1 // SPDX-License-Identifier: GPL-2.0+
2 /*
3 * EFI Capsule
4 *
5 * Copyright (c) 2018 Linaro Limited
6 * Author: AKASHI Takahiro
7 */
8
9 #include <common.h>
10 #include <efi_loader.h>
11 #include <efi_variable.h>
12 #include <fs.h>
13 #include <malloc.h>
14 #include <mapmem.h>
15 #include <sort.h>
16
17 #include <crypto/pkcs7.h>
18 #include <crypto/pkcs7_parser.h>
19 #include <linux/err.h>
20
21 const efi_guid_t efi_guid_capsule_report = EFI_CAPSULE_REPORT_GUID;
22 static const efi_guid_t efi_guid_firmware_management_capsule_id =
23 EFI_FIRMWARE_MANAGEMENT_CAPSULE_ID_GUID;
24 const efi_guid_t efi_guid_firmware_management_protocol =
25 EFI_FIRMWARE_MANAGEMENT_PROTOCOL_GUID;
26
27 #ifdef CONFIG_EFI_CAPSULE_ON_DISK
28 /* for file system access */
29 static struct efi_file_handle *bootdev_root;
30 #endif
31
32 /**
33 * get_last_capsule - get the last capsule index
34 *
35 * Retrieve the index of the capsule invoked last time from "CapsuleLast"
36 * variable.
37 *
38 * Return:
39 * * > 0 - the last capsule index invoked
40 * * 0xffff - on error, or no capsule invoked yet
41 */
get_last_capsule(void)42 static __maybe_unused unsigned int get_last_capsule(void)
43 {
44 u16 value16[11]; /* "CapsuleXXXX": non-null-terminated */
45 char value[5];
46 efi_uintn_t size;
47 unsigned long index = 0xffff;
48 efi_status_t ret;
49 int i;
50
51 size = sizeof(value16);
52 ret = efi_get_variable_int(L"CapsuleLast", &efi_guid_capsule_report,
53 NULL, &size, value16, NULL);
54 if (ret != EFI_SUCCESS || size != 22 ||
55 u16_strncmp(value16, L"Capsule", 7))
56 goto err;
57 for (i = 0; i < 4; ++i) {
58 u16 c = value16[i + 7];
59
60 if (!c || c > 0x7f)
61 goto err;
62 value[i] = c;
63 }
64 value[4] = 0;
65 if (strict_strtoul(value, 16, &index))
66 index = 0xffff;
67 err:
68 return index;
69 }
70
71 /**
72 * set_capsule_result - set a result variable
73 * @capsule: Capsule
74 * @return_status: Return status
75 *
76 * Create and set a result variable, "CapsuleXXXX", for the capsule,
77 * @capsule.
78 */
79 static __maybe_unused
set_capsule_result(int index,struct efi_capsule_header * capsule,efi_status_t return_status)80 void set_capsule_result(int index, struct efi_capsule_header *capsule,
81 efi_status_t return_status)
82 {
83 u16 variable_name16[12];
84 struct efi_capsule_result_variable_header result;
85 struct efi_time time;
86 efi_status_t ret;
87
88 efi_create_indexed_name(variable_name16, sizeof(variable_name16),
89 "Capsule", index);
90 result.variable_total_size = sizeof(result);
91 result.capsule_guid = capsule->capsule_guid;
92 ret = EFI_CALL((*efi_runtime_services.get_time)(&time, NULL));
93 if (ret == EFI_SUCCESS)
94 memcpy(&result.capsule_processed, &time, sizeof(time));
95 else
96 memset(&result.capsule_processed, 0, sizeof(time));
97 result.capsule_status = return_status;
98 ret = efi_set_variable(variable_name16, &efi_guid_capsule_report,
99 EFI_VARIABLE_NON_VOLATILE |
100 EFI_VARIABLE_BOOTSERVICE_ACCESS |
101 EFI_VARIABLE_RUNTIME_ACCESS,
102 sizeof(result), &result);
103 if (ret)
104 log_err("EFI: creating %ls failed\n", variable_name16);
105 }
106
107 #ifdef CONFIG_EFI_CAPSULE_FIRMWARE_MANAGEMENT
108 /**
109 * efi_fmp_find - search for Firmware Management Protocol drivers
110 * @image_type: Image type guid
111 * @instance: Instance number
112 * @handles: Handles of FMP drivers
113 * @no_handles: Number of handles
114 *
115 * Search for Firmware Management Protocol drivers, matching the image
116 * type, @image_type and the machine instance, @instance, from the list,
117 * @handles.
118 *
119 * Return:
120 * * Protocol instance - on success
121 * * NULL - on failure
122 */
123 static struct efi_firmware_management_protocol *
efi_fmp_find(efi_guid_t * image_type,u64 instance,efi_handle_t * handles,efi_uintn_t no_handles)124 efi_fmp_find(efi_guid_t *image_type, u64 instance, efi_handle_t *handles,
125 efi_uintn_t no_handles)
126 {
127 efi_handle_t *handle;
128 struct efi_firmware_management_protocol *fmp;
129 struct efi_firmware_image_descriptor *image_info, *desc;
130 efi_uintn_t info_size, descriptor_size;
131 u32 descriptor_version;
132 u8 descriptor_count;
133 u32 package_version;
134 u16 *package_version_name;
135 bool found = false;
136 int i, j;
137 efi_status_t ret;
138
139 for (i = 0, handle = handles; i < no_handles; i++, handle++) {
140 ret = EFI_CALL(efi_handle_protocol(
141 *handle,
142 &efi_guid_firmware_management_protocol,
143 (void **)&fmp));
144 if (ret != EFI_SUCCESS)
145 continue;
146
147 /* get device's image info */
148 info_size = 0;
149 image_info = NULL;
150 descriptor_version = 0;
151 descriptor_count = 0;
152 descriptor_size = 0;
153 package_version = 0;
154 package_version_name = NULL;
155 ret = EFI_CALL(fmp->get_image_info(fmp, &info_size,
156 image_info,
157 &descriptor_version,
158 &descriptor_count,
159 &descriptor_size,
160 &package_version,
161 &package_version_name));
162 if (ret != EFI_BUFFER_TOO_SMALL)
163 goto skip;
164
165 image_info = malloc(info_size);
166 if (!image_info)
167 goto skip;
168
169 ret = EFI_CALL(fmp->get_image_info(fmp, &info_size,
170 image_info,
171 &descriptor_version,
172 &descriptor_count,
173 &descriptor_size,
174 &package_version,
175 &package_version_name));
176 if (ret != EFI_SUCCESS ||
177 descriptor_version != EFI_FIRMWARE_IMAGE_DESCRIPTOR_VERSION)
178 goto skip;
179
180 /* matching */
181 for (j = 0, desc = image_info; j < descriptor_count;
182 j++, desc = (void *)desc + descriptor_size) {
183 log_debug("+++ desc[%d] index: %d, name: %ls\n",
184 j, desc->image_index, desc->image_id_name);
185 if (!guidcmp(&desc->image_type_id, image_type) &&
186 (!instance ||
187 !desc->hardware_instance ||
188 desc->hardware_instance == instance))
189 found = true;
190 }
191
192 skip:
193 efi_free_pool(package_version_name);
194 free(image_info);
195 EFI_CALL(efi_close_protocol(
196 (efi_handle_t)fmp,
197 &efi_guid_firmware_management_protocol,
198 NULL, NULL));
199 if (found)
200 return fmp;
201 }
202
203 return NULL;
204 }
205
206 #if defined(CONFIG_EFI_CAPSULE_AUTHENTICATE)
207
208 const efi_guid_t efi_guid_capsule_root_cert_guid =
209 EFI_FIRMWARE_MANAGEMENT_CAPSULE_ID_GUID;
210
efi_capsule_authenticate(const void * capsule,efi_uintn_t capsule_size,void ** image,efi_uintn_t * image_size)211 efi_status_t efi_capsule_authenticate(const void *capsule, efi_uintn_t capsule_size,
212 void **image, efi_uintn_t *image_size)
213 {
214 u8 *buf;
215 int ret;
216 void *fdt_pkey, *pkey;
217 efi_uintn_t pkey_len;
218 uint64_t monotonic_count;
219 struct efi_signature_store *truststore;
220 struct pkcs7_message *capsule_sig;
221 struct efi_image_regions *regs;
222 struct efi_firmware_image_authentication *auth_hdr;
223 efi_status_t status;
224
225 status = EFI_SECURITY_VIOLATION;
226 capsule_sig = NULL;
227 truststore = NULL;
228 regs = NULL;
229
230 /* Sanity checks */
231 if (capsule == NULL || capsule_size == 0)
232 goto out;
233
234 auth_hdr = (struct efi_firmware_image_authentication *)capsule;
235 if (capsule_size < sizeof(*auth_hdr))
236 goto out;
237
238 if (auth_hdr->auth_info.hdr.dwLength <=
239 offsetof(struct win_certificate_uefi_guid, cert_data))
240 goto out;
241
242 if (guidcmp(&auth_hdr->auth_info.cert_type, &efi_guid_cert_type_pkcs7))
243 goto out;
244
245 *image = (uint8_t *)capsule + sizeof(auth_hdr->monotonic_count) +
246 auth_hdr->auth_info.hdr.dwLength;
247 *image_size = capsule_size - auth_hdr->auth_info.hdr.dwLength -
248 sizeof(auth_hdr->monotonic_count);
249 memcpy(&monotonic_count, &auth_hdr->monotonic_count,
250 sizeof(monotonic_count));
251
252 /* data to be digested */
253 regs = calloc(sizeof(*regs) + sizeof(struct image_region) * 2, 1);
254 if (!regs)
255 goto out;
256
257 regs->max = 2;
258 efi_image_region_add(regs, (uint8_t *)*image,
259 (uint8_t *)*image + *image_size, 1);
260
261 efi_image_region_add(regs, (uint8_t *)&monotonic_count,
262 (uint8_t *)&monotonic_count + sizeof(monotonic_count),
263 1);
264
265 capsule_sig = efi_parse_pkcs7_header(auth_hdr->auth_info.cert_data,
266 auth_hdr->auth_info.hdr.dwLength
267 - sizeof(auth_hdr->auth_info),
268 &buf);
269 if (IS_ERR(capsule_sig)) {
270 debug("Parsing variable's pkcs7 header failed\n");
271 capsule_sig = NULL;
272 goto out;
273 }
274
275 ret = efi_get_public_key_data(&fdt_pkey, &pkey_len);
276 if (ret < 0)
277 goto out;
278
279 pkey = malloc(pkey_len);
280 if (!pkey)
281 goto out;
282
283 memcpy(pkey, fdt_pkey, pkey_len);
284 truststore = efi_build_signature_store(pkey, pkey_len);
285 if (!truststore)
286 goto out;
287
288 /* verify signature */
289 if (efi_signature_verify(regs, capsule_sig, truststore, NULL)) {
290 debug("Verified\n");
291 } else {
292 debug("Verifying variable's signature failed\n");
293 goto out;
294 }
295
296 status = EFI_SUCCESS;
297
298 out:
299 efi_sigstore_free(truststore);
300 pkcs7_free_message(capsule_sig);
301 free(regs);
302
303 return status;
304 }
305 #else
efi_capsule_authenticate(const void * capsule,efi_uintn_t capsule_size,void ** image,efi_uintn_t * image_size)306 efi_status_t efi_capsule_authenticate(const void *capsule, efi_uintn_t capsule_size,
307 void **image, efi_uintn_t *image_size)
308 {
309 return EFI_UNSUPPORTED;
310 }
311 #endif /* CONFIG_EFI_CAPSULE_AUTHENTICATE */
312
313
314 /**
315 * efi_capsule_update_firmware - update firmware from capsule
316 * @capsule_data: Capsule
317 *
318 * Update firmware, using a capsule, @capsule_data. Loading any FMP
319 * drivers embedded in a capsule is not supported.
320 *
321 * Return: status code
322 */
efi_capsule_update_firmware(struct efi_capsule_header * capsule_data)323 static efi_status_t efi_capsule_update_firmware(
324 struct efi_capsule_header *capsule_data)
325 {
326 struct efi_firmware_management_capsule_header *capsule;
327 struct efi_firmware_management_capsule_image_header *image;
328 size_t capsule_size;
329 void *image_binary, *vendor_code;
330 efi_handle_t *handles;
331 efi_uintn_t no_handles;
332 int item;
333 struct efi_firmware_management_protocol *fmp;
334 u16 *abort_reason;
335 efi_status_t ret = EFI_SUCCESS;
336
337 /* sanity check */
338 if (capsule_data->header_size < sizeof(*capsule) ||
339 capsule_data->header_size >= capsule_data->capsule_image_size)
340 return EFI_INVALID_PARAMETER;
341
342 capsule = (void *)capsule_data + capsule_data->header_size;
343 capsule_size = capsule_data->capsule_image_size
344 - capsule_data->header_size;
345
346 if (capsule->version != 0x00000001)
347 return EFI_UNSUPPORTED;
348
349 handles = NULL;
350 ret = EFI_CALL(efi_locate_handle_buffer(
351 BY_PROTOCOL,
352 &efi_guid_firmware_management_protocol,
353 NULL, &no_handles, (efi_handle_t **)&handles));
354 if (ret != EFI_SUCCESS)
355 return EFI_UNSUPPORTED;
356
357 /* Payload */
358 for (item = capsule->embedded_driver_count;
359 item < capsule->embedded_driver_count
360 + capsule->payload_item_count; item++) {
361 /* sanity check */
362 if ((capsule->item_offset_list[item] + sizeof(*image)
363 >= capsule_size)) {
364 log_err("EFI: A capsule has not enough data\n");
365 ret = EFI_INVALID_PARAMETER;
366 goto out;
367 }
368
369 image = (void *)capsule + capsule->item_offset_list[item];
370
371 if (image->version != 0x00000003) {
372 ret = EFI_UNSUPPORTED;
373 goto out;
374 }
375
376 /* find a device for update firmware */
377 /* TODO: should we pass index as well, or nothing but type? */
378 fmp = efi_fmp_find(&image->update_image_type_id,
379 image->update_hardware_instance,
380 handles, no_handles);
381 if (!fmp) {
382 log_err("EFI Capsule: driver not found for firmware type: %pUl, hardware instance: %lld\n",
383 &image->update_image_type_id,
384 image->update_hardware_instance);
385 ret = EFI_UNSUPPORTED;
386 goto out;
387 }
388
389 /* do update */
390 image_binary = (void *)image + sizeof(*image);
391 vendor_code = image_binary + image->update_image_size;
392
393 abort_reason = NULL;
394 ret = EFI_CALL(fmp->set_image(fmp, image->update_image_index,
395 image_binary,
396 image->update_image_size,
397 vendor_code, NULL,
398 &abort_reason));
399 if (ret != EFI_SUCCESS) {
400 log_err("EFI Capsule: firmware update failed: %ls\n",
401 abort_reason);
402 efi_free_pool(abort_reason);
403 goto out;
404 }
405 }
406
407 out:
408 efi_free_pool(handles);
409
410 return ret;
411 }
412 #else
efi_capsule_update_firmware(struct efi_capsule_header * capsule_data)413 static efi_status_t efi_capsule_update_firmware(
414 struct efi_capsule_header *capsule_data)
415 {
416 return EFI_UNSUPPORTED;
417 }
418 #endif /* CONFIG_EFI_CAPSULE_FIRMWARE_MANAGEMENT */
419
420 /**
421 * efi_update_capsule() - process information from operating system
422 * @capsule_header_array: Array of virtual address pointers
423 * @capsule_count: Number of pointers in capsule_header_array
424 * @scatter_gather_list: Array of physical address pointers
425 *
426 * This function implements the UpdateCapsule() runtime service.
427 *
428 * See the Unified Extensible Firmware Interface (UEFI) specification for
429 * details.
430 *
431 * Return: status code
432 */
efi_update_capsule(struct efi_capsule_header ** capsule_header_array,efi_uintn_t capsule_count,u64 scatter_gather_list)433 efi_status_t EFIAPI efi_update_capsule(
434 struct efi_capsule_header **capsule_header_array,
435 efi_uintn_t capsule_count,
436 u64 scatter_gather_list)
437 {
438 struct efi_capsule_header *capsule;
439 unsigned int i;
440 efi_status_t ret;
441
442 EFI_ENTRY("%p, %zu, %llu\n", capsule_header_array, capsule_count,
443 scatter_gather_list);
444
445 if (!capsule_count) {
446 ret = EFI_INVALID_PARAMETER;
447 goto out;
448 }
449
450 ret = EFI_SUCCESS;
451 for (i = 0, capsule = *capsule_header_array; i < capsule_count;
452 i++, capsule = *(++capsule_header_array)) {
453 /* sanity check */
454 if (capsule->header_size < sizeof(*capsule) ||
455 capsule->capsule_image_size < sizeof(*capsule)) {
456 log_err("EFI: A capsule has not enough data\n");
457 continue;
458 }
459
460 log_debug("Capsule[%d] (guid:%pUl)\n",
461 i, &capsule->capsule_guid);
462 if (!guidcmp(&capsule->capsule_guid,
463 &efi_guid_firmware_management_capsule_id)) {
464 ret = efi_capsule_update_firmware(capsule);
465 } else {
466 log_err("EFI: not support capsule type: %pUl\n",
467 &capsule->capsule_guid);
468 ret = EFI_UNSUPPORTED;
469 }
470
471 if (ret != EFI_SUCCESS)
472 goto out;
473 }
474
475 if (IS_ENABLED(CONFIG_EFI_ESRT)) {
476 /* Rebuild the ESRT to reflect any updated FW images. */
477 ret = efi_esrt_populate();
478 if (ret != EFI_SUCCESS)
479 log_warning("EFI Capsule: failed to update ESRT\n");
480 }
481 out:
482
483 return EFI_EXIT(ret);
484 }
485
486 /**
487 * efi_query_capsule_caps() - check if capsule is supported
488 * @capsule_header_array: Array of virtual pointers
489 * @capsule_count: Number of pointers in capsule_header_array
490 * @maximum_capsule_size: Maximum capsule size
491 * @reset_type: Type of reset needed for capsule update
492 *
493 * This function implements the QueryCapsuleCapabilities() runtime service.
494 *
495 * See the Unified Extensible Firmware Interface (UEFI) specification for
496 * details.
497 *
498 * Return: status code
499 */
efi_query_capsule_caps(struct efi_capsule_header ** capsule_header_array,efi_uintn_t capsule_count,u64 * maximum_capsule_size,u32 * reset_type)500 efi_status_t EFIAPI efi_query_capsule_caps(
501 struct efi_capsule_header **capsule_header_array,
502 efi_uintn_t capsule_count,
503 u64 *maximum_capsule_size,
504 u32 *reset_type)
505 {
506 struct efi_capsule_header *capsule __attribute__((unused));
507 unsigned int i;
508 efi_status_t ret;
509
510 EFI_ENTRY("%p, %zu, %p, %p\n", capsule_header_array, capsule_count,
511 maximum_capsule_size, reset_type);
512
513 if (!maximum_capsule_size) {
514 ret = EFI_INVALID_PARAMETER;
515 goto out;
516 }
517
518 *maximum_capsule_size = U64_MAX;
519 *reset_type = EFI_RESET_COLD;
520
521 ret = EFI_SUCCESS;
522 for (i = 0, capsule = *capsule_header_array; i < capsule_count;
523 i++, capsule = *(++capsule_header_array)) {
524 /* TODO */
525 }
526 out:
527 return EFI_EXIT(ret);
528 }
529
530 #ifdef CONFIG_EFI_CAPSULE_ON_DISK
531 /**
532 * get_dp_device - retrieve a device path from boot variable
533 * @boot_var: Boot variable name
534 * @device_dp Device path
535 *
536 * Retrieve a device patch from boot variable, @boot_var.
537 *
538 * Return: status code
539 */
get_dp_device(u16 * boot_var,struct efi_device_path ** device_dp)540 static efi_status_t get_dp_device(u16 *boot_var,
541 struct efi_device_path **device_dp)
542 {
543 void *buf = NULL;
544 efi_uintn_t size;
545 struct efi_load_option lo;
546 struct efi_device_path *file_dp;
547 efi_status_t ret;
548
549 size = 0;
550 ret = efi_get_variable_int(boot_var, &efi_global_variable_guid,
551 NULL, &size, NULL, NULL);
552 if (ret == EFI_BUFFER_TOO_SMALL) {
553 buf = malloc(size);
554 if (!buf)
555 return EFI_OUT_OF_RESOURCES;
556 ret = efi_get_variable_int(boot_var, &efi_global_variable_guid,
557 NULL, &size, buf, NULL);
558 }
559 if (ret != EFI_SUCCESS)
560 return ret;
561
562 efi_deserialize_load_option(&lo, buf, &size);
563
564 if (lo.attributes & LOAD_OPTION_ACTIVE) {
565 efi_dp_split_file_path(lo.file_path, device_dp, &file_dp);
566 efi_free_pool(file_dp);
567
568 ret = EFI_SUCCESS;
569 } else {
570 ret = EFI_NOT_FOUND;
571 }
572
573 free(buf);
574
575 return ret;
576 }
577
578 /**
579 * device_is_present_and_system_part - check if a device exists
580 * @dp Device path
581 *
582 * Check if a device pointed to by the device path, @dp, exists and is
583 * located in UEFI system partition.
584 *
585 * Return: true - yes, false - no
586 */
device_is_present_and_system_part(struct efi_device_path * dp)587 static bool device_is_present_and_system_part(struct efi_device_path *dp)
588 {
589 efi_handle_t handle;
590
591 handle = efi_dp_find_obj(dp, NULL);
592 if (!handle)
593 return false;
594
595 return efi_disk_is_system_part(handle);
596 }
597
598 /**
599 * find_boot_device - identify the boot device
600 *
601 * Identify the boot device from boot-related variables as UEFI
602 * specification describes and put its handle into bootdev_root.
603 *
604 * Return: status code
605 */
find_boot_device(void)606 static efi_status_t find_boot_device(void)
607 {
608 char boot_var[9];
609 u16 boot_var16[9], *p, bootnext, *boot_order = NULL;
610 efi_uintn_t size;
611 int i, num;
612 struct efi_simple_file_system_protocol *volume;
613 struct efi_device_path *boot_dev = NULL;
614 efi_status_t ret;
615
616 /* find active boot device in BootNext */
617 bootnext = 0;
618 size = sizeof(bootnext);
619 ret = efi_get_variable_int(L"BootNext",
620 (efi_guid_t *)&efi_global_variable_guid,
621 NULL, &size, &bootnext, NULL);
622 if (ret == EFI_SUCCESS || ret == EFI_BUFFER_TOO_SMALL) {
623 /* BootNext does exist here */
624 if (ret == EFI_BUFFER_TOO_SMALL || size != sizeof(u16)) {
625 log_err("BootNext must be 16-bit integer\n");
626 goto skip;
627 }
628 sprintf((char *)boot_var, "Boot%04X", bootnext);
629 p = boot_var16;
630 utf8_utf16_strcpy(&p, boot_var);
631
632 ret = get_dp_device(boot_var16, &boot_dev);
633 if (ret == EFI_SUCCESS) {
634 if (device_is_present_and_system_part(boot_dev)) {
635 goto out;
636 } else {
637 efi_free_pool(boot_dev);
638 boot_dev = NULL;
639 }
640 }
641 }
642
643 skip:
644 /* find active boot device in BootOrder */
645 size = 0;
646 ret = efi_get_variable_int(L"BootOrder", &efi_global_variable_guid,
647 NULL, &size, NULL, NULL);
648 if (ret == EFI_BUFFER_TOO_SMALL) {
649 boot_order = malloc(size);
650 if (!boot_order) {
651 ret = EFI_OUT_OF_RESOURCES;
652 goto out;
653 }
654
655 ret = efi_get_variable_int(L"BootOrder",
656 &efi_global_variable_guid,
657 NULL, &size, boot_order, NULL);
658 }
659 if (ret != EFI_SUCCESS)
660 goto out;
661
662 /* check in higher order */
663 num = size / sizeof(u16);
664 for (i = 0; i < num; i++) {
665 sprintf((char *)boot_var, "Boot%04X", boot_order[i]);
666 p = boot_var16;
667 utf8_utf16_strcpy(&p, boot_var);
668 ret = get_dp_device(boot_var16, &boot_dev);
669 if (ret != EFI_SUCCESS)
670 continue;
671
672 if (device_is_present_and_system_part(boot_dev))
673 break;
674
675 efi_free_pool(boot_dev);
676 boot_dev = NULL;
677 }
678 if (boot_dev) {
679 u16 *path_str;
680
681 path_str = efi_dp_str(boot_dev);
682 log_debug("EFI Capsule: bootdev is %ls\n", path_str);
683 efi_free_pool(path_str);
684
685 volume = efi_fs_from_path(boot_dev);
686 if (!volume)
687 ret = EFI_DEVICE_ERROR;
688 else
689 ret = EFI_CALL(volume->open_volume(volume,
690 &bootdev_root));
691 efi_free_pool(boot_dev);
692 } else {
693 ret = EFI_NOT_FOUND;
694 }
695 out:
696 free(boot_order);
697
698 return ret;
699 }
700
701 /**
702 * efi_capsule_scan_dir - traverse a capsule directory in boot device
703 * @files: Array of file names
704 * @num: Number of elements in @files
705 *
706 * Traverse a capsule directory in boot device.
707 * Called by initialization code, and returns an array of capsule file
708 * names in @files.
709 *
710 * Return: status code
711 */
efi_capsule_scan_dir(u16 *** files,unsigned int * num)712 static efi_status_t efi_capsule_scan_dir(u16 ***files, unsigned int *num)
713 {
714 struct efi_file_handle *dirh;
715 struct efi_file_info *dirent;
716 efi_uintn_t dirent_size, tmp_size;
717 unsigned int count;
718 u16 **tmp_files;
719 efi_status_t ret;
720
721 ret = find_boot_device();
722 if (ret == EFI_NOT_FOUND) {
723 log_debug("EFI Capsule: bootdev is not set\n");
724 *num = 0;
725 return EFI_SUCCESS;
726 } else if (ret != EFI_SUCCESS) {
727 return EFI_DEVICE_ERROR;
728 }
729
730 /* count capsule files */
731 ret = EFI_CALL((*bootdev_root->open)(bootdev_root, &dirh,
732 EFI_CAPSULE_DIR,
733 EFI_FILE_MODE_READ, 0));
734 if (ret != EFI_SUCCESS) {
735 *num = 0;
736 return EFI_SUCCESS;
737 }
738
739 dirent_size = 256;
740 dirent = malloc(dirent_size);
741 if (!dirent)
742 return EFI_OUT_OF_RESOURCES;
743
744 count = 0;
745 while (1) {
746 tmp_size = dirent_size;
747 ret = EFI_CALL((*dirh->read)(dirh, &tmp_size, dirent));
748 if (ret == EFI_BUFFER_TOO_SMALL) {
749 struct efi_file_info *old_dirent = dirent;
750
751 dirent = realloc(dirent, tmp_size);
752 if (!dirent) {
753 dirent = old_dirent;
754 ret = EFI_OUT_OF_RESOURCES;
755 goto err;
756 }
757 dirent_size = tmp_size;
758 ret = EFI_CALL((*dirh->read)(dirh, &tmp_size, dirent));
759 }
760 if (ret != EFI_SUCCESS)
761 goto err;
762 if (!tmp_size)
763 break;
764
765 if (!(dirent->attribute & EFI_FILE_DIRECTORY))
766 count++;
767 }
768
769 ret = EFI_CALL((*dirh->setpos)(dirh, 0));
770 if (ret != EFI_SUCCESS)
771 goto err;
772
773 /* make a list */
774 tmp_files = malloc(count * sizeof(*tmp_files));
775 if (!tmp_files) {
776 ret = EFI_OUT_OF_RESOURCES;
777 goto err;
778 }
779
780 count = 0;
781 while (1) {
782 tmp_size = dirent_size;
783 ret = EFI_CALL((*dirh->read)(dirh, &tmp_size, dirent));
784 if (ret != EFI_SUCCESS)
785 goto err;
786 if (!tmp_size)
787 break;
788
789 if (!(dirent->attribute & EFI_FILE_DIRECTORY) &&
790 u16_strcmp(dirent->file_name, L".") &&
791 u16_strcmp(dirent->file_name, L".."))
792 tmp_files[count++] = u16_strdup(dirent->file_name);
793 }
794 /* ignore an error */
795 EFI_CALL((*dirh->close)(dirh));
796
797 /* in ascii order */
798 /* FIXME: u16 version of strcasecmp */
799 qsort(tmp_files, count, sizeof(*tmp_files),
800 (int (*)(const void *, const void *))strcasecmp);
801 *files = tmp_files;
802 *num = count;
803 ret = EFI_SUCCESS;
804 err:
805 free(dirent);
806
807 return ret;
808 }
809
810 /**
811 * efi_capsule_read_file - read in a capsule file
812 * @filename: File name
813 * @capsule: Pointer to buffer for capsule
814 *
815 * Read a capsule file and put its content in @capsule.
816 *
817 * Return: status code
818 */
efi_capsule_read_file(const u16 * filename,struct efi_capsule_header ** capsule)819 static efi_status_t efi_capsule_read_file(const u16 *filename,
820 struct efi_capsule_header **capsule)
821 {
822 struct efi_file_handle *dirh, *fh;
823 struct efi_file_info *file_info = NULL;
824 struct efi_capsule_header *buf = NULL;
825 efi_uintn_t size;
826 efi_status_t ret;
827
828 ret = EFI_CALL((*bootdev_root->open)(bootdev_root, &dirh,
829 EFI_CAPSULE_DIR,
830 EFI_FILE_MODE_READ, 0));
831 if (ret != EFI_SUCCESS)
832 return ret;
833 ret = EFI_CALL((*dirh->open)(dirh, &fh, (u16 *)filename,
834 EFI_FILE_MODE_READ, 0));
835 /* ignore an error */
836 EFI_CALL((*dirh->close)(dirh));
837 if (ret != EFI_SUCCESS)
838 return ret;
839
840 /* file size */
841 size = 0;
842 ret = EFI_CALL((*fh->getinfo)(fh, &efi_file_info_guid,
843 &size, file_info));
844 if (ret == EFI_BUFFER_TOO_SMALL) {
845 file_info = malloc(size);
846 if (!file_info) {
847 ret = EFI_OUT_OF_RESOURCES;
848 goto err;
849 }
850 ret = EFI_CALL((*fh->getinfo)(fh, &efi_file_info_guid,
851 &size, file_info));
852 }
853 if (ret != EFI_SUCCESS)
854 goto err;
855 size = file_info->file_size;
856 free(file_info);
857 buf = malloc(size);
858 if (!buf) {
859 ret = EFI_OUT_OF_RESOURCES;
860 goto err;
861 }
862
863 /* fetch data */
864 ret = EFI_CALL((*fh->read)(fh, &size, buf));
865 if (ret == EFI_SUCCESS) {
866 if (size >= buf->capsule_image_size) {
867 *capsule = buf;
868 } else {
869 free(buf);
870 ret = EFI_INVALID_PARAMETER;
871 }
872 } else {
873 free(buf);
874 }
875 err:
876 EFI_CALL((*fh->close)(fh));
877
878 return ret;
879 }
880
881 /**
882 * efi_capsule_delete_file - delete a capsule file
883 * @filename: File name
884 *
885 * Delete a capsule file from capsule directory.
886 *
887 * Return: status code
888 */
efi_capsule_delete_file(const u16 * filename)889 static efi_status_t efi_capsule_delete_file(const u16 *filename)
890 {
891 struct efi_file_handle *dirh, *fh;
892 efi_status_t ret;
893
894 ret = EFI_CALL((*bootdev_root->open)(bootdev_root, &dirh,
895 EFI_CAPSULE_DIR,
896 EFI_FILE_MODE_READ, 0));
897 if (ret != EFI_SUCCESS)
898 return ret;
899 ret = EFI_CALL((*dirh->open)(dirh, &fh, (u16 *)filename,
900 EFI_FILE_MODE_READ, 0));
901 /* ignore an error */
902 EFI_CALL((*dirh->close)(dirh));
903
904 if (ret == EFI_SUCCESS)
905 ret = EFI_CALL((*fh->delete)(fh));
906
907 return ret;
908 }
909
910 /**
911 * efi_capsule_scan_done - reset a scan help function
912 *
913 * Reset a scan help function
914 */
efi_capsule_scan_done(void)915 static void efi_capsule_scan_done(void)
916 {
917 EFI_CALL((*bootdev_root->close)(bootdev_root));
918 bootdev_root = NULL;
919 }
920
921 /**
922 * efi_load_capsule_drivers - initialize capsule drivers
923 *
924 * Generic FMP drivers backed by DFU
925 *
926 * Return: status code
927 */
efi_load_capsule_drivers(void)928 efi_status_t __weak efi_load_capsule_drivers(void)
929 {
930 __maybe_unused efi_handle_t handle;
931 efi_status_t ret = EFI_SUCCESS;
932
933 if (IS_ENABLED(CONFIG_EFI_CAPSULE_FIRMWARE_FIT)) {
934 handle = NULL;
935 ret = EFI_CALL(efi_install_multiple_protocol_interfaces(
936 &handle, &efi_guid_firmware_management_protocol,
937 &efi_fmp_fit, NULL));
938 }
939
940 if (IS_ENABLED(CONFIG_EFI_CAPSULE_FIRMWARE_RAW)) {
941 handle = NULL;
942 ret = EFI_CALL(efi_install_multiple_protocol_interfaces(
943 &handle,
944 &efi_guid_firmware_management_protocol,
945 &efi_fmp_raw, NULL));
946 }
947
948 return ret;
949 }
950
951 /**
952 * check_run_capsules - Check whether capsule update should run
953 *
954 * The spec says OsIndications must be set in order to run the capsule update
955 * on-disk. Since U-Boot doesn't support runtime SetVariable, allow capsules to
956 * run explicitly if CONFIG_EFI_IGNORE_OSINDICATIONS is selected
957 */
check_run_capsules(void)958 static bool check_run_capsules(void)
959 {
960 u64 os_indications;
961 efi_uintn_t size;
962 efi_status_t ret;
963
964 if (IS_ENABLED(CONFIG_EFI_IGNORE_OSINDICATIONS))
965 return true;
966
967 size = sizeof(os_indications);
968 ret = efi_get_variable_int(L"OsIndications", &efi_global_variable_guid,
969 NULL, &size, &os_indications, NULL);
970 if (ret == EFI_SUCCESS &&
971 (os_indications
972 & EFI_OS_INDICATIONS_FILE_CAPSULE_DELIVERY_SUPPORTED))
973 return true;
974
975 return false;
976 }
977
978 /**
979 * efi_launch_capsule - launch capsules
980 *
981 * Launch all the capsules in system at boot time.
982 * Called by efi init code
983 *
984 * Return: status codde
985 */
efi_launch_capsules(void)986 efi_status_t efi_launch_capsules(void)
987 {
988 struct efi_capsule_header *capsule = NULL;
989 u16 **files;
990 unsigned int nfiles, index, i;
991 u16 variable_name16[12];
992 efi_status_t ret;
993
994 if (!check_run_capsules())
995 return EFI_SUCCESS;
996
997 index = get_last_capsule();
998
999 /*
1000 * Find capsules on disk.
1001 * All the capsules are collected at the beginning because
1002 * capsule files will be removed instantly.
1003 */
1004 nfiles = 0;
1005 files = NULL;
1006 ret = efi_capsule_scan_dir(&files, &nfiles);
1007 if (ret != EFI_SUCCESS)
1008 return ret;
1009 if (!nfiles)
1010 return EFI_SUCCESS;
1011
1012 /* Launch capsules */
1013 for (i = 0, ++index; i < nfiles; i++, index++) {
1014 log_debug("capsule from %ls ...\n", files[i]);
1015 if (index > 0xffff)
1016 index = 0;
1017 ret = efi_capsule_read_file(files[i], &capsule);
1018 if (ret == EFI_SUCCESS) {
1019 ret = EFI_CALL(efi_update_capsule(&capsule, 1, 0));
1020 if (ret != EFI_SUCCESS)
1021 log_err("EFI Capsule update failed at %ls\n",
1022 files[i]);
1023
1024 free(capsule);
1025 } else {
1026 log_err("EFI: reading capsule failed: %ls\n", files[i]);
1027 }
1028 /* create CapsuleXXXX */
1029 set_capsule_result(index, capsule, ret);
1030
1031 /* delete a capsule either in case of success or failure */
1032 ret = efi_capsule_delete_file(files[i]);
1033 if (ret != EFI_SUCCESS)
1034 log_err("EFI: deleting a capsule file failed: %ls\n",
1035 files[i]);
1036 }
1037 efi_capsule_scan_done();
1038
1039 for (i = 0; i < nfiles; i++)
1040 free(files[i]);
1041 free(files);
1042
1043 /* CapsuleLast */
1044 efi_create_indexed_name(variable_name16, sizeof(variable_name16),
1045 "Capsule", index - 1);
1046 efi_set_variable_int(L"CapsuleLast", &efi_guid_capsule_report,
1047 EFI_VARIABLE_READ_ONLY |
1048 EFI_VARIABLE_NON_VOLATILE |
1049 EFI_VARIABLE_BOOTSERVICE_ACCESS |
1050 EFI_VARIABLE_RUNTIME_ACCESS,
1051 22, variable_name16, false);
1052
1053 return ret;
1054 }
1055 #endif /* CONFIG_EFI_CAPSULE_ON_DISK */
1056