2012-03-27 10:17:23 +02:00
|
|
|
/** @file
|
|
|
|
Internal file explorer functions for SecureBoot configuration module.
|
|
|
|
|
2016-01-28 02:36:43 +01:00
|
|
|
Copyright (c) 2012 - 2016, Intel Corporation. All rights reserved.<BR>
|
2019-04-04 01:06:56 +02:00
|
|
|
SPDX-License-Identifier: BSD-2-Clause-Patent
|
2012-03-27 10:17:23 +02:00
|
|
|
|
|
|
|
**/
|
|
|
|
|
|
|
|
#include "SecureBootConfigImpl.h"
|
|
|
|
|
|
|
|
VOID *mStartOpCodeHandle = NULL;
|
|
|
|
VOID *mEndOpCodeHandle = NULL;
|
|
|
|
EFI_IFR_GUID_LABEL *mStartLabel = NULL;
|
|
|
|
EFI_IFR_GUID_LABEL *mEndLabel = NULL;
|
|
|
|
|
|
|
|
/**
|
2016-01-28 02:36:43 +01:00
|
|
|
Refresh the global UpdateData structure.
|
2012-03-27 10:17:23 +02:00
|
|
|
|
|
|
|
**/
|
2016-01-28 02:36:43 +01:00
|
|
|
VOID
|
|
|
|
RefreshUpdateData (
|
|
|
|
VOID
|
2012-03-27 10:17:23 +02:00
|
|
|
)
|
|
|
|
{
|
|
|
|
//
|
2016-01-28 02:36:43 +01:00
|
|
|
// Free current updated date
|
2012-03-27 10:17:23 +02:00
|
|
|
//
|
2016-01-28 02:36:43 +01:00
|
|
|
if (mStartOpCodeHandle != NULL) {
|
|
|
|
HiiFreeOpCodeHandle (mStartOpCodeHandle);
|
2012-03-27 10:17:23 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
//
|
2016-01-28 02:36:43 +01:00
|
|
|
// Create new OpCode Handle
|
2012-03-27 10:17:23 +02:00
|
|
|
//
|
2016-01-28 02:36:43 +01:00
|
|
|
mStartOpCodeHandle = HiiAllocateOpCodeHandle ();
|
2012-03-27 10:17:23 +02:00
|
|
|
|
|
|
|
//
|
2016-01-28 02:36:43 +01:00
|
|
|
// Create Hii Extend Label OpCode as the start opcode
|
2012-03-27 10:17:23 +02:00
|
|
|
//
|
2016-01-28 02:36:43 +01:00
|
|
|
mStartLabel = (EFI_IFR_GUID_LABEL *) HiiCreateGuidOpCode (
|
|
|
|
mStartOpCodeHandle,
|
|
|
|
&gEfiIfrTianoGuid,
|
|
|
|
NULL,
|
|
|
|
sizeof (EFI_IFR_GUID_LABEL)
|
2012-03-27 10:17:23 +02:00
|
|
|
);
|
2016-01-28 02:36:43 +01:00
|
|
|
mStartLabel->ExtendOpCode = EFI_IFR_EXTEND_OP_LABEL;
|
2012-03-27 10:17:23 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
2016-01-28 02:36:43 +01:00
|
|
|
Clean up the dynamic opcode at label and form specified by both LabelId.
|
2012-03-27 10:17:23 +02:00
|
|
|
|
2016-01-28 02:36:43 +01:00
|
|
|
@param[in] LabelId It is both the Form ID and Label ID for opcode deletion.
|
|
|
|
@param[in] PrivateData Module private data.
|
2014-11-14 09:41:12 +01:00
|
|
|
|
2012-03-27 10:17:23 +02:00
|
|
|
**/
|
|
|
|
VOID
|
2016-01-28 02:36:43 +01:00
|
|
|
CleanUpPage (
|
|
|
|
IN UINT16 LabelId,
|
|
|
|
IN SECUREBOOT_CONFIG_PRIVATE_DATA *PrivateData
|
2012-03-27 10:17:23 +02:00
|
|
|
)
|
|
|
|
{
|
2016-01-28 02:36:43 +01:00
|
|
|
RefreshUpdateData ();
|
2012-03-27 10:17:23 +02:00
|
|
|
|
|
|
|
//
|
2016-01-28 02:36:43 +01:00
|
|
|
// Remove all op-codes from dynamic page
|
2012-03-27 10:17:23 +02:00
|
|
|
//
|
2016-01-28 02:36:43 +01:00
|
|
|
mStartLabel->Number = LabelId;
|
|
|
|
HiiUpdateForm (
|
|
|
|
PrivateData->HiiHandle,
|
|
|
|
&gSecureBootConfigFormSetGuid,
|
|
|
|
LabelId,
|
|
|
|
mStartOpCodeHandle, // Label LabelId
|
|
|
|
mEndOpCodeHandle // LABEL_END
|
|
|
|
);
|
2012-03-27 10:17:23 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
2016-01-28 02:36:43 +01:00
|
|
|
Extract filename from device path. The returned buffer is allocated using AllocateCopyPool.
|
2016-02-29 07:37:07 +01:00
|
|
|
The caller is responsible for freeing the allocated buffer using FreePool(). If return NULL
|
|
|
|
means not enough memory resource.
|
2012-03-27 10:17:23 +02:00
|
|
|
|
2016-01-28 02:36:43 +01:00
|
|
|
@param DevicePath Device path.
|
2012-03-27 10:17:23 +02:00
|
|
|
|
2020-02-07 02:08:19 +01:00
|
|
|
@retval NULL Not enough memory resource for AllocateCopyPool.
|
2016-02-29 07:37:07 +01:00
|
|
|
@retval Other A new allocated string that represents the file name.
|
2012-03-27 10:17:23 +02:00
|
|
|
|
|
|
|
**/
|
2016-01-28 02:36:43 +01:00
|
|
|
CHAR16 *
|
|
|
|
ExtractFileNameFromDevicePath (
|
|
|
|
IN EFI_DEVICE_PATH_PROTOCOL *DevicePath
|
2012-03-27 10:17:23 +02:00
|
|
|
)
|
|
|
|
{
|
2016-01-28 02:36:43 +01:00
|
|
|
CHAR16 *String;
|
|
|
|
CHAR16 *MatchString;
|
|
|
|
CHAR16 *LastMatch;
|
|
|
|
CHAR16 *FileName;
|
|
|
|
UINTN Length;
|
2012-03-27 10:17:23 +02:00
|
|
|
|
2016-01-28 02:36:43 +01:00
|
|
|
ASSERT(DevicePath != NULL);
|
2012-03-27 10:17:23 +02:00
|
|
|
|
2016-01-28 02:36:43 +01:00
|
|
|
String = DevicePathToStr(DevicePath);
|
|
|
|
MatchString = String;
|
|
|
|
LastMatch = String;
|
2016-02-29 07:37:07 +01:00
|
|
|
FileName = NULL;
|
2012-03-27 10:17:23 +02:00
|
|
|
|
2016-01-28 02:36:43 +01:00
|
|
|
while(MatchString != NULL){
|
|
|
|
LastMatch = MatchString + 1;
|
|
|
|
MatchString = StrStr(LastMatch,L"\\");
|
2012-03-27 10:17:23 +02:00
|
|
|
}
|
|
|
|
|
2016-01-28 02:36:43 +01:00
|
|
|
Length = StrLen(LastMatch);
|
|
|
|
FileName = AllocateCopyPool ((Length + 1) * sizeof(CHAR16), LastMatch);
|
2016-02-29 07:37:07 +01:00
|
|
|
if (FileName != NULL) {
|
|
|
|
*(FileName + Length) = 0;
|
|
|
|
}
|
2012-03-27 10:17:23 +02:00
|
|
|
|
2016-01-28 02:36:43 +01:00
|
|
|
FreePool(String);
|
2014-11-14 09:41:12 +01:00
|
|
|
|
2016-01-28 02:36:43 +01:00
|
|
|
return FileName;
|
2012-03-27 10:17:23 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
/**
|
2016-01-28 02:36:43 +01:00
|
|
|
Update the form base on the selected file.
|
2012-03-27 10:17:23 +02:00
|
|
|
|
2016-01-28 02:36:43 +01:00
|
|
|
@param FilePath Point to the file path.
|
|
|
|
@param FormId The form need to display.
|
2012-03-27 10:17:23 +02:00
|
|
|
|
2016-01-28 02:36:43 +01:00
|
|
|
@retval TRUE Exit caller function.
|
|
|
|
@retval FALSE Not exit caller function.
|
2012-03-27 10:17:23 +02:00
|
|
|
|
|
|
|
**/
|
2016-01-28 02:36:43 +01:00
|
|
|
BOOLEAN
|
|
|
|
UpdatePage(
|
|
|
|
IN EFI_DEVICE_PATH_PROTOCOL *FilePath,
|
|
|
|
IN EFI_FORM_ID FormId
|
2012-03-27 10:17:23 +02:00
|
|
|
)
|
|
|
|
{
|
2016-01-28 02:36:43 +01:00
|
|
|
CHAR16 *FileName;
|
|
|
|
EFI_STRING_ID StringToken;
|
2012-03-27 10:17:23 +02:00
|
|
|
|
2016-02-29 07:37:07 +01:00
|
|
|
FileName = NULL;
|
|
|
|
|
|
|
|
if (FilePath != NULL) {
|
2016-01-28 02:36:43 +01:00
|
|
|
FileName = ExtractFileNameFromDevicePath(FilePath);
|
2012-03-27 10:17:23 +02:00
|
|
|
}
|
2016-02-29 07:37:07 +01:00
|
|
|
if (FileName == NULL) {
|
|
|
|
//
|
|
|
|
// FileName = NULL has two case:
|
|
|
|
// 1. FilePath == NULL, not select file.
|
|
|
|
// 2. FilePath != NULL, but ExtractFileNameFromDevicePath return NULL not enough memory resource.
|
|
|
|
// In these two case, no need to update the form, and exit the caller function.
|
|
|
|
//
|
|
|
|
return TRUE;
|
|
|
|
}
|
|
|
|
StringToken = HiiSetString (gSecureBootPrivateData->HiiHandle, 0, FileName, NULL);
|
2012-03-27 10:17:23 +02:00
|
|
|
|
2016-01-28 02:36:43 +01:00
|
|
|
gSecureBootPrivateData->FileContext->FileName = FileName;
|
2014-11-14 09:41:12 +01:00
|
|
|
|
2018-07-18 19:38:40 +02:00
|
|
|
EfiOpenFileByDevicePath (
|
2016-01-28 02:36:43 +01:00
|
|
|
&FilePath,
|
|
|
|
&gSecureBootPrivateData->FileContext->FHandle,
|
|
|
|
EFI_FILE_MODE_READ,
|
|
|
|
0
|
|
|
|
);
|
2012-03-27 10:17:23 +02:00
|
|
|
//
|
2016-01-28 02:36:43 +01:00
|
|
|
// Create Subtitle op-code for the display string of the option.
|
2012-03-27 10:17:23 +02:00
|
|
|
//
|
2016-01-28 02:36:43 +01:00
|
|
|
RefreshUpdateData ();
|
|
|
|
mStartLabel->Number = FormId;
|
2012-03-27 10:17:23 +02:00
|
|
|
|
2016-01-28 02:36:43 +01:00
|
|
|
HiiCreateSubTitleOpCode (
|
|
|
|
mStartOpCodeHandle,
|
|
|
|
StringToken,
|
|
|
|
0,
|
|
|
|
0,
|
|
|
|
0
|
|
|
|
);
|
|
|
|
|
|
|
|
HiiUpdateForm (
|
|
|
|
gSecureBootPrivateData->HiiHandle,
|
|
|
|
&gSecureBootConfigFormSetGuid,
|
|
|
|
FormId,
|
|
|
|
mStartOpCodeHandle, // Label FormId
|
|
|
|
mEndOpCodeHandle // LABEL_END
|
|
|
|
);
|
|
|
|
|
|
|
|
return TRUE;
|
2012-03-27 10:17:23 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
2016-01-28 02:36:43 +01:00
|
|
|
Update the PK form base on the input file path info.
|
2012-03-27 10:17:23 +02:00
|
|
|
|
2016-01-28 02:36:43 +01:00
|
|
|
@param FilePath Point to the file path.
|
|
|
|
|
|
|
|
@retval TRUE Exit caller function.
|
|
|
|
@retval FALSE Not exit caller function.
|
2012-03-27 10:17:23 +02:00
|
|
|
**/
|
2016-01-28 02:36:43 +01:00
|
|
|
BOOLEAN
|
SecurityPkg/SecureBootConfigDxe: Declare EFIAPI for the ChooseFile handlers
The SecureBootConfig now uses ChooseFile() from FileExplorerLib
to select the certificates to be enrolled into PK, KEK, DB, DBX,
or DBT, and the corresponding handlers to get the content of the
file. Per the definition of CHOOSE_HANDLER, the handler must use
EFIAPI as the calling convention. However, the calling convention
was not specified the following handlers: UpdatePKFromFile(),
UpdateKEKFromFile(), UpdateDBFromFile(), UpdateDBXFromFile(), and
UpdateDBTFromFile(). When compiling the firmware with gcc, the
default calling convention is not compatible with EFIAPI, so the
handlers interpreted the argument the wrong way and passed the
wrong device path to UpdatePage(), and the system crashed when
the user tried to enroll a certificate into the key database.
This commit specifies the calling convention for those functions
so that gcc can generate the right code.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Gary Lin <glin@suse.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Dandan Bi <dandan.bi@intel.com>
2016-03-21 10:04:36 +01:00
|
|
|
EFIAPI
|
2016-01-28 02:36:43 +01:00
|
|
|
UpdatePKFromFile (
|
|
|
|
IN EFI_DEVICE_PATH_PROTOCOL *FilePath
|
2012-03-27 10:17:23 +02:00
|
|
|
)
|
|
|
|
{
|
2016-01-28 02:36:43 +01:00
|
|
|
return UpdatePage(FilePath, FORMID_ENROLL_PK_FORM);
|
2012-03-27 10:17:23 +02:00
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
2016-01-28 02:36:43 +01:00
|
|
|
Update the KEK form base on the input file path info.
|
2012-03-27 10:17:23 +02:00
|
|
|
|
2016-01-28 02:36:43 +01:00
|
|
|
@param FilePath Point to the file path.
|
2012-03-27 10:17:23 +02:00
|
|
|
|
2016-01-28 02:36:43 +01:00
|
|
|
@retval TRUE Exit caller function.
|
|
|
|
@retval FALSE Not exit caller function.
|
2012-03-27 10:17:23 +02:00
|
|
|
**/
|
2016-01-28 02:36:43 +01:00
|
|
|
BOOLEAN
|
SecurityPkg/SecureBootConfigDxe: Declare EFIAPI for the ChooseFile handlers
The SecureBootConfig now uses ChooseFile() from FileExplorerLib
to select the certificates to be enrolled into PK, KEK, DB, DBX,
or DBT, and the corresponding handlers to get the content of the
file. Per the definition of CHOOSE_HANDLER, the handler must use
EFIAPI as the calling convention. However, the calling convention
was not specified the following handlers: UpdatePKFromFile(),
UpdateKEKFromFile(), UpdateDBFromFile(), UpdateDBXFromFile(), and
UpdateDBTFromFile(). When compiling the firmware with gcc, the
default calling convention is not compatible with EFIAPI, so the
handlers interpreted the argument the wrong way and passed the
wrong device path to UpdatePage(), and the system crashed when
the user tried to enroll a certificate into the key database.
This commit specifies the calling convention for those functions
so that gcc can generate the right code.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Gary Lin <glin@suse.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Dandan Bi <dandan.bi@intel.com>
2016-03-21 10:04:36 +01:00
|
|
|
EFIAPI
|
2016-01-28 02:36:43 +01:00
|
|
|
UpdateKEKFromFile (
|
|
|
|
IN EFI_DEVICE_PATH_PROTOCOL *FilePath
|
2012-03-27 10:17:23 +02:00
|
|
|
)
|
|
|
|
{
|
2016-01-28 02:36:43 +01:00
|
|
|
return UpdatePage(FilePath, FORMID_ENROLL_KEK_FORM);
|
2012-03-27 10:17:23 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
2016-01-28 02:36:43 +01:00
|
|
|
Update the DB form base on the input file path info.
|
2012-03-27 10:17:23 +02:00
|
|
|
|
2016-01-28 02:36:43 +01:00
|
|
|
@param FilePath Point to the file path.
|
2012-03-27 10:17:23 +02:00
|
|
|
|
2016-01-28 02:36:43 +01:00
|
|
|
@retval TRUE Exit caller function.
|
|
|
|
@retval FALSE Not exit caller function.
|
2012-03-27 10:17:23 +02:00
|
|
|
**/
|
|
|
|
BOOLEAN
|
SecurityPkg/SecureBootConfigDxe: Declare EFIAPI for the ChooseFile handlers
The SecureBootConfig now uses ChooseFile() from FileExplorerLib
to select the certificates to be enrolled into PK, KEK, DB, DBX,
or DBT, and the corresponding handlers to get the content of the
file. Per the definition of CHOOSE_HANDLER, the handler must use
EFIAPI as the calling convention. However, the calling convention
was not specified the following handlers: UpdatePKFromFile(),
UpdateKEKFromFile(), UpdateDBFromFile(), UpdateDBXFromFile(), and
UpdateDBTFromFile(). When compiling the firmware with gcc, the
default calling convention is not compatible with EFIAPI, so the
handlers interpreted the argument the wrong way and passed the
wrong device path to UpdatePage(), and the system crashed when
the user tried to enroll a certificate into the key database.
This commit specifies the calling convention for those functions
so that gcc can generate the right code.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Gary Lin <glin@suse.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Dandan Bi <dandan.bi@intel.com>
2016-03-21 10:04:36 +01:00
|
|
|
EFIAPI
|
2016-01-28 02:36:43 +01:00
|
|
|
UpdateDBFromFile (
|
|
|
|
IN EFI_DEVICE_PATH_PROTOCOL *FilePath
|
2012-03-27 10:17:23 +02:00
|
|
|
)
|
|
|
|
{
|
2016-01-28 02:36:43 +01:00
|
|
|
return UpdatePage(FilePath, SECUREBOOT_ENROLL_SIGNATURE_TO_DB);
|
|
|
|
}
|
2012-03-27 10:17:23 +02:00
|
|
|
|
2016-01-28 02:36:43 +01:00
|
|
|
/**
|
|
|
|
Update the DBX form base on the input file path info.
|
2012-03-27 10:17:23 +02:00
|
|
|
|
2016-01-28 02:36:43 +01:00
|
|
|
@param FilePath Point to the file path.
|
2012-03-27 10:17:23 +02:00
|
|
|
|
2016-01-28 02:36:43 +01:00
|
|
|
@retval TRUE Exit caller function.
|
|
|
|
@retval FALSE Not exit caller function.
|
|
|
|
**/
|
|
|
|
BOOLEAN
|
SecurityPkg/SecureBootConfigDxe: Declare EFIAPI for the ChooseFile handlers
The SecureBootConfig now uses ChooseFile() from FileExplorerLib
to select the certificates to be enrolled into PK, KEK, DB, DBX,
or DBT, and the corresponding handlers to get the content of the
file. Per the definition of CHOOSE_HANDLER, the handler must use
EFIAPI as the calling convention. However, the calling convention
was not specified the following handlers: UpdatePKFromFile(),
UpdateKEKFromFile(), UpdateDBFromFile(), UpdateDBXFromFile(), and
UpdateDBTFromFile(). When compiling the firmware with gcc, the
default calling convention is not compatible with EFIAPI, so the
handlers interpreted the argument the wrong way and passed the
wrong device path to UpdatePage(), and the system crashed when
the user tried to enroll a certificate into the key database.
This commit specifies the calling convention for those functions
so that gcc can generate the right code.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Gary Lin <glin@suse.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Dandan Bi <dandan.bi@intel.com>
2016-03-21 10:04:36 +01:00
|
|
|
EFIAPI
|
2016-01-28 02:36:43 +01:00
|
|
|
UpdateDBXFromFile (
|
|
|
|
IN EFI_DEVICE_PATH_PROTOCOL *FilePath
|
|
|
|
)
|
|
|
|
{
|
|
|
|
return UpdatePage(FilePath, SECUREBOOT_ENROLL_SIGNATURE_TO_DBX);
|
2012-03-27 10:17:23 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
2016-01-28 02:36:43 +01:00
|
|
|
Update the DBT form base on the input file path info.
|
2012-03-27 10:17:23 +02:00
|
|
|
|
2016-01-28 02:36:43 +01:00
|
|
|
@param FilePath Point to the file path.
|
2012-03-27 10:17:23 +02:00
|
|
|
|
2016-01-28 02:36:43 +01:00
|
|
|
@retval TRUE Exit caller function.
|
|
|
|
@retval FALSE Not exit caller function.
|
2012-03-27 10:17:23 +02:00
|
|
|
**/
|
2016-01-28 02:36:43 +01:00
|
|
|
BOOLEAN
|
SecurityPkg/SecureBootConfigDxe: Declare EFIAPI for the ChooseFile handlers
The SecureBootConfig now uses ChooseFile() from FileExplorerLib
to select the certificates to be enrolled into PK, KEK, DB, DBX,
or DBT, and the corresponding handlers to get the content of the
file. Per the definition of CHOOSE_HANDLER, the handler must use
EFIAPI as the calling convention. However, the calling convention
was not specified the following handlers: UpdatePKFromFile(),
UpdateKEKFromFile(), UpdateDBFromFile(), UpdateDBXFromFile(), and
UpdateDBTFromFile(). When compiling the firmware with gcc, the
default calling convention is not compatible with EFIAPI, so the
handlers interpreted the argument the wrong way and passed the
wrong device path to UpdatePage(), and the system crashed when
the user tried to enroll a certificate into the key database.
This commit specifies the calling convention for those functions
so that gcc can generate the right code.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Gary Lin <glin@suse.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Dandan Bi <dandan.bi@intel.com>
2016-03-21 10:04:36 +01:00
|
|
|
EFIAPI
|
2016-01-28 02:36:43 +01:00
|
|
|
UpdateDBTFromFile (
|
|
|
|
IN EFI_DEVICE_PATH_PROTOCOL *FilePath
|
2012-03-27 10:17:23 +02:00
|
|
|
)
|
|
|
|
{
|
2016-01-28 02:36:43 +01:00
|
|
|
return UpdatePage(FilePath, SECUREBOOT_ENROLL_SIGNATURE_TO_DBT);
|
2012-03-27 10:17:23 +02:00
|
|
|
}
|
2016-01-28 02:36:43 +01:00
|
|
|
|