Revision: 14590
http://sourceforge.net/p/edk2/code/14590
Author: sfu5
Date: 2013-08-22 09:46:03 +0000 (Thu, 22 Aug 2013)
Log Message:
-----------
Fix a bug in secure boot configuration driver: Enroll DB/KEK will disable
Attempt Secure Boot option.
Signed-off-by: Fu Siyuan <siyuan...@intel.com>
Reviewed-by: Eric Dong <eric.d...@intel.com>
Reviewed-by: Ye Ting <ting...@intel.com>
Modified Paths:
--------------
trunk/edk2/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfig.vfr
trunk/edk2/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.c
Modified:
trunk/edk2/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfig.vfr
===================================================================
---
trunk/edk2/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfig.vfr
2013-08-22 05:55:29 UTC (rev 14589)
+++
trunk/edk2/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfig.vfr
2013-08-22 09:46:03 UTC (rev 14590)
@@ -65,20 +65,29 @@
//
// Display of Oneof: 'Secure Boot Mode'
//
- oneof varid = SECUREBOOT_CONFIGURATION.SecureBootMode,
- questionid = KEY_SECURE_BOOT_MODE,
- prompt = STRING_TOKEN(STR_SECURE_BOOT_MODE_PROMPT),
- help = STRING_TOKEN(STR_SECURE_BOOT_MODE_HELP),
- flags = INTERACTIVE,
- option text = STRING_TOKEN(STR_STANDARD_MODE), value =
SECURE_BOOT_MODE_STANDARD, flags = DEFAULT;
- option text = STRING_TOKEN(STR_CUSTOM_MODE), value =
SECURE_BOOT_MODE_CUSTOM, flags = 0;
- endoneof;
+ disableif TRUE;
+ oneof varid = SECUREBOOT_CONFIGURATION.SecureBootMode,
+ prompt = STRING_TOKEN(STR_SECURE_BOOT_MODE_PROMPT),
+ help = STRING_TOKEN(STR_SECURE_BOOT_MODE_HELP),
+ flags = INTERACTIVE,
+ option text = STRING_TOKEN(STR_STANDARD_MODE), value =
SECURE_BOOT_MODE_STANDARD, flags = 0;
+ option text = STRING_TOKEN(STR_CUSTOM_MODE), value =
SECURE_BOOT_MODE_CUSTOM, flags = 0;
+ endoneof;
+ endif;
+ oneof name = SecureBootMode,
+ questionid = KEY_SECURE_BOOT_MODE,
+ prompt = STRING_TOKEN(STR_SECURE_BOOT_MODE_PROMPT),
+ help = STRING_TOKEN(STR_SECURE_BOOT_MODE_HELP),
+ flags = INTERACTIVE | NUMERIC_SIZE_1,
+ option text = STRING_TOKEN(STR_STANDARD_MODE), value =
SECURE_BOOT_MODE_STANDARD, flags = DEFAULT;
+ option text = STRING_TOKEN(STR_CUSTOM_MODE), value =
SECURE_BOOT_MODE_CUSTOM, flags = 0;
+ endoneof;
//
//
// Display of 'Current Secure Boot Mode'
//
- suppressif ideqval SECUREBOOT_CONFIGURATION.SecureBootMode ==
SECURE_BOOT_MODE_STANDARD;
+ suppressif questionref(SecureBootMode) == SECURE_BOOT_MODE_STANDARD;
grayoutif NOT ideqval SECUREBOOT_CONFIGURATION.PhysicalPresent == 1;
goto FORMID_SECURE_BOOT_OPTION_FORM,
prompt = STRING_TOKEN(STR_SECURE_BOOT_OPTION),
Modified:
trunk/edk2/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.c
===================================================================
---
trunk/edk2/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.c
2013-08-22 05:55:29 UTC (rev 14589)
+++
trunk/edk2/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.c
2013-08-22 09:46:03 UTC (rev 14590)
@@ -48,6 +48,8 @@
};
+BOOLEAN mIsEnterSecureBootForm = FALSE;
+
//
// OID ASN.1 Value for Hash Algorithms
//
@@ -2407,6 +2409,14 @@
return EFI_NOT_FOUND;
}
+ //
+ // Get Configuration from Variable.
+ //
+ SecureBootExtractConfigFromVariable (&IfrNvData);
+
+ //
+ // Map the Configuration to the configuration block.
+ //
BufferSize = sizeof (SECUREBOOT_CONFIGURATION);
Status = gHiiConfigRouting->ConfigToBlock (
gHiiConfigRouting,
@@ -2488,6 +2498,25 @@
return EFI_INVALID_PARAMETER;
}
+ if (Action == EFI_BROWSER_ACTION_FORM_OPEN) {
+ if (QuestionId == KEY_SECURE_BOOT_MODE) {
+ mIsEnterSecureBootForm = TRUE;
+ }
+
+ return EFI_SUCCESS;
+ }
+
+ if (Action == EFI_BROWSER_ACTION_RETRIEVE) {
+ Status = EFI_UNSUPPORTED;
+ if (QuestionId == KEY_SECURE_BOOT_MODE) {
+ if (mIsEnterSecureBootForm) {
+ Value->u8 = SECURE_BOOT_MODE_STANDARD;
+ Status = EFI_SUCCESS;
+ }
+ }
+ return Status;
+ }
+
if ((Action != EFI_BROWSER_ACTION_CHANGED) &&
(Action != EFI_BROWSER_ACTION_CHANGING) &&
(Action != EFI_BROWSER_ACTION_FORM_CLOSE) &&
@@ -2759,19 +2788,7 @@
break;
case KEY_SECURE_BOOT_MODE:
- GetVariable2 (EFI_CUSTOM_MODE_NAME, &gEfiCustomModeEnableGuid,
(VOID**)&SecureBootMode, NULL);
- if (NULL != SecureBootMode) {
- Status = gRT->SetVariable (
- EFI_CUSTOM_MODE_NAME,
- &gEfiCustomModeEnableGuid,
- EFI_VARIABLE_NON_VOLATILE |
EFI_VARIABLE_BOOTSERVICE_ACCESS,
- sizeof (UINT8),
- &Value->u8
- );
- *ActionRequest = EFI_BROWSER_ACTION_REQUEST_FORM_APPLY;
- IfrNvData->SecureBootMode = Value->u8;
- FreePool (SecureBootMode);
- }
+ mIsEnterSecureBootForm = FALSE;
break;
case KEY_SECURE_BOOT_KEK_GUID:
This was sent by the SourceForge.net collaborative development platform, the
world's largest Open Source development site.
------------------------------------------------------------------------------
Introducing Performance Central, a new site from SourceForge and
AppDynamics. Performance Central is your source for news, insights,
analysis and resources for efficient Application Performance Management.
Visit us today!
http://pubads.g.doubleclick.net/gampad/clk?id=48897511&iu=/4140/ostg.clktrk
_______________________________________________
edk2-commits mailing list
edk2-commits@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/edk2-commits
