From: sfu5 Date: Fri, 12 Apr 2013 01:44:54 +0000 (+0000) Subject: Update secure boot UI driver to handle “reset to default” hot key. X-Git-Tag: edk2-stable201903~12615 X-Git-Url: https://git.proxmox.com/?p=mirror_edk2.git;a=commitdiff_plain;h=a2f2c258d43f506b93b4a13a5c82d0200465df92;ds=sidebyside Update secure boot UI driver to handle “reset to default” hot key. Signed-off-by: Fu Siyuan Reviewed-by: Ye Ting Reviewed-by: Yao Jiewen git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@14257 6f19259b-4bc3-4df7-8a09-765794883524 --- diff --git a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfig.vfr b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfig.vfr index ae4b71bffd..656befbb44 100644 --- a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfig.vfr +++ b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfig.vfr @@ -43,8 +43,10 @@ formset // suppressif TRUE; checkbox varid = SECUREBOOT_CONFIGURATION.HideSecureBoot, + questionid = KEY_HIDE_SECURE_BOOT, prompt = STRING_TOKEN(STR_NULL), help = STRING_TOKEN(STR_NULL), + flags = INTERACTIVE, endcheckbox; endif; diff --git a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.c b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.c index 51da86b6fd..3084f3364e 100644 --- a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.c +++ b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.c @@ -2378,6 +2378,11 @@ SecureBootRouteConfig ( OUT EFI_STRING *Progress ) { + UINT8 *SecureBootEnable; + SECUREBOOT_CONFIGURATION IfrNvData; + UINTN BufferSize; + EFI_STATUS Status; + if (Configuration == NULL || Progress == NULL) { return EFI_INVALID_PARAMETER; } @@ -2387,6 +2392,31 @@ SecureBootRouteConfig ( return EFI_NOT_FOUND; } + BufferSize = sizeof (SECUREBOOT_CONFIGURATION); + Status = gHiiConfigRouting->ConfigToBlock ( + gHiiConfigRouting, + Configuration, + (UINT8 *)&IfrNvData, + &BufferSize, + Progress + ); + if (EFI_ERROR (Status)) { + return Status; + } + + // + // Store Buffer Storage back to EFI variable if needed + // + SecureBootEnable = NULL; + GetVariable2 (EFI_SECURE_BOOT_ENABLE_NAME, &gEfiSecureBootEnableDisableGuid, (VOID**)&SecureBootEnable, NULL); + if (NULL != SecureBootEnable) { + FreePool (SecureBootEnable); + Status = SaveSecureBootVariable (IfrNvData.AttemptSecureBoot); + if (EFI_ERROR (Status)) { + return Status; + } + } + *Progress = Configuration + StrLen (Configuration); return EFI_SUCCESS; } @@ -2445,7 +2475,8 @@ SecureBootCallback ( if ((Action != EFI_BROWSER_ACTION_CHANGED) && (Action != EFI_BROWSER_ACTION_CHANGING) && - (Action != EFI_BROWSER_ACTION_FORM_CLOSE)) { + (Action != EFI_BROWSER_ACTION_FORM_CLOSE) && + (Action != EFI_BROWSER_ACTION_DEFAULT_STANDARD)) { return EFI_UNSUPPORTED; } @@ -2733,6 +2764,17 @@ SecureBootCallback ( } break; } + } else if (Action == EFI_BROWSER_ACTION_DEFAULT_STANDARD) { + if (QuestionId == KEY_HIDE_SECURE_BOOT) { + GetVariable2 (EFI_SECURE_BOOT_ENABLE_NAME, &gEfiSecureBootEnableDisableGuid, (VOID**)&SecureBootEnable, NULL); + if (SecureBootEnable == NULL) { + IfrNvData->HideSecureBoot = TRUE; + } else { + FreePool (SecureBootEnable); + IfrNvData->HideSecureBoot = FALSE; + } + Value->b = IfrNvData->HideSecureBoot; + } } else if (Action == EFI_BROWSER_ACTION_FORM_CLOSE) { // // Force the platform back to Standard Mode once user leave the setup screen. diff --git a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigNvData.h b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigNvData.h index ea43192900..c15869a625 100644 --- a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigNvData.h +++ b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigNvData.h @@ -55,6 +55,7 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. #define KEY_VALUE_NO_SAVE_AND_EXIT_KEK 0x1009 #define KEY_VALUE_SAVE_AND_EXIT_DBX 0x100a #define KEY_VALUE_NO_SAVE_AND_EXIT_DBX 0x100b +#define KEY_HIDE_SECURE_BOOT 0x100c #define KEY_SECURE_BOOT_OPTION 0x1100 #define KEY_SECURE_BOOT_PK_OPTION 0x1101