From bd9370d775ccc982ba54424f272deaef997f80bc Mon Sep 17 00:00:00 2001
From: Sergii Dmytruk <sergii.dmytruk@3mdeb.com>
Date: Mon, 6 May 2024 15:02:50 +0300
Subject: drivers/efi/uefi_capsules.c: coalesce and store UEFI capsules

How it approximately works:

(During a normal system run):
1. OS puts a capsule into RAM and calls UpdateCapsule() function of EFI
   runtime
2. If applying the update requires a reboot, EFI implementation creates
   a new CapsuleUpdateData* EFI variable pointing at the beginning of
   capsules description (not data, but description of the data) and does
   a warm reboot leaving capsule data and its description in RAM to be
   picked by firmware on the next boot process

(After DEV_INIT:)
3. Capsules are discovered by checking for CapsuleUpdateData* variables
4. Capsule description in memory and capsule data is validated for
   sanity
5. Capsule data is coalesced into a continuous piece of memory

(On BS_WRITE_TABLES via dasharo_add_capsules_to_bootmem() hook:)
6. Buffer with coalesced capsules is marked as reserved

(On BS_WRITE_TABLES via lb_uefi_capsules() hook:)
7. coreboot table entry is added for each of the discovered capsules

(In UEFI payload:)
8. CapsuleUpdateData* get removed
9. coreboot table is checked for any update capsules which are then
   applied

Change-Id: I162d678ae5c504906084b59c1a8d8c26dadb9433
Signed-off-by: Sergii Dmytruk <sergii.dmytruk@3mdeb.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/83422
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Krystian Hebel <krystian.hebel@3mdeb.com>
---
 src/security/memory/memory_clear.c | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'src/security/memory')

diff --git a/src/security/memory/memory_clear.c b/src/security/memory/memory_clear.c
index 9a8a23a1f7..e747f4f3ce 100644
--- a/src/security/memory/memory_clear.c
+++ b/src/security/memory/memory_clear.c
@@ -20,6 +20,7 @@
 #include <security/memory/memory.h>
 #include <cbmem.h>
 #include <acpi/acpi.h>
+#include <drivers/efi/capsules.h>
 
 /* Helper to find free space for memset_pae. */
 static uintptr_t get_free_memory_range(struct memranges *mem,
@@ -60,6 +61,9 @@ static void clear_memory(void *unused)
 	if (acpi_is_wakeup_s3())
 		return;
 
+	/* Process capsules before clearing memory and only if not waking up from S3. */
+	efi_parse_capsules();
+
 	if (!security_clear_dram_request())
 		return;
 
-- 
cgit v1.2.3