mirror of https://github.com/acidanthera/audk.git
SecurityPkg: SecureBootConfigDxe: Remove SecureBoot UI change for Customized Secure Boot
Remove SecureBoot UI support for Customized SecureBoot Mode transition according to Mantis 1263.
The feature has been moved to
https://github.com/tianocore/edk2-staging/tree/Customized-Secure-Boot
Previous check-in hash is
SHA-1: 96832eefea
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Chao Zhang <chao.b.zhang@intel.com>
Reviewed-by: El-Haj-Mahmoud Samer <samer.el-haj-mahmoud@hpe.com>
Reviewed-by: Fu Siyuan <siyuan.fu@intel.com>
This commit is contained in:
parent
560ac77ea1
commit
12087ff6d6
|
@ -33,14 +33,6 @@ formset
|
|||
|
||||
subtitle text = STRING_TOKEN(STR_NULL);
|
||||
|
||||
//
|
||||
// Display current secure boot mode(one of SetupMode/AuditMode/UserMode/DeployedMode)
|
||||
//
|
||||
text
|
||||
help = STRING_TOKEN(STR_CUR_SECURE_BOOT_MODE_HELP),
|
||||
text = STRING_TOKEN(STR_CUR_SECURE_BOOT_MODE_PROMPT),
|
||||
text = STRING_TOKEN(STR_CUR_SECURE_BOOT_MODE_CONTENT);
|
||||
|
||||
text
|
||||
help = STRING_TOKEN(STR_SECURE_BOOT_STATE_HELP),
|
||||
text = STRING_TOKEN(STR_SECURE_BOOT_STATE_PROMPT),
|
||||
|
@ -71,7 +63,7 @@ formset
|
|||
endoneof;
|
||||
|
||||
//
|
||||
// Display PK include page
|
||||
// Display of 'Current Secure Boot Mode'
|
||||
//
|
||||
suppressif questionref(SecureBootMode) == SECURE_BOOT_MODE_STANDARD;
|
||||
grayoutif NOT ideqval SECUREBOOT_CONFIGURATION.PhysicalPresent == 1;
|
||||
|
@ -93,33 +85,6 @@ formset
|
|||
|
||||
subtitle text = STRING_TOKEN(STR_NULL);
|
||||
|
||||
//
|
||||
// Display of SetupMode/UserMode/AuditMode/DeployedMode transition
|
||||
//
|
||||
oneof name = TransSecureBootMode,
|
||||
questionid = KEY_TRANS_SECURE_BOOT_MODE,
|
||||
prompt = STRING_TOKEN(STR_TRANS_SECURE_BOOT_MODE_PROMPT),
|
||||
help = STRING_TOKEN(STR_TRANS_SECURE_BOOT_MODE_HELP),
|
||||
flags = INTERACTIVE | NUMERIC_SIZE_1,
|
||||
suppressif ideqval SECUREBOOT_CONFIGURATION.CurSecureBootMode == SECURE_BOOT_MODE_AUDIT_MODE
|
||||
OR (ideqval SECUREBOOT_CONFIGURATION.CurSecureBootMode == SECURE_BOOT_MODE_DEPLOYED_MODE AND
|
||||
ideqval SECUREBOOT_CONFIGURATION.PhysicalPresent == 0);
|
||||
option text = STRING_TOKEN(STR_USER_MODE), value = SECURE_BOOT_MODE_USER_MODE, flags = 0;
|
||||
endif
|
||||
suppressif ideqval SECUREBOOT_CONFIGURATION.CurSecureBootMode == SECURE_BOOT_MODE_AUDIT_MODE;
|
||||
option text = STRING_TOKEN(STR_SETUP_MODE), value = SECURE_BOOT_MODE_SETUP_MODE, flags = 0;
|
||||
endif
|
||||
suppressif ideqval SECUREBOOT_CONFIGURATION.CurSecureBootMode == SECURE_BOOT_MODE_DEPLOYED_MODE;
|
||||
option text = STRING_TOKEN(STR_AUDIT_MODE), value = SECURE_BOOT_MODE_AUDIT_MODE, flags = 0;
|
||||
endif
|
||||
suppressif ideqval SECUREBOOT_CONFIGURATION.CurSecureBootMode == SECURE_BOOT_MODE_SETUP_MODE;
|
||||
option text = STRING_TOKEN(STR_DEPLOYED_MODE), value = SECURE_BOOT_MODE_DEPLOYED_MODE, flags = 0;
|
||||
endif
|
||||
|
||||
endoneof;
|
||||
|
||||
subtitle text = STRING_TOKEN(STR_NULL);
|
||||
|
||||
goto FORMID_SECURE_BOOT_PK_OPTION_FORM,
|
||||
prompt = STRING_TOKEN(STR_SECURE_BOOT_PK_OPTION),
|
||||
help = STRING_TOKEN(STR_SECURE_BOOT_PK_OPTION_HELP),
|
||||
|
|
|
@ -49,8 +49,6 @@ HII_VENDOR_DEVICE_PATH mSecureBootHiiVendorDevicePath = {
|
|||
|
||||
|
||||
BOOLEAN mIsEnterSecureBootForm = FALSE;
|
||||
BOOLEAN mIsSelectedSecureBootModeForm = FALSE;
|
||||
BOOLEAN mIsSecureBootModeChanged = FALSE;
|
||||
|
||||
//
|
||||
// OID ASN.1 Value for Hash Algorithms
|
||||
|
@ -2832,256 +2830,6 @@ ON_EXIT:
|
|||
);
|
||||
}
|
||||
|
||||
/**
|
||||
Perform secure boot mode transition from User Mode by setting AuditMode
|
||||
or DeployedMode variable.
|
||||
|
||||
@param[in] NewMode New secure boot mode.
|
||||
|
||||
@retval EFI_SUCCESS Secure Boot mode transition is successful.
|
||||
**/
|
||||
EFI_STATUS
|
||||
TransitionFromUserMode(
|
||||
IN UINT8 NewMode
|
||||
)
|
||||
{
|
||||
UINT8 Data;
|
||||
EFI_STATUS Status;
|
||||
|
||||
if (NewMode == SECURE_BOOT_MODE_AUDIT_MODE) {
|
||||
Data = 1;
|
||||
Status = gRT->SetVariable(
|
||||
EFI_AUDIT_MODE_NAME,
|
||||
&gEfiGlobalVariableGuid,
|
||||
EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS,
|
||||
sizeof(UINT8),
|
||||
&Data
|
||||
);
|
||||
return Status;
|
||||
} else if (NewMode == SECURE_BOOT_MODE_DEPLOYED_MODE) {
|
||||
Data = 1;
|
||||
Status = gRT->SetVariable(
|
||||
EFI_DEPLOYED_MODE_NAME,
|
||||
&gEfiGlobalVariableGuid,
|
||||
EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS,
|
||||
sizeof(UINT8),
|
||||
&Data
|
||||
);
|
||||
return Status;
|
||||
}
|
||||
|
||||
//
|
||||
// Other case do nothing here. May Goto enroll PK page.
|
||||
//
|
||||
return EFI_SUCCESS;
|
||||
}
|
||||
|
||||
/**
|
||||
Perform secure boot mode transition from Setup Mode by setting AuditMode
|
||||
variable.
|
||||
|
||||
@param[in] NewMode New secure boot mode.
|
||||
|
||||
@retval EFI_SUCCESS Secure Boot mode transition is successful.
|
||||
**/
|
||||
EFI_STATUS
|
||||
TransitionFromSetupMode(
|
||||
IN UINT8 NewMode
|
||||
)
|
||||
{
|
||||
UINT8 Data;
|
||||
EFI_STATUS Status;
|
||||
|
||||
Status = EFI_INVALID_PARAMETER;
|
||||
|
||||
if (NewMode == SECURE_BOOT_MODE_AUDIT_MODE) {
|
||||
Data = 1;
|
||||
Status = gRT->SetVariable(
|
||||
EFI_AUDIT_MODE_NAME,
|
||||
&gEfiGlobalVariableGuid,
|
||||
EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS,
|
||||
sizeof(UINT8),
|
||||
&Data
|
||||
);
|
||||
return Status;
|
||||
}
|
||||
|
||||
//
|
||||
// Other case do nothing here. May Goto enroll PK page.
|
||||
//
|
||||
return EFI_SUCCESS;
|
||||
}
|
||||
|
||||
/**
|
||||
Perform secure boot mode transition from Audit Mode. Nothing is done here,
|
||||
should goto enroll PK page.
|
||||
|
||||
@param[in] NewMode New secure boot mode.
|
||||
|
||||
@retval EFI_SUCCESS Secure Boot mode transition is successful.
|
||||
**/
|
||||
EFI_STATUS
|
||||
TransitionFromAuditMode(
|
||||
IN UINT8 NewMode
|
||||
)
|
||||
{
|
||||
//
|
||||
// Other case do nothing here. Should Goto enroll PK page.
|
||||
//
|
||||
return EFI_SUCCESS;
|
||||
}
|
||||
|
||||
/**
|
||||
Perform secure boot mode transition from Deployed Mode by setting Deployed Mode
|
||||
variable to 0.
|
||||
|
||||
@param[in] NewMode New secure boot mode.
|
||||
|
||||
@retval EFI_SUCCESS Secure Boot mode transition is successful.
|
||||
**/
|
||||
EFI_STATUS
|
||||
TransitionFromDeployedMode(
|
||||
IN UINT8 NewMode
|
||||
)
|
||||
{
|
||||
UINT8 Data;
|
||||
EFI_STATUS Status;
|
||||
|
||||
//
|
||||
// Platform specific logic. when physical presence, Allow to set DeployedMode =:0
|
||||
// to switch back to UserMode
|
||||
//
|
||||
if (NewMode == SECURE_BOOT_MODE_USER_MODE) {
|
||||
Data = 0;
|
||||
Status = gRT->SetVariable(
|
||||
EFI_DEPLOYED_MODE_NAME,
|
||||
&gEfiGlobalVariableGuid,
|
||||
EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS,
|
||||
sizeof(UINT8),
|
||||
&Data
|
||||
);
|
||||
DEBUG((EFI_D_INFO, "DeployedMode Status %x\n", Status));
|
||||
return Status;
|
||||
}
|
||||
return EFI_SUCCESS;
|
||||
}
|
||||
|
||||
/**
|
||||
Perform main secure boot mode transition.
|
||||
|
||||
@param[in] CurMode New secure boot mode.
|
||||
@param[in] NewMode New secure boot mode.
|
||||
|
||||
@retval EFI_SUCCESS Secure Boot mode transition is successful.
|
||||
**/
|
||||
EFI_STATUS
|
||||
SecureBootModeTransition(
|
||||
IN UINT8 CurMode,
|
||||
IN UINT8 NewMode
|
||||
)
|
||||
{
|
||||
EFI_STATUS Status;
|
||||
|
||||
//
|
||||
// Set platform to be customized mode to ensure platform specific mode switch sucess
|
||||
//
|
||||
Status = SetSecureBootMode(CUSTOM_SECURE_BOOT_MODE);
|
||||
if (EFI_ERROR (Status)) {
|
||||
return Status;
|
||||
}
|
||||
|
||||
//
|
||||
// SecureBootMode transition
|
||||
//
|
||||
switch (CurMode) {
|
||||
case SECURE_BOOT_MODE_USER_MODE:
|
||||
Status = TransitionFromUserMode(NewMode);
|
||||
break;
|
||||
|
||||
case SECURE_BOOT_MODE_SETUP_MODE:
|
||||
Status = TransitionFromSetupMode(NewMode);
|
||||
break;
|
||||
|
||||
case SECURE_BOOT_MODE_AUDIT_MODE:
|
||||
Status = TransitionFromAuditMode(NewMode);
|
||||
break;
|
||||
|
||||
case SECURE_BOOT_MODE_DEPLOYED_MODE:
|
||||
Status = TransitionFromDeployedMode(NewMode);
|
||||
break;
|
||||
|
||||
default:
|
||||
Status = EFI_INVALID_PARAMETER;
|
||||
ASSERT(FALSE);
|
||||
}
|
||||
|
||||
return Status;
|
||||
}
|
||||
|
||||
/**
|
||||
Get current secure boot mode by retrieve data from SetupMode/AuditMode/DeployedMode.
|
||||
|
||||
@param[out] SecureBootMode Current secure boot mode.
|
||||
|
||||
**/
|
||||
VOID
|
||||
ExtractSecureBootModeFromVariable(
|
||||
OUT UINT8 *SecureBootMode
|
||||
)
|
||||
{
|
||||
UINT8 *SetupMode;
|
||||
UINT8 *AuditMode;
|
||||
UINT8 *DeployedMode;
|
||||
|
||||
SetupMode = NULL;
|
||||
AuditMode = NULL;
|
||||
DeployedMode = NULL;
|
||||
|
||||
//
|
||||
// Get AuditMode/DeployedMode from variable
|
||||
//
|
||||
GetVariable2 (EFI_SETUP_MODE_NAME, &gEfiGlobalVariableGuid, (VOID**)&SetupMode, NULL);
|
||||
GetVariable2 (EFI_AUDIT_MODE_NAME, &gEfiGlobalVariableGuid, (VOID**)&AuditMode, NULL);
|
||||
GetVariable2 (EFI_DEPLOYED_MODE_NAME, &gEfiGlobalVariableGuid, (VOID**)&DeployedMode, NULL);
|
||||
if (SetupMode != NULL && AuditMode != NULL && DeployedMode != NULL) {
|
||||
if (*SetupMode == 0 && *AuditMode == 0 && *DeployedMode == 0) {
|
||||
//
|
||||
// User Mode
|
||||
//
|
||||
*SecureBootMode = SECURE_BOOT_MODE_USER_MODE;
|
||||
} else if (*SetupMode == 1 && *AuditMode == 0 && *DeployedMode == 0) {
|
||||
//
|
||||
// Setup Mode
|
||||
//
|
||||
*SecureBootMode = SECURE_BOOT_MODE_SETUP_MODE;
|
||||
} else if (*SetupMode == 1 && *AuditMode == 1 && *DeployedMode == 0) {
|
||||
//
|
||||
// Audit Mode
|
||||
//
|
||||
*SecureBootMode = SECURE_BOOT_MODE_AUDIT_MODE;
|
||||
} else if (*SetupMode == 0 && *AuditMode == 0 && *DeployedMode == 1) {
|
||||
//
|
||||
// Deployed Mode
|
||||
//
|
||||
*SecureBootMode = SECURE_BOOT_MODE_DEPLOYED_MODE;
|
||||
} else {
|
||||
ASSERT(FALSE);
|
||||
}
|
||||
}else {
|
||||
ASSERT(FALSE);
|
||||
}
|
||||
|
||||
if (SetupMode != NULL) {
|
||||
FreePool (SetupMode);
|
||||
}
|
||||
if (DeployedMode != NULL) {
|
||||
FreePool (DeployedMode);
|
||||
}
|
||||
if (AuditMode != NULL) {
|
||||
FreePool (AuditMode);
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
|
||||
Update SecureBoot strings based on new Secure Boot Mode State. String includes STR_SECURE_BOOT_STATE_CONTENT
|
||||
|
@ -3098,7 +2846,6 @@ UpdateSecureBootString(
|
|||
IN SECUREBOOT_CONFIG_PRIVATE_DATA *Private
|
||||
)
|
||||
{
|
||||
UINT8 CurSecureBootMode;
|
||||
UINT8 *SecureBoot;
|
||||
|
||||
SecureBoot = NULL;
|
||||
|
@ -3116,20 +2863,6 @@ UpdateSecureBootString(
|
|||
} else {
|
||||
HiiSetString (Private->HiiHandle, STRING_TOKEN (STR_SECURE_BOOT_STATE_CONTENT), L"Disabled", NULL);
|
||||
}
|
||||
//
|
||||
// Get current secure boot mode.
|
||||
//
|
||||
ExtractSecureBootModeFromVariable(&CurSecureBootMode);
|
||||
|
||||
if (CurSecureBootMode == SECURE_BOOT_MODE_USER_MODE) {
|
||||
HiiSetString (Private->HiiHandle, STRING_TOKEN (STR_CUR_SECURE_BOOT_MODE_CONTENT), L"UserMode", NULL);
|
||||
} else if (CurSecureBootMode == SECURE_BOOT_MODE_SETUP_MODE) {
|
||||
HiiSetString (Private->HiiHandle, STRING_TOKEN (STR_CUR_SECURE_BOOT_MODE_CONTENT), L"SetupMode", NULL);
|
||||
} else if (CurSecureBootMode == SECURE_BOOT_MODE_AUDIT_MODE) {
|
||||
HiiSetString (Private->HiiHandle, STRING_TOKEN (STR_CUR_SECURE_BOOT_MODE_CONTENT), L"AuditMode", NULL);
|
||||
} else if (CurSecureBootMode == SECURE_BOOT_MODE_DEPLOYED_MODE) {
|
||||
HiiSetString (Private->HiiHandle, STRING_TOKEN (STR_CUR_SECURE_BOOT_MODE_CONTENT), L"DeployedMode", NULL);
|
||||
}
|
||||
|
||||
FreePool(SecureBoot);
|
||||
|
||||
|
@ -3148,10 +2881,12 @@ SecureBootExtractConfigFromVariable (
|
|||
)
|
||||
{
|
||||
UINT8 *SecureBootEnable;
|
||||
UINT8 *SetupMode;
|
||||
UINT8 *SecureBootMode;
|
||||
EFI_TIME CurrTime;
|
||||
|
||||
SecureBootEnable = NULL;
|
||||
SetupMode = NULL;
|
||||
SecureBootMode = NULL;
|
||||
|
||||
//
|
||||
|
@ -3177,25 +2912,11 @@ SecureBootExtractConfigFromVariable (
|
|||
ConfigData->PhysicalPresent = FALSE;
|
||||
}
|
||||
|
||||
//
|
||||
// Get the SecureBootMode from CustomMode variable.
|
||||
//
|
||||
GetVariable2 (EFI_CUSTOM_MODE_NAME, &gEfiCustomModeEnableGuid, (VOID**)&SecureBootMode, NULL);
|
||||
if (SecureBootMode == NULL) {
|
||||
ConfigData->SecureBootMode = STANDARD_SECURE_BOOT_MODE;
|
||||
} else {
|
||||
ConfigData->SecureBootMode = *(SecureBootMode);
|
||||
}
|
||||
|
||||
//
|
||||
// Extact current Secure Boot Mode
|
||||
//
|
||||
ExtractSecureBootModeFromVariable(&ConfigData->CurSecureBootMode);
|
||||
|
||||
//
|
||||
// If there is no PK then the Delete Pk button will be gray.
|
||||
//
|
||||
if (ConfigData->CurSecureBootMode == SECURE_BOOT_MODE_SETUP_MODE || ConfigData->CurSecureBootMode == SECURE_BOOT_MODE_AUDIT_MODE) {
|
||||
GetVariable2 (EFI_SETUP_MODE_NAME, &gEfiGlobalVariableGuid, (VOID**)&SetupMode, NULL);
|
||||
if (SetupMode == NULL || (*SetupMode) == SETUP_MODE) {
|
||||
ConfigData->HasPk = FALSE;
|
||||
} else {
|
||||
ConfigData->HasPk = TRUE;
|
||||
|
@ -3212,7 +2933,7 @@ SecureBootExtractConfigFromVariable (
|
|||
//
|
||||
// Fix Pk, SecureBootEnable inconsistence
|
||||
//
|
||||
if (ConfigData->CurSecureBootMode == SECURE_BOOT_MODE_USER_MODE || ConfigData->CurSecureBootMode == SECURE_BOOT_MODE_DEPLOYED_MODE) {
|
||||
if ((*SetupMode) == USER_MODE) {
|
||||
ConfigData->HideSecureBoot = FALSE;
|
||||
if ((SecureBootEnable != NULL) && (*SecureBootEnable == SECURE_BOOT_ENABLE)) {
|
||||
ConfigData->AttemptSecureBoot = TRUE;
|
||||
|
@ -3221,10 +2942,22 @@ SecureBootExtractConfigFromVariable (
|
|||
ConfigData->HideSecureBoot = TRUE;
|
||||
}
|
||||
|
||||
//
|
||||
// Get the SecureBootMode from CustomMode variable.
|
||||
//
|
||||
GetVariable2 (EFI_CUSTOM_MODE_NAME, &gEfiCustomModeEnableGuid, (VOID**)&SecureBootMode, NULL);
|
||||
if (SecureBootMode == NULL) {
|
||||
ConfigData->SecureBootMode = STANDARD_SECURE_BOOT_MODE;
|
||||
} else {
|
||||
ConfigData->SecureBootMode = *(SecureBootMode);
|
||||
}
|
||||
|
||||
if (SecureBootEnable != NULL) {
|
||||
FreePool (SecureBootEnable);
|
||||
}
|
||||
|
||||
if (SetupMode != NULL) {
|
||||
FreePool (SetupMode);
|
||||
}
|
||||
if (SecureBootMode != NULL) {
|
||||
FreePool (SecureBootMode);
|
||||
}
|
||||
|
@ -3458,18 +3191,20 @@ SecureBootCallback (
|
|||
UINT8 *SecureBootEnable;
|
||||
UINT8 *Pk;
|
||||
UINT8 *SecureBootMode;
|
||||
UINT8 *SetupMode;
|
||||
CHAR16 PromptString[100];
|
||||
UINT8 CurSecureBootMode;
|
||||
EFI_DEVICE_PATH_PROTOCOL *File;
|
||||
|
||||
Status = EFI_SUCCESS;
|
||||
SecureBootEnable = NULL;
|
||||
SecureBootMode = NULL;
|
||||
SetupMode = NULL;
|
||||
File = NULL;
|
||||
|
||||
if ((This == NULL) || (Value == NULL) || (ActionRequest == NULL)) {
|
||||
return EFI_INVALID_PARAMETER;
|
||||
}
|
||||
|
||||
Private = SECUREBOOT_CONFIG_PRIVATE_FROM_THIS (This);
|
||||
|
||||
gSecureBootPrivateData = Private;
|
||||
|
@ -3493,13 +3228,6 @@ SecureBootCallback (
|
|||
Status = UpdateSecureBootString(Private);
|
||||
SecureBootExtractConfigFromVariable (IfrNvData);
|
||||
mIsEnterSecureBootForm = TRUE;
|
||||
} else if (QuestionId == KEY_TRANS_SECURE_BOOT_MODE){
|
||||
//
|
||||
// Secure Boot Policy variable changes after transition. Re-sync CurSecureBootMode
|
||||
//
|
||||
ExtractSecureBootModeFromVariable(&IfrNvData->CurSecureBootMode);
|
||||
mIsSelectedSecureBootModeForm = TRUE;
|
||||
mIsSecureBootModeChanged = FALSE;
|
||||
}
|
||||
goto EXIT;
|
||||
}
|
||||
|
@ -3511,11 +3239,6 @@ SecureBootCallback (
|
|||
Value->u8 = SECURE_BOOT_MODE_STANDARD;
|
||||
Status = EFI_SUCCESS;
|
||||
}
|
||||
} else if (QuestionId == KEY_TRANS_SECURE_BOOT_MODE) {
|
||||
if (mIsSelectedSecureBootModeForm) {
|
||||
Value->u8 = IfrNvData->CurSecureBootMode;
|
||||
Status = EFI_SUCCESS;
|
||||
}
|
||||
}
|
||||
goto EXIT;
|
||||
}
|
||||
|
@ -3770,57 +3493,6 @@ SecureBootCallback (
|
|||
);
|
||||
}
|
||||
break;
|
||||
case KEY_TRANS_SECURE_BOOT_MODE:
|
||||
//
|
||||
// Pop up to alert user want to change secure boot mode
|
||||
//
|
||||
if ((IfrNvData->CurSecureBootMode == SECURE_BOOT_MODE_USER_MODE &&
|
||||
(Value->u8 == SECURE_BOOT_MODE_AUDIT_MODE || Value->u8 == SECURE_BOOT_MODE_DEPLOYED_MODE))
|
||||
||(IfrNvData->CurSecureBootMode == SECURE_BOOT_MODE_SETUP_MODE &&
|
||||
Value->u8 == SECURE_BOOT_MODE_AUDIT_MODE)
|
||||
||(IfrNvData->CurSecureBootMode == SECURE_BOOT_MODE_DEPLOYED_MODE &&
|
||||
Value->u8 == SECURE_BOOT_MODE_USER_MODE && IfrNvData->PhysicalPresent == 1)){
|
||||
CreatePopUp (
|
||||
EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE,
|
||||
&Key,
|
||||
L"Are you sure you want to switch secure boot mode?",
|
||||
L"Press 'Y' to switch secure boot mode, 'N' to discard change and return",
|
||||
NULL
|
||||
);
|
||||
if (Key.UnicodeChar != 'y' && Key.UnicodeChar != 'Y') {
|
||||
//
|
||||
// If not 'Y'/''y' restore to defualt secure boot mode
|
||||
//
|
||||
Value->u8 = IfrNvData->CurSecureBootMode;
|
||||
goto EXIT;
|
||||
}
|
||||
} else if ((IfrNvData->CurSecureBootMode == SECURE_BOOT_MODE_SETUP_MODE && Value->u8 == SECURE_BOOT_MODE_USER_MODE)
|
||||
||(IfrNvData->CurSecureBootMode == SECURE_BOOT_MODE_USER_MODE && Value->u8 == SECURE_BOOT_MODE_SETUP_MODE)
|
||||
||(IfrNvData->CurSecureBootMode == SECURE_BOOT_MODE_AUDIT_MODE && Value->u8 == SECURE_BOOT_MODE_DEPLOYED_MODE)
|
||||
||(IfrNvData->CurSecureBootMode == SECURE_BOOT_MODE_DEPLOYED_MODE && Value->u8 == SECURE_BOOT_MODE_SETUP_MODE)) {
|
||||
CreatePopUp (
|
||||
EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE,
|
||||
&Key,
|
||||
L"Secure boot mode transition requires PK change",
|
||||
L"Please go to link below to update PK",
|
||||
NULL
|
||||
);
|
||||
} else {
|
||||
Status = EFI_INVALID_PARAMETER;
|
||||
goto EXIT;
|
||||
}
|
||||
|
||||
Status = SecureBootModeTransition(IfrNvData->CurSecureBootMode, Value->u8);
|
||||
//
|
||||
// Secure Boot Policy variable may change after transition. Re-sync CurSecureBootMode
|
||||
//
|
||||
ExtractSecureBootModeFromVariable(&CurSecureBootMode);
|
||||
if (IfrNvData->CurSecureBootMode != CurSecureBootMode) {
|
||||
IfrNvData->CurSecureBootMode = CurSecureBootMode;
|
||||
mIsSecureBootModeChanged = TRUE;
|
||||
}
|
||||
break;
|
||||
|
||||
default:
|
||||
if ((QuestionId >= OPTION_DEL_KEK_QUESTION_ID) &&
|
||||
(QuestionId < (OPTION_DEL_KEK_QUESTION_ID + OPTION_CONFIG_RANGE))) {
|
||||
|
@ -3889,13 +3561,6 @@ SecureBootCallback (
|
|||
case KEY_SECURE_BOOT_MODE:
|
||||
mIsEnterSecureBootForm = FALSE;
|
||||
break;
|
||||
case KEY_TRANS_SECURE_BOOT_MODE:
|
||||
mIsSelectedSecureBootModeForm = FALSE;
|
||||
if (mIsSecureBootModeChanged) {
|
||||
*ActionRequest = EFI_BROWSER_ACTION_REQUEST_RESET;
|
||||
}
|
||||
mIsSecureBootModeChanged = FALSE;
|
||||
break;
|
||||
case KEY_SECURE_BOOT_KEK_GUID:
|
||||
case KEY_SECURE_BOOT_SIGNATURE_GUID_DB:
|
||||
case KEY_SECURE_BOOT_SIGNATURE_GUID_DBX:
|
||||
|
@ -3914,7 +3579,8 @@ SecureBootCallback (
|
|||
break;
|
||||
|
||||
case KEY_SECURE_BOOT_DELETE_PK:
|
||||
if (IfrNvData->CurSecureBootMode == SECURE_BOOT_MODE_USER_MODE || IfrNvData->CurSecureBootMode == SECURE_BOOT_MODE_DEPLOYED_MODE) {
|
||||
GetVariable2 (EFI_SETUP_MODE_NAME, &gEfiGlobalVariableGuid, (VOID**)&SetupMode, NULL);
|
||||
if (SetupMode == NULL || (*SetupMode) == SETUP_MODE) {
|
||||
IfrNvData->DeletePk = TRUE;
|
||||
IfrNvData->HasPk = FALSE;
|
||||
*ActionRequest = EFI_BROWSER_ACTION_REQUEST_SUBMIT;
|
||||
|
@ -3923,6 +3589,9 @@ SecureBootCallback (
|
|||
IfrNvData->HasPk = TRUE;
|
||||
*ActionRequest = EFI_BROWSER_ACTION_REQUEST_FORM_APPLY;
|
||||
}
|
||||
if (SetupMode != NULL) {
|
||||
FreePool (SetupMode);
|
||||
}
|
||||
break;
|
||||
default:
|
||||
break;
|
||||
|
|
|
@ -56,7 +56,6 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
|
|||
#define KEY_HIDE_SECURE_BOOT 0x100c
|
||||
#define KEY_VALUE_SAVE_AND_EXIT_DBT 0x100d
|
||||
#define KEY_VALUE_NO_SAVE_AND_EXIT_DBT 0x100e
|
||||
#define KEY_TRANS_SECURE_BOOT_MODE 0x100f
|
||||
|
||||
#define KEY_SECURE_BOOT_OPTION 0x1100
|
||||
#define KEY_SECURE_BOOT_PK_OPTION 0x1101
|
||||
|
@ -108,10 +107,6 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
|
|||
#define SECURE_BOOT_GUID_SIZE 36
|
||||
#define SECURE_BOOT_GUID_STORAGE_SIZE 37
|
||||
|
||||
#define SECURE_BOOT_MODE_USER_MODE 0
|
||||
#define SECURE_BOOT_MODE_SETUP_MODE 1
|
||||
#define SECURE_BOOT_MODE_AUDIT_MODE 2
|
||||
#define SECURE_BOOT_MODE_DEPLOYED_MODE 3
|
||||
|
||||
//
|
||||
// Nv Data structure referenced by IFR
|
||||
|
@ -122,8 +117,6 @@ typedef struct {
|
|||
CHAR16 SignatureGuid[SECURE_BOOT_GUID_STORAGE_SIZE];
|
||||
BOOLEAN PhysicalPresent; // If a Physical Present User
|
||||
UINT8 SecureBootMode; // Secure Boot Mode: Standard Or Custom
|
||||
UINT8 CurSecureBootMode; // Current SecureBoot Mode SetupMode/UserMode/AuditMode/DeployedMode
|
||||
UINT8 TransSecureBootMode; // Trans Next SecureBoot Mode
|
||||
BOOLEAN DeletePk;
|
||||
BOOLEAN HasPk; // If Pk is existed it is true
|
||||
BOOLEAN AlwaysRevocation; // If the certificate is always revoked. Revocation time is hidden
|
||||
|
|
|
@ -26,10 +26,6 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
|
|||
#string STR_SECURE_BOOT_PROMPT #language en-US "Attempt Secure Boot"
|
||||
#string STR_SECURE_BOOT_HELP #language en-US "Enable/Disable the Secure Boot feature after platform reset"
|
||||
|
||||
#string STR_CUR_SECURE_BOOT_MODE_PROMPT #language en-US "Current Secure Boot Mode"
|
||||
#string STR_CUR_SECURE_BOOT_MODE_HELP #language en-US "Current Secure Boot Mode: SetupMode/AuditMode/UserMode/DeployedMode."
|
||||
#string STR_CUR_SECURE_BOOT_MODE_CONTENT #language en-US " "
|
||||
|
||||
#string STR_SECURE_BOOT_ENROLL_SIGNATURE #language en-US "Enroll Signature"
|
||||
#string STR_SECURE_BOOT_DELETE_SIGNATURE #language en-US "Delete Signature"
|
||||
|
||||
|
@ -60,11 +56,11 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
|
|||
|
||||
#string STR_FILE_EXPLORER_TITLE #language en-US "File Explorer"
|
||||
|
||||
#string STR_SECURE_BOOT_MODE_PROMPT #language en-US "Customize Secure Boot"
|
||||
#string STR_SECURE_BOOT_MODE_HELP #language en-US "Customize Secure Boot: Standard/Customized. Secure Boot Policy variables can be configured without authentication in customized option"
|
||||
#string STR_SECURE_BOOT_MODE_PROMPT #language en-US "Secure Boot Mode"
|
||||
#string STR_SECURE_BOOT_MODE_HELP #language en-US "Secure Boot Mode: Custom Mode or Standard Mode"
|
||||
|
||||
#string STR_STANDARD_MODE #language en-US "Standard"
|
||||
#string STR_CUSTOM_MODE #language en-US "Customized"
|
||||
#string STR_STANDARD_MODE #language en-US "Standard Mode"
|
||||
#string STR_CUSTOM_MODE #language en-US "Custom Mode"
|
||||
|
||||
#string STR_SECURE_BOOT_OPTION #language en-US "Custom Secure Boot Options"
|
||||
#string STR_SECURE_BOOT_OPTION_HELP #language en-US "Enter into Custom Secure Boot Options Form"
|
||||
|
@ -111,11 +107,3 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
|
|||
#string STR_CERT_TYPE_X509_SHA256_GUID #language en-US "X509_SHA256_GUID"
|
||||
#string STR_CERT_TYPE_X509_SHA384_GUID #language en-US "X509_SHA384_GUID"
|
||||
#string STR_CERT_TYPE_X509_SHA512_GUID #language en-US "X509_SHA512_GUID"
|
||||
|
||||
#string STR_TRANS_SECURE_BOOT_MODE_PROMPT #language en-US "Secure Boot Mode Transition"
|
||||
#string STR_TRANS_SECURE_BOOT_MODE_HELP #language en-US "Secure Boot Mode Transition: SetupMode/UserMode/AuditMode/DeployedMode"
|
||||
|
||||
#string STR_USER_MODE #language en-US "User Mode"
|
||||
#string STR_SETUP_MODE #language en-US "Setup Mode"
|
||||
#string STR_AUDIT_MODE #language en-US "Audit Mode"
|
||||
#string STR_DEPLOYED_MODE #language en-US "Deployed Mode"
|
Loading…
Reference in New Issue