MdeModulePkg: Add Mu DxeCapsuleLib changes and CapsulePersistLib

- Move Capsule infrastructure to TianoCore libs rather than private. - Add the CapsulePersistLib and remove references to MsCapsuleUpdatePkg. - Add CapsulePersistLib support to DxeCapsuleLib instance. - Modify DxeCapsuleProcessLib so that UpdateImageProgress() returns sucess - Switch debug print to DEBUG_ERROR during capsule processing
microsoft · Jul 15, 2024 · 1820288 · 1820288
1 parent d10f811
commit 1820288
Show file tree

Hide file tree

Showing 10 changed files with 326 additions and 17 deletions.
diff --git a/MdeModulePkg/Include/Library/CapsulePersistLib.h b/MdeModulePkg/Include/Library/CapsulePersistLib.h
@@ -0,0 +1,53 @@
+/** @file -- CapsulePersistLib.h
+A public library interface for persisting Capsules across reset.
+
+Copyright (c) Microsoft Corporation.
+SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#ifndef CAPSULE_PERSIST_LIB_H_
+#define CAPSULE_PERSIST_LIB_H_
+
+/**
+  Persist a Capsule across reset.
+
+  @param[in]        CapsuleHeader     EFI_CAPSULE_HEADER pointing to Capsule Image to persist.
+
+  @retval     EFI_SUCCESS             Capsule was successfully persisted.
+  @retval     EFI_DEVICE_ERROR        Something went wrong while trying to persist the capsule.
+
+**/
+EFI_STATUS
+EFIAPI
+PersistCapsule (
+  IN EFI_CAPSULE_HEADER  *CapsuleHeader
+  );
+
+/**
+  Returns a pointer to a buffer of capsules.
+
+  If no persisted capsules present, CapsuleArray is not modified, and CapsuleArraySize will be set to zero.
+
+  Removes the persistent capsules from whatever the medium of persistence is.
+  Note: if return is something other than EFI_SUCESS or EFI_BUFFER_TOO_SMALL, removal of all persistent
+  capsules from persistence is not guaranteed.
+
+
+  @param[out]       CapsuleArray      Pointer to a buffer to hold the capsules.
+  @param[out]       CapsuleArraySize  On input, size of CapsuleArray allocation.
+                                      On output, size of actual buffer of capsules.
+
+  @retval       EFI_SUCCESS           Capsules were de-perisisted, and ouptut data is valid.
+  @retval       EFI_BUFFER_TOO_SMALL  CapsuleArray buffer is too small to hold all the data.
+  @retval       EFI_DEVICE_ERROR      Something went wrong while trying to retrive the capsule.
+
+**/
+EFI_STATUS
+EFIAPI
+GetPersistedCapsules (
+  OUT EFI_CAPSULE_HEADER  *CapsuleArray,
+  OUT UINTN               *CapsuleArraySize
+  );
+
+#endif // CAPSULE_PERSIST_LIB_H_
diff --git a/MdeModulePkg/Library/CapsulePersistLibNull/CapsulePersistLibNull.c b/MdeModulePkg/Library/CapsulePersistLibNull/CapsulePersistLibNull.c
@@ -0,0 +1,57 @@
+/** @file -- CapsulePersistLibNull.c
+A null implementation of the CapsulePersistLib
+
+Copyright (c) Microsoft Corporation.
+SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#include <Library/CapsulePersistLib.h>
+
+/**
+  Persist a Capsule across reset.
+
+  @param[in]        CapsuleHeader     EFI_CAPSULE_HEADER pointing to Capsule Image to persist.
+
+  @retval     EFI_SUCCESS             Capsule was successfully persisted.
+  @retval     EFI_DEVICE_ERROR        Something went wrong while trying to persist the blob.
+
+**/
+EFI_STATUS
+EFIAPI
+PersistCapsule (
+  IN EFI_CAPSULE_HEADER  *CapsuleHeader
+  )
+{
+  return EFI_SUCCESS;
+}
+
+/**
+  Returns a pointer to a buffer of capsules.
+
+  If no persisted capsules present, CapsuleArray is not modified, and CapsuleArraySize will be set to zero.
+
+  Removes the persistent capsules from whatever the medium of persistence is.
+  Note: if return is something other than EFI_SUCESS or EFI_BUFFER_TOO_SMALL, removal of all persistent
+  capsules from persistence is not guaranteed.
+
+
+  @param[out]       CapsuleArray      Pointer to a buffer to hold the capsules.
+  @param[out]       CapsuleArraySize  On input, size of CapsuleArray allocation.
+                                      On output, size of actual buffer of capsules.
+
+  @retval       EFI_SUCCESS           Capsules were de-perisisted, and ouptut data is valid.
+  @retval       EFI_BUFFER_TOO_SMALL  CapsuleArray buffer is too small to hold all the data.
+  @retval       EFI_DEVICE_ERROR      Something went wrong while trying to retrive the capsule.
+
+**/
+EFI_STATUS
+EFIAPI
+GetPersistedCapsules (
+  OUT EFI_CAPSULE_HEADER  *CapsuleArray,
+  OUT UINTN               *CapsuleArraySize
+  )
+{
+  *CapsuleArraySize = 0;
+  return EFI_SUCCESS;
+}
diff --git a/MdeModulePkg/Library/CapsulePersistLibNull/CapsulePersistLibNull.inf b/MdeModulePkg/Library/CapsulePersistLibNull/CapsulePersistLibNull.inf
@@ -0,0 +1,36 @@
+## @file CapsulePersistLibNull.inf
+# A null implementation of the CapsulePersistLib 
+#
+##
+# Copyright (c) Microsoft Corporation.
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+#
+##
+
+
+[Defines]
+  INF_VERSION         = 0x00010017
+  BASE_NAME           = CapsulePersistLibNull
+  FILE_GUID           = 96AAE710-21AB-4881-9D92-8AD19479BB36
+  VERSION_STRING      = 1.0
+  MODULE_TYPE         = DXE_RUNTIME_DRIVER
+  LIBRARY_CLASS       = CapsulePersistLib
+
+#
+# The following information is for reference only and not required by the build tools.
+#
+#  VALID_ARCHITECTURES           = IA32 X64
+#
+
+
+[Sources]
+  CapsulePersistLibNull.c
+
+
+[Packages]
+  MdePkg/MdePkg.dec
+  MdeModulePkg/MdeModulePkg.dec
+
+
+[LibraryClasses]
+
diff --git a/MdeModulePkg/Library/DxeCapsuleLibFmp/DxeCapsuleLib.c b/MdeModulePkg/Library/DxeCapsuleLibFmp/DxeCapsuleLib.c
@@ -27,13 +27,15 @@
 #include <Library/DebugLib.h>
 #include <Library/BaseMemoryLib.h>
 #include <Library/DxeServicesTableLib.h>
+#include <Library/UefiBootManagerLib.h>         // MU_CHANGE - Support ConnectAll after loading.
 #include <Library/UefiBootServicesTableLib.h>
 #include <Library/UefiRuntimeServicesTableLib.h>
 #include <Library/MemoryAllocationLib.h>
 #include <Library/CapsuleLib.h>
 #include <Library/DevicePathLib.h>
 #include <Library/UefiLib.h>
 #include <Library/BmpSupportLib.h>
+#include <Library/CapsulePersistLib.h> // MU_CHANGE - Enable Capsule Persist Lib.
 
 #include <Protocol/GraphicsOutput.h>
 #include <Protocol/EsrtManagement.h>
@@ -251,6 +253,16 @@ ValidateFmpCapsule (
 
   FmpCapsuleHeaderSize = sizeof (EFI_FIRMWARE_MANAGEMENT_CAPSULE_HEADER) + sizeof (UINT64)*ItemNum;
 
+  // MU_CHANGE [BEGIN]
+  // Currently we do not support Embedded Drivers.
+  // This opens up concerns about validating the driver as we can't trust secure boot chain (pk)
+  if (FmpCapsuleHeader->EmbeddedDriverCount != 0) {
+    DEBUG ((DEBUG_ERROR, "%a - FMP Capsule contains an embedded driver.  This is not supported by this implementation\n", __FUNCTION__));
+    return EFI_UNSUPPORTED;
+  }
+
+  // MU_CHANGE [END]
+
   // Check ItemOffsetList
   for (Index = 0; Index < ItemNum; Index++) {
     if (ItemOffsetList[Index] >= FmpCapsuleSize) {
@@ -1219,6 +1231,16 @@ ProcessFmpCapsuleImage (
   BOOLEAN                                       NotReady;
   BOOLEAN                                       Abort;
 
+  // MU_CHANGE [BEGIN]
+  // Validate the capsule (perhaps again) before processing in case some one calls
+  // ProcessFmpCapsuleImage() before or without calling ValidateFmpCapsule()
+  Status = ValidateFmpCapsule (CapsuleHeader, NULL);
+  if (EFI_ERROR (Status)) {
+    return Status;
+  }
+
+  // MU_CHANGE [END]
+
   if (!IsFmpCapsuleGuid (&CapsuleHeader->CapsuleGuid)) {
     return ProcessFmpCapsuleImage ((EFI_CAPSULE_HEADER *)((UINTN)CapsuleHeader + CapsuleHeader->HeaderSize), CapFileName, ResetRequired);
   }
@@ -1245,6 +1267,14 @@ ProcessFmpCapsuleImage (
     return EFI_SUCCESS;
   }
 
+  // MU_CHANGE [BEGIN]
+  // ConnectAll to ensure
+  //    All the communication protocol required by driver in capsule installed
+  //    All FMP protocols are installed
+  //
+  EfiBootManagerConnectAll ();
+  // MU_CHANGE [END]
+
   //
   // 1. Try to load & start all the drivers within capsule
   //
@@ -1270,6 +1300,15 @@ ProcessFmpCapsuleImage (
     }
   }
 
+  // MU_CHANGE [BEGIN]
+  // Connnect all again to connect drivers within capsule
+  //
+  if (FmpCapsuleHeader->EmbeddedDriverCount > 0) {
+    EfiBootManagerConnectAll ();
+  }
+
+  // MU_CHANGE [END]
+
   //
   // 2. Route payload to right FMP instance
   //
@@ -1630,7 +1669,11 @@ StageCapsuleImage (
   IN EFI_CAPSULE_HEADER  *CapsuleHeader
   )
 {
-  return EFI_SUCCESS;
+  if (SupportCapsuleImage (CapsuleHeader) != EFI_SUCCESS) {
+    return EFI_UNSUPPORTED;
+  }
+
+  return PersistCapsule (CapsuleHeader);
 }
 
 // MU_CHANGE - END

diff --git a/MdeModulePkg/Library/DxeCapsuleLibFmp/DxeCapsuleLib.inf b/MdeModulePkg/Library/DxeCapsuleLibFmp/DxeCapsuleLib.inf
@@ -4,6 +4,7 @@
 #  Capsule library instance for DXE_DRIVER module types.
 #
 #  Copyright (c) 2016 - 2021, Intel Corporation. All rights reserved.<BR>
+#  Copyright (c) Microsoft Corporation.
 #  SPDX-License-Identifier: BSD-2-Clause-Patent
 #
 ##
@@ -52,6 +53,8 @@
   FileHandleLib
   UefiBootManagerLib
   VariablePolicyHelperLib
+  ResetUtilityLib               ## MU_CHANGE - Use the enhanced reset subtype.
+  CapsulePersistLib             ## MU_CHANGE - Enable Capsule Persist Lib.
 
 [Pcd]
   gEfiMdeModulePkgTokenSpaceGuid.PcdCapsuleMax                               ## CONSUMES
@@ -97,6 +100,7 @@
   ## SOMETIMES_PRODUCES ## Variable:L"BootNext"
   gEfiGlobalVariableGuid
   gEdkiiCapsuleOnDiskNameGuid             ## SOMETIMES_CONSUMES ## GUID
+  gCapsuleUpdateCompleteResetGuid         ## MU_CHANGE - Use the enhanced reset subtype.
 
 [Depex]
   gEfiVariableWriteArchProtocolGuid