tyler.durden
/
audk
mirror of https://github.com/acidanthera/audk.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

SecurityPkg: Use FileExplorerLib in SecureBootConfigDxe 

Using existing library FileExplorerLib to replace the same
logic in SecureBootConfigDxe to make the code clear. After using
FileExplorerLib, the UI behavior for enroll PK will change,
previously when select one PK file, commit/discard changes will
return to Device Manager,press ESC will return to FileExplorer.
Now using FileExplorerLib the behavior will keep same with
enroll KEK/DB/..., commit/discard changes will return to Custom
Secure Boot Options form and ESC will return to PK options form.

Cc: Chao Zhang <chao.b.zhang@intel.com>
Cc: Eric Dong <eric.dong@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Dandan Bi <dandan.bi@intel.com>
Acked-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Eric Dong <eric.dong@intel.com>
Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>
This commit is contained in:
Dandan Bi 2016-01-28 09:36:43 +08:00 committed by Star Zeng
parent 2a7ee1151e
commit 762d8ddb28
6 changed files with 368 additions and 1260 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

109
SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfig.vfr
View File

@ -1,7 +1,7 @@
/** @file
VFR file used by the SecureBoot configuration component.
Copyright (c) 2011 - 2015, Intel Corporation. All rights reserved.<BR>
Copyright (c) 2011 - 2016, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
@ -202,11 +202,29 @@ formset
subtitle text = STRING_TOKEN(STR_NULL);
goto FORM_FILE_EXPLORER_ID_PK,
goto FORMID_ENROLL_PK_FORM,
prompt = STRING_TOKEN(STR_SECURE_BOOT_ENROLL_PK_FILE),
help = STRING_TOKEN(STR_SECURE_BOOT_ENROLL_PK_FILE),
flags = INTERACTIVE,
key = SECUREBOOT_ADD_PK_FILE_FORM_ID;
key = FORMID_ENROLL_PK_FORM;
subtitle text = STRING_TOKEN(STR_NULL);
label FORMID_ENROLL_PK_FORM;
label LABEL_END;
subtitle text = STRING_TOKEN(STR_NULL);
goto FORMID_SECURE_BOOT_OPTION_FORM,
prompt = STRING_TOKEN(STR_SAVE_AND_EXIT),
help = STRING_TOKEN(STR_SAVE_AND_EXIT),
flags = INTERACTIVE| RESET_REQUIRED,
key = KEY_VALUE_SAVE_AND_EXIT_PK;
goto FORMID_SECURE_BOOT_OPTION_FORM,
prompt = STRING_TOKEN(STR_NO_SAVE_AND_EXIT),
help = STRING_TOKEN(STR_NO_SAVE_AND_EXIT),
flags = INTERACTIVE,
key = KEY_VALUE_NO_SAVE_AND_EXIT_PK;
endform;
//
@ -245,7 +263,7 @@ formset
subtitle text = STRING_TOKEN(STR_NULL);
goto FORM_FILE_EXPLORER_ID_KEK,
goto FORMID_ENROLL_KEK_FORM,
prompt = STRING_TOKEN(STR_FORM_ENROLL_KEK_FROM_FILE_TITLE),
help = STRING_TOKEN(STR_FORM_ENROLL_KEK_FROM_FILE_TITLE_HELP),
flags = INTERACTIVE,
@ -408,7 +426,7 @@ formset
subtitle text = STRING_TOKEN(STR_NULL);
goto FORM_FILE_EXPLORER_ID_DB,
goto SECUREBOOT_ENROLL_SIGNATURE_TO_DB,
prompt = STRING_TOKEN(STR_SECURE_BOOT_ADD_SIGNATURE_FILE),
help = STRING_TOKEN(STR_SECURE_BOOT_ADD_SIGNATURE_FILE),
flags = INTERACTIVE,
@ -453,7 +471,7 @@ formset
subtitle text = STRING_TOKEN(STR_NULL);
goto FORM_FILE_EXPLORER_ID_DBX,
goto SECUREBOOT_ENROLL_SIGNATURE_TO_DBX,
prompt = STRING_TOKEN(STR_SECURE_BOOT_ADD_SIGNATURE_FILE),
help = STRING_TOKEN(STR_SECURE_BOOT_ADD_SIGNATURE_FILE),
flags = INTERACTIVE,
@ -529,7 +547,7 @@ formset
subtitle text = STRING_TOKEN(STR_NULL);
goto FORM_FILE_EXPLORER_ID_DBT,
goto SECUREBOOT_ENROLL_SIGNATURE_TO_DBT,
prompt = STRING_TOKEN(STR_SECURE_BOOT_ADD_SIGNATURE_FILE),
help = STRING_TOKEN(STR_SECURE_BOOT_ADD_SIGNATURE_FILE),
flags = INTERACTIVE,
@ -566,81 +584,4 @@ formset
endform;
//
// File Explorer for PK
//
form formid = FORM_FILE_EXPLORER_ID_PK,
title = STRING_TOKEN(STR_FILE_EXPLORER_TITLE);
label FORM_FILE_EXPLORER_ID;
label LABEL_END;
endform;
//
// File Explorer for KEK
//
form formid = FORM_FILE_EXPLORER_ID_KEK,
title = STRING_TOKEN(STR_FILE_EXPLORER_TITLE);
label FORM_FILE_EXPLORER_ID;
label LABEL_END;
endform;
//
// File Explorer for DB
//
form formid = FORM_FILE_EXPLORER_ID_DB,
title = STRING_TOKEN(STR_FILE_EXPLORER_TITLE);
label FORM_FILE_EXPLORER_ID;
label LABEL_END;
endform;
//
// File Explorer for DBX
//
form formid = FORM_FILE_EXPLORER_ID_DBX,
title = STRING_TOKEN(STR_FILE_EXPLORER_TITLE);
label FORM_FILE_EXPLORER_ID;
label LABEL_END;
endform;
//
// File Explorer for DBT
//
form formid = FORM_FILE_EXPLORER_ID_DBT,
title = STRING_TOKEN(STR_FILE_EXPLORER_TITLE);
label FORM_FILE_EXPLORER_ID;
label LABEL_END;
endform;
//
// Enroll Pk from File Commit Form
//
form formid = SECUREBOOT_ADD_PK_FILE_FORM_ID,
title = STRING_TOKEN(STR_SAVE_PK_FILE);
label SECUREBOOT_ADD_PK_FILE_FORM_ID;
label LABEL_END;
subtitle text = STRING_TOKEN(STR_NULL);
text
help = STRING_TOKEN(STR_SAVE_AND_EXIT),
text = STRING_TOKEN(STR_SAVE_AND_EXIT),
text = STRING_TOKEN(STR_NULL),
flags = INTERACTIVE,
key = KEY_VALUE_SAVE_AND_EXIT_PK;
text
help = STRING_TOKEN(STR_NO_SAVE_AND_EXIT),
text = STRING_TOKEN(STR_NO_SAVE_AND_EXIT),
text = STRING_TOKEN(STR_NULL),
flags = INTERACTIVE,
key = KEY_VALUE_NO_SAVE_AND_EXIT_PK;
endform;
endformset;

3
SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf
View File

@ -2,7 +2,7 @@
# Provides the capbility to configure secure boot in a setup browser
# By this module, user may change the content of DB, DBX, PK and KEK.
#
# Copyright (c) 2011 - 2014, Intel Corporation. All rights reserved.<BR>
# Copyright (c) 2011 - 2016, Intel Corporation. All rights reserved.<BR>
# This program and the accompanying materials
# are licensed and made available under the terms and conditions of the BSD License
# which accompanies this distribution. The full text of the license may be found at
@ -57,6 +57,7 @@
HiiLib
PlatformSecureLib
DevicePathLib
FileExplorerLib
[Guids]
## SOMETIMES_CONSUMES ## Variable:L"CustomMode"

1193
SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigFileExplorer.c
View File

File diff suppressed because it is too large Load Diff

171
SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.c
View File

@ -97,6 +97,8 @@ CHAR16* mDerEncodedSuffix[] = {
};
CHAR16* mSupportX509Suffix = L"*.cer/der/crt";
SECUREBOOT_CONFIG_PRIVATE_DATA *gSecureBootPrivateData = NULL;
/**
This code checks if the FileSuffix is one of the possible DER-encoded certificate suffix.
@ -657,7 +659,11 @@ ON_EXIT:
CloseFile (Private->FileContext->FHandle);
Private->FileContext->FHandle = NULL;
Private->FileContext->FileName = NULL;
if (Private->FileContext->FileName != NULL){
FreePool(Private->FileContext->FileName);
Private->FileContext->FileName = NULL;
}
if (Private->SignatureGUID != NULL) {
FreePool (Private->SignatureGUID);
@ -779,7 +785,11 @@ EnrollX509ToKek (
ON_EXIT:
CloseFile (Private->FileContext->FHandle);
Private->FileContext->FileName = NULL;
if (Private->FileContext->FileName != NULL){
FreePool(Private->FileContext->FileName);
Private->FileContext->FileName = NULL;
}
Private->FileContext->FHandle = NULL;
if (Private->SignatureGUID != NULL) {
@ -949,7 +959,11 @@ EnrollX509toSigDB (
ON_EXIT:
CloseFile (Private->FileContext->FHandle);
Private->FileContext->FileName = NULL;
if (Private->FileContext->FileName != NULL){
FreePool(Private->FileContext->FileName);
Private->FileContext->FileName = NULL;
}
Private->FileContext->FHandle = NULL;
if (Private->SignatureGUID != NULL) {
@ -1509,7 +1523,11 @@ EnrollX509HashtoSigDB (
ON_EXIT:
CloseFile (Private->FileContext->FHandle);
Private->FileContext->FileName = NULL;
if (Private->FileContext->FileName != NULL){
FreePool(Private->FileContext->FileName);
Private->FileContext->FileName = NULL;
}
Private->FileContext->FHandle = NULL;
if (Private->SignatureGUID != NULL) {
@ -2157,7 +2175,11 @@ ON_EXIT:
CloseFile (Private->FileContext->FHandle);
Private->FileContext->FHandle = NULL;
Private->FileContext->FileName = NULL;
if (Private->FileContext->FileName != NULL){
FreePool(Private->FileContext->FileName);
Private->FileContext->FileName = NULL;
}
if (Private->SignatureGUID != NULL) {
FreePool (Private->SignatureGUID);
@ -3434,16 +3456,20 @@ SecureBootCallback (
UINT8 *SecureBootMode;
CHAR16 PromptString[100];
UINT8 CurSecureBootMode;
EFI_DEVICE_PATH_PROTOCOL *File;
Status = EFI_SUCCESS;
SecureBootEnable = NULL;
SecureBootMode = NULL;
File = NULL;
if ((This == NULL) || (Value == NULL) || (ActionRequest == NULL)) {
return EFI_INVALID_PARAMETER;
}
Private = SECUREBOOT_CONFIG_PRIVATE_FROM_THIS (This);
gSecureBootPrivateData = Private;
//
// Retrieve uncommitted data from Browser
//
@ -3461,6 +3487,7 @@ SecureBootCallback (
// Update secure boot strings when opening this form
//
Status = UpdateSecureBootString(Private);
SecureBootExtractConfigFromVariable (IfrNvData);
mIsEnterSecureBootForm = TRUE;
} else if (QuestionId == KEY_TRANS_SECURE_BOOT_MODE){
//
@ -3523,11 +3550,6 @@ SecureBootCallback (
}
break;
case KEY_SECURE_BOOT_OPTION:
FreeMenu (&DirectoryMenu);
FreeMenu (&FsOptionMenu);
break;
case KEY_SECURE_BOOT_KEK_OPTION:
case KEY_SECURE_BOOT_DB_OPTION:
case KEY_SECURE_BOOT_DBX_OPTION:
@ -3558,28 +3580,32 @@ SecureBootCallback (
//
CleanUpPage (LabelId, Private);
break;
case KEY_SECURE_BOOT_PK_OPTION:
LabelId = FORMID_ENROLL_PK_FORM;
//
// Refresh selected file.
//
CleanUpPage (LabelId, Private);
break;
case FORMID_ENROLL_PK_FORM:
ChooseFile( NULL, NULL, (CHOOSE_HANDLER) UpdatePKFromFile, &File);
break;
case SECUREBOOT_ADD_PK_FILE_FORM_ID:
case FORMID_ENROLL_KEK_FORM:
case SECUREBOOT_ENROLL_SIGNATURE_TO_DB:
case SECUREBOOT_ENROLL_SIGNATURE_TO_DBX:
case SECUREBOOT_ENROLL_SIGNATURE_TO_DBT:
if (QuestionId == SECUREBOOT_ADD_PK_FILE_FORM_ID) {
Private->FeCurrentState = FileExplorerStateEnrollPkFile;
} else if (QuestionId == FORMID_ENROLL_KEK_FORM) {
Private->FeCurrentState = FileExplorerStateEnrollKekFile;
} else if (QuestionId == SECUREBOOT_ENROLL_SIGNATURE_TO_DB) {
Private->FeCurrentState = FileExplorerStateEnrollSignatureFileToDb;
} else if (QuestionId == SECUREBOOT_ENROLL_SIGNATURE_TO_DBX) {
Private->FeCurrentState = FileExplorerStateEnrollSignatureFileToDbx;
IfrNvData->CertificateFormat = HASHALG_SHA256;
} else {
Private->FeCurrentState = FileExplorerStateEnrollSignatureFileToDbt;
}
ChooseFile( NULL, NULL, (CHOOSE_HANDLER) UpdateKEKFromFile, &File);
break;
Private->FeDisplayContext = FileExplorerDisplayUnknown;
CleanUpPage (FORM_FILE_EXPLORER_ID, Private);
UpdateFileExplorer (Private, 0);
case SECUREBOOT_ENROLL_SIGNATURE_TO_DB:
ChooseFile( NULL, NULL, (CHOOSE_HANDLER) UpdateDBFromFile, &File);
break;
case SECUREBOOT_ENROLL_SIGNATURE_TO_DBX:
ChooseFile( NULL, NULL, (CHOOSE_HANDLER) UpdateDBXFromFile, &File);
break;
case SECUREBOOT_ENROLL_SIGNATURE_TO_DBT:
ChooseFile( NULL, NULL, (CHOOSE_HANDLER) UpdateDBTFromFile, &File);
break;
case KEY_SECURE_BOOT_DELETE_PK:
@ -3722,6 +3748,24 @@ SecureBootCallback (
);
}
break;
case KEY_VALUE_SAVE_AND_EXIT_PK:
Status = EnrollPlatformKey (Private);
if (EFI_ERROR (Status)) {
UnicodeSPrint (
PromptString,
sizeof (PromptString),
L"Only DER encoded certificate file (%s) is supported.",
mSupportX509Suffix
);
CreatePopUp (
EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE,
&Key,
L"ERROR: Unsupported file type!",
PromptString,
NULL
);
}
break;
case KEY_TRANS_SECURE_BOOT_MODE:
//
// Pop up to alert user want to change secure boot mode
@ -3774,9 +3818,7 @@ SecureBootCallback (
break;
default:
if (QuestionId >= FILE_OPTION_GOTO_OFFSET) {
UpdateFileExplorer (Private, QuestionId);
} else if ((QuestionId >= OPTION_DEL_KEK_QUESTION_ID) &&
if ((QuestionId >= OPTION_DEL_KEK_QUESTION_ID) &&
(QuestionId < (OPTION_DEL_KEK_QUESTION_ID + OPTION_CONFIG_RANGE))) {
DeleteKeyExchangeKey (Private, QuestionId);
} else if ((QuestionId >= OPTION_DEL_DB_QUESTION_ID) &&
@ -3814,32 +3856,6 @@ SecureBootCallback (
);
}
break;
}
} else if (Action == EFI_BROWSER_ACTION_CHANGED) {
switch (QuestionId) {
case KEY_SECURE_BOOT_ENABLE:
*ActionRequest = EFI_BROWSER_ACTION_REQUEST_FORM_APPLY;
break;
case KEY_VALUE_SAVE_AND_EXIT_PK:
Status = EnrollPlatformKey (Private);
if (EFI_ERROR (Status)) {
UnicodeSPrint (
PromptString,
sizeof (PromptString),
L"Only DER encoded certificate file (%s) is supported.",
mSupportX509Suffix
);
CreatePopUp (
EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE,
&Key,
L"ERROR: Unsupported file type!",
PromptString,
NULL
);
} else {
*ActionRequest = EFI_BROWSER_ACTION_REQUEST_RESET;
}
break;
case KEY_VALUE_NO_SAVE_AND_EXIT_PK:
case KEY_VALUE_NO_SAVE_AND_EXIT_KEK:
@ -3849,16 +3865,23 @@ SecureBootCallback (
if (Private->FileContext->FHandle != NULL) {
CloseFile (Private->FileContext->FHandle);
Private->FileContext->FHandle = NULL;
Private->FileContext->FileName = NULL;
if (Private->FileContext->FileName!= NULL){
FreePool(Private->FileContext->FileName);
Private->FileContext->FileName = NULL;
}
}
if (Private->SignatureGUID != NULL) {
FreePool (Private->SignatureGUID);
Private->SignatureGUID = NULL;
}
*ActionRequest = EFI_BROWSER_ACTION_REQUEST_EXIT;
break;
}
} else if (Action == EFI_BROWSER_ACTION_CHANGED) {
switch (QuestionId) {
case KEY_SECURE_BOOT_ENABLE:
*ActionRequest = EFI_BROWSER_ACTION_REQUEST_FORM_APPLY;
break;
case KEY_SECURE_BOOT_MODE:
mIsEnterSecureBootForm = FALSE;
break;
@ -3898,11 +3921,6 @@ SecureBootCallback (
}
break;
default:
if (QuestionId >= FILE_OPTION_OFFSET && QuestionId < FILE_OPTION_GOTO_OFFSET) {
if (UpdateFileExplorer (Private, QuestionId)) {
*ActionRequest = EFI_BROWSER_ACTION_REQUEST_EXIT;
}
}
break;
}
} else if (Action == EFI_BROWSER_ACTION_DEFAULT_STANDARD) {
@ -3939,6 +3957,11 @@ EXIT:
FreePool (IfrNvData);
if (File != NULL){
FreePool(File);
File = NULL;
}
return EFI_SUCCESS;
}
@ -4003,19 +4026,12 @@ InstallSecureBootConfigForm (
PrivateData->HiiHandle = HiiHandle;
PrivateData->FileContext = AllocateZeroPool (sizeof (SECUREBOOT_FILE_CONTEXT));
PrivateData->MenuEntry = AllocateZeroPool (sizeof (SECUREBOOT_MENU_ENTRY));
if (PrivateData->FileContext == NULL || PrivateData->MenuEntry == NULL) {
if (PrivateData->FileContext == NULL) {
UninstallSecureBootConfigForm (PrivateData);
return EFI_OUT_OF_RESOURCES;
}
PrivateData->FeCurrentState = FileExplorerStateInActive;
PrivateData->FeDisplayContext = FileExplorerDisplayUnknown;
InitializeListHead (&FsOptionMenu.Head);
InitializeListHead (&DirectoryMenu.Head);
//
// Init OpCode Handle and Allocate space for creation of Buffer
//
@ -4095,19 +4111,12 @@ UninstallSecureBootConfigForm (
FreePool (PrivateData->SignatureGUID);
}
if (PrivateData->MenuEntry != NULL) {
FreePool (PrivateData->MenuEntry);
}
if (PrivateData->FileContext != NULL) {
FreePool (PrivateData->FileContext);
}
FreePool (PrivateData);
FreeMenu (&DirectoryMenu);
FreeMenu (&FsOptionMenu);
if (mStartOpCodeHandle != NULL) {
HiiFreeOpCodeHandle (mStartOpCodeHandle);
}

142
SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.h
View File

@ -2,7 +2,7 @@
The header file of HII Config Access protocol implementation of SecureBoot
configuration module.
Copyright (c) 2011 - 2014, Intel Corporation. All rights reserved.<BR>
Copyright (c) 2011 - 2016, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
@ -39,6 +39,8 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
#include <Library/PrintLib.h>
#include <Library/PlatformSecureLib.h>
#include <Library/BaseCryptLib.h>
#include <Library/FileExplorerLib.h>
#include <Guid/MdeModuleHii.h>
#include <Guid/AuthenticatedVariableFormat.h>
#include <Guid/FileSystemVolumeLabelInfo.h>
@ -118,22 +120,6 @@ typedef struct {
CHAR16 TargetName[1];
} ISCSI_DEVICE_PATH_WITH_NAME;
typedef enum _FILE_EXPLORER_DISPLAY_CONTEXT {
FileExplorerDisplayFileSystem,
FileExplorerDisplayDirectory,
FileExplorerDisplayUnknown
} FILE_EXPLORER_DISPLAY_CONTEXT;
typedef enum _FILE_EXPLORER_STATE {
FileExplorerStateInActive = 0,
FileExplorerStateEnrollPkFile,
FileExplorerStateEnrollKekFile,
FileExplorerStateEnrollSignatureFileToDb,
FileExplorerStateEnrollSignatureFileToDbx,
FileExplorerStateEnrollSignatureFileToDbt,
FileExplorerStateUnknown
} FILE_EXPLORER_STATE;
typedef struct {
CHAR16 *Str;
UINTN Len;
@ -159,32 +145,9 @@ typedef struct {
UINTN MenuNumber;
} SECUREBOOT_MENU_OPTION;
extern SECUREBOOT_MENU_OPTION FsOptionMenu;
extern SECUREBOOT_MENU_OPTION DirectoryMenu;
typedef struct {
UINTN Signature;
LIST_ENTRY Link;
UINTN OptionNumber;
UINT16 *DisplayString;
UINT16 *HelpString;
EFI_STRING_ID DisplayStringToken;
EFI_STRING_ID HelpStringToken;
VOID *FileContext;
} SECUREBOOT_MENU_ENTRY;
typedef struct {
EFI_HANDLE Handle;
EFI_DEVICE_PATH_PROTOCOL *DevicePath;
EFI_FILE_HANDLE FHandle;
UINT16 *FileName;
EFI_FILE_SYSTEM_VOLUME_LABEL *Info;
BOOLEAN IsRoot;
BOOLEAN IsDir;
BOOLEAN IsRemovableMedia;
BOOLEAN IsLoadFile;
BOOLEAN IsBootLegacy;
} SECUREBOOT_FILE_CONTEXT;
@ -216,16 +179,13 @@ typedef struct {
EFI_HII_HANDLE HiiHandle;
EFI_HANDLE DriverHandle;
FILE_EXPLORER_STATE FeCurrentState;
FILE_EXPLORER_DISPLAY_CONTEXT FeDisplayContext;
SECUREBOOT_MENU_ENTRY *MenuEntry;
SECUREBOOT_FILE_CONTEXT *FileContext;
EFI_GUID *SignatureGUID;
} SECUREBOOT_CONFIG_PRIVATE_DATA;
extern SECUREBOOT_CONFIG_PRIVATE_DATA mSecureBootConfigPrivateDateTemplate;
extern SECUREBOOT_CONFIG_PRIVATE_DATA *gSecureBootPrivateData;
#define SECUREBOOT_CONFIG_PRIVATE_DATA_SIGNATURE SIGNATURE_32 ('S', 'E', 'C', 'B')
#define SECUREBOOT_CONFIG_PRIVATE_FROM_THIS(a) CR (a, SECUREBOOT_CONFIG_PRIVATE_DATA, ConfigAccess, SECUREBOOT_CONFIG_PRIVATE_DATA_SIGNATURE)
@ -495,35 +455,6 @@ CleanUpPage (
);
/**
Update the file explorer page with the refreshed file system.
@param[in] PrivateData Module private data.
@param[in] KeyValue Key value to identify the type of data to expect.
@retval TRUE Inform the caller to create a callback packet to exit file explorer.
@retval FALSE Indicate that there is no need to exit file explorer.
**/
BOOLEAN
UpdateFileExplorer (
IN SECUREBOOT_CONFIG_PRIVATE_DATA *PrivateData,
IN UINT16 KeyValue
);
/**
Free resources allocated in Allocate Rountine.
@param[in, out] MenuOption Menu to be freed
**/
VOID
FreeMenu (
IN OUT SECUREBOOT_MENU_OPTION *MenuOption
);
/**
Read file content into BufferPtr, the size of the allocate buffer
is *FileSize plus AddtionAllocateSize.
@ -621,4 +552,69 @@ GuidToString (
IN UINTN BufferSize
);
/**
Update the PK form base on the input file path info.
@param FilePath Point to the file path.
@retval TRUE Exit caller function.
@retval FALSE Not exit caller function.
**/
BOOLEAN
UpdatePKFromFile (
IN EFI_DEVICE_PATH_PROTOCOL *FilePath
);
/**
Update the KEK form base on the input file path info.
@param FilePath Point to the file path.
@retval TRUE Exit caller function.
@retval FALSE Not exit caller function.
**/
BOOLEAN
UpdateKEKFromFile (
IN EFI_DEVICE_PATH_PROTOCOL *FilePath
);
/**
Update the DB form base on the input file path info.
@param FilePath Point to the file path.
@retval TRUE Exit caller function.
@retval FALSE Not exit caller function.
**/
BOOLEAN
UpdateDBFromFile (
IN EFI_DEVICE_PATH_PROTOCOL *FilePath
);
/**
Update the DBX form base on the input file path info.
@param FilePath Point to the file path.
@retval TRUE Exit caller function.
@retval FALSE Not exit caller function.
**/
BOOLEAN
UpdateDBXFromFile (
IN EFI_DEVICE_PATH_PROTOCOL *FilePath
);
/**
Update the DBT form base on the input file path info.
@param FilePath Point to the file path.
@retval TRUE Exit caller function.
@retval FALSE Not exit caller function.
**/
BOOLEAN
UpdateDBTFromFile (
IN EFI_DEVICE_PATH_PROTOCOL *FilePath
);
#endif

10
SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigNvData.h
View File

@ -36,15 +36,9 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
#define SECUREBOOT_DELETE_SIGNATURE_FROM_DB 0x0c
#define SECUREBOOT_ENROLL_SIGNATURE_TO_DBX 0x0d
#define SECUREBOOT_DELETE_SIGNATURE_FROM_DBX 0x0e
#define FORM_FILE_EXPLORER_ID 0x0f
#define FORM_FILE_EXPLORER_ID_PK 0x10
#define FORM_FILE_EXPLORER_ID_KEK 0x11
#define FORM_FILE_EXPLORER_ID_DB 0x12
#define FORM_FILE_EXPLORER_ID_DBX 0x13
#define FORMID_SECURE_BOOT_DBT_OPTION_FORM 0x14
#define SECUREBOOT_ENROLL_SIGNATURE_TO_DBT 0x15
#define SECUREBOOT_DELETE_SIGNATURE_FROM_DBT 0x16
#define FORM_FILE_EXPLORER_ID_DBT 0x17
#define SECURE_BOOT_MODE_CUSTOM 0x01
#define SECURE_BOOT_MODE_STANDARD 0x00
@ -111,10 +105,6 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
//
#define OPTION_DEL_DBT_QUESTION_ID 0x5000
#define FILE_OPTION_GOTO_OFFSET 0xC000
#define FILE_OPTION_OFFSET 0x8000
#define FILE_OPTION_MASK 0x3FFF
#define SECURE_BOOT_GUID_SIZE 36
#define SECURE_BOOT_GUID_STORAGE_SIZE 37