#define EFI_AUTHENTICATED_VARIABLE_GUID \\r
{ 0xaaf32c78, 0x947b, 0x439a, { 0xa1, 0x80, 0x2e, 0x14, 0x4e, 0xc3, 0x77, 0x92 } }\r
\r
+#define EFI_SECURE_BOOT_ENABLE_DISABLE \\r
+ { 0xf0a30bc7, 0xaf08, 0x4556, { 0x99, 0xc4, 0x0, 0x10, 0x9, 0xc9, 0x3a, 0x44 } }\r
+\r
+\r
extern EFI_GUID gEfiAuthenticatedVariableGuid;\r
+extern EFI_GUID gEfiSecureBootEnableDisableGuid;\r
+\r
+///\r
+/// "SecureBootEnable" variable for the Secure boot feature enable/disable.\r
+///\r
+#define EFI_SECURE_BOOT_ENABLE_NAME L"SecureBootEnable"\r
+#define SECURE_BOOT_ENABLE 1\r
+#define SECURE_BOOT_DISABLE 0\r
\r
///\r
/// Alignment of variable name and data, according to the architecture:\r
--- /dev/null
+/** @file\r
+ GUIDs used as HII FormSet and HII Package list GUID in SecureBootConfigDxe driver. \r
+ \r
+Copyright (c) 2011, Intel Corporation. All rights reserved.<BR>\r
+This program and the accompanying materials are licensed and made available under \r
+the terms and conditions of the BSD License that accompanies this distribution. \r
+The full text of the license may be found at\r
+http://opensource.org/licenses/bsd-license.php. \r
+\r
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, \r
+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
+\r
+**/\r
+\r
+#ifndef __SECUREBOOT_CONFIG_HII_GUID_H__\r
+#define __SECUREBOOT_CONFIG_HII_GUID_H__\r
+\r
+#define SECUREBOOT_CONFIG_FORM_SET_GUID \\r
+ { \\r
+ 0x5daf50a5, 0xea81, 0x4de2, {0x8f, 0x9b, 0xca, 0xbd, 0xa9, 0xcf, 0x5c, 0x14} \\r
+ }\r
+\r
+\r
+extern EFI_GUID gSecureBootConfigFormSetGuid;\r
+\r
+#endif\r
IN VOID *FileBuffer,\r
IN UINTN FileSize\r
)\r
-\r
{\r
EFI_STATUS Status;\r
UINT16 Magic;\r
EFI_IMAGE_EXECUTION_ACTION Action;\r
WIN_CERTIFICATE *WinCertificate;\r
UINT32 Policy;\r
+ UINT8 *SecureBootEnable;\r
\r
if (File == NULL) {\r
return EFI_INVALID_PARAMETER;\r
} else if (Policy == NEVER_EXECUTE) {\r
return EFI_ACCESS_DENIED;\r
}\r
+\r
+ SecureBootEnable = GetVariable (EFI_SECURE_BOOT_ENABLE_NAME, &gEfiSecureBootEnableDisableGuid);\r
+ //\r
+ // Skip verification if SecureBootEnable variable doesn't exist.\r
+ //\r
+ if (SecureBootEnable == NULL) {\r
+ return EFI_SUCCESS;\r
+ }\r
+\r
+ //\r
+ // Skip verification if SecureBootEnable is disabled.\r
+ //\r
+ if (*SecureBootEnable == SECURE_BOOT_DISABLE) {\r
+ FreePool (SecureBootEnable);\r
+ return EFI_SUCCESS;\r
+ } \r
+ \r
SetupMode = GetEfiGlobalVariable (EFI_SETUP_MODE_NAME);\r
\r
//\r
#include <Protocol/SimpleFileSystem.h>\r
#include <Protocol/VariableWrite.h>\r
#include <Guid/ImageAuthentication.h>\r
+#include <Guid/AuthenticatedVariableFormat.h>\r
#include <IndustryStandard/PeImage.h>\r
\r
#define EFI_CERT_TYPE_RSA2048_SHA256_SIZE 256\r
gEfiCertSha256Guid\r
gEfiCertX509Guid\r
gEfiCertRsa2048Guid\r
+ gEfiSecureBootEnableDisableGuid\r
\r
[Pcd]\r
gEfiSecurityPkgTokenSpaceGuid.PcdOptionRomImageVerificationPolicy\r
# Include/Guid/AuthenticatedVariableFormat.h\r
gEfiAuthenticatedVariableGuid = { 0xaaf32c78, 0x947b, 0x439a, { 0xa1, 0x80, 0x2e, 0x14, 0x4e, 0xc3, 0x77, 0x92 } }\r
\r
+ # Include/Guid/AuthenticatedVariableFormat.h\r
+ gEfiSecureBootEnableDisableGuid = { 0xf0a30bc7, 0xaf08, 0x4556, { 0x99, 0xc4, 0x0, 0x10, 0x9, 0xc9, 0x3a, 0x44 } }\r
+ \r
## Include/Guid/TcgEventHob.h\r
gTcgEventEntryHobGuid = { 0x2e3044ac, 0x879f, 0x490f, {0x97, 0x60, 0xbb, 0xdf, 0xaf, 0x69, 0x5f, 0x50 }}\r
\r
\r
## Include/Guid/TcgConfigHii.h\r
gTcgConfigFormSetGuid = { 0xb0f901e4, 0xc424, 0x45de, { 0x90, 0x81, 0x95, 0xe2, 0xb, 0xde, 0x6f, 0xb5 }}\r
-\r
+ \r
+ ## Include/Guid/SecureBootConfigHii.h\r
+ gSecureBootConfigFormSetGuid = { 0x5daf50a5, 0xea81, 0x4de2, {0x8f, 0x9b, 0xca, 0xbd, 0xa9, 0xcf, 0x5c, 0x14}}\r
+ \r
[Ppis]\r
## Include/Ppi/LockPhysicalPresence.h\r
gPeiLockPhysicalPresencePpiGuid = { 0xef9aefe5, 0x2bd3, 0x4031, { 0xaf, 0x7d, 0x5e, 0xfe, 0x5a, 0xbb, 0x9a, 0xd } }\r
PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf\r
}\r
SecurityPkg/Tcg/TcgSmm/TcgSmm.inf\r
-\r
+ SecurityPkg\VariableAuthenticated\SecureBootConfigDxe\SecureBootConfigDxe.inf\r
+ \r
[Components.IA32, Components.X64]\r
SecurityPkg/VariableAuthenticated/RuntimeDxe/VariableRuntimeDxe.inf {\r
<LibraryClasses>\r
{\r
EFI_STATUS Status;\r
VARIABLE_POINTER_TRACK Variable;\r
+ VARIABLE_POINTER_TRACK Variable2;\r
UINT8 VarValue;\r
UINT32 VarAttr;\r
UINT8 *Data;\r
UINTN DataSize;\r
UINTN CtxSize;\r
+ UINT8 SecureBootMode;\r
+ UINT8 SecureBootEnable;\r
+ \r
//\r
// Initialize hash context.\r
//\r
Status = FindVariable (\r
EFI_PLATFORM_KEY_NAME, \r
&gEfiGlobalVariableGuid, \r
- &Variable, \r
+ &Variable2, \r
&mVariableModuleGlobal->VariableGlobal\r
);\r
- if (Variable.CurrPtr == NULL) {\r
+ if (Variable2.CurrPtr == NULL) {\r
mPlatformMode = SETUP_MODE;\r
} else {\r
mPlatformMode = USER_MODE;\r
&mVariableModuleGlobal->VariableGlobal\r
);\r
\r
+\r
if (Variable.CurrPtr == NULL) {\r
VarAttr = EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS;\r
Status = UpdateVariable (\r
NULL\r
);\r
}\r
- \r
+\r
+ //\r
+ // If "SecureBootEnable" variable exists, then update "SecureBoot" variable.\r
+ // If "SecureBootEnable" variable is SECURE_BOOT_ENABLE, Set "SecureBoot" variable to SECURE_BOOT_MODE_ENABLE.\r
+ // If "SecureBootEnable" variable is SECURE_BOOT_DISABLE, Set "SecureBoot" variable to SECURE_BOOT_MODE_DISABLE.\r
+ //\r
+ FindVariable (EFI_SECURE_BOOT_ENABLE_NAME, &gEfiSecureBootEnableDisableGuid, &Variable, &mVariableModuleGlobal->VariableGlobal);\r
+ if (Variable.CurrPtr != NULL) {\r
+ SecureBootEnable = *(GetVariableDataPtr (Variable.CurrPtr));\r
+ if (SecureBootEnable == SECURE_BOOT_ENABLE) {\r
+ SecureBootMode = SECURE_BOOT_MODE_ENABLE;\r
+ } else {\r
+ SecureBootMode = SECURE_BOOT_MODE_DISABLE;\r
+ }\r
+ FindVariable (EFI_SECURE_BOOT_MODE_NAME, &gEfiGlobalVariableGuid, &Variable, &mVariableModuleGlobal->VariableGlobal);\r
+ Status = UpdateVariable (\r
+ EFI_SECURE_BOOT_MODE_NAME, \r
+ &gEfiGlobalVariableGuid, \r
+ &SecureBootMode, \r
+ sizeof(UINT8), \r
+ EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS, \r
+ 0, \r
+ 0, \r
+ &Variable,\r
+ NULL\r
+ );\r
+ if (EFI_ERROR (Status)) {\r
+ return Status;\r
+ }\r
+ }\r
+\r
//\r
// Detect whether a secure platform-specific method to clear PK(Platform Key)\r
// is configured by platform owner. This method is provided for users force to clear PK \r
VARIABLE_POINTER_TRACK Variable;\r
UINT32 VarAttr;\r
UINT8 SecureBootMode;\r
-\r
+ UINT8 SecureBootEnable;\r
+ UINTN VariableDataSize;\r
+ \r
Status = FindVariable (\r
EFI_SETUP_MODE_NAME, \r
&gEfiGlobalVariableGuid, \r
}\r
\r
mPlatformMode = Mode;\r
- VarAttr = EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS;\r
+ VarAttr = EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS;\r
Status = UpdateVariable (\r
EFI_SETUP_MODE_NAME,\r
&gEfiGlobalVariableGuid,\r
}\r
}\r
\r
- VarAttr = EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS;\r
- return UpdateVariable (\r
+ VarAttr = EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS;\r
+ Status = UpdateVariable (\r
EFI_SECURE_BOOT_MODE_NAME,\r
&gEfiGlobalVariableGuid,\r
&SecureBootMode,\r
&Variable,\r
NULL\r
);\r
+\r
+ if (EFI_ERROR (Status)) {\r
+ return Status;\r
+ }\r
+\r
+ //\r
+ // Check "SecureBootEnable" variable's existence. It can enable/disable secure boot feature.\r
+ //\r
+ Status = FindVariable (\r
+ EFI_SECURE_BOOT_ENABLE_NAME, \r
+ &gEfiSecureBootEnableDisableGuid, \r
+ &Variable, \r
+ &mVariableModuleGlobal->VariableGlobal\r
+ );\r
+ \r
+ if (SecureBootMode == SECURE_BOOT_MODE_ENABLE) {\r
+ //\r
+ // Create the "SecureBootEnable" variable as secure boot is enabled.\r
+ //\r
+ SecureBootEnable = SECURE_BOOT_ENABLE;\r
+ VariableDataSize = sizeof (SecureBootEnable);\r
+ } else {\r
+ //\r
+ // Delete the "SecureBootEnable" variable if this variable exist as "SecureBoot" \r
+ // variable is not in secure boot state.\r
+ //\r
+ if (Variable.CurrPtr == NULL || EFI_ERROR (Status)) {\r
+ return EFI_SUCCESS;\r
+ }\r
+ SecureBootEnable = SECURE_BOOT_DISABLE;\r
+ VariableDataSize = 0;\r
+ }\r
+ \r
+ Status = UpdateVariable (\r
+ EFI_SECURE_BOOT_ENABLE_NAME, \r
+ &gEfiSecureBootEnableDisableGuid, \r
+ &SecureBootEnable, \r
+ VariableDataSize, \r
+ EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS, \r
+ 0, \r
+ 0, \r
+ &Variable,\r
+ NULL\r
+ );\r
+ return Status;\r
}\r
\r
/**\r
gEfiImageSecurityDatabaseGuid\r
gEfiCertX509Guid\r
gEfiCertPkcs7Guid\r
- gEfiCertRsa2048Guid \r
+ gEfiCertRsa2048Guid\r
+ gEfiSecureBootEnableDisableGuid\r
\r
[Pcd]\r
gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableSize\r
gEfiImageSecurityDatabaseGuid\r
gEfiCertX509Guid\r
gEfiCertPkcs7Guid\r
- gEfiCertRsa2048Guid \r
+ gEfiCertRsa2048Guid\r
+ gEfiSecureBootEnableDisableGuid\r
\r
[Pcd]\r
gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableSize\r
--- /dev/null
+/** @file\r
+ VFR file used by the SecureBoot configuration component.\r
+\r
+Copyright (c) 2011, Intel Corporation. All rights reserved.<BR>\r
+This program and the accompanying materials \r
+are licensed and made available under the terms and conditions of the BSD License \r
+which accompanies this distribution. The full text of the license may be found at \r
+http://opensource.org/licenses/bsd-license.php\r
+\r
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, \r
+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
+\r
+**/\r
+\r
+#include "SecureBootConfigNvData.h"\r
+\r
+formset\r
+ guid = SECUREBOOT_CONFIG_FORM_SET_GUID,\r
+ title = STRING_TOKEN(STR_SECUREBOOT_TITLE),\r
+ help = STRING_TOKEN(STR_SECUREBOOT_HELP),\r
+ classguid = EFI_HII_PLATFORM_SETUP_FORMSET_GUID,\r
+\r
+ varstore SECUREBOOT_CONFIGURATION,\r
+ varid = SECUREBOOT_CONFIGURATION_VARSTORE_ID,\r
+ name = SECUREBOOT_CONFIGURATION,\r
+ guid = SECUREBOOT_CONFIG_FORM_SET_GUID;\r
+\r
+ form formid = SECUREBOOT_CONFIGURATION_FORM_ID,\r
+ title = STRING_TOKEN(STR_SECUREBOOT_TITLE);\r
+\r
+ subtitle text = STRING_TOKEN(STR_NULL);\r
+\r
+ suppressif TRUE;\r
+ checkbox varid = SECUREBOOT_CONFIGURATION.HideSecureBoot,\r
+ prompt = STRING_TOKEN(STR_NULL),\r
+ help = STRING_TOKEN(STR_NULL),\r
+ endcheckbox;\r
+ endif;\r
+ \r
+ grayoutif ideqval SECUREBOOT_CONFIGURATION.HideSecureBoot == 1;\r
+ checkbox varid = SECUREBOOT_CONFIGURATION.SecureBootState,\r
+ questionid = KEY_SECURE_BOOT_ENABLE,\r
+ prompt = STRING_TOKEN(STR_SECURE_BOOT_PROMPT),\r
+ help = STRING_TOKEN(STR_SECURE_BOOT_HELP),\r
+ endcheckbox;\r
+ endif;\r
+\r
+ endform;\r
+\r
+endformset;\r
--- /dev/null
+/** @file\r
+ The module entry point for SecureBoot configuration module.\r
+\r
+Copyright (c) 2011, Intel Corporation. All rights reserved.<BR>\r
+This program and the accompanying materials \r
+are licensed and made available under the terms and conditions of the BSD License \r
+which accompanies this distribution. The full text of the license may be found at \r
+http://opensource.org/licenses/bsd-license.php\r
+\r
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, \r
+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
+\r
+**/\r
+\r
+#include "SecureBootConfigImpl.h"\r
+\r
+/**\r
+ The entry point for SecureBoot configuration driver.\r
+\r
+ @param[in] ImageHandle The image handle of the driver.\r
+ @param[in] SystemTable The system table.\r
+\r
+ @retval EFI_ALREADY_STARTED The driver already exists in system.\r
+ @retval EFI_OUT_OF_RESOURCES Fail to execute entry point due to lack of resources.\r
+ @retval EFI_SUCCES All the related protocols are installed on the driver.\r
+ @retval Others Fail to get the SecureBootEnable variable.\r
+\r
+**/\r
+EFI_STATUS\r
+EFIAPI\r
+SecureBootConfigDriverEntryPoint (\r
+ IN EFI_HANDLE ImageHandle,\r
+ IN EFI_SYSTEM_TABLE *SystemTable\r
+ )\r
+{\r
+ EFI_STATUS Status;\r
+ SECUREBOOT_CONFIG_PRIVATE_DATA *PrivateData;\r
+ \r
+ //\r
+ // If already started, return.\r
+ //\r
+ Status = gBS->OpenProtocol (\r
+ ImageHandle,\r
+ &gEfiCallerIdGuid,\r
+ NULL,\r
+ ImageHandle,\r
+ ImageHandle,\r
+ EFI_OPEN_PROTOCOL_TEST_PROTOCOL\r
+ );\r
+ if (!EFI_ERROR (Status)) {\r
+ return EFI_ALREADY_STARTED;\r
+ }\r
+ \r
+ //\r
+ // Create a private data structure.\r
+ //\r
+ PrivateData = AllocateCopyPool (sizeof (SECUREBOOT_CONFIG_PRIVATE_DATA), &mSecureBootConfigPrivateDateTemplate);\r
+ if (PrivateData == NULL) {\r
+ return EFI_OUT_OF_RESOURCES;\r
+ }\r
+ \r
+ //\r
+ // Install SecureBoot configuration form\r
+ //\r
+ Status = InstallSecureBootConfigForm (PrivateData);\r
+ if (EFI_ERROR (Status)) {\r
+ goto ErrorExit;\r
+ }\r
+\r
+ //\r
+ // Install private GUID.\r
+ // \r
+ Status = gBS->InstallMultipleProtocolInterfaces (\r
+ &ImageHandle,\r
+ &gEfiCallerIdGuid,\r
+ PrivateData,\r
+ NULL\r
+ );\r
+\r
+ if (EFI_ERROR (Status)) {\r
+ goto ErrorExit;\r
+ }\r
+\r
+ return EFI_SUCCESS;\r
+\r
+ErrorExit:\r
+ if (PrivateData != NULL) {\r
+ UninstallSecureBootConfigForm (PrivateData);\r
+ } \r
+ \r
+ return Status;\r
+}\r
+\r
+/**\r
+ Unload the SecureBoot configuration form.\r
+\r
+ @param[in] ImageHandle The driver's image handle.\r
+\r
+ @retval EFI_SUCCESS The SecureBoot configuration form is unloaded.\r
+ @retval Others Failed to unload the form.\r
+\r
+**/\r
+EFI_STATUS\r
+EFIAPI\r
+SecureBootConfigDriverUnload (\r
+ IN EFI_HANDLE ImageHandle\r
+ )\r
+{\r
+ EFI_STATUS Status;\r
+ SECUREBOOT_CONFIG_PRIVATE_DATA *PrivateData;\r
+\r
+ Status = gBS->HandleProtocol (\r
+ ImageHandle,\r
+ &gEfiCallerIdGuid,\r
+ (VOID **) &PrivateData\r
+ ); \r
+ if (EFI_ERROR (Status)) {\r
+ return Status; \r
+ }\r
+ \r
+ ASSERT (PrivateData->Signature == SECUREBOOT_CONFIG_PRIVATE_DATA_SIGNATURE);\r
+\r
+ gBS->UninstallMultipleProtocolInterfaces (\r
+ &ImageHandle,\r
+ &gEfiCallerIdGuid,\r
+ PrivateData,\r
+ NULL\r
+ );\r
+ \r
+ UninstallSecureBootConfigForm (PrivateData);\r
+\r
+ return EFI_SUCCESS;\r
+}\r
--- /dev/null
+## @file\r
+# Component name for SecureBoot configuration module.\r
+#\r
+# Copyright (c) 2011, Intel Corporation. All rights reserved.<BR>\r
+# This program and the accompanying materials\r
+# are licensed and made available under the terms and conditions of the BSD License\r
+# which accompanies this distribution. The full text of the license may be found at\r
+# http://opensource.org/licenses/bsd-license.php\r
+# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,\r
+# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
+#\r
+##\r
+\r
+[Defines]\r
+ INF_VERSION = 0x00010005\r
+ BASE_NAME = SecureBootConfigDxe\r
+ FILE_GUID = F0E6A44F-7195-41c3-AC64-54F202CD0A21\r
+ MODULE_TYPE = DXE_DRIVER\r
+ VERSION_STRING = 1.0\r
+ ENTRY_POINT = SecureBootConfigDriverEntryPoint\r
+ UNLOAD_IMAGE = SecureBootConfigDriverUnload\r
+\r
+#\r
+# VALID_ARCHITECTURES = IA32 X64 IPF EBC\r
+#\r
+\r
+[Sources]\r
+ SecureBootConfigDriver.c\r
+ SecureBootConfigImpl.c\r
+ SecureBootConfigImpl.h\r
+ SecureBootConfig.vfr\r
+ SecureBootConfigStrings.uni\r
+ SecureBootConfigNvData.h\r
+\r
+[Packages]\r
+ MdePkg/MdePkg.dec\r
+ MdeModulePkg/MdeModulePkg.dec\r
+ SecurityPkg/SecurityPkg.dec\r
+\r
+[LibraryClasses]\r
+ BaseLib\r
+ BaseMemoryLib\r
+ MemoryAllocationLib\r
+ UefiLib\r
+ UefiBootServicesTableLib\r
+ UefiRuntimeServicesTableLib\r
+ UefiDriverEntryPoint\r
+ UefiHiiServicesLib\r
+ DebugLib\r
+ HiiLib\r
+\r
+[Guids]\r
+ gEfiIfrTianoGuid\r
+ gEfiSecureBootEnableDisableGuid\r
+ gSecureBootConfigFormSetGuid\r
+\r
+[Protocols]\r
+ gEfiHiiConfigAccessProtocolGuid ## PRODUCES\r
+ gEfiHiiConfigRoutingProtocolGuid ## CONSUMES\r
+\r
+[Depex]\r
+ gEfiHiiConfigRoutingProtocolGuid AND\r
+ gEfiHiiDatabaseProtocolGuid AND\r
+ gEfiVariableArchProtocolGuid AND\r
+ gEfiVariableWriteArchProtocolGuid\r
--- /dev/null
+/** @file\r
+ HII Config Access protocol implementation of SecureBoot configuration module.\r
+\r
+Copyright (c) 2011, Intel Corporation. All rights reserved.<BR>\r
+This program and the accompanying materials \r
+are licensed and made available under the terms and conditions of the BSD License \r
+which accompanies this distribution. The full text of the license may be found at \r
+http://opensource.org/licenses/bsd-license.php\r
+\r
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, \r
+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
+\r
+**/\r
+\r
+#include "SecureBootConfigImpl.h"\r
+\r
+CHAR16 mSecureBootStorageName[] = L"SECUREBOOT_CONFIGURATION";\r
+\r
+SECUREBOOT_CONFIG_PRIVATE_DATA mSecureBootConfigPrivateDateTemplate = {\r
+ SECUREBOOT_CONFIG_PRIVATE_DATA_SIGNATURE,\r
+ {\r
+ SecureBootExtractConfig,\r
+ SecureBootRouteConfig,\r
+ SecureBootCallback\r
+ }\r
+};\r
+\r
+HII_VENDOR_DEVICE_PATH mSecureBootHiiVendorDevicePath = {\r
+ {\r
+ {\r
+ HARDWARE_DEVICE_PATH,\r
+ HW_VENDOR_DP,\r
+ {\r
+ (UINT8) (sizeof (VENDOR_DEVICE_PATH)),\r
+ (UINT8) ((sizeof (VENDOR_DEVICE_PATH)) >> 8)\r
+ }\r
+ },\r
+ SECUREBOOT_CONFIG_FORM_SET_GUID\r
+ },\r
+ {\r
+ END_DEVICE_PATH_TYPE,\r
+ END_ENTIRE_DEVICE_PATH_SUBTYPE,\r
+ { \r
+ (UINT8) (END_DEVICE_PATH_LENGTH),\r
+ (UINT8) ((END_DEVICE_PATH_LENGTH) >> 8)\r
+ }\r
+ }\r
+};\r
+\r
+/**\r
+ Save Secure Boot option to variable space.\r
+\r
+ @param[in] VarValue The option of Secure Boot.\r
+\r
+ @retval EFI_SUCCESS The operation is finished successfully.\r
+ @retval Others Other errors as indicated.\r
+\r
+**/\r
+EFI_STATUS\r
+SaveSecureBootVariable (\r
+ IN UINT8 VarValue\r
+ )\r
+{\r
+ EFI_STATUS Status;\r
+ \r
+ Status = gRT->SetVariable (\r
+ EFI_SECURE_BOOT_ENABLE_NAME, \r
+ &gEfiSecureBootEnableDisableGuid,\r
+ EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS, \r
+ sizeof (UINT8), \r
+ &VarValue\r
+ );\r
+ if (EFI_ERROR (Status)) {\r
+ return Status;\r
+ }\r
+ gRT->ResetSystem (EfiResetCold, EFI_SUCCESS, 0, NULL);\r
+ return EFI_SUCCESS;\r
+}\r
+\r
+/**\r
+ This function allows a caller to extract the current configuration for one\r
+ or more named elements from the target driver.\r
+\r
+ @param[in] This Points to the EFI_HII_CONFIG_ACCESS_PROTOCOL.\r
+ @param[in] Request A null-terminated Unicode string in\r
+ <ConfigRequest> format.\r
+ @param[out] Progress On return, points to a character in the Request\r
+ string. Points to the string's null terminator if\r
+ request was successful. Points to the most recent\r
+ '&' before the first failing name/value pair (or\r
+ the beginning of the string if the failure is in\r
+ the first name/value pair) if the request was not\r
+ successful.\r
+ @param[out] Results A null-terminated Unicode string in\r
+ <ConfigAltResp> format which has all values filled\r
+ in for the names in the Request string. String to\r
+ be allocated by the called function.\r
+\r
+ @retval EFI_SUCCESS The Results is filled with the requested values.\r
+ @retval EFI_OUT_OF_RESOURCES Not enough memory to store the results.\r
+ @retval EFI_INVALID_PARAMETER Request is illegal syntax, or unknown name.\r
+ @retval EFI_NOT_FOUND Routing data doesn't match any storage in this\r
+ driver.\r
+\r
+**/\r
+EFI_STATUS\r
+EFIAPI\r
+SecureBootExtractConfig (\r
+ IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This,\r
+ IN CONST EFI_STRING Request,\r
+ OUT EFI_STRING *Progress,\r
+ OUT EFI_STRING *Results\r
+ )\r
+{\r
+ EFI_STATUS Status;\r
+ UINTN BufferSize;\r
+ SECUREBOOT_CONFIGURATION Configuration;\r
+ \r
+ EFI_STRING ConfigRequest;\r
+ UINT8 *SecureBootEnable;\r
+ \r
+ if (Progress == NULL || Results == NULL) {\r
+ return EFI_INVALID_PARAMETER;\r
+ }\r
+\r
+ *Progress = Request;\r
+ if ((Request != NULL) && !HiiIsConfigHdrMatch (Request, &gSecureBootConfigFormSetGuid, mSecureBootStorageName)) {\r
+ return EFI_NOT_FOUND;\r
+ }\r
+\r
+ //\r
+ // Get the SecureBoot Variable\r
+ //\r
+ SecureBootEnable = GetVariable (EFI_SECURE_BOOT_ENABLE_NAME, &gEfiSecureBootEnableDisableGuid); \r
+ \r
+ //\r
+ // If the SecureBoot Variable doesn't exist, hide the SecureBoot Enable/Disable\r
+ // Checkbox.\r
+ //\r
+ if (SecureBootEnable == NULL) {\r
+ Configuration.HideSecureBoot = TRUE;\r
+ } else {\r
+ Configuration.HideSecureBoot = FALSE;\r
+ Configuration.SecureBootState = *SecureBootEnable;\r
+ }\r
+ \r
+ BufferSize = sizeof (Configuration);\r
+ ConfigRequest = Request;\r
+\r
+ Status = gHiiConfigRouting->BlockToConfig (\r
+ gHiiConfigRouting,\r
+ ConfigRequest,\r
+ (UINT8 *) &Configuration,\r
+ BufferSize,\r
+ Results,\r
+ Progress\r
+ );\r
+ \r
+ //\r
+ // Set Progress string to the original request string.\r
+ //\r
+ if (Request == NULL) {\r
+ *Progress = NULL;\r
+ } else if (StrStr (Request, L"OFFSET") == NULL) {\r
+ *Progress = Request + StrLen (Request);\r
+ }\r
+\r
+ return Status;\r
+}\r
+\r
+/**\r
+ This function processes the results of changes in configuration.\r
+\r
+ @param[in] This Points to the EFI_HII_CONFIG_ACCESS_PROTOCOL.\r
+ @param[in] Configuration A null-terminated Unicode string in <ConfigResp>\r
+ format.\r
+ @param[out] Progress A pointer to a string filled in with the offset of\r
+ the most recent '&' before the first failing\r
+ name/value pair (or the beginning of the string if\r
+ the failure is in the first name/value pair) or\r
+ the terminating NULL if all was successful.\r
+\r
+ @retval EFI_SUCCESS The Results is processed successfully.\r
+ @retval EFI_INVALID_PARAMETER Configuration is NULL.\r
+ @retval EFI_NOT_FOUND Routing data doesn't match any storage in this\r
+ driver.\r
+\r
+**/\r
+EFI_STATUS\r
+EFIAPI\r
+SecureBootRouteConfig (\r
+ IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This,\r
+ IN CONST EFI_STRING Configuration,\r
+ OUT EFI_STRING *Progress\r
+ )\r
+{\r
+ EFI_STATUS Status;\r
+ UINTN BufferSize;\r
+ SECUREBOOT_CONFIGURATION SecureBootConfiguration;\r
+ UINT8 *SecureBootEnable;\r
+ \r
+\r
+ if (Configuration == NULL || Progress == NULL) {\r
+ return EFI_INVALID_PARAMETER;\r
+ }\r
+\r
+ *Progress = Configuration;\r
+ if (!HiiIsConfigHdrMatch (Configuration, &gSecureBootConfigFormSetGuid, mSecureBootStorageName)) {\r
+ return EFI_NOT_FOUND;\r
+ }\r
+\r
+ //\r
+ // Convert <ConfigResp> to buffer data by helper function ConfigToBlock()\r
+ //\r
+ BufferSize = sizeof (SECUREBOOT_CONFIGURATION);\r
+ Status = gHiiConfigRouting->ConfigToBlock (\r
+ gHiiConfigRouting,\r
+ Configuration,\r
+ (UINT8 *) &SecureBootConfiguration,\r
+ &BufferSize,\r
+ Progress\r
+ );\r
+ if (EFI_ERROR (Status)) {\r
+ return Status;\r
+ }\r
+\r
+ SecureBootEnable = GetVariable (EFI_SECURE_BOOT_ENABLE_NAME, &gEfiSecureBootEnableDisableGuid); \r
+ if (SecureBootEnable == NULL) {\r
+ return EFI_SUCCESS;\r
+ } \r
+ \r
+ if ((*SecureBootEnable) != SecureBootConfiguration.SecureBootState) {\r
+ //\r
+ // If the configure is changed, update the SecureBoot Variable.\r
+ //\r
+ SaveSecureBootVariable (SecureBootConfiguration.SecureBootState); \r
+ } \r
+ return EFI_SUCCESS;\r
+}\r
+\r
+/**\r
+ This function processes the results of changes in configuration.\r
+\r
+ @param[in] This Points to the EFI_HII_CONFIG_ACCESS_PROTOCOL.\r
+ @param[in] Action Specifies the type of action taken by the browser.\r
+ @param[in] QuestionId A unique value which is sent to the original\r
+ exporting driver so that it can identify the type\r
+ of data to expect.\r
+ @param[in] Type The type of value for the question.\r
+ @param[in] Value A pointer to the data being sent to the original\r
+ exporting driver.\r
+ @param[out] ActionRequest On return, points to the action requested by the\r
+ callback function.\r
+\r
+ @retval EFI_SUCCESS The callback successfully handled the action.\r
+ @retval EFI_OUT_OF_RESOURCES Not enough storage is available to hold the\r
+ variable and its data.\r
+ @retval EFI_DEVICE_ERROR The variable could not be saved.\r
+ @retval EFI_UNSUPPORTED The specified Action is not supported by the\r
+ callback.\r
+\r
+**/\r
+EFI_STATUS\r
+EFIAPI\r
+SecureBootCallback (\r
+ IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This,\r
+ IN EFI_BROWSER_ACTION Action,\r
+ IN EFI_QUESTION_ID QuestionId,\r
+ IN UINT8 Type,\r
+ IN EFI_IFR_TYPE_VALUE *Value,\r
+ OUT EFI_BROWSER_ACTION_REQUEST *ActionRequest\r
+ )\r
+{\r
+ BOOLEAN SecureBootEnable;\r
+ \r
+ if ((This == NULL) || (Value == NULL) || (ActionRequest == NULL)) {\r
+ return EFI_INVALID_PARAMETER;\r
+ }\r
+\r
+ if ((Action != EFI_BROWSER_ACTION_CHANGING) || (QuestionId != KEY_SECURE_BOOT_ENABLE)) {\r
+ return EFI_UNSUPPORTED;\r
+ }\r
+ \r
+ if (NULL == GetVariable (EFI_SECURE_BOOT_ENABLE_NAME, &gEfiSecureBootEnableDisableGuid)) {\r
+ return EFI_SUCCESS;\r
+ }\r
+ \r
+ SecureBootEnable = Value->u8;\r
+ SaveSecureBootVariable (Value->u8); \r
+ return EFI_SUCCESS;\r
+\r
+}\r
+\r
+/**\r
+ This function publish the SecureBoot configuration Form.\r
+\r
+ @param[in, out] PrivateData Points to SecureBoot configuration private data.\r
+\r
+ @retval EFI_SUCCESS HII Form is installed for this network device.\r
+ @retval EFI_OUT_OF_RESOURCES Not enough resource for HII Form installation.\r
+ @retval Others Other errors as indicated.\r
+\r
+**/\r
+EFI_STATUS\r
+InstallSecureBootConfigForm (\r
+ IN OUT SECUREBOOT_CONFIG_PRIVATE_DATA *PrivateData\r
+ )\r
+{\r
+ EFI_STATUS Status;\r
+ EFI_HII_HANDLE HiiHandle;\r
+ EFI_HANDLE DriverHandle;\r
+\r
+ EFI_HII_CONFIG_ACCESS_PROTOCOL *ConfigAccess;\r
+\r
+ DriverHandle = NULL;\r
+ ConfigAccess = &PrivateData->ConfigAccess;\r
+ Status = gBS->InstallMultipleProtocolInterfaces (\r
+ &DriverHandle,\r
+ &gEfiDevicePathProtocolGuid,\r
+ &mSecureBootHiiVendorDevicePath,\r
+ &gEfiHiiConfigAccessProtocolGuid,\r
+ ConfigAccess,\r
+ NULL\r
+ );\r
+ if (EFI_ERROR (Status)) {\r
+ return Status;\r
+ }\r
+\r
+ PrivateData->DriverHandle = DriverHandle;\r
+\r
+ //\r
+ // Publish the HII package list\r
+ //\r
+ HiiHandle = HiiAddPackages (\r
+ &gSecureBootConfigFormSetGuid,\r
+ DriverHandle,\r
+ SecureBootConfigDxeStrings,\r
+ SecureBootConfigBin,\r
+ NULL\r
+ );\r
+ if (HiiHandle == NULL) {\r
+ gBS->UninstallMultipleProtocolInterfaces (\r
+ DriverHandle,\r
+ &gEfiDevicePathProtocolGuid,\r
+ &mSecureBootHiiVendorDevicePath,\r
+ &gEfiHiiConfigAccessProtocolGuid,\r
+ ConfigAccess,\r
+ NULL\r
+ ); \r
+\r
+ return EFI_OUT_OF_RESOURCES;\r
+ }\r
+ \r
+ PrivateData->HiiHandle = HiiHandle;\r
+ return EFI_SUCCESS; \r
+}\r
+\r
+/**\r
+ This function removes SecureBoot configuration Form.\r
+\r
+ @param[in, out] PrivateData Points to SecureBoot configuration private data.\r
+\r
+**/\r
+VOID\r
+UninstallSecureBootConfigForm (\r
+ IN OUT SECUREBOOT_CONFIG_PRIVATE_DATA *PrivateData\r
+ )\r
+{\r
+ //\r
+ // Uninstall HII package list\r
+ //\r
+ if (PrivateData->HiiHandle != NULL) {\r
+ HiiRemovePackages (PrivateData->HiiHandle);\r
+ PrivateData->HiiHandle = NULL;\r
+ }\r
+\r
+ //\r
+ // Uninstall HII Config Access Protocol\r
+ //\r
+ if (PrivateData->DriverHandle != NULL) {\r
+ gBS->UninstallMultipleProtocolInterfaces (\r
+ PrivateData->DriverHandle,\r
+ &gEfiDevicePathProtocolGuid,\r
+ &mSecureBootHiiVendorDevicePath,\r
+ &gEfiHiiConfigAccessProtocolGuid,\r
+ &PrivateData->ConfigAccess,\r
+ NULL\r
+ );\r
+ PrivateData->DriverHandle = NULL;\r
+ }\r
+ \r
+ FreePool (PrivateData);\r
+}\r
--- /dev/null
+/** @file\r
+ The header file of HII Config Access protocol implementation of SecureBoot\r
+ configuration module.\r
+\r
+Copyright (c) 2011, Intel Corporation. All rights reserved.<BR>\r
+This program and the accompanying materials \r
+are licensed and made available under the terms and conditions of the BSD License \r
+which accompanies this distribution. The full text of the license may be found at \r
+http://opensource.org/licenses/bsd-license.php\r
+\r
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, \r
+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
+\r
+**/\r
+\r
+#ifndef __SECUREBOOT_CONFIG_IMPL_H__\r
+#define __SECUREBOOT_CONFIG_IMPL_H__\r
+\r
+#include <Uefi.h>\r
+\r
+#include <Protocol/HiiConfigAccess.h>\r
+#include <Protocol/HiiConfigRouting.h>\r
+\r
+#include <Library/BaseLib.h>\r
+#include <Library/BaseMemoryLib.h>\r
+#include <Library/DebugLib.h>\r
+#include <Library/MemoryAllocationLib.h>\r
+#include <Library/UefiBootServicesTableLib.h>\r
+#include <Library/UefiRuntimeServicesTableLib.h>\r
+#include <Library/UefiHiiServicesLib.h>\r
+#include <Library/UefiLib.h>\r
+#include <Library/HiiLib.h>\r
+#include <Library/DevicePathLib.h>\r
+\r
+#include <Guid/MdeModuleHii.h>\r
+#include <Guid/AuthenticatedVariableFormat.h>\r
+\r
+#include "SecureBootConfigNvData.h"\r
+\r
+//\r
+// Tool generated IFR binary data and String package data\r
+//\r
+extern UINT8 SecureBootConfigBin[];\r
+extern UINT8 SecureBootConfigDxeStrings[];\r
+\r
+///\r
+/// HII specific Vendor Device Path definition.\r
+///\r
+typedef struct {\r
+ VENDOR_DEVICE_PATH VendorDevicePath;\r
+ EFI_DEVICE_PATH_PROTOCOL End;\r
+} HII_VENDOR_DEVICE_PATH;\r
+\r
+typedef struct {\r
+ UINTN Signature;\r
+\r
+ EFI_HII_CONFIG_ACCESS_PROTOCOL ConfigAccess;\r
+ EFI_HII_HANDLE HiiHandle;\r
+ EFI_HANDLE DriverHandle;\r
+\r
+} SECUREBOOT_CONFIG_PRIVATE_DATA;\r
+\r
+extern SECUREBOOT_CONFIG_PRIVATE_DATA mSecureBootConfigPrivateDateTemplate;\r
+\r
+#define SECUREBOOT_CONFIG_PRIVATE_DATA_SIGNATURE SIGNATURE_32 ('S', 'E', 'C', 'B')\r
+#define SECUREBOOT_CONFIG_PRIVATE_DATA_FROM_THIS(a) CR (a, SECUREBOOT_CONFIG_PRIVATE_DATA, ConfigAccess, SECUREBOOT_CONFIG_PRIVATE_DATA_SIGNATURE)\r
+\r
+\r
+/**\r
+ This function publish the SecureBoot configuration Form.\r
+\r
+ @param[in, out] PrivateData Points to SecureBoot configuration private data.\r
+\r
+ @retval EFI_SUCCESS HII Form is installed for this network device.\r
+ @retval EFI_OUT_OF_RESOURCES Not enough resource for HII Form installation.\r
+ @retval Others Other errors as indicated.\r
+\r
+**/\r
+EFI_STATUS\r
+InstallSecureBootConfigForm (\r
+ IN OUT SECUREBOOT_CONFIG_PRIVATE_DATA *PrivateData\r
+ );\r
+\r
+/**\r
+ This function removes SecureBoot configuration Form.\r
+\r
+ @param[in, out] PrivateData Points to SecureBoot configuration private data.\r
+\r
+**/\r
+\r
+VOID\r
+UninstallSecureBootConfigForm (\r
+ IN OUT SECUREBOOT_CONFIG_PRIVATE_DATA *PrivateData\r
+ );\r
+\r
+/**\r
+ This function allows a caller to extract the current configuration for one\r
+ or more named elements from the target driver.\r
+\r
+ @param[in] This Points to the EFI_HII_CONFIG_ACCESS_PROTOCOL.\r
+ @param[in] Request A null-terminated Unicode string in\r
+ <ConfigRequest> format.\r
+ @param[out] Progress On return, points to a character in the Request\r
+ string. Points to the string's null terminator if\r
+ request was successful. Points to the most recent\r
+ '&' before the first failing name/value pair (or\r
+ the beginning of the string if the failure is in\r
+ the first name/value pair) if the request was not\r
+ successful.\r
+ @param[out] Results A null-terminated Unicode string in\r
+ <ConfigAltResp> format which has all values filled\r
+ in for the names in the Request string. String to\r
+ be allocated by the called function.\r
+\r
+ @retval EFI_SUCCESS The Results is filled with the requested values.\r
+ @retval EFI_OUT_OF_RESOURCES Not enough memory to store the results.\r
+ @retval EFI_INVALID_PARAMETER Request is illegal syntax, or unknown name.\r
+ @retval EFI_NOT_FOUND Routing data doesn't match any storage in this\r
+ driver.\r
+\r
+**/\r
+EFI_STATUS\r
+EFIAPI\r
+SecureBootExtractConfig (\r
+ IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This,\r
+ IN CONST EFI_STRING Request,\r
+ OUT EFI_STRING *Progress,\r
+ OUT EFI_STRING *Results\r
+ );\r
+\r
+/**\r
+ This function processes the results of changes in configuration.\r
+\r
+ @param[in] This Points to the EFI_HII_CONFIG_ACCESS_PROTOCOL.\r
+ @param[in] Configuration A null-terminated Unicode string in <ConfigResp>\r
+ format.\r
+ @param[out] Progress A pointer to a string filled in with the offset of\r
+ the most recent '&' before the first failing\r
+ name/value pair (or the beginning of the string if\r
+ the failure is in the first name/value pair) or\r
+ the terminating NULL if all was successful.\r
+\r
+ @retval EFI_SUCCESS The Results is processed successfully.\r
+ @retval EFI_INVALID_PARAMETER Configuration is NULL.\r
+ @retval EFI_NOT_FOUND Routing data doesn't match any storage in this\r
+ driver.\r
+\r
+**/\r
+EFI_STATUS\r
+EFIAPI\r
+SecureBootRouteConfig (\r
+ IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This,\r
+ IN CONST EFI_STRING Configuration,\r
+ OUT EFI_STRING *Progress\r
+ );\r
+\r
+/**\r
+ This function processes the results of changes in configuration.\r
+\r
+ @param[in] This Points to the EFI_HII_CONFIG_ACCESS_PROTOCOL.\r
+ @param[in] Action Specifies the type of action taken by the browser.\r
+ @param[in] QuestionId A unique value which is sent to the original\r
+ exporting driver so that it can identify the type\r
+ of data to expect.\r
+ @param[in] Type The type of value for the question.\r
+ @param[in] Value A pointer to the data being sent to the original\r
+ exporting driver.\r
+ @param[out] ActionRequest On return, points to the action requested by the\r
+ callback function.\r
+\r
+ @retval EFI_SUCCESS The callback successfully handled the action.\r
+ @retval EFI_OUT_OF_RESOURCES Not enough storage is available to hold the\r
+ variable and its data.\r
+ @retval EFI_DEVICE_ERROR The variable could not be saved.\r
+ @retval EFI_UNSUPPORTED The specified Action is not supported by the\r
+ callback.\r
+\r
+**/\r
+EFI_STATUS\r
+EFIAPI\r
+SecureBootCallback (\r
+ IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This,\r
+ IN EFI_BROWSER_ACTION Action,\r
+ IN EFI_QUESTION_ID QuestionId,\r
+ IN UINT8 Type,\r
+ IN EFI_IFR_TYPE_VALUE *Value,\r
+ OUT EFI_BROWSER_ACTION_REQUEST *ActionRequest\r
+ );\r
+\r
+#endif\r
--- /dev/null
+/** @file\r
+ Header file for NV data structure definition.\r
+\r
+Copyright (c) 2011, Intel Corporation. All rights reserved.<BR>\r
+This program and the accompanying materials \r
+are licensed and made available under the terms and conditions of the BSD License \r
+which accompanies this distribution. The full text of the license may be found at \r
+http://opensource.org/licenses/bsd-license.php\r
+\r
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, \r
+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
+\r
+**/\r
+\r
+#ifndef __SECUREBOOT_CONFIG_NV_DATA_H__\r
+#define __SECUREBOOT_CONFIG_NV_DATA_H__\r
+\r
+#include <Guid/HiiPlatformSetupFormset.h>\r
+#include <Guid/SecureBootConfigHii.h>\r
+\r
+#define SECUREBOOT_CONFIGURATION_VARSTORE_ID 0x0001\r
+#define SECUREBOOT_CONFIGURATION_FORM_ID 0x0001\r
+\r
+#define KEY_SECURE_BOOT_ENABLE 0x5000\r
+ \r
+//\r
+// Nv Data structure referenced by IFR\r
+//\r
+typedef struct {\r
+ BOOLEAN SecureBootState;\r
+ BOOLEAN HideSecureBoot;\r
+} SECUREBOOT_CONFIGURATION;\r
+\r
+#endif\r