Approved. Reviewed-By: Bret Barkelew bret.barke...@microsoft.com - Bret
From: Zeng, Star<mailto:star.z...@intel.com> Sent: Wednesday, February 7, 2018 9:32 PM To: Yao, Jiewen<mailto:jiewen....@intel.com>; Kinney, Michael D<mailto:michael.d.kin...@intel.com>; edk2-devel@lists.01.org<mailto:edk2-devel@lists.01.org> Cc: Dong, Eric<mailto:eric.d...@intel.com>; Zeng, Star<mailto:star.z...@intel.com> Subject: Re: [edk2] [Patch] MdeModulePkg/DxeCapsuleLibFmp: Verify nested capsule with FMP Reviewed-by: Star Zeng <star.z...@intel.com> Thanks, Star -----Original Message----- From: Yao, Jiewen Sent: Thursday, February 8, 2018 8:18 AM To: Kinney, Michael D <michael.d.kin...@intel.com>; edk2-devel@lists.01.org Cc: Zeng, Star <star.z...@intel.com>; Dong, Eric <eric.d...@intel.com> Subject: RE: [Patch] MdeModulePkg/DxeCapsuleLibFmp: Verify nested capsule with FMP Reviewed-by: jiewen....@intel.com > -----Original Message----- > From: Kinney, Michael D > Sent: Thursday, February 8, 2018 2:50 AM > To: edk2-devel@lists.01.org > Cc: Yao, Jiewen <jiewen....@intel.com>; Zeng, Star > <star.z...@intel.com>; Dong, Eric <eric.d...@intel.com>; Kinney, > Michael D <michael.d.kin...@intel.com> > Subject: [Patch] MdeModulePkg/DxeCapsuleLibFmp: Verify nested capsule > with FMP > > https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fbugzilla.tianocore.org%2Fshow_bug.cgi%3Fid%3D873&data=04%7C01%7CBret.Barkelew%40microsoft.com%7C9749c74b4d5b469499c208d56eb55fa0%7Cee3303d7fb734b0c8589bcd847f1c277%7C1%7C1%7C636536647662871396%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwifQ%3D%3D%7C-1&sdata=G%2FH4%2BZYbZgDfCKZHW%2FoQ5DzcMS1q0zL%2FYp26NhnEz7o%3D&reserved=0 > > Update IsNestedFmpCapsule() to verify the CapsuleGuid in the > CapsuleHeader against the installed Firmware Management Protocol > instances. The current logic that uses the ESRT Table does not work > because capsules are processed before the ESRT Table is published at > the Ready To Boot event. > > Cc: Jiewen Yao <jiewen....@intel.com> > Cc: Star Zeng <star.z...@intel.com> > Cc: Eric Dong <eric.d...@intel.com> > Contributed-under: TianoCore Contribution Agreement 1.1 > Signed-off-by: Michael D Kinney <michael.d.kin...@intel.com> > --- > .../Library/DxeCapsuleLibFmp/DxeCapsuleLib.c | 27 > ++++++++++++---------- > .../Library/DxeCapsuleLibFmp/DxeCapsuleLib.inf | 3 +-- > 2 files changed, 16 insertions(+), 14 deletions(-) > > diff --git a/MdeModulePkg/Library/DxeCapsuleLibFmp/DxeCapsuleLib.c > b/MdeModulePkg/Library/DxeCapsuleLibFmp/DxeCapsuleLib.c > index 2f397789b5..87e1deec03 100644 > --- a/MdeModulePkg/Library/DxeCapsuleLibFmp/DxeCapsuleLib.c > +++ b/MdeModulePkg/Library/DxeCapsuleLibFmp/DxeCapsuleLib.c > @@ -10,7 +10,7 @@ > ValidateFmpCapsule(), DisplayCapsuleImage(), ConvertBmpToGopBlt() will > receive untrusted input and do basic validation. > > - Copyright (c) 2016 - 2017, Intel Corporation. All rights > reserved.<BR> > + Copyright (c) 2016 - 2018, Intel Corporation. All rights > + reserved.<BR> > This program and the accompanying materials > are licensed and made available under the terms and conditions of > the BSD License > which accompanies this distribution. The full text of the license > may be found at @@ -1446,7 +1446,6 @@ IsNestedFmpCapsule ( > ) > { > EFI_STATUS Status; > - EFI_SYSTEM_RESOURCE_TABLE *Esrt; > EFI_SYSTEM_RESOURCE_ENTRY *EsrtEntry; > UINTN Index; > BOOLEAN EsrtGuidFound; > @@ -1454,6 +1453,8 @@ IsNestedFmpCapsule ( > UINTN NestedCapsuleSize; > ESRT_MANAGEMENT_PROTOCOL *EsrtProtocol; > EFI_SYSTEM_RESOURCE_ENTRY Entry; > + EFI_HANDLE *HandleBuffer; > + UINTN NumberOfHandles; > > EsrtGuidFound = FALSE; > if (mIsVirtualAddrConverted) { > @@ -1479,19 +1480,21 @@ IsNestedFmpCapsule ( > } > > // > - // Check ESRT configuration table > + // Check Firmware Management Protocols > // > if (!EsrtGuidFound) { > - Status = EfiGetSystemConfigurationTable(&gEfiSystemResourceTableGuid, > (VOID **)&Esrt); > + HandleBuffer = NULL; > + Status = GetFmpHandleBufferByType ( > + &CapsuleHeader->CapsuleGuid, > + 0, > + &NumberOfHandles, > + &HandleBuffer > + ); > if (!EFI_ERROR(Status)) { > - ASSERT (Esrt != NULL); > - EsrtEntry = (VOID *)(Esrt + 1); > - for (Index = 0; Index < Esrt->FwResourceCount; Index++, EsrtEntry++) > { > - if (CompareGuid(&EsrtEntry->FwClass, > &CapsuleHeader->CapsuleGuid)) { > - EsrtGuidFound = TRUE; > - break; > - } > - } > + EsrtGuidFound = TRUE; > + } > + if (HandleBuffer != NULL) { > + FreePool (HandleBuffer); > } > } > } > diff --git a/MdeModulePkg/Library/DxeCapsuleLibFmp/DxeCapsuleLib.inf > b/MdeModulePkg/Library/DxeCapsuleLibFmp/DxeCapsuleLib.inf > index a7c36993c4..90edc52ee0 100644 > --- a/MdeModulePkg/Library/DxeCapsuleLibFmp/DxeCapsuleLib.inf > +++ b/MdeModulePkg/Library/DxeCapsuleLibFmp/DxeCapsuleLib.inf > @@ -3,7 +3,7 @@ > # > # Capsule library instance for DXE_DRIVER module types. > # > -# Copyright (c) 2016 - 2017, Intel Corporation. All rights > reserved.<BR> > +# Copyright (c) 2016 - 2018, Intel Corporation. All rights > +reserved.<BR> > # This program and the accompanying materials # are licensed and > made available under the terms and conditions of the BSD License # > which accompanies this distribution. The full text of the license may > be found at @@ -72,7 +72,6 @@ [Guids] > gEfiFmpCapsuleGuid ## SOMETIMES_CONSUMES > ## GUID > gWindowsUxCapsuleGuid ## SOMETIMES_CONSUMES > ## GUID > - gEfiSystemResourceTableGuid ## SOMETIMES_CONSUMES ## > GUID > ## SOMETIMES_CONSUMES ## Variable:L"CapsuleMax" > ## SOMETIMES_PRODUCES ## Variable:L"CapsuleMax" > gEfiCapsuleReportGuid > -- > 2.14.2.windows.3 _______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.01.org%2Fmailman%2Flistinfo%2Fedk2-devel&data=04%7C01%7CBret.Barkelew%40microsoft.com%7C9749c74b4d5b469499c208d56eb55fa0%7Cee3303d7fb734b0c8589bcd847f1c277%7C1%7C1%7C636536647662871396%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwifQ%3D%3D%7C-1&sdata=%2BqMy3769Z%2FTYuSrFJDBvAsr5vCSahoUAFlVJ1cyQVqo%3D&reserved=0 _______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel