REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1525
Add PCD PcdFmpDeviceStorageAccessEnable. If this PCD is
TRUE, then the Firmware Management Protocol supports access
to the firmware storage device. This is the default setting.
If FALSE, then Firmware Management Protocol services that
access the firmware storage device return EFI_UNSUPPORTED
except GetImageInfo(). Setting this value to FALSE produces
the smallest possible FmpDxe driver that still advertises the
updatable firmware component in the ESRT.
Cc: Sean Brogan <sean.bro...@microsoft.com>
Cc: Bret Barkelew <bret.barke...@microsoft.com>
Cc: Liming Gao <liming....@intel.com>
Signed-off-by: Michael D Kinney <michael.d.kin...@intel.com>
Reviewed-by: Eric Jin <eric....@intel.com>
---
FmpDevicePkg/FmpDevicePkg.dec | 12 ++++++++++++
FmpDevicePkg/FmpDevicePkg.dsc | 18 ++++++++++++++++++
FmpDevicePkg/FmpDevicePkg.uni | 10 ++++++++++
FmpDevicePkg/FmpDxe/FmpDxe.c | 12 ++++++++++++
FmpDevicePkg/FmpDxe/FmpDxe.inf | 1 +
FmpDevicePkg/FmpDxe/FmpDxeLib.inf | 1 +
6 files changed, 54 insertions(+)
diff --git a/FmpDevicePkg/FmpDevicePkg.dec b/FmpDevicePkg/FmpDevicePkg.dec
index 56ed5fbb4a..8312b7cb22 100644
--- a/FmpDevicePkg/FmpDevicePkg.dec
+++ b/FmpDevicePkg/FmpDevicePkg.dec
@@ -52,6 +52,18 @@
## Capsule Update Policy Protocol
gEdkiiCapuleUpdatePolicyProtocolGuid = { 0x487784c5, 0x6299, 0x4ba6, { 0xb0,
0x96, 0x5c, 0xc5, 0x27, 0x7c, 0xf7, 0x57 } }
+[PcdsFeatureFlag]
+ ## Indicates if the Firmware Management Protocol supports access to
+ # to a firmware storage device. If set to FALSE, then only GetImageInfo()
+ # is supported. This is used by FMP drivers that require the samllest
+ # possible Firmware Management Protocol implementation that supports
+ # advertising the updatable firmware device in the ESRT.<BR>
+ # TRUE - All Firmware Management Protocol services supported.<BR>
+ # FALSE - Firmware Management Protocol returns EFI_UNSUPPORTED for
+ # all services except GetImageInfo().<BR>
+ # @Prompt Firmware Device Storage Access Enabled.
+
gFmpDevicePkgTokenSpaceGuid.PcdFmpDeviceStorageAccessEnable|TRUE|BOOLEAN|0x40000011
+
[PcdsFixedAtBuild]
## The SHA-256 hash of a PKCS7 test key that is used to detect if a test key
# is being used to authenticate capsules. Test key detection is disabled by
diff --git a/FmpDevicePkg/FmpDevicePkg.dsc b/FmpDevicePkg/FmpDevicePkg.dsc
index 4e2bd8de3d..bf283b93ea 100644
--- a/FmpDevicePkg/FmpDevicePkg.dsc
+++ b/FmpDevicePkg/FmpDevicePkg.dsc
@@ -29,6 +29,12 @@
DEFINE SYSTEM_FMP_ESRT_GUID = B461B3BD-E62A-4A71-841C-50BA4E500267
DEFINE DEVICE_FMP_ESRT_GUID = 226034C4-8B67-4536-8653-D6EE7CE5A316
+ #
+ # TRUE - Build FmpDxe module for with storage access enabled
+ # FALSE - Build FmpDxe module for with storage access disabled
+ #
+ DEFINE DEVICE_FMP_STORAGE_ACCESS_ENABLE = TRUE
+
[LibraryClasses]
UefiDriverEntryPoint|MdePkg/Library/UefiDriverEntryPoint/UefiDriverEntryPoint.inf
UefiBootServicesTableLib|MdePkg/Library/UefiBootServicesTableLib/UefiBootServicesTableLib.inf
@@ -118,11 +124,23 @@
# FILE_GUID is used as ESRT GUID
#
FILE_GUID = $(DEVICE_FMP_ESRT_GUID)
+ <PcdsFeatureFlag>
+
gFmpDevicePkgTokenSpaceGuid.PcdFmpDeviceStorageAccessEnable|$(DEVICE_FMP_STORAGE_ACCESS_ENABLE)
<PcdsFixedAtBuild>
+!if $(DEVICE_FMP_STORAGE_ACCESS_ENABLE) == FALSE
+ #
+ # Disable test key detection
+ #
+ gFmpDevicePkgTokenSpaceGuid.PcdFmpDeviceTestKeySha256Digest|{0}
+!endif
#
# Unicode name string that is used to populate FMP Image Descriptor for
this capsule update module
#
+!if $(DEVICE_FMP_STORAGE_ACCESS_ENABLE) == TRUE
gFmpDevicePkgTokenSpaceGuid.PcdFmpDeviceImageIdName|L"Sample Firmware
Device"
+!else
+ gFmpDevicePkgTokenSpaceGuid.PcdFmpDeviceImageIdName|L"Sample Firmware
Device No Storage Access"
+!endif
#
# Certificates used to authenticate capsule update image
#
diff --git a/FmpDevicePkg/FmpDevicePkg.uni b/FmpDevicePkg/FmpDevicePkg.uni
index b7fe643186..9e21130fae 100644
--- a/FmpDevicePkg/FmpDevicePkg.uni
+++ b/FmpDevicePkg/FmpDevicePkg.uni
@@ -16,6 +16,16 @@
#string STR_PACKAGE_DESCRIPTION #language en-US "This package provides
libraries that support the implementation of a module that produces the
Firmware Management Protocol to support the update of a system firmware
component."
+#string STR_gFmpDevicePkgTokenSpaceGuid_PcdFmpDeviceStorageAccessEnable_PROMPT
#language en-US "Firmware Device Storage Access Enabled."
+#string STR_gFmpDevicePkgTokenSpaceGuid_PcdFmpDeviceStorageAccessEnable_HELP
#language en-US "Indicates if the Firmware Management Protocol supports access
to"
+
"to a firmware storage device. If set to FALSE, then only
GetImageInfo()"
+
"is supported. This is used by FMP drivers that require the
samllest"
+
"possible Firmware Management Protocol implementation that
supports"
+
"advertising the updatable firmware device in the ESRT.<BR>"
+
" TRUE - All Firmware Management Protocol services
supported.<BR>"
+
" FALSE - Firmware Management Protocol returns
EFI_UNSUPPORTED for"
+
" all services except GetImageInfo().<BR>"
+
#string STR_gFmpDevicePkgTokenSpaceGuid_PcdFmpDeviceTestKeySha256Digest_PROMPT
#language en-US "SHA-256 hash of PKCS7 test key."
#string STR_gFmpDevicePkgTokenSpaceGuid_PcdFmpDeviceTestKeySha256Digest_HELP
#language en-US "The SHA-256 hash of a PKCS7 test key that is used to detect
if a test key"
"is being used to authenticate capsules. Test key detection
can be disabled"
diff --git a/FmpDevicePkg/FmpDxe/FmpDxe.c b/FmpDevicePkg/FmpDxe/FmpDxe.c
index 7f3b6100cb..25cd6b8cf5 100644
--- a/FmpDevicePkg/FmpDxe/FmpDxe.c
+++ b/FmpDevicePkg/FmpDxe/FmpDxe.c
@@ -538,6 +538,10 @@ GetTheImage (
FIRMWARE_MANAGEMENT_PRIVATE_DATA *Private;
UINTN Size;
+ if (!FeaturePcdGet (PcdFmpDeviceStorageAccessEnable)) {
+ return EFI_UNSUPPORTED;
+ }
+
Status = EFI_SUCCESS;
//
@@ -712,6 +716,10 @@ CheckTheImage (
FmpHeaderSize = 0;
AllHeaderSize = 0;
+ if (!FeaturePcdGet (PcdFmpDeviceStorageAccessEnable)) {
+ return EFI_UNSUPPORTED;
+ }
+
//
// Retrieve the private context structure
//
@@ -967,6 +975,10 @@ SetTheImage (
IncommingFwVersion = 0;
LastAttemptStatus = LAST_ATTEMPT_STATUS_ERROR_UNSUCCESSFUL;
+ if (!FeaturePcdGet (PcdFmpDeviceStorageAccessEnable)) {
+ return EFI_UNSUPPORTED;
+ }
+
//
// Retrieve the private context structure
//
diff --git a/FmpDevicePkg/FmpDxe/FmpDxe.inf b/FmpDevicePkg/FmpDxe/FmpDxe.inf
index 65535a7f43..5487123935 100644
--- a/FmpDevicePkg/FmpDxe/FmpDxe.inf
+++ b/FmpDevicePkg/FmpDxe/FmpDxe.inf
@@ -61,6 +61,7 @@
gEdkiiFirmwareManagementProgressProtocolGuid ## PRODUCES
[Pcd]
+ gFmpDevicePkgTokenSpaceGuid.PcdFmpDeviceStorageAccessEnable ##
CONSUMES
gFmpDevicePkgTokenSpaceGuid.PcdFmpDeviceImageIdName ##
CONSUMES
gFmpDevicePkgTokenSpaceGuid.PcdFmpDeviceBuildTimeLowestSupportedVersion ##
CONSUMES
gFmpDevicePkgTokenSpaceGuid.PcdFmpDeviceLockEventGuid ##
CONSUMES
diff --git a/FmpDevicePkg/FmpDxe/FmpDxeLib.inf
b/FmpDevicePkg/FmpDxe/FmpDxeLib.inf
index 3b10b57377..ba762b0b77 100644
--- a/FmpDevicePkg/FmpDxe/FmpDxeLib.inf
+++ b/FmpDevicePkg/FmpDxe/FmpDxeLib.inf
@@ -61,6 +61,7 @@
gEdkiiFirmwareManagementProgressProtocolGuid ## PRODUCES
[Pcd]
+ gFmpDevicePkgTokenSpaceGuid.PcdFmpDeviceStorageAccessEnable ##
CONSUMES
gFmpDevicePkgTokenSpaceGuid.PcdFmpDeviceImageIdName ##
CONSUMES
gFmpDevicePkgTokenSpaceGuid.PcdFmpDeviceBuildTimeLowestSupportedVersion ##
CONSUMES
gFmpDevicePkgTokenSpaceGuid.PcdFmpDeviceLockEventGuid ##
CONSUMES
--
2.20.1.windows.1
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#45341): https://edk2.groups.io/g/devel/message/45341
Mute This Topic: https://groups.io/mt/32836472/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
