1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
|
/** @file
UEFI Firmware Management Protocol definition
Firmware Management Protocol provides an abstraction for device to provide firmware
management support. The base requirements for managing device firmware images include
identifying firmware image revision level and programming the image into the device.
GetImageInfo() is the only required function. GetImage(), SetImage(),
CheckImage(), GetPackageInfo(), and SetPackageInfo() shall return
EFI_UNSUPPORTED if not supported by the driver.
Copyright (c) 2009 - 2014, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
http://opensource.org/licenses/bsd-license.php
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
@par Revision Reference:
This Protocol is introduced in UEFI Specification 2.3
**/
#ifndef __EFI_FIRMWARE_MANAGEMENT_PROTOCOL_H__
#define __EFI_FIRMWARE_MANAGEMENT_PROTOCOL_H__
#define EFI_FIRMWARE_MANAGEMENT_PROTOCOL_GUID \
{ \
0x86c77a67, 0xb97, 0x4633, {0xa1, 0x87, 0x49, 0x10, 0x4d, 0x6, 0x85, 0xc7 } \
}
typedef struct _EFI_FIRMWARE_MANAGEMENT_PROTOCOL EFI_FIRMWARE_MANAGEMENT_PROTOCOL;
///
/// EFI_FIRMWARE_IMAGE_DESCRIPTOR
///
typedef struct {
///
/// A unique number identifying the firmware image within the device. The number is
/// between 1 and DescriptorCount.
///
UINT8 ImageIndex;
///
/// A unique number identifying the firmware image type.
///
EFI_GUID ImageTypeId;
///
/// A unique number identifying the firmware image.
///
UINT64 ImageId;
///
/// A pointer to a null-terminated string representing the firmware image name.
///
CHAR16 *ImageIdName;
///
/// Identifies the version of the device firmware. The format is vendor specific and new
/// version must have a greater value than an old version.
///
UINT32 Version;
///
/// A pointer to a null-terminated string representing the firmware image version name.
///
CHAR16 *VersionName;
///
/// Size of the image in bytes. If size=0, then only ImageIndex and ImageTypeId are valid.
///
UINTN Size;
///
/// Image attributes that are supported by this device. See 'Image Attribute Definitions'
/// for possible returned values of this parameter. A value of 1 indicates the attribute is
/// supported and the current setting value is indicated in AttributesSetting. A
/// value of 0 indicates the attribute is not supported and the current setting value in
/// AttributesSetting is meaningless.
///
UINT64 AttributesSupported;
///
/// Image attributes. See 'Image Attribute Definitions' for possible returned values of
/// this parameter.
///
UINT64 AttributesSetting;
///
/// Image compatibilities. See 'Image Compatibility Definitions' for possible returned
/// values of this parameter.
///
UINT64 Compatibilities;
///
/// Describes the lowest ImageDescriptor version that the device will accept. Only
/// present in version 2 or higher.
///
UINT32 LowestSupportedImageVersion;
} EFI_FIRMWARE_IMAGE_DESCRIPTOR;
//
// Image Attribute Definitions
//
///
/// The attribute IMAGE_ATTRIBUTE_IMAGE_UPDATABLE indicates this device supports firmware
/// image update.
///
#define IMAGE_ATTRIBUTE_IMAGE_UPDATABLE 0x0000000000000001
///
/// The attribute IMAGE_ATTRIBUTE_RESET_REQUIRED indicates a reset of the device is required
/// for the new firmware image to take effect after a firmware update. The device is the device hosting
/// the firmware image.
///
#define IMAGE_ATTRIBUTE_RESET_REQUIRED 0x0000000000000002
///
/// The attribute IMAGE_ATTRIBUTE_AUTHENTICATION_REQUIRED indicates authentication is
/// required to perform the following image operations: GetImage(), SetImage(), and
/// CheckImage(). See 'Image Attribute - Authentication'.
///
#define IMAGE_ATTRIBUTE_AUTHENTICATION_REQUIRED 0x0000000000000004
///
/// The attribute IMAGE_ATTRIBUTE_IN_USE indicates the current state of the firmware image.
/// This distinguishes firmware images in a device that supports redundant images.
///
#define IMAGE_ATTRIBUTE_IN_USE 0x0000000000000008
//
// Image Compatibility Definitions
//
/// Values from 0x0000000000000002 thru 0x000000000000FFFF are reserved for future assignments.
/// Values from 0x0000000000010000 thru 0xFFFFFFFFFFFFFFFF are used by firmware vendor for
/// compatibility check.
///
#define IMAGE_COMPATIBILITY_CHECK_SUPPORTED 0x0000000000000001
///
/// Descriptor Version exposed by GetImageInfo() function
///
#define EFI_FIRMWARE_IMAGE_DESCRIPTOR_VERSION 2
///
/// Image Attribute -Authentication Required
///
typedef struct {
///
/// It is included in the signature of AuthInfo. It is used to ensure freshness/no replay.
/// It is incremented during each firmware image operation.
///
UINT64 MonotonicCount;
///
/// Provides the authorization for the firmware image operations. It is a signature across
/// the image data and the Monotonic Count value. Caller uses the private key that is
/// associated with a public key that has been provisioned via the key exchange.
/// Because this is defined as a signature, WIN_CERTIFICATE_UEFI_GUID.CertType must
/// be EFI_CERT_TYPE_PKCS7_GUID.
///
WIN_CERTIFICATE_UEFI_GUID AuthInfo;
} EFI_FIRMWARE_IMAGE_AUTHENTICATION;
//
// ImageUpdatable Definitions
//
///
/// IMAGE_UPDATABLE_VALID indicates SetImage() will accept the new image and update the
/// device with the new image.
///
#define IMAGE_UPDATABLE_VALID 0x0000000000000001
///
/// IMAGE_UPDATABLE_INVALID indicates SetImage() will reject the new image. No additional
/// information is provided for the rejection.
///
#define IMAGE_UPDATABLE_INVALID 0x0000000000000002
///
/// IMAGE_UPDATABLE_INVALID_TYPE indicates SetImage() will reject the new image. The
/// rejection is due to the new image is not a firmware image recognized for this device.
///
#define IMAGE_UPDATABLE_INVALID_TYPE 0x0000000000000004
///
/// IMAGE_UPDATABLE_INVALID_OLD indicates SetImage() will reject the new image. The
/// rejection is due to the new image version is older than the current firmware image
/// version in the device. The device firmware update policy does not support firmware
/// version downgrade.
///
#define IMAGE_UPDATABLE_INVALID_OLD 0x0000000000000008
//
// Package Attribute Definitions
//
///
/// The attribute PACKAGE_ATTRIBUTE_VERSION_UPDATABLE indicates this device supports the
/// update of the firmware package version.
///
#define PACKAGE_ATTRIBUTE_VERSION_UPDATABLE 0x0000000000000001
///
/// The attribute PACKAGE_ATTRIBUTE_RESET_REQUIRED indicates a reset of the device is
/// required for the new package info to take effect after an update.
///
#define PACKAGE_ATTRIBUTE_RESET_REQUIRED 0x0000000000000002
///
/// The attribute PACKAGE_ATTRIBUTE_AUTHENTICATION_REQUIRED indicates authentication
/// is required to update the package info.
///
#define PACKAGE_ATTRIBUTE_AUTHENTICATION_REQUIRED 0x0000000000000004
/**
Callback funtion to report the process of the firmware updating.
@param[in] Completion A value between 1 and 100 indicating the current completion
progress of the firmware update. Completion progress is
reported as from 1 to 100 percent. A value of 0 is used by
the driver to indicate that progress reporting is not supported.
@retval EFI_SUCCESS SetImage() continues to do the callback if supported.
@retval other SetImage() discontinues the callback and completes
the update and returns.
**/
typedef
EFI_STATUS
(EFIAPI *EFI_FIRMWARE_MANAGEMENT_UPDATE_IMAGE_PROGRESS)(
IN UINTN Completion
);
/**
Returns information about the current firmware image(s) of the device.
This function allows a copy of the current firmware image to be created and saved.
The saved copy could later been used, for example, in firmware image recovery or rollback.
@param[in] This A pointer to the EFI_FIRMWARE_MANAGEMENT_PROTOCOL instance.
@param[in, out] ImageInfoSize A pointer to the size, in bytes, of the ImageInfo buffer.
On input, this is the size of the buffer allocated by the caller.
On output, it is the size of the buffer returned by the firmware
if the buffer was large enough, or the size of the buffer needed
to contain the image(s) information if the buffer was too small.
@param[in, out] ImageInfo A pointer to the buffer in which firmware places the current image(s)
information. The information is an array of EFI_FIRMWARE_IMAGE_DESCRIPTORs.
@param[out] DescriptorVersion A pointer to the location in which firmware returns the version number
associated with the EFI_FIRMWARE_IMAGE_DESCRIPTOR.
@param[out] DescriptorCount A pointer to the location in which firmware returns the number of
descriptors or firmware images within this device.
@param[out] DescriptorSize A pointer to the location in which firmware returns the size, in bytes,
of an individual EFI_FIRMWARE_IMAGE_DESCRIPTOR.
@param[out] PackageVersion A version number that represents all the firmware images in the device.
The format is vendor specific and new version must have a greater value
than the old version. If PackageVersion is not supported, the value is
0xFFFFFFFF. A value of 0xFFFFFFFE indicates that package version comparison
is to be performed using PackageVersionName. A value of 0xFFFFFFFD indicates
that package version update is in progress.
@param[out] PackageVersionName A pointer to a pointer to a null-terminated string representing the
package version name. The buffer is allocated by this function with
AllocatePool(), and it is the caller's responsibility to free it with a call
to FreePool().
@retval EFI_SUCCESS The device was successfully updated with the new image.
@retval EFI_BUFFER_TOO_SMALL The ImageInfo buffer was too small. The current buffer size
needed to hold the image(s) information is returned in ImageInfoSize.
@retval EFI_INVALID_PARAMETER ImageInfoSize is NULL.
@retval EFI_DEVICE_ERROR Valid information could not be returned. Possible corrupted image.
**/
typedef
EFI_STATUS
(EFIAPI *EFI_FIRMWARE_MANAGEMENT_PROTOCOL_GET_IMAGE_INFO)(
IN EFI_FIRMWARE_MANAGEMENT_PROTOCOL *This,
IN OUT UINTN *ImageInfoSize,
IN OUT EFI_FIRMWARE_IMAGE_DESCRIPTOR *ImageInfo,
OUT UINT32 *DescriptorVersion,
OUT UINT8 *DescriptorCount,
OUT UINTN *DescriptorSize,
OUT UINT32 *PackageVersion,
OUT CHAR16 **PackageVersionName
);
/**
Retrieves a copy of the current firmware image of the device.
This function allows a copy of the current firmware image to be created and saved.
The saved copy could later been used, for example, in firmware image recovery or rollback.
@param[in] This A pointer to the EFI_FIRMWARE_MANAGEMENT_PROTOCOL instance.
@param[in] ImageIndex A unique number identifying the firmware image(s) within the device.
The number is between 1 and DescriptorCount.
@param[out] Image Points to the buffer where the current image is copied to.
@param[out] ImageSize On entry, points to the size of the buffer pointed to by Image, in bytes.
On return, points to the length of the image, in bytes.
@retval EFI_SUCCESS The device was successfully updated with the new image.
@retval EFI_BUFFER_TOO_SMALL The buffer specified by ImageSize is too small to hold the
image. The current buffer size needed to hold the image is returned
in ImageSize.
@retval EFI_INVALID_PARAMETER The Image was NULL.
@retval EFI_NOT_FOUND The current image is not copied to the buffer.
@retval EFI_UNSUPPORTED The operation is not supported.
@retval EFI_SECURITY_VIOLATIO The operation could not be performed due to an authentication failure.
**/
typedef
EFI_STATUS
(EFIAPI *EFI_FIRMWARE_MANAGEMENT_PROTOCOL_GET_IMAGE)(
IN EFI_FIRMWARE_MANAGEMENT_PROTOCOL *This,
IN UINT8 ImageIndex,
IN OUT VOID *Image,
IN OUT UINTN *ImageSize
);
/**
Updates the firmware image of the device.
This function updates the hardware with the new firmware image.
This function returns EFI_UNSUPPORTED if the firmware image is not updatable.
If the firmware image is updatable, the function should perform the following minimal validations
before proceeding to do the firmware image update.
- Validate the image authentication if image has attribute
IMAGE_ATTRIBUTE_AUTHENTICATION_REQUIRED. The function returns
EFI_SECURITY_VIOLATION if the validation fails.
- Validate the image is a supported image for this device. The function returns EFI_ABORTED if
the image is unsupported. The function can optionally provide more detailed information on
why the image is not a supported image.
- Validate the data from VendorCode if not null. Image validation must be performed before
VendorCode data validation. VendorCode data is ignored or considered invalid if image
validation failed. The function returns EFI_ABORTED if the data is invalid.
VendorCode enables vendor to implement vendor-specific firmware image update policy. Null if
the caller did not specify the policy or use the default policy. As an example, vendor can implement
a policy to allow an option to force a firmware image update when the abort reason is due to the new
firmware image version is older than the current firmware image version or bad image checksum.
Sensitive operations such as those wiping the entire firmware image and render the device to be
non-functional should be encoded in the image itself rather than passed with the VendorCode.
AbortReason enables vendor to have the option to provide a more detailed description of the abort
reason to the caller.
@param[in] This A pointer to the EFI_FIRMWARE_MANAGEMENT_PROTOCOL instance.
@param[in] ImageIndex A unique number identifying the firmware image(s) within the device.
The number is between 1 and DescriptorCount.
@param[in] Image Points to the new image.
@param[in] ImageSize Size of the new image in bytes.
@param[in] VendorCode This enables vendor to implement vendor-specific firmware image update policy.
Null indicates the caller did not specify the policy or use the default policy.
@param[in] Progress A function used by the driver to report the progress of the firmware update.
@param[out] AbortReason A pointer to a pointer to a null-terminated string providing more
details for the aborted operation. The buffer is allocated by this function
with AllocatePool(), and it is the caller's responsibility to free it with a
call to FreePool().
@retval EFI_SUCCESS The device was successfully updated with the new image.
@retval EFI_ABORTED The operation is aborted.
@retval EFI_INVALID_PARAMETER The Image was NULL.
@retval EFI_UNSUPPORTED The operation is not supported.
@retval EFI_SECURITY_VIOLATIO The operation could not be performed due to an authentication failure.
**/
typedef
EFI_STATUS
(EFIAPI *EFI_FIRMWARE_MANAGEMENT_PROTOCOL_SET_IMAGE)(
IN EFI_FIRMWARE_MANAGEMENT_PROTOCOL *This,
IN UINT8 ImageIndex,
IN CONST VOID *Image,
IN UINTN ImageSize,
IN CONST VOID *VendorCode,
IN EFI_FIRMWARE_MANAGEMENT_UPDATE_IMAGE_PROGRESS Progress,
OUT CHAR16 **AbortReason
);
/**
Checks if the firmware image is valid for the device.
This function allows firmware update application to validate the firmware image without
invoking the SetImage() first.
@param[in] This A pointer to the EFI_FIRMWARE_MANAGEMENT_PROTOCOL instance.
@param[in] ImageIndex A unique number identifying the firmware image(s) within the device.
The number is between 1 and DescriptorCount.
@param[in] Image Points to the new image.
@param[in] ImageSize Size of the new image in bytes.
@param[out] ImageUpdatable Indicates if the new image is valid for update. It also provides,
if available, additional information if the image is invalid.
@retval EFI_SUCCESS The image was successfully checked.
@retval EFI_INVALID_PARAMETER The Image was NULL.
@retval EFI_UNSUPPORTED The operation is not supported.
@retval EFI_SECURITY_VIOLATIO The operation could not be performed due to an authentication failure.
**/
typedef
EFI_STATUS
(EFIAPI *EFI_FIRMWARE_MANAGEMENT_PROTOCOL_CHECK_IMAGE)(
IN EFI_FIRMWARE_MANAGEMENT_PROTOCOL *This,
IN UINT8 ImageIndex,
IN CONST VOID *Image,
IN UINTN ImageSize,
OUT UINT32 *ImageUpdatable
);
/**
Returns information about the firmware package.
This function returns package information.
@param[in] This A pointer to the EFI_FIRMWARE_MANAGEMENT_PROTOCOL instance.
@param[out] PackageVersion A version number that represents all the firmware images in the device.
The format is vendor specific and new version must have a greater value
than the old version. If PackageVersion is not supported, the value is
0xFFFFFFFF. A value of 0xFFFFFFFE indicates that package version
comparison is to be performed using PackageVersionName. A value of
0xFFFFFFFD indicates that package version update is in progress.
@param[out] PackageVersionName A pointer to a pointer to a null-terminated string representing
the package version name. The buffer is allocated by this function with
AllocatePool(), and it is the caller's responsibility to free it with a
call to FreePool().
@param[out] PackageVersionNameMaxLen The maximum length of package version name if device supports update of
package version name. A value of 0 indicates the device does not support
update of package version name. Length is the number of Unicode characters,
including the terminating null character.
@param[out] AttributesSupported Package attributes that are supported by this device. See 'Package Attribute
Definitions' for possible returned values of this parameter. A value of 1
indicates the attribute is supported and the current setting value is
indicated in AttributesSetting. A value of 0 indicates the attribute is not
supported and the current setting value in AttributesSetting is meaningless.
@param[out] AttributesSetting Package attributes. See 'Package Attribute Definitions' for possible returned
values of this parameter
@retval EFI_SUCCESS The package information was successfully returned.
@retval EFI_UNSUPPORTED The operation is not supported.
**/
typedef
EFI_STATUS
(EFIAPI *EFI_FIRMWARE_MANAGEMENT_PROTOCOL_GET_PACKAGE_INFO)(
IN EFI_FIRMWARE_MANAGEMENT_PROTOCOL *This,
OUT UINT32 *PackageVersion,
OUT CHAR16 **PackageVersionName,
OUT UINT32 *PackageVersionNameMaxLen,
OUT UINT64 *AttributesSupported,
OUT UINT64 *AttributesSetting
);
/**
Updates information about the firmware package.
This function updates package information.
This function returns EFI_UNSUPPORTED if the package information is not updatable.
VendorCode enables vendor to implement vendor-specific package information update policy.
Null if the caller did not specify this policy or use the default policy.
@param[in] This A pointer to the EFI_FIRMWARE_MANAGEMENT_PROTOCOL instance.
@param[in] Image Points to the authentication image.
Null if authentication is not required.
@param[in] ImageSize Size of the authentication image in bytes.
0 if authentication is not required.
@param[in] VendorCode This enables vendor to implement vendor-specific firmware
image update policy.
Null indicates the caller did not specify this policy or use
the default policy.
@param[in] PackageVersion The new package version.
@param[in] PackageVersionName A pointer to the new null-terminated Unicode string representing
the package version name.
The string length is equal to or less than the value returned in
PackageVersionNameMaxLen.
@retval EFI_SUCCESS The device was successfully updated with the new package
information.
@retval EFI_INVALID_PARAMETER The PackageVersionName length is longer than the value
returned in PackageVersionNameMaxLen.
@retval EFI_UNSUPPORTED The operation is not supported.
@retval EFI_SECURITY_VIOLATIO The operation could not be performed due to an authentication failure.
**/
typedef
EFI_STATUS
(EFIAPI *EFI_FIRMWARE_MANAGEMENT_PROTOCOL_SET_PACKAGE_INFO)(
IN EFI_FIRMWARE_MANAGEMENT_PROTOCOL *This,
IN CONST VOID *Image,
IN UINTN ImageSize,
IN CONST VOID *VendorCode,
IN UINT32 PackageVersion,
IN CONST CHAR16 *PackageVersionName
);
///
/// EFI_FIRMWARE_MANAGEMENT_PROTOCOL
/// The protocol for managing firmware provides the following services.
/// - Get the attributes of the current firmware image. Attributes include revision level.
/// - Get a copy of the current firmware image. As an example, this service could be used by a
/// management application to facilitate a firmware roll-back.
/// - Program the device with a firmware image supplied by the user.
/// - Label all the firmware images within a device with a single version.
///
struct _EFI_FIRMWARE_MANAGEMENT_PROTOCOL {
EFI_FIRMWARE_MANAGEMENT_PROTOCOL_GET_IMAGE_INFO GetImageInfo;
EFI_FIRMWARE_MANAGEMENT_PROTOCOL_GET_IMAGE GetImage;
EFI_FIRMWARE_MANAGEMENT_PROTOCOL_SET_IMAGE SetImage;
EFI_FIRMWARE_MANAGEMENT_PROTOCOL_CHECK_IMAGE CheckImage;
EFI_FIRMWARE_MANAGEMENT_PROTOCOL_GET_PACKAGE_INFO GetPackageInfo;
EFI_FIRMWARE_MANAGEMENT_PROTOCOL_SET_PACKAGE_INFO SetPackageInfo;
};
extern EFI_GUID gEfiFirmwareManagementProtocolGuid;
#endif
|