tyler.durden/audk
1
0
Fork 0
mirror of https://github.com/acidanthera/audk.git synced 2025-07-28 16:14:04 +02:00
Code Issues Packages Projects Releases Wiki Activity

Fix a bug in secure boot configuration driver: Enroll DB/KEK will disable Attempt Secure Boot option.

Browse Source 
Signed-off-by: Fu Siyuan <siyuan.fu@intel.com>
Reviewed-by: Eric Dong <eric.dong@intel.com>
Reviewed-by: Ye Ting <ting.ye@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@14590 6f19259b-4bc3-4df7-8a09-765794883524
This commit is contained in:
Fu Siyuan 2013-08-22 09:46:03 +00:00 committed by sfu5
parent f34ac841f1
commit a365eed476
2 changed files with 48 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfig.vfr
View File

@ -65,20 +65,29 @@ formset
// //
// Display of Oneof: 'Secure Boot Mode' // Display of Oneof: 'Secure Boot Mode'
// //
oneof varid = SECUREBOOT_CONFIGURATION.SecureBootMode, disableif TRUE;
questionid = KEY_SECURE_BOOT_MODE, oneof varid = SECUREBOOT_CONFIGURATION.SecureBootMode,
prompt = STRING_TOKEN(STR_SECURE_BOOT_MODE_PROMPT), prompt = STRING_TOKEN(STR_SECURE_BOOT_MODE_PROMPT),
help = STRING_TOKEN(STR_SECURE_BOOT_MODE_HELP), help = STRING_TOKEN(STR_SECURE_BOOT_MODE_HELP),
flags = INTERACTIVE, flags = INTERACTIVE,
option text = STRING_TOKEN(STR_STANDARD_MODE), value = SECURE_BOOT_MODE_STANDARD, flags = DEFAULT; option text = STRING_TOKEN(STR_STANDARD_MODE), value = SECURE_BOOT_MODE_STANDARD, flags = 0;
option text = STRING_TOKEN(STR_CUSTOM_MODE), value = SECURE_BOOT_MODE_CUSTOM, flags = 0; option text = STRING_TOKEN(STR_CUSTOM_MODE), value = SECURE_BOOT_MODE_CUSTOM, flags = 0;
endoneof; endoneof;
endif;
oneof name = SecureBootMode,
questionid = KEY_SECURE_BOOT_MODE,
prompt = STRING_TOKEN(STR_SECURE_BOOT_MODE_PROMPT),
help = STRING_TOKEN(STR_SECURE_BOOT_MODE_HELP),
flags = INTERACTIVE | NUMERIC_SIZE_1,
option text = STRING_TOKEN(STR_STANDARD_MODE), value = SECURE_BOOT_MODE_STANDARD, flags = DEFAULT;
option text = STRING_TOKEN(STR_CUSTOM_MODE), value = SECURE_BOOT_MODE_CUSTOM, flags = 0;
endoneof;
// //
// //
// Display of 'Current Secure Boot Mode' // Display of 'Current Secure Boot Mode'
// //
suppressif ideqval SECUREBOOT_CONFIGURATION.SecureBootMode == SECURE_BOOT_MODE_STANDARD; suppressif questionref(SecureBootMode) == SECURE_BOOT_MODE_STANDARD;
grayoutif NOT ideqval SECUREBOOT_CONFIGURATION.PhysicalPresent == 1; grayoutif NOT ideqval SECUREBOOT_CONFIGURATION.PhysicalPresent == 1;
goto FORMID_SECURE_BOOT_OPTION_FORM, goto FORMID_SECURE_BOOT_OPTION_FORM,
prompt = STRING_TOKEN(STR_SECURE_BOOT_OPTION), prompt = STRING_TOKEN(STR_SECURE_BOOT_OPTION),

43
SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.c
View File

@ -48,6 +48,8 @@ HII_VENDOR_DEVICE_PATH mSecureBootHiiVendorDevicePath = {
}; };
BOOLEAN mIsEnterSecureBootForm = FALSE;
// //
// OID ASN.1 Value for Hash Algorithms // OID ASN.1 Value for Hash Algorithms
// //
@ -2407,6 +2409,14 @@ SecureBootRouteConfig (
return EFI_NOT_FOUND; return EFI_NOT_FOUND;
} }
//
// Get Configuration from Variable.
//
SecureBootExtractConfigFromVariable (&IfrNvData);
//
// Map the Configuration to the configuration block.
//
BufferSize = sizeof (SECUREBOOT_CONFIGURATION); BufferSize = sizeof (SECUREBOOT_CONFIGURATION);
Status = gHiiConfigRouting->ConfigToBlock ( Status = gHiiConfigRouting->ConfigToBlock (
gHiiConfigRouting, gHiiConfigRouting,
@ -2488,6 +2498,25 @@ SecureBootCallback (
return EFI_INVALID_PARAMETER; return EFI_INVALID_PARAMETER;
} }
if (Action == EFI_BROWSER_ACTION_FORM_OPEN) {
if (QuestionId == KEY_SECURE_BOOT_MODE) {
mIsEnterSecureBootForm = TRUE;
}
return EFI_SUCCESS;
}
if (Action == EFI_BROWSER_ACTION_RETRIEVE) {
Status = EFI_UNSUPPORTED;
if (QuestionId == KEY_SECURE_BOOT_MODE) {
if (mIsEnterSecureBootForm) {
Value->u8 = SECURE_BOOT_MODE_STANDARD;
Status = EFI_SUCCESS;
}
}
return Status;
}
if ((Action != EFI_BROWSER_ACTION_CHANGED) && if ((Action != EFI_BROWSER_ACTION_CHANGED) &&
(Action != EFI_BROWSER_ACTION_CHANGING) && (Action != EFI_BROWSER_ACTION_CHANGING) &&
(Action != EFI_BROWSER_ACTION_FORM_CLOSE) && (Action != EFI_BROWSER_ACTION_FORM_CLOSE) &&
@ -2759,19 +2788,7 @@ SecureBootCallback (
break; break;
case KEY_SECURE_BOOT_MODE: case KEY_SECURE_BOOT_MODE:
GetVariable2 (EFI_CUSTOM_MODE_NAME, &gEfiCustomModeEnableGuid, (VOID**)&SecureBootMode, NULL); mIsEnterSecureBootForm = FALSE;
if (NULL != SecureBootMode) {
Status = gRT->SetVariable (
EFI_CUSTOM_MODE_NAME,
&gEfiCustomModeEnableGuid,
EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS,
sizeof (UINT8),
&Value->u8
);
*ActionRequest = EFI_BROWSER_ACTION_REQUEST_FORM_APPLY;
IfrNvData->SecureBootMode = Value->u8;
FreePool (SecureBootMode);
}
break; break;
case KEY_SECURE_BOOT_KEK_GUID: case KEY_SECURE_BOOT_KEK_GUID: