From 762d8ddb2877581eaf20e0f090692f06a83c7588 Mon Sep 17 00:00:00 2001 From: Dandan Bi Date: Thu, 28 Jan 2016 09:36:43 +0800 Subject: [PATCH] SecurityPkg: Use FileExplorerLib in SecureBootConfigDxe Using existing library FileExplorerLib to replace the same logic in SecureBootConfigDxe to make the code clear. After using FileExplorerLib, the UI behavior for enroll PK will change, previously when select one PK file, commit/discard changes will return to Device Manager,press ESC will return to FileExplorer. Now using FileExplorerLib the behavior will keep same with enroll KEK/DB/..., commit/discard changes will return to Custom Secure Boot Options form and ESC will return to PK options form. Cc: Chao Zhang Cc: Eric Dong Cc: Laszlo Ersek Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Dandan Bi Acked-by: Laszlo Ersek Reviewed-by: Eric Dong Reviewed-by: Chao Zhang --- .../SecureBootConfigDxe/SecureBootConfig.vfr | 109 +- .../SecureBootConfigDxe.inf | 3 +- .../SecureBootConfigFileExplorer.c | 1127 +++-------------- .../SecureBootConfigImpl.c | 167 +-- .../SecureBootConfigImpl.h | 142 +-- .../SecureBootConfigNvData.h | 10 - 6 files changed, 333 insertions(+), 1225 deletions(-) diff --git a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfig.vfr b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfig.vfr index e53630c833..484da2c0ca 100644 --- a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfig.vfr +++ b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfig.vfr @@ -1,7 +1,7 @@ /** @file VFR file used by the SecureBoot configuration component. -Copyright (c) 2011 - 2015, Intel Corporation. All rights reserved.
+Copyright (c) 2011 - 2016, Intel Corporation. All rights reserved.
This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD License which accompanies this distribution. The full text of the license may be found at @@ -202,11 +202,29 @@ formset subtitle text = STRING_TOKEN(STR_NULL); - goto FORM_FILE_EXPLORER_ID_PK, + goto FORMID_ENROLL_PK_FORM, prompt = STRING_TOKEN(STR_SECURE_BOOT_ENROLL_PK_FILE), help = STRING_TOKEN(STR_SECURE_BOOT_ENROLL_PK_FILE), flags = INTERACTIVE, - key = SECUREBOOT_ADD_PK_FILE_FORM_ID; + key = FORMID_ENROLL_PK_FORM; + + subtitle text = STRING_TOKEN(STR_NULL); + label FORMID_ENROLL_PK_FORM; + label LABEL_END; + subtitle text = STRING_TOKEN(STR_NULL); + + goto FORMID_SECURE_BOOT_OPTION_FORM, + prompt = STRING_TOKEN(STR_SAVE_AND_EXIT), + help = STRING_TOKEN(STR_SAVE_AND_EXIT), + flags = INTERACTIVE| RESET_REQUIRED, + key = KEY_VALUE_SAVE_AND_EXIT_PK; + + goto FORMID_SECURE_BOOT_OPTION_FORM, + prompt = STRING_TOKEN(STR_NO_SAVE_AND_EXIT), + help = STRING_TOKEN(STR_NO_SAVE_AND_EXIT), + flags = INTERACTIVE, + key = KEY_VALUE_NO_SAVE_AND_EXIT_PK; + endform; // @@ -245,7 +263,7 @@ formset subtitle text = STRING_TOKEN(STR_NULL); - goto FORM_FILE_EXPLORER_ID_KEK, + goto FORMID_ENROLL_KEK_FORM, prompt = STRING_TOKEN(STR_FORM_ENROLL_KEK_FROM_FILE_TITLE), help = STRING_TOKEN(STR_FORM_ENROLL_KEK_FROM_FILE_TITLE_HELP), flags = INTERACTIVE, @@ -408,7 +426,7 @@ formset subtitle text = STRING_TOKEN(STR_NULL); - goto FORM_FILE_EXPLORER_ID_DB, + goto SECUREBOOT_ENROLL_SIGNATURE_TO_DB, prompt = STRING_TOKEN(STR_SECURE_BOOT_ADD_SIGNATURE_FILE), help = STRING_TOKEN(STR_SECURE_BOOT_ADD_SIGNATURE_FILE), flags = INTERACTIVE, @@ -453,7 +471,7 @@ formset subtitle text = STRING_TOKEN(STR_NULL); - goto FORM_FILE_EXPLORER_ID_DBX, + goto SECUREBOOT_ENROLL_SIGNATURE_TO_DBX, prompt = STRING_TOKEN(STR_SECURE_BOOT_ADD_SIGNATURE_FILE), help = STRING_TOKEN(STR_SECURE_BOOT_ADD_SIGNATURE_FILE), flags = INTERACTIVE, @@ -529,7 +547,7 @@ formset subtitle text = STRING_TOKEN(STR_NULL); - goto FORM_FILE_EXPLORER_ID_DBT, + goto SECUREBOOT_ENROLL_SIGNATURE_TO_DBT, prompt = STRING_TOKEN(STR_SECURE_BOOT_ADD_SIGNATURE_FILE), help = STRING_TOKEN(STR_SECURE_BOOT_ADD_SIGNATURE_FILE), flags = INTERACTIVE, @@ -566,81 +584,4 @@ formset endform; - // - // File Explorer for PK - // - form formid = FORM_FILE_EXPLORER_ID_PK, - title = STRING_TOKEN(STR_FILE_EXPLORER_TITLE); - - label FORM_FILE_EXPLORER_ID; - label LABEL_END; - endform; - - // - // File Explorer for KEK - // - form formid = FORM_FILE_EXPLORER_ID_KEK, - title = STRING_TOKEN(STR_FILE_EXPLORER_TITLE); - - label FORM_FILE_EXPLORER_ID; - label LABEL_END; - endform; - - // - // File Explorer for DB - // - form formid = FORM_FILE_EXPLORER_ID_DB, - title = STRING_TOKEN(STR_FILE_EXPLORER_TITLE); - - label FORM_FILE_EXPLORER_ID; - label LABEL_END; - endform; - - // - // File Explorer for DBX - // - form formid = FORM_FILE_EXPLORER_ID_DBX, - title = STRING_TOKEN(STR_FILE_EXPLORER_TITLE); - - label FORM_FILE_EXPLORER_ID; - label LABEL_END; - endform; - - // - // File Explorer for DBT - // - form formid = FORM_FILE_EXPLORER_ID_DBT, - title = STRING_TOKEN(STR_FILE_EXPLORER_TITLE); - - label FORM_FILE_EXPLORER_ID; - label LABEL_END; - endform; - - // - // Enroll Pk from File Commit Form - // - form formid = SECUREBOOT_ADD_PK_FILE_FORM_ID, - title = STRING_TOKEN(STR_SAVE_PK_FILE); - - label SECUREBOOT_ADD_PK_FILE_FORM_ID; - label LABEL_END; - - subtitle text = STRING_TOKEN(STR_NULL); - - text - help = STRING_TOKEN(STR_SAVE_AND_EXIT), - text = STRING_TOKEN(STR_SAVE_AND_EXIT), - text = STRING_TOKEN(STR_NULL), - flags = INTERACTIVE, - key = KEY_VALUE_SAVE_AND_EXIT_PK; - - text - help = STRING_TOKEN(STR_NO_SAVE_AND_EXIT), - text = STRING_TOKEN(STR_NO_SAVE_AND_EXIT), - text = STRING_TOKEN(STR_NULL), - flags = INTERACTIVE, - key = KEY_VALUE_NO_SAVE_AND_EXIT_PK; - - endform; - endformset; \ No newline at end of file diff --git a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf index ef400c47b9..6b143f5e01 100644 --- a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf +++ b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf @@ -2,7 +2,7 @@ # Provides the capbility to configure secure boot in a setup browser # By this module, user may change the content of DB, DBX, PK and KEK. # -# Copyright (c) 2011 - 2014, Intel Corporation. All rights reserved.
+# Copyright (c) 2011 - 2016, Intel Corporation. All rights reserved.
# This program and the accompanying materials # are licensed and made available under the terms and conditions of the BSD License # which accompanies this distribution. The full text of the license may be found at @@ -57,6 +57,7 @@ HiiLib PlatformSecureLib DevicePathLib + FileExplorerLib [Guids] ## SOMETIMES_CONSUMES ## Variable:L"CustomMode" diff --git a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigFileExplorer.c b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigFileExplorer.c index e1fd78db4e..2adb85ce90 100644 --- a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigFileExplorer.c +++ b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigFileExplorer.c @@ -1,7 +1,7 @@ /** @file Internal file explorer functions for SecureBoot configuration module. -Copyright (c) 2012 - 2015, Intel Corporation. All rights reserved.
+Copyright (c) 2012 - 2016, Intel Corporation. All rights reserved.
This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD License which accompanies this distribution. The full text of the license may be found at @@ -14,446 +14,70 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. #include "SecureBootConfigImpl.h" -/// -/// File system selection menu -/// -SECUREBOOT_MENU_OPTION FsOptionMenu = { - SECUREBOOT_MENU_OPTION_SIGNATURE, - {NULL}, - 0 -}; - -/// -/// Files and sub-directories in current directory menu -/// -SECUREBOOT_MENU_OPTION DirectoryMenu = { - SECUREBOOT_MENU_OPTION_SIGNATURE, - {NULL}, - 0 -}; - VOID *mStartOpCodeHandle = NULL; VOID *mEndOpCodeHandle = NULL; EFI_IFR_GUID_LABEL *mStartLabel = NULL; EFI_IFR_GUID_LABEL *mEndLabel = NULL; /** - Duplicate a string. - - @param[in] Src The source string. - - @return A new string which is duplicated copy of the source, - or NULL if there is not enough memory. - -**/ -CHAR16 * -StrDuplicate ( - IN CHAR16 *Src - ) -{ - CHAR16 *Dest; - UINTN Size; - - Size = StrSize (Src); - Dest = AllocateZeroPool (Size); - ASSERT (Dest != NULL); - if (Dest != NULL) { - CopyMem (Dest, Src, Size); - } - - return Dest; -} - -/** - Helper function called as part of the code needed to allocate - the proper sized buffer for various EFI interfaces. - - @param[in, out] Status Current status - @param[in, out] Buffer Current allocated buffer, or NULL - @param[in] BufferSize Current buffer size needed - - @retval TRUE If the buffer was reallocated and the caller - should try the API again. - @retval FALSE The caller should not call this function again. + Refresh the global UpdateData structure. **/ -BOOLEAN -GrowBuffer ( - IN OUT EFI_STATUS *Status, - IN OUT VOID **Buffer, - IN UINTN BufferSize +VOID +RefreshUpdateData ( + VOID ) { - BOOLEAN TryAgain; - // - // If this is an initial request, buffer will be null with a new buffer size + // Free current updated date // - if ((*Buffer == NULL) && (BufferSize != 0)) { - *Status = EFI_BUFFER_TOO_SMALL; + if (mStartOpCodeHandle != NULL) { + HiiFreeOpCodeHandle (mStartOpCodeHandle); } - // - // If the status code is "buffer too small", resize the buffer - // - TryAgain = FALSE; - if (*Status == EFI_BUFFER_TOO_SMALL) { - - if (*Buffer != NULL) { - FreePool (*Buffer); - } - *Buffer = AllocateZeroPool (BufferSize); - - if (*Buffer != NULL) { - TryAgain = TRUE; - } else { - *Status = EFI_OUT_OF_RESOURCES; - } - } // - // If there's an error, free the buffer + // Create new OpCode Handle // - if (!TryAgain && EFI_ERROR (*Status) && (*Buffer != NULL)) { - FreePool (*Buffer); - *Buffer = NULL; - } - - return TryAgain; -} - -/** - Append file name to existing file name, and allocate a new buffer - to hold the appended result. - - @param[in] Str1 The existing file name - @param[in] Str2 The file name to be appended - - @return A new string with appended result. - -**/ -CHAR16 * -AppendFileName ( - IN CHAR16 *Str1, - IN CHAR16 *Str2 - ) -{ - UINTN Size1; - UINTN Size2; - UINTN BufferSize; - CHAR16 *Str; - CHAR16 *TmpStr; - CHAR16 *Ptr; - CHAR16 *LastSlash; - - Size1 = StrSize (Str1); - Size2 = StrSize (Str2); - BufferSize = Size1 + Size2 + sizeof (CHAR16); - Str = AllocateZeroPool (BufferSize); - ASSERT (Str != NULL); - - TmpStr = AllocateZeroPool (BufferSize); - ASSERT (TmpStr != NULL); - - StrCatS (Str, BufferSize / sizeof (CHAR16), Str1); - - if (!((*Str == '\\') && (*(Str + 1) == 0))) { - StrCatS (Str, BufferSize / sizeof (CHAR16), L"\\"); - } - - StrCatS (Str, BufferSize / sizeof (CHAR16), Str2); - - Ptr = Str; - LastSlash = Str; - while (*Ptr != 0) { - if (*Ptr == '\\' && *(Ptr + 1) == '.' && *(Ptr + 2) == '.' && *(Ptr + 3) == L'\\') { - // - // Convert "\Name\..\" to "\" - // DO NOT convert the .. if it is at the end of the string. This will - // break the .. behavior in changing directories. - // - - // - // Use TmpStr as a backup, as StrCpyS in BaseLib does not handle copy of two strings - // that overlap. - // - StrCpyS (TmpStr, BufferSize / sizeof (CHAR16), Ptr + 3); - StrCpyS (LastSlash, BufferSize / sizeof (CHAR16), TmpStr); - Ptr = LastSlash; - } else if (*Ptr == '\\' && *(Ptr + 1) == '.' && *(Ptr + 2) == '\\') { - // - // Convert a "\.\" to a "\" - // - - // - // Use TmpStr as a backup, as StrCpyS in BaseLib does not handle copy of two strings - // that overlap. - // - StrCpyS (TmpStr, BufferSize / sizeof (CHAR16), Ptr + 2); - StrCpyS (Ptr, BufferSize / sizeof (CHAR16), TmpStr); - Ptr = LastSlash; - } else if (*Ptr == '\\') { - LastSlash = Ptr; - } - - Ptr++; - } - - FreePool (TmpStr); - - return Str; -} - -/** - Create a SECUREBOOT_MENU_ENTRY, and stores it in a buffer allocated from the pool. - - @return The new menu entry or NULL of error happens. - -**/ -SECUREBOOT_MENU_ENTRY * -CreateMenuEntry ( - VOID - ) -{ - SECUREBOOT_MENU_ENTRY *MenuEntry; - UINTN ContextSize; + mStartOpCodeHandle = HiiAllocateOpCodeHandle (); // - // Create new menu entry + // Create Hii Extend Label OpCode as the start opcode // - MenuEntry = AllocateZeroPool (sizeof (SECUREBOOT_MENU_ENTRY)); - if (MenuEntry == NULL) { - return NULL; - } - - ContextSize = sizeof (SECUREBOOT_FILE_CONTEXT); - MenuEntry->FileContext = AllocateZeroPool (ContextSize); - if (MenuEntry->FileContext == NULL) { - FreePool (MenuEntry); - return NULL; - } - - MenuEntry->Signature = SECUREBOOT_MENU_ENTRY_SIGNATURE; - - return MenuEntry; -} - -/** - Get Menu Entry from the Menu Entry List by MenuNumber. - - If MenuNumber is great or equal to the number of Menu - Entry in the list, then ASSERT. - - @param[in] MenuOption The Menu Entry List to read the menu entry. - @param[in] MenuNumber The index of Menu Entry. - - @return The Menu Entry. - -**/ -SECUREBOOT_MENU_ENTRY * -GetMenuEntry ( - IN SECUREBOOT_MENU_OPTION *MenuOption, - IN UINTN MenuNumber - ) -{ - SECUREBOOT_MENU_ENTRY *NewMenuEntry; - UINTN Index; - LIST_ENTRY *List; - - ASSERT (MenuNumber < MenuOption->MenuNumber); - - List = MenuOption->Head.ForwardLink; - for (Index = 0; Index < MenuNumber; Index++) { - List = List->ForwardLink; - } - - NewMenuEntry = CR (List, SECUREBOOT_MENU_ENTRY, Link, SECUREBOOT_MENU_ENTRY_SIGNATURE); - - return NewMenuEntry; -} - -/** - Create string tokens for a menu from its help strings and display strings. - - @param[in] HiiHandle Hii Handle of the package to be updated. - @param[in] MenuOption The Menu whose string tokens need to be created. - -**/ -VOID -CreateMenuStringToken ( - IN EFI_HII_HANDLE HiiHandle, - IN SECUREBOOT_MENU_OPTION *MenuOption - ) -{ - SECUREBOOT_MENU_ENTRY *NewMenuEntry; - UINTN Index; - - for (Index = 0; Index < MenuOption->MenuNumber; Index++) { - NewMenuEntry = GetMenuEntry (MenuOption, Index); - - NewMenuEntry->DisplayStringToken = HiiSetString ( - HiiHandle, - 0, - NewMenuEntry->DisplayString, - NULL + mStartLabel = (EFI_IFR_GUID_LABEL *) HiiCreateGuidOpCode ( + mStartOpCodeHandle, + &gEfiIfrTianoGuid, + NULL, + sizeof (EFI_IFR_GUID_LABEL) ); - - if (NewMenuEntry->HelpString == NULL) { - NewMenuEntry->HelpStringToken = NewMenuEntry->DisplayStringToken; - } else { - NewMenuEntry->HelpStringToken = HiiSetString ( - HiiHandle, - 0, - NewMenuEntry->HelpString, - NULL - ); - } - } -} - -/** - Free up all resources allocated for a SECUREBOOT_MENU_ENTRY. - - @param[in, out] MenuEntry A pointer to SECUREBOOT_MENU_ENTRY. - -**/ -VOID -DestroyMenuEntry ( - IN OUT SECUREBOOT_MENU_ENTRY *MenuEntry - ) -{ - SECUREBOOT_FILE_CONTEXT *FileContext; - - - FileContext = (SECUREBOOT_FILE_CONTEXT *) MenuEntry->FileContext; - - if (!FileContext->IsRoot && FileContext->DevicePath != NULL) { - FreePool (FileContext->DevicePath); - } else { - if (FileContext->FHandle != NULL) { - FileContext->FHandle->Close (FileContext->FHandle); - } - } - - if (FileContext->FileName != NULL) { - FreePool (FileContext->FileName); - } - if (FileContext->Info != NULL) { - FreePool (FileContext->Info); - } - - FreePool (FileContext); - - if (MenuEntry->DisplayString != NULL) { - FreePool (MenuEntry->DisplayString); - } - if (MenuEntry->HelpString != NULL) { - FreePool (MenuEntry->HelpString); - } - - FreePool (MenuEntry); + mStartLabel->ExtendOpCode = EFI_IFR_EXTEND_OP_LABEL; } /** - Free resources allocated in Allocate Rountine. + Clean up the dynamic opcode at label and form specified by both LabelId. - @param[in, out] MenuOption Menu to be freed + @param[in] LabelId It is both the Form ID and Label ID for opcode deletion. + @param[in] PrivateData Module private data. **/ VOID -FreeMenu ( - IN OUT SECUREBOOT_MENU_OPTION *MenuOption - ) -{ - SECUREBOOT_MENU_ENTRY *MenuEntry; - while (!IsListEmpty (&MenuOption->Head)) { - MenuEntry = CR ( - MenuOption->Head.ForwardLink, - SECUREBOOT_MENU_ENTRY, - Link, - SECUREBOOT_MENU_ENTRY_SIGNATURE - ); - RemoveEntryList (&MenuEntry->Link); - DestroyMenuEntry (MenuEntry); - } - MenuOption->MenuNumber = 0; -} - -/** - This function gets the file information from an open file descriptor, and stores it - in a buffer allocated from pool. - - @param[in] FHand File Handle. - - @return A pointer to a buffer with file information or NULL is returned - -**/ -EFI_FILE_INFO * -FileInfo ( - IN EFI_FILE_HANDLE FHand - ) -{ - EFI_STATUS Status; - EFI_FILE_INFO *Buffer; - UINTN BufferSize; - - // - // Initialize for GrowBuffer loop - // - Buffer = NULL; - BufferSize = SIZE_OF_EFI_FILE_INFO + 200; - - // - // Call the real function - // - while (GrowBuffer (&Status, (VOID **) &Buffer, BufferSize)) { - Status = FHand->GetInfo ( - FHand, - &gEfiFileInfoGuid, - &BufferSize, - Buffer - ); - } - - return Buffer; -} - -/** - This function gets the file system information from an open file descriptor, - and stores it in a buffer allocated from pool. - - @param[in] FHand The file handle. - - @return A pointer to a buffer with file information. - @retval NULL is returned if failed to get Vaolume Label Info. - -**/ -EFI_FILE_SYSTEM_VOLUME_LABEL * -FileSystemVolumeLabelInfo ( - IN EFI_FILE_HANDLE FHand +CleanUpPage ( + IN UINT16 LabelId, + IN SECUREBOOT_CONFIG_PRIVATE_DATA *PrivateData ) { - EFI_STATUS Status; - EFI_FILE_SYSTEM_VOLUME_LABEL *Buffer; - UINTN BufferSize; - // - // Initialize for GrowBuffer loop - // - Buffer = NULL; - BufferSize = SIZE_OF_EFI_FILE_SYSTEM_VOLUME_LABEL + 200; + RefreshUpdateData (); // - // Call the real function + // Remove all op-codes from dynamic page // - while (GrowBuffer (&Status, (VOID **) &Buffer, BufferSize)) { - Status = FHand->GetInfo ( - FHand, - &gEfiFileSystemVolumeLabelInfoIdGuid, - &BufferSize, - Buffer - ); - } - - return Buffer; + mStartLabel->Number = LabelId; + HiiUpdateForm ( + PrivateData->HiiHandle, + &gSecureBootConfigFormSetGuid, + LabelId, + mStartOpCodeHandle, // Label LabelId + mEndOpCodeHandle // LABEL_END + ); } /** @@ -595,640 +219,187 @@ OpenFileByDevicePath( return EFI_SUCCESS; } + /** - Function opens and returns a file handle to the root directory of a volume. + Extract filename from device path. The returned buffer is allocated using AllocateCopyPool. + The caller is responsible for freeing the allocated buffer using FreePool(). - @param[in] DeviceHandle A handle for a device + @param DevicePath Device path. - @return A valid file handle or NULL if error happens. + @return A new allocated string that represents the file name. **/ -EFI_FILE_HANDLE -OpenRoot ( - IN EFI_HANDLE DeviceHandle +CHAR16 * +ExtractFileNameFromDevicePath ( + IN EFI_DEVICE_PATH_PROTOCOL *DevicePath ) { - EFI_STATUS Status; - EFI_SIMPLE_FILE_SYSTEM_PROTOCOL *Volume; - EFI_FILE_HANDLE File; - - File = NULL; - - // - // File the file system interface to the device - // - Status = gBS->HandleProtocol ( - DeviceHandle, - &gEfiSimpleFileSystemProtocolGuid, - (VOID *) &Volume - ); - - // - // Open the root directory of the volume - // - if (!EFI_ERROR (Status)) { - Status = Volume->OpenVolume ( - Volume, - &File - ); - } - // - // Done - // - return EFI_ERROR (Status) ? NULL : File; -} + CHAR16 *String; + CHAR16 *MatchString; + CHAR16 *LastMatch; + CHAR16 *FileName; + UINTN Length; -/** - This function builds the FsOptionMenu list which records all - available file system in the system. They include all instances - of EFI_SIMPLE_FILE_SYSTEM_PROTOCOL, all instances of EFI_LOAD_FILE_SYSTEM - and all type of legacy boot device. - - @retval EFI_SUCCESS Success find the file system - @retval EFI_OUT_OF_RESOURCES Can not create menu entry + ASSERT(DevicePath != NULL); -**/ -EFI_STATUS -FindFileSystem ( - VOID - ) -{ - UINTN NoBlkIoHandles; - UINTN NoSimpleFsHandles; - EFI_HANDLE *BlkIoHandle; - EFI_HANDLE *SimpleFsHandle; - UINT16 *VolumeLabel; - EFI_BLOCK_IO_PROTOCOL *BlkIo; - UINTN Index; - EFI_STATUS Status; - SECUREBOOT_MENU_ENTRY *MenuEntry; - SECUREBOOT_FILE_CONTEXT *FileContext; - UINT16 *TempStr; - UINTN OptionNumber; - VOID *Buffer; - - BOOLEAN RemovableMedia; - - - NoSimpleFsHandles = 0; - OptionNumber = 0; - InitializeListHead (&FsOptionMenu.Head); + String = DevicePathToStr(DevicePath); + MatchString = String; + LastMatch = String; - // - // Locate Handles that support BlockIo protocol - // - Status = gBS->LocateHandleBuffer ( - ByProtocol, - &gEfiBlockIoProtocolGuid, - NULL, - &NoBlkIoHandles, - &BlkIoHandle - ); - if (!EFI_ERROR (Status)) { - - for (Index = 0; Index < NoBlkIoHandles; Index++) { - Status = gBS->HandleProtocol ( - BlkIoHandle[Index], - &gEfiBlockIoProtocolGuid, - (VOID **) &BlkIo - ); - - if (EFI_ERROR (Status)) { - continue; - } - - // - // Issue a dummy read to trigger reinstall of BlockIo protocol for removable media - // - if (BlkIo->Media->RemovableMedia) { - Buffer = AllocateZeroPool (BlkIo->Media->BlockSize); - if (NULL == Buffer) { - FreePool (BlkIoHandle); - return EFI_OUT_OF_RESOURCES; - } - - BlkIo->ReadBlocks ( - BlkIo, - BlkIo->Media->MediaId, - 0, - BlkIo->Media->BlockSize, - Buffer - ); - FreePool (Buffer); - } - } - FreePool (BlkIoHandle); + while(MatchString != NULL){ + LastMatch = MatchString + 1; + MatchString = StrStr(LastMatch,L"\\"); } - // - // Locate Handles that support Simple File System protocol - // - Status = gBS->LocateHandleBuffer ( - ByProtocol, - &gEfiSimpleFileSystemProtocolGuid, - NULL, - &NoSimpleFsHandles, - &SimpleFsHandle - ); - if (!EFI_ERROR (Status)) { - // - // Find all the instances of the File System prototocol - // - for (Index = 0; Index < NoSimpleFsHandles; Index++) { - Status = gBS->HandleProtocol ( - SimpleFsHandle[Index], - &gEfiBlockIoProtocolGuid, - (VOID **) &BlkIo - ); - if (EFI_ERROR (Status)) { - // - // If no block IO exists assume it's NOT a removable media - // - RemovableMedia = FALSE; - } else { - // - // If block IO exists check to see if it's remobable media - // - RemovableMedia = BlkIo->Media->RemovableMedia; - } - - // - // Allocate pool for this instance. - // - MenuEntry = CreateMenuEntry (); - if (NULL == MenuEntry) { - FreePool (SimpleFsHandle); - return EFI_OUT_OF_RESOURCES; - } - - FileContext = (SECUREBOOT_FILE_CONTEXT *) MenuEntry->FileContext; - - FileContext->Handle = SimpleFsHandle[Index]; - MenuEntry->OptionNumber = Index; - FileContext->FHandle = OpenRoot (FileContext->Handle); - if (FileContext->FHandle == NULL) { - DestroyMenuEntry (MenuEntry); - continue; - } - - MenuEntry->HelpString = DevicePathToStr (DevicePathFromHandle (FileContext->Handle)); - FileContext->Info = FileSystemVolumeLabelInfo (FileContext->FHandle); - FileContext->FileName = StrDuplicate (L"\\"); - FileContext->DevicePath = FileDevicePath ( - FileContext->Handle, - FileContext->FileName - ); - FileContext->IsDir = TRUE; - FileContext->IsRoot = TRUE; - FileContext->IsRemovableMedia = RemovableMedia; - FileContext->IsLoadFile = FALSE; - - // - // Get current file system's Volume Label - // - if (FileContext->Info == NULL) { - VolumeLabel = L"NO FILE SYSTEM INFO"; - } else { - if (FileContext->Info->VolumeLabel == NULL) { - VolumeLabel = L"NULL VOLUME LABEL"; - } else { - VolumeLabel = FileContext->Info->VolumeLabel; - if (*VolumeLabel == 0x0000) { - VolumeLabel = L"NO VOLUME LABEL"; - } - } - } - - TempStr = MenuEntry->HelpString; - MenuEntry->DisplayString = AllocateZeroPool (MAX_CHAR); - ASSERT (MenuEntry->DisplayString != NULL); - UnicodeSPrint ( - MenuEntry->DisplayString, - MAX_CHAR, - L"%s, [%s]", - VolumeLabel, - TempStr - ); - OptionNumber++; - InsertTailList (&FsOptionMenu.Head, &MenuEntry->Link); - } - } + Length = StrLen(LastMatch); + FileName = AllocateCopyPool ((Length + 1) * sizeof(CHAR16), LastMatch); + *(FileName + Length) = 0; - if (NoSimpleFsHandles != 0) { - FreePool (SimpleFsHandle); - } + FreePool(String); - // - // Remember how many file system options are here - // - FsOptionMenu.MenuNumber = OptionNumber; - return EFI_SUCCESS; + return FileName; } /** - Find files under the current directory. All files and sub-directories - in current directory will be stored in DirectoryMenu for future use. + Update the form base on the selected file. - @param[in] MenuEntry The Menu Entry. + @param FilePath Point to the file path. + @param FormId The form need to display. - @retval EFI_SUCCESS Get files from current dir successfully. - @return Other Can't get files from current dir. + @retval TRUE Exit caller function. + @retval FALSE Not exit caller function. **/ -EFI_STATUS -FindFiles ( - IN SECUREBOOT_MENU_ENTRY *MenuEntry +BOOLEAN +UpdatePage( + IN EFI_DEVICE_PATH_PROTOCOL *FilePath, + IN EFI_FORM_ID FormId ) { - EFI_FILE_HANDLE NewDir; - EFI_FILE_HANDLE Dir; - EFI_FILE_INFO *DirInfo; - UINTN BufferSize; - UINTN DirBufferSize; - SECUREBOOT_MENU_ENTRY *NewMenuEntry; - SECUREBOOT_FILE_CONTEXT *FileContext; - SECUREBOOT_FILE_CONTEXT *NewFileContext; - UINTN Pass; - EFI_STATUS Status; - UINTN OptionNumber; - - FileContext = (SECUREBOOT_FILE_CONTEXT *) MenuEntry->FileContext; - Dir = FileContext->FHandle; - OptionNumber = 0; - // - // Open current directory to get files from it - // - Status = Dir->Open ( - Dir, - &NewDir, - FileContext->FileName, - EFI_FILE_READ_ONLY, - 0 - ); - if (!FileContext->IsRoot) { - Dir->Close (Dir); - } - - if (EFI_ERROR (Status)) { - return Status; - } + CHAR16 *FileName; + EFI_STRING_ID StringToken; - DirInfo = FileInfo (NewDir); - if (DirInfo == NULL) { - return EFI_NOT_FOUND; - } - - if ((DirInfo->Attribute & EFI_FILE_DIRECTORY) == 0) { - return EFI_INVALID_PARAMETER; + if (FilePath != NULL){ + FileName = ExtractFileNameFromDevicePath(FilePath); + StringToken = HiiSetString (gSecureBootPrivateData->HiiHandle, 0, FileName, NULL); + } else { + FileName = HiiGetString (gSecureBootPrivateData->HiiHandle, STRING_TOKEN (STR_NULL), NULL); + ASSERT (FileName != NULL); + StringToken = HiiSetString (gSecureBootPrivateData->HiiHandle, 0, FileName, NULL); } - FileContext->DevicePath = FileDevicePath ( - FileContext->Handle, - FileContext->FileName - ); - - DirBufferSize = sizeof (EFI_FILE_INFO) + 1024; - DirInfo = AllocateZeroPool (DirBufferSize); - if (DirInfo == NULL) { - return EFI_OUT_OF_RESOURCES; - } + gSecureBootPrivateData->FileContext->FileName = FileName; + OpenFileByDevicePath( + &FilePath, + &gSecureBootPrivateData->FileContext->FHandle, + EFI_FILE_MODE_READ, + 0 + ); // - // Get all files in current directory - // Pass 1 to get Directories - // Pass 2 to get files that are EFI images + // Create Subtitle op-code for the display string of the option. // - for (Pass = 1; Pass <= 2; Pass++) { - NewDir->SetPosition (NewDir, 0); - for (;;) { - BufferSize = DirBufferSize; - Status = NewDir->Read (NewDir, &BufferSize, DirInfo); - if (EFI_ERROR (Status) || BufferSize == 0) { - break; - } - - if (((DirInfo->Attribute & EFI_FILE_DIRECTORY) != 0 && Pass == 2) || - ((DirInfo->Attribute & EFI_FILE_DIRECTORY) == 0 && Pass == 1) - ) { - // - // Pass 1 is for Directories - // Pass 2 is for file names - // - continue; - } - - NewMenuEntry = CreateMenuEntry (); - if (NULL == NewMenuEntry) { - return EFI_OUT_OF_RESOURCES; - } - - NewFileContext = (SECUREBOOT_FILE_CONTEXT *) NewMenuEntry->FileContext; - NewFileContext->Handle = FileContext->Handle; - NewFileContext->FileName = AppendFileName ( - FileContext->FileName, - DirInfo->FileName - ); - NewFileContext->FHandle = NewDir; - NewFileContext->DevicePath = FileDevicePath ( - NewFileContext->Handle, - NewFileContext->FileName - ); - NewMenuEntry->HelpString = NULL; - - NewFileContext->IsDir = (BOOLEAN) ((DirInfo->Attribute & EFI_FILE_DIRECTORY) == EFI_FILE_DIRECTORY); - if (NewFileContext->IsDir) { - BufferSize = StrLen (DirInfo->FileName) * 2 + 6; - NewMenuEntry->DisplayString = AllocateZeroPool (BufferSize); - - UnicodeSPrint ( - NewMenuEntry->DisplayString, - BufferSize, - L"<%s>", - DirInfo->FileName - ); - - } else { - NewMenuEntry->DisplayString = StrDuplicate (DirInfo->FileName); - } - - NewFileContext->IsRoot = FALSE; - NewFileContext->IsLoadFile = FALSE; - NewFileContext->IsRemovableMedia = FALSE; - - NewMenuEntry->OptionNumber = OptionNumber; - OptionNumber++; - InsertTailList (&DirectoryMenu.Head, &NewMenuEntry->Link); - } - } + RefreshUpdateData (); + mStartLabel->Number = FormId; - DirectoryMenu.MenuNumber = OptionNumber; - FreePool (DirInfo); - return EFI_SUCCESS; + HiiCreateSubTitleOpCode ( + mStartOpCodeHandle, + StringToken, + 0, + 0, + 0 + ); + + HiiUpdateForm ( + gSecureBootPrivateData->HiiHandle, + &gSecureBootConfigFormSetGuid, + FormId, + mStartOpCodeHandle, // Label FormId + mEndOpCodeHandle // LABEL_END + ); + + return TRUE; } /** - Refresh the global UpdateData structure. + Update the PK form base on the input file path info. + @param FilePath Point to the file path. + + @retval TRUE Exit caller function. + @retval FALSE Not exit caller function. **/ -VOID -RefreshUpdateData ( - VOID +BOOLEAN +UpdatePKFromFile ( + IN EFI_DEVICE_PATH_PROTOCOL *FilePath ) { - // - // Free current updated date - // - if (mStartOpCodeHandle != NULL) { - HiiFreeOpCodeHandle (mStartOpCodeHandle); - } - - // - // Create new OpCode Handle - // - mStartOpCodeHandle = HiiAllocateOpCodeHandle (); + return UpdatePage(FilePath, FORMID_ENROLL_PK_FORM); - // - // Create Hii Extend Label OpCode as the start opcode - // - mStartLabel = (EFI_IFR_GUID_LABEL *) HiiCreateGuidOpCode ( - mStartOpCodeHandle, - &gEfiIfrTianoGuid, - NULL, - sizeof (EFI_IFR_GUID_LABEL) - ); - mStartLabel->ExtendOpCode = EFI_IFR_EXTEND_OP_LABEL; } /** - Update the File Explore page. + Update the KEK form base on the input file path info. - @param[in] HiiHandle Hii Handle of the package to be updated. - @param[in] MenuOption The Menu whose string tokens need to be updated. - @param[in] FeCurrentState Current file explorer state. + @param FilePath Point to the file path. + @retval TRUE Exit caller function. + @retval FALSE Not exit caller function. **/ -VOID -UpdateFileExplorePage ( - IN EFI_HII_HANDLE HiiHandle, - IN SECUREBOOT_MENU_OPTION *MenuOption, - IN FILE_EXPLORER_STATE FeCurrentState +BOOLEAN +UpdateKEKFromFile ( + IN EFI_DEVICE_PATH_PROTOCOL *FilePath ) { - UINTN Index; - SECUREBOOT_MENU_ENTRY *NewMenuEntry; - SECUREBOOT_FILE_CONTEXT *NewFileContext; - EFI_FORM_ID FormId; - EFI_FORM_ID FileFormId; - - if (FeCurrentState == FileExplorerStateEnrollPkFile) { - FormId = SECUREBOOT_ADD_PK_FILE_FORM_ID; - FileFormId = FORM_FILE_EXPLORER_ID_PK; - } else if (FeCurrentState == FileExplorerStateEnrollKekFile) { - FormId = FORMID_ENROLL_KEK_FORM; - FileFormId = FORM_FILE_EXPLORER_ID_KEK; - } else if (FeCurrentState == FileExplorerStateEnrollSignatureFileToDb) { - FormId = SECUREBOOT_ENROLL_SIGNATURE_TO_DB; - FileFormId = FORM_FILE_EXPLORER_ID_DB; - } else if (FeCurrentState == FileExplorerStateEnrollSignatureFileToDbx) { - FormId = SECUREBOOT_ENROLL_SIGNATURE_TO_DBX; - FileFormId = FORM_FILE_EXPLORER_ID_DBX; - } else if (FeCurrentState == FileExplorerStateEnrollSignatureFileToDbt) { - FormId = SECUREBOOT_ENROLL_SIGNATURE_TO_DBT; - FileFormId = FORM_FILE_EXPLORER_ID_DBT; - } else { - return; - } - - NewMenuEntry = NULL; - NewFileContext = NULL; - - RefreshUpdateData (); - mStartLabel->Number = FORM_FILE_EXPLORER_ID; - - for (Index = 0; Index < MenuOption->MenuNumber; Index++) { - NewMenuEntry = GetMenuEntry (MenuOption, Index); - NewFileContext = (SECUREBOOT_FILE_CONTEXT *) NewMenuEntry->FileContext; - - if (NewFileContext->IsDir) { - // - // Create Text opcode for directory. - // - HiiCreateActionOpCode ( - mStartOpCodeHandle, - (UINT16) (FILE_OPTION_OFFSET + Index), - NewMenuEntry->DisplayStringToken, - STRING_TOKEN (STR_NULL), - EFI_IFR_FLAG_CALLBACK, - 0 - ); - } else { - - // - // Create Goto opcode for file. - // - HiiCreateGotoOpCode ( - mStartOpCodeHandle, - FormId, - NewMenuEntry->DisplayStringToken, - STRING_TOKEN (STR_NULL), - EFI_IFR_FLAG_CALLBACK, - (UINT16) (FILE_OPTION_GOTO_OFFSET + Index) - ); - } - } - - HiiUpdateForm ( - HiiHandle, - &gSecureBootConfigFormSetGuid, - FileFormId, - mStartOpCodeHandle, // Label FORM_FILE_EXPLORER_ID - mEndOpCodeHandle // LABEL_END - ); + return UpdatePage(FilePath, FORMID_ENROLL_KEK_FORM); } /** - Update the file explorer page with the refreshed file system. - - @param[in] PrivateData Module private data. - @param[in] KeyValue Key value to identify the type of data to expect. + Update the DB form base on the input file path info. - @retval TRUE Inform the caller to create a callback packet to exit file explorer. - @retval FALSE Indicate that there is no need to exit file explorer. + @param FilePath Point to the file path. + @retval TRUE Exit caller function. + @retval FALSE Not exit caller function. **/ BOOLEAN -UpdateFileExplorer ( - IN SECUREBOOT_CONFIG_PRIVATE_DATA *PrivateData, - IN UINT16 KeyValue +UpdateDBFromFile ( + IN EFI_DEVICE_PATH_PROTOCOL *FilePath ) { - UINT16 FileOptionMask; - SECUREBOOT_MENU_ENTRY *NewMenuEntry; - SECUREBOOT_FILE_CONTEXT *NewFileContext; - EFI_FORM_ID FormId; - BOOLEAN ExitFileExplorer; - EFI_STATUS Status; - EFI_DEVICE_PATH_PROTOCOL *TmpDevicePath; - - NewMenuEntry = NULL; - NewFileContext = NULL; - ExitFileExplorer = FALSE; - FileOptionMask = (UINT16) (FILE_OPTION_MASK & KeyValue); - - if (PrivateData->FeDisplayContext == FileExplorerDisplayUnknown) { - // - // First in, display file system. - // - FreeMenu (&FsOptionMenu); - FindFileSystem (); - - CreateMenuStringToken (PrivateData->HiiHandle, &FsOptionMenu); - UpdateFileExplorePage (PrivateData->HiiHandle, &FsOptionMenu, PrivateData->FeCurrentState); + return UpdatePage(FilePath, SECUREBOOT_ENROLL_SIGNATURE_TO_DB); +} - PrivateData->FeDisplayContext = FileExplorerDisplayFileSystem; - } else { - if (PrivateData->FeDisplayContext == FileExplorerDisplayFileSystem) { - NewMenuEntry = GetMenuEntry (&FsOptionMenu, FileOptionMask); - } else if (PrivateData->FeDisplayContext == FileExplorerDisplayDirectory) { - NewMenuEntry = GetMenuEntry (&DirectoryMenu, FileOptionMask); - } +/** + Update the DBX form base on the input file path info. - NewFileContext = (SECUREBOOT_FILE_CONTEXT *) NewMenuEntry->FileContext; - - if (NewFileContext->IsDir ) { - PrivateData->FeDisplayContext = FileExplorerDisplayDirectory; - - RemoveEntryList (&NewMenuEntry->Link); - FreeMenu (&DirectoryMenu); - Status = FindFiles (NewMenuEntry); - if (EFI_ERROR (Status)) { - ExitFileExplorer = TRUE; - goto OnExit; - } - CreateMenuStringToken (PrivateData->HiiHandle, &DirectoryMenu); - DestroyMenuEntry (NewMenuEntry); - - UpdateFileExplorePage (PrivateData->HiiHandle, &DirectoryMenu, PrivateData->FeCurrentState); - - } else { - if (PrivateData->FeCurrentState == FileExplorerStateEnrollPkFile) { - FormId = SECUREBOOT_ADD_PK_FILE_FORM_ID; - } else if (PrivateData->FeCurrentState == FileExplorerStateEnrollKekFile) { - FormId = FORMID_ENROLL_KEK_FORM; - } else if (PrivateData->FeCurrentState == FileExplorerStateEnrollSignatureFileToDb) { - FormId = SECUREBOOT_ENROLL_SIGNATURE_TO_DB; - } else if (PrivateData->FeCurrentState == FileExplorerStateEnrollSignatureFileToDbx) { - FormId = SECUREBOOT_ENROLL_SIGNATURE_TO_DBX; - } else if (PrivateData->FeCurrentState == FileExplorerStateEnrollSignatureFileToDbt) { - FormId = SECUREBOOT_ENROLL_SIGNATURE_TO_DBT; - } else { - return FALSE; - } - - PrivateData->MenuEntry = NewMenuEntry; - PrivateData->FileContext->FileName = NewFileContext->FileName; - - TmpDevicePath = NewFileContext->DevicePath; - OpenFileByDevicePath ( - &TmpDevicePath, - &PrivateData->FileContext->FHandle, - EFI_FILE_MODE_READ, - 0 - ); - - // - // Create Subtitle op-code for the display string of the option. - // - RefreshUpdateData (); - mStartLabel->Number = FormId; - - HiiCreateSubTitleOpCode ( - mStartOpCodeHandle, - NewMenuEntry->DisplayStringToken, - 0, - 0, - 0 - ); - - HiiUpdateForm ( - PrivateData->HiiHandle, - &gSecureBootConfigFormSetGuid, - FormId, - mStartOpCodeHandle, // Label FormId - mEndOpCodeHandle // LABEL_END - ); - } - } + @param FilePath Point to the file path. -OnExit: - return ExitFileExplorer; + @retval TRUE Exit caller function. + @retval FALSE Not exit caller function. +**/ +BOOLEAN +UpdateDBXFromFile ( + IN EFI_DEVICE_PATH_PROTOCOL *FilePath + ) +{ + return UpdatePage(FilePath, SECUREBOOT_ENROLL_SIGNATURE_TO_DBX); } /** - Clean up the dynamic opcode at label and form specified by both LabelId. + Update the DBT form base on the input file path info. - @param[in] LabelId It is both the Form ID and Label ID for opcode deletion. - @param[in] PrivateData Module private data. + @param FilePath Point to the file path. + @retval TRUE Exit caller function. + @retval FALSE Not exit caller function. **/ -VOID -CleanUpPage ( - IN UINT16 LabelId, - IN SECUREBOOT_CONFIG_PRIVATE_DATA *PrivateData +BOOLEAN +UpdateDBTFromFile ( + IN EFI_DEVICE_PATH_PROTOCOL *FilePath ) { - RefreshUpdateData (); - - // - // Remove all op-codes from dynamic page - // - mStartLabel->Number = LabelId; - HiiUpdateForm ( - PrivateData->HiiHandle, - &gSecureBootConfigFormSetGuid, - LabelId, - mStartOpCodeHandle, // Label LabelId - mEndOpCodeHandle // LABEL_END - ); + return UpdatePage(FilePath, SECUREBOOT_ENROLL_SIGNATURE_TO_DBT); } + diff --git a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.c b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.c index e2340e6302..bbd2f33413 100644 --- a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.c +++ b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.c @@ -97,6 +97,8 @@ CHAR16* mDerEncodedSuffix[] = { }; CHAR16* mSupportX509Suffix = L"*.cer/der/crt"; +SECUREBOOT_CONFIG_PRIVATE_DATA *gSecureBootPrivateData = NULL; + /** This code checks if the FileSuffix is one of the possible DER-encoded certificate suffix. @@ -657,7 +659,11 @@ ON_EXIT: CloseFile (Private->FileContext->FHandle); Private->FileContext->FHandle = NULL; - Private->FileContext->FileName = NULL; + + if (Private->FileContext->FileName != NULL){ + FreePool(Private->FileContext->FileName); + Private->FileContext->FileName = NULL; + } if (Private->SignatureGUID != NULL) { FreePool (Private->SignatureGUID); @@ -779,7 +785,11 @@ EnrollX509ToKek ( ON_EXIT: CloseFile (Private->FileContext->FHandle); - Private->FileContext->FileName = NULL; + if (Private->FileContext->FileName != NULL){ + FreePool(Private->FileContext->FileName); + Private->FileContext->FileName = NULL; + } + Private->FileContext->FHandle = NULL; if (Private->SignatureGUID != NULL) { @@ -949,7 +959,11 @@ EnrollX509toSigDB ( ON_EXIT: CloseFile (Private->FileContext->FHandle); - Private->FileContext->FileName = NULL; + if (Private->FileContext->FileName != NULL){ + FreePool(Private->FileContext->FileName); + Private->FileContext->FileName = NULL; + } + Private->FileContext->FHandle = NULL; if (Private->SignatureGUID != NULL) { @@ -1509,7 +1523,11 @@ EnrollX509HashtoSigDB ( ON_EXIT: CloseFile (Private->FileContext->FHandle); - Private->FileContext->FileName = NULL; + if (Private->FileContext->FileName != NULL){ + FreePool(Private->FileContext->FileName); + Private->FileContext->FileName = NULL; + } + Private->FileContext->FHandle = NULL; if (Private->SignatureGUID != NULL) { @@ -2157,7 +2175,11 @@ ON_EXIT: CloseFile (Private->FileContext->FHandle); Private->FileContext->FHandle = NULL; - Private->FileContext->FileName = NULL; + + if (Private->FileContext->FileName != NULL){ + FreePool(Private->FileContext->FileName); + Private->FileContext->FileName = NULL; + } if (Private->SignatureGUID != NULL) { FreePool (Private->SignatureGUID); @@ -3434,16 +3456,20 @@ SecureBootCallback ( UINT8 *SecureBootMode; CHAR16 PromptString[100]; UINT8 CurSecureBootMode; + EFI_DEVICE_PATH_PROTOCOL *File; Status = EFI_SUCCESS; SecureBootEnable = NULL; SecureBootMode = NULL; + File = NULL; if ((This == NULL) || (Value == NULL) || (ActionRequest == NULL)) { return EFI_INVALID_PARAMETER; } Private = SECUREBOOT_CONFIG_PRIVATE_FROM_THIS (This); + gSecureBootPrivateData = Private; + // // Retrieve uncommitted data from Browser // @@ -3461,6 +3487,7 @@ SecureBootCallback ( // Update secure boot strings when opening this form // Status = UpdateSecureBootString(Private); + SecureBootExtractConfigFromVariable (IfrNvData); mIsEnterSecureBootForm = TRUE; } else if (QuestionId == KEY_TRANS_SECURE_BOOT_MODE){ // @@ -3523,11 +3550,6 @@ SecureBootCallback ( } break; - case KEY_SECURE_BOOT_OPTION: - FreeMenu (&DirectoryMenu); - FreeMenu (&FsOptionMenu); - break; - case KEY_SECURE_BOOT_KEK_OPTION: case KEY_SECURE_BOOT_DB_OPTION: case KEY_SECURE_BOOT_DBX_OPTION: @@ -3558,28 +3580,32 @@ SecureBootCallback ( // CleanUpPage (LabelId, Private); break; + case KEY_SECURE_BOOT_PK_OPTION: + LabelId = FORMID_ENROLL_PK_FORM; + // + // Refresh selected file. + // + CleanUpPage (LabelId, Private); + break; + + case FORMID_ENROLL_PK_FORM: + ChooseFile( NULL, NULL, (CHOOSE_HANDLER) UpdatePKFromFile, &File); + break; - case SECUREBOOT_ADD_PK_FILE_FORM_ID: case FORMID_ENROLL_KEK_FORM: + ChooseFile( NULL, NULL, (CHOOSE_HANDLER) UpdateKEKFromFile, &File); + break; + case SECUREBOOT_ENROLL_SIGNATURE_TO_DB: + ChooseFile( NULL, NULL, (CHOOSE_HANDLER) UpdateDBFromFile, &File); + break; + case SECUREBOOT_ENROLL_SIGNATURE_TO_DBX: - case SECUREBOOT_ENROLL_SIGNATURE_TO_DBT: - if (QuestionId == SECUREBOOT_ADD_PK_FILE_FORM_ID) { - Private->FeCurrentState = FileExplorerStateEnrollPkFile; - } else if (QuestionId == FORMID_ENROLL_KEK_FORM) { - Private->FeCurrentState = FileExplorerStateEnrollKekFile; - } else if (QuestionId == SECUREBOOT_ENROLL_SIGNATURE_TO_DB) { - Private->FeCurrentState = FileExplorerStateEnrollSignatureFileToDb; - } else if (QuestionId == SECUREBOOT_ENROLL_SIGNATURE_TO_DBX) { - Private->FeCurrentState = FileExplorerStateEnrollSignatureFileToDbx; - IfrNvData->CertificateFormat = HASHALG_SHA256; - } else { - Private->FeCurrentState = FileExplorerStateEnrollSignatureFileToDbt; - } + ChooseFile( NULL, NULL, (CHOOSE_HANDLER) UpdateDBXFromFile, &File); + break; - Private->FeDisplayContext = FileExplorerDisplayUnknown; - CleanUpPage (FORM_FILE_EXPLORER_ID, Private); - UpdateFileExplorer (Private, 0); + case SECUREBOOT_ENROLL_SIGNATURE_TO_DBT: + ChooseFile( NULL, NULL, (CHOOSE_HANDLER) UpdateDBTFromFile, &File); break; case KEY_SECURE_BOOT_DELETE_PK: @@ -3722,6 +3748,24 @@ SecureBootCallback ( ); } break; + case KEY_VALUE_SAVE_AND_EXIT_PK: + Status = EnrollPlatformKey (Private); + if (EFI_ERROR (Status)) { + UnicodeSPrint ( + PromptString, + sizeof (PromptString), + L"Only DER encoded certificate file (%s) is supported.", + mSupportX509Suffix + ); + CreatePopUp ( + EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, + &Key, + L"ERROR: Unsupported file type!", + PromptString, + NULL + ); + } + break; case KEY_TRANS_SECURE_BOOT_MODE: // // Pop up to alert user want to change secure boot mode @@ -3774,9 +3818,7 @@ SecureBootCallback ( break; default: - if (QuestionId >= FILE_OPTION_GOTO_OFFSET) { - UpdateFileExplorer (Private, QuestionId); - } else if ((QuestionId >= OPTION_DEL_KEK_QUESTION_ID) && + if ((QuestionId >= OPTION_DEL_KEK_QUESTION_ID) && (QuestionId < (OPTION_DEL_KEK_QUESTION_ID + OPTION_CONFIG_RANGE))) { DeleteKeyExchangeKey (Private, QuestionId); } else if ((QuestionId >= OPTION_DEL_DB_QUESTION_ID) && @@ -3814,32 +3856,6 @@ SecureBootCallback ( ); } break; - } - } else if (Action == EFI_BROWSER_ACTION_CHANGED) { - switch (QuestionId) { - case KEY_SECURE_BOOT_ENABLE: - *ActionRequest = EFI_BROWSER_ACTION_REQUEST_FORM_APPLY; - break; - case KEY_VALUE_SAVE_AND_EXIT_PK: - Status = EnrollPlatformKey (Private); - if (EFI_ERROR (Status)) { - UnicodeSPrint ( - PromptString, - sizeof (PromptString), - L"Only DER encoded certificate file (%s) is supported.", - mSupportX509Suffix - ); - CreatePopUp ( - EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, - &Key, - L"ERROR: Unsupported file type!", - PromptString, - NULL - ); - } else { - *ActionRequest = EFI_BROWSER_ACTION_REQUEST_RESET; - } - break; case KEY_VALUE_NO_SAVE_AND_EXIT_PK: case KEY_VALUE_NO_SAVE_AND_EXIT_KEK: @@ -3849,16 +3865,23 @@ SecureBootCallback ( if (Private->FileContext->FHandle != NULL) { CloseFile (Private->FileContext->FHandle); Private->FileContext->FHandle = NULL; - Private->FileContext->FileName = NULL; + if (Private->FileContext->FileName!= NULL){ + FreePool(Private->FileContext->FileName); + Private->FileContext->FileName = NULL; + } } if (Private->SignatureGUID != NULL) { FreePool (Private->SignatureGUID); Private->SignatureGUID = NULL; } - *ActionRequest = EFI_BROWSER_ACTION_REQUEST_EXIT; break; - + } + } else if (Action == EFI_BROWSER_ACTION_CHANGED) { + switch (QuestionId) { + case KEY_SECURE_BOOT_ENABLE: + *ActionRequest = EFI_BROWSER_ACTION_REQUEST_FORM_APPLY; + break; case KEY_SECURE_BOOT_MODE: mIsEnterSecureBootForm = FALSE; break; @@ -3898,11 +3921,6 @@ SecureBootCallback ( } break; default: - if (QuestionId >= FILE_OPTION_OFFSET && QuestionId < FILE_OPTION_GOTO_OFFSET) { - if (UpdateFileExplorer (Private, QuestionId)) { - *ActionRequest = EFI_BROWSER_ACTION_REQUEST_EXIT; - } - } break; } } else if (Action == EFI_BROWSER_ACTION_DEFAULT_STANDARD) { @@ -3939,6 +3957,11 @@ EXIT: FreePool (IfrNvData); + if (File != NULL){ + FreePool(File); + File = NULL; + } + return EFI_SUCCESS; } @@ -4003,19 +4026,12 @@ InstallSecureBootConfigForm ( PrivateData->HiiHandle = HiiHandle; PrivateData->FileContext = AllocateZeroPool (sizeof (SECUREBOOT_FILE_CONTEXT)); - PrivateData->MenuEntry = AllocateZeroPool (sizeof (SECUREBOOT_MENU_ENTRY)); - if (PrivateData->FileContext == NULL || PrivateData->MenuEntry == NULL) { + if (PrivateData->FileContext == NULL) { UninstallSecureBootConfigForm (PrivateData); return EFI_OUT_OF_RESOURCES; } - PrivateData->FeCurrentState = FileExplorerStateInActive; - PrivateData->FeDisplayContext = FileExplorerDisplayUnknown; - - InitializeListHead (&FsOptionMenu.Head); - InitializeListHead (&DirectoryMenu.Head); - // // Init OpCode Handle and Allocate space for creation of Buffer // @@ -4095,19 +4111,12 @@ UninstallSecureBootConfigForm ( FreePool (PrivateData->SignatureGUID); } - if (PrivateData->MenuEntry != NULL) { - FreePool (PrivateData->MenuEntry); - } - if (PrivateData->FileContext != NULL) { FreePool (PrivateData->FileContext); } FreePool (PrivateData); - FreeMenu (&DirectoryMenu); - FreeMenu (&FsOptionMenu); - if (mStartOpCodeHandle != NULL) { HiiFreeOpCodeHandle (mStartOpCodeHandle); } diff --git a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.h b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.h index bcb1c12e23..a8dbd92ee4 100644 --- a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.h +++ b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.h @@ -2,7 +2,7 @@ The header file of HII Config Access protocol implementation of SecureBoot configuration module. -Copyright (c) 2011 - 2014, Intel Corporation. All rights reserved.
+Copyright (c) 2011 - 2016, Intel Corporation. All rights reserved.
This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD License which accompanies this distribution. The full text of the license may be found at @@ -39,6 +39,8 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. #include #include #include +#include + #include #include #include @@ -118,22 +120,6 @@ typedef struct { CHAR16 TargetName[1]; } ISCSI_DEVICE_PATH_WITH_NAME; -typedef enum _FILE_EXPLORER_DISPLAY_CONTEXT { - FileExplorerDisplayFileSystem, - FileExplorerDisplayDirectory, - FileExplorerDisplayUnknown -} FILE_EXPLORER_DISPLAY_CONTEXT; - -typedef enum _FILE_EXPLORER_STATE { - FileExplorerStateInActive = 0, - FileExplorerStateEnrollPkFile, - FileExplorerStateEnrollKekFile, - FileExplorerStateEnrollSignatureFileToDb, - FileExplorerStateEnrollSignatureFileToDbx, - FileExplorerStateEnrollSignatureFileToDbt, - FileExplorerStateUnknown -} FILE_EXPLORER_STATE; - typedef struct { CHAR16 *Str; UINTN Len; @@ -159,32 +145,9 @@ typedef struct { UINTN MenuNumber; } SECUREBOOT_MENU_OPTION; -extern SECUREBOOT_MENU_OPTION FsOptionMenu; -extern SECUREBOOT_MENU_OPTION DirectoryMenu; - -typedef struct { - UINTN Signature; - LIST_ENTRY Link; - UINTN OptionNumber; - UINT16 *DisplayString; - UINT16 *HelpString; - EFI_STRING_ID DisplayStringToken; - EFI_STRING_ID HelpStringToken; - VOID *FileContext; -} SECUREBOOT_MENU_ENTRY; - typedef struct { - EFI_HANDLE Handle; - EFI_DEVICE_PATH_PROTOCOL *DevicePath; EFI_FILE_HANDLE FHandle; UINT16 *FileName; - EFI_FILE_SYSTEM_VOLUME_LABEL *Info; - - BOOLEAN IsRoot; - BOOLEAN IsDir; - BOOLEAN IsRemovableMedia; - BOOLEAN IsLoadFile; - BOOLEAN IsBootLegacy; } SECUREBOOT_FILE_CONTEXT; @@ -216,16 +179,13 @@ typedef struct { EFI_HII_HANDLE HiiHandle; EFI_HANDLE DriverHandle; - FILE_EXPLORER_STATE FeCurrentState; - FILE_EXPLORER_DISPLAY_CONTEXT FeDisplayContext; - - SECUREBOOT_MENU_ENTRY *MenuEntry; SECUREBOOT_FILE_CONTEXT *FileContext; EFI_GUID *SignatureGUID; } SECUREBOOT_CONFIG_PRIVATE_DATA; extern SECUREBOOT_CONFIG_PRIVATE_DATA mSecureBootConfigPrivateDateTemplate; +extern SECUREBOOT_CONFIG_PRIVATE_DATA *gSecureBootPrivateData; #define SECUREBOOT_CONFIG_PRIVATE_DATA_SIGNATURE SIGNATURE_32 ('S', 'E', 'C', 'B') #define SECUREBOOT_CONFIG_PRIVATE_FROM_THIS(a) CR (a, SECUREBOOT_CONFIG_PRIVATE_DATA, ConfigAccess, SECUREBOOT_CONFIG_PRIVATE_DATA_SIGNATURE) @@ -495,35 +455,6 @@ CleanUpPage ( ); -/** - Update the file explorer page with the refreshed file system. - - @param[in] PrivateData Module private data. - @param[in] KeyValue Key value to identify the type of data to expect. - - @retval TRUE Inform the caller to create a callback packet to exit file explorer. - @retval FALSE Indicate that there is no need to exit file explorer. - -**/ -BOOLEAN -UpdateFileExplorer ( - IN SECUREBOOT_CONFIG_PRIVATE_DATA *PrivateData, - IN UINT16 KeyValue - ); - - -/** - Free resources allocated in Allocate Rountine. - - @param[in, out] MenuOption Menu to be freed - -**/ -VOID -FreeMenu ( - IN OUT SECUREBOOT_MENU_OPTION *MenuOption - ); - - /** Read file content into BufferPtr, the size of the allocate buffer is *FileSize plus AddtionAllocateSize. @@ -621,4 +552,69 @@ GuidToString ( IN UINTN BufferSize ); +/** + Update the PK form base on the input file path info. + + @param FilePath Point to the file path. + + @retval TRUE Exit caller function. + @retval FALSE Not exit caller function. +**/ +BOOLEAN +UpdatePKFromFile ( + IN EFI_DEVICE_PATH_PROTOCOL *FilePath + ); + +/** + Update the KEK form base on the input file path info. + + @param FilePath Point to the file path. + + @retval TRUE Exit caller function. + @retval FALSE Not exit caller function. +**/ +BOOLEAN +UpdateKEKFromFile ( + IN EFI_DEVICE_PATH_PROTOCOL *FilePath + ); + +/** + Update the DB form base on the input file path info. + + @param FilePath Point to the file path. + + @retval TRUE Exit caller function. + @retval FALSE Not exit caller function. +**/ +BOOLEAN +UpdateDBFromFile ( + IN EFI_DEVICE_PATH_PROTOCOL *FilePath + ); + +/** + Update the DBX form base on the input file path info. + + @param FilePath Point to the file path. + + @retval TRUE Exit caller function. + @retval FALSE Not exit caller function. +**/ +BOOLEAN +UpdateDBXFromFile ( + IN EFI_DEVICE_PATH_PROTOCOL *FilePath + ); + +/** + Update the DBT form base on the input file path info. + + @param FilePath Point to the file path. + + @retval TRUE Exit caller function. + @retval FALSE Not exit caller function. +**/ +BOOLEAN +UpdateDBTFromFile ( + IN EFI_DEVICE_PATH_PROTOCOL *FilePath + ); + #endif diff --git a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigNvData.h b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigNvData.h index 101b605e2c..cf8dc885de 100644 --- a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigNvData.h +++ b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigNvData.h @@ -36,15 +36,9 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. #define SECUREBOOT_DELETE_SIGNATURE_FROM_DB 0x0c #define SECUREBOOT_ENROLL_SIGNATURE_TO_DBX 0x0d #define SECUREBOOT_DELETE_SIGNATURE_FROM_DBX 0x0e -#define FORM_FILE_EXPLORER_ID 0x0f -#define FORM_FILE_EXPLORER_ID_PK 0x10 -#define FORM_FILE_EXPLORER_ID_KEK 0x11 -#define FORM_FILE_EXPLORER_ID_DB 0x12 -#define FORM_FILE_EXPLORER_ID_DBX 0x13 #define FORMID_SECURE_BOOT_DBT_OPTION_FORM 0x14 #define SECUREBOOT_ENROLL_SIGNATURE_TO_DBT 0x15 #define SECUREBOOT_DELETE_SIGNATURE_FROM_DBT 0x16 -#define FORM_FILE_EXPLORER_ID_DBT 0x17 #define SECURE_BOOT_MODE_CUSTOM 0x01 #define SECURE_BOOT_MODE_STANDARD 0x00 @@ -111,10 +105,6 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. // #define OPTION_DEL_DBT_QUESTION_ID 0x5000 -#define FILE_OPTION_GOTO_OFFSET 0xC000 -#define FILE_OPTION_OFFSET 0x8000 -#define FILE_OPTION_MASK 0x3FFF - #define SECURE_BOOT_GUID_SIZE 36 #define SECURE_BOOT_GUID_STORAGE_SIZE 37 -- 2.39.2