Pop up error message when user tries to enroll an invalid certificate file into KEK...

Signed-off-by: Fu Siyuan <siyuan.fu@intel.com>
Reviewed-by: Ye Ting <ting.ye@intel.com>
Reviewed-by: Yao Jiewen <jiewen.yao@intel.com>
git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@14373 6f19259b-4bc3-4df7-8a09-765794883524

diff --git a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.c b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.c
index 3084f3364e73366e5c14ca37fac53c9df21aad44..e8beecbf583526bdc7a15a2f89b06f083286de91 100644 (file)
--- a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.c
+++ b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.c
@@ -2632,14 +2632,41 @@ SecureBootCallback (
 \r
     case KEY_VALUE_SAVE_AND_EXIT_KEK:\r
       Status = EnrollKeyExchangeKey (Private);\r
+      if (EFI_ERROR (Status)) {\r
+        CreatePopUp (\r
+          EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE,\r
+          &Key,\r
+          L"ERROR: Unsupported file type!",\r
+          L"Only supports DER-encoded X509 certificate",\r
+          NULL\r
+          );\r
+      }\r
       break;\r
 \r
     case KEY_VALUE_SAVE_AND_EXIT_DB:\r
       Status = EnrollSignatureDatabase (Private, EFI_IMAGE_SECURITY_DATABASE);\r
+      if (EFI_ERROR (Status)) {\r
+        CreatePopUp (\r
+          EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE,\r
+          &Key,\r
+          L"ERROR: Unsupported file type!",\r
+          L"Only supports DER-encoded X509 certificate and executable EFI image",\r
+          NULL\r
+          );\r
+      }\r
       break;\r
 \r
     case KEY_VALUE_SAVE_AND_EXIT_DBX:\r
       Status = EnrollSignatureDatabase (Private, EFI_IMAGE_SECURITY_DATABASE1);\r
+      if (EFI_ERROR (Status)) {\r
+        CreatePopUp (\r
+          EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE,\r
+          &Key,\r
+          L"ERROR: Unsupported file type!",\r
+          L"Only supports DER-encoded X509 certificate and executable EFI image",\r
+          NULL\r
+          );\r
+      }\r
       break;\r
 \r
     default:\r
@@ -2680,13 +2707,13 @@ SecureBootCallback (
       break;  \r
     case KEY_VALUE_SAVE_AND_EXIT_PK:\r
       Status = EnrollPlatformKey (Private);\r
-      UnicodeSPrint (\r
-        PromptString,\r
-        sizeof (PromptString),\r
-        L"Only DER encoded certificate file (%s) is supported.",\r
-        mSupportX509Suffix\r
-        );\r
       if (EFI_ERROR (Status)) {\r
+        UnicodeSPrint (\r
+          PromptString,\r
+          sizeof (PromptString),\r
+          L"Only DER encoded certificate file (%s) is supported.",\r
+          mSupportX509Suffix\r
+          );\r
         CreatePopUp (\r
           EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE,\r
           &Key,\r