[edk2] [RFC 1/4] FmpDevicePkg: Add package, library classes, and PCDs

Michael D Kinney posted 4 patches 6 years, 7 months ago
There is a newer version of this series
[edk2] [RFC 1/4] FmpDevicePkg: Add package, library classes, and PCDs
Posted by Michael D Kinney 6 years, 7 months ago
From: "Kinney, Michael D" <michael.d.kinney@intel.com>

https://bugzilla.tianocore.org/show_bug.cgi?id=922

Based on content from the following branch:

https://github.com/Microsoft/MS_UEFI/tree/share/MsCapsuleSupport/MsCapsuleUpdatePkg

Create FmpDevicePkg with library classes and PCDs used to
customize the behavior of a Firmware Management Protocol
instance.

Library Classes
===============
* FmpDeviceLib - Provides firmware device specific services
  to support updates of a firmware image stored in a firmware
  device.
* CapsuleUpdatePolicyLib - Provides platform policy services
  used during a capsule update.
* FmpPayloadHeaderLib - Provides services to retrieve values
  from a capsule's FMP Payload Header.  The structure is not
  included in the library class.  Instead, services are
  provided to retrieve information from the FMP Payload Header.
  If information is added to the FMP Payload Header, then new
  services may be added to this library class to retrieve the
  new information.

PCDs set per module
====================
* PcdFmpDeviceSystemResetRequired - Indicates if a full
  system reset is required before a firmware update to a
  firmware devices takes effect
* PcdFmpDeviceProgressColor - The color of the progress bar
  during a firmware update.
* PcdFmpDeviceImageIdName - The Null-terminated Unicode
  string used to fill in the ImageIdName field of the
  EFI_FIRMWARE_IMAGE_DESCRIPTOR structure that is returned
  by the GetImageInfo() service of the Firmware Management
  Protocol for the firmware device.
* PcdFmpDeviceBuildTimeLowestSupportedVersion - The build
  time value used to fill in the LowestSupportedVersion field
  of the EFI_FIRMWARE_IMAGE_DESCRIPTOR structure that is
  returned by the GetImageInfo() service of the Firmware
  Management Protocol.
* PcdFmpDeviceProgressWatchdogTimeInSeconds - The time in
  seconds to arm a watchdog timer during the update of a
  firmware device.

PCDs set per module or for entire platform
==========================================
* PcdFmpDevicePkcs7CertBufferXdr - One or more PKCS7
  certificates used to verify a firmware device capsule
  update image.
* PcdFmpDeviceLockEventGuid - An event GUID that locks
  the firmware device when the event is signaled.

Cc: Sean Brogan <sean.brogan@microsoft.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com>
---
 FmpDevicePkg/FmpDevicePkg.dec                      | 126 +++++++
 FmpDevicePkg/FmpDevicePkg.uni                      |  75 ++++
 FmpDevicePkg/FmpDevicePkgExtra.uni                 |  18 +
 .../Include/Library/CapsuleUpdatePolicyLib.h       | 120 +++++++
 FmpDevicePkg/Include/Library/FmpDeviceLib.h        | 385 +++++++++++++++++++++
 FmpDevicePkg/Include/Library/FmpPayloadHeaderLib.h | 100 ++++++
 6 files changed, 824 insertions(+)
 create mode 100644 FmpDevicePkg/FmpDevicePkg.dec
 create mode 100644 FmpDevicePkg/FmpDevicePkg.uni
 create mode 100644 FmpDevicePkg/FmpDevicePkgExtra.uni
 create mode 100644 FmpDevicePkg/Include/Library/CapsuleUpdatePolicyLib.h
 create mode 100644 FmpDevicePkg/Include/Library/FmpDeviceLib.h
 create mode 100644 FmpDevicePkg/Include/Library/FmpPayloadHeaderLib.h

diff --git a/FmpDevicePkg/FmpDevicePkg.dec b/FmpDevicePkg/FmpDevicePkg.dec
new file mode 100644
index 0000000000..62fb98dbdb
--- /dev/null
+++ b/FmpDevicePkg/FmpDevicePkg.dec
@@ -0,0 +1,126 @@
+## @file
+# Firmware Management Protocol Device Package
+#
+# This package provides an implementation of a Firmware Management Protocol
+# instance that supports the update of firmware storage devices using UEFI
+# Capsules.  The behavior of the Firmware Management Protocol instance is
+# customized using libraries and PCDs.
+#
+# Copyright (c) 2016, Microsoft Corporation. All rights reserved.<BR>
+# Copyright (c) 2018, Intel Corporation. All rights reserved.<BR>
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are met:
+# 1. Redistributions of source code must retain the above copyright notice,
+# this list of conditions and the following disclaimer.
+# 2. Redistributions in binary form must reproduce the above copyright notice,
+# this list of conditions and the following disclaimer in the documentation
+# and/or other materials provided with the distribution.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+# IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+# INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+# BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+# LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+# ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+#
+##
+
+[Defines]
+  DEC_SPECIFICATION = 0x00010005
+  PACKAGE_NAME      = FmpDevicePkg
+  PACKAGE_UNI_FILE  = FmpDevicePkg.uni
+  PACKAGE_GUID      = 080b5b4f-27c6-11e8-84d1-f8597177a00a
+  PACKAGE_VERSION   = 0.1
+
+[Includes]
+  Include
+
+[LibraryClasses]
+  ##  @libraryclass  Provides services to retrieve values from a capsule's FMP
+  #                  Payload Header.  The structure is not included in the
+  #                  library class.  Instead, services are provided to retrieve
+  #                  information from the FMP Payload Header.  If information is
+  #                  added to the FMP Payload Header, then new services may be
+  #                  added to this library class to retrieve the new information.
+  FmpPayloadHeaderLib|Include/Library/FmpPayloadHeaderLib.h
+
+  ##  @libraryclass  Provides platform policy services used during a capsule
+  #                  update.
+  CapsuleUpdatePolicyLib|Include/Library/CapsuleUpdatePolicyLib.h
+
+  ##  @libraryclass  Provides firmware device specific services to support
+  #                  updates of a firmware image stored in a firmware device.
+  FmpDeviceLib|Include/Library/FmpDeviceLib.h
+
+[Guids]
+  ## Firmware Management Protocol Device Package Token Space GUID
+  gFmpDevicePkgTokenSpaceGuid = { 0x40b2d964, 0xfe11, 0x40dc, { 0x82, 0x83, 0x2e, 0xfb, 0xda, 0x29, 0x53, 0x56 } }
+
+[PcdsFeatureFlag]
+  ## Indicates if a full system reset is required before a firmware update to a
+  #  firmware devices takes effect.<BR><BR>
+  #   TRUE  - System reset is required.<BR>
+  #   FALSE - System reset is not required.<BR>
+  # @Prompt FMP Device System Reset Required.
+  gFmpDevicePkgTokenSpaceGuid.PcdFmpDeviceSystemResetRequired|TRUE|BOOLEAN|0x40000008
+
+[PcdsFixedAtBuild, PcdsPatchableInModule]
+  ## The color of the progress bar during a firmware update.  Each firmware
+  #  device can set its own color.  The default color is white.<BR><BR>
+  #  Bits  7..0  - Red<BR>
+  #  Bits 15..8  - Green<BR>
+  #  Bits 23..16 - Blue<BR>
+  # @Prompt Firmware Device Progress Bar Color.
+  gFmpDevicePkgTokenSpaceGuid.PcdFmpDeviceProgressColor|0x00FFFFFF|UINT32|0x40000004
+
+  ## The Null-terminated Unicode string used to fill in the ImageIdName field of
+  #  the EFI_FIRMWARE_IMAGE_DESCRIPTOR structure that is returned by the
+  #  GetImageInfo() service of the Firmware Management Protocol for the firmware
+  #  device.  An ImageIdName string must be provided for each firmware device.
+  #  The default value is an empty string.
+  # @Prompt Firmware Device ImageIdName string.
+  gFmpDevicePkgTokenSpaceGuid.PcdFmpDeviceImageIdName|L""|VOID*|0x40000007
+
+  ## The build time value used to fill in the LowestSupportedVersion field of
+  #  the EFI_FIRMWARE_IMAGE_DESCRIPTOR structure that is returned by the
+  #  GetImageInfo() service of the Firmware Management Protocol.  This value is
+  #  only used if the firmware device does not provide a method to report the
+  #  lowest supported version value from the current firmware image and the
+  #  UEFI variable used to provide the lowest supported version value does not
+  #  exist.  The default value is 0.
+  # @Prompt Build Time Firmware Device Lowest Support Version.
+  gFmpDevicePkgTokenSpaceGuid.PcdFmpDeviceBuildTimeLowestSupportedVersion|0x0|UINT32|0x4000000C
+
+  ## The time in seconds to arm a watchdog timer during the update of a firmware
+  #  device.  The watchdog is re-armed each time the FmpDeviceLib calls the
+  #  Progress() function passed into FmpDeviceSetImage() function.  The
+  #  FmpDeviceLib calls Progress() to update the percent completion of a
+  #  firmware update.  If the watchdog timer expires, the system reboots.  A
+  #  value of 0 disables the watchdog timer.  The default value is 0 (watchdog
+  #  disabled).
+  # @Prompt Firmware Device Watchdog Time in Seconds.
+  gFmpDevicePkgTokenSpaceGuid.PcdFmpDeviceProgressWatchdogTimeInSeconds|0x0|UINT8|0x4000000D
+
+[PcdsFixedAtBuild, PcdsPatchableInModule, PcdsDynamic, PcdsDynamicEx]
+  ## One or more PKCS7 certificates used to verify a firmware device capsule
+  #  update image.  Encoded using the Variable-Length Opaque Data format of RFC
+  #  4506 External Data Representation Standard (XDR).  The default value is
+  #  empty with 0 certificates.
+  # @Prompt One or more XDR encoded PKCS7 certificates used to verify firmware device capsule update images.
+  gFmpDevicePkgTokenSpaceGuid.PcdFmpDevicePkcs7CertBufferXdr|{0x0}|VOID*|0x4000000E
+
+  ## An event GUID that locks the firmware device when the event is signaled.
+  #  If this PCD is not a valid GUID value, then the firmware device is locked
+  #  when gEfiEndOfDxeEventGroupGuid (End of DXE Phase) is signaled.  The
+  #  default value is empty, so by default the firmware device is locked at the
+  #  end of the DXE phase.
+  # @Prompt Firmware Device Lock Event GUID.
+  gFmpDevicePkgTokenSpaceGuid.PcdFmpDeviceLockEventGuid|{0}|VOID*|0x4000000F
+
+[UserExtensions.TianoCore."ExtraFiles"]
+  FmpDevicePkgExtra.uni
diff --git a/FmpDevicePkg/FmpDevicePkg.uni b/FmpDevicePkg/FmpDevicePkg.uni
new file mode 100644
index 0000000000..ba3f6d64c2
--- /dev/null
+++ b/FmpDevicePkg/FmpDevicePkg.uni
@@ -0,0 +1,75 @@
+// /** @file
+// Firmware Management Protocol Device Package
+//
+// This package provides an implementation of a Firmware Management Protocol
+// instance that supports the update of firmware storage devices using UEFI
+// Capsules.  The behavior of the Firmware Management Protocol instance is
+// customized using libraries and PCDs.
+//
+// Copyright (c) 2018, Intel Corporation. All rights reserved.<BR>
+//
+// This program and the accompanying materials are licensed and made available under
+// the terms and conditions of the BSD License which accompanies this distribution.
+// The full text of the license may be found at
+// http://opensource.org/licenses/bsd-license.php
+//
+// THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+// WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+//
+// **/
+
+#string STR_PACKAGE_ABSTRACT     #language en-US  "Firmware Management Protocol Software Development Kit"
+
+#string STR_PACKAGE_DESCRIPTION  #language en-US  "This package provides libraries that support the implementation of a module that produces the Firmware Management Protocol to support the update of a system firmware component."
+
+#string STR_gFmpDevicePkgTokenSpaceGuid_PcdFmpDeviceSystemResetRequired_PROMPT  #language en-US "FMP Device System Reset Required."
+#string STR_gFmpDevicePkgTokenSpaceGuid_PcdFmpDeviceSystemResetRequired_HELP    #language en-US "Indicates if a full system reset is required before a firmware update to a firmware device takes effect.<BR><BR>\n"
+                                                                                                "TRUE  - System reset is required.<BR>\n"
+                                                                                                "FALSE - System reset is not required.<BR>"
+
+#string STR_gFmpDevicePkgTokenSpaceGuid_PcdFmpDeviceProgressColor_PROMPT  #language en-US "Firmware Device Progress Bar Color."
+#string STR_gFmpDevicePkgTokenSpaceGuid_PcdFmpDeviceProgressColor_HELP    #language en-US "The color of the progress bar during a firmware update.  Each firmware"
+                                                                                          "device can set its own color.  The default color is white.<BR><BR>\n"
+                                                                                          "Bits  7..0  - Red<BR>\n"
+                                                                                          "Bits 15..8  - Green<BR>\n"
+                                                                                          "Bits 23..16 - Blue<BR>\n"
+
+#string STR_gFmpDevicePkgTokenSpaceGuid_PcdFmpDeviceImageIdName_PROMPT  #language en-US "Firmware Device ImageIdName string."
+#string STR_gFmpDevicePkgTokenSpaceGuid_PcdFmpDeviceImageIdName_HELP    #language en-US "The Null-terminated Unicode string used to fill in the ImageIdName field of"
+                                                                                        "the EFI_FIRMWARE_IMAGE_DESCRIPTOR structure that is returned by the"
+                                                                                        "GetImageInfo() service of the Firmware Management Protocol for the firmware"
+                                                                                        "device.  An ImageIdName string must be provided for each firmware device."
+                                                                                        "The default value is an empty string."
+
+#string STR_gFmpDevicePkgTokenSpaceGuid_PcdFmpDeviceBuildTimeLowestSupportedVersion_PROMPT  #language en-US "Build Time Firmware Device Lowest Support Version."
+#string STR_gFmpDevicePkgTokenSpaceGuid_PcdFmpDeviceBuildTimeLowestSupportedVersion_HELP    #language en-US "The build time value used to fill in the LowestSupportedVersion field of"
+                                                                                                            "the EFI_FIRMWARE_IMAGE_DESCRIPTOR structure that is returned by the"
+                                                                                                            "GetImageInfo() service of the Firmware Management Protocol.  This value is"
+                                                                                                            "only used if the firmware device does not provide a method to report the"
+                                                                                                            "lowest supported version value from the current firmware image and the"
+                                                                                                            "UEFI variable used to provide the lowest supported version value does not"
+                                                                                                            "exist.  The default value is 0."
+
+#string STR_gFmpDevicePkgTokenSpaceGuid_PcdFmpDeviceProgressWatchdogTimeInSeconds_PROMPT  #language en-US "Firmware Device Watchdog Time in Seconds."
+#string STR_gFmpDevicePkgTokenSpaceGuid_PcdFmpDeviceProgressWatchdogTimeInSeconds_HELP    #language en-US "Indicates the time in seconds to arm a watchdog timer during the update of"
+                                                                                                          "a firmware device.  The watchdog is re-armed each time the FmpDeviceLib"
+                                                                                                          "calls the Progress() function passed into FmpDeviceSetImage() function."
+                                                                                                          "The FmpDeviceLib calls Progress() to update the percent completion of a"
+                                                                                                          "firmware update.  If the watchdog timer expires, the system reboots.  A"
+                                                                                                          "value of 0 disables the watchdog timer.  The default value is 0 (watchdog"
+                                                                                                          "disabled)."
+
+#string STR_gEfiSecurityPkgTokenSpaceGuid_PcdFmpDevicePkcs7CertBufferXdr_PROMPT  #language en-US "One or more XDR encoded PKCS7 certificates used to verify firmware device capsule update images"
+#string STR_gEfiSecurityPkgTokenSpaceGuid_PcdFmpDevicePkcs7CertBufferXdr_HELP    #language en-US "Provides one or more PKCS7 certificates used to verify a firmware device"
+                                                                                                 "capsule update image.  This PCD is encoded using the Variable-Length Opaque"
+                                                                                                 "Data format of RFC 4506 External Data Representation Standard (XDR)."
+                                                                                                 "The default value is empty with 0 certificates."
+
+#string STR_gEfiSecurityPkgTokenSpaceGuid_PcdFmpDeviceLockEventGuid_PROMPT  #language en-US "Firmware Device Lock Event GUID."
+#string STR_gEfiSecurityPkgTokenSpaceGuid_PcdFmpDeviceLockEventGuid_HELP    #language en-US "An event GUID that locks the firmware device when the event is signaled."
+                                                                                            "If this PCD is not a valid GUID value, then the firmware device is locked"
+                                                                                            "when gEfiEndOfDxeEventGroupGuid (End of DXE Phase) is signaled.  The"
+                                                                                            "default value is empty, so by default the firmware device is locked at the"
+                                                                                            "end of the DXE phase."
+
+
diff --git a/FmpDevicePkg/FmpDevicePkgExtra.uni b/FmpDevicePkg/FmpDevicePkgExtra.uni
new file mode 100644
index 0000000000..fe49e8cd6c
--- /dev/null
+++ b/FmpDevicePkg/FmpDevicePkgExtra.uni
@@ -0,0 +1,18 @@
+// /** @file
+// Firmware Management Protocol Device Package Localized Strings and Content.
+//
+// Copyright (c) 2018, Intel Corporation. All rights reserved.<BR>
+//
+// This program and the accompanying materials are licensed and made available under
+// the terms and conditions of the BSD License which accompanies this distribution.
+// The full text of the license may be found at
+// http://opensource.org/licenses/bsd-license.php
+//
+// THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+// WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+//
+// **/
+
+#string STR_PROPERTIES_PACKAGE_NAME
+#language en-US
+"Firmware Management Protocol Device package"
diff --git a/FmpDevicePkg/Include/Library/CapsuleUpdatePolicyLib.h b/FmpDevicePkg/Include/Library/CapsuleUpdatePolicyLib.h
new file mode 100644
index 0000000000..b38f212859
--- /dev/null
+++ b/FmpDevicePkg/Include/Library/CapsuleUpdatePolicyLib.h
@@ -0,0 +1,120 @@
+/**  @file
+  Provides platform policy services used during a capsule update.
+
+  Copyright (c) 2016, Microsoft Corporation. All rights reserved.<BR>
+  Copyright (c) 2018, Intel Corporation. All rights reserved.<BR>
+
+  Redistribution and use in source and binary forms, with or without
+  modification, are permitted provided that the following conditions are met:
+  1. Redistributions of source code must retain the above copyright notice,
+  this list of conditions and the following disclaimer.
+  2. Redistributions in binary form must reproduce the above copyright notice,
+  this list of conditions and the following disclaimer in the documentation
+  and/or other materials provided with the distribution.
+
+  THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+  ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+  WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+  IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+  INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+  BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+  DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+  LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+  OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+  ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+**/
+
+#ifndef __CAPSULE_UPDATE_POLICY_LIB__
+#define __CAPSULE_UPDATE_POLICY_LIB__
+
+/**
+  Determine if the system power state supports a capsule update.
+
+  @param[out] Good  Returns TRUE if system power state supports a capsule
+                    update.  Returns FALSE if system power state does not
+                    support a capsule update.  Return value is only valid if
+                    return status is EFI_SUCCESS.
+
+  @retval EFI_SUCCESS            Good parameter has been updated with result.
+  @retval EFI_INVALID_PARAMETER  Good is NULL.
+  @retval EFI_DEVICE_ERROR       System power state can not be determined.
+
+**/
+EFI_STATUS
+EFIAPI
+CheckSystemPower (
+  OUT BOOLEAN  *Good
+  );
+
+/**
+  Determines if the system thermal state supports a capsule update.
+
+  @param[out] Good  Returns TRUE if system thermal state supports a capsule
+                    update.  Returns FALSE if system thermal state does not
+                    support a capsule update.  Return value is only valid if
+                    return status is EFI_SUCCESS.
+
+  @retval EFI_SUCCESS            Good parameter has been updated with result.
+  @retval EFI_INVALID_PARAMETER  Good is NULL.
+  @retval EFI_DEVICE_ERROR       System thermal state can not be determined.
+
+**/
+EFI_STATUS
+EFIAPI
+CheckSystemThermal (
+  IN OUT BOOLEAN  *Good
+  );
+
+/**
+  Determines if the system environment state supports a capsule update.
+
+  @param[out] Good  Returns TRUE if system environment state supports a capsule
+                    update.  Returns FALSE if system environment state does not
+                    support a capsule update.  Return value is only valid if
+                    return status is EFI_SUCCESS.
+
+  @retval EFI_SUCCESS            Good parameter has been updated with result.
+  @retval EFI_INVALID_PARAMETER  Good is NULL.
+  @retval EFI_DEVICE_ERROR       System environment state can not be determined.
+
+**/
+EFI_STATUS
+EFIAPI
+CheckSystemEnvironment (
+  IN OUT BOOLEAN  *Good
+  );
+
+/**
+  Determines if the Lowest Supported Version checks should be performed.  The
+  expected result from this function is TRUE.  A platform can choose to return
+  FALSE (e.g. during manufacturing or servicing) to allow a capsule update to a
+  version below the current Lowest Supported Version.
+
+  @retval TRUE   Perform Lowest Support Version check.
+  @retval FALSE  Do not perform Lowest Support Version check.
+
+**/
+BOOLEAN
+EFIAPI
+CheckLowestSupportedVersion (
+  VOID
+  );
+
+/**
+  Determines if the FMP device should be locked when the event specified by
+  PcdFmpDeviceLockEventGuid is signaled. The expected result from this function
+  is TRUE so the FMP device is always locked.  A platform can choose to return
+  FALSE (e.g. during manufacturing) to allow FMP devices to remain unlocked.
+
+  @retval TRUE   Perform Lowest Support Version check.
+  @retval FALSE  Do not perform Lowest Support Version check.
+
+**/
+BOOLEAN
+EFIAPI
+LockFmpDeviceAtLockEventGuid (
+  VOID
+  );
+
+#endif
diff --git a/FmpDevicePkg/Include/Library/FmpDeviceLib.h b/FmpDevicePkg/Include/Library/FmpDeviceLib.h
new file mode 100644
index 0000000000..cdbe980183
--- /dev/null
+++ b/FmpDevicePkg/Include/Library/FmpDeviceLib.h
@@ -0,0 +1,385 @@
+/**  @file
+  Provides firmware device specific services to support updates of a firmware
+  image stored in a firmware device.
+
+  Copyright (c) 2016, Microsoft Corporation. All rights reserved.<BR>
+  Copyright (c) 2018, Intel Corporation. All rights reserved.<BR>
+
+  Redistribution and use in source and binary forms, with or without
+  modification, are permitted provided that the following conditions are met:
+  1. Redistributions of source code must retain the above copyright notice,
+  this list of conditions and the following disclaimer.
+  2. Redistributions in binary form must reproduce the above copyright notice,
+  this list of conditions and the following disclaimer in the documentation
+  and/or other materials provided with the distribution.
+
+  THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+  ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+  WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+  IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+  INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+  BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+  DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+  LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+  OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+  ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+**/
+
+#ifndef __FMP_DEVICE_LIB__
+#define __FMP_DEVICE_LIB__
+
+#include <Protocol/FirmwareManagement.h>
+
+/**
+  Callback function that installs a Firmware Management Protocol instance onto
+  a handle.
+
+  @param[in]  Handle  The device handle to install a Firmware Management
+                      Protocol instance.
+
+  @retval  EFI_SUCCESS            A Firmware Management Protocol instance was
+                                  installed onto Handle.
+  @retval  EFI_INVALID_PARAMETER  Handle is invalid
+  @retval  other                  A Firmware Management Protocol instance could
+                                  not be installed onto Handle.
+
+**/
+typedef
+EFI_STATUS
+(EFIAPI *FMP_DEVICE_LIB_REGISTER_FMP_INSTALLER)(
+  IN  EFI_HANDLE      Handle
+  );
+
+/**
+  Provide a function to install the Firmware Management Protocol instance onto a
+  device handle when the device is managed by a driver that follows the UEFI
+  Driver Model.  If the device is not managed by a driver that follows the UEFI
+  Driver Model, then EFI_UNSUPPORTED is returned.
+
+  @param[in] FmpInstaller  Function that installs the Firmware Management
+                           Protocol.
+
+  @retval EFI_SUCCESS      The device is managed by a driver that follows the
+                           UEFI Driver Model.  FmpInstaller must be called on
+                           each Driver Binding Start().
+  @retval EFI_UNSUPPORTED  The device is not managed by a driver that follows
+                           the UEFI Driver Model.
+  @retval other            The Firmware Management Protocol for this firmware
+                           device is not installed.  The firmware device is
+                           still locked using FmpDeviceLock().
+
+**/
+EFI_STATUS
+EFIAPI
+RegisterFmpInstaller (
+  IN FMP_DEVICE_LIB_REGISTER_FMP_INSTALLER  FmpInstaller
+  );
+
+/**
+  Returns the size, in bytes, of the firmware image currently stored in the
+  firmware device.  This function is used to by the GetImage() and
+  GetImageInfo() services of the Firmware Management Protocol.  If the image
+  size can not be determined from the firmware device, then 0 must be returned.
+
+  @return  The size, in bytes, of the firmware image current stored in the
+           firmware device.  Return 0 if the size can not be determined.
+
+**/
+UINTN
+EFIAPI
+FmpDeviceGetSize (
+  VOID
+  );
+
+/**
+  Returns the GUID value used to fill in the ImageTypeId field of the
+  EFI_FIRMWARE_IMAGE_DESCRIPTOR structure that is returned by the GetImageInfo()
+  service of the Firmware Management Protocol.  If EFI_UNSUPPORTED is returned,
+  then the ImageTypeId field is set to gEfiCallerIdGuid.  If EFI_SUCCESS is
+  returned, then ImageTypeId is set to the Guid returned from this function.
+
+  @param[out] Guid  Double pointer to a GUID value that is updated to point to
+                    to a GUID value.  The GUID value is not allocated and must
+                    not be modified or freed by the caller.
+
+  @retval EFI_SUCCESS      EFI_FIRMWARE_IMAGE_DESCRIPTOR ImageTypeId GUID is set
+                           to the returned Guid value.
+  @retval EFI_UNSUPPORTED  EFI_FIRMWARE_IMAGE_DESCRIPTOR ImageTypeId GUID is set
+                           to gEfiCallerIdGuid.
+
+**/
+EFI_STATUS
+EFIAPI
+FmpDeviceGetImageTypeIdGuidPtr (
+  OUT EFI_GUID  **Guid
+  );
+
+/**
+  Returns values used to fill in the AttributesSupported and AttributesSettings
+  fields of the EFI_FIRMWARE_IMAGE_DESCRIPTOR structure that is returned by the
+  GetImageInfo() service of the Firmware Management Protocol.  The following
+  bit values from the Firmware Management Protocol may be combined:
+    IMAGE_ATTRIBUTE_IMAGE_UPDATABLE
+    IMAGE_ATTRIBUTE_RESET_REQUIRED
+    IMAGE_ATTRIBUTE_AUTHENTICATION_REQUIRED
+    IMAGE_ATTRIBUTE_IN_USE
+    IMAGE_ATTRIBUTE_UEFI_IMAGE
+
+  @param[out] Supported  Attributes supported by this firmware device.
+  @param[out] Setting    Attributes settings for this firmware device.
+
+**/
+VOID
+EFIAPI
+FmpDeviceGetAttributes (
+  IN OUT UINT64  *Supported,
+  IN OUT UINT64  *Setting
+  );
+
+/**
+  Returns the value used to fill in the LowestSupportedVersion field of the
+  EFI_FIRMWARE_IMAGE_DESCRIPTOR structure that is returned by the GetImageInfo()
+  service of the Firmware Management Protocol.  If EFI_SUCCESS is returned, then
+  the firmware device supports a method to report the LowestSupportedVersion
+  value from the currently stored firmware image.  If the value can not be
+  reported for the firmware image currently stored in the firmware device, then
+  EFI_UNSUPPORTED must be returned.  EFI_DEVICE_ERROR is returned if an error
+  occurs attempting to retrieve the LowestSupportedVersion value for the
+  currently stored firmware image.
+
+  @note It is recommended that all firmware devices support a method to report
+        the LowestSupportedVersion value from the currently stored firmware
+        image.
+
+  @param[out] LowestSupportedVersion  LowestSupportedVersion value retrieved
+                                      from the currently stored firmware image.
+
+  @retval EFI_SUCCESS       The lowest supported version of currently stored
+                            firmware image was returned in LowestSupportedVersion.
+  @retval EFI_UNSUPPORTED   The firmware device does not support a method to
+                            report the lowest supported version of the currently
+                            stored firmware image.
+  @retval EFI_DEVICE_ERROR  An error occurred attempting to retrieve the lowest
+                            supported version of the currently stored firmware
+                            image.
+
+**/
+EFI_STATUS
+EFIAPI
+FmpDeviceGetLowestSupportedVersion (
+  OUT UINT32  *LowestSupportedVersion
+  );
+
+/**
+  Returns the Null-terminated Unicode string that is used to fill in the
+  VersionName field of the EFI_FIRMWARE_IMAGE_DESCRIPTOR structure that is
+  returned by the GetImageInfo() service of the Firmware Management Protocol.
+  If the VersionName string can not be reported by the firmware image currently
+  stored in the firmware device, then NULL must be returned.  Otherwise,
+  a Null-terminated Unicode string containing the VersioName is returned.
+  The returned string must be allocated using EFI_BOOT_SERVICES.AllocatePool().
+
+  @note It is recommended that all firmware devices support a method to report
+        the VersionName string from the currently stored firmware image.
+
+  @retval NULL       The firmware device does not support a method to report the
+                     version string for the currently stored firmware image.
+  @retval NULL       An error occurred attempting to retrieve the version string
+                     for the currently stored firmware image.
+  @retval non NULL   A pointer to an allocated buffer containing the version
+                     string for the currently stored firmware image.
+
+**/
+CHAR16 *
+EFIAPI
+FmpDeviceGetVersionString (
+  VOID
+  );
+
+/**
+  Returns the value used to fill in the Version field of the
+  EFI_FIRMWARE_IMAGE_DESCRIPTOR structure that is returned by the GetImageInfo()
+  service of the Firmware Management Protocol.  If EFI_SUCCESS is returned, then
+  the firmware device supports a method to report the Version value from the
+  currently stored firmware image.  If the value can not be reported for the
+  firmware image currently stored in the firmware device, then EFI_UNSUPPORTED
+  must be returned.  EFI_DEVICE_ERROR is returned if an error occurs attempting
+  to retrieve the LowestSupportedVersion value for the currently stored firmware
+  image.
+
+  @note It is recommended that all firmware devices support a method to report
+        the Version value from the currently stored firmware image.
+
+  @param[out] Version  The version value retrieved from the currently stored
+                       firmware image.
+
+  @retval EFI_SUCCESS       The version of currently stored firmware image was
+                            returned in Version.
+  @retval EFI_UNSUPPORTED   The firmware device does not support a method to
+                            report the version of the currently stored firmware
+                            image.
+  @retval EFI_DEVICE_ERROR  An error occurred attempting to retrieve the version
+                            of the currently stored firmware image.
+
+**/
+EFI_STATUS
+EFIAPI
+FmpDeviceGetVersion (
+  OUT UINT32  *Version
+  );
+
+/**
+  Returns a copy of the firmware image currently stored in the firmware device.
+
+  @note It is recommended that all firmware devices support a method to retrieve
+        a copy currently stored firmware image.  This can be used to support
+        features such as recovery and rollback.
+
+  @param[out]    Image      Pointer to a caller allocated buffer where the
+                            currently stored firmware image is copied to.
+  @param[in out] ImageSize  Pointer the size, in bytes, of the Image buffer.
+                            On return, points to the size, in bytes, of firmware
+                            image currently stored in the firmware device.
+
+  @retval EFI_SUCCESS            Image contains a copy of the firmware image
+                                 currently stored in the firmware device, and
+                                 ImageSize contains the size, in bytes, of the
+                                 firmware image currently stored in the
+                                 firmware device.
+  @retval EFI_BUFFER_TOO_SMALL   The buffer specified by ImageSize is too small
+                                 to hold the firmware image currently stored in
+                                 the firmware device. The buffer size required
+                                 is returned in ImageSize.
+  @retval EFI_INVALID_PARAMETER  The Image is NULL.
+  @retval EFI_INVALID_PARAMETER  The ImageSize is NULL.
+  @retval EFI_UNSUPPORTED        The operation is not supported.
+  @retval EFI_DEVICE_ERROR       An error occurred attempting to retrieve the
+                                 firmware image currently stored in the firmware
+                                 device.
+
+**/
+EFI_STATUS
+EFIAPI
+FmpDeviceGetImage (
+  IN OUT    VOID   *Image,
+  IN IN OUT UINTN  *ImageSize
+  );
+
+/**
+  Checks if a new firmware image is valid for the firmware device.  This
+  function allows firmware update operation to validate the firmware image
+  before FmpDeviceSetImage() is called.
+
+  @param[in]  Image           Points to a new firmware image.
+  @param[in]  ImageSize       Size, in bytes, of a new firmware image.
+  @param[out] ImageUpdatable  Indicates if a new firmware image is valid for
+                              a firmware update to the firmware device.  The
+                              following values from the Firmware Management
+                              Protocol are supported:
+                                IMAGE_UPDATABLE_VALID
+                                IMAGE_UPDATABLE_INVALID
+                                IMAGE_UPDATABLE_INVALID_TYPE
+                                IMAGE_UPDATABLE_INVALID_OLD
+                                IMAGE_UPDATABLE_VALID_WITH_VENDOR_CODE
+
+  @retval EFI_SUCCESS            The image was successfully checked.  Additional
+                                 status information is returned in
+                                 ImageUpdateable.
+  @retval EFI_INVALID_PARAMETER  Image is NULL.
+  @retval EFI_INVALID_PARAMETER  ImageUpdateable is NULL.
+
+**/
+EFI_STATUS
+EFIAPI
+FmpDeviceCheckImage (
+  IN  CONST VOID  *Image,
+  IN  UINTN       ImageSize,
+  OUT UINT32      *ImageUpdateable
+  );
+
+/**
+  Updates a firmware device with a new firmware image.  This function returns
+  EFI_UNSUPPORTED if the firmware image is not updatable.  If the firmware image
+  is updatable, the function should perform the following minimal validations
+  before proceeding to do the firmware image update.
+    - Validate that the image is a supported image for this firmware device.
+      Return EFI_ABORTED if the image is not supported.  Additional details
+      on why the image is not a supported image may be returned in AbortReason.
+    - Validate the data from VendorCode if is not NULL.  Firmware image
+      validation must be performed before VendorCode data validation.
+      VendorCode data is ignored or considered invalid if image validation
+      fails.  Return EFI_ABORTED if the VendorCode data is invalid.
+
+  VendorCode enables vendor to implement vendor-specific firmware image update
+  policy.  Null if the caller did not specify the policy or use the default
+  policy.  As an example, vendor can implement a policy to allow an option to
+  force a firmware image update when the abort reason is due to the new firmware
+  image version is older than the current firmware image version or bad image
+  checksum.  Sensitive operations such as those wiping the entire firmware image
+  and render the device to be non-functional should be encoded in the image
+  itself rather than passed with the VendorCode.  AbortReason enables vendor to
+  have the option to provide a more detailed description of the abort reason to
+  the caller.
+
+  @param[in]  Image             Points to the new firmware image.
+  @param[in]  ImageSize         Size, in bytes, of the new firmware image.
+  @param[in]  VendorCode        This enables vendor to implement vendor-specific
+                                firmware image update policy.  NULL indicates
+                                the caller did not specify the policy or use the
+                                default policy.
+  @param[in]  Progress          A function used to report the progress of
+                                updating the firmware device with the new
+                                firmware image.
+  @param[in]  CapsuleFwVersion  The version of the new firmware image from the
+                                update capsule that provided the new firmware
+                                image.
+  @param[out] AbortReason       A pointer to a pointer to a Null-terminated
+                                Unicode string providing more details on an
+                                aborted operation. The buffer is allocated by
+                                this function with
+                                EFI_BOOT_SERVICES.AllocatePool().  It is the
+                                caller's responsibility to free this buffer with
+                                EFI_BOOT_SERVICES.FreePool().
+
+  @retval EFI_SUCCESS            The firmware device was successfully updated
+                                 with the new firmware image.
+  @retval EFI_ABORTED            The operation is aborted.  Additional details
+                                 are provided in AbortReason.
+  @retval EFI_INVALID_PARAMETER  The Image was NULL.
+  @retval EFI_UNSUPPORTED        The operation is not supported.
+
+**/
+EFI_STATUS
+EFIAPI
+FmpDeviceSetImage (
+  IN  CONST VOID                                     *Image,
+  IN  UINTN                                          ImageSize,
+  IN  CONST VOID                                     *VendorCode,       OPTIONAL
+  IN  EFI_FIRMWARE_MANAGEMENT_UPDATE_IMAGE_PROGRESS  Progress,          OPTIONAL
+  IN  UINT32                                         CapsuleFwVersion,
+  OUT CHAR16                                         **AbortReason
+  );
+
+/**
+  Lock the firmware device that contains a firmware image.  Once a firmware
+  device is locked, any attempts to modify the firmware image contents in the
+  firmware device must fail.
+
+  @note It is recommended that all firmware devices support a lock method to
+        prevent modifications to a stored firmware image.
+
+  @note A firmware device lock mechanism is typically only cleared by a full
+        system reset (not just sleep state/low power mode).
+
+  @retval  EFI_SUCCESS      The firmware device was locked.
+  @retval  EFI_UNSUPPORTED  The firmware device does not support locking
+
+**/
+EFI_STATUS
+EFIAPI
+FmpDeviceLock (
+  VOID
+  );
+
+#endif
diff --git a/FmpDevicePkg/Include/Library/FmpPayloadHeaderLib.h b/FmpDevicePkg/Include/Library/FmpPayloadHeaderLib.h
new file mode 100644
index 0000000000..cb5622e9ce
--- /dev/null
+++ b/FmpDevicePkg/Include/Library/FmpPayloadHeaderLib.h
@@ -0,0 +1,100 @@
+/**  @file
+  Provides services to retrieve values from a capsule's FMP Payload Header.
+  The structure is not included in the library class.  Instead, services are
+  provided to retrieve information from the FMP Payload Header.  If information
+  is added to the FMP Payload Header, then new services may be added to this
+  library class to retrieve the new information.
+
+  Copyright (c) 2016, Microsoft Corporation. All rights reserved.<BR>
+  Copyright (c) 2018, Intel Corporation. All rights reserved.<BR>
+
+  Redistribution and use in source and binary forms, with or without
+  modification, are permitted provided that the following conditions are met:
+  1. Redistributions of source code must retain the above copyright notice,
+  this list of conditions and the following disclaimer.
+  2. Redistributions in binary form must reproduce the above copyright notice,
+  this list of conditions and the following disclaimer in the documentation
+  and/or other materials provided with the distribution.
+
+  THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+  ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+  WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+  IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+  INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+  BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+  DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+  LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+  OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+  ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+**/
+
+#ifndef _FMP_PAYLOAD_HEADER_LIB_H__
+#define _FMP_PAYLOAD_HEADER_LIB_H__
+
+/**
+  Returns the FMP Payload Header size in bytes.
+
+  @param[in]  Header          FMP Payload Header to evaluate
+  @param[in]  FmpPayloadSize  Size of FMP payload
+  @param[out] Size            The size, in bytes, of the FMP Payload Header.
+
+  @retval EFI_SUCCESS            The firmware version was returned.
+  @retval EFI_INVALID_PARAMETER  Header is NULL.
+  @retval EFI_INVALID_PARAMETER  Size is NULL.
+  @retval EFI_INVALID_PARAMETER  Header is not a valid FMP Payload Header.
+
+**/
+EFI_STATUS
+EFIAPI
+GetFmpPayloadHeaderSize (
+  IN  CONST VOID   *Header,
+  IN  CONST UINTN  FmpPayloadSize,
+  OUT UINT32       *Size
+  );
+
+/**
+  Returns the version described in the FMP Payload Header.
+
+  @param[in]  Header          FMP Payload Header to evaluate
+  @param[in]  FmpPayloadSize  Size of FMP payload
+  @param[out] Version         The firmware version described in the FMP Payload
+                              Header.
+
+  @retval EFI_SUCCESS            The firmware version was returned.
+  @retval EFI_INVALID_PARAMETER  Header is NULL.
+  @retval EFI_INVALID_PARAMETER  Version is NULL.
+  @retval EFI_INVALID_PARAMETER  Header is not a valid FMP Payload Header.
+
+**/
+EFI_STATUS
+EFIAPI
+GetFmpPayloadHeaderVersion (
+  IN  CONST VOID   *Header,
+  IN  CONST UINTN  FmpPayloadSize,
+  OUT UINT32       *Version
+  );
+
+/**
+  Returns the lowest supported version described in the FMP Payload Header.
+
+  @param[in]  Header                  FMP Payload Header to evaluate
+  @param[in]  FmpPayloadSize          Size of FMP payload
+  @param[out] LowestSupportedVersion  The lowest supported version described in
+                                      the FMP Payload Header.
+
+  @retval EFI_SUCCESS            The lowest support version was returned.
+  @retval EFI_INVALID_PARAMETER  Header is NULL.
+  @retval EFI_INVALID_PARAMETER  LowestSupportedVersion is NULL.
+  @retval EFI_INVALID_PARAMETER  Header is not a valid FMP Payload Header.
+
+**/
+EFI_STATUS
+EFIAPI
+GetFmpPayloadHeaderLowestSupportedVersion (
+  IN     CONST VOID   *Header,
+  IN     CONST UINTN  FmpPayloadSize,
+  IN OUT UINT32       *LowestSupportedVersion
+  );
+
+#endif
-- 
2.14.2.windows.3

_______________________________________________
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel
Re: [edk2] [RFC 1/4] FmpDevicePkg: Add package, library classes, and PCDs
Posted by Zeng, Star 6 years, 6 months ago
Since PcdFmpDeviceBuildTimeLowestSupportedVersion is defined to support only FixedAtBuild and PatchableInModule, it is definitely for build time.
Do we really need "BuildTime" keyword in the PCD name PcdFmpDeviceBuildTimeLowestSupportedVersion?


Thanks,
Star
-----Original Message-----
From: edk2-devel [mailto:edk2-devel-bounces@lists.01.org] On Behalf Of Michael D Kinney
Sent: Thursday, April 5, 2018 5:29 AM
To: edk2-devel@lists.01.org
Cc: Kinney, Michael D <michael.d.kinney@intel.com>; Yao, Jiewen <jiewen.yao@intel.com>
Subject: [edk2] [RFC 1/4] FmpDevicePkg: Add package, library classes, and PCDs

From: "Kinney, Michael D" <michael.d.kinney@intel.com>

https://bugzilla.tianocore.org/show_bug.cgi?id=922

Based on content from the following branch:

https://github.com/Microsoft/MS_UEFI/tree/share/MsCapsuleSupport/MsCapsuleUpdatePkg

Create FmpDevicePkg with library classes and PCDs used to customize the behavior of a Firmware Management Protocol instance.

Library Classes
===============
* FmpDeviceLib - Provides firmware device specific services
  to support updates of a firmware image stored in a firmware
  device.
* CapsuleUpdatePolicyLib - Provides platform policy services
  used during a capsule update.
* FmpPayloadHeaderLib - Provides services to retrieve values
  from a capsule's FMP Payload Header.  The structure is not
  included in the library class.  Instead, services are
  provided to retrieve information from the FMP Payload Header.
  If information is added to the FMP Payload Header, then new
  services may be added to this library class to retrieve the
  new information.

PCDs set per module
====================
* PcdFmpDeviceSystemResetRequired - Indicates if a full
  system reset is required before a firmware update to a
  firmware devices takes effect
* PcdFmpDeviceProgressColor - The color of the progress bar
  during a firmware update.
* PcdFmpDeviceImageIdName - The Null-terminated Unicode
  string used to fill in the ImageIdName field of the
  EFI_FIRMWARE_IMAGE_DESCRIPTOR structure that is returned
  by the GetImageInfo() service of the Firmware Management
  Protocol for the firmware device.
* PcdFmpDeviceBuildTimeLowestSupportedVersion - The build
  time value used to fill in the LowestSupportedVersion field
  of the EFI_FIRMWARE_IMAGE_DESCRIPTOR structure that is
  returned by the GetImageInfo() service of the Firmware
  Management Protocol.
* PcdFmpDeviceProgressWatchdogTimeInSeconds - The time in
  seconds to arm a watchdog timer during the update of a
  firmware device.

PCDs set per module or for entire platform ==========================================
* PcdFmpDevicePkcs7CertBufferXdr - One or more PKCS7
  certificates used to verify a firmware device capsule
  update image.
* PcdFmpDeviceLockEventGuid - An event GUID that locks
  the firmware device when the event is signaled.

Cc: Sean Brogan <sean.brogan@microsoft.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com>
---
 FmpDevicePkg/FmpDevicePkg.dec                      | 126 +++++++
 FmpDevicePkg/FmpDevicePkg.uni                      |  75 ++++
 FmpDevicePkg/FmpDevicePkgExtra.uni                 |  18 +
 .../Include/Library/CapsuleUpdatePolicyLib.h       | 120 +++++++
 FmpDevicePkg/Include/Library/FmpDeviceLib.h        | 385 +++++++++++++++++++++
 FmpDevicePkg/Include/Library/FmpPayloadHeaderLib.h | 100 ++++++
 6 files changed, 824 insertions(+)
 create mode 100644 FmpDevicePkg/FmpDevicePkg.dec  create mode 100644 FmpDevicePkg/FmpDevicePkg.uni  create mode 100644 FmpDevicePkg/FmpDevicePkgExtra.uni
 create mode 100644 FmpDevicePkg/Include/Library/CapsuleUpdatePolicyLib.h
 create mode 100644 FmpDevicePkg/Include/Library/FmpDeviceLib.h
 create mode 100644 FmpDevicePkg/Include/Library/FmpPayloadHeaderLib.h

diff --git a/FmpDevicePkg/FmpDevicePkg.dec b/FmpDevicePkg/FmpDevicePkg.dec new file mode 100644 index 0000000000..62fb98dbdb
--- /dev/null
+++ b/FmpDevicePkg/FmpDevicePkg.dec
@@ -0,0 +1,126 @@
+## @file
+# Firmware Management Protocol Device Package # # This package provides 
+an implementation of a Firmware Management Protocol # instance that 
+supports the update of firmware storage devices using UEFI # Capsules.  
+The behavior of the Firmware Management Protocol instance is # 
+customized using libraries and PCDs.
+#
+# Copyright (c) 2016, Microsoft Corporation. All rights reserved.<BR> # 
+Copyright (c) 2018, Intel Corporation. All rights reserved.<BR> # # 
+Redistribution and use in source and binary forms, with or without # 
+modification, are permitted provided that the following conditions are met:
+# 1. Redistributions of source code must retain the above copyright 
+notice, # this list of conditions and the following disclaimer.
+# 2. Redistributions in binary form must reproduce the above copyright 
+notice, # this list of conditions and the following disclaimer in the 
+documentation # and/or other materials provided with the distribution.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 
+"AS IS" AND # ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 
+LIMITED TO, THE IMPLIED # WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+# IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR 
+ANY DIRECT, # INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 
+CONSEQUENTIAL DAMAGES (INCLUDING, # BUT NOT LIMITED TO, PROCUREMENT OF 
+SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, # DATA, OR PROFITS; OR 
+BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF # LIABILITY, 
+WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE # 
+OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF # ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+#
+##
+
+[Defines]
+  DEC_SPECIFICATION = 0x00010005
+  PACKAGE_NAME      = FmpDevicePkg
+  PACKAGE_UNI_FILE  = FmpDevicePkg.uni
+  PACKAGE_GUID      = 080b5b4f-27c6-11e8-84d1-f8597177a00a
+  PACKAGE_VERSION   = 0.1
+
+[Includes]
+  Include
+
+[LibraryClasses]
+  ##  @libraryclass  Provides services to retrieve values from a capsule's FMP
+  #                  Payload Header.  The structure is not included in the
+  #                  library class.  Instead, services are provided to retrieve
+  #                  information from the FMP Payload Header.  If information is
+  #                  added to the FMP Payload Header, then new services may be
+  #                  added to this library class to retrieve the new information.
+  FmpPayloadHeaderLib|Include/Library/FmpPayloadHeaderLib.h
+
+  ##  @libraryclass  Provides platform policy services used during a capsule
+  #                  update.
+  CapsuleUpdatePolicyLib|Include/Library/CapsuleUpdatePolicyLib.h
+
+  ##  @libraryclass  Provides firmware device specific services to support
+  #                  updates of a firmware image stored in a firmware device.
+  FmpDeviceLib|Include/Library/FmpDeviceLib.h
+
+[Guids]
+  ## Firmware Management Protocol Device Package Token Space GUID
+  gFmpDevicePkgTokenSpaceGuid = { 0x40b2d964, 0xfe11, 0x40dc, { 0x82, 
+0x83, 0x2e, 0xfb, 0xda, 0x29, 0x53, 0x56 } }
+
+[PcdsFeatureFlag]
+  ## Indicates if a full system reset is required before a firmware 
+update to a
+  #  firmware devices takes effect.<BR><BR>
+  #   TRUE  - System reset is required.<BR>
+  #   FALSE - System reset is not required.<BR>
+  # @Prompt FMP Device System Reset Required.
+  
+gFmpDevicePkgTokenSpaceGuid.PcdFmpDeviceSystemResetRequired|TRUE|BOOLEA
+N|0x40000008
+
+[PcdsFixedAtBuild, PcdsPatchableInModule]
+  ## The color of the progress bar during a firmware update.  Each 
+firmware
+  #  device can set its own color.  The default color is white.<BR><BR>
+  #  Bits  7..0  - Red<BR>
+  #  Bits 15..8  - Green<BR>
+  #  Bits 23..16 - Blue<BR>
+  # @Prompt Firmware Device Progress Bar Color.
+  
+gFmpDevicePkgTokenSpaceGuid.PcdFmpDeviceProgressColor|0x00FFFFFF|UINT32
+|0x40000004
+
+  ## The Null-terminated Unicode string used to fill in the ImageIdName 
+ field of  #  the EFI_FIRMWARE_IMAGE_DESCRIPTOR structure that is 
+ returned by the  #  GetImageInfo() service of the Firmware Management 
+ Protocol for the firmware  #  device.  An ImageIdName string must be provided for each firmware device.
+  #  The default value is an empty string.
+  # @Prompt Firmware Device ImageIdName string.
+  
+ gFmpDevicePkgTokenSpaceGuid.PcdFmpDeviceImageIdName|L""|VOID*|0x400000
+ 07
+
+  ## The build time value used to fill in the LowestSupportedVersion 
+ field of  #  the EFI_FIRMWARE_IMAGE_DESCRIPTOR structure that is 
+ returned by the  #  GetImageInfo() service of the Firmware Management 
+ Protocol.  This value is  #  only used if the firmware device does not 
+ provide a method to report the  #  lowest supported version value from 
+ the current firmware image and the  #  UEFI variable used to provide 
+ the lowest supported version value does not  #  exist.  The default value is 0.
+  # @Prompt Build Time Firmware Device Lowest Support Version.
+  
+ gFmpDevicePkgTokenSpaceGuid.PcdFmpDeviceBuildTimeLowestSupportedVersio
+ n|0x0|UINT32|0x4000000C
+
+  ## The time in seconds to arm a watchdog timer during the update of a 
+ firmware  #  device.  The watchdog is re-armed each time the 
+ FmpDeviceLib calls the  #  Progress() function passed into 
+ FmpDeviceSetImage() function.  The  #  FmpDeviceLib calls Progress() 
+ to update the percent completion of a  #  firmware update.  If the 
+ watchdog timer expires, the system reboots.  A  #  value of 0 disables 
+ the watchdog timer.  The default value is 0 (watchdog  #  disabled).
+  # @Prompt Firmware Device Watchdog Time in Seconds.
+  
+ gFmpDevicePkgTokenSpaceGuid.PcdFmpDeviceProgressWatchdogTimeInSeconds|
+ 0x0|UINT8|0x4000000D
+
+[PcdsFixedAtBuild, PcdsPatchableInModule, PcdsDynamic, PcdsDynamicEx]
+  ## One or more PKCS7 certificates used to verify a firmware device 
+capsule
+  #  update image.  Encoded using the Variable-Length Opaque Data 
+format of RFC
+  #  4506 External Data Representation Standard (XDR).  The default 
+value is
+  #  empty with 0 certificates.
+  # @Prompt One or more XDR encoded PKCS7 certificates used to verify firmware device capsule update images.
+  
+gFmpDevicePkgTokenSpaceGuid.PcdFmpDevicePkcs7CertBufferXdr|{0x0}|VOID*|
+0x4000000E
+
+  ## An event GUID that locks the firmware device when the event is signaled.
+  #  If this PCD is not a valid GUID value, then the firmware device is 
+ locked  #  when gEfiEndOfDxeEventGroupGuid (End of DXE Phase) is 
+ signaled.  The  #  default value is empty, so by default the firmware 
+ device is locked at the  #  end of the DXE phase.
+  # @Prompt Firmware Device Lock Event GUID.
+  
+ gFmpDevicePkgTokenSpaceGuid.PcdFmpDeviceLockEventGuid|{0}|VOID*|0x4000
+ 000F
+
+[UserExtensions.TianoCore."ExtraFiles"]
+  FmpDevicePkgExtra.uni
diff --git a/FmpDevicePkg/FmpDevicePkg.uni b/FmpDevicePkg/FmpDevicePkg.uni new file mode 100644 index 0000000000..ba3f6d64c2
--- /dev/null
+++ b/FmpDevicePkg/FmpDevicePkg.uni
@@ -0,0 +1,75 @@
+// /** @file
+// Firmware Management Protocol Device Package // // This package 
+provides an implementation of a Firmware Management Protocol // 
+instance that supports the update of firmware storage devices using 
+UEFI // Capsules.  The behavior of the Firmware Management Protocol 
+instance is // customized using libraries and PCDs.
+//
+// Copyright (c) 2018, Intel Corporation. All rights reserved.<BR> // 
+// This program and the accompanying materials are licensed and made 
+available under // the terms and conditions of the BSD License which accompanies this distribution.
+// The full text of the license may be found at // 
+http://opensource.org/licenses/bsd-license.php
+//
+// THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" 
+BASIS, // WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+//
+// **/
+
+#string STR_PACKAGE_ABSTRACT     #language en-US  "Firmware Management Protocol Software Development Kit"
+
+#string STR_PACKAGE_DESCRIPTION  #language en-US  "This package provides libraries that support the implementation of a module that produces the Firmware Management Protocol to support the update of a system firmware component."
+
+#string STR_gFmpDevicePkgTokenSpaceGuid_PcdFmpDeviceSystemResetRequired_PROMPT  #language en-US "FMP Device System Reset Required."
+#string STR_gFmpDevicePkgTokenSpaceGuid_PcdFmpDeviceSystemResetRequired_HELP    #language en-US "Indicates if a full system reset is required before a firmware update to a firmware device takes effect.<BR><BR>\n"
+                                                                                                "TRUE  - System reset is required.<BR>\n"
+                                                                                                "FALSE - System reset is not required.<BR>"
+
+#string STR_gFmpDevicePkgTokenSpaceGuid_PcdFmpDeviceProgressColor_PROMPT  #language en-US "Firmware Device Progress Bar Color."
+#string STR_gFmpDevicePkgTokenSpaceGuid_PcdFmpDeviceProgressColor_HELP    #language en-US "The color of the progress bar during a firmware update.  Each firmware"
+                                                                                          "device can set its own color.  The default color is white.<BR><BR>\n"
+                                                                                          "Bits  7..0  - Red<BR>\n"
+                                                                                          "Bits 15..8  - Green<BR>\n"
+                                                                                          "Bits 23..16 - Blue<BR>\n"
+
+#string STR_gFmpDevicePkgTokenSpaceGuid_PcdFmpDeviceImageIdName_PROMPT  #language en-US "Firmware Device ImageIdName string."
+#string STR_gFmpDevicePkgTokenSpaceGuid_PcdFmpDeviceImageIdName_HELP    #language en-US "The Null-terminated Unicode string used to fill in the ImageIdName field of"
+                                                                                        "the EFI_FIRMWARE_IMAGE_DESCRIPTOR structure that is returned by the"
+                                                                                        "GetImageInfo() service of the Firmware Management Protocol for the firmware"
+                                                                                        "device.  An ImageIdName string must be provided for each firmware device."
+                                                                                        "The default value is an empty string."
+
+#string STR_gFmpDevicePkgTokenSpaceGuid_PcdFmpDeviceBuildTimeLowestSupportedVersion_PROMPT  #language en-US "Build Time Firmware Device Lowest Support Version."
+#string STR_gFmpDevicePkgTokenSpaceGuid_PcdFmpDeviceBuildTimeLowestSupportedVersion_HELP    #language en-US "The build time value used to fill in the LowestSupportedVersion field of"
+                                                                                                            "the EFI_FIRMWARE_IMAGE_DESCRIPTOR structure that is returned by the"
+                                                                                                            "GetImageInfo() service of the Firmware Management Protocol.  This value is"
+                                                                                                            "only used if the firmware device does not provide a method to report the"
+                                                                                                            "lowest supported version value from the current firmware image and the"
+                                                                                                            "UEFI variable used to provide the lowest supported version value does not"
+                                                                                                            "exist.  The default value is 0."
+
+#string STR_gFmpDevicePkgTokenSpaceGuid_PcdFmpDeviceProgressWatchdogTimeInSeconds_PROMPT  #language en-US "Firmware Device Watchdog Time in Seconds."
+#string STR_gFmpDevicePkgTokenSpaceGuid_PcdFmpDeviceProgressWatchdogTimeInSeconds_HELP    #language en-US "Indicates the time in seconds to arm a watchdog timer during the update of"
+                                                                                                          "a firmware device.  The watchdog is re-armed each time the FmpDeviceLib"
+                                                                                                          "calls the Progress() function passed into FmpDeviceSetImage() function."
+                                                                                                          "The FmpDeviceLib calls Progress() to update the percent completion of a"
+                                                                                                          "firmware update.  If the watchdog timer expires, the system reboots.  A"
+                                                                                                          "value of 0 disables the watchdog timer.  The default value is 0 (watchdog"
+                                                                                                          "disabled)."
+
+#string STR_gEfiSecurityPkgTokenSpaceGuid_PcdFmpDevicePkcs7CertBufferXdr_PROMPT  #language en-US "One or more XDR encoded PKCS7 certificates used to verify firmware device capsule update images"
+#string STR_gEfiSecurityPkgTokenSpaceGuid_PcdFmpDevicePkcs7CertBufferXdr_HELP    #language en-US "Provides one or more PKCS7 certificates used to verify a firmware device"
+                                                                                                 "capsule update image.  This PCD is encoded using the Variable-Length Opaque"
+                                                                                                 "Data format of RFC 4506 External Data Representation Standard (XDR)."
+                                                                                                 "The default value is empty with 0 certificates."
+
+#string STR_gEfiSecurityPkgTokenSpaceGuid_PcdFmpDeviceLockEventGuid_PROMPT  #language en-US "Firmware Device Lock Event GUID."
+#string STR_gEfiSecurityPkgTokenSpaceGuid_PcdFmpDeviceLockEventGuid_HELP    #language en-US "An event GUID that locks the firmware device when the event is signaled."
+                                                                                            "If this PCD is not a valid GUID value, then the firmware device is locked"
+                                                                                            "when gEfiEndOfDxeEventGroupGuid (End of DXE Phase) is signaled.  The"
+                                                                                            "default value is empty, so by default the firmware device is locked at the"
+                                                                                            "end of the DXE phase."
+
+
diff --git a/FmpDevicePkg/FmpDevicePkgExtra.uni b/FmpDevicePkg/FmpDevicePkgExtra.uni
new file mode 100644
index 0000000000..fe49e8cd6c
--- /dev/null
+++ b/FmpDevicePkg/FmpDevicePkgExtra.uni
@@ -0,0 +1,18 @@
+// /** @file
+// Firmware Management Protocol Device Package Localized Strings and Content.
+//
+// Copyright (c) 2018, Intel Corporation. All rights reserved.<BR> // 
+// This program and the accompanying materials are licensed and made 
+available under // the terms and conditions of the BSD License which accompanies this distribution.
+// The full text of the license may be found at // 
+http://opensource.org/licenses/bsd-license.php
+//
+// THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" 
+BASIS, // WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+//
+// **/
+
+#string STR_PROPERTIES_PACKAGE_NAME
+#language en-US
+"Firmware Management Protocol Device package"
diff --git a/FmpDevicePkg/Include/Library/CapsuleUpdatePolicyLib.h b/FmpDevicePkg/Include/Library/CapsuleUpdatePolicyLib.h
new file mode 100644
index 0000000000..b38f212859
--- /dev/null
+++ b/FmpDevicePkg/Include/Library/CapsuleUpdatePolicyLib.h
@@ -0,0 +1,120 @@
+/**  @file
+  Provides platform policy services used during a capsule update.
+
+  Copyright (c) 2016, Microsoft Corporation. All rights reserved.<BR>  
+ Copyright (c) 2018, Intel Corporation. All rights reserved.<BR>
+
+  Redistribution and use in source and binary forms, with or without  
+ modification, are permitted provided that the following conditions are met:
+  1. Redistributions of source code must retain the above copyright 
+ notice,  this list of conditions and the following disclaimer.
+  2. Redistributions in binary form must reproduce the above copyright 
+ notice,  this list of conditions and the following disclaimer in the 
+ documentation  and/or other materials provided with the distribution.
+
+  THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 
+ "AS IS" AND  ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 
+ LIMITED TO, THE IMPLIED  WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+  IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR 
+ ANY DIRECT,  INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 
+ CONSEQUENTIAL DAMAGES (INCLUDING,  BUT NOT LIMITED TO, PROCUREMENT OF 
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,  DATA, OR PROFITS; OR 
+ BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF  LIABILITY, 
+ WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE  
+ OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF  ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+**/
+
+#ifndef __CAPSULE_UPDATE_POLICY_LIB__
+#define __CAPSULE_UPDATE_POLICY_LIB__
+
+/**
+  Determine if the system power state supports a capsule update.
+
+  @param[out] Good  Returns TRUE if system power state supports a capsule
+                    update.  Returns FALSE if system power state does not
+                    support a capsule update.  Return value is only valid if
+                    return status is EFI_SUCCESS.
+
+  @retval EFI_SUCCESS            Good parameter has been updated with result.
+  @retval EFI_INVALID_PARAMETER  Good is NULL.
+  @retval EFI_DEVICE_ERROR       System power state can not be determined.
+
+**/
+EFI_STATUS
+EFIAPI
+CheckSystemPower (
+  OUT BOOLEAN  *Good
+  );
+
+/**
+  Determines if the system thermal state supports a capsule update.
+
+  @param[out] Good  Returns TRUE if system thermal state supports a capsule
+                    update.  Returns FALSE if system thermal state does not
+                    support a capsule update.  Return value is only valid if
+                    return status is EFI_SUCCESS.
+
+  @retval EFI_SUCCESS            Good parameter has been updated with result.
+  @retval EFI_INVALID_PARAMETER  Good is NULL.
+  @retval EFI_DEVICE_ERROR       System thermal state can not be determined.
+
+**/
+EFI_STATUS
+EFIAPI
+CheckSystemThermal (
+  IN OUT BOOLEAN  *Good
+  );
+
+/**
+  Determines if the system environment state supports a capsule update.
+
+  @param[out] Good  Returns TRUE if system environment state supports a capsule
+                    update.  Returns FALSE if system environment state does not
+                    support a capsule update.  Return value is only valid if
+                    return status is EFI_SUCCESS.
+
+  @retval EFI_SUCCESS            Good parameter has been updated with result.
+  @retval EFI_INVALID_PARAMETER  Good is NULL.
+  @retval EFI_DEVICE_ERROR       System environment state can not be determined.
+
+**/
+EFI_STATUS
+EFIAPI
+CheckSystemEnvironment (
+  IN OUT BOOLEAN  *Good
+  );
+
+/**
+  Determines if the Lowest Supported Version checks should be 
+performed.  The
+  expected result from this function is TRUE.  A platform can choose to 
+return
+  FALSE (e.g. during manufacturing or servicing) to allow a capsule 
+update to a
+  version below the current Lowest Supported Version.
+
+  @retval TRUE   Perform Lowest Support Version check.
+  @retval FALSE  Do not perform Lowest Support Version check.
+
+**/
+BOOLEAN
+EFIAPI
+CheckLowestSupportedVersion (
+  VOID
+  );
+
+/**
+  Determines if the FMP device should be locked when the event 
+specified by
+  PcdFmpDeviceLockEventGuid is signaled. The expected result from this 
+function
+  is TRUE so the FMP device is always locked.  A platform can choose to 
+return
+  FALSE (e.g. during manufacturing) to allow FMP devices to remain unlocked.
+
+  @retval TRUE   Perform Lowest Support Version check.
+  @retval FALSE  Do not perform Lowest Support Version check.
+
+**/
+BOOLEAN
+EFIAPI
+LockFmpDeviceAtLockEventGuid (
+  VOID
+  );
+
+#endif
diff --git a/FmpDevicePkg/Include/Library/FmpDeviceLib.h b/FmpDevicePkg/Include/Library/FmpDeviceLib.h
new file mode 100644
index 0000000000..cdbe980183
--- /dev/null
+++ b/FmpDevicePkg/Include/Library/FmpDeviceLib.h
@@ -0,0 +1,385 @@
+/**  @file
+  Provides firmware device specific services to support updates of a 
+firmware
+  image stored in a firmware device.
+
+  Copyright (c) 2016, Microsoft Corporation. All rights reserved.<BR>  
+ Copyright (c) 2018, Intel Corporation. All rights reserved.<BR>
+
+  Redistribution and use in source and binary forms, with or without  
+ modification, are permitted provided that the following conditions are met:
+  1. Redistributions of source code must retain the above copyright 
+ notice,  this list of conditions and the following disclaimer.
+  2. Redistributions in binary form must reproduce the above copyright 
+ notice,  this list of conditions and the following disclaimer in the 
+ documentation  and/or other materials provided with the distribution.
+
+  THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 
+ "AS IS" AND  ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 
+ LIMITED TO, THE IMPLIED  WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+  IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR 
+ ANY DIRECT,  INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 
+ CONSEQUENTIAL DAMAGES (INCLUDING,  BUT NOT LIMITED TO, PROCUREMENT OF 
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,  DATA, OR PROFITS; OR 
+ BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF  LIABILITY, 
+ WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE  
+ OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF  ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+**/
+
+#ifndef __FMP_DEVICE_LIB__
+#define __FMP_DEVICE_LIB__
+
+#include <Protocol/FirmwareManagement.h>
+
+/**
+  Callback function that installs a Firmware Management Protocol 
+instance onto
+  a handle.
+
+  @param[in]  Handle  The device handle to install a Firmware Management
+                      Protocol instance.
+
+  @retval  EFI_SUCCESS            A Firmware Management Protocol instance was
+                                  installed onto Handle.
+  @retval  EFI_INVALID_PARAMETER  Handle is invalid
+  @retval  other                  A Firmware Management Protocol instance could
+                                  not be installed onto Handle.
+
+**/
+typedef
+EFI_STATUS
+(EFIAPI *FMP_DEVICE_LIB_REGISTER_FMP_INSTALLER)(
+  IN  EFI_HANDLE      Handle
+  );
+
+/**
+  Provide a function to install the Firmware Management Protocol 
+instance onto a
+  device handle when the device is managed by a driver that follows the 
+UEFI
+  Driver Model.  If the device is not managed by a driver that follows 
+the UEFI
+  Driver Model, then EFI_UNSUPPORTED is returned.
+
+  @param[in] FmpInstaller  Function that installs the Firmware Management
+                           Protocol.
+
+  @retval EFI_SUCCESS      The device is managed by a driver that follows the
+                           UEFI Driver Model.  FmpInstaller must be called on
+                           each Driver Binding Start().
+  @retval EFI_UNSUPPORTED  The device is not managed by a driver that follows
+                           the UEFI Driver Model.
+  @retval other            The Firmware Management Protocol for this firmware
+                           device is not installed.  The firmware device is
+                           still locked using FmpDeviceLock().
+
+**/
+EFI_STATUS
+EFIAPI
+RegisterFmpInstaller (
+  IN FMP_DEVICE_LIB_REGISTER_FMP_INSTALLER  FmpInstaller
+  );
+
+/**
+  Returns the size, in bytes, of the firmware image currently stored in 
+the
+  firmware device.  This function is used to by the GetImage() and
+  GetImageInfo() services of the Firmware Management Protocol.  If the 
+image
+  size can not be determined from the firmware device, then 0 must be returned.
+
+  @return  The size, in bytes, of the firmware image current stored in the
+           firmware device.  Return 0 if the size can not be determined.
+
+**/
+UINTN
+EFIAPI
+FmpDeviceGetSize (
+  VOID
+  );
+
+/**
+  Returns the GUID value used to fill in the ImageTypeId field of the
+  EFI_FIRMWARE_IMAGE_DESCRIPTOR structure that is returned by the 
+GetImageInfo()
+  service of the Firmware Management Protocol.  If EFI_UNSUPPORTED is 
+returned,
+  then the ImageTypeId field is set to gEfiCallerIdGuid.  If 
+EFI_SUCCESS is
+  returned, then ImageTypeId is set to the Guid returned from this function.
+
+  @param[out] Guid  Double pointer to a GUID value that is updated to point to
+                    to a GUID value.  The GUID value is not allocated and must
+                    not be modified or freed by the caller.
+
+  @retval EFI_SUCCESS      EFI_FIRMWARE_IMAGE_DESCRIPTOR ImageTypeId GUID is set
+                           to the returned Guid value.
+  @retval EFI_UNSUPPORTED  EFI_FIRMWARE_IMAGE_DESCRIPTOR ImageTypeId GUID is set
+                           to gEfiCallerIdGuid.
+
+**/
+EFI_STATUS
+EFIAPI
+FmpDeviceGetImageTypeIdGuidPtr (
+  OUT EFI_GUID  **Guid
+  );
+
+/**
+  Returns values used to fill in the AttributesSupported and 
+AttributesSettings
+  fields of the EFI_FIRMWARE_IMAGE_DESCRIPTOR structure that is 
+returned by the
+  GetImageInfo() service of the Firmware Management Protocol.  The 
+following
+  bit values from the Firmware Management Protocol may be combined:
+    IMAGE_ATTRIBUTE_IMAGE_UPDATABLE
+    IMAGE_ATTRIBUTE_RESET_REQUIRED
+    IMAGE_ATTRIBUTE_AUTHENTICATION_REQUIRED
+    IMAGE_ATTRIBUTE_IN_USE
+    IMAGE_ATTRIBUTE_UEFI_IMAGE
+
+  @param[out] Supported  Attributes supported by this firmware device.
+  @param[out] Setting    Attributes settings for this firmware device.
+
+**/
+VOID
+EFIAPI
+FmpDeviceGetAttributes (
+  IN OUT UINT64  *Supported,
+  IN OUT UINT64  *Setting
+  );
+
+/**
+  Returns the value used to fill in the LowestSupportedVersion field of 
+the
+  EFI_FIRMWARE_IMAGE_DESCRIPTOR structure that is returned by the 
+GetImageInfo()
+  service of the Firmware Management Protocol.  If EFI_SUCCESS is 
+returned, then
+  the firmware device supports a method to report the 
+LowestSupportedVersion
+  value from the currently stored firmware image.  If the value can not 
+be
+  reported for the firmware image currently stored in the firmware 
+device, then
+  EFI_UNSUPPORTED must be returned.  EFI_DEVICE_ERROR is returned if an 
+error
+  occurs attempting to retrieve the LowestSupportedVersion value for 
+the
+  currently stored firmware image.
+
+  @note It is recommended that all firmware devices support a method to report
+        the LowestSupportedVersion value from the currently stored firmware
+        image.
+
+  @param[out] LowestSupportedVersion  LowestSupportedVersion value retrieved
+                                      from the currently stored firmware image.
+
+  @retval EFI_SUCCESS       The lowest supported version of currently stored
+                            firmware image was returned in LowestSupportedVersion.
+  @retval EFI_UNSUPPORTED   The firmware device does not support a method to
+                            report the lowest supported version of the currently
+                            stored firmware image.
+  @retval EFI_DEVICE_ERROR  An error occurred attempting to retrieve the lowest
+                            supported version of the currently stored firmware
+                            image.
+
+**/
+EFI_STATUS
+EFIAPI
+FmpDeviceGetLowestSupportedVersion (
+  OUT UINT32  *LowestSupportedVersion
+  );
+
+/**
+  Returns the Null-terminated Unicode string that is used to fill in 
+the
+  VersionName field of the EFI_FIRMWARE_IMAGE_DESCRIPTOR structure that 
+is
+  returned by the GetImageInfo() service of the Firmware Management Protocol.
+  If the VersionName string can not be reported by the firmware image 
+currently
+  stored in the firmware device, then NULL must be returned.  
+Otherwise,
+  a Null-terminated Unicode string containing the VersioName is returned.
+  The returned string must be allocated using EFI_BOOT_SERVICES.AllocatePool().
+
+  @note It is recommended that all firmware devices support a method to report
+        the VersionName string from the currently stored firmware image.
+
+  @retval NULL       The firmware device does not support a method to report the
+                     version string for the currently stored firmware image.
+  @retval NULL       An error occurred attempting to retrieve the version string
+                     for the currently stored firmware image.
+  @retval non NULL   A pointer to an allocated buffer containing the version
+                     string for the currently stored firmware image.
+
+**/
+CHAR16 *
+EFIAPI
+FmpDeviceGetVersionString (
+  VOID
+  );
+
+/**
+  Returns the value used to fill in the Version field of the
+  EFI_FIRMWARE_IMAGE_DESCRIPTOR structure that is returned by the 
+GetImageInfo()
+  service of the Firmware Management Protocol.  If EFI_SUCCESS is 
+returned, then
+  the firmware device supports a method to report the Version value 
+from the
+  currently stored firmware image.  If the value can not be reported 
+for the
+  firmware image currently stored in the firmware device, then 
+EFI_UNSUPPORTED
+  must be returned.  EFI_DEVICE_ERROR is returned if an error occurs 
+attempting
+  to retrieve the LowestSupportedVersion value for the currently stored 
+firmware
+  image.
+
+  @note It is recommended that all firmware devices support a method to report
+        the Version value from the currently stored firmware image.
+
+  @param[out] Version  The version value retrieved from the currently stored
+                       firmware image.
+
+  @retval EFI_SUCCESS       The version of currently stored firmware image was
+                            returned in Version.
+  @retval EFI_UNSUPPORTED   The firmware device does not support a method to
+                            report the version of the currently stored firmware
+                            image.
+  @retval EFI_DEVICE_ERROR  An error occurred attempting to retrieve the version
+                            of the currently stored firmware image.
+
+**/
+EFI_STATUS
+EFIAPI
+FmpDeviceGetVersion (
+  OUT UINT32  *Version
+  );
+
+/**
+  Returns a copy of the firmware image currently stored in the firmware device.
+
+  @note It is recommended that all firmware devices support a method to retrieve
+        a copy currently stored firmware image.  This can be used to support
+        features such as recovery and rollback.
+
+  @param[out]    Image      Pointer to a caller allocated buffer where the
+                            currently stored firmware image is copied to.
+  @param[in out] ImageSize  Pointer the size, in bytes, of the Image buffer.
+                            On return, points to the size, in bytes, of firmware
+                            image currently stored in the firmware device.
+
+  @retval EFI_SUCCESS            Image contains a copy of the firmware image
+                                 currently stored in the firmware device, and
+                                 ImageSize contains the size, in bytes, of the
+                                 firmware image currently stored in the
+                                 firmware device.
+  @retval EFI_BUFFER_TOO_SMALL   The buffer specified by ImageSize is too small
+                                 to hold the firmware image currently stored in
+                                 the firmware device. The buffer size required
+                                 is returned in ImageSize.
+  @retval EFI_INVALID_PARAMETER  The Image is NULL.
+  @retval EFI_INVALID_PARAMETER  The ImageSize is NULL.
+  @retval EFI_UNSUPPORTED        The operation is not supported.
+  @retval EFI_DEVICE_ERROR       An error occurred attempting to retrieve the
+                                 firmware image currently stored in the firmware
+                                 device.
+
+**/
+EFI_STATUS
+EFIAPI
+FmpDeviceGetImage (
+  IN OUT    VOID   *Image,
+  IN IN OUT UINTN  *ImageSize
+  );
+
+/**
+  Checks if a new firmware image is valid for the firmware device.  
+This
+  function allows firmware update operation to validate the firmware 
+image
+  before FmpDeviceSetImage() is called.
+
+  @param[in]  Image           Points to a new firmware image.
+  @param[in]  ImageSize       Size, in bytes, of a new firmware image.
+  @param[out] ImageUpdatable  Indicates if a new firmware image is valid for
+                              a firmware update to the firmware device.  The
+                              following values from the Firmware Management
+                              Protocol are supported:
+                                IMAGE_UPDATABLE_VALID
+                                IMAGE_UPDATABLE_INVALID
+                                IMAGE_UPDATABLE_INVALID_TYPE
+                                IMAGE_UPDATABLE_INVALID_OLD
+                                IMAGE_UPDATABLE_VALID_WITH_VENDOR_CODE
+
+  @retval EFI_SUCCESS            The image was successfully checked.  Additional
+                                 status information is returned in
+                                 ImageUpdateable.
+  @retval EFI_INVALID_PARAMETER  Image is NULL.
+  @retval EFI_INVALID_PARAMETER  ImageUpdateable is NULL.
+
+**/
+EFI_STATUS
+EFIAPI
+FmpDeviceCheckImage (
+  IN  CONST VOID  *Image,
+  IN  UINTN       ImageSize,
+  OUT UINT32      *ImageUpdateable
+  );
+
+/**
+  Updates a firmware device with a new firmware image.  This function 
+returns
+  EFI_UNSUPPORTED if the firmware image is not updatable.  If the 
+firmware image
+  is updatable, the function should perform the following minimal 
+validations
+  before proceeding to do the firmware image update.
+    - Validate that the image is a supported image for this firmware device.
+      Return EFI_ABORTED if the image is not supported.  Additional details
+      on why the image is not a supported image may be returned in AbortReason.
+    - Validate the data from VendorCode if is not NULL.  Firmware image
+      validation must be performed before VendorCode data validation.
+      VendorCode data is ignored or considered invalid if image validation
+      fails.  Return EFI_ABORTED if the VendorCode data is invalid.
+
+  VendorCode enables vendor to implement vendor-specific firmware image 
+ update  policy.  Null if the caller did not specify the policy or use 
+ the default  policy.  As an example, vendor can implement a policy to 
+ allow an option to  force a firmware image update when the abort 
+ reason is due to the new firmware  image version is older than the 
+ current firmware image version or bad image  checksum.  Sensitive 
+ operations such as those wiping the entire firmware image  and render 
+ the device to be non-functional should be encoded in the image  itself 
+ rather than passed with the VendorCode.  AbortReason enables vendor to  
+ have the option to provide a more detailed description of the abort reason to  the caller.
+
+  @param[in]  Image             Points to the new firmware image.
+  @param[in]  ImageSize         Size, in bytes, of the new firmware image.
+  @param[in]  VendorCode        This enables vendor to implement vendor-specific
+                                firmware image update policy.  NULL indicates
+                                the caller did not specify the policy or use the
+                                default policy.
+  @param[in]  Progress          A function used to report the progress of
+                                updating the firmware device with the new
+                                firmware image.
+  @param[in]  CapsuleFwVersion  The version of the new firmware image from the
+                                update capsule that provided the new firmware
+                                image.
+  @param[out] AbortReason       A pointer to a pointer to a Null-terminated
+                                Unicode string providing more details on an
+                                aborted operation. The buffer is allocated by
+                                this function with
+                                EFI_BOOT_SERVICES.AllocatePool().  It is the
+                                caller's responsibility to free this buffer with
+                                EFI_BOOT_SERVICES.FreePool().
+
+  @retval EFI_SUCCESS            The firmware device was successfully updated
+                                 with the new firmware image.
+  @retval EFI_ABORTED            The operation is aborted.  Additional details
+                                 are provided in AbortReason.
+  @retval EFI_INVALID_PARAMETER  The Image was NULL.
+  @retval EFI_UNSUPPORTED        The operation is not supported.
+
+**/
+EFI_STATUS
+EFIAPI
+FmpDeviceSetImage (
+  IN  CONST VOID                                     *Image,
+  IN  UINTN                                          ImageSize,
+  IN  CONST VOID                                     *VendorCode,       OPTIONAL
+  IN  EFI_FIRMWARE_MANAGEMENT_UPDATE_IMAGE_PROGRESS  Progress,          OPTIONAL
+  IN  UINT32                                         CapsuleFwVersion,
+  OUT CHAR16                                         **AbortReason
+  );
+
+/**
+  Lock the firmware device that contains a firmware image.  Once a 
+firmware
+  device is locked, any attempts to modify the firmware image contents 
+in the
+  firmware device must fail.
+
+  @note It is recommended that all firmware devices support a lock method to
+        prevent modifications to a stored firmware image.
+
+  @note A firmware device lock mechanism is typically only cleared by a full
+        system reset (not just sleep state/low power mode).
+
+  @retval  EFI_SUCCESS      The firmware device was locked.
+  @retval  EFI_UNSUPPORTED  The firmware device does not support 
+ locking
+
+**/
+EFI_STATUS
+EFIAPI
+FmpDeviceLock (
+  VOID
+  );
+
+#endif
diff --git a/FmpDevicePkg/Include/Library/FmpPayloadHeaderLib.h b/FmpDevicePkg/Include/Library/FmpPayloadHeaderLib.h
new file mode 100644
index 0000000000..cb5622e9ce
--- /dev/null
+++ b/FmpDevicePkg/Include/Library/FmpPayloadHeaderLib.h
@@ -0,0 +1,100 @@
+/**  @file
+  Provides services to retrieve values from a capsule's FMP Payload Header.
+  The structure is not included in the library class.  Instead, 
+services are
+  provided to retrieve information from the FMP Payload Header.  If 
+information
+  is added to the FMP Payload Header, then new services may be added to 
+this
+  library class to retrieve the new information.
+
+  Copyright (c) 2016, Microsoft Corporation. All rights reserved.<BR>  
+ Copyright (c) 2018, Intel Corporation. All rights reserved.<BR>
+
+  Redistribution and use in source and binary forms, with or without  
+ modification, are permitted provided that the following conditions are met:
+  1. Redistributions of source code must retain the above copyright 
+ notice,  this list of conditions and the following disclaimer.
+  2. Redistributions in binary form must reproduce the above copyright 
+ notice,  this list of conditions and the following disclaimer in the 
+ documentation  and/or other materials provided with the distribution.
+
+  THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 
+ "AS IS" AND  ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 
+ LIMITED TO, THE IMPLIED  WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+  IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR 
+ ANY DIRECT,  INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 
+ CONSEQUENTIAL DAMAGES (INCLUDING,  BUT NOT LIMITED TO, PROCUREMENT OF 
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,  DATA, OR PROFITS; OR 
+ BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF  LIABILITY, 
+ WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE  
+ OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF  ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+**/
+
+#ifndef _FMP_PAYLOAD_HEADER_LIB_H__
+#define _FMP_PAYLOAD_HEADER_LIB_H__
+
+/**
+  Returns the FMP Payload Header size in bytes.
+
+  @param[in]  Header          FMP Payload Header to evaluate
+  @param[in]  FmpPayloadSize  Size of FMP payload
+  @param[out] Size            The size, in bytes, of the FMP Payload Header.
+
+  @retval EFI_SUCCESS            The firmware version was returned.
+  @retval EFI_INVALID_PARAMETER  Header is NULL.
+  @retval EFI_INVALID_PARAMETER  Size is NULL.
+  @retval EFI_INVALID_PARAMETER  Header is not a valid FMP Payload Header.
+
+**/
+EFI_STATUS
+EFIAPI
+GetFmpPayloadHeaderSize (
+  IN  CONST VOID   *Header,
+  IN  CONST UINTN  FmpPayloadSize,
+  OUT UINT32       *Size
+  );
+
+/**
+  Returns the version described in the FMP Payload Header.
+
+  @param[in]  Header          FMP Payload Header to evaluate
+  @param[in]  FmpPayloadSize  Size of FMP payload
+  @param[out] Version         The firmware version described in the FMP Payload
+                              Header.
+
+  @retval EFI_SUCCESS            The firmware version was returned.
+  @retval EFI_INVALID_PARAMETER  Header is NULL.
+  @retval EFI_INVALID_PARAMETER  Version is NULL.
+  @retval EFI_INVALID_PARAMETER  Header is not a valid FMP Payload Header.
+
+**/
+EFI_STATUS
+EFIAPI
+GetFmpPayloadHeaderVersion (
+  IN  CONST VOID   *Header,
+  IN  CONST UINTN  FmpPayloadSize,
+  OUT UINT32       *Version
+  );
+
+/**
+  Returns the lowest supported version described in the FMP Payload Header.
+
+  @param[in]  Header                  FMP Payload Header to evaluate
+  @param[in]  FmpPayloadSize          Size of FMP payload
+  @param[out] LowestSupportedVersion  The lowest supported version described in
+                                      the FMP Payload Header.
+
+  @retval EFI_SUCCESS            The lowest support version was returned.
+  @retval EFI_INVALID_PARAMETER  Header is NULL.
+  @retval EFI_INVALID_PARAMETER  LowestSupportedVersion is NULL.
+  @retval EFI_INVALID_PARAMETER  Header is not a valid FMP Payload Header.
+
+**/
+EFI_STATUS
+EFIAPI
+GetFmpPayloadHeaderLowestSupportedVersion (
+  IN     CONST VOID   *Header,
+  IN     CONST UINTN  FmpPayloadSize,
+  IN OUT UINT32       *LowestSupportedVersion
+  );
+
+#endif
--
2.14.2.windows.3

_______________________________________________
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel
_______________________________________________
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel