1 // SPDX-License-Identifier: GPL-2.0+
5 * Copyright (c) 2018 Linaro Limited
6 * Author: AKASHI Takahiro
9 #define LOG_CATEGORY LOGC_EFI
12 #include <efi_loader.h>
13 #include <efi_variable.h>
23 #include <asm/global_data.h>
25 #include <crypto/pkcs7.h>
26 #include <crypto/pkcs7_parser.h>
27 #include <linux/err.h>
29 DECLARE_GLOBAL_DATA_PTR;
31 const efi_guid_t efi_guid_capsule_report = EFI_CAPSULE_REPORT_GUID;
32 static const efi_guid_t efi_guid_firmware_management_capsule_id =
33 EFI_FIRMWARE_MANAGEMENT_CAPSULE_ID_GUID;
34 const efi_guid_t efi_guid_firmware_management_protocol =
35 EFI_FIRMWARE_MANAGEMENT_PROTOCOL_GUID;
36 const efi_guid_t fwu_guid_os_request_fw_revert =
37 FWU_OS_REQUEST_FW_REVERT_GUID;
38 const efi_guid_t fwu_guid_os_request_fw_accept =
39 FWU_OS_REQUEST_FW_ACCEPT_GUID;
41 #define FW_ACCEPT_OS (u32)0x8000
43 #ifdef CONFIG_EFI_CAPSULE_ON_DISK
44 /* for file system access */
45 static struct efi_file_handle *bootdev_root;
48 static __maybe_unused unsigned int get_capsule_index(const u16 *variable_name)
50 u16 value16[11]; /* "CapsuleXXXX": non-null-terminated */
53 unsigned long index = 0xffff;
57 size = sizeof(value16);
58 ret = efi_get_variable_int(variable_name, &efi_guid_capsule_report,
59 NULL, &size, value16, NULL);
60 if (ret != EFI_SUCCESS || size != 22 ||
61 u16_strncmp(value16, u"Capsule", 7))
63 for (i = 0; i < 4; ++i) {
64 u16 c = value16[i + 7];
71 if (strict_strtoul(value, 16, &index))
78 * get_last_capsule - get the last capsule index
80 * Retrieve the index of the capsule invoked last time from "CapsuleLast"
84 * * > 0 - the last capsule index invoked
85 * * 0xffff - on error, or no capsule invoked yet
87 static __maybe_unused unsigned int get_last_capsule(void)
89 return get_capsule_index(u"CapsuleLast");
93 * get_max_capsule - get the max capsule index
95 * Retrieve the max capsule index value from "CapsuleMax" variable.
98 * * > 0 - the max capsule index
99 * * 0xffff - on error, or "CapsuleMax" variable does not exist
101 static __maybe_unused unsigned int get_max_capsule(void)
103 return get_capsule_index(u"CapsuleMax");
107 * set_capsule_result - set a result variable
109 * @return_status: Return status
111 * Create and set a result variable, "CapsuleXXXX", for the capsule,
114 static __maybe_unused
115 void set_capsule_result(int index, struct efi_capsule_header *capsule,
116 efi_status_t return_status)
118 u16 variable_name16[12];
119 struct efi_capsule_result_variable_header result;
120 struct efi_time time;
123 efi_create_indexed_name(variable_name16, sizeof(variable_name16),
125 result.variable_total_size = sizeof(result);
126 result.capsule_guid = capsule->capsule_guid;
127 ret = EFI_CALL((*efi_runtime_services.get_time)(&time, NULL));
128 if (ret == EFI_SUCCESS)
129 memcpy(&result.capsule_processed, &time, sizeof(time));
131 memset(&result.capsule_processed, 0, sizeof(time));
132 result.capsule_status = return_status;
133 ret = efi_set_variable_int(variable_name16, &efi_guid_capsule_report,
134 EFI_VARIABLE_NON_VOLATILE |
135 EFI_VARIABLE_BOOTSERVICE_ACCESS |
136 EFI_VARIABLE_RUNTIME_ACCESS,
137 sizeof(result), &result, false);
138 if (ret != EFI_SUCCESS) {
139 log_err("Setting %ls failed\n", variable_name16);
143 /* Variable CapsuleLast must not include terminating 0x0000 */
144 ret = efi_set_variable_int(u"CapsuleLast", &efi_guid_capsule_report,
145 EFI_VARIABLE_READ_ONLY |
146 EFI_VARIABLE_NON_VOLATILE |
147 EFI_VARIABLE_BOOTSERVICE_ACCESS |
148 EFI_VARIABLE_RUNTIME_ACCESS,
149 22, variable_name16, false);
150 if (ret != EFI_SUCCESS)
151 log_err("Setting %ls failed\n", u"CapsuleLast");
154 #ifdef CONFIG_EFI_CAPSULE_FIRMWARE_MANAGEMENT
156 * efi_fmp_find - search for Firmware Management Protocol drivers
157 * @image_type: Image type guid
158 * @image_index: Image Index
159 * @instance: Instance number
160 * @handles: Handles of FMP drivers
161 * @no_handles: Number of handles
163 * Search for Firmware Management Protocol drivers, matching the image
164 * type, @image_type and the machine instance, @instance, from the list,
168 * * Protocol instance - on success
169 * * NULL - on failure
171 static struct efi_firmware_management_protocol *
172 efi_fmp_find(efi_guid_t *image_type, u8 image_index, u64 instance,
173 efi_handle_t *handles, efi_uintn_t no_handles)
175 efi_handle_t *handle;
176 struct efi_firmware_management_protocol *fmp;
177 struct efi_firmware_image_descriptor *image_info, *desc;
178 efi_uintn_t info_size, descriptor_size;
179 u32 descriptor_version;
182 u16 *package_version_name;
187 for (i = 0, handle = handles; i < no_handles; i++, handle++) {
188 struct efi_handler *fmp_handler;
190 ret = efi_search_protocol(
191 *handle, &efi_guid_firmware_management_protocol,
193 if (ret != EFI_SUCCESS)
195 fmp = fmp_handler->protocol_interface;
197 /* get device's image info */
200 descriptor_version = 0;
201 descriptor_count = 0;
204 package_version_name = NULL;
205 ret = EFI_CALL(fmp->get_image_info(fmp, &info_size,
211 &package_version_name));
212 if (ret != EFI_BUFFER_TOO_SMALL)
215 image_info = malloc(info_size);
219 ret = EFI_CALL(fmp->get_image_info(fmp, &info_size,
225 &package_version_name));
226 if (ret != EFI_SUCCESS ||
227 descriptor_version != EFI_FIRMWARE_IMAGE_DESCRIPTOR_VERSION)
231 for (j = 0, desc = image_info; j < descriptor_count;
232 j++, desc = (void *)desc + descriptor_size) {
233 log_debug("+++ desc[%d] index: %d, name: %ls\n",
234 j, desc->image_index, desc->image_id_name);
235 if (!guidcmp(&desc->image_type_id, image_type) &&
236 (desc->image_index == image_index) &&
238 !desc->hardware_instance ||
239 desc->hardware_instance == instance))
244 efi_free_pool(package_version_name);
254 * efi_remove_auth_hdr - remove authentication data from image
255 * @image: Pointer to pointer to Image
256 * @image_size: Pointer to Image size
258 * Remove the authentication data from image if possible.
259 * Update @image and @image_size.
261 * Return: status code
263 static efi_status_t efi_remove_auth_hdr(void **image, efi_uintn_t *image_size)
265 struct efi_firmware_image_authentication *auth_hdr;
266 efi_status_t ret = EFI_INVALID_PARAMETER;
268 auth_hdr = (struct efi_firmware_image_authentication *)*image;
269 if (*image_size < sizeof(*auth_hdr))
272 if (auth_hdr->auth_info.hdr.dwLength <=
273 offsetof(struct win_certificate_uefi_guid, cert_data))
276 *image = (uint8_t *)*image + sizeof(auth_hdr->monotonic_count) +
277 auth_hdr->auth_info.hdr.dwLength;
278 *image_size = *image_size - auth_hdr->auth_info.hdr.dwLength -
279 sizeof(auth_hdr->monotonic_count);
286 #if defined(CONFIG_EFI_CAPSULE_AUTHENTICATE)
287 int efi_get_public_key_data(void **pkey, efi_uintn_t *pkey_len)
289 const void *fdt_blob = gd->fdt_blob;
291 const char *cnode_name = "capsule-key";
292 const char *snode_name = "signature";
296 sig_node = fdt_subnode_offset(fdt_blob, 0, snode_name);
298 log_err("Unable to get signature node offset\n");
300 return -FDT_ERR_NOTFOUND;
303 blob = fdt_getprop(fdt_blob, sig_node, cnode_name, &len);
305 if (!blob || len < 0) {
306 log_err("Unable to get capsule-key value\n");
310 return -FDT_ERR_NOTFOUND;
313 *pkey = (void *)blob;
319 efi_status_t efi_capsule_authenticate(const void *capsule, efi_uintn_t capsule_size,
320 void **image, efi_uintn_t *image_size)
324 void *fdt_pkey, *pkey;
325 efi_uintn_t pkey_len;
326 uint64_t monotonic_count;
327 struct efi_signature_store *truststore;
328 struct pkcs7_message *capsule_sig;
329 struct efi_image_regions *regs;
330 struct efi_firmware_image_authentication *auth_hdr;
333 status = EFI_SECURITY_VIOLATION;
339 if (capsule == NULL || capsule_size == 0)
342 *image = (uint8_t *)capsule;
343 *image_size = capsule_size;
344 if (efi_remove_auth_hdr(image, image_size) != EFI_SUCCESS)
347 auth_hdr = (struct efi_firmware_image_authentication *)capsule;
348 if (guidcmp(&auth_hdr->auth_info.cert_type, &efi_guid_cert_type_pkcs7))
351 memcpy(&monotonic_count, &auth_hdr->monotonic_count,
352 sizeof(monotonic_count));
354 /* data to be digested */
355 regs = calloc(sizeof(*regs) + sizeof(struct image_region) * 2, 1);
360 efi_image_region_add(regs, (uint8_t *)*image,
361 (uint8_t *)*image + *image_size, 1);
363 efi_image_region_add(regs, (uint8_t *)&monotonic_count,
364 (uint8_t *)&monotonic_count + sizeof(monotonic_count),
367 capsule_sig = efi_parse_pkcs7_header(auth_hdr->auth_info.cert_data,
368 auth_hdr->auth_info.hdr.dwLength
369 - sizeof(auth_hdr->auth_info),
371 if (IS_ERR(capsule_sig)) {
372 debug("Parsing variable's pkcs7 header failed\n");
377 ret = efi_get_public_key_data(&fdt_pkey, &pkey_len);
381 pkey = malloc(pkey_len);
385 memcpy(pkey, fdt_pkey, pkey_len);
386 truststore = efi_build_signature_store(pkey, pkey_len);
390 /* verify signature */
391 if (efi_signature_verify(regs, capsule_sig, truststore, NULL)) {
394 debug("Verifying variable's signature failed\n");
398 status = EFI_SUCCESS;
401 efi_sigstore_free(truststore);
402 pkcs7_free_message(capsule_sig);
408 efi_status_t efi_capsule_authenticate(const void *capsule, efi_uintn_t capsule_size,
409 void **image, efi_uintn_t *image_size)
411 return EFI_UNSUPPORTED;
413 #endif /* CONFIG_EFI_CAPSULE_AUTHENTICATE */
415 static __maybe_unused bool fwu_empty_capsule(struct efi_capsule_header *capsule)
417 return !guidcmp(&capsule->capsule_guid,
418 &fwu_guid_os_request_fw_revert) ||
419 !guidcmp(&capsule->capsule_guid,
420 &fwu_guid_os_request_fw_accept);
423 static __maybe_unused efi_status_t fwu_to_efi_error(int err)
433 ret = EFI_DEVICE_ERROR;
436 ret = EFI_INVALID_PARAMETER;
442 ret = EFI_OUT_OF_RESOURCES;
448 static __maybe_unused efi_status_t fwu_empty_capsule_process(
449 struct efi_capsule_header *capsule)
453 efi_guid_t *image_guid;
454 efi_status_t ret = EFI_INVALID_PARAMETER;
456 if (!guidcmp(&capsule->capsule_guid,
457 &fwu_guid_os_request_fw_revert)) {
459 * One of the previously updated image has
460 * failed the OS acceptance test. OS has
461 * requested to revert back to the earlier
464 status = fwu_revert_boot_index();
465 ret = fwu_to_efi_error(status);
466 if (ret == EFI_SUCCESS)
467 log_debug("Reverted the FWU active_index. Recommend rebooting the system\n");
469 log_err("Failed to revert the FWU boot index\n");
470 } else if (!guidcmp(&capsule->capsule_guid,
471 &fwu_guid_os_request_fw_accept)) {
473 * Image accepted by the OS. Set the acceptance
474 * status for the image.
476 image_guid = (void *)(char *)capsule +
477 capsule->header_size;
479 status = fwu_get_active_index(&active_idx);
480 ret = fwu_to_efi_error(status);
481 if (ret != EFI_SUCCESS) {
482 log_err("Unable to get the active_index from the FWU metadata\n");
486 status = fwu_accept_image(image_guid, active_idx);
487 ret = fwu_to_efi_error(status);
488 if (ret != EFI_SUCCESS)
489 log_err("Unable to set the Accept bit for the image %pUs\n",
496 static __maybe_unused void fwu_post_update_checks(
497 struct efi_capsule_header *capsule,
498 bool *fw_accept_os, bool *capsule_update)
500 if (fwu_empty_capsule(capsule))
501 *capsule_update = false;
505 capsule->flags & FW_ACCEPT_OS ? true : false;
508 static __maybe_unused efi_status_t fwu_post_update_process(bool fw_accept_os)
514 status = fwu_plat_get_update_index(&update_index);
516 log_err("Failed to get the FWU update_index value\n");
517 return EFI_DEVICE_ERROR;
521 * All the capsules have been updated successfully,
522 * update the FWU metadata.
524 log_debug("Update Complete. Now updating active_index to %u\n",
526 status = fwu_set_active_index(update_index);
527 ret = fwu_to_efi_error(status);
528 if (ret != EFI_SUCCESS) {
529 log_err("Failed to update FWU metadata index values\n");
531 log_debug("Successfully updated the active_index\n");
533 status = fwu_trial_state_ctr_start();
535 ret = EFI_DEVICE_ERROR;
543 * efi_capsule_update_firmware - update firmware from capsule
544 * @capsule_data: Capsule
546 * Update firmware, using a capsule, @capsule_data. Loading any FMP
547 * drivers embedded in a capsule is not supported.
549 * Return: status code
551 static efi_status_t efi_capsule_update_firmware(
552 struct efi_capsule_header *capsule_data)
554 struct efi_firmware_management_capsule_header *capsule;
555 struct efi_firmware_management_capsule_image_header *image;
556 size_t capsule_size, image_binary_size;
557 void *image_binary, *vendor_code;
558 efi_handle_t *handles;
559 efi_uintn_t no_handles;
561 struct efi_firmware_management_protocol *fmp;
563 efi_guid_t *image_type_id;
564 efi_status_t ret = EFI_SUCCESS;
569 if (IS_ENABLED(CONFIG_FWU_MULTI_BANK_UPDATE)) {
570 if (fwu_empty_capsule_checks_pass() &&
571 fwu_empty_capsule(capsule_data))
572 return fwu_empty_capsule_process(capsule_data);
574 if (!fwu_update_checks_pass()) {
575 log_err("FWU checks failed. Cannot start update\n");
576 return EFI_INVALID_PARAMETER;
580 /* Obtain the update_index from the platform */
581 status = fwu_plat_get_update_index(&update_index);
583 log_err("Failed to get the FWU update_index value\n");
584 return EFI_DEVICE_ERROR;
587 fw_accept_os = capsule_data->flags & FW_ACCEPT_OS ? 0x1 : 0x0;
591 if (capsule_data->header_size < sizeof(*capsule) ||
592 capsule_data->header_size >= capsule_data->capsule_image_size)
593 return EFI_INVALID_PARAMETER;
595 capsule = (void *)capsule_data + capsule_data->header_size;
596 capsule_size = capsule_data->capsule_image_size
597 - capsule_data->header_size;
599 if (capsule->version != 0x00000001)
600 return EFI_UNSUPPORTED;
603 ret = EFI_CALL(efi_locate_handle_buffer(
605 &efi_guid_firmware_management_protocol,
606 NULL, &no_handles, (efi_handle_t **)&handles));
607 if (ret != EFI_SUCCESS)
608 return EFI_UNSUPPORTED;
611 for (item = capsule->embedded_driver_count;
612 item < capsule->embedded_driver_count
613 + capsule->payload_item_count; item++) {
615 if ((capsule->item_offset_list[item] + sizeof(*image)
617 log_err("Capsule does not have enough data\n");
618 ret = EFI_INVALID_PARAMETER;
622 image = (void *)capsule + capsule->item_offset_list[item];
624 if (image->version != 0x00000003) {
625 ret = EFI_UNSUPPORTED;
629 /* find a device for update firmware */
630 fmp = efi_fmp_find(&image->update_image_type_id,
631 image->update_image_index,
632 image->update_hardware_instance,
633 handles, no_handles);
635 log_err("FMP driver not found for firmware type %pUs, hardware instance %lld\n",
636 &image->update_image_type_id,
637 image->update_hardware_instance);
638 ret = EFI_UNSUPPORTED;
643 if (IS_ENABLED(CONFIG_EFI_CAPSULE_AUTHENTICATE) &&
644 !(image->image_capsule_support &
645 CAPSULE_SUPPORT_AUTHENTICATION)) {
647 ret = EFI_SECURITY_VIOLATION;
651 image_binary = (void *)image + sizeof(*image);
652 image_binary_size = image->update_image_size;
653 vendor_code = image_binary + image_binary_size;
654 if (!IS_ENABLED(CONFIG_EFI_CAPSULE_AUTHENTICATE) &&
655 (image->image_capsule_support &
656 CAPSULE_SUPPORT_AUTHENTICATION)) {
657 ret = efi_remove_auth_hdr(&image_binary,
659 if (ret != EFI_SUCCESS)
664 ret = EFI_CALL(fmp->set_image(fmp, image->update_image_index,
669 if (ret != EFI_SUCCESS) {
670 log_err("Firmware update failed: %ls\n",
672 efi_free_pool(abort_reason);
676 if (IS_ENABLED(CONFIG_FWU_MULTI_BANK_UPDATE)) {
677 image_type_id = &image->update_image_type_id;
680 * The OS will not be accepting the firmware
681 * images. Set the accept bit of all the
682 * images contained in this capsule.
684 status = fwu_accept_image(image_type_id,
687 status = fwu_clear_accept_image(image_type_id,
690 ret = fwu_to_efi_error(status);
691 if (ret != EFI_SUCCESS) {
692 log_err("Unable to %s the accept bit for the image %pUs\n",
693 fw_accept_os ? "clear" : "set",
698 log_debug("%s the accepted bit for Image %pUs\n",
699 fw_accept_os ? "Cleared" : "Set",
706 efi_free_pool(handles);
711 static efi_status_t efi_capsule_update_firmware(
712 struct efi_capsule_header *capsule_data)
714 return EFI_UNSUPPORTED;
716 #endif /* CONFIG_EFI_CAPSULE_FIRMWARE_MANAGEMENT */
719 * efi_update_capsule() - process information from operating system
720 * @capsule_header_array: Array of virtual address pointers
721 * @capsule_count: Number of pointers in capsule_header_array
722 * @scatter_gather_list: Array of physical address pointers
724 * This function implements the UpdateCapsule() runtime service.
726 * See the Unified Extensible Firmware Interface (UEFI) specification for
729 * Return: status code
731 efi_status_t EFIAPI efi_update_capsule(
732 struct efi_capsule_header **capsule_header_array,
733 efi_uintn_t capsule_count,
734 u64 scatter_gather_list)
736 struct efi_capsule_header *capsule;
740 EFI_ENTRY("%p, %zu, %llu\n", capsule_header_array, capsule_count,
741 scatter_gather_list);
743 if (!capsule_count) {
744 ret = EFI_INVALID_PARAMETER;
749 for (i = 0, capsule = *capsule_header_array; i < capsule_count;
750 i++, capsule = *(++capsule_header_array)) {
752 if (capsule->header_size < sizeof(*capsule) ||
753 capsule->capsule_image_size < sizeof(*capsule)) {
754 log_err("Capsule does not have enough data\n");
758 log_debug("Capsule[%d] (guid:%pUs)\n",
759 i, &capsule->capsule_guid);
760 if (!guidcmp(&capsule->capsule_guid,
761 &efi_guid_firmware_management_capsule_id)) {
762 ret = efi_capsule_update_firmware(capsule);
764 log_err("Unsupported capsule type: %pUs\n",
765 &capsule->capsule_guid);
766 ret = EFI_UNSUPPORTED;
769 if (ret != EFI_SUCCESS)
773 if (IS_ENABLED(CONFIG_EFI_ESRT)) {
774 /* Rebuild the ESRT to reflect any updated FW images. */
775 ret = efi_esrt_populate();
776 if (ret != EFI_SUCCESS)
777 log_warning("ESRT update failed\n");
781 return EFI_EXIT(ret);
785 * efi_query_capsule_caps() - check if capsule is supported
786 * @capsule_header_array: Array of virtual pointers
787 * @capsule_count: Number of pointers in capsule_header_array
788 * @maximum_capsule_size: Maximum capsule size
789 * @reset_type: Type of reset needed for capsule update
791 * This function implements the QueryCapsuleCapabilities() runtime service.
793 * See the Unified Extensible Firmware Interface (UEFI) specification for
796 * Return: status code
798 efi_status_t EFIAPI efi_query_capsule_caps(
799 struct efi_capsule_header **capsule_header_array,
800 efi_uintn_t capsule_count,
801 u64 *maximum_capsule_size,
804 struct efi_capsule_header *capsule __attribute__((unused));
808 EFI_ENTRY("%p, %zu, %p, %p\n", capsule_header_array, capsule_count,
809 maximum_capsule_size, reset_type);
811 if (!maximum_capsule_size) {
812 ret = EFI_INVALID_PARAMETER;
816 *maximum_capsule_size = U64_MAX;
817 *reset_type = EFI_RESET_COLD;
820 for (i = 0, capsule = *capsule_header_array; i < capsule_count;
821 i++, capsule = *(++capsule_header_array)) {
825 return EFI_EXIT(ret);
829 * efi_load_capsule_drivers - initialize capsule drivers
831 * Generic FMP drivers backed by DFU
833 * Return: status code
835 efi_status_t __weak efi_load_capsule_drivers(void)
837 __maybe_unused efi_handle_t handle;
838 efi_status_t ret = EFI_SUCCESS;
840 if (IS_ENABLED(CONFIG_EFI_CAPSULE_FIRMWARE_FIT)) {
842 ret = efi_install_multiple_protocol_interfaces(&handle,
843 &efi_guid_firmware_management_protocol,
848 if (IS_ENABLED(CONFIG_EFI_CAPSULE_FIRMWARE_RAW)) {
850 ret = efi_install_multiple_protocol_interfaces(&handle,
851 &efi_guid_firmware_management_protocol,
859 #ifdef CONFIG_EFI_CAPSULE_ON_DISK
861 * get_dp_device - retrieve a device path from boot variable
862 * @boot_var: Boot variable name
863 * @device_dp Device path
865 * Retrieve a device patch from boot variable, @boot_var.
867 * Return: status code
869 static efi_status_t get_dp_device(u16 *boot_var,
870 struct efi_device_path **device_dp)
874 struct efi_load_option lo;
875 struct efi_device_path *file_dp;
879 ret = efi_get_variable_int(boot_var, &efi_global_variable_guid,
880 NULL, &size, NULL, NULL);
881 if (ret == EFI_BUFFER_TOO_SMALL) {
884 return EFI_OUT_OF_RESOURCES;
885 ret = efi_get_variable_int(boot_var, &efi_global_variable_guid,
886 NULL, &size, buf, NULL);
888 if (ret != EFI_SUCCESS)
891 efi_deserialize_load_option(&lo, buf, &size);
893 if (lo.attributes & LOAD_OPTION_ACTIVE) {
894 efi_dp_split_file_path(lo.file_path, device_dp, &file_dp);
895 efi_free_pool(file_dp);
908 * device_is_present_and_system_part - check if a device exists
910 * Check if a device pointed to by the device path, @dp, exists and is
911 * located in UEFI system partition.
914 * Return: true - yes, false - no
916 static bool device_is_present_and_system_part(struct efi_device_path *dp)
919 struct efi_device_path *rem;
921 /* Check device exists */
922 handle = efi_dp_find_obj(dp, NULL, NULL);
926 /* Check device is on system partition */
927 handle = efi_dp_find_obj(dp, &efi_system_partition_guid, &rem);
935 * find_boot_device - identify the boot device
937 * Identify the boot device from boot-related variables as UEFI
938 * specification describes and put its handle into bootdev_root.
940 * Return: status code
942 static efi_status_t find_boot_device(void)
945 u16 boot_var16[9], *p, bootnext, *boot_order = NULL;
948 struct efi_simple_file_system_protocol *volume;
949 struct efi_device_path *boot_dev = NULL;
952 /* find active boot device in BootNext */
954 size = sizeof(bootnext);
955 ret = efi_get_variable_int(u"BootNext",
956 (efi_guid_t *)&efi_global_variable_guid,
957 NULL, &size, &bootnext, NULL);
958 if (ret == EFI_SUCCESS || ret == EFI_BUFFER_TOO_SMALL) {
959 /* BootNext does exist here */
960 if (ret == EFI_BUFFER_TOO_SMALL || size != sizeof(u16)) {
961 log_err("BootNext must be 16-bit integer\n");
964 sprintf((char *)boot_var, "Boot%04X", bootnext);
966 utf8_utf16_strcpy(&p, boot_var);
968 ret = get_dp_device(boot_var16, &boot_dev);
969 if (ret == EFI_SUCCESS) {
970 if (device_is_present_and_system_part(boot_dev)) {
973 efi_free_pool(boot_dev);
980 /* find active boot device in BootOrder */
982 ret = efi_get_variable_int(u"BootOrder", &efi_global_variable_guid,
983 NULL, &size, NULL, NULL);
984 if (ret == EFI_BUFFER_TOO_SMALL) {
985 boot_order = malloc(size);
987 ret = EFI_OUT_OF_RESOURCES;
991 ret = efi_get_variable_int(u"BootOrder",
992 &efi_global_variable_guid,
993 NULL, &size, boot_order, NULL);
995 if (ret != EFI_SUCCESS)
998 /* check in higher order */
999 num = size / sizeof(u16);
1000 for (i = 0; i < num; i++) {
1001 sprintf((char *)boot_var, "Boot%04X", boot_order[i]);
1003 utf8_utf16_strcpy(&p, boot_var);
1004 ret = get_dp_device(boot_var16, &boot_dev);
1005 if (ret != EFI_SUCCESS)
1008 if (device_is_present_and_system_part(boot_dev))
1011 efi_free_pool(boot_dev);
1016 log_debug("Boot device %pD\n", boot_dev);
1018 volume = efi_fs_from_path(boot_dev);
1020 ret = EFI_DEVICE_ERROR;
1022 ret = EFI_CALL(volume->open_volume(volume,
1024 efi_free_pool(boot_dev);
1026 ret = EFI_NOT_FOUND;
1035 * efi_capsule_scan_dir - traverse a capsule directory in boot device
1036 * @files: Array of file names
1037 * @num: Number of elements in @files
1039 * Traverse a capsule directory in boot device.
1040 * Called by initialization code, and returns an array of capsule file
1043 * Return: status code
1045 static efi_status_t efi_capsule_scan_dir(u16 ***files, unsigned int *num)
1047 struct efi_file_handle *dirh;
1048 struct efi_file_info *dirent;
1049 efi_uintn_t dirent_size, tmp_size;
1054 ret = find_boot_device();
1055 if (ret == EFI_NOT_FOUND) {
1056 log_debug("Boot device is not set\n");
1059 } else if (ret != EFI_SUCCESS) {
1060 return EFI_DEVICE_ERROR;
1063 /* count capsule files */
1064 ret = EFI_CALL((*bootdev_root->open)(bootdev_root, &dirh,
1066 EFI_FILE_MODE_READ, 0));
1067 if (ret != EFI_SUCCESS) {
1073 dirent = malloc(dirent_size);
1075 return EFI_OUT_OF_RESOURCES;
1079 tmp_size = dirent_size;
1080 ret = EFI_CALL((*dirh->read)(dirh, &tmp_size, dirent));
1081 if (ret == EFI_BUFFER_TOO_SMALL) {
1082 struct efi_file_info *old_dirent = dirent;
1084 dirent = realloc(dirent, tmp_size);
1086 dirent = old_dirent;
1087 ret = EFI_OUT_OF_RESOURCES;
1090 dirent_size = tmp_size;
1091 ret = EFI_CALL((*dirh->read)(dirh, &tmp_size, dirent));
1093 if (ret != EFI_SUCCESS)
1098 if (!(dirent->attribute & EFI_FILE_DIRECTORY))
1102 ret = EFI_CALL((*dirh->setpos)(dirh, 0));
1103 if (ret != EFI_SUCCESS)
1107 tmp_files = malloc(count * sizeof(*tmp_files));
1109 ret = EFI_OUT_OF_RESOURCES;
1115 tmp_size = dirent_size;
1116 ret = EFI_CALL((*dirh->read)(dirh, &tmp_size, dirent));
1117 if (ret != EFI_SUCCESS)
1122 if (!(dirent->attribute & EFI_FILE_DIRECTORY) &&
1123 u16_strcmp(dirent->file_name, u".") &&
1124 u16_strcmp(dirent->file_name, u".."))
1125 tmp_files[count++] = u16_strdup(dirent->file_name);
1127 /* ignore an error */
1128 EFI_CALL((*dirh->close)(dirh));
1131 * Capsule files are applied in case insensitive alphabetic order
1133 * TODO: special handling of rightmost period
1135 qsort(tmp_files, count, sizeof(*tmp_files),
1136 (int (*)(const void *, const void *))u16_strcasecmp);
1147 * efi_capsule_read_file - read in a capsule file
1148 * @filename: File name
1149 * @capsule: Pointer to buffer for capsule
1151 * Read a capsule file and put its content in @capsule.
1153 * Return: status code
1155 static efi_status_t efi_capsule_read_file(const u16 *filename,
1156 struct efi_capsule_header **capsule)
1158 struct efi_file_handle *dirh, *fh;
1159 struct efi_file_info *file_info = NULL;
1160 struct efi_capsule_header *buf = NULL;
1164 ret = EFI_CALL((*bootdev_root->open)(bootdev_root, &dirh,
1166 EFI_FILE_MODE_READ, 0));
1167 if (ret != EFI_SUCCESS)
1169 ret = EFI_CALL((*dirh->open)(dirh, &fh, (u16 *)filename,
1170 EFI_FILE_MODE_READ, 0));
1171 /* ignore an error */
1172 EFI_CALL((*dirh->close)(dirh));
1173 if (ret != EFI_SUCCESS)
1178 ret = EFI_CALL((*fh->getinfo)(fh, &efi_file_info_guid,
1180 if (ret == EFI_BUFFER_TOO_SMALL) {
1181 file_info = malloc(size);
1183 ret = EFI_OUT_OF_RESOURCES;
1186 ret = EFI_CALL((*fh->getinfo)(fh, &efi_file_info_guid,
1189 if (ret != EFI_SUCCESS)
1191 size = file_info->file_size;
1195 ret = EFI_OUT_OF_RESOURCES;
1200 ret = EFI_CALL((*fh->read)(fh, &size, buf));
1201 if (ret == EFI_SUCCESS) {
1202 if (size >= buf->capsule_image_size) {
1206 ret = EFI_INVALID_PARAMETER;
1212 EFI_CALL((*fh->close)(fh));
1218 * efi_capsule_delete_file - delete a capsule file
1219 * @filename: File name
1221 * Delete a capsule file from capsule directory.
1223 * Return: status code
1225 static efi_status_t efi_capsule_delete_file(const u16 *filename)
1227 struct efi_file_handle *dirh, *fh;
1230 ret = EFI_CALL((*bootdev_root->open)(bootdev_root, &dirh,
1232 EFI_FILE_MODE_READ, 0));
1233 if (ret != EFI_SUCCESS)
1235 ret = EFI_CALL((*dirh->open)(dirh, &fh, (u16 *)filename,
1236 EFI_FILE_MODE_READ, 0));
1237 /* ignore an error */
1238 EFI_CALL((*dirh->close)(dirh));
1240 if (ret == EFI_SUCCESS)
1241 ret = EFI_CALL((*fh->delete)(fh));
1247 * efi_capsule_scan_done - reset a scan help function
1249 * Reset a scan help function
1251 static void efi_capsule_scan_done(void)
1253 EFI_CALL((*bootdev_root->close)(bootdev_root));
1254 bootdev_root = NULL;
1258 * check_run_capsules() - check whether capsule update should run
1260 * The spec says OsIndications must be set in order to run the capsule update
1261 * on-disk. Since U-Boot doesn't support runtime SetVariable, allow capsules to
1262 * run explicitly if CONFIG_EFI_IGNORE_OSINDICATIONS is selected
1264 * Return: EFI_SUCCESS if update to run, EFI_NOT_FOUND otherwise
1266 static efi_status_t check_run_capsules(void)
1268 u64 os_indications = 0x0;
1272 size = sizeof(os_indications);
1273 r = efi_get_variable_int(u"OsIndications", &efi_global_variable_guid,
1274 NULL, &size, &os_indications, NULL);
1275 if (!IS_ENABLED(CONFIG_EFI_IGNORE_OSINDICATIONS) &&
1276 (r != EFI_SUCCESS || size != sizeof(os_indications)))
1277 return EFI_NOT_FOUND;
1279 if (os_indications &
1280 EFI_OS_INDICATIONS_FILE_CAPSULE_DELIVERY_SUPPORTED) {
1282 ~EFI_OS_INDICATIONS_FILE_CAPSULE_DELIVERY_SUPPORTED;
1283 r = efi_set_variable_int(u"OsIndications",
1284 &efi_global_variable_guid,
1285 EFI_VARIABLE_NON_VOLATILE |
1286 EFI_VARIABLE_BOOTSERVICE_ACCESS |
1287 EFI_VARIABLE_RUNTIME_ACCESS,
1288 sizeof(os_indications),
1289 &os_indications, false);
1290 if (r != EFI_SUCCESS)
1291 log_err("Setting %ls failed\n", L"OsIndications");
1293 } else if (IS_ENABLED(CONFIG_EFI_IGNORE_OSINDICATIONS)) {
1296 return EFI_NOT_FOUND;
1301 * efi_launch_capsule - launch capsules
1303 * Launch all the capsules in system at boot time.
1304 * Called by efi init code
1306 * Return: status codde
1308 efi_status_t efi_launch_capsules(void)
1310 struct efi_capsule_header *capsule = NULL;
1312 unsigned int nfiles, index, index_max, i;
1314 bool capsule_update = true;
1315 bool update_status = true;
1316 bool fw_accept_os = false;
1318 if (check_run_capsules() != EFI_SUCCESS)
1321 index_max = get_max_capsule();
1322 index = get_last_capsule();
1325 * Find capsules on disk.
1326 * All the capsules are collected at the beginning because
1327 * capsule files will be removed instantly.
1331 ret = efi_capsule_scan_dir(&files, &nfiles);
1332 if (ret != EFI_SUCCESS)
1337 /* Launch capsules */
1338 for (i = 0, ++index; i < nfiles; i++, index++) {
1339 log_debug("Applying %ls\n", files[i]);
1340 if (index > index_max)
1342 ret = efi_capsule_read_file(files[i], &capsule);
1343 if (ret == EFI_SUCCESS) {
1344 ret = efi_capsule_update_firmware(capsule);
1345 if (ret != EFI_SUCCESS) {
1346 log_err("Applying capsule %ls failed.\n",
1348 update_status = false;
1350 log_info("Applying capsule %ls succeeded.\n",
1352 if (IS_ENABLED(CONFIG_FWU_MULTI_BANK_UPDATE)) {
1353 fwu_post_update_checks(capsule,
1359 /* create CapsuleXXXX */
1360 set_capsule_result(index, capsule, ret);
1364 log_err("Reading capsule %ls failed\n", files[i]);
1365 update_status = false;
1367 /* delete a capsule either in case of success or failure */
1368 ret = efi_capsule_delete_file(files[i]);
1369 if (ret != EFI_SUCCESS)
1370 log_err("Deleting capsule %ls failed\n",
1374 efi_capsule_scan_done();
1376 if (IS_ENABLED(CONFIG_FWU_MULTI_BANK_UPDATE)) {
1377 if (capsule_update == true && update_status == true) {
1378 ret = fwu_post_update_process(fw_accept_os);
1379 } else if (capsule_update == true && update_status == false) {
1380 log_err("All capsules were not updated. Not updating FWU metadata\n");
1384 for (i = 0; i < nfiles; i++)
1389 * UEFI spec requires to reset system after complete processing capsule
1390 * update on the storage.
1392 log_info("Reboot after firmware update.\n");
1393 /* Cold reset is required for loading the new firmware. */
1394 sysreset_walk_halt(SYSRESET_COLD);
1396 /* not reach here */
1400 #endif /* CONFIG_EFI_CAPSULE_ON_DISK */