 memset(&result.capsule_processed, 0, sizeof(time));
106 result.capsule_status = return_status;
107 ret = efi_set_variable_int(variable_name16, &efi_guid_capsule_report,
108 EFI_VARIABLE_NON_VOLATILE |
109 EFI_VARIABLE_BOOTSERVICE_ACCESS |
110 EFI_VARIABLE_RUNTIME_ACCESS,
111 sizeof(result), &result, false);
112 if (ret != EFI_SUCCESS) {
113 log_err("Setting %ls failed\n", variable_name16);
117 /* Variable CapsuleLast must not include terminating 0x0000 */
118 ret = efi_set_variable_int(u"CapsuleLast", &efi_guid_capsule_report,
119 EFI_VARIABLE_READ_ONLY |
120 EFI_VARIABLE_NON_VOLATILE |
121 EFI_VARIABLE_BOOTSERVICE_ACCESS |
122 EFI_VARIABLE_RUNTIME_ACCESS,
123 22, variable_name16, false);
124 if (ret != EFI_SUCCESS)
125 log_err("Setting %ls failed\n", u"CapsuleLast");
128 #ifdef CONFIG_EFI_CAPSULE_FIRMWARE_MANAGEMENT
130 * efi_fmp_find - search for Firmware Management Protocol drivers
131 * @image_type: Image type guid
132 * @image_index: Image Index
133 * @instance: Instance number
134 * @handles: Handles of FMP drivers
135 * @no_handles: Number of handles
137 * Search for Firmware Management Protocol drivers, matching the image
138 * type, @image_type and the machine instance, @instance, from the list,
142 * * Protocol instance - on success
143 * * NULL - on failure
145 static struct efi_firmware_management_protocol *
146 efi_fmp_find(efi_guid_t *image_type, u8 image_index, u64 instance,
147 efi_handle_t *handles, efi_uintn_t no_handles)
149 efi_handle_t *handle;
150 struct efi_firmware_management_protocol *fmp;
151 struct efi_firmware_image_descriptor *image_info, *desc;
152 efi_uintn_t info_size, descriptor_size;
153 u32 descriptor_version;
156 u16 *package_version_name;
161 for (i = 0, handle = handles; i < no_handles; i++, handle++) {
162 ret = EFI_CALL(efi_handle_protocol(
164 &efi_guid_firmware_management_protocol,
166 if (ret != EFI_SUCCESS)
169 /* get device's image info */
172 descriptor_version = 0;
173 descriptor_count = 0;
176 package_version_name = NULL;
177 ret = EFI_CALL(fmp->get_image_info(fmp, &info_size,
183 &package_version_name));
184 if (ret != EFI_BUFFER_TOO_SMALL)
187 image_info = malloc(info_size);
191 ret = EFI_CALL(fmp->get_image_info(fmp, &info_size,
197 &package_version_name));
198 if (ret != EFI_SUCCESS ||
199 descriptor_version != EFI_FIRMWARE_IMAGE_DESCRIPTOR_VERSION)
203 for (j = 0, desc = image_info; j < descriptor_count;
204 j++, desc = (void *)desc + descriptor_size) {
205 log_debug("+++ desc[%d] index: %d, name: %ls\n",
206 j, desc->image_index, desc->image_id_name);
207 if (!guidcmp(&desc->image_type_id, image_type) &&
208 (desc->image_index == image_index) &&
210 !desc->hardware_instance ||
211 desc->hardware_instance == instance))
216 efi_free_pool(package_version_name);
218 EFI_CALL(efi_close_protocol(
220 &efi_guid_firmware_management_protocol,
230 * efi_remove_auth_hdr - remove authentication data from image
231 * @image: Pointer to pointer to Image
232 * @image_size: Pointer to Image size
234 * Remove the authentication data from image if possible.
235 * Update @image and @image_size.
237 * Return: status code
239 static efi_status_t efi_remove_auth_hdr(void **image, efi_uintn_t *image_size)
241 struct efi_firmware_image_authentication *auth_hdr;
242 efi_status_t ret = EFI_INVALID_PARAMETER;
244 auth_hdr = (struct efi_firmware_image_authentication *)*image;
245 if (*image_size < sizeof(*auth_hdr))
248 if (auth_hdr->auth_info.hdr.dwLength <=
249 offsetof(struct win_certificate_uefi_guid, cert_data))
252 *image = (uint8_t *)*image + sizeof(auth_hdr->monotonic_count) +
253 auth_hdr->auth_info.hdr.dwLength;
254 *image_size = *image_size - auth_hdr->auth_info.hdr.dwLength -
255 sizeof(auth_hdr->monotonic_count);
262 #if defined(CONFIG_EFI_CAPSULE_AUTHENTICATE)
263 int efi_get_public_key_data(void **pkey, efi_uintn_t *pkey_len)
265 const void *fdt_blob = gd->fdt_blob;
267 const char *cnode_name = "capsule-key";
268 const char *snode_name = "signature";
272 sig_node = fdt_subnode_offset(fdt_blob, 0, snode_name);
274 log_err("Unable to get signature node offset\n");
276 return -FDT_ERR_NOTFOUND;
279 blob = fdt_getprop(fdt_blob, sig_node, cnode_name, &len);
281 if (!blob || len < 0) {
282 log_err("Unable to get capsule-key value\n");
286 return -FDT_ERR_NOTFOUND;
289 *pkey = (void *)blob;
295 efi_status_t efi_capsule_authenticate(const void *capsule, efi_uintn_t capsule_size,
296 void **image, efi_uintn_t *image_size)
300 void *fdt_pkey, *pkey;
301 efi_uintn_t pkey_len;
302 uint64_t monotonic_count;
303 struct efi_signature_store *truststore;
304 struct pkcs7_message *capsule_sig;
305 struct efi_image_regions *regs;
306 struct efi_firmware_image_authentication *auth_hdr;
309 status = EFI_SECURITY_VIOLATION;
315 if (capsule == NULL || capsule_size == 0)
318 *image = (uint8_t *)capsule;
319 *image_size = capsule_size;
320 if (efi_remove_auth_hdr(image, image_size) != EFI_SUCCESS)
323 auth_hdr = (struct efi_firmware_image_authentication *)capsule;
324 if (guidcmp(&auth_hdr->auth_info.cert_type, &efi_guid_cert_type_pkcs7))
327 memcpy(&monotonic_count, &auth_hdr->monotonic_count,
328 sizeof(monotonic_count));
330 /* data to be digested */
331 regs = calloc(sizeof(*regs) + sizeof(struct image_region) * 2, 1);
336 efi_image_region_add(regs, (uint8_t *)*image,
337 (uint8_t *)*image + *image_size, 1);
339 efi_image_region_add(regs, (uint8_t *)&monotonic_count,
340 (uint8_t *)&monotonic_count + sizeof(monotonic_count),
343 capsule_sig = efi_parse_pkcs7_header(auth_hdr->auth_info.cert_data,
344 auth_hdr->auth_info.hdr.dwLength
345 - sizeof(auth_hdr->auth_info),
347 if (IS_ERR(capsule_sig)) {
348 debug("Parsing variable's pkcs7 header failed\n");
353 ret = efi_get_public_key_data(&fdt_pkey, &pkey_len);
357 pkey = malloc(pkey_len);
361 memcpy(pkey, fdt_pkey, pkey_len);
362 truststore = efi_build_signature_store(pkey, pkey_len);
366 /* verify signature */
367 if (efi_signature_verify(regs, capsule_sig, truststore, NULL)) {
370 debug("Verifying variable's signature failed\n");
374 status = EFI_SUCCESS;
377 efi_sigstore_free(truststore);
378 pkcs7_free_message(capsule_sig);
384 efi_status_t efi_capsule_authenticate(const void *capsule, efi_uintn_t capsule_size,
385 void **image, efi_uintn_t *image_size)
387 return EFI_UNSUPPORTED;
389 #endif /* CONFIG_EFI_CAPSULE_AUTHENTICATE */
393 * efi_capsule_update_firmware - update firmware from capsule
394 * @capsule_data: Capsule
396 * Update firmware, using a capsule, @capsule_data. Loading any FMP
397 * drivers embedded in a capsule is not supported.
399 * Return: status code
401 static efi_status_t efi_capsule_update_firmware(
402 struct efi_capsule_header *capsule_data)
404 struct efi_firmware_management_capsule_header *capsule;
405 struct efi_firmware_management_capsule_image_header *image;
406 size_t capsule_size, image_binary_size;
407 void *image_binary, *vendor_code;
408 efi_handle_t *handles;
409 efi_uintn_t no_handles;
411 struct efi_firmware_management_protocol *fmp;
413 efi_status_t ret = EFI_SUCCESS;
416 if (capsule_data->header_size < sizeof(*capsule) ||
417 capsule_data->header_size >= capsule_data->capsule_image_size)
418 return EFI_INVALID_PARAMETER;
420 capsule = (void *)capsule_data + capsule_data->header_size;
421 capsule_size = capsule_data->capsule_image_size
422 - capsule_data->header_size;
424 if (capsule->version != 0x00000001)
425 return EFI_UNSUPPORTED;
428 ret = EFI_CALL(efi_locate_handle_buffer(
430 &efi_guid_firmware_management_protocol,
431 NULL, &no_handles, (efi_handle_t **)&handles));
432 if (ret != EFI_SUCCESS)
433 return EFI_UNSUPPORTED;
436 for (item = capsule->embedded_driver_count;
437 item < capsule->embedded_driver_count
438 + capsule->payload_item_count; item++) {
440 if ((capsule->item_offset_list[item] + sizeof(*image)
442 log_err("Capsule does not have enough data\n");
443 ret = EFI_INVALID_PARAMETER;
447 image = (void *)capsule + capsule->item_offset_list[item];
449 if (image->version != 0x00000003) {
450 ret = EFI_UNSUPPORTED;
454 /* find a device for update firmware */
455 fmp = efi_fmp_find(&image->update_image_type_id,
456 image->update_image_index,
457 image->update_hardware_instance,
458 handles, no_handles);
460 log_err("FMP driver not found for firmware type %pUs, hardware instance %lld\n",
461 &image->update_image_type_id,
462 image->update_hardware_instance);
463 ret = EFI_UNSUPPORTED;
468 if (IS_ENABLED(CONFIG_EFI_CAPSULE_AUTHENTICATE) &&
469 !(image->image_capsule_support &
470 CAPSULE_SUPPORT_AUTHENTICATION)) {
472 ret = EFI_SECURITY_VIOLATION;
476 image_binary = (void *)image + sizeof(*image);
477 image_binary_size = image->update_image_size;
478 vendor_code = image_binary + image_binary_size;
479 if (!IS_ENABLED(CONFIG_EFI_CAPSULE_AUTHENTICATE) &&
480 (image->image_capsule_support &
481 CAPSULE_SUPPORT_AUTHENTICATION)) {
482 ret = efi_remove_auth_hdr(&image_binary,
484 if (ret != EFI_SUCCESS)
489 ret = EFI_CALL(fmp->set_image(fmp, image->update_image_index,
494 if (ret != EFI_SUCCESS) {
495 log_err("Firmware update failed: %ls\n",
497 efi_free_pool(abort_reason);
503 efi_free_pool(handles);
508 static efi_status_t efi_capsule_update_firmware(
509 struct efi_capsule_header *capsule_data)
511 return EFI_UNSUPPORTED;
513 #endif /* CONFIG_EFI_CAPSULE_FIRMWARE_MANAGEMENT */
516 * efi_update_capsule() - process information from operating system
517 * @capsule_header_array: Array of virtual address pointers
518 * @capsule_count: Number of pointers in capsule_header_array
519 * @scatter_gather_list: Array of physical address pointers
521 * This function implements the UpdateCapsule() runtime service.
523 * See the Unified Extensible Firmware Interface (UEFI) specification for
526 * Return: status code
528 efi_status_t EFIAPI efi_update_capsule(
529 struct efi_capsule_header **capsule_header_array,
530 efi_uintn_t capsule_count,
531 u64 scatter_gather_list)
533 struct efi_capsule_header *capsule;
537 EFI_ENTRY("%p, %zu, %llu\n", capsule_header_array, capsule_count,
538 scatter_gather_list);
540 if (!capsule_count) {
541 ret = EFI_INVALID_PARAMETER;
546 for (i = 0, capsule = *capsule_header_array; i < capsule_count;
547 i++, capsule = *(++capsule_header_array)) {
549 if (capsule->header_size < sizeof(*capsule) ||
550 capsule->capsule_image_size < sizeof(*capsule)) {
551 log_err("Capsule does not have enough data\n");
555 log_debug("Capsule[%d] (guid:%pUs)\n",
556 i, &capsule->capsule_guid);
557 if (!guidcmp(&capsule->capsule_guid,
558 &efi_guid_firmware_management_capsule_id)) {
559 ret = efi_capsule_update_firmware(capsule);
561 log_err("Unsupported capsule type: %pUs\n",
562 &capsule->capsule_guid);
563 ret = EFI_UNSUPPORTED;
566 if (ret != EFI_SUCCESS)
570 if (IS_ENABLED(CONFIG_EFI_ESRT)) {
571 /* Rebuild the ESRT to reflect any updated FW images. */
572 ret = efi_esrt_populate();
573 if (ret != EFI_SUCCESS)
574 log_warning("ESRT update failed\n");
578 return EFI_EXIT(ret);
582 * efi_query_capsule_caps() - check if capsule is supported
583 * @capsule_header_array: Array of virtual pointers
584 * @capsule_count: Number of pointers in capsule_header_array
585 * @maximum_capsule_size: Maximum capsule size
586 * @reset_type: Type of reset needed for capsule update
588 * This function implements the QueryCapsuleCapabilities() runtime service.
590 * See the Unified Extensible Firmware Interface (UEFI) specification for
593 * Return: status code
595 efi_status_t EFIAPI efi_query_capsule_caps(
596 struct efi_capsule_header **capsule_header_array,
597 efi_uintn_t capsule_count,
598 u64 *maximum_capsule_size,
601 struct efi_capsule_header *capsule __attribute__((unused));
605 EFI_ENTRY("%p, %zu, %p, %p\n", capsule_header_array, capsule_count,
606 maximum_capsule_size, reset_type);
608 if (!maximum_capsule_size) {
609 ret = EFI_INVALID_PARAMETER;
613 *maximum_capsule_size = U64_MAX;
614 *reset_type = EFI_RESET_COLD;
617 for (i = 0, capsule = *capsule_header_array; i < capsule_count;
618 i++, capsule = *(++capsule_header_array)) {
622 return EFI_EXIT(ret);
626 * efi_load_capsule_drivers - initialize capsule drivers
628 * Generic FMP drivers backed by DFU
630 * Return: status code
632 efi_status_t __weak efi_load_capsule_drivers(void)
634 __maybe_unused efi_handle_t handle;
635 efi_status_t ret = EFI_SUCCESS;
637 if (IS_ENABLED(CONFIG_EFI_CAPSULE_FIRMWARE_FIT)) {
639 ret = efi_install_multiple_protocol_interfaces(&handle,
640 &efi_guid_firmware_management_protocol,
645 if (IS_ENABLED(CONFIG_EFI_CAPSULE_FIRMWARE_RAW)) {
647 ret = efi_install_multiple_protocol_interfaces(&handle,
648 &efi_guid_firmware_management_protocol,
656 #ifdef CONFIG_EFI_CAPSULE_ON_DISK
658 * get_dp_device - retrieve a device path from boot variable
659 * @boot_var: Boot variable name
660 * @device_dp Device path
662 * Retrieve a device patch from boot variable, @boot_var.
664 * Return: status code
666 static efi_status_t get_dp_device(u16 *boot_var,
667 struct efi_device_path **device_dp)
671 struct efi_load_option lo;
672 struct efi_device_path *file_dp;
676 ret = efi_get_variable_int(boot_var, &efi_global_variable_guid,
677 NULL, &size, NULL, NULL);
678 if (ret == EFI_BUFFER_TOO_SMALL) {
681 return EFI_OUT_OF_RESOURCES;
682 ret = efi_get_variable_int(boot_var, &efi_global_variable_guid,
683 NULL, &size, buf, NULL);
685 if (ret != EFI_SUCCESS)
688 efi_deserialize_load_option(&lo, buf, &size);
690 if (lo.attributes & LOAD_OPTION_ACTIVE) {
691 efi_dp_split_file_path(lo.file_path, device_dp, &file_dp);
692 efi_free_pool(file_dp);
705 * device_is_present_and_system_part - check if a device exists
707 * Check if a device pointed to by the device path, @dp, exists and is
708 * located in UEFI system partition.
711 * Return: true - yes, false - no
713 static bool device_is_present_and_system_part(struct efi_device_path *dp)
716 struct efi_device_path *rem;
718 /* Check device exists */
719 handle = efi_dp_find_obj(dp, NULL, NULL);
723 /* Check device is on system partition */
724 handle = efi_dp_find_obj(dp, &efi_system_partition_guid, &rem);
732 * find_boot_device - identify the boot device
734 * Identify the boot device from boot-related variables as UEFI
735 * specification describes and put its handle into bootdev_root.
737 * Return: status code
739 static efi_status_t find_boot_device(void)
742 u16 boot_var16[9], *p, bootnext, *boot_order = NULL;
745 struct efi_simple_file_system_protocol *volume;
746 struct efi_device_path *boot_dev = NULL;
749 /* find active boot device in BootNext */
751 size = sizeof(bootnext);
752 ret = efi_get_variable_int(u"BootNext",
753 (efi_guid_t *)&efi_global_variable_guid,
754 NULL, &size, &bootnext, NULL);
755 if (ret == EFI_SUCCESS || ret == EFI_BUFFER_TOO_SMALL) {
756 /* BootNext does exist here */
757 if (ret == EFI_BUFFER_TOO_SMALL || size != sizeof(u16)) {
758 log_err("BootNext must be 16-bit integer\n");
761 sprintf((char *)boot_var, "Boot%04X", bootnext);
763 utf8_utf16_strcpy(&p, boot_var);
765 ret = get_dp_device(boot_var16, &boot_dev);
766 if (ret == EFI_SUCCESS) {
767 if (device_is_present_and_system_part(boot_dev)) {
770 efi_free_pool(boot_dev);
777 /* find active boot device in BootOrder */
779 ret = efi_get_variable_int(u"BootOrder", &efi_global_variable_guid,
780 NULL, &size, NULL, NULL);
781 if (ret == EFI_BUFFER_TOO_SMALL) {
782 boot_order = malloc(size);
784 ret = EFI_OUT_OF_RESOURCES;
788 ret = efi_get_variable_int(u"BootOrder",
789 &efi_global_variable_guid,
790 NULL, &size, boot_order, NULL);
792 if (ret != EFI_SUCCESS)
795 /* check in higher order */
796 num = size / sizeof(u16);
797 for (i = 0; i < num; i++) {
798 sprintf((char *)boot_var, "Boot%04X", boot_order[i]);
800 utf8_utf16_strcpy(&p, boot_var);
801 ret = get_dp_device(boot_var16, &boot_dev);
802 if (ret != EFI_SUCCESS)
805 if (device_is_present_and_system_part(boot_dev))
808 efi_free_pool(boot_dev);
813 log_debug("Boot device %pD\n", boot_dev);
815 volume = efi_fs_from_path(boot_dev);
817 ret = EFI_DEVICE_ERROR;
819 ret = EFI_CALL(volume->open_volume(volume,
821 efi_free_pool(boot_dev);
832 * efi_capsule_scan_dir - traverse a capsule directory in boot device
833 * @files: Array of file names
834 * @num: Number of elements in @files
836 * Traverse a capsule directory in boot device.
837 * Called by initialization code, and returns an array of capsule file
840 * Return: status code
842 static efi_status_t efi_capsule_scan_dir(u16 ***files, unsigned int *num)
844 struct efi_file_handle *dirh;
845 struct efi_file_info *dirent;
846 efi_uintn_t dirent_size, tmp_size;
851 ret = find_boot_device();
852 if (ret == EFI_NOT_FOUND) {
853 log_debug("Boot device is not set\n");
856 } else if (ret != EFI_SUCCESS) {
857 return EFI_DEVICE_ERROR;
860 /* count capsule files */
861 ret = EFI_CALL((*bootdev_root->open)(bootdev_root, &dirh,
863 EFI_FILE_MODE_READ, 0));
864 if (ret != EFI_SUCCESS) {
870 dirent = malloc(dirent_size);
872 return EFI_OUT_OF_RESOURCES;
876 tmp_size = dirent_size;
877 ret = EFI_CALL((*dirh->read)(dirh, &tmp_size, dirent));
878 if (ret == EFI_BUFFER_TOO_SMALL) {
879 struct efi_file_info *old_dirent = dirent;
881 dirent = realloc(dirent, tmp_size);
884 ret = EFI_OUT_OF_RESOURCES;
887 dirent_size = tmp_size;
888 ret = EFI_CALL((*dirh->read)(dirh, &tmp_size, dirent));
890 if (ret != EFI_SUCCESS)
895 if (!(dirent->attribute & EFI_FILE_DIRECTORY))
899 ret = EFI_CALL((*dirh->setpos)(dirh, 0));
900 if (ret != EFI_SUCCESS)
904 tmp_files = malloc(count * sizeof(*tmp_files));
906 ret = EFI_OUT_OF_RESOURCES;
912 tmp_size = dirent_size;
913 ret = EFI_CALL((*dirh->read)(dirh, &tmp_size, dirent));
914 if (ret != EFI_SUCCESS)
919 if (!(dirent->attribute & EFI_FILE_DIRECTORY) &&
920 u16_strcmp(dirent->file_name, u".") &&
921 u16_strcmp(dirent->file_name, u".."))
922 tmp_files[count++] = u16_strdup(dirent->file_name);
924 /* ignore an error */
925 EFI_CALL((*dirh->close)(dirh));
928 /* FIXME: u16 version of strcasecmp */
929 qsort(tmp_files, count, sizeof(*tmp_files),
930 (int (*)(const void *, const void *))strcasecmp);
941 * efi_capsule_read_file - read in a capsule file
942 * @filename: File name
943 * @capsule: Pointer to buffer for capsule
945 * Read a capsule file and put its content in @capsule.
947 * Return: status code
949 static efi_status_t efi_capsule_read_file(const u16 *filename,
950 struct efi_capsule_header **capsule)
952 struct efi_file_handle *dirh, *fh;
953 struct efi_file_info *file_info = NULL;
954 struct efi_capsule_header *buf = NULL;
958 ret = EFI_CALL((*bootdev_root->open)(bootdev_root, &dirh,
960 EFI_FILE_MODE_READ, 0));
961 if (ret != EFI_SUCCESS)
963 ret = EFI_CALL((*dirh->open)(dirh, &fh, (u16 *)filename,
964 EFI_FILE_MODE_READ, 0));
965 /* ignore an error */
966 EFI_CALL((*dirh->close)(dirh));
967 if (ret != EFI_SUCCESS)
972 ret = EFI_CALL((*fh->getinfo)(fh, &efi_file_info_guid,
974 if (ret == EFI_BUFFER_TOO_SMALL) {
975 file_info = malloc(size);
977 ret = EFI_OUT_OF_RESOURCES;
980 ret = EFI_CALL((*fh->getinfo)(fh, &efi_file_info_guid,
983 if (ret != EFI_SUCCESS)
985 size = file_info->file_size;
989 ret = EFI_OUT_OF_RESOURCES;
994 ret = EFI_CALL((*fh->read)(fh, &size, buf));
995 if (ret == EFI_SUCCESS) {
996 if (size >= buf->capsule_image_size) {
1000 ret = EFI_INVALID_PARAMETER;
1006 EFI_CALL((*fh->close)(fh));
1012 * efi_capsule_delete_file - delete a capsule file
1013 * @filename: File name
1015 * Delete a capsule file from capsule directory.
1017 * Return: status code
1019 static efi_status_t efi_capsule_delete_file(const u16 *filename)
1021 struct efi_file_handle *dirh, *fh;
1024 ret = EFI_CALL((*bootdev_root->open)(bootdev_root, &dirh,
1026 EFI_FILE_MODE_READ, 0));
1027 if (ret != EFI_SUCCESS)
1029 ret = EFI_CALL((*dirh->open)(dirh, &fh, (u16 *)filename,
1030 EFI_FILE_MODE_READ, 0));
1031 /* ignore an error */
1032 EFI_CALL((*dirh->close)(dirh));
1034 if (ret == EFI_SUCCESS)
1035 ret = EFI_CALL((*fh->delete)(fh));
1041 * efi_capsule_scan_done - reset a scan help function
1043 * Reset a scan help function
1045 static void efi_capsule_scan_done(void)
1047 EFI_CALL((*bootdev_root->close)(bootdev_root));
1048 bootdev_root = NULL;
1052 * check_run_capsules() - check whether capsule update should run
1054 * The spec says OsIndications must be set in order to run the capsule update
1055 * on-disk. Since U-Boot doesn't support runtime SetVariable, allow capsules to
1056 * run explicitly if CONFIG_EFI_IGNORE_OSINDICATIONS is selected
1058 * Return: EFI_SUCCESS if update to run, EFI_NOT_FOUND otherwise
1060 static efi_status_t check_run_capsules(void)
1062 u64 os_indications = 0x0;
1066 size = sizeof(os_indications);
1067 r = efi_get_variable_int(u"OsIndications", &efi_global_variable_guid,
1068 NULL, &size, &os_indications, NULL);
1069 if (!IS_ENABLED(CONFIG_EFI_IGNORE_OSINDICATIONS) &&
1070 (r != EFI_SUCCESS || size != sizeof(os_indications)))
1071 return EFI_NOT_FOUND;
1073 if (os_indications &
1074 EFI_OS_INDICATIONS_FILE_CAPSULE_DELIVERY_SUPPORTED) {
1076 ~EFI_OS_INDICATIONS_FILE_CAPSULE_DELIVERY_SUPPORTED;
1077 r = efi_set_variable_int(u"OsIndications",
1078 &efi_global_variable_guid,
1079 EFI_VARIABLE_NON_VOLATILE |
1080 EFI_VARIABLE_BOOTSERVICE_ACCESS |
1081 EFI_VARIABLE_RUNTIME_ACCESS,
1082 sizeof(os_indications),
1083 &os_indications, false);
1084 if (r != EFI_SUCCESS)
1085 log_err("Setting %ls failed\n", L"OsIndications");
1087 } else if (IS_ENABLED(CONFIG_EFI_IGNORE_OSINDICATIONS)) {
1090 return EFI_NOT_FOUND;
1095 * efi_launch_capsule - launch capsules
1097 * Launch all the capsules in system at boot time.
1098 * Called by efi init code
1100 * Return: status codde
1102 efi_status_t efi_launch_capsules(void)
1104 struct efi_capsule_header *capsule = NULL;
1106 unsigned int nfiles, index, i;
1109 if (check_run_capsules() != EFI_SUCCESS)
1112 index = get_last_capsule();
1115 * Find capsules on disk.
1116 * All the capsules are collected at the beginning because
1117 * capsule files will be removed instantly.
1121 ret = efi_capsule_scan_dir(&files, &nfiles);
1122 if (ret != EFI_SUCCESS)
1127 /* Launch capsules */
1128 for (i = 0, ++index; i < nfiles; i++, index++) {
1129 log_debug("Applying %ls\n", files[i]);
1132 ret = efi_capsule_read_file(files[i], &capsule);
1133 if (ret == EFI_SUCCESS) {
1134 ret = efi_capsule_update_firmware(capsule);
1135 if (ret != EFI_SUCCESS)
1136 log_err("Applying capsule %ls failed.\n",
1139 log_info("Applying capsule %ls succeeded.\n",
1142 /* create CapsuleXXXX */
1143 set_capsule_result(index, capsule, ret);
1147 log_err("Reading capsule %ls failed\n", files[i]);
1149 /* delete a capsule either in case of success or failure */
1150 ret = efi_capsule_delete_file(files[i]);
1151 if (ret != EFI_SUCCESS)
1152 log_err("Deleting capsule %ls failed\n",
1155 efi_capsule_scan_done();
1157 for (i = 0; i < nfiles; i++)
1162 * UEFI spec requires to reset system after complete processing capsule
1163 * update on the storage.
1165 log_info("Reboot after firmware update.\n");
1166 /* Cold reset is required for loading the new firmware. */
1167 sysreset_walk_halt(SYSRESET_COLD);
1169 /* not reach here */
1173 #endif /* CONFIG_EFI_CAPSULE_ON_DISK */
projects / platform / kernel / u-boot.git / blob