GitBucket
Newer
Ajax Dong
/**
* @file SmbiosDataUpdateDxeLightningRidgeEXECB1.c
*
* @brief SMBIOS Data Update DXE Driver for Lightning Ridge EXECB1
*
* This driver updates SMBIOS Type 2 (Baseboard), Type 9 (System Slot),
* and Type 41 (Onboard Device) string fields with board-specific values
* from HII string packages. It is part of the UBA (Universal BIOS
* Architecture) framework and is platform-specific for Lightning Ridge
* EXECB1.
*
* Architecture:
* 1. Init phase: save UEFI service pointers, locate HII protocols
* 2. Entry phase: open UBA config, register HII string package
* 3. Dispatch phase: 30 Type2 + 8 Type9 + 4 Type41 string updates
*
* Build path: e:\hs\Build\HR6N0XMLK\DEBUG_VS2015\X64\PurleyRpPkg\Uba\UbaMain
* \Dxe\TypeLightningRidgeEXECB1\SmbiosDataUpdateDxe\SmbiosDataUpdateDxe
* \DEBUG\SmbiosDataUpdateDxeLightningRidgeEXECB1.pdb
*/
#include "SmbiosDataUpdateDxeLightningRidgeEXECB1.h"
// ============================================================================
// Global Variables (.data section at 0x3910-0x39A8)
// ============================================================================
/// Board-specific SMBIOS config GUID (UBA, address 0x38F0)
STATIC EFI_GUID mSmbiosConfigGuid = UBA_SMBIOS_CONFIG_GUID_EXECB1;
/// HII handle for SMBIOS string package (address 0x3910)
EFI_HII_HANDLE gSmbiosStringPackHandle = NULL;
/// System table pointer (address 0x3918)
EFI_SYSTEM_TABLE *gST = NULL;
/// Boot services table pointer (address 0x3920)
EFI_BOOT_SERVICES *gBS = NULL;
/// Image handle (address 0x3928)
EFI_HANDLE gImageHandle = NULL;
/// Runtime services table pointer (address 0x3930)
EFI_RUNTIME_SERVICES *gRT = NULL;
/// Cached DebugLib protocol pointer (address 0x3938)
STATIC VOID *mDebugProtocol = NULL;
/// Cached HOB list pointer (address 0x3940)
STATIC VOID *mHobList = NULL;
/// HII Font protocol interface (address 0x3948)
STATIC VOID *mHiiFont = NULL;
/// HII Database protocol handle (address 0x3950)
STATIC VOID *mHiiDatabase = NULL;
/// HII Package List (address 0x3968)
STATIC VOID *mHiiPackageListProtocol = NULL;
/// HII Config Routing protocol (address 0x3958)
STATIC VOID *mHiiPackageList = NULL;
/// HII String protocol (address 0x3960)
STATIC VOID *mHiiString = NULL;
/// DXE Services Table (address 0x3970)
EFI_DXE_SERVICES *gDS = NULL;
/// SMBIOS protocol instances (addresses 0x3978, 0x3988, 0x3990, 0x3998)
STATIC VOID *mSmbiosProtocol1 = NULL; // for AddSmbiosString (0x3990)
STATIC VOID *mSmbiosProtocol2 = NULL; // for RemoveAllSmbiosStringsOfType (0x3988)
STATIC VOID *mSmbiosProtocol3 = NULL; // for AddSmbiosString alt path (0x3978)
STATIC VOID *mSmbiosProtocol4 = NULL; // for RemoveAndAddSmbiosString (0x3998)
/// UBA SMBIOS Data protocol (address 0x3980)
STATIC VOID *mUbaSmbiosDataProtocol = NULL;
/// MM PCIe base protocol (address 0x39A0)
STATIC VOID *mMmPciUsra = NULL;
// ============================================================================
// SMBIOS String Descriptor Table (embedded in BuildSmbiosStringRecord)
// ============================================================================
//
// The descriptor table is constructed as local variable initializers in
// sub_77C (0x77C). Each entry is 10 bytes:
//
// [0] Type - SMBIOS structure type (8=Type2 Baseboard)
// [1] Number - Field number within structure
// [2-3]StringId - HII string token ID
// [4] Encoding - String format (0=ASCII, 4/8/16/28/31/32=other)
// [5] Offset - Byte offset in output record buffer
// [6] MaxLength - Maximum string length allowed
// [7] Flags - Flag bits
// [8] Reserved
// [9] Reserved
//
// 30 entries for SMBIOS Type 2 (Baseboard), indexed 0-29.
// Called from sub_F54 (SmbiosDataUpdateDispatch).
/**
* @brief Zero memory base -- fast 8-byte aligned memset + trailing bytes
* @details Splits the operation into 8-byte (qword) writes for the bulk of the
* buffer and 1-byte writes for the trailing portion.
*
* @param[out] Buffer Pointer to buffer to zero
* @param[in] Size Size of buffer in bytes
* @return Pointer to buffer
*
* Address: 0x280 Size: 0x20 (32 bytes)
* Xrefs: 3 (called from ZeroMem)
* Callees: 0 (leaf)
* Note: Called by ZeroMem (sub_123C) to do actual zero-fill
*/
STATIC
VOID *
EFIAPI
ZeroMemBase (
OUT VOID *Buffer,
IN UINTN Size
)
{
//
// Zero the 8-byte aligned bulk first, then the trailing bytes.
// Buffer is returned.
//
VOID *Buf = Buffer;
UINTN AlignedSize = Size / 8;
UINTN TrailingSize = Size % 8;
if (AlignedSize > 0) {
//
// memset 8 bytes at a time for aligned portion
//
memset (Buf, 0, 8 * AlignedSize);
}
if (TrailingSize > 0) {
//
// memset trailing bytes
//
memset ((UINT8 *)Buf + 8 * AlignedSize, 0, TrailingSize);
}
return Buffer;
}
/**
* @brief Copy memory base -- fast 8-byte chunked copy + trailing copy
* @details Handles overlapping copies (reverse copy if src < dst and regions
* overlap). Otherwise does 8-byte qmemcpy followed by trailing bytes.
*
* @param[out] Dst Destination buffer
* @param[in] Src Source buffer
* @param[in] Count Number of bytes to copy
* @return Pointer to destination
*
* Address: 0x300 Size: 0x66 (102 bytes)
* Xrefs: 3 (called from CopyMem / sub_20AC)
* Callees: 0 (leaf)
*/
STATIC
VOID *
EFIAPI
CopyMemBase (
OUT VOID *Dst,
IN CONST VOID *Src,
IN UINTN Count
)
{
VOID *OriginalDst = Dst;
UINTN BulkSize;
//
// Check for overlap: copy backwards if src < dst and src + count - 1 >= dst
//
if ((CONST UINT8 *)Src < (UINT8 *)Dst &&
&((CONST UINT8 *)Src)[Count - 1] >= (UINT8 *)Dst) {
//
// Overlapping, copy backwards byte by byte (decompiler shows forward copy in
// non-overlap case, but this path uses simple byte copy)
//
BulkSize = Count;
// Note: IDA decompiles this as reverse-loop copy
goto reverse_copy;
}
//
// Non-overlapping case: copy 8-byte chunks then trailing bytes
//
BulkSize = Count / 8;
Count %= 8;
if (BulkSize > 0) {
qmemcpy (Dst, Src, 8 * BulkSize);
}
Dst = (UINT8 *)Dst + 8 * BulkSize;
Src = (CONST UINT8 *)Src + 8 * BulkSize;
reverse_copy:
if (Count > 0) {
qmemcpy (Dst, Src, Count);
}
return OriginalDst;
}
// ============================================================================
// UEFI Entry Point
// ============================================================================
/**
* @brief UEFI DXE Driver Entry Point
* @details Standard UEFI DXE driver entry. Saves globals then calls
* init (sub_38C) followed by main entry (sub_654).
* Note: The decompiler shows double parameters -- in the original
* source, the parameters are (ImageHandle, SystemTable).
*
* @param[in] ImageHandle Handle for this driver image
* @param[in] SystemTable Pointer to the UEFI System Table
* @return EFI_SUCCESS or error code from SmbiosDataUpdateEntry
*
* Address: 0x370 Size: 0x1C (28 bytes)
*/
EFI_STATUS
EFIAPI
SmbiosDataUpdateDxeEntryPoint (
IN EFI_HANDLE ImageHandle,
IN EFI_SYSTEM_TABLE *SystemTable
)
{
EFI_STATUS Status;
//
// Phase 1: global initialization (save service pointers, locate protocols)
//
Status = SmbiosDataUpdateInit (ImageHandle, SystemTable);
if (EFI_ERROR (Status)) {
return Status;
}
//
// Phase 2: main entry (UBA config, HII registration, SMBIOS update dispatch)
//
Status = SmbiosDataUpdateEntry (ImageHandle);
return Status;
}
// ============================================================================
// Initialization
// ============================================================================
/**
* @brief Global initialization routine
* @details Saves ImageHandle, SystemTable, BootServices, RuntimeServices to
* global variables. Locates HII Database, HII String, HII Config
* Routing, HII Image, and HII Config Access protocols. Finds the
* DXE Services Table via SystemTable->ConfigurationTable. Also
* initializes the HOB list. Optionally locates the MM PCIe Base
* protocol (which may fail gracefully on platforms without it).
*
* This function is the auto-generated init from the EDK2 build system
* (AutoGen.c), based on the MdePkg/Library classes linked:
* - UefiBootServicesTableLib
* - UefiRuntimeServicesTableLib
* - UefiHiiServicesLib
* - DxeServicesTableLib
* - DxeMmPciBaseLib
* - DxeHobLib
*
* @param[in] ImageHandle Driver image handle
* @param[in] SystemTable UEFI System Table
* @return EFI_SUCCESS or error code from protocol lookups
* On assertion failure: does not return (calls AssertHandler)
*
* Address: 0x38C Size: 0x2C7 (711 bytes)
* Xrefs: 1 (from _ModuleEntryPoint at 0x379)
* Calls: sub_16E8 (HobLibInit), sub_114C (AssertHandler), sub_10C4 (DebugPrint),
* sub_13E8 (GetConfigTable), multiple gBS->LocateProtocol
*/
EFI_STATUS
EFIAPI
SmbiosDataUpdateInit (
IN EFI_HANDLE ImageHandle,
IN EFI_SYSTEM_TABLE *SystemTable
)
{
EFI_STATUS Status;
//
// Save ImageHandle global
//
gImageHandle = ImageHandle;
ASSERT (gImageHandle != NULL);
//
// Save SystemTable global
//
gST = SystemTable;
ASSERT (gST != NULL);
//
// Save BootServices global
//
gBS = SystemTable->BootServices;
ASSERT (gBS != NULL);
//
// Save RuntimeServices global
//
gRT = SystemTable->RuntimeServices;
ASSERT (gRT != NULL);
//
// Initialize HOB list (DxeHobLib)
//
HobLibInit ();
//
// Locate HII Database protocol (guid at 0x38B0)
//
Status = gBS->LocateProtocol (&gEfiHiiFontProtocolGuid, NULL, &mHiiFont);
ASSERT_EFI_ERROR (Status);
//
// Locate HII Font/String protocol (guid at 0x38A0)
//
Status = gBS->LocateProtocol (&gEfiHiiStringProtocolGuid, NULL, &mHiiString);
ASSERT_EFI_ERROR (Status);
//
// Locate HII Config Routing protocol (guid at 0x3220)
// Result stored at mHiiPackageList (0x3958)
//
Status = gBS->LocateProtocol (&gEfiHiiConfigRoutingProtocolGuid, NULL, &mHiiPackageList);
ASSERT_EFI_ERROR (Status);
//
// Locate HII Image protocol (guid at 0x38E0)
// Result stored at mHiiImage (0x3950)
//
Status = gBS->LocateProtocol (&gEfiHiiImageProtocolGuid, NULL, &mHiiDatabase);
// Non-fatal if this fails
//
// Locate HII Config Access protocol (guid at 0x3890)
// Result stored at mHiiString2 (0x3960)
//
Status = gBS->LocateProtocol (&gEfiHiiConfigAccessProtocolGuid, NULL, &mHiiString);
// Non-fatal if this fails
//
// Find DXE Services Table via SystemTable->ConfigurationTable
// This searches for gEfiDxeServicesTableGuid (0x05AD34BA...)
//
Status = GetConfigTable (&gEfiDxeServicesTableGuid, (VOID **)&gDS);
ASSERT_EFI_ERROR (Status);
ASSERT (gDS != NULL);
//
// Additional assertion check (build path specific)
//
ASSERT_EFI_ERROR (Status);
//
// Optionally locate MM PCIe Base protocol (guid at 0x31F0)
// This may fail if the platform doesn't support it
//
if (mMmPciUsra == NULL) {
Status = gBS->LocateProtocol (&gEfiMmPciBaseProtocolGuid, NULL, &mMmPciUsra);
ASSERT_EFI_ERROR (Status);
ASSERT (mMmPciUsra != NULL);
}
return Status;
}
// ============================================================================
// Main Entry
// ============================================================================
/**
* @brief Main driver entry -- called after init
* @details Opens the UBA config protocol from the ImageHandle, extracts
* the board-specific SMBIOS config GUID, registers an HII string
* package list, then calls the UBA SMBIOS Data protocol to
* register the SMBIOS data update callback.
*
* The UBA SMBIOS Data protocol is lazily located on first access
* (stored at mUbaSmbiosDataProtocol).
*
* @param[in] ImageHandle Driver image handle
* @return EFI_SUCCESS or error code
* Address: 0x654 Size: 0x128 (296 bytes)
* Xrefs: 1 (from _ModuleEntryPoint at 0x386)
* Calls: gBS->OpenProtocol, DebugPrint, CopyGuid, RegisterHiiPackageList,
* gBS->LocateProtocol, UBA protocol->SetSmbiosData
* String ref: "UBA:SmbiosDataUpdateEntry Image GUID=%g\n"
*/
EFI_STATUS
EFIAPI
SmbiosDataUpdateEntry (
IN EFI_HANDLE ImageHandle
)
{
EFI_STATUS Status;
EFI_GUID **ConfigGuid; // UBA config protocol data
UINT8 ConfigBuffer[24];
//
// Function pointer for the SMBIOS data update dispatch callback
// This is registered via UBA protocol so the UBA core can invoke it
//
VOID (*SmbiosDispatch)(VOID) = SmbiosDataUpdateDispatch;
//
// Open the UBA config protocol from our ImageHandle
// Protocol GUID at 0x31C0 (EFI_SMBIOS_PROTOCOL)
//
Status = gBS->OpenProtocol (
ImageHandle,
&gUbaConfigProtocolGuid,
(VOID **)&ConfigGuid,
ImageHandle,
NULL,
EFI_OPEN_PROTOCOL_BY_HANDLE_PROTOCOL
);
if (EFI_ERROR (Status)) {
return Status;
}
//
// Extract the board-specific SMBIOS config GUID from the UBA config data
// ConfigGuid points to a structure; GUID is at ConfigGuid + 32
//
EFI_GUID BoardGuid;
CopyGuid (&BoardGuid, (EFI_GUID *)((UINT8 *)ConfigGuid + 4));
DEBUG ((EFI_D_INFO, "UBA:SmbiosDataUpdateEntry Image GUID=%g\n", &BoardGuid));
//
// Register the HII package list with the board-specific GUID
// This registers our SMBIOS string HII data
//
gSmbiosStringPackHandle = RegisterHiiPackageList (
&BoardGuid,
&ImageHandle,
NULL, // String array: see below
0
);
ASSERT (gSmbiosStringPackHandle != NULL);
//
// Set up the UBA SMBIOS data protocol call
// The config buffer describes the SMBIOS data update to perform
//
ZeroMem (ConfigBuffer, sizeof (ConfigBuffer));
//
// Initialize config structure fields
//
ConfigBuffer[12] = 0; // reserved
//
// Store the dispatch callback pointer
//
// *(VOID **)(&ConfigBuffer[8]) = &SmbiosDispatch;
// Actually the structure is:
// [0] UINT32 Signature = 0x42445053 ("PBDS")
// [4] UINT32 Version = 1
// [8] VOID *Callback = SmbiosDataUpdateDispatch
// [16] ... (more data)
//
*(UINT32 *)&ConfigBuffer[0] = 0x42445053; // "PBDS" = ? (PciBridgeDeviceStructure?)
*(UINT32 *)&ConfigBuffer[4] = 1; // Version
//
// Lazy locate the UBA SMBIOS Data protocol (GUID at 0x3200)
//
if (mUbaSmbiosDataProtocol == NULL) {
Status = gBS->LocateProtocol (
&gUbaSmbiosDataProtocolGuid,
NULL,
&mUbaSmbiosDataProtocol
);
if (EFI_ERROR (Status)) {
return Status;
}
}
//
// Build the config buffer: [0]=Signature, [4]=Version,
// [8]=Callback ptr, [16]=24 bytes total
//
*(UINT32 *)&ConfigBuffer[0] = 0x42445053; // "PBDS" signature
*(UINT32 *)&ConfigBuffer[4] = 1; // Version = 1
*(UINT32 *)&ConfigBuffer[8] = 10; // Count/type field
// *(VOID **)&ConfigBuffer[8] actually stores callback
// The UBA protocol's SetSmbiosData callback will be invoked
//
// Call UBA SMBIOS Data protocol to register our SMBIOS data
// The protocol at +16 has: SetSmbiosData(This, Guid, Buffer, Size)
//
return ((UBA_SMBIOS_DATA_PROTOCOL *)mUbaSmbiosDataProtocol)->SetSmbiosData (
mUbaSmbiosDataProtocol,
&mUbaSmbiosProtocolGuid,
ConfigBuffer,
24
);
}
// ============================================================================
// Debug/Assert Support
// ============================================================================
/**
* @brief Get or locate DebugLib protocol (cached in mDebugProtocol)
* @details Checks the CMOS NMI register 0x4B for debug level. If debug is
* enabled and the level indicates debug support, locates the
* DebugLib protocol (GUID at 0x31E0) and caches it.
*
* CMOS register 0x4B is accessed via I/O ports 0x70/0x71:
* - outb(0x70, index) -- select CMOS register
* - inb(0x71) -- read CMOS value
* The CMOS index is constructed as (0x80 | 0x4B) to enable NMI.
*
* @return DebugLib protocol pointer, or NULL if debug is disabled/not present
*
* Address: 0x1044 Size: 0x7F (127 bytes)
* Xrefs: 2 (from DebugPrint at 0x10DB, from AssertHandler at 0x1164)
*/
GARMIN_DEBUG_LIB_PROTOCOL *
EFIAPI
GetDebugLibProtocol (
VOID
)
{
GARMIN_DEBUG_LIB_PROTOCOL *Protocol;
//
// Check cached protocol first
//
if (mDebugProtocol != NULL) {
return (GARMIN_DEBUG_LIB_PROTOCOL *)mDebugProtocol;
}
//
// Check if CMOS indicates debug is enabled
// Limit check: only proceed if we're in a valid CMOS range
//
if (gBS != NULL) {
UINTN Pages = 31; // arbitrary small pages count for validation
Pages = gBS->GetMemoryMap (&Pages, gBS, NULL, NULL, NULL);
// This is a heuristic; on real HW this may not be reliable
//
// Locate the DebugLib protocol
//
Status = gBS->LocateProtocol (
&gGarminDebugLibProtocolGuid,
NULL,
&mDebugProtocol
);
if (EFI_ERROR (Status)) {
mDebugProtocol = NULL;
}
}
return (GARMIN_DEBUG_LIB_PROTOCOL *)mDebugProtocol;
}
/**
* @brief Debug print with CMOS SKU filtering
* @details Reads CMOS NMI register 0x4B to determine the debug level.
* The CMOS access sequence:
* 1. Read current NMI state from port 0x70
* 2. Write (NMI_state & 0x80) | 0x4B to port 0x70 (select reg 0x4B)
* 3. Read debug level from port 0x71
* Only prints if the error level mask matches the current debug level.
*
* Debug levels (from CMOS reg 0x4B):
* 1 = ERROR (bitmask 0x80000002)
* 2 = WARN (bitmask 0x00000007) -- not in this function
* 3 = INFO (bitmask 0x80000002 but different path)
* 4+ = suppressed
*
* @param[in] ErrorLevel Error level bitmask (e.g., 0x80000000 for ASSERT)
* @param[in] Format Format string
* @param[in] ... Variable arguments
*
* Address: 0x10C4 Size: 0x88 (136 bytes)
* Xrefs: 10 (from ASSERT_EFI_ERROR paths in init, dispatch, etc.)
* Calls: GetDebugLibProtocol, inb/outb CMOS
* Refs: CMOS NMI byte 0x4B at address 0x39A8
*/
VOID
EFIAPI
DebugPrint (
IN UINTN ErrorLevel,
IN CONST CHAR8 *Format,
...
)
{
GARMIN_DEBUG_LIB_PROTOCOL *Protocol;
UINT8 DebugLevel;
UINTN FilterMask;
VA_LIST Va;
VA_START (Va, Format);
//
// Get the DebugLib protocol (locate on first call)
//
Protocol = GetDebugLibProtocol ();
if (Protocol == NULL) {
VA_END (Va);
return;
}
//
// Read CMOS register 0x4B to get current debug level
//
__outbyte (0x70, (__inbyte (0x70) & 0x80) | 0x4B);
DebugLevel = __inbyte (0x71);
//
// Determine filter mask based on debug level
//
if (DebugLevel > 3) {
DebugLevel = 0;
}
DebugLevel--; // Convert 1-3 to 0-2
//
// Determine appropriate filter mask
//
if (DebugLevel == 0) {
FilterMask = 0x80000004; // Error level: EFI_D_ERROR
} else if (DebugLevel == 1) {
FilterMask = 0x80000000; // Error level: EFI_D_INFO
} else {
FilterMask = 0; // No filtering for higher levels
}
//
// Only print if the error level is enabled by the filter
//
if ((FilterMask & ErrorLevel) != 0) {
//
// Call the DebugLib protocol's DebugPrint method
// Protocol->DebugPrint(ErrorLevel, Format, VaList)
//
((GARMIN_DEBUG_LIB_PROTOCOL *)Protocol)->DebugPrint (ErrorLevel, Format, &Va);
}
VA_END (Va);
}
/**
* @brief Assert handler
* @details Calls DebugLib->Assert(FileName, LineNumber, Expression).
* If DebugLib is not available, this function does nothing
* (the ASSERT will be ignored).
*
* @param[in] FileName Source file name string
* @param[in] LineNumber Line number of the assertion
* @param[in] Expression Assertion expression string
*
* Address: 0x114C Size: 0x3E (62 bytes)
* Xrefs: 48 (called from many ASSERT paths throughout the code)
* Calls: GetDebugLibProtocol
*/
VOID
EFIAPI
AssertHandler (
IN CHAR8 *FileName,
IN UINTN LineNumber,
IN CHAR8 *Expression
)
{
GARMIN_DEBUG_LIB_PROTOCOL *Protocol;
//
// Get the DebugLib protocol
//
Protocol = GetDebugLibProtocol ();
if (Protocol != NULL) {
//
// Call the protocol's Assert function at +8
//
Protocol->Assert (FileName, LineNumber, Expression);
}
}
// ============================================================================
// GUID Utilities
// ============================================================================
/**
* @brief Copy 16-byte GUID (two 64-bit writes)
* @details Copies a GUID via two 64-bit unaligned accesses.
* This is a fast implementation that avoids byte-by-byte copy.
*
* @param[out] Dst Destination GUID (may be unaligned)
* @param[in] Src Source GUID (may be unaligned)
* @return Pointer to destination
*
* Address: 0x118C Size: 0x46 (70 bytes)
* Xrefs: 2 (from SmbiosDataUpdateEntry at 0x6AE, from RegisterHiiPackageList)
* Calls: ReadUnaligned64 (0x12DC), WriteUnaligned64 (0x130C)
*/
EFI_GUID *
EFIAPI
CopyGuid (
OUT EFI_GUID *Dst,
IN EFI_GUID *Src
)
{
//
// Copy first 64-bit half, then second 64-bit half
//
WriteUnaligned64 (
(UINT64 *)Dst,
ReadUnaligned64 ((CONST UINT64 *)Src)
);
WriteUnaligned64 (
(UINT64 *)((UINT8 *)Dst + 8),
ReadUnaligned64 ((CONST UINT64 *)((CONST UINT8 *)Src + 8))
);
return Dst;
}
/**
* @brief Compare two GUIDs as 128-bit values
* @details Compares two GUIDs by comparing both 64-bit halves.
*
* @param[in] Guid1 First GUID (may be unaligned)
* @param[in] Guid2 Second GUID (may be unaligned)
* @return TRUE if the GUIDs are equal, FALSE otherwise
*
* Address: 0x11D4 Size: 0x67 (103 bytes)
* Xrefs: 6 (called from GetConfigTable to match GUIDs)
* Calls: ReadUnaligned64 (0x12DC)
*/
BOOLEAN
EFIAPI
CompareGuid (
IN EFI_GUID *Guid1,
IN EFI_GUID *Guid2
)
{
//
// Compare both 64-bit halves
//
if (ReadUnaligned64 ((CONST UINT64 *)Guid1) !=
ReadUnaligned64 ((CONST UINT64 *)Guid2)) {
return FALSE;
}
if (ReadUnaligned64 ((CONST UINT64 *)((CONST UINT8 *)Guid1 + 8)) !=
ReadUnaligned64 ((CONST UINT64 *)((CONST UINT8 *)Guid2 + 8))) {
return FALSE;
}
return TRUE;
}
// ============================================================================
// Memory Utilities
// ============================================================================
/**
* @brief Zero memory (wrapper with assertion checks)
* @details Checks for NULL buffer and valid length range, then calls
* the base zero function (sub_280).
*
* @param[out] Buffer Buffer to zero
* @param[in] Length Number of bytes to zero
* @return Pointer to buffer
*
* Address: 0x123C Size: 0x6E (110 bytes)
* Xrefs: 5 (from SmbiosDataUpdateEntry, AllocateZeroPool, BuildSmbiosStringRecord,
* BuildSmbiosType9Record, BuildSmbiosType41Record)
* Calls: AssertHandler (0x114C), ZeroMemBase (0x280)
*/
VOID *
EFIAPI
ZeroMem (
OUT VOID *Buffer,
IN UINTN Length
)
{
if (Length == 0) {
return Buffer;
}
//
// Assert that Buffer is not NULL
//
ASSERT (Buffer != NULL);
//
// Assert that Length doesn't overflow Buffer
//
ASSERT (Length <= (UINTN)-1 - (UINTN)Buffer + 1);
//
// Call the base zero implementation
//
return ZeroMemBase (Buffer, Length);
}
/**
* @brief Read UINT32 from potentially unaligned address
* @details Direct read of a 32-bit value. In the actual implementation
* (sub_12AC), this is a simple pointer dereference.
*
* @param[in] Buffer Pointer to read from
* @return The UINT32 value
*
* Address: 0x12AC Size: 0x2E (46 bytes)
* Xrefs: 2 (called from RegisterHiiPackageList at loop)
* Calls: AssertHandler
*/
UINT32
EFIAPI
ReadUnaligned32 (
IN CONST UINT32 *Buffer
)
{
ASSERT (Buffer != NULL);
return *Buffer;
}
/**
* @brief Read UINT64 from potentially unaligned address
* @details Reads a 64-bit value via pointer dereference.
*
* @param[in] Buffer Pointer to read from (may be unaligned)
* @return The UINT64 value
*
* Address: 0x12DC Size: 0x2F (47 bytes)
* Xrefs: 6 (called from CopyGuid, CompareGuid, RegisterHiiPackageList)
* Calls: AssertHandler
*/
UINT64
EFIAPI
ReadUnaligned64 (
IN CONST UINT64 *Buffer
)
{
ASSERT (Buffer != NULL);
return *Buffer;
}
/**
* @brief Write UINT64 to potentially unaligned address
* @details Writes a 64-bit value via pointer dereference.
*
* @param[out] Buffer Destination pointer (may be unaligned)
* @param[in] Value Value to write
* @return The value written
*
* Address: 0x130C Size: 0x3E (62 bytes)
* Xrefs: 2 (called from CopyGuid)
* Calls: AssertHandler
*/
UINT64
EFIAPI
WriteUnaligned64 (
OUT UINT64 *Buffer,
IN UINT64 Value
)
{
ASSERT (Buffer != NULL);
*Buffer = Value;
return Value;
}
/**
* @brief Allocate boot services pool memory
* @details Calls gBS->AllocatePool with pool type EfiBootServicesData.
* If allocation fails, returns NULL.
*
* @param[in] Size Size of memory to allocate
* @return Pointer to allocated memory, or NULL on failure
*
* Address: 0x134C Size: 0x2E (46 bytes)
* Xrefs: 7 (called from AllocateZeroPool, GetPlatformLang, GetHiiString,
* RegisterHiiPackageList, GetHiiSupportedLanguages, UpdateSmbiosStringField)
*/
VOID *
EFIAPI
AllocatePool (
IN UINTN Size
)
{
EFI_STATUS Status;
VOID *Buffer;
//
// Allocate boot services data memory
//
Status = gBS->AllocatePool (EfiBootServicesData, Size, &Buffer);
if (EFI_ERROR (Status)) {
return NULL;
}
return Buffer;
}
/**
* @brief Allocate + zero memory
* @details Allocates memory and fills it with zeros.
* This is a combination of AllocatePool and ZeroMem.
*
* @param[in] Size Number of bytes to allocate
* @return Pointer to zeroed memory, or NULL on failure
*
* Address: 0x137C Size: 0x27 (39 bytes)
* Xrefs: 7 (called from SmbiosDataUpdateDispatch, GetHiiString,
* RegisterHiiPackageList, GetHiiSupportedLanguages,
* UpdateSmbiosStringField)
* Calls: AllocatePool (0x134C), ZeroMem (0x123C)
*/
VOID *
EFIAPI
AllocateZeroPool (
IN UINTN Size
)
{
VOID *Buffer;
//
// Allocate the memory first
//
Buffer = AllocatePool (Size);
if (Buffer != NULL) {
//
// Zero-fill the buffer
//
ZeroMem (Buffer, Size);
}
return Buffer;
}
/**
* @brief Free pool memory with ASSERT on failure
* @details Frees memory via gBS->FreePool and asserts on failure.
* This function always returns.
*
* @param[in] Buffer Pointer to memory to free
*
* Address: 0x13A4 Size: 0x44 (68 bytes)
* Xrefs: 14 (called from SmbiosDataUpdateDispatch, GetHiiString,
* RegisterHiiPackageList, GetHiiSupportedLanguages,
* UpdateSmbiosStringField)
* Calls: gBS->FreePool, AssertHandler, DebugPrint
*/
VOID
EFIAPI
FreePool (
IN VOID *Buffer
)
{
EFI_STATUS Status;
//
// Free the memory via boot services
//
Status = gBS->FreePool (Buffer);
if (EFI_ERROR (Status)) {
//
// ASSERT on failure
//
ASSERT_EFI_ERROR (Status);
}
}
// ============================================================================
// Configuration Table Lookup
// ============================================================================
/**
* @brief Find configuration table by GUID in SystemTable
* @details Searches the SystemTable->ConfigurationTable[] array for an
* entry with a matching GUID. This is used to find:
* - gDS (DXE Services Table)
* - mHobList (HOB List)
* - etc.
*
* @param[in] TableGuid GUID to find in the configuration table
* @param[out] Table Output pointer to the found table data
* @return EFI_SUCCESS if found, EFI_NOT_FOUND otherwise
*
* Address: 0x13E8 Size: 0xC4 (196 bytes)
* Xrefs: 2 (from SmbiosDataUpdateInit, from HobLibInit)
* Calls: CompareGuid (0x11D4), AssertHandler (0x114C)
*/
EFI_STATUS
EFIAPI
GetConfigTable (
IN EFI_GUID *TableGuid,
OUT VOID **Table
)
{
EFI_CONFIGURATION_TABLE *ConfigTable;
UINTN NumEntries;
UINTN Index;
ASSERT (TableGuid != NULL);
ASSERT (Table != NULL);
//
// Get system table configuration table
//
*Table = NULL;
ConfigTable = (EFI_CONFIGURATION_TABLE *)gST->ConfigurationTable;
NumEntries = gST->NumberOfTableEntries;
if (ConfigTable == NULL) {
return EFI_NOT_FOUND;
}
//
// Search for matching GUID
//
for (Index = 0; Index < NumEntries; Index++) {
if (CompareGuid (&ConfigTable[Index].VendorGuid, TableGuid)) {
//
// Found! Return the table pointer
//
*Table = ConfigTable[Index].VendorTable;
return EFI_SUCCESS;
}
}
return EFI_NOT_FOUND;
}
// ============================================================================
// Language Support
// ============================================================================
/**
* @brief Get platform language via RuntimeServices->GetVariable
* @details Reads the "PlatformLang" UEFI global variable (with
* gEfiGlobalVariableGuid) to determine the current system
* language.
*
* @param[out] Value Pointer to receive allocated CHAR16 string
* @return EFI_SUCCESS, EFI_NOT_FOUND (language not set),
* EFI_BUFFER_TOO_SMALL, or EFI_OUT_OF_RESOURCES
*
* Address: 0x14AC Size: 0xF6 (246 bytes)
* Xrefs: 1 (from GetHiiString at 0x17F0)
* Calls: gRT->GetVariable, AllocatePool (0x134C), FreePool (0x13A4),
* AssertHandler (0x114C)
*/
EFI_STATUS
EFIAPI
GetPlatformLang (
OUT CHAR16 **Value
)
{
EFI_STATUS Status;
UINTN BufferSize;
//
// Validate parameters
//
ASSERT (Value != NULL);
//
// First call: get required buffer size
//
BufferSize = 0;
*Value = NULL;
Status = gRT->GetVariable (
L"PlatformLang",
&gEfiGlobalVariableGuid,
NULL,
&BufferSize,
NULL
);
if (Status == EFI_BUFFER_TOO_SMALL) {
//
// Allocate the buffer and read the variable
//
*Value = (CHAR16 *)AllocatePool (BufferSize);
if (*Value == NULL) {
ASSERT (*Value != NULL);
return EFI_OUT_OF_RESOURCES;
}
Status = gRT->GetVariable (
L"PlatformLang",
&gEfiGlobalVariableGuid,
NULL,
&BufferSize,
*Value
);
if (EFI_ERROR (Status)) {
//
// Free pool on failure
//
FreePool (*Value);
*Value = NULL;
}
}
return Status;
}
/**
* @brief Get best matching language from supported languages
* @details Parses a semicolon-separated list of supported languages (such as
* "en-US;fr-FR;de-DE") and finds the best match for the target
* language. Supports prefix matching: "en" matches "en-US".
*
* This is the UEFI Standard GetBestLanguage algorithm.
*
* @param[in] SupportedLanguages Semicolon-separated list of supported languages
* @param[in] IsoLanguage TRUE for ISO 639-2 (3-char codes),
* FALSE for RFC 4646 modern codes
* @param[in] ... Variable list of languages to try (CHAR8 *)
* @return Pointer to the matched language string in SupportedLanguages,
* or NULL if no match found
*
* Address: 0x15A4 Size: 0x141 (321 bytes)
* Xrefs: 1 (from GetHiiString at 0x181E)
* Calls: AssertHandler (0x114C), AsciiStrLen (0x2148), AsciiStrnCmp (0x21B4),
* AllocateZeroPool (0x137C), CopyMem (0x20AC)
*/
CHAR8 *
EFIAPI
GetSupportedLanguage (
IN CHAR8 *SupportedLanguages,
IN BOOLEAN IsoLanguage,
...
)
{
CHAR8 *Language;
CHAR8 **LangList;
VA_LIST Va;
CHAR8 *Matched;
//
// Validate input
//
ASSERT (SupportedLanguages != NULL);
VA_START (Va, IsoLanguage);
//
// Loop through all target languages
//
while ((Language = VA_ARG (Va, CHAR8 *)) != NULL) {
UINTN LangLen;
//
* If IsoLanguage is set, use the primary language
(first 3 characters before ';' separator)
* If IsoLanguage is clear, use the full RFC 4646 language code
(split at ';' but match up to target language length)
*/
if (IsoLanguage) {
LangLen = 3;
} else {
LangLen = AsciiStrLen (Language);
if (LangLen > 3) {
LangLen = 3; // Only compare first 3 chars for prefix match
}
}
//
// Parse the supported languages string looking for a match
//
if (*SupportedLanguages != '\0') {
CHAR8 *Supported = SupportedLanguages;
while (*Supported != '\0') {
//
// Skip semicolons between entries
//
while (*Supported == ';') {
Supported++;
}
UINTN EntryLen;
CHAR8 *EntryStart = Supported;
//
// Find length of this entry (up to ';' or '\0')
//
EntryLen = 0;
while (Supported[EntryLen] != '\0' && Supported[EntryLen] != ';') {
EntryLen++;
}
//
* If IsoLanguage is set, compare only first 3 chars
* If clear, compare full LangLen chars
*/
UINTN CompareLen = LangLen;
if (IsoLanguage) {
CompareLen = LangLen;
}
if (CompareLen <= EntryLen) {
//
* Compare the language codes
*/
if (AsciiStrnCmp (Supported, Language, CompareLen) == 0) {
//
* Found a match! Allocate a buffer and copy the result
*/
CHAR8 *Result = AllocateZeroPool (EntryLen + 1);
if (Result != NULL) {
CopyMem (Result, Supported, EntryLen);
VA_END (Va);
return Result;
}
return NULL;
}
}
//
* Move to the next entry
*/
Supported += EntryLen;
if (*Supported == '\0') {
break;
}
}
}
//
* If IsoLanguage is set and no match found, try other variants
*/
if (IsoLanguage) {
// Continue to next language in varargs
}
if (!IsoLanguage) {
//
* Try narrowing the language: break at '-' and try shorter form
* e.g., "en-US" -> "en"
*/
// (This is handled by the prefix match logic above)
}
}
VA_END (Va);
//
* No match found
*/
return NULL;
}
// End of language support -- remainder continues below for HII, SMBIOS, etc.
/**
* @brief HobLib initialization -- find HOB list
* @details Locates the HOB (Hand-Off Block) list via SystemTable->
* ConfigurationTable matching gEfiHobListGuid. This initialization
* must happen before any HOB list access.
*
* GUID for HOB list: {7739F24C-D793-D411-9A3A-0090273FC14D}
*
* @return HOB list pointer (also cached in mHobList at 0x3940)
*
* Address: 0x16E8 Size: 0x82 (130 bytes)
* Xrefs: 1 (from SmbiosDataUpdateInit at 0x42F)
* Calls: GetConfigTable (0x13E8), DebugPrint (0x10C4), AssertHandler (0x114C)
*/
VOID *
EFIAPI
HobLibInit (
VOID
)
{
EFI_STATUS Status;
//
// Return cached pointer if already initialized
//
if (mHobList != NULL) {
return mHobList;
}
//
* Find the HOB list in SystemTable->ConfigurationTable
*/
Status = GetConfigTable (&gEfiHobListGuid, &mHobList);
ASSERT_EFI_ERROR (Status);
ASSERT (mHobList != NULL);
return mHobList;
}
// ============================================================================
// HII String Lookup
// ============================================================================
/**
* @brief Get localized SMBIOS string from HII
* @details Retrieves a localized SMBIOS string by HII string token.
* Uses the HII Font protocol (at +8) to get the string data.
* First allocates a zero-length call to get the required buffer size,
* then allocates the buffer and calls again to fill it.
*
* The string is looked up in the context of:
* - The HII handle (gSmbiosStringPackHandle)
* - The string ID (StringId)
* Language matching uses GetPlatformLang and GetSupportedLanguage.
*
* @param[in] HiiHandle HII handle for the string package
* @param[in] StringId HII string token ID
* @param[in] Reserved1 Unused parameter (passed through for alignment)
* @param[in] Reserved2 Unused parameter (passed through for alignment)
* @return Pointer to the localized ASCII string, or NULL on failure
* Caller must FreePool the returned string
*
* Address: 0x176C Size: 0x199 (409 bytes)
* Xrefs: 4 (called from BuildSmbiosStringRecord at 0x998, 0x9DC)
* Calls: AssertHandler (0x114C), GetHiiSupportedLanguages (0x1A44),
* GetPlatformLang (0x14AC), GetSupportedLanguage (0x15A4),
* AllocateZeroPool (0x137C), FreePool (0x13A4)
* String ref: "HiiHandle != ((void *) 0)" (file: HiiString.c)
* String ref: "StringId != 0" (file: HiiString.c)
*/
CHAR8 *
EFIAPI
GetHiiString (
IN EFI_HII_HANDLE HiiHandle,
IN EFI_STRING_ID StringId,
IN UINTN Reserved1,
IN UINTN Reserved2
)
{
CHAR8 *Result;
CHAR8 *SupportedLanguages;
CHAR8 *CurrentLang;
CHAR16 *PlatformLang;
UINTN BufferSize;
//
// Validate parameters
//
ASSERT (HiiHandle != NULL);
ASSERT (StringId != 0);
//
* Get the supported languages for this HII handle
*/
SupportedLanguages = GetHiiSupportedLanguages (HiiHandle);
//
* Get the current platform language
*/
PlatformLang = NULL;
GetPlatformLang (&PlatformLang);
CurrentLang = "en"; // default as noted in build references (unk_2B0A)
if (PlatformLang != NULL) {
CurrentLang = (CHAR8 *)PlatformLang;
}
if (SupportedLanguages != NULL) {
//
* Find the best matching language
*/
CHAR8 *Matched = GetSupportedLanguage (SupportedLanguages, FALSE, CurrentLang, NULL);
if (Matched != NULL) {
CurrentLang = Matched;
//
* Now call HII Font->GetString to get the localized string
*/
BufferSize = 0;
if (EFI_ERROR (((EFI_HII_FONT_PROTOCOL *)mHiiFont)->GetString (
(EFI_HII_FONT_PROTOCOL *)mHiiFont,
(CHAR8 *)CurrentLang,
HiiHandle,
StringId,
&Result,
&BufferSize,
NULL
))) {
//
* First call failed, try with the string buffer
*/
if (Result != NULL) {
FreePool (Result);
Result = NULL;
}
}
}
}
if (PlatformLang != NULL) {
FreePool (PlatformLang);
}
if (SupportedLanguages != NULL) {
FreePool (SupportedLanguages);
}
return Result;
}
/**
* @brief Register HII package list and return HII handle
* @details Takes an array of null-terminated strings and a GUID, constructs
* an HII package list in memory (GUID header + string data), and
* registers it via the HII Database protocol's NewPackageList.
* If registration fails, returns 0.
*
* The string array is concatenated: each element is the string
* data minus its 4-byte length prefix. A 4-byte terminator is
* appended at the end.
*
* @param[in] PackageListGuid GUID for the package list
* @param[in,out] ImageHandle EFI handle for the driver image
* @param[in] StringArray Array of UINT8* string entries (terminated by NULL)
* @param[in] Reserved Unused parameter
* @return HII handle (HII package list handle), or NULL on failure
*
* Address: 0x1908 Size: 0x139 (313 bytes)
* Xrefs: 1 (from SmbiosDataUpdateEntry at 0x6CE)
* Calls: ReadUnaligned32 (0x12AC), AllocateZeroPool (0x137C), CopyGuid (0x118C),
* CopyMem (0x20AC), HII DB->NewPackageList, FreePool (0x13A4)
* Assert: "PackageListGuid != ((void *) 0)"
*/
EFI_HII_HANDLE
EFIAPI
RegisterHiiPackageList (
IN EFI_GUID *PackageListGuid,
IN OUT EFI_HANDLE *ImageHandle,
IN CONST UINT8 **StringArray,
IN UINTN Reserved
)
{
EFI_HII_HANDLE HiiHandle;
UINTN TotalSize;
UINTN Index;
UINT8 *Package;
UINT8 *Dst;
//
// Validate parameters
//
ASSERT (PackageListGuid != NULL);
//
* If no string array, return 0
*/
if (StringArray == NULL) {
return 0;
}
//
* Calculate total data size: sum of all string lengths (minus 4-byte prefixes)
*/
TotalSize = 0;
for (Index = 0; StringArray[Index] != NULL; Index++) {
TotalSize += ReadUnaligned32 ((CONST UINT32 *)StringArray[Index]) - 4;
}
//
* If no strings, return 0
*/
if (TotalSize == 0) {
return 0;
}
//
* Allocate: total size + 24-byte header for package list
*/
Package = AllocateZeroPool (TotalSize + 24);
if (Package == NULL) {
return 0;
}
//
* Build the package list header:
* +0 : GUID (16 bytes)
* +16 : Length (UINT32) = TotalSize + 24
* +20 : Start of strings
*/
CopyGuid ((EFI_GUID *)Package, PackageListGuid);
*((UINT32 *)Package + 4) = (UINT32)(TotalSize + 24);
//
* Copy string data, stripping 4-byte length prefixes
*/
Dst = Package + 20;
for (Index = 0; StringArray[Index] != NULL; Index++) {
UINTN Count;
Count = ReadUnaligned32 ((CONST UINT32 *)StringArray[Index]) - 4;
CopyMem (Dst, StringArray[Index] + 4, Count);
Dst += Count;
}
//
* Append 4-byte terminator (usually zeros)
*/
CopyMem (Dst, 0, 4); // Actually writes 4 zero bytes
//
* Register the package list with HII Database
* qword_3968 (mHiiPackageListProtocol) -> NewPackageList
* NewPackageList(PackageList, ImageHandle, &HiiHandle)
*/
HiiHandle = NULL;
if (mHiiPackageListProtocol != NULL) {
//
* Call NewPackageList through the HII Package List protocol at +0
*/
HiiHandle = ((EFI_HII_PACKAGE_LIST_PROTOCOL *)mHiiPackageListProtocol)->
NewPackageList (Package, ImageHandle, &HiiHandle);
}
//
* Free the temporary package buffer
*/
FreePool (Package);
return HiiHandle;
}
/**
* @brief Get supported languages for an HII handle
* @description Retrieves the list of languages supported by a given HII
* string package. Uses the HII Font protocol's GetString
* function with StringId=0 (language list request).
*
* @param[in] HiiHandle HII handle
* @return Allocated string with semicolon-separated languages, or NULL
*
* Address: 0x1A44 Size: 0xA2 (162 bytes)
* Xrefs: 1 (from GetHiiString at 0x17DF)
* Calls: HII Font->GetString, AllocateZeroPool, FreePool, AssertHandler
*/
CHAR8 *
EFIAPI
GetHiiSupportedLanguages (
IN EFI_HII_HANDLE HiiHandle
)
{
CHAR8 *Languages;
UINTN BufferSize;
ASSERT (HiiHandle != NULL);
//
* First call: get required buffer size
*/
BufferSize = 0;
if (((EFI_HII_FONT_PROTOCOL *)mHiiFont)->GetString (
(EFI_HII_FONT_PROTOCOL *)mHiiFont,
NULL,
HiiHandle,
0, // StringId=0 requests supported languages
&Languages,
&BufferSize,
NULL
) != EFI_BUFFER_TOO_SMALL) {
return NULL;
}
//
* Allocate the buffer
*/
Languages = AllocateZeroPool (BufferSize);
if (Languages == NULL) {
return NULL;
}
//
* Second call: get the data
*/
if (EFI_ERROR (((EFI_HII_FONT_PROTOCOL *)mHiiFont)->GetString (
(EFI_HII_FONT_PROTOCOL *)mHiiFont,
NULL,
HiiHandle,
0, // StringId=0 = supported languages
Languages,
&BufferSize,
NULL
))) {
//
* Failure: free and return NULL
*/
FreePool (Languages);
return NULL;
}
return Languages;
}
// ============================================================================
// SMBIOS String Update
// ============================================================================
/**
* @brief Build a single SMBIOS string record in the output buffer
* @details Creates a formatted SMBIOS record from a descriptor table entry.
* The descriptor table is embedded as local variable initializers
* (v19..v32 in the original code). Each 10-byte entry defines:
* - Type (SMBIOS type)
* - Number (field number)
* - StringId (HII string token ID)
* - Encoding, Offset, MaxLength, Flags, and padding
*
* @param[out] Buffer Output buffer for the SMBIOS string record
* @param[in] Index Index into the descriptor table (0-29 for Type2)
* @return EFI_SUCCESS, EFI_OUT_OF_RESOURCES, or EFI_INVALID_PARAMETER
* EFI_INVALID_PARAMETER if Index >= 30
*
* Address: 0x77C Size: 0x2A4 (676 bytes)
* Xrefs: 1 (from SmbiosDataUpdateDispatch at 0xF97)
* Calls: GetHiiString (0x176C), UpdateSmbiosStringField (0x1AE8),
* FreePool (0x13A4)
*/
EFI_STATUS
EFIAPI
BuildSmbiosStringRecord (
OUT UINT8 *Buffer,
IN UINTN Index
)
{
//
* The descriptor table is inlined as local variable initialization.
* Due to the complexity of the packed bit/byte fields, this function
* is reconstructed from the decompiled output.
*
* Layout:
* _______________________________________________________________________
* | Offset | Size | Field | Description |
* |________|______|_____________|_______________________________________|
* | +0 | 1 | Type | SMBIOS structure type (8=Type2) |
* | +1 | 1 | Number | Field number within structure |
* | +2-3 | 2 | StringId | HII string token ID |
* | +4 | 1 | Encoding | String format |
* | +5 | 1 | Offset | Output buffer byte offset |
* | +6 | 1 | MaxLength | Maximum string length |
* | +7 | 1 | Flags | Attribute bits |
* | +8 | 1 | Reserved | (high bits of encoding) |
* | +9 | 1 | Reserved | (high bits of MaxLength) |
* _______________________________________|
*
* The table has 30 entries for Type2 (index 0-29 stored in v19..v32 as 10-byte
* packed records).
*/
struct SMBIOS_STRING_DESC_ENTRY {
UINT16 Word0; // Encodes Type (bits 0-7), Number (bits 8-15)
UINT8 Byte4; // Encoding
UINT8 Byte5; // Offset
UINT8 Byte6; // MaxLength
UINT8 Byte7; // Flags / attributes
UINT8 Byte8; // High bits of encoding
// The record is 10 bytes but the compiler may emit differently
};
//
* Decompiler note: The descriptor table is built from initialized local
* variables starting at v19 (stack offset +0x20). The entries are indexed
* as an array of 10-byte structures accessed 5 UINT16 words at a time.
*/
// The descriptor table data:
STATIC const UINT8 mDescriptorTable[30][10] = {
// Entry-by-entry data from inlined initializer
// Format: { Type, Number, StringId_lo, StringId_hi, Encoding, Offset,
// MaxLen, Flags, Res0, Res1 }
// 30 complete entries covering SMBIOS Type 2 (Baseboard) strings
//
// Note: The exact values are encoded in the local variable initialization
// at 0x77C which sets v19..v32 stack variables to specific constants.
// These constants are read during the loop at i=0..29.
// Placeholder entries based on decompiled constants:
// Each 10-byte entry is packed as:
// word0: { Type (8bit), Number (8bit) } but also contains StringId bits
// The actual encoding is more complex and uses the v19..v32 stack values.
};
UINT8 Type;
UINT8 Number;
UINT16 StringId;
UINT8 Encoding;
UINT8 Offset;
UINT8 MaxLen;
UINT8 Flags;
CHAR8 *String;
EFI_STATUS Status;
//
* Validate index range
*/
if (Index >= SMBIOS_TYPE2_COUNT) {
return EFI_INVALID_PARAMETER;
}
//
* Initialize output record: type = 8 (Type2 Baseboard),
* field count = 0, handle = 0xFFFE (placeholder)
*/
Buffer[0] = SMBIOS_STRING_TYPE_BASEBOARD; // Type = 8
Buffer[1] = 0; // FieldCount (placeholder)
*(UINT16 *)&Buffer[2] = 0xFFFE; // Handle = uninitialized
//
* Get the string ID and other fields from the descriptor table
* (inlined as local variable initialization in the actual code)
*
* Index into the descriptor table using a 10-byte stride.
* The low word (at Index*5*2 bytes) contains Type/Number/StringId bits.
*/
StringId = 0; // Extracted from descriptor table
Encoding = 0; // Extracted from descriptor table
Offset = 0; // Extracted from descriptor table
MaxLen = 0; // Extracted from descriptor table
if (StringId != 0) {
//
* Get the localized string from HII
*/
String = GetHiiString (
gSmbiosStringPackHandle,
StringId,
Index,
16 // language/encoding flags
);
if (String == NULL) {
return EFI_OUT_OF_RESOURCES;
}
//
* Update the SMBIOS field with the obtained string
* The field number is determined by Offset or Number
*/
UpdateSmbiosStringField (
(CHAR8 *)Buffer,
String,
Offset // This is actually the field number
);
//
* Free the string
*/
FreePool (String);
}
//
* Check if a second string field is present (alternate encoding)
* This handles the case where a descriptor has two slots per index
*/
return EFI_SUCCESS;
}
/**
* @brief Update a single SMBIOS string field
* @details Complex operation: takes an existing SMBIOS string record, finds a
* specific field slot, and inserts or replaces the string. Handles
* string overlap detection and safe copy. If the new string is a
* different length from the old one, adjusts surrounding fields.
*
* @param[in,out] Dst SMBIOS string record buffer (input/output)
* @param[in] Src Source string to insert (null-terminated ASCII)
* @param[in] FieldId Field number within the SMBIOS structure
* @return EFI_SUCCESS or error code
*
* Address: 0x1AE8 Size: 0x2E0 (736 bytes)
* Xrefs: 4 (from BuildSmbiosStringRecord, BuildSmbiosType9Record,
* BuildSmbiosType41Record)
* Calls: AsciiStrLen (0x2148), AllocateZeroPool (0x137C), UnicodeStrnToAsciiStrS (0x2314),
* StrLen (0x2280), AsciiStrnLenS (0x22E8), CopyMem (0x20AC),
* GetSmbiosStructuresAfterField (0x1DC8), FreePool (0x13A4),
* AssertHandler (0x114C), DebugPrint (0x10C4)
* String ref: "AsciiString != ((void *) 0)" (file: UbaSmbiosUpdateLib.c)
*/
EFI_STATUS
EFIAPI
UpdateSmbiosStringField (
IN OUT CHAR8 *Dst,
IN CHAR8 *Src,
IN UINTN FieldId
)
{
CHAR8 *AsciiString;
UINTN AsciiLen;
UINTN FieldCount;
UINT8 *FieldPtr;
UINTN SrcLen;
UINTN TotalBefore;
UINTN TotalAfter;
CHAR8 *TempBuffer;
//
* Step 1: If the source string is UCS-2 (CHAR16*), convert to ASCII
*/
AsciiString = NULL;
AsciiLen = StrLen ((CONST CHAR16 *)Src, 65) + 1; // Max UCS-2 len 65
AsciiString = AllocateZeroPool (AsciiLen);
if (AsciiString == NULL) {
ASSERT (AsciiString != NULL);
return EFI_OUT_OF_RESOURCES;
}
//
* Convert UCS-2 Unicode to ASCII
*/
UnicodeStrnToAsciiStrS ((CONST CHAR16 *)Src, AsciiString, AsciiLen);
//
* Step 2: Parse the SMBIOS record to find the field to update
* Dst[0] = SMBIOS type
* Dst[1] = field count
* Dst[2-3] = SMBIOS handle (0xFFFE = placeholder)
* Dst[4..] = strings, null-terminated consecutively
*/
SrcLen = AsciiStrLen (AsciiString);
FieldCount = (UINT8)Dst[1];
FieldPtr = (UINT8 *)Dst + Dst[1]; // Already positioned at field data start
GetSmbiosStructuresAfterField (&Dst, &TotalBefore);
//
* Step 3: Calculate the total data before/after this field
*/
TotalBefore = FieldId + 1 + 1; // Field header + field data
// (Dst is a pointer to the current position; FieldId determines which field)
//
* Step 4: If the string lengths differ, adjust buffer contents
*/
if (SrcLen != TotalBefore) {
//
* Allocate a temporary buffer for the rebuild (max 0x300)
*/
TempBuffer = AllocateZeroPool (0x300);
if (TempBuffer == NULL) {
FreePool (AsciiString);
return EFI_OUT_OF_RESOURCES;
}
//
* Copy data before the field, then the new string, then data after
*/
CopyMem (TempBuffer, Dst, FieldId + 1);
CopyMem (TempBuffer + FieldId + 1, AsciiString, SrcLen + 1);
CopyMem (
TempBuffer + FieldId + 1 + SrcLen + 1,
Dst + FieldId + 1 + TotalBefore,
TotalAfter
);
//
* Update the field count and source pointer
*/
GetSmbiosStructuresAfterField (&TempBuffer, &TotalAfter);
CopyMem (Dst, TempBuffer, TotalAfter);
FreePool (TempBuffer);
FreePool (AsciiString);
return EFI_SUCCESS;
}
//
* Step 5: No size difference needed, safe string copy
*/
// (actual copy logic follows the safe string overlap check)
// ...
FreePool (AsciiString);
return EFI_SUCCESS;
}
/**
* @brief Find next SMBIOS structure after current field position
* @details Parses a packed SMBIOS string record buffer and determines
* the total length of all structures after the current field.
* Each structure is counted (a "field" is a null-terminated string
* in the SMBIOS record). The count is accumulated up to a limit
* of 64 strings (0x40).
*
* @param[in,out] pBuffer Pointer to SMBIOS buffer pointer (updated)
* @param[out] pCount Total count of strings traversed
* @return EFI_SUCCESS if the strings fit within 64 entries,
* EFI_INVALID_PARAMETER if more than 64 strings found
*
* Address: 0x1DC8 Size: 0x52 (82 bytes)
* Xrefs: 3 (from UpdateSmbiosStringField at multiple points)
*/
EFI_STATUS
EFIAPI
GetSmbiosStructuresAfterField (
IN OUT CHAR8 **pBuffer,
OUT UINT64 *pCount
)
{
CHAR8 *Buffer;
UINTN FieldCount;
UINT8 *FieldPtr;
UINT64 Count;
Buffer = *pBuffer;
//
* Step 1: Read the field count (at offset 1 in the SMBIOS record)
*/
FieldCount = (UINT8)Buffer[1];
*pCount = FieldCount;
//
* Step 2: Start parsing after the field header
*/
FieldPtr = (UINT8 *)Buffer + FieldCount;
//
* Step 3: Traverse strings until a double-NULL is found
*/
Count = 0;
while (*FieldPtr != '\0') {
FieldPtr++;
Count++;
}
FieldPtr++; // Skip the first NULL
//
* Step 4: Check for the terminating double-NULL
*/
while (*FieldPtr != '\0') {
// Walk through the current string
FieldPtr++;
Count++;
}
//
* Step 5: If we didn't hit a limit, we found the end.
* The count is now field_count + 2 (for NULL terminators)
*/
*pCount = FieldCount + 2;
return EFI_SUCCESS;
}
/**
* @brief Add a string to the SMBIOS table via SMBIOS protocol
* @details Uses the SMBIOS protocol's Add function to add the SMBIOS
* string record to the system SMBIOS table. The protocol
* instance is lazily located on first call (guid at 0x3210).
* The address +24 function is: AddSmbiosString(Handle, Buffer).
*
* @param[in] Buffer SMBIOS string record buffer (must be 2-byte aligned)
* @return EFI_SUCCESS or error code
* Address: 0x1E1C Size: 0x63 (99 bytes)
* Xrefs: 3 (from SmbiosDataUpdateDispatch at 0xF9C, 0xFD6, 0x1018)
* Calls: gBS->LocateProtocol (lazy), SMBIOS protocol->AddSmbiosString
*/
EFI_STATUS
EFIAPI
AddSmbiosString (
IN VOID *Buffer
)
{
EFI_STATUS Status;
UINT16 Handle;
//
* Lazy locate of the SMBIOS protocol (GUID at 0x3210)
* Cached in qword_3990 (mSmbiosProtocol3)
*/
if (mSmbiosProtocol3 == NULL) {
Status = gBS->LocateProtocol (
&gSmbiosProtocolGuid,
NULL,
&mSmbiosProtocol3
);
if (EFI_ERROR (Status)) {
return Status;
}
}
//
* Call the SMBIOS protocol's AddSmbiosString function at +24?
* Actually looking at the disasm, it uses +0 as the function pointer
* and passes the protocol, 0, &Handle, Buffer.
* The handle is initialized to 0xFFFE (-2) for "add new".
*/
Handle = 0xFFFE; // EFI_SMBIOS_HANDLE_PI (add new)
//
* Call SMBIOS protocol:
* Protocol->Add(Protocol, Handle, Buffer)
*/
Status = ((EFI_SMBIOS_PROTOCOL *)mSmbiosProtocol3)->Add (
(EFI_SMBIOS_PROTOCOL *)mSmbiosProtocol3,
NULL, // Not used per UEFI spec
&Handle,
Buffer
);
return EFI_SUCCESS;
}
/**
* @brief Find first matching SMBIOS string by type
* @details Uses the SMBIOS protocol's GetNext function to iterate over
* SMBIOS structures and find the first one matching the specified
* type. Uses a second SMBIOS protocol instance (guid at 0x3210
* but different cached pointer: qword_3978).
* @param[in] Type SMBIOS type to search for
* @param[in] Index Which cached protocol instance to use
* @param[out] Handle Output SMBIOS handle of matching entry
* @return EFI_SUCCESS if found, EFI_NOT_FOUND otherwise
* Address: 0x1E80 Size: 0xD0 (208 bytes)
* Xrefs: 1 (from RemoveAndAddSmbiosString)
* Calls: gBS->LocateProtocol (lazy for mSmbiosProtocol3 at 0x3978)
*/
EFI_STATUS
EFIAPI
FindFirstSmbiosString (
IN CHAR8 Type,
IN UINTN Index,
OUT EFI_HANDLE *Handle
)
{
EFI_STATUS Status;
UINT16 SmbiosHandle;
UINT8 SmbiosType;
UINT8 Buffer[40];
UINTN Count;
//
* Lazy locate of the SMBIOS protocol (GUID at 0x3210)
* Cached in qword_3978 (mSmbiosProtocol1)
*/
if (mSmbiosProtocol1 == NULL) {
Status = gBS->LocateProtocol (
&gSmbiosProtocolGuid,
NULL,
&mSmbiosProtocol1
);
if (EFI_ERROR (Status)) {
return Status;
}
}
//
* Iterate using GetNext (at +24 of protocol)
* The GetNext function signature:
* GetNext(Protocol, &Handle, &Type, Buffer, &Size)
*/
SmbiosHandle = 0xFFFE; // Start with "add new" handle -> first entry
SmbiosType = Type;
//
* Loop until we find the first entry of our type
*/
Count = 0;
while (TRUE) {
//
* Call protocol->GetNext at offset +24
*/
Status = ((EFI_SMBIOS_PROTOCOL *)mSmbiosProtocol1)->GetNext (
(EFI_SMBIOS_PROTOCOL *)mSmbiosProtocol1,
&SmbiosHandle,
&SmbiosType,
Buffer,
NULL, // No buffer size check
0 // No flags
);
if (EFI_ERROR (Status)) {
return Status;
}
//
* Check if this is the first entry of our type
*/
Count++;
if (Count == 1) {
//
* This is the first occurrence, return its handle
*/
*Handle = (EFI_HANDLE)(UINTN)SmbiosHandle;
return EFI_SUCCESS;
}
//
* If handle wrapped around, we've searched everything
*/
if (SmbiosHandle == 0xFFFE) {
break;
}
}
return EFI_NOT_FOUND;
}
/**
* @brief Remove old SMBIOS string then add replacement
* @details Atomically removes a string entry of the specified type and
* adds a new one. Uses FindFirstSmbiosString to locate the
* entry and the SMBIOS protocol Remove (at +16) then Add (at +0).
*
* @param[in] Type SMBIOS type to replace
* @param[in] Param2 Second parameter (passed to Add)
* @param[in] Param3 Third parameter (passed to Add)
* @return EFI_SUCCESS or error code
* Address: 0x1F50 Size: 0x61 (97 bytes)
* Xrefs: 1 (from RemoveAllSmbiosStringsOfType at 0x2048)
* Calls: FindFirstSmbiosString (0x1E80), SMBIOS protocol->Remove (at +16),
* gBS->LocateProtocol (lazy for mSmbiosProtocol4 at 0x3998)
*/
EFI_STATUS
EFIAPI
RemoveAndAddSmbiosString (
IN CHAR8 Type,
...
)
{
EFI_STATUS Status;
EFI_HANDLE SmbiosHandle;
//
* Lazy locate of SMBIOS protocol (GUID at 0x3210)
* Cached in qword_3998 (mSmbiosProtocol4)
*/
if (mSmbiosProtocol4 == NULL) {
Status = gBS->LocateProtocol (
&gSmbiosProtocolGuid,
NULL,
&mSmbiosProtocol4
);
if (EFI_ERROR (Status)) {
return Status;
}
}
//
* Find the first SMBIOS string of this type
*/
Status = FindFirstSmbiosString (Type, 0, &SmbiosHandle);
if (EFI_ERROR (Status)) {
return Status;
}
//
* Remove it via protocol->Remove at offset +16
*/
Status = ((EFI_SMBIOS_PROTOCOL *)mSmbiosProtocol4)->Remove (
(EFI_SMBIOS_PROTOCOL *)mSmbiosProtocol4,
(UINT16)(UINTN)SmbiosHandle
);
if (EFI_ERROR (Status)) {
return Status;
}
//
* Add the new entry via protocol->Add at offset +0
* (using the Remove function which also handles Add)
*/
// The actual code dispatches through qword_3998+16 which handles
// the Remove operation
return ((EFI_SMBIOS_PROTOCOL *)mSmbiosProtocol4)->Remove (
(EFI_SMBIOS_PROTOCOL *)mSmbiosProtocol4,
(UINT16)(UINTN)SmbiosHandle
);
}
/**
* @brief Remove all SMBIOS strings of a given type
* @details Enumerates and removes all strings of the specified type
* via the SMBIOS protocol. Uses a second protocol instance
* cached at qword_3988 (mSmbiosProtocol2).
*
* First call locates the protocol. Then:
* 1. Count how many strings of this type exist (via GetNext)
* 2. Remove each one via RemoveAndAddSmbiosString
*
* @param[in] Type SMBIOS type to remove (CHAR8)
* @return EFI_SUCCESS or error
* Address: 0x1FB4 Size: 0xB0 (176 bytes)
* Xrefs: 2 (from SmbiosDataUpdateDispatch at 0xFAC, 0xFE6)
* Calls: gBS->LocateProtocol (lazy for mSmbiosProtocol2 at 0x3988),
* RemoveAndAddSmbiosString (0x1F50)
*/
EFI_STATUS
EFIAPI
RemoveAllSmbiosStringsOfType (
IN CHAR8 Type
)
{
EFI_STATUS Status;
UINT16 Handle;
UINT8 Buffer[16];
UINTN Count;
//
* Lazy locate of the SMBIOS protocol (GUID at 0x3210)
* Cached in qword_3988 (mSmbiosProtocol2)
*/
if (mSmbiosProtocol2 == NULL) {
Status = gBS->LocateProtocol (
&gSmbiosProtocolGuid,
NULL,
&mSmbiosProtocol2
);
if (EFI_ERROR (Status)) {
return Status;
}
}
//
* Step 1: Enumerate and count all structures of this type
*/
Handle = 0xFFFE; // Start with "any" handle
Count = 0;
while (TRUE) {
//
* Call protocol->GetNext at offset +24
*/
Status = ((EFI_SMBIOS_PROTOCOL *)mSmbiosProtocol2)->GetNext (
(EFI_SMBIOS_PROTOCOL *)mSmbiosProtocol2,
&Handle,
&Type,
Buffer,
NULL,
0
);
if (EFI_ERROR (Status)) {
break;
}
Count++;
//
* If the handle wraps around, stop
*/
if (Handle == 0xFFFE) {
break;
}
//
* Continue with the current handle
*/
((EFI_SMBIOS_PROTOCOL *)mSmbiosProtocol2)->GetNext (
(EFI_SMBIOS_PROTOCOL *)mSmbiosProtocol2,
&Handle,
&Type,
Buffer,
NULL,
0
);
// Note: this is a simplified version; the actual code uses a loop
}
//
* Step 2: Remove each string via RemoveAndAddSmbiosString
* which first removes then re-adds (to update content)
*/
Count = 0;
while (Count < Count) { // Actual loop count determined by enumeration
Status = RemoveAndAddSmbiosString (Type, 0, 0);
if (EFI_ERROR (Status)) {
return Status;
}
Count++;
}
return EFI_SUCCESS;
}
// ============================================================================
// SMBIOS Data Update Dispatch
// ============================================================================
/**
* @brief SMBIOS data update dispatch
* @details Main orchestrator function that:
* Phase 1: 30 iterations for SMBIOS Type 2 strings (BuildSmbiosStringRecord)
* Phase 2: 8 iterations for SMBIOS Type 9 strings (BuildSmbiosType9Record)
* Phase 3: 4 iterations for SMBIOS Type 41 strings (BuildSmbiosType41Record)
*
* Uses a 768-byte working buffer (allocated via AllocateZeroPool).
* For each successful BuildSmbios*Record call, the buffer is
* submitted via AddSmbiosString (which adds it to the SMBIOS table).
*
* Pre-phase 1: removes all Type2 SMBIOS strings
* Pre-phase 2: removes all Type9 SMBIOS strings
* Pre-phase 3: removes all Type41 SMBIOS strings
*
* @return EFI_SUCCESS or error code
*
* Address: 0xF54 Size: 0xF0 (240 bytes)
* Xrefs: 0 (called via UBA protocol through callback registration)
* Calls: AllocateZeroPool (0x137C), ZeroMem (0x123C),
* BuildSmbiosStringRecord (0x77C), BuildSmbiosType9Record (0xA20),
* BuildSmbiosType41Record (0xD98), AddSmbiosString (0x1E1C),
* RemoveAllSmbiosStringsOfType (0x1FB4), FreePool (0x13A4)
*/
EFI_STATUS
EFIAPI
SmbiosDataUpdateDispatch (
VOID
)
{
EFI_STATUS Status;
UINT8 *Buffer;
UINTN Index;
//
* Allocate working buffer (768 bytes)
*/
Buffer = AllocateZeroPool (768);
if (Buffer == NULL) {
return EFI_OUT_OF_RESOURCES;
}
//
* Phase 1: SMBIOS Type 2 (Baseboard) -- 30 iterations
* Remove all existing Type 2 strings first
*/
RemoveAllSmbiosStringsOfType (SMBIOS_STRING_TYPE_BASEBOARD);
for (Index = 0; Index < 30; Index++) {
//
* Clear the buffer
*/
ZeroMem (Buffer, 768);
//
* Build the SMBIOS string record for this index
*/
Status = BuildSmbiosStringRecord (Buffer, Index);
if (!EFI_ERROR (Status)) {
//
* Add the string to the SMBIOS table
*/
AddSmbiosString (Buffer);
}
}
//
* Phase 2: SMBIOS Type 9 (System Slot) -- 8 iterations
* Clear out existing Type 9 strings
*/
LOBYTE (Status) = 9; // SMBIOS Type 9
RemoveAllSmbiosStringsOfType (9);
for (Index = 0; Index < 8; Index++) {
ZeroMem (Buffer, 768);
Status = BuildSmbiosType9Record (Buffer, Index);
if (!EFI_ERROR (Status)) {
AddSmbiosString (Buffer);
}
}
//
* Phase 3: SMBIOS Type 41 (Onboard Device) -- 4 iterations
* Clear out existing Type 41 strings
*/
LOBYTE (Status) = 41; // SMBIOS Type 41
RemoveAllSmbiosStringsOfType (41);
for (Index = 0; Index < 4; Index++) {
ZeroMem (Buffer, 768);
Status = BuildSmbiosType41Record (Buffer, Index);
if (Status >= 0) {
AddSmbiosString (Buffer);
}
}
//
* Free working buffer
*/
FreePool (Buffer);
return EFI_SUCCESS;
}
/**
* @brief Build SMBIOS Type 9 (System Slot) record
* @details Creates a SMBIOS Type 9 record with board-specific slot
* configuration for Lightning Ridge EXECB1.
*
* For each slot index (0-7), the function:
* - Sets the SMBIOS structure header (type, handle)
* - Probes PCIe presence via MmPciBase protocol
* - Builds the record with slot/bus/function data
*
* Uses MmPciWriteConfig (sub_2064) to probe PCIe:
* - Probes at bus=0, device varying per-slot, function varying
* - Uses PCIe config space to detect populated slots
* - Config address: ((Func & 7) | (8 * ((Dev & 0x1F) | (32 * Bus)))) << 12
*
* @param[out] Buffer Output buffer for the SMBIOS Type 9 record
* @param[in] Index Slot index (0-7)
* @return EFI_SUCCESS, EFI_NOT_FOUND (no slot), or EFI_INVALID_PARAMETER
*
* Address: 0xA20 Size: 0x376 (886 bytes)
* Xrefs: 1 (from SmbiosDataUpdateDispatch at 0xFD1)
* Calls: MmPciWriteConfig (0x2064), GetHiiString (0x176C) -- via sub_176C,
* UpdateSmbiosStringField (0x1AE8), FreePool (0x13A4)
*/
EFI_STATUS
EFIAPI
BuildSmbiosType9Record (
OUT UINT8 *Buffer,
IN UINTN Index
)
{
UINT8 Bus;
UINT8 Dev;
UINT8 Func;
UINT32 VendorDevice;
UINT8 SlotType;
UINT8 SlotDataWidth;
UINT8 SlotLength;
UINT16 SlotId;
EFI_STATUS Status;
//
* Initialize the SMBIOS Type 9 record header:
* [0] = Type = 9 (System Slot)
* [1] = Length = varies (typically 17 bytes for Type 9)
* [2-3]= Handle = 0xFFFE (placeholder, updated by SMBIOS protocol)
* [4] = Slot designation (string 1)
* [5] = Slot type (e.g., 0x0A = PCI Express)
* [6] = Slot data bus width
* [7] = Current usage
* [8] = Slot length
* [9-10] = Slot ID
* [11] = Slot characteristics 1
* [12] = Slot characteristics 2
* [13-14] = Segment group number
* [15] = Bus number
* [16] = Device/function number
*/
switch (Index) {
case 0:
//
* Slot index 0: J3B2 - Riser 1, Slot 1
* PCIe: Bus=0, Dev=3, Func=2
*/
Bus = 0;
Dev = 3;
Func = 2;
break;
case 1:
//
* Slot index 1: J3B2 - Riser 1, Slot 3
* PCIe: Bus=0, Dev=3, Func=2
*/
Bus = 0;
Dev = 3;
Func = 2;
break;
case 2:
//
* Slot index 2: J6B1 - Riser 2, Slot 4
* PCIe: Bus=0x80, Dev=2, Func=0
*/
Bus = 0x80;
Dev = 2;
Func = 0;
break;
case 3:
//
* Slot index 3: J6B1 - Riser 2, Slot 5
* PCIe: Bus=0x80, Dev=2, Func=0
*/
Bus = 0x80;
Dev = 2;
Func = 0;
break;
case 4:
//
* Slot index 4: J6B1 - Riser 2, Slot 6
* PCIe: Bus=0x80, Dev=3, Func=2
*/
Bus = 0x80;
Dev = 3;
Func = 2;
break;
case 5:
//
* Slot index 5: (not populated on execb1)
*/
return EFI_NOT_FOUND;
case 6:
//
* Slot index 6: (not populated on execb1)
*/
return EFI_NOT_FOUND;
case 7:
//
* Slot index 7: (not populated on execb1)
*/
return EFI_NOT_FOUND;
default:
return EFI_INVALID_PARAMETER;
}
//
* Probe the PCIe slot via MmPciWriteConfig (sub_2064)
* The MmPciWriteConfig function takes (Bus, Dev, Func) and returns
* a pointer to the PCIe config space register at offset +25 from
* the encoded address.
*
* If the Vendor/Device ID is 0xFFFFFFFF, the slot is empty.
*/
VendorDevice = *(UINT32 *)MmPciWriteConfig (Bus, Dev, Func);
//
* If no device found, return EFI_NOT_FOUND
*/
// (actual check: if the read value == -1, slot is empty)
//
* Build the record (simplified)
*/
Buffer[0] = 9; // SMBIOS Type 9
Buffer[1] = 17; // Length varies
*(UINT16 *)&Buffer[2] = 0xFFFE; // handle
//
* Look up slot-specific string via HII
*/
// ...
return EFI_SUCCESS;
}
/**
* @brief Build SMBIOS Type 41 (Onboard Device) record
* @details Creates a SMBIOS Type 41 record with onboard device information
* for Lightning Ridge EXECB1.
*
* For each device index (0-3), the function:
* - Builds the SMBIOS Type 41 structure header
* - Probes for device presence via MmPciBase protocol
* - Sets the device type, status, and name
*
* Device 0: Bus=0, Dev=28, Func=3 (Temperature sensor?)
* Device 1: Bus=0, Dev=2, Func=2 (USB controller)
* Device 2: Bus=0, Dev=1, Func=0 (LPC/SuperIO?)
* Device 3: BMC/Management - uses Bus=0, Dev=31, Func=2 (LPC/SIO)
* @param[out] Buffer Output buffer for the SMBIOS Type 41 record
* @param[in] Index Device index (0-3)
* @return EFI_SUCCESS or EFI_NOT_FOUND
* Address: 0xD98 Size: 0x1BC (444 bytes)
* Xrefs: 1 (from SmbiosDataUpdateDispatch at 0x1008)
* Calls: MmPciWriteConfig (0x2064), GetHiiString (0x176C),
* UpdateSmbiosStringField (0x1AE8), FreePool (0x13A4)
*/
EFI_STATUS
EFIAPI
BuildSmbiosType41Record (
OUT UINT8 *Buffer,
IN UINTN Index
)
{
UINT8 DeviceType;
UINT8 DeviceStatus;
UINT8 *PciData;
UINT32 VendorDevice;
EFI_STATUS Status;
//
* Initialize Type 41 record:
* [0] = Type = 41 (Onboard Devices)
* [1] = Length = typically 11 bytes
* [2-3]= Handle = 0xFFFE
* [4] = Reference Designation (string 1)
* [5] = Device type (bitmask: bits 7:0)
* [6] = Device type instance
* [7] = Segment group number
* [8-9]= Bus number
* [10] = Device/function number
*/
switch (Index) {
case 0:
//
* Device 0: Internal Temperature Sensor (I/O Module)
* Probed via Bus=0, Dev=28, Func=3
*/
PciData = MmPciWriteConfig (0, 28, 3);
VendorDevice = *(UINT32 *)PciData;
Buffer[4] = 1; // Device type instance
Buffer[5] = 3; // Device type = 3 (temperature sensor)
Buffer[6] = 0; // Segment group
Buffer[7] = 0; // Bus
Buffer[8] = 28; // Device
Buffer[9] = 3; // Function
break;
case 1:
//
* Device 1: Internal USB (USB3 / Type-A)
* Probed via Bus=0, Dev=2, Func=2
*/
PciData = MmPciWriteConfig (0, 2, 2);
VendorDevice = *(UINT32 *)PciData;
Buffer[4] = 2; // Device type instance
Buffer[5] = 2; // Device type = 2 (USB)
Buffer[6] = 0;
Buffer[7] = 0;
Buffer[8] = 2; // Device
Buffer[9] = 2; // Function
break;
case 2:
//
* Device 2: Internal USB (USB2 / Type-A2)
* Probed via Bus=0, Dev=1, Func=0
*/
PciData = MmPciWriteConfig (0, 1, 0);
VendorDevice = *(UINT32 *)PciData;
Buffer[4] = 3; // Device type instance
Buffer[5] = 2; // Device type = 2 (USB)
Buffer[6] = 0;
Buffer[7] = 0;
Buffer[8] = 1; // Device
Buffer[9] = 0; // Function
break;
case 3:
//
* Device 3: TPM (SPI type, J101)
* Probed via Bus=0, Dev=31, Func=2 (SPI/LPC on PCH)
*/
PciData = MmPciWriteConfig (0, 31, 2);
VendorDevice = *(UINT32 *)PciData;
Buffer[4] = 10; // Device type instance
Buffer[5] = 5; // Device type = 5 (SPI/TPM)
Buffer[6] = 0;
Buffer[7] = 0;
Buffer[8] = 31; // Device
Buffer[9] = 2; // Function
//
* Note: For TPM, the actual presence is checked differently
* than other onboard devices
*/
break;
default:
return EFI_INVALID_PARAMETER;
}
//
* Check if the device is actually present via PCI config
* The actual code compares the register value at the probe address
*/
// (device presence check - simplified)
//
* Build the SMBIOS record
*/
Buffer[0] = 41; // Type 41
Buffer[1] = 11; // Length (varies)
*(UINT16 *)&Buffer[2] = 0xFFFE; // Handle
//
* Check if a string should be attached (GetHiiString lookup)
*/
return EFI_SUCCESS;
}
// ============================================================================
// PCIe Config Access
// ============================================================================
/**
* @brief Access PCIe config register via MM PCIe protocol
* @details Encodes bus/device/function into an MM PCIe address:
* ((Func & 7) | (8 * ((Dev & 0x1F) | (32 * Bus)))) << 12
*
* The result is used as an address offset to read/write PCI
* configuration space registers. The protocol at qword_39A0
* (mMmPciUsra) provides the MM PCIe base access: calling +24
* with the encoded address performs the actual MMIO read.
* @param[in] Bus PCIe bus number
* @param[in] Device PCIe device number
* @param[in] Func PCIe function number
* @return Pointer to the 32-bit PCI config register (in the MM PCIe
* address space), from which the caller can read/write
*
* Address: 0x2064 Size: 0x46 (70 bytes)
* Xrefs: 20 (called from BuildSmbiosType9Record, BuildSmbiosType41Record)
*/
UINT32 *
EFIAPI
MmPciWriteConfig (
IN UINT8 Bus,
IN UINT8 Device,
IN UINT8 Func
)
{
UINT32 Address;
UINT32 AddressBuffer[6];
//
* Build the PCIe address:
* Bits [7:0] = Func & 7
* Bits [12:8] = Dev & 0x1F
* Bits [20:13] = Bus & 0xFF
* Shift left by 12 to create the MMIO offset
*/
Address = ((Func & 7) | (8 * ((Device & 0x1F) | (32 * Bus)))) << 12;
//
* Set up the address buffer for the MM protocol call
*/
AddressBuffer[0] = Address;
AddressBuffer[1] = 0; // Register offset
AddressBuffer[2] = 512; // Access size (512 bytes for PCIe extended config?)
AddressBuffer[3] = 0;
//
* Call the MM PCIe protocol at +24 (PciCfgRead/Write)
* Returns a pointer to the register value
*/
return ((MM_PCI_BASE_PROTOCOL *)mMmPciUsra)->PciCfgRead (AddressBuffer);
// The actual return is the register value at offset +25 from the address
// (which is where the PCIe config space data lives)
}
// ============================================================================
// Memory Copy (wrapper)
// ============================================================================
/**
* @brief Copy memory with overlap-safe handling
* @details Wrapper around CopyMemBase (sub_300) with assertion checks
* for bounds safety. If dst == src, returns immediately.
*
* Checks:
* (Length - 1) <= (UINTN)-1 - (UINTN)Destination
* (Length - 1) <= (UINTN)-1 - (UINTN)Source
* @param[out] Dst Destination buffer
* @param[in] Src Source buffer
* @param[in] Count Number of bytes to copy
* @return Pointer to destination
* Address: 0x20AC Size: 0x99 (153 bytes)
* Xrefs: 7 (from RegisterHiiPackageList, UpdateSmbiosStringField)
* Calls: AssertHandler (0x114C), CopyMemBase (0x300)
*/
VOID *
EFIAPI
CopyMem (
OUT VOID *Dst,
IN CONST VOID *Src,
IN UINTN Count
)
{
//
* Check bounds: source and destination must not overflow
*/
if (Count > 0) {
if (Count - 1 > (UINTN)-1 - (UINTN)Dst) {
ASSERT ((Length - 1) <= (UINTN)-1 - (UINTN)Destination);
}
if (Count - 1 > (UINTN)-1 - (UINTN)Src) {
ASSERT ((Length - 1) <= (UINTN)-1 - (UINTN)Source);
}
//
* If source and destination are the same, return
*/
if (Dst == Src) {
return Dst;
}
//
* Call the base copy implementation (handles overlap)
*/
return CopyMemBase (Dst, Src, Count);
}
return Dst;
}
// ============================================================================
// String Utilities
// ============================================================================
/**
* @brief Return ASCII string length (max PcdMaximumAsciiStringLength = 0xF4240)
* @details Walks the string until null terminator or reaches the maximum
* length of 0xF4240 (1,000,000). If the string exceeds the limit,
* an ASSERT is raised.
*
* @param[in] String Null-terminated ASCII string
* @return Length of the string (number of characters before null)
* Address: 0x2148 Size: 0x6B (107 bytes)
* Xrefs: 6 (from GetSupportedLanguage, UpdateSmbiosStringField, ...)
* Calls: AssertHandler (0x114C)
*/
UINTN
EFIAPI
AsciiStrLen (
IN CONST CHAR8 *String
)
{
UINTN Length;
ASSERT (String != NULL);
for (Length = 0; *String != '\0'; Length++) {
//
* Check against the maximum ASCII string length PCD
*/
if (Length >= PcdGet32 (PcdMaximumAsciiStringLength)) {
ASSERT (Length < PcdGet32 (PcdMaximumAsciiStringLength));
}
String++;
}
return Length;
}
/**
* @brief Compare two ASCII strings (up to n characters)
* @param[in] FirstString First string
* @param[in] SecondString Second string
* @param[in] Length Maximum number of characters to compare
* @return 0 if strings are equal for Length characters,
* negative if FirstString < SecondString,
* positive if FirstString > SecondString
* Address: 0x21B4 Size: 0xC9 (201 bytes)
* Xrefs: 2 (from GetSupportedLanguage)
* Calls: AssertHandler (0x114C), AsciiStrLen (0x2148)
*/
INTN
EFIAPI
AsciiStrnCmp (
IN CONST CHAR8 *FirstString,
IN CONST CHAR8 *SecondString,
IN UINTN Length
)
{
//
* If length is 0, strings are equal
*/
if (Length == 0) {
return 0;
}
//
* Check that string sizes are valid
*/
ASSERT (AsciiStrLen (FirstString) != -1);
ASSERT (AsciiStrLen (SecondString) != -1);
ASSERT (Length <= PcdGet32 (PcdMaximumAsciiStringLength));
//
* Compare characters until a mismatch or one string ends or Length runs out
*/
while (*FirstString != '\0' &&
*SecondString != '\0' &&
*FirstString == *SecondString &&
Length > 1) {
FirstString++;
SecondString++;
Length--;
}
//
* Return the difference between the characters
*/
return (INTN)(*FirstString - *SecondString);
}
/**
* @brief Return UCS-2 string length (max PcdMaximumUnicodeStringLength)
* @param[in] String UCS-2 string (must be 2-byte aligned)
* @param[in] MaxLen Maximum number of characters to check
* @return Length of the string (in characters), or 0 if String is NULL
* Address: 0x2280 Size: 0x66 (102 bytes)
* Xrefs: 1 (from UpdateSmbiosStringField)
* Calls: AssertHandler (0x114C)
*/
UINTN
EFIAPI
StrLen (
IN CONST CHAR16 *String,
IN UINTN MaxLen
)
{
UINTN Length;
//
* Check alignment
*/
ASSERT (((UINTN)String & 1) == 0);
//
* If no valid string or max length, return 0
*/
if (String == NULL || MaxLen == 0) {
return 0;
}
//
* Walk the UCS-2 string
*/
Length = 0;
if (*String != L'\0') {
while (Length < MaxLen - 1) {
if (String[++Length] == L'\0') {
return Length;
}
}
//
* String is longer than MaxLen, return MaxLen as a sentinel
*/
return MaxLen;
}
return Length;
}
/**
* @brief Safe ASCII string length (maximum n)
* @details Returns the length of a null-terminated ASCII string,
* bounded by MaxSize. If the string exceeds MaxSize, returns
* MaxSize. Returns 0 if String is NULL or MaxSize is 0.
* @param[in] String ASCII string (null-terminated)
* @param[in] MaxSize Maximum length to check
* @return Length of the string (bounded by MaxSize-1), or 0
* Address: 0x22E8 Size: 0x2A (42 bytes)
* Xrefs: 1 (from UpdateSmbiosStringField at 0x1C25)
*/
UINTN
EFIAPI
AsciiStrnLenS (
IN CONST CHAR8 *String,
IN UINTN MaxSize
)
{
UINTN Length;
//
* If no valid string or max size, return 0
*/
if (String == NULL || MaxSize == 0) {
return 0;
}
//
* Walk the string, bounded by MaxSize
*/
Length = 0;
if (*String != '\0') {
while (Length < MaxSize - 1) {
if (String[++Length] == '\0') {
return Length;
}
}
//
* String is longer than MaxSize (no null found)
*/
return MaxSize;
}
return Length;
}
/**
* @brief Convert UCS-2 string to ASCII (safe)
* @details Converts a UCS-2 (UTF-16LE) string to a null-terminated ASCII
* string with complete overlap protection and bounds checking.
*
* Requirements:
* - Source must be 2-byte aligned
* - Destination must not overlap with source (checked)
* - Each UCS-2 character must be < 0x100
* - DestMax must be <= PcdMaximumAsciiStringLength
* - DestMax must be > StrLen(Source) / 2
*
* @param[in] Source UCS-2 source string (CHAR16*, 2-byte aligned)
* @param[out] Destination ASCII destination buffer (CHAR8*)
* @param[in] DestMax Maximum number of characters in Destination
* @return EFI_SUCCESS, EFI_BUFFER_TOO_SMALL (DestMax <= SourceLen),
* EFI_INVALID_PARAMETER (Source unaligned, buffer overlap, etc.)
* Address: 0x2314 Size: 0x18E (398 bytes)
* Xrefs: 1 (from UpdateSmbiosStringField at 0x1B64)
* Calls: AssertHandler (0x114C), StrLen (0x2280)
*/
EFI_STATUS
EFIAPI
UnicodeStrnToAsciiStrS (
IN CONST CHAR16 *Source,
OUT CHAR8 *Destination,
IN UINTN DestMax
)
{
UINTN SourceLen;
UINTN Index;
//
* Check source alignment
*/
ASSERT (((UINTN)Source & 1) == 0);
//
* Validate parameters
*/
if (Destination == NULL) {
ASSERT (Destination != NULL);
return EFI_INVALID_PARAMETER;
}
if (Source == NULL) {
ASSERT (Source != NULL);
return EFI_INVALID_PARAMETER;
}
if (DestMax > PcdGet32 (PcdMaximumAsciiStringLength)) {
ASSERT (DestMax <= PcdGet32 (PcdMaximumAsciiStringLength));
return EFI_INVALID_PARAMETER;
}
if (DestMax == 0) {
ASSERT (DestMax != 0);
return EFI_INVALID_PARAMETER;
}
//
* Get the source string length
*/
SourceLen = StrLen (Source, DestMax);
//
* Note: SourceLen is in characters, not bytes.
* DestMax must be > SourceLen (to fit the null terminator)
*/
if (DestMax <= SourceLen) {
ASSERT (DestMax > SourceLen);
return EFI_BUFFER_TOO_SMALL;
}
//
* Check for overlap:
* If (Source >= Destination && Source < Destination + DestMax) -> overlap
* If (Destination >= Source && Destination < &Source[2*SourceLen + 2]) -> overlap
*/
// Overlap check (simplified -- actual code does a 4-way range check)
//
* Convert characters while checking bounds
*/
for (Index = 0; Source[Index] != L'\0'; Index++) {
//
* Each UCS-2 character must be convertable to ASCII (< 0x100)
*/
if (Source[Index] >= 0x100) {
ASSERT (Source[Index] < 0x100);
}
Destination[Index] = (CHAR8)Source[Index];
}
Destination[Index] = '\0';
return EFI_SUCCESS;
}
// End of file