\r
\r
BOOLEAN mIsEnterSecureBootForm = FALSE;\r
-BOOLEAN mIsSelectedSecureBootModeForm = FALSE;\r
-BOOLEAN mIsSecureBootModeChanged = FALSE;\r
\r
//\r
// OID ASN.1 Value for Hash Algorithms\r
);\r
}\r
\r
-/**\r
- Perform secure boot mode transition from User Mode by setting AuditMode \r
- or DeployedMode variable.\r
-\r
- @param[in] NewMode New secure boot mode.\r
-\r
- @retval EFI_SUCCESS Secure Boot mode transition is successful.\r
-**/\r
-EFI_STATUS\r
-TransitionFromUserMode(\r
- IN UINT8 NewMode\r
- )\r
-{\r
- UINT8 Data;\r
- EFI_STATUS Status;\r
-\r
- if (NewMode == SECURE_BOOT_MODE_AUDIT_MODE) {\r
- Data = 1;\r
- Status = gRT->SetVariable(\r
- EFI_AUDIT_MODE_NAME,\r
- &gEfiGlobalVariableGuid,\r
- EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS,\r
- sizeof(UINT8),\r
- &Data\r
- );\r
- return Status;\r
- } else if (NewMode == SECURE_BOOT_MODE_DEPLOYED_MODE) {\r
- Data = 1;\r
- Status = gRT->SetVariable(\r
- EFI_DEPLOYED_MODE_NAME,\r
- &gEfiGlobalVariableGuid,\r
- EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS,\r
- sizeof(UINT8),\r
- &Data\r
- );\r
- return Status;\r
- }\r
-\r
- //\r
- // Other case do nothing here. May Goto enroll PK page.\r
- //\r
- return EFI_SUCCESS;\r
-}\r
-\r
-/**\r
- Perform secure boot mode transition from Setup Mode by setting AuditMode \r
- variable.\r
-\r
- @param[in] NewMode New secure boot mode.\r
-\r
- @retval EFI_SUCCESS Secure Boot mode transition is successful.\r
-**/\r
-EFI_STATUS\r
-TransitionFromSetupMode(\r
- IN UINT8 NewMode\r
- )\r
-{\r
- UINT8 Data;\r
- EFI_STATUS Status;\r
-\r
- Status = EFI_INVALID_PARAMETER;\r
-\r
- if (NewMode == SECURE_BOOT_MODE_AUDIT_MODE) {\r
- Data = 1;\r
- Status = gRT->SetVariable(\r
- EFI_AUDIT_MODE_NAME,\r
- &gEfiGlobalVariableGuid,\r
- EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS,\r
- sizeof(UINT8),\r
- &Data\r
- );\r
- return Status;\r
- }\r
-\r
- //\r
- // Other case do nothing here. May Goto enroll PK page.\r
- //\r
- return EFI_SUCCESS;\r
-}\r
-\r
-/**\r
- Perform secure boot mode transition from Audit Mode. Nothing is done here,\r
- should goto enroll PK page.\r
-\r
- @param[in] NewMode New secure boot mode.\r
-\r
- @retval EFI_SUCCESS Secure Boot mode transition is successful.\r
-**/\r
-EFI_STATUS\r
-TransitionFromAuditMode(\r
- IN UINT8 NewMode\r
- )\r
-{\r
- //\r
- // Other case do nothing here. Should Goto enroll PK page.\r
- //\r
- return EFI_SUCCESS;\r
-}\r
-\r
-/**\r
- Perform secure boot mode transition from Deployed Mode by setting Deployed Mode\r
- variable to 0.\r
-\r
- @param[in] NewMode New secure boot mode.\r
-\r
- @retval EFI_SUCCESS Secure Boot mode transition is successful.\r
-**/\r
-EFI_STATUS\r
-TransitionFromDeployedMode(\r
- IN UINT8 NewMode\r
- )\r
-{\r
- UINT8 Data;\r
- EFI_STATUS Status;\r
-\r
- //\r
- // Platform specific logic. when physical presence, Allow to set DeployedMode =:0\r
- // to switch back to UserMode\r
- //\r
- if (NewMode == SECURE_BOOT_MODE_USER_MODE) {\r
- Data = 0;\r
- Status = gRT->SetVariable(\r
- EFI_DEPLOYED_MODE_NAME,\r
- &gEfiGlobalVariableGuid,\r
- EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS,\r
- sizeof(UINT8),\r
- &Data\r
- );\r
- DEBUG((EFI_D_INFO, "DeployedMode Status %x\n", Status));\r
- return Status;\r
- }\r
- return EFI_SUCCESS;\r
-}\r
-\r
-/**\r
- Perform main secure boot mode transition.\r
-\r
- @param[in] CurMode New secure boot mode.\r
- @param[in] NewMode New secure boot mode.\r
-\r
- @retval EFI_SUCCESS Secure Boot mode transition is successful.\r
-**/\r
-EFI_STATUS\r
-SecureBootModeTransition(\r
- IN UINT8 CurMode,\r
- IN UINT8 NewMode\r
- )\r
-{\r
- EFI_STATUS Status;\r
-\r
- //\r
- // Set platform to be customized mode to ensure platform specific mode switch sucess\r
- //\r
- Status = SetSecureBootMode(CUSTOM_SECURE_BOOT_MODE);\r
- if (EFI_ERROR (Status)) {\r
- return Status;\r
- }\r
-\r
- //\r
- // SecureBootMode transition\r
- //\r
- switch (CurMode) {\r
- case SECURE_BOOT_MODE_USER_MODE:\r
- Status = TransitionFromUserMode(NewMode);\r
- break;\r
-\r
- case SECURE_BOOT_MODE_SETUP_MODE:\r
- Status = TransitionFromSetupMode(NewMode);\r
- break;\r
-\r
- case SECURE_BOOT_MODE_AUDIT_MODE:\r
- Status = TransitionFromAuditMode(NewMode);\r
- break;\r
-\r
- case SECURE_BOOT_MODE_DEPLOYED_MODE:\r
- Status = TransitionFromDeployedMode(NewMode);\r
- break;\r
-\r
- default:\r
- Status = EFI_INVALID_PARAMETER;\r
- ASSERT(FALSE);\r
- }\r
-\r
- return Status;\r
-}\r
-\r
-/**\r
- Get current secure boot mode by retrieve data from SetupMode/AuditMode/DeployedMode.\r
-\r
- @param[out] SecureBootMode Current secure boot mode.\r
-\r
-**/\r
-VOID\r
-ExtractSecureBootModeFromVariable(\r
- OUT UINT8 *SecureBootMode\r
- )\r
-{\r
- UINT8 *SetupMode;\r
- UINT8 *AuditMode;\r
- UINT8 *DeployedMode;\r
-\r
- SetupMode = NULL;\r
- AuditMode = NULL;\r
- DeployedMode = NULL;\r
-\r
- //\r
- // Get AuditMode/DeployedMode from variable\r
- //\r
- GetVariable2 (EFI_SETUP_MODE_NAME, &gEfiGlobalVariableGuid, (VOID**)&SetupMode, NULL);\r
- GetVariable2 (EFI_AUDIT_MODE_NAME, &gEfiGlobalVariableGuid, (VOID**)&AuditMode, NULL);\r
- GetVariable2 (EFI_DEPLOYED_MODE_NAME, &gEfiGlobalVariableGuid, (VOID**)&DeployedMode, NULL);\r
- if (SetupMode != NULL && AuditMode != NULL && DeployedMode != NULL) {\r
- if (*SetupMode == 0 && *AuditMode == 0 && *DeployedMode == 0) {\r
- //\r
- // User Mode\r
- //\r
- *SecureBootMode = SECURE_BOOT_MODE_USER_MODE;\r
- } else if (*SetupMode == 1 && *AuditMode == 0 && *DeployedMode == 0) {\r
- //\r
- // Setup Mode\r
- //\r
- *SecureBootMode = SECURE_BOOT_MODE_SETUP_MODE;\r
- } else if (*SetupMode == 1 && *AuditMode == 1 && *DeployedMode == 0) {\r
- //\r
- // Audit Mode\r
- //\r
- *SecureBootMode = SECURE_BOOT_MODE_AUDIT_MODE;\r
- } else if (*SetupMode == 0 && *AuditMode == 0 && *DeployedMode == 1) {\r
- //\r
- // Deployed Mode\r
- //\r
- *SecureBootMode = SECURE_BOOT_MODE_DEPLOYED_MODE;\r
- } else {\r
- ASSERT(FALSE);\r
- }\r
- }else {\r
- ASSERT(FALSE);\r
- }\r
-\r
- if (SetupMode != NULL) {\r
- FreePool (SetupMode);\r
- }\r
- if (DeployedMode != NULL) {\r
- FreePool (DeployedMode);\r
- }\r
- if (AuditMode != NULL) {\r
- FreePool (AuditMode);\r
- }\r
-}\r
-\r
/**\r
\r
Update SecureBoot strings based on new Secure Boot Mode State. String includes STR_SECURE_BOOT_STATE_CONTENT\r
IN SECUREBOOT_CONFIG_PRIVATE_DATA *Private\r
)\r
{\r
- UINT8 CurSecureBootMode;\r
UINT8 *SecureBoot;\r
\r
SecureBoot = NULL;\r
} else {\r
HiiSetString (Private->HiiHandle, STRING_TOKEN (STR_SECURE_BOOT_STATE_CONTENT), L"Disabled", NULL);\r
}\r
- //\r
- // Get current secure boot mode.\r
- //\r
- ExtractSecureBootModeFromVariable(&CurSecureBootMode);\r
- \r
- if (CurSecureBootMode == SECURE_BOOT_MODE_USER_MODE) {\r
- HiiSetString (Private->HiiHandle, STRING_TOKEN (STR_CUR_SECURE_BOOT_MODE_CONTENT), L"UserMode", NULL);\r
- } else if (CurSecureBootMode == SECURE_BOOT_MODE_SETUP_MODE) {\r
- HiiSetString (Private->HiiHandle, STRING_TOKEN (STR_CUR_SECURE_BOOT_MODE_CONTENT), L"SetupMode", NULL);\r
- } else if (CurSecureBootMode == SECURE_BOOT_MODE_AUDIT_MODE) {\r
- HiiSetString (Private->HiiHandle, STRING_TOKEN (STR_CUR_SECURE_BOOT_MODE_CONTENT), L"AuditMode", NULL);\r
- } else if (CurSecureBootMode == SECURE_BOOT_MODE_DEPLOYED_MODE) {\r
- HiiSetString (Private->HiiHandle, STRING_TOKEN (STR_CUR_SECURE_BOOT_MODE_CONTENT), L"DeployedMode", NULL);\r
- }\r
\r
FreePool(SecureBoot);\r
\r
)\r
{\r
UINT8 *SecureBootEnable;\r
+ UINT8 *SetupMode;\r
UINT8 *SecureBootMode;\r
EFI_TIME CurrTime;\r
\r
SecureBootEnable = NULL;\r
+ SetupMode = NULL;\r
SecureBootMode = NULL;\r
\r
//\r
ConfigData->PhysicalPresent = FALSE;\r
}\r
\r
- //\r
- // Get the SecureBootMode from CustomMode variable.\r
- //\r
- GetVariable2 (EFI_CUSTOM_MODE_NAME, &gEfiCustomModeEnableGuid, (VOID**)&SecureBootMode, NULL);\r
- if (SecureBootMode == NULL) {\r
- ConfigData->SecureBootMode = STANDARD_SECURE_BOOT_MODE;\r
- } else {\r
- ConfigData->SecureBootMode = *(SecureBootMode);\r
- }\r
-\r
- //\r
- // Extact current Secure Boot Mode\r
- //\r
- ExtractSecureBootModeFromVariable(&ConfigData->CurSecureBootMode);\r
-\r
//\r
// If there is no PK then the Delete Pk button will be gray.\r
//\r
- if (ConfigData->CurSecureBootMode == SECURE_BOOT_MODE_SETUP_MODE || ConfigData->CurSecureBootMode == SECURE_BOOT_MODE_AUDIT_MODE) {\r
+ GetVariable2 (EFI_SETUP_MODE_NAME, &gEfiGlobalVariableGuid, (VOID**)&SetupMode, NULL);\r
+ if (SetupMode == NULL || (*SetupMode) == SETUP_MODE) {\r
ConfigData->HasPk = FALSE;\r
} else {\r
ConfigData->HasPk = TRUE;\r
//\r
// Fix Pk, SecureBootEnable inconsistence\r
//\r
- if (ConfigData->CurSecureBootMode == SECURE_BOOT_MODE_USER_MODE || ConfigData->CurSecureBootMode == SECURE_BOOT_MODE_DEPLOYED_MODE) {\r
+ if ((*SetupMode) == USER_MODE) {\r
ConfigData->HideSecureBoot = FALSE;\r
if ((SecureBootEnable != NULL) && (*SecureBootEnable == SECURE_BOOT_ENABLE)) {\r
ConfigData->AttemptSecureBoot = TRUE;\r
ConfigData->HideSecureBoot = TRUE;\r
}\r
\r
+ //\r
+ // Get the SecureBootMode from CustomMode variable.\r
+ //\r
+ GetVariable2 (EFI_CUSTOM_MODE_NAME, &gEfiCustomModeEnableGuid, (VOID**)&SecureBootMode, NULL);\r
+ if (SecureBootMode == NULL) {\r
+ ConfigData->SecureBootMode = STANDARD_SECURE_BOOT_MODE;\r
+ } else {\r
+ ConfigData->SecureBootMode = *(SecureBootMode);\r
+ }\r
+\r
if (SecureBootEnable != NULL) {\r
FreePool (SecureBootEnable);\r
}\r
-\r
+ if (SetupMode != NULL) {\r
+ FreePool (SetupMode);\r
+ }\r
if (SecureBootMode != NULL) {\r
FreePool (SecureBootMode);\r
}\r
UINT8 *SecureBootEnable;\r
UINT8 *Pk;\r
UINT8 *SecureBootMode;\r
+ UINT8 *SetupMode;\r
CHAR16 PromptString[100];\r
- UINT8 CurSecureBootMode;\r
EFI_DEVICE_PATH_PROTOCOL *File;\r
\r
Status = EFI_SUCCESS;\r
SecureBootEnable = NULL;\r
SecureBootMode = NULL;\r
+ SetupMode = NULL;\r
File = NULL;\r
\r
if ((This == NULL) || (Value == NULL) || (ActionRequest == NULL)) {\r
return EFI_INVALID_PARAMETER;\r
}\r
+\r
Private = SECUREBOOT_CONFIG_PRIVATE_FROM_THIS (This);\r
\r
gSecureBootPrivateData = Private;\r
Status = UpdateSecureBootString(Private);\r
SecureBootExtractConfigFromVariable (IfrNvData);\r
mIsEnterSecureBootForm = TRUE;\r
- } else if (QuestionId == KEY_TRANS_SECURE_BOOT_MODE){\r
- //\r
- // Secure Boot Policy variable changes after transition. Re-sync CurSecureBootMode\r
- //\r
- ExtractSecureBootModeFromVariable(&IfrNvData->CurSecureBootMode);\r
- mIsSelectedSecureBootModeForm = TRUE;\r
- mIsSecureBootModeChanged = FALSE;\r
}\r
goto EXIT;\r
}\r
Value->u8 = SECURE_BOOT_MODE_STANDARD;\r
Status = EFI_SUCCESS;\r
}\r
- } else if (QuestionId == KEY_TRANS_SECURE_BOOT_MODE) {\r
- if (mIsSelectedSecureBootModeForm) {\r
- Value->u8 = IfrNvData->CurSecureBootMode;\r
- Status = EFI_SUCCESS;\r
- }\r
- }\r
+ } \r
goto EXIT;\r
}\r
\r
);\r
}\r
break;\r
- case KEY_TRANS_SECURE_BOOT_MODE:\r
- //\r
- // Pop up to alert user want to change secure boot mode \r
- //\r
- if ((IfrNvData->CurSecureBootMode == SECURE_BOOT_MODE_USER_MODE && \r
- (Value->u8 == SECURE_BOOT_MODE_AUDIT_MODE || Value->u8 == SECURE_BOOT_MODE_DEPLOYED_MODE))\r
- ||(IfrNvData->CurSecureBootMode == SECURE_BOOT_MODE_SETUP_MODE && \r
- Value->u8 == SECURE_BOOT_MODE_AUDIT_MODE)\r
- ||(IfrNvData->CurSecureBootMode == SECURE_BOOT_MODE_DEPLOYED_MODE && \r
- Value->u8 == SECURE_BOOT_MODE_USER_MODE && IfrNvData->PhysicalPresent == 1)){\r
- CreatePopUp (\r
- EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE,\r
- &Key,\r
- L"Are you sure you want to switch secure boot mode?",\r
- L"Press 'Y' to switch secure boot mode, 'N' to discard change and return",\r
- NULL\r
- );\r
- if (Key.UnicodeChar != 'y' && Key.UnicodeChar != 'Y') {\r
- //\r
- // If not 'Y'/''y' restore to defualt secure boot mode\r
- //\r
- Value->u8 = IfrNvData->CurSecureBootMode;\r
- goto EXIT;\r
- }\r
- } else if ((IfrNvData->CurSecureBootMode == SECURE_BOOT_MODE_SETUP_MODE && Value->u8 == SECURE_BOOT_MODE_USER_MODE)\r
- ||(IfrNvData->CurSecureBootMode == SECURE_BOOT_MODE_USER_MODE && Value->u8 == SECURE_BOOT_MODE_SETUP_MODE)\r
- ||(IfrNvData->CurSecureBootMode == SECURE_BOOT_MODE_AUDIT_MODE && Value->u8 == SECURE_BOOT_MODE_DEPLOYED_MODE)\r
- ||(IfrNvData->CurSecureBootMode == SECURE_BOOT_MODE_DEPLOYED_MODE && Value->u8 == SECURE_BOOT_MODE_SETUP_MODE)) {\r
- CreatePopUp (\r
- EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE,\r
- &Key,\r
- L"Secure boot mode transition requires PK change",\r
- L"Please go to link below to update PK",\r
- NULL\r
- );\r
- } else {\r
- Status = EFI_INVALID_PARAMETER;\r
- goto EXIT;\r
- }\r
-\r
- Status = SecureBootModeTransition(IfrNvData->CurSecureBootMode, Value->u8);\r
- //\r
- // Secure Boot Policy variable may change after transition. Re-sync CurSecureBootMode\r
- //\r
- ExtractSecureBootModeFromVariable(&CurSecureBootMode);\r
- if (IfrNvData->CurSecureBootMode != CurSecureBootMode) {\r
- IfrNvData->CurSecureBootMode = CurSecureBootMode;\r
- mIsSecureBootModeChanged = TRUE;\r
- }\r
- break;\r
-\r
default:\r
if ((QuestionId >= OPTION_DEL_KEK_QUESTION_ID) &&\r
(QuestionId < (OPTION_DEL_KEK_QUESTION_ID + OPTION_CONFIG_RANGE))) {\r
case KEY_SECURE_BOOT_MODE:\r
mIsEnterSecureBootForm = FALSE;\r
break;\r
- case KEY_TRANS_SECURE_BOOT_MODE:\r
- mIsSelectedSecureBootModeForm = FALSE;\r
- if (mIsSecureBootModeChanged) {\r
- *ActionRequest = EFI_BROWSER_ACTION_REQUEST_RESET;\r
- }\r
- mIsSecureBootModeChanged = FALSE;\r
- break;\r
case KEY_SECURE_BOOT_KEK_GUID:\r
case KEY_SECURE_BOOT_SIGNATURE_GUID_DB:\r
case KEY_SECURE_BOOT_SIGNATURE_GUID_DBX:\r
break;\r
\r
case KEY_SECURE_BOOT_DELETE_PK:\r
- if (IfrNvData->CurSecureBootMode == SECURE_BOOT_MODE_USER_MODE || IfrNvData->CurSecureBootMode == SECURE_BOOT_MODE_DEPLOYED_MODE) {\r
+ GetVariable2 (EFI_SETUP_MODE_NAME, &gEfiGlobalVariableGuid, (VOID**)&SetupMode, NULL);\r
+ if (SetupMode == NULL || (*SetupMode) == SETUP_MODE) {\r
IfrNvData->DeletePk = TRUE;\r
IfrNvData->HasPk = FALSE;\r
*ActionRequest = EFI_BROWSER_ACTION_REQUEST_SUBMIT;\r
IfrNvData->HasPk = TRUE;\r
*ActionRequest = EFI_BROWSER_ACTION_REQUEST_FORM_APPLY;\r
}\r
+ if (SetupMode != NULL) {\r
+ FreePool (SetupMode);\r
+ }\r
break;\r
default:\r
break;\r
projects / mirror_edk2.git / blobdiff