EFI_STATUS\r
UpdateSecureBootString(\r
IN SECUREBOOT_CONFIG_PRIVATE_DATA *Private\r
- ) {\r
+ )\r
+{\r
UINT8 CurSecureBootMode;\r
UINT8 *SecureBoot;\r
\r
ConfigData->RevocationTime.Minute = CurrTime.Minute;\r
ConfigData->RevocationTime.Second = 0;\r
\r
- //\r
- // If the SecureBootEnable Variable doesn't exist, hide the SecureBoot Enable/Disable\r
- // Checkbox.\r
- //\r
- ConfigData->AttemptSecureBoot = FALSE;\r
- GetVariable2 (EFI_SECURE_BOOT_ENABLE_NAME, &gEfiSecureBootEnableDisableGuid, (VOID**)&SecureBootEnable, NULL);\r
- if (SecureBootEnable == NULL) {\r
- ConfigData->HideSecureBoot = TRUE;\r
- } else {\r
- ConfigData->HideSecureBoot = FALSE;\r
- if ((*SecureBootEnable) == SECURE_BOOT_ENABLE) {\r
- ConfigData->AttemptSecureBoot = TRUE;\r
- }\r
- }\r
\r
//\r
// If it is Physical Presence User, set the PhysicalPresent to true.\r
ConfigData->HasPk = TRUE;\r
}\r
\r
+ //\r
+ // Check SecureBootEnable & Pk status, fix the inconsistence. \r
+ // If the SecureBootEnable Variable doesn't exist, hide the SecureBoot Enable/Disable\r
+ // Checkbox.\r
+ //\r
+ ConfigData->AttemptSecureBoot = FALSE;\r
+ GetVariable2 (EFI_SECURE_BOOT_ENABLE_NAME, &gEfiSecureBootEnableDisableGuid, (VOID**)&SecureBootEnable, NULL); \r
+\r
+ //\r
+ // Fix Pk, SecureBootEnable inconsistence\r
+ //\r
+ if (ConfigData->CurSecureBootMode == SECURE_BOOT_MODE_USER_MODE || ConfigData->CurSecureBootMode == SECURE_BOOT_MODE_DEPLOYED_MODE) {\r
+ ConfigData->HideSecureBoot = FALSE;\r
+ if ((SecureBootEnable != NULL) && (*SecureBootEnable == SECURE_BOOT_ENABLE)) {\r
+ ConfigData->AttemptSecureBoot = TRUE;\r
+ }\r
+ } else {\r
+ ConfigData->HideSecureBoot = TRUE;\r
+ }\r
+\r
if (SecureBootEnable != NULL) {\r
FreePool (SecureBootEnable);\r
}\r
OUT EFI_STRING *Progress\r
)\r
{\r
- UINT8 *SecureBootEnable;\r
SECUREBOOT_CONFIGURATION IfrNvData;\r
UINTN BufferSize;\r
EFI_STATUS Status;\r
//\r
// Store Buffer Storage back to EFI variable if needed\r
//\r
- SecureBootEnable = NULL;\r
- GetVariable2 (EFI_SECURE_BOOT_ENABLE_NAME, &gEfiSecureBootEnableDisableGuid, (VOID**)&SecureBootEnable, NULL);\r
- if (NULL != SecureBootEnable) {\r
- FreePool (SecureBootEnable);\r
+ if (!IfrNvData.HideSecureBoot) {\r
Status = SaveSecureBootVariable (IfrNvData.AttemptSecureBoot);\r
if (EFI_ERROR (Status)) {\r
return Status;\r
SECUREBOOT_CONFIGURATION *IfrNvData;\r
UINT16 LabelId;\r
UINT8 *SecureBootEnable;\r
+ UINT8 *Pk;\r
UINT8 *SecureBootMode;\r
CHAR16 PromptString[100];\r
UINT8 CurSecureBootMode;\r
break;\r
\r
case FORMID_ENROLL_PK_FORM:\r
- ChooseFile( NULL, NULL, (CHOOSE_HANDLER) UpdatePKFromFile, &File);\r
+ ChooseFile (NULL, NULL, UpdatePKFromFile, &File);\r
break;\r
\r
case FORMID_ENROLL_KEK_FORM:\r
- ChooseFile( NULL, NULL, (CHOOSE_HANDLER) UpdateKEKFromFile, &File);\r
+ ChooseFile (NULL, NULL, UpdateKEKFromFile, &File);\r
break;\r
\r
case SECUREBOOT_ENROLL_SIGNATURE_TO_DB:\r
- ChooseFile( NULL, NULL, (CHOOSE_HANDLER) UpdateDBFromFile, &File);\r
+ ChooseFile (NULL, NULL, UpdateDBFromFile, &File);\r
break;\r
\r
case SECUREBOOT_ENROLL_SIGNATURE_TO_DBX:\r
- ChooseFile( NULL, NULL, (CHOOSE_HANDLER) UpdateDBXFromFile, &File);\r
+ ChooseFile (NULL, NULL, UpdateDBXFromFile, &File);\r
break;\r
\r
case SECUREBOOT_ENROLL_SIGNATURE_TO_DBT:\r
- ChooseFile( NULL, NULL, (CHOOSE_HANDLER) UpdateDBTFromFile, &File);\r
+ ChooseFile (NULL, NULL, UpdateDBTFromFile, &File);\r
break;\r
\r
case KEY_SECURE_BOOT_DELETE_PK:\r
}\r
} else if (Action == EFI_BROWSER_ACTION_DEFAULT_STANDARD) {\r
if (QuestionId == KEY_HIDE_SECURE_BOOT) {\r
- GetVariable2 (EFI_SECURE_BOOT_ENABLE_NAME, &gEfiSecureBootEnableDisableGuid, (VOID**)&SecureBootEnable, NULL);\r
- if (SecureBootEnable == NULL) {\r
+ GetVariable2 (EFI_PLATFORM_KEY_NAME, &gEfiGlobalVariableGuid, (VOID**)&Pk, NULL);\r
+ if (Pk == NULL) {\r
IfrNvData->HideSecureBoot = TRUE;\r
} else {\r
- FreePool (SecureBootEnable);\r
+ FreePool (Pk);\r
IfrNvData->HideSecureBoot = FALSE;\r
}\r
Value->b = IfrNvData->HideSecureBoot;\r
projects / mirror_edk2.git / blobdiff