/**
* AMITSE.c - Reverse engineered decompilation of AMITSE.efi
* Lenovo HR650X BIOS - Tiano Shell Extension (TSE)
* Aptio Setup Utility - BIOS Setup Menu Driver
*
* Source files identified from debug strings:
* - AmiTsePkg/EDK/MiniSetup/BootOnly/boot.c
* - AmiModulePkg/HddSecurity/AmiTseHddSecurity/AmiTseHddSecurity.c
* - AmiModulePkg/HddSecurity/AmiTseHddSecurity/ForceHddPassword.c
* - AmiModulePkg/TcgStorageSecurity/AmiTseTcgStorageSecurity/AmiTseTcgStorageSecurity.c
* - PurleyRpPkg/Library/SetupLib/DxeSetupLib.c
* - LenovoServerPkg/Library/LnvIpmiLib/IpmiCmd/DxeLnvSendIpmiCmdLib.c
* - FixedBootOrderTSE.c (Lenovo-specific boot ordering)
*
* Build environment: HR6N0XMLK, DEBUG_VS2015, X64
* Image size: 0x5C020 bytes
* Functions: 1118 (88 named, 1030 identified)
*/
#include <Uefi.h>
#include <Library/DebugLib.h>
#include <Library/UefiBootServicesTableLib.h>
#include <Library/UefiRuntimeServicesTableLib.h>
#include <Library/BaseMemoryLib.h>
#include <Library/MemoryAllocationLib.h>
#include <Library/DevicePathLib.h>
#include <Library/UefiLib.h>
#include <Library/HiiLib.h>
#include <Library/PrintLib.h>
#include <Library/BaseLib.h>
#include "AMITSE.h"
//
// ============================================================================
// MODULE ENTRY POINT
// ============================================================================
/**
* ModuleEntryPoint - UEFI driver entry point (0x420).
*
* Called when the DXE dispatcher loads this module.
* Delegates to TseDriverInit() for global state setup,
* then to TseMainEntry() for full initialization.
*/
EFI_STATUS
EFIAPI
ModuleEntryPoint(
IN EFI_HANDLE ImageHandle,
IN EFI_SYSTEM_TABLE *SystemTable
)
{
TseDriverInit((UINTN)ImageHandle, (UINTN)SystemTable);
return TseMainEntry(ImageHandle, SystemTable);
}
// ============================================================================
// DRIVER INITIALIZATION CHAIN
// ============================================================================
/**
* TseDriverInit - Driver-level initialization (0x5B8).
*
* Called once at module load. Stores ImageHandle, SystemTable,
* BootServices, RuntimeServices in global variables.
* Locates key protocols:
* - DxeServicesTable (gDS via LocateProtocol)
* - MmPciBase (mPciUsra)
* - LpcDevice (via MmPci)
*
* Source: AutoGen.c from MdePkg library auto-generation.
*/
EFI_STATUS
TseDriverInit(
IN UINTN ImageHandle,
IN UINTN SystemTable
)
{
EFI_STATUS Status;
gImageHandle = (UINTN)ImageHandle;
if (ImageHandle == 0) {
DEBUG_ASSERT (ImageHandle != 0, "gImageHandle != NULL");
}
SystemTable_0 = (UINTN)SystemTable;
if (SystemTable_0 == 0) {
DEBUG_ASSERT (SystemTable_0 != 0, "gST != NULL");
}
gBS = (UINTN)((EFI_SYSTEM_TABLE *)SystemTable)->BootServices;
if (gBS == 0) {
DEBUG_ASSERT (gBS != 0, "gBS != NULL");
}
gRT = (UINTN)((EFI_SYSTEM_TABLE *)SystemTable)->RuntimeServices;
if (gRT == 0) {
DEBUG_ASSERT (gRT != 0, "gRT != NULL");
}
// Locate DxeServicesTable
Status = TseLocateProtocol (&gEfiDxeServicesProtocolGuid,
&qword_66CA8);
DEBUG_ASSERT (!EFI_ERROR (Status), "gDS != NULL");
// Locate MmPciBase
Status = gBS->LocateProtocol (&gEfiMmPciBaseProtocolGuid,
NULL,
&qword_66CB0);
DEBUG_ASSERT (!EFI_ERROR (Status), "mPciUsra != NULL");
return EFI_SUCCESS;
}
/**
* TseMainEntry - Main initialization and setup entry (0x988).
*
* Core initialization sequence:
* 1. Save system table pointers
* 2. Run init callbacks (TseRunInitCallbacks)
* 3. Install HII packages (TseInstallHiiPackages)
* 4. Copy version string table
* 5. Setup title/version strings (TseSetupTitleVersion)
* 6. Init setup variable (TseInitSetupVariable)
* 7. Find AMITSE signature (TseFindAmitseSignature)
* 8. Parse menu database (TseParseMenuDatabase)
* 9. Init menu defaults (TseInitMenuDefaults)
* 10. Init boot option callbacks (TseInitBootOptionCallbacks)
* 11. Register boot next callback
* 12. Init platform languages (TseInitPlatformLanguages)
* 13. Register protocol callbacks (TseRegisterProtocolCallbacks)
* 14. Install AMITSE protocol if callback fails
*/
EFI_STATUS
TseMainEntry(
IN EFI_HANDLE ImageHandle,
IN EFI_SYSTEM_TABLE *SystemTable
)
{
EFI_STATUS Status;
// Save global system table pointers
gImageHandle = (UINTN)ImageHandle;
if (gST == 0) {
gST = (UINTN)SystemTable;
}
SystemTable_0 = gST;
BootServices_0 = SystemTable_0 ?
((EFI_SYSTEM_TABLE *)SystemTable_0)->BootServices : 0;
RuntimeServices_0 = SystemTable_0 ?
((EFI_SYSTEM_TABLE *)SystemTable_0)->RuntimeServices : 0;
// Run pre-initialization callbacks
if (TseRunInitCallbacks ((EFI_BOOT_SERVICES *)BootServices_0,
(EFI_RUNTIME_SERVICES *)RuntimeServices_0)) {
return EFI_UNSUPPORTED;
}
// Install HII package list
TseInstallHiiPackages (ImageHandle, 0);
// Copy version string data
xmmword_641A8 = xmmword_5C0F8;
// Initialize setup menu
TseSetupTitleVersion ();
TseInitSetupVariable ();
// Find AMITSE signature in FV files
Status = TseFindAmitseSignature ();
if (EFI_ERROR (Status)) {
return TseExitBootServicesHandler (Status);
}
// Parse the menu database from flash
TseParseMenuDatabase ();
TseInitMenuDefaults ();
// Initialize boot option callback infrastructure
Status = TseInitBootOptionCallbacks (NULL, 0);
if (!EFI_ERROR (Status)) {
// Register "boot next" notification callback
TseInvokeCallbackOrDirect (TSE_CALLBACK_BOOT_NEXT,
(VOID *)TseSetupBootNextCallback);
// Clear timeout
n6 = 0;
// Initialize platform language support
TseInitPlatformLanguages ();
// Register protocol notifiers
TseRegisterProtocolCallbacks ();
// Install notification events
Status = TseInstallNotificationEvents ();
if (EFI_ERROR (Status)) {
// Install AMITSE protocol as fallback
gBS->InstallMultipleProtocolInterfaces (
&qword_66D18,
&gEfiAmiTseProtocolGuid,
(VOID *)off_640B0,
NULL,
&gEfiCallerIdGuid,
NULL
);
TseRegisterResetNotification ();
}
}
return Status;
}
/**
* TseInstallHiiPackages - Install HII package list (0x42B9C).
*
* Opens HII package list protocol on ImageHandle.
* Locates HII Database protocol and calls NewPackageList.
*/
EFI_STATUS
TseInstallHiiPackages (
IN EFI_HANDLE ImageHandle,
IN UINTN Parameter2
)
{
EFI_STATUS Status;
EFI_HII_PACKAGE_LIST_PROTOCOL *PackageList;
EFI_HII_DATABASE_PROTOCOL *HiiDatabase;
Status = gBS->OpenProtocol (
ImageHandle,
&gEfiHiiPackageListProtocolGuid,
(VOID **)&PackageList,
ImageHandle,
NULL,
EFI_OPEN_PROTOCOL_GET_PROTOCOL
);
if (EFI_ERROR (Status)) {
TseDebugPrint (0x80000000,
"gEfiHiiPackageListProtocolGuid protocol is not found\n");
return Status;
}
Status = gBS->LocateProtocol (
&gEfiHiiDatabaseProtocolGuid,
NULL,
(VOID **)&HiiDatabase
);
if (EFI_ERROR (Status)) {
TseDebugPrint (0x80000000,
"gEfiHiiDatabaseProtocolGuid protocol is not found\n");
return Status;
}
Status = HiiDatabase->NewPackageList (
HiiDatabase,
PackageList,
NULL,
(EFI_HII_HANDLE *)&qword_747A8
);
TseDebugPrint (0x80000000, "NewPackageList status: %r\n", Status);
return Status;
}
/**
* TseFindAmitseSignature - Search FV for AMITSE signature (0x45F54).
*
* Scans FV files for the "AMITSE" magic 4-byte signature (0xFE534D49).
* On success, sets qword_74780 to point to the menu database.
*/
EFI_STATUS
TseFindAmitseSignature (VOID)
{
EFI_STATUS Status;
UINT32 Signature = 0xFE534D49; // "AMITSE"
VOID *Buffer;
UINTN BufferSize;
Status = TseEnumerateFvFiles (&Signature, &Buffer, &BufferSize);
if (EFI_ERROR (Status)) {
return Status;
}
// Scan for AMITSE signature in the file data
qword_74780 = (UINTN)Buffer;
if (Buffer != NULL) {
VOID *Ptr = (VOID *)((UINTN)Buffer + 16);
UINTN Size = BufferSize - 16;
while (Size >= 4) {
if (*(UINT32 *)Ptr == 0x46534D49) { // "AMITSE"
qword_74780 = (UINTN)Ptr;
break;
}
Ptr = (VOID *)((UINTN)Ptr + 1);
Size--;
}
}
return Status;
}
//
// ============================================================================
// MENU DATABASE PARSING
// ============================================================================
/**
* TseParseMenuDatabase - Parse the menu database header (0xF6D0).
*
* Walks the AMITSE structure pointed to by qword_74780.
* Sets up global pointers for:
* - Form base (qword_746B0)
* - Form entries (qword_746C0)
* - Variables (qword_746A0)
* - Defaults (qword_746A8)
* - Menu keys (qword_74690)
* - Entry count (qword_746C8)
*
* Allocates TSE_MENU_STATE (80 bytes) at qword_74798.
*/
VOID
TseParseMenuDatabase (VOID)
{
TSE_MENU_DATABASE_HEADER *Header;
UINTN Offset;
Header = (TSE_MENU_DATABASE_HEADER *)qword_74780;
qword_746F0 = qword_74780;
qword_746B0 = qword_74780 + Header->FormSetOffset;
qword_746C0 = qword_74780 + Header->FormOffset;
qword_746E0 = qword_746C0;
qword_746F8 = qword_74780 + Header->VariableOffset;
qword_746C8 = qword_74780 + Header->OptionOffset;
qword_746D0 = qword_746C8;
qword_746A0 = qword_74780 + Header->StringTableOffset;
qword_746A8 = qword_74780 + Header->DefaultOffset;
qword_746B8 = qword_746A0;
qword_74690 = qword_74780 + Header->MenuKeyOffset;
qword_74698 = qword_746A0 + *(UINT32 *)(qword_746A0 + 4);
// Allocate TSE_MENU_STATE
if (qword_74798) {
TseFreePool (&qword_74798);
}
qword_74798 = TseAllocateZeroPool (sizeof (TSE_MENU_STATE));
((TSE_MENU_STATE *)qword_74798)->RedrawNeeded = FALSE;
((TSE_MENU_STATE *)qword_74798)->Initialized = FALSE;
}
/**
* TseInitMenuDefaults - Set default form IDs (0x10BB8).
*
* Initializes the form set with standard layout dimensions.
*/
VOID
TseInitMenuDefaults (VOID)
{
UINTN FormSetBase = qword_746B0;
if (*(UINT16 *)(FormSetBase + 8) != 2) {
*(UINT16 *)(FormSetBase + 8) = 2; // Default width = 2
}
if (*(UINT16 *)(FormSetBase + 10) != 3) {
*(UINT16 *)(FormSetBase + 10) = 3; // Default height = 3
}
if (*(UINT16 *)(FormSetBase + 12) != 21) {
*(UINT16 *)(FormSetBase + 12) = 21; // Default rows = 21
}
}
//
// ============================================================================
// BOOT OPTION MANAGEMENT
// ============================================================================
/**
* TseBootOptionsInit - Initialize boot option display (0x2558).
*
* Builds the boot option list from BootOrder/ Boot#### variables.
* Handles:
* - BBS (BIOS Boot Specification) menu entries
* - UEFI boot option display
* - Legacy boot option display
* - Fixed boot order overrides
* - USB / CDROM grouping
* - Driver health entries (EFI_DRIVER_HEALTH_PROTOCOL)
* - Network PXE boot options
* - NVMe boot options
*/
UINTN
TseBootOptionsInit (VOID)
{
// ... (implementation details in the .md documentation)
return EFI_SUCCESS;
}
//
// ============================================================================
// DISPLAY / MENU DRAWING
// ============================================================================
/**
* TseDrawBootMenu - Draw the main boot selection menu (0x159C).
*
* Renders BBS boot options, handles setup entry key (F2/Del),
* and manages the graphical/text boot menu screen with:
* - Title bar: "BBS MENU"
* - Boot option list with selection highlight
* - Help text at bottom of screen
* - Timeout countdown display
*/
EFI_STATUS
TseDrawBootMenu (VOID)
{
// ... (see documentation for full flow)
return EFI_SUCCESS;
}
/**
* TseDrawMenuPage - Draw a single menu page (0x11C80).
*
* Main menu rendering function. Handles:
* - Form title and help text
* - Option items (checkboxes, numeric, strings, enums)
* - Scroll indicator when items exceed page height
* - Status bar with date/time
* - Key legend at bottom
*/
UINTN
TseDrawMenuPage (
IN UINTN FormId,
IN UINTN Flags,
IN VOID *FormData,
IN UINT16 *Title
)
{
// ... (complex rendering logic)
return EFI_SUCCESS;
}
/**
* TseDrawMenuString - Write a string to the text buffer (0x5F18).
*
* Draws a string at a specified row/column position in the
* text mode framebuffer with specified color attribute.
* Used for all menu text rendering.
*/
VOID
TseDrawMenuString (
IN UINTN Row,
IN UINTN Column,
IN CHAR16 *String,
IN UINT8 Attribute
)
{
// Implementation writes to VGA text buffer at
// (Row * Stride + Column) offset
}
//
// ============================================================================
// SECURITY / PASSWORD
// ============================================================================
/**
* TseForceHddPassword - Force HDD password policy (0x44C).
*
* Enumerates all HDD security devices through the
* EFI_ATA_PASS_THRU / BLOCK_IO protocols.
* For each device with security capabilities, applies
* the system-configured HDD password policy.
*
* Source: AmiModulePkg/HddSecurity/AmiTseHddSecurity/ForceHddPassword.c
*/
EFI_STATUS
TseForceHddPassword (VOID)
{
// Enumerate HDDs, apply password policy
// (see source for full implementation)
return EFI_SUCCESS;
}
//
// ============================================================================
// UTILITY FUNCTIONS
// ============================================================================
/**
* ZeroMem - Zero memory region (0x350).
*/
VOID *
ZeroMem (
IN VOID *Buffer,
IN UINTN Length
)
{
SetMem (Buffer, Length, 0);
return Buffer;
}
/**
* TseFreePool - Free a pool buffer and clear pointer (0x438C).
*/
VOID
TseFreePool (
IN VOID **Buffer
)
{
if (*Buffer != NULL) {
gBS->FreePool (*Buffer);
*Buffer = NULL;
}
}
/**
* TseAllocateZeroPool - Allocate and zero buffer (0x4CF0).
*/
VOID *
TseAllocateZeroPool (
IN UINTN Size
)
{
VOID *Buffer = NULL;
gBS->AllocatePool (EfiBootServicesData, Size, &Buffer);
if (Buffer != NULL) {
gBS->SetMem (Buffer, Size, 0);
}
return Buffer;
}
/**
* TseAllocatePool - Allocate buffer (0x4D44).
*/
VOID *
TseAllocatePool (
IN UINTN Size
)
{
VOID *Buffer = NULL;
gBS->AllocatePool (EfiBootServicesData, Size, &Buffer);
return Buffer;
}
/**
* TseCompareMem - Compare two memory regions (0x42C50).
*/
INTN
TseCompareMem (
IN CONST VOID *Destination,
IN CONST VOID *Source,
IN UINTN Length
)
{
return CompareMem (Destination, Source, Length);
}
/**
* TseSetMem - Set memory region to value (0x5BEFE).
*/
VOID *
TseSetMem (
IN VOID *Buffer,
IN UINTN Length,
IN UINT8 Value
)
{
return SetMem (Buffer, Length, Value);
}
/**
* DebugPrint - UEFI debug print wrapper (0xB9C).
*/
VOID
DebugPrint (
IN UINTN ErrorLevel,
IN CONST CHAR8 *Format,
...
)
{
VA_LIST Marker;
VA_START (Marker, Format);
// Internal debug print via VPrint
VA_END (Marker);
}
/**
* DebugAssert - UEFI assert handler (0xBE4).
*/
VOID
DebugAssert (
IN CONST CHAR8 *FileName,
IN UINTN LineNumber,
IN CONST CHAR8 *Condition
)
{
// Calls TseGetDebugConOut then prints assert info
}
/**
* TseGetDebugConOut - Get debug console output protocol (0xB1C).
*
* Locates gEfiDebugPortProtocolGuid (alternate ConOut).
*/
EFI_STATUS
TseGetDebugConOut (VOID)
{
if (qword_66CA0 == 0) {
UINTN BufferSize = gBS->AllocatePool (31, ...);
if (BufferSize <= 16) {
gBS->LocateProtocol (&gEfiDebugPortProtocolGuid,
NULL,
&qword_66CA0);
}
}
return qword_66CA0;
}
//
// ============================================================================
// CALLBACK / EVENT MANAGEMENT
// ============================================================================
/**
* TseRegisterProtocolCallbacks - Register protocol notification callbacks (0x23E8).
*
* Registers callbacks for:
* - gEfiAmiTseProtocolGuid (AMITSE protocol install)
* - gEfiSimpleTextInExProtocolGuid (keyboard input)
* - gEfiConsoleControlProtocolGuid (console switch)
* - gEfiAmiBootOrderProtocolGuid (AMITSE boot order)
*/
EFI_STATUS
TseRegisterProtocolCallbacks (VOID)
{
EFI_STATUS Status;
Status = gBS->RegisterProtocolNotify (
&qword_66D18,
&gEfiAmiTseProtocolGuid,
(EFI_NOTIFY_FN)off_640B0,
NULL
);
if (EFI_ERROR (Status)) return Status;
Status = gBS->RegisterProtocolNotify (
&qword_66D18,
&gEfiBootScriptGuid,
(EFI_NOTIFY_FN)off_649F8,
NULL
);
if (EFI_ERROR (Status)) return Status;
Status = gBS->RegisterProtocolNotify (
&qword_66D18,
&gEfiConsoleControlProtocolGuid,
(EFI_NOTIFY_FN)off_640A8,
NULL
);
if (EFI_ERROR (Status)) return Status;
Status = gBS->RegisterProtocolNotify (
&qword_66D18,
&gEfiAmiBootOrderProtocolGuid,
(EFI_NOTIFY_FN)off_64090,
NULL
);
if (EFI_ERROR (Status)) return Status;
// Install AMITSE protocol fallback
return TseInstallAmiTseProtocol ();
}
/**
* TseFindCallbackEntry - Find callback registration slot (0x4484).
*
* Searches the callback table for a matching callback ID number.
* Returns min/max index range.
*/
BOOLEAN
TseFindCallbackEntry (
IN UINT64 CallbackId,
OUT UINT64 *MinIndex,
OUT UINT64 *MaxIndex
)
{
UINT64 Id = 4294901761;
UINT64 Index = 0;
while (CallbackId != Id) {
UINT64 TableFunc = qword_5EA20[Id];
Id++;
if (TableFunc) {
*MinIndex = Index++;
}
}
return TRUE;
}
/**
* TseInvokeCallbackOrDirect - Invoke a registered callback or call directly (0x44E8).
*
* If the callback ID is registered, invokes the registered handler.
* If not found, calls the fallback function directly.
*/
EFI_STATUS
TseInvokeCallbackOrDirect (
IN UINT64 CallbackId,
IN EFI_NOTIFY_FN Fallback
)
{
UINT64 MinIndex, MaxIndex;
if (!TseFindCallbackEntry (CallbackId, &MinIndex, &MaxIndex)) {
return Fallback ();
}
for (UINT64 i = MinIndex; i <= MaxIndex; i++) {
qword_5EA20[i] ();
}
return EFI_SUCCESS;
}
/**
* TseRunInitCallbacks - Run initialization callback chain (0x4C0C).
*
* Runs all callbacks registered for TSE_CALLBACK_DEBUG_SWITCH.
*/
BOOLEAN
TseRunInitCallbacks (
IN EFI_BOOT_SERVICES *BootServices,
IN EFI_RUNTIME_SERVICES *RuntimeServices
)
{
BOOLEAN Result = FALSE;
UINT64 MinIndex, MaxIndex;
if (TseFindCallbackEntry (TSE_CALLBACK_DEBUG_SWITCH,
&MinIndex, &MaxIndex)) {
for (UINT64 i = MinIndex; i <= MaxIndex; i++) {
Result |= qword_5EA20[i] ();
}
}
return Result;
}
//
// ============================================================================
// SETUP VARIABLE MANAGEMENT
// ============================================================================
/**
* TseInitSetupVariable - Initialize BIOS setup variable (0x6ABC).
*
* Allocates the setup variable storage (12000004 bytes).
* Copies setup data from defaults and initializes the
* setup variable callback infrastructure.
*/
EFI_STATUS
TseInitSetupVariable (VOID)
{
if (qword_747B0 != NULL) {
TseFreePool (&qword_747B0);
}
qword_747B0 = TseAllocateZeroPool (12000004);
if (qword_747B0 != NULL) {
if (qword_747A0 != NULL) {
TseFreePool (&qword_747A0);
}
qword_747A0 = TseAllocatePool (12000004);
if (qword_747A0 != NULL) {
TseSetupVariableServices (7); // Set up variable services
return EFI_SUCCESS;
}
}
return EFI_OUT_OF_RESOURCES;
}
//
// ============================================================================
// LANGUAGE / LOCALIZATION
// ============================================================================
/**
* TseInitPlatformLanguages - Parse platform language codes (0x8DF4).
*
* Reads the "PlatformLangCodes" and "PlatformLang" UEFI variables.
* Builds a table of TSE_LANGUAGE_DESCRIPTOR entries for each
* supported language (en-US, etc.).
*
* Falls back to DEFAULT_LANGUAGE_CODE and "en-US" if no
* PlatformLang variable is defined.
*/
EFI_STATUS
TseInitPlatformLanguages (VOID)
{
// ... (language parsing implementation)
return EFI_SUCCESS;
}
/**
* TseGetStringById - Get a string from HII string database by ID (0x302C4).
*/
CHAR16 *
TseGetStringById (
IN EFI_HII_HANDLE HiiHandle,
IN UINT16 StringId,
IN UINTN Language
)
{
// Retrieves a localized string from HII
}
/**
* TseGetTokenString - Get tokenized string from HII (0x305F0).
*/
CHAR16 *
TseGetTokenString (
IN CHAR16 *Token
)
{
// Look up token in HII database
}
//
// ============================================================================
// TITLE / VERSION SETUP
// ============================================================================
/**
* TseSetupTitleVersion - Configure Aptio setup title and version (0x120C).
*
* Reads firmware version via PCD or setup variable and sets:
* Title: "Aptio Setup Utility - Copyright (C) YYYY American Megatrends, Inc."
* Version: "Version X.XX.XXXX. Copyright (C) YYYY American Megatrends, Inc."
*/
EFI_STATUS
TseSetupTitleVersion (VOID)
{
CHAR16 Buffer[32];
CHAR16 *Version;
UINT16 *TitleData;
UINTN Index;
TitleData = (UINT16 *)TseGetVariable (L"PlatformLang",
&gEfiGlobalVariableGuid,
NULL,
NULL);
if (TitleData != NULL) {
Index = 0;
while (TitleData[Index] != L'\0') {
// Parse version components
TseGetStringById (qword_747A8, 2, TitleData);
TseGetStringById (qword_747A8, 3, TitleData);
Index++;
}
TseFreePool (&TitleData);
}
return EFI_SUCCESS;
}
//
// ============================================================================
// SETUP MENU HOTKEYS AND EVENTS
// ============================================================================
/**
* TseProcessSetupMenu - Main setup menu processing (0x11B4).
*
* Calls TseSetupHotkeyCallbacks to register F2/Del/Ins
* hotkeys. If qword_66D38 is set, processes timer events.
* Loops on hotkey registrations until byte_66D51
* (boot ready flag) is set.
*/
UINTN
TseProcessSetupMenu (VOID)
{
n6 = 6;
TseSetupHotkeyCallbacks ();
if (qword_66D38) {
TseUnregisterTimerEvent ();
}
while (byte_66D51 != 1) {
TseInvokeCallbackOrDirect (TSE_CALLBACK_ENTRY_SETUP,
TseDrawBootMenu);
TseInvokeCallbackOrDirect (TSE_CALLBACK_AFTER_SETUP,
TseAfterSetupCallback);
}
return 0;
}
/**
* TseSetupHotkeyCallbacks - Register setup entry hotkeys (0x13F0).
*
* Registers keyboard callbacks for:
* - F2: Enter BIOS Setup
* - Del: Enter BIOS Setup (legacy)
* - F12: Network/PXE boot once
* - F7: Boot menu
* - F10: Save and exit
* - F11: Boot menu (some platforms)
* - N: Boot from NVMe
* - P: Boot from PXE
*/
EFI_STATUS
TseSetupHotkeyCallbacks (VOID)
{
// ... (hotkey registration implementation)
return EFI_SUCCESS;
}
/**
* TseSendEnterSetupKey - Send "enter setup" key event (0x31F0).
*/
EFI_STATUS
TseSendEnterSetupKey (
IN UINTN KeyData,
IN UINTN KeyEvent
)
{
if (byte_64168 == 0 || SystemTable_0 == 0 ||
SystemTable_0->ConIn == NULL) {
return EFI_UNSUPPORTED;
}
if (KeyEvent != 1) {
return EFI_UNSUPPORTED;
}
return TseSendKeyToConIn (KeyData, 0);
}
/**
* TseSendProceedToBootKey - Send "proceed to boot" key (0x322C).
*/
EFI_STATUS
TseSendProceedToBootKey (VOID)
{
UINT32 Vars[4] = {0xB4B4B4B4, ...};
if (byte_64168 == 0) {
return EFI_UNSUPPORTED;
}
TsePushBootEventVariables (Vars);
if (byte_66DC8 == 0) {
return EFI_UNSUPPORTED;
}
TseRefreshBootState ();
if (qword_66D60 == 0) {
return EFI_UNSUPPORTED;
}
byte_66DC8 = 0;
TseNotifyBootProceed ();
TseRestoreBootDisplay ();
return EFI_SUCCESS;
}
//
// ============================================================================
// DISPLAY MANAGEMENT
// ============================================================================
/**
* TseDrawProgressBar - Draw progress bar on screen (0x32A0).
*/
EFI_STATUS
TseDrawProgressBar (
IN UINT64 VideoBase,
IN UINT64 VideoSize,
IN UINT64 TotalProgress,
IN UINT64 ScreenHeight,
IN UINT64 BarWidth
)
{
TSE_MENU_STATE *State = (TSE_MENU_STATE *)qword_74798;
UINT64 BarCount = TotalProgress / BarWidth;
State->VideoBufferBase = VideoBase;
State->VideoBufferSize = VideoSize;
State->ScreenWidth = BarWidth * BarCount;
State->ScreenHeight = ScreenHeight;
// Allocate back/front buffers
// ...(GOP buffer allocation)
State->ProgressMax = BarCount;
return EFI_SUCCESS;
}
/**
* TseDisplaySetupPage - Display a setup page (0x3C90).
*/
EFI_STATUS
TseDisplaySetupPage (
IN UINT8 Flags,
IN UINT32 PageId,
IN UINT32 VariableId,
IN UINT32 FormId,
IN UINT64 Callback,
IN UINT64 Context,
IN UINT64 Reserved
)
{
BOOLEAN WasTimer = FALSE;
BOOLEAN WasWatchdog = FALSE;
if (SystemTable_0 == 0) {
return EFI_NOT_STARTED;
}
if (qword_66D80) {
TseSaveAndDisableWatchdog (&qword_66D80);
WasTimer = TRUE;
}
if (qword_66D38) {
TseUnregisterTimerEvent ();
WasWatchdog = TRUE;
}
UINTN Result = TseDisplayPageCore (...);
if (WasTimer) {
TseRestoreDisplayState ();
}
if (WasWatchdog) {
TseRestoreTimerState ();
}
return Result;
}
/**
* TseDisplayPopupPage - Display a popup dialog (0x3D68).
*/
EFI_STATUS
TseDisplayPopupPage (
IN UINT32 PopupType,
IN UINT16 StringId,
IN UINT16 Timeout,
IN UINT32 Flags,
IN UINT16 Key,
IN UINT64 Context
)
{
// ... (popup implementation)
return EFI_SUCCESS;
}
/**
* TseDisplayErrorMessage - Display error dialog (0x3E6C).
*/
EFI_STATUS
TseDisplayErrorMessage (
IN UINT32 ErrorCode,
IN UINT16 StringId,
IN UINT32 Flags,
IN UINT16 Timeout,
IN UINT64 Context
)
{
// ... (error message implementation)
return EFI_SUCCESS;
}
//
// ============================================================================
// HDD SECURITY (AMI TSE HDD SECURITY)
// ============================================================================
/**
* TseForceHddPassword - Force HDD password policy (0x44C).
*
* Source: AmiModulePkg/HddSecurity/AmiTseHddSecurity/ForceHddPassword.c
*
* Enumerates storage controllers through Block IO protocol.
* For each HDD with security capability (see ATA/ATAPI-8 spec):
* - Applies Master Password if set
* - Sets User Password according to policy
* - Configures Security Level (High/Maximum)
*
* The enumeration walks the EFI_BLOCK_IO protocol tree via
* LocateHandleBuffer, checks the ATA identify data for:
* - Security feature set support
* - Security level and status
*
* ASSERT path: ForceHddPassword.c, line 98
*/
EFI_STATUS
TseForceHddPassword (VOID)
{
EFI_STATUS Status;
UINTN HandleCount;
EFI_HANDLE *HandleBuffer;
EFI_BLOCK_IO_PROTOCOL *BlockIo;
UINT8 Index;
Status = gBS->LocateHandleBuffer (
ByProtocol,
&gEfiBlockIoProtocolGuid,
NULL,
&HandleCount,
&HandleBuffer
);
if (EFI_ERROR (Status) || HandleCount == 0) {
return Status;
}
for (Index = 0; Index < HandleCount; Index++) {
Status = gBS->HandleProtocol (
HandleBuffer[Index],
&gEfiBlockIoProtocolGuid,
(VOID **)&BlockIo
);
if (EFI_ERROR (Status)) continue;
// Walk child handles for Block IO
// ... (ATA security identification)
DEBUG ((EFI_D_ERROR,
"[TSE] HDD Security: Handle %X\n",
HandleBuffer[Index]));
}
return EFI_SUCCESS;
}
//
// ============================================================================
// EXIT BOOT SERVICES / SHUTDOWN
// ============================================================================
/**
* TseExitBootServicesHandler - Handle ExitBootServices event (0x1160).
*
* Shuts down the TSE console output and prepares for OS boot.
* Signals that boot services are about to be terminated.
*/
EFI_STATUS
TseExitBootServicesHandler (
IN EFI_STATUS Status
)
{
EFI_SIMPLE_TEXT_OUTPUT_PROTOCOL *ConOut;
TseFlushConsole (); // Flush console
ConOut = (VOID *)((EFI_SYSTEM_TABLE *)SystemTable_0)->ConOut;
if (ConOut != NULL) {
ConOut->ClearScreen (ConOut);
ConOut->EnableCursor (ConOut, TRUE);
}
return Status;
}
/**
* TseRegisterResetNotification - Register reset notification (0x1E950).
*
* Registers a callback for when the system is about to reset
* (e.g., after setup save).
*/
EFI_STATUS
TseRegisterResetNotification (VOID)
{
// Register for ResetSystem callback
return EFI_SUCCESS;
}
/**
* TseSaveAndDisableWatchdog - Save and disable watchdog timer (0xE594).
*
* Saves the current watchdog state and disables it
* to prevent timeout during setup interaction.
*/
VOID
TseSaveAndDisableWatchdog (
IN UINT64 *WatchdogState
)
{
// Save and disable OS watchdog
}
/**
* TseRestoreDisplayState - Restore display after timer operation (0x7E54).
*/
VOID
TseRestoreDisplayState (VOID)
{
// Restore console state
}
//
// ============================================================================
// FIXED BOOT ORDER (LENOVO-SPECIFIC)
// ============================================================================
// The FixedBootOrder subsystem is implemented in a separate
// set of functions that manage:
// - FixedBootOrder ELINK Setup (0x5F3D0 string)
// - BootOrderToBoot processing
// - Legacy vs UEFI boot device ordering
// - Lenovo-specific dual device mapping
// - SCE (Setup Configuration Engine) variable save
// - BBS boot device management
//
// ============================================================================
// TCG STORAGE SECURITY (OPAL)
// ============================================================================
// The TCG storage security functions manage:
// - OPAL SSC (Security Subsystem Class) devices
// - TCG password checking per OPAL protocol
// - TCG storage device enumeration
//
// Source: AmiModulePkg/TcgStorageSecurity/AmiTseTcgStorageSecurity
// Reference string: "TCGPasswordCheck", "OPAL device count = %x"
//
// ============================================================================
// QUIET BOOT LOGO
// ============================================================================
// The QuietBoot subsystem handles:
// - DrawQuietBootLogo: Display OEM logo during boot
// - GetGraphicsBitMapFromFV: Load logo bitmap from FV
// - DrawImage: Draw the bitmap to GOP framebuffer
// - BGRT (Boot Graphics Resource Table) support
// - OEMBadging protocol for logo
//
// ============================================================================
// DRIVER HEALTH
// ============================================================================
// The Driver Health subsystem:
// - CheckForDeviceNeedRepair (debug strings)
// - MatchDPHandleWithDrvHlthHndls
// - calls gBS->LocateHandleBuffer for driver health
// - Iterates EFI_DRIVER_HEALTH_PROTOCOL instances
// - Calls GetHealthStatus and Repair methods
//
// ============================================================================
// GPIO CONFIGURATION
// ============================================================================
// GPIO pad configuration with debug checks:
// - CorrectPad check (by chipset group/pad)
// - Ownership check (host vs. PMC)
// - Pin number range check
//
// References: Purley (Intel Xeon Scalable) PCH GPIO
//
// ============================================================================
// NVME / STORAGE BOOT
// ============================================================================
// NVMe boot device detection via
// gEfiNvmExpressPassThruProtocolGuid.
//
// ============================================================================
// OS WATCHDOG MANAGEMENT
// ============================================================================
// The OS WDT functions manage the OS watchdog timer:
// - Stop OS WDT on entering setup
// - Enable OS WDT on exiting setup/shell
//
// ============================================================================
// LENOVO BOOT OPTION STRING MANAGEMENT
// ============================================================================
// Functions:
// - LnvAddUefiPrefix: Adds "(PXE IP4)" / "(HDD)" prefix to boot options
// - LnvAddUefiLanSuffix: Adds slot-based suffix
// - GetSlotNumFromSmbios: Reads SMBIOS for slot number
// - ConstructLenovoBootOptionPrefix/Suffix: Full name construction
//
// ============================================================================
// OEM UPDATE DEFAULTS HOOK
// ============================================================================
// OEMUpdateDefaultsHook function sequence:
// 1. Read entire setup configuration (GetEntireConfig)
// 2. Locate IPMI transport protocol (DxeIpmiTransportProtocol)
// 3. Send IPMI command to BMC
// 4. Sync PSU RedundantMode with BMC (PSURedundantMode)
// 5. Return updated defaults
//
// ============================================================================
// BOOT IMAGE PROCESSING
// ============================================================================
/**
* TseProcessBootImages - Process boot image load (0x46E0).
*
* Iterates boot option images referenced by BootOrder.
* Loads UEFI boot images (LoadImage) and starts them (StartImage).
* Skips non-UEFI applications.
*
* Source: AmiTsePkg/EDK/MiniSetup/BootOnly/boot.c
*/
EFI_STATUS
TseProcessBootImages (
IN UINT128 *BootOptionList
)
{
// ... (boot option enumeration)
return EFI_SUCCESS;
}
//
// ============================================================================
// EFI SHELL DETECTION
// ============================================================================
/**
* TseCheckEfiShellPresent - Check if EFI Shell is available (0x4630).
*
* Looks for UEFI applications registered as boot options.
* Returns TRUE if EFI Shell or other UEFI app is present.
*/
BOOLEAN
TseCheckEfiShellPresent (VOID)
{
return TseIsEfiShellBootOptionPresent ();
}
//
// ============================================================================
// SETUP PAGE NAVIGATION
// ============================================================================
/**
* TseDisplaySetupPage - Navigate to a setup form page (0x3C90).
*
* Saves/restores watchdog and timer state around the page navigation.
*/
EFI_STATUS
TseDisplaySetupPage (
IN UINT8 Action, // 0=enter, 1=change, 2=exit
IN UINT32 PageId,
IN UINT32 VariableId,
IN UINT32 FormId,
IN UINT64 Callback,
IN UINT64 Context,
IN UINT64 Reserved
)
{
// ... (full navigation implementation)
return EFI_SUCCESS;
}
//
// ============================================================================
// CALLBACK TABLE HOOKS
// ============================================================================
/**
* TseSetupAfterBootHook - Register after-boot callback (0x461C).
*
* Registered callback for TSE_CALLBACK_AFTER_SETUP.
*/
EFI_STATUS
TseSetupAfterBootHook (VOID)
{
return TseInvokeCallbackOrDirect (
TSE_CALLBACK_AFTER_SETUP,
TseProcessSetupMenu
);
}
/**
* TseSetupDriverHealthHook - Register driver health callback (0x4690).
*/
EFI_STATUS
TseSetupDriverHealthHook (VOID)
{
return TseInvokeCallbackOrDirect (
TSE_CALLBACK_DRIVER_HEALTH,
TseDriverHealthCallback
);
}
/**
* TseSetupLoadOptionHook - Register load option callback (0x46A4).
*/
EFI_STATUS
TseSetupLoadOptionHook (VOID)
{
return TseInvokeCallbackOrDirect (
TSE_CALLBACK_LOAD_OPTIONS,
TseLoadOptionCallback
);
}
/**
* TseSetupBootNextHook - Register boot next callback (0x46B8).
*/
EFI_STATUS
TseSetupBootNextHook (VOID)
{
return TseInvokeCallbackOrDirect (
TSE_CALLBACK_BOOT_NEXT,
TseSetupBootNextCallback
);
}
/**
* TseSetupNullHook - Register null callback (0x46CC).
*/
EFI_STATUS
TseSetupNullHook (VOID)
{
return TseInvokeCallbackOrDirect (
TSE_CALLBACK_NULL,
TseNullCallback
);
}
//
// ============================================================================
// POPUP MESSAGE DISPLAY
// ============================================================================
/**
* TseShowPopupMessage - Display a popup message dialog (0x41C8).
*
* Shows a popup window with specified severity:
* 0 = INFO (white)
* 1 = WARNING (yellow)
* 2 = ERROR (red)
*
* Supports:
* - OK (1 button)
* - OK/Cancel (2 buttons)
* - Yes/No/Cancel (3 buttons)
*
* Returns user response in a6 parameter.
* - 0 = OK/Yes pressed
* - 1 = Cancel/No pressed
*/
EFI_STATUS
TseShowPopupMessage (
IN UINTN FormId,
IN UINT32 Severity, // 0=INFO, 1=WARNING, 2=ERROR
IN UINT32 Buttons, // 1=OK, 2=OK/Cancel, 3=Yes/No/Cancel
IN UINT64 Title,
IN UINT16 MessageId,
OUT INT32 *Response
)
{
// ... (popup implementation with TseDisplayWarningDialog)
return EFI_SUCCESS;
}
/**
* TseDisplayWarningDialog - Show warning dialog with icons (0x3ADC).
*
* Renders warning/error/info dialog in setup UI.
* Supports:
* - Warning triangle icon
* - Error X icon
* - Info (i) icon
* - OK / Cancel / Yes / No buttons
*/
EFI_STATUS
TseDisplayWarningDialog (
IN CONST CHAR16 *Title,
IN UINT64 Message,
IN UINT32 Flags,
IN UINT32 ButtonCount,
IN CHAR8 Action,
IN UINT32 *IconData,
IN UINT16 ButtonLayout,
...
)
{
// ... (warning dialog rendering)
return EFI_SUCCESS;
}
Ajax Dong