Enable/Disable Secured Boot by 'Secure Boot Configuration' Page which is under Setup...
authorqianouyang <qianouyang@6f19259b-4bc3-4df7-8a09-765794883524>
Fri, 28 Oct 2011 03:46:20 +0000 (03:46 +0000)
committerqianouyang <qianouyang@6f19259b-4bc3-4df7-8a09-765794883524>
Fri, 28 Oct 2011 03:46:20 +0000 (03:46 +0000)
Signed-off-by: qianouyang
Reviewed-by: gdong1
git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@12586 6f19259b-4bc3-4df7-8a09-765794883524

17 files changed:
SecurityPkg/Include/Guid/AuthenticatedVariableFormat.h
SecurityPkg/Include/Guid/SecureBootConfigHii.h [new file with mode: 0644]
SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.h
SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.inf
SecurityPkg/SecurityPkg.dec
SecurityPkg/SecurityPkg.dsc
SecurityPkg/VariableAuthenticated/RuntimeDxe/AuthService.c
SecurityPkg/VariableAuthenticated/RuntimeDxe/VariableRuntimeDxe.inf
SecurityPkg/VariableAuthenticated/RuntimeDxe/VariableSmm.inf
SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfig.vfr [new file with mode: 0644]
SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDriver.c [new file with mode: 0644]
SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf [new file with mode: 0644]
SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.c [new file with mode: 0644]
SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.h [new file with mode: 0644]
SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigNvData.h [new file with mode: 0644]
SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigStrings.uni [new file with mode: 0644]

index 245339c..7ff4697 100644 (file)
@@ -21,7 +21,19 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
 #define EFI_AUTHENTICATED_VARIABLE_GUID \\r
   { 0xaaf32c78, 0x947b, 0x439a, { 0xa1, 0x80, 0x2e, 0x14, 0x4e, 0xc3, 0x77, 0x92 } }\r
 \r
+#define EFI_SECURE_BOOT_ENABLE_DISABLE \\r
+  { 0xf0a30bc7, 0xaf08, 0x4556, { 0x99, 0xc4, 0x0, 0x10, 0x9, 0xc9, 0x3a, 0x44 } }\r
+\r
+\r
 extern EFI_GUID gEfiAuthenticatedVariableGuid;\r
+extern EFI_GUID gEfiSecureBootEnableDisableGuid;\r
+\r
+///\r
+/// "SecureBootEnable" variable for the Secure boot feature enable/disable.\r
+///\r
+#define EFI_SECURE_BOOT_ENABLE_NAME      L"SecureBootEnable"\r
+#define SECURE_BOOT_ENABLE               1\r
+#define SECURE_BOOT_DISABLE              0\r
 \r
 ///\r
 /// Alignment of variable name and data, according to the architecture:\r
diff --git a/SecurityPkg/Include/Guid/SecureBootConfigHii.h b/SecurityPkg/Include/Guid/SecureBootConfigHii.h
new file mode 100644 (file)
index 0000000..5f16248
--- /dev/null
@@ -0,0 +1,26 @@
+/** @file\r
+  GUIDs used as HII FormSet and HII Package list GUID in SecureBootConfigDxe driver. \r
+  \r
+Copyright (c) 2011, Intel Corporation. All rights reserved.<BR>\r
+This program and the accompanying materials are licensed and made available under \r
+the terms and conditions of the BSD License that accompanies this distribution.  \r
+The full text of the license may be found at\r
+http://opensource.org/licenses/bsd-license.php.                                            \r
+\r
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,                     \r
+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
+\r
+**/\r
+\r
+#ifndef __SECUREBOOT_CONFIG_HII_GUID_H__\r
+#define __SECUREBOOT_CONFIG_HII_GUID_H__\r
+\r
+#define SECUREBOOT_CONFIG_FORM_SET_GUID \\r
+  { \\r
+    0x5daf50a5, 0xea81, 0x4de2, {0x8f, 0x9b, 0xca, 0xbd, 0xa9, 0xcf, 0x5c, 0x14} \\r
+  }\r
+\r
+\r
+extern EFI_GUID gSecureBootConfigFormSetGuid;\r
+\r
+#endif\r
index dab35d5..7bc3cc0 100644 (file)
@@ -1117,7 +1117,6 @@ DxeImageVerificationHandler (
   IN  VOID                             *FileBuffer,\r
   IN  UINTN                            FileSize\r
   )\r
-\r
 {\r
   EFI_STATUS                  Status;\r
   UINT16                      Magic;\r
@@ -1130,6 +1129,7 @@ DxeImageVerificationHandler (
   EFI_IMAGE_EXECUTION_ACTION  Action;\r
   WIN_CERTIFICATE             *WinCertificate;\r
   UINT32                      Policy;\r
+  UINT8                       *SecureBootEnable;\r
 \r
   if (File == NULL) {\r
     return EFI_INVALID_PARAMETER;\r
@@ -1173,6 +1173,23 @@ DxeImageVerificationHandler (
   } else if (Policy == NEVER_EXECUTE) {\r
     return EFI_ACCESS_DENIED;\r
   }\r
+\r
+  SecureBootEnable = GetVariable (EFI_SECURE_BOOT_ENABLE_NAME, &gEfiSecureBootEnableDisableGuid);\r
+  //\r
+  // Skip verification if SecureBootEnable variable doesn't exist.\r
+  //\r
+  if (SecureBootEnable == NULL) {\r
+    return EFI_SUCCESS;\r
+  }\r
+\r
+  //\r
+  // Skip verification if SecureBootEnable is disabled.\r
+  //\r
+  if (*SecureBootEnable == SECURE_BOOT_DISABLE) {\r
+    FreePool (SecureBootEnable);\r
+    return EFI_SUCCESS;\r
+  }    \r
\r
   SetupMode = GetEfiGlobalVariable (EFI_SETUP_MODE_NAME);\r
 \r
   //\r
index 34ed0c8..2cd1f87 100644 (file)
@@ -34,6 +34,7 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
 #include <Protocol/SimpleFileSystem.h>\r
 #include <Protocol/VariableWrite.h>\r
 #include <Guid/ImageAuthentication.h>\r
+#include <Guid/AuthenticatedVariableFormat.h>\r
 #include <IndustryStandard/PeImage.h>\r
 \r
 #define EFI_CERT_TYPE_RSA2048_SHA256_SIZE 256\r
index 5874d6b..1dda677 100644 (file)
@@ -62,6 +62,7 @@
   gEfiCertSha256Guid\r
   gEfiCertX509Guid\r
   gEfiCertRsa2048Guid\r
+  gEfiSecureBootEnableDisableGuid\r
   \r
 [Pcd]\r
   gEfiSecurityPkgTokenSpaceGuid.PcdOptionRomImageVerificationPolicy\r
index f4605ec..4ed4f40 100644 (file)
@@ -35,6 +35,9 @@
   #  Include/Guid/AuthenticatedVariableFormat.h\r
   gEfiAuthenticatedVariableGuid  = { 0xaaf32c78, 0x947b, 0x439a, { 0xa1, 0x80, 0x2e, 0x14, 0x4e, 0xc3, 0x77, 0x92 } }\r
 \r
+  #  Include/Guid/AuthenticatedVariableFormat.h\r
+  gEfiSecureBootEnableDisableGuid = { 0xf0a30bc7, 0xaf08, 0x4556, { 0x99, 0xc4, 0x0, 0x10, 0x9, 0xc9, 0x3a, 0x44 } }\r
+  \r
   ## Include/Guid/TcgEventHob.h\r
   gTcgEventEntryHobGuid              = { 0x2e3044ac, 0x879f, 0x490f, {0x97, 0x60, 0xbb, 0xdf, 0xaf, 0x69, 0x5f, 0x50 }}\r
 \r
 \r
   ## Include/Guid/TcgConfigHii.h\r
   gTcgConfigFormSetGuid              = { 0xb0f901e4, 0xc424, 0x45de, { 0x90, 0x81, 0x95, 0xe2, 0xb, 0xde, 0x6f, 0xb5 }}\r
-\r
+  \r
+  ## Include/Guid/SecureBootConfigHii.h\r
+  gSecureBootConfigFormSetGuid       = { 0x5daf50a5, 0xea81, 0x4de2, {0x8f, 0x9b, 0xca, 0xbd, 0xa9, 0xcf, 0x5c, 0x14}}\r
+                                      \r
 [Ppis]\r
   ## Include/Ppi/LockPhysicalPresence.h\r
   gPeiLockPhysicalPresencePpiGuid    = { 0xef9aefe5, 0x2bd3, 0x4031, { 0xaf, 0x7d, 0x5e, 0xfe, 0x5a, 0xbb, 0x9a, 0xd } }\r
index 0600a5f..708ed54 100644 (file)
       PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf\r
   }\r
   SecurityPkg/Tcg/TcgSmm/TcgSmm.inf\r
-\r
+  SecurityPkg\VariableAuthenticated\SecureBootConfigDxe\SecureBootConfigDxe.inf\r
+  \r
 [Components.IA32, Components.X64]\r
   SecurityPkg/VariableAuthenticated/RuntimeDxe/VariableRuntimeDxe.inf {\r
     <LibraryClasses>\r
index fc23bb5..ff5c653 100644 (file)
@@ -69,11 +69,15 @@ AutenticatedVariableServiceInitialize (
 {\r
   EFI_STATUS              Status;\r
   VARIABLE_POINTER_TRACK  Variable;\r
+  VARIABLE_POINTER_TRACK  Variable2;\r
   UINT8                   VarValue;\r
   UINT32                  VarAttr;\r
   UINT8                   *Data;\r
   UINTN                   DataSize;\r
   UINTN                   CtxSize;\r
+  UINT8                   SecureBootMode;\r
+  UINT8                   SecureBootEnable;\r
+  \r
   //\r
   // Initialize hash context.\r
   //\r
@@ -146,10 +150,10 @@ AutenticatedVariableServiceInitialize (
     Status = FindVariable (\r
                EFI_PLATFORM_KEY_NAME, \r
                &gEfiGlobalVariableGuid, \r
-               &Variable, \r
+               &Variable2\r
                &mVariableModuleGlobal->VariableGlobal\r
                );\r
-    if (Variable.CurrPtr == NULL) {\r
+    if (Variable2.CurrPtr == NULL) {\r
       mPlatformMode = SETUP_MODE;\r
     } else {\r
       mPlatformMode = USER_MODE;\r
@@ -184,6 +188,7 @@ AutenticatedVariableServiceInitialize (
              &mVariableModuleGlobal->VariableGlobal\r
              );\r
 \r
+\r
   if (Variable.CurrPtr == NULL) {\r
     VarAttr = EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS;\r
     Status  = UpdateVariable (\r
@@ -198,7 +203,37 @@ AutenticatedVariableServiceInitialize (
                 NULL\r
                 );\r
   }\r
-  \r
+\r
+  //\r
+  // If "SecureBootEnable" variable exists, then update "SecureBoot" variable.\r
+  // If "SecureBootEnable" variable is SECURE_BOOT_ENABLE, Set "SecureBoot" variable to SECURE_BOOT_MODE_ENABLE.\r
+  // If "SecureBootEnable" variable is SECURE_BOOT_DISABLE, Set "SecureBoot" variable to SECURE_BOOT_MODE_DISABLE.\r
+  //\r
+  FindVariable (EFI_SECURE_BOOT_ENABLE_NAME, &gEfiSecureBootEnableDisableGuid, &Variable, &mVariableModuleGlobal->VariableGlobal);\r
+  if (Variable.CurrPtr != NULL) {\r
+    SecureBootEnable = *(GetVariableDataPtr (Variable.CurrPtr));\r
+    if (SecureBootEnable == SECURE_BOOT_ENABLE) {\r
+      SecureBootMode = SECURE_BOOT_MODE_ENABLE;\r
+    } else {\r
+      SecureBootMode = SECURE_BOOT_MODE_DISABLE;\r
+    }\r
+    FindVariable (EFI_SECURE_BOOT_MODE_NAME, &gEfiGlobalVariableGuid, &Variable, &mVariableModuleGlobal->VariableGlobal);\r
+    Status = UpdateVariable (\r
+               EFI_SECURE_BOOT_MODE_NAME, \r
+               &gEfiGlobalVariableGuid, \r
+               &SecureBootMode, \r
+               sizeof(UINT8), \r
+               EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS, \r
+               0, \r
+               0, \r
+               &Variable,\r
+               NULL\r
+               );\r
+    if (EFI_ERROR (Status)) {\r
+      return Status;\r
+    }\r
+  }\r
+\r
   //\r
   // Detect whether a secure platform-specific method to clear PK(Platform Key)\r
   // is configured by platform owner. This method is provided for users force to clear PK \r
@@ -445,7 +480,9 @@ UpdatePlatformMode (
   VARIABLE_POINTER_TRACK  Variable;\r
   UINT32                  VarAttr;\r
   UINT8                   SecureBootMode;\r
-\r
+  UINT8                   SecureBootEnable;\r
+  UINTN                   VariableDataSize;\r
+  \r
   Status = FindVariable (\r
              EFI_SETUP_MODE_NAME, \r
              &gEfiGlobalVariableGuid, \r
@@ -457,7 +494,7 @@ UpdatePlatformMode (
   }\r
 \r
   mPlatformMode  = Mode;\r
-  VarAttr        = EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS;\r
+  VarAttr        = EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS;\r
   Status         = UpdateVariable (\r
                      EFI_SETUP_MODE_NAME,\r
                      &gEfiGlobalVariableGuid,\r
@@ -501,8 +538,8 @@ UpdatePlatformMode (
     }\r
   }\r
 \r
-  VarAttr = EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS;\r
-  return    UpdateVariable (\r
+  VarAttr = EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS;\r
+  Status  = UpdateVariable (\r
               EFI_SECURE_BOOT_MODE_NAME,\r
               &gEfiGlobalVariableGuid,\r
               &SecureBootMode,\r
@@ -513,6 +550,51 @@ UpdatePlatformMode (
               &Variable,\r
               NULL\r
               );\r
+\r
+  if (EFI_ERROR (Status)) {\r
+    return Status;\r
+  }\r
+\r
+  //\r
+  // Check "SecureBootEnable" variable's existence. It can enable/disable secure boot feature.\r
+  //\r
+  Status = FindVariable (\r
+             EFI_SECURE_BOOT_ENABLE_NAME, \r
+             &gEfiSecureBootEnableDisableGuid, \r
+             &Variable, \r
+             &mVariableModuleGlobal->VariableGlobal\r
+             );\r
\r
+  if (SecureBootMode == SECURE_BOOT_MODE_ENABLE) {\r
+    //\r
+    // Create the "SecureBootEnable" variable as secure boot is enabled.\r
+    //\r
+    SecureBootEnable = SECURE_BOOT_ENABLE;\r
+    VariableDataSize = sizeof (SecureBootEnable);\r
+  } else {\r
+    //\r
+    // Delete the "SecureBootEnable" variable if this variable exist as "SecureBoot" \r
+    // variable is not in secure boot state.\r
+    //\r
+    if (Variable.CurrPtr == NULL || EFI_ERROR (Status)) {\r
+      return EFI_SUCCESS;\r
+    }\r
+    SecureBootEnable = SECURE_BOOT_DISABLE;\r
+    VariableDataSize = 0;\r
+  }\r
+  \r
+  Status = UpdateVariable (\r
+             EFI_SECURE_BOOT_ENABLE_NAME, \r
+             &gEfiSecureBootEnableDisableGuid, \r
+             &SecureBootEnable, \r
+             VariableDataSize, \r
+             EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS, \r
+             0, \r
+             0, \r
+             &Variable,\r
+             NULL\r
+             );\r
+  return Status;\r
 }\r
 \r
 /**\r
index 5b2689e..d2a2025 100644 (file)
@@ -71,7 +71,8 @@
   gEfiImageSecurityDatabaseGuid\r
   gEfiCertX509Guid\r
   gEfiCertPkcs7Guid\r
-  gEfiCertRsa2048Guid  \r
+  gEfiCertRsa2048Guid\r
+  gEfiSecureBootEnableDisableGuid\r
 \r
 [Pcd]\r
   gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableSize\r
index 01bda72..86f6e92 100644 (file)
@@ -76,7 +76,8 @@
   gEfiImageSecurityDatabaseGuid\r
   gEfiCertX509Guid\r
   gEfiCertPkcs7Guid\r
-  gEfiCertRsa2048Guid  \r
+  gEfiCertRsa2048Guid\r
+  gEfiSecureBootEnableDisableGuid\r
 \r
 [Pcd]\r
   gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableSize\r
diff --git a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfig.vfr b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfig.vfr
new file mode 100644 (file)
index 0000000..fbf5e2e
--- /dev/null
@@ -0,0 +1,50 @@
+/** @file\r
+  VFR file used by the SecureBoot configuration component.\r
+\r
+Copyright (c) 2011, Intel Corporation. All rights reserved.<BR>\r
+This program and the accompanying materials \r
+are licensed and made available under the terms and conditions of the BSD License \r
+which accompanies this distribution.  The full text of the license may be found at \r
+http://opensource.org/licenses/bsd-license.php\r
+\r
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, \r
+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
+\r
+**/\r
+\r
+#include "SecureBootConfigNvData.h"\r
+\r
+formset\r
+  guid      = SECUREBOOT_CONFIG_FORM_SET_GUID,\r
+  title     = STRING_TOKEN(STR_SECUREBOOT_TITLE),\r
+  help      = STRING_TOKEN(STR_SECUREBOOT_HELP),\r
+  classguid = EFI_HII_PLATFORM_SETUP_FORMSET_GUID,\r
+\r
+  varstore SECUREBOOT_CONFIGURATION,\r
+    varid = SECUREBOOT_CONFIGURATION_VARSTORE_ID,\r
+    name  = SECUREBOOT_CONFIGURATION,\r
+    guid  = SECUREBOOT_CONFIG_FORM_SET_GUID;\r
+\r
+  form formid = SECUREBOOT_CONFIGURATION_FORM_ID,\r
+    title = STRING_TOKEN(STR_SECUREBOOT_TITLE);\r
+\r
+    subtitle text = STRING_TOKEN(STR_NULL);\r
+\r
+    suppressif TRUE;\r
+      checkbox varid   = SECUREBOOT_CONFIGURATION.HideSecureBoot,\r
+              prompt   = STRING_TOKEN(STR_NULL),\r
+              help     = STRING_TOKEN(STR_NULL),\r
+      endcheckbox;\r
+    endif;\r
+    \r
+    grayoutif ideqval SECUREBOOT_CONFIGURATION.HideSecureBoot == 1;\r
+    checkbox varid = SECUREBOOT_CONFIGURATION.SecureBootState,\r
+          questionid = KEY_SECURE_BOOT_ENABLE,\r
+          prompt = STRING_TOKEN(STR_SECURE_BOOT_PROMPT),\r
+          help   = STRING_TOKEN(STR_SECURE_BOOT_HELP),\r
+    endcheckbox;\r
+    endif;\r
+\r
+  endform;\r
+\r
+endformset;\r
diff --git a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDriver.c b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDriver.c
new file mode 100644 (file)
index 0000000..1d6c4ac
--- /dev/null
@@ -0,0 +1,133 @@
+/** @file\r
+  The module entry point for SecureBoot configuration module.\r
+\r
+Copyright (c) 2011, Intel Corporation. All rights reserved.<BR>\r
+This program and the accompanying materials \r
+are licensed and made available under the terms and conditions of the BSD License \r
+which accompanies this distribution.  The full text of the license may be found at \r
+http://opensource.org/licenses/bsd-license.php\r
+\r
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, \r
+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
+\r
+**/\r
+\r
+#include "SecureBootConfigImpl.h"\r
+\r
+/**\r
+  The entry point for SecureBoot configuration driver.\r
+\r
+  @param[in]  ImageHandle        The image handle of the driver.\r
+  @param[in]  SystemTable        The system table.\r
+\r
+  @retval EFI_ALREADY_STARTED    The driver already exists in system.\r
+  @retval EFI_OUT_OF_RESOURCES   Fail to execute entry point due to lack of resources.\r
+  @retval EFI_SUCCES             All the related protocols are installed on the driver.\r
+  @retval Others                 Fail to get the SecureBootEnable variable.\r
+\r
+**/\r
+EFI_STATUS\r
+EFIAPI\r
+SecureBootConfigDriverEntryPoint (\r
+  IN EFI_HANDLE          ImageHandle,\r
+  IN EFI_SYSTEM_TABLE    *SystemTable\r
+  )\r
+{\r
+  EFI_STATUS                       Status;\r
+  SECUREBOOT_CONFIG_PRIVATE_DATA   *PrivateData;\r
+  \r
+  //\r
+  // If already started, return.\r
+  //\r
+    Status = gBS->OpenProtocol (\r
+                  ImageHandle,\r
+                  &gEfiCallerIdGuid,\r
+                  NULL,\r
+                  ImageHandle,\r
+                  ImageHandle,\r
+                  EFI_OPEN_PROTOCOL_TEST_PROTOCOL\r
+                  );\r
+  if (!EFI_ERROR (Status)) {\r
+    return EFI_ALREADY_STARTED;\r
+  }\r
+  \r
+  //\r
+  // Create a private data structure.\r
+  //\r
+  PrivateData = AllocateCopyPool (sizeof (SECUREBOOT_CONFIG_PRIVATE_DATA), &mSecureBootConfigPrivateDateTemplate);\r
+  if (PrivateData == NULL) {\r
+    return EFI_OUT_OF_RESOURCES;\r
+  }\r
+    \r
+  //\r
+  // Install SecureBoot configuration form\r
+  //\r
+  Status = InstallSecureBootConfigForm (PrivateData);\r
+  if (EFI_ERROR (Status)) {\r
+    goto ErrorExit;\r
+  }\r
+\r
+  //\r
+  // Install private GUID.\r
+  //    \r
+  Status = gBS->InstallMultipleProtocolInterfaces (\r
+                  &ImageHandle,\r
+                  &gEfiCallerIdGuid,\r
+                  PrivateData,\r
+                  NULL\r
+                  );\r
+\r
+  if (EFI_ERROR (Status)) {\r
+    goto ErrorExit;\r
+  }\r
+\r
+  return EFI_SUCCESS;\r
+\r
+ErrorExit:\r
+  if (PrivateData != NULL) {\r
+    UninstallSecureBootConfigForm (PrivateData);\r
+  }  \r
+  \r
+  return Status;\r
+}\r
+\r
+/**\r
+  Unload the SecureBoot configuration form.\r
+\r
+  @param[in]  ImageHandle         The driver's image handle.\r
+\r
+  @retval     EFI_SUCCESS         The SecureBoot configuration form is unloaded.\r
+  @retval     Others              Failed to unload the form.\r
+\r
+**/\r
+EFI_STATUS\r
+EFIAPI\r
+SecureBootConfigDriverUnload (\r
+  IN EFI_HANDLE  ImageHandle\r
+  )\r
+{\r
+  EFI_STATUS                  Status;\r
+  SECUREBOOT_CONFIG_PRIVATE_DATA   *PrivateData;\r
+\r
+  Status = gBS->HandleProtocol (\r
+                  ImageHandle,\r
+                  &gEfiCallerIdGuid,\r
+                  (VOID **) &PrivateData\r
+                  );  \r
+  if (EFI_ERROR (Status)) {\r
+    return Status;  \r
+  }\r
+  \r
+  ASSERT (PrivateData->Signature == SECUREBOOT_CONFIG_PRIVATE_DATA_SIGNATURE);\r
+\r
+  gBS->UninstallMultipleProtocolInterfaces (\r
+         &ImageHandle,\r
+         &gEfiCallerIdGuid,\r
+         PrivateData,\r
+         NULL\r
+         );\r
+  \r
+  UninstallSecureBootConfigForm (PrivateData);\r
+\r
+  return EFI_SUCCESS;\r
+}\r
diff --git a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf
new file mode 100644 (file)
index 0000000..b0254da
--- /dev/null
@@ -0,0 +1,65 @@
+## @file\r
+#  Component name for SecureBoot configuration module.\r
+#\r
+# Copyright (c) 2011, Intel Corporation. All rights reserved.<BR>\r
+# This program and the accompanying materials\r
+# are licensed and made available under the terms and conditions of the BSD License\r
+# which accompanies this distribution. The full text of the license may be found at\r
+# http://opensource.org/licenses/bsd-license.php\r
+# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,\r
+# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
+#\r
+##\r
+\r
+[Defines]\r
+  INF_VERSION                    = 0x00010005\r
+  BASE_NAME                      = SecureBootConfigDxe\r
+  FILE_GUID                      = F0E6A44F-7195-41c3-AC64-54F202CD0A21\r
+  MODULE_TYPE                    = DXE_DRIVER\r
+  VERSION_STRING                 = 1.0\r
+  ENTRY_POINT                    = SecureBootConfigDriverEntryPoint\r
+  UNLOAD_IMAGE                   = SecureBootConfigDriverUnload\r
+\r
+#\r
+#  VALID_ARCHITECTURES           = IA32 X64 IPF EBC\r
+#\r
+\r
+[Sources]\r
+  SecureBootConfigDriver.c\r
+  SecureBootConfigImpl.c\r
+  SecureBootConfigImpl.h\r
+  SecureBootConfig.vfr\r
+  SecureBootConfigStrings.uni\r
+  SecureBootConfigNvData.h\r
+\r
+[Packages]\r
+  MdePkg/MdePkg.dec\r
+  MdeModulePkg/MdeModulePkg.dec\r
+  SecurityPkg/SecurityPkg.dec\r
+\r
+[LibraryClasses]\r
+  BaseLib\r
+  BaseMemoryLib\r
+  MemoryAllocationLib\r
+  UefiLib\r
+  UefiBootServicesTableLib\r
+  UefiRuntimeServicesTableLib\r
+  UefiDriverEntryPoint\r
+  UefiHiiServicesLib\r
+  DebugLib\r
+  HiiLib\r
+\r
+[Guids]\r
+  gEfiIfrTianoGuid\r
+  gEfiSecureBootEnableDisableGuid\r
+  gSecureBootConfigFormSetGuid\r
+\r
+[Protocols]\r
+  gEfiHiiConfigAccessProtocolGuid               ## PRODUCES\r
+  gEfiHiiConfigRoutingProtocolGuid              ## CONSUMES\r
+\r
+[Depex]\r
+  gEfiHiiConfigRoutingProtocolGuid  AND\r
+  gEfiHiiDatabaseProtocolGuid       AND\r
+  gEfiVariableArchProtocolGuid      AND\r
+  gEfiVariableWriteArchProtocolGuid\r
diff --git a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.c b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.c
new file mode 100644 (file)
index 0000000..f0a3f07
--- /dev/null
@@ -0,0 +1,393 @@
+/** @file\r
+  HII Config Access protocol implementation of SecureBoot configuration module.\r
+\r
+Copyright (c) 2011, Intel Corporation. All rights reserved.<BR>\r
+This program and the accompanying materials \r
+are licensed and made available under the terms and conditions of the BSD License \r
+which accompanies this distribution.  The full text of the license may be found at \r
+http://opensource.org/licenses/bsd-license.php\r
+\r
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, \r
+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
+\r
+**/\r
+\r
+#include "SecureBootConfigImpl.h"\r
+\r
+CHAR16                          mSecureBootStorageName[] = L"SECUREBOOT_CONFIGURATION";\r
+\r
+SECUREBOOT_CONFIG_PRIVATE_DATA         mSecureBootConfigPrivateDateTemplate = {\r
+  SECUREBOOT_CONFIG_PRIVATE_DATA_SIGNATURE,\r
+  {\r
+    SecureBootExtractConfig,\r
+    SecureBootRouteConfig,\r
+    SecureBootCallback\r
+  }\r
+};\r
+\r
+HII_VENDOR_DEVICE_PATH          mSecureBootHiiVendorDevicePath = {\r
+  {\r
+    {\r
+      HARDWARE_DEVICE_PATH,\r
+      HW_VENDOR_DP,\r
+      {\r
+        (UINT8) (sizeof (VENDOR_DEVICE_PATH)),\r
+        (UINT8) ((sizeof (VENDOR_DEVICE_PATH)) >> 8)\r
+      }\r
+    },\r
+    SECUREBOOT_CONFIG_FORM_SET_GUID\r
+  },\r
+  {\r
+    END_DEVICE_PATH_TYPE,\r
+    END_ENTIRE_DEVICE_PATH_SUBTYPE,\r
+    { \r
+      (UINT8) (END_DEVICE_PATH_LENGTH),\r
+      (UINT8) ((END_DEVICE_PATH_LENGTH) >> 8)\r
+    }\r
+  }\r
+};\r
+\r
+/**\r
+  Save Secure Boot option to variable space.\r
+\r
+  @param[in] VarValue              The option of Secure Boot.\r
+\r
+  @retval    EFI_SUCCESS           The operation is finished successfully.\r
+  @retval    Others                Other errors as indicated.\r
+\r
+**/\r
+EFI_STATUS\r
+SaveSecureBootVariable (\r
+  IN UINT8                         VarValue\r
+  )\r
+{\r
+  EFI_STATUS                       Status;\r
+  \r
+  Status = gRT->SetVariable (\r
+             EFI_SECURE_BOOT_ENABLE_NAME, \r
+             &gEfiSecureBootEnableDisableGuid,\r
+             EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS, \r
+             sizeof (UINT8), \r
+             &VarValue\r
+             );\r
+  if (EFI_ERROR (Status)) {\r
+    return Status;\r
+  }\r
+  gRT->ResetSystem (EfiResetCold, EFI_SUCCESS, 0, NULL);\r
+  return EFI_SUCCESS;\r
+}\r
+\r
+/**\r
+  This function allows a caller to extract the current configuration for one\r
+  or more named elements from the target driver.\r
+\r
+  @param[in]   This              Points to the EFI_HII_CONFIG_ACCESS_PROTOCOL.\r
+  @param[in]   Request           A null-terminated Unicode string in\r
+                                 <ConfigRequest> format.\r
+  @param[out]  Progress          On return, points to a character in the Request\r
+                                 string. Points to the string's null terminator if\r
+                                 request was successful. Points to the most recent\r
+                                 '&' before the first failing name/value pair (or\r
+                                 the beginning of the string if the failure is in\r
+                                 the first name/value pair) if the request was not\r
+                                 successful.\r
+  @param[out]  Results           A null-terminated Unicode string in\r
+                                 <ConfigAltResp> format which has all values filled\r
+                                 in for the names in the Request string. String to\r
+                                 be allocated by the called function.\r
+\r
+  @retval EFI_SUCCESS            The Results is filled with the requested values.\r
+  @retval EFI_OUT_OF_RESOURCES   Not enough memory to store the results.\r
+  @retval EFI_INVALID_PARAMETER  Request is illegal syntax, or unknown name.\r
+  @retval EFI_NOT_FOUND          Routing data doesn't match any storage in this\r
+                                 driver.\r
+\r
+**/\r
+EFI_STATUS\r
+EFIAPI\r
+SecureBootExtractConfig (\r
+  IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL        *This,\r
+  IN CONST EFI_STRING                            Request,\r
+       OUT EFI_STRING                            *Progress,\r
+       OUT EFI_STRING                            *Results\r
+  )\r
+{\r
+  EFI_STATUS                        Status;\r
+  UINTN                             BufferSize;\r
+  SECUREBOOT_CONFIGURATION          Configuration;\r
+  \r
+  EFI_STRING                        ConfigRequest;\r
+  UINT8                             *SecureBootEnable;\r
+  \r
+  if (Progress == NULL || Results == NULL) {\r
+    return EFI_INVALID_PARAMETER;\r
+  }\r
+\r
+  *Progress = Request;\r
+  if ((Request != NULL) && !HiiIsConfigHdrMatch (Request, &gSecureBootConfigFormSetGuid, mSecureBootStorageName)) {\r
+    return EFI_NOT_FOUND;\r
+  }\r
+\r
+  //\r
+  // Get the SecureBoot Variable\r
+  //\r
+  SecureBootEnable = GetVariable (EFI_SECURE_BOOT_ENABLE_NAME, &gEfiSecureBootEnableDisableGuid);  \r
+  \r
+  //\r
+  // If the SecureBoot Variable doesn't exist, hide the SecureBoot Enable/Disable\r
+  // Checkbox.\r
+  //\r
+  if (SecureBootEnable == NULL) {\r
+    Configuration.HideSecureBoot = TRUE;\r
+  } else {\r
+    Configuration.HideSecureBoot = FALSE;\r
+    Configuration.SecureBootState = *SecureBootEnable;\r
+  }\r
+  \r
+  BufferSize = sizeof (Configuration);\r
+  ConfigRequest = Request;\r
+\r
+  Status = gHiiConfigRouting->BlockToConfig (\r
+                                gHiiConfigRouting,\r
+                                ConfigRequest,\r
+                                (UINT8 *) &Configuration,\r
+                                BufferSize,\r
+                                Results,\r
+                                Progress\r
+                                );\r
+  \r
+  //\r
+  // Set Progress string to the original request string.\r
+  //\r
+  if (Request == NULL) {\r
+    *Progress = NULL;\r
+  } else if (StrStr (Request, L"OFFSET") == NULL) {\r
+    *Progress = Request + StrLen (Request);\r
+  }\r
+\r
+  return Status;\r
+}\r
+\r
+/**\r
+  This function processes the results of changes in configuration.\r
+\r
+  @param[in]  This               Points to the EFI_HII_CONFIG_ACCESS_PROTOCOL.\r
+  @param[in]  Configuration      A null-terminated Unicode string in <ConfigResp>\r
+                                 format.\r
+  @param[out] Progress           A pointer to a string filled in with the offset of\r
+                                 the most recent '&' before the first failing\r
+                                 name/value pair (or the beginning of the string if\r
+                                 the failure is in the first name/value pair) or\r
+                                 the terminating NULL if all was successful.\r
+\r
+  @retval EFI_SUCCESS            The Results is processed successfully.\r
+  @retval EFI_INVALID_PARAMETER  Configuration is NULL.\r
+  @retval EFI_NOT_FOUND          Routing data doesn't match any storage in this\r
+                                 driver.\r
+\r
+**/\r
+EFI_STATUS\r
+EFIAPI\r
+SecureBootRouteConfig (\r
+  IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL      *This,\r
+  IN CONST EFI_STRING                          Configuration,\r
+       OUT EFI_STRING                          *Progress\r
+  )\r
+{\r
+  EFI_STATUS                       Status;\r
+  UINTN                            BufferSize;\r
+  SECUREBOOT_CONFIGURATION         SecureBootConfiguration;\r
+  UINT8                            *SecureBootEnable;\r
+    \r
+\r
+  if (Configuration == NULL || Progress == NULL) {\r
+    return EFI_INVALID_PARAMETER;\r
+  }\r
+\r
+  *Progress = Configuration;\r
+  if (!HiiIsConfigHdrMatch (Configuration, &gSecureBootConfigFormSetGuid, mSecureBootStorageName)) {\r
+    return EFI_NOT_FOUND;\r
+  }\r
+\r
+  //\r
+  // Convert <ConfigResp> to buffer data by helper function ConfigToBlock()\r
+  //\r
+  BufferSize = sizeof (SECUREBOOT_CONFIGURATION);\r
+  Status = gHiiConfigRouting->ConfigToBlock (\r
+                                gHiiConfigRouting,\r
+                                Configuration,\r
+                                (UINT8 *) &SecureBootConfiguration,\r
+                                &BufferSize,\r
+                                Progress\r
+                                );\r
+  if (EFI_ERROR (Status)) {\r
+    return Status;\r
+  }\r
+\r
+  SecureBootEnable = GetVariable (EFI_SECURE_BOOT_ENABLE_NAME, &gEfiSecureBootEnableDisableGuid);  \r
+  if (SecureBootEnable == NULL) {\r
+    return EFI_SUCCESS;\r
+  } \r
+  \r
+  if ((*SecureBootEnable) != SecureBootConfiguration.SecureBootState) {\r
+    //\r
+    // If the configure is changed, update the SecureBoot Variable.\r
+    //\r
+    SaveSecureBootVariable (SecureBootConfiguration.SecureBootState); \r
+  }  \r
+  return EFI_SUCCESS;\r
+}\r
+\r
+/**\r
+  This function processes the results of changes in configuration.\r
+\r
+  @param[in]  This               Points to the EFI_HII_CONFIG_ACCESS_PROTOCOL.\r
+  @param[in]  Action             Specifies the type of action taken by the browser.\r
+  @param[in]  QuestionId         A unique value which is sent to the original\r
+                                 exporting driver so that it can identify the type\r
+                                 of data to expect.\r
+  @param[in]  Type               The type of value for the question.\r
+  @param[in]  Value              A pointer to the data being sent to the original\r
+                                 exporting driver.\r
+  @param[out] ActionRequest      On return, points to the action requested by the\r
+                                 callback function.\r
+\r
+  @retval EFI_SUCCESS            The callback successfully handled the action.\r
+  @retval EFI_OUT_OF_RESOURCES   Not enough storage is available to hold the\r
+                                 variable and its data.\r
+  @retval EFI_DEVICE_ERROR       The variable could not be saved.\r
+  @retval EFI_UNSUPPORTED        The specified Action is not supported by the\r
+                                 callback.\r
+\r
+**/\r
+EFI_STATUS\r
+EFIAPI\r
+SecureBootCallback (\r
+  IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL      *This,\r
+  IN     EFI_BROWSER_ACTION                    Action,\r
+  IN     EFI_QUESTION_ID                       QuestionId,\r
+  IN     UINT8                                 Type,\r
+  IN     EFI_IFR_TYPE_VALUE                    *Value,\r
+     OUT EFI_BROWSER_ACTION_REQUEST            *ActionRequest\r
+  )\r
+{\r
+  BOOLEAN           SecureBootEnable;\r
+  \r
+  if ((This == NULL) || (Value == NULL) || (ActionRequest == NULL)) {\r
+    return EFI_INVALID_PARAMETER;\r
+  }\r
+\r
+  if ((Action != EFI_BROWSER_ACTION_CHANGING) || (QuestionId != KEY_SECURE_BOOT_ENABLE)) {\r
+    return EFI_UNSUPPORTED;\r
+  }\r
+  \r
+  if (NULL == GetVariable (EFI_SECURE_BOOT_ENABLE_NAME, &gEfiSecureBootEnableDisableGuid)) {\r
+    return EFI_SUCCESS;\r
+  }\r
+  \r
+  SecureBootEnable = Value->u8;\r
+  SaveSecureBootVariable (Value->u8); \r
+  return EFI_SUCCESS;\r
+\r
+}\r
+\r
+/**\r
+  This function publish the SecureBoot configuration Form.\r
+\r
+  @param[in, out]  PrivateData   Points to SecureBoot configuration private data.\r
+\r
+  @retval EFI_SUCCESS            HII Form is installed for this network device.\r
+  @retval EFI_OUT_OF_RESOURCES   Not enough resource for HII Form installation.\r
+  @retval Others                 Other errors as indicated.\r
+\r
+**/\r
+EFI_STATUS\r
+InstallSecureBootConfigForm (\r
+  IN OUT SECUREBOOT_CONFIG_PRIVATE_DATA  *PrivateData\r
+  )\r
+{\r
+  EFI_STATUS                      Status;\r
+  EFI_HII_HANDLE                  HiiHandle;\r
+  EFI_HANDLE                      DriverHandle;\r
+\r
+  EFI_HII_CONFIG_ACCESS_PROTOCOL  *ConfigAccess;\r
+\r
+  DriverHandle = NULL;\r
+  ConfigAccess = &PrivateData->ConfigAccess;\r
+  Status = gBS->InstallMultipleProtocolInterfaces (\r
+                  &DriverHandle,\r
+                  &gEfiDevicePathProtocolGuid,\r
+                  &mSecureBootHiiVendorDevicePath,\r
+                  &gEfiHiiConfigAccessProtocolGuid,\r
+                  ConfigAccess,\r
+                  NULL\r
+                  );\r
+  if (EFI_ERROR (Status)) {\r
+    return Status;\r
+  }\r
+\r
+  PrivateData->DriverHandle = DriverHandle;\r
+\r
+  //\r
+  // Publish the HII package list\r
+  //\r
+  HiiHandle = HiiAddPackages (\r
+                &gSecureBootConfigFormSetGuid,\r
+                DriverHandle,\r
+                SecureBootConfigDxeStrings,\r
+                SecureBootConfigBin,\r
+                NULL\r
+                );\r
+  if (HiiHandle == NULL) {\r
+    gBS->UninstallMultipleProtocolInterfaces (\r
+           DriverHandle,\r
+           &gEfiDevicePathProtocolGuid,\r
+           &mSecureBootHiiVendorDevicePath,\r
+           &gEfiHiiConfigAccessProtocolGuid,\r
+           ConfigAccess,\r
+           NULL\r
+           );  \r
+\r
+    return EFI_OUT_OF_RESOURCES;\r
+  }\r
+  \r
+  PrivateData->HiiHandle = HiiHandle;\r
+  return EFI_SUCCESS;  \r
+}\r
+\r
+/**\r
+  This function removes SecureBoot configuration Form.\r
+\r
+  @param[in, out]  PrivateData   Points to SecureBoot configuration private data.\r
+\r
+**/\r
+VOID\r
+UninstallSecureBootConfigForm (\r
+  IN OUT SECUREBOOT_CONFIG_PRIVATE_DATA    *PrivateData\r
+  )\r
+{\r
+  //\r
+  // Uninstall HII package list\r
+  //\r
+  if (PrivateData->HiiHandle != NULL) {\r
+    HiiRemovePackages (PrivateData->HiiHandle);\r
+    PrivateData->HiiHandle = NULL;\r
+  }\r
+\r
+  //\r
+  // Uninstall HII Config Access Protocol\r
+  //\r
+  if (PrivateData->DriverHandle != NULL) {\r
+    gBS->UninstallMultipleProtocolInterfaces (\r
+           PrivateData->DriverHandle,\r
+           &gEfiDevicePathProtocolGuid,\r
+           &mSecureBootHiiVendorDevicePath,\r
+           &gEfiHiiConfigAccessProtocolGuid,\r
+           &PrivateData->ConfigAccess,\r
+           NULL\r
+           );\r
+    PrivateData->DriverHandle = NULL;\r
+  }\r
+  \r
+  FreePool (PrivateData);\r
+}\r
diff --git a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.h b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.h
new file mode 100644 (file)
index 0000000..ef19031
--- /dev/null
@@ -0,0 +1,190 @@
+/** @file\r
+  The header file of HII Config Access protocol implementation of SecureBoot\r
+  configuration module.\r
+\r
+Copyright (c) 2011, Intel Corporation. All rights reserved.<BR>\r
+This program and the accompanying materials \r
+are licensed and made available under the terms and conditions of the BSD License \r
+which accompanies this distribution.  The full text of the license may be found at \r
+http://opensource.org/licenses/bsd-license.php\r
+\r
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, \r
+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
+\r
+**/\r
+\r
+#ifndef __SECUREBOOT_CONFIG_IMPL_H__\r
+#define __SECUREBOOT_CONFIG_IMPL_H__\r
+\r
+#include <Uefi.h>\r
+\r
+#include <Protocol/HiiConfigAccess.h>\r
+#include <Protocol/HiiConfigRouting.h>\r
+\r
+#include <Library/BaseLib.h>\r
+#include <Library/BaseMemoryLib.h>\r
+#include <Library/DebugLib.h>\r
+#include <Library/MemoryAllocationLib.h>\r
+#include <Library/UefiBootServicesTableLib.h>\r
+#include <Library/UefiRuntimeServicesTableLib.h>\r
+#include <Library/UefiHiiServicesLib.h>\r
+#include <Library/UefiLib.h>\r
+#include <Library/HiiLib.h>\r
+#include <Library/DevicePathLib.h>\r
+\r
+#include <Guid/MdeModuleHii.h>\r
+#include <Guid/AuthenticatedVariableFormat.h>\r
+\r
+#include "SecureBootConfigNvData.h"\r
+\r
+//\r
+// Tool generated IFR binary data and String package data\r
+//\r
+extern UINT8                        SecureBootConfigBin[];\r
+extern UINT8                        SecureBootConfigDxeStrings[];\r
+\r
+///\r
+/// HII specific Vendor Device Path definition.\r
+///\r
+typedef struct {\r
+  VENDOR_DEVICE_PATH                VendorDevicePath;\r
+  EFI_DEVICE_PATH_PROTOCOL          End;\r
+} HII_VENDOR_DEVICE_PATH;\r
+\r
+typedef struct {\r
+  UINTN                             Signature;\r
+\r
+  EFI_HII_CONFIG_ACCESS_PROTOCOL    ConfigAccess;\r
+  EFI_HII_HANDLE                    HiiHandle;\r
+  EFI_HANDLE                        DriverHandle;\r
+\r
+} SECUREBOOT_CONFIG_PRIVATE_DATA;\r
+\r
+extern SECUREBOOT_CONFIG_PRIVATE_DATA      mSecureBootConfigPrivateDateTemplate;\r
+\r
+#define SECUREBOOT_CONFIG_PRIVATE_DATA_SIGNATURE     SIGNATURE_32 ('S', 'E', 'C', 'B')\r
+#define SECUREBOOT_CONFIG_PRIVATE_DATA_FROM_THIS(a)  CR (a, SECUREBOOT_CONFIG_PRIVATE_DATA, ConfigAccess, SECUREBOOT_CONFIG_PRIVATE_DATA_SIGNATURE)\r
+\r
+\r
+/**\r
+  This function publish the SecureBoot configuration Form.\r
+\r
+  @param[in, out]  PrivateData   Points to SecureBoot configuration private data.\r
+\r
+  @retval EFI_SUCCESS            HII Form is installed for this network device.\r
+  @retval EFI_OUT_OF_RESOURCES   Not enough resource for HII Form installation.\r
+  @retval Others                 Other errors as indicated.\r
+\r
+**/\r
+EFI_STATUS\r
+InstallSecureBootConfigForm (\r
+  IN OUT SECUREBOOT_CONFIG_PRIVATE_DATA  *PrivateData\r
+  );\r
+\r
+/**\r
+  This function removes SecureBoot configuration Form.\r
+\r
+  @param[in, out]  PrivateData   Points to SecureBoot configuration private data.\r
+\r
+**/\r
+\r
+VOID\r
+UninstallSecureBootConfigForm (\r
+  IN OUT SECUREBOOT_CONFIG_PRIVATE_DATA    *PrivateData\r
+  );\r
+\r
+/**\r
+  This function allows a caller to extract the current configuration for one\r
+  or more named elements from the target driver.\r
+\r
+  @param[in]   This              Points to the EFI_HII_CONFIG_ACCESS_PROTOCOL.\r
+  @param[in]   Request           A null-terminated Unicode string in\r
+                                 <ConfigRequest> format.\r
+  @param[out]  Progress          On return, points to a character in the Request\r
+                                 string. Points to the string's null terminator if\r
+                                 request was successful. Points to the most recent\r
+                                 '&' before the first failing name/value pair (or\r
+                                 the beginning of the string if the failure is in\r
+                                 the first name/value pair) if the request was not\r
+                                 successful.\r
+  @param[out]  Results           A null-terminated Unicode string in\r
+                                 <ConfigAltResp> format which has all values filled\r
+                                 in for the names in the Request string. String to\r
+                                 be allocated by the called function.\r
+\r
+  @retval EFI_SUCCESS            The Results is filled with the requested values.\r
+  @retval EFI_OUT_OF_RESOURCES   Not enough memory to store the results.\r
+  @retval EFI_INVALID_PARAMETER  Request is illegal syntax, or unknown name.\r
+  @retval EFI_NOT_FOUND          Routing data doesn't match any storage in this\r
+                                 driver.\r
+\r
+**/\r
+EFI_STATUS\r
+EFIAPI\r
+SecureBootExtractConfig (\r
+  IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL        *This,\r
+  IN CONST EFI_STRING                            Request,\r
+       OUT EFI_STRING                            *Progress,\r
+       OUT EFI_STRING                            *Results\r
+  );\r
+\r
+/**\r
+  This function processes the results of changes in configuration.\r
+\r
+  @param[in]  This               Points to the EFI_HII_CONFIG_ACCESS_PROTOCOL.\r
+  @param[in]  Configuration      A null-terminated Unicode string in <ConfigResp>\r
+                                 format.\r
+  @param[out] Progress           A pointer to a string filled in with the offset of\r
+                                 the most recent '&' before the first failing\r
+                                 name/value pair (or the beginning of the string if\r
+                                 the failure is in the first name/value pair) or\r
+                                 the terminating NULL if all was successful.\r
+\r
+  @retval EFI_SUCCESS            The Results is processed successfully.\r
+  @retval EFI_INVALID_PARAMETER  Configuration is NULL.\r
+  @retval EFI_NOT_FOUND          Routing data doesn't match any storage in this\r
+                                 driver.\r
+\r
+**/\r
+EFI_STATUS\r
+EFIAPI\r
+SecureBootRouteConfig (\r
+  IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL      *This,\r
+  IN CONST EFI_STRING                          Configuration,\r
+       OUT EFI_STRING                          *Progress\r
+  );\r
+\r
+/**\r
+  This function processes the results of changes in configuration.\r
+\r
+  @param[in]  This               Points to the EFI_HII_CONFIG_ACCESS_PROTOCOL.\r
+  @param[in]  Action             Specifies the type of action taken by the browser.\r
+  @param[in]  QuestionId         A unique value which is sent to the original\r
+                                 exporting driver so that it can identify the type\r
+                                 of data to expect.\r
+  @param[in]  Type               The type of value for the question.\r
+  @param[in]  Value              A pointer to the data being sent to the original\r
+                                 exporting driver.\r
+  @param[out] ActionRequest      On return, points to the action requested by the\r
+                                 callback function.\r
+\r
+  @retval EFI_SUCCESS            The callback successfully handled the action.\r
+  @retval EFI_OUT_OF_RESOURCES   Not enough storage is available to hold the\r
+                                 variable and its data.\r
+  @retval EFI_DEVICE_ERROR       The variable could not be saved.\r
+  @retval EFI_UNSUPPORTED        The specified Action is not supported by the\r
+                                 callback.\r
+\r
+**/\r
+EFI_STATUS\r
+EFIAPI\r
+SecureBootCallback (\r
+  IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL      *This,\r
+  IN     EFI_BROWSER_ACTION                    Action,\r
+  IN     EFI_QUESTION_ID                       QuestionId,\r
+  IN     UINT8                                 Type,\r
+  IN     EFI_IFR_TYPE_VALUE                    *Value,\r
+     OUT EFI_BROWSER_ACTION_REQUEST            *ActionRequest\r
+  );\r
+\r
+#endif\r
diff --git a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigNvData.h b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigNvData.h
new file mode 100644 (file)
index 0000000..278066e
--- /dev/null
@@ -0,0 +1,34 @@
+/** @file\r
+  Header file for NV data structure definition.\r
+\r
+Copyright (c) 2011, Intel Corporation. All rights reserved.<BR>\r
+This program and the accompanying materials \r
+are licensed and made available under the terms and conditions of the BSD License \r
+which accompanies this distribution.  The full text of the license may be found at \r
+http://opensource.org/licenses/bsd-license.php\r
+\r
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, \r
+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
+\r
+**/\r
+\r
+#ifndef __SECUREBOOT_CONFIG_NV_DATA_H__\r
+#define __SECUREBOOT_CONFIG_NV_DATA_H__\r
+\r
+#include <Guid/HiiPlatformSetupFormset.h>\r
+#include <Guid/SecureBootConfigHii.h>\r
+\r
+#define SECUREBOOT_CONFIGURATION_VARSTORE_ID  0x0001\r
+#define SECUREBOOT_CONFIGURATION_FORM_ID      0x0001\r
+\r
+#define KEY_SECURE_BOOT_ENABLE         0x5000\r
\r
+//\r
+// Nv Data structure referenced by IFR\r
+//\r
+typedef struct {\r
+  BOOLEAN SecureBootState;\r
+  BOOLEAN HideSecureBoot;\r
+} SECUREBOOT_CONFIGURATION;\r
+\r
+#endif\r
diff --git a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigStrings.uni b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigStrings.uni
new file mode 100644 (file)
index 0000000..99f728e
Binary files /dev/null and b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigStrings.uni differ