1 // SPDX-License-Identifier: GPL-2.0+
2 /*
3 * EFI Capsule
4 *
5 * Copyright (c) 2018 Linaro Limited
6 * Author: AKASHI Takahiro
7 */
8
9 #define LOG_CATEGORY LOGC_EFI
10
11 #include <common.h>
12 #include <efi_loader.h>
13 #include <efi_variable.h>
14 #include <env.h>
15 #include <fdtdec.h>
16 #include <fs.h>
17 #include <malloc.h>
18 #include <mapmem.h>
19 #include <sort.h>
20 #include <asm/global_data.h>
21
22 #include <crypto/pkcs7.h>
23 #include <crypto/pkcs7_parser.h>
24 #include <linux/err.h>
25
26 DECLARE_GLOBAL_DATA_PTR;
27
28 const efi_guid_t efi_guid_capsule_report = EFI_CAPSULE_REPORT_GUID;
29 static const efi_guid_t efi_guid_firmware_management_capsule_id =
30 EFI_FIRMWARE_MANAGEMENT_CAPSULE_ID_GUID;
31 const efi_guid_t efi_guid_firmware_management_protocol =
32 EFI_FIRMWARE_MANAGEMENT_PROTOCOL_GUID;
33
34 #ifdef CONFIG_EFI_CAPSULE_ON_DISK
35 /* for file system access */
36 static struct efi_file_handle *bootdev_root;
37 #endif
38
39 /**
40 * get_last_capsule - get the last capsule index
41 *
42 * Retrieve the index of the capsule invoked last time from "CapsuleLast"
43 * variable.
44 *
45 * Return:
46 * * > 0 - the last capsule index invoked
47 * * 0xffff - on error, or no capsule invoked yet
48 */
get_last_capsule(void)49 static __maybe_unused unsigned int get_last_capsule(void)
50 {
51 u16 value16[11]; /* "CapsuleXXXX": non-null-terminated */
52 char value[5];
53 efi_uintn_t size;
54 unsigned long index = 0xffff;
55 efi_status_t ret;
56 int i;
57
58 size = sizeof(value16);
59 ret = efi_get_variable_int(L"CapsuleLast", &efi_guid_capsule_report,
60 NULL, &size, value16, NULL);
61 if (ret != EFI_SUCCESS || size != 22 ||
62 u16_strncmp(value16, L"Capsule", 7))
63 goto err;
64 for (i = 0; i < 4; ++i) {
65 u16 c = value16[i + 7];
66
67 if (!c || c > 0x7f)
68 goto err;
69 value[i] = c;
70 }
71 value[4] = 0;
72 if (strict_strtoul(value, 16, &index))
73 index = 0xffff;
74 err:
75 return index;
76 }
77
78 /**
79 * set_capsule_result - set a result variable
80 * @capsule: Capsule
81 * @return_status: Return status
82 *
83 * Create and set a result variable, "CapsuleXXXX", for the capsule,
84 * @capsule.
85 */
86 static __maybe_unused
set_capsule_result(int index,struct efi_capsule_header * capsule,efi_status_t return_status)87 void set_capsule_result(int index, struct efi_capsule_header *capsule,
88 efi_status_t return_status)
89 {
90 u16 variable_name16[12];
91 struct efi_capsule_result_variable_header result;
92 struct efi_time time;
93 efi_status_t ret;
94
95 efi_create_indexed_name(variable_name16, sizeof(variable_name16),
96 "Capsule", index);
97 result.variable_total_size = sizeof(result);
98 result.capsule_guid = capsule->capsule_guid;
99 ret = EFI_CALL((*efi_runtime_services.get_time)(&time, NULL));
100 if (ret == EFI_SUCCESS)
101 memcpy(&result.capsule_processed, &time, sizeof(time));
102 else
103 memset(&result.capsule_processed, 0, sizeof(time));
104 result.capsule_status = return_status;
105 ret = efi_set_variable_int(variable_name16, &efi_guid_capsule_report,
106 EFI_VARIABLE_NON_VOLATILE |
107 EFI_VARIABLE_BOOTSERVICE_ACCESS |
108 EFI_VARIABLE_RUNTIME_ACCESS,
109 sizeof(result), &result, false);
110 if (ret != EFI_SUCCESS) {
111 log_err("Setting %ls failed\n", variable_name16);
112 return;
113 }
114
115 /* Variable CapsuleLast must not include terminating 0x0000 */
116 ret = efi_set_variable_int(L"CapsuleLast", &efi_guid_capsule_report,
117 EFI_VARIABLE_READ_ONLY |
118 EFI_VARIABLE_NON_VOLATILE |
119 EFI_VARIABLE_BOOTSERVICE_ACCESS |
120 EFI_VARIABLE_RUNTIME_ACCESS,
121 22, variable_name16, false);
122 if (ret != EFI_SUCCESS)
123 log_err("Setting %ls failed\n", L"CapsuleLast");
124 }
125
126 #ifdef CONFIG_EFI_CAPSULE_FIRMWARE_MANAGEMENT
127 /**
128 * efi_fmp_find - search for Firmware Management Protocol drivers
129 * @image_type: Image type guid
130 * @instance: Instance number
131 * @handles: Handles of FMP drivers
132 * @no_handles: Number of handles
133 *
134 * Search for Firmware Management Protocol drivers, matching the image
135 * type, @image_type and the machine instance, @instance, from the list,
136 * @handles.
137 *
138 * Return:
139 * * Protocol instance - on success
140 * * NULL - on failure
141 */
142 static struct efi_firmware_management_protocol *
efi_fmp_find(efi_guid_t * image_type,u64 instance,efi_handle_t * handles,efi_uintn_t no_handles)143 efi_fmp_find(efi_guid_t *image_type, u64 instance, efi_handle_t *handles,
144 efi_uintn_t no_handles)
145 {
146 efi_handle_t *handle;
147 struct efi_firmware_management_protocol *fmp;
148 struct efi_firmware_image_descriptor *image_info, *desc;
149 efi_uintn_t info_size, descriptor_size;
150 u32 descriptor_version;
151 u8 descriptor_count;
152 u32 package_version;
153 u16 *package_version_name;
154 bool found = false;
155 int i, j;
156 efi_status_t ret;
157
158 for (i = 0, handle = handles; i < no_handles; i++, handle++) {
159 ret = EFI_CALL(efi_handle_protocol(
160 *handle,
161 &efi_guid_firmware_management_protocol,
162 (void **)&fmp));
163 if (ret != EFI_SUCCESS)
164 continue;
165
166 /* get device's image info */
167 info_size = 0;
168 image_info = NULL;
169 descriptor_version = 0;
170 descriptor_count = 0;
171 descriptor_size = 0;
172 package_version = 0;
173 package_version_name = NULL;
174 ret = EFI_CALL(fmp->get_image_info(fmp, &info_size,
175 image_info,
176 &descriptor_version,
177 &descriptor_count,
178 &descriptor_size,
179 &package_version,
180 &package_version_name));
181 if (ret != EFI_BUFFER_TOO_SMALL)
182 goto skip;
183
184 image_info = malloc(info_size);
185 if (!image_info)
186 goto skip;
187
188 ret = EFI_CALL(fmp->get_image_info(fmp, &info_size,
189 image_info,
190 &descriptor_version,
191 &descriptor_count,
192 &descriptor_size,
193 &package_version,
194 &package_version_name));
195 if (ret != EFI_SUCCESS ||
196 descriptor_version != EFI_FIRMWARE_IMAGE_DESCRIPTOR_VERSION)
197 goto skip;
198
199 /* matching */
200 for (j = 0, desc = image_info; j < descriptor_count;
201 j++, desc = (void *)desc + descriptor_size) {
202 log_debug("+++ desc[%d] index: %d, name: %ls\n",
203 j, desc->image_index, desc->image_id_name);
204 if (!guidcmp(&desc->image_type_id, image_type) &&
205 (!instance ||
206 !desc->hardware_instance ||
207 desc->hardware_instance == instance))
208 found = true;
209 }
210
211 skip:
212 efi_free_pool(package_version_name);
213 free(image_info);
214 EFI_CALL(efi_close_protocol(
215 (efi_handle_t)fmp,
216 &efi_guid_firmware_management_protocol,
217 NULL, NULL));
218 if (found)
219 return fmp;
220 }
221
222 return NULL;
223 }
224
225 /**
226 * efi_remove_auth_hdr - remove authentication data from image
227 * @image: Pointer to pointer to Image
228 * @image_size: Pointer to Image size
229 *
230 * Remove the authentication data from image if possible.
231 * Update @image and @image_size.
232 *
233 * Return: status code
234 */
efi_remove_auth_hdr(void ** image,efi_uintn_t * image_size)235 static efi_status_t efi_remove_auth_hdr(void **image, efi_uintn_t *image_size)
236 {
237 struct efi_firmware_image_authentication *auth_hdr;
238 efi_status_t ret = EFI_INVALID_PARAMETER;
239
240 auth_hdr = (struct efi_firmware_image_authentication *)*image;
241 if (*image_size < sizeof(*auth_hdr))
242 goto out;
243
244 if (auth_hdr->auth_info.hdr.dwLength <=
245 offsetof(struct win_certificate_uefi_guid, cert_data))
246 goto out;
247
248 *image = (uint8_t *)*image + sizeof(auth_hdr->monotonic_count) +
249 auth_hdr->auth_info.hdr.dwLength;
250 *image_size = *image_size - auth_hdr->auth_info.hdr.dwLength -
251 sizeof(auth_hdr->monotonic_count);
252
253 ret = EFI_SUCCESS;
254 out:
255 return ret;
256 }
257
258 #if defined(CONFIG_EFI_CAPSULE_AUTHENTICATE)
efi_get_public_key_data(void ** pkey,efi_uintn_t * pkey_len)259 int __weak efi_get_public_key_data(void **pkey, efi_uintn_t *pkey_len)
260 {
261 const void *fdt_blob = gd->fdt_blob;
262 const void *blob;
263 const char *cnode_name = "capsule-key";
264 const char *snode_name = "signature";
265 int sig_node;
266 int len;
267
268 sig_node = fdt_subnode_offset(fdt_blob, 0, snode_name);
269 if (sig_node < 0) {
270 log_err("Unable to get signature node offset\n");
271
272 return -FDT_ERR_NOTFOUND;
273 }
274
275 blob = fdt_getprop(fdt_blob, sig_node, cnode_name, &len);
276
277 if (!blob || len < 0) {
278 log_err("Unable to get capsule-key value\n");
279 *pkey = NULL;
280 *pkey_len = 0;
281
282 return -FDT_ERR_NOTFOUND;
283 }
284
285 *pkey = (void *)blob;
286 *pkey_len = len;
287
288 return 0;
289 }
290
efi_capsule_authenticate(const void * capsule,efi_uintn_t capsule_size,void ** image,efi_uintn_t * image_size)291 efi_status_t efi_capsule_authenticate(const void *capsule, efi_uintn_t capsule_size,
292 void **image, efi_uintn_t *image_size)
293 {
294 u8 *buf;
295 int ret;
296 void *fdt_pkey, *pkey;
297 efi_uintn_t pkey_len;
298 uint64_t monotonic_count;
299 struct efi_signature_store *truststore;
300 struct pkcs7_message *capsule_sig;
301 struct efi_image_regions *regs;
302 struct efi_firmware_image_authentication *auth_hdr;
303 efi_status_t status;
304
305 status = EFI_SECURITY_VIOLATION;
306 capsule_sig = NULL;
307 truststore = NULL;
308 regs = NULL;
309
310 /* Sanity checks */
311 if (capsule == NULL || capsule_size == 0)
312 goto out;
313
314 *image = (uint8_t *)capsule;
315 *image_size = capsule_size;
316 if (efi_remove_auth_hdr(image, image_size) != EFI_SUCCESS)
317 goto out;
318
319 auth_hdr = (struct efi_firmware_image_authentication *)capsule;
320 if (guidcmp(&auth_hdr->auth_info.cert_type, &efi_guid_cert_type_pkcs7))
321 goto out;
322
323 memcpy(&monotonic_count, &auth_hdr->monotonic_count,
324 sizeof(monotonic_count));
325
326 /* data to be digested */
327 regs = calloc(sizeof(*regs) + sizeof(struct image_region) * 2, 1);
328 if (!regs)
329 goto out;
330
331 regs->max = 2;
332 efi_image_region_add(regs, (uint8_t *)*image,
333 (uint8_t *)*image + *image_size, 1);
334
335 efi_image_region_add(regs, (uint8_t *)&monotonic_count,
336 (uint8_t *)&monotonic_count + sizeof(monotonic_count),
337 1);
338
339 capsule_sig = efi_parse_pkcs7_header(auth_hdr->auth_info.cert_data,
340 auth_hdr->auth_info.hdr.dwLength
341 - sizeof(auth_hdr->auth_info),
342 &buf);
343 if (IS_ERR(capsule_sig)) {
344 debug("Parsing variable's pkcs7 header failed\n");
345 capsule_sig = NULL;
346 goto out;
347 }
348
349 ret = efi_get_public_key_data(&fdt_pkey, &pkey_len);
350 if (ret < 0)
351 goto out;
352
353 pkey = malloc(pkey_len);
354 if (!pkey)
355 goto out;
356
357 memcpy(pkey, fdt_pkey, pkey_len);
358 truststore = efi_build_signature_store(pkey, pkey_len);
359 if (!truststore)
360 goto out;
361
362 /* verify signature */
363 if (efi_signature_verify(regs, capsule_sig, truststore, NULL)) {
364 debug("Verified\n");
365 } else {
366 debug("Verifying variable's signature failed\n");
367 goto out;
368 }
369
370 status = EFI_SUCCESS;
371
372 out:
373 efi_sigstore_free(truststore);
374 pkcs7_free_message(capsule_sig);
375 free(regs);
376
377 return status;
378 }
379 #else
efi_capsule_authenticate(const void * capsule,efi_uintn_t capsule_size,void ** image,efi_uintn_t * image_size)380 efi_status_t efi_capsule_authenticate(const void *capsule, efi_uintn_t capsule_size,
381 void **image, efi_uintn_t *image_size)
382 {
383 return EFI_UNSUPPORTED;
384 }
385 #endif /* CONFIG_EFI_CAPSULE_AUTHENTICATE */
386
387
388 /**
389 * efi_capsule_update_firmware - update firmware from capsule
390 * @capsule_data: Capsule
391 *
392 * Update firmware, using a capsule, @capsule_data. Loading any FMP
393 * drivers embedded in a capsule is not supported.
394 *
395 * Return: status code
396 */
efi_capsule_update_firmware(struct efi_capsule_header * capsule_data)397 static efi_status_t efi_capsule_update_firmware(
398 struct efi_capsule_header *capsule_data)
399 {
400 struct efi_firmware_management_capsule_header *capsule;
401 struct efi_firmware_management_capsule_image_header *image;
402 size_t capsule_size, image_binary_size;
403 void *image_binary, *vendor_code;
404 efi_handle_t *handles;
405 efi_uintn_t no_handles;
406 int item;
407 struct efi_firmware_management_protocol *fmp;
408 u16 *abort_reason;
409 efi_status_t ret = EFI_SUCCESS;
410
411 /* sanity check */
412 if (capsule_data->header_size < sizeof(*capsule) ||
413 capsule_data->header_size >= capsule_data->capsule_image_size)
414 return EFI_INVALID_PARAMETER;
415
416 capsule = (void *)capsule_data + capsule_data->header_size;
417 capsule_size = capsule_data->capsule_image_size
418 - capsule_data->header_size;
419
420 if (capsule->version != 0x00000001)
421 return EFI_UNSUPPORTED;
422
423 handles = NULL;
424 ret = EFI_CALL(efi_locate_handle_buffer(
425 BY_PROTOCOL,
426 &efi_guid_firmware_management_protocol,
427 NULL, &no_handles, (efi_handle_t **)&handles));
428 if (ret != EFI_SUCCESS)
429 return EFI_UNSUPPORTED;
430
431 /* Payload */
432 for (item = capsule->embedded_driver_count;
433 item < capsule->embedded_driver_count
434 + capsule->payload_item_count; item++) {
435 /* sanity check */
436 if ((capsule->item_offset_list[item] + sizeof(*image)
437 >= capsule_size)) {
438 log_err("Capsule does not have enough data\n");
439 ret = EFI_INVALID_PARAMETER;
440 goto out;
441 }
442
443 image = (void *)capsule + capsule->item_offset_list[item];
444
445 if (image->version != 0x00000003) {
446 ret = EFI_UNSUPPORTED;
447 goto out;
448 }
449
450 /* find a device for update firmware */
451 /* TODO: should we pass index as well, or nothing but type? */
452 fmp = efi_fmp_find(&image->update_image_type_id,
453 image->update_hardware_instance,
454 handles, no_handles);
455 if (!fmp) {
456 log_err("FMP driver not found for firmware type %pUl, hardware instance %lld\n",
457 &image->update_image_type_id,
458 image->update_hardware_instance);
459 ret = EFI_UNSUPPORTED;
460 goto out;
461 }
462
463 /* do update */
464 if (IS_ENABLED(CONFIG_EFI_CAPSULE_AUTHENTICATE) &&
465 !(image->image_capsule_support &
466 CAPSULE_SUPPORT_AUTHENTICATION)) {
467 /* no signature */
468 ret = EFI_SECURITY_VIOLATION;
469 goto out;
470 }
471
472 image_binary = (void *)image + sizeof(*image);
473 image_binary_size = image->update_image_size;
474 vendor_code = image_binary + image_binary_size;
475 if (!IS_ENABLED(CONFIG_EFI_CAPSULE_AUTHENTICATE) &&
476 (image->image_capsule_support &
477 CAPSULE_SUPPORT_AUTHENTICATION)) {
478 ret = efi_remove_auth_hdr(&image_binary,
479 &image_binary_size);
480 if (ret != EFI_SUCCESS)
481 goto out;
482 }
483
484 abort_reason = NULL;
485 ret = EFI_CALL(fmp->set_image(fmp, image->update_image_index,
486 image_binary,
487 image_binary_size,
488 vendor_code, NULL,
489 &abort_reason));
490 if (ret != EFI_SUCCESS) {
491 log_err("Firmware update failed: %ls\n",
492 abort_reason);
493 efi_free_pool(abort_reason);
494 goto out;
495 }
496 }
497
498 out:
499 efi_free_pool(handles);
500
501 return ret;
502 }
503 #else
efi_capsule_update_firmware(struct efi_capsule_header * capsule_data)504 static efi_status_t efi_capsule_update_firmware(
505 struct efi_capsule_header *capsule_data)
506 {
507 return EFI_UNSUPPORTED;
508 }
509 #endif /* CONFIG_EFI_CAPSULE_FIRMWARE_MANAGEMENT */
510
511 /**
512 * efi_update_capsule() - process information from operating system
513 * @capsule_header_array: Array of virtual address pointers
514 * @capsule_count: Number of pointers in capsule_header_array
515 * @scatter_gather_list: Array of physical address pointers
516 *
517 * This function implements the UpdateCapsule() runtime service.
518 *
519 * See the Unified Extensible Firmware Interface (UEFI) specification for
520 * details.
521 *
522 * Return: status code
523 */
efi_update_capsule(struct efi_capsule_header ** capsule_header_array,efi_uintn_t capsule_count,u64 scatter_gather_list)524 efi_status_t EFIAPI efi_update_capsule(
525 struct efi_capsule_header **capsule_header_array,
526 efi_uintn_t capsule_count,
527 u64 scatter_gather_list)
528 {
529 struct efi_capsule_header *capsule;
530 unsigned int i;
531 efi_status_t ret;
532
533 EFI_ENTRY("%p, %zu, %llu\n", capsule_header_array, capsule_count,
534 scatter_gather_list);
535
536 if (!capsule_count) {
537 ret = EFI_INVALID_PARAMETER;
538 goto out;
539 }
540
541 ret = EFI_SUCCESS;
542 for (i = 0, capsule = *capsule_header_array; i < capsule_count;
543 i++, capsule = *(++capsule_header_array)) {
544 /* sanity check */
545 if (capsule->header_size < sizeof(*capsule) ||
546 capsule->capsule_image_size < sizeof(*capsule)) {
547 log_err("Capsule does not have enough data\n");
548 continue;
549 }
550
551 log_debug("Capsule[%d] (guid:%pUl)\n",
552 i, &capsule->capsule_guid);
553 if (!guidcmp(&capsule->capsule_guid,
554 &efi_guid_firmware_management_capsule_id)) {
555 ret = efi_capsule_update_firmware(capsule);
556 } else {
557 log_err("Unsupported capsule type: %pUl\n",
558 &capsule->capsule_guid);
559 ret = EFI_UNSUPPORTED;
560 }
561
562 if (ret != EFI_SUCCESS)
563 goto out;
564 }
565
566 if (IS_ENABLED(CONFIG_EFI_ESRT)) {
567 /* Rebuild the ESRT to reflect any updated FW images. */
568 ret = efi_esrt_populate();
569 if (ret != EFI_SUCCESS)
570 log_warning("ESRT update failed\n");
571 }
572 out:
573
574 return EFI_EXIT(ret);
575 }
576
577 /**
578 * efi_query_capsule_caps() - check if capsule is supported
579 * @capsule_header_array: Array of virtual pointers
580 * @capsule_count: Number of pointers in capsule_header_array
581 * @maximum_capsule_size: Maximum capsule size
582 * @reset_type: Type of reset needed for capsule update
583 *
584 * This function implements the QueryCapsuleCapabilities() runtime service.
585 *
586 * See the Unified Extensible Firmware Interface (UEFI) specification for
587 * details.
588 *
589 * Return: status code
590 */
efi_query_capsule_caps(struct efi_capsule_header ** capsule_header_array,efi_uintn_t capsule_count,u64 * maximum_capsule_size,u32 * reset_type)591 efi_status_t EFIAPI efi_query_capsule_caps(
592 struct efi_capsule_header **capsule_header_array,
593 efi_uintn_t capsule_count,
594 u64 *maximum_capsule_size,
595 u32 *reset_type)
596 {
597 struct efi_capsule_header *capsule __attribute__((unused));
598 unsigned int i;
599 efi_status_t ret;
600
601 EFI_ENTRY("%p, %zu, %p, %p\n", capsule_header_array, capsule_count,
602 maximum_capsule_size, reset_type);
603
604 if (!maximum_capsule_size) {
605 ret = EFI_INVALID_PARAMETER;
606 goto out;
607 }
608
609 *maximum_capsule_size = U64_MAX;
610 *reset_type = EFI_RESET_COLD;
611
612 ret = EFI_SUCCESS;
613 for (i = 0, capsule = *capsule_header_array; i < capsule_count;
614 i++, capsule = *(++capsule_header_array)) {
615 /* TODO */
616 }
617 out:
618 return EFI_EXIT(ret);
619 }
620
621 #ifdef CONFIG_EFI_CAPSULE_ON_DISK
622 /**
623 * get_dp_device - retrieve a device path from boot variable
624 * @boot_var: Boot variable name
625 * @device_dp Device path
626 *
627 * Retrieve a device patch from boot variable, @boot_var.
628 *
629 * Return: status code
630 */
get_dp_device(u16 * boot_var,struct efi_device_path ** device_dp)631 static efi_status_t get_dp_device(u16 *boot_var,
632 struct efi_device_path **device_dp)
633 {
634 void *buf = NULL;
635 efi_uintn_t size;
636 struct efi_load_option lo;
637 struct efi_device_path *file_dp;
638 efi_status_t ret;
639
640 size = 0;
641 ret = efi_get_variable_int(boot_var, &efi_global_variable_guid,
642 NULL, &size, NULL, NULL);
643 if (ret == EFI_BUFFER_TOO_SMALL) {
644 buf = malloc(size);
645 if (!buf)
646 return EFI_OUT_OF_RESOURCES;
647 ret = efi_get_variable_int(boot_var, &efi_global_variable_guid,
648 NULL, &size, buf, NULL);
649 }
650 if (ret != EFI_SUCCESS)
651 return ret;
652
653 efi_deserialize_load_option(&lo, buf, &size);
654
655 if (lo.attributes & LOAD_OPTION_ACTIVE) {
656 efi_dp_split_file_path(lo.file_path, device_dp, &file_dp);
657 efi_free_pool(file_dp);
658
659 ret = EFI_SUCCESS;
660 } else {
661 ret = EFI_NOT_FOUND;
662 }
663
664 free(buf);
665
666 return ret;
667 }
668
669 /**
670 * device_is_present_and_system_part - check if a device exists
671 * @dp Device path
672 *
673 * Check if a device pointed to by the device path, @dp, exists and is
674 * located in UEFI system partition.
675 *
676 * Return: true - yes, false - no
677 */
device_is_present_and_system_part(struct efi_device_path * dp)678 static bool device_is_present_and_system_part(struct efi_device_path *dp)
679 {
680 efi_handle_t handle;
681
682 handle = efi_dp_find_obj(dp, NULL);
683 if (!handle)
684 return false;
685
686 return efi_disk_is_system_part(handle);
687 }
688
689 /**
690 * find_boot_device - identify the boot device
691 *
692 * Identify the boot device from boot-related variables as UEFI
693 * specification describes and put its handle into bootdev_root.
694 *
695 * Return: status code
696 */
find_boot_device(void)697 static efi_status_t find_boot_device(void)
698 {
699 char boot_var[9];
700 u16 boot_var16[9], *p, bootnext, *boot_order = NULL;
701 efi_uintn_t size;
702 int i, num;
703 struct efi_simple_file_system_protocol *volume;
704 struct efi_device_path *boot_dev = NULL;
705 efi_status_t ret;
706
707 /* find active boot device in BootNext */
708 bootnext = 0;
709 size = sizeof(bootnext);
710 ret = efi_get_variable_int(L"BootNext",
711 (efi_guid_t *)&efi_global_variable_guid,
712 NULL, &size, &bootnext, NULL);
713 if (ret == EFI_SUCCESS || ret == EFI_BUFFER_TOO_SMALL) {
714 /* BootNext does exist here */
715 if (ret == EFI_BUFFER_TOO_SMALL || size != sizeof(u16)) {
716 log_err("BootNext must be 16-bit integer\n");
717 goto skip;
718 }
719 sprintf((char *)boot_var, "Boot%04X", bootnext);
720 p = boot_var16;
721 utf8_utf16_strcpy(&p, boot_var);
722
723 ret = get_dp_device(boot_var16, &boot_dev);
724 if (ret == EFI_SUCCESS) {
725 if (device_is_present_and_system_part(boot_dev)) {
726 goto found;
727 } else {
728 efi_free_pool(boot_dev);
729 boot_dev = NULL;
730 }
731 }
732 }
733
734 skip:
735 /* find active boot device in BootOrder */
736 size = 0;
737 ret = efi_get_variable_int(L"BootOrder", &efi_global_variable_guid,
738 NULL, &size, NULL, NULL);
739 if (ret == EFI_BUFFER_TOO_SMALL) {
740 boot_order = malloc(size);
741 if (!boot_order) {
742 ret = EFI_OUT_OF_RESOURCES;
743 goto out;
744 }
745
746 ret = efi_get_variable_int(L"BootOrder",
747 &efi_global_variable_guid,
748 NULL, &size, boot_order, NULL);
749 }
750 if (ret != EFI_SUCCESS)
751 goto out;
752
753 /* check in higher order */
754 num = size / sizeof(u16);
755 for (i = 0; i < num; i++) {
756 sprintf((char *)boot_var, "Boot%04X", boot_order[i]);
757 p = boot_var16;
758 utf8_utf16_strcpy(&p, boot_var);
759 ret = get_dp_device(boot_var16, &boot_dev);
760 if (ret != EFI_SUCCESS)
761 continue;
762
763 if (device_is_present_and_system_part(boot_dev))
764 break;
765
766 efi_free_pool(boot_dev);
767 boot_dev = NULL;
768 }
769 found:
770 if (boot_dev) {
771 log_debug("Boot device %pD\n", boot_dev);
772
773 volume = efi_fs_from_path(boot_dev);
774 if (!volume)
775 ret = EFI_DEVICE_ERROR;
776 else
777 ret = EFI_CALL(volume->open_volume(volume,
778 &bootdev_root));
779 efi_free_pool(boot_dev);
780 } else {
781 ret = EFI_NOT_FOUND;
782 }
783 out:
784 free(boot_order);
785
786 return ret;
787 }
788
789 /**
790 * efi_capsule_scan_dir - traverse a capsule directory in boot device
791 * @files: Array of file names
792 * @num: Number of elements in @files
793 *
794 * Traverse a capsule directory in boot device.
795 * Called by initialization code, and returns an array of capsule file
796 * names in @files.
797 *
798 * Return: status code
799 */
efi_capsule_scan_dir(u16 *** files,unsigned int * num)800 static efi_status_t efi_capsule_scan_dir(u16 ***files, unsigned int *num)
801 {
802 struct efi_file_handle *dirh;
803 struct efi_file_info *dirent;
804 efi_uintn_t dirent_size, tmp_size;
805 unsigned int count;
806 u16 **tmp_files;
807 efi_status_t ret;
808
809 ret = find_boot_device();
810 if (ret == EFI_NOT_FOUND) {
811 log_debug("Boot device is not set\n");
812 *num = 0;
813 return EFI_SUCCESS;
814 } else if (ret != EFI_SUCCESS) {
815 return EFI_DEVICE_ERROR;
816 }
817
818 /* count capsule files */
819 ret = EFI_CALL((*bootdev_root->open)(bootdev_root, &dirh,
820 EFI_CAPSULE_DIR,
821 EFI_FILE_MODE_READ, 0));
822 if (ret != EFI_SUCCESS) {
823 *num = 0;
824 return EFI_SUCCESS;
825 }
826
827 dirent_size = 256;
828 dirent = malloc(dirent_size);
829 if (!dirent)
830 return EFI_OUT_OF_RESOURCES;
831
832 count = 0;
833 while (1) {
834 tmp_size = dirent_size;
835 ret = EFI_CALL((*dirh->read)(dirh, &tmp_size, dirent));
836 if (ret == EFI_BUFFER_TOO_SMALL) {
837 struct efi_file_info *old_dirent = dirent;
838
839 dirent = realloc(dirent, tmp_size);
840 if (!dirent) {
841 dirent = old_dirent;
842 ret = EFI_OUT_OF_RESOURCES;
843 goto err;
844 }
845 dirent_size = tmp_size;
846 ret = EFI_CALL((*dirh->read)(dirh, &tmp_size, dirent));
847 }
848 if (ret != EFI_SUCCESS)
849 goto err;
850 if (!tmp_size)
851 break;
852
853 if (!(dirent->attribute & EFI_FILE_DIRECTORY))
854 count++;
855 }
856
857 ret = EFI_CALL((*dirh->setpos)(dirh, 0));
858 if (ret != EFI_SUCCESS)
859 goto err;
860
861 /* make a list */
862 tmp_files = malloc(count * sizeof(*tmp_files));
863 if (!tmp_files) {
864 ret = EFI_OUT_OF_RESOURCES;
865 goto err;
866 }
867
868 count = 0;
869 while (1) {
870 tmp_size = dirent_size;
871 ret = EFI_CALL((*dirh->read)(dirh, &tmp_size, dirent));
872 if (ret != EFI_SUCCESS)
873 goto err;
874 if (!tmp_size)
875 break;
876
877 if (!(dirent->attribute & EFI_FILE_DIRECTORY) &&
878 u16_strcmp(dirent->file_name, L".") &&
879 u16_strcmp(dirent->file_name, L".."))
880 tmp_files[count++] = u16_strdup(dirent->file_name);
881 }
882 /* ignore an error */
883 EFI_CALL((*dirh->close)(dirh));
884
885 /* in ascii order */
886 /* FIXME: u16 version of strcasecmp */
887 qsort(tmp_files, count, sizeof(*tmp_files),
888 (int (*)(const void *, const void *))strcasecmp);
889 *files = tmp_files;
890 *num = count;
891 ret = EFI_SUCCESS;
892 err:
893 free(dirent);
894
895 return ret;
896 }
897
898 /**
899 * efi_capsule_read_file - read in a capsule file
900 * @filename: File name
901 * @capsule: Pointer to buffer for capsule
902 *
903 * Read a capsule file and put its content in @capsule.
904 *
905 * Return: status code
906 */
efi_capsule_read_file(const u16 * filename,struct efi_capsule_header ** capsule)907 static efi_status_t efi_capsule_read_file(const u16 *filename,
908 struct efi_capsule_header **capsule)
909 {
910 struct efi_file_handle *dirh, *fh;
911 struct efi_file_info *file_info = NULL;
912 struct efi_capsule_header *buf = NULL;
913 efi_uintn_t size;
914 efi_status_t ret;
915
916 ret = EFI_CALL((*bootdev_root->open)(bootdev_root, &dirh,
917 EFI_CAPSULE_DIR,
918 EFI_FILE_MODE_READ, 0));
919 if (ret != EFI_SUCCESS)
920 return ret;
921 ret = EFI_CALL((*dirh->open)(dirh, &fh, (u16 *)filename,
922 EFI_FILE_MODE_READ, 0));
923 /* ignore an error */
924 EFI_CALL((*dirh->close)(dirh));
925 if (ret != EFI_SUCCESS)
926 return ret;
927
928 /* file size */
929 size = 0;
930 ret = EFI_CALL((*fh->getinfo)(fh, &efi_file_info_guid,
931 &size, file_info));
932 if (ret == EFI_BUFFER_TOO_SMALL) {
933 file_info = malloc(size);
934 if (!file_info) {
935 ret = EFI_OUT_OF_RESOURCES;
936 goto err;
937 }
938 ret = EFI_CALL((*fh->getinfo)(fh, &efi_file_info_guid,
939 &size, file_info));
940 }
941 if (ret != EFI_SUCCESS)
942 goto err;
943 size = file_info->file_size;
944 free(file_info);
945 buf = malloc(size);
946 if (!buf) {
947 ret = EFI_OUT_OF_RESOURCES;
948 goto err;
949 }
950
951 /* fetch data */
952 ret = EFI_CALL((*fh->read)(fh, &size, buf));
953 if (ret == EFI_SUCCESS) {
954 if (size >= buf->capsule_image_size) {
955 *capsule = buf;
956 } else {
957 free(buf);
958 ret = EFI_INVALID_PARAMETER;
959 }
960 } else {
961 free(buf);
962 }
963 err:
964 EFI_CALL((*fh->close)(fh));
965
966 return ret;
967 }
968
969 /**
970 * efi_capsule_delete_file - delete a capsule file
971 * @filename: File name
972 *
973 * Delete a capsule file from capsule directory.
974 *
975 * Return: status code
976 */
efi_capsule_delete_file(const u16 * filename)977 static efi_status_t efi_capsule_delete_file(const u16 *filename)
978 {
979 struct efi_file_handle *dirh, *fh;
980 efi_status_t ret;
981
982 ret = EFI_CALL((*bootdev_root->open)(bootdev_root, &dirh,
983 EFI_CAPSULE_DIR,
984 EFI_FILE_MODE_READ, 0));
985 if (ret != EFI_SUCCESS)
986 return ret;
987 ret = EFI_CALL((*dirh->open)(dirh, &fh, (u16 *)filename,
988 EFI_FILE_MODE_READ, 0));
989 /* ignore an error */
990 EFI_CALL((*dirh->close)(dirh));
991
992 if (ret == EFI_SUCCESS)
993 ret = EFI_CALL((*fh->delete)(fh));
994
995 return ret;
996 }
997
998 /**
999 * efi_capsule_scan_done - reset a scan help function
1000 *
1001 * Reset a scan help function
1002 */
efi_capsule_scan_done(void)1003 static void efi_capsule_scan_done(void)
1004 {
1005 EFI_CALL((*bootdev_root->close)(bootdev_root));
1006 bootdev_root = NULL;
1007 }
1008
1009 /**
1010 * efi_load_capsule_drivers - initialize capsule drivers
1011 *
1012 * Generic FMP drivers backed by DFU
1013 *
1014 * Return: status code
1015 */
efi_load_capsule_drivers(void)1016 efi_status_t __weak efi_load_capsule_drivers(void)
1017 {
1018 __maybe_unused efi_handle_t handle;
1019 efi_status_t ret = EFI_SUCCESS;
1020
1021 if (IS_ENABLED(CONFIG_EFI_CAPSULE_FIRMWARE_FIT)) {
1022 handle = NULL;
1023 ret = EFI_CALL(efi_install_multiple_protocol_interfaces(
1024 &handle, &efi_guid_firmware_management_protocol,
1025 &efi_fmp_fit, NULL));
1026 }
1027
1028 if (IS_ENABLED(CONFIG_EFI_CAPSULE_FIRMWARE_RAW)) {
1029 handle = NULL;
1030 ret = EFI_CALL(efi_install_multiple_protocol_interfaces(
1031 &handle,
1032 &efi_guid_firmware_management_protocol,
1033 &efi_fmp_raw, NULL));
1034 }
1035
1036 return ret;
1037 }
1038
1039 /**
1040 * check_run_capsules - Check whether capsule update should run
1041 *
1042 * The spec says OsIndications must be set in order to run the capsule update
1043 * on-disk. Since U-Boot doesn't support runtime SetVariable, allow capsules to
1044 * run explicitly if CONFIG_EFI_IGNORE_OSINDICATIONS is selected
1045 */
check_run_capsules(void)1046 static bool check_run_capsules(void)
1047 {
1048 u64 os_indications;
1049 efi_uintn_t size;
1050 efi_status_t ret;
1051
1052 if (IS_ENABLED(CONFIG_EFI_IGNORE_OSINDICATIONS))
1053 return true;
1054
1055 size = sizeof(os_indications);
1056 ret = efi_get_variable_int(L"OsIndications", &efi_global_variable_guid,
1057 NULL, &size, &os_indications, NULL);
1058 if (ret == EFI_SUCCESS &&
1059 (os_indications
1060 & EFI_OS_INDICATIONS_FILE_CAPSULE_DELIVERY_SUPPORTED))
1061 return true;
1062
1063 return false;
1064 }
1065
1066 /**
1067 * efi_launch_capsule - launch capsules
1068 *
1069 * Launch all the capsules in system at boot time.
1070 * Called by efi init code
1071 *
1072 * Return: status codde
1073 */
efi_launch_capsules(void)1074 efi_status_t efi_launch_capsules(void)
1075 {
1076 struct efi_capsule_header *capsule = NULL;
1077 u16 **files;
1078 unsigned int nfiles, index, i;
1079 efi_status_t ret;
1080
1081 if (!check_run_capsules())
1082 return EFI_SUCCESS;
1083
1084 index = get_last_capsule();
1085
1086 /*
1087 * Find capsules on disk.
1088 * All the capsules are collected at the beginning because
1089 * capsule files will be removed instantly.
1090 */
1091 nfiles = 0;
1092 files = NULL;
1093 ret = efi_capsule_scan_dir(&files, &nfiles);
1094 if (ret != EFI_SUCCESS)
1095 return ret;
1096 if (!nfiles)
1097 return EFI_SUCCESS;
1098
1099 /* Launch capsules */
1100 for (i = 0, ++index; i < nfiles; i++, index++) {
1101 log_debug("Applying %ls\n", files[i]);
1102 if (index > 0xffff)
1103 index = 0;
1104 ret = efi_capsule_read_file(files[i], &capsule);
1105 if (ret == EFI_SUCCESS) {
1106 ret = EFI_CALL(efi_update_capsule(&capsule, 1, 0));
1107 if (ret != EFI_SUCCESS)
1108 log_err("Applying capsule %ls failed\n",
1109 files[i]);
1110
1111 free(capsule);
1112 } else {
1113 log_err("Reading capsule %ls failed\n", files[i]);
1114 }
1115 /* create CapsuleXXXX */
1116 set_capsule_result(index, capsule, ret);
1117
1118 /* delete a capsule either in case of success or failure */
1119 ret = efi_capsule_delete_file(files[i]);
1120 if (ret != EFI_SUCCESS)
1121 log_err("Deleting capsule %ls failed\n",
1122 files[i]);
1123 }
1124 efi_capsule_scan_done();
1125
1126 for (i = 0; i < nfiles; i++)
1127 free(files[i]);
1128 free(files);
1129
1130 return ret;
1131 }
1132 #endif /* CONFIG_EFI_CAPSULE_ON_DISK */
1133