1 /** @file 2 Microcode update header file. 3 4 Copyright (c) 2016, Intel Corporation. All rights reserved.<BR> 5 This program and the accompanying materials 6 are licensed and made available under the terms and conditions of the BSD License 7 which accompanies this distribution. The full text of the license may be found at 8 http://opensource.org/licenses/bsd-license.php 9 10 THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, 11 WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. 12 13 **/ 14 15 #ifndef _MICROCODE_FMP_H_ 16 #define _MICROCODE_FMP_H_ 17 18 #include <PiDxe.h> 19 20 #include <Guid/SystemResourceTable.h> 21 #include <Guid/MicrocodeFmp.h> 22 23 #include <Protocol/FirmwareManagement.h> 24 #include <Protocol/MpService.h> 25 26 #include <Library/BaseLib.h> 27 #include <Library/BaseMemoryLib.h> 28 #include <Library/DebugLib.h> 29 #include <Library/MemoryAllocationLib.h> 30 #include <Library/PcdLib.h> 31 #include <Library/UefiBootServicesTableLib.h> 32 #include <Library/UefiLib.h> 33 #include <Library/UefiRuntimeServicesTableLib.h> 34 #include <Library/UefiDriverEntryPoint.h> 35 #include <Library/DevicePathLib.h> 36 #include <Library/HobLib.h> 37 #include <Library/MicrocodeFlashAccessLib.h> 38 39 #include <Register/Cpuid.h> 40 #include <Register/Msr.h> 41 #include <Register/Microcode.h> 42 43 #define MICROCODE_FMP_PRIVATE_DATA_SIGNATURE SIGNATURE_32('M', 'C', 'U', 'F') 44 45 // 46 // Microcode FMP private data structure. 47 // 48 49 typedef struct { 50 UINT32 LastAttemptVersion; 51 UINT32 LastAttemptStatus; 52 } MICROCODE_FMP_LAST_ATTEMPT_VARIABLE; 53 54 typedef struct { 55 CPU_MICROCODE_HEADER *MicrocodeEntryPoint; 56 UINTN TotalSize; 57 BOOLEAN InUse; 58 } MICROCODE_INFO; 59 60 typedef struct { 61 UINTN CpuIndex; 62 UINT32 ProcessorSignature; 63 UINT8 PlatformId; 64 UINT32 MicrocodeRevision; 65 UINTN MicrocodeIndex; 66 } PROCESSOR_INFO; 67 68 typedef struct { 69 UINT64 Address; 70 UINT32 Revision; 71 } MICROCODE_LOAD_BUFFER; 72 73 struct _MICROCODE_FMP_PRIVATE_DATA { 74 UINT32 Signature; 75 EFI_FIRMWARE_MANAGEMENT_PROTOCOL Fmp; 76 EFI_HANDLE Handle; 77 VOID *MicrocodePatchAddress; 78 UINTN MicrocodePatchRegionSize; 79 UINT8 DescriptorCount; 80 EFI_FIRMWARE_IMAGE_DESCRIPTOR *ImageDescriptor; 81 MICROCODE_INFO *MicrocodeInfo; 82 UINT32 PackageVersion; 83 CHAR16 *PackageVersionName; 84 MICROCODE_FMP_LAST_ATTEMPT_VARIABLE LastAttempt; 85 EFI_MP_SERVICES_PROTOCOL *MpService; 86 UINTN BspIndex; 87 UINTN ProcessorCount; 88 PROCESSOR_INFO *ProcessorInfo; 89 }; 90 91 typedef struct _MICROCODE_FMP_PRIVATE_DATA MICROCODE_FMP_PRIVATE_DATA; 92 93 #define MICROCODE_FMP_LAST_ATTEMPT_VARIABLE_NAME L"MicrocodeLastAttempVar" 94 95 /** 96 Returns a pointer to the MICROCODE_FMP_PRIVATE_DATA structure from the input a as Fmp. 97 98 If the signatures matches, then a pointer to the data structure that contains 99 a specified field of that data structure is returned. 100 101 @param a Pointer to the field specified by ServiceBinding within 102 a data structure of type MICROCODE_FMP_PRIVATE_DATA. 103 104 **/ 105 #define MICROCODE_FMP_PRIVATE_DATA_FROM_FMP(a) \ 106 CR ( \ 107 (a), \ 108 MICROCODE_FMP_PRIVATE_DATA, \ 109 Fmp, \ 110 MICROCODE_FMP_PRIVATE_DATA_SIGNATURE \ 111 ) 112 113 /** 114 Get Microcode Region. 115 116 @param[out] MicrocodePatchAddress The address of Microcode 117 @param[out] MicrocodePatchRegionSize The region size of Microcode 118 119 @retval TRUE The Microcode region is returned. 120 @retval FALSE No Microcode region. 121 **/ 122 BOOLEAN 123 GetMicrocodeRegion ( 124 OUT VOID **MicrocodePatchAddress, 125 OUT UINTN *MicrocodePatchRegionSize 126 ); 127 128 /** 129 Collect processor information. 130 The function prototype for invoking a function on an Application Processor. 131 132 @param[in,out] Buffer The pointer to private data buffer. 133 **/ 134 VOID 135 EFIAPI 136 CollectProcessorInfo ( 137 IN OUT VOID *Buffer 138 ); 139 140 /** 141 Get current Microcode information. 142 143 The ProcessorInformation (BspIndex/ProcessorCount/ProcessorInfo) 144 in MicrocodeFmpPrivate must be initialized. 145 146 The MicrocodeInformation (DescriptorCount/ImageDescriptor/MicrocodeInfo) 147 in MicrocodeFmpPrivate may not be avaiable in this function. 148 149 @param[in] MicrocodeFmpPrivate The Microcode driver private data 150 @param[in] DescriptorCount The count of Microcode ImageDescriptor allocated. 151 @param[out] ImageDescriptor Microcode ImageDescriptor 152 @param[out] MicrocodeInfo Microcode information 153 154 @return Microcode count 155 **/ 156 UINTN 157 GetMicrocodeInfo ( 158 IN MICROCODE_FMP_PRIVATE_DATA *MicrocodeFmpPrivate, 159 IN UINTN DescriptorCount, OPTIONAL 160 OUT EFI_FIRMWARE_IMAGE_DESCRIPTOR *ImageDescriptor, OPTIONAL 161 OUT MICROCODE_INFO *MicrocodeInfo OPTIONAL 162 ); 163 164 /** 165 Verify Microcode. 166 167 Caution: This function may receive untrusted input. 168 169 @param[in] MicrocodeFmpPrivate The Microcode driver private data 170 @param[in] Image The Microcode image buffer. 171 @param[in] ImageSize The size of Microcode image buffer in bytes. 172 @param[in] TryLoad Try to load Microcode or not. 173 @param[out] LastAttemptStatus The last attempt status, which will be recorded in ESRT and FMP EFI_FIRMWARE_IMAGE_DESCRIPTOR. 174 @param[out] AbortReason A pointer to a pointer to a null-terminated string providing more 175 details for the aborted operation. The buffer is allocated by this function 176 with AllocatePool(), and it is the caller's responsibility to free it with a 177 call to FreePool(). 178 @param[in, out] TargetCpuIndex On input, the index of target CPU which tries to match the Microcode. (UINTN)-1 means to try all. 179 On output, the index of target CPU which matches the Microcode. 180 181 @retval EFI_SUCCESS The Microcode image passes verification. 182 @retval EFI_VOLUME_CORRUPTED The Microcode image is corrupt. 183 @retval EFI_INCOMPATIBLE_VERSION The Microcode image version is incorrect. 184 @retval EFI_UNSUPPORTED The Microcode ProcessorSignature or ProcessorFlags is incorrect. 185 @retval EFI_SECURITY_VIOLATION The Microcode image fails to load. 186 **/ 187 EFI_STATUS 188 VerifyMicrocode ( 189 IN MICROCODE_FMP_PRIVATE_DATA *MicrocodeFmpPrivate, 190 IN VOID *Image, 191 IN UINTN ImageSize, 192 IN BOOLEAN TryLoad, 193 OUT UINT32 *LastAttemptStatus, 194 OUT CHAR16 **AbortReason, OPTIONAL 195 IN OUT UINTN *TargetCpuIndex OPTIONAL 196 ); 197 198 /** 199 Write Microcode. 200 201 @param[in] MicrocodeFmpPrivate The Microcode driver private data 202 @param[in] Image The Microcode image buffer. 203 @param[in] ImageSize The size of Microcode image buffer in bytes. 204 @param[out] LastAttemptVersion The last attempt version, which will be recorded in ESRT and FMP EFI_FIRMWARE_IMAGE_DESCRIPTOR. 205 @param[out] LastAttemptStatus The last attempt status, which will be recorded in ESRT and FMP EFI_FIRMWARE_IMAGE_DESCRIPTOR. 206 @param[out] AbortReason A pointer to a pointer to a null-terminated string providing more 207 details for the aborted operation. The buffer is allocated by this function 208 with AllocatePool(), and it is the caller's responsibility to free it with a 209 call to FreePool(). 210 211 @retval EFI_SUCCESS The Microcode image is written. 212 @retval EFI_VOLUME_CORRUPTED The Microcode image is corrupt. 213 @retval EFI_INCOMPATIBLE_VERSION The Microcode image version is incorrect. 214 @retval EFI_SECURITY_VIOLATION The Microcode image fails to load. 215 @retval EFI_WRITE_PROTECTED The flash device is read only. 216 **/ 217 EFI_STATUS 218 MicrocodeWrite ( 219 IN MICROCODE_FMP_PRIVATE_DATA *MicrocodeFmpPrivate, 220 IN VOID *Image, 221 IN UINTN ImageSize, 222 OUT UINT32 *LastAttemptVersion, 223 OUT UINT32 *LastAttemptStatus, 224 OUT CHAR16 **AbortReason 225 ); 226 227 /** 228 Dump private information. 229 230 @param[in] MicrocodeFmpPrivate private data structure. 231 **/ 232 VOID 233 DumpPrivateInfo ( 234 IN MICROCODE_FMP_PRIVATE_DATA *MicrocodeFmpPrivate 235 ); 236 237 /** 238 Returns information about the current firmware image(s) of the device. 239 240 This function allows a copy of the current firmware image to be created and saved. 241 The saved copy could later been used, for example, in firmware image recovery or rollback. 242 243 @param[in] This A pointer to the EFI_FIRMWARE_MANAGEMENT_PROTOCOL instance. 244 @param[in, out] ImageInfoSize A pointer to the size, in bytes, of the ImageInfo buffer. 245 On input, this is the size of the buffer allocated by the caller. 246 On output, it is the size of the buffer returned by the firmware 247 if the buffer was large enough, or the size of the buffer needed 248 to contain the image(s) information if the buffer was too small. 249 @param[in, out] ImageInfo A pointer to the buffer in which firmware places the current image(s) 250 information. The information is an array of EFI_FIRMWARE_IMAGE_DESCRIPTORs. 251 @param[out] DescriptorVersion A pointer to the location in which firmware returns the version number 252 associated with the EFI_FIRMWARE_IMAGE_DESCRIPTOR. 253 @param[out] DescriptorCount A pointer to the location in which firmware returns the number of 254 descriptors or firmware images within this device. 255 @param[out] DescriptorSize A pointer to the location in which firmware returns the size, in bytes, 256 of an individual EFI_FIRMWARE_IMAGE_DESCRIPTOR. 257 @param[out] PackageVersion A version number that represents all the firmware images in the device. 258 The format is vendor specific and new version must have a greater value 259 than the old version. If PackageVersion is not supported, the value is 260 0xFFFFFFFF. A value of 0xFFFFFFFE indicates that package version comparison 261 is to be performed using PackageVersionName. A value of 0xFFFFFFFD indicates 262 that package version update is in progress. 263 @param[out] PackageVersionName A pointer to a pointer to a null-terminated string representing the 264 package version name. The buffer is allocated by this function with 265 AllocatePool(), and it is the caller's responsibility to free it with a call 266 to FreePool(). 267 268 @retval EFI_SUCCESS The device was successfully updated with the new image. 269 @retval EFI_BUFFER_TOO_SMALL The ImageInfo buffer was too small. The current buffer size 270 needed to hold the image(s) information is returned in ImageInfoSize. 271 @retval EFI_INVALID_PARAMETER ImageInfoSize is NULL. 272 @retval EFI_DEVICE_ERROR Valid information could not be returned. Possible corrupted image. 273 274 **/ 275 EFI_STATUS 276 EFIAPI 277 FmpGetImageInfo ( 278 IN EFI_FIRMWARE_MANAGEMENT_PROTOCOL *This, 279 IN OUT UINTN *ImageInfoSize, 280 IN OUT EFI_FIRMWARE_IMAGE_DESCRIPTOR *ImageInfo, 281 OUT UINT32 *DescriptorVersion, 282 OUT UINT8 *DescriptorCount, 283 OUT UINTN *DescriptorSize, 284 OUT UINT32 *PackageVersion, 285 OUT CHAR16 **PackageVersionName 286 ); 287 288 /** 289 Retrieves a copy of the current firmware image of the device. 290 291 This function allows a copy of the current firmware image to be created and saved. 292 The saved copy could later been used, for example, in firmware image recovery or rollback. 293 294 @param[in] This A pointer to the EFI_FIRMWARE_MANAGEMENT_PROTOCOL instance. 295 @param[in] ImageIndex A unique number identifying the firmware image(s) within the device. 296 The number is between 1 and DescriptorCount. 297 @param[in,out] Image Points to the buffer where the current image is copied to. 298 @param[in,out] ImageSize On entry, points to the size of the buffer pointed to by Image, in bytes. 299 On return, points to the length of the image, in bytes. 300 301 @retval EFI_SUCCESS The device was successfully updated with the new image. 302 @retval EFI_BUFFER_TOO_SMALL The buffer specified by ImageSize is too small to hold the 303 image. The current buffer size needed to hold the image is returned 304 in ImageSize. 305 @retval EFI_INVALID_PARAMETER The Image was NULL. 306 @retval EFI_NOT_FOUND The current image is not copied to the buffer. 307 @retval EFI_UNSUPPORTED The operation is not supported. 308 @retval EFI_SECURITY_VIOLATIO The operation could not be performed due to an authentication failure. 309 310 **/ 311 EFI_STATUS 312 EFIAPI 313 FmpGetImage ( 314 IN EFI_FIRMWARE_MANAGEMENT_PROTOCOL *This, 315 IN UINT8 ImageIndex, 316 IN OUT VOID *Image, 317 IN OUT UINTN *ImageSize 318 ); 319 320 /** 321 Updates the firmware image of the device. 322 323 This function updates the hardware with the new firmware image. 324 This function returns EFI_UNSUPPORTED if the firmware image is not updatable. 325 If the firmware image is updatable, the function should perform the following minimal validations 326 before proceeding to do the firmware image update. 327 - Validate the image authentication if image has attribute 328 IMAGE_ATTRIBUTE_AUTHENTICATION_REQUIRED. The function returns 329 EFI_SECURITY_VIOLATION if the validation fails. 330 - Validate the image is a supported image for this device. The function returns EFI_ABORTED if 331 the image is unsupported. The function can optionally provide more detailed information on 332 why the image is not a supported image. 333 - Validate the data from VendorCode if not null. Image validation must be performed before 334 VendorCode data validation. VendorCode data is ignored or considered invalid if image 335 validation failed. The function returns EFI_ABORTED if the data is invalid. 336 337 VendorCode enables vendor to implement vendor-specific firmware image update policy. Null if 338 the caller did not specify the policy or use the default policy. As an example, vendor can implement 339 a policy to allow an option to force a firmware image update when the abort reason is due to the new 340 firmware image version is older than the current firmware image version or bad image checksum. 341 Sensitive operations such as those wiping the entire firmware image and render the device to be 342 non-functional should be encoded in the image itself rather than passed with the VendorCode. 343 AbortReason enables vendor to have the option to provide a more detailed description of the abort 344 reason to the caller. 345 346 @param[in] This A pointer to the EFI_FIRMWARE_MANAGEMENT_PROTOCOL instance. 347 @param[in] ImageIndex A unique number identifying the firmware image(s) within the device. 348 The number is between 1 and DescriptorCount. 349 @param[in] Image Points to the new image. 350 @param[in] ImageSize Size of the new image in bytes. 351 @param[in] VendorCode This enables vendor to implement vendor-specific firmware image update policy. 352 Null indicates the caller did not specify the policy or use the default policy. 353 @param[in] Progress A function used by the driver to report the progress of the firmware update. 354 @param[out] AbortReason A pointer to a pointer to a null-terminated string providing more 355 details for the aborted operation. The buffer is allocated by this function 356 with AllocatePool(), and it is the caller's responsibility to free it with a 357 call to FreePool(). 358 359 @retval EFI_SUCCESS The device was successfully updated with the new image. 360 @retval EFI_ABORTED The operation is aborted. 361 @retval EFI_INVALID_PARAMETER The Image was NULL. 362 @retval EFI_UNSUPPORTED The operation is not supported. 363 @retval EFI_SECURITY_VIOLATIO The operation could not be performed due to an authentication failure. 364 365 **/ 366 EFI_STATUS 367 EFIAPI 368 FmpSetImage ( 369 IN EFI_FIRMWARE_MANAGEMENT_PROTOCOL *This, 370 IN UINT8 ImageIndex, 371 IN CONST VOID *Image, 372 IN UINTN ImageSize, 373 IN CONST VOID *VendorCode, 374 IN EFI_FIRMWARE_MANAGEMENT_UPDATE_IMAGE_PROGRESS Progress, 375 OUT CHAR16 **AbortReason 376 ); 377 378 /** 379 Checks if the firmware image is valid for the device. 380 381 This function allows firmware update application to validate the firmware image without 382 invoking the SetImage() first. 383 384 @param[in] This A pointer to the EFI_FIRMWARE_MANAGEMENT_PROTOCOL instance. 385 @param[in] ImageIndex A unique number identifying the firmware image(s) within the device. 386 The number is between 1 and DescriptorCount. 387 @param[in] Image Points to the new image. 388 @param[in] ImageSize Size of the new image in bytes. 389 @param[out] ImageUpdatable Indicates if the new image is valid for update. It also provides, 390 if available, additional information if the image is invalid. 391 392 @retval EFI_SUCCESS The image was successfully checked. 393 @retval EFI_INVALID_PARAMETER The Image was NULL. 394 @retval EFI_UNSUPPORTED The operation is not supported. 395 @retval EFI_SECURITY_VIOLATIO The operation could not be performed due to an authentication failure. 396 397 **/ 398 EFI_STATUS 399 EFIAPI 400 FmpCheckImage ( 401 IN EFI_FIRMWARE_MANAGEMENT_PROTOCOL *This, 402 IN UINT8 ImageIndex, 403 IN CONST VOID *Image, 404 IN UINTN ImageSize, 405 OUT UINT32 *ImageUpdatable 406 ); 407 408 /** 409 Returns information about the firmware package. 410 411 This function returns package information. 412 413 @param[in] This A pointer to the EFI_FIRMWARE_MANAGEMENT_PROTOCOL instance. 414 @param[out] PackageVersion A version number that represents all the firmware images in the device. 415 The format is vendor specific and new version must have a greater value 416 than the old version. If PackageVersion is not supported, the value is 417 0xFFFFFFFF. A value of 0xFFFFFFFE indicates that package version 418 comparison is to be performed using PackageVersionName. A value of 419 0xFFFFFFFD indicates that package version update is in progress. 420 @param[out] PackageVersionName A pointer to a pointer to a null-terminated string representing 421 the package version name. The buffer is allocated by this function with 422 AllocatePool(), and it is the caller's responsibility to free it with a 423 call to FreePool(). 424 @param[out] PackageVersionNameMaxLen The maximum length of package version name if device supports update of 425 package version name. A value of 0 indicates the device does not support 426 update of package version name. Length is the number of Unicode characters, 427 including the terminating null character. 428 @param[out] AttributesSupported Package attributes that are supported by this device. See 'Package Attribute 429 Definitions' for possible returned values of this parameter. A value of 1 430 indicates the attribute is supported and the current setting value is 431 indicated in AttributesSetting. A value of 0 indicates the attribute is not 432 supported and the current setting value in AttributesSetting is meaningless. 433 @param[out] AttributesSetting Package attributes. See 'Package Attribute Definitions' for possible returned 434 values of this parameter 435 436 @retval EFI_SUCCESS The package information was successfully returned. 437 @retval EFI_UNSUPPORTED The operation is not supported. 438 439 **/ 440 EFI_STATUS 441 EFIAPI 442 FmpGetPackageInfo ( 443 IN EFI_FIRMWARE_MANAGEMENT_PROTOCOL *This, 444 OUT UINT32 *PackageVersion, 445 OUT CHAR16 **PackageVersionName, 446 OUT UINT32 *PackageVersionNameMaxLen, 447 OUT UINT64 *AttributesSupported, 448 OUT UINT64 *AttributesSetting 449 ); 450 451 /** 452 Updates information about the firmware package. 453 454 This function updates package information. 455 This function returns EFI_UNSUPPORTED if the package information is not updatable. 456 VendorCode enables vendor to implement vendor-specific package information update policy. 457 Null if the caller did not specify this policy or use the default policy. 458 459 @param[in] This A pointer to the EFI_FIRMWARE_MANAGEMENT_PROTOCOL instance. 460 @param[in] Image Points to the authentication image. 461 Null if authentication is not required. 462 @param[in] ImageSize Size of the authentication image in bytes. 463 0 if authentication is not required. 464 @param[in] VendorCode This enables vendor to implement vendor-specific firmware 465 image update policy. 466 Null indicates the caller did not specify this policy or use 467 the default policy. 468 @param[in] PackageVersion The new package version. 469 @param[in] PackageVersionName A pointer to the new null-terminated Unicode string representing 470 the package version name. 471 The string length is equal to or less than the value returned in 472 PackageVersionNameMaxLen. 473 474 @retval EFI_SUCCESS The device was successfully updated with the new package 475 information. 476 @retval EFI_INVALID_PARAMETER The PackageVersionName length is longer than the value 477 returned in PackageVersionNameMaxLen. 478 @retval EFI_UNSUPPORTED The operation is not supported. 479 @retval EFI_SECURITY_VIOLATIO The operation could not be performed due to an authentication failure. 480 481 **/ 482 EFI_STATUS 483 EFIAPI 484 FmpSetPackageInfo ( 485 IN EFI_FIRMWARE_MANAGEMENT_PROTOCOL *This, 486 IN CONST VOID *Image, 487 IN UINTN ImageSize, 488 IN CONST VOID *VendorCode, 489 IN UINT32 PackageVersion, 490 IN CONST CHAR16 *PackageVersionName 491 ); 492 493 #endif 494 495