/** @file\r
HII Config Access protocol implementation of SecureBoot configuration module.\r
\r
-Copyright (c) 2011 - 2013, Intel Corporation. All rights reserved.<BR>\r
+Copyright (c) 2011 - 2014, Intel Corporation. All rights reserved.<BR>\r
This program and the accompanying materials\r
are licensed and made available under the terms and conditions of the BSD License\r
which accompanies this distribution. The full text of the license may be found at\r
};\r
\r
\r
+BOOLEAN mIsEnterSecureBootForm = FALSE;\r
+\r
//\r
// OID ASN.1 Value for Hash Algorithms\r
//\r
UINTN DataSize;\r
EFI_SIGNATURE_LIST *PkCert;\r
UINT16* FilePostFix;\r
+ UINTN NameLength;\r
\r
if (Private->FileContext->FileName == NULL) {\r
return EFI_INVALID_PARAMETER;\r
//\r
// Parse the file's postfix. Only support DER encoded X.509 certificate files.\r
//\r
- FilePostFix = Private->FileContext->FileName + StrLen (Private->FileContext->FileName) - 4;\r
+ NameLength = StrLen (Private->FileContext->FileName);\r
+ if (NameLength <= 4) {\r
+ return EFI_INVALID_PARAMETER;\r
+ }\r
+ FilePostFix = Private->FileContext->FileName + NameLength - 4;\r
if (!IsDerEncodeCertificate(FilePostFix)) {\r
DEBUG ((EFI_D_ERROR, "Unsupported file type, only DER encoded certificate (%s) is supported.", mSupportX509Suffix));\r
return EFI_INVALID_PARAMETER;\r
{\r
UINT16* FilePostFix;\r
EFI_STATUS Status;\r
+ UINTN NameLength;\r
\r
if ((Private->FileContext->FileName == NULL) || (Private->SignatureGUID == NULL)) {\r
return EFI_INVALID_PARAMETER;\r
// Parse the file's postfix. Supports DER-encoded X509 certificate, \r
// and .pbk as RSA public key file.\r
//\r
- FilePostFix = Private->FileContext->FileName + StrLen (Private->FileContext->FileName) - 4;\r
+ NameLength = StrLen (Private->FileContext->FileName);\r
+ if (NameLength <= 4) {\r
+ return EFI_INVALID_PARAMETER;\r
+ }\r
+ FilePostFix = Private->FileContext->FileName + NameLength - 4;\r
if (IsDerEncodeCertificate(FilePostFix)) {\r
return EnrollX509ToKek (Private);\r
} else if (CompareMem (FilePostFix, L".pbk",4) == 0) {\r
{\r
UINT16* FilePostFix;\r
EFI_STATUS Status;\r
+ UINTN NameLength;\r
\r
if ((Private->FileContext->FileName == NULL) || (Private->FileContext->FHandle == NULL) || (Private->SignatureGUID == NULL)) {\r
return EFI_INVALID_PARAMETER;\r
//\r
// Parse the file's postfix. \r
//\r
- FilePostFix = Private->FileContext->FileName + StrLen (Private->FileContext->FileName) - 4;\r
+ NameLength = StrLen (Private->FileContext->FileName);\r
+ if (NameLength <= 4) {\r
+ return EFI_INVALID_PARAMETER;\r
+ }\r
+ FilePostFix = Private->FileContext->FileName + NameLength - 4;\r
if (IsDerEncodeCertificate(FilePostFix)) {\r
//\r
// Supports DER-encoded X509 certificate.\r
return EFI_NOT_FOUND;\r
}\r
\r
+ //\r
+ // Get Configuration from Variable.\r
+ //\r
+ SecureBootExtractConfigFromVariable (&IfrNvData);\r
+\r
+ //\r
+ // Map the Configuration to the configuration block.\r
+ //\r
BufferSize = sizeof (SECUREBOOT_CONFIGURATION);\r
Status = gHiiConfigRouting->ConfigToBlock (\r
gHiiConfigRouting,\r
return EFI_INVALID_PARAMETER;\r
}\r
\r
+ if (Action == EFI_BROWSER_ACTION_FORM_OPEN) {\r
+ if (QuestionId == KEY_SECURE_BOOT_MODE) {\r
+ mIsEnterSecureBootForm = TRUE;\r
+ }\r
+\r
+ return EFI_SUCCESS;\r
+ }\r
+ \r
+ if (Action == EFI_BROWSER_ACTION_RETRIEVE) {\r
+ Status = EFI_UNSUPPORTED;\r
+ if (QuestionId == KEY_SECURE_BOOT_MODE) {\r
+ if (mIsEnterSecureBootForm) {\r
+ Value->u8 = SECURE_BOOT_MODE_STANDARD;\r
+ Status = EFI_SUCCESS;\r
+ }\r
+ }\r
+ return Status;\r
+ }\r
+ \r
if ((Action != EFI_BROWSER_ACTION_CHANGED) &&\r
(Action != EFI_BROWSER_ACTION_CHANGING) &&\r
(Action != EFI_BROWSER_ACTION_FORM_CLOSE) &&\r
\r
Status = EFI_SUCCESS;\r
\r
- HiiGetBrowserData (NULL, NULL, BufferSize, (UINT8 *) IfrNvData);\r
+ HiiGetBrowserData (&gSecureBootConfigFormSetGuid, mSecureBootStorageName, BufferSize, (UINT8 *) IfrNvData);\r
\r
if (Action == EFI_BROWSER_ACTION_CHANGING) {\r
\r
\r
case KEY_VALUE_SAVE_AND_EXIT_KEK:\r
Status = EnrollKeyExchangeKey (Private);\r
+ if (EFI_ERROR (Status)) {\r
+ CreatePopUp (\r
+ EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE,\r
+ &Key,\r
+ L"ERROR: Unsupported file type!",\r
+ L"Only supports DER-encoded X509 certificate",\r
+ NULL\r
+ );\r
+ }\r
break;\r
\r
case KEY_VALUE_SAVE_AND_EXIT_DB:\r
Status = EnrollSignatureDatabase (Private, EFI_IMAGE_SECURITY_DATABASE);\r
+ if (EFI_ERROR (Status)) {\r
+ CreatePopUp (\r
+ EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE,\r
+ &Key,\r
+ L"ERROR: Unsupported file type!",\r
+ L"Only supports DER-encoded X509 certificate and executable EFI image",\r
+ NULL\r
+ );\r
+ }\r
break;\r
\r
case KEY_VALUE_SAVE_AND_EXIT_DBX:\r
Status = EnrollSignatureDatabase (Private, EFI_IMAGE_SECURITY_DATABASE1);\r
+ if (EFI_ERROR (Status)) {\r
+ CreatePopUp (\r
+ EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE,\r
+ &Key,\r
+ L"ERROR: Unsupported file type!",\r
+ L"Only supports DER-encoded X509 certificate and executable EFI image",\r
+ NULL\r
+ );\r
+ }\r
break;\r
\r
default:\r
- if (QuestionId >= FILE_OPTION_OFFSET) {\r
+ if (QuestionId >= FILE_OPTION_GOTO_OFFSET) {\r
UpdateFileExplorer (Private, QuestionId);\r
} else if ((QuestionId >= OPTION_DEL_KEK_QUESTION_ID) &&\r
(QuestionId < (OPTION_DEL_KEK_QUESTION_ID + OPTION_CONFIG_RANGE))) {\r
break; \r
case KEY_VALUE_SAVE_AND_EXIT_PK:\r
Status = EnrollPlatformKey (Private);\r
- UnicodeSPrint (\r
- PromptString,\r
- sizeof (PromptString),\r
- L"Only DER encoded certificate file (%s) is supported.",\r
- mSupportX509Suffix\r
- );\r
if (EFI_ERROR (Status)) {\r
+ UnicodeSPrint (\r
+ PromptString,\r
+ sizeof (PromptString),\r
+ L"Only DER encoded certificate file (%s) is supported.",\r
+ mSupportX509Suffix\r
+ );\r
CreatePopUp (\r
EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE,\r
&Key,\r
break;\r
\r
case KEY_SECURE_BOOT_MODE:\r
- GetVariable2 (EFI_CUSTOM_MODE_NAME, &gEfiCustomModeEnableGuid, (VOID**)&SecureBootMode, NULL);\r
- if (NULL != SecureBootMode) {\r
- Status = gRT->SetVariable ( \r
- EFI_CUSTOM_MODE_NAME,\r
- &gEfiCustomModeEnableGuid,\r
- EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS,\r
- sizeof (UINT8),\r
- &Value->u8\r
- );\r
- *ActionRequest = EFI_BROWSER_ACTION_REQUEST_FORM_APPLY;\r
- IfrNvData->SecureBootMode = Value->u8;\r
- FreePool (SecureBootMode);\r
- } \r
+ mIsEnterSecureBootForm = FALSE;\r
break;\r
\r
case KEY_SECURE_BOOT_KEK_GUID:\r
if (SetupMode != NULL) {\r
FreePool (SetupMode);\r
}\r
- break; \r
+ break;\r
+ default:\r
+ if (QuestionId >= FILE_OPTION_OFFSET && QuestionId < FILE_OPTION_GOTO_OFFSET) {\r
+ if (UpdateFileExplorer (Private, QuestionId)) {\r
+ *ActionRequest = EFI_BROWSER_ACTION_REQUEST_EXIT;\r
+ }\r
+ }\r
+ break;\r
}\r
} else if (Action == EFI_BROWSER_ACTION_DEFAULT_STANDARD) {\r
if (QuestionId == KEY_HIDE_SECURE_BOOT) {\r
\r
if (!EFI_ERROR (Status)) {\r
BufferSize = sizeof (SECUREBOOT_CONFIGURATION);\r
- HiiSetBrowserData (NULL, NULL, BufferSize, (UINT8*) IfrNvData, NULL);\r
+ HiiSetBrowserData (&gSecureBootConfigFormSetGuid, mSecureBootStorageName, BufferSize, (UINT8*) IfrNvData, NULL);\r
}\r
FreePool (IfrNvData);\r
\r