Replace the OpenFileByDevicePath() function with EfiOpenFileByDevicePath()
from UefiLib, correcting the following issues:
- imprecise comments on OpenFileByDevicePath(),
- code duplication between this module and other modules,
- local variable name "EfiSimpleFileSystemProtocol" starting with "Efi"
prefix,
- bogus "FileHandle = NULL" assignments,
- leaking "Handle1" when the device path type/subtype check or the
realignment-motivated AllocateCopyPool() fails in the loop,
- stale SHELL_FILE_HANDLE reference in a comment.
Cc: Chao Zhang <chao.b.zhang@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Roman Bacik <roman.bacik@broadcom.com>
Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=1008
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>
Reviewed-by: Jaben Carsey <jaben.carsey@intel.com>
When secure boot is enabled, if one loads keys from a FAT formatted
eMMC/SD/USB when trying to provision PK/KEK/DB keys via the menu,
an assert in StrLen() occurs.
This is because the filename starts on odd address, which is not a uint16
aligned boundary: https://bugzilla.tianocore.org/show_bug.cgi?id=1003
There are further known issues with the OpenFileByDevicePath() function;
those are tracked by
<https://bugzilla.tianocore.org/show_bug.cgi?id=1008>.
Cc: Chao Zhang <chao.b.zhang@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Vladimir Olovyannikov <vladimir.olovyannikov@broadcom.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Roman Bacik <roman.bacik@broadcom.com>
Reviewed-by: "Yao, Jiewen" <jiewen.yao@intel.com>
[lersek@redhat.com: whitespace fixes]
[lersek@redhat.com: reference TianoCore BZ#1008]
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
The SecureBootConfig now uses ChooseFile() from FileExplorerLib
to select the certificates to be enrolled into PK, KEK, DB, DBX,
or DBT, and the corresponding handlers to get the content of the
file. Per the definition of CHOOSE_HANDLER, the handler must use
EFIAPI as the calling convention. However, the calling convention
was not specified the following handlers: UpdatePKFromFile(),
UpdateKEKFromFile(), UpdateDBFromFile(), UpdateDBXFromFile(), and
UpdateDBTFromFile(). When compiling the firmware with gcc, the
default calling convention is not compatible with EFIAPI, so the
handlers interpreted the argument the wrong way and passed the
wrong device path to UpdatePage(), and the system crashed when
the user tried to enroll a certificate into the key database.
This commit specifies the calling convention for those functions
so that gcc can generate the right code.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Gary Lin <glin@suse.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Dandan Bi <dandan.bi@intel.com>
The function AllocateCopyPool may return NULL, so need to do check
after calling it. This patch is to enhance the related logic.
Cc: Chao Zhang <chao.b.zhang@intel.com>
Cc: Qiu Shumin <shumin.qiu@intel.com>
Cc: Eric Dong <eric.dong@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Dandan Bi <dandan.bi@intel.com>
Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>
Reviewed-by: Eric Dong <eric.dong@intel.com>
Using existing library FileExplorerLib to replace the same
logic in SecureBootConfigDxe to make the code clear. After using
FileExplorerLib, the UI behavior for enroll PK will change,
previously when select one PK file, commit/discard changes will
return to Device Manager,press ESC will return to FileExplorer.
Now using FileExplorerLib the behavior will keep same with
enroll KEK/DB/..., commit/discard changes will return to Custom
Secure Boot Options form and ESC will return to PK options form.
Cc: Chao Zhang <chao.b.zhang@intel.com>
Cc: Eric Dong <eric.dong@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Dandan Bi <dandan.bi@intel.com>
Acked-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Eric Dong <eric.dong@intel.com>
Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>
Main ChangeLogs includes:
1. Introduce the new GUID and structure definitions for certificate hash and timestamp support;
2. Update Image Verification Library to support DBT signature checking;
3. Update the related SecureBoot Configuration Pages;
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Qin Long <qin.long@intel.com>
Reviewed-by: Guo Dong <guo.dong@intel.com>
Reviewed-by: Siyuan Fu <siyuan.fu@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16380 6f19259b-4bc3-4df7-8a09-765794883524
2. Update API ForceClearPK() to UserPhysicalPresent() in PlatformSecureLib.
2. Update SecureBootConfigDxe driver and AuthVariable driver to support Custom Secure Boot Mode feature.
3. Fix some bugs in AuthVariable driver.
Signed-off-by: sfu5
Reviewed-by: tye
Reviewed-by: gdong1
git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13144 6f19259b-4bc3-4df7-8a09-765794883524
Michael D Kinney
Laszlo Ersek
Roman Bacik
Gary Lin
Dandan Bi
Zhang Lubo
Ard Biesheuvel
Qin Long
Eric Dong
sfu5