NetworkPkg: Convert files to CRLF line ending
[mirror_edk2.git] / NetworkPkg / TlsAuthConfigDxe / TlsAuthConfigImpl.c
index 5b4756f..81f7e7d 100644 (file)
-/** @file
-  The Miscellaneous Routines for TlsAuthConfigDxe driver.
-
-Copyright (c) 2016 - 2017, Intel Corporation. All rights reserved.<BR>
-
-This program and the accompanying materials
-are licensed and made available under the terms and conditions of the BSD License
-which accompanies this distribution.  The full text of the license may be found at
-http://opensource.org/licenses/bsd-license.php
-
-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
-
-**/
-
-#include "TlsAuthConfigImpl.h"
-
-VOID                    *mStartOpCodeHandle = NULL;
-VOID                    *mEndOpCodeHandle   = NULL;
-EFI_IFR_GUID_LABEL      *mStartLabel        = NULL;
-EFI_IFR_GUID_LABEL      *mEndLabel          = NULL;
-
-
-CHAR16                  mTlsAuthConfigStorageName[] = L"TLS_AUTH_CONFIG_IFR_NVDATA";
-
-TLS_AUTH_CONFIG_PRIVATE_DATA      *mTlsAuthPrivateData = NULL;
-
-HII_VENDOR_DEVICE_PATH  mTlsAuthConfigHiiVendorDevicePath = {
-  {
-    {
-      HARDWARE_DEVICE_PATH,
-      HW_VENDOR_DP,
-      {
-        (UINT8) (sizeof (VENDOR_DEVICE_PATH)),
-        (UINT8) ((sizeof (VENDOR_DEVICE_PATH)) >> 8)
-      }
-    },
-    TLS_AUTH_CONFIG_GUID
-  },
-  {
-    END_DEVICE_PATH_TYPE,
-    END_ENTIRE_DEVICE_PATH_SUBTYPE,
-    {
-      (UINT8) (END_DEVICE_PATH_LENGTH),
-      (UINT8) ((END_DEVICE_PATH_LENGTH) >> 8)
-    }
-  }
-};
-
-//
-// Possible DER-encoded certificate file suffixes, end with NULL pointer.
-//
-CHAR16* mDerPemEncodedSuffix[] = {
-  L".cer",
-  L".der",
-  L".crt",
-  L".pem",
-  NULL
-};
-
-/**
-  This code checks if the FileSuffix is one of the possible DER/PEM-encoded certificate suffix.
-
-  @param[in] FileSuffix            The suffix of the input certificate file
-
-  @retval    TRUE           It's a DER/PEM-encoded certificate.
-  @retval    FALSE          It's NOT a DER/PEM-encoded certificate.
-
-**/
-BOOLEAN
-IsDerPemEncodeCertificate (
-  IN CONST CHAR16         *FileSuffix
-)
-{
-  UINTN     Index;
-  for (Index = 0; mDerPemEncodedSuffix[Index] != NULL; Index++) {
-    if (StrCmp (FileSuffix, mDerPemEncodedSuffix[Index]) == 0) {
-      return TRUE;
-    }
-  }
-  return FALSE;
-}
-
-/**
-  Worker function that prints an EFI_GUID into specified Buffer.
-
-  @param[in]     Guid          Pointer to GUID to print.
-  @param[in]     Buffer        Buffer to print Guid into.
-  @param[in]     BufferSize    Size of Buffer.
-  
-  @retval    Number of characters printed.
-
-**/
-UINTN
-GuidToString (
-  IN  EFI_GUID  *Guid,
-  IN  CHAR16    *Buffer,
-  IN  UINTN     BufferSize
-  )
-{
-  return UnicodeSPrint (
-           Buffer,
-           BufferSize, 
-           L"%g",
-           Guid
-           );
-}
-
-/**
-  List all cert in specified database by GUID in the page 
-  for user to select and delete as needed.
-
-  @param[in]    PrivateData         Module's private data.
-  @param[in]    VariableName        The variable name of the vendor's signature database.
-  @param[in]    VendorGuid          A unique identifier for the vendor.
-  @param[in]    LabelNumber         Label number to insert opcodes.
-  @param[in]    FormId              Form ID of current page.
-  @param[in]    QuestionIdBase      Base question id of the signature list.
-
-  @retval   EFI_SUCCESS             Success to update the signature list page
-  @retval   EFI_OUT_OF_RESOURCES    Unable to allocate required resources.
-
-**/
-EFI_STATUS
-UpdateDeletePage (
-  IN TLS_AUTH_CONFIG_PRIVATE_DATA     *Private,
-  IN CHAR16                           *VariableName,
-  IN EFI_GUID                         *VendorGuid,
-  IN UINT16                           LabelNumber,
-  IN EFI_FORM_ID                      FormId,
-  IN EFI_QUESTION_ID                  QuestionIdBase
-  )
-{
-  EFI_STATUS                  Status;
-  UINT32                      Index;
-  UINTN                       CertCount;
-  UINTN                       GuidIndex;
-  VOID                        *StartOpCodeHandle;
-  VOID                        *EndOpCodeHandle;
-  EFI_IFR_GUID_LABEL          *StartLabel;
-  EFI_IFR_GUID_LABEL          *EndLabel;
-  UINTN                       DataSize;
-  UINT8                       *Data;
-  EFI_SIGNATURE_LIST          *CertList;
-  EFI_SIGNATURE_DATA          *Cert;
-  UINT32                      ItemDataSize;
-  CHAR16                      *GuidStr;
-  EFI_STRING_ID               GuidID;
-  EFI_STRING_ID               Help;
-
-  Data     = NULL;
-  CertList = NULL;
-  Cert     = NULL;
-  GuidStr  = NULL;
-  StartOpCodeHandle = NULL;
-  EndOpCodeHandle   = NULL;
-
-  //
-  // Initialize the container for dynamic opcodes.
-  //
-  StartOpCodeHandle = HiiAllocateOpCodeHandle ();
-  if (StartOpCodeHandle == NULL) {
-    Status = EFI_OUT_OF_RESOURCES;
-    goto ON_EXIT;
-  }
-
-  EndOpCodeHandle = HiiAllocateOpCodeHandle ();
-  if (EndOpCodeHandle == NULL) {
-    Status = EFI_OUT_OF_RESOURCES;
-    goto ON_EXIT;
-  }
-
-  //
-  // Create Hii Extend Label OpCode.
-  //
-  StartLabel = (EFI_IFR_GUID_LABEL *) HiiCreateGuidOpCode (
-                                        StartOpCodeHandle,
-                                        &gEfiIfrTianoGuid,
-                                        NULL,
-                                        sizeof (EFI_IFR_GUID_LABEL)
-                                        );
-  StartLabel->ExtendOpCode  = EFI_IFR_EXTEND_OP_LABEL;
-  StartLabel->Number        = LabelNumber;
-
-  EndLabel = (EFI_IFR_GUID_LABEL *) HiiCreateGuidOpCode (
-                                      EndOpCodeHandle,
-                                      &gEfiIfrTianoGuid,
-                                      NULL,
-                                      sizeof (EFI_IFR_GUID_LABEL)
-                                      );
-  EndLabel->ExtendOpCode  = EFI_IFR_EXTEND_OP_LABEL;
-  EndLabel->Number        = LABEL_END;
-
-  //
-  // Read Variable.
-  //
-  DataSize = 0;
-  Status = gRT->GetVariable (VariableName, VendorGuid, NULL, &DataSize, Data);
-  if (EFI_ERROR (Status) && Status != EFI_BUFFER_TOO_SMALL) {
-    goto ON_EXIT;
-  }
-
-  Data = (UINT8 *) AllocateZeroPool (DataSize);
-  if (Data == NULL) {
-    Status = EFI_OUT_OF_RESOURCES;
-    goto ON_EXIT;
-  }
-
-  Status = gRT->GetVariable (VariableName, VendorGuid, NULL, &DataSize, Data);
-  if (EFI_ERROR (Status)) {
-    goto ON_EXIT;
-  }
-
-  GuidStr = AllocateZeroPool (100);
-  if (GuidStr == NULL) {
-    Status = EFI_OUT_OF_RESOURCES;
-    goto ON_EXIT;
-  }
-
-  //
-  // Enumerate all data.
-  //
-  ItemDataSize = (UINT32) DataSize;
-  CertList = (EFI_SIGNATURE_LIST *) Data;
-  GuidIndex = 0;
-
-  while ((ItemDataSize > 0) && (ItemDataSize >= CertList->SignatureListSize)) {
-
-    if (CompareGuid (&CertList->SignatureType, &gEfiCertX509Guid)) {
-      Help = STRING_TOKEN (STR_CERT_TYPE_PCKS_GUID);
-    } else {
-      //
-      // The signature type is not supported in current implementation.
-      //
-      ItemDataSize -= CertList->SignatureListSize;
-      CertList = (EFI_SIGNATURE_LIST *) ((UINT8 *) CertList + CertList->SignatureListSize);
-      continue;
-    }
-
-    CertCount  = (CertList->SignatureListSize - sizeof (EFI_SIGNATURE_LIST) - CertList->SignatureHeaderSize) / CertList->SignatureSize;
-    for (Index = 0; Index < CertCount; Index++) {
-      Cert = (EFI_SIGNATURE_DATA *) ((UINT8 *) CertList
-                                              + sizeof (EFI_SIGNATURE_LIST)
-                                              + CertList->SignatureHeaderSize
-                                              + Index * CertList->SignatureSize);
-      //
-      // Display GUID and help
-      //
-      GuidToString (&Cert->SignatureOwner, GuidStr, 100);
-      GuidID  = HiiSetString (Private->RegisteredHandle, 0, GuidStr, NULL);
-      HiiCreateCheckBoxOpCode (
-        StartOpCodeHandle,
-        (EFI_QUESTION_ID) (QuestionIdBase + GuidIndex++),
-        0,
-        0,
-        GuidID,
-        Help,
-        EFI_IFR_FLAG_CALLBACK,
-        0,
-        NULL
-        );
-    }
-
-    ItemDataSize -= CertList->SignatureListSize;
-    CertList = (EFI_SIGNATURE_LIST *) ((UINT8 *) CertList + CertList->SignatureListSize);
-  }
-
-ON_EXIT:
-  HiiUpdateForm (
-    Private->RegisteredHandle,
-    &gTlsAuthConfigGuid,
-    FormId,
-    StartOpCodeHandle,
-    EndOpCodeHandle
-    );
-
-  if (StartOpCodeHandle != NULL) {
-    HiiFreeOpCodeHandle (StartOpCodeHandle);
-  }
-
-  if (EndOpCodeHandle != NULL) {
-    HiiFreeOpCodeHandle (EndOpCodeHandle);
-  }
-
-  if (Data != NULL) {
-    FreePool (Data);
-  }
-
-  if (GuidStr != NULL) {
-    FreePool (GuidStr);
-  }
-
-  return EFI_SUCCESS;
-}
-
-/**
-  Delete one entry from cert database.
-
-  @param[in]    PrivateData         Module's private data.
-  @param[in]    VariableName        The variable name of the database.
-  @param[in]    VendorGuid          A unique identifier for the vendor.
-  @param[in]    LabelNumber         Label number to insert opcodes.
-  @param[in]    FormId              Form ID of current page.
-  @param[in]    QuestionIdBase      Base question id of the cert list.
-  @param[in]    DeleteIndex         Cert index to delete.
-
-  @retval   EFI_SUCCESS             Delete siganture successfully.
-  @retval   EFI_NOT_FOUND           Can't find the signature item,
-  @retval   EFI_OUT_OF_RESOURCES    Could not allocate needed resources.
-**/
-EFI_STATUS
-DeleteCert (
-  IN TLS_AUTH_CONFIG_PRIVATE_DATA     *Private,
-  IN CHAR16                           *VariableName,
-  IN EFI_GUID                         *VendorGuid,
-  IN UINT16                           LabelNumber,
-  IN EFI_FORM_ID                      FormId,
-  IN EFI_QUESTION_ID                  QuestionIdBase,
-  IN UINTN                            DeleteIndex
-  )
-{
-  EFI_STATUS                  Status;
-  UINTN                       DataSize;
-  UINT8                       *Data;
-  UINT8                       *OldData;
-  UINT32                      Attr;
-  UINT32                      Index;
-  EFI_SIGNATURE_LIST          *CertList;
-  EFI_SIGNATURE_LIST          *NewCertList;
-  EFI_SIGNATURE_DATA          *Cert;
-  UINTN                       CertCount;
-  UINT32                      Offset;
-  BOOLEAN                     IsItemFound;
-  UINT32                      ItemDataSize;
-  UINTN                       GuidIndex;
-
-  Data            = NULL;
-  OldData         = NULL;
-  CertList        = NULL;
-  Cert            = NULL;
-  Attr            = 0;
-
-  //
-  // Get original signature list data.
-  //
-  DataSize = 0;
-  Status = gRT->GetVariable (VariableName, VendorGuid, NULL, &DataSize, NULL);
-  if (EFI_ERROR (Status) && Status != EFI_BUFFER_TOO_SMALL) {
-    goto ON_EXIT;
-  }
-
-  OldData = (UINT8 *) AllocateZeroPool (DataSize);
-  if (OldData == NULL) {
-    Status = EFI_OUT_OF_RESOURCES;
-    goto ON_EXIT;
-  }
-
-  Status = gRT->GetVariable (VariableName, VendorGuid, &Attr, &DataSize, OldData);
-  if (EFI_ERROR(Status)) {
-    goto ON_EXIT;
-  }
-
-  //
-  // Allocate space for new variable.
-  //
-  Data = (UINT8*) AllocateZeroPool (DataSize);
-  if (Data == NULL) {
-    Status  =  EFI_OUT_OF_RESOURCES;
-    goto ON_EXIT;
-  }
-
-  //
-  // Enumerate all data and erasing the target item.
-  //
-  IsItemFound = FALSE;
-  ItemDataSize = (UINT32) DataSize;
-  CertList = (EFI_SIGNATURE_LIST *) OldData;
-  Offset = 0;
-  GuidIndex = 0;
-  while ((ItemDataSize > 0) && (ItemDataSize >= CertList->SignatureListSize)) {
-    if (CompareGuid (&CertList->SignatureType, &gEfiCertX509Guid)) {
-      //
-      // Copy EFI_SIGNATURE_LIST header then calculate the signature count in this list.
-      //
-      CopyMem (Data + Offset, CertList, (sizeof(EFI_SIGNATURE_LIST) + CertList->SignatureHeaderSize));
-      NewCertList = (EFI_SIGNATURE_LIST*) (Data + Offset);
-      Offset += (sizeof(EFI_SIGNATURE_LIST) + CertList->SignatureHeaderSize);
-      Cert      = (EFI_SIGNATURE_DATA *) ((UINT8 *) CertList + sizeof (EFI_SIGNATURE_LIST) + CertList->SignatureHeaderSize);
-      CertCount  = (CertList->SignatureListSize - sizeof (EFI_SIGNATURE_LIST) - CertList->SignatureHeaderSize) / CertList->SignatureSize;
-      for (Index = 0; Index < CertCount; Index++) {
-        if (GuidIndex == DeleteIndex) {
-          //
-          // Find it! Skip it!
-          //
-          NewCertList->SignatureListSize -= CertList->SignatureSize;
-          IsItemFound = TRUE;
-        } else {
-          //
-          // This item doesn't match. Copy it to the Data buffer.
-          //
-          CopyMem (Data + Offset, (UINT8*)(Cert), CertList->SignatureSize);
-          Offset += CertList->SignatureSize;
-        }
-        GuidIndex++;
-        Cert = (EFI_SIGNATURE_DATA *) ((UINT8 *) Cert + CertList->SignatureSize);
-      }
-    } else {
-      //
-      // This List doesn't match. Just copy it to the Data buffer.
-      //
-      CopyMem (Data + Offset, (UINT8*)(CertList), CertList->SignatureListSize);
-      Offset += CertList->SignatureListSize;
-    }
-
-    ItemDataSize -= CertList->SignatureListSize;
-    CertList = (EFI_SIGNATURE_LIST *) ((UINT8 *) CertList + CertList->SignatureListSize);
-  }
-
-  if (!IsItemFound) {
-    //
-    // Doesn't find the signature Item!
-    //
-    Status = EFI_NOT_FOUND;
-    goto ON_EXIT;
-  }
-
-  //
-  // Delete the EFI_SIGNATURE_LIST header if there is no signature in the list.
-  //
-  ItemDataSize = Offset;
-  CertList = (EFI_SIGNATURE_LIST *) Data;
-  Offset = 0;
-  ZeroMem (OldData, ItemDataSize);
-  while ((ItemDataSize > 0) && (ItemDataSize >= CertList->SignatureListSize)) {
-    CertCount  = (CertList->SignatureListSize - sizeof (EFI_SIGNATURE_LIST) - CertList->SignatureHeaderSize) / CertList->SignatureSize;
-    DEBUG ((DEBUG_INFO, "       CertCount = %x\n", CertCount));
-    if (CertCount != 0) {
-      CopyMem (OldData + Offset, (UINT8*)(CertList), CertList->SignatureListSize);
-      Offset += CertList->SignatureListSize;
-    }
-    ItemDataSize -= CertList->SignatureListSize;
-    CertList = (EFI_SIGNATURE_LIST *) ((UINT8 *) CertList + CertList->SignatureListSize);
-  }
-
-  DataSize = Offset;
-
-  Status = gRT->SetVariable(
-                  VariableName,
-                  VendorGuid,
-                  Attr,
-                  DataSize,
-                  OldData
-                  );
-  if (EFI_ERROR (Status)) {
-    DEBUG ((DEBUG_ERROR, "Failed to set variable, Status = %r\n", Status));
-    goto ON_EXIT;
-  }
-
-ON_EXIT:
-  if (Data != NULL) {
-    FreePool(Data);
-  }
-
-  if (OldData != NULL) {
-    FreePool(OldData);
-  }
-
-  return UpdateDeletePage (
-           Private,
-           VariableName,
-           VendorGuid,
-           LabelNumber,
-           FormId,
-           QuestionIdBase
-           );
-}
-
-
-/**
-  Close an open file handle.
-
-  @param[in] FileHandle           The file handle to close.
-  
-**/
-VOID
-CloseFile (
-  IN EFI_FILE_HANDLE   FileHandle
-  )
-{
-  if (FileHandle != NULL) {
-    FileHandle->Close (FileHandle);  
-  }
-}
-
-/**
-  Read file content into BufferPtr, the size of the allocate buffer 
-  is *FileSize plus AddtionAllocateSize.
-
-  @param[in]       FileHandle            The file to be read.
-  @param[in, out]  BufferPtr             Pointers to the pointer of allocated buffer.
-  @param[out]      FileSize              Size of input file
-  @param[in]       AddtionAllocateSize   Addtion size the buffer need to be allocated. 
-                                         In case the buffer need to contain others besides the file content.
-  
-  @retval   EFI_SUCCESS                  The file was read into the buffer.
-  @retval   EFI_INVALID_PARAMETER        A parameter was invalid.
-  @retval   EFI_OUT_OF_RESOURCES         A memory allocation failed.
-  @retval   others                       Unexpected error.
-
-**/
-EFI_STATUS
-ReadFileContent (
-  IN      EFI_FILE_HANDLE           FileHandle,
-  IN OUT  VOID                      **BufferPtr,
-     OUT  UINTN                     *FileSize,
-  IN      UINTN                     AddtionAllocateSize
-  )
-
-{
-  UINTN      BufferSize;
-  UINT64     SourceFileSize;
-  VOID       *Buffer;
-  EFI_STATUS Status;
-
-  if ((FileHandle == NULL) || (FileSize == NULL)) {
-    return EFI_INVALID_PARAMETER;
-  }
-
-  Buffer = NULL;
-
-  //
-  // Get the file size
-  //
-  Status = FileHandle->SetPosition (FileHandle, (UINT64) -1);
-  if (EFI_ERROR (Status)) {
-    goto ON_EXIT;
-  }
-
-  Status = FileHandle->GetPosition (FileHandle, &SourceFileSize);
-  if (EFI_ERROR (Status)) {
-    goto ON_EXIT;
-  }
-  
-  Status = FileHandle->SetPosition (FileHandle, 0);
-  if (EFI_ERROR (Status)) {
-    goto ON_EXIT;
-  }
-
-  BufferSize = (UINTN) SourceFileSize + AddtionAllocateSize;
-  Buffer =  AllocateZeroPool(BufferSize);
-  if (Buffer == NULL) {
-    return EFI_OUT_OF_RESOURCES;
-  }
-
-  BufferSize = (UINTN) SourceFileSize;
-  *FileSize  = BufferSize;
-
-  Status = FileHandle->Read (FileHandle, &BufferSize, Buffer);
-  if (EFI_ERROR (Status) || BufferSize != *FileSize) {
-    FreePool (Buffer);
-    Buffer = NULL;
-    Status  = EFI_BAD_BUFFER_SIZE;
-    goto ON_EXIT;
-  }
-
-ON_EXIT:
-  
-  *BufferPtr = Buffer;
-  return Status;
-}
-
-/**
-  This function will open a file or directory referenced by DevicePath.
-
-  This function opens a file with the open mode according to the file path. The
-  Attributes is valid only for EFI_FILE_MODE_CREATE.
-
-  @param[in, out]  FilePath        On input, the device path to the file.
-                                   On output, the remaining device path.
-  @param[out]      FileHandle      Pointer to the file handle.
-  @param[in]       OpenMode        The mode to open the file with.
-  @param[in]       Attributes      The file's file attributes.
-
-  @retval EFI_SUCCESS              The information was set.
-  @retval EFI_INVALID_PARAMETER    One of the parameters has an invalid value.
-  @retval EFI_UNSUPPORTED          Could not open the file path.
-  @retval EFI_NOT_FOUND            The specified file could not be found on the
-                                   device or the file system could not be found on
-                                   the device.
-  @retval EFI_NO_MEDIA             The device has no medium.
-  @retval EFI_MEDIA_CHANGED        The device has a different medium in it or the
-                                   medium is no longer supported.
-  @retval EFI_DEVICE_ERROR         The device reported an error.
-  @retval EFI_VOLUME_CORRUPTED     The file system structures are corrupted.
-  @retval EFI_WRITE_PROTECTED      The file or medium is write protected.
-  @retval EFI_ACCESS_DENIED        The file was opened read only.
-  @retval EFI_OUT_OF_RESOURCES     Not enough resources were available to open the
-                                   file.
-  @retval EFI_VOLUME_FULL          The volume is full.
-**/
-EFI_STATUS
-EFIAPI
-OpenFileByDevicePath (
-  IN OUT EFI_DEVICE_PATH_PROTOCOL     **FilePath,
-  OUT EFI_FILE_HANDLE                 *FileHandle,
-  IN UINT64                           OpenMode,
-  IN UINT64                           Attributes
-  )
-{
-  EFI_STATUS                      Status;
-  EFI_SIMPLE_FILE_SYSTEM_PROTOCOL *EfiSimpleFileSystemProtocol;
-  EFI_FILE_PROTOCOL               *Handle1;
-  EFI_FILE_PROTOCOL               *Handle2;
-  EFI_HANDLE                      DeviceHandle;
-
-  if ((FilePath == NULL || FileHandle == NULL)) {
-    return EFI_INVALID_PARAMETER;
-  }
-
-  Status = gBS->LocateDevicePath (
-                  &gEfiSimpleFileSystemProtocolGuid,
-                  FilePath,
-                  &DeviceHandle
-                  );
-  if (EFI_ERROR (Status)) {
-    return Status;
-  }
-
-  Status = gBS->OpenProtocol(
-                  DeviceHandle,
-                  &gEfiSimpleFileSystemProtocolGuid,
-                  (VOID**)&EfiSimpleFileSystemProtocol,
-                  gImageHandle,
-                  NULL,
-                  EFI_OPEN_PROTOCOL_GET_PROTOCOL
-                  );
-  if (EFI_ERROR (Status)) {
-    return Status;
-  }
-
-  Status = EfiSimpleFileSystemProtocol->OpenVolume(EfiSimpleFileSystemProtocol, &Handle1);
-  if (EFI_ERROR (Status)) {
-    FileHandle = NULL;
-    return Status;
-  }
-
-  //
-  // go down directories one node at a time.
-  //
-  while (!IsDevicePathEnd (*FilePath)) {
-    //
-    // For file system access each node should be a file path component
-    //
-    if (DevicePathType    (*FilePath) != MEDIA_DEVICE_PATH ||
-        DevicePathSubType (*FilePath) != MEDIA_FILEPATH_DP
-       ) {
-      FileHandle = NULL;
-      return (EFI_INVALID_PARAMETER);
-    }
-    //
-    // Open this file path node
-    //
-    Handle2  = Handle1;
-    Handle1 = NULL;
-
-    //
-    // Try to test opening an existing file
-    //
-    Status = Handle2->Open (
-                        Handle2,
-                        &Handle1,
-                        ((FILEPATH_DEVICE_PATH*)*FilePath)->PathName,
-                        OpenMode &~EFI_FILE_MODE_CREATE,
-                        0
-                        );
-
-    //
-    // see if the error was that it needs to be created
-    //
-    if ((EFI_ERROR (Status)) && (OpenMode != (OpenMode &~EFI_FILE_MODE_CREATE))) {
-      Status = Handle2->Open (
-                          Handle2,
-                          &Handle1,
-                          ((FILEPATH_DEVICE_PATH*)*FilePath)->PathName,
-                          OpenMode,
-                          Attributes
-                          );
-    }
-    //
-    // Close the last node
-    //
-    Handle2->Close (Handle2);
-
-    if (EFI_ERROR(Status)) {
-      return (Status);
-    }
-
-    //
-    // Get the next node
-    //
-    *FilePath = NextDevicePathNode (*FilePath);
-  }
-
-  //
-  // This is a weak spot since if the undefined SHELL_FILE_HANDLE format changes this must change also!
-  //
-  *FileHandle = (VOID*)Handle1;
-  return EFI_SUCCESS;
-}
-
-/**
-  This function converts an input device structure to a Unicode string.
-
-  @param[in] DevPath                  A pointer to the device path structure.
-
-  @return A new allocated Unicode string that represents the device path.
-
-**/
-CHAR16 *
-EFIAPI
-DevicePathToStr (
-  IN EFI_DEVICE_PATH_PROTOCOL     *DevPath
-  )
-{
-  return ConvertDevicePathToText (
-           DevPath,
-           FALSE,
-           TRUE
-           );
-}
-
-
-/**
-  Extract filename from device path. The returned buffer is allocated using AllocateCopyPool.
-  The caller is responsible for freeing the allocated buffer using FreePool(). If return NULL
-  means not enough memory resource.
-
-  @param DevicePath       Device path.
-
-  @retval NULL            Not enough memory resourece for AllocateCopyPool.
-  @retval Other           A new allocated string that represents the file name.
-
-**/
-CHAR16 *
-ExtractFileNameFromDevicePath (
-  IN   EFI_DEVICE_PATH_PROTOCOL *DevicePath
-  )
-{
-  CHAR16          *String;
-  CHAR16          *MatchString;
-  CHAR16          *LastMatch;
-  CHAR16          *FileName;
-  UINTN           Length;
-
-  ASSERT(DevicePath != NULL);
-
-  String = DevicePathToStr(DevicePath);
-  MatchString = String;
-  LastMatch   = String;
-  FileName    = NULL;
-
-  while(MatchString != NULL){
-    LastMatch   = MatchString + 1;
-    MatchString = StrStr(LastMatch,L"\\");
-  }
-
-  Length = StrLen(LastMatch);
-  FileName = AllocateCopyPool ((Length + 1) * sizeof(CHAR16), LastMatch);
-  if (FileName != NULL) {
-    *(FileName + Length) = 0;
-  }
-
-  FreePool(String);
-
-  return FileName;
-}
-
-/**
-  Enroll a new X509 certificate into Variable.
-
-  @param[in] PrivateData     The module's private data.
-  @param[in] VariableName    Variable name of CA database.
-
-  @retval   EFI_SUCCESS            New X509 is enrolled successfully.
-  @retval   EFI_OUT_OF_RESOURCES   Could not allocate needed resources.
-
-**/
-EFI_STATUS
-EnrollX509toVariable (
-  IN TLS_AUTH_CONFIG_PRIVATE_DATA   *Private,
-  IN CHAR16                         *VariableName
-  )
-{
-  EFI_STATUS                        Status;
-  UINTN                             X509DataSize;
-  VOID                              *X509Data;
-  EFI_SIGNATURE_LIST                *CACert;
-  EFI_SIGNATURE_DATA                *CACertData;
-  VOID                              *Data;
-  UINTN                             DataSize;
-  UINTN                             SigDataSize;
-  UINT32                            Attr;
-
-  X509DataSize  = 0;
-  SigDataSize   = 0;
-  DataSize      = 0;
-  X509Data      = NULL;
-  CACert        = NULL;
-  CACertData    = NULL;
-  Data          = NULL;
-
-  Status = ReadFileContent (
-             Private->FileContext->FHandle,
-             &X509Data,
-             &X509DataSize,
-             0
-             );
-  if (EFI_ERROR (Status)) {
-    goto ON_EXIT;
-  }
-  ASSERT (X509Data != NULL);
-
-  SigDataSize = sizeof(EFI_SIGNATURE_LIST) + sizeof(EFI_SIGNATURE_DATA) - 1 + X509DataSize;
-
-  Data = AllocateZeroPool (SigDataSize);
-  if (Data == NULL) {
-    Status = EFI_OUT_OF_RESOURCES;
-    goto ON_EXIT;
-  }
-
-  //
-  // Fill Certificate Database parameters.
-  //
-  CACert = (EFI_SIGNATURE_LIST*) Data;
-  CACert->SignatureListSize   = (UINT32) SigDataSize;
-  CACert->SignatureHeaderSize = 0;
-  CACert->SignatureSize = (UINT32) (sizeof(EFI_SIGNATURE_DATA) - 1 + X509DataSize);
-  CopyGuid (&CACert->SignatureType, &gEfiCertX509Guid);
-
-  CACertData = (EFI_SIGNATURE_DATA*) ((UINT8* ) CACert + sizeof (EFI_SIGNATURE_LIST));
-  CopyGuid (&CACertData->SignatureOwner, Private->CertGuid);
-  CopyMem ((UINT8* ) (CACertData->SignatureData), X509Data, X509DataSize);
-
-  //
-  // Check if signature database entry has been already existed.
-  // If true, use EFI_VARIABLE_APPEND_WRITE attribute to append the
-  // new signature data to original variable
-  //
-  Attr = TLS_AUTH_CONFIG_VAR_BASE_ATTR;
-
-  Status = gRT->GetVariable(
-                  VariableName,
-                  &gEfiTlsCaCertificateGuid,
-                  NULL,
-                  &DataSize,
-                  NULL
-                  );
-  if (Status == EFI_BUFFER_TOO_SMALL) {
-    Attr |= EFI_VARIABLE_APPEND_WRITE;
-  } else if (Status != EFI_NOT_FOUND) {
-    goto ON_EXIT;
-  }
-
-  Status = gRT->SetVariable(
-                  VariableName,
-                  &gEfiTlsCaCertificateGuid,
-                  Attr,
-                  SigDataSize,
-                  Data
-                  );
-  if (EFI_ERROR (Status)) {
-    goto ON_EXIT;
-  }
-
-ON_EXIT:
-
-  CloseFile (Private->FileContext->FHandle);
-  if (Private->FileContext->FileName != NULL) {
-    FreePool(Private->FileContext->FileName);
-    Private->FileContext->FileName = NULL;
-  }
-
-  Private->FileContext->FHandle = NULL;
-
-  if (Private->CertGuid != NULL) {
-    FreePool (Private->CertGuid);
-    Private->CertGuid = NULL;
-  }
-
-  if (Data != NULL) {
-    FreePool (Data);
-  }
-
-  if (X509Data != NULL) {
-    FreePool (X509Data);
-  }
-
-  return Status;
-}
-
-/**
-  Enroll Cert into TlsCaCertificate. The GUID will be Private->CertGuid.
-
-  @param[in] PrivateData     The module's private data.
-  @param[in] VariableName    Variable name of signature database.
-
-  @retval   EFI_SUCCESS            New Cert enrolled successfully.
-  @retval   EFI_INVALID_PARAMETER  The parameter is invalid.
-  @retval   EFI_UNSUPPORTED        The Cert file is unsupported type.
-  @retval   others                 Fail to enroll Cert data.
-
-**/
-EFI_STATUS
-EnrollCertDatabase (
-  IN TLS_AUTH_CONFIG_PRIVATE_DATA  *Private,
-  IN CHAR16                        *VariableName
-  )
-{
-  UINT16*      FilePostFix;
-  UINTN        NameLength;
-
-  if ((Private->FileContext->FileName == NULL) || (Private->FileContext->FHandle == NULL) || (Private->CertGuid == NULL)) {
-    return EFI_INVALID_PARAMETER;
-  }
-
-  //
-  // Parse the file's postfix.
-  //
-  NameLength = StrLen (Private->FileContext->FileName);
-  if (NameLength <= 4) {
-    return EFI_INVALID_PARAMETER;
-  }
-  FilePostFix = Private->FileContext->FileName + NameLength - 4;
-
-  if (IsDerPemEncodeCertificate (FilePostFix)) {
-    //
-    // Supports DER-encoded X509 certificate.
-    //
-    return EnrollX509toVariable (Private, VariableName);
-  }
-
-  return EFI_UNSUPPORTED;
-}
-
-/**
-  Refresh the global UpdateData structure.
-
-**/
-VOID
-RefreshUpdateData (
-  VOID
-  )
-{
-  //
-  // Free current updated date
-  //
-  if (mStartOpCodeHandle != NULL) {
-    HiiFreeOpCodeHandle (mStartOpCodeHandle);
-  }
-
-  //
-  // Create new OpCode Handle
-  //
-  mStartOpCodeHandle = HiiAllocateOpCodeHandle ();
-
-  //
-  // Create Hii Extend Label OpCode as the start opcode
-  //
-  mStartLabel = (EFI_IFR_GUID_LABEL *) HiiCreateGuidOpCode (
-                                         mStartOpCodeHandle,
-                                         &gEfiIfrTianoGuid,
-                                         NULL,
-                                         sizeof (EFI_IFR_GUID_LABEL)
-                                         );
-  mStartLabel->ExtendOpCode = EFI_IFR_EXTEND_OP_LABEL;
-}
-
-/**
-  Clean up the dynamic opcode at label and form specified by both LabelId.
-
-  @param[in] LabelId         It is both the Form ID and Label ID for opcode deletion.
-  @param[in] PrivateData     Module private data.
-
-**/
-VOID
-CleanUpPage (
-  IN UINT16                           LabelId,
-  IN TLS_AUTH_CONFIG_PRIVATE_DATA     *PrivateData
-  )
-{
-  RefreshUpdateData ();
-
-  //
-  // Remove all op-codes from dynamic page
-  //
-  mStartLabel->Number = LabelId;
-  HiiUpdateForm (
-    PrivateData->RegisteredHandle,
-    &gTlsAuthConfigGuid,
-    LabelId,
-    mStartOpCodeHandle, // Label LabelId
-    mEndOpCodeHandle    // LABEL_END
-    );
-}
-
-/**
-  Update the form base on the selected file.
-
-  @param FilePath   Point to the file path.
-  @param FormId     The form need to display.
-
-  @retval TRUE   Exit caller function.
-  @retval FALSE  Not exit caller function.
-
-**/
-BOOLEAN
-UpdatePage(
-  IN  EFI_DEVICE_PATH_PROTOCOL  *FilePath,
-  IN  EFI_FORM_ID               FormId
-  )
-{
-  CHAR16                *FileName;
-  EFI_STRING_ID         StringToken;
-
-  FileName = NULL;
-
-  if (FilePath != NULL) {
-    FileName = ExtractFileNameFromDevicePath(FilePath);
-  }
-  if (FileName == NULL) {
-    //
-    // FileName = NULL has two case:
-    // 1. FilePath == NULL, not select file.
-    // 2. FilePath != NULL, but ExtractFileNameFromDevicePath return NULL not enough memory resource.
-    // In these two case, no need to update the form, and exit the caller function.
-    //
-    return TRUE;
-  }
-  StringToken =  HiiSetString (mTlsAuthPrivateData->RegisteredHandle, 0, FileName, NULL);
-
-  mTlsAuthPrivateData->FileContext->FileName = FileName;
-
-  OpenFileByDevicePath (
-    &FilePath,
-    &mTlsAuthPrivateData->FileContext->FHandle,
-    EFI_FILE_MODE_READ,
-    0
-    );
-  //
-  // Create Subtitle op-code for the display string of the option.
-  //
-  RefreshUpdateData ();
-  mStartLabel->Number = FormId;
-
-  HiiCreateSubTitleOpCode (
-    mStartOpCodeHandle,
-    StringToken,
-    0,
-    0,
-    0
-   );
-
-  HiiUpdateForm (
-    mTlsAuthPrivateData->RegisteredHandle,
-    &gTlsAuthConfigGuid,
-    FormId,
-    mStartOpCodeHandle, /// Label FormId
-    mEndOpCodeHandle    /// LABEL_END
-    );
-
-  return TRUE;
-}
-
-/**
-  Update the form base on the input file path info.
-
-  @param FilePath    Point to the file path.
-
-  @retval TRUE   Exit caller function.
-  @retval FALSE  Not exit caller function.
-**/
-BOOLEAN
-EFIAPI
-UpdateCAFromFile (
-  IN EFI_DEVICE_PATH_PROTOCOL    *FilePath
-  )
-{
-  return UpdatePage(FilePath, TLS_AUTH_CONFIG_FORMID4_FORM);
-}
-
-/**
-  Unload the configuration form, this includes: delete all the configuration
-  entries, uninstall the form callback protocol, and free the resources used.
-
-  @param[in]  Private             Pointer to the driver private data.
-
-  @retval EFI_SUCCESS             The configuration form is unloaded.
-  @retval Others                  Failed to unload the form.
-
-**/
-EFI_STATUS
-TlsAuthConfigFormUnload (
-  IN TLS_AUTH_CONFIG_PRIVATE_DATA     *Private
-  )
-{
-  if (Private->DriverHandle != NULL) {
-    //
-    // Uninstall EFI_HII_CONFIG_ACCESS_PROTOCOL
-    //
-    gBS->UninstallMultipleProtocolInterfaces (
-           Private->DriverHandle,
-           &gEfiDevicePathProtocolGuid,
-           &mTlsAuthConfigHiiVendorDevicePath,
-           &gEfiHiiConfigAccessProtocolGuid,
-           &Private->ConfigAccess,
-           NULL
-           );
-    Private->DriverHandle = NULL;
-  }
-
-  if (Private->RegisteredHandle != NULL) {
-    //
-    // Remove HII package list
-    //
-    HiiRemovePackages (Private->RegisteredHandle);
-    Private->RegisteredHandle = NULL;
-  }
-
-  if (Private->CertGuid != NULL) {
-    FreePool (Private->CertGuid);
-  }
-
-  if (Private->FileContext != NULL) {
-    FreePool (Private->FileContext);
-  }
-
-  FreePool (Private);
-
-  if (mStartOpCodeHandle != NULL) {
-    HiiFreeOpCodeHandle (mStartOpCodeHandle);
-  }
-
-  if (mEndOpCodeHandle != NULL) {
-    HiiFreeOpCodeHandle (mEndOpCodeHandle);
-  }
-
-  return EFI_SUCCESS;
-}
-
-
-/**
-  Initialize the configuration form.
-
-  @param[in]  Private             Pointer to the driver private data.
-
-  @retval EFI_SUCCESS             The configuration form is initialized.
-  @retval EFI_OUT_OF_RESOURCES    Failed to allocate memory.
-
-**/
-EFI_STATUS
-TlsAuthConfigFormInit (
-  IN TLS_AUTH_CONFIG_PRIVATE_DATA     *Private
-  )
-{
-  EFI_STATUS                        Status;
-
-  Private->Signature = TLS_AUTH_CONFIG_PRIVATE_DATA_SIGNATURE;
-  
-  Private->ConfigAccess.ExtractConfig = TlsAuthConfigAccessExtractConfig;
-  Private->ConfigAccess.RouteConfig   = TlsAuthConfigAccessRouteConfig;
-  Private->ConfigAccess.Callback      = TlsAuthConfigAccessCallback;
-
-  //
-  // Install Device Path Protocol and Config Access protocol to driver handle.
-  //
-  Status = gBS->InstallMultipleProtocolInterfaces (
-                  &Private->DriverHandle,
-                  &gEfiDevicePathProtocolGuid,
-                  &mTlsAuthConfigHiiVendorDevicePath,
-                  &gEfiHiiConfigAccessProtocolGuid,
-                  &Private->ConfigAccess,
-                  NULL
-                  );
-  if (EFI_ERROR (Status)) {
-    return Status;
-  }
-  
-  //
-  // Publish our HII data.
-  //
-  Private->RegisteredHandle = HiiAddPackages (
-                                &gTlsAuthConfigGuid,
-                                Private->DriverHandle,
-                                TlsAuthConfigDxeStrings,
-                                TlsAuthConfigVfrBin,
-                                NULL
-                                );
-  if (Private->RegisteredHandle == NULL) {
-    Status = EFI_OUT_OF_RESOURCES;
-    goto Error;
-  }
-
-  Private->FileContext = AllocateZeroPool (sizeof (TLS_AUTH_CONFIG_FILE_CONTEXT));
-  if (Private->FileContext == NULL) {
-    Status = EFI_OUT_OF_RESOURCES;
-    goto Error;
-  }
-
-  //
-  // Init OpCode Handle and Allocate space for creation of Buffer
-  //
-  mStartOpCodeHandle = HiiAllocateOpCodeHandle ();
-  if (mStartOpCodeHandle == NULL) {
-    Status = EFI_OUT_OF_RESOURCES;
-    goto Error;
-  }
-
-  mEndOpCodeHandle = HiiAllocateOpCodeHandle ();
-  if (mEndOpCodeHandle == NULL) {
-    Status = EFI_OUT_OF_RESOURCES;
-    goto Error;
-  }
-
-  //
-  // Create Hii Extend Label OpCode as the start opcode
-  //
-  mStartLabel = (EFI_IFR_GUID_LABEL *) HiiCreateGuidOpCode (
-                                         mStartOpCodeHandle,
-                                         &gEfiIfrTianoGuid,
-                                         NULL,
-                                         sizeof (EFI_IFR_GUID_LABEL)
-                                         );
-  mStartLabel->ExtendOpCode = EFI_IFR_EXTEND_OP_LABEL;
-
-  //
-  // Create Hii Extend Label OpCode as the end opcode
-  //
-  mEndLabel = (EFI_IFR_GUID_LABEL *) HiiCreateGuidOpCode (
-                                       mEndOpCodeHandle,
-                                       &gEfiIfrTianoGuid,
-                                       NULL,
-                                       sizeof (EFI_IFR_GUID_LABEL)
-                                       );
-  mEndLabel->ExtendOpCode = EFI_IFR_EXTEND_OP_LABEL;
-  mEndLabel->Number       = LABEL_END;
-
-  return EFI_SUCCESS;
-  
-Error:
-  TlsAuthConfigFormUnload (Private);
-  return Status;
-}
-
-/**
-   
-  This function allows the caller to request the current
-  configuration for one or more named elements. The resulting
-  string is in <ConfigAltResp> format. Any and all alternative
-  configuration strings shall also be appended to the end of the
-  current configuration string. If they are, they must appear
-  after the current configuration. They must contain the same
-  routing (GUID, NAME, PATH) as the current configuration string.
-  They must have an additional description indicating the type of
-  alternative configuration the string represents,
-  "ALTCFG=<StringToken>". That <StringToken> (when
-  converted from Hex UNICODE to binary) is a reference to a
-  string in the associated string pack.
-
-  @param This       Points to the EFI_HII_CONFIG_ACCESS_PROTOCOL.
-
-  @param Request    A null-terminated Unicode string in
-                    <ConfigRequest> format. Note that this
-                    includes the routing information as well as
-                    the configurable name / value pairs. It is
-                    invalid for this string to be in
-                    <MultiConfigRequest> format. 
-                    If a NULL is passed in for the Request field, 
-                    all of the settings being abstracted by this function 
-                    will be returned in the Results field.  In addition, 
-                    if a ConfigHdr is passed in with no request elements, 
-                    all of the settings being abstracted for that particular 
-                    ConfigHdr reference will be returned in the Results Field.
-
-  @param Progress   On return, points to a character in the
-                    Request string. Points to the string's null
-                    terminator if request was successful. Points
-                    to the most recent "&" before the first
-                    failing name / value pair (or the beginning
-                    of the string if the failure is in the first
-                    name / value pair) if the request was not
-                    successful.
-
-  @param Results    A null-terminated Unicode string in
-                    <MultiConfigAltResp> format which has all values
-                    filled in for the names in the Request string.
-                    String to be allocated by the called function.
-
-  @retval EFI_SUCCESS             The Results string is filled with the
-                                  values corresponding to all requested
-                                  names.
-
-  @retval EFI_OUT_OF_RESOURCES    Not enough memory to store the
-                                  parts of the results that must be
-                                  stored awaiting possible future
-                                  protocols.
-
-  @retval EFI_NOT_FOUND           Routing data doesn't match any
-                                  known driver. Progress set to the
-                                  first character in the routing header.
-                                  Note: There is no requirement that the
-                                  driver validate the routing data. It
-                                  must skip the <ConfigHdr> in order to
-                                  process the names.
-
-  @retval EFI_INVALID_PARAMETER   Illegal syntax. Progress set
-                                  to most recent "&" before the
-                                  error or the beginning of the
-                                  string.
-
-  @retval EFI_INVALID_PARAMETER   Unknown name. Progress points
-                                  to the & before the name in
-                                  question.
-
-**/
-EFI_STATUS
-EFIAPI
-TlsAuthConfigAccessExtractConfig (
-  IN CONST  EFI_HII_CONFIG_ACCESS_PROTOCOL  *This,
-  IN CONST  EFI_STRING                      Request,
-  OUT       EFI_STRING                      *Progress,
-  OUT       EFI_STRING                      *Results
-  )
-{
-  EFI_STATUS                        Status;
-  UINTN                             BufferSize;
-  UINTN                             Size;
-  EFI_STRING                        ConfigRequest;
-  EFI_STRING                        ConfigRequestHdr;
-  TLS_AUTH_CONFIG_PRIVATE_DATA      *Private;
-  BOOLEAN                           AllocatedRequest;
-
-  if (Progress == NULL || Results == NULL) {
-    return EFI_INVALID_PARAMETER;
-  }
-
-  AllocatedRequest = FALSE;
-  ConfigRequestHdr = NULL;
-  ConfigRequest    = NULL;
-  Size             = 0;
-
-  Private          = TLS_AUTH_CONFIG_PRIVATE_FROM_THIS (This);
-
-  BufferSize       = sizeof (TLS_AUTH_CONFIG_IFR_NVDATA);
-  ZeroMem (&Private->TlsAuthConfigNvData, BufferSize);
-  
-  *Progress        = Request;
-
-  if ((Request != NULL) && !HiiIsConfigHdrMatch (Request, &gTlsAuthConfigGuid, mTlsAuthConfigStorageName)) {
-    return EFI_NOT_FOUND;
-  }
-  
-  ConfigRequest = Request;
-  if ((Request == NULL) || (StrStr (Request, L"OFFSET") == NULL)) {
-    //
-    // Request is set to NULL or OFFSET is NULL, construct full request string.
-    //
-    // Allocate and fill a buffer large enough to hold the <ConfigHdr> template
-    // followed by "&OFFSET=0&WIDTH=WWWWWWWWWWWWWWWW" followed by a Null-terminator
-    //
-    ConfigRequestHdr = HiiConstructConfigHdr (&gTlsAuthConfigGuid, mTlsAuthConfigStorageName, Private->DriverHandle);
-    Size = (StrLen (ConfigRequestHdr) + 32 + 1) * sizeof (CHAR16);
-    ConfigRequest = AllocateZeroPool (Size);
-    ASSERT (ConfigRequest != NULL);
-    AllocatedRequest = TRUE;
-    UnicodeSPrint (ConfigRequest, Size, L"%s&OFFSET=0&WIDTH=%016LX", ConfigRequestHdr, (UINT64)BufferSize);
-    FreePool (ConfigRequestHdr);
-    ConfigRequestHdr = NULL;
-  }
-
-  Status = gHiiConfigRouting->BlockToConfig (
-                                gHiiConfigRouting,
-                                ConfigRequest,
-                                (UINT8 *) &Private->TlsAuthConfigNvData,
-                                BufferSize,
-                                Results,
-                                Progress
-                                );
-
-  //
-  // Free the allocated config request string.
-  //
-  if (AllocatedRequest) {
-    FreePool (ConfigRequest);
-  }
-
-  //
-  // Set Progress string to the original request string.
-  //
-  if (Request == NULL) {
-    *Progress = NULL;
-  } else if (StrStr (Request, L"OFFSET") == NULL) {
-    *Progress = Request + StrLen (Request);
-  }
-
-  return Status;
-}
-
-/**
-   
-  This function applies changes in a driver's configuration.
-  Input is a Configuration, which has the routing data for this
-  driver followed by name / value configuration pairs. The driver
-  must apply those pairs to its configurable storage. If the
-  driver's configuration is stored in a linear block of data
-  and the driver's name / value pairs are in <BlockConfig>
-  format, it may use the ConfigToBlock helper function (above) to
-  simplify the job.
-
-  @param This           Points to the EFI_HII_CONFIG_ACCESS_PROTOCOL.
-
-  @param Configuration  A null-terminated Unicode string in
-                        <ConfigString> format. 
-  
-  @param Progress       A pointer to a string filled in with the
-                        offset of the most recent '&' before the
-                        first failing name / value pair (or the
-                        beginn ing of the string if the failure
-                        is in the first name / value pair) or
-                        the terminating NULL if all was
-                        successful.
-
-  @retval EFI_SUCCESS             The results have been distributed or are
-                                  awaiting distribution.
-  
-  @retval EFI_OUT_OF_RESOURCES    Not enough memory to store the
-                                  parts of the results that must be
-                                  stored awaiting possible future
-                                  protocols.
-  
-  @retval EFI_INVALID_PARAMETERS  Passing in a NULL for the
-                                  Results parameter would result
-                                  in this type of error.
-  
-  @retval EFI_NOT_FOUND           Target for the specified routing data
-                                  was not found
-
-**/
-EFI_STATUS
-EFIAPI
-TlsAuthConfigAccessRouteConfig (
-  IN CONST  EFI_HII_CONFIG_ACCESS_PROTOCOL  *This,
-  IN CONST  EFI_STRING                      Configuration,
-  OUT       EFI_STRING                      *Progress
-  )
-{
-  EFI_STATUS                       Status;
-  UINTN                            BufferSize;
-  TLS_AUTH_CONFIG_PRIVATE_DATA     *Private;
-
-  if (Progress == NULL) {
-    return EFI_INVALID_PARAMETER;
-  }
-  *Progress = Configuration;
-
-  if (Configuration == NULL) {
-    return EFI_INVALID_PARAMETER;
-  }
-
-  //
-  // Check routing data in <ConfigHdr>.
-  // Note: there is no name for Name/Value storage, only GUID will be checked
-  //
-  if (!HiiIsConfigHdrMatch (Configuration, &gTlsAuthConfigGuid, mTlsAuthConfigStorageName)) {
-    return EFI_NOT_FOUND;
-  }
-
-  Private = TLS_AUTH_CONFIG_PRIVATE_FROM_THIS (This);
-  
-  BufferSize = sizeof (TLS_AUTH_CONFIG_IFR_NVDATA);
-  ZeroMem (&Private->TlsAuthConfigNvData, BufferSize);
-
-  Status = gHiiConfigRouting->ConfigToBlock (
-                                gHiiConfigRouting,
-                                Configuration,
-                                (UINT8 *) &Private->TlsAuthConfigNvData,
-                                &BufferSize,
-                                Progress
-                                );
-  if (EFI_ERROR (Status)) {
-    return Status;
-  }
-
-  return Status;
-}  
-
-/**
-   
-  This function is called to provide results data to the driver.
-  This data consists of a unique key that is used to identify
-  which data is either being passed back or being asked for.
-
-  @param  This                   Points to the EFI_HII_CONFIG_ACCESS_PROTOCOL.
-  @param  Action                 Specifies the type of action taken by the browser.
-  @param  QuestionId             A unique value which is sent to the original
-                                 exporting driver so that it can identify the type
-                                 of data to expect. The format of the data tends to 
-                                 vary based on the opcode that generated the callback.
-  @param  Type                   The type of value for the question.
-  @param  Value                  A pointer to the data being sent to the original
-                                 exporting driver.
-  @param  ActionRequest          On return, points to the action requested by the
-                                 callback function.
-
-  @retval EFI_SUCCESS            The callback successfully handled the action.
-  @retval EFI_OUT_OF_RESOURCES   Not enough storage is available to hold the
-                                 variable and its data.
-  @retval EFI_DEVICE_ERROR       The variable could not be saved.
-  @retval EFI_UNSUPPORTED        The specified Action is not supported by the
-                                 callback.
-**/
-EFI_STATUS
-EFIAPI
-TlsAuthConfigAccessCallback (
-  IN     CONST EFI_HII_CONFIG_ACCESS_PROTOCOL   *This,
-  IN     EFI_BROWSER_ACTION                     Action,
-  IN     EFI_QUESTION_ID                        QuestionId,
-  IN     UINT8                                  Type,
-  IN OUT EFI_IFR_TYPE_VALUE                     *Value,
-  OUT    EFI_BROWSER_ACTION_REQUEST             *ActionRequest
-  )
-{
-  EFI_INPUT_KEY                   Key;
-  EFI_STATUS                      Status;
-  RETURN_STATUS                   RStatus;
-  TLS_AUTH_CONFIG_PRIVATE_DATA    *Private;
-  UINTN                           BufferSize;
-  TLS_AUTH_CONFIG_IFR_NVDATA      *IfrNvData;
-  UINT16                          LabelId;
-  EFI_DEVICE_PATH_PROTOCOL        *File;
-
-  Status           = EFI_SUCCESS;
-  File             = NULL;
-
-  if ((This == NULL) || (Value == NULL) || (ActionRequest == NULL)) {
-    return EFI_INVALID_PARAMETER;
-  }
-  
-  Private = TLS_AUTH_CONFIG_PRIVATE_FROM_THIS (This);
-
-  mTlsAuthPrivateData = Private;
-
-  //
-  // Retrieve uncommitted data from Browser
-  //
-  BufferSize = sizeof (TLS_AUTH_CONFIG_IFR_NVDATA);
-  IfrNvData = AllocateZeroPool (BufferSize);
-  if (IfrNvData == NULL) {
-    return EFI_OUT_OF_RESOURCES;
-  }
-
-  HiiGetBrowserData (&gTlsAuthConfigGuid, mTlsAuthConfigStorageName, BufferSize, (UINT8 *) IfrNvData);
-
-  if ((Action != EFI_BROWSER_ACTION_CHANGED) &&
-      (Action != EFI_BROWSER_ACTION_CHANGING)) {
-    Status = EFI_UNSUPPORTED;
-    goto EXIT;
-  }
-
-  if (Action == EFI_BROWSER_ACTION_CHANGING) {
-    switch (QuestionId) {
-    case KEY_TLS_AUTH_CONFIG_CLIENT_CERT:
-    case KEY_TLS_AUTH_CONFIG_SERVER_CA:
-      //
-      // Clear Cert GUID.
-      //
-      ZeroMem (IfrNvData->CertGuid, sizeof (IfrNvData->CertGuid));
-      if (Private->CertGuid == NULL) {
-        Private->CertGuid = (EFI_GUID *) AllocateZeroPool (sizeof (EFI_GUID));
-        if (Private->CertGuid == NULL) {
-          return EFI_OUT_OF_RESOURCES;
-        }
-      }
-      if (QuestionId == KEY_TLS_AUTH_CONFIG_CLIENT_CERT) {
-        LabelId = TLS_AUTH_CONFIG_FORMID3_FORM;
-      } else {
-        LabelId = TLS_AUTH_CONFIG_FORMID4_FORM;
-      }
-
-      //
-      // Refresh selected file.
-      //
-      CleanUpPage (LabelId, Private);
-      break;
-    case KEY_TLS_AUTH_CONFIG_ENROLL_CERT_FROM_FILE:
-      ChooseFile( NULL, NULL, UpdateCAFromFile, &File);
-      break;
-
-    case KEY_TLS_AUTH_CONFIG_VALUE_SAVE_AND_EXIT:
-      Status = EnrollCertDatabase (Private, EFI_TLS_CA_CERTIFICATE_VARIABLE);
-      if (EFI_ERROR (Status)) {
-        CreatePopUp (
-          EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE,
-          &Key,
-          L"ERROR: Enroll Cert Failure!",
-          NULL
-          );
-      }
-      break;
-
-    case KEY_TLS_AUTH_CONFIG_VALUE_NO_SAVE_AND_EXIT:
-      if (Private->FileContext->FHandle != NULL) {
-        CloseFile (Private->FileContext->FHandle);
-        Private->FileContext->FHandle = NULL;
-        if (Private->FileContext->FileName!= NULL){
-          FreePool(Private->FileContext->FileName);
-          Private->FileContext->FileName = NULL;
-        }
-      }
-
-      if (Private->CertGuid!= NULL) {
-        FreePool (Private->CertGuid);
-        Private->CertGuid = NULL;
-      }
-      break;
-
-    case KEY_TLS_AUTH_CONFIG_DELETE_CERT:
-      UpdateDeletePage (
-        Private,
-        EFI_TLS_CA_CERTIFICATE_VARIABLE,
-        &gEfiTlsCaCertificateGuid,
-        LABEL_CA_DELETE,
-        TLS_AUTH_CONFIG_FORMID5_FORM,
-        OPTION_DEL_CA_ESTION_ID
-        );
-       break;
-      
-    default:
-      if ((QuestionId >= OPTION_DEL_CA_ESTION_ID) &&
-                 (QuestionId < (OPTION_DEL_CA_ESTION_ID + OPTION_CONFIG_RANGE)))  {
-        DeleteCert (
-          Private,
-          EFI_TLS_CA_CERTIFICATE_VARIABLE,
-          &gEfiTlsCaCertificateGuid,
-          LABEL_CA_DELETE,
-          TLS_AUTH_CONFIG_FORMID5_FORM,
-          OPTION_DEL_CA_ESTION_ID,
-          QuestionId - OPTION_DEL_CA_ESTION_ID
-          );
-      }
-      break;
-    }
-  } else if (Action == EFI_BROWSER_ACTION_CHANGED) {
-    switch (QuestionId) {
-    case KEY_TLS_AUTH_CONFIG_CERT_GUID:
-      ASSERT (Private->CertGuid != NULL);
-      RStatus = StrToGuid (
-                  IfrNvData->CertGuid,
-                  Private->CertGuid
-                  );
-      if (RETURN_ERROR (RStatus) || (IfrNvData->CertGuid[GUID_STRING_LENGTH] != L'\0')) {
-        Status = EFI_INVALID_PARAMETER;
-        break;
-      }
-
-      *ActionRequest = EFI_BROWSER_ACTION_REQUEST_FORM_APPLY;
-      break;
-    default:
-      break;
-    }
-  }
-  
-EXIT:
-
-  if (!EFI_ERROR (Status)) {
-    BufferSize = sizeof (TLS_AUTH_CONFIG_IFR_NVDATA);
-    HiiSetBrowserData (&gTlsAuthConfigGuid, mTlsAuthConfigStorageName, BufferSize, (UINT8*) IfrNvData, NULL);
-  }
-
-  FreePool (IfrNvData);
-
-  if (File != NULL){
-    FreePool(File);
-    File = NULL;
-  }
-
-  return EFI_SUCCESS;
-
-}
+/** @file\r
+  The Miscellaneous Routines for TlsAuthConfigDxe driver.\r
+\r
+Copyright (c) 2016 - 2017, Intel Corporation. All rights reserved.<BR>\r
+\r
+This program and the accompanying materials\r
+are licensed and made available under the terms and conditions of the BSD License\r
+which accompanies this distribution.  The full text of the license may be found at\r
+http://opensource.org/licenses/bsd-license.php\r
+\r
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,\r
+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
+\r
+**/\r
+\r
+#include "TlsAuthConfigImpl.h"\r
+\r
+VOID                    *mStartOpCodeHandle = NULL;\r
+VOID                    *mEndOpCodeHandle   = NULL;\r
+EFI_IFR_GUID_LABEL      *mStartLabel        = NULL;\r
+EFI_IFR_GUID_LABEL      *mEndLabel          = NULL;\r
+\r
+\r
+CHAR16                  mTlsAuthConfigStorageName[] = L"TLS_AUTH_CONFIG_IFR_NVDATA";\r
+\r
+TLS_AUTH_CONFIG_PRIVATE_DATA      *mTlsAuthPrivateData = NULL;\r
+\r
+HII_VENDOR_DEVICE_PATH  mTlsAuthConfigHiiVendorDevicePath = {\r
+  {\r
+    {\r
+      HARDWARE_DEVICE_PATH,\r
+      HW_VENDOR_DP,\r
+      {\r
+        (UINT8) (sizeof (VENDOR_DEVICE_PATH)),\r
+        (UINT8) ((sizeof (VENDOR_DEVICE_PATH)) >> 8)\r
+      }\r
+    },\r
+    TLS_AUTH_CONFIG_GUID\r
+  },\r
+  {\r
+    END_DEVICE_PATH_TYPE,\r
+    END_ENTIRE_DEVICE_PATH_SUBTYPE,\r
+    {\r
+      (UINT8) (END_DEVICE_PATH_LENGTH),\r
+      (UINT8) ((END_DEVICE_PATH_LENGTH) >> 8)\r
+    }\r
+  }\r
+};\r
+\r
+//\r
+// Possible DER-encoded certificate file suffixes, end with NULL pointer.\r
+//\r
+CHAR16* mDerPemEncodedSuffix[] = {\r
+  L".cer",\r
+  L".der",\r
+  L".crt",\r
+  L".pem",\r
+  NULL\r
+};\r
+\r
+/**\r
+  This code checks if the FileSuffix is one of the possible DER/PEM-encoded certificate suffix.\r
+\r
+  @param[in] FileSuffix            The suffix of the input certificate file\r
+\r
+  @retval    TRUE           It's a DER/PEM-encoded certificate.\r
+  @retval    FALSE          It's NOT a DER/PEM-encoded certificate.\r
+\r
+**/\r
+BOOLEAN\r
+IsDerPemEncodeCertificate (\r
+  IN CONST CHAR16         *FileSuffix\r
+)\r
+{\r
+  UINTN     Index;\r
+  for (Index = 0; mDerPemEncodedSuffix[Index] != NULL; Index++) {\r
+    if (StrCmp (FileSuffix, mDerPemEncodedSuffix[Index]) == 0) {\r
+      return TRUE;\r
+    }\r
+  }\r
+  return FALSE;\r
+}\r
+\r
+/**\r
+  Worker function that prints an EFI_GUID into specified Buffer.\r
+\r
+  @param[in]     Guid          Pointer to GUID to print.\r
+  @param[in]     Buffer        Buffer to print Guid into.\r
+  @param[in]     BufferSize    Size of Buffer.\r
+\r
+  @retval    Number of characters printed.\r
+\r
+**/\r
+UINTN\r
+GuidToString (\r
+  IN  EFI_GUID  *Guid,\r
+  IN  CHAR16    *Buffer,\r
+  IN  UINTN     BufferSize\r
+  )\r
+{\r
+  return UnicodeSPrint (\r
+           Buffer,\r
+           BufferSize,\r
+           L"%g",\r
+           Guid\r
+           );\r
+}\r
+\r
+/**\r
+  List all cert in specified database by GUID in the page\r
+  for user to select and delete as needed.\r
+\r
+  @param[in]    PrivateData         Module's private data.\r
+  @param[in]    VariableName        The variable name of the vendor's signature database.\r
+  @param[in]    VendorGuid          A unique identifier for the vendor.\r
+  @param[in]    LabelNumber         Label number to insert opcodes.\r
+  @param[in]    FormId              Form ID of current page.\r
+  @param[in]    QuestionIdBase      Base question id of the signature list.\r
+\r
+  @retval   EFI_SUCCESS             Success to update the signature list page\r
+  @retval   EFI_OUT_OF_RESOURCES    Unable to allocate required resources.\r
+\r
+**/\r
+EFI_STATUS\r
+UpdateDeletePage (\r
+  IN TLS_AUTH_CONFIG_PRIVATE_DATA     *Private,\r
+  IN CHAR16                           *VariableName,\r
+  IN EFI_GUID                         *VendorGuid,\r
+  IN UINT16                           LabelNumber,\r
+  IN EFI_FORM_ID                      FormId,\r
+  IN EFI_QUESTION_ID                  QuestionIdBase\r
+  )\r
+{\r
+  EFI_STATUS                  Status;\r
+  UINT32                      Index;\r
+  UINTN                       CertCount;\r
+  UINTN                       GuidIndex;\r
+  VOID                        *StartOpCodeHandle;\r
+  VOID                        *EndOpCodeHandle;\r
+  EFI_IFR_GUID_LABEL          *StartLabel;\r
+  EFI_IFR_GUID_LABEL          *EndLabel;\r
+  UINTN                       DataSize;\r
+  UINT8                       *Data;\r
+  EFI_SIGNATURE_LIST          *CertList;\r
+  EFI_SIGNATURE_DATA          *Cert;\r
+  UINT32                      ItemDataSize;\r
+  CHAR16                      *GuidStr;\r
+  EFI_STRING_ID               GuidID;\r
+  EFI_STRING_ID               Help;\r
+\r
+  Data     = NULL;\r
+  CertList = NULL;\r
+  Cert     = NULL;\r
+  GuidStr  = NULL;\r
+  StartOpCodeHandle = NULL;\r
+  EndOpCodeHandle   = NULL;\r
+\r
+  //\r
+  // Initialize the container for dynamic opcodes.\r
+  //\r
+  StartOpCodeHandle = HiiAllocateOpCodeHandle ();\r
+  if (StartOpCodeHandle == NULL) {\r
+    Status = EFI_OUT_OF_RESOURCES;\r
+    goto ON_EXIT;\r
+  }\r
+\r
+  EndOpCodeHandle = HiiAllocateOpCodeHandle ();\r
+  if (EndOpCodeHandle == NULL) {\r
+    Status = EFI_OUT_OF_RESOURCES;\r
+    goto ON_EXIT;\r
+  }\r
+\r
+  //\r
+  // Create Hii Extend Label OpCode.\r
+  //\r
+  StartLabel = (EFI_IFR_GUID_LABEL *) HiiCreateGuidOpCode (\r
+                                        StartOpCodeHandle,\r
+                                        &gEfiIfrTianoGuid,\r
+                                        NULL,\r
+                                        sizeof (EFI_IFR_GUID_LABEL)\r
+                                        );\r
+  StartLabel->ExtendOpCode  = EFI_IFR_EXTEND_OP_LABEL;\r
+  StartLabel->Number        = LabelNumber;\r
+\r
+  EndLabel = (EFI_IFR_GUID_LABEL *) HiiCreateGuidOpCode (\r
+                                      EndOpCodeHandle,\r
+                                      &gEfiIfrTianoGuid,\r
+                                      NULL,\r
+                                      sizeof (EFI_IFR_GUID_LABEL)\r
+                                      );\r
+  EndLabel->ExtendOpCode  = EFI_IFR_EXTEND_OP_LABEL;\r
+  EndLabel->Number        = LABEL_END;\r
+\r
+  //\r
+  // Read Variable.\r
+  //\r
+  DataSize = 0;\r
+  Status = gRT->GetVariable (VariableName, VendorGuid, NULL, &DataSize, Data);\r
+  if (EFI_ERROR (Status) && Status != EFI_BUFFER_TOO_SMALL) {\r
+    goto ON_EXIT;\r
+  }\r
+\r
+  Data = (UINT8 *) AllocateZeroPool (DataSize);\r
+  if (Data == NULL) {\r
+    Status = EFI_OUT_OF_RESOURCES;\r
+    goto ON_EXIT;\r
+  }\r
+\r
+  Status = gRT->GetVariable (VariableName, VendorGuid, NULL, &DataSize, Data);\r
+  if (EFI_ERROR (Status)) {\r
+    goto ON_EXIT;\r
+  }\r
+\r
+  GuidStr = AllocateZeroPool (100);\r
+  if (GuidStr == NULL) {\r
+    Status = EFI_OUT_OF_RESOURCES;\r
+    goto ON_EXIT;\r
+  }\r
+\r
+  //\r
+  // Enumerate all data.\r
+  //\r
+  ItemDataSize = (UINT32) DataSize;\r
+  CertList = (EFI_SIGNATURE_LIST *) Data;\r
+  GuidIndex = 0;\r
+\r
+  while ((ItemDataSize > 0) && (ItemDataSize >= CertList->SignatureListSize)) {\r
+\r
+    if (CompareGuid (&CertList->SignatureType, &gEfiCertX509Guid)) {\r
+      Help = STRING_TOKEN (STR_CERT_TYPE_PCKS_GUID);\r
+    } else {\r
+      //\r
+      // The signature type is not supported in current implementation.\r
+      //\r
+      ItemDataSize -= CertList->SignatureListSize;\r
+      CertList = (EFI_SIGNATURE_LIST *) ((UINT8 *) CertList + CertList->SignatureListSize);\r
+      continue;\r
+    }\r
+\r
+    CertCount  = (CertList->SignatureListSize - sizeof (EFI_SIGNATURE_LIST) - CertList->SignatureHeaderSize) / CertList->SignatureSize;\r
+    for (Index = 0; Index < CertCount; Index++) {\r
+      Cert = (EFI_SIGNATURE_DATA *) ((UINT8 *) CertList\r
+                                              + sizeof (EFI_SIGNATURE_LIST)\r
+                                              + CertList->SignatureHeaderSize\r
+                                              + Index * CertList->SignatureSize);\r
+      //\r
+      // Display GUID and help\r
+      //\r
+      GuidToString (&Cert->SignatureOwner, GuidStr, 100);\r
+      GuidID  = HiiSetString (Private->RegisteredHandle, 0, GuidStr, NULL);\r
+      HiiCreateCheckBoxOpCode (\r
+        StartOpCodeHandle,\r
+        (EFI_QUESTION_ID) (QuestionIdBase + GuidIndex++),\r
+        0,\r
+        0,\r
+        GuidID,\r
+        Help,\r
+        EFI_IFR_FLAG_CALLBACK,\r
+        0,\r
+        NULL\r
+        );\r
+    }\r
+\r
+    ItemDataSize -= CertList->SignatureListSize;\r
+    CertList = (EFI_SIGNATURE_LIST *) ((UINT8 *) CertList + CertList->SignatureListSize);\r
+  }\r
+\r
+ON_EXIT:\r
+  HiiUpdateForm (\r
+    Private->RegisteredHandle,\r
+    &gTlsAuthConfigGuid,\r
+    FormId,\r
+    StartOpCodeHandle,\r
+    EndOpCodeHandle\r
+    );\r
+\r
+  if (StartOpCodeHandle != NULL) {\r
+    HiiFreeOpCodeHandle (StartOpCodeHandle);\r
+  }\r
+\r
+  if (EndOpCodeHandle != NULL) {\r
+    HiiFreeOpCodeHandle (EndOpCodeHandle);\r
+  }\r
+\r
+  if (Data != NULL) {\r
+    FreePool (Data);\r
+  }\r
+\r
+  if (GuidStr != NULL) {\r
+    FreePool (GuidStr);\r
+  }\r
+\r
+  return EFI_SUCCESS;\r
+}\r
+\r
+/**\r
+  Delete one entry from cert database.\r
+\r
+  @param[in]    PrivateData         Module's private data.\r
+  @param[in]    VariableName        The variable name of the database.\r
+  @param[in]    VendorGuid          A unique identifier for the vendor.\r
+  @param[in]    LabelNumber         Label number to insert opcodes.\r
+  @param[in]    FormId              Form ID of current page.\r
+  @param[in]    QuestionIdBase      Base question id of the cert list.\r
+  @param[in]    DeleteIndex         Cert index to delete.\r
+\r
+  @retval   EFI_SUCCESS             Delete siganture successfully.\r
+  @retval   EFI_NOT_FOUND           Can't find the signature item,\r
+  @retval   EFI_OUT_OF_RESOURCES    Could not allocate needed resources.\r
+**/\r
+EFI_STATUS\r
+DeleteCert (\r
+  IN TLS_AUTH_CONFIG_PRIVATE_DATA     *Private,\r
+  IN CHAR16                           *VariableName,\r
+  IN EFI_GUID                         *VendorGuid,\r
+  IN UINT16                           LabelNumber,\r
+  IN EFI_FORM_ID                      FormId,\r
+  IN EFI_QUESTION_ID                  QuestionIdBase,\r
+  IN UINTN                            DeleteIndex\r
+  )\r
+{\r
+  EFI_STATUS                  Status;\r
+  UINTN                       DataSize;\r
+  UINT8                       *Data;\r
+  UINT8                       *OldData;\r
+  UINT32                      Attr;\r
+  UINT32                      Index;\r
+  EFI_SIGNATURE_LIST          *CertList;\r
+  EFI_SIGNATURE_LIST          *NewCertList;\r
+  EFI_SIGNATURE_DATA          *Cert;\r
+  UINTN                       CertCount;\r
+  UINT32                      Offset;\r
+  BOOLEAN                     IsItemFound;\r
+  UINT32                      ItemDataSize;\r
+  UINTN                       GuidIndex;\r
+\r
+  Data            = NULL;\r
+  OldData         = NULL;\r
+  CertList        = NULL;\r
+  Cert            = NULL;\r
+  Attr            = 0;\r
+\r
+  //\r
+  // Get original signature list data.\r
+  //\r
+  DataSize = 0;\r
+  Status = gRT->GetVariable (VariableName, VendorGuid, NULL, &DataSize, NULL);\r
+  if (EFI_ERROR (Status) && Status != EFI_BUFFER_TOO_SMALL) {\r
+    goto ON_EXIT;\r
+  }\r
+\r
+  OldData = (UINT8 *) AllocateZeroPool (DataSize);\r
+  if (OldData == NULL) {\r
+    Status = EFI_OUT_OF_RESOURCES;\r
+    goto ON_EXIT;\r
+  }\r
+\r
+  Status = gRT->GetVariable (VariableName, VendorGuid, &Attr, &DataSize, OldData);\r
+  if (EFI_ERROR(Status)) {\r
+    goto ON_EXIT;\r
+  }\r
+\r
+  //\r
+  // Allocate space for new variable.\r
+  //\r
+  Data = (UINT8*) AllocateZeroPool (DataSize);\r
+  if (Data == NULL) {\r
+    Status  =  EFI_OUT_OF_RESOURCES;\r
+    goto ON_EXIT;\r
+  }\r
+\r
+  //\r
+  // Enumerate all data and erasing the target item.\r
+  //\r
+  IsItemFound = FALSE;\r
+  ItemDataSize = (UINT32) DataSize;\r
+  CertList = (EFI_SIGNATURE_LIST *) OldData;\r
+  Offset = 0;\r
+  GuidIndex = 0;\r
+  while ((ItemDataSize > 0) && (ItemDataSize >= CertList->SignatureListSize)) {\r
+    if (CompareGuid (&CertList->SignatureType, &gEfiCertX509Guid)) {\r
+      //\r
+      // Copy EFI_SIGNATURE_LIST header then calculate the signature count in this list.\r
+      //\r
+      CopyMem (Data + Offset, CertList, (sizeof(EFI_SIGNATURE_LIST) + CertList->SignatureHeaderSize));\r
+      NewCertList = (EFI_SIGNATURE_LIST*) (Data + Offset);\r
+      Offset += (sizeof(EFI_SIGNATURE_LIST) + CertList->SignatureHeaderSize);\r
+      Cert      = (EFI_SIGNATURE_DATA *) ((UINT8 *) CertList + sizeof (EFI_SIGNATURE_LIST) + CertList->SignatureHeaderSize);\r
+      CertCount  = (CertList->SignatureListSize - sizeof (EFI_SIGNATURE_LIST) - CertList->SignatureHeaderSize) / CertList->SignatureSize;\r
+      for (Index = 0; Index < CertCount; Index++) {\r
+        if (GuidIndex == DeleteIndex) {\r
+          //\r
+          // Find it! Skip it!\r
+          //\r
+          NewCertList->SignatureListSize -= CertList->SignatureSize;\r
+          IsItemFound = TRUE;\r
+        } else {\r
+          //\r
+          // This item doesn't match. Copy it to the Data buffer.\r
+          //\r
+          CopyMem (Data + Offset, (UINT8*)(Cert), CertList->SignatureSize);\r
+          Offset += CertList->SignatureSize;\r
+        }\r
+        GuidIndex++;\r
+        Cert = (EFI_SIGNATURE_DATA *) ((UINT8 *) Cert + CertList->SignatureSize);\r
+      }\r
+    } else {\r
+      //\r
+      // This List doesn't match. Just copy it to the Data buffer.\r
+      //\r
+      CopyMem (Data + Offset, (UINT8*)(CertList), CertList->SignatureListSize);\r
+      Offset += CertList->SignatureListSize;\r
+    }\r
+\r
+    ItemDataSize -= CertList->SignatureListSize;\r
+    CertList = (EFI_SIGNATURE_LIST *) ((UINT8 *) CertList + CertList->SignatureListSize);\r
+  }\r
+\r
+  if (!IsItemFound) {\r
+    //\r
+    // Doesn't find the signature Item!\r
+    //\r
+    Status = EFI_NOT_FOUND;\r
+    goto ON_EXIT;\r
+  }\r
+\r
+  //\r
+  // Delete the EFI_SIGNATURE_LIST header if there is no signature in the list.\r
+  //\r
+  ItemDataSize = Offset;\r
+  CertList = (EFI_SIGNATURE_LIST *) Data;\r
+  Offset = 0;\r
+  ZeroMem (OldData, ItemDataSize);\r
+  while ((ItemDataSize > 0) && (ItemDataSize >= CertList->SignatureListSize)) {\r
+    CertCount  = (CertList->SignatureListSize - sizeof (EFI_SIGNATURE_LIST) - CertList->SignatureHeaderSize) / CertList->SignatureSize;\r
+    DEBUG ((DEBUG_INFO, "       CertCount = %x\n", CertCount));\r
+    if (CertCount != 0) {\r
+      CopyMem (OldData + Offset, (UINT8*)(CertList), CertList->SignatureListSize);\r
+      Offset += CertList->SignatureListSize;\r
+    }\r
+    ItemDataSize -= CertList->SignatureListSize;\r
+    CertList = (EFI_SIGNATURE_LIST *) ((UINT8 *) CertList + CertList->SignatureListSize);\r
+  }\r
+\r
+  DataSize = Offset;\r
+\r
+  Status = gRT->SetVariable(\r
+                  VariableName,\r
+                  VendorGuid,\r
+                  Attr,\r
+                  DataSize,\r
+                  OldData\r
+                  );\r
+  if (EFI_ERROR (Status)) {\r
+    DEBUG ((DEBUG_ERROR, "Failed to set variable, Status = %r\n", Status));\r
+    goto ON_EXIT;\r
+  }\r
+\r
+ON_EXIT:\r
+  if (Data != NULL) {\r
+    FreePool(Data);\r
+  }\r
+\r
+  if (OldData != NULL) {\r
+    FreePool(OldData);\r
+  }\r
+\r
+  return UpdateDeletePage (\r
+           Private,\r
+           VariableName,\r
+           VendorGuid,\r
+           LabelNumber,\r
+           FormId,\r
+           QuestionIdBase\r
+           );\r
+}\r
+\r
+\r
+/**\r
+  Close an open file handle.\r
+\r
+  @param[in] FileHandle           The file handle to close.\r
+\r
+**/\r
+VOID\r
+CloseFile (\r
+  IN EFI_FILE_HANDLE   FileHandle\r
+  )\r
+{\r
+  if (FileHandle != NULL) {\r
+    FileHandle->Close (FileHandle);\r
+  }\r
+}\r
+\r
+/**\r
+  Read file content into BufferPtr, the size of the allocate buffer\r
+  is *FileSize plus AddtionAllocateSize.\r
+\r
+  @param[in]       FileHandle            The file to be read.\r
+  @param[in, out]  BufferPtr             Pointers to the pointer of allocated buffer.\r
+  @param[out]      FileSize              Size of input file\r
+  @param[in]       AddtionAllocateSize   Addtion size the buffer need to be allocated.\r
+                                         In case the buffer need to contain others besides the file content.\r
+\r
+  @retval   EFI_SUCCESS                  The file was read into the buffer.\r
+  @retval   EFI_INVALID_PARAMETER        A parameter was invalid.\r
+  @retval   EFI_OUT_OF_RESOURCES         A memory allocation failed.\r
+  @retval   others                       Unexpected error.\r
+\r
+**/\r
+EFI_STATUS\r
+ReadFileContent (\r
+  IN      EFI_FILE_HANDLE           FileHandle,\r
+  IN OUT  VOID                      **BufferPtr,\r
+     OUT  UINTN                     *FileSize,\r
+  IN      UINTN                     AddtionAllocateSize\r
+  )\r
+\r
+{\r
+  UINTN      BufferSize;\r
+  UINT64     SourceFileSize;\r
+  VOID       *Buffer;\r
+  EFI_STATUS Status;\r
+\r
+  if ((FileHandle == NULL) || (FileSize == NULL)) {\r
+    return EFI_INVALID_PARAMETER;\r
+  }\r
+\r
+  Buffer = NULL;\r
+\r
+  //\r
+  // Get the file size\r
+  //\r
+  Status = FileHandle->SetPosition (FileHandle, (UINT64) -1);\r
+  if (EFI_ERROR (Status)) {\r
+    goto ON_EXIT;\r
+  }\r
+\r
+  Status = FileHandle->GetPosition (FileHandle, &SourceFileSize);\r
+  if (EFI_ERROR (Status)) {\r
+    goto ON_EXIT;\r
+  }\r
+\r
+  Status = FileHandle->SetPosition (FileHandle, 0);\r
+  if (EFI_ERROR (Status)) {\r
+    goto ON_EXIT;\r
+  }\r
+\r
+  BufferSize = (UINTN) SourceFileSize + AddtionAllocateSize;\r
+  Buffer =  AllocateZeroPool(BufferSize);\r
+  if (Buffer == NULL) {\r
+    return EFI_OUT_OF_RESOURCES;\r
+  }\r
+\r
+  BufferSize = (UINTN) SourceFileSize;\r
+  *FileSize  = BufferSize;\r
+\r
+  Status = FileHandle->Read (FileHandle, &BufferSize, Buffer);\r
+  if (EFI_ERROR (Status) || BufferSize != *FileSize) {\r
+    FreePool (Buffer);\r
+    Buffer = NULL;\r
+    Status  = EFI_BAD_BUFFER_SIZE;\r
+    goto ON_EXIT;\r
+  }\r
+\r
+ON_EXIT:\r
+\r
+  *BufferPtr = Buffer;\r
+  return Status;\r
+}\r
+\r
+/**\r
+  This function will open a file or directory referenced by DevicePath.\r
+\r
+  This function opens a file with the open mode according to the file path. The\r
+  Attributes is valid only for EFI_FILE_MODE_CREATE.\r
+\r
+  @param[in, out]  FilePath        On input, the device path to the file.\r
+                                   On output, the remaining device path.\r
+  @param[out]      FileHandle      Pointer to the file handle.\r
+  @param[in]       OpenMode        The mode to open the file with.\r
+  @param[in]       Attributes      The file's file attributes.\r
+\r
+  @retval EFI_SUCCESS              The information was set.\r
+  @retval EFI_INVALID_PARAMETER    One of the parameters has an invalid value.\r
+  @retval EFI_UNSUPPORTED          Could not open the file path.\r
+  @retval EFI_NOT_FOUND            The specified file could not be found on the\r
+                                   device or the file system could not be found on\r
+                                   the device.\r
+  @retval EFI_NO_MEDIA             The device has no medium.\r
+  @retval EFI_MEDIA_CHANGED        The device has a different medium in it or the\r
+                                   medium is no longer supported.\r
+  @retval EFI_DEVICE_ERROR         The device reported an error.\r
+  @retval EFI_VOLUME_CORRUPTED     The file system structures are corrupted.\r
+  @retval EFI_WRITE_PROTECTED      The file or medium is write protected.\r
+  @retval EFI_ACCESS_DENIED        The file was opened read only.\r
+  @retval EFI_OUT_OF_RESOURCES     Not enough resources were available to open the\r
+                                   file.\r
+  @retval EFI_VOLUME_FULL          The volume is full.\r
+**/\r
+EFI_STATUS\r
+EFIAPI\r
+OpenFileByDevicePath (\r
+  IN OUT EFI_DEVICE_PATH_PROTOCOL     **FilePath,\r
+  OUT EFI_FILE_HANDLE                 *FileHandle,\r
+  IN UINT64                           OpenMode,\r
+  IN UINT64                           Attributes\r
+  )\r
+{\r
+  EFI_STATUS                      Status;\r
+  EFI_SIMPLE_FILE_SYSTEM_PROTOCOL *EfiSimpleFileSystemProtocol;\r
+  EFI_FILE_PROTOCOL               *Handle1;\r
+  EFI_FILE_PROTOCOL               *Handle2;\r
+  EFI_HANDLE                      DeviceHandle;\r
+\r
+  if ((FilePath == NULL || FileHandle == NULL)) {\r
+    return EFI_INVALID_PARAMETER;\r
+  }\r
+\r
+  Status = gBS->LocateDevicePath (\r
+                  &gEfiSimpleFileSystemProtocolGuid,\r
+                  FilePath,\r
+                  &DeviceHandle\r
+                  );\r
+  if (EFI_ERROR (Status)) {\r
+    return Status;\r
+  }\r
+\r
+  Status = gBS->OpenProtocol(\r
+                  DeviceHandle,\r
+                  &gEfiSimpleFileSystemProtocolGuid,\r
+                  (VOID**)&EfiSimpleFileSystemProtocol,\r
+                  gImageHandle,\r
+                  NULL,\r
+                  EFI_OPEN_PROTOCOL_GET_PROTOCOL\r
+                  );\r
+  if (EFI_ERROR (Status)) {\r
+    return Status;\r
+  }\r
+\r
+  Status = EfiSimpleFileSystemProtocol->OpenVolume(EfiSimpleFileSystemProtocol, &Handle1);\r
+  if (EFI_ERROR (Status)) {\r
+    FileHandle = NULL;\r
+    return Status;\r
+  }\r
+\r
+  //\r
+  // go down directories one node at a time.\r
+  //\r
+  while (!IsDevicePathEnd (*FilePath)) {\r
+    //\r
+    // For file system access each node should be a file path component\r
+    //\r
+    if (DevicePathType    (*FilePath) != MEDIA_DEVICE_PATH ||\r
+        DevicePathSubType (*FilePath) != MEDIA_FILEPATH_DP\r
+       ) {\r
+      FileHandle = NULL;\r
+      return (EFI_INVALID_PARAMETER);\r
+    }\r
+    //\r
+    // Open this file path node\r
+    //\r
+    Handle2  = Handle1;\r
+    Handle1 = NULL;\r
+\r
+    //\r
+    // Try to test opening an existing file\r
+    //\r
+    Status = Handle2->Open (\r
+                        Handle2,\r
+                        &Handle1,\r
+                        ((FILEPATH_DEVICE_PATH*)*FilePath)->PathName,\r
+                        OpenMode &~EFI_FILE_MODE_CREATE,\r
+                        0\r
+                        );\r
+\r
+    //\r
+    // see if the error was that it needs to be created\r
+    //\r
+    if ((EFI_ERROR (Status)) && (OpenMode != (OpenMode &~EFI_FILE_MODE_CREATE))) {\r
+      Status = Handle2->Open (\r
+                          Handle2,\r
+                          &Handle1,\r
+                          ((FILEPATH_DEVICE_PATH*)*FilePath)->PathName,\r
+                          OpenMode,\r
+                          Attributes\r
+                          );\r
+    }\r
+    //\r
+    // Close the last node\r
+    //\r
+    Handle2->Close (Handle2);\r
+\r
+    if (EFI_ERROR(Status)) {\r
+      return (Status);\r
+    }\r
+\r
+    //\r
+    // Get the next node\r
+    //\r
+    *FilePath = NextDevicePathNode (*FilePath);\r
+  }\r
+\r
+  //\r
+  // This is a weak spot since if the undefined SHELL_FILE_HANDLE format changes this must change also!\r
+  //\r
+  *FileHandle = (VOID*)Handle1;\r
+  return EFI_SUCCESS;\r
+}\r
+\r
+/**\r
+  This function converts an input device structure to a Unicode string.\r
+\r
+  @param[in] DevPath                  A pointer to the device path structure.\r
+\r
+  @return A new allocated Unicode string that represents the device path.\r
+\r
+**/\r
+CHAR16 *\r
+EFIAPI\r
+DevicePathToStr (\r
+  IN EFI_DEVICE_PATH_PROTOCOL     *DevPath\r
+  )\r
+{\r
+  return ConvertDevicePathToText (\r
+           DevPath,\r
+           FALSE,\r
+           TRUE\r
+           );\r
+}\r
+\r
+\r
+/**\r
+  Extract filename from device path. The returned buffer is allocated using AllocateCopyPool.\r
+  The caller is responsible for freeing the allocated buffer using FreePool(). If return NULL\r
+  means not enough memory resource.\r
+\r
+  @param DevicePath       Device path.\r
+\r
+  @retval NULL            Not enough memory resourece for AllocateCopyPool.\r
+  @retval Other           A new allocated string that represents the file name.\r
+\r
+**/\r
+CHAR16 *\r
+ExtractFileNameFromDevicePath (\r
+  IN   EFI_DEVICE_PATH_PROTOCOL *DevicePath\r
+  )\r
+{\r
+  CHAR16          *String;\r
+  CHAR16          *MatchString;\r
+  CHAR16          *LastMatch;\r
+  CHAR16          *FileName;\r
+  UINTN           Length;\r
+\r
+  ASSERT(DevicePath != NULL);\r
+\r
+  String = DevicePathToStr(DevicePath);\r
+  MatchString = String;\r
+  LastMatch   = String;\r
+  FileName    = NULL;\r
+\r
+  while(MatchString != NULL){\r
+    LastMatch   = MatchString + 1;\r
+    MatchString = StrStr(LastMatch,L"\\");\r
+  }\r
+\r
+  Length = StrLen(LastMatch);\r
+  FileName = AllocateCopyPool ((Length + 1) * sizeof(CHAR16), LastMatch);\r
+  if (FileName != NULL) {\r
+    *(FileName + Length) = 0;\r
+  }\r
+\r
+  FreePool(String);\r
+\r
+  return FileName;\r
+}\r
+\r
+/**\r
+  Enroll a new X509 certificate into Variable.\r
+\r
+  @param[in] PrivateData     The module's private data.\r
+  @param[in] VariableName    Variable name of CA database.\r
+\r
+  @retval   EFI_SUCCESS            New X509 is enrolled successfully.\r
+  @retval   EFI_OUT_OF_RESOURCES   Could not allocate needed resources.\r
+\r
+**/\r
+EFI_STATUS\r
+EnrollX509toVariable (\r
+  IN TLS_AUTH_CONFIG_PRIVATE_DATA   *Private,\r
+  IN CHAR16                         *VariableName\r
+  )\r
+{\r
+  EFI_STATUS                        Status;\r
+  UINTN                             X509DataSize;\r
+  VOID                              *X509Data;\r
+  EFI_SIGNATURE_LIST                *CACert;\r
+  EFI_SIGNATURE_DATA                *CACertData;\r
+  VOID                              *Data;\r
+  UINTN                             DataSize;\r
+  UINTN                             SigDataSize;\r
+  UINT32                            Attr;\r
+\r
+  X509DataSize  = 0;\r
+  SigDataSize   = 0;\r
+  DataSize      = 0;\r
+  X509Data      = NULL;\r
+  CACert        = NULL;\r
+  CACertData    = NULL;\r
+  Data          = NULL;\r
+\r
+  Status = ReadFileContent (\r
+             Private->FileContext->FHandle,\r
+             &X509Data,\r
+             &X509DataSize,\r
+             0\r
+             );\r
+  if (EFI_ERROR (Status)) {\r
+    goto ON_EXIT;\r
+  }\r
+  ASSERT (X509Data != NULL);\r
+\r
+  SigDataSize = sizeof(EFI_SIGNATURE_LIST) + sizeof(EFI_SIGNATURE_DATA) - 1 + X509DataSize;\r
+\r
+  Data = AllocateZeroPool (SigDataSize);\r
+  if (Data == NULL) {\r
+    Status = EFI_OUT_OF_RESOURCES;\r
+    goto ON_EXIT;\r
+  }\r
+\r
+  //\r
+  // Fill Certificate Database parameters.\r
+  //\r
+  CACert = (EFI_SIGNATURE_LIST*) Data;\r
+  CACert->SignatureListSize   = (UINT32) SigDataSize;\r
+  CACert->SignatureHeaderSize = 0;\r
+  CACert->SignatureSize = (UINT32) (sizeof(EFI_SIGNATURE_DATA) - 1 + X509DataSize);\r
+  CopyGuid (&CACert->SignatureType, &gEfiCertX509Guid);\r
+\r
+  CACertData = (EFI_SIGNATURE_DATA*) ((UINT8* ) CACert + sizeof (EFI_SIGNATURE_LIST));\r
+  CopyGuid (&CACertData->SignatureOwner, Private->CertGuid);\r
+  CopyMem ((UINT8* ) (CACertData->SignatureData), X509Data, X509DataSize);\r
+\r
+  //\r
+  // Check if signature database entry has been already existed.\r
+  // If true, use EFI_VARIABLE_APPEND_WRITE attribute to append the\r
+  // new signature data to original variable\r
+  //\r
+  Attr = TLS_AUTH_CONFIG_VAR_BASE_ATTR;\r
+\r
+  Status = gRT->GetVariable(\r
+                  VariableName,\r
+                  &gEfiTlsCaCertificateGuid,\r
+                  NULL,\r
+                  &DataSize,\r
+                  NULL\r
+                  );\r
+  if (Status == EFI_BUFFER_TOO_SMALL) {\r
+    Attr |= EFI_VARIABLE_APPEND_WRITE;\r
+  } else if (Status != EFI_NOT_FOUND) {\r
+    goto ON_EXIT;\r
+  }\r
+\r
+  Status = gRT->SetVariable(\r
+                  VariableName,\r
+                  &gEfiTlsCaCertificateGuid,\r
+                  Attr,\r
+                  SigDataSize,\r
+                  Data\r
+                  );\r
+  if (EFI_ERROR (Status)) {\r
+    goto ON_EXIT;\r
+  }\r
+\r
+ON_EXIT:\r
+\r
+  CloseFile (Private->FileContext->FHandle);\r
+  if (Private->FileContext->FileName != NULL) {\r
+    FreePool(Private->FileContext->FileName);\r
+    Private->FileContext->FileName = NULL;\r
+  }\r
+\r
+  Private->FileContext->FHandle = NULL;\r
+\r
+  if (Private->CertGuid != NULL) {\r
+    FreePool (Private->CertGuid);\r
+    Private->CertGuid = NULL;\r
+  }\r
+\r
+  if (Data != NULL) {\r
+    FreePool (Data);\r
+  }\r
+\r
+  if (X509Data != NULL) {\r
+    FreePool (X509Data);\r
+  }\r
+\r
+  return Status;\r
+}\r
+\r
+/**\r
+  Enroll Cert into TlsCaCertificate. The GUID will be Private->CertGuid.\r
+\r
+  @param[in] PrivateData     The module's private data.\r
+  @param[in] VariableName    Variable name of signature database.\r
+\r
+  @retval   EFI_SUCCESS            New Cert enrolled successfully.\r
+  @retval   EFI_INVALID_PARAMETER  The parameter is invalid.\r
+  @retval   EFI_UNSUPPORTED        The Cert file is unsupported type.\r
+  @retval   others                 Fail to enroll Cert data.\r
+\r
+**/\r
+EFI_STATUS\r
+EnrollCertDatabase (\r
+  IN TLS_AUTH_CONFIG_PRIVATE_DATA  *Private,\r
+  IN CHAR16                        *VariableName\r
+  )\r
+{\r
+  UINT16*      FilePostFix;\r
+  UINTN        NameLength;\r
+\r
+  if ((Private->FileContext->FileName == NULL) || (Private->FileContext->FHandle == NULL) || (Private->CertGuid == NULL)) {\r
+    return EFI_INVALID_PARAMETER;\r
+  }\r
+\r
+  //\r
+  // Parse the file's postfix.\r
+  //\r
+  NameLength = StrLen (Private->FileContext->FileName);\r
+  if (NameLength <= 4) {\r
+    return EFI_INVALID_PARAMETER;\r
+  }\r
+  FilePostFix = Private->FileContext->FileName + NameLength - 4;\r
+\r
+  if (IsDerPemEncodeCertificate (FilePostFix)) {\r
+    //\r
+    // Supports DER-encoded X509 certificate.\r
+    //\r
+    return EnrollX509toVariable (Private, VariableName);\r
+  }\r
+\r
+  return EFI_UNSUPPORTED;\r
+}\r
+\r
+/**\r
+  Refresh the global UpdateData structure.\r
+\r
+**/\r
+VOID\r
+RefreshUpdateData (\r
+  VOID\r
+  )\r
+{\r
+  //\r
+  // Free current updated date\r
+  //\r
+  if (mStartOpCodeHandle != NULL) {\r
+    HiiFreeOpCodeHandle (mStartOpCodeHandle);\r
+  }\r
+\r
+  //\r
+  // Create new OpCode Handle\r
+  //\r
+  mStartOpCodeHandle = HiiAllocateOpCodeHandle ();\r
+\r
+  //\r
+  // Create Hii Extend Label OpCode as the start opcode\r
+  //\r
+  mStartLabel = (EFI_IFR_GUID_LABEL *) HiiCreateGuidOpCode (\r
+                                         mStartOpCodeHandle,\r
+                                         &gEfiIfrTianoGuid,\r
+                                         NULL,\r
+                                         sizeof (EFI_IFR_GUID_LABEL)\r
+                                         );\r
+  mStartLabel->ExtendOpCode = EFI_IFR_EXTEND_OP_LABEL;\r
+}\r
+\r
+/**\r
+  Clean up the dynamic opcode at label and form specified by both LabelId.\r
+\r
+  @param[in] LabelId         It is both the Form ID and Label ID for opcode deletion.\r
+  @param[in] PrivateData     Module private data.\r
+\r
+**/\r
+VOID\r
+CleanUpPage (\r
+  IN UINT16                           LabelId,\r
+  IN TLS_AUTH_CONFIG_PRIVATE_DATA     *PrivateData\r
+  )\r
+{\r
+  RefreshUpdateData ();\r
+\r
+  //\r
+  // Remove all op-codes from dynamic page\r
+  //\r
+  mStartLabel->Number = LabelId;\r
+  HiiUpdateForm (\r
+    PrivateData->RegisteredHandle,\r
+    &gTlsAuthConfigGuid,\r
+    LabelId,\r
+    mStartOpCodeHandle, // Label LabelId\r
+    mEndOpCodeHandle    // LABEL_END\r
+    );\r
+}\r
+\r
+/**\r
+  Update the form base on the selected file.\r
+\r
+  @param FilePath   Point to the file path.\r
+  @param FormId     The form need to display.\r
+\r
+  @retval TRUE   Exit caller function.\r
+  @retval FALSE  Not exit caller function.\r
+\r
+**/\r
+BOOLEAN\r
+UpdatePage(\r
+  IN  EFI_DEVICE_PATH_PROTOCOL  *FilePath,\r
+  IN  EFI_FORM_ID               FormId\r
+  )\r
+{\r
+  CHAR16                *FileName;\r
+  EFI_STRING_ID         StringToken;\r
+\r
+  FileName = NULL;\r
+\r
+  if (FilePath != NULL) {\r
+    FileName = ExtractFileNameFromDevicePath(FilePath);\r
+  }\r
+  if (FileName == NULL) {\r
+    //\r
+    // FileName = NULL has two case:\r
+    // 1. FilePath == NULL, not select file.\r
+    // 2. FilePath != NULL, but ExtractFileNameFromDevicePath return NULL not enough memory resource.\r
+    // In these two case, no need to update the form, and exit the caller function.\r
+    //\r
+    return TRUE;\r
+  }\r
+  StringToken =  HiiSetString (mTlsAuthPrivateData->RegisteredHandle, 0, FileName, NULL);\r
+\r
+  mTlsAuthPrivateData->FileContext->FileName = FileName;\r
+\r
+  OpenFileByDevicePath (\r
+    &FilePath,\r
+    &mTlsAuthPrivateData->FileContext->FHandle,\r
+    EFI_FILE_MODE_READ,\r
+    0\r
+    );\r
+  //\r
+  // Create Subtitle op-code for the display string of the option.\r
+  //\r
+  RefreshUpdateData ();\r
+  mStartLabel->Number = FormId;\r
+\r
+  HiiCreateSubTitleOpCode (\r
+    mStartOpCodeHandle,\r
+    StringToken,\r
+    0,\r
+    0,\r
+    0\r
+   );\r
+\r
+  HiiUpdateForm (\r
+    mTlsAuthPrivateData->RegisteredHandle,\r
+    &gTlsAuthConfigGuid,\r
+    FormId,\r
+    mStartOpCodeHandle, /// Label FormId\r
+    mEndOpCodeHandle    /// LABEL_END\r
+    );\r
+\r
+  return TRUE;\r
+}\r
+\r
+/**\r
+  Update the form base on the input file path info.\r
+\r
+  @param FilePath    Point to the file path.\r
+\r
+  @retval TRUE   Exit caller function.\r
+  @retval FALSE  Not exit caller function.\r
+**/\r
+BOOLEAN\r
+EFIAPI\r
+UpdateCAFromFile (\r
+  IN EFI_DEVICE_PATH_PROTOCOL    *FilePath\r
+  )\r
+{\r
+  return UpdatePage(FilePath, TLS_AUTH_CONFIG_FORMID4_FORM);\r
+}\r
+\r
+/**\r
+  Unload the configuration form, this includes: delete all the configuration\r
+  entries, uninstall the form callback protocol, and free the resources used.\r
+\r
+  @param[in]  Private             Pointer to the driver private data.\r
+\r
+  @retval EFI_SUCCESS             The configuration form is unloaded.\r
+  @retval Others                  Failed to unload the form.\r
+\r
+**/\r
+EFI_STATUS\r
+TlsAuthConfigFormUnload (\r
+  IN TLS_AUTH_CONFIG_PRIVATE_DATA     *Private\r
+  )\r
+{\r
+  if (Private->DriverHandle != NULL) {\r
+    //\r
+    // Uninstall EFI_HII_CONFIG_ACCESS_PROTOCOL\r
+    //\r
+    gBS->UninstallMultipleProtocolInterfaces (\r
+           Private->DriverHandle,\r
+           &gEfiDevicePathProtocolGuid,\r
+           &mTlsAuthConfigHiiVendorDevicePath,\r
+           &gEfiHiiConfigAccessProtocolGuid,\r
+           &Private->ConfigAccess,\r
+           NULL\r
+           );\r
+    Private->DriverHandle = NULL;\r
+  }\r
+\r
+  if (Private->RegisteredHandle != NULL) {\r
+    //\r
+    // Remove HII package list\r
+    //\r
+    HiiRemovePackages (Private->RegisteredHandle);\r
+    Private->RegisteredHandle = NULL;\r
+  }\r
+\r
+  if (Private->CertGuid != NULL) {\r
+    FreePool (Private->CertGuid);\r
+  }\r
+\r
+  if (Private->FileContext != NULL) {\r
+    FreePool (Private->FileContext);\r
+  }\r
+\r
+  FreePool (Private);\r
+\r
+  if (mStartOpCodeHandle != NULL) {\r
+    HiiFreeOpCodeHandle (mStartOpCodeHandle);\r
+  }\r
+\r
+  if (mEndOpCodeHandle != NULL) {\r
+    HiiFreeOpCodeHandle (mEndOpCodeHandle);\r
+  }\r
+\r
+  return EFI_SUCCESS;\r
+}\r
+\r
+\r
+/**\r
+  Initialize the configuration form.\r
+\r
+  @param[in]  Private             Pointer to the driver private data.\r
+\r
+  @retval EFI_SUCCESS             The configuration form is initialized.\r
+  @retval EFI_OUT_OF_RESOURCES    Failed to allocate memory.\r
+\r
+**/\r
+EFI_STATUS\r
+TlsAuthConfigFormInit (\r
+  IN TLS_AUTH_CONFIG_PRIVATE_DATA     *Private\r
+  )\r
+{\r
+  EFI_STATUS                        Status;\r
+\r
+  Private->Signature = TLS_AUTH_CONFIG_PRIVATE_DATA_SIGNATURE;\r
+\r
+  Private->ConfigAccess.ExtractConfig = TlsAuthConfigAccessExtractConfig;\r
+  Private->ConfigAccess.RouteConfig   = TlsAuthConfigAccessRouteConfig;\r
+  Private->ConfigAccess.Callback      = TlsAuthConfigAccessCallback;\r
+\r
+  //\r
+  // Install Device Path Protocol and Config Access protocol to driver handle.\r
+  //\r
+  Status = gBS->InstallMultipleProtocolInterfaces (\r
+                  &Private->DriverHandle,\r
+                  &gEfiDevicePathProtocolGuid,\r
+                  &mTlsAuthConfigHiiVendorDevicePath,\r
+                  &gEfiHiiConfigAccessProtocolGuid,\r
+                  &Private->ConfigAccess,\r
+                  NULL\r
+                  );\r
+  if (EFI_ERROR (Status)) {\r
+    return Status;\r
+  }\r
+\r
+  //\r
+  // Publish our HII data.\r
+  //\r
+  Private->RegisteredHandle = HiiAddPackages (\r
+                                &gTlsAuthConfigGuid,\r
+                                Private->DriverHandle,\r
+                                TlsAuthConfigDxeStrings,\r
+                                TlsAuthConfigVfrBin,\r
+                                NULL\r
+                                );\r
+  if (Private->RegisteredHandle == NULL) {\r
+    Status = EFI_OUT_OF_RESOURCES;\r
+    goto Error;\r
+  }\r
+\r
+  Private->FileContext = AllocateZeroPool (sizeof (TLS_AUTH_CONFIG_FILE_CONTEXT));\r
+  if (Private->FileContext == NULL) {\r
+    Status = EFI_OUT_OF_RESOURCES;\r
+    goto Error;\r
+  }\r
+\r
+  //\r
+  // Init OpCode Handle and Allocate space for creation of Buffer\r
+  //\r
+  mStartOpCodeHandle = HiiAllocateOpCodeHandle ();\r
+  if (mStartOpCodeHandle == NULL) {\r
+    Status = EFI_OUT_OF_RESOURCES;\r
+    goto Error;\r
+  }\r
+\r
+  mEndOpCodeHandle = HiiAllocateOpCodeHandle ();\r
+  if (mEndOpCodeHandle == NULL) {\r
+    Status = EFI_OUT_OF_RESOURCES;\r
+    goto Error;\r
+  }\r
+\r
+  //\r
+  // Create Hii Extend Label OpCode as the start opcode\r
+  //\r
+  mStartLabel = (EFI_IFR_GUID_LABEL *) HiiCreateGuidOpCode (\r
+                                         mStartOpCodeHandle,\r
+                                         &gEfiIfrTianoGuid,\r
+                                         NULL,\r
+                                         sizeof (EFI_IFR_GUID_LABEL)\r
+                                         );\r
+  mStartLabel->ExtendOpCode = EFI_IFR_EXTEND_OP_LABEL;\r
+\r
+  //\r
+  // Create Hii Extend Label OpCode as the end opcode\r
+  //\r
+  mEndLabel = (EFI_IFR_GUID_LABEL *) HiiCreateGuidOpCode (\r
+                                       mEndOpCodeHandle,\r
+                                       &gEfiIfrTianoGuid,\r
+                                       NULL,\r
+                                       sizeof (EFI_IFR_GUID_LABEL)\r
+                                       );\r
+  mEndLabel->ExtendOpCode = EFI_IFR_EXTEND_OP_LABEL;\r
+  mEndLabel->Number       = LABEL_END;\r
+\r
+  return EFI_SUCCESS;\r
+\r
+Error:\r
+  TlsAuthConfigFormUnload (Private);\r
+  return Status;\r
+}\r
+\r
+/**\r
+\r
+  This function allows the caller to request the current\r
+  configuration for one or more named elements. The resulting\r
+  string is in <ConfigAltResp> format. Any and all alternative\r
+  configuration strings shall also be appended to the end of the\r
+  current configuration string. If they are, they must appear\r
+  after the current configuration. They must contain the same\r
+  routing (GUID, NAME, PATH) as the current configuration string.\r
+  They must have an additional description indicating the type of\r
+  alternative configuration the string represents,\r
+  "ALTCFG=<StringToken>". That <StringToken> (when\r
+  converted from Hex UNICODE to binary) is a reference to a\r
+  string in the associated string pack.\r
+\r
+  @param This       Points to the EFI_HII_CONFIG_ACCESS_PROTOCOL.\r
+\r
+  @param Request    A null-terminated Unicode string in\r
+                    <ConfigRequest> format. Note that this\r
+                    includes the routing information as well as\r
+                    the configurable name / value pairs. It is\r
+                    invalid for this string to be in\r
+                    <MultiConfigRequest> format.\r
+                    If a NULL is passed in for the Request field,\r
+                    all of the settings being abstracted by this function\r
+                    will be returned in the Results field.  In addition,\r
+                    if a ConfigHdr is passed in with no request elements,\r
+                    all of the settings being abstracted for that particular\r
+                    ConfigHdr reference will be returned in the Results Field.\r
+\r
+  @param Progress   On return, points to a character in the\r
+                    Request string. Points to the string's null\r
+                    terminator if request was successful. Points\r
+                    to the most recent "&" before the first\r
+                    failing name / value pair (or the beginning\r
+                    of the string if the failure is in the first\r
+                    name / value pair) if the request was not\r
+                    successful.\r
+\r
+  @param Results    A null-terminated Unicode string in\r
+                    <MultiConfigAltResp> format which has all values\r
+                    filled in for the names in the Request string.\r
+                    String to be allocated by the called function.\r
+\r
+  @retval EFI_SUCCESS             The Results string is filled with the\r
+                                  values corresponding to all requested\r
+                                  names.\r
+\r
+  @retval EFI_OUT_OF_RESOURCES    Not enough memory to store the\r
+                                  parts of the results that must be\r
+                                  stored awaiting possible future\r
+                                  protocols.\r
+\r
+  @retval EFI_NOT_FOUND           Routing data doesn't match any\r
+                                  known driver. Progress set to the\r
+                                  first character in the routing header.\r
+                                  Note: There is no requirement that the\r
+                                  driver validate the routing data. It\r
+                                  must skip the <ConfigHdr> in order to\r
+                                  process the names.\r
+\r
+  @retval EFI_INVALID_PARAMETER   Illegal syntax. Progress set\r
+                                  to most recent "&" before the\r
+                                  error or the beginning of the\r
+                                  string.\r
+\r
+  @retval EFI_INVALID_PARAMETER   Unknown name. Progress points\r
+                                  to the & before the name in\r
+                                  question.\r
+\r
+**/\r
+EFI_STATUS\r
+EFIAPI\r
+TlsAuthConfigAccessExtractConfig (\r
+  IN CONST  EFI_HII_CONFIG_ACCESS_PROTOCOL  *This,\r
+  IN CONST  EFI_STRING                      Request,\r
+  OUT       EFI_STRING                      *Progress,\r
+  OUT       EFI_STRING                      *Results\r
+  )\r
+{\r
+  EFI_STATUS                        Status;\r
+  UINTN                             BufferSize;\r
+  UINTN                             Size;\r
+  EFI_STRING                        ConfigRequest;\r
+  EFI_STRING                        ConfigRequestHdr;\r
+  TLS_AUTH_CONFIG_PRIVATE_DATA      *Private;\r
+  BOOLEAN                           AllocatedRequest;\r
+\r
+  if (Progress == NULL || Results == NULL) {\r
+    return EFI_INVALID_PARAMETER;\r
+  }\r
+\r
+  AllocatedRequest = FALSE;\r
+  ConfigRequestHdr = NULL;\r
+  ConfigRequest    = NULL;\r
+  Size             = 0;\r
+\r
+  Private          = TLS_AUTH_CONFIG_PRIVATE_FROM_THIS (This);\r
+\r
+  BufferSize       = sizeof (TLS_AUTH_CONFIG_IFR_NVDATA);\r
+  ZeroMem (&Private->TlsAuthConfigNvData, BufferSize);\r
+\r
+  *Progress        = Request;\r
+\r
+  if ((Request != NULL) && !HiiIsConfigHdrMatch (Request, &gTlsAuthConfigGuid, mTlsAuthConfigStorageName)) {\r
+    return EFI_NOT_FOUND;\r
+  }\r
+\r
+  ConfigRequest = Request;\r
+  if ((Request == NULL) || (StrStr (Request, L"OFFSET") == NULL)) {\r
+    //\r
+    // Request is set to NULL or OFFSET is NULL, construct full request string.\r
+    //\r
+    // Allocate and fill a buffer large enough to hold the <ConfigHdr> template\r
+    // followed by "&OFFSET=0&WIDTH=WWWWWWWWWWWWWWWW" followed by a Null-terminator\r
+    //\r
+    ConfigRequestHdr = HiiConstructConfigHdr (&gTlsAuthConfigGuid, mTlsAuthConfigStorageName, Private->DriverHandle);\r
+    Size = (StrLen (ConfigRequestHdr) + 32 + 1) * sizeof (CHAR16);\r
+    ConfigRequest = AllocateZeroPool (Size);\r
+    ASSERT (ConfigRequest != NULL);\r
+    AllocatedRequest = TRUE;\r
+    UnicodeSPrint (ConfigRequest, Size, L"%s&OFFSET=0&WIDTH=%016LX", ConfigRequestHdr, (UINT64)BufferSize);\r
+    FreePool (ConfigRequestHdr);\r
+    ConfigRequestHdr = NULL;\r
+  }\r
+\r
+  Status = gHiiConfigRouting->BlockToConfig (\r
+                                gHiiConfigRouting,\r
+                                ConfigRequest,\r
+                                (UINT8 *) &Private->TlsAuthConfigNvData,\r
+                                BufferSize,\r
+                                Results,\r
+                                Progress\r
+                                );\r
+\r
+  //\r
+  // Free the allocated config request string.\r
+  //\r
+  if (AllocatedRequest) {\r
+    FreePool (ConfigRequest);\r
+  }\r
+\r
+  //\r
+  // Set Progress string to the original request string.\r
+  //\r
+  if (Request == NULL) {\r
+    *Progress = NULL;\r
+  } else if (StrStr (Request, L"OFFSET") == NULL) {\r
+    *Progress = Request + StrLen (Request);\r
+  }\r
+\r
+  return Status;\r
+}\r
+\r
+/**\r
+\r
+  This function applies changes in a driver's configuration.\r
+  Input is a Configuration, which has the routing data for this\r
+  driver followed by name / value configuration pairs. The driver\r
+  must apply those pairs to its configurable storage. If the\r
+  driver's configuration is stored in a linear block of data\r
+  and the driver's name / value pairs are in <BlockConfig>\r
+  format, it may use the ConfigToBlock helper function (above) to\r
+  simplify the job.\r
+\r
+  @param This           Points to the EFI_HII_CONFIG_ACCESS_PROTOCOL.\r
+\r
+  @param Configuration  A null-terminated Unicode string in\r
+                        <ConfigString> format.\r
+\r
+  @param Progress       A pointer to a string filled in with the\r
+                        offset of the most recent '&' before the\r
+                        first failing name / value pair (or the\r
+                        beginn ing of the string if the failure\r
+                        is in the first name / value pair) or\r
+                        the terminating NULL if all was\r
+                        successful.\r
+\r
+  @retval EFI_SUCCESS             The results have been distributed or are\r
+                                  awaiting distribution.\r
+\r
+  @retval EFI_OUT_OF_RESOURCES    Not enough memory to store the\r
+                                  parts of the results that must be\r
+                                  stored awaiting possible future\r
+                                  protocols.\r
+\r
+  @retval EFI_INVALID_PARAMETERS  Passing in a NULL for the\r
+                                  Results parameter would result\r
+                                  in this type of error.\r
+\r
+  @retval EFI_NOT_FOUND           Target for the specified routing data\r
+                                  was not found\r
+\r
+**/\r
+EFI_STATUS\r
+EFIAPI\r
+TlsAuthConfigAccessRouteConfig (\r
+  IN CONST  EFI_HII_CONFIG_ACCESS_PROTOCOL  *This,\r
+  IN CONST  EFI_STRING                      Configuration,\r
+  OUT       EFI_STRING                      *Progress\r
+  )\r
+{\r
+  EFI_STATUS                       Status;\r
+  UINTN                            BufferSize;\r
+  TLS_AUTH_CONFIG_PRIVATE_DATA     *Private;\r
+\r
+  if (Progress == NULL) {\r
+    return EFI_INVALID_PARAMETER;\r
+  }\r
+  *Progress = Configuration;\r
+\r
+  if (Configuration == NULL) {\r
+    return EFI_INVALID_PARAMETER;\r
+  }\r
+\r
+  //\r
+  // Check routing data in <ConfigHdr>.\r
+  // Note: there is no name for Name/Value storage, only GUID will be checked\r
+  //\r
+  if (!HiiIsConfigHdrMatch (Configuration, &gTlsAuthConfigGuid, mTlsAuthConfigStorageName)) {\r
+    return EFI_NOT_FOUND;\r
+  }\r
+\r
+  Private = TLS_AUTH_CONFIG_PRIVATE_FROM_THIS (This);\r
+\r
+  BufferSize = sizeof (TLS_AUTH_CONFIG_IFR_NVDATA);\r
+  ZeroMem (&Private->TlsAuthConfigNvData, BufferSize);\r
+\r
+  Status = gHiiConfigRouting->ConfigToBlock (\r
+                                gHiiConfigRouting,\r
+                                Configuration,\r
+                                (UINT8 *) &Private->TlsAuthConfigNvData,\r
+                                &BufferSize,\r
+                                Progress\r
+                                );\r
+  if (EFI_ERROR (Status)) {\r
+    return Status;\r
+  }\r
+\r
+  return Status;\r
+}\r
+\r
+/**\r
+\r
+  This function is called to provide results data to the driver.\r
+  This data consists of a unique key that is used to identify\r
+  which data is either being passed back or being asked for.\r
+\r
+  @param  This                   Points to the EFI_HII_CONFIG_ACCESS_PROTOCOL.\r
+  @param  Action                 Specifies the type of action taken by the browser.\r
+  @param  QuestionId             A unique value which is sent to the original\r
+                                 exporting driver so that it can identify the type\r
+                                 of data to expect. The format of the data tends to\r
+                                 vary based on the opcode that generated the callback.\r
+  @param  Type                   The type of value for the question.\r
+  @param  Value                  A pointer to the data being sent to the original\r
+                                 exporting driver.\r
+  @param  ActionRequest          On return, points to the action requested by the\r
+                                 callback function.\r
+\r
+  @retval EFI_SUCCESS            The callback successfully handled the action.\r
+  @retval EFI_OUT_OF_RESOURCES   Not enough storage is available to hold the\r
+                                 variable and its data.\r
+  @retval EFI_DEVICE_ERROR       The variable could not be saved.\r
+  @retval EFI_UNSUPPORTED        The specified Action is not supported by the\r
+                                 callback.\r
+**/\r
+EFI_STATUS\r
+EFIAPI\r
+TlsAuthConfigAccessCallback (\r
+  IN     CONST EFI_HII_CONFIG_ACCESS_PROTOCOL   *This,\r
+  IN     EFI_BROWSER_ACTION                     Action,\r
+  IN     EFI_QUESTION_ID                        QuestionId,\r
+  IN     UINT8                                  Type,\r
+  IN OUT EFI_IFR_TYPE_VALUE                     *Value,\r
+  OUT    EFI_BROWSER_ACTION_REQUEST             *ActionRequest\r
+  )\r
+{\r
+  EFI_INPUT_KEY                   Key;\r
+  EFI_STATUS                      Status;\r
+  RETURN_STATUS                   RStatus;\r
+  TLS_AUTH_CONFIG_PRIVATE_DATA    *Private;\r
+  UINTN                           BufferSize;\r
+  TLS_AUTH_CONFIG_IFR_NVDATA      *IfrNvData;\r
+  UINT16                          LabelId;\r
+  EFI_DEVICE_PATH_PROTOCOL        *File;\r
+\r
+  Status           = EFI_SUCCESS;\r
+  File             = NULL;\r
+\r
+  if ((This == NULL) || (Value == NULL) || (ActionRequest == NULL)) {\r
+    return EFI_INVALID_PARAMETER;\r
+  }\r
+\r
+  Private = TLS_AUTH_CONFIG_PRIVATE_FROM_THIS (This);\r
+\r
+  mTlsAuthPrivateData = Private;\r
+\r
+  //\r
+  // Retrieve uncommitted data from Browser\r
+  //\r
+  BufferSize = sizeof (TLS_AUTH_CONFIG_IFR_NVDATA);\r
+  IfrNvData = AllocateZeroPool (BufferSize);\r
+  if (IfrNvData == NULL) {\r
+    return EFI_OUT_OF_RESOURCES;\r
+  }\r
+\r
+  HiiGetBrowserData (&gTlsAuthConfigGuid, mTlsAuthConfigStorageName, BufferSize, (UINT8 *) IfrNvData);\r
+\r
+  if ((Action != EFI_BROWSER_ACTION_CHANGED) &&\r
+      (Action != EFI_BROWSER_ACTION_CHANGING)) {\r
+    Status = EFI_UNSUPPORTED;\r
+    goto EXIT;\r
+  }\r
+\r
+  if (Action == EFI_BROWSER_ACTION_CHANGING) {\r
+    switch (QuestionId) {\r
+    case KEY_TLS_AUTH_CONFIG_CLIENT_CERT:\r
+    case KEY_TLS_AUTH_CONFIG_SERVER_CA:\r
+      //\r
+      // Clear Cert GUID.\r
+      //\r
+      ZeroMem (IfrNvData->CertGuid, sizeof (IfrNvData->CertGuid));\r
+      if (Private->CertGuid == NULL) {\r
+        Private->CertGuid = (EFI_GUID *) AllocateZeroPool (sizeof (EFI_GUID));\r
+        if (Private->CertGuid == NULL) {\r
+          return EFI_OUT_OF_RESOURCES;\r
+        }\r
+      }\r
+      if (QuestionId == KEY_TLS_AUTH_CONFIG_CLIENT_CERT) {\r
+        LabelId = TLS_AUTH_CONFIG_FORMID3_FORM;\r
+      } else {\r
+        LabelId = TLS_AUTH_CONFIG_FORMID4_FORM;\r
+      }\r
+\r
+      //\r
+      // Refresh selected file.\r
+      //\r
+      CleanUpPage (LabelId, Private);\r
+      break;\r
+    case KEY_TLS_AUTH_CONFIG_ENROLL_CERT_FROM_FILE:\r
+      ChooseFile( NULL, NULL, UpdateCAFromFile, &File);\r
+      break;\r
+\r
+    case KEY_TLS_AUTH_CONFIG_VALUE_SAVE_AND_EXIT:\r
+      Status = EnrollCertDatabase (Private, EFI_TLS_CA_CERTIFICATE_VARIABLE);\r
+      if (EFI_ERROR (Status)) {\r
+        CreatePopUp (\r
+          EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE,\r
+          &Key,\r
+          L"ERROR: Enroll Cert Failure!",\r
+          NULL\r
+          );\r
+      }\r
+      break;\r
+\r
+    case KEY_TLS_AUTH_CONFIG_VALUE_NO_SAVE_AND_EXIT:\r
+      if (Private->FileContext->FHandle != NULL) {\r
+        CloseFile (Private->FileContext->FHandle);\r
+        Private->FileContext->FHandle = NULL;\r
+        if (Private->FileContext->FileName!= NULL){\r
+          FreePool(Private->FileContext->FileName);\r
+          Private->FileContext->FileName = NULL;\r
+        }\r
+      }\r
+\r
+      if (Private->CertGuid!= NULL) {\r
+        FreePool (Private->CertGuid);\r
+        Private->CertGuid = NULL;\r
+      }\r
+      break;\r
+\r
+    case KEY_TLS_AUTH_CONFIG_DELETE_CERT:\r
+      UpdateDeletePage (\r
+        Private,\r
+        EFI_TLS_CA_CERTIFICATE_VARIABLE,\r
+        &gEfiTlsCaCertificateGuid,\r
+        LABEL_CA_DELETE,\r
+        TLS_AUTH_CONFIG_FORMID5_FORM,\r
+        OPTION_DEL_CA_ESTION_ID\r
+        );\r
+       break;\r
+\r
+    default:\r
+      if ((QuestionId >= OPTION_DEL_CA_ESTION_ID) &&\r
+                 (QuestionId < (OPTION_DEL_CA_ESTION_ID + OPTION_CONFIG_RANGE)))  {\r
+        DeleteCert (\r
+          Private,\r
+          EFI_TLS_CA_CERTIFICATE_VARIABLE,\r
+          &gEfiTlsCaCertificateGuid,\r
+          LABEL_CA_DELETE,\r
+          TLS_AUTH_CONFIG_FORMID5_FORM,\r
+          OPTION_DEL_CA_ESTION_ID,\r
+          QuestionId - OPTION_DEL_CA_ESTION_ID\r
+          );\r
+      }\r
+      break;\r
+    }\r
+  } else if (Action == EFI_BROWSER_ACTION_CHANGED) {\r
+    switch (QuestionId) {\r
+    case KEY_TLS_AUTH_CONFIG_CERT_GUID:\r
+      ASSERT (Private->CertGuid != NULL);\r
+      RStatus = StrToGuid (\r
+                  IfrNvData->CertGuid,\r
+                  Private->CertGuid\r
+                  );\r
+      if (RETURN_ERROR (RStatus) || (IfrNvData->CertGuid[GUID_STRING_LENGTH] != L'\0')) {\r
+        Status = EFI_INVALID_PARAMETER;\r
+        break;\r
+      }\r
+\r
+      *ActionRequest = EFI_BROWSER_ACTION_REQUEST_FORM_APPLY;\r
+      break;\r
+    default:\r
+      break;\r
+    }\r
+  }\r
+\r
+EXIT:\r
+\r
+  if (!EFI_ERROR (Status)) {\r
+    BufferSize = sizeof (TLS_AUTH_CONFIG_IFR_NVDATA);\r
+    HiiSetBrowserData (&gTlsAuthConfigGuid, mTlsAuthConfigStorageName, BufferSize, (UINT8*) IfrNvData, NULL);\r
+  }\r
+\r
+  FreePool (IfrNvData);\r
+\r
+  if (File != NULL){\r
+    FreePool(File);\r
+    File = NULL;\r
+  }\r
+\r
+  return EFI_SUCCESS;\r
+\r
+}\r
+\r