]> git.proxmox.com Git - mirror_edk2.git/blob - SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.c
projects / mirror_edk2.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Update for SecurityPkg.
[mirror_edk2.git] / SecurityPkg / VariableAuthenticated / SecureBootConfigDxe / SecureBootConfigImpl.c
1 /** @file
2 HII Config Access protocol implementation of SecureBoot configuration module.
3
4 Copyright (c) 2011, Intel Corporation. All rights reserved.<BR>
5 This program and the accompanying materials
6 are licensed and made available under the terms and conditions of the BSD License
7 which accompanies this distribution. The full text of the license may be found at
8 http://opensource.org/licenses/bsd-license.php
9
10 THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
11 WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
12
13 **/
14
15 #include "SecureBootConfigImpl.h"
16
17 CHAR16 mSecureBootStorageName[] = L"SECUREBOOT_CONFIGURATION";
18
19 SECUREBOOT_CONFIG_PRIVATE_DATA mSecureBootConfigPrivateDateTemplate = {
20 SECUREBOOT_CONFIG_PRIVATE_DATA_SIGNATURE,
21 {
22 SecureBootExtractConfig,
23 SecureBootRouteConfig,
24 SecureBootCallback
25 }
26 };
27
28 HII_VENDOR_DEVICE_PATH mSecureBootHiiVendorDevicePath = {
29 {
30 {
31 HARDWARE_DEVICE_PATH,
32 HW_VENDOR_DP,
33 {
34 (UINT8) (sizeof (VENDOR_DEVICE_PATH)),
35 (UINT8) ((sizeof (VENDOR_DEVICE_PATH)) >> 8)
36 }
37 },
38 SECUREBOOT_CONFIG_FORM_SET_GUID
39 },
40 {
41 END_DEVICE_PATH_TYPE,
42 END_ENTIRE_DEVICE_PATH_SUBTYPE,
43 {
44 (UINT8) (END_DEVICE_PATH_LENGTH),
45 (UINT8) ((END_DEVICE_PATH_LENGTH) >> 8)
46 }
47 }
48 };
49
50 /**
51 Save Secure Boot option to variable space.
52
53 @param[in] VarValue The option of Secure Boot.
54
55 @retval EFI_SUCCESS The operation is finished successfully.
56 @retval Others Other errors as indicated.
57
58 **/
59 EFI_STATUS
60 SaveSecureBootVariable (
61 IN UINT8 VarValue
62 )
63 {
64 EFI_STATUS Status;
65
66 Status = gRT->SetVariable (
67 EFI_SECURE_BOOT_ENABLE_NAME,
68 &gEfiSecureBootEnableDisableGuid,
69 EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS,
70 sizeof (UINT8),
71 &VarValue
72 );
73 if (EFI_ERROR (Status)) {
74 return Status;
75 }
76 gRT->ResetSystem (EfiResetCold, EFI_SUCCESS, 0, NULL);
77 return EFI_SUCCESS;
78 }
79
80 /**
81 This function allows a caller to extract the current configuration for one
82 or more named elements from the target driver.
83
84 @param[in] This Points to the EFI_HII_CONFIG_ACCESS_PROTOCOL.
85 @param[in] Request A null-terminated Unicode string in
86 <ConfigRequest> format.
87 @param[out] Progress On return, points to a character in the Request
88 string. Points to the string's null terminator if
89 request was successful. Points to the most recent
90 '&' before the first failing name/value pair (or
91 the beginning of the string if the failure is in
92 the first name/value pair) if the request was not
93 successful.
94 @param[out] Results A null-terminated Unicode string in
95 <ConfigAltResp> format which has all values filled
96 in for the names in the Request string. String to
97 be allocated by the called function.
98
99 @retval EFI_SUCCESS The Results is filled with the requested values.
100 @retval EFI_OUT_OF_RESOURCES Not enough memory to store the results.
101 @retval EFI_INVALID_PARAMETER Request is illegal syntax, or unknown name.
102 @retval EFI_NOT_FOUND Routing data doesn't match any storage in this
103 driver.
104
105 **/
106 EFI_STATUS
107 EFIAPI
108 SecureBootExtractConfig (
109 IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This,
110 IN CONST EFI_STRING Request,
111 OUT EFI_STRING *Progress,
112 OUT EFI_STRING *Results
113 )
114 {
115 EFI_STATUS Status;
116 UINTN BufferSize;
117 UINTN Size;
118 SECUREBOOT_CONFIGURATION Configuration;
119
120 EFI_STRING ConfigRequest;
121 EFI_STRING ConfigRequestHdr;
122 UINT8 *SecureBootEnable;
123 SECUREBOOT_CONFIG_PRIVATE_DATA *PrivateData;
124 BOOLEAN AllocatedRequest;
125
126 if (Progress == NULL || Results == NULL) {
127 return EFI_INVALID_PARAMETER;
128 }
129 AllocatedRequest = FALSE;
130 ConfigRequestHdr = NULL;
131 ConfigRequest = NULL;
132 Size = 0;
133
134 ZeroMem (&Configuration, sizeof (Configuration));
135 PrivateData = SECUREBOOT_CONFIG_PRIVATE_FROM_THIS (This);
136 *Progress = Request;
137
138 if ((Request != NULL) && !HiiIsConfigHdrMatch (Request, &gSecureBootConfigFormSetGuid, mSecureBootStorageName)) {
139 return EFI_NOT_FOUND;
140 }
141
142
143 //
144 // Get the SecureBoot Variable
145 //
146 SecureBootEnable = GetVariable (EFI_SECURE_BOOT_ENABLE_NAME, &gEfiSecureBootEnableDisableGuid);
147
148 //
149 // If the SecureBoot Variable doesn't exist, hide the SecureBoot Enable/Disable
150 // Checkbox.
151 //
152 if (SecureBootEnable == NULL) {
153 Configuration.HideSecureBoot = TRUE;
154 } else {
155 Configuration.HideSecureBoot = FALSE;
156 Configuration.SecureBootState = *SecureBootEnable;
157 }
158
159 BufferSize = sizeof (SECUREBOOT_CONFIGURATION);
160 ConfigRequest = Request;
161 if ((Request == NULL) || (StrStr (Request, L"OFFSET") == NULL)) {
162 //
163 // Request is set to NULL or OFFSET is NULL, construct full request string.
164 //
165
166 //
167 // Allocate and fill a buffer large enough to hold the <ConfigHdr> template
168 // followed by "&OFFSET=0&WIDTH=WWWWWWWWWWWWWWWW" followed by a Null-terminator
169 //
170 ConfigRequestHdr = HiiConstructConfigHdr (&gSecureBootConfigFormSetGuid, mSecureBootStorageName, PrivateData->DriverHandle);
171 Size = (StrLen (ConfigRequestHdr) + 32 + 1) * sizeof (CHAR16);
172 ConfigRequest = AllocateZeroPool (Size);
173 ASSERT (ConfigRequest != NULL);
174 AllocatedRequest = TRUE;
175 UnicodeSPrint (ConfigRequest, Size, L"%s&OFFSET=0&WIDTH=%016LX", ConfigRequestHdr, (UINT64)BufferSize);
176 FreePool (ConfigRequestHdr);
177 ConfigRequestHdr = NULL;
178 }
179
180 Status = gHiiConfigRouting->BlockToConfig (
181 gHiiConfigRouting,
182 ConfigRequest,
183 (UINT8 *) &Configuration,
184 BufferSize,
185 Results,
186 Progress
187 );
188
189 //
190 // Free the allocated config request string.
191 //
192 if (AllocatedRequest) {
193 FreePool (ConfigRequest);
194 }
195
196 //
197 // Set Progress string to the original request string.
198 //
199 if (Request == NULL) {
200 *Progress = NULL;
201 } else if (StrStr (Request, L"OFFSET") == NULL) {
202 *Progress = Request + StrLen (Request);
203 }
204
205 return Status;
206 }
207
208 /**
209 This function processes the results of changes in configuration.
210
211 @param[in] This Points to the EFI_HII_CONFIG_ACCESS_PROTOCOL.
212 @param[in] Configuration A null-terminated Unicode string in <ConfigResp>
213 format.
214 @param[out] Progress A pointer to a string filled in with the offset of
215 the most recent '&' before the first failing
216 name/value pair (or the beginning of the string if
217 the failure is in the first name/value pair) or
218 the terminating NULL if all was successful.
219
220 @retval EFI_SUCCESS The Results is processed successfully.
221 @retval EFI_INVALID_PARAMETER Configuration is NULL.
222 @retval EFI_NOT_FOUND Routing data doesn't match any storage in this
223 driver.
224
225 **/
226 EFI_STATUS
227 EFIAPI
228 SecureBootRouteConfig (
229 IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This,
230 IN CONST EFI_STRING Configuration,
231 OUT EFI_STRING *Progress
232 )
233 {
234 EFI_STATUS Status;
235 UINTN BufferSize;
236 SECUREBOOT_CONFIGURATION SecureBootConfiguration;
237 UINT8 *SecureBootEnable;
238
239
240 if (Configuration == NULL || Progress == NULL) {
241 return EFI_INVALID_PARAMETER;
242 }
243
244 *Progress = Configuration;
245 if (!HiiIsConfigHdrMatch (Configuration, &gSecureBootConfigFormSetGuid, mSecureBootStorageName)) {
246 return EFI_NOT_FOUND;
247 }
248
249 //
250 // Convert <ConfigResp> to buffer data by helper function ConfigToBlock()
251 //
252 BufferSize = sizeof (SECUREBOOT_CONFIGURATION);
253 Status = gHiiConfigRouting->ConfigToBlock (
254 gHiiConfigRouting,
255 Configuration,
256 (UINT8 *) &SecureBootConfiguration,
257 &BufferSize,
258 Progress
259 );
260 if (EFI_ERROR (Status)) {
261 return Status;
262 }
263
264 SecureBootEnable = GetVariable (EFI_SECURE_BOOT_ENABLE_NAME, &gEfiSecureBootEnableDisableGuid);
265 if (SecureBootEnable == NULL) {
266 return EFI_SUCCESS;
267 }
268
269 if ((*SecureBootEnable) != SecureBootConfiguration.SecureBootState) {
270 //
271 // If the configure is changed, update the SecureBoot Variable.
272 //
273 SaveSecureBootVariable (SecureBootConfiguration.SecureBootState);
274 }
275 return EFI_SUCCESS;
276 }
277
278 /**
279 This function processes the results of changes in configuration.
280
281 @param[in] This Points to the EFI_HII_CONFIG_ACCESS_PROTOCOL.
282 @param[in] Action Specifies the type of action taken by the browser.
283 @param[in] QuestionId A unique value which is sent to the original
284 exporting driver so that it can identify the type
285 of data to expect.
286 @param[in] Type The type of value for the question.
287 @param[in] Value A pointer to the data being sent to the original
288 exporting driver.
289 @param[out] ActionRequest On return, points to the action requested by the
290 callback function.
291
292 @retval EFI_SUCCESS The callback successfully handled the action.
293 @retval EFI_OUT_OF_RESOURCES Not enough storage is available to hold the
294 variable and its data.
295 @retval EFI_DEVICE_ERROR The variable could not be saved.
296 @retval EFI_UNSUPPORTED The specified Action is not supported by the
297 callback.
298
299 **/
300 EFI_STATUS
301 EFIAPI
302 SecureBootCallback (
303 IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This,
304 IN EFI_BROWSER_ACTION Action,
305 IN EFI_QUESTION_ID QuestionId,
306 IN UINT8 Type,
307 IN EFI_IFR_TYPE_VALUE *Value,
308 OUT EFI_BROWSER_ACTION_REQUEST *ActionRequest
309 )
310 {
311 BOOLEAN SecureBootEnable;
312
313 if ((This == NULL) || (Value == NULL) || (ActionRequest == NULL)) {
314 return EFI_INVALID_PARAMETER;
315 }
316
317 if ((Action != EFI_BROWSER_ACTION_CHANGED) || (QuestionId != KEY_SECURE_BOOT_ENABLE)) {
318 return EFI_UNSUPPORTED;
319 }
320
321 if (NULL == GetVariable (EFI_SECURE_BOOT_ENABLE_NAME, &gEfiSecureBootEnableDisableGuid)) {
322 return EFI_SUCCESS;
323 }
324
325 SecureBootEnable = Value->u8;
326 SaveSecureBootVariable (Value->u8);
327 return EFI_SUCCESS;
328
329 }
330
331 /**
332 This function publish the SecureBoot configuration Form.
333
334 @param[in, out] PrivateData Points to SecureBoot configuration private data.
335
336 @retval EFI_SUCCESS HII Form is installed for this network device.
337 @retval EFI_OUT_OF_RESOURCES Not enough resource for HII Form installation.
338 @retval Others Other errors as indicated.
339
340 **/
341 EFI_STATUS
342 InstallSecureBootConfigForm (
343 IN OUT SECUREBOOT_CONFIG_PRIVATE_DATA *PrivateData
344 )
345 {
346 EFI_STATUS Status;
347 EFI_HII_HANDLE HiiHandle;
348 EFI_HANDLE DriverHandle;
349
350 EFI_HII_CONFIG_ACCESS_PROTOCOL *ConfigAccess;
351
352 DriverHandle = NULL;
353 ConfigAccess = &PrivateData->ConfigAccess;
354 Status = gBS->InstallMultipleProtocolInterfaces (
355 &DriverHandle,
356 &gEfiDevicePathProtocolGuid,
357 &mSecureBootHiiVendorDevicePath,
358 &gEfiHiiConfigAccessProtocolGuid,
359 ConfigAccess,
360 NULL
361 );
362 if (EFI_ERROR (Status)) {
363 return Status;
364 }
365
366 PrivateData->DriverHandle = DriverHandle;
367
368 //
369 // Publish the HII package list
370 //
371 HiiHandle = HiiAddPackages (
372 &gSecureBootConfigFormSetGuid,
373 DriverHandle,
374 SecureBootConfigDxeStrings,
375 SecureBootConfigBin,
376 NULL
377 );
378 if (HiiHandle == NULL) {
379 gBS->UninstallMultipleProtocolInterfaces (
380 DriverHandle,
381 &gEfiDevicePathProtocolGuid,
382 &mSecureBootHiiVendorDevicePath,
383 &gEfiHiiConfigAccessProtocolGuid,
384 ConfigAccess,
385 NULL
386 );
387
388 return EFI_OUT_OF_RESOURCES;
389 }
390
391 PrivateData->HiiHandle = HiiHandle;
392 return EFI_SUCCESS;
393 }
394
395 /**
396 This function removes SecureBoot configuration Form.
397
398 @param[in, out] PrivateData Points to SecureBoot configuration private data.
399
400 **/
401 VOID
402 UninstallSecureBootConfigForm (
403 IN OUT SECUREBOOT_CONFIG_PRIVATE_DATA *PrivateData
404 )
405 {
406 //
407 // Uninstall HII package list
408 //
409 if (PrivateData->HiiHandle != NULL) {
410 HiiRemovePackages (PrivateData->HiiHandle);
411 PrivateData->HiiHandle = NULL;
412 }
413
414 //
415 // Uninstall HII Config Access Protocol
416 //
417 if (PrivateData->DriverHandle != NULL) {
418 gBS->UninstallMultipleProtocolInterfaces (
419 PrivateData->DriverHandle,
420 &gEfiDevicePathProtocolGuid,
421 &mSecureBootHiiVendorDevicePath,
422 &gEfiHiiConfigAccessProtocolGuid,
423 &PrivateData->ConfigAccess,
424 NULL
425 );
426 PrivateData->DriverHandle = NULL;
427 }
428
429 FreePool (PrivateData);
430 }
EFI Development Kit II mirror for PVE