**/\r
\r
#include "SecureBootConfigImpl.h"\r
+#include <Protocol/HiiPopup.h>\r
#include <Library/BaseCryptLib.h>\r
#include <Library/SecureBootVariableLib.h>\r
#include <Library/SecureBootVariableProvisionLib.h>\r
return Status;\r
}\r
\r
+/**\r
+ This function reinitializes Secure Boot variables with default values.\r
+\r
+ @retval EFI_SUCCESS Success to update the signature list page\r
+ @retval others Fail to delete or enroll signature data.\r
+**/\r
+STATIC EFI_STATUS\r
+EFIAPI\r
+KeyEnrollReset (\r
+ VOID\r
+ )\r
+{\r
+ EFI_STATUS Status;\r
+ UINT8 SetupMode;\r
+\r
+ Status = EFI_SUCCESS;\r
+\r
+ Status = SetSecureBootMode (CUSTOM_SECURE_BOOT_MODE);\r
+ if (EFI_ERROR(Status)) {\r
+ return Status;\r
+ }\r
+\r
+ // Clear all the keys and databases\r
+ Status = DeleteDb ();\r
+ if (EFI_ERROR (Status) && (Status != EFI_NOT_FOUND)) {\r
+ DEBUG ((DEBUG_ERROR, "Fail to clear DB: %r\n", Status));\r
+ return Status;\r
+ }\r
+\r
+ Status = DeleteDbx ();\r
+ if (EFI_ERROR (Status) && (Status != EFI_NOT_FOUND)) {\r
+ DEBUG ((DEBUG_ERROR, "Fail to clear DBX: %r\n", Status));\r
+ return Status;\r
+ }\r
+\r
+ Status = DeleteDbt ();\r
+ if (EFI_ERROR (Status) && (Status != EFI_NOT_FOUND)) {\r
+ DEBUG ((DEBUG_ERROR, "Fail to clear DBT: %r\n", Status));\r
+ return Status;\r
+ }\r
+\r
+ Status = DeleteKEK ();\r
+ if (EFI_ERROR (Status) && (Status != EFI_NOT_FOUND)) {\r
+ DEBUG ((DEBUG_ERROR, "Fail to clear KEK: %r\n", Status));\r
+ return Status;\r
+ }\r
+\r
+ Status = DeletePlatformKey ();\r
+ if (EFI_ERROR (Status) && (Status != EFI_NOT_FOUND)) {\r
+ DEBUG ((DEBUG_ERROR, "Fail to clear PK: %r\n", Status));\r
+ return Status;\r
+ }\r
+\r
+ // After PK clear, Setup Mode shall be enabled\r
+ Status = GetSetupMode (&SetupMode);\r
+ if (EFI_ERROR (Status)) {\r
+ DEBUG ((DEBUG_ERROR, "Cannot get SetupMode variable: %r\n",\r
+ Status));\r
+ return Status;\r
+ }\r
+\r
+ if (SetupMode == USER_MODE) {\r
+ DEBUG((DEBUG_INFO, "Skipped - USER_MODE\n"));\r
+ return EFI_SUCCESS;\r
+ }\r
+\r
+ Status = SetSecureBootMode (CUSTOM_SECURE_BOOT_MODE);\r
+ if (EFI_ERROR (Status)) {\r
+ DEBUG ((DEBUG_ERROR, "Cannot set CUSTOM_SECURE_BOOT_MODE: %r\n",\r
+ Status));\r
+ return EFI_SUCCESS;\r
+ }\r
+\r
+ // Enroll all the keys from default variables\r
+ Status = EnrollDbFromDefault ();\r
+ if (EFI_ERROR (Status)) {\r
+ DEBUG ((DEBUG_ERROR, "Cannot enroll db: %r\n", Status));\r
+ goto error;\r
+ }\r
+\r
+ Status = EnrollDbxFromDefault ();\r
+ if (EFI_ERROR (Status)) {\r
+ DEBUG ((DEBUG_ERROR, "Cannot enroll dbx: %r\n", Status));\r
+ }\r
+\r
+ Status = EnrollDbtFromDefault ();\r
+ if (EFI_ERROR (Status)) {\r
+ DEBUG ((DEBUG_ERROR, "Cannot enroll dbt: %r\n", Status));\r
+ }\r
+\r
+ Status = EnrollKEKFromDefault ();\r
+ if (EFI_ERROR (Status)) {\r
+ DEBUG ((DEBUG_ERROR, "Cannot enroll KEK: %r\n", Status));\r
+ goto cleardbs;\r
+ }\r
+\r
+ Status = EnrollPKFromDefault ();\r
+ if (EFI_ERROR (Status)) {\r
+ DEBUG ((DEBUG_ERROR, "Cannot enroll PK: %r\n", Status));\r
+ goto clearKEK;\r
+ }\r
+\r
+ Status = SetSecureBootMode (STANDARD_SECURE_BOOT_MODE);\r
+ if (EFI_ERROR (Status)) {\r
+ DEBUG ((DEBUG_ERROR, "Cannot set CustomMode to STANDARD_SECURE_BOOT_MODE\n"\r
+ "Please do it manually, otherwise system can be easily compromised\n"));\r
+ }\r
+\r
+ return Status;\r
+\r
+clearKEK:\r
+ DeleteKEK ();\r
+\r
+cleardbs:\r
+ DeleteDbt ();\r
+ DeleteDbx ();\r
+ DeleteDb ();\r
+\r
+error:\r
+ if (SetSecureBootMode (STANDARD_SECURE_BOOT_MODE) != EFI_SUCCESS) {\r
+ DEBUG ((DEBUG_ERROR, "Cannot set mode to Secure: %r\n", Status));\r
+ }\r
+ return Status;\r
+}\r
+\r
/**\r
This function is called to provide results data to the driver.\r
\r
SECUREBOOT_CONFIG_PRIVATE_DATA *PrivateData;\r
BOOLEAN GetBrowserDataResult;\r
ENROLL_KEY_ERROR EnrollKeyErrorCode;\r
+ EFI_HII_POPUP_PROTOCOL *HiiPopup;\r
+ EFI_HII_POPUP_SELECTION UserSelection;\r
\r
Status = EFI_SUCCESS;\r
SecureBootEnable = NULL;\r
FreePool (SetupMode);\r
}\r
break;\r
+ case KEY_SECURE_BOOT_RESET_TO_DEFAULT:\r
+ {\r
+ Status = gBS->LocateProtocol (&gEfiHiiPopupProtocolGuid, NULL, (VOID **) &HiiPopup);\r
+ if (EFI_ERROR (Status)) {\r
+ return Status;\r
+ }\r
+ Status = HiiPopup->CreatePopup (\r
+ HiiPopup,\r
+ EfiHiiPopupStyleInfo,\r
+ EfiHiiPopupTypeYesNo,\r
+ Private->HiiHandle,\r
+ STRING_TOKEN (STR_RESET_TO_DEFAULTS_POPUP),\r
+ &UserSelection\r
+ );\r
+ if (UserSelection == EfiHiiPopupSelectionYes) {\r
+ Status = KeyEnrollReset ();\r
+ }\r
+ //\r
+ // Update secure boot strings after key reset\r
+ //\r
+ if (Status == EFI_SUCCESS) {\r
+ Status = UpdateSecureBootString (Private);\r
+ SecureBootExtractConfigFromVariable (Private, IfrNvData);\r
+ }\r
+ }\r
default:\r
break;\r
}\r