{ L"SHA512", 64, &mHashOidValue[40], 9, NULL, NULL, NULL, NULL }\r
};\r
\r
-\r
-// Variable Definitions \r
+//\r
+// Variable Definitions \r
+// \r
UINT32 mPeCoffHeaderOffset = 0;\r
WIN_CERTIFICATE *mCertificate = NULL;\r
IMAGE_TYPE mImageType;\r
EFI_IMAGE_SECURITY_DATA_DIRECTORY *mSecDataDir = NULL;\r
EFI_IMAGE_OPTIONAL_HEADER_PTR_UNION mNtHeader;\r
\r
+//\r
+// Possible DER-encoded certificate file suffixes, end with NULL pointer.\r
+//\r
+CHAR16* mDerEncodedSuffix[] = {\r
+ L".cer",\r
+ L".der",\r
+ L".crt",\r
+ NULL\r
+};\r
+CHAR16* mSupportX509Suffix = L"*.cer/der/crt";\r
+\r
+/**\r
+ This code checks if the FileSuffix is one of the possible DER-encoded certificate suffix.\r
+\r
+ @param[in] FileSuffix The suffix of the input certificate file\r
+\r
+ @retval TRUE It's a DER-encoded certificate.\r
+ @retval FALSE It's NOT a DER-encoded certificate.\r
+\r
+**/\r
+BOOLEAN\r
+IsDerEncodeCertificate (\r
+ IN CONST CHAR16 *FileSuffix\r
+)\r
+{\r
+ UINTN Index; \r
+ for (Index = 0; mDerEncodedSuffix[Index] != NULL; Index++) {\r
+ if (StrCmp (FileSuffix, mDerEncodedSuffix[Index]) == 0) {\r
+ return TRUE;\r
+ }\r
+ }\r
+ return FALSE;\r
+}\r
\r
/**\r
Set Secure Boot option into variable space.\r
PkCert = NULL;\r
\r
//\r
- // Parse the file's postfix. Only support DER encoded X.509 certificate files (*.cer or *.der).\r
+ // Parse the file's postfix. Only support DER encoded X.509 certificate files.\r
//\r
FilePostFix = Private->FileContext->FileName + StrLen (Private->FileContext->FileName) - 4;\r
- if ((CompareMem (FilePostFix, L".cer",4) != 0) && (CompareMem (FilePostFix, L".der",4) != 0)) {\r
- DEBUG ((EFI_D_ERROR, "Unsupported file type, only DER encoded certificate file (*.cer or *.der) is supported."));\r
+ if (!IsDerEncodeCertificate(FilePostFix)) {\r
+ DEBUG ((EFI_D_ERROR, "Unsupported file type, only DER encoded certificate (%s) is supported.", mSupportX509Suffix));\r
return EFI_INVALID_PARAMETER;\r
}\r
DEBUG ((EFI_D_INFO, "FileName= %s\n", Private->FileContext->FileName));\r
}\r
\r
//\r
- // Parse the file's postfix. Supports .cer and .der file as X509 certificate, \r
+ // Parse the file's postfix. Supports DER-encoded X509 certificate, \r
// and .pbk as RSA public key file.\r
//\r
FilePostFix = Private->FileContext->FileName + StrLen (Private->FileContext->FileName) - 4;\r
- if ((CompareMem (FilePostFix, L".cer",4) == 0) || (CompareMem (FilePostFix, L".der",4) == 0)) {\r
+ if (IsDerEncodeCertificate(FilePostFix)) {\r
return EnrollX509ToKek (Private);\r
} else if (CompareMem (FilePostFix, L".pbk",4) == 0) {\r
return EnrollRsa2048ToKek (Private);\r
// Parse the file's postfix. \r
//\r
FilePostFix = Private->FileContext->FileName + StrLen (Private->FileContext->FileName) - 4;\r
- if ((CompareMem (FilePostFix, L".cer",4) == 0) || (CompareMem (FilePostFix, L".der",4) == 0)) {\r
+ if (IsDerEncodeCertificate(FilePostFix)) {\r
//\r
- // Supports .cer and .der file as X509 certificate.\r
+ // Supports DER-encoded X509 certificate.\r
//\r
return EnrollX509toSigDB (Private, VariableName);\r
}\r
SECUREBOOT_CONFIGURATION *IfrNvData;\r
UINT16 LabelId;\r
UINT8 *SecureBootEnable;\r
+ CHAR16 PromptString[100];\r
\r
SecureBootEnable = NULL;\r
\r
break; \r
case KEY_VALUE_SAVE_AND_EXIT_PK:\r
Status = EnrollPlatformKey (Private);\r
+ UnicodeSPrint (\r
+ PromptString,\r
+ sizeof (PromptString),\r
+ L"Only DER encoded certificate file (%s) is supported.",\r
+ mSupportX509Suffix\r
+ );\r
if (EFI_ERROR (Status)) {\r
CreatePopUp (\r
EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE,\r
&Key,\r
- L"ERROR: Unsupported file type, only DER encoded certificate file (*.cer or *.der) is supported!",\r
+ L"ERROR: Unsupported file type!",\r
+ PromptString,\r
NULL\r
);\r
} else {\r