Dandan:
  Can you also add more specific description in check in log about the 
SecureBoot Config UI behavior change after your patch?





Thanks & Best regards
Chao Zhang


-----Original Message-----
From: Bi, Dandan 
Sent: Monday, February 01, 2016 6:02 PM
To: Laszlo Ersek
Cc: Zhang, Chao B; Dong, Eric; edk2-de...@ml01.01.org
Subject: RE: [edk2] [patch] SecurityPkg:Use FileExplorerLib in 
SecureBootConfigDxe

Hi Laszlo,

Thanks for your comments. I will  update the related package.dsc files, and new 
patch series will send out later.

Thanks,
Dandan

-----Original Message-----
From: Laszlo Ersek [mailto:ler...@redhat.com] 
Sent: Monday, February 1, 2016 5:22 PM
To: Bi, Dandan
Cc: Zhang, Chao B; Dong, Eric; edk2-de...@ml01.01.org
Subject: Re: [edk2] [patch] SecurityPkg:Use FileExplorerLib in 
SecureBootConfigDxe

On 02/01/16 10:06, Dandan Bi wrote:
> Using existing library FileExplorerLib to replace the same
> logic in SecureBootConfigDxe to make the code clear.
> 
> Contributed-under: TianoCore Contribution Agreement 1.0
> Signed-off-by: Dandan Bi <dandan...@intel.com>
> ---
>  .../SecureBootConfigDxe/SecureBootConfig.vfr       |  109 +-
>  .../SecureBootConfigDxe/SecureBootConfigDxe.inf    |    3 +-
>  .../SecureBootConfigFileExplorer.c                 | 1127 
> +++-----------------
>  .../SecureBootConfigDxe/SecureBootConfigImpl.c     |  167 +--
>  .../SecureBootConfigDxe/SecureBootConfigImpl.h     |  142 ++-
>  .../SecureBootConfigDxe/SecureBootConfigNvData.h   |   10 -
>  6 files changed, 333 insertions(+), 1225 deletions(-)

This is probably a great idea, but the patch is incomplete.

The following edk2 DSC files list 
"SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf":

- ArmPlatformPkg/ArmVExpressPkg/ArmVExpress-FVP-AArch64.dsc
- ArmVirtPkg/ArmVirtQemu.dsc
- Nt32Pkg/Nt32Pkg.dsc
- OvmfPkg/OvmfPkgIa32.dsc
- OvmfPkg/OvmfPkgIa32X64.dsc
- OvmfPkg/OvmfPkgX64.dsc
- QuarkPlatformPkg/Quark.dsc
- SecurityPkg/SecurityPkg.dsc
- Vlv2TbltDevicePkg/PlatformPkgGccX64.dsc
- Vlv2TbltDevicePkg/PlatformPkgIA32.dsc
- Vlv2TbltDevicePkg/PlatformPkgX64.dsc

Of these, only the following resolve "FileExplorerLib":

- Nt32Pkg/Nt32Pkg.dsc
- QuarkPlatformPkg/Quark.dsc

Which means that the patch will break the build for the other DSC files:

- ArmPlatformPkg/ArmVExpressPkg/ArmVExpress-FVP-AArch64.dsc
- ArmVirtPkg/ArmVirtQemu.dsc
- OvmfPkg/OvmfPkgIa32.dsc
- OvmfPkg/OvmfPkgIa32X64.dsc
- OvmfPkg/OvmfPkgX64.dsc
- SecurityPkg/SecurityPkg.dsc
- Vlv2TbltDevicePkg/PlatformPkgGccX64.dsc
- Vlv2TbltDevicePkg/PlatformPkgIA32.dsc
- Vlv2TbltDevicePkg/PlatformPkgX64.dsc

So, this change should be implemented in a 6-part series, where the first five 
patches resolve FileExplorerLib for each of ArmPlatformPkg, ArmVirtPkg, OvmfPkg 
(three DSC files in one patch), SecurityPkg, Vlv2TbltDevicePkg (three DSC files 
in one patch). Then this patch should be included as the last one in the series.

Thanks
Laszlo

> diff --git 
> a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfig.vfr 
> b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfig.vfr
> index e53630c..484da2c 100644
> --- 
> a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfig.vfr
> +++ 
> b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfig.vfr
> @@ -1,9 +1,9 @@
>  /** @file
>    VFR file used by the SecureBoot configuration component.
>  
> -Copyright (c) 2011 - 2015, Intel Corporation. All rights reserved.<BR>
> +Copyright (c) 2011 - 2016, Intel Corporation. All rights reserved.<BR>
>  This program and the accompanying materials
>  are licensed and made available under the terms and conditions of the BSD 
> License
>  which accompanies this distribution.  The full text of the license may be 
> found at
>  http://opensource.org/licenses/bsd-license.php
>  
> @@ -200,15 +200,33 @@ formset
>    form formid = FORMID_ENROLL_PK_FORM,
>      title  = STRING_TOKEN(STR_ENROLL_PK);
>  
>      subtitle text = STRING_TOKEN(STR_NULL);
>  
> -    goto FORM_FILE_EXPLORER_ID_PK,
> +    goto FORMID_ENROLL_PK_FORM,
>           prompt = STRING_TOKEN(STR_SECURE_BOOT_ENROLL_PK_FILE),
>           help = STRING_TOKEN(STR_SECURE_BOOT_ENROLL_PK_FILE),
>           flags = INTERACTIVE,
> -         key = SECUREBOOT_ADD_PK_FILE_FORM_ID;
> +         key = FORMID_ENROLL_PK_FORM;
> +
> +    subtitle text = STRING_TOKEN(STR_NULL);
> +    label FORMID_ENROLL_PK_FORM;
> +    label LABEL_END;
> +    subtitle text = STRING_TOKEN(STR_NULL);
> +
> +    goto FORMID_SECURE_BOOT_OPTION_FORM,
> +      prompt = STRING_TOKEN(STR_SAVE_AND_EXIT),
> +      help   = STRING_TOKEN(STR_SAVE_AND_EXIT),
> +      flags  = INTERACTIVE| RESET_REQUIRED,
> +      key    = KEY_VALUE_SAVE_AND_EXIT_PK;
> +
> +    goto FORMID_SECURE_BOOT_OPTION_FORM,
> +      prompt = STRING_TOKEN(STR_NO_SAVE_AND_EXIT),
> +      help   = STRING_TOKEN(STR_NO_SAVE_AND_EXIT),
> +      flags  = INTERACTIVE,
> +      key    = KEY_VALUE_NO_SAVE_AND_EXIT_PK;
> +
>    endform;
>  
>    //
>    // ##5 Form: 'KEK Options'
>    //
> @@ -243,11 +261,11 @@ formset
>    form formid = FORMID_ENROLL_KEK_FORM,
>      title = STRING_TOKEN(STR_ENROLL_KEK_TITLE);
>  
>      subtitle text = STRING_TOKEN(STR_NULL);
>  
> -    goto FORM_FILE_EXPLORER_ID_KEK,
> +    goto FORMID_ENROLL_KEK_FORM,
>           prompt = STRING_TOKEN(STR_FORM_ENROLL_KEK_FROM_FILE_TITLE),
>           help   = STRING_TOKEN(STR_FORM_ENROLL_KEK_FROM_FILE_TITLE_HELP),
>           flags  = INTERACTIVE,
>           key    = FORMID_ENROLL_KEK_FORM;
>  
> @@ -406,11 +424,11 @@ formset
>    form formid = SECUREBOOT_ENROLL_SIGNATURE_TO_DB,
>      title = STRING_TOKEN(STR_SECURE_BOOT_ENROLL_SIGNATURE);
>  
>      subtitle text = STRING_TOKEN(STR_NULL);
>  
> -    goto FORM_FILE_EXPLORER_ID_DB,
> +    goto SECUREBOOT_ENROLL_SIGNATURE_TO_DB,
>           prompt = STRING_TOKEN(STR_SECURE_BOOT_ADD_SIGNATURE_FILE),
>           help = STRING_TOKEN(STR_SECURE_BOOT_ADD_SIGNATURE_FILE),
>           flags = INTERACTIVE,
>           key = SECUREBOOT_ENROLL_SIGNATURE_TO_DB;
>  
> @@ -451,11 +469,11 @@ formset
>    form formid = SECUREBOOT_ENROLL_SIGNATURE_TO_DBX,
>      title = STRING_TOKEN(STR_SECURE_BOOT_ENROLL_SIGNATURE);
>  
>      subtitle text = STRING_TOKEN(STR_NULL);
>  
> -    goto FORM_FILE_EXPLORER_ID_DBX,
> +    goto SECUREBOOT_ENROLL_SIGNATURE_TO_DBX,
>           prompt = STRING_TOKEN(STR_SECURE_BOOT_ADD_SIGNATURE_FILE),
>           help = STRING_TOKEN(STR_SECURE_BOOT_ADD_SIGNATURE_FILE),
>           flags = INTERACTIVE,
>           key = SECUREBOOT_ENROLL_SIGNATURE_TO_DBX;
>  
> @@ -527,11 +545,11 @@ formset
>    form formid = SECUREBOOT_ENROLL_SIGNATURE_TO_DBT,
>      title = STRING_TOKEN(STR_SECURE_BOOT_ENROLL_SIGNATURE);
>  
>      subtitle text = STRING_TOKEN(STR_NULL);
>  
> -    goto FORM_FILE_EXPLORER_ID_DBT,
> +    goto SECUREBOOT_ENROLL_SIGNATURE_TO_DBT,
>           prompt = STRING_TOKEN(STR_SECURE_BOOT_ADD_SIGNATURE_FILE),
>           help = STRING_TOKEN(STR_SECURE_BOOT_ADD_SIGNATURE_FILE),
>           flags = INTERACTIVE,
>           key = SECUREBOOT_ENROLL_SIGNATURE_TO_DBT;
>  
> @@ -564,83 +582,6 @@ formset
>           flags  = INTERACTIVE,
>           key    = KEY_VALUE_NO_SAVE_AND_EXIT_DBT;
>  
>    endform;
>  
> -  //
> -  // File Explorer for PK
> -  //
> -  form formid = FORM_FILE_EXPLORER_ID_PK,
> -       title = STRING_TOKEN(STR_FILE_EXPLORER_TITLE);
> -
> -       label FORM_FILE_EXPLORER_ID;
> -       label LABEL_END;
> -  endform;
> -
> -  //
> -  // File Explorer for KEK
> -  //
> -  form formid = FORM_FILE_EXPLORER_ID_KEK,
> -       title = STRING_TOKEN(STR_FILE_EXPLORER_TITLE);
> -
> -       label FORM_FILE_EXPLORER_ID;
> -       label LABEL_END;
> -  endform;
> -
> -  //
> -  // File Explorer for DB
> -  //
> -  form formid = FORM_FILE_EXPLORER_ID_DB,
> -       title = STRING_TOKEN(STR_FILE_EXPLORER_TITLE);
> -
> -       label FORM_FILE_EXPLORER_ID;
> -       label LABEL_END;
> -  endform;
> -
> -  //
> -  // File Explorer for DBX
> -  //
> -  form formid = FORM_FILE_EXPLORER_ID_DBX,
> -       title = STRING_TOKEN(STR_FILE_EXPLORER_TITLE);
> -
> -       label FORM_FILE_EXPLORER_ID;
> -       label LABEL_END;
> -  endform;
> -
> -  //
> -  // File Explorer for DBT
> -  //
> -  form formid = FORM_FILE_EXPLORER_ID_DBT,
> -       title = STRING_TOKEN(STR_FILE_EXPLORER_TITLE);
> -
> -       label FORM_FILE_EXPLORER_ID;
> -       label LABEL_END;
> -  endform;
> -
> -  //
> -  // Enroll Pk from File Commit Form
> -  //
> -  form formid = SECUREBOOT_ADD_PK_FILE_FORM_ID,
> -    title = STRING_TOKEN(STR_SAVE_PK_FILE);
> -
> -    label SECUREBOOT_ADD_PK_FILE_FORM_ID;
> -    label LABEL_END;
> -
> -    subtitle text = STRING_TOKEN(STR_NULL);
> -
> -     text
> -       help   = STRING_TOKEN(STR_SAVE_AND_EXIT),
> -       text   = STRING_TOKEN(STR_SAVE_AND_EXIT),
> -       text   = STRING_TOKEN(STR_NULL),
> -       flags  = INTERACTIVE,
> -       key    = KEY_VALUE_SAVE_AND_EXIT_PK;
> -
> -     text
> -       help   = STRING_TOKEN(STR_NO_SAVE_AND_EXIT),
> -       text   = STRING_TOKEN(STR_NO_SAVE_AND_EXIT),
> -       text   = STRING_TOKEN(STR_NULL),
> -       flags  = INTERACTIVE,
> -       key    = KEY_VALUE_NO_SAVE_AND_EXIT_PK;
> -
> -  endform;
> -
>  endformset;
> \ No newline at end of file
> diff --git 
> a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf
>  
> b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf
> index ef400c4..6b143f5 100644
> --- 
> a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf
> +++ 
> b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf
> @@ -1,10 +1,10 @@
>  ## @file
>  #  Provides the capbility to configure secure boot in a setup browser
>  #  By this module, user may change the content of DB, DBX, PK and KEK.
>  #
> -# Copyright (c) 2011 - 2014, Intel Corporation. All rights reserved.<BR>
> +# Copyright (c) 2011 - 2016, Intel Corporation. All rights reserved.<BR>
>  # This program and the accompanying materials
>  # are licensed and made available under the terms and conditions of the BSD 
> License
>  # which accompanies this distribution. The full text of the license may be 
> found at
>  # http://opensource.org/licenses/bsd-license.php
>  # THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
> @@ -55,10 +55,11 @@
>    UefiHiiServicesLib
>    DebugLib
>    HiiLib
>    PlatformSecureLib
>    DevicePathLib
> +  FileExplorerLib
>  
>  [Guids]
>    ## SOMETIMES_CONSUMES      ## Variable:L"CustomMode"
>    ## SOMETIMES_PRODUCES      ## Variable:L"CustomMode"
>    gEfiCustomModeEnableGuid
> diff --git 
> a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigFileExplorer.c
>  
> b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigFileExplorer.c
> index e1fd78d..2adb85c 100644
> --- 
> a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigFileExplorer.c
> +++ 
> b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigFileExplorer.c
> @@ -1,9 +1,9 @@
>  /** @file
>    Internal file explorer functions for SecureBoot configuration module.
>  
> -Copyright (c) 2012 - 2015, Intel Corporation. All rights reserved.<BR>
> +Copyright (c) 2012 - 2016, Intel Corporation. All rights reserved.<BR>
>  This program and the accompanying materials
>  are licensed and made available under the terms and conditions of the BSD 
> License
>  which accompanies this distribution.  The full text of the license may be 
> found at
>  http://opensource.org/licenses/bsd-license.php
>  
> @@ -12,450 +12,74 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, 
> EITHER EXPRESS OR IMPLIED.
>  
>  **/
>  
>  #include "SecureBootConfigImpl.h"
>  
> -///
> -/// File system selection menu
> -///
> -SECUREBOOT_MENU_OPTION      FsOptionMenu = {
> -  SECUREBOOT_MENU_OPTION_SIGNATURE,
> -  {NULL},
> -  0
> -};
> -
> -///
> -/// Files and sub-directories in current directory menu
> -///
> -SECUREBOOT_MENU_OPTION      DirectoryMenu = {
> -  SECUREBOOT_MENU_OPTION_SIGNATURE,
> -  {NULL},
> -  0
> -};
> -
>  VOID                  *mStartOpCodeHandle = NULL;
>  VOID                  *mEndOpCodeHandle = NULL;
>  EFI_IFR_GUID_LABEL    *mStartLabel = NULL;
>  EFI_IFR_GUID_LABEL    *mEndLabel = NULL;
>  
>  /**
> -  Duplicate a string.
> -
> -  @param[in]    Src             The source string.
> -
> -  @return      A new string which is duplicated copy of the source,
> -               or NULL if there is not enough memory.
> -
> -**/
> -CHAR16 *
> -StrDuplicate (
> -  IN CHAR16   *Src
> -  )
> -{
> -  CHAR16  *Dest;
> -  UINTN   Size;
> -
> -  Size  = StrSize (Src);
> -  Dest  = AllocateZeroPool (Size);
> -  ASSERT (Dest != NULL);
> -  if (Dest != NULL) {
> -    CopyMem (Dest, Src, Size);
> -  }
> -
> -  return Dest;
> -}
> -
> -/**
> -  Helper function called as part of the code needed to allocate
> -  the proper sized buffer for various EFI interfaces.
> -
> -  @param[in, out]   Status          Current status
> -  @param[in, out]   Buffer          Current allocated buffer, or NULL
> -  @param[in]        BufferSize      Current buffer size needed
> -
> -  @retval  TRUE         If the buffer was reallocated and the caller
> -                        should try the API again.
> -  @retval  FALSE        The caller should not call this function again.
> +  Refresh the global UpdateData structure.
>  
>  **/
> -BOOLEAN
> -GrowBuffer (
> -  IN OUT EFI_STATUS   *Status,
> -  IN OUT VOID         **Buffer,
> -  IN UINTN            BufferSize
> +VOID
> +RefreshUpdateData (
> +  VOID
>    )
>  {
> -  BOOLEAN TryAgain;
> -
>    //
> -  // If this is an initial request, buffer will be null with a new buffer 
> size
> +  // Free current updated date
>    //
> -  if ((*Buffer == NULL) && (BufferSize != 0)) {
> -    *Status = EFI_BUFFER_TOO_SMALL;
> +  if (mStartOpCodeHandle != NULL) {
> +    HiiFreeOpCodeHandle (mStartOpCodeHandle);
>    }
> -  //
> -  // If the status code is "buffer too small", resize the buffer
> -  //
> -  TryAgain = FALSE;
> -  if (*Status == EFI_BUFFER_TOO_SMALL) {
> -
> -    if (*Buffer != NULL) {
> -      FreePool (*Buffer);
> -    }
>  
> -    *Buffer = AllocateZeroPool (BufferSize);
> -
> -    if (*Buffer != NULL) {
> -      TryAgain = TRUE;
> -    } else {
> -      *Status = EFI_OUT_OF_RESOURCES;
> -    }
> -  }
>    //
> -  // If there's an error, free the buffer
> +  // Create new OpCode Handle
>    //
> -  if (!TryAgain && EFI_ERROR (*Status) && (*Buffer != NULL)) {
> -    FreePool (*Buffer);
> -    *Buffer = NULL;
> -  }
> -
> -  return TryAgain;
> -}
> -
> -/**
> -  Append file name to existing file name, and allocate a new buffer
> -  to hold the appended result.
> -
> -  @param[in]  Str1  The existing file name
> -  @param[in]  Str2  The file name to be appended
> -
> -  @return      A new string with appended result.
> -
> -**/
> -CHAR16 *
> -AppendFileName (
> -  IN  CHAR16  *Str1,
> -  IN  CHAR16  *Str2
> -  )
> -{
> -  UINTN   Size1;
> -  UINTN   Size2;
> -  UINTN   BufferSize;
> -  CHAR16  *Str;
> -  CHAR16  *TmpStr;
> -  CHAR16  *Ptr;
> -  CHAR16  *LastSlash;
> -
> -  Size1 = StrSize (Str1);
> -  Size2 = StrSize (Str2);
> -  BufferSize = Size1 + Size2 + sizeof (CHAR16);
> -  Str   = AllocateZeroPool (BufferSize);
> -  ASSERT (Str != NULL);
> -
> -  TmpStr = AllocateZeroPool (BufferSize);
> -  ASSERT (TmpStr != NULL);
> -
> -  StrCatS (Str, BufferSize / sizeof (CHAR16), Str1);
> -
> -  if (!((*Str == '\\') && (*(Str + 1) == 0))) {
> -    StrCatS (Str, BufferSize / sizeof (CHAR16), L"\\");
> -  }
> -
> -  StrCatS (Str, BufferSize / sizeof (CHAR16), Str2);
> -
> -  Ptr       = Str;
> -  LastSlash = Str;
> -  while (*Ptr != 0) {
> -    if (*Ptr == '\\' && *(Ptr + 1) == '.' && *(Ptr + 2) == '.' && *(Ptr + 3) 
> == L'\\') {
> -      //
> -      // Convert "\Name\..\" to "\"
> -      // DO NOT convert the .. if it is at the end of the string. This will
> -      // break the .. behavior in changing directories.
> -      //
> -
> -      //
> -      // Use TmpStr as a backup, as StrCpyS in BaseLib does not handle copy 
> of two strings
> -      // that overlap.
> -      //
> -      StrCpyS (TmpStr, BufferSize / sizeof (CHAR16), Ptr + 3);
> -      StrCpyS (LastSlash, BufferSize / sizeof (CHAR16), TmpStr);
> -      Ptr = LastSlash;
> -    } else if (*Ptr == '\\' && *(Ptr + 1) == '.' && *(Ptr + 2) == '\\') {
> -      //
> -      // Convert a "\.\" to a "\"
> -      //
> -
> -      //
> -      // Use TmpStr as a backup, as StrCpyS in BaseLib does not handle copy 
> of two strings
> -      // that overlap.
> -      //
> -      StrCpyS (TmpStr, BufferSize / sizeof (CHAR16), Ptr + 2);
> -      StrCpyS (Ptr, BufferSize / sizeof (CHAR16), TmpStr);
> -      Ptr = LastSlash;
> -    } else if (*Ptr == '\\') {
> -      LastSlash = Ptr;
> -    }
> -
> -    Ptr++;
> -  }
> -
> -  FreePool (TmpStr);
> -
> -  return Str;
> -}
> -
> -/**
> -  Create a SECUREBOOT_MENU_ENTRY, and stores it in a buffer allocated from 
> the pool.
> -
> -  @return           The new menu entry or NULL of error happens.
> -
> -**/
> -SECUREBOOT_MENU_ENTRY *
> -CreateMenuEntry (
> -  VOID
> -  )
> -{
> -  SECUREBOOT_MENU_ENTRY *MenuEntry;
> -  UINTN                 ContextSize;
> +  mStartOpCodeHandle = HiiAllocateOpCodeHandle ();
>  
>    //
> -  // Create new menu entry
> +  // Create Hii Extend Label OpCode as the start opcode
>    //
> -  MenuEntry = AllocateZeroPool (sizeof (SECUREBOOT_MENU_ENTRY));
> -  if (MenuEntry == NULL) {
> -    return NULL;
> -  }
> -
> -  ContextSize = sizeof (SECUREBOOT_FILE_CONTEXT);
> -  MenuEntry->FileContext = AllocateZeroPool (ContextSize);
> -  if (MenuEntry->FileContext == NULL) {
> -    FreePool (MenuEntry);
> -    return NULL;
> -  }
> -
> -  MenuEntry->Signature = SECUREBOOT_MENU_ENTRY_SIGNATURE;
> -
> -  return MenuEntry;
> -}
> -
> -/**
> -  Get Menu Entry from the Menu Entry List by MenuNumber.
> -
> -  If MenuNumber is great or equal to the number of Menu
> -  Entry in the list, then ASSERT.
> -
> -  @param[in]  MenuOption      The Menu Entry List to read the menu entry.
> -  @param[in]  MenuNumber      The index of Menu Entry.
> -
> -  @return     The Menu Entry.
> -
> -**/
> -SECUREBOOT_MENU_ENTRY *
> -GetMenuEntry (
> -  IN  SECUREBOOT_MENU_OPTION      *MenuOption,
> -  IN  UINTN                       MenuNumber
> -  )
> -{
> -  SECUREBOOT_MENU_ENTRY       *NewMenuEntry;
> -  UINTN                       Index;
> -  LIST_ENTRY                  *List;
> -
> -  ASSERT (MenuNumber < MenuOption->MenuNumber);
> -
> -  List = MenuOption->Head.ForwardLink;
> -  for (Index = 0; Index < MenuNumber; Index++) {
> -    List = List->ForwardLink;
> -  }
> -
> -  NewMenuEntry = CR (List, SECUREBOOT_MENU_ENTRY, Link, 
> SECUREBOOT_MENU_ENTRY_SIGNATURE);
> -
> -  return NewMenuEntry;
> -}
> -
> -/**
> -  Create string tokens for a menu from its help strings and display strings.
> -
> -  @param[in] HiiHandle          Hii Handle of the package to be updated.
> -  @param[in] MenuOption         The Menu whose string tokens need to be 
> created.
> -
> -**/
> -VOID
> -CreateMenuStringToken (
> -  IN EFI_HII_HANDLE                          HiiHandle,
> -  IN SECUREBOOT_MENU_OPTION                  *MenuOption
> -  )
> -{
> -  SECUREBOOT_MENU_ENTRY *NewMenuEntry;
> -  UINTN         Index;
> -
> -  for (Index = 0; Index < MenuOption->MenuNumber; Index++) {
> -    NewMenuEntry = GetMenuEntry (MenuOption, Index);
> -
> -    NewMenuEntry->DisplayStringToken = HiiSetString (
> -                                         HiiHandle,
> -                                         0,
> -                                         NewMenuEntry->DisplayString,
> -                                         NULL
> +  mStartLabel = (EFI_IFR_GUID_LABEL *) HiiCreateGuidOpCode (
> +                                         mStartOpCodeHandle,
> +                                         &gEfiIfrTianoGuid,
> +                                         NULL,
> +                                         sizeof (EFI_IFR_GUID_LABEL)
>                                           );
> -
> -    if (NewMenuEntry->HelpString == NULL) {
> -      NewMenuEntry->HelpStringToken = NewMenuEntry->DisplayStringToken;
> -    } else {
> -      NewMenuEntry->HelpStringToken = HiiSetString (
> -                                        HiiHandle,
> -                                        0,
> -                                        NewMenuEntry->HelpString,
> -                                        NULL
> -                                        );
> -    }
> -  }
> -}
> -
> -/**
> -  Free up all resources allocated for a SECUREBOOT_MENU_ENTRY.
> -
> -  @param[in, out]  MenuEntry   A pointer to SECUREBOOT_MENU_ENTRY.
> -
> -**/
> -VOID
> -DestroyMenuEntry (
> -  IN OUT SECUREBOOT_MENU_ENTRY         *MenuEntry
> -  )
> -{
> -  SECUREBOOT_FILE_CONTEXT           *FileContext;
> -
> -
> -  FileContext = (SECUREBOOT_FILE_CONTEXT *) MenuEntry->FileContext;
> -
> -  if (!FileContext->IsRoot && FileContext->DevicePath != NULL) {
> -    FreePool (FileContext->DevicePath);
> -  } else {
> -    if (FileContext->FHandle != NULL) {
> -      FileContext->FHandle->Close (FileContext->FHandle);
> -    }
> -  }
> -
> -  if (FileContext->FileName != NULL) {
> -    FreePool (FileContext->FileName);
> -  }
> -  if (FileContext->Info != NULL) {
> -    FreePool (FileContext->Info);
> -  }
> -
> -  FreePool (FileContext);
> -
> -  if (MenuEntry->DisplayString != NULL) {
> -    FreePool (MenuEntry->DisplayString);
> -  }
> -  if (MenuEntry->HelpString != NULL) {
> -    FreePool (MenuEntry->HelpString);
> -  }
> -
> -  FreePool (MenuEntry);
> +  mStartLabel->ExtendOpCode = EFI_IFR_EXTEND_OP_LABEL;
>  }
>  
>  /**
> -  Free resources allocated in Allocate Rountine.
> +  Clean up the dynamic opcode at label and form specified by both LabelId.
>  
> -  @param[in, out]  MenuOption        Menu to be freed
> +  @param[in] LabelId         It is both the Form ID and Label ID for opcode 
> deletion.
> +  @param[in] PrivateData     Module private data.
>  
>  **/
>  VOID
> -FreeMenu (
> -  IN OUT SECUREBOOT_MENU_OPTION        *MenuOption
> -  )
> -{
> -  SECUREBOOT_MENU_ENTRY      *MenuEntry;
> -  while (!IsListEmpty (&MenuOption->Head)) {
> -    MenuEntry = CR (
> -                  MenuOption->Head.ForwardLink,
> -                  SECUREBOOT_MENU_ENTRY,
> -                  Link,
> -                  SECUREBOOT_MENU_ENTRY_SIGNATURE
> -                  );
> -    RemoveEntryList (&MenuEntry->Link);
> -    DestroyMenuEntry (MenuEntry);
> -  }
> -  MenuOption->MenuNumber = 0;
> -}
> -
> -/**
> -  This function gets the file information from an open file descriptor, and 
> stores it
> -  in a buffer allocated from pool.
> -
> -  @param[in]  FHand           File Handle.
> -
> -  @return    A pointer to a buffer with file information or NULL is returned
> -
> -**/
> -EFI_FILE_INFO *
> -FileInfo (
> -  IN EFI_FILE_HANDLE      FHand
> -  )
> -{
> -  EFI_STATUS    Status;
> -  EFI_FILE_INFO *Buffer;
> -  UINTN         BufferSize;
> -
> -  //
> -  // Initialize for GrowBuffer loop
> -  //
> -  Buffer      = NULL;
> -  BufferSize  = SIZE_OF_EFI_FILE_INFO + 200;
> -
> -  //
> -  // Call the real function
> -  //
> -  while (GrowBuffer (&Status, (VOID **) &Buffer, BufferSize)) {
> -    Status = FHand->GetInfo (
> -                      FHand,
> -                      &gEfiFileInfoGuid,
> -                      &BufferSize,
> -                      Buffer
> -                      );
> -  }
> -
> -  return Buffer;
> -}
> -
> -/**
> -  This function gets the file system information from an open file 
> descriptor,
> -  and stores it in a buffer allocated from pool.
> -
> -  @param[in] FHand       The file handle.
> -
> -  @return                A pointer to a buffer with file information.
> -  @retval                NULL is returned if failed to get Vaolume Label 
> Info.
> -
> -**/
> -EFI_FILE_SYSTEM_VOLUME_LABEL *
> -FileSystemVolumeLabelInfo (
> -  IN EFI_FILE_HANDLE      FHand
> +CleanUpPage (
> +  IN UINT16                           LabelId,
> +  IN SECUREBOOT_CONFIG_PRIVATE_DATA   *PrivateData
>    )
>  {
> -  EFI_STATUS                        Status;
> -  EFI_FILE_SYSTEM_VOLUME_LABEL      *Buffer;
> -  UINTN                             BufferSize;
> -  //
> -  // Initialize for GrowBuffer loop
> -  //
> -  Buffer      = NULL;
> -  BufferSize  = SIZE_OF_EFI_FILE_SYSTEM_VOLUME_LABEL + 200;
> +  RefreshUpdateData ();
>  
>    //
> -  // Call the real function
> +  // Remove all op-codes from dynamic page
>    //
> -  while (GrowBuffer (&Status, (VOID **) &Buffer, BufferSize)) {
> -    Status = FHand->GetInfo (
> -                      FHand,
> -                      &gEfiFileSystemVolumeLabelInfoIdGuid,
> -                      &BufferSize,
> -                      Buffer
> -                      );
> -  }
> -
> -  return Buffer;
> +  mStartLabel->Number = LabelId;
> +  HiiUpdateForm (
> +    PrivateData->HiiHandle,
> +    &gSecureBootConfigFormSetGuid,
> +    LabelId,
> +    mStartOpCodeHandle, // Label LabelId
> +    mEndOpCodeHandle    // LABEL_END
> +    );
>  }
>  
>  /**
>    This function will open a file or directory referenced by DevicePath.
>  
> @@ -593,642 +217,189 @@ OpenFileByDevicePath(
>    //
>    *FileHandle = (VOID*)Handle1;
>    return EFI_SUCCESS;
>  }
>  
> +
>  /**
> -  Function opens and returns a file handle to the root directory of a volume.
> +  Extract filename from device path. The returned buffer is allocated using 
> AllocateCopyPool.
> +  The caller is responsible for freeing the allocated buffer using 
> FreePool().
>  
> -  @param[in]   DeviceHandle    A handle for a device
> +  @param DevicePath       Device path.
>  
> -  @return      A valid file handle or NULL if error happens.
> +  @return                 A new allocated string that represents the file 
> name.
>  
>  **/
> -EFI_FILE_HANDLE
> -OpenRoot (
> -  IN EFI_HANDLE                   DeviceHandle
> +CHAR16 *
> +ExtractFileNameFromDevicePath (
> +  IN   EFI_DEVICE_PATH_PROTOCOL *DevicePath
>    )
>  {
> -  EFI_STATUS                      Status;
> -  EFI_SIMPLE_FILE_SYSTEM_PROTOCOL *Volume;
> -  EFI_FILE_HANDLE                 File;
> -
> -  File = NULL;
> -
> -  //
> -  // File the file system interface to the device
> -  //
> -  Status = gBS->HandleProtocol (
> -                  DeviceHandle,
> -                  &gEfiSimpleFileSystemProtocolGuid,
> -                  (VOID *) &Volume
> -                  );
> -
> -  //
> -  // Open the root directory of the volume
> -  //
> -  if (!EFI_ERROR (Status)) {
> -    Status = Volume->OpenVolume (
> -                      Volume,
> -                      &File
> -                      );
> -  }
> -  //
> -  // Done
> -  //
> -  return EFI_ERROR (Status) ? NULL : File;
> -}
> +  CHAR16          *String;
> +  CHAR16          *MatchString;
> +  CHAR16          *LastMatch;
> +  CHAR16          *FileName;
> +  UINTN           Length;
>  
> -/**
> -  This function builds the FsOptionMenu list which records all
> -  available file system in the system. They include all instances
> -  of EFI_SIMPLE_FILE_SYSTEM_PROTOCOL, all instances of EFI_LOAD_FILE_SYSTEM
> -  and all type of legacy boot device.
> -
> -  @retval  EFI_SUCCESS             Success find the file system
> -  @retval  EFI_OUT_OF_RESOURCES    Can not create menu entry
> +  ASSERT(DevicePath != NULL);
>  
> -**/
> -EFI_STATUS
> -FindFileSystem (
> -  VOID
> -  )
> -{
> -  UINTN                     NoBlkIoHandles;
> -  UINTN                     NoSimpleFsHandles;
> -  EFI_HANDLE                *BlkIoHandle;
> -  EFI_HANDLE                *SimpleFsHandle;
> -  UINT16                    *VolumeLabel;
> -  EFI_BLOCK_IO_PROTOCOL     *BlkIo;
> -  UINTN                     Index;
> -  EFI_STATUS                Status;
> -  SECUREBOOT_MENU_ENTRY     *MenuEntry;
> -  SECUREBOOT_FILE_CONTEXT   *FileContext;
> -  UINT16                    *TempStr;
> -  UINTN                     OptionNumber;
> -  VOID                      *Buffer;
> -
> -  BOOLEAN                   RemovableMedia;
> -
> -
> -  NoSimpleFsHandles = 0;
> -  OptionNumber      = 0;
> -  InitializeListHead (&FsOptionMenu.Head);
> +  String = DevicePathToStr(DevicePath);
> +  MatchString = String;
> +  LastMatch   = String;
>  
> -  //
> -  // Locate Handles that support BlockIo protocol
> -  //
> -  Status = gBS->LocateHandleBuffer (
> -                  ByProtocol,
> -                  &gEfiBlockIoProtocolGuid,
> -                  NULL,
> -                  &NoBlkIoHandles,
> -                  &BlkIoHandle
> -                  );
> -  if (!EFI_ERROR (Status)) {
> -
> -    for (Index = 0; Index < NoBlkIoHandles; Index++) {
> -      Status = gBS->HandleProtocol (
> -                      BlkIoHandle[Index],
> -                      &gEfiBlockIoProtocolGuid,
> -                      (VOID **) &BlkIo
> -                      );
> -
> -      if (EFI_ERROR (Status)) {
> -        continue;
> -      }
> -
> -      //
> -      // Issue a dummy read to trigger reinstall of BlockIo protocol for 
> removable media
> -      //
> -      if (BlkIo->Media->RemovableMedia) {
> -        Buffer = AllocateZeroPool (BlkIo->Media->BlockSize);
> -        if (NULL == Buffer) {
> -          FreePool (BlkIoHandle);
> -          return EFI_OUT_OF_RESOURCES;
> -        }
> -
> -        BlkIo->ReadBlocks (
> -                BlkIo,
> -                BlkIo->Media->MediaId,
> -                0,
> -                BlkIo->Media->BlockSize,
> -                Buffer
> -                );
> -        FreePool (Buffer);
> -      }
> -    }
> -    FreePool (BlkIoHandle);
> +  while(MatchString != NULL){
> +    LastMatch   = MatchString + 1;
> +    MatchString = StrStr(LastMatch,L"\\");
>    }
>  
> -  //
> -  // Locate Handles that support Simple File System protocol
> -  //
> -  Status = gBS->LocateHandleBuffer (
> -                  ByProtocol,
> -                  &gEfiSimpleFileSystemProtocolGuid,
> -                  NULL,
> -                  &NoSimpleFsHandles,
> -                  &SimpleFsHandle
> -                  );
> -  if (!EFI_ERROR (Status)) {
> -    //
> -    // Find all the instances of the File System prototocol
> -    //
> -    for (Index = 0; Index < NoSimpleFsHandles; Index++) {
> -      Status = gBS->HandleProtocol (
> -                      SimpleFsHandle[Index],
> -                      &gEfiBlockIoProtocolGuid,
> -                      (VOID **) &BlkIo
> -                      );
> -      if (EFI_ERROR (Status)) {
> -        //
> -        // If no block IO exists assume it's NOT a removable media
> -        //
> -        RemovableMedia = FALSE;
> -      } else {
> -        //
> -        // If block IO exists check to see if it's remobable media
> -        //
> -        RemovableMedia = BlkIo->Media->RemovableMedia;
> -      }
> -
> -      //
> -      // Allocate pool for this instance.
> -      //
> -      MenuEntry = CreateMenuEntry ();
> -      if (NULL == MenuEntry) {
> -        FreePool (SimpleFsHandle);
> -        return EFI_OUT_OF_RESOURCES;
> -      }
> -
> -      FileContext = (SECUREBOOT_FILE_CONTEXT *) MenuEntry->FileContext;
> -
> -      FileContext->Handle     = SimpleFsHandle[Index];
> -      MenuEntry->OptionNumber = Index;
> -      FileContext->FHandle    = OpenRoot (FileContext->Handle);
> -      if (FileContext->FHandle == NULL) {
> -        DestroyMenuEntry (MenuEntry);
> -        continue;
> -      }
> -
> -      MenuEntry->HelpString = DevicePathToStr (DevicePathFromHandle 
> (FileContext->Handle));
> -      FileContext->Info = FileSystemVolumeLabelInfo (FileContext->FHandle);
> -      FileContext->FileName = StrDuplicate (L"\\");
> -      FileContext->DevicePath = FileDevicePath (
> -                                  FileContext->Handle,
> -                                  FileContext->FileName
> -                                  );
> -      FileContext->IsDir            = TRUE;
> -      FileContext->IsRoot           = TRUE;
> -      FileContext->IsRemovableMedia = RemovableMedia;
> -      FileContext->IsLoadFile       = FALSE;
> -
> -      //
> -      // Get current file system's Volume Label
> -      //
> -      if (FileContext->Info == NULL) {
> -        VolumeLabel = L"NO FILE SYSTEM INFO";
> -      } else {
> -        if (FileContext->Info->VolumeLabel == NULL) {
> -          VolumeLabel = L"NULL VOLUME LABEL";
> -        } else {
> -          VolumeLabel = FileContext->Info->VolumeLabel;
> -          if (*VolumeLabel == 0x0000) {
> -            VolumeLabel = L"NO VOLUME LABEL";
> -          }
> -        }
> -      }
> -
> -      TempStr                   = MenuEntry->HelpString;
> -      MenuEntry->DisplayString  = AllocateZeroPool (MAX_CHAR);
> -      ASSERT (MenuEntry->DisplayString != NULL);
> -      UnicodeSPrint (
> -        MenuEntry->DisplayString,
> -        MAX_CHAR,
> -        L"%s, [%s]",
> -        VolumeLabel,
> -        TempStr
> -        );
> -      OptionNumber++;
> -      InsertTailList (&FsOptionMenu.Head, &MenuEntry->Link);
> -    }
> -  }
> +  Length = StrLen(LastMatch);
> +  FileName = AllocateCopyPool ((Length + 1) * sizeof(CHAR16), LastMatch);
> +  *(FileName + Length) = 0;
>  
> -  if (NoSimpleFsHandles != 0) {
> -    FreePool (SimpleFsHandle);
> -  }
> +  FreePool(String);
>  
> -  //
> -  // Remember how many file system options are here
> -  //
> -  FsOptionMenu.MenuNumber = OptionNumber;
> -  return EFI_SUCCESS;
> +  return FileName;
>  }
>  
>  
>  /**
> -  Find files under the current directory. All files and sub-directories
> -  in current directory will be stored in DirectoryMenu for future use.
> +  Update  the form base on the selected file.
>  
> -  @param[in] MenuEntry     The Menu Entry.
> +  @param FilePath   Point to the file path.
> +  @param FormId     The form need to display.
>  
> -  @retval EFI_SUCCESS      Get files from current dir successfully.
> -  @return Other            Can't get files from current dir.
> +  @retval TRUE   Exit caller function.
> +  @retval FALSE  Not exit caller function.
>  
>  **/
> -EFI_STATUS
> -FindFiles (
> -  IN SECUREBOOT_MENU_ENTRY              *MenuEntry
> +BOOLEAN
> +UpdatePage(
> +  IN  EFI_DEVICE_PATH_PROTOCOL  *FilePath,
> +  IN  EFI_FORM_ID               FormId
>    )
>  {
> -  EFI_FILE_HANDLE           NewDir;
> -  EFI_FILE_HANDLE           Dir;
> -  EFI_FILE_INFO             *DirInfo;
> -  UINTN                     BufferSize;
> -  UINTN                     DirBufferSize;
> -  SECUREBOOT_MENU_ENTRY     *NewMenuEntry;
> -  SECUREBOOT_FILE_CONTEXT   *FileContext;
> -  SECUREBOOT_FILE_CONTEXT   *NewFileContext;
> -  UINTN                     Pass;
> -  EFI_STATUS                Status;
> -  UINTN                     OptionNumber;
> -
> -  FileContext   = (SECUREBOOT_FILE_CONTEXT *) MenuEntry->FileContext;
> -  Dir           = FileContext->FHandle;
> -  OptionNumber  = 0;
> -  //
> -  // Open current directory to get files from it
> -  //
> -  Status = Dir->Open (
> -                  Dir,
> -                  &NewDir,
> -                  FileContext->FileName,
> -                  EFI_FILE_READ_ONLY,
> -                  0
> -                  );
> -  if (!FileContext->IsRoot) {
> -    Dir->Close (Dir);
> -  }
> -
> -  if (EFI_ERROR (Status)) {
> -    return Status;
> -  }
> +  CHAR16                *FileName;
> +  EFI_STRING_ID         StringToken;
>  
> -  DirInfo = FileInfo (NewDir);
> -  if (DirInfo == NULL) {
> -    return EFI_NOT_FOUND;
> -  }
> -
> -  if ((DirInfo->Attribute & EFI_FILE_DIRECTORY) == 0) {
> -    return EFI_INVALID_PARAMETER;
> +  if (FilePath != NULL){
> +    FileName = ExtractFileNameFromDevicePath(FilePath);
> +    StringToken = HiiSetString (gSecureBootPrivateData->HiiHandle, 0, 
> FileName, NULL);
> +  } else {
> +    FileName = HiiGetString (gSecureBootPrivateData->HiiHandle, STRING_TOKEN 
> (STR_NULL), NULL);
> +    ASSERT (FileName != NULL);
> +    StringToken =  HiiSetString (gSecureBootPrivateData->HiiHandle, 0, 
> FileName, NULL);
>    }
>  
> -  FileContext->DevicePath = FileDevicePath (
> -                              FileContext->Handle,
> -                              FileContext->FileName
> -                              );
> -
> -  DirBufferSize = sizeof (EFI_FILE_INFO) + 1024;
> -  DirInfo       = AllocateZeroPool (DirBufferSize);
> -  if (DirInfo == NULL) {
> -    return EFI_OUT_OF_RESOURCES;
> -  }
> +  gSecureBootPrivateData->FileContext->FileName = FileName;
>  
> +  OpenFileByDevicePath(
> +    &FilePath,
> +    &gSecureBootPrivateData->FileContext->FHandle,
> +    EFI_FILE_MODE_READ,
> +    0
> +    );
>    //
> -  // Get all files in current directory
> -  // Pass 1 to get Directories
> -  // Pass 2 to get files that are EFI images
> +  // Create Subtitle op-code for the display string of the option.
>    //
> -  for (Pass = 1; Pass <= 2; Pass++) {
> -    NewDir->SetPosition (NewDir, 0);
> -    for (;;) {
> -      BufferSize  = DirBufferSize;
> -      Status      = NewDir->Read (NewDir, &BufferSize, DirInfo);
> -      if (EFI_ERROR (Status) || BufferSize == 0) {
> -        break;
> -      }
> -
> -      if (((DirInfo->Attribute & EFI_FILE_DIRECTORY) != 0 && Pass == 2) ||
> -          ((DirInfo->Attribute & EFI_FILE_DIRECTORY) == 0 && Pass == 1)
> -          ) {
> -        //
> -        // Pass 1 is for Directories
> -        // Pass 2 is for file names
> -        //
> -        continue;
> -      }
> -
> -      NewMenuEntry = CreateMenuEntry ();
> -      if (NULL == NewMenuEntry) {
> -        return EFI_OUT_OF_RESOURCES;
> -      }
> -
> -      NewFileContext          = (SECUREBOOT_FILE_CONTEXT *) 
> NewMenuEntry->FileContext;
> -      NewFileContext->Handle  = FileContext->Handle;
> -      NewFileContext->FileName = AppendFileName (
> -                                  FileContext->FileName,
> -                                  DirInfo->FileName
> -                                  );
> -      NewFileContext->FHandle = NewDir;
> -      NewFileContext->DevicePath = FileDevicePath (
> -                                    NewFileContext->Handle,
> -                                    NewFileContext->FileName
> -                                    );
> -      NewMenuEntry->HelpString = NULL;
> -
> -      NewFileContext->IsDir = (BOOLEAN) ((DirInfo->Attribute & 
> EFI_FILE_DIRECTORY) == EFI_FILE_DIRECTORY);
> -      if (NewFileContext->IsDir) {
> -        BufferSize = StrLen (DirInfo->FileName) * 2 + 6;
> -        NewMenuEntry->DisplayString = AllocateZeroPool (BufferSize);
> -
> -        UnicodeSPrint (
> -          NewMenuEntry->DisplayString,
> -          BufferSize,
> -          L"<%s>",
> -          DirInfo->FileName
> -          );
> -
> -      } else {
> -        NewMenuEntry->DisplayString = StrDuplicate (DirInfo->FileName);
> -      }
> -
> -      NewFileContext->IsRoot            = FALSE;
> -      NewFileContext->IsLoadFile        = FALSE;
> -      NewFileContext->IsRemovableMedia  = FALSE;
> -
> -      NewMenuEntry->OptionNumber        = OptionNumber;
> -      OptionNumber++;
> -      InsertTailList (&DirectoryMenu.Head, &NewMenuEntry->Link);
> -    }
> -  }
> +  RefreshUpdateData ();
> +  mStartLabel->Number = FormId;
>  
> -  DirectoryMenu.MenuNumber = OptionNumber;
> -  FreePool (DirInfo);
> -  return EFI_SUCCESS;
> +  HiiCreateSubTitleOpCode (
> +    mStartOpCodeHandle,
> +    StringToken,
> +    0,
> +    0,
> +    0
> +   );
> +
> +  HiiUpdateForm (
> +    gSecureBootPrivateData->HiiHandle,
> +    &gSecureBootConfigFormSetGuid,
> +    FormId,
> +    mStartOpCodeHandle, // Label FormId
> +    mEndOpCodeHandle    // LABEL_END
> +    );
> +
> +  return TRUE;
>  }
>  
>  /**
> -  Refresh the global UpdateData structure.
> +  Update the PK form base on the input file path info.
>  
> +  @param FilePath    Point to the file path.
> +
> +  @retval TRUE   Exit caller function.
> +  @retval FALSE  Not exit caller function.
>  **/
> -VOID
> -RefreshUpdateData (
> -  VOID
> +BOOLEAN
> +UpdatePKFromFile (
> +  IN EFI_DEVICE_PATH_PROTOCOL    *FilePath
>    )
>  {
> -  //
> -  // Free current updated date
> -  //
> -  if (mStartOpCodeHandle != NULL) {
> -    HiiFreeOpCodeHandle (mStartOpCodeHandle);
> -  }
> -
> -  //
> -  // Create new OpCode Handle
> -  //
> -  mStartOpCodeHandle = HiiAllocateOpCodeHandle ();
> +  return UpdatePage(FilePath, FORMID_ENROLL_PK_FORM);
>  
> -  //
> -  // Create Hii Extend Label OpCode as the start opcode
> -  //
> -  mStartLabel = (EFI_IFR_GUID_LABEL *) HiiCreateGuidOpCode (
> -                                         mStartOpCodeHandle,
> -                                         &gEfiIfrTianoGuid,
> -                                         NULL,
> -                                         sizeof (EFI_IFR_GUID_LABEL)
> -                                         );
> -  mStartLabel->ExtendOpCode = EFI_IFR_EXTEND_OP_LABEL;
>  }
>  
>  /**
> -  Update the File Explore page.
> +  Update the KEK form base on the input file path info.
>  
> -  @param[in] HiiHandle          Hii Handle of the package to be updated.
> -  @param[in] MenuOption         The Menu whose string tokens need to be 
> updated.
> -  @param[in] FeCurrentState     Current file explorer state.
> +  @param FilePath    Point to the file path.
>  
> +  @retval TRUE   Exit caller function.
> +  @retval FALSE  Not exit caller function.
>  **/
> -VOID
> -UpdateFileExplorePage (
> -  IN EFI_HII_HANDLE               HiiHandle,
> -  IN SECUREBOOT_MENU_OPTION       *MenuOption,
> -  IN FILE_EXPLORER_STATE          FeCurrentState
> +BOOLEAN
> +UpdateKEKFromFile (
> +  IN EFI_DEVICE_PATH_PROTOCOL    *FilePath
>    )
>  {
> -  UINTN                   Index;
> -  SECUREBOOT_MENU_ENTRY   *NewMenuEntry;
> -  SECUREBOOT_FILE_CONTEXT *NewFileContext;
> -  EFI_FORM_ID             FormId;
> -  EFI_FORM_ID             FileFormId;
> -
> -  if (FeCurrentState == FileExplorerStateEnrollPkFile) {
> -    FormId     = SECUREBOOT_ADD_PK_FILE_FORM_ID;
> -    FileFormId = FORM_FILE_EXPLORER_ID_PK;
> -  } else if (FeCurrentState == FileExplorerStateEnrollKekFile) {
> -    FormId     = FORMID_ENROLL_KEK_FORM;
> -    FileFormId = FORM_FILE_EXPLORER_ID_KEK;
> -  } else if (FeCurrentState == FileExplorerStateEnrollSignatureFileToDb) {
> -    FormId     = SECUREBOOT_ENROLL_SIGNATURE_TO_DB;
> -    FileFormId = FORM_FILE_EXPLORER_ID_DB;
> -  } else if (FeCurrentState == FileExplorerStateEnrollSignatureFileToDbx) {
> -    FormId     = SECUREBOOT_ENROLL_SIGNATURE_TO_DBX;
> -    FileFormId = FORM_FILE_EXPLORER_ID_DBX;
> -  } else if (FeCurrentState == FileExplorerStateEnrollSignatureFileToDbt) {
> -    FormId     = SECUREBOOT_ENROLL_SIGNATURE_TO_DBT;
> -    FileFormId = FORM_FILE_EXPLORER_ID_DBT;
> -  } else {
> -    return;
> -  }
> -
> -  NewMenuEntry    = NULL;
> -  NewFileContext  = NULL;
> -
> -  RefreshUpdateData ();
> -  mStartLabel->Number = FORM_FILE_EXPLORER_ID;
> -
> -  for (Index = 0; Index < MenuOption->MenuNumber; Index++) {
> -    NewMenuEntry    = GetMenuEntry (MenuOption, Index);
> -    NewFileContext  = (SECUREBOOT_FILE_CONTEXT *) NewMenuEntry->FileContext;
> -
> -    if (NewFileContext->IsDir) {
> -      //
> -      // Create Text opcode for directory.
> -      //
> -      HiiCreateActionOpCode (
> -        mStartOpCodeHandle,
> -        (UINT16) (FILE_OPTION_OFFSET + Index),
> -        NewMenuEntry->DisplayStringToken,
> -        STRING_TOKEN (STR_NULL),
> -        EFI_IFR_FLAG_CALLBACK,
> -        0
> -        );
> -    } else {
> -
> -      //
> -      // Create Goto opcode for file.
> -      //
> -      HiiCreateGotoOpCode (
> -        mStartOpCodeHandle,
> -        FormId,
> -        NewMenuEntry->DisplayStringToken,
> -        STRING_TOKEN (STR_NULL),
> -        EFI_IFR_FLAG_CALLBACK,
> -        (UINT16) (FILE_OPTION_GOTO_OFFSET + Index)
> -        );
> -    }
> -  }
> -
> -  HiiUpdateForm (
> -    HiiHandle,
> -    &gSecureBootConfigFormSetGuid,
> -    FileFormId,
> -    mStartOpCodeHandle, // Label FORM_FILE_EXPLORER_ID
> -    mEndOpCodeHandle    // LABEL_END
> -    );
> +  return UpdatePage(FilePath, FORMID_ENROLL_KEK_FORM);
>  }
>  
>  /**
> -  Update the file explorer page with the refreshed file system.
> -
> -  @param[in] PrivateData     Module private data.
> -  @param[in] KeyValue        Key value to identify the type of data to 
> expect.
> +  Update the DB form base on the input file path info.
>  
> -  @retval  TRUE           Inform the caller to create a callback packet to 
> exit file explorer.
> -  @retval  FALSE          Indicate that there is no need to exit file 
> explorer.
> +  @param FilePath    Point to the file path.
>  
> +  @retval TRUE   Exit caller function.
> +  @retval FALSE  Not exit caller function.
>  **/
>  BOOLEAN
> -UpdateFileExplorer (
> -  IN SECUREBOOT_CONFIG_PRIVATE_DATA   *PrivateData,
> -  IN UINT16                           KeyValue
> +UpdateDBFromFile (
> +  IN EFI_DEVICE_PATH_PROTOCOL    *FilePath
>    )
>  {
> -  UINT16                              FileOptionMask;
> -  SECUREBOOT_MENU_ENTRY               *NewMenuEntry;
> -  SECUREBOOT_FILE_CONTEXT             *NewFileContext;
> -  EFI_FORM_ID                         FormId;
> -  BOOLEAN                             ExitFileExplorer;
> -  EFI_STATUS                          Status;
> -  EFI_DEVICE_PATH_PROTOCOL            *TmpDevicePath;
> -
> -  NewMenuEntry      = NULL;
> -  NewFileContext    = NULL;
> -  ExitFileExplorer  = FALSE;
> -  FileOptionMask    = (UINT16) (FILE_OPTION_MASK & KeyValue);
> -
> -  if (PrivateData->FeDisplayContext == FileExplorerDisplayUnknown) {
> -    //
> -    // First in, display file system.
> -    //
> -    FreeMenu (&FsOptionMenu);
> -    FindFileSystem ();
> -
> -    CreateMenuStringToken (PrivateData->HiiHandle, &FsOptionMenu);
> -    UpdateFileExplorePage (PrivateData->HiiHandle, &FsOptionMenu, 
> PrivateData->FeCurrentState);
> +  return UpdatePage(FilePath, SECUREBOOT_ENROLL_SIGNATURE_TO_DB);
> +}
>  
> -    PrivateData->FeDisplayContext = FileExplorerDisplayFileSystem;
> -  } else {
> -    if (PrivateData->FeDisplayContext == FileExplorerDisplayFileSystem) {
> -      NewMenuEntry = GetMenuEntry (&FsOptionMenu, FileOptionMask);
> -    } else if (PrivateData->FeDisplayContext == 
> FileExplorerDisplayDirectory) {
> -      NewMenuEntry = GetMenuEntry (&DirectoryMenu, FileOptionMask);
> -    }
> +/**
> +  Update the DBX form base on the input file path info.
>  
> -    NewFileContext = (SECUREBOOT_FILE_CONTEXT *) NewMenuEntry->FileContext;
> -
> -    if (NewFileContext->IsDir ) {
> -      PrivateData->FeDisplayContext = FileExplorerDisplayDirectory;
> -
> -      RemoveEntryList (&NewMenuEntry->Link);
> -      FreeMenu (&DirectoryMenu);
> -      Status = FindFiles (NewMenuEntry);
> -       if (EFI_ERROR (Status)) {
> -         ExitFileExplorer = TRUE;
> -         goto OnExit;
> -       }
> -      CreateMenuStringToken (PrivateData->HiiHandle, &DirectoryMenu);
> -      DestroyMenuEntry (NewMenuEntry);
> -
> -      UpdateFileExplorePage (PrivateData->HiiHandle, &DirectoryMenu, 
> PrivateData->FeCurrentState);
> -
> -    } else {
> -      if (PrivateData->FeCurrentState == FileExplorerStateEnrollPkFile) {
> -        FormId = SECUREBOOT_ADD_PK_FILE_FORM_ID;
> -      } else if (PrivateData->FeCurrentState == 
> FileExplorerStateEnrollKekFile) {
> -        FormId = FORMID_ENROLL_KEK_FORM;
> -      } else if (PrivateData->FeCurrentState == 
> FileExplorerStateEnrollSignatureFileToDb) {
> -        FormId = SECUREBOOT_ENROLL_SIGNATURE_TO_DB;
> -      } else if (PrivateData->FeCurrentState == 
> FileExplorerStateEnrollSignatureFileToDbx) {
> -        FormId = SECUREBOOT_ENROLL_SIGNATURE_TO_DBX;
> -      } else if (PrivateData->FeCurrentState == 
> FileExplorerStateEnrollSignatureFileToDbt) {
> -        FormId = SECUREBOOT_ENROLL_SIGNATURE_TO_DBT;
> -      } else {
> -        return FALSE;
> -      }
> -
> -      PrivateData->MenuEntry = NewMenuEntry;
> -      PrivateData->FileContext->FileName = NewFileContext->FileName;
> -
> -      TmpDevicePath = NewFileContext->DevicePath;
> -      OpenFileByDevicePath (
> -        &TmpDevicePath,
> -        &PrivateData->FileContext->FHandle,
> -        EFI_FILE_MODE_READ,
> -        0
> -        );
> -
> -      //
> -      // Create Subtitle op-code for the display string of the option.
> -      //
> -      RefreshUpdateData ();
> -      mStartLabel->Number = FormId;
> -
> -      HiiCreateSubTitleOpCode (
> -        mStartOpCodeHandle,
> -        NewMenuEntry->DisplayStringToken,
> -        0,
> -        0,
> -        0
> -        );
> -
> -      HiiUpdateForm (
> -        PrivateData->HiiHandle,
> -        &gSecureBootConfigFormSetGuid,
> -        FormId,
> -        mStartOpCodeHandle, // Label FormId
> -        mEndOpCodeHandle    // LABEL_END
> -        );
> -    }
> -  }
> +  @param FilePath    Point to the file path.
>  
> -OnExit:
> -  return ExitFileExplorer;
> +  @retval TRUE   Exit caller function.
> +  @retval FALSE  Not exit caller function.
> +**/
> +BOOLEAN
> +UpdateDBXFromFile (
> +  IN EFI_DEVICE_PATH_PROTOCOL    *FilePath
> +  )
> +{
> +  return UpdatePage(FilePath, SECUREBOOT_ENROLL_SIGNATURE_TO_DBX);
>  }
>  
>  /**
> -  Clean up the dynamic opcode at label and form specified by both LabelId.
> +  Update the DBT form base on the input file path info.
>  
> -  @param[in] LabelId         It is both the Form ID and Label ID for opcode 
> deletion.
> -  @param[in] PrivateData     Module private data.
> +  @param FilePath    Point to the file path.
>  
> +  @retval TRUE   Exit caller function.
> +  @retval FALSE  Not exit caller function.
>  **/
> -VOID
> -CleanUpPage (
> -  IN UINT16                           LabelId,
> -  IN SECUREBOOT_CONFIG_PRIVATE_DATA   *PrivateData
> +BOOLEAN
> +UpdateDBTFromFile (
> +  IN EFI_DEVICE_PATH_PROTOCOL    *FilePath
>    )
>  {
> -  RefreshUpdateData ();
> -
> -  //
> -  // Remove all op-codes from dynamic page
> -  //
> -  mStartLabel->Number = LabelId;
> -  HiiUpdateForm (
> -    PrivateData->HiiHandle,
> -    &gSecureBootConfigFormSetGuid,
> -    LabelId,
> -    mStartOpCodeHandle, // Label LabelId
> -    mEndOpCodeHandle    // LABEL_END
> -    );
> +  return UpdatePage(FilePath, SECUREBOOT_ENROLL_SIGNATURE_TO_DBT);
>  }
> +
> diff --git 
> a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.c
>  
> b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.c
> index e2340e6..bbd2f33 100644
> --- 
> a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.c
> +++ 
> b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.c
> @@ -95,10 +95,12 @@ CHAR16* mDerEncodedSuffix[] = {
>    L".crt",
>    NULL
>  };
>  CHAR16* mSupportX509Suffix = L"*.cer/der/crt";
>  
> +SECUREBOOT_CONFIG_PRIVATE_DATA  *gSecureBootPrivateData = NULL;
> +
>  /**
>    This code checks if the FileSuffix is one of the possible DER-encoded 
> certificate suffix.
>  
>    @param[in] FileSuffix            The suffix of the input certificate file
>  
> @@ -655,11 +657,15 @@ EnrollRsa2048ToKek (
>  
>  ON_EXIT:
>  
>    CloseFile (Private->FileContext->FHandle);
>    Private->FileContext->FHandle = NULL;
> -  Private->FileContext->FileName = NULL;
> +
> +  if (Private->FileContext->FileName != NULL){
> +    FreePool(Private->FileContext->FileName);
> +    Private->FileContext->FileName = NULL;
> +  }
>  
>    if (Private->SignatureGUID != NULL) {
>      FreePool (Private->SignatureGUID);
>      Private->SignatureGUID = NULL;
>    }
> @@ -777,11 +783,15 @@ EnrollX509ToKek (
>    }
>  
>  ON_EXIT:
>  
>    CloseFile (Private->FileContext->FHandle);
> -  Private->FileContext->FileName = NULL;
> +  if (Private->FileContext->FileName != NULL){
> +    FreePool(Private->FileContext->FileName);
> +    Private->FileContext->FileName = NULL;
> +  }
> +
>    Private->FileContext->FHandle = NULL;
>  
>    if (Private->SignatureGUID != NULL) {
>      FreePool (Private->SignatureGUID);
>      Private->SignatureGUID = NULL;
> @@ -947,11 +957,15 @@ EnrollX509toSigDB (
>    }
>  
>  ON_EXIT:
>  
>    CloseFile (Private->FileContext->FHandle);
> -  Private->FileContext->FileName = NULL;
> +  if (Private->FileContext->FileName != NULL){
> +    FreePool(Private->FileContext->FileName);
> +    Private->FileContext->FileName = NULL;
> +  }
> +
>    Private->FileContext->FHandle = NULL;
>  
>    if (Private->SignatureGUID != NULL) {
>      FreePool (Private->SignatureGUID);
>      Private->SignatureGUID = NULL;
> @@ -1507,11 +1521,15 @@ EnrollX509HashtoSigDB (
>      goto ON_EXIT;
>    }
>  
>  ON_EXIT:
>    CloseFile (Private->FileContext->FHandle);
> -  Private->FileContext->FileName = NULL;
> +  if (Private->FileContext->FileName != NULL){
> +    FreePool(Private->FileContext->FileName);
> +    Private->FileContext->FileName = NULL;
> +  }
> +
>    Private->FileContext->FHandle = NULL;
>  
>    if (Private->SignatureGUID != NULL) {
>      FreePool (Private->SignatureGUID);
>      Private->SignatureGUID = NULL;
> @@ -2155,11 +2173,15 @@ EnrollImageSignatureToSigDB (
>  
>  ON_EXIT:
>  
>    CloseFile (Private->FileContext->FHandle);
>    Private->FileContext->FHandle = NULL;
> -  Private->FileContext->FileName = NULL;
> +
> +  if (Private->FileContext->FileName != NULL){
> +    FreePool(Private->FileContext->FileName);
> +    Private->FileContext->FileName = NULL;
> +  }
>  
>    if (Private->SignatureGUID != NULL) {
>      FreePool (Private->SignatureGUID);
>      Private->SignatureGUID = NULL;
>    }
> @@ -3432,20 +3454,24 @@ SecureBootCallback (
>    UINT16                          LabelId;
>    UINT8                           *SecureBootEnable;
>    UINT8                           *SecureBootMode;
>    CHAR16                          PromptString[100];
>    UINT8                           CurSecureBootMode;
> +  EFI_DEVICE_PATH_PROTOCOL        *File;
>  
>    Status           = EFI_SUCCESS;
>    SecureBootEnable = NULL;
>    SecureBootMode   = NULL;
> +  File             = NULL;
>  
>    if ((This == NULL) || (Value == NULL) || (ActionRequest == NULL)) {
>      return EFI_INVALID_PARAMETER;
>    }
>    Private = SECUREBOOT_CONFIG_PRIVATE_FROM_THIS (This);
>  
> +  gSecureBootPrivateData = Private;
> +
>    //
>    // Retrieve uncommitted data from Browser
>    //
>    BufferSize = sizeof (SECUREBOOT_CONFIGURATION);
>    IfrNvData = AllocateZeroPool (BufferSize);
> @@ -3459,10 +3485,11 @@ SecureBootCallback (
>      if (QuestionId == KEY_SECURE_BOOT_MODE) {
>        //
>        // Update secure boot strings when opening this form
>        //
>        Status = UpdateSecureBootString(Private);
> +      SecureBootExtractConfigFromVariable (IfrNvData);
>        mIsEnterSecureBootForm = TRUE;
>      } else if (QuestionId == KEY_TRANS_SECURE_BOOT_MODE){
>        //
>        // Secure Boot Policy variable changes after transition. Re-sync 
> CurSecureBootMode
>        //
> @@ -3521,15 +3548,10 @@ SecureBootCallback (
>              );
>          }
>        }
>        break;
>  
> -    case KEY_SECURE_BOOT_OPTION:
> -      FreeMenu (&DirectoryMenu);
> -      FreeMenu (&FsOptionMenu);
> -      break;
> -
>      case KEY_SECURE_BOOT_KEK_OPTION:
>      case KEY_SECURE_BOOT_DB_OPTION:
>      case KEY_SECURE_BOOT_DBX_OPTION:
>      case KEY_SECURE_BOOT_DBT_OPTION:
>        //
> @@ -3556,32 +3578,36 @@ SecureBootCallback (
>        //
>        // Refresh selected file.
>        //
>        CleanUpPage (LabelId, Private);
>        break;
> +    case KEY_SECURE_BOOT_PK_OPTION:
> +      LabelId = FORMID_ENROLL_PK_FORM;
> +      //
> +      // Refresh selected file.
> +      //
> +      CleanUpPage (LabelId, Private);
> +      break;
> +
> +    case FORMID_ENROLL_PK_FORM:
> +      ChooseFile( NULL, NULL, (CHOOSE_HANDLER) UpdatePKFromFile, &File);
> +      break;
>  
> -    case SECUREBOOT_ADD_PK_FILE_FORM_ID:
>      case FORMID_ENROLL_KEK_FORM:
> +      ChooseFile( NULL, NULL, (CHOOSE_HANDLER) UpdateKEKFromFile, &File);
> +      break;
> +
>      case SECUREBOOT_ENROLL_SIGNATURE_TO_DB:
> +      ChooseFile( NULL, NULL, (CHOOSE_HANDLER) UpdateDBFromFile, &File);
> +      break;
> +
>      case SECUREBOOT_ENROLL_SIGNATURE_TO_DBX:
> -    case SECUREBOOT_ENROLL_SIGNATURE_TO_DBT:
> -      if (QuestionId == SECUREBOOT_ADD_PK_FILE_FORM_ID) {
> -        Private->FeCurrentState = FileExplorerStateEnrollPkFile;
> -      } else if (QuestionId == FORMID_ENROLL_KEK_FORM) {
> -        Private->FeCurrentState = FileExplorerStateEnrollKekFile;
> -      } else if (QuestionId == SECUREBOOT_ENROLL_SIGNATURE_TO_DB) {
> -        Private->FeCurrentState = FileExplorerStateEnrollSignatureFileToDb;
> -      } else if (QuestionId == SECUREBOOT_ENROLL_SIGNATURE_TO_DBX) {
> -        Private->FeCurrentState = FileExplorerStateEnrollSignatureFileToDbx;
> -        IfrNvData->CertificateFormat = HASHALG_SHA256;
> -      } else {
> -        Private->FeCurrentState = FileExplorerStateEnrollSignatureFileToDbt;
> -      }
> +      ChooseFile( NULL, NULL, (CHOOSE_HANDLER) UpdateDBXFromFile, &File);
> +      break;
>  
> -      Private->FeDisplayContext = FileExplorerDisplayUnknown;
> -      CleanUpPage (FORM_FILE_EXPLORER_ID, Private);
> -      UpdateFileExplorer (Private, 0);
> +    case SECUREBOOT_ENROLL_SIGNATURE_TO_DBT:
> +      ChooseFile( NULL, NULL, (CHOOSE_HANDLER) UpdateDBTFromFile, &File);
>        break;
>  
>      case KEY_SECURE_BOOT_DELETE_PK:
>        if (Value->u8) {
>          CreatePopUp (
> @@ -3720,10 +3746,28 @@ SecureBootCallback (
>            L"Only supports DER-encoded X509 certificate.",
>            NULL
>            );
>        }
>        break;
> +    case KEY_VALUE_SAVE_AND_EXIT_PK:
> +      Status = EnrollPlatformKey (Private);
> +      if (EFI_ERROR (Status)) {
> +        UnicodeSPrint (
> +          PromptString,
> +          sizeof (PromptString),
> +          L"Only DER encoded certificate file (%s) is supported.",
> +          mSupportX509Suffix
> +          );
> +        CreatePopUp (
> +          EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE,
> +          &Key,
> +          L"ERROR: Unsupported file type!",
> +          PromptString,
> +          NULL
> +          );
> +      }
> +      break;
>      case KEY_TRANS_SECURE_BOOT_MODE:
>        //
>        // Pop up to alert user want to change secure boot mode 
>        //
>        if ((IfrNvData->CurSecureBootMode == SECURE_BOOT_MODE_USER_MODE && 
> @@ -3772,13 +3816,11 @@ SecureBootCallback (
>          mIsSecureBootModeChanged = TRUE;
>        }
>        break;
>  
>      default:
> -      if (QuestionId >= FILE_OPTION_GOTO_OFFSET) {
> -        UpdateFileExplorer (Private, QuestionId);
> -      } else if ((QuestionId >= OPTION_DEL_KEK_QUESTION_ID) &&
> +      if ((QuestionId >= OPTION_DEL_KEK_QUESTION_ID) &&
>                   (QuestionId < (OPTION_DEL_KEK_QUESTION_ID + 
> OPTION_CONFIG_RANGE))) {
>          DeleteKeyExchangeKey (Private, QuestionId);
>        } else if ((QuestionId >= OPTION_DEL_DB_QUESTION_ID) &&
>                   (QuestionId < (OPTION_DEL_DB_QUESTION_ID + 
> OPTION_CONFIG_RANGE))) {
>          DeleteSignature (
> @@ -3812,55 +3854,36 @@ SecureBootCallback (
>            OPTION_DEL_DBT_QUESTION_ID,
>            QuestionId - OPTION_DEL_DBT_QUESTION_ID
>            );
>        }
>        break;
> -    }
> -  } else if (Action == EFI_BROWSER_ACTION_CHANGED) {
> -    switch (QuestionId) {
> -    case KEY_SECURE_BOOT_ENABLE:
> -      *ActionRequest = EFI_BROWSER_ACTION_REQUEST_FORM_APPLY;
> -      break;
> -    case KEY_VALUE_SAVE_AND_EXIT_PK:
> -      Status = EnrollPlatformKey (Private);
> -      if (EFI_ERROR (Status)) {
> -        UnicodeSPrint (
> -          PromptString,
> -          sizeof (PromptString),
> -          L"Only DER encoded certificate file (%s) is supported.",
> -          mSupportX509Suffix
> -          );
> -        CreatePopUp (
> -          EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE,
> -          &Key,
> -          L"ERROR: Unsupported file type!",
> -          PromptString,
> -          NULL
> -          );
> -      } else {
> -        *ActionRequest = EFI_BROWSER_ACTION_REQUEST_RESET;
> -      }
> -      break;
>  
>      case KEY_VALUE_NO_SAVE_AND_EXIT_PK:
>      case KEY_VALUE_NO_SAVE_AND_EXIT_KEK:
>      case KEY_VALUE_NO_SAVE_AND_EXIT_DB:
>      case KEY_VALUE_NO_SAVE_AND_EXIT_DBX:
>      case KEY_VALUE_NO_SAVE_AND_EXIT_DBT:
>        if (Private->FileContext->FHandle != NULL) {
>          CloseFile (Private->FileContext->FHandle);
>          Private->FileContext->FHandle = NULL;
> -        Private->FileContext->FileName = NULL;
> +        if (Private->FileContext->FileName!= NULL){
> +          FreePool(Private->FileContext->FileName);
> +          Private->FileContext->FileName = NULL;
> +        }
>        }
>  
>        if (Private->SignatureGUID != NULL) {
>          FreePool (Private->SignatureGUID);
>          Private->SignatureGUID = NULL;
>        }
> -      *ActionRequest = EFI_BROWSER_ACTION_REQUEST_EXIT;
>        break;
> -
> +    }
> +  } else if (Action == EFI_BROWSER_ACTION_CHANGED) {
> +    switch (QuestionId) {
> +    case KEY_SECURE_BOOT_ENABLE:
> +      *ActionRequest = EFI_BROWSER_ACTION_REQUEST_FORM_APPLY;
> +      break;
>      case KEY_SECURE_BOOT_MODE:
>        mIsEnterSecureBootForm = FALSE;
>        break;
>      case KEY_TRANS_SECURE_BOOT_MODE:
>        mIsSelectedSecureBootModeForm = FALSE;
> @@ -3896,15 +3919,10 @@ SecureBootCallback (
>          IfrNvData->HasPk    = TRUE;
>          *ActionRequest = EFI_BROWSER_ACTION_REQUEST_FORM_APPLY;
>        }
>        break;
>      default:
> -      if (QuestionId >= FILE_OPTION_OFFSET && QuestionId < 
> FILE_OPTION_GOTO_OFFSET) {
> -        if (UpdateFileExplorer (Private, QuestionId)) {
> -          *ActionRequest = EFI_BROWSER_ACTION_REQUEST_EXIT;
> -        }
> -      }
>        break;
>      }
>    } else if (Action == EFI_BROWSER_ACTION_DEFAULT_STANDARD) {
>      if (QuestionId == KEY_HIDE_SECURE_BOOT) {
>        GetVariable2 (EFI_SECURE_BOOT_ENABLE_NAME, 
> &gEfiSecureBootEnableDisableGuid, (VOID**)&SecureBootEnable, NULL);
> @@ -3937,10 +3955,15 @@ EXIT:
>      HiiSetBrowserData (&gSecureBootConfigFormSetGuid, 
> mSecureBootStorageName, BufferSize, (UINT8*) IfrNvData, NULL);
>    }
>  
>    FreePool (IfrNvData);
>  
> +  if (File != NULL){
> +    FreePool(File);
> +    File = NULL;
> +  }
> +
>    return EFI_SUCCESS;
>  }
>  
>  /**
>    This function publish the SecureBoot configuration Form.
> @@ -4001,23 +4024,16 @@ InstallSecureBootConfigForm (
>    }
>  
>    PrivateData->HiiHandle = HiiHandle;
>  
>    PrivateData->FileContext = AllocateZeroPool (sizeof 
> (SECUREBOOT_FILE_CONTEXT));
> -  PrivateData->MenuEntry   = AllocateZeroPool (sizeof 
> (SECUREBOOT_MENU_ENTRY));
>  
> -  if (PrivateData->FileContext == NULL || PrivateData->MenuEntry == NULL) {
> +  if (PrivateData->FileContext == NULL) {
>      UninstallSecureBootConfigForm (PrivateData);
>      return EFI_OUT_OF_RESOURCES;
>    }
>  
> -  PrivateData->FeCurrentState = FileExplorerStateInActive;
> -  PrivateData->FeDisplayContext = FileExplorerDisplayUnknown;
> -
> -  InitializeListHead (&FsOptionMenu.Head);
> -  InitializeListHead (&DirectoryMenu.Head);
> -
>    //
>    // Init OpCode Handle and Allocate space for creation of Buffer
>    //
>    mStartOpCodeHandle = HiiAllocateOpCodeHandle ();
>    if (mStartOpCodeHandle == NULL) {
> @@ -4093,23 +4109,16 @@ UninstallSecureBootConfigForm (
>  
>    if (PrivateData->SignatureGUID != NULL) {
>      FreePool (PrivateData->SignatureGUID);
>    }
>  
> -  if (PrivateData->MenuEntry != NULL) {
> -    FreePool (PrivateData->MenuEntry);
> -  }
> -
>    if (PrivateData->FileContext != NULL) {
>      FreePool (PrivateData->FileContext);
>    }
>  
>    FreePool (PrivateData);
>  
> -  FreeMenu (&DirectoryMenu);
> -  FreeMenu (&FsOptionMenu);
> -
>    if (mStartOpCodeHandle != NULL) {
>      HiiFreeOpCodeHandle (mStartOpCodeHandle);
>    }
>  
>    if (mEndOpCodeHandle != NULL) {
> diff --git 
> a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.h
>  
> b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.h
> index bcb1c12..a8dbd92 100644
> --- 
> a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.h
> +++ 
> b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.h
> @@ -1,10 +1,10 @@
>  /** @file
>    The header file of HII Config Access protocol implementation of SecureBoot
>    configuration module.
>  
> -Copyright (c) 2011 - 2014, Intel Corporation. All rights reserved.<BR>
> +Copyright (c) 2011 - 2016, Intel Corporation. All rights reserved.<BR>
>  This program and the accompanying materials
>  are licensed and made available under the terms and conditions of the BSD 
> License
>  which accompanies this distribution.  The full text of the license may be 
> found at
>  http://opensource.org/licenses/bsd-license.php
>  
> @@ -37,10 +37,12 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER 
> EXPRESS OR IMPLIED.
>  #include <Library/HiiLib.h>
>  #include <Library/DevicePathLib.h>
>  #include <Library/PrintLib.h>
>  #include <Library/PlatformSecureLib.h>
>  #include <Library/BaseCryptLib.h>
> +#include <Library/FileExplorerLib.h>
> +
>  #include <Guid/MdeModuleHii.h>
>  #include <Guid/AuthenticatedVariableFormat.h>
>  #include <Guid/FileSystemVolumeLabelInfo.h>
>  #include <Guid/ImageAuthentication.h>
>  #include <Guid/FileInfo.h>
> @@ -116,26 +118,10 @@ typedef struct {
>    UINT64                    Lun;
>    UINT16                    TargetPortalGroupTag;
>    CHAR16                    TargetName[1];
>  } ISCSI_DEVICE_PATH_WITH_NAME;
>  
> -typedef enum _FILE_EXPLORER_DISPLAY_CONTEXT {
> -  FileExplorerDisplayFileSystem,
> -  FileExplorerDisplayDirectory,
> -  FileExplorerDisplayUnknown
> -} FILE_EXPLORER_DISPLAY_CONTEXT;
> -
> -typedef enum _FILE_EXPLORER_STATE {
> -  FileExplorerStateInActive                      = 0,
> -  FileExplorerStateEnrollPkFile,
> -  FileExplorerStateEnrollKekFile,
> -  FileExplorerStateEnrollSignatureFileToDb,
> -  FileExplorerStateEnrollSignatureFileToDbx,
> -  FileExplorerStateEnrollSignatureFileToDbt,
> -  FileExplorerStateUnknown
> -} FILE_EXPLORER_STATE;
> -
>  typedef struct {
>    CHAR16  *Str;
>    UINTN   Len;
>    UINTN   Maxlen;
>  } POOL_PRINT;
> @@ -157,36 +143,13 @@ typedef struct {
>    UINTN             Signature;
>    LIST_ENTRY        Head;
>    UINTN             MenuNumber;
>  } SECUREBOOT_MENU_OPTION;
>  
> -extern  SECUREBOOT_MENU_OPTION     FsOptionMenu;
> -extern  SECUREBOOT_MENU_OPTION     DirectoryMenu;
> -
> -typedef struct {
> -  UINTN             Signature;
> -  LIST_ENTRY        Link;
> -  UINTN             OptionNumber;
> -  UINT16            *DisplayString;
> -  UINT16            *HelpString;
> -  EFI_STRING_ID     DisplayStringToken;
> -  EFI_STRING_ID     HelpStringToken;
> -  VOID              *FileContext;
> -} SECUREBOOT_MENU_ENTRY;
> -
>  typedef struct {
> -  EFI_HANDLE                        Handle;
> -  EFI_DEVICE_PATH_PROTOCOL          *DevicePath;
>    EFI_FILE_HANDLE                   FHandle;
>    UINT16                            *FileName;
> -  EFI_FILE_SYSTEM_VOLUME_LABEL      *Info;
> -
> -  BOOLEAN                           IsRoot;
> -  BOOLEAN                           IsDir;
> -  BOOLEAN                           IsRemovableMedia;
> -  BOOLEAN                           IsLoadFile;
> -  BOOLEAN                           IsBootLegacy;
>  } SECUREBOOT_FILE_CONTEXT;
>  
>  
>  //
>  // We define another format of 5th directory entry: security directory
> @@ -214,20 +177,17 @@ typedef struct {
>  
>    EFI_HII_CONFIG_ACCESS_PROTOCOL    ConfigAccess;
>    EFI_HII_HANDLE                    HiiHandle;
>    EFI_HANDLE                        DriverHandle;
>  
> -  FILE_EXPLORER_STATE               FeCurrentState;
> -  FILE_EXPLORER_DISPLAY_CONTEXT     FeDisplayContext;
> -
> -  SECUREBOOT_MENU_ENTRY             *MenuEntry;
>    SECUREBOOT_FILE_CONTEXT           *FileContext;
>  
>    EFI_GUID                          *SignatureGUID;
>  } SECUREBOOT_CONFIG_PRIVATE_DATA;
>  
>  extern SECUREBOOT_CONFIG_PRIVATE_DATA      
> mSecureBootConfigPrivateDateTemplate;
> +extern SECUREBOOT_CONFIG_PRIVATE_DATA      *gSecureBootPrivateData;
>  
>  #define SECUREBOOT_CONFIG_PRIVATE_DATA_SIGNATURE     SIGNATURE_32 ('S', 'E', 
> 'C', 'B')
>  #define SECUREBOOT_CONFIG_PRIVATE_FROM_THIS(a)  CR (a, 
> SECUREBOOT_CONFIG_PRIVATE_DATA, ConfigAccess, 
> SECUREBOOT_CONFIG_PRIVATE_DATA_SIGNATURE)
>  
>  //
> @@ -494,39 +454,10 @@ CleanUpPage (
>    IN SECUREBOOT_CONFIG_PRIVATE_DATA   *PrivateData
>    );
>  
>  
>  /**
> -  Update the file explorer page with the refreshed file system.
> -
> -  @param[in] PrivateData     Module private data.
> -  @param[in] KeyValue        Key value to identify the type of data to 
> expect.
> -
> -  @retval  TRUE           Inform the caller to create a callback packet to 
> exit file explorer.
> -  @retval  FALSE          Indicate that there is no need to exit file 
> explorer.
> -
> -**/
> -BOOLEAN
> -UpdateFileExplorer (
> -  IN SECUREBOOT_CONFIG_PRIVATE_DATA   *PrivateData,
> -  IN UINT16                           KeyValue
> -  );
> -
> -
> -/**
> -  Free resources allocated in Allocate Rountine.
> -
> -  @param[in, out]  MenuOption        Menu to be freed
> -
> -**/
> -VOID
> -FreeMenu (
> -  IN OUT SECUREBOOT_MENU_OPTION        *MenuOption
> -  );
> -
> -
> -/**
>    Read file content into BufferPtr, the size of the allocate buffer
>    is *FileSize plus AddtionAllocateSize.
>  
>    @param[in]       FileHandle            The file to be read.
>    @param[in, out]  BufferPtr             Pointers to the pointer of 
> allocated buffer.
> @@ -619,6 +550,71 @@ GuidToString (
>    IN  EFI_GUID  *Guid,
>    IN  CHAR16    *Buffer,
>    IN  UINTN     BufferSize
>    );
>  
> +/**
> +  Update the PK form base on the input file path info.
> +
> +  @param FilePath    Point to the file path.
> +
> +  @retval TRUE   Exit caller function.
> +  @retval FALSE  Not exit caller function.
> +**/
> +BOOLEAN
> +UpdatePKFromFile (
> +  IN EFI_DEVICE_PATH_PROTOCOL    *FilePath
> +  );
> +
> +/**
> +  Update the KEK form base on the input file path info.
> +
> +  @param FilePath    Point to the file path.
> +
> +  @retval TRUE   Exit caller function.
> +  @retval FALSE  Not exit caller function.
> +**/
> +BOOLEAN
> +UpdateKEKFromFile (
> +  IN EFI_DEVICE_PATH_PROTOCOL    *FilePath
> +  );
> +
> +/**
> +  Update the DB form base on the input file path info.
> +
> +  @param FilePath    Point to the file path.
> +
> +  @retval TRUE   Exit caller function.
> +  @retval FALSE  Not exit caller function.
> +**/
> +BOOLEAN
> +UpdateDBFromFile (
> +  IN EFI_DEVICE_PATH_PROTOCOL    *FilePath
> +  );
> +
> +/**
> +  Update the DBX form base on the input file path info.
> +
> +  @param FilePath    Point to the file path.
> +
> +  @retval TRUE   Exit caller function.
> +  @retval FALSE  Not exit caller function.
> +**/
> +BOOLEAN
> +UpdateDBXFromFile (
> +  IN EFI_DEVICE_PATH_PROTOCOL    *FilePath
> +  );
> +
> +/**
> +  Update the DBT form base on the input file path info.
> +
> +  @param FilePath    Point to the file path.
> +
> +  @retval TRUE   Exit caller function.
> +  @retval FALSE  Not exit caller function.
> +**/
> +BOOLEAN
> +UpdateDBTFromFile (
> +  IN EFI_DEVICE_PATH_PROTOCOL    *FilePath
> +  );
> +
>  #endif
> diff --git 
> a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigNvData.h
>  
> b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigNvData.h
> index 101b605..cf8dc88 100644
> --- 
> a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigNvData.h
> +++ 
> b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigNvData.h
> @@ -34,19 +34,13 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER 
> EXPRESS OR IMPLIED.
>  #define FORMID_DELETE_KEK_FORM                0x0a
>  #define SECUREBOOT_ENROLL_SIGNATURE_TO_DB     0x0b
>  #define SECUREBOOT_DELETE_SIGNATURE_FROM_DB   0x0c
>  #define SECUREBOOT_ENROLL_SIGNATURE_TO_DBX    0x0d
>  #define SECUREBOOT_DELETE_SIGNATURE_FROM_DBX  0x0e
> -#define FORM_FILE_EXPLORER_ID                 0x0f
> -#define FORM_FILE_EXPLORER_ID_PK              0x10
> -#define FORM_FILE_EXPLORER_ID_KEK             0x11
> -#define FORM_FILE_EXPLORER_ID_DB              0x12
> -#define FORM_FILE_EXPLORER_ID_DBX             0x13
>  #define FORMID_SECURE_BOOT_DBT_OPTION_FORM    0x14
>  #define SECUREBOOT_ENROLL_SIGNATURE_TO_DBT    0x15
>  #define SECUREBOOT_DELETE_SIGNATURE_FROM_DBT  0x16
> -#define FORM_FILE_EXPLORER_ID_DBT             0x17
>  
>  #define SECURE_BOOT_MODE_CUSTOM               0x01
>  #define SECURE_BOOT_MODE_STANDARD             0x00
>  
>  #define KEY_SECURE_BOOT_ENABLE                0x1000
> @@ -109,14 +103,10 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, 
> EITHER EXPRESS OR IMPLIED.
>  //
>  // Question ID 0x5000 ~ 0x5FFF is for DBT
>  //
>  #define OPTION_DEL_DBT_QUESTION_ID            0x5000
>  
> -#define FILE_OPTION_GOTO_OFFSET               0xC000
> -#define FILE_OPTION_OFFSET                    0x8000
> -#define FILE_OPTION_MASK                      0x3FFF
> -
>  #define SECURE_BOOT_GUID_SIZE                 36
>  #define SECURE_BOOT_GUID_STORAGE_SIZE         37
>  
>  #define SECURE_BOOT_MODE_USER_MODE            0
>  #define SECURE_BOOT_MODE_SETUP_MODE           1
> 

_______________________________________________
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel

Reply via email to