From ee79ac8d0e3da408073fc6ac07b69b880cbfac73 Mon Sep 17 00:00:00 2001 From: sfu5 Date: Fri, 17 May 2013 07:03:49 +0000 Subject: [PATCH] Pop up error message when user tries to enroll an invalid certificate file into KEK/DB/DBX. Signed-off-by: Fu Siyuan Reviewed-by: Ye Ting Reviewed-by: Yao Jiewen git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@14373 6f19259b-4bc3-4df7-8a09-765794883524 --- .../SecureBootConfigImpl.c | 39 ++++++++++++++++--- 1 file changed, 33 insertions(+), 6 deletions(-) diff --git a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.c b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.c index 3084f3364e..e8beecbf58 100644 --- a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.c +++ b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.c @@ -2632,14 +2632,41 @@ SecureBootCallback ( case KEY_VALUE_SAVE_AND_EXIT_KEK: Status = EnrollKeyExchangeKey (Private); + if (EFI_ERROR (Status)) { + CreatePopUp ( + EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, + &Key, + L"ERROR: Unsupported file type!", + L"Only supports DER-encoded X509 certificate", + NULL + ); + } break; case KEY_VALUE_SAVE_AND_EXIT_DB: Status = EnrollSignatureDatabase (Private, EFI_IMAGE_SECURITY_DATABASE); + if (EFI_ERROR (Status)) { + CreatePopUp ( + EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, + &Key, + L"ERROR: Unsupported file type!", + L"Only supports DER-encoded X509 certificate and executable EFI image", + NULL + ); + } break; case KEY_VALUE_SAVE_AND_EXIT_DBX: Status = EnrollSignatureDatabase (Private, EFI_IMAGE_SECURITY_DATABASE1); + if (EFI_ERROR (Status)) { + CreatePopUp ( + EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, + &Key, + L"ERROR: Unsupported file type!", + L"Only supports DER-encoded X509 certificate and executable EFI image", + NULL + ); + } break; default: @@ -2680,13 +2707,13 @@ SecureBootCallback ( break; case KEY_VALUE_SAVE_AND_EXIT_PK: Status = EnrollPlatformKey (Private); - UnicodeSPrint ( - PromptString, - sizeof (PromptString), - L"Only DER encoded certificate file (%s) is supported.", - mSupportX509Suffix - ); if (EFI_ERROR (Status)) { + UnicodeSPrint ( + PromptString, + sizeof (PromptString), + L"Only DER encoded certificate file (%s) is supported.", + mSupportX509Suffix + ); CreatePopUp ( EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, &Key,