+/** @file\r
+ HII Config Access protocol implementation of SecureBoot configuration module.\r
+\r
+Copyright (c) 2011, Intel Corporation. All rights reserved.<BR>\r
+This program and the accompanying materials \r
+are licensed and made available under the terms and conditions of the BSD License \r
+which accompanies this distribution. The full text of the license may be found at \r
+http://opensource.org/licenses/bsd-license.php\r
+\r
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, \r
+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
+\r
+**/\r
+\r
+#include "SecureBootConfigImpl.h"\r
+\r
+CHAR16 mSecureBootStorageName[] = L"SECUREBOOT_CONFIGURATION";\r
+\r
+SECUREBOOT_CONFIG_PRIVATE_DATA mSecureBootConfigPrivateDateTemplate = {\r
+ SECUREBOOT_CONFIG_PRIVATE_DATA_SIGNATURE,\r
+ {\r
+ SecureBootExtractConfig,\r
+ SecureBootRouteConfig,\r
+ SecureBootCallback\r
+ }\r
+};\r
+\r
+HII_VENDOR_DEVICE_PATH mSecureBootHiiVendorDevicePath = {\r
+ {\r
+ {\r
+ HARDWARE_DEVICE_PATH,\r
+ HW_VENDOR_DP,\r
+ {\r
+ (UINT8) (sizeof (VENDOR_DEVICE_PATH)),\r
+ (UINT8) ((sizeof (VENDOR_DEVICE_PATH)) >> 8)\r
+ }\r
+ },\r
+ SECUREBOOT_CONFIG_FORM_SET_GUID\r
+ },\r
+ {\r
+ END_DEVICE_PATH_TYPE,\r
+ END_ENTIRE_DEVICE_PATH_SUBTYPE,\r
+ { \r
+ (UINT8) (END_DEVICE_PATH_LENGTH),\r
+ (UINT8) ((END_DEVICE_PATH_LENGTH) >> 8)\r
+ }\r
+ }\r
+};\r
+\r
+/**\r
+ Save Secure Boot option to variable space.\r
+\r
+ @param[in] VarValue The option of Secure Boot.\r
+\r
+ @retval EFI_SUCCESS The operation is finished successfully.\r
+ @retval Others Other errors as indicated.\r
+\r
+**/\r
+EFI_STATUS\r
+SaveSecureBootVariable (\r
+ IN UINT8 VarValue\r
+ )\r
+{\r
+ EFI_STATUS Status;\r
+ \r
+ Status = gRT->SetVariable (\r
+ EFI_SECURE_BOOT_ENABLE_NAME, \r
+ &gEfiSecureBootEnableDisableGuid,\r
+ EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS, \r
+ sizeof (UINT8), \r
+ &VarValue\r
+ );\r
+ if (EFI_ERROR (Status)) {\r
+ return Status;\r
+ }\r
+ gRT->ResetSystem (EfiResetCold, EFI_SUCCESS, 0, NULL);\r
+ return EFI_SUCCESS;\r
+}\r
+\r
+/**\r
+ This function allows a caller to extract the current configuration for one\r
+ or more named elements from the target driver.\r
+\r
+ @param[in] This Points to the EFI_HII_CONFIG_ACCESS_PROTOCOL.\r
+ @param[in] Request A null-terminated Unicode string in\r
+ <ConfigRequest> format.\r
+ @param[out] Progress On return, points to a character in the Request\r
+ string. Points to the string's null terminator if\r
+ request was successful. Points to the most recent\r
+ '&' before the first failing name/value pair (or\r
+ the beginning of the string if the failure is in\r
+ the first name/value pair) if the request was not\r
+ successful.\r
+ @param[out] Results A null-terminated Unicode string in\r
+ <ConfigAltResp> format which has all values filled\r
+ in for the names in the Request string. String to\r
+ be allocated by the called function.\r
+\r
+ @retval EFI_SUCCESS The Results is filled with the requested values.\r
+ @retval EFI_OUT_OF_RESOURCES Not enough memory to store the results.\r
+ @retval EFI_INVALID_PARAMETER Request is illegal syntax, or unknown name.\r
+ @retval EFI_NOT_FOUND Routing data doesn't match any storage in this\r
+ driver.\r
+\r
+**/\r
+EFI_STATUS\r
+EFIAPI\r
+SecureBootExtractConfig (\r
+ IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This,\r
+ IN CONST EFI_STRING Request,\r
+ OUT EFI_STRING *Progress,\r
+ OUT EFI_STRING *Results\r
+ )\r
+{\r
+ EFI_STATUS Status;\r
+ UINTN BufferSize;\r
+ SECUREBOOT_CONFIGURATION Configuration;\r
+ \r
+ EFI_STRING ConfigRequest;\r
+ UINT8 *SecureBootEnable;\r
+ \r
+ if (Progress == NULL || Results == NULL) {\r
+ return EFI_INVALID_PARAMETER;\r
+ }\r
+\r
+ *Progress = Request;\r
+ if ((Request != NULL) && !HiiIsConfigHdrMatch (Request, &gSecureBootConfigFormSetGuid, mSecureBootStorageName)) {\r
+ return EFI_NOT_FOUND;\r
+ }\r
+\r
+ //\r
+ // Get the SecureBoot Variable\r
+ //\r
+ SecureBootEnable = GetVariable (EFI_SECURE_BOOT_ENABLE_NAME, &gEfiSecureBootEnableDisableGuid); \r
+ \r
+ //\r
+ // If the SecureBoot Variable doesn't exist, hide the SecureBoot Enable/Disable\r
+ // Checkbox.\r
+ //\r
+ if (SecureBootEnable == NULL) {\r
+ Configuration.HideSecureBoot = TRUE;\r
+ } else {\r
+ Configuration.HideSecureBoot = FALSE;\r
+ Configuration.SecureBootState = *SecureBootEnable;\r
+ }\r
+ \r
+ BufferSize = sizeof (Configuration);\r
+ ConfigRequest = Request;\r
+\r
+ Status = gHiiConfigRouting->BlockToConfig (\r
+ gHiiConfigRouting,\r
+ ConfigRequest,\r
+ (UINT8 *) &Configuration,\r
+ BufferSize,\r
+ Results,\r
+ Progress\r
+ );\r
+ \r
+ //\r
+ // Set Progress string to the original request string.\r
+ //\r
+ if (Request == NULL) {\r
+ *Progress = NULL;\r
+ } else if (StrStr (Request, L"OFFSET") == NULL) {\r
+ *Progress = Request + StrLen (Request);\r
+ }\r
+\r
+ return Status;\r
+}\r
+\r
+/**\r
+ This function processes the results of changes in configuration.\r
+\r
+ @param[in] This Points to the EFI_HII_CONFIG_ACCESS_PROTOCOL.\r
+ @param[in] Configuration A null-terminated Unicode string in <ConfigResp>\r
+ format.\r
+ @param[out] Progress A pointer to a string filled in with the offset of\r
+ the most recent '&' before the first failing\r
+ name/value pair (or the beginning of the string if\r
+ the failure is in the first name/value pair) or\r
+ the terminating NULL if all was successful.\r
+\r
+ @retval EFI_SUCCESS The Results is processed successfully.\r
+ @retval EFI_INVALID_PARAMETER Configuration is NULL.\r
+ @retval EFI_NOT_FOUND Routing data doesn't match any storage in this\r
+ driver.\r
+\r
+**/\r
+EFI_STATUS\r
+EFIAPI\r
+SecureBootRouteConfig (\r
+ IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This,\r
+ IN CONST EFI_STRING Configuration,\r
+ OUT EFI_STRING *Progress\r
+ )\r
+{\r
+ EFI_STATUS Status;\r
+ UINTN BufferSize;\r
+ SECUREBOOT_CONFIGURATION SecureBootConfiguration;\r
+ UINT8 *SecureBootEnable;\r
+ \r
+\r
+ if (Configuration == NULL || Progress == NULL) {\r
+ return EFI_INVALID_PARAMETER;\r
+ }\r
+\r
+ *Progress = Configuration;\r
+ if (!HiiIsConfigHdrMatch (Configuration, &gSecureBootConfigFormSetGuid, mSecureBootStorageName)) {\r
+ return EFI_NOT_FOUND;\r
+ }\r
+\r
+ //\r
+ // Convert <ConfigResp> to buffer data by helper function ConfigToBlock()\r
+ //\r
+ BufferSize = sizeof (SECUREBOOT_CONFIGURATION);\r
+ Status = gHiiConfigRouting->ConfigToBlock (\r
+ gHiiConfigRouting,\r
+ Configuration,\r
+ (UINT8 *) &SecureBootConfiguration,\r
+ &BufferSize,\r
+ Progress\r
+ );\r
+ if (EFI_ERROR (Status)) {\r
+ return Status;\r
+ }\r
+\r
+ SecureBootEnable = GetVariable (EFI_SECURE_BOOT_ENABLE_NAME, &gEfiSecureBootEnableDisableGuid); \r
+ if (SecureBootEnable == NULL) {\r
+ return EFI_SUCCESS;\r
+ } \r
+ \r
+ if ((*SecureBootEnable) != SecureBootConfiguration.SecureBootState) {\r
+ //\r
+ // If the configure is changed, update the SecureBoot Variable.\r
+ //\r
+ SaveSecureBootVariable (SecureBootConfiguration.SecureBootState); \r
+ } \r
+ return EFI_SUCCESS;\r
+}\r
+\r
+/**\r
+ This function processes the results of changes in configuration.\r
+\r
+ @param[in] This Points to the EFI_HII_CONFIG_ACCESS_PROTOCOL.\r
+ @param[in] Action Specifies the type of action taken by the browser.\r
+ @param[in] QuestionId A unique value which is sent to the original\r
+ exporting driver so that it can identify the type\r
+ of data to expect.\r
+ @param[in] Type The type of value for the question.\r
+ @param[in] Value A pointer to the data being sent to the original\r
+ exporting driver.\r
+ @param[out] ActionRequest On return, points to the action requested by the\r
+ callback function.\r
+\r
+ @retval EFI_SUCCESS The callback successfully handled the action.\r
+ @retval EFI_OUT_OF_RESOURCES Not enough storage is available to hold the\r
+ variable and its data.\r
+ @retval EFI_DEVICE_ERROR The variable could not be saved.\r
+ @retval EFI_UNSUPPORTED The specified Action is not supported by the\r
+ callback.\r
+\r
+**/\r
+EFI_STATUS\r
+EFIAPI\r
+SecureBootCallback (\r
+ IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This,\r
+ IN EFI_BROWSER_ACTION Action,\r
+ IN EFI_QUESTION_ID QuestionId,\r
+ IN UINT8 Type,\r
+ IN EFI_IFR_TYPE_VALUE *Value,\r
+ OUT EFI_BROWSER_ACTION_REQUEST *ActionRequest\r
+ )\r
+{\r
+ BOOLEAN SecureBootEnable;\r
+ \r
+ if ((This == NULL) || (Value == NULL) || (ActionRequest == NULL)) {\r
+ return EFI_INVALID_PARAMETER;\r
+ }\r
+\r
+ if ((Action != EFI_BROWSER_ACTION_CHANGING) || (QuestionId != KEY_SECURE_BOOT_ENABLE)) {\r
+ return EFI_UNSUPPORTED;\r
+ }\r
+ \r
+ if (NULL == GetVariable (EFI_SECURE_BOOT_ENABLE_NAME, &gEfiSecureBootEnableDisableGuid)) {\r
+ return EFI_SUCCESS;\r
+ }\r
+ \r
+ SecureBootEnable = Value->u8;\r
+ SaveSecureBootVariable (Value->u8); \r
+ return EFI_SUCCESS;\r
+\r
+}\r
+\r
+/**\r
+ This function publish the SecureBoot configuration Form.\r
+\r
+ @param[in, out] PrivateData Points to SecureBoot configuration private data.\r
+\r
+ @retval EFI_SUCCESS HII Form is installed for this network device.\r
+ @retval EFI_OUT_OF_RESOURCES Not enough resource for HII Form installation.\r
+ @retval Others Other errors as indicated.\r
+\r
+**/\r
+EFI_STATUS\r
+InstallSecureBootConfigForm (\r
+ IN OUT SECUREBOOT_CONFIG_PRIVATE_DATA *PrivateData\r
+ )\r
+{\r
+ EFI_STATUS Status;\r
+ EFI_HII_HANDLE HiiHandle;\r
+ EFI_HANDLE DriverHandle;\r
+\r
+ EFI_HII_CONFIG_ACCESS_PROTOCOL *ConfigAccess;\r
+\r
+ DriverHandle = NULL;\r
+ ConfigAccess = &PrivateData->ConfigAccess;\r
+ Status = gBS->InstallMultipleProtocolInterfaces (\r
+ &DriverHandle,\r
+ &gEfiDevicePathProtocolGuid,\r
+ &mSecureBootHiiVendorDevicePath,\r
+ &gEfiHiiConfigAccessProtocolGuid,\r
+ ConfigAccess,\r
+ NULL\r
+ );\r
+ if (EFI_ERROR (Status)) {\r
+ return Status;\r
+ }\r
+\r
+ PrivateData->DriverHandle = DriverHandle;\r
+\r
+ //\r
+ // Publish the HII package list\r
+ //\r
+ HiiHandle = HiiAddPackages (\r
+ &gSecureBootConfigFormSetGuid,\r
+ DriverHandle,\r
+ SecureBootConfigDxeStrings,\r
+ SecureBootConfigBin,\r
+ NULL\r
+ );\r
+ if (HiiHandle == NULL) {\r
+ gBS->UninstallMultipleProtocolInterfaces (\r
+ DriverHandle,\r
+ &gEfiDevicePathProtocolGuid,\r
+ &mSecureBootHiiVendorDevicePath,\r
+ &gEfiHiiConfigAccessProtocolGuid,\r
+ ConfigAccess,\r
+ NULL\r
+ ); \r
+\r
+ return EFI_OUT_OF_RESOURCES;\r
+ }\r
+ \r
+ PrivateData->HiiHandle = HiiHandle;\r
+ return EFI_SUCCESS; \r
+}\r
+\r
+/**\r
+ This function removes SecureBoot configuration Form.\r
+\r
+ @param[in, out] PrivateData Points to SecureBoot configuration private data.\r
+\r
+**/\r
+VOID\r
+UninstallSecureBootConfigForm (\r
+ IN OUT SECUREBOOT_CONFIG_PRIVATE_DATA *PrivateData\r
+ )\r
+{\r
+ //\r
+ // Uninstall HII package list\r
+ //\r
+ if (PrivateData->HiiHandle != NULL) {\r
+ HiiRemovePackages (PrivateData->HiiHandle);\r
+ PrivateData->HiiHandle = NULL;\r
+ }\r
+\r
+ //\r
+ // Uninstall HII Config Access Protocol\r
+ //\r
+ if (PrivateData->DriverHandle != NULL) {\r
+ gBS->UninstallMultipleProtocolInterfaces (\r
+ PrivateData->DriverHandle,\r
+ &gEfiDevicePathProtocolGuid,\r
+ &mSecureBootHiiVendorDevicePath,\r
+ &gEfiHiiConfigAccessProtocolGuid,\r
+ &PrivateData->ConfigAccess,\r
+ NULL\r
+ );\r
+ PrivateData->DriverHandle = NULL;\r
+ }\r
+ \r
+ FreePool (PrivateData);\r
+}\r