/** @file\r
HII Config Access protocol implementation of SecureBoot configuration module.\r
\r
-Copyright (c) 2011 - 2017, Intel Corporation. All rights reserved.<BR>\r
-This program and the accompanying materials\r
-are licensed and made available under the terms and conditions of the BSD License\r
-which accompanies this distribution. The full text of the license may be found at\r
-http://opensource.org/licenses/bsd-license.php\r
-\r
-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,\r
-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
+Copyright (c) 2011 - 2018, Intel Corporation. All rights reserved.<BR>\r
+(C) Copyright 2018 Hewlett Packard Enterprise Development LP<BR>\r
+SPDX-License-Identifier: BSD-2-Clause-Patent\r
\r
**/\r
\r
#include "SecureBootConfigImpl.h"\r
+#include <Library/BaseCryptLib.h>\r
\r
CHAR16 mSecureBootStorageName[] = L"SECUREBOOT_CONFIGURATION";\r
\r
it's caller's responsibility to free the memory when finish using it.\r
\r
@retval EFI_SUCCESS Create time based payload successfully.\r
- @retval EFI_OUT_OF_RESOURCES There are not enough memory resourses to create time based payload.\r
+ @retval EFI_OUT_OF_RESOURCES There are not enough memory resources to create time based payload.\r
@retval EFI_INVALID_PARAMETER The parameter is invalid.\r
@retval Others Unexpected error happens.\r
\r
@param[out] PkCert Point to the data buffer to store the signature list.\r
\r
@return EFI_UNSUPPORTED Unsupported Key Length.\r
- @return EFI_OUT_OF_RESOURCES There are not enough memory resourses to form the signature list.\r
+ @return EFI_OUT_OF_RESOURCES There are not enough memory resources to form the signature list.\r
\r
**/\r
EFI_STATUS\r
DEBUG ((EFI_D_INFO, "FilePostFix = %s\n", FilePostFix));\r
\r
//\r
- // Prase the selected PK file and generature PK certificate list.\r
+ // Prase the selected PK file and generate PK certificate list.\r
//\r
Status = CreatePkX509SignatureList (\r
Private->FileContext->FHandle,\r
}\r
\r
//\r
- // Enumerate all signature data in SigDB to check if executable's signature exists.\r
+ // Enumerate all signature data in SigDB to check if signature exists for executable.\r
//\r
CertList = (EFI_SIGNATURE_LIST *) Data;\r
while ((DataSize > 0) && (DataSize >= CertList->SignatureListSize)) {\r
/**\r
Check whether the signature list exists in given variable data.\r
\r
- It searches the signature list for the ceritificate hash by CertType.\r
+ It searches the signature list for the certificate hash by CertType.\r
If the signature list is found, get the offset of Database for the\r
next hash of a certificate.\r
\r
Calculate hash of Pe/Coff image based on the authenticode image hashing in\r
PE/COFF Specification 8.0 Appendix A\r
\r
- Notes: PE/COFF image has been checked by BasePeCoffLib PeCoffLoaderGetImageInfo() in \r
+ Notes: PE/COFF image has been checked by BasePeCoffLib PeCoffLoaderGetImageInfo() in\r
the function LoadPeImage ().\r
\r
@param[in] HashAlg Hash algorithm type.\r
)\r
{\r
BOOLEAN Status;\r
- UINT16 Magic;\r
EFI_IMAGE_SECTION_HEADER *Section;\r
VOID *HashCtx;\r
UINTN CtxSize;\r
// Measuring PE/COFF Image Header;\r
// But CheckSum field and SECURITY data directory (certificate) are excluded\r
//\r
- if (mNtHeader.Pe32->FileHeader.Machine == IMAGE_FILE_MACHINE_IA64 && mNtHeader.Pe32->OptionalHeader.Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) {\r
- //\r
- // NOTE: Some versions of Linux ELILO for Itanium have an incorrect magic value\r
- // in the PE/COFF Header. If the MachineType is Itanium(IA64) and the\r
- // Magic value in the OptionalHeader is EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC\r
- // then override the magic value to EFI_IMAGE_NT_OPTIONAL_HDR64_MAGIC\r
- //\r
- Magic = EFI_IMAGE_NT_OPTIONAL_HDR64_MAGIC;\r
- } else {\r
- //\r
- // Get the magic value from the PE/COFF Optional Header\r
- //\r
- Magic = mNtHeader.Pe32->OptionalHeader.Magic;\r
- }\r
\r
//\r
// 3. Calculate the distance from the base of the image header to the image checksum address.\r
// 4. Hash the image header from its base to beginning of the image checksum.\r
//\r
HashBase = mImageBase;\r
- if (Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) {\r
+ if (mNtHeader.Pe32->OptionalHeader.Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) {\r
//\r
// Use PE32 offset.\r
//\r
// 6. Get the address of the beginning of the Cert Directory.\r
// 7. Hash everything from the end of the checksum to the start of the Cert Directory.\r
//\r
- if (Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) {\r
+ if (mNtHeader.Pe32->OptionalHeader.Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) {\r
//\r
// Use PE32 offset.\r
//\r
// 8. Skip over the Cert Directory. (It is sizeof(IMAGE_DATA_DIRECTORY) bytes.)\r
// 9. Hash everything from the end of the Cert Directory to the end of image header.\r
//\r
- if (Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) {\r
+ if (mNtHeader.Pe32->OptionalHeader.Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) {\r
//\r
// Use PE32 offset\r
//\r
//\r
// 10. Set the SUM_OF_BYTES_HASHED to the size of the header.\r
//\r
- if (Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) {\r
+ if (mNtHeader.Pe32->OptionalHeader.Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) {\r
//\r
// Use PE32 offset.\r
//\r
//\r
if (mImageSize > SumOfBytesHashed) {\r
HashBase = mImageBase + SumOfBytesHashed;\r
- if (Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) {\r
+ if (mNtHeader.Pe32->OptionalHeader.Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) {\r
//\r
// Use PE32 offset.\r
//\r
}\r
\r
/**\r
- Enroll a new executable's signature into Signature Database.\r
+ Enroll a new signature of executable into Signature Database.\r
\r
@param[in] PrivateData The module's private data.\r
@param[in] VariableName Variable name of signature database, must be\r
}\r
\r
//\r
- // Diretly set AUTHENTICATION_2 data to SetVariable\r
+ // Directly set AUTHENTICATION_2 data to SetVariable\r
//\r
Status = gRT->SetVariable(\r
VariableName,\r
\r
\r
/**\r
- Enroll a new executable's signature into Signature Database.\r
+ Enroll a new signature of executable into Signature Database.\r
\r
@param[in] PrivateData The module's private data.\r
@param[in] VariableName Variable name of signature database, must be\r
// Form the SigDB certificate list.\r
// Format the data item into EFI_SIGNATURE_LIST type.\r
//\r
- // We need to parse executable's signature data from specified signed executable file.\r
+ // We need to parse signature data of executable from specified signed executable file.\r
// In current implementation, we simply trust the pass-in signed executable file.\r
// In reality, it's OS's responsibility to verify the signed executable file.\r
//\r
}\r
\r
/**\r
- Delete a signature entry from siganture database.\r
+ Delete a signature entry from signature database.\r
\r
@param[in] PrivateData Module's private data.\r
@param[in] VariableName The variable name of the vendor's signature database.\r
@param[in] QuestionIdBase Base question id of the signature list.\r
@param[in] DeleteIndex Signature index to delete.\r
\r
- @retval EFI_SUCCESS Delete siganture successfully.\r
+ @retval EFI_SUCCESS Delete signature successfully.\r
@retval EFI_NOT_FOUND Can't find the signature item,\r
@retval EFI_OUT_OF_RESOURCES Could not allocate needed resources.\r
**/\r
);\r
}\r
\r
+/**\r
+ This function to delete signature list or data, according by DelType.\r
+\r
+ @param[in] PrivateData Module's private data.\r
+ @param[in] DelType Indicate delete signature list or data.\r
+ @param[in] CheckedCount Indicate how many signature data have\r
+ been checked in current signature list.\r
+\r
+ @retval EFI_SUCCESS Success to update the signature list page\r
+ @retval EFI_OUT_OF_RESOURCES Unable to allocate required resources.\r
+**/\r
+EFI_STATUS\r
+DeleteSignatureEx (\r
+ IN SECUREBOOT_CONFIG_PRIVATE_DATA *PrivateData,\r
+ IN SIGNATURE_DELETE_TYPE DelType,\r
+ IN UINT32 CheckedCount\r
+ )\r
+{\r
+ EFI_STATUS Status;\r
+ EFI_SIGNATURE_LIST *ListWalker;\r
+ EFI_SIGNATURE_LIST *NewCertList;\r
+ EFI_SIGNATURE_DATA *DataWalker;\r
+ CHAR16 VariableName[BUFFER_MAX_SIZE];\r
+ UINT32 VariableAttr;\r
+ UINTN VariableDataSize;\r
+ UINTN RemainingSize;\r
+ UINTN ListIndex;\r
+ UINTN Index;\r
+ UINTN Offset;\r
+ UINT8 *VariableData;\r
+ UINT8 *NewVariableData;\r
+\r
+ Status = EFI_SUCCESS;\r
+ VariableAttr = 0;\r
+ VariableDataSize = 0;\r
+ ListIndex = 0;\r
+ Offset = 0;\r
+ VariableData = NULL;\r
+ NewVariableData = NULL;\r
+\r
+ if (PrivateData->VariableName == Variable_DB) {\r
+ UnicodeSPrint (VariableName, sizeof (VariableName), EFI_IMAGE_SECURITY_DATABASE);\r
+ } else if (PrivateData->VariableName == Variable_DBX) {\r
+ UnicodeSPrint (VariableName, sizeof (VariableName), EFI_IMAGE_SECURITY_DATABASE1);\r
+ } else if (PrivateData->VariableName == Variable_DBT) {\r
+ UnicodeSPrint (VariableName, sizeof (VariableName), EFI_IMAGE_SECURITY_DATABASE2);\r
+ } else {\r
+ goto ON_EXIT;\r
+ }\r
+\r
+ Status = gRT->GetVariable (\r
+ VariableName,\r
+ &gEfiImageSecurityDatabaseGuid,\r
+ &VariableAttr,\r
+ &VariableDataSize,\r
+ VariableData\r
+ );\r
+ if (EFI_ERROR (Status) && Status != EFI_BUFFER_TOO_SMALL) {\r
+ goto ON_EXIT;\r
+ }\r
+\r
+ VariableData = AllocateZeroPool (VariableDataSize);\r
+ if (VariableData == NULL) {\r
+ Status = EFI_OUT_OF_RESOURCES;\r
+ goto ON_EXIT;\r
+ }\r
+\r
+ Status = gRT->GetVariable (\r
+ VariableName,\r
+ &gEfiImageSecurityDatabaseGuid,\r
+ &VariableAttr,\r
+ &VariableDataSize,\r
+ VariableData\r
+ );\r
+ if (EFI_ERROR (Status)) {\r
+ goto ON_EXIT;\r
+ }\r
+\r
+ Status = SetSecureBootMode (CUSTOM_SECURE_BOOT_MODE);\r
+ if (EFI_ERROR (Status)) {\r
+ goto ON_EXIT;\r
+ }\r
+\r
+ NewVariableData = AllocateZeroPool (VariableDataSize);\r
+ if (NewVariableData == NULL) {\r
+ Status = EFI_OUT_OF_RESOURCES;\r
+ goto ON_EXIT;\r
+ }\r
+\r
+ RemainingSize = VariableDataSize;\r
+ ListWalker = (EFI_SIGNATURE_LIST *)(VariableData);\r
+ if (DelType == Delete_Signature_List_All) {\r
+ VariableDataSize = 0;\r
+ } else {\r
+ //\r
+ // Traverse to target EFI_SIGNATURE_LIST but others will be skipped.\r
+ //\r
+ while ((RemainingSize > 0) && (RemainingSize >= ListWalker->SignatureListSize) && ListIndex < PrivateData->ListIndex) {\r
+ CopyMem ((UINT8 *)NewVariableData + Offset, ListWalker, ListWalker->SignatureListSize);\r
+ Offset += ListWalker->SignatureListSize;\r
+\r
+ RemainingSize -= ListWalker->SignatureListSize;\r
+ ListWalker = (EFI_SIGNATURE_LIST *)((UINT8 *)ListWalker + ListWalker->SignatureListSize);\r
+ ListIndex++;\r
+ }\r
+\r
+ //\r
+ // Handle the target EFI_SIGNATURE_LIST.\r
+ // If CheckedCount == SIGNATURE_DATA_COUNTS (ListWalker) or DelType == Delete_Signature_List_One\r
+ // it means delete the whole EFI_SIGNATURE_LIST, So we just skip this EFI_SIGNATURE_LIST.\r
+ //\r
+ if (CheckedCount < SIGNATURE_DATA_COUNTS (ListWalker) && DelType == Delete_Signature_Data) {\r
+ NewCertList = (EFI_SIGNATURE_LIST *)(NewVariableData + Offset);\r
+ //\r
+ // Copy header.\r
+ //\r
+ CopyMem ((UINT8 *)NewVariableData + Offset, ListWalker, sizeof (EFI_SIGNATURE_LIST) + ListWalker->SignatureHeaderSize);\r
+ Offset += sizeof (EFI_SIGNATURE_LIST) + ListWalker->SignatureHeaderSize;\r
+\r
+ DataWalker = (EFI_SIGNATURE_DATA *)((UINT8 *)ListWalker + sizeof(EFI_SIGNATURE_LIST) + ListWalker->SignatureHeaderSize);\r
+ for (Index = 0; Index < SIGNATURE_DATA_COUNTS(ListWalker); Index = Index + 1) {\r
+ if (PrivateData->CheckArray[Index]) {\r
+ //\r
+ // Delete checked signature data, and update the size of whole signature list.\r
+ //\r
+ NewCertList->SignatureListSize -= NewCertList->SignatureSize;\r
+ } else {\r
+ //\r
+ // Remain the unchecked signature data.\r
+ //\r
+ CopyMem ((UINT8 *)NewVariableData + Offset, DataWalker, ListWalker->SignatureSize);\r
+ Offset += ListWalker->SignatureSize;\r
+ }\r
+ DataWalker = (EFI_SIGNATURE_DATA *)((UINT8 *)DataWalker + ListWalker->SignatureSize);\r
+ }\r
+ }\r
+\r
+ RemainingSize -= ListWalker->SignatureListSize;\r
+ ListWalker = (EFI_SIGNATURE_LIST *)((UINT8 *)ListWalker + ListWalker->SignatureListSize);\r
+\r
+ //\r
+ // Copy remaining data, maybe 0.\r
+ //\r
+ CopyMem((UINT8 *)NewVariableData + Offset, ListWalker, RemainingSize);\r
+ Offset += RemainingSize;\r
+\r
+ VariableDataSize = Offset;\r
+ }\r
+\r
+ if ((VariableAttr & EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS) != 0) {\r
+ Status = CreateTimeBasedPayload (&VariableDataSize, &NewVariableData);\r
+ if (EFI_ERROR (Status)) {\r
+ DEBUG ((DEBUG_ERROR, "Fail to create time-based data payload: %r", Status));\r
+ goto ON_EXIT;\r
+ }\r
+ }\r
+\r
+ Status = gRT->SetVariable (\r
+ VariableName,\r
+ &gEfiImageSecurityDatabaseGuid,\r
+ VariableAttr,\r
+ VariableDataSize,\r
+ NewVariableData\r
+ );\r
+ if (EFI_ERROR (Status)) {\r
+ DEBUG ((DEBUG_ERROR, "Failed to set variable, Status = %r", Status));\r
+ goto ON_EXIT;\r
+ }\r
+\r
+ON_EXIT:\r
+ SECUREBOOT_FREE_NON_NULL (VariableData);\r
+ SECUREBOOT_FREE_NON_NULL (NewVariableData);\r
+\r
+ return Status;\r
+}\r
+\r
/**\r
\r
Update SecureBoot strings based on new Secure Boot Mode State. String includes STR_SECURE_BOOT_STATE_CONTENT\r
SecureBootMode = NULL;\r
\r
//\r
- // Initilize the Date and Time using system time.\r
+ // Initialize the Date and Time using system time.\r
//\r
ConfigData->CertificateFormat = HASHALG_RAW;\r
ConfigData->AlwaysRevocation = TRUE;\r
}\r
\r
//\r
- // Check SecureBootEnable & Pk status, fix the inconsistence. \r
+ // Check SecureBootEnable & Pk status, fix the inconsistency.\r
// If the SecureBootEnable Variable doesn't exist, hide the SecureBoot Enable/Disable\r
// Checkbox.\r
//\r
ConfigData->AttemptSecureBoot = FALSE;\r
- GetVariable2 (EFI_SECURE_BOOT_ENABLE_NAME, &gEfiSecureBootEnableDisableGuid, (VOID**)&SecureBootEnable, NULL); \r
+ GetVariable2 (EFI_SECURE_BOOT_ENABLE_NAME, &gEfiSecureBootEnableDisableGuid, (VOID**)&SecureBootEnable, NULL);\r
\r
//\r
- // Fix Pk, SecureBootEnable inconsistence\r
+ // Fix Pk and SecureBootEnable inconsistency\r
//\r
if ((SetupMode != NULL) && (*SetupMode) == USER_MODE) {\r
ConfigData->HideSecureBoot = FALSE;\r
return EFI_SUCCESS;\r
}\r
\r
+/**\r
+ This function to load signature list, the update the menu page.\r
+\r
+ @param[in] PrivateData Module's private data.\r
+ @param[in] LabelId Label number to insert opcodes.\r
+ @param[in] FormId Form ID of current page.\r
+ @param[in] QuestionIdBase Base question id of the signature list.\r
+\r
+ @retval EFI_SUCCESS Success to update the signature list page\r
+ @retval EFI_OUT_OF_RESOURCES Unable to allocate required resources.\r
+**/\r
+EFI_STATUS\r
+LoadSignatureList (\r
+ IN SECUREBOOT_CONFIG_PRIVATE_DATA *PrivateData,\r
+ IN UINT16 LabelId,\r
+ IN EFI_FORM_ID FormId,\r
+ IN EFI_QUESTION_ID QuestionIdBase\r
+ )\r
+{\r
+ EFI_STATUS Status;\r
+ EFI_STRING_ID ListType;\r
+ EFI_STRING FormatNameString;\r
+ EFI_STRING FormatHelpString;\r
+ EFI_STRING FormatTypeString;\r
+ EFI_SIGNATURE_LIST *ListWalker;\r
+ EFI_IFR_GUID_LABEL *StartLabel;\r
+ EFI_IFR_GUID_LABEL *EndLabel;\r
+ EFI_IFR_GUID_LABEL *StartGoto;\r
+ EFI_IFR_GUID_LABEL *EndGoto;\r
+ EFI_FORM_ID DstFormId;\r
+ VOID *StartOpCodeHandle;\r
+ VOID *EndOpCodeHandle;\r
+ VOID *StartGotoHandle;\r
+ VOID *EndGotoHandle;\r
+ UINTN DataSize;\r
+ UINTN RemainingSize;\r
+ UINT16 Index;\r
+ UINT8 *VariableData;\r
+ CHAR16 VariableName[BUFFER_MAX_SIZE];\r
+ CHAR16 NameBuffer[BUFFER_MAX_SIZE];\r
+ CHAR16 HelpBuffer[BUFFER_MAX_SIZE];\r
+\r
+ Status = EFI_SUCCESS;\r
+ FormatNameString = NULL;\r
+ FormatHelpString = NULL;\r
+ StartOpCodeHandle = NULL;\r
+ EndOpCodeHandle = NULL;\r
+ StartGotoHandle = NULL;\r
+ EndGotoHandle = NULL;\r
+ Index = 0;\r
+ VariableData = NULL;\r
+\r
+ //\r
+ // Initialize the container for dynamic opcodes.\r
+ //\r
+ StartOpCodeHandle = HiiAllocateOpCodeHandle ();\r
+ if (StartOpCodeHandle == NULL) {\r
+ Status = EFI_OUT_OF_RESOURCES;\r
+ goto ON_EXIT;\r
+ }\r
+\r
+ EndOpCodeHandle = HiiAllocateOpCodeHandle ();\r
+ if (EndOpCodeHandle == NULL) {\r
+ Status = EFI_OUT_OF_RESOURCES;\r
+ goto ON_EXIT;\r
+ }\r
+\r
+ StartGotoHandle = HiiAllocateOpCodeHandle ();\r
+ if (StartGotoHandle == NULL) {\r
+ Status = EFI_OUT_OF_RESOURCES;\r
+ goto ON_EXIT;\r
+ }\r
+\r
+ EndGotoHandle = HiiAllocateOpCodeHandle ();\r
+ if (EndGotoHandle == NULL) {\r
+ Status = EFI_OUT_OF_RESOURCES;\r
+ goto ON_EXIT;\r
+ }\r
+\r
+ //\r
+ // Create Hii Extend Label OpCode.\r
+ //\r
+ StartLabel = (EFI_IFR_GUID_LABEL *)HiiCreateGuidOpCode (\r
+ StartOpCodeHandle,\r
+ &gEfiIfrTianoGuid,\r
+ NULL,\r
+ sizeof (EFI_IFR_GUID_LABEL)\r
+ );\r
+ StartLabel->ExtendOpCode = EFI_IFR_EXTEND_OP_LABEL;\r
+ StartLabel->Number = LabelId;\r
+\r
+ EndLabel = (EFI_IFR_GUID_LABEL *)HiiCreateGuidOpCode (\r
+ EndOpCodeHandle,\r
+ &gEfiIfrTianoGuid,\r
+ NULL,\r
+ sizeof (EFI_IFR_GUID_LABEL)\r
+ );\r
+ EndLabel->ExtendOpCode = EFI_IFR_EXTEND_OP_LABEL;\r
+ EndLabel->Number = LABEL_END;\r
+\r
+ StartGoto = (EFI_IFR_GUID_LABEL *)HiiCreateGuidOpCode(\r
+ StartGotoHandle,\r
+ &gEfiIfrTianoGuid,\r
+ NULL,\r
+ sizeof(EFI_IFR_GUID_LABEL)\r
+ );\r
+ StartGoto->ExtendOpCode = EFI_IFR_EXTEND_OP_LABEL;\r
+ StartGoto->Number = LABEL_DELETE_ALL_LIST_BUTTON;\r
+\r
+ EndGoto = (EFI_IFR_GUID_LABEL *)HiiCreateGuidOpCode(\r
+ EndGotoHandle,\r
+ &gEfiIfrTianoGuid,\r
+ NULL,\r
+ sizeof(EFI_IFR_GUID_LABEL)\r
+ );\r
+ EndGoto->ExtendOpCode = EFI_IFR_EXTEND_OP_LABEL;\r
+ EndGoto->Number = LABEL_END;\r
+\r
+ if (PrivateData->VariableName == Variable_DB) {\r
+ UnicodeSPrint (VariableName, sizeof (VariableName), EFI_IMAGE_SECURITY_DATABASE);\r
+ DstFormId = FORMID_SECURE_BOOT_DB_OPTION_FORM;\r
+ } else if (PrivateData->VariableName == Variable_DBX) {\r
+ UnicodeSPrint (VariableName, sizeof (VariableName), EFI_IMAGE_SECURITY_DATABASE1);\r
+ DstFormId = FORMID_SECURE_BOOT_DBX_OPTION_FORM;\r
+ } else if (PrivateData->VariableName == Variable_DBT) {\r
+ UnicodeSPrint (VariableName, sizeof (VariableName), EFI_IMAGE_SECURITY_DATABASE2);\r
+ DstFormId = FORMID_SECURE_BOOT_DBT_OPTION_FORM;\r
+ } else {\r
+ goto ON_EXIT;\r
+ }\r
+\r
+ HiiCreateGotoOpCode (\r
+ StartGotoHandle,\r
+ DstFormId,\r
+ STRING_TOKEN (STR_SECURE_BOOT_DELETE_ALL_LIST),\r
+ STRING_TOKEN (STR_SECURE_BOOT_DELETE_ALL_LIST),\r
+ EFI_IFR_FLAG_CALLBACK,\r
+ KEY_SECURE_BOOT_DELETE_ALL_LIST\r
+ );\r
+\r
+ //\r
+ // Read Variable, the variable name save in the PrivateData->VariableName.\r
+ //\r
+ DataSize = 0;\r
+ Status = gRT->GetVariable (VariableName, &gEfiImageSecurityDatabaseGuid, NULL, &DataSize, VariableData);\r
+ if (EFI_ERROR (Status) && Status != EFI_BUFFER_TOO_SMALL) {\r
+ goto ON_EXIT;\r
+ }\r
+\r
+ VariableData = AllocateZeroPool (DataSize);\r
+ if (VariableData == NULL) {\r
+ Status = EFI_OUT_OF_RESOURCES;\r
+ goto ON_EXIT;\r
+ }\r
+ Status = gRT->GetVariable (VariableName, &gEfiImageSecurityDatabaseGuid, NULL, &DataSize, VariableData);\r
+ if (EFI_ERROR (Status)) {\r
+ goto ON_EXIT;\r
+ }\r
+\r
+ FormatNameString = HiiGetString (PrivateData->HiiHandle, STRING_TOKEN (STR_SIGNATURE_LIST_NAME_FORMAT), NULL);\r
+ FormatHelpString = HiiGetString (PrivateData->HiiHandle, STRING_TOKEN (STR_SIGNATURE_LIST_HELP_FORMAT), NULL);\r
+ if (FormatNameString == NULL || FormatHelpString == NULL) {\r
+ goto ON_EXIT;\r
+ }\r
+\r
+ RemainingSize = DataSize;\r
+ ListWalker = (EFI_SIGNATURE_LIST *)VariableData;\r
+ while ((RemainingSize > 0) && (RemainingSize >= ListWalker->SignatureListSize)) {\r
+ if (CompareGuid (&ListWalker->SignatureType, &gEfiCertRsa2048Guid)) {\r
+ ListType = STRING_TOKEN (STR_LIST_TYPE_RSA2048_SHA256);\r
+ } else if (CompareGuid (&ListWalker->SignatureType, &gEfiCertX509Guid)) {\r
+ ListType = STRING_TOKEN (STR_LIST_TYPE_X509);\r
+ } else if (CompareGuid (&ListWalker->SignatureType, &gEfiCertSha1Guid)) {\r
+ ListType = STRING_TOKEN (STR_LIST_TYPE_SHA1);\r
+ } else if (CompareGuid (&ListWalker->SignatureType, &gEfiCertSha256Guid)) {\r
+ ListType = STRING_TOKEN (STR_LIST_TYPE_SHA256);\r
+ } else if (CompareGuid (&ListWalker->SignatureType, &gEfiCertX509Sha256Guid)) {\r
+ ListType = STRING_TOKEN (STR_LIST_TYPE_X509_SHA256);\r
+ } else if (CompareGuid (&ListWalker->SignatureType, &gEfiCertX509Sha384Guid)) {\r
+ ListType = STRING_TOKEN (STR_LIST_TYPE_X509_SHA384);\r
+ } else if (CompareGuid (&ListWalker->SignatureType, &gEfiCertX509Sha512Guid)) {\r
+ ListType = STRING_TOKEN (STR_LIST_TYPE_X509_SHA512);\r
+ } else {\r
+ ListType = STRING_TOKEN (STR_LIST_TYPE_UNKNOWN);\r
+ }\r
+ FormatTypeString = HiiGetString (PrivateData->HiiHandle, ListType, NULL);\r
+ if (FormatTypeString == NULL) {\r
+ goto ON_EXIT;\r
+ }\r
+\r
+ ZeroMem (NameBuffer, sizeof (NameBuffer));\r
+ UnicodeSPrint (NameBuffer, sizeof (NameBuffer), FormatNameString, Index + 1);\r
+\r
+ ZeroMem (HelpBuffer, sizeof (HelpBuffer));\r
+ UnicodeSPrint (HelpBuffer,\r
+ sizeof (HelpBuffer),\r
+ FormatHelpString,\r
+ FormatTypeString,\r
+ SIGNATURE_DATA_COUNTS (ListWalker)\r
+ );\r
+ SECUREBOOT_FREE_NON_NULL (FormatTypeString);\r
+ FormatTypeString = NULL;\r
+\r
+ HiiCreateGotoOpCode (\r
+ StartOpCodeHandle,\r
+ SECUREBOOT_DELETE_SIGNATURE_DATA_FORM,\r
+ HiiSetString (PrivateData->HiiHandle, 0, NameBuffer, NULL),\r
+ HiiSetString (PrivateData->HiiHandle, 0, HelpBuffer, NULL),\r
+ EFI_IFR_FLAG_CALLBACK,\r
+ QuestionIdBase + Index++\r
+ );\r
+\r
+ RemainingSize -= ListWalker->SignatureListSize;\r
+ ListWalker = (EFI_SIGNATURE_LIST *)((UINT8 *)ListWalker + ListWalker->SignatureListSize);\r
+ }\r
+\r
+ON_EXIT:\r
+ HiiUpdateForm (\r
+ PrivateData->HiiHandle,\r
+ &gSecureBootConfigFormSetGuid,\r
+ FormId,\r
+ StartOpCodeHandle,\r
+ EndOpCodeHandle\r
+ );\r
+\r
+ HiiUpdateForm (\r
+ PrivateData->HiiHandle,\r
+ &gSecureBootConfigFormSetGuid,\r
+ FormId,\r
+ StartGotoHandle,\r
+ EndGotoHandle\r
+ );\r
+\r
+ SECUREBOOT_FREE_NON_OPCODE (StartOpCodeHandle);\r
+ SECUREBOOT_FREE_NON_OPCODE (EndOpCodeHandle);\r
+ SECUREBOOT_FREE_NON_OPCODE (StartGotoHandle);\r
+ SECUREBOOT_FREE_NON_OPCODE (EndGotoHandle);\r
+\r
+ SECUREBOOT_FREE_NON_NULL (VariableData);\r
+ SECUREBOOT_FREE_NON_NULL (FormatNameString);\r
+ SECUREBOOT_FREE_NON_NULL (FormatHelpString);\r
+\r
+ PrivateData->ListCount = Index;\r
+\r
+ return Status;\r
+}\r
+\r
+/**\r
+ Parse hash value from EFI_SIGNATURE_DATA, and save in the CHAR16 type array.\r
+ The buffer is callee allocated and should be freed by the caller.\r
+\r
+ @param[in] ListEntry The pointer point to the signature list.\r
+ @param[in] DataEntry The signature data we are processing.\r
+ @param[out] BufferToReturn Buffer to save the hash value.\r
+\r
+ @retval EFI_INVALID_PARAMETER Invalid List or Data or Buffer.\r
+ @retval EFI_OUT_OF_RESOURCES A memory allocation failed.\r
+ @retval EFI_SUCCESS Operation success.\r
+**/\r
+EFI_STATUS\r
+ParseHashValue (\r
+ IN EFI_SIGNATURE_LIST *ListEntry,\r
+ IN EFI_SIGNATURE_DATA *DataEntry,\r
+ OUT CHAR16 **BufferToReturn\r
+ )\r
+{\r
+ UINTN Index;\r
+ UINTN BufferIndex;\r
+ UINTN TotalSize;\r
+ UINTN DataSize;\r
+ UINTN Line;\r
+ UINTN OneLineBytes;\r
+\r
+ //\r
+ // Assume that, display 8 bytes in one line.\r
+ //\r
+ OneLineBytes = 8;\r
+\r
+ if (ListEntry == NULL || DataEntry == NULL || BufferToReturn == NULL) {\r
+ return EFI_INVALID_PARAMETER;\r
+ }\r
+\r
+ DataSize = ListEntry->SignatureSize - sizeof(EFI_GUID);\r
+ Line = (DataSize + OneLineBytes - 1) / OneLineBytes;\r
+\r
+ //\r
+ // Each byte will split two Hex-number, and each line need additional memory to save '\r\n'.\r
+ //\r
+ TotalSize = ((DataSize + Line) * 2 * sizeof(CHAR16));\r
+\r
+ *BufferToReturn = AllocateZeroPool(TotalSize);\r
+ if (*BufferToReturn == NULL) {\r
+ return EFI_OUT_OF_RESOURCES;\r
+ }\r
+\r
+ for (Index = 0, BufferIndex = 0; Index < DataSize; Index = Index + 1) {\r
+ if ((Index > 0) && (Index % OneLineBytes == 0)) {\r
+ BufferIndex += UnicodeSPrint(&(*BufferToReturn)[BufferIndex], TotalSize - sizeof(CHAR16) * BufferIndex, L"\n");\r
+ }\r
+ BufferIndex += UnicodeSPrint(&(*BufferToReturn)[BufferIndex], TotalSize - sizeof(CHAR16) * BufferIndex, L"%02x", DataEntry->SignatureData[Index]);\r
+ }\r
+ BufferIndex += UnicodeSPrint(&(*BufferToReturn)[BufferIndex], TotalSize - sizeof(CHAR16) * BufferIndex, L"\n");\r
+\r
+ return EFI_SUCCESS;\r
+}\r
+\r
+/**\r
+ Function to get the common name from the X509 format certificate.\r
+ The buffer is callee allocated and should be freed by the caller.\r
+\r
+ @param[in] ListEntry The pointer point to the signature list.\r
+ @param[in] DataEntry The signature data we are processing.\r
+ @param[out] BufferToReturn Buffer to save the CN of X509 certificate.\r
+\r
+ @retval EFI_INVALID_PARAMETER Invalid List or Data or Buffer.\r
+ @retval EFI_OUT_OF_RESOURCES A memory allocation failed.\r
+ @retval EFI_SUCCESS Operation success.\r
+ @retval EFI_NOT_FOUND Not found CN field in the X509 certificate.\r
+**/\r
+EFI_STATUS\r
+GetCommonNameFromX509 (\r
+ IN EFI_SIGNATURE_LIST *ListEntry,\r
+ IN EFI_SIGNATURE_DATA *DataEntry,\r
+ OUT CHAR16 **BufferToReturn\r
+ )\r
+{\r
+ EFI_STATUS Status;\r
+ CHAR8 *CNBuffer;\r
+ UINTN CNBufferSize;\r
+\r
+ Status = EFI_SUCCESS;\r
+ CNBuffer = NULL;\r
+\r
+ CNBuffer = AllocateZeroPool(256);\r
+ if (CNBuffer == NULL) {\r
+ Status = EFI_OUT_OF_RESOURCES;\r
+ goto ON_EXIT;\r
+ }\r
+\r
+ CNBufferSize = 256;\r
+ X509GetCommonName (\r
+ (UINT8 *)DataEntry + sizeof(EFI_GUID),\r
+ ListEntry->SignatureSize - sizeof(EFI_GUID),\r
+ CNBuffer,\r
+ &CNBufferSize\r
+ );\r
+\r
+ *BufferToReturn = AllocateZeroPool(256 * sizeof(CHAR16));\r
+ if (*BufferToReturn == NULL) {\r
+ Status = EFI_OUT_OF_RESOURCES;\r
+ goto ON_EXIT;\r
+ }\r
+\r
+ AsciiStrToUnicodeStrS (CNBuffer, *BufferToReturn, 256);\r
+\r
+ON_EXIT:\r
+ SECUREBOOT_FREE_NON_NULL (CNBuffer);\r
+\r
+ return Status;\r
+}\r
+\r
+/**\r
+ Format the help info for the signature data, each help info contain 3 parts.\r
+ 1. Onwer Guid.\r
+ 2. Content, depends on the type of the signature list.\r
+ 3. Revocation time.\r
+\r
+ @param[in] PrivateData Module's private data.\r
+ @param[in] ListEntry Point to the signature list.\r
+ @param[in] DataEntry Point to the signature data we are processing.\r
+ @param[out] StringId Save the string id of help info.\r
+\r
+ @retval EFI_SUCCESS Operation success.\r
+ @retval EFI_OUT_OF_RESOURCES Unable to allocate required resources.\r
+**/\r
+EFI_STATUS\r
+FormatHelpInfo (\r
+ IN SECUREBOOT_CONFIG_PRIVATE_DATA *PrivateData,\r
+ IN EFI_SIGNATURE_LIST *ListEntry,\r
+ IN EFI_SIGNATURE_DATA *DataEntry,\r
+ OUT EFI_STRING_ID *StringId\r
+ )\r
+{\r
+ EFI_STATUS Status;\r
+ EFI_TIME *Time;\r
+ EFI_STRING_ID ListTypeId;\r
+ EFI_STRING FormatHelpString;\r
+ EFI_STRING FormatTypeString;\r
+ UINTN DataSize;\r
+ UINTN HelpInfoIndex;\r
+ UINTN TotalSize;\r
+ CHAR16 GuidString[BUFFER_MAX_SIZE];\r
+ CHAR16 TimeString[BUFFER_MAX_SIZE];\r
+ CHAR16 *DataString;\r
+ CHAR16 *HelpInfoString;\r
+ BOOLEAN IsCert;\r
+\r
+ Status = EFI_SUCCESS;\r
+ Time = NULL;\r
+ FormatTypeString = NULL;\r
+ HelpInfoIndex = 0;\r
+ DataString = NULL;\r
+ HelpInfoString = NULL;\r
+ IsCert = FALSE;\r
+\r
+ if (CompareGuid(&ListEntry->SignatureType, &gEfiCertRsa2048Guid)) {\r
+ ListTypeId = STRING_TOKEN(STR_LIST_TYPE_RSA2048_SHA256);\r
+ DataSize = ListEntry->SignatureSize - sizeof(EFI_GUID);\r
+ IsCert = TRUE;\r
+ } else if (CompareGuid(&ListEntry->SignatureType, &gEfiCertX509Guid)) {\r
+ ListTypeId = STRING_TOKEN(STR_LIST_TYPE_X509);\r
+ DataSize = ListEntry->SignatureSize - sizeof(EFI_GUID);\r
+ IsCert = TRUE;\r
+ } else if (CompareGuid(&ListEntry->SignatureType, &gEfiCertSha1Guid)) {\r
+ ListTypeId = STRING_TOKEN(STR_LIST_TYPE_SHA1);\r
+ DataSize = 20;\r
+ } else if (CompareGuid(&ListEntry->SignatureType, &gEfiCertSha256Guid)) {\r
+ ListTypeId = STRING_TOKEN(STR_LIST_TYPE_SHA256);\r
+ DataSize = 32;\r
+ } else if (CompareGuid(&ListEntry->SignatureType, &gEfiCertX509Sha256Guid)) {\r
+ ListTypeId = STRING_TOKEN(STR_LIST_TYPE_X509_SHA256);\r
+ DataSize = 32;\r
+ Time = (EFI_TIME *)(DataEntry->SignatureData + DataSize);\r
+ } else if (CompareGuid(&ListEntry->SignatureType, &gEfiCertX509Sha384Guid)) {\r
+ ListTypeId = STRING_TOKEN(STR_LIST_TYPE_X509_SHA384);\r
+ DataSize = 48;\r
+ Time = (EFI_TIME *)(DataEntry->SignatureData + DataSize);\r
+ } else if (CompareGuid(&ListEntry->SignatureType, &gEfiCertX509Sha512Guid)) {\r
+ ListTypeId = STRING_TOKEN(STR_LIST_TYPE_X509_SHA512);\r
+ DataSize = 64;\r
+ Time = (EFI_TIME *)(DataEntry->SignatureData + DataSize);\r
+ } else {\r
+ Status = EFI_UNSUPPORTED;\r
+ goto ON_EXIT;\r
+ }\r
+\r
+ FormatTypeString = HiiGetString (PrivateData->HiiHandle, ListTypeId, NULL);\r
+ if (FormatTypeString == NULL) {\r
+ goto ON_EXIT;\r
+ }\r
+\r
+ TotalSize = 1024;\r
+ HelpInfoString = AllocateZeroPool (TotalSize);\r
+ if (HelpInfoString == NULL) {\r
+ Status = EFI_OUT_OF_RESOURCES;\r
+ goto ON_EXIT;\r
+ }\r
+\r
+ //\r
+ // Format GUID part.\r
+ //\r
+ ZeroMem (GuidString, sizeof (GuidString));\r
+ GuidToString(&DataEntry->SignatureOwner, GuidString, BUFFER_MAX_SIZE);\r
+ FormatHelpString = HiiGetString (PrivateData->HiiHandle, STRING_TOKEN (STR_SIGNATURE_DATA_HELP_FORMAT_GUID), NULL);\r
+ if (FormatHelpString == NULL) {\r
+ goto ON_EXIT;\r
+ }\r
+ HelpInfoIndex += UnicodeSPrint (\r
+ &HelpInfoString[HelpInfoIndex],\r
+ TotalSize - sizeof(CHAR16) * HelpInfoIndex,\r
+ FormatHelpString,\r
+ GuidString\r
+ );\r
+ SECUREBOOT_FREE_NON_NULL (FormatHelpString);\r
+ FormatHelpString = NULL;\r
+\r
+ //\r
+ // Format content part, it depends on the type of signature list, hash value or CN.\r
+ //\r
+ if (IsCert) {\r
+ GetCommonNameFromX509 (ListEntry, DataEntry, &DataString);\r
+ FormatHelpString = HiiGetString (PrivateData->HiiHandle, STRING_TOKEN (STR_SIGNATURE_DATA_HELP_FORMAT_CN), NULL);\r
+ } else {\r
+ //\r
+ // Format hash value for each signature data entry.\r
+ //\r
+ ParseHashValue (ListEntry, DataEntry, &DataString);\r
+ FormatHelpString = HiiGetString (PrivateData->HiiHandle, STRING_TOKEN (STR_SIGNATURE_DATA_HELP_FORMAT_HASH), NULL);\r
+ }\r
+ if (FormatHelpString == NULL) {\r
+ goto ON_EXIT;\r
+ }\r
+ HelpInfoIndex += UnicodeSPrint (\r
+ &HelpInfoString[HelpInfoIndex],\r
+ TotalSize - sizeof (CHAR16) * HelpInfoIndex,\r
+ FormatHelpString,\r
+ FormatTypeString,\r
+ DataSize,\r
+ DataString\r
+ );\r
+ SECUREBOOT_FREE_NON_NULL (FormatHelpString);\r
+ FormatHelpString = NULL;\r
+\r
+ //\r
+ // Format revocation time part.\r
+ //\r
+ if (Time != NULL) {\r
+ ZeroMem (TimeString, sizeof (TimeString));\r
+ UnicodeSPrint (\r
+ TimeString,\r
+ sizeof (TimeString),\r
+ L"%d-%d-%d %d:%d:%d",\r
+ Time->Year,\r
+ Time->Month,\r
+ Time->Day,\r
+ Time->Hour,\r
+ Time->Minute,\r
+ Time->Second\r
+ );\r
+ FormatHelpString = HiiGetString (PrivateData->HiiHandle, STRING_TOKEN (STR_SIGNATURE_DATA_HELP_FORMAT_TIME), NULL);\r
+ if (FormatHelpString == NULL) {\r
+ goto ON_EXIT;\r
+ }\r
+ UnicodeSPrint (\r
+ &HelpInfoString[HelpInfoIndex],\r
+ TotalSize - sizeof (CHAR16) * HelpInfoIndex,\r
+ FormatHelpString,\r
+ TimeString\r
+ );\r
+ SECUREBOOT_FREE_NON_NULL (FormatHelpString);\r
+ FormatHelpString = NULL;\r
+ }\r
+\r
+ *StringId = HiiSetString (PrivateData->HiiHandle, 0, HelpInfoString, NULL);\r
+ON_EXIT:\r
+ SECUREBOOT_FREE_NON_NULL (DataString);\r
+ SECUREBOOT_FREE_NON_NULL (HelpInfoString);\r
+\r
+ SECUREBOOT_FREE_NON_NULL (FormatTypeString);\r
+\r
+ return Status;\r
+}\r
+\r
+/**\r
+ This functino to load signature data under the signature list.\r
+\r
+ @param[in] PrivateData Module's private data.\r
+ @param[in] LabelId Label number to insert opcodes.\r
+ @param[in] FormId Form ID of current page.\r
+ @param[in] QuestionIdBase Base question id of the signature list.\r
+ @param[in] ListIndex Indicate to load which signature list.\r
+\r
+ @retval EFI_SUCCESS Success to update the signature list page\r
+ @retval EFI_OUT_OF_RESOURCES Unable to allocate required resources.\r
+**/\r
+EFI_STATUS\r
+LoadSignatureData (\r
+ IN SECUREBOOT_CONFIG_PRIVATE_DATA *PrivateData,\r
+ IN UINT16 LabelId,\r
+ IN EFI_FORM_ID FormId,\r
+ IN EFI_QUESTION_ID QuestionIdBase,\r
+ IN UINT16 ListIndex\r
+ )\r
+{\r
+ EFI_STATUS Status;\r
+ EFI_SIGNATURE_LIST *ListWalker;\r
+ EFI_SIGNATURE_DATA *DataWalker;\r
+ EFI_IFR_GUID_LABEL *StartLabel;\r
+ EFI_IFR_GUID_LABEL *EndLabel;\r
+ EFI_STRING_ID HelpStringId;\r
+ EFI_STRING FormatNameString;\r
+ VOID *StartOpCodeHandle;\r
+ VOID *EndOpCodeHandle;\r
+ UINTN DataSize;\r
+ UINTN RemainingSize;\r
+ UINT16 Index;\r
+ UINT8 *VariableData;\r
+ CHAR16 VariableName[BUFFER_MAX_SIZE];\r
+ CHAR16 NameBuffer[BUFFER_MAX_SIZE];\r
+\r
+ Status = EFI_SUCCESS;\r
+ FormatNameString = NULL;\r
+ StartOpCodeHandle = NULL;\r
+ EndOpCodeHandle = NULL;\r
+ Index = 0;\r
+ VariableData = NULL;\r
+\r
+ //\r
+ // Initialize the container for dynamic opcodes.\r
+ //\r
+ StartOpCodeHandle = HiiAllocateOpCodeHandle ();\r
+ if (StartOpCodeHandle == NULL) {\r
+ Status = EFI_OUT_OF_RESOURCES;\r
+ goto ON_EXIT;\r
+ }\r
+\r
+ EndOpCodeHandle = HiiAllocateOpCodeHandle ();\r
+ if (EndOpCodeHandle == NULL) {\r
+ Status = EFI_OUT_OF_RESOURCES;\r
+ goto ON_EXIT;\r
+ }\r
+\r
+ //\r
+ // Create Hii Extend Label OpCode.\r
+ //\r
+ StartLabel = (EFI_IFR_GUID_LABEL *)HiiCreateGuidOpCode (\r
+ StartOpCodeHandle,\r
+ &gEfiIfrTianoGuid,\r
+ NULL,\r
+ sizeof (EFI_IFR_GUID_LABEL)\r
+ );\r
+ StartLabel->ExtendOpCode = EFI_IFR_EXTEND_OP_LABEL;\r
+ StartLabel->Number = LabelId;\r
+\r
+ EndLabel = (EFI_IFR_GUID_LABEL *)HiiCreateGuidOpCode (\r
+ EndOpCodeHandle,\r
+ &gEfiIfrTianoGuid,\r
+ NULL,\r
+ sizeof (EFI_IFR_GUID_LABEL)\r
+ );\r
+ EndLabel->ExtendOpCode = EFI_IFR_EXTEND_OP_LABEL;\r
+ EndLabel->Number = LABEL_END;\r
+\r
+ if (PrivateData->VariableName == Variable_DB) {\r
+ UnicodeSPrint (VariableName, sizeof (VariableName), EFI_IMAGE_SECURITY_DATABASE);\r
+ } else if (PrivateData->VariableName == Variable_DBX) {\r
+ UnicodeSPrint (VariableName, sizeof (VariableName), EFI_IMAGE_SECURITY_DATABASE1);\r
+ } else if (PrivateData->VariableName == Variable_DBT) {\r
+ UnicodeSPrint (VariableName, sizeof (VariableName), EFI_IMAGE_SECURITY_DATABASE2);\r
+ } else {\r
+ goto ON_EXIT;\r
+ }\r
+\r
+ //\r
+ // Read Variable, the variable name save in the PrivateData->VariableName.\r
+ //\r
+ DataSize = 0;\r
+ Status = gRT->GetVariable (VariableName, &gEfiImageSecurityDatabaseGuid, NULL, &DataSize, VariableData);\r
+ if (EFI_ERROR (Status) && Status != EFI_BUFFER_TOO_SMALL) {\r
+ goto ON_EXIT;\r
+ }\r
+\r
+ VariableData = AllocateZeroPool (DataSize);\r
+ if (VariableData == NULL) {\r
+ Status = EFI_OUT_OF_RESOURCES;\r
+ goto ON_EXIT;\r
+ }\r
+ Status = gRT->GetVariable (VariableName, &gEfiImageSecurityDatabaseGuid, NULL, &DataSize, VariableData);\r
+ if (EFI_ERROR (Status)) {\r
+ goto ON_EXIT;\r
+ }\r
+\r
+ RemainingSize = DataSize;\r
+ ListWalker = (EFI_SIGNATURE_LIST *)VariableData;\r
+\r
+ //\r
+ // Skip signature list.\r
+ //\r
+ while ((RemainingSize > 0) && (RemainingSize >= ListWalker->SignatureListSize) && ListIndex-- > 0) {\r
+ RemainingSize -= ListWalker->SignatureListSize;\r
+ ListWalker = (EFI_SIGNATURE_LIST *)((UINT8 *)ListWalker + ListWalker->SignatureListSize);\r
+ }\r
+\r
+ FormatNameString = HiiGetString (PrivateData->HiiHandle, STRING_TOKEN (STR_SIGNATURE_DATA_NAME_FORMAT), NULL);\r
+ if (FormatNameString == NULL) {\r
+ goto ON_EXIT;\r
+ }\r
+\r
+ DataWalker = (EFI_SIGNATURE_DATA *)((UINT8 *)ListWalker + sizeof(EFI_SIGNATURE_LIST) + ListWalker->SignatureHeaderSize);\r
+ for (Index = 0; Index < SIGNATURE_DATA_COUNTS(ListWalker); Index = Index + 1) {\r
+ //\r
+ // Format name buffer.\r
+ //\r
+ ZeroMem (NameBuffer, sizeof (NameBuffer));\r
+ UnicodeSPrint (NameBuffer, sizeof (NameBuffer), FormatNameString, Index + 1);\r
+\r
+ //\r
+ // Format help info buffer.\r
+ //\r
+ Status = FormatHelpInfo (PrivateData, ListWalker, DataWalker, &HelpStringId);\r
+ if (EFI_ERROR (Status)) {\r
+ goto ON_EXIT;\r
+ }\r
+\r
+ HiiCreateCheckBoxOpCode (\r
+ StartOpCodeHandle,\r
+ (EFI_QUESTION_ID)(QuestionIdBase + Index),\r
+ 0,\r
+ 0,\r
+ HiiSetString (PrivateData->HiiHandle, 0, NameBuffer, NULL),\r
+ HelpStringId,\r
+ EFI_IFR_FLAG_CALLBACK,\r
+ 0,\r
+ NULL\r
+ );\r
+\r
+ ZeroMem(NameBuffer, 100);\r
+ DataWalker = (EFI_SIGNATURE_DATA *)((UINT8 *)DataWalker + ListWalker->SignatureSize);\r
+ }\r
+\r
+ //\r
+ // Allocate a buffer to record which signature data will be checked.\r
+ // This memory buffer will be freed when exit from the SECUREBOOT_DELETE_SIGNATURE_DATA_FORM form.\r
+ //\r
+ PrivateData->CheckArray = AllocateZeroPool (SIGNATURE_DATA_COUNTS (ListWalker) * sizeof (BOOLEAN));\r
+ON_EXIT:\r
+ HiiUpdateForm (\r
+ PrivateData->HiiHandle,\r
+ &gSecureBootConfigFormSetGuid,\r
+ FormId,\r
+ StartOpCodeHandle,\r
+ EndOpCodeHandle\r
+ );\r
+\r
+ SECUREBOOT_FREE_NON_OPCODE (StartOpCodeHandle);\r
+ SECUREBOOT_FREE_NON_OPCODE (EndOpCodeHandle);\r
+\r
+ SECUREBOOT_FREE_NON_NULL (VariableData);\r
+ SECUREBOOT_FREE_NON_NULL (FormatNameString);\r
+\r
+ return Status;\r
+}\r
+\r
/**\r
This function is called to provide results data to the driver.\r
\r
UINTN NameLength;\r
UINT16 *FilePostFix;\r
SECUREBOOT_CONFIG_PRIVATE_DATA *PrivateData;\r
+ BOOLEAN GetBrowserDataResult;\r
\r
Status = EFI_SUCCESS;\r
SecureBootEnable = NULL;\r
return EFI_OUT_OF_RESOURCES;\r
}\r
\r
- HiiGetBrowserData (&gSecureBootConfigFormSetGuid, mSecureBootStorageName, BufferSize, (UINT8 *) IfrNvData);\r
+ GetBrowserDataResult = HiiGetBrowserData (&gSecureBootConfigFormSetGuid, mSecureBootStorageName, BufferSize, (UINT8 *) IfrNvData);\r
\r
if (Action == EFI_BROWSER_ACTION_FORM_OPEN) {\r
if (QuestionId == KEY_SECURE_BOOT_MODE) {\r
(QuestionId == KEY_SECURE_BOOT_DBX_OPTION) ||\r
(QuestionId == KEY_SECURE_BOOT_DBT_OPTION)) {\r
CloseEnrolledFile(Private->FileContext);\r
+ } else if (QuestionId == KEY_SECURE_BOOT_DELETE_ALL_LIST) {\r
+ //\r
+ // Update ListCount field in varstore\r
+ // Button "Delete All Signature List" is\r
+ // enable when ListCount is greater than 0.\r
+ //\r
+ IfrNvData->ListCount = Private->ListCount;\r
}\r
}\r
goto EXIT;\r
Value->u8 = SECURE_BOOT_MODE_STANDARD;\r
Status = EFI_SUCCESS;\r
}\r
- } \r
+ }\r
goto EXIT;\r
}\r
\r
);\r
break;\r
\r
- case SECUREBOOT_DELETE_SIGNATURE_FROM_DBX:\r
- UpdateDeletePage (\r
+ //\r
+ // From DBX option to the level-1 form, display signature list.\r
+ //\r
+ case KEY_VALUE_FROM_DBX_TO_LIST_FORM:\r
+ Private->VariableName = Variable_DBX;\r
+ LoadSignatureList (\r
Private,\r
- EFI_IMAGE_SECURITY_DATABASE1,\r
- &gEfiImageSecurityDatabaseGuid,\r
- LABEL_DBX_DELETE,\r
- SECUREBOOT_DELETE_SIGNATURE_FROM_DBX,\r
- OPTION_DEL_DBX_QUESTION_ID\r
- );\r
+ LABEL_SIGNATURE_LIST_START,\r
+ SECUREBOOT_DELETE_SIGNATURE_LIST_FORM,\r
+ OPTION_SIGNATURE_LIST_QUESTION_ID\r
+ );\r
+ break;\r
+\r
+ //\r
+ // Delete all signature list and reload.\r
+ //\r
+ case KEY_SECURE_BOOT_DELETE_ALL_LIST:\r
+ CreatePopUp(\r
+ EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE,\r
+ &Key,\r
+ L"Press 'Y' to delete signature list.",\r
+ L"Press other key to cancel and exit.",\r
+ NULL\r
+ );\r
+\r
+ if (Key.UnicodeChar == L'Y' || Key.UnicodeChar == L'y') {\r
+ DeleteSignatureEx (Private, Delete_Signature_List_All, IfrNvData->CheckedDataCount);\r
+ }\r
+\r
+ LoadSignatureList (\r
+ Private,\r
+ LABEL_SIGNATURE_LIST_START,\r
+ SECUREBOOT_DELETE_SIGNATURE_LIST_FORM,\r
+ OPTION_SIGNATURE_LIST_QUESTION_ID\r
+ );\r
+ break;\r
\r
+ //\r
+ // Delete one signature list and reload.\r
+ //\r
+ case KEY_SECURE_BOOT_DELETE_ALL_DATA:\r
+ CreatePopUp(\r
+ EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE,\r
+ &Key,\r
+ L"Press 'Y' to delete signature data.",\r
+ L"Press other key to cancel and exit.",\r
+ NULL\r
+ );\r
+\r
+ if (Key.UnicodeChar == L'Y' || Key.UnicodeChar == L'y') {\r
+ DeleteSignatureEx (Private, Delete_Signature_List_One, IfrNvData->CheckedDataCount);\r
+ }\r
+\r
+ LoadSignatureList (\r
+ Private,\r
+ LABEL_SIGNATURE_LIST_START,\r
+ SECUREBOOT_DELETE_SIGNATURE_LIST_FORM,\r
+ OPTION_SIGNATURE_LIST_QUESTION_ID\r
+ );\r
+ break;\r
+\r
+ //\r
+ // Delete checked signature data and reload.\r
+ //\r
+ case KEY_SECURE_BOOT_DELETE_CHECK_DATA:\r
+ CreatePopUp(\r
+ EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE,\r
+ &Key,\r
+ L"Press 'Y' to delete signature data.",\r
+ L"Press other key to cancel and exit.",\r
+ NULL\r
+ );\r
+\r
+ if (Key.UnicodeChar == L'Y' || Key.UnicodeChar == L'y') {\r
+ DeleteSignatureEx (Private, Delete_Signature_Data, IfrNvData->CheckedDataCount);\r
+ }\r
+\r
+ LoadSignatureList (\r
+ Private,\r
+ LABEL_SIGNATURE_LIST_START,\r
+ SECUREBOOT_DELETE_SIGNATURE_LIST_FORM,\r
+ OPTION_SIGNATURE_LIST_QUESTION_ID\r
+ );\r
break;\r
\r
case SECUREBOOT_DELETE_SIGNATURE_FROM_DBT:\r
OPTION_DEL_DB_QUESTION_ID,\r
QuestionId - OPTION_DEL_DB_QUESTION_ID\r
);\r
- } else if ((QuestionId >= OPTION_DEL_DBX_QUESTION_ID) &&\r
- (QuestionId < (OPTION_DEL_DBX_QUESTION_ID + OPTION_CONFIG_RANGE))) {\r
- DeleteSignature (\r
+ } else if ((QuestionId >= OPTION_SIGNATURE_LIST_QUESTION_ID) &&\r
+ (QuestionId < (OPTION_SIGNATURE_LIST_QUESTION_ID + OPTION_CONFIG_RANGE))) {\r
+ LoadSignatureData (\r
Private,\r
- EFI_IMAGE_SECURITY_DATABASE1,\r
- &gEfiImageSecurityDatabaseGuid,\r
- LABEL_DBX_DELETE,\r
- SECUREBOOT_DELETE_SIGNATURE_FROM_DBX,\r
- OPTION_DEL_DBX_QUESTION_ID,\r
- QuestionId - OPTION_DEL_DBX_QUESTION_ID\r
- );\r
+ LABEL_SIGNATURE_DATA_START,\r
+ SECUREBOOT_DELETE_SIGNATURE_DATA_FORM,\r
+ OPTION_SIGNATURE_DATA_QUESTION_ID,\r
+ QuestionId - OPTION_SIGNATURE_LIST_QUESTION_ID\r
+ );\r
+ Private->ListIndex = QuestionId - OPTION_SIGNATURE_LIST_QUESTION_ID;\r
+ } else if ((QuestionId >= OPTION_SIGNATURE_DATA_QUESTION_ID) &&\r
+ (QuestionId < (OPTION_SIGNATURE_DATA_QUESTION_ID + OPTION_CONFIG_RANGE))) {\r
+ if (Private->CheckArray[QuestionId - OPTION_SIGNATURE_DATA_QUESTION_ID]) {\r
+ IfrNvData->CheckedDataCount--;\r
+ Private->CheckArray[QuestionId - OPTION_SIGNATURE_DATA_QUESTION_ID] = FALSE;\r
+ } else {\r
+ IfrNvData->CheckedDataCount++;\r
+ Private->CheckArray[QuestionId - OPTION_SIGNATURE_DATA_QUESTION_ID] = TRUE;\r
+ }\r
} else if ((QuestionId >= OPTION_DEL_DBT_QUESTION_ID) &&\r
(QuestionId < (OPTION_DEL_DBT_QUESTION_ID + OPTION_CONFIG_RANGE))) {\r
DeleteSignature (\r
if (SecureBootMode != NULL) {\r
FreePool (SecureBootMode);\r
}\r
+\r
+ if (QuestionId == KEY_SECURE_BOOT_DELETE_ALL_DATA) {\r
+ //\r
+ // Free memory when exit from the SECUREBOOT_DELETE_SIGNATURE_DATA_FORM form.\r
+ //\r
+ SECUREBOOT_FREE_NON_NULL (Private->CheckArray);\r
+ IfrNvData->CheckedDataCount = 0;\r
+ }\r
}\r
\r
EXIT:\r
\r
- if (!EFI_ERROR (Status)) {\r
+ if (!EFI_ERROR (Status) && GetBrowserDataResult) {\r
BufferSize = sizeof (SECUREBOOT_CONFIGURATION);\r
HiiSetBrowserData (&gSecureBootConfigFormSetGuid, mSecureBootStorageName, BufferSize, (UINT8*) IfrNvData, NULL);\r
}\r