summaryrefslogtreecommitdiffstats
path: root/SignedCapsulePkg/Library
diff options
context:
space:
mode:
authorJiewen Yao <jiewen.yao@intel.com>2016-09-21 10:02:21 +0800
committerJiewen Yao <jiewen.yao@intel.com>2016-11-08 22:40:58 +0800
commite29caef253e1cffe2a94ec40a549e5771eb28b80 (patch)
tree1d1e10f826860982f9771a36e2ecdec47c3cdace /SignedCapsulePkg/Library
parent384070fda3d7586ef93fc59add7a5afd2bbc006c (diff)
downloadedk2-e29caef253e1cffe2a94ec40a549e5771eb28b80.tar.gz
edk2-e29caef253e1cffe2a94ec40a549e5771eb28b80.tar.bz2
edk2-e29caef253e1cffe2a94ec40a549e5771eb28b80.zip
SignedCapsulePkg/EdkiiSystemCapsuleLib: Add EdkiiSystemCapsuleLib.
This library is used to abstract the action for EDKII system FMP capsule, such as extracting a component from capsule, or authenticate the capsule. Cc: Feng Tian <feng.tian@intel.com> Cc: Star Zeng <star.zeng@intel.com> Cc: Michael D Kinney <michael.d.kinney@intel.com> Cc: Liming Gao <liming.gao@intel.com> Cc: Chao Zhang <chao.b.zhang@intel.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Jiewen Yao <jiewen.yao@intel.com> Reviewed-by: Liming Gao <liming.gao@intel.com> Reviewed-by: Michael Kinney <michael.d.kinney@intel.com> Tested-by: Michael Kinney <michael.d.kinney@intel.com>
Diffstat (limited to 'SignedCapsulePkg/Library')
-rw-r--r--SignedCapsulePkg/Library/EdkiiSystemCapsuleLib/EdkiiSystemCapsuleLib.c671
-rw-r--r--SignedCapsulePkg/Library/EdkiiSystemCapsuleLib/EdkiiSystemCapsuleLib.inf61
-rw-r--r--SignedCapsulePkg/Library/EdkiiSystemCapsuleLib/EdkiiSystemCapsuleLib.uni22
3 files changed, 754 insertions, 0 deletions
diff --git a/SignedCapsulePkg/Library/EdkiiSystemCapsuleLib/EdkiiSystemCapsuleLib.c b/SignedCapsulePkg/Library/EdkiiSystemCapsuleLib/EdkiiSystemCapsuleLib.c
new file mode 100644
index 0000000000..27c6f4c0b4
--- /dev/null
+++ b/SignedCapsulePkg/Library/EdkiiSystemCapsuleLib/EdkiiSystemCapsuleLib.c
@@ -0,0 +1,671 @@
+/** @file
+ EDKII System Capsule library.
+
+ EDKII System Capsule library instance.
+
+ CapsuleAuthenticateSystemFirmware(), ExtractAuthenticatedImage() will receive
+ untrusted input and do basic validation.
+
+ Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
+ This program and the accompanying materials
+ are licensed and made available under the terms and conditions of the BSD License
+ which accompanies this distribution. The full text of the license may be found at
+ http://opensource.org/licenses/bsd-license.php
+
+ THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+
+**/
+
+#include <PiDxe.h>
+
+#include <Guid/SystemResourceTable.h>
+#include <Guid/FirmwareContentsSigned.h>
+#include <Guid/WinCertificate.h>
+#include <Guid/EdkiiSystemFmpCapsule.h>
+#include <Guid/WinCertificate.h>
+#include <Guid/ImageAuthentication.h>
+
+#include <Library/BaseLib.h>
+#include <Library/BaseMemoryLib.h>
+#include <Library/DebugLib.h>
+#include <Library/MemoryAllocationLib.h>
+#include <Library/EdkiiSystemCapsuleLib.h>
+#include <Library/FmpAuthenticationLib.h>
+
+#include <Protocol/FirmwareManagement.h>
+
+EDKII_SYSTEM_FIRMWARE_IMAGE_DESCRIPTOR *mImageFmpInfo;
+UINTN mImageFmpInfoSize;
+EFI_GUID mEdkiiSystemFirmwareFileGuid;
+
+/**
+ Check if a block of buffer is erased.
+
+ @param[in] ErasePolarity Erase polarity attribute of the firmware volume
+ @param[in] InBuffer The buffer to be checked
+ @param[in] BufferSize Size of the buffer in bytes
+
+ @retval TRUE The block of buffer is erased
+ @retval FALSE The block of buffer is not erased
+**/
+BOOLEAN
+IsBufferErased (
+ IN UINT8 ErasePolarity,
+ IN VOID *InBuffer,
+ IN UINTN BufferSize
+ )
+{
+ UINTN Count;
+ UINT8 EraseByte;
+ UINT8 *Buffer;
+
+ if(ErasePolarity == 1) {
+ EraseByte = 0xFF;
+ } else {
+ EraseByte = 0;
+ }
+
+ Buffer = InBuffer;
+ for (Count = 0; Count < BufferSize; Count++) {
+ if (Buffer[Count] != EraseByte) {
+ return FALSE;
+ }
+ }
+
+ return TRUE;
+}
+
+/**
+ Get Section buffer pointer by SectionType and SectionInstance.
+
+ @param[in] SectionBuffer The buffer of section
+ @param[in] SectionBufferSize The size of SectionBuffer in bytes
+ @param[in] SectionType The SectionType of Section to be found
+ @param[in] SectionInstance The Instance of Section to be found
+ @param[out] OutSectionBuffer The section found, including SECTION_HEADER
+ @param[out] OutSectionSize The size of section found, including SECTION_HEADER
+
+ @retval TRUE The FFS buffer is found.
+ @retval FALSE The FFS buffer is not found.
+**/
+BOOLEAN
+GetSectionByType (
+ IN VOID *SectionBuffer,
+ IN UINT32 SectionBufferSize,
+ IN EFI_SECTION_TYPE SectionType,
+ IN UINTN SectionInstance,
+ OUT VOID **OutSectionBuffer,
+ OUT UINTN *OutSectionSize
+ )
+{
+ EFI_COMMON_SECTION_HEADER *SectionHeader;
+ UINTN SectionSize;
+ UINTN Instance;
+
+ DEBUG ((DEBUG_INFO, "GetSectionByType - Buffer: 0x%08x - 0x%08x\n", SectionBuffer, SectionBufferSize));
+
+ //
+ // Find Section
+ //
+ SectionHeader = SectionBuffer;
+
+ Instance = 0;
+ while ((UINTN)SectionHeader < (UINTN)SectionBuffer + SectionBufferSize) {
+ DEBUG ((DEBUG_INFO, "GetSectionByType - Section: 0x%08x\n", SectionHeader));
+ if (IS_SECTION2(SectionHeader)) {
+ SectionSize = SECTION2_SIZE(SectionHeader);
+ } else {
+ SectionSize = SECTION_SIZE(SectionHeader);
+ }
+
+ if (SectionHeader->Type == SectionType) {
+ if (Instance == SectionInstance) {
+ *OutSectionBuffer = (UINT8 *)SectionHeader;
+ *OutSectionSize = SectionSize;
+ DEBUG((DEBUG_INFO, "GetSectionByType - 0x%x - 0x%x\n", *OutSectionBuffer, *OutSectionSize));
+ return TRUE;
+ } else {
+ DEBUG((DEBUG_INFO, "GetSectionByType - find section instance %x\n", Instance));
+ Instance++;
+ }
+ } else {
+ //
+ // Skip other section type
+ //
+ DEBUG ((DEBUG_INFO, "GetSectionByType - other section type 0x%x\n", SectionHeader->Type));
+ }
+
+ //
+ // Next Section
+ //
+ SectionHeader = (EFI_COMMON_SECTION_HEADER *)((UINTN)SectionHeader + ALIGN_VALUE(SectionSize, 4));
+ }
+
+ return FALSE;
+}
+
+/**
+ Get FFS buffer pointer by FileName GUID and FileType.
+
+ @param[in] FdStart The System Firmware FD image
+ @param[in] FdSize The size of System Firmware FD image
+ @param[in] FileName The FileName GUID of FFS to be found
+ @param[in] Type The FileType of FFS to be found
+ @param[out] OutFfsBuffer The FFS buffer found, including FFS_FILE_HEADER
+ @param[out] OutFfsBufferSize The size of FFS buffer found, including FFS_FILE_HEADER
+
+ @retval TRUE The FFS buffer is found.
+ @retval FALSE The FFS buffer is not found.
+**/
+BOOLEAN
+GetFfsByName (
+ IN VOID *FdStart,
+ IN UINTN FdSize,
+ IN EFI_GUID *FileName,
+ IN EFI_FV_FILETYPE Type,
+ OUT VOID **OutFfsBuffer,
+ OUT UINTN *OutFfsBufferSize
+ )
+{
+ UINTN FvSize;
+ EFI_FIRMWARE_VOLUME_HEADER *FvHeader;
+ EFI_FIRMWARE_VOLUME_EXT_HEADER *FvExtHeader;
+ EFI_FFS_FILE_HEADER *FfsHeader;
+ UINT32 FfsSize;
+ UINTN TestLength;
+ BOOLEAN FvFound;
+
+ DEBUG ((DEBUG_INFO, "GetFfsByName - FV: 0x%08x - 0x%08x\n", (UINTN)FdStart, (UINTN)FdSize));
+
+ FvFound = FALSE;
+ FvHeader = (EFI_FIRMWARE_VOLUME_HEADER *)FdStart;
+ while ((UINTN)FvHeader < (UINTN)FdStart + FdSize - 1) {
+ FvSize = (UINTN)FdStart + FdSize - (UINTN)FvHeader;
+
+ if (FvHeader->Signature != EFI_FVH_SIGNATURE) {
+ FvHeader = (EFI_FIRMWARE_VOLUME_HEADER *)((UINTN)FvHeader + SIZE_4KB);
+ continue;
+ }
+ DEBUG((DEBUG_ERROR, "checking FV....0x%08x - 0x%x\n", FvHeader, FvHeader->FvLength));
+ FvFound = TRUE;
+ if (FvHeader->FvLength > FvSize) {
+ DEBUG((DEBUG_ERROR, "GetFfsByName - FvSize: 0x%08x, MaxSize - 0x%08x\n", (UINTN)FvHeader->FvLength, (UINTN)FvSize));
+ return FALSE;
+ }
+ FvSize = (UINTN)FvHeader->FvLength;
+
+ //
+ // Find FFS
+ //
+ if (FvHeader->ExtHeaderOffset != 0) {
+ FvExtHeader = (EFI_FIRMWARE_VOLUME_EXT_HEADER *)((UINT8 *)FvHeader + FvHeader->ExtHeaderOffset);
+ FfsHeader = (EFI_FFS_FILE_HEADER *)((UINT8 *)FvExtHeader + FvExtHeader->ExtHeaderSize);
+ } else {
+ FfsHeader = (EFI_FFS_FILE_HEADER *)((UINT8 *)FvHeader + FvHeader->HeaderLength);
+ }
+ FfsHeader = (EFI_FFS_FILE_HEADER *)((UINTN)FvHeader + ALIGN_VALUE((UINTN)FfsHeader - (UINTN)FvHeader, 8));
+
+ while ((UINTN)FfsHeader < (UINTN)FvHeader + FvSize - 1) {
+ DEBUG((DEBUG_INFO, "GetFfsByName - FFS: 0x%08x\n", FfsHeader));
+ TestLength = (UINTN)((UINTN)FvHeader + FvSize - (UINTN)FfsHeader);
+ if (TestLength > sizeof(EFI_FFS_FILE_HEADER)) {
+ TestLength = sizeof(EFI_FFS_FILE_HEADER);
+ }
+ if (IsBufferErased(1, FfsHeader, TestLength)) {
+ break;
+ }
+
+ if (IS_FFS_FILE2(FfsHeader)) {
+ FfsSize = FFS_FILE2_SIZE(FfsHeader);
+ } else {
+ FfsSize = FFS_FILE_SIZE(FfsHeader);
+ }
+
+ if (CompareGuid(FileName, &FfsHeader->Name) &&
+ ((Type == EFI_FV_FILETYPE_ALL) || (FfsHeader->Type == Type))) {
+ //
+ // Check section
+ //
+ *OutFfsBuffer = FfsHeader;
+ *OutFfsBufferSize = FfsSize;
+ return TRUE;
+ } else {
+ //
+ // Any other type is not allowed
+ //
+ DEBUG((DEBUG_INFO, "GetFfsByName - other FFS type 0x%x, name %g\n", FfsHeader->Type, &FfsHeader->Name));
+ }
+
+ //
+ // Next File
+ //
+ FfsHeader = (EFI_FFS_FILE_HEADER *)((UINTN)FfsHeader + ALIGN_VALUE(FfsSize, 8));
+ }
+
+ //
+ // Next FV
+ //
+ FvHeader = (VOID *)(UINTN)((UINTN)FvHeader + FvHeader->FvLength);
+ DEBUG((DEBUG_ERROR, "Next FV....0x%08x - 0x%x\n", FvHeader, FvHeader->FvLength));
+ }
+
+ if (!FvFound) {
+ DEBUG((DEBUG_ERROR, "GetFfsByName - NO FV Found\n"));
+ }
+ return FALSE;
+}
+
+/**
+ Extract the driver FV from an authenticated image.
+
+ @param[in] AuthenticatedImage The authenticated capsule image.
+ @param[in] AuthenticatedImageSize The size of the authenticated capsule image in bytes.
+ @param[out] DriverFvImage The driver FV image.
+ @param[out] DriverFvImageSize The size of the driver FV image in bytes.
+
+ @retval TRUE The driver Fv is extracted.
+ @retval FALSE The driver Fv is not extracted.
+**/
+BOOLEAN
+EFIAPI
+ExtractDriverFvImage (
+ IN VOID *AuthenticatedImage,
+ IN UINTN AuthenticatedImageSize,
+ OUT VOID **DriverFvImage,
+ OUT UINTN *DriverFvImageSize
+ )
+{
+ BOOLEAN Result;
+ UINT32 FileHeaderSize;
+
+ *DriverFvImage = NULL;
+ *DriverFvImageSize = 0;
+
+ Result = GetFfsByName(AuthenticatedImage, AuthenticatedImageSize, &gEdkiiSystemFmpCapsuleDriverFvFileGuid, EFI_FV_FILETYPE_RAW, DriverFvImage, DriverFvImageSize);
+ if (!Result) {
+ return FALSE;
+ }
+
+ if (IS_FFS_FILE2(*DriverFvImage)) {
+ FileHeaderSize = sizeof(EFI_FFS_FILE_HEADER2);
+ } else {
+ FileHeaderSize = sizeof(EFI_FFS_FILE_HEADER);
+ }
+ *DriverFvImage = (UINT8 *)*DriverFvImage + FileHeaderSize;
+ *DriverFvImageSize = *DriverFvImageSize - FileHeaderSize;
+
+ return Result;
+}
+
+/**
+ Extract the config image from an authenticated image.
+
+ @param[in] AuthenticatedImage The authenticated capsule image.
+ @param[in] AuthenticatedImageSize The size of the authenticated capsule image in bytes.
+ @param[out] ConfigImage The config image.
+ @param[out] ConfigImageSize The size of the config image in bytes.
+
+ @retval TRUE The config image is extracted.
+ @retval FALSE The config image is not extracted.
+**/
+BOOLEAN
+EFIAPI
+ExtractConfigImage (
+ IN VOID *AuthenticatedImage,
+ IN UINTN AuthenticatedImageSize,
+ OUT VOID **ConfigImage,
+ OUT UINTN *ConfigImageSize
+ )
+{
+ BOOLEAN Result;
+ UINT32 FileHeaderSize;
+
+ *ConfigImage = NULL;
+ *ConfigImageSize = 0;
+
+ Result = GetFfsByName(AuthenticatedImage, AuthenticatedImageSize, &gEdkiiSystemFmpCapsuleConfigFileGuid, EFI_FV_FILETYPE_RAW, ConfigImage, ConfigImageSize);
+ if (!Result) {
+ return FALSE;
+ }
+
+ if (IS_FFS_FILE2(*ConfigImage)) {
+ FileHeaderSize = sizeof(EFI_FFS_FILE_HEADER2);
+ } else {
+ FileHeaderSize = sizeof(EFI_FFS_FILE_HEADER);
+ }
+ *ConfigImage = (UINT8 *)*ConfigImage + FileHeaderSize;
+ *ConfigImageSize = *ConfigImageSize - FileHeaderSize;
+
+ return Result;
+}
+
+/**
+ Extract the authenticated image from an FMP capsule image.
+
+ Caution: This function may receive untrusted input.
+
+ @param[in] Image The FMP capsule image, including EFI_FIRMWARE_IMAGE_AUTHENTICATION.
+ @param[in] ImageSize The size of FMP capsule image in bytes.
+ @param[out] LastAttemptStatus The last attempt status, which will be recorded in ESRT and FMP EFI_FIRMWARE_IMAGE_DESCRIPTOR.
+ @param[out] AuthenticatedImage The authenticated capsule image, excluding EFI_FIRMWARE_IMAGE_AUTHENTICATION.
+ @param[out] AuthenticatedImageSize The size of the authenticated capsule image in bytes.
+
+ @retval TRUE The authenticated image is extracted.
+ @retval FALSE The authenticated image is not extracted.
+**/
+BOOLEAN
+EFIAPI
+ExtractAuthenticatedImage (
+ IN VOID *Image,
+ IN UINTN ImageSize,
+ OUT UINT32 *LastAttemptStatus,
+ OUT VOID **AuthenticatedImage,
+ OUT UINTN *AuthenticatedImageSize
+ )
+{
+ EFI_FIRMWARE_IMAGE_AUTHENTICATION *ImageAuth;
+ EFI_STATUS Status;
+ GUID *CertType;
+ VOID *PublicKeyData;
+ UINTN PublicKeyDataLength;
+
+ DEBUG((DEBUG_INFO, "ExtractAuthenticatedImage - Image: 0x%08x - 0x%08x\n", (UINTN)Image, (UINTN)ImageSize));
+
+ *LastAttemptStatus = LAST_ATTEMPT_STATUS_ERROR_INVALID_FORMAT;
+ if ((Image == NULL) || (ImageSize == 0)) {
+ return FALSE;
+ }
+
+ ImageAuth = (EFI_FIRMWARE_IMAGE_AUTHENTICATION *)Image;
+ if (ImageSize < sizeof(EFI_FIRMWARE_IMAGE_AUTHENTICATION)) {
+ DEBUG((DEBUG_ERROR, "ExtractAuthenticatedImage - ImageSize too small\n"));
+ return FALSE;
+ }
+ if (ImageAuth->AuthInfo.Hdr.dwLength <= OFFSET_OF(WIN_CERTIFICATE_UEFI_GUID, CertData)) {
+ DEBUG((DEBUG_ERROR, "ExtractAuthenticatedImage - dwLength too small\n"));
+ return FALSE;
+ }
+ if (ImageAuth->AuthInfo.Hdr.dwLength > MAX_UINTN - sizeof(UINT64)) {
+ DEBUG((DEBUG_ERROR, "ExtractAuthenticatedImage - dwLength too big\n"));
+ return FALSE;
+ }
+ if (ImageSize <= sizeof(ImageAuth->MonotonicCount) + ImageAuth->AuthInfo.Hdr.dwLength) {
+ DEBUG((DEBUG_ERROR, "ExtractAuthenticatedImage - ImageSize too small\n"));
+ return FALSE;
+ }
+ if (ImageAuth->AuthInfo.Hdr.wRevision != 0x0200) {
+ DEBUG((DEBUG_ERROR, "ExtractAuthenticatedImage - wRevision: 0x%02x, expect - 0x%02x\n", (UINTN)ImageAuth->AuthInfo.Hdr.wRevision, (UINTN)0x0200));
+ return FALSE;
+ }
+ if (ImageAuth->AuthInfo.Hdr.wCertificateType != WIN_CERT_TYPE_EFI_GUID) {
+ DEBUG((DEBUG_ERROR, "ExtractAuthenticatedImage - wCertificateType: 0x%02x, expect - 0x%02x\n", (UINTN)ImageAuth->AuthInfo.Hdr.wCertificateType, (UINTN)WIN_CERT_TYPE_EFI_GUID));
+ return FALSE;
+ }
+
+ CertType = &ImageAuth->AuthInfo.CertType;
+ DEBUG((DEBUG_INFO, "ExtractAuthenticatedImage - CertType: %g\n", CertType));
+
+ if (CompareGuid(&gEfiCertPkcs7Guid, CertType)) {
+ PublicKeyData = PcdGetPtr(PcdPkcs7CertBuffer);
+ PublicKeyDataLength = PcdGetSize(PcdPkcs7CertBuffer);
+ } else if (CompareGuid(&gEfiCertTypeRsa2048Sha256Guid, CertType)) {
+ PublicKeyData = PcdGetPtr(PcdRsa2048Sha256PublicKeyBuffer);
+ PublicKeyDataLength = PcdGetSize(PcdRsa2048Sha256PublicKeyBuffer);
+ } else {
+ return FALSE;
+ }
+
+ Status = AuthenticateFmpImage(
+ ImageAuth,
+ ImageSize,
+ PublicKeyData,
+ PublicKeyDataLength
+ );
+ switch (Status) {
+ case RETURN_SUCCESS:
+ *LastAttemptStatus = LAST_ATTEMPT_STATUS_SUCCESS;
+ break;
+ case RETURN_SECURITY_VIOLATION:
+ *LastAttemptStatus = LAST_ATTEMPT_STATUS_ERROR_AUTH_ERROR;
+ break;
+ case RETURN_INVALID_PARAMETER:
+ *LastAttemptStatus = LAST_ATTEMPT_STATUS_ERROR_INVALID_FORMAT;
+ break;
+ case RETURN_UNSUPPORTED:
+ *LastAttemptStatus = LAST_ATTEMPT_STATUS_ERROR_INVALID_FORMAT;
+ break;
+ case RETURN_OUT_OF_RESOURCES:
+ *LastAttemptStatus = LAST_ATTEMPT_STATUS_ERROR_INSUFFICIENT_RESOURCES;
+ break;
+ default:
+ *LastAttemptStatus = LAST_ATTEMPT_STATUS_ERROR_UNSUCCESSFUL;
+ break;
+ }
+ if (EFI_ERROR(Status)) {
+ return FALSE;
+ }
+
+ if (AuthenticatedImage != NULL) {
+ *AuthenticatedImage = (UINT8 *)ImageAuth + ImageAuth->AuthInfo.Hdr.dwLength + sizeof(ImageAuth->MonotonicCount);
+ }
+ if (AuthenticatedImageSize != NULL) {
+ *AuthenticatedImageSize = ImageSize - ImageAuth->AuthInfo.Hdr.dwLength - sizeof(ImageAuth->MonotonicCount);
+ }
+ return TRUE;
+}
+
+/**
+ Extract ImageFmpInfo from system firmware.
+
+ @param[in] SystemFirmwareImage The System Firmware image.
+ @param[in] SystemFirmwareImageSize The size of the System Firmware image in bytes.
+ @param[out] ImageFmpInfo The ImageFmpInfo.
+ @param[out] ImageFmpInfoSize The size of the ImageFmpInfo in bytes.
+
+ @retval TRUE The ImageFmpInfo is extracted.
+ @retval FALSE The ImageFmpInfo is not extracted.
+**/
+BOOLEAN
+EFIAPI
+ExtractSystemFirmwareImageFmpInfo (
+ IN VOID *SystemFirmwareImage,
+ IN UINTN SystemFirmwareImageSize,
+ OUT EDKII_SYSTEM_FIRMWARE_IMAGE_DESCRIPTOR **ImageFmpInfo,
+ OUT UINTN *ImageFmpInfoSize
+ )
+{
+ BOOLEAN Result;
+ UINT32 SectionHeaderSize;
+ UINT32 FileHeaderSize;
+
+ *ImageFmpInfo = NULL;
+ *ImageFmpInfoSize = 0;
+
+ Result = GetFfsByName(SystemFirmwareImage, SystemFirmwareImageSize, &gEdkiiSystemFirmwareImageDescriptorFileGuid, EFI_FV_FILETYPE_ALL, (VOID **)ImageFmpInfo, ImageFmpInfoSize);
+ if (!Result) {
+ return FALSE;
+ }
+ if (IS_FFS_FILE2 (*ImageFmpInfo)) {
+ FileHeaderSize = sizeof(EFI_FFS_FILE_HEADER2);
+ } else {
+ FileHeaderSize = sizeof(EFI_FFS_FILE_HEADER);
+ }
+ *ImageFmpInfo = (VOID *)((UINT8 *)*ImageFmpInfo + FileHeaderSize);
+ *ImageFmpInfoSize = *ImageFmpInfoSize - FileHeaderSize;
+
+ Result = GetSectionByType(*ImageFmpInfo, (UINT32)*ImageFmpInfoSize, EFI_SECTION_RAW, 0, (VOID **)ImageFmpInfo, ImageFmpInfoSize);
+ if (!Result) {
+ return FALSE;
+ }
+ if (IS_SECTION2(*ImageFmpInfo)) {
+ SectionHeaderSize = sizeof(EFI_RAW_SECTION2);
+ } else {
+ SectionHeaderSize = sizeof(EFI_RAW_SECTION);
+ }
+ *ImageFmpInfo = (VOID *)((UINT8 *)*ImageFmpInfo + SectionHeaderSize);
+ *ImageFmpInfoSize = *ImageFmpInfoSize - SectionHeaderSize;
+
+ return TRUE;
+}
+
+/**
+ Extract the System Firmware image from an authenticated image.
+
+ @param[in] AuthenticatedImage The authenticated capsule image.
+ @param[in] AuthenticatedImageSize The size of the authenticated capsule image in bytes.
+ @param[out] SystemFirmwareImage The System Firmware image.
+ @param[out] SystemFirmwareImageSize The size of the System Firmware image in bytes.
+
+ @retval TRUE The System Firmware image is extracted.
+ @retval FALSE The System Firmware image is not extracted.
+**/
+BOOLEAN
+EFIAPI
+ExtractSystemFirmwareImage (
+ IN VOID *AuthenticatedImage,
+ IN UINTN AuthenticatedImageSize,
+ OUT VOID **SystemFirmwareImage,
+ OUT UINTN *SystemFirmwareImageSize
+ )
+{
+ BOOLEAN Result;
+ UINT32 FileHeaderSize;
+
+ *SystemFirmwareImage = NULL;
+ *SystemFirmwareImageSize = 0;
+
+ Result = GetFfsByName(AuthenticatedImage, AuthenticatedImageSize, &mEdkiiSystemFirmwareFileGuid, EFI_FV_FILETYPE_RAW, SystemFirmwareImage, SystemFirmwareImageSize);
+ if (!Result) {
+ // no nested FV, just return all data.
+ *SystemFirmwareImage = AuthenticatedImage;
+ *SystemFirmwareImageSize = AuthenticatedImageSize;
+
+ return TRUE;
+ }
+ if (IS_FFS_FILE2 (*SystemFirmwareImage)) {
+ FileHeaderSize = sizeof(EFI_FFS_FILE_HEADER2);
+ } else {
+ FileHeaderSize = sizeof(EFI_FFS_FILE_HEADER);
+ }
+ *SystemFirmwareImage = (UINT8 *)*SystemFirmwareImage + FileHeaderSize;
+ *SystemFirmwareImageSize = *SystemFirmwareImageSize - FileHeaderSize;
+
+ return Result;
+}
+
+/**
+ Authenticated system firmware FMP capsule image.
+
+ Caution: This function may receive untrusted input.
+
+ @param[in] Image The FMP capsule image, including EFI_FIRMWARE_IMAGE_AUTHENTICATION.
+ @param[in] ImageSize The size of FMP capsule image in bytes.
+ @param[in] ForceVersionMatch TRUE: The version of capsule must be as same as the version of current image.
+ FALSE: The version of capsule must be as same as greater than the lowest
+ supported version of current image.
+ @param[out] LastAttemptVersion The last attempt version, which will be recorded in ESRT and FMP EFI_FIRMWARE_IMAGE_DESCRIPTOR.
+ @param[out] LastAttemptStatus The last attempt status, which will be recorded in ESRT and FMP EFI_FIRMWARE_IMAGE_DESCRIPTOR.
+ @param[out] AuthenticatedImage The authenticated capsule image, excluding EFI_FIRMWARE_IMAGE_AUTHENTICATION.
+ @param[out] AuthenticatedImageSize The size of the authenticated capsule image in bytes.
+
+ @retval TRUE Authentication passes and the authenticated image is extracted.
+ @retval FALSE Authentication fails and the authenticated image is not extracted.
+**/
+EFI_STATUS
+EFIAPI
+CapsuleAuthenticateSystemFirmware (
+ IN VOID *Image,
+ IN UINTN ImageSize,
+ IN BOOLEAN ForceVersionMatch,
+ OUT UINT32 *LastAttemptVersion,
+ OUT UINT32 *LastAttemptStatus,
+ OUT VOID **AuthenticatedImage,
+ OUT UINTN *AuthenticatedImageSize
+ )
+{
+ BOOLEAN Result;
+ EDKII_SYSTEM_FIRMWARE_IMAGE_DESCRIPTOR *ImageFmpInfo;
+ UINTN ImageFmpInfoSize;
+ EDKII_SYSTEM_FIRMWARE_IMAGE_DESCRIPTOR *CurrentImageFmpInfo;
+ UINTN CurrentImageFmpInfoSize;
+ VOID *SystemFirmwareImage;
+ UINTN SystemFirmwareImageSize;
+
+ *LastAttemptVersion = 0;
+
+ //
+ // NOTE: This function need run in an isolated environment.
+ // Do not touch FMP protocol and its private structure.
+ //
+
+ Result = ExtractAuthenticatedImage((VOID *)Image, ImageSize, LastAttemptStatus, AuthenticatedImage, AuthenticatedImageSize);
+ if (!Result) {
+ DEBUG((DEBUG_INFO, "ExtractAuthenticatedImage - fail\n"));
+ return EFI_SECURITY_VIOLATION;
+ }
+
+ DEBUG((DEBUG_INFO, "AuthenticatedImage - 0x%x - 0x%x\n", *AuthenticatedImage, *AuthenticatedImageSize));
+
+ Result = ExtractSystemFirmwareImage(*AuthenticatedImage, *AuthenticatedImageSize, &SystemFirmwareImage, &SystemFirmwareImageSize);
+ if (!Result) {
+ *LastAttemptStatus = LAST_ATTEMPT_STATUS_ERROR_INVALID_FORMAT;
+ DEBUG((DEBUG_INFO, "ExtractSystemFirmwareImage - fail\n"));
+ return EFI_SECURITY_VIOLATION;
+ }
+ DEBUG((DEBUG_INFO, "SystemFirmwareImage - 0x%x - 0x%x\n", SystemFirmwareImage, SystemFirmwareImageSize));
+
+ Result = ExtractSystemFirmwareImageFmpInfo(SystemFirmwareImage, SystemFirmwareImageSize, &ImageFmpInfo, &ImageFmpInfoSize);
+ if (!Result) {
+ *LastAttemptStatus = LAST_ATTEMPT_STATUS_ERROR_INVALID_FORMAT;
+ DEBUG((DEBUG_INFO, "ExtractSystemFirmwareImageFmpInfo - fail\n"));
+ return EFI_SECURITY_VIOLATION;
+ }
+
+ *LastAttemptVersion = ImageFmpInfo->Version;
+ DEBUG((DEBUG_INFO, "ImageFmpInfo - 0x%x - 0x%x\n", ImageFmpInfo, ImageFmpInfoSize));
+ DEBUG((DEBUG_INFO, "NewImage Version - 0x%x\n", ImageFmpInfo->Version));
+ DEBUG((DEBUG_INFO, "NewImage LowestSupportedImageVersion - 0x%x\n", ImageFmpInfo->LowestSupportedImageVersion));
+
+ CurrentImageFmpInfo = mImageFmpInfo;
+ CurrentImageFmpInfoSize = mImageFmpInfoSize;
+
+ DEBUG((DEBUG_INFO, "ImageFmpInfo - 0x%x - 0x%x\n", CurrentImageFmpInfo, CurrentImageFmpInfoSize));
+ DEBUG((DEBUG_INFO, "Current Version - 0x%x\n", CurrentImageFmpInfo->Version));
+ DEBUG((DEBUG_INFO, "Current LowestSupportedImageVersion - 0x%x\n", CurrentImageFmpInfo->LowestSupportedImageVersion));
+
+ if (ForceVersionMatch) {
+ if (CurrentImageFmpInfo->Version != ImageFmpInfo->Version) {
+ *LastAttemptStatus = LAST_ATTEMPT_STATUS_ERROR_INCORRECT_VERSION;
+ DEBUG((DEBUG_INFO, "ForceVersionMatch check - fail\n"));
+ return EFI_SECURITY_VIOLATION;
+ }
+ } else {
+ if (CurrentImageFmpInfo->Version < ImageFmpInfo->LowestSupportedImageVersion) {
+ *LastAttemptStatus = LAST_ATTEMPT_STATUS_ERROR_INCORRECT_VERSION;
+ DEBUG((DEBUG_INFO, "LowestSupportedImageVersion check - fail\n"));
+ return EFI_SECURITY_VIOLATION;
+ }
+ }
+
+ *LastAttemptStatus = LAST_ATTEMPT_STATUS_SUCCESS;
+ return EFI_SUCCESS;
+}
+
+/**
+ The constructor function.
+
+ @retval EFI_SUCCESS The constructor successfully .
+**/
+EFI_STATUS
+EFIAPI
+EdkiiSystemCapsuleLibConstructor (
+ VOID
+ )
+{
+ mImageFmpInfoSize = PcdGetSize(PcdEdkiiSystemFirmwareImageDescriptor);
+ mImageFmpInfo = AllocateCopyPool (mImageFmpInfoSize, PcdGetPtr(PcdEdkiiSystemFirmwareImageDescriptor));
+ ASSERT(mImageFmpInfo != NULL);
+ CopyGuid(&mEdkiiSystemFirmwareFileGuid, PcdGetPtr(PcdEdkiiSystemFirmwareFileGuid));
+ return EFI_SUCCESS;
+}
diff --git a/SignedCapsulePkg/Library/EdkiiSystemCapsuleLib/EdkiiSystemCapsuleLib.inf b/SignedCapsulePkg/Library/EdkiiSystemCapsuleLib/EdkiiSystemCapsuleLib.inf
new file mode 100644
index 0000000000..3c629ee32f
--- /dev/null
+++ b/SignedCapsulePkg/Library/EdkiiSystemCapsuleLib/EdkiiSystemCapsuleLib.inf
@@ -0,0 +1,61 @@
+## @file
+# EDKII System Capsule library.
+#
+# EDKII System Capsule library instance for DXE/PEI post memory phase.
+#
+# Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
+# This program and the accompanying materials
+# are licensed and made available under the terms and conditions of the BSD License
+# which accompanies this distribution. The full text of the license may be found at
+# http://opensource.org/licenses/bsd-license.php
+#
+# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+#
+##
+
+[Defines]
+ INF_VERSION = 0x00010005
+ BASE_NAME = EdkiiSystemCapsuleLib
+ MODULE_UNI_FILE = EdkiiSystemCapsuleLib.uni
+ FILE_GUID = 109D5FC6-56E6-481A-88EF-0CB828FBE0F6
+ MODULE_TYPE = BASE
+ VERSION_STRING = 1.0
+ LIBRARY_CLASS = EdkiiSystemCapsuleLib
+ CONSTRUCTOR = EdkiiSystemCapsuleLibConstructor
+
+#
+# The following information is for reference only and not required by the build tools.
+#
+# VALID_ARCHITECTURES = IA32 X64 IPF EBC
+#
+
+[Sources]
+ EdkiiSystemCapsuleLib.c
+
+[Packages]
+ MdePkg/MdePkg.dec
+ MdeModulePkg/MdeModulePkg.dec
+ SecurityPkg/SecurityPkg.dec
+ SignedCapsulePkg/SignedCapsulePkg.dec
+
+[LibraryClasses]
+ BaseLib
+ BaseMemoryLib
+ DebugLib
+ MemoryAllocationLib
+ FmpAuthenticationLib
+
+[Pcd]
+ gEfiSignedCapsulePkgTokenSpaceGuid.PcdEdkiiSystemFirmwareImageDescriptor
+ gEfiSignedCapsulePkgTokenSpaceGuid.PcdEdkiiSystemFirmwareFileGuid
+ gEfiSecurityPkgTokenSpaceGuid.PcdRsa2048Sha256PublicKeyBuffer
+ gEfiSecurityPkgTokenSpaceGuid.PcdPkcs7CertBuffer
+
+[Guids]
+ gEdkiiSystemFirmwareImageDescriptorFileGuid
+ gEdkiiSystemFmpCapsuleConfigFileGuid
+ gEdkiiSystemFmpCapsuleDriverFvFileGuid
+ gEfiCertPkcs7Guid
+ gEfiCertTypeRsa2048Sha256Guid
+
diff --git a/SignedCapsulePkg/Library/EdkiiSystemCapsuleLib/EdkiiSystemCapsuleLib.uni b/SignedCapsulePkg/Library/EdkiiSystemCapsuleLib/EdkiiSystemCapsuleLib.uni
new file mode 100644
index 0000000000..93e959eaeb
--- /dev/null
+++ b/SignedCapsulePkg/Library/EdkiiSystemCapsuleLib/EdkiiSystemCapsuleLib.uni
@@ -0,0 +1,22 @@
+// /** @file
+// EDKII System Capsule library.
+//
+// EDKII System Capsule library instance for DXE/PEI post memory phase.
+//
+// Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
+//
+// This program and the accompanying materials
+// are licensed and made available under the terms and conditions of the BSD License
+// which accompanies this distribution. The full text of the license may be found at
+// http://opensource.org/licenses/bsd-license.php
+//
+// THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+// WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+//
+// **/
+
+
+#string STR_MODULE_ABSTRACT #language en-US "EDKII System Capsule library."
+
+#string STR_MODULE_DESCRIPTION #language en-US "EDKII System Capsule library instance for DXE/PEI post memory phase."
+