Re: [edk2] [PATCH 00/45] Add capsule update and recovery sample.
Jiewen, I will review the Quark specific changes today. Mike > -Original Message- > From: Yao, Jiewen > Sent: Wednesday, September 28, 2016 1:05 AM > To: Yao, Jiewen ; edk2-devel@lists.01.org > Cc: Tian, Feng ; Gao, Liming ; > Zeng, Star > ; Kinney, Michael D ; Fan, > Jeff > ; Zhang, Chao B > Subject: RE: [edk2] [PATCH 00/45] Add capsule update and recovery sample. > > Hi > I got reviewed-by for MdeModulePkg/SecurityPkg/UefiCpuPkg/Vlv2DevicePkg. > Thanks each > package owner. > > I have not got reviewed-by for QuarkPlatformPkg yet. Can QuarkPlatformPkg > owner review > the platform update? > Or it takes quark owner more time to review QuarkPlatformPkg, I will plan to > check in > above 4 reviewed package at first. > > QuarkPlatformPkg update is independent and can be checked in and enabled > later. > > Thank you > Yao Jiewen > > > > -Original Message- > > From: edk2-devel [mailto:edk2-devel-boun...@lists.01.org] On Behalf Of > > Jiewen Yao > > Sent: Wednesday, September 21, 2016 2:45 PM > > To: edk2-devel@lists.01.org > > Cc: Tian, Feng ; Gao, Liming ; > > Zeng, Star ; Kinney, Michael D > > ; Fan, Jeff ; Zhang, Chao > > B > > Subject: [edk2] [PATCH 00/45] Add capsule update and recovery sample. > > > > This series patch provides sample on how to do signed capsule update > > and recovery in EDKII. > > > > This series patch is also checked into g...@github.com:jyao1/edk2.git. > > > > The feature includes: > > 1) Define EDKII signed system BIOS capsule format. > > 2) Provide EDKII signed system BIOS update sample. > > 3) Provide EDKII signed recovery sample. > > 4) Provide Microcode update sample for X86 system. > > 5) Update Quark to use new capsule/recovery solution. > > 6) Update Vlv2(MinnowMax) to use new capsule/recovery solution. > > > > The signed capsule/recovery solution is in MdeModulePkg. > > The capsule in IntelFrameworkModulePkg is deprecated. > > The Microcode update solution is in UefiCpuPkg. > > > > Cc: Feng Tian > > Cc: Star Zeng > > Cc: Michael D Kinney > > Cc: Liming Gao > > Cc: Chao Zhang > > Cc: Jeff Fan > > Contributed-under: TianoCore Contribution Agreement 1.0 > > Signed-off-by: Jiewen Yao > > > > > > Jiewen Yao (45): > > MdeModulePkg/Include: Add EDKII system FMP capsule header. > > MdeModulePkg/Include: Add EdkiiSystemCapsuleLib definition. > > MdeModulePkg/Include: Add FmpAuthenticationLib header. > > MdeModulePkg/Include: Add IniParsingLib header. > > MdeModulePkg/Include: Add PlatformFlashAccessLib header. > > MdeModulePkg/CapsuleLib: Add ProcessCapsules() API. > > MdeModulePkg/MdeModulePkg.dec: Add capsule related definition. > > MdeModulePkg/IniParsingLib: Add InitParsingLib instance. > > MdeModulePkg/FmpAuthenticationLib: Add FmpAuthenticationLib > > instance. > > MdeModulePkg/DxeCapsuleLibFmp: Add DxeCapsuleLibFmp instance. > > MdeModulePkg/DxeCapsuleLibNull: Add ProcessCapsules() interface. > > MdeModulePkg/EdkiiSystemCapsuleLib: Add EdkiiSystemCapsuleLib > > instance. > > MdeModulePkg/PlatformFlashAccessLib: Add NULL > > PlatformFlashAccessLib. > > MdeModulePkg/Esrt: Add ESRT_FW_TYPE_SYSTEMFIRMWARE check. > > MdeModulePkg/SystemBiosUpdate: Add SystemBiosUpdate component. > > MdeModulePkg/RecoveryModuleLoadPei: Add RecoveryModuleLoadPei. > > MdeModulePkg/CapsuleApp: Add CapsuleApp application. > > MdeModulePkg/MdeModulePkg.dsc: Add capsule related component. > > IntelFrameworkModulePkg/DxeCapsuleLib: Add ProcessCapsules() > > interface. > > SecurityPkg/SecurityPkg.dec: Add PcdPkcs7CertBuffer PCD. > > SecurityPkg/FmpAuthenticationPkcs7Lib: Add PKCS7 NULL class for FMP. > > SecurityPkg/FmpAuthenticationRsa2048Sha256Lib: Add NULL class for > > FMP. > > SecurityPkg/SecurityPkg.dsc: Add FmpAuthentication*Lib. > > UefiCpuPkg/Include: Add Microcode FMP definition. > > UefiCpuPkg/Include: Add MicrocodeFlashAccessLib header. > > UefiCpuPkg/UefiCpuPkg.dec: Add Microcode capsule related definition. > > UefiCpuPkg/MicrocodeUpdate: Add MicrocodeUpdate component. > > UefiCpuPkg/MicrocodeFlashAccessLib: Add NULL > > MicrocodeFlashAccessLib. > > UefiCpuPkg/MicrocodeCapsuleApp: Add MicrocodeCapsuleApp > > application. > > UefiCpuPkg/UefiCpuPkg.dsc: Add MicrocodeCapsule related component. > > QuarkPlatformPkg/PlatformFlashAccessLib: Add instance for capsule > > update. > > QuarkPlatformPkg/SystemBiosDescriptor: Add
Re: [edk2] [PATCH 00/45] Add capsule update and recovery sample.
Hi I got reviewed-by for MdeModulePkg/SecurityPkg/UefiCpuPkg/Vlv2DevicePkg. Thanks each package owner. I have not got reviewed-by for QuarkPlatformPkg yet. Can QuarkPlatformPkg owner review the platform update? Or it takes quark owner more time to review QuarkPlatformPkg, I will plan to check in above 4 reviewed package at first. QuarkPlatformPkg update is independent and can be checked in and enabled later. Thank you Yao Jiewen > -Original Message- > From: edk2-devel [mailto:edk2-devel-boun...@lists.01.org] On Behalf Of > Jiewen Yao > Sent: Wednesday, September 21, 2016 2:45 PM > To: edk2-devel@lists.01.org > Cc: Tian, Feng ; Gao, Liming ; > Zeng, Star ; Kinney, Michael D > ; Fan, Jeff ; Zhang, Chao > B > Subject: [edk2] [PATCH 00/45] Add capsule update and recovery sample. > > This series patch provides sample on how to do signed capsule update > and recovery in EDKII. > > This series patch is also checked into g...@github.com:jyao1/edk2.git. > > The feature includes: > 1) Define EDKII signed system BIOS capsule format. > 2) Provide EDKII signed system BIOS update sample. > 3) Provide EDKII signed recovery sample. > 4) Provide Microcode update sample for X86 system. > 5) Update Quark to use new capsule/recovery solution. > 6) Update Vlv2(MinnowMax) to use new capsule/recovery solution. > > The signed capsule/recovery solution is in MdeModulePkg. > The capsule in IntelFrameworkModulePkg is deprecated. > The Microcode update solution is in UefiCpuPkg. > > Cc: Feng Tian > Cc: Star Zeng > Cc: Michael D Kinney > Cc: Liming Gao > Cc: Chao Zhang > Cc: Jeff Fan > Contributed-under: TianoCore Contribution Agreement 1.0 > Signed-off-by: Jiewen Yao > > > Jiewen Yao (45): > MdeModulePkg/Include: Add EDKII system FMP capsule header. > MdeModulePkg/Include: Add EdkiiSystemCapsuleLib definition. > MdeModulePkg/Include: Add FmpAuthenticationLib header. > MdeModulePkg/Include: Add IniParsingLib header. > MdeModulePkg/Include: Add PlatformFlashAccessLib header. > MdeModulePkg/CapsuleLib: Add ProcessCapsules() API. > MdeModulePkg/MdeModulePkg.dec: Add capsule related definition. > MdeModulePkg/IniParsingLib: Add InitParsingLib instance. > MdeModulePkg/FmpAuthenticationLib: Add FmpAuthenticationLib > instance. > MdeModulePkg/DxeCapsuleLibFmp: Add DxeCapsuleLibFmp instance. > MdeModulePkg/DxeCapsuleLibNull: Add ProcessCapsules() interface. > MdeModulePkg/EdkiiSystemCapsuleLib: Add EdkiiSystemCapsuleLib > instance. > MdeModulePkg/PlatformFlashAccessLib: Add NULL > PlatformFlashAccessLib. > MdeModulePkg/Esrt: Add ESRT_FW_TYPE_SYSTEMFIRMWARE check. > MdeModulePkg/SystemBiosUpdate: Add SystemBiosUpdate component. > MdeModulePkg/RecoveryModuleLoadPei: Add RecoveryModuleLoadPei. > MdeModulePkg/CapsuleApp: Add CapsuleApp application. > MdeModulePkg/MdeModulePkg.dsc: Add capsule related component. > IntelFrameworkModulePkg/DxeCapsuleLib: Add ProcessCapsules() > interface. > SecurityPkg/SecurityPkg.dec: Add PcdPkcs7CertBuffer PCD. > SecurityPkg/FmpAuthenticationPkcs7Lib: Add PKCS7 NULL class for FMP. > SecurityPkg/FmpAuthenticationRsa2048Sha256Lib: Add NULL class for > FMP. > SecurityPkg/SecurityPkg.dsc: Add FmpAuthentication*Lib. > UefiCpuPkg/Include: Add Microcode FMP definition. > UefiCpuPkg/Include: Add MicrocodeFlashAccessLib header. > UefiCpuPkg/UefiCpuPkg.dec: Add Microcode capsule related definition. > UefiCpuPkg/MicrocodeUpdate: Add MicrocodeUpdate component. > UefiCpuPkg/MicrocodeFlashAccessLib: Add NULL > MicrocodeFlashAccessLib. > UefiCpuPkg/MicrocodeCapsuleApp: Add MicrocodeCapsuleApp > application. > UefiCpuPkg/UefiCpuPkg.dsc: Add MicrocodeCapsule related component. > QuarkPlatformPkg/PlatformFlashAccessLib: Add instance for capsule > update. > QuarkPlatformPkg/SystemBiosDescriptor: Add Descriptor for capsule > update. > QuarkPlatformPkg/SystemBiosUpdateConfig: Add capsule config file. > QuarkPlatformPkg/PlatformInit: Remove recovery PPI installation. > QuarkPlatformPkg/PlatformBootManager: Add capsule/recovery > handling. > QuarkPlatformPkg/dsc/fdf: Add capsule/recovery support. > QuarkPlatformPkg/dsc/fdf: add capsule generation DSC/FDF. > Vlv2TbltDevicePkg/PlatformFlashAccessLib: Add instance for capsule > update. > Vlv2TbltDevicePkg/SystemBiosDescriptor: Add Descriptor for capsule > update. > Vlv2TbltDevicePkg/SystemBiosUpdateConfig: Add capsule config file. > Vlv2TbltDevicePkg/FlashDeviceLib: Add DXE flash device lib. > Vlv2TbltDevicePkg/PlatformBootManager: Add capsule/recovery > handling. > Vlv2TbltDevicePkg/dsc/fdf: Add capsule/recovery support. > Vlv2TbltDevicePkg/dsc/fdf: add capsule generation DSC/FDF. > Vlv2TbltDevicePkg/bat: add capsule generation in bat. > > IntelFrameworkModulePkg/Library/DxeCapsuleLib/DxeCapsuleLib.c > | 39 +- > MdeModulePkg/Application/CapsuleApp/AppSupport.c > | 480 ++ > MdeModulePkg/Application/CapsuleApp/CapsuleApp.c > | 1047 +
Re: [edk2] [PATCH 00/45] Add capsule update and recovery sample.
MdeModulePkg patches are good to me. Reviewed-by: Liming Gao > -Original Message- > From: edk2-devel [mailto:edk2-devel-boun...@lists.01.org] On Behalf Of > Jiewen Yao > Sent: Wednesday, September 21, 2016 2:45 PM > To: edk2-devel@lists.01.org > Cc: Tian, Feng ; Gao, Liming ; > Zeng, Star ; Kinney, Michael D > ; Fan, Jeff ; Zhang, Chao > B > Subject: [edk2] [PATCH 00/45] Add capsule update and recovery sample. > > This series patch provides sample on how to do signed capsule update > and recovery in EDKII. > > This series patch is also checked into g...@github.com:jyao1/edk2.git. > > The feature includes: > 1) Define EDKII signed system BIOS capsule format. > 2) Provide EDKII signed system BIOS update sample. > 3) Provide EDKII signed recovery sample. > 4) Provide Microcode update sample for X86 system. > 5) Update Quark to use new capsule/recovery solution. > 6) Update Vlv2(MinnowMax) to use new capsule/recovery solution. > > The signed capsule/recovery solution is in MdeModulePkg. > The capsule in IntelFrameworkModulePkg is deprecated. > The Microcode update solution is in UefiCpuPkg. > > Cc: Feng Tian > Cc: Star Zeng > Cc: Michael D Kinney > Cc: Liming Gao > Cc: Chao Zhang > Cc: Jeff Fan > Contributed-under: TianoCore Contribution Agreement 1.0 > Signed-off-by: Jiewen Yao > > > Jiewen Yao (45): > MdeModulePkg/Include: Add EDKII system FMP capsule header. > MdeModulePkg/Include: Add EdkiiSystemCapsuleLib definition. > MdeModulePkg/Include: Add FmpAuthenticationLib header. > MdeModulePkg/Include: Add IniParsingLib header. > MdeModulePkg/Include: Add PlatformFlashAccessLib header. > MdeModulePkg/CapsuleLib: Add ProcessCapsules() API. > MdeModulePkg/MdeModulePkg.dec: Add capsule related definition. > MdeModulePkg/IniParsingLib: Add InitParsingLib instance. > MdeModulePkg/FmpAuthenticationLib: Add FmpAuthenticationLib instance. > MdeModulePkg/DxeCapsuleLibFmp: Add DxeCapsuleLibFmp instance. > MdeModulePkg/DxeCapsuleLibNull: Add ProcessCapsules() interface. > MdeModulePkg/EdkiiSystemCapsuleLib: Add EdkiiSystemCapsuleLib > instance. > MdeModulePkg/PlatformFlashAccessLib: Add NULL PlatformFlashAccessLib. > MdeModulePkg/Esrt: Add ESRT_FW_TYPE_SYSTEMFIRMWARE check. > MdeModulePkg/SystemBiosUpdate: Add SystemBiosUpdate component. > MdeModulePkg/RecoveryModuleLoadPei: Add RecoveryModuleLoadPei. > MdeModulePkg/CapsuleApp: Add CapsuleApp application. > MdeModulePkg/MdeModulePkg.dsc: Add capsule related component. > IntelFrameworkModulePkg/DxeCapsuleLib: Add ProcessCapsules() > interface. > SecurityPkg/SecurityPkg.dec: Add PcdPkcs7CertBuffer PCD. > SecurityPkg/FmpAuthenticationPkcs7Lib: Add PKCS7 NULL class for FMP. > SecurityPkg/FmpAuthenticationRsa2048Sha256Lib: Add NULL class for FMP. > SecurityPkg/SecurityPkg.dsc: Add FmpAuthentication*Lib. > UefiCpuPkg/Include: Add Microcode FMP definition. > UefiCpuPkg/Include: Add MicrocodeFlashAccessLib header. > UefiCpuPkg/UefiCpuPkg.dec: Add Microcode capsule related definition. > UefiCpuPkg/MicrocodeUpdate: Add MicrocodeUpdate component. > UefiCpuPkg/MicrocodeFlashAccessLib: Add NULL MicrocodeFlashAccessLib. > UefiCpuPkg/MicrocodeCapsuleApp: Add MicrocodeCapsuleApp application. > UefiCpuPkg/UefiCpuPkg.dsc: Add MicrocodeCapsule related component. > QuarkPlatformPkg/PlatformFlashAccessLib: Add instance for capsule > update. > QuarkPlatformPkg/SystemBiosDescriptor: Add Descriptor for capsule > update. > QuarkPlatformPkg/SystemBiosUpdateConfig: Add capsule config file. > QuarkPlatformPkg/PlatformInit: Remove recovery PPI installation. > QuarkPlatformPkg/PlatformBootManager: Add capsule/recovery handling. > QuarkPlatformPkg/dsc/fdf: Add capsule/recovery support. > QuarkPlatformPkg/dsc/fdf: add capsule generation DSC/FDF. > Vlv2TbltDevicePkg/PlatformFlashAccessLib: Add instance for capsule > update. > Vlv2TbltDevicePkg/SystemBiosDescriptor: Add Descriptor for capsule > update. > Vlv2TbltDevicePkg/SystemBiosUpdateConfig: Add capsule config file. > Vlv2TbltDevicePkg/FlashDeviceLib: Add DXE flash device lib. > Vlv2TbltDevicePkg/PlatformBootManager: Add capsule/recovery handling. > Vlv2TbltDevicePkg/dsc/fdf: Add capsule/recovery support. > Vlv2TbltDevicePkg/dsc/fdf: add capsule generation DSC/FDF. > Vlv2TbltDevicePkg/bat: add capsule generation in bat. > > IntelFrameworkModulePkg/Library/DxeCapsuleLib/DxeCapsuleLib.c > | 39 +- > MdeModulePkg/Application/CapsuleApp/AppSupport.c > | 480 ++ > MdeModulePkg/Application/CapsuleApp/CapsuleApp.c > | 1047 + > MdeModulePkg/Application/CapsuleApp/CapsuleApp.inf > | 71 + > MdeModulePkg/Application/CapsuleApp/CapsuleApp.uni > | 22 + > MdeModulePkg/Application/CapsuleApp/CapsuleAppExtra.uni > | 19 + > MdeModulePkg/Application/CapsuleApp/CapsuleDump.c > | 840 +++ > MdeModulePkg/Include/Guid/EdkiiSystemFmpCapsule.h > | 110 ++ > MdeModulePkg/Include/Library/CapsuleLib.
Re: [edk2] [PATCH 00/45] Add capsule update and recovery sample.
Thanks to catch that. I just sent out 2 new patches to fix the INF issue, for easy code review. They are also checked into g...@github.com:jyao1/edk2.git<mailto:g...@github.com:jyao1/edk2.git>. Thank you Yao Jiewen From: Gao, Liming Sent: Friday, September 23, 2016 11:18 AM To: Yao, Jiewen ; edk2-devel@lists.01.org Cc: Tian, Feng ; Zeng, Star ; Kinney, Michael D ; Fan, Jeff ; Zhang, Chao B Subject: RE: [edk2] [PATCH 00/45] Add capsule update and recovery sample. Jiewen: In MdeModulePkg, the below INF files have wrong PPI/Protocol/PCD usages. Please correct them. MdeModulePkg\Universal\SystemBiosUpdate\SystemBiosReportDxe.inf MdeModulePkg\Universal\RecoveryModuleLoadPei\RecoveryModuleLoadPei.inf MdeModulePkg\Universal\SystemBiosUpdate\SystemBiosUpdateDxe.inf Thanks Liming > -Original Message- > From: edk2-devel [mailto:edk2-devel-boun...@lists.01.org] On Behalf Of > Jiewen Yao > Sent: Wednesday, September 21, 2016 2:45 PM > To: edk2-devel@lists.01.org<mailto:edk2-devel@lists.01.org> > Cc: Tian, Feng mailto:feng.t...@intel.com>>; Gao, Liming > mailto:liming@intel.com>>; > Zeng, Star mailto:star.z...@intel.com>>; Kinney, Michael > D > mailto:michael.d.kin...@intel.com>>; Fan, Jeff > mailto:jeff@intel.com>>; Zhang, Chao > B mailto:chao.b.zh...@intel.com>> > Subject: [edk2] [PATCH 00/45] Add capsule update and recovery sample. > > This series patch provides sample on how to do signed capsule update > and recovery in EDKII. > > This series patch is also checked into > g...@github.com:jyao1/edk2.git<mailto:g...@github.com:jyao1/edk2.git>. > > The feature includes: > 1) Define EDKII signed system BIOS capsule format. > 2) Provide EDKII signed system BIOS update sample. > 3) Provide EDKII signed recovery sample. > 4) Provide Microcode update sample for X86 system. > 5) Update Quark to use new capsule/recovery solution. > 6) Update Vlv2(MinnowMax) to use new capsule/recovery solution. > > The signed capsule/recovery solution is in MdeModulePkg. > The capsule in IntelFrameworkModulePkg is deprecated. > The Microcode update solution is in UefiCpuPkg. > > Cc: Feng Tian mailto:feng.t...@intel.com>> > Cc: Star Zeng mailto:star.z...@intel.com>> > Cc: Michael D Kinney > mailto:michael.d.kin...@intel.com>> > Cc: Liming Gao mailto:liming@intel.com>> > Cc: Chao Zhang mailto:chao.b.zh...@intel.com>> > Cc: Jeff Fan mailto:jeff@intel.com>> > Contributed-under: TianoCore Contribution Agreement 1.0 > Signed-off-by: Jiewen Yao mailto:jiewen@intel.com>> > > > Jiewen Yao (45): > MdeModulePkg/Include: Add EDKII system FMP capsule header. > MdeModulePkg/Include: Add EdkiiSystemCapsuleLib definition. > MdeModulePkg/Include: Add FmpAuthenticationLib header. > MdeModulePkg/Include: Add IniParsingLib header. > MdeModulePkg/Include: Add PlatformFlashAccessLib header. > MdeModulePkg/CapsuleLib: Add ProcessCapsules() API. > MdeModulePkg/MdeModulePkg.dec: Add capsule related definition. > MdeModulePkg/IniParsingLib: Add InitParsingLib instance. > MdeModulePkg/FmpAuthenticationLib: Add FmpAuthenticationLib instance. > MdeModulePkg/DxeCapsuleLibFmp: Add DxeCapsuleLibFmp instance. > MdeModulePkg/DxeCapsuleLibNull: Add ProcessCapsules() interface. > MdeModulePkg/EdkiiSystemCapsuleLib: Add EdkiiSystemCapsuleLib > instance. > MdeModulePkg/PlatformFlashAccessLib: Add NULL PlatformFlashAccessLib. > MdeModulePkg/Esrt: Add ESRT_FW_TYPE_SYSTEMFIRMWARE check. > MdeModulePkg/SystemBiosUpdate: Add SystemBiosUpdate component. > MdeModulePkg/RecoveryModuleLoadPei: Add RecoveryModuleLoadPei. > MdeModulePkg/CapsuleApp: Add CapsuleApp application. > MdeModulePkg/MdeModulePkg.dsc: Add capsule related component. > IntelFrameworkModulePkg/DxeCapsuleLib: Add ProcessCapsules() > interface. > SecurityPkg/SecurityPkg.dec: Add PcdPkcs7CertBuffer PCD. > SecurityPkg/FmpAuthenticationPkcs7Lib: Add PKCS7 NULL class for FMP. > SecurityPkg/FmpAuthenticationRsa2048Sha256Lib: Add NULL class for FMP. > SecurityPkg/SecurityPkg.dsc: Add FmpAuthentication*Lib. > UefiCpuPkg/Include: Add Microcode FMP definition. > UefiCpuPkg/Include: Add MicrocodeFlashAccessLib header. > UefiCpuPkg/UefiCpuPkg.dec: Add Microcode capsule related definition. > UefiCpuPkg/MicrocodeUpdate: Add MicrocodeUpdate component. > UefiCpuPkg/MicrocodeFlashAccessLib: Add NULL MicrocodeFlashAccessLib. > UefiCpuPkg/MicrocodeCapsuleApp: Add MicrocodeCapsuleApp application. > UefiCpuPkg/UefiCpuPkg.dsc: Add MicrocodeCapsule related component. > QuarkPlatformPkg/PlatformFlashAccessLib: Add instance for capsule > update. > QuarkPlatformPkg/SystemBiosDescriptor: Add Descripto
Re: [edk2] [PATCH 00/45] Add capsule update and recovery sample.
Jiewen: In MdeModulePkg, the below INF files have wrong PPI/Protocol/PCD usages. Please correct them. MdeModulePkg\Universal\SystemBiosUpdate\SystemBiosReportDxe.inf MdeModulePkg\Universal\RecoveryModuleLoadPei\RecoveryModuleLoadPei.inf MdeModulePkg\Universal\SystemBiosUpdate\SystemBiosUpdateDxe.inf Thanks Liming > -Original Message- > From: edk2-devel [mailto:edk2-devel-boun...@lists.01.org] On Behalf Of > Jiewen Yao > Sent: Wednesday, September 21, 2016 2:45 PM > To: edk2-devel@lists.01.org > Cc: Tian, Feng ; Gao, Liming ; > Zeng, Star ; Kinney, Michael D > ; Fan, Jeff ; Zhang, Chao > B > Subject: [edk2] [PATCH 00/45] Add capsule update and recovery sample. > > This series patch provides sample on how to do signed capsule update > and recovery in EDKII. > > This series patch is also checked into g...@github.com:jyao1/edk2.git. > > The feature includes: > 1) Define EDKII signed system BIOS capsule format. > 2) Provide EDKII signed system BIOS update sample. > 3) Provide EDKII signed recovery sample. > 4) Provide Microcode update sample for X86 system. > 5) Update Quark to use new capsule/recovery solution. > 6) Update Vlv2(MinnowMax) to use new capsule/recovery solution. > > The signed capsule/recovery solution is in MdeModulePkg. > The capsule in IntelFrameworkModulePkg is deprecated. > The Microcode update solution is in UefiCpuPkg. > > Cc: Feng Tian > Cc: Star Zeng > Cc: Michael D Kinney > Cc: Liming Gao > Cc: Chao Zhang > Cc: Jeff Fan > Contributed-under: TianoCore Contribution Agreement 1.0 > Signed-off-by: Jiewen Yao > > > Jiewen Yao (45): > MdeModulePkg/Include: Add EDKII system FMP capsule header. > MdeModulePkg/Include: Add EdkiiSystemCapsuleLib definition. > MdeModulePkg/Include: Add FmpAuthenticationLib header. > MdeModulePkg/Include: Add IniParsingLib header. > MdeModulePkg/Include: Add PlatformFlashAccessLib header. > MdeModulePkg/CapsuleLib: Add ProcessCapsules() API. > MdeModulePkg/MdeModulePkg.dec: Add capsule related definition. > MdeModulePkg/IniParsingLib: Add InitParsingLib instance. > MdeModulePkg/FmpAuthenticationLib: Add FmpAuthenticationLib instance. > MdeModulePkg/DxeCapsuleLibFmp: Add DxeCapsuleLibFmp instance. > MdeModulePkg/DxeCapsuleLibNull: Add ProcessCapsules() interface. > MdeModulePkg/EdkiiSystemCapsuleLib: Add EdkiiSystemCapsuleLib > instance. > MdeModulePkg/PlatformFlashAccessLib: Add NULL PlatformFlashAccessLib. > MdeModulePkg/Esrt: Add ESRT_FW_TYPE_SYSTEMFIRMWARE check. > MdeModulePkg/SystemBiosUpdate: Add SystemBiosUpdate component. > MdeModulePkg/RecoveryModuleLoadPei: Add RecoveryModuleLoadPei. > MdeModulePkg/CapsuleApp: Add CapsuleApp application. > MdeModulePkg/MdeModulePkg.dsc: Add capsule related component. > IntelFrameworkModulePkg/DxeCapsuleLib: Add ProcessCapsules() > interface. > SecurityPkg/SecurityPkg.dec: Add PcdPkcs7CertBuffer PCD. > SecurityPkg/FmpAuthenticationPkcs7Lib: Add PKCS7 NULL class for FMP. > SecurityPkg/FmpAuthenticationRsa2048Sha256Lib: Add NULL class for FMP. > SecurityPkg/SecurityPkg.dsc: Add FmpAuthentication*Lib. > UefiCpuPkg/Include: Add Microcode FMP definition. > UefiCpuPkg/Include: Add MicrocodeFlashAccessLib header. > UefiCpuPkg/UefiCpuPkg.dec: Add Microcode capsule related definition. > UefiCpuPkg/MicrocodeUpdate: Add MicrocodeUpdate component. > UefiCpuPkg/MicrocodeFlashAccessLib: Add NULL MicrocodeFlashAccessLib. > UefiCpuPkg/MicrocodeCapsuleApp: Add MicrocodeCapsuleApp application. > UefiCpuPkg/UefiCpuPkg.dsc: Add MicrocodeCapsule related component. > QuarkPlatformPkg/PlatformFlashAccessLib: Add instance for capsule > update. > QuarkPlatformPkg/SystemBiosDescriptor: Add Descriptor for capsule > update. > QuarkPlatformPkg/SystemBiosUpdateConfig: Add capsule config file. > QuarkPlatformPkg/PlatformInit: Remove recovery PPI installation. > QuarkPlatformPkg/PlatformBootManager: Add capsule/recovery handling. > QuarkPlatformPkg/dsc/fdf: Add capsule/recovery support. > QuarkPlatformPkg/dsc/fdf: add capsule generation DSC/FDF. > Vlv2TbltDevicePkg/PlatformFlashAccessLib: Add instance for capsule > update. > Vlv2TbltDevicePkg/SystemBiosDescriptor: Add Descriptor for capsule > update. > Vlv2TbltDevicePkg/SystemBiosUpdateConfig: Add capsule config file. > Vlv2TbltDevicePkg/FlashDeviceLib: Add DXE flash device lib. > Vlv2TbltDevicePkg/PlatformBootManager: Add capsule/recovery handling. > Vlv2TbltDevicePkg/dsc/fdf: Add capsule/recovery support. > Vlv2TbltDevicePkg/dsc/fdf: add capsule generation DSC/FDF. > Vlv2TbltDevicePkg/bat: add capsule generation in bat. > > IntelFrameworkModulePkg/Library/DxeCapsuleLib/DxeCapsuleLib.c > | 39 +- > MdeModulePkg/Application/CapsuleApp/AppSupport.c > | 480 ++ > MdeModulePkg/Application/CapsuleApp/CapsuleApp.c > | 1047 + > MdeModulePkg/Application/CapsuleApp/CapsuleApp.inf > | 71 + > MdeModulePkg/Application/CapsuleApp/CapsuleApp.uni > | 2
Re: [edk2] [PATCH 00/45] Add capsule update and recovery sample.
rate invalid field below: i. EFI_CAPSULE_HEADER.CapsuleGuid (All zero) ii. EFI_CAPSULE_HEADER.HeaderSize (0) iii. EFI_CAPSULE_HEADER.CapsuleImageSize (0, 0x) iv. EFI_DISPLAY_CAPSULE.ImagePayload.Version (Valid - 1, Valid + 1) v. EFI_DISPLAY_CAPSULE.ImagePayload.Checksum (~Valid) vi. EFI_DISPLAY_CAPSULE.ImagePayload.ImageType (Valid - 1, Valid + 1) vii. EFI_DISPLAY_CAPSULE.ImagePayload.Mode (Valid - 1, Valid + 1) viii. EFI_DISPLAY_CAPSULE.ImagePayload.OffsetX (0x, Gop->Mode->Info->HorizontalResolution) ix. EFI_DISPLAY_CAPSULE.ImagePayload.OffsetY (0x, Gop->Mode->Info->VerticalResolution) b) Fuzzing Test: Generate invalid field below: (Similar to above) i. EFI_CAPSULE_HEADER ii. EFI_DISPLAY_CAPSULE.ImagePayload 3) Microcode capsule a) Unit Test: Generate invalid field below: i. CPU_MICROCODE_HEADER.HeaderVersion (0) ii. CPU_MICROCODE_HEADER.UpdateVersion (0) iii. CPU_MICROCODE_HEADER.ProcessorSignature.Uint32 (0) iv. CPU_MICROCODE_HEADER.Checksum (~Valid) v. CPU_MICROCODE_HEADER.LoaderRevision (0) vi. CPU_MICROCODE_HEADER.ProcessorFlags (0) vii. CPU_MICROCODE_HEADER.DataSize (1, 0x) viii. CPU_MICROCODE_HEADER.TotalSize (1, 0x) ix. CPU_MICROCODE_EXTENDED_TABLE_HEADER.ExtendedSignatureCount (0, 0x) x. CPU_MICROCODE_EXTENDED_TABLE_HEADER.Checksum (~Valid) xi. CPU_MICROCODE_EXTENDED_TABLE_HEADER.ProcessorSignature.Uint32 (0) xii. CPU_MICROCODE_EXTENDED_TABLE_HEADER.ProcessorFlags (0) xiii. CPU_MICROCODE_EXTENDED_TABLE.Checksum (~Valid) b) Fuzzing Test: Generate invalid field below: (Similar to above) i. CPU_MICROCODE_HEADER If reviewed can help double check the API and test case, to see if the validation is enough, that will be great. I will be happy to add more test per request. Thank you Yao Jiewen From: Kinney, Michael D Sent: Thursday, September 22, 2016 12:36 AM To: Yao, Jiewen ; edk2-devel@lists.01.org; Kinney, Michael D Cc: Tian, Feng ; Gao, Liming ; Zeng, Star ; Fan, Jeff ; Zhang, Chao B Subject: RE: [edk2] [PATCH 00/45] Add capsule update and recovery sample. Jiewen, Thanks for this contribution and thank you for also providing a version of it on your GitHub fork to make it easier for some to evaluate such a large series. Can you provide a more detailed summary of this feature along with A summary of any testing that has already been performed? I see some of the comments have a Caution about an API taking external input. This implies that some amount of security analysis and review may have already been performed. The summary should include the set of APIs that do take external input and what review or testing was done on those APIs? What amount of additional testing do you think this series requires? Thanks, Mike > -Original Message- > From: edk2-devel [mailto:edk2-devel-boun...@lists.01.org] On Behalf Of Jiewen > Yao > Sent: Tuesday, September 20, 2016 11:45 PM > To: edk2-devel@lists.01.org<mailto:edk2-devel@lists.01.org> > Cc: Tian, Feng mailto:feng.t...@intel.com>>; Gao, Liming > mailto:liming@intel.com>>; Zeng, Star > mailto:star.z...@intel.com>>; Kinney, Michael D > mailto:michael.d.kin...@intel.com>>; Fan, Jeff > mailto:jeff@intel.com>>; Zhang, Chao B > mailto:chao.b.zh...@intel.com>> > Subject: [edk2] [PATCH 00/45] Add capsule update and recovery sample. > > This series patch provides sample on how to do signed capsule update > and recovery in EDKII. > > This series patch is also checked into > g...@github.com:jyao1/edk2.git<mailto:g...@github.com:jyao1/edk2.git>. > > The feature includes: > 1) Define EDKII signed system BIOS capsule format. > 2) Provide EDKII signed system BIOS update sample. > 3) Provide EDKII signed recovery sample. > 4) Provide Microcode update sample for X86 system. > 5) Update Quark to use new capsule/recovery solution. > 6) Update Vlv2(MinnowMax) to use new capsule/recovery solution. > > The signed capsule/recovery solution is in MdeModulePkg. > The capsule in IntelFrameworkModulePkg is deprecated. > The Microcode update solution is in UefiCpuPkg. > > Cc: Feng Tian mailto:feng.t...@intel.com>> > Cc: Star Zeng mailto:star.z...@intel.com>> > Cc: Michael D Kinney > mailto:michael.d.kin...@intel.com>> > Cc: Liming Gao mailto:liming@intel.com>> > Cc: Chao Zhang mailto:chao.b.zh...@intel.com>> > Cc: Jeff Fan mailto:jeff@intel.com>> > Contributed-under: TianoCore Contribution Agreement 1.0 > Signed-off-by: Jiewen Yao mailto:jiewen@intel.com>>
Re: [edk2] [PATCH 00/45] Add capsule update and recovery sample.
Jiewen, Thanks for this contribution and thank you for also providing a version of it on your GitHub fork to make it easier for some to evaluate such a large series. Can you provide a more detailed summary of this feature along with A summary of any testing that has already been performed? I see some of the comments have a Caution about an API taking external input. This implies that some amount of security analysis and review may have already been performed. The summary should include the set of APIs that do take external input and what review or testing was done on those APIs? What amount of additional testing do you think this series requires? Thanks, Mike > -Original Message- > From: edk2-devel [mailto:edk2-devel-boun...@lists.01.org] On Behalf Of Jiewen > Yao > Sent: Tuesday, September 20, 2016 11:45 PM > To: edk2-devel@lists.01.org > Cc: Tian, Feng ; Gao, Liming ; > Zeng, Star > ; Kinney, Michael D ; Fan, > Jeff > ; Zhang, Chao B > Subject: [edk2] [PATCH 00/45] Add capsule update and recovery sample. > > This series patch provides sample on how to do signed capsule update > and recovery in EDKII. > > This series patch is also checked into g...@github.com:jyao1/edk2.git. > > The feature includes: > 1) Define EDKII signed system BIOS capsule format. > 2) Provide EDKII signed system BIOS update sample. > 3) Provide EDKII signed recovery sample. > 4) Provide Microcode update sample for X86 system. > 5) Update Quark to use new capsule/recovery solution. > 6) Update Vlv2(MinnowMax) to use new capsule/recovery solution. > > The signed capsule/recovery solution is in MdeModulePkg. > The capsule in IntelFrameworkModulePkg is deprecated. > The Microcode update solution is in UefiCpuPkg. > > Cc: Feng Tian > Cc: Star Zeng > Cc: Michael D Kinney > Cc: Liming Gao > Cc: Chao Zhang > Cc: Jeff Fan > Contributed-under: TianoCore Contribution Agreement 1.0 > Signed-off-by: Jiewen Yao > > > Jiewen Yao (45): > MdeModulePkg/Include: Add EDKII system FMP capsule header. > MdeModulePkg/Include: Add EdkiiSystemCapsuleLib definition. > MdeModulePkg/Include: Add FmpAuthenticationLib header. > MdeModulePkg/Include: Add IniParsingLib header. > MdeModulePkg/Include: Add PlatformFlashAccessLib header. > MdeModulePkg/CapsuleLib: Add ProcessCapsules() API. > MdeModulePkg/MdeModulePkg.dec: Add capsule related definition. > MdeModulePkg/IniParsingLib: Add InitParsingLib instance. > MdeModulePkg/FmpAuthenticationLib: Add FmpAuthenticationLib instance. > MdeModulePkg/DxeCapsuleLibFmp: Add DxeCapsuleLibFmp instance. > MdeModulePkg/DxeCapsuleLibNull: Add ProcessCapsules() interface. > MdeModulePkg/EdkiiSystemCapsuleLib: Add EdkiiSystemCapsuleLib > instance. > MdeModulePkg/PlatformFlashAccessLib: Add NULL PlatformFlashAccessLib. > MdeModulePkg/Esrt: Add ESRT_FW_TYPE_SYSTEMFIRMWARE check. > MdeModulePkg/SystemBiosUpdate: Add SystemBiosUpdate component. > MdeModulePkg/RecoveryModuleLoadPei: Add RecoveryModuleLoadPei. > MdeModulePkg/CapsuleApp: Add CapsuleApp application. > MdeModulePkg/MdeModulePkg.dsc: Add capsule related component. > IntelFrameworkModulePkg/DxeCapsuleLib: Add ProcessCapsules() > interface. > SecurityPkg/SecurityPkg.dec: Add PcdPkcs7CertBuffer PCD. > SecurityPkg/FmpAuthenticationPkcs7Lib: Add PKCS7 NULL class for FMP. > SecurityPkg/FmpAuthenticationRsa2048Sha256Lib: Add NULL class for FMP. > SecurityPkg/SecurityPkg.dsc: Add FmpAuthentication*Lib. > UefiCpuPkg/Include: Add Microcode FMP definition. > UefiCpuPkg/Include: Add MicrocodeFlashAccessLib header. > UefiCpuPkg/UefiCpuPkg.dec: Add Microcode capsule related definition. > UefiCpuPkg/MicrocodeUpdate: Add MicrocodeUpdate component. > UefiCpuPkg/MicrocodeFlashAccessLib: Add NULL MicrocodeFlashAccessLib. > UefiCpuPkg/MicrocodeCapsuleApp: Add MicrocodeCapsuleApp application. > UefiCpuPkg/UefiCpuPkg.dsc: Add MicrocodeCapsule related component. > QuarkPlatformPkg/PlatformFlashAccessLib: Add instance for capsule > update. > QuarkPlatformPkg/SystemBiosDescriptor: Add Descriptor for capsule > update. > QuarkPlatformPkg/SystemBiosUpdateConfig: Add capsule config file. > QuarkPlatformPkg/PlatformInit: Remove recovery PPI installation. > QuarkPlatformPkg/PlatformBootManager: Add capsule/recovery handling. > QuarkPlatformPkg/dsc/fdf: Add capsule/recovery support. > QuarkPlatformPkg/dsc/fdf: add capsule generation DSC/FDF. > Vlv2TbltDevicePkg/PlatformFlashAccessLib: Add instance for capsule > update. > Vlv2TbltDevicePkg/SystemBiosDescriptor: Add Descriptor for capsule > update. > Vlv2TbltDevicePkg/SystemBiosUpdateConfig: Add capsule config file. > Vlv2TbltDevicePkg/FlashDeviceLib: Add DXE flash device lib. > Vlv2TbltDevicePkg/PlatformBootManager: Add capsule/recovery handling. > Vlv2TbltDevicePkg/dsc/fdf: Add capsule/recovery support. > Vlv2TbltDevicePkg/dsc/fdf: add capsule generation DSC/FDF. > Vlv2TbltDevicePkg/bat: add capsule gene
