\r
\r
BOOLEAN mIsEnterSecureBootForm = FALSE;\r
-BOOLEAN mIsSelectedSecureBootModeForm = FALSE;\r
-BOOLEAN mIsSecureBootModeChanged = FALSE;\r
\r
//\r
// OID ASN.1 Value for Hash Algorithms\r
);\r
}\r
\r
-/**\r
- Perform secure boot mode transition from User Mode by setting AuditMode \r
- or DeployedMode variable.\r
-\r
- @param[in] NewMode New secure boot mode.\r
-\r
- @retval EFI_SUCCESS Secure Boot mode transition is successful.\r
-**/\r
-EFI_STATUS\r
-TransitionFromUserMode(\r
- IN UINT8 NewMode\r
- )\r
-{\r
- UINT8 Data;\r
- EFI_STATUS Status;\r
-\r
- if (NewMode == SECURE_BOOT_MODE_AUDIT_MODE) {\r
- Data = 1;\r
- Status = gRT->SetVariable(\r
- EFI_AUDIT_MODE_NAME,\r
- &gEfiGlobalVariableGuid,\r
- EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS,\r
- sizeof(UINT8),\r
- &Data\r
- );\r
- return Status;\r
- } else if (NewMode == SECURE_BOOT_MODE_DEPLOYED_MODE) {\r
- Data = 1;\r
- Status = gRT->SetVariable(\r
- EFI_DEPLOYED_MODE_NAME,\r
- &gEfiGlobalVariableGuid,\r
- EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS,\r
- sizeof(UINT8),\r
- &Data\r
- );\r
- return Status;\r
- }\r
-\r
- //\r
- // Other case do nothing here. May Goto enroll PK page.\r
- //\r
- return EFI_SUCCESS;\r
-}\r
-\r
-/**\r
- Perform secure boot mode transition from Setup Mode by setting AuditMode \r
- variable.\r
-\r
- @param[in] NewMode New secure boot mode.\r
-\r
- @retval EFI_SUCCESS Secure Boot mode transition is successful.\r
-**/\r
-EFI_STATUS\r
-TransitionFromSetupMode(\r
- IN UINT8 NewMode\r
- )\r
-{\r
- UINT8 Data;\r
- EFI_STATUS Status;\r
-\r
- Status = EFI_INVALID_PARAMETER;\r
-\r
- if (NewMode == SECURE_BOOT_MODE_AUDIT_MODE) {\r
- Data = 1;\r
- Status = gRT->SetVariable(\r
- EFI_AUDIT_MODE_NAME,\r
- &gEfiGlobalVariableGuid,\r
- EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS,\r
- sizeof(UINT8),\r
- &Data\r
- );\r
- return Status;\r
- }\r
-\r
- //\r
- // Other case do nothing here. May Goto enroll PK page.\r
- //\r
- return EFI_SUCCESS;\r
-}\r
-\r
-/**\r
- Perform secure boot mode transition from Audit Mode. Nothing is done here,\r
- should goto enroll PK page.\r
-\r
- @param[in] NewMode New secure boot mode.\r
-\r
- @retval EFI_SUCCESS Secure Boot mode transition is successful.\r
-**/\r
-EFI_STATUS\r
-TransitionFromAuditMode(\r
- IN UINT8 NewMode\r
- )\r
-{\r
- //\r
- // Other case do nothing here. Should Goto enroll PK page.\r
- //\r
- return EFI_SUCCESS;\r
-}\r
-\r
-/**\r
- Perform secure boot mode transition from Deployed Mode by setting Deployed Mode\r
- variable to 0.\r
-\r
- @param[in] NewMode New secure boot mode.\r
-\r
- @retval EFI_SUCCESS Secure Boot mode transition is successful.\r
-**/\r
-EFI_STATUS\r
-TransitionFromDeployedMode(\r
- IN UINT8 NewMode\r
- )\r
-{\r
- UINT8 Data;\r
- EFI_STATUS Status;\r
-\r
- //\r
- // Platform specific logic. when physical presence, Allow to set DeployedMode =:0\r
- // to switch back to UserMode\r
- //\r
- if (NewMode == SECURE_BOOT_MODE_USER_MODE) {\r
- Data = 0;\r
- Status = gRT->SetVariable(\r
- EFI_DEPLOYED_MODE_NAME,\r
- &gEfiGlobalVariableGuid,\r
- EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS,\r
- sizeof(UINT8),\r
- &Data\r
- );\r
- DEBUG((EFI_D_INFO, "DeployedMode Status %x\n", Status));\r
- return Status;\r
- }\r
- return EFI_SUCCESS;\r
-}\r
-\r
-/**\r
- Perform main secure boot mode transition.\r
-\r
- @param[in] CurMode New secure boot mode.\r
- @param[in] NewMode New secure boot mode.\r
-\r
- @retval EFI_SUCCESS Secure Boot mode transition is successful.\r
-**/\r
-EFI_STATUS\r
-SecureBootModeTransition(\r
- IN UINT8 CurMode,\r
- IN UINT8 NewMode\r
- )\r
-{\r
- EFI_STATUS Status;\r
-\r
- //\r
- // Set platform to be customized mode to ensure platform specific mode switch sucess\r
- //\r
- Status = SetSecureBootMode(CUSTOM_SECURE_BOOT_MODE);\r
- if (EFI_ERROR (Status)) {\r
- return Status;\r
- }\r
-\r
- //\r
- // SecureBootMode transition\r
- //\r
- switch (CurMode) {\r
- case SECURE_BOOT_MODE_USER_MODE:\r
- Status = TransitionFromUserMode(NewMode);\r
- break;\r
-\r
- case SECURE_BOOT_MODE_SETUP_MODE:\r
- Status = TransitionFromSetupMode(NewMode);\r
- break;\r
-\r
- case SECURE_BOOT_MODE_AUDIT_MODE:\r
- Status = TransitionFromAuditMode(NewMode);\r
- break;\r
-\r
- case SECURE_BOOT_MODE_DEPLOYED_MODE:\r
- Status = TransitionFromDeployedMode(NewMode);\r
- break;\r
-\r
- default:\r
- Status = EFI_INVALID_PARAMETER;\r
- ASSERT(FALSE);\r
- }\r
-\r
- return Status;\r
-}\r
-\r
-/**\r
- Get current secure boot mode by retrieve data from SetupMode/AuditMode/DeployedMode.\r
-\r
- @param[out] SecureBootMode Current secure boot mode.\r
-\r
-**/\r
-VOID\r
-ExtractSecureBootModeFromVariable(\r
- OUT UINT8 *SecureBootMode\r
- )\r
-{\r
- UINT8 *SetupMode;\r
- UINT8 *AuditMode;\r
- UINT8 *DeployedMode;\r
-\r
- SetupMode = NULL;\r
- AuditMode = NULL;\r
- DeployedMode = NULL;\r
-\r
- //\r
- // Get AuditMode/DeployedMode from variable\r
- //\r
- GetVariable2 (EFI_SETUP_MODE_NAME, &gEfiGlobalVariableGuid, (VOID**)&SetupMode, NULL);\r
- GetVariable2 (EFI_AUDIT_MODE_NAME, &gEfiGlobalVariableGuid, (VOID**)&AuditMode, NULL);\r
- GetVariable2 (EFI_DEPLOYED_MODE_NAME, &gEfiGlobalVariableGuid, (VOID**)&DeployedMode, NULL);\r
- if (SetupMode != NULL && AuditMode != NULL && DeployedMode != NULL) {\r
- if (*SetupMode == 0 && *AuditMode == 0 && *DeployedMode == 0) {\r
- //\r
- // User Mode\r
- //\r
- *SecureBootMode = SECURE_BOOT_MODE_USER_MODE;\r
- } else if (*SetupMode == 1 && *AuditMode == 0 && *DeployedMode == 0) {\r
- //\r
- // Setup Mode\r
- //\r
- *SecureBootMode = SECURE_BOOT_MODE_SETUP_MODE;\r
- } else if (*SetupMode == 1 && *AuditMode == 1 && *DeployedMode == 0) {\r
- //\r
- // Audit Mode\r
- //\r
- *SecureBootMode = SECURE_BOOT_MODE_AUDIT_MODE;\r
- } else if (*SetupMode == 0 && *AuditMode == 0 && *DeployedMode == 1) {\r
- //\r
- // Deployed Mode\r
- //\r
- *SecureBootMode = SECURE_BOOT_MODE_DEPLOYED_MODE;\r
- } else {\r
- ASSERT(FALSE);\r
- }\r
- }else {\r
- ASSERT(FALSE);\r
- }\r
-\r
- if (SetupMode != NULL) {\r
- FreePool (SetupMode);\r
- }\r
- if (DeployedMode != NULL) {\r
- FreePool (DeployedMode);\r
- }\r
- if (AuditMode != NULL) {\r
- FreePool (AuditMode);\r
- }\r
-}\r
-\r
/**\r
\r
Update SecureBoot strings based on new Secure Boot Mode State. String includes STR_SECURE_BOOT_STATE_CONTENT\r
EFI_STATUS\r
UpdateSecureBootString(\r
IN SECUREBOOT_CONFIG_PRIVATE_DATA *Private\r
- ) {\r
- UINT8 CurSecureBootMode;\r
+ )\r
+{\r
UINT8 *SecureBoot;\r
\r
SecureBoot = NULL;\r
} else {\r
HiiSetString (Private->HiiHandle, STRING_TOKEN (STR_SECURE_BOOT_STATE_CONTENT), L"Disabled", NULL);\r
}\r
- //\r
- // Get current secure boot mode.\r
- //\r
- ExtractSecureBootModeFromVariable(&CurSecureBootMode);\r
- \r
- if (CurSecureBootMode == SECURE_BOOT_MODE_USER_MODE) {\r
- HiiSetString (Private->HiiHandle, STRING_TOKEN (STR_CUR_SECURE_BOOT_MODE_CONTENT), L"UserMode", NULL);\r
- } else if (CurSecureBootMode == SECURE_BOOT_MODE_SETUP_MODE) {\r
- HiiSetString (Private->HiiHandle, STRING_TOKEN (STR_CUR_SECURE_BOOT_MODE_CONTENT), L"SetupMode", NULL);\r
- } else if (CurSecureBootMode == SECURE_BOOT_MODE_AUDIT_MODE) {\r
- HiiSetString (Private->HiiHandle, STRING_TOKEN (STR_CUR_SECURE_BOOT_MODE_CONTENT), L"AuditMode", NULL);\r
- } else if (CurSecureBootMode == SECURE_BOOT_MODE_DEPLOYED_MODE) {\r
- HiiSetString (Private->HiiHandle, STRING_TOKEN (STR_CUR_SECURE_BOOT_MODE_CONTENT), L"DeployedMode", NULL);\r
- }\r
\r
FreePool(SecureBoot);\r
\r
)\r
{\r
UINT8 *SecureBootEnable;\r
+ UINT8 *SetupMode;\r
UINT8 *SecureBootMode;\r
EFI_TIME CurrTime;\r
\r
SecureBootEnable = NULL;\r
+ SetupMode = NULL;\r
SecureBootMode = NULL;\r
\r
//\r
ConfigData->RevocationTime.Minute = CurrTime.Minute;\r
ConfigData->RevocationTime.Second = 0;\r
\r
- //\r
- // If the SecureBootEnable Variable doesn't exist, hide the SecureBoot Enable/Disable\r
- // Checkbox.\r
- //\r
- ConfigData->AttemptSecureBoot = FALSE;\r
- GetVariable2 (EFI_SECURE_BOOT_ENABLE_NAME, &gEfiSecureBootEnableDisableGuid, (VOID**)&SecureBootEnable, NULL);\r
- if (SecureBootEnable == NULL) {\r
- ConfigData->HideSecureBoot = TRUE;\r
- } else {\r
- ConfigData->HideSecureBoot = FALSE;\r
- if ((*SecureBootEnable) == SECURE_BOOT_ENABLE) {\r
- ConfigData->AttemptSecureBoot = TRUE;\r
- }\r
- }\r
\r
//\r
// If it is Physical Presence User, set the PhysicalPresent to true.\r
}\r
\r
//\r
- // Get the SecureBootMode from CustomMode variable.\r
+ // If there is no PK then the Delete Pk button will be gray.\r
//\r
- GetVariable2 (EFI_CUSTOM_MODE_NAME, &gEfiCustomModeEnableGuid, (VOID**)&SecureBootMode, NULL);\r
- if (SecureBootMode == NULL) {\r
- ConfigData->SecureBootMode = STANDARD_SECURE_BOOT_MODE;\r
- } else {\r
- ConfigData->SecureBootMode = *(SecureBootMode);\r
+ GetVariable2 (EFI_SETUP_MODE_NAME, &gEfiGlobalVariableGuid, (VOID**)&SetupMode, NULL);\r
+ if (SetupMode == NULL || (*SetupMode) == SETUP_MODE) {\r
+ ConfigData->HasPk = FALSE;\r
+ } else {\r
+ ConfigData->HasPk = TRUE;\r
}\r
\r
//\r
- // Extact current Secure Boot Mode\r
+ // Check SecureBootEnable & Pk status, fix the inconsistence. \r
+ // If the SecureBootEnable Variable doesn't exist, hide the SecureBoot Enable/Disable\r
+ // Checkbox.\r
//\r
- ExtractSecureBootModeFromVariable(&ConfigData->CurSecureBootMode);\r
+ ConfigData->AttemptSecureBoot = FALSE;\r
+ GetVariable2 (EFI_SECURE_BOOT_ENABLE_NAME, &gEfiSecureBootEnableDisableGuid, (VOID**)&SecureBootEnable, NULL); \r
\r
//\r
- // If there is no PK then the Delete Pk button will be gray.\r
+ // Fix Pk, SecureBootEnable inconsistence\r
//\r
- if (ConfigData->CurSecureBootMode == SECURE_BOOT_MODE_SETUP_MODE || ConfigData->CurSecureBootMode == SECURE_BOOT_MODE_AUDIT_MODE) {\r
- ConfigData->HasPk = FALSE;\r
- } else {\r
- ConfigData->HasPk = TRUE;\r
+ if ((SetupMode != NULL) && (*SetupMode) == USER_MODE) {\r
+ ConfigData->HideSecureBoot = FALSE;\r
+ if ((SecureBootEnable != NULL) && (*SecureBootEnable == SECURE_BOOT_ENABLE)) {\r
+ ConfigData->AttemptSecureBoot = TRUE;\r
+ }\r
+ } else {\r
+ ConfigData->HideSecureBoot = TRUE;\r
+ }\r
+\r
+ //\r
+ // Get the SecureBootMode from CustomMode variable.\r
+ //\r
+ GetVariable2 (EFI_CUSTOM_MODE_NAME, &gEfiCustomModeEnableGuid, (VOID**)&SecureBootMode, NULL);\r
+ if (SecureBootMode == NULL) {\r
+ ConfigData->SecureBootMode = STANDARD_SECURE_BOOT_MODE;\r
+ } else {\r
+ ConfigData->SecureBootMode = *(SecureBootMode);\r
}\r
\r
if (SecureBootEnable != NULL) {\r
FreePool (SecureBootEnable);\r
}\r
-\r
+ if (SetupMode != NULL) {\r
+ FreePool (SetupMode);\r
+ }\r
if (SecureBootMode != NULL) {\r
FreePool (SecureBootMode);\r
}\r
OUT EFI_STRING *Progress\r
)\r
{\r
- UINT8 *SecureBootEnable;\r
SECUREBOOT_CONFIGURATION IfrNvData;\r
UINTN BufferSize;\r
EFI_STATUS Status;\r
//\r
// Store Buffer Storage back to EFI variable if needed\r
//\r
- SecureBootEnable = NULL;\r
- GetVariable2 (EFI_SECURE_BOOT_ENABLE_NAME, &gEfiSecureBootEnableDisableGuid, (VOID**)&SecureBootEnable, NULL);\r
- if (NULL != SecureBootEnable) {\r
- FreePool (SecureBootEnable);\r
+ if (!IfrNvData.HideSecureBoot) {\r
Status = SaveSecureBootVariable (IfrNvData.AttemptSecureBoot);\r
if (EFI_ERROR (Status)) {\r
return Status;\r
SECUREBOOT_CONFIGURATION *IfrNvData;\r
UINT16 LabelId;\r
UINT8 *SecureBootEnable;\r
+ UINT8 *Pk;\r
UINT8 *SecureBootMode;\r
+ UINT8 *SetupMode;\r
CHAR16 PromptString[100];\r
- UINT8 CurSecureBootMode;\r
EFI_DEVICE_PATH_PROTOCOL *File;\r
\r
Status = EFI_SUCCESS;\r
SecureBootEnable = NULL;\r
SecureBootMode = NULL;\r
+ SetupMode = NULL;\r
File = NULL;\r
\r
if ((This == NULL) || (Value == NULL) || (ActionRequest == NULL)) {\r
return EFI_INVALID_PARAMETER;\r
}\r
+\r
Private = SECUREBOOT_CONFIG_PRIVATE_FROM_THIS (This);\r
\r
gSecureBootPrivateData = Private;\r
Status = UpdateSecureBootString(Private);\r
SecureBootExtractConfigFromVariable (IfrNvData);\r
mIsEnterSecureBootForm = TRUE;\r
- } else if (QuestionId == KEY_TRANS_SECURE_BOOT_MODE){\r
- //\r
- // Secure Boot Policy variable changes after transition. Re-sync CurSecureBootMode\r
- //\r
- ExtractSecureBootModeFromVariable(&IfrNvData->CurSecureBootMode);\r
- mIsSelectedSecureBootModeForm = TRUE;\r
- mIsSecureBootModeChanged = FALSE;\r
}\r
goto EXIT;\r
}\r
Value->u8 = SECURE_BOOT_MODE_STANDARD;\r
Status = EFI_SUCCESS;\r
}\r
- } else if (QuestionId == KEY_TRANS_SECURE_BOOT_MODE) {\r
- if (mIsSelectedSecureBootModeForm) {\r
- Value->u8 = IfrNvData->CurSecureBootMode;\r
- Status = EFI_SUCCESS;\r
- }\r
- }\r
+ } \r
goto EXIT;\r
}\r
\r
break;\r
\r
case FORMID_ENROLL_PK_FORM:\r
- ChooseFile( NULL, NULL, (CHOOSE_HANDLER) UpdatePKFromFile, &File);\r
+ ChooseFile (NULL, NULL, UpdatePKFromFile, &File);\r
break;\r
\r
case FORMID_ENROLL_KEK_FORM:\r
- ChooseFile( NULL, NULL, (CHOOSE_HANDLER) UpdateKEKFromFile, &File);\r
+ ChooseFile (NULL, NULL, UpdateKEKFromFile, &File);\r
break;\r
\r
case SECUREBOOT_ENROLL_SIGNATURE_TO_DB:\r
- ChooseFile( NULL, NULL, (CHOOSE_HANDLER) UpdateDBFromFile, &File);\r
+ ChooseFile (NULL, NULL, UpdateDBFromFile, &File);\r
break;\r
\r
case SECUREBOOT_ENROLL_SIGNATURE_TO_DBX:\r
- ChooseFile( NULL, NULL, (CHOOSE_HANDLER) UpdateDBXFromFile, &File);\r
+ ChooseFile (NULL, NULL, UpdateDBXFromFile, &File);\r
break;\r
\r
case SECUREBOOT_ENROLL_SIGNATURE_TO_DBT:\r
- ChooseFile( NULL, NULL, (CHOOSE_HANDLER) UpdateDBTFromFile, &File);\r
+ ChooseFile (NULL, NULL, UpdateDBTFromFile, &File);\r
break;\r
\r
case KEY_SECURE_BOOT_DELETE_PK:\r
);\r
}\r
break;\r
- case KEY_TRANS_SECURE_BOOT_MODE:\r
- //\r
- // Pop up to alert user want to change secure boot mode \r
- //\r
- if ((IfrNvData->CurSecureBootMode == SECURE_BOOT_MODE_USER_MODE && \r
- (Value->u8 == SECURE_BOOT_MODE_AUDIT_MODE || Value->u8 == SECURE_BOOT_MODE_DEPLOYED_MODE))\r
- ||(IfrNvData->CurSecureBootMode == SECURE_BOOT_MODE_SETUP_MODE && \r
- Value->u8 == SECURE_BOOT_MODE_AUDIT_MODE)\r
- ||(IfrNvData->CurSecureBootMode == SECURE_BOOT_MODE_DEPLOYED_MODE && \r
- Value->u8 == SECURE_BOOT_MODE_USER_MODE && IfrNvData->PhysicalPresent == 1)){\r
- CreatePopUp (\r
- EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE,\r
- &Key,\r
- L"Are you sure you want to switch secure boot mode?",\r
- L"Press 'Y' to switch secure boot mode, 'N' to discard change and return",\r
- NULL\r
- );\r
- if (Key.UnicodeChar != 'y' && Key.UnicodeChar != 'Y') {\r
- //\r
- // If not 'Y'/''y' restore to defualt secure boot mode\r
- //\r
- Value->u8 = IfrNvData->CurSecureBootMode;\r
- goto EXIT;\r
- }\r
- } else if ((IfrNvData->CurSecureBootMode == SECURE_BOOT_MODE_SETUP_MODE && Value->u8 == SECURE_BOOT_MODE_USER_MODE)\r
- ||(IfrNvData->CurSecureBootMode == SECURE_BOOT_MODE_USER_MODE && Value->u8 == SECURE_BOOT_MODE_SETUP_MODE)\r
- ||(IfrNvData->CurSecureBootMode == SECURE_BOOT_MODE_AUDIT_MODE && Value->u8 == SECURE_BOOT_MODE_DEPLOYED_MODE)\r
- ||(IfrNvData->CurSecureBootMode == SECURE_BOOT_MODE_DEPLOYED_MODE && Value->u8 == SECURE_BOOT_MODE_SETUP_MODE)) {\r
- CreatePopUp (\r
- EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE,\r
- &Key,\r
- L"Secure boot mode transition requires PK change",\r
- L"Please go to link below to update PK",\r
- NULL\r
- );\r
- } else {\r
- Status = EFI_INVALID_PARAMETER;\r
- goto EXIT;\r
- }\r
-\r
- Status = SecureBootModeTransition(IfrNvData->CurSecureBootMode, Value->u8);\r
- //\r
- // Secure Boot Policy variable may change after transition. Re-sync CurSecureBootMode\r
- //\r
- ExtractSecureBootModeFromVariable(&CurSecureBootMode);\r
- if (IfrNvData->CurSecureBootMode != CurSecureBootMode) {\r
- IfrNvData->CurSecureBootMode = CurSecureBootMode;\r
- mIsSecureBootModeChanged = TRUE;\r
- }\r
- break;\r
-\r
default:\r
if ((QuestionId >= OPTION_DEL_KEK_QUESTION_ID) &&\r
(QuestionId < (OPTION_DEL_KEK_QUESTION_ID + OPTION_CONFIG_RANGE))) {\r
case KEY_SECURE_BOOT_MODE:\r
mIsEnterSecureBootForm = FALSE;\r
break;\r
- case KEY_TRANS_SECURE_BOOT_MODE:\r
- mIsSelectedSecureBootModeForm = FALSE;\r
- if (mIsSecureBootModeChanged) {\r
- *ActionRequest = EFI_BROWSER_ACTION_REQUEST_RESET;\r
- }\r
- mIsSecureBootModeChanged = FALSE;\r
- break;\r
case KEY_SECURE_BOOT_KEK_GUID:\r
case KEY_SECURE_BOOT_SIGNATURE_GUID_DB:\r
case KEY_SECURE_BOOT_SIGNATURE_GUID_DBX:\r
break;\r
\r
case KEY_SECURE_BOOT_DELETE_PK:\r
- if (IfrNvData->CurSecureBootMode == SECURE_BOOT_MODE_USER_MODE || IfrNvData->CurSecureBootMode == SECURE_BOOT_MODE_DEPLOYED_MODE) {\r
+ GetVariable2 (EFI_SETUP_MODE_NAME, &gEfiGlobalVariableGuid, (VOID**)&SetupMode, NULL);\r
+ if (SetupMode == NULL || (*SetupMode) == SETUP_MODE) {\r
IfrNvData->DeletePk = TRUE;\r
IfrNvData->HasPk = FALSE;\r
*ActionRequest = EFI_BROWSER_ACTION_REQUEST_SUBMIT;\r
IfrNvData->HasPk = TRUE;\r
*ActionRequest = EFI_BROWSER_ACTION_REQUEST_FORM_APPLY;\r
}\r
+ if (SetupMode != NULL) {\r
+ FreePool (SetupMode);\r
+ }\r
break;\r
default:\r
break;\r
}\r
} else if (Action == EFI_BROWSER_ACTION_DEFAULT_STANDARD) {\r
if (QuestionId == KEY_HIDE_SECURE_BOOT) {\r
- GetVariable2 (EFI_SECURE_BOOT_ENABLE_NAME, &gEfiSecureBootEnableDisableGuid, (VOID**)&SecureBootEnable, NULL);\r
- if (SecureBootEnable == NULL) {\r
+ GetVariable2 (EFI_PLATFORM_KEY_NAME, &gEfiGlobalVariableGuid, (VOID**)&Pk, NULL);\r
+ if (Pk == NULL) {\r
IfrNvData->HideSecureBoot = TRUE;\r
} else {\r
- FreePool (SecureBootEnable);\r
+ FreePool (Pk);\r
IfrNvData->HideSecureBoot = FALSE;\r
}\r
Value->b = IfrNvData->HideSecureBoot;\r