/** @file\r
HII Config Access protocol implementation of SecureBoot configuration module.\r
\r
-Copyright (c) 2011 - 2017, Intel Corporation. All rights reserved.<BR>\r
-This program and the accompanying materials\r
-are licensed and made available under the terms and conditions of the BSD License\r
-which accompanies this distribution. The full text of the license may be found at\r
-http://opensource.org/licenses/bsd-license.php\r
-\r
-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,\r
-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
+Copyright (c) 2011 - 2018, Intel Corporation. All rights reserved.<BR>\r
+(C) Copyright 2018 Hewlett Packard Enterprise Development LP<BR>\r
+SPDX-License-Identifier: BSD-2-Clause-Patent\r
\r
**/\r
\r
it's caller's responsibility to free the memory when finish using it.\r
\r
@retval EFI_SUCCESS Create time based payload successfully.\r
- @retval EFI_OUT_OF_RESOURCES There are not enough memory resourses to create time based payload.\r
+ @retval EFI_OUT_OF_RESOURCES There are not enough memory resources to create time based payload.\r
@retval EFI_INVALID_PARAMETER The parameter is invalid.\r
@retval Others Unexpected error happens.\r
\r
@param[out] PkCert Point to the data buffer to store the signature list.\r
\r
@return EFI_UNSUPPORTED Unsupported Key Length.\r
- @return EFI_OUT_OF_RESOURCES There are not enough memory resourses to form the signature list.\r
+ @return EFI_OUT_OF_RESOURCES There are not enough memory resources to form the signature list.\r
\r
**/\r
EFI_STATUS\r
DEBUG ((EFI_D_INFO, "FilePostFix = %s\n", FilePostFix));\r
\r
//\r
- // Prase the selected PK file and generature PK certificate list.\r
+ // Prase the selected PK file and generate PK certificate list.\r
//\r
Status = CreatePkX509SignatureList (\r
Private->FileContext->FHandle,\r
}\r
\r
//\r
- // Enumerate all signature data in SigDB to check if executable's signature exists.\r
+ // Enumerate all signature data in SigDB to check if signature exists for executable.\r
//\r
CertList = (EFI_SIGNATURE_LIST *) Data;\r
while ((DataSize > 0) && (DataSize >= CertList->SignatureListSize)) {\r
/**\r
Check whether the signature list exists in given variable data.\r
\r
- It searches the signature list for the ceritificate hash by CertType.\r
+ It searches the signature list for the certificate hash by CertType.\r
If the signature list is found, get the offset of Database for the\r
next hash of a certificate.\r
\r
Calculate hash of Pe/Coff image based on the authenticode image hashing in\r
PE/COFF Specification 8.0 Appendix A\r
\r
- Notes: PE/COFF image has been checked by BasePeCoffLib PeCoffLoaderGetImageInfo() in \r
+ Notes: PE/COFF image has been checked by BasePeCoffLib PeCoffLoaderGetImageInfo() in\r
the function LoadPeImage ().\r
\r
@param[in] HashAlg Hash algorithm type.\r
)\r
{\r
BOOLEAN Status;\r
- UINT16 Magic;\r
EFI_IMAGE_SECTION_HEADER *Section;\r
VOID *HashCtx;\r
UINTN CtxSize;\r
// Measuring PE/COFF Image Header;\r
// But CheckSum field and SECURITY data directory (certificate) are excluded\r
//\r
- if (mNtHeader.Pe32->FileHeader.Machine == IMAGE_FILE_MACHINE_IA64 && mNtHeader.Pe32->OptionalHeader.Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) {\r
- //\r
- // NOTE: Some versions of Linux ELILO for Itanium have an incorrect magic value\r
- // in the PE/COFF Header. If the MachineType is Itanium(IA64) and the\r
- // Magic value in the OptionalHeader is EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC\r
- // then override the magic value to EFI_IMAGE_NT_OPTIONAL_HDR64_MAGIC\r
- //\r
- Magic = EFI_IMAGE_NT_OPTIONAL_HDR64_MAGIC;\r
- } else {\r
- //\r
- // Get the magic value from the PE/COFF Optional Header\r
- //\r
- Magic = mNtHeader.Pe32->OptionalHeader.Magic;\r
- }\r
\r
//\r
// 3. Calculate the distance from the base of the image header to the image checksum address.\r
// 4. Hash the image header from its base to beginning of the image checksum.\r
//\r
HashBase = mImageBase;\r
- if (Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) {\r
+ if (mNtHeader.Pe32->OptionalHeader.Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) {\r
//\r
// Use PE32 offset.\r
//\r
// 6. Get the address of the beginning of the Cert Directory.\r
// 7. Hash everything from the end of the checksum to the start of the Cert Directory.\r
//\r
- if (Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) {\r
+ if (mNtHeader.Pe32->OptionalHeader.Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) {\r
//\r
// Use PE32 offset.\r
//\r
// 8. Skip over the Cert Directory. (It is sizeof(IMAGE_DATA_DIRECTORY) bytes.)\r
// 9. Hash everything from the end of the Cert Directory to the end of image header.\r
//\r
- if (Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) {\r
+ if (mNtHeader.Pe32->OptionalHeader.Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) {\r
//\r
// Use PE32 offset\r
//\r
//\r
// 10. Set the SUM_OF_BYTES_HASHED to the size of the header.\r
//\r
- if (Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) {\r
+ if (mNtHeader.Pe32->OptionalHeader.Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) {\r
//\r
// Use PE32 offset.\r
//\r
//\r
if (mImageSize > SumOfBytesHashed) {\r
HashBase = mImageBase + SumOfBytesHashed;\r
- if (Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) {\r
+ if (mNtHeader.Pe32->OptionalHeader.Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) {\r
//\r
// Use PE32 offset.\r
//\r
}\r
\r
/**\r
- Enroll a new executable's signature into Signature Database.\r
+ Enroll a new signature of executable into Signature Database.\r
\r
@param[in] PrivateData The module's private data.\r
@param[in] VariableName Variable name of signature database, must be\r
}\r
\r
//\r
- // Diretly set AUTHENTICATION_2 data to SetVariable\r
+ // Directly set AUTHENTICATION_2 data to SetVariable\r
//\r
Status = gRT->SetVariable(\r
VariableName,\r
\r
\r
/**\r
- Enroll a new executable's signature into Signature Database.\r
+ Enroll a new signature of executable into Signature Database.\r
\r
@param[in] PrivateData The module's private data.\r
@param[in] VariableName Variable name of signature database, must be\r
// Form the SigDB certificate list.\r
// Format the data item into EFI_SIGNATURE_LIST type.\r
//\r
- // We need to parse executable's signature data from specified signed executable file.\r
+ // We need to parse signature data of executable from specified signed executable file.\r
// In current implementation, we simply trust the pass-in signed executable file.\r
// In reality, it's OS's responsibility to verify the signed executable file.\r
//\r
if (DelType == Delete_Signature_List_All) {\r
VariableDataSize = 0;\r
} else {\r
+ //\r
+ // Traverse to target EFI_SIGNATURE_LIST but others will be skipped.\r
+ //\r
while ((RemainingSize > 0) && (RemainingSize >= ListWalker->SignatureListSize) && ListIndex < PrivateData->ListIndex) {\r
CopyMem ((UINT8 *)NewVariableData + Offset, ListWalker, ListWalker->SignatureListSize);\r
Offset += ListWalker->SignatureListSize;\r
ListIndex++;\r
}\r
\r
- if (CheckedCount == SIGNATURE_DATA_COUNTS (ListWalker) || DelType == Delete_Signature_List_One) {\r
- RemainingSize -= ListWalker->SignatureListSize;\r
- ListWalker = (EFI_SIGNATURE_LIST *)((UINT8 *)ListWalker + ListWalker->SignatureListSize);\r
- } else {\r
+ //\r
+ // Handle the target EFI_SIGNATURE_LIST.\r
+ // If CheckedCount == SIGNATURE_DATA_COUNTS (ListWalker) or DelType == Delete_Signature_List_One\r
+ // it means delete the whole EFI_SIGNATURE_LIST, So we just skip this EFI_SIGNATURE_LIST.\r
+ //\r
+ if (CheckedCount < SIGNATURE_DATA_COUNTS (ListWalker) && DelType == Delete_Signature_Data) {\r
NewCertList = (EFI_SIGNATURE_LIST *)(NewVariableData + Offset);\r
//\r
// Copy header.\r
//\r
- CopyMem ((UINT8 *)NewVariableData, ListWalker, sizeof (EFI_SIGNATURE_LIST) + ListWalker->SignatureHeaderSize);\r
+ CopyMem ((UINT8 *)NewVariableData + Offset, ListWalker, sizeof (EFI_SIGNATURE_LIST) + ListWalker->SignatureHeaderSize);\r
Offset += sizeof (EFI_SIGNATURE_LIST) + ListWalker->SignatureHeaderSize;\r
\r
DataWalker = (EFI_SIGNATURE_DATA *)((UINT8 *)ListWalker + sizeof(EFI_SIGNATURE_LIST) + ListWalker->SignatureHeaderSize);\r
}\r
DataWalker = (EFI_SIGNATURE_DATA *)((UINT8 *)DataWalker + ListWalker->SignatureSize);\r
}\r
-\r
- RemainingSize -= ListWalker->SignatureListSize;\r
}\r
\r
+ RemainingSize -= ListWalker->SignatureListSize;\r
+ ListWalker = (EFI_SIGNATURE_LIST *)((UINT8 *)ListWalker + ListWalker->SignatureListSize);\r
+\r
//\r
// Copy remaining data, maybe 0.\r
//\r
SecureBootMode = NULL;\r
\r
//\r
- // Initilize the Date and Time using system time.\r
+ // Initialize the Date and Time using system time.\r
//\r
ConfigData->CertificateFormat = HASHALG_RAW;\r
ConfigData->AlwaysRevocation = TRUE;\r
}\r
\r
//\r
- // Check SecureBootEnable & Pk status, fix the inconsistence. \r
+ // Check SecureBootEnable & Pk status, fix the inconsistency.\r
// If the SecureBootEnable Variable doesn't exist, hide the SecureBoot Enable/Disable\r
// Checkbox.\r
//\r
ConfigData->AttemptSecureBoot = FALSE;\r
- GetVariable2 (EFI_SECURE_BOOT_ENABLE_NAME, &gEfiSecureBootEnableDisableGuid, (VOID**)&SecureBootEnable, NULL); \r
+ GetVariable2 (EFI_SECURE_BOOT_ENABLE_NAME, &gEfiSecureBootEnableDisableGuid, (VOID**)&SecureBootEnable, NULL);\r
\r
//\r
- // Fix Pk, SecureBootEnable inconsistence\r
+ // Fix Pk and SecureBootEnable inconsistency\r
//\r
if ((SetupMode != NULL) && (*SetupMode) == USER_MODE) {\r
ConfigData->HideSecureBoot = FALSE;\r
{\r
EFI_STATUS Status;\r
EFI_STRING_ID ListType;\r
+ EFI_STRING FormatNameString;\r
+ EFI_STRING FormatHelpString;\r
+ EFI_STRING FormatTypeString;\r
EFI_SIGNATURE_LIST *ListWalker;\r
EFI_IFR_GUID_LABEL *StartLabel;\r
EFI_IFR_GUID_LABEL *EndLabel;\r
CHAR16 HelpBuffer[BUFFER_MAX_SIZE];\r
\r
Status = EFI_SUCCESS;\r
+ FormatNameString = NULL;\r
+ FormatHelpString = NULL;\r
StartOpCodeHandle = NULL;\r
EndOpCodeHandle = NULL;\r
StartGotoHandle = NULL;\r
goto ON_EXIT;\r
}\r
\r
+ FormatNameString = HiiGetString (PrivateData->HiiHandle, STRING_TOKEN (STR_SIGNATURE_LIST_NAME_FORMAT), NULL);\r
+ FormatHelpString = HiiGetString (PrivateData->HiiHandle, STRING_TOKEN (STR_SIGNATURE_LIST_HELP_FORMAT), NULL);\r
+ if (FormatNameString == NULL || FormatHelpString == NULL) {\r
+ goto ON_EXIT;\r
+ }\r
+\r
RemainingSize = DataSize;\r
ListWalker = (EFI_SIGNATURE_LIST *)VariableData;\r
while ((RemainingSize > 0) && (RemainingSize >= ListWalker->SignatureListSize)) {\r
} else {\r
ListType = STRING_TOKEN (STR_LIST_TYPE_UNKNOWN);\r
}\r
+ FormatTypeString = HiiGetString (PrivateData->HiiHandle, ListType, NULL);\r
+ if (FormatTypeString == NULL) {\r
+ goto ON_EXIT;\r
+ }\r
\r
ZeroMem (NameBuffer, sizeof (NameBuffer));\r
- UnicodeSPrint (NameBuffer,\r
- sizeof (NameBuffer),\r
- HiiGetString (PrivateData->HiiHandle, STRING_TOKEN (STR_SIGNATURE_LIST_NAME_FORMAT), NULL),\r
- Index + 1\r
- );\r
+ UnicodeSPrint (NameBuffer, sizeof (NameBuffer), FormatNameString, Index + 1);\r
\r
ZeroMem (HelpBuffer, sizeof (HelpBuffer));\r
UnicodeSPrint (HelpBuffer,\r
sizeof (HelpBuffer),\r
- HiiGetString (PrivateData->HiiHandle, STRING_TOKEN (STR_SIGNATURE_LIST_HELP_FORMAT), NULL),\r
- HiiGetString (PrivateData->HiiHandle, ListType, NULL),\r
+ FormatHelpString,\r
+ FormatTypeString,\r
SIGNATURE_DATA_COUNTS (ListWalker)\r
);\r
+ SECUREBOOT_FREE_NON_NULL (FormatTypeString);\r
+ FormatTypeString = NULL;\r
\r
HiiCreateGotoOpCode (\r
StartOpCodeHandle,\r
SECUREBOOT_FREE_NON_OPCODE (EndGotoHandle);\r
\r
SECUREBOOT_FREE_NON_NULL (VariableData);\r
+ SECUREBOOT_FREE_NON_NULL (FormatNameString);\r
+ SECUREBOOT_FREE_NON_NULL (FormatHelpString);\r
\r
PrivateData->ListCount = Index;\r
\r
EFI_STATUS Status;\r
EFI_TIME *Time;\r
EFI_STRING_ID ListTypeId;\r
+ EFI_STRING FormatHelpString;\r
+ EFI_STRING FormatTypeString;\r
UINTN DataSize;\r
UINTN HelpInfoIndex;\r
UINTN TotalSize;\r
CHAR16 *HelpInfoString;\r
BOOLEAN IsCert;\r
\r
- Status = EFI_SUCCESS;\r
- Time = NULL;\r
- HelpInfoIndex = 0;\r
- DataString = NULL;\r
- HelpInfoString = NULL;\r
- IsCert = FALSE;\r
+ Status = EFI_SUCCESS;\r
+ Time = NULL;\r
+ FormatTypeString = NULL;\r
+ HelpInfoIndex = 0;\r
+ DataString = NULL;\r
+ HelpInfoString = NULL;\r
+ IsCert = FALSE;\r
\r
if (CompareGuid(&ListEntry->SignatureType, &gEfiCertRsa2048Guid)) {\r
ListTypeId = STRING_TOKEN(STR_LIST_TYPE_RSA2048_SHA256);\r
goto ON_EXIT;\r
}\r
\r
+ FormatTypeString = HiiGetString (PrivateData->HiiHandle, ListTypeId, NULL);\r
+ if (FormatTypeString == NULL) {\r
+ goto ON_EXIT;\r
+ }\r
+\r
TotalSize = 1024;\r
HelpInfoString = AllocateZeroPool (TotalSize);\r
if (HelpInfoString == NULL) {\r
//\r
ZeroMem (GuidString, sizeof (GuidString));\r
GuidToString(&DataEntry->SignatureOwner, GuidString, BUFFER_MAX_SIZE);\r
+ FormatHelpString = HiiGetString (PrivateData->HiiHandle, STRING_TOKEN (STR_SIGNATURE_DATA_HELP_FORMAT_GUID), NULL);\r
+ if (FormatHelpString == NULL) {\r
+ goto ON_EXIT;\r
+ }\r
HelpInfoIndex += UnicodeSPrint (\r
&HelpInfoString[HelpInfoIndex],\r
TotalSize - sizeof(CHAR16) * HelpInfoIndex,\r
- HiiGetString (PrivateData->HiiHandle, STRING_TOKEN (STR_SIGNATURE_DATA_HELP_FORMAT_GUID), NULL),\r
+ FormatHelpString,\r
GuidString\r
);\r
+ SECUREBOOT_FREE_NON_NULL (FormatHelpString);\r
+ FormatHelpString = NULL;\r
\r
//\r
// Format content part, it depends on the type of signature list, hash value or CN.\r
//\r
if (IsCert) {\r
GetCommonNameFromX509 (ListEntry, DataEntry, &DataString);\r
- HelpInfoIndex += UnicodeSPrint(\r
- &HelpInfoString[HelpInfoIndex],\r
- TotalSize - sizeof(CHAR16) * HelpInfoIndex,\r
- HiiGetString (PrivateData->HiiHandle, STRING_TOKEN (STR_SIGNATURE_DATA_HELP_FORMAT_CN), NULL),\r
- HiiGetString (PrivateData->HiiHandle, ListTypeId, NULL),\r
- DataSize,\r
- DataString\r
- );\r
+ FormatHelpString = HiiGetString (PrivateData->HiiHandle, STRING_TOKEN (STR_SIGNATURE_DATA_HELP_FORMAT_CN), NULL);\r
} else {\r
//\r
// Format hash value for each signature data entry.\r
//\r
ParseHashValue (ListEntry, DataEntry, &DataString);\r
- HelpInfoIndex += UnicodeSPrint (\r
- &HelpInfoString[HelpInfoIndex],\r
- TotalSize - sizeof(CHAR16) * HelpInfoIndex,\r
- HiiGetString (PrivateData->HiiHandle, STRING_TOKEN (STR_SIGNATURE_DATA_HELP_FORMAT_HASH), NULL),\r
- HiiGetString (PrivateData->HiiHandle, ListTypeId, NULL),\r
- DataSize,\r
- DataString\r
- );\r
+ FormatHelpString = HiiGetString (PrivateData->HiiHandle, STRING_TOKEN (STR_SIGNATURE_DATA_HELP_FORMAT_HASH), NULL);\r
}\r
+ if (FormatHelpString == NULL) {\r
+ goto ON_EXIT;\r
+ }\r
+ HelpInfoIndex += UnicodeSPrint (\r
+ &HelpInfoString[HelpInfoIndex],\r
+ TotalSize - sizeof (CHAR16) * HelpInfoIndex,\r
+ FormatHelpString,\r
+ FormatTypeString,\r
+ DataSize,\r
+ DataString\r
+ );\r
+ SECUREBOOT_FREE_NON_NULL (FormatHelpString);\r
+ FormatHelpString = NULL;\r
\r
//\r
// Format revocation time part.\r
Time->Minute,\r
Time->Second\r
);\r
-\r
+ FormatHelpString = HiiGetString (PrivateData->HiiHandle, STRING_TOKEN (STR_SIGNATURE_DATA_HELP_FORMAT_TIME), NULL);\r
+ if (FormatHelpString == NULL) {\r
+ goto ON_EXIT;\r
+ }\r
UnicodeSPrint (\r
&HelpInfoString[HelpInfoIndex],\r
TotalSize - sizeof (CHAR16) * HelpInfoIndex,\r
- HiiGetString (PrivateData->HiiHandle, STRING_TOKEN (STR_SIGNATURE_DATA_HELP_FORMAT_TIME), NULL),\r
+ FormatHelpString,\r
TimeString\r
);\r
+ SECUREBOOT_FREE_NON_NULL (FormatHelpString);\r
+ FormatHelpString = NULL;\r
}\r
\r
*StringId = HiiSetString (PrivateData->HiiHandle, 0, HelpInfoString, NULL);\r
SECUREBOOT_FREE_NON_NULL (DataString);\r
SECUREBOOT_FREE_NON_NULL (HelpInfoString);\r
\r
+ SECUREBOOT_FREE_NON_NULL (FormatTypeString);\r
+\r
return Status;\r
}\r
\r
EFI_IFR_GUID_LABEL *StartLabel;\r
EFI_IFR_GUID_LABEL *EndLabel;\r
EFI_STRING_ID HelpStringId;\r
+ EFI_STRING FormatNameString;\r
VOID *StartOpCodeHandle;\r
VOID *EndOpCodeHandle;\r
UINTN DataSize;\r
CHAR16 NameBuffer[BUFFER_MAX_SIZE];\r
\r
Status = EFI_SUCCESS;\r
+ FormatNameString = NULL;\r
StartOpCodeHandle = NULL;\r
EndOpCodeHandle = NULL;\r
Index = 0;\r
ListWalker = (EFI_SIGNATURE_LIST *)((UINT8 *)ListWalker + ListWalker->SignatureListSize);\r
}\r
\r
+ FormatNameString = HiiGetString (PrivateData->HiiHandle, STRING_TOKEN (STR_SIGNATURE_DATA_NAME_FORMAT), NULL);\r
+ if (FormatNameString == NULL) {\r
+ goto ON_EXIT;\r
+ }\r
+\r
DataWalker = (EFI_SIGNATURE_DATA *)((UINT8 *)ListWalker + sizeof(EFI_SIGNATURE_LIST) + ListWalker->SignatureHeaderSize);\r
for (Index = 0; Index < SIGNATURE_DATA_COUNTS(ListWalker); Index = Index + 1) {\r
//\r
// Format name buffer.\r
//\r
ZeroMem (NameBuffer, sizeof (NameBuffer));\r
- UnicodeSPrint (NameBuffer,\r
- sizeof (NameBuffer),\r
- HiiGetString (PrivateData->HiiHandle, STRING_TOKEN (STR_SIGNATURE_DATA_NAME_FORMAT), NULL),\r
- Index + 1\r
- );\r
+ UnicodeSPrint (NameBuffer, sizeof (NameBuffer), FormatNameString, Index + 1);\r
\r
//\r
// Format help info buffer.\r
SECUREBOOT_FREE_NON_OPCODE (EndOpCodeHandle);\r
\r
SECUREBOOT_FREE_NON_NULL (VariableData);\r
+ SECUREBOOT_FREE_NON_NULL (FormatNameString);\r
\r
return Status;\r
}\r
UINTN NameLength;\r
UINT16 *FilePostFix;\r
SECUREBOOT_CONFIG_PRIVATE_DATA *PrivateData;\r
+ BOOLEAN GetBrowserDataResult;\r
\r
Status = EFI_SUCCESS;\r
SecureBootEnable = NULL;\r
return EFI_OUT_OF_RESOURCES;\r
}\r
\r
- HiiGetBrowserData (&gSecureBootConfigFormSetGuid, mSecureBootStorageName, BufferSize, (UINT8 *) IfrNvData);\r
+ GetBrowserDataResult = HiiGetBrowserData (&gSecureBootConfigFormSetGuid, mSecureBootStorageName, BufferSize, (UINT8 *) IfrNvData);\r
\r
if (Action == EFI_BROWSER_ACTION_FORM_OPEN) {\r
if (QuestionId == KEY_SECURE_BOOT_MODE) {\r
Value->u8 = SECURE_BOOT_MODE_STANDARD;\r
Status = EFI_SUCCESS;\r
}\r
- } \r
+ }\r
goto EXIT;\r
}\r
\r
\r
EXIT:\r
\r
- if (!EFI_ERROR (Status)) {\r
+ if (!EFI_ERROR (Status) && GetBrowserDataResult) {\r
BufferSize = sizeof (SECUREBOOT_CONFIGURATION);\r
HiiSetBrowserData (&gSecureBootConfigFormSetGuid, mSecureBootStorageName, BufferSize, (UINT8*) IfrNvData, NULL);\r
}\r