};\r
CHAR16* mSupportX509Suffix = L"*.cer/der/crt";\r
\r
+SECUREBOOT_CONFIG_PRIVATE_DATA *gSecureBootPrivateData = NULL;\r
+\r
/**\r
This code checks if the FileSuffix is one of the possible DER-encoded certificate suffix.\r
\r
\r
CloseFile (Private->FileContext->FHandle);\r
Private->FileContext->FHandle = NULL;\r
- Private->FileContext->FileName = NULL;\r
+\r
+ if (Private->FileContext->FileName != NULL){\r
+ FreePool(Private->FileContext->FileName);\r
+ Private->FileContext->FileName = NULL;\r
+ }\r
\r
if (Private->SignatureGUID != NULL) {\r
FreePool (Private->SignatureGUID);\r
ON_EXIT:\r
\r
CloseFile (Private->FileContext->FHandle);\r
- Private->FileContext->FileName = NULL;\r
+ if (Private->FileContext->FileName != NULL){\r
+ FreePool(Private->FileContext->FileName);\r
+ Private->FileContext->FileName = NULL;\r
+ }\r
+\r
Private->FileContext->FHandle = NULL;\r
\r
if (Private->SignatureGUID != NULL) {\r
ON_EXIT:\r
\r
CloseFile (Private->FileContext->FHandle);\r
- Private->FileContext->FileName = NULL;\r
+ if (Private->FileContext->FileName != NULL){\r
+ FreePool(Private->FileContext->FileName);\r
+ Private->FileContext->FileName = NULL;\r
+ }\r
+\r
Private->FileContext->FHandle = NULL;\r
\r
if (Private->SignatureGUID != NULL) {\r
\r
ON_EXIT:\r
CloseFile (Private->FileContext->FHandle);\r
- Private->FileContext->FileName = NULL;\r
+ if (Private->FileContext->FileName != NULL){\r
+ FreePool(Private->FileContext->FileName);\r
+ Private->FileContext->FileName = NULL;\r
+ }\r
+\r
Private->FileContext->FHandle = NULL;\r
\r
if (Private->SignatureGUID != NULL) {\r
\r
CloseFile (Private->FileContext->FHandle);\r
Private->FileContext->FHandle = NULL;\r
- Private->FileContext->FileName = NULL;\r
+\r
+ if (Private->FileContext->FileName != NULL){\r
+ FreePool(Private->FileContext->FileName);\r
+ Private->FileContext->FileName = NULL;\r
+ }\r
\r
if (Private->SignatureGUID != NULL) {\r
FreePool (Private->SignatureGUID);\r
EFI_STATUS\r
UpdateSecureBootString(\r
IN SECUREBOOT_CONFIG_PRIVATE_DATA *Private\r
- ) {\r
+ )\r
+{\r
UINT8 CurSecureBootMode;\r
UINT8 *SecureBoot;\r
\r
ConfigData->RevocationTime.Minute = CurrTime.Minute;\r
ConfigData->RevocationTime.Second = 0;\r
\r
- //\r
- // If the SecureBootEnable Variable doesn't exist, hide the SecureBoot Enable/Disable\r
- // Checkbox.\r
- //\r
- ConfigData->AttemptSecureBoot = FALSE;\r
- GetVariable2 (EFI_SECURE_BOOT_ENABLE_NAME, &gEfiSecureBootEnableDisableGuid, (VOID**)&SecureBootEnable, NULL);\r
- if (SecureBootEnable == NULL) {\r
- ConfigData->HideSecureBoot = TRUE;\r
- } else {\r
- ConfigData->HideSecureBoot = FALSE;\r
- if ((*SecureBootEnable) == SECURE_BOOT_ENABLE) {\r
- ConfigData->AttemptSecureBoot = TRUE;\r
- }\r
- }\r
\r
//\r
// If it is Physical Presence User, set the PhysicalPresent to true.\r
ConfigData->HasPk = TRUE;\r
}\r
\r
+ //\r
+ // Check SecureBootEnable & Pk status, fix the inconsistence. \r
+ // If the SecureBootEnable Variable doesn't exist, hide the SecureBoot Enable/Disable\r
+ // Checkbox.\r
+ //\r
+ ConfigData->AttemptSecureBoot = FALSE;\r
+ GetVariable2 (EFI_SECURE_BOOT_ENABLE_NAME, &gEfiSecureBootEnableDisableGuid, (VOID**)&SecureBootEnable, NULL); \r
+\r
+ //\r
+ // Fix Pk, SecureBootEnable inconsistence\r
+ //\r
+ if (ConfigData->CurSecureBootMode == SECURE_BOOT_MODE_USER_MODE || ConfigData->CurSecureBootMode == SECURE_BOOT_MODE_DEPLOYED_MODE) {\r
+ ConfigData->HideSecureBoot = FALSE;\r
+ if ((SecureBootEnable != NULL) && (*SecureBootEnable == SECURE_BOOT_ENABLE)) {\r
+ ConfigData->AttemptSecureBoot = TRUE;\r
+ }\r
+ } else {\r
+ ConfigData->HideSecureBoot = TRUE;\r
+ }\r
+\r
if (SecureBootEnable != NULL) {\r
FreePool (SecureBootEnable);\r
}\r
OUT EFI_STRING *Progress\r
)\r
{\r
- UINT8 *SecureBootEnable;\r
SECUREBOOT_CONFIGURATION IfrNvData;\r
UINTN BufferSize;\r
EFI_STATUS Status;\r
//\r
// Store Buffer Storage back to EFI variable if needed\r
//\r
- SecureBootEnable = NULL;\r
- GetVariable2 (EFI_SECURE_BOOT_ENABLE_NAME, &gEfiSecureBootEnableDisableGuid, (VOID**)&SecureBootEnable, NULL);\r
- if (NULL != SecureBootEnable) {\r
- FreePool (SecureBootEnable);\r
+ if (!IfrNvData.HideSecureBoot) {\r
Status = SaveSecureBootVariable (IfrNvData.AttemptSecureBoot);\r
if (EFI_ERROR (Status)) {\r
return Status;\r
SECUREBOOT_CONFIGURATION *IfrNvData;\r
UINT16 LabelId;\r
UINT8 *SecureBootEnable;\r
+ UINT8 *Pk;\r
UINT8 *SecureBootMode;\r
CHAR16 PromptString[100];\r
UINT8 CurSecureBootMode;\r
+ EFI_DEVICE_PATH_PROTOCOL *File;\r
\r
Status = EFI_SUCCESS;\r
SecureBootEnable = NULL;\r
SecureBootMode = NULL;\r
+ File = NULL;\r
\r
if ((This == NULL) || (Value == NULL) || (ActionRequest == NULL)) {\r
return EFI_INVALID_PARAMETER;\r
}\r
Private = SECUREBOOT_CONFIG_PRIVATE_FROM_THIS (This);\r
\r
+ gSecureBootPrivateData = Private;\r
+\r
//\r
// Retrieve uncommitted data from Browser\r
//\r
// Update secure boot strings when opening this form\r
//\r
Status = UpdateSecureBootString(Private);\r
+ SecureBootExtractConfigFromVariable (IfrNvData);\r
mIsEnterSecureBootForm = TRUE;\r
} else if (QuestionId == KEY_TRANS_SECURE_BOOT_MODE){\r
//\r
}\r
break;\r
\r
- case KEY_SECURE_BOOT_OPTION:\r
- FreeMenu (&DirectoryMenu);\r
- FreeMenu (&FsOptionMenu);\r
- break;\r
-\r
case KEY_SECURE_BOOT_KEK_OPTION:\r
case KEY_SECURE_BOOT_DB_OPTION:\r
case KEY_SECURE_BOOT_DBX_OPTION:\r
//\r
CleanUpPage (LabelId, Private);\r
break;\r
+ case KEY_SECURE_BOOT_PK_OPTION:\r
+ LabelId = FORMID_ENROLL_PK_FORM;\r
+ //\r
+ // Refresh selected file.\r
+ //\r
+ CleanUpPage (LabelId, Private);\r
+ break;\r
+\r
+ case FORMID_ENROLL_PK_FORM:\r
+ ChooseFile (NULL, NULL, UpdatePKFromFile, &File);\r
+ break;\r
\r
- case SECUREBOOT_ADD_PK_FILE_FORM_ID:\r
case FORMID_ENROLL_KEK_FORM:\r
+ ChooseFile (NULL, NULL, UpdateKEKFromFile, &File);\r
+ break;\r
+\r
case SECUREBOOT_ENROLL_SIGNATURE_TO_DB:\r
+ ChooseFile (NULL, NULL, UpdateDBFromFile, &File);\r
+ break;\r
+\r
case SECUREBOOT_ENROLL_SIGNATURE_TO_DBX:\r
- case SECUREBOOT_ENROLL_SIGNATURE_TO_DBT:\r
- if (QuestionId == SECUREBOOT_ADD_PK_FILE_FORM_ID) {\r
- Private->FeCurrentState = FileExplorerStateEnrollPkFile;\r
- } else if (QuestionId == FORMID_ENROLL_KEK_FORM) {\r
- Private->FeCurrentState = FileExplorerStateEnrollKekFile;\r
- } else if (QuestionId == SECUREBOOT_ENROLL_SIGNATURE_TO_DB) {\r
- Private->FeCurrentState = FileExplorerStateEnrollSignatureFileToDb;\r
- } else if (QuestionId == SECUREBOOT_ENROLL_SIGNATURE_TO_DBX) {\r
- Private->FeCurrentState = FileExplorerStateEnrollSignatureFileToDbx;\r
- IfrNvData->CertificateFormat = HASHALG_SHA256;\r
- } else {\r
- Private->FeCurrentState = FileExplorerStateEnrollSignatureFileToDbt;\r
- }\r
+ ChooseFile (NULL, NULL, UpdateDBXFromFile, &File);\r
+ break;\r
\r
- Private->FeDisplayContext = FileExplorerDisplayUnknown;\r
- CleanUpPage (FORM_FILE_EXPLORER_ID, Private);\r
- UpdateFileExplorer (Private, 0);\r
+ case SECUREBOOT_ENROLL_SIGNATURE_TO_DBT:\r
+ ChooseFile (NULL, NULL, UpdateDBTFromFile, &File);\r
break;\r
\r
case KEY_SECURE_BOOT_DELETE_PK:\r
);\r
}\r
break;\r
+ case KEY_VALUE_SAVE_AND_EXIT_PK:\r
+ Status = EnrollPlatformKey (Private);\r
+ if (EFI_ERROR (Status)) {\r
+ UnicodeSPrint (\r
+ PromptString,\r
+ sizeof (PromptString),\r
+ L"Only DER encoded certificate file (%s) is supported.",\r
+ mSupportX509Suffix\r
+ );\r
+ CreatePopUp (\r
+ EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE,\r
+ &Key,\r
+ L"ERROR: Unsupported file type!",\r
+ PromptString,\r
+ NULL\r
+ );\r
+ }\r
+ break;\r
case KEY_TRANS_SECURE_BOOT_MODE:\r
//\r
// Pop up to alert user want to change secure boot mode \r
break;\r
\r
default:\r
- if (QuestionId >= FILE_OPTION_GOTO_OFFSET) {\r
- UpdateFileExplorer (Private, QuestionId);\r
- } else if ((QuestionId >= OPTION_DEL_KEK_QUESTION_ID) &&\r
+ if ((QuestionId >= OPTION_DEL_KEK_QUESTION_ID) &&\r
(QuestionId < (OPTION_DEL_KEK_QUESTION_ID + OPTION_CONFIG_RANGE))) {\r
DeleteKeyExchangeKey (Private, QuestionId);\r
} else if ((QuestionId >= OPTION_DEL_DB_QUESTION_ID) &&\r
);\r
}\r
break;\r
- }\r
- } else if (Action == EFI_BROWSER_ACTION_CHANGED) {\r
- switch (QuestionId) {\r
- case KEY_SECURE_BOOT_ENABLE:\r
- *ActionRequest = EFI_BROWSER_ACTION_REQUEST_FORM_APPLY;\r
- break;\r
- case KEY_VALUE_SAVE_AND_EXIT_PK:\r
- Status = EnrollPlatformKey (Private);\r
- if (EFI_ERROR (Status)) {\r
- UnicodeSPrint (\r
- PromptString,\r
- sizeof (PromptString),\r
- L"Only DER encoded certificate file (%s) is supported.",\r
- mSupportX509Suffix\r
- );\r
- CreatePopUp (\r
- EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE,\r
- &Key,\r
- L"ERROR: Unsupported file type!",\r
- PromptString,\r
- NULL\r
- );\r
- } else {\r
- *ActionRequest = EFI_BROWSER_ACTION_REQUEST_RESET;\r
- }\r
- break;\r
\r
case KEY_VALUE_NO_SAVE_AND_EXIT_PK:\r
case KEY_VALUE_NO_SAVE_AND_EXIT_KEK:\r
if (Private->FileContext->FHandle != NULL) {\r
CloseFile (Private->FileContext->FHandle);\r
Private->FileContext->FHandle = NULL;\r
- Private->FileContext->FileName = NULL;\r
+ if (Private->FileContext->FileName!= NULL){\r
+ FreePool(Private->FileContext->FileName);\r
+ Private->FileContext->FileName = NULL;\r
+ }\r
}\r
\r
if (Private->SignatureGUID != NULL) {\r
FreePool (Private->SignatureGUID);\r
Private->SignatureGUID = NULL;\r
}\r
- *ActionRequest = EFI_BROWSER_ACTION_REQUEST_EXIT;\r
break;\r
-\r
+ }\r
+ } else if (Action == EFI_BROWSER_ACTION_CHANGED) {\r
+ switch (QuestionId) {\r
+ case KEY_SECURE_BOOT_ENABLE:\r
+ *ActionRequest = EFI_BROWSER_ACTION_REQUEST_FORM_APPLY;\r
+ break;\r
case KEY_SECURE_BOOT_MODE:\r
mIsEnterSecureBootForm = FALSE;\r
break;\r
}\r
break;\r
default:\r
- if (QuestionId >= FILE_OPTION_OFFSET && QuestionId < FILE_OPTION_GOTO_OFFSET) {\r
- if (UpdateFileExplorer (Private, QuestionId)) {\r
- *ActionRequest = EFI_BROWSER_ACTION_REQUEST_EXIT;\r
- }\r
- }\r
break;\r
}\r
} else if (Action == EFI_BROWSER_ACTION_DEFAULT_STANDARD) {\r
if (QuestionId == KEY_HIDE_SECURE_BOOT) {\r
- GetVariable2 (EFI_SECURE_BOOT_ENABLE_NAME, &gEfiSecureBootEnableDisableGuid, (VOID**)&SecureBootEnable, NULL);\r
- if (SecureBootEnable == NULL) {\r
+ GetVariable2 (EFI_PLATFORM_KEY_NAME, &gEfiGlobalVariableGuid, (VOID**)&Pk, NULL);\r
+ if (Pk == NULL) {\r
IfrNvData->HideSecureBoot = TRUE;\r
} else {\r
- FreePool (SecureBootEnable);\r
+ FreePool (Pk);\r
IfrNvData->HideSecureBoot = FALSE;\r
}\r
Value->b = IfrNvData->HideSecureBoot;\r
\r
FreePool (IfrNvData);\r
\r
+ if (File != NULL){\r
+ FreePool(File);\r
+ File = NULL;\r
+ }\r
+\r
return EFI_SUCCESS;\r
}\r
\r
PrivateData->HiiHandle = HiiHandle;\r
\r
PrivateData->FileContext = AllocateZeroPool (sizeof (SECUREBOOT_FILE_CONTEXT));\r
- PrivateData->MenuEntry = AllocateZeroPool (sizeof (SECUREBOOT_MENU_ENTRY));\r
\r
- if (PrivateData->FileContext == NULL || PrivateData->MenuEntry == NULL) {\r
+ if (PrivateData->FileContext == NULL) {\r
UninstallSecureBootConfigForm (PrivateData);\r
return EFI_OUT_OF_RESOURCES;\r
}\r
\r
- PrivateData->FeCurrentState = FileExplorerStateInActive;\r
- PrivateData->FeDisplayContext = FileExplorerDisplayUnknown;\r
-\r
- InitializeListHead (&FsOptionMenu.Head);\r
- InitializeListHead (&DirectoryMenu.Head);\r
-\r
//\r
// Init OpCode Handle and Allocate space for creation of Buffer\r
//\r
FreePool (PrivateData->SignatureGUID);\r
}\r
\r
- if (PrivateData->MenuEntry != NULL) {\r
- FreePool (PrivateData->MenuEntry);\r
- }\r
-\r
if (PrivateData->FileContext != NULL) {\r
FreePool (PrivateData->FileContext);\r
}\r
\r
FreePool (PrivateData);\r
\r
- FreeMenu (&DirectoryMenu);\r
- FreeMenu (&FsOptionMenu);\r
-\r
if (mStartOpCodeHandle != NULL) {\r
HiiFreeOpCodeHandle (mStartOpCodeHandle);\r
}\r