summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorEric Jin <eric.jin@intel.com>2019-07-26 15:45:19 +0800
committerLiming Gao <liming.gao@intel.com>2019-08-15 17:22:24 +0800
commit11d354945c204588c98f74cfd8b6d18433d621c4 (patch)
tree1ceb27f607301ff51a11f64bbd7a5e0438ba6f7c
parent278c3d48a7535a2c4aee01f8381ee56b13258c51 (diff)
downloadedk2-11d354945c204588c98f74cfd8b6d18433d621c4.tar.gz
edk2-11d354945c204588c98f74cfd8b6d18433d621c4.tar.bz2
edk2-11d354945c204588c98f74cfd8b6d18433d621c4.zip
FmpDevicePkg/FmpDxe: Add PcdFmpDeviceStorageAccessEnable
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1525 Add PCD PcdFmpDeviceStorageAccessEnable. If this PCD is TRUE, then the Firmware Management Protocol supports access to the firmware storage device. This is the default setting. If FALSE, then Firmware Management Protocol services that access the firmware storage device return EFI_UNSUPPORTED except GetImageInfo(). Setting this value to FALSE produces the smallest possible FmpDxe driver that still advertises the updatable firmware component in the ESRT. Cc: Sean Brogan <sean.brogan@microsoft.com> Cc: Bret Barkelew <Bret.Barkelew@microsoft.com> Cc: Liming Gao <liming.gao@intel.com> Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com> Reviewed-by: Eric Jin <eric.jin@intel.com> Reviewed-by: Liming Gao <liming.gao@intel.com>
-rw-r--r--FmpDevicePkg/FmpDevicePkg.dec12
-rw-r--r--FmpDevicePkg/FmpDevicePkg.dsc18
-rw-r--r--FmpDevicePkg/FmpDevicePkg.uni10
-rw-r--r--FmpDevicePkg/FmpDxe/FmpDxe.c12
-rw-r--r--FmpDevicePkg/FmpDxe/FmpDxe.inf1
-rw-r--r--FmpDevicePkg/FmpDxe/FmpDxeLib.inf1
6 files changed, 54 insertions, 0 deletions
diff --git a/FmpDevicePkg/FmpDevicePkg.dec b/FmpDevicePkg/FmpDevicePkg.dec
index 56ed5fbb4a..8312b7cb22 100644
--- a/FmpDevicePkg/FmpDevicePkg.dec
+++ b/FmpDevicePkg/FmpDevicePkg.dec
@@ -52,6 +52,18 @@
## Capsule Update Policy Protocol
gEdkiiCapuleUpdatePolicyProtocolGuid = { 0x487784c5, 0x6299, 0x4ba6, { 0xb0, 0x96, 0x5c, 0xc5, 0x27, 0x7c, 0xf7, 0x57 } }
+[PcdsFeatureFlag]
+ ## Indicates if the Firmware Management Protocol supports access to
+ # to a firmware storage device. If set to FALSE, then only GetImageInfo()
+ # is supported. This is used by FMP drivers that require the samllest
+ # possible Firmware Management Protocol implementation that supports
+ # advertising the updatable firmware device in the ESRT.<BR>
+ # TRUE - All Firmware Management Protocol services supported.<BR>
+ # FALSE - Firmware Management Protocol returns EFI_UNSUPPORTED for
+ # all services except GetImageInfo().<BR>
+ # @Prompt Firmware Device Storage Access Enabled.
+ gFmpDevicePkgTokenSpaceGuid.PcdFmpDeviceStorageAccessEnable|TRUE|BOOLEAN|0x40000011
+
[PcdsFixedAtBuild]
## The SHA-256 hash of a PKCS7 test key that is used to detect if a test key
# is being used to authenticate capsules. Test key detection is disabled by
diff --git a/FmpDevicePkg/FmpDevicePkg.dsc b/FmpDevicePkg/FmpDevicePkg.dsc
index 4e2bd8de3d..bf283b93ea 100644
--- a/FmpDevicePkg/FmpDevicePkg.dsc
+++ b/FmpDevicePkg/FmpDevicePkg.dsc
@@ -29,6 +29,12 @@
DEFINE SYSTEM_FMP_ESRT_GUID = B461B3BD-E62A-4A71-841C-50BA4E500267
DEFINE DEVICE_FMP_ESRT_GUID = 226034C4-8B67-4536-8653-D6EE7CE5A316
+ #
+ # TRUE - Build FmpDxe module for with storage access enabled
+ # FALSE - Build FmpDxe module for with storage access disabled
+ #
+ DEFINE DEVICE_FMP_STORAGE_ACCESS_ENABLE = TRUE
+
[LibraryClasses]
UefiDriverEntryPoint|MdePkg/Library/UefiDriverEntryPoint/UefiDriverEntryPoint.inf
UefiBootServicesTableLib|MdePkg/Library/UefiBootServicesTableLib/UefiBootServicesTableLib.inf
@@ -118,11 +124,23 @@
# FILE_GUID is used as ESRT GUID
#
FILE_GUID = $(DEVICE_FMP_ESRT_GUID)
+ <PcdsFeatureFlag>
+ gFmpDevicePkgTokenSpaceGuid.PcdFmpDeviceStorageAccessEnable|$(DEVICE_FMP_STORAGE_ACCESS_ENABLE)
<PcdsFixedAtBuild>
+!if $(DEVICE_FMP_STORAGE_ACCESS_ENABLE) == FALSE
+ #
+ # Disable test key detection
+ #
+ gFmpDevicePkgTokenSpaceGuid.PcdFmpDeviceTestKeySha256Digest|{0}
+!endif
#
# Unicode name string that is used to populate FMP Image Descriptor for this capsule update module
#
+!if $(DEVICE_FMP_STORAGE_ACCESS_ENABLE) == TRUE
gFmpDevicePkgTokenSpaceGuid.PcdFmpDeviceImageIdName|L"Sample Firmware Device"
+!else
+ gFmpDevicePkgTokenSpaceGuid.PcdFmpDeviceImageIdName|L"Sample Firmware Device No Storage Access"
+!endif
#
# Certificates used to authenticate capsule update image
#
diff --git a/FmpDevicePkg/FmpDevicePkg.uni b/FmpDevicePkg/FmpDevicePkg.uni
index b7fe643186..9e21130fae 100644
--- a/FmpDevicePkg/FmpDevicePkg.uni
+++ b/FmpDevicePkg/FmpDevicePkg.uni
@@ -16,6 +16,16 @@
#string STR_PACKAGE_DESCRIPTION #language en-US "This package provides libraries that support the implementation of a module that produces the Firmware Management Protocol to support the update of a system firmware component."
+#string STR_gFmpDevicePkgTokenSpaceGuid_PcdFmpDeviceStorageAccessEnable_PROMPT #language en-US "Firmware Device Storage Access Enabled."
+#string STR_gFmpDevicePkgTokenSpaceGuid_PcdFmpDeviceStorageAccessEnable_HELP #language en-US "Indicates if the Firmware Management Protocol supports access to"
+ "to a firmware storage device. If set to FALSE, then only GetImageInfo()"
+ "is supported. This is used by FMP drivers that require the samllest"
+ "possible Firmware Management Protocol implementation that supports"
+ "advertising the updatable firmware device in the ESRT.<BR>"
+ " TRUE - All Firmware Management Protocol services supported.<BR>"
+ " FALSE - Firmware Management Protocol returns EFI_UNSUPPORTED for"
+ " all services except GetImageInfo().<BR>"
+
#string STR_gFmpDevicePkgTokenSpaceGuid_PcdFmpDeviceTestKeySha256Digest_PROMPT #language en-US "SHA-256 hash of PKCS7 test key."
#string STR_gFmpDevicePkgTokenSpaceGuid_PcdFmpDeviceTestKeySha256Digest_HELP #language en-US "The SHA-256 hash of a PKCS7 test key that is used to detect if a test key"
"is being used to authenticate capsules. Test key detection can be disabled"
diff --git a/FmpDevicePkg/FmpDxe/FmpDxe.c b/FmpDevicePkg/FmpDxe/FmpDxe.c
index a53ded7380..3ca9d3526a 100644
--- a/FmpDevicePkg/FmpDxe/FmpDxe.c
+++ b/FmpDevicePkg/FmpDxe/FmpDxe.c
@@ -541,6 +541,10 @@ GetTheImage (
FIRMWARE_MANAGEMENT_PRIVATE_DATA *Private;
UINTN Size;
+ if (!FeaturePcdGet (PcdFmpDeviceStorageAccessEnable)) {
+ return EFI_UNSUPPORTED;
+ }
+
Status = EFI_SUCCESS;
//
@@ -715,6 +719,10 @@ CheckTheImage (
FmpHeaderSize = 0;
AllHeaderSize = 0;
+ if (!FeaturePcdGet (PcdFmpDeviceStorageAccessEnable)) {
+ return EFI_UNSUPPORTED;
+ }
+
//
// Retrieve the private context structure
//
@@ -970,6 +978,10 @@ SetTheImage (
IncommingFwVersion = 0;
LastAttemptStatus = LAST_ATTEMPT_STATUS_ERROR_UNSUCCESSFUL;
+ if (!FeaturePcdGet (PcdFmpDeviceStorageAccessEnable)) {
+ return EFI_UNSUPPORTED;
+ }
+
//
// Retrieve the private context structure
//
diff --git a/FmpDevicePkg/FmpDxe/FmpDxe.inf b/FmpDevicePkg/FmpDxe/FmpDxe.inf
index 65535a7f43..5487123935 100644
--- a/FmpDevicePkg/FmpDxe/FmpDxe.inf
+++ b/FmpDevicePkg/FmpDxe/FmpDxe.inf
@@ -61,6 +61,7 @@
gEdkiiFirmwareManagementProgressProtocolGuid ## PRODUCES
[Pcd]
+ gFmpDevicePkgTokenSpaceGuid.PcdFmpDeviceStorageAccessEnable ## CONSUMES
gFmpDevicePkgTokenSpaceGuid.PcdFmpDeviceImageIdName ## CONSUMES
gFmpDevicePkgTokenSpaceGuid.PcdFmpDeviceBuildTimeLowestSupportedVersion ## CONSUMES
gFmpDevicePkgTokenSpaceGuid.PcdFmpDeviceLockEventGuid ## CONSUMES
diff --git a/FmpDevicePkg/FmpDxe/FmpDxeLib.inf b/FmpDevicePkg/FmpDxe/FmpDxeLib.inf
index 3b10b57377..ba762b0b77 100644
--- a/FmpDevicePkg/FmpDxe/FmpDxeLib.inf
+++ b/FmpDevicePkg/FmpDxe/FmpDxeLib.inf
@@ -61,6 +61,7 @@
gEdkiiFirmwareManagementProgressProtocolGuid ## PRODUCES
[Pcd]
+ gFmpDevicePkgTokenSpaceGuid.PcdFmpDeviceStorageAccessEnable ## CONSUMES
gFmpDevicePkgTokenSpaceGuid.PcdFmpDeviceImageIdName ## CONSUMES
gFmpDevicePkgTokenSpaceGuid.PcdFmpDeviceBuildTimeLowestSupportedVersion ## CONSUMES
gFmpDevicePkgTokenSpaceGuid.PcdFmpDeviceLockEventGuid ## CONSUMES