-
Notifications
You must be signed in to change notification settings - Fork 4
Capsule Based Firmware Update and Firmware Recovery
This page describes the capsule feature along with a few of the common capsule use cases. The UEFI Specification and the PI Specification provide details on the services, tables, and variables associated with the use of capsules to support firmware update and recovery. These include:
- [UEFI]
UpdateCapsule()andQueryCapsuleCapabilioties()Runtime Services - [UEFI] OsIndicationsSupported and OsIndications UEFI Variables
- [UEFI] CapsuleNNNN Capsule Report Variables
- [UEFI] Firmware Management Protocol (FMP)
- [UEFI] EFI System Resource Table (ESRT)
- [PI] Recovery Module PPI
- [PI] Device Recovery Module PPI
- [PI] Recovery Block I/O PPI
- [PI] Boot in Recovery Mode PPI
EDK II provides an implementation of capsule-base firmware update and firmware recovery features
that can detect if a firmware update or a recovery image delivered through a capsule has been
modified. It can also verify that the capsule applies to the platform that receives the capsule,
verifies that a firmware update does not violate any of the platforms's firmware rollback rules.
The EDK II implementation of firmware update and recovery makes use OpenSSL command line utilities
to sign firmware update capsules and firmware recovery images. It also uses the OpenSSL libraries
to authenticate firmware update capsules and firmware recovery images before they are used. The
EDK II implementation of capsule-based firmware update and firmware recovery provides
test signing keys that may be used during firmware development and debug. If the EDK II
implementation of capsule-based firmware update and recovery is used to build a production
firmware images, production firmware updates, or production recovery images, then the product
owner must create and manage their production signing keys.