/** @file\r
HII Config Access protocol implementation of SecureBoot configuration module.\r
\r
-Copyright (c) 2011 - 2012, Intel Corporation. All rights reserved.<BR>\r
+Copyright (c) 2011 - 2014, Intel Corporation. All rights reserved.<BR>\r
This program and the accompanying materials\r
are licensed and made available under the terms and conditions of the BSD License\r
which accompanies this distribution. The full text of the license may be found at\r
};\r
\r
\r
+BOOLEAN mIsEnterSecureBootForm = FALSE;\r
+\r
//\r
// OID ASN.1 Value for Hash Algorithms\r
//\r
{ L"SHA512", 64, &mHashOidValue[40], 9, NULL, NULL, NULL, NULL }\r
};\r
\r
-\r
-// Variable Definitions \r
+//\r
+// Variable Definitions \r
+// \r
UINT32 mPeCoffHeaderOffset = 0;\r
WIN_CERTIFICATE *mCertificate = NULL;\r
IMAGE_TYPE mImageType;\r
EFI_IMAGE_SECURITY_DATA_DIRECTORY *mSecDataDir = NULL;\r
EFI_IMAGE_OPTIONAL_HEADER_PTR_UNION mNtHeader;\r
\r
+//\r
+// Possible DER-encoded certificate file suffixes, end with NULL pointer.\r
+//\r
+CHAR16* mDerEncodedSuffix[] = {\r
+ L".cer",\r
+ L".der",\r
+ L".crt",\r
+ NULL\r
+};\r
+CHAR16* mSupportX509Suffix = L"*.cer/der/crt";\r
+\r
+/**\r
+ This code checks if the FileSuffix is one of the possible DER-encoded certificate suffix.\r
+\r
+ @param[in] FileSuffix The suffix of the input certificate file\r
+\r
+ @retval TRUE It's a DER-encoded certificate.\r
+ @retval FALSE It's NOT a DER-encoded certificate.\r
+\r
+**/\r
+BOOLEAN\r
+IsDerEncodeCertificate (\r
+ IN CONST CHAR16 *FileSuffix\r
+)\r
+{\r
+ UINTN Index; \r
+ for (Index = 0; mDerEncodedSuffix[Index] != NULL; Index++) {\r
+ if (StrCmp (FileSuffix, mDerEncodedSuffix[Index]) == 0) {\r
+ return TRUE;\r
+ }\r
+ }\r
+ return FALSE;\r
+}\r
\r
/**\r
Set Secure Boot option into variable space.\r
if (Variable == NULL) {\r
return EFI_SUCCESS;\r
}\r
+ FreePool (Variable);\r
\r
Data = NULL;\r
DataSize = 0;\r
return Status;\r
}\r
\r
+/**\r
+\r
+ Set the platform secure boot mode into "Custom" or "Standard" mode.\r
+\r
+ @param[in] SecureBootMode New secure boot mode: STANDARD_SECURE_BOOT_MODE or\r
+ CUSTOM_SECURE_BOOT_MODE.\r
+ \r
+ @return EFI_SUCCESS The platform has switched to the special mode successfully.\r
+ @return other Fail to operate the secure boot mode.\r
+ \r
+**/\r
+EFI_STATUS\r
+SetSecureBootMode (\r
+ IN UINT8 SecureBootMode\r
+ )\r
+{\r
+ return gRT->SetVariable ( \r
+ EFI_CUSTOM_MODE_NAME,\r
+ &gEfiCustomModeEnableGuid,\r
+ EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS,\r
+ sizeof (UINT8),\r
+ &SecureBootMode\r
+ );\r
+}\r
+\r
/**\r
Generate the PK signature list from the X509 Certificate storing file (.cer)\r
\r
UINTN DataSize;\r
EFI_SIGNATURE_LIST *PkCert;\r
UINT16* FilePostFix;\r
+ UINTN NameLength;\r
\r
if (Private->FileContext->FileName == NULL) {\r
return EFI_INVALID_PARAMETER;\r
\r
PkCert = NULL;\r
\r
+ Status = SetSecureBootMode(CUSTOM_SECURE_BOOT_MODE);\r
+ if (EFI_ERROR (Status)) {\r
+ return Status;\r
+ }\r
+\r
//\r
- // Parse the file's postfix. Only support *.cer(X509) files.\r
+ // Parse the file's postfix. Only support DER encoded X.509 certificate files.\r
//\r
- FilePostFix = Private->FileContext->FileName + StrLen (Private->FileContext->FileName) - 4;\r
- if (CompareMem (FilePostFix, L".cer",4)) {\r
- DEBUG ((EFI_D_ERROR, "Don't support the file, only *.cer is supported."));\r
+ NameLength = StrLen (Private->FileContext->FileName);\r
+ if (NameLength <= 4) {\r
+ return EFI_INVALID_PARAMETER;\r
+ }\r
+ FilePostFix = Private->FileContext->FileName + NameLength - 4;\r
+ if (!IsDerEncodeCertificate(FilePostFix)) {\r
+ DEBUG ((EFI_D_ERROR, "Unsupported file type, only DER encoded certificate (%s) is supported.", mSupportX509Suffix));\r
return EFI_INVALID_PARAMETER;\r
}\r
DEBUG ((EFI_D_INFO, "FileName= %s\n", Private->FileContext->FileName));\r
{\r
EFI_STATUS Status;\r
\r
+ Status = SetSecureBootMode(CUSTOM_SECURE_BOOT_MODE);\r
+ if (EFI_ERROR (Status)) {\r
+ return Status;\r
+ }\r
+\r
Status = DeleteVariable (\r
EFI_PLATFORM_KEY_NAME,\r
&gEfiGlobalVariableGuid\r
) \r
{\r
UINT16* FilePostFix;\r
+ EFI_STATUS Status;\r
+ UINTN NameLength;\r
\r
if ((Private->FileContext->FileName == NULL) || (Private->SignatureGUID == NULL)) {\r
return EFI_INVALID_PARAMETER;\r
}\r
\r
+ Status = SetSecureBootMode(CUSTOM_SECURE_BOOT_MODE);\r
+ if (EFI_ERROR (Status)) {\r
+ return Status;\r
+ }\r
+\r
//\r
- // Parse the file's postfix. Supports .cer and .der file as X509 certificate, \r
+ // Parse the file's postfix. Supports DER-encoded X509 certificate, \r
// and .pbk as RSA public key file.\r
//\r
- FilePostFix = Private->FileContext->FileName + StrLen (Private->FileContext->FileName) - 4;\r
- if ((CompareMem (FilePostFix, L".cer",4) == 0) || (CompareMem (FilePostFix, L".der",4) == 0)) {\r
+ NameLength = StrLen (Private->FileContext->FileName);\r
+ if (NameLength <= 4) {\r
+ return EFI_INVALID_PARAMETER;\r
+ }\r
+ FilePostFix = Private->FileContext->FileName + NameLength - 4;\r
+ if (IsDerEncodeCertificate(FilePostFix)) {\r
return EnrollX509ToKek (Private);\r
} else if (CompareMem (FilePostFix, L".pbk",4) == 0) {\r
return EnrollRsa2048ToKek (Private);\r
) \r
{\r
UINT16* FilePostFix;\r
+ EFI_STATUS Status;\r
+ UINTN NameLength;\r
\r
if ((Private->FileContext->FileName == NULL) || (Private->FileContext->FHandle == NULL) || (Private->SignatureGUID == NULL)) {\r
return EFI_INVALID_PARAMETER;\r
}\r
\r
+ Status = SetSecureBootMode(CUSTOM_SECURE_BOOT_MODE);\r
+ if (EFI_ERROR (Status)) {\r
+ return Status;\r
+ }\r
+ \r
//\r
// Parse the file's postfix. \r
//\r
- FilePostFix = Private->FileContext->FileName + StrLen (Private->FileContext->FileName) - 4;\r
- if ((CompareMem (FilePostFix, L".cer",4) == 0) || (CompareMem (FilePostFix, L".der",4) == 0)) {\r
+ NameLength = StrLen (Private->FileContext->FileName);\r
+ if (NameLength <= 4) {\r
+ return EFI_INVALID_PARAMETER;\r
+ }\r
+ FilePostFix = Private->FileContext->FileName + NameLength - 4;\r
+ if (IsDerEncodeCertificate(FilePostFix)) {\r
//\r
- // Supports .cer and .der file as X509 certificate.\r
+ // Supports DER-encoded X509 certificate.\r
//\r
return EnrollX509toSigDB (Private, VariableName);\r
}\r
//\r
// The signature type is not supported in current implementation.\r
//\r
+ ItemDataSize -= CertList->SignatureListSize;\r
+ CertList = (EFI_SIGNATURE_LIST *) ((UINT8 *) CertList + CertList->SignatureListSize);\r
continue;\r
}\r
\r
Cert = NULL;\r
Attr = 0; \r
DeleteKekIndex = QuestionId - OPTION_DEL_KEK_QUESTION_ID;\r
+\r
+ Status = SetSecureBootMode(CUSTOM_SECURE_BOOT_MODE);\r
+ if (EFI_ERROR (Status)) {\r
+ return Status;\r
+ }\r
\r
//\r
// Get original KEK variable.\r
Cert = NULL;\r
Attr = 0; \r
\r
+ Status = SetSecureBootMode(CUSTOM_SECURE_BOOT_MODE);\r
+ if (EFI_ERROR (Status)) {\r
+ return Status;\r
+ }\r
+\r
//\r
// Get original signature list data.\r
// \r
{\r
UINT8 *SecureBootEnable;\r
UINT8 *SetupMode;\r
- UINT8 *SecureBoot;\r
UINT8 *SecureBootMode;\r
\r
SecureBootEnable = NULL;\r
SetupMode = NULL;\r
- SecureBoot = NULL;\r
SecureBootMode = NULL;\r
\r
//\r
// If the SecureBootEnable Variable doesn't exist, hide the SecureBoot Enable/Disable\r
// Checkbox.\r
//\r
+ ConfigData->AttemptSecureBoot = FALSE;\r
GetVariable2 (EFI_SECURE_BOOT_ENABLE_NAME, &gEfiSecureBootEnableDisableGuid, (VOID**)&SecureBootEnable, NULL);\r
if (SecureBootEnable == NULL) {\r
ConfigData->HideSecureBoot = TRUE;\r
} else {\r
ConfigData->HideSecureBoot = FALSE;\r
+ if ((*SecureBootEnable) == SECURE_BOOT_ENABLE) {\r
+ ConfigData->AttemptSecureBoot = TRUE;\r
+ }\r
}\r
\r
//\r
} else {\r
ConfigData->HasPk = TRUE;\r
}\r
- \r
- //\r
- // If the value of SecureBoot variable is 1, the platform is operating in secure boot mode.\r
- //\r
- GetVariable2 (EFI_SECURE_BOOT_MODE_NAME, &gEfiGlobalVariableGuid, (VOID**)&SecureBoot, NULL);\r
- if (SecureBoot != NULL && *SecureBoot == SECURE_BOOT_MODE_ENABLE) {\r
- ConfigData->SecureBootState = TRUE;\r
- } else {\r
- ConfigData->SecureBootState = FALSE;\r
- }\r
\r
//\r
// Get the SecureBootMode from CustomMode variable.\r
} else {\r
ConfigData->SecureBootMode = *(SecureBootMode);\r
}\r
- \r
+\r
+ if (SecureBootEnable != NULL) {\r
+ FreePool (SecureBootEnable);\r
+ }\r
+ if (SetupMode != NULL) {\r
+ FreePool (SetupMode);\r
+ }\r
+ if (SecureBootMode != NULL) {\r
+ FreePool (SecureBootMode);\r
+ }\r
}\r
\r
/**\r
EFI_STRING ConfigRequestHdr;\r
SECUREBOOT_CONFIG_PRIVATE_DATA *PrivateData;\r
BOOLEAN AllocatedRequest;\r
+ UINT8 *SecureBoot;\r
\r
if (Progress == NULL || Results == NULL) {\r
return EFI_INVALID_PARAMETER;\r
ConfigRequestHdr = NULL;\r
ConfigRequest = NULL;\r
Size = 0;\r
+ SecureBoot = NULL;\r
\r
ZeroMem (&Configuration, sizeof (Configuration));\r
PrivateData = SECUREBOOT_CONFIG_PRIVATE_FROM_THIS (This);\r
// Get Configuration from Variable.\r
//\r
SecureBootExtractConfigFromVariable (&Configuration);\r
+\r
+ //\r
+ // Update current secure boot state.\r
+ //\r
+ GetVariable2 (EFI_SECURE_BOOT_MODE_NAME, &gEfiGlobalVariableGuid, (VOID**)&SecureBoot, NULL);\r
+ if (SecureBoot != NULL && *SecureBoot == SECURE_BOOT_MODE_ENABLE) {\r
+ HiiSetString (PrivateData->HiiHandle, STRING_TOKEN (STR_SECURE_BOOT_STATE_CONTENT), L"Enabled", NULL);\r
+ } else {\r
+ HiiSetString (PrivateData->HiiHandle, STRING_TOKEN (STR_SECURE_BOOT_STATE_CONTENT), L"Disabled", NULL);\r
+ }\r
+ if (SecureBoot != NULL) {\r
+ FreePool (SecureBoot);\r
+ }\r
\r
BufferSize = sizeof (SECUREBOOT_CONFIGURATION);\r
ConfigRequest = Request;\r
OUT EFI_STRING *Progress\r
)\r
{\r
+ UINT8 *SecureBootEnable;\r
+ SECUREBOOT_CONFIGURATION IfrNvData;\r
+ UINTN BufferSize;\r
+ EFI_STATUS Status;\r
+ \r
if (Configuration == NULL || Progress == NULL) {\r
return EFI_INVALID_PARAMETER;\r
}\r
return EFI_NOT_FOUND;\r
}\r
\r
+ //\r
+ // Get Configuration from Variable.\r
+ //\r
+ SecureBootExtractConfigFromVariable (&IfrNvData);\r
+\r
+ //\r
+ // Map the Configuration to the configuration block.\r
+ //\r
+ BufferSize = sizeof (SECUREBOOT_CONFIGURATION);\r
+ Status = gHiiConfigRouting->ConfigToBlock (\r
+ gHiiConfigRouting,\r
+ Configuration,\r
+ (UINT8 *)&IfrNvData,\r
+ &BufferSize,\r
+ Progress\r
+ );\r
+ if (EFI_ERROR (Status)) {\r
+ return Status;\r
+ }\r
+\r
+ //\r
+ // Store Buffer Storage back to EFI variable if needed\r
+ //\r
+ SecureBootEnable = NULL;\r
+ GetVariable2 (EFI_SECURE_BOOT_ENABLE_NAME, &gEfiSecureBootEnableDisableGuid, (VOID**)&SecureBootEnable, NULL);\r
+ if (NULL != SecureBootEnable) {\r
+ FreePool (SecureBootEnable);\r
+ Status = SaveSecureBootVariable (IfrNvData.AttemptSecureBoot);\r
+ if (EFI_ERROR (Status)) {\r
+ return Status;\r
+ }\r
+ }\r
+\r
*Progress = Configuration + StrLen (Configuration);\r
return EFI_SUCCESS;\r
}\r
SECUREBOOT_CONFIGURATION *IfrNvData;\r
UINT16 LabelId;\r
UINT8 *SecureBootEnable;\r
+ UINT8 *SecureBootMode;\r
+ UINT8 *SetupMode;\r
+ CHAR16 PromptString[100];\r
\r
SecureBootEnable = NULL;\r
+ SecureBootMode = NULL;\r
+ SetupMode = NULL;\r
\r
if ((This == NULL) || (Value == NULL) || (ActionRequest == NULL)) {\r
return EFI_INVALID_PARAMETER;\r
}\r
\r
- if ((Action != EFI_BROWSER_ACTION_CHANGED) && (Action != EFI_BROWSER_ACTION_CHANGING)) {\r
+ if (Action == EFI_BROWSER_ACTION_FORM_OPEN) {\r
+ if (QuestionId == KEY_SECURE_BOOT_MODE) {\r
+ mIsEnterSecureBootForm = TRUE;\r
+ }\r
+\r
+ return EFI_SUCCESS;\r
+ }\r
+ \r
+ if (Action == EFI_BROWSER_ACTION_RETRIEVE) {\r
+ Status = EFI_UNSUPPORTED;\r
+ if (QuestionId == KEY_SECURE_BOOT_MODE) {\r
+ if (mIsEnterSecureBootForm) {\r
+ Value->u8 = SECURE_BOOT_MODE_STANDARD;\r
+ Status = EFI_SUCCESS;\r
+ }\r
+ }\r
+ return Status;\r
+ }\r
+ \r
+ if ((Action != EFI_BROWSER_ACTION_CHANGED) &&\r
+ (Action != EFI_BROWSER_ACTION_CHANGING) &&\r
+ (Action != EFI_BROWSER_ACTION_FORM_CLOSE) &&\r
+ (Action != EFI_BROWSER_ACTION_DEFAULT_STANDARD)) {\r
return EFI_UNSUPPORTED;\r
}\r
\r
\r
Status = EFI_SUCCESS;\r
\r
- HiiGetBrowserData (NULL, NULL, BufferSize, (UINT8 *) IfrNvData);\r
+ HiiGetBrowserData (&gSecureBootConfigFormSetGuid, mSecureBootStorageName, BufferSize, (UINT8 *) IfrNvData);\r
\r
if (Action == EFI_BROWSER_ACTION_CHANGING) {\r
\r
case KEY_SECURE_BOOT_ENABLE:\r
GetVariable2 (EFI_SECURE_BOOT_ENABLE_NAME, &gEfiSecureBootEnableDisableGuid, (VOID**)&SecureBootEnable, NULL);\r
if (NULL != SecureBootEnable) {\r
+ FreePool (SecureBootEnable);\r
if (EFI_ERROR (SaveSecureBootVariable (Value->u8))) {\r
CreatePopUp (\r
EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE,\r
NULL\r
);\r
Status = EFI_UNSUPPORTED;\r
+ } else {\r
+ CreatePopUp (\r
+ EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE,\r
+ &Key,\r
+ L"Configuration changed, please reset the platform to take effect!",\r
+ NULL\r
+ );\r
}\r
- *ActionRequest = EFI_BROWSER_ACTION_REQUEST_FORM_APPLY; \r
}\r
break;\r
\r
break;\r
\r
case KEY_SECURE_BOOT_DELETE_PK: \r
- if (Value->u8) {\r
+ if (Value->u8) {\r
+ CreatePopUp (\r
+ EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE,\r
+ &Key,\r
+ L"Are you sure you want to delete PK? Secure boot will be disabled!",\r
+ L"Press 'Y' to delete PK and exit, 'N' to discard change and return",\r
+ NULL\r
+ );\r
+ if (Key.UnicodeChar == 'y' || Key.UnicodeChar == 'Y') {\r
Status = DeletePlatformKey ();\r
- *ActionRequest = EFI_BROWSER_ACTION_REQUEST_FORM_APPLY;\r
+ if (EFI_ERROR (Status)) {\r
+ CreatePopUp (\r
+ EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE,\r
+ &Key,\r
+ L"Only Physical Presence User could delete PK in custom mode!",\r
+ NULL\r
+ );\r
+ }\r
}\r
+ }\r
break;\r
\r
case KEY_DELETE_KEK:\r
\r
case KEY_VALUE_SAVE_AND_EXIT_KEK:\r
Status = EnrollKeyExchangeKey (Private);\r
+ if (EFI_ERROR (Status)) {\r
+ CreatePopUp (\r
+ EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE,\r
+ &Key,\r
+ L"ERROR: Unsupported file type!",\r
+ L"Only supports DER-encoded X509 certificate",\r
+ NULL\r
+ );\r
+ }\r
break;\r
\r
case KEY_VALUE_SAVE_AND_EXIT_DB:\r
Status = EnrollSignatureDatabase (Private, EFI_IMAGE_SECURITY_DATABASE);\r
+ if (EFI_ERROR (Status)) {\r
+ CreatePopUp (\r
+ EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE,\r
+ &Key,\r
+ L"ERROR: Unsupported file type!",\r
+ L"Only supports DER-encoded X509 certificate and executable EFI image",\r
+ NULL\r
+ );\r
+ }\r
break;\r
\r
case KEY_VALUE_SAVE_AND_EXIT_DBX:\r
Status = EnrollSignatureDatabase (Private, EFI_IMAGE_SECURITY_DATABASE1);\r
+ if (EFI_ERROR (Status)) {\r
+ CreatePopUp (\r
+ EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE,\r
+ &Key,\r
+ L"ERROR: Unsupported file type!",\r
+ L"Only supports DER-encoded X509 certificate and executable EFI image",\r
+ NULL\r
+ );\r
+ }\r
break;\r
\r
default:\r
- if (QuestionId >= FILE_OPTION_OFFSET) {\r
+ if (QuestionId >= FILE_OPTION_GOTO_OFFSET) {\r
UpdateFileExplorer (Private, QuestionId);\r
} else if ((QuestionId >= OPTION_DEL_KEK_QUESTION_ID) &&\r
(QuestionId < (OPTION_DEL_KEK_QUESTION_ID + OPTION_CONFIG_RANGE))) {\r
} else if (Action == EFI_BROWSER_ACTION_CHANGED) {\r
switch (QuestionId) {\r
case KEY_SECURE_BOOT_ENABLE:\r
- *ActionRequest = EFI_BROWSER_ACTION_REQUEST_SUBMIT; \r
+ *ActionRequest = EFI_BROWSER_ACTION_REQUEST_FORM_APPLY;\r
break; \r
case KEY_VALUE_SAVE_AND_EXIT_PK:\r
Status = EnrollPlatformKey (Private);\r
if (EFI_ERROR (Status)) {\r
+ UnicodeSPrint (\r
+ PromptString,\r
+ sizeof (PromptString),\r
+ L"Only DER encoded certificate file (%s) is supported.",\r
+ mSupportX509Suffix\r
+ );\r
CreatePopUp (\r
EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE,\r
&Key,\r
- L"ERROR: Unsupported file type, only *.cer is supported!",\r
+ L"ERROR: Unsupported file type!",\r
+ PromptString,\r
NULL\r
);\r
} else {\r
- *ActionRequest = EFI_BROWSER_ACTION_REQUEST_EXIT; \r
+ *ActionRequest = EFI_BROWSER_ACTION_REQUEST_RESET; \r
} \r
break;\r
\r
break;\r
\r
case KEY_SECURE_BOOT_MODE:\r
- GetVariable2 (EFI_CUSTOM_MODE_NAME, &gEfiCustomModeEnableGuid, (VOID**)&SecureBootEnable, NULL);\r
- if (NULL != SecureBootEnable) {\r
- Status = gRT->SetVariable ( \r
- EFI_CUSTOM_MODE_NAME,\r
- &gEfiCustomModeEnableGuid,\r
- EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS,\r
- sizeof (UINT8),\r
- &Value->u8\r
- );\r
- *ActionRequest = EFI_BROWSER_ACTION_REQUEST_FORM_APPLY;\r
- IfrNvData->SecureBootMode = Value->u8;\r
- } \r
+ mIsEnterSecureBootForm = FALSE;\r
break;\r
\r
case KEY_SECURE_BOOT_KEK_GUID:\r
break;\r
\r
case KEY_SECURE_BOOT_DELETE_PK:\r
- if (Value->u8) {\r
+ GetVariable2 (EFI_SETUP_MODE_NAME, &gEfiGlobalVariableGuid, (VOID**)&SetupMode, NULL);\r
+ if (SetupMode == NULL || (*SetupMode) == SETUP_MODE) {\r
+ IfrNvData->DeletePk = TRUE;\r
+ IfrNvData->HasPk = FALSE;\r
*ActionRequest = EFI_BROWSER_ACTION_REQUEST_SUBMIT;\r
+ } else {\r
+ IfrNvData->DeletePk = FALSE;\r
+ IfrNvData->HasPk = TRUE;\r
+ *ActionRequest = EFI_BROWSER_ACTION_REQUEST_FORM_APPLY;\r
}\r
- break; \r
+ if (SetupMode != NULL) {\r
+ FreePool (SetupMode);\r
+ }\r
+ break;\r
+ default:\r
+ if (QuestionId >= FILE_OPTION_OFFSET && QuestionId < FILE_OPTION_GOTO_OFFSET) {\r
+ if (UpdateFileExplorer (Private, QuestionId)) {\r
+ *ActionRequest = EFI_BROWSER_ACTION_REQUEST_EXIT;\r
+ }\r
+ }\r
+ break;\r
+ }\r
+ } else if (Action == EFI_BROWSER_ACTION_DEFAULT_STANDARD) {\r
+ if (QuestionId == KEY_HIDE_SECURE_BOOT) {\r
+ GetVariable2 (EFI_SECURE_BOOT_ENABLE_NAME, &gEfiSecureBootEnableDisableGuid, (VOID**)&SecureBootEnable, NULL);\r
+ if (SecureBootEnable == NULL) {\r
+ IfrNvData->HideSecureBoot = TRUE;\r
+ } else {\r
+ FreePool (SecureBootEnable);\r
+ IfrNvData->HideSecureBoot = FALSE;\r
+ }\r
+ Value->b = IfrNvData->HideSecureBoot;\r
+ }\r
+ } else if (Action == EFI_BROWSER_ACTION_FORM_CLOSE) {\r
+ //\r
+ // Force the platform back to Standard Mode once user leave the setup screen.\r
+ //\r
+ GetVariable2 (EFI_CUSTOM_MODE_NAME, &gEfiCustomModeEnableGuid, (VOID**)&SecureBootMode, NULL);\r
+ if (NULL != SecureBootMode && *SecureBootMode == CUSTOM_SECURE_BOOT_MODE) {\r
+ IfrNvData->SecureBootMode = STANDARD_SECURE_BOOT_MODE;\r
+ SetSecureBootMode(STANDARD_SECURE_BOOT_MODE);\r
+ }\r
+ if (SecureBootMode != NULL) {\r
+ FreePool (SecureBootMode);\r
}\r
}\r
\r
if (!EFI_ERROR (Status)) {\r
BufferSize = sizeof (SECUREBOOT_CONFIGURATION);\r
- HiiSetBrowserData (NULL, NULL, BufferSize, (UINT8*) IfrNvData, NULL);\r
+ HiiSetBrowserData (&gSecureBootConfigFormSetGuid, mSecureBootStorageName, BufferSize, (UINT8*) IfrNvData, NULL);\r
}\r
FreePool (IfrNvData);\r
\r