Hi Chao,
Thanks for your comments.
1. The copyright info has updated in the latest [patch 6/6] patch.
2. The FileExplorerLib is already in NT32Pkg.dsc & Quark.dsc,
So no need to update.
Thanks,
Dandan
-----Original Message-----
From: Zhang, Chao B
Sent: Tuesday, February 2, 2016 1:45 PM
To: Bi, Dandan; Dong, Eric; ler...@redhat.com; edk2-devel@lists.01.org
Subject: RE: [patch 6/6] SecurityPkg:Use FileExplorerLib in SecureBootConfigDxe
Dandan:
1. The copyright head file change is not right.
2. Do we need to update NT32Pkg.dsc & Quark Platform dsc?
Other changes are good to me
Thanks & Best regards
Chao Zhang
-----Original Message-----
From: Bi, Dandan
Sent: Tuesday, February 02, 2016 10:18 AM
To: Zhang, Chao B; Dong, Eric; ler...@redhat.com; edk2-devel@lists.01.org
Subject: [patch 6/6] SecurityPkg:Use FileExplorerLib in SecureBootConfigDxe
Using existing library FileExplorerLib to replace the same
logic in SecureBootConfigDxe to make the code clear.After using
FileExplorerLib,the UI behavior for enroll PK will change,
previously when select one PK file,commit/discard changes will
return to Device Manager,press ESC will return to FileExplorer.
Now using FileExplorerLib the behavior will keep same with
enroll KEK/DB/...,commit/discard changes will return to Custom
Secure Boot Options form and ESC will return to PK options form.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Dandan Bi <dandan...@intel.com>
---
.../SecureBootConfigDxe/SecureBootConfig.vfr | 109 +-
.../SecureBootConfigDxe/SecureBootConfigDxe.inf | 3 +-
.../SecureBootConfigFileExplorer.c | 1127 +++++++++++++++++---
.../SecureBootConfigDxe/SecureBootConfigImpl.c | 167 ++-
.../SecureBootConfigDxe/SecureBootConfigImpl.h | 142 +--
.../SecureBootConfigDxe/SecureBootConfigNvData.h | 10 +
6 files changed, 1225 insertions(+), 333 deletions(-)
diff --git
a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfig.vfr
b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfig.vfr
index 484da2c..e53630c 100644
--- a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfig.vfr
+++ b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfig.vfr
@@ -1,9 +1,9 @@
/** @file
VFR file used by the SecureBoot configuration component.
-Copyright (c) 2011 - 2016, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2011 - 2015, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD
License
which accompanies this distribution. The full text of the license may be
found at
http://opensource.org/licenses/bsd-license.php
@@ -200,33 +200,15 @@ formset
form formid = FORMID_ENROLL_PK_FORM,
title = STRING_TOKEN(STR_ENROLL_PK);
subtitle text = STRING_TOKEN(STR_NULL);
- goto FORMID_ENROLL_PK_FORM,
+ goto FORM_FILE_EXPLORER_ID_PK,
prompt = STRING_TOKEN(STR_SECURE_BOOT_ENROLL_PK_FILE),
help = STRING_TOKEN(STR_SECURE_BOOT_ENROLL_PK_FILE),
flags = INTERACTIVE,
- key = FORMID_ENROLL_PK_FORM;
-
- subtitle text = STRING_TOKEN(STR_NULL);
- label FORMID_ENROLL_PK_FORM;
- label LABEL_END;
- subtitle text = STRING_TOKEN(STR_NULL);
-
- goto FORMID_SECURE_BOOT_OPTION_FORM,
- prompt = STRING_TOKEN(STR_SAVE_AND_EXIT),
- help = STRING_TOKEN(STR_SAVE_AND_EXIT),
- flags = INTERACTIVE| RESET_REQUIRED,
- key = KEY_VALUE_SAVE_AND_EXIT_PK;
-
- goto FORMID_SECURE_BOOT_OPTION_FORM,
- prompt = STRING_TOKEN(STR_NO_SAVE_AND_EXIT),
- help = STRING_TOKEN(STR_NO_SAVE_AND_EXIT),
- flags = INTERACTIVE,
- key = KEY_VALUE_NO_SAVE_AND_EXIT_PK;
-
+ key = SECUREBOOT_ADD_PK_FILE_FORM_ID;
endform;
//
// ##5 Form: 'KEK Options'
//
@@ -261,11 +243,11 @@ formset
form formid = FORMID_ENROLL_KEK_FORM,
title = STRING_TOKEN(STR_ENROLL_KEK_TITLE);
subtitle text = STRING_TOKEN(STR_NULL);
- goto FORMID_ENROLL_KEK_FORM,
+ goto FORM_FILE_EXPLORER_ID_KEK,
prompt = STRING_TOKEN(STR_FORM_ENROLL_KEK_FROM_FILE_TITLE),
help = STRING_TOKEN(STR_FORM_ENROLL_KEK_FROM_FILE_TITLE_HELP),
flags = INTERACTIVE,
key = FORMID_ENROLL_KEK_FORM;
@@ -424,11 +406,11 @@ formset
form formid = SECUREBOOT_ENROLL_SIGNATURE_TO_DB,
title = STRING_TOKEN(STR_SECURE_BOOT_ENROLL_SIGNATURE);
subtitle text = STRING_TOKEN(STR_NULL);
- goto SECUREBOOT_ENROLL_SIGNATURE_TO_DB,
+ goto FORM_FILE_EXPLORER_ID_DB,
prompt = STRING_TOKEN(STR_SECURE_BOOT_ADD_SIGNATURE_FILE),
help = STRING_TOKEN(STR_SECURE_BOOT_ADD_SIGNATURE_FILE),
flags = INTERACTIVE,
key = SECUREBOOT_ENROLL_SIGNATURE_TO_DB;
@@ -469,11 +451,11 @@ formset
form formid = SECUREBOOT_ENROLL_SIGNATURE_TO_DBX,
title = STRING_TOKEN(STR_SECURE_BOOT_ENROLL_SIGNATURE);
subtitle text = STRING_TOKEN(STR_NULL);
- goto SECUREBOOT_ENROLL_SIGNATURE_TO_DBX,
+ goto FORM_FILE_EXPLORER_ID_DBX,
prompt = STRING_TOKEN(STR_SECURE_BOOT_ADD_SIGNATURE_FILE),
help = STRING_TOKEN(STR_SECURE_BOOT_ADD_SIGNATURE_FILE),
flags = INTERACTIVE,
key = SECUREBOOT_ENROLL_SIGNATURE_TO_DBX;
@@ -545,11 +527,11 @@ formset
form formid = SECUREBOOT_ENROLL_SIGNATURE_TO_DBT,
title = STRING_TOKEN(STR_SECURE_BOOT_ENROLL_SIGNATURE);
subtitle text = STRING_TOKEN(STR_NULL);
- goto SECUREBOOT_ENROLL_SIGNATURE_TO_DBT,
+ goto FORM_FILE_EXPLORER_ID_DBT,
prompt = STRING_TOKEN(STR_SECURE_BOOT_ADD_SIGNATURE_FILE),
help = STRING_TOKEN(STR_SECURE_BOOT_ADD_SIGNATURE_FILE),
flags = INTERACTIVE,
key = SECUREBOOT_ENROLL_SIGNATURE_TO_DBT;
@@ -582,6 +564,83 @@ formset
flags = INTERACTIVE,
key = KEY_VALUE_NO_SAVE_AND_EXIT_DBT;
endform;
+ //
+ // File Explorer for PK
+ //
+ form formid = FORM_FILE_EXPLORER_ID_PK,
+ title = STRING_TOKEN(STR_FILE_EXPLORER_TITLE);
+
+ label FORM_FILE_EXPLORER_ID;
+ label LABEL_END;
+ endform;
+
+ //
+ // File Explorer for KEK
+ //
+ form formid = FORM_FILE_EXPLORER_ID_KEK,
+ title = STRING_TOKEN(STR_FILE_EXPLORER_TITLE);
+
+ label FORM_FILE_EXPLORER_ID;
+ label LABEL_END;
+ endform;
+
+ //
+ // File Explorer for DB
+ //
+ form formid = FORM_FILE_EXPLORER_ID_DB,
+ title = STRING_TOKEN(STR_FILE_EXPLORER_TITLE);
+
+ label FORM_FILE_EXPLORER_ID;
+ label LABEL_END;
+ endform;
+
+ //
+ // File Explorer for DBX
+ //
+ form formid = FORM_FILE_EXPLORER_ID_DBX,
+ title = STRING_TOKEN(STR_FILE_EXPLORER_TITLE);
+
+ label FORM_FILE_EXPLORER_ID;
+ label LABEL_END;
+ endform;
+
+ //
+ // File Explorer for DBT
+ //
+ form formid = FORM_FILE_EXPLORER_ID_DBT,
+ title = STRING_TOKEN(STR_FILE_EXPLORER_TITLE);
+
+ label FORM_FILE_EXPLORER_ID;
+ label LABEL_END;
+ endform;
+
+ //
+ // Enroll Pk from File Commit Form
+ //
+ form formid = SECUREBOOT_ADD_PK_FILE_FORM_ID,
+ title = STRING_TOKEN(STR_SAVE_PK_FILE);
+
+ label SECUREBOOT_ADD_PK_FILE_FORM_ID;
+ label LABEL_END;
+
+ subtitle text = STRING_TOKEN(STR_NULL);
+
+ text
+ help = STRING_TOKEN(STR_SAVE_AND_EXIT),
+ text = STRING_TOKEN(STR_SAVE_AND_EXIT),
+ text = STRING_TOKEN(STR_NULL),
+ flags = INTERACTIVE,
+ key = KEY_VALUE_SAVE_AND_EXIT_PK;
+
+ text
+ help = STRING_TOKEN(STR_NO_SAVE_AND_EXIT),
+ text = STRING_TOKEN(STR_NO_SAVE_AND_EXIT),
+ text = STRING_TOKEN(STR_NULL),
+ flags = INTERACTIVE,
+ key = KEY_VALUE_NO_SAVE_AND_EXIT_PK;
+
+ endform;
+
endformset;
\ No newline at end of file
diff --git
a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf
b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf
index 6b143f5..ef400c4 100644
---
a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf
+++
b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf
@@ -1,10 +1,10 @@
## @file
# Provides the capbility to configure secure boot in a setup browser
# By this module, user may change the content of DB, DBX, PK and KEK.
#
-# Copyright (c) 2011 - 2016, Intel Corporation. All rights reserved.<BR>
+# Copyright (c) 2011 - 2014, Intel Corporation. All rights reserved.<BR>
# This program and the accompanying materials
# are licensed and made available under the terms and conditions of the BSD
License
# which accompanies this distribution. The full text of the license may be
found at
# http://opensource.org/licenses/bsd-license.php
# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
@@ -55,11 +55,10 @@
UefiHiiServicesLib
DebugLib
HiiLib
PlatformSecureLib
DevicePathLib
- FileExplorerLib
[Guids]
## SOMETIMES_CONSUMES ## Variable:L"CustomMode"
## SOMETIMES_PRODUCES ## Variable:L"CustomMode"
gEfiCustomModeEnableGuid
diff --git
a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigFileExplorer.c
b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigFileExplorer.c
index 2adb85c..e1fd78d 100644
---
a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigFileExplorer.c
+++
b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigFileExplorer.c
@@ -1,9 +1,9 @@
/** @file
Internal file explorer functions for SecureBoot configuration module.
-Copyright (c) 2012 - 2016, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2012 - 2015, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD
License
which accompanies this distribution. The full text of the license may be
found at
http://opensource.org/licenses/bsd-license.php
@@ -12,74 +12,450 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER
EXPRESS OR IMPLIED.
**/
#include "SecureBootConfigImpl.h"
+///
+/// File system selection menu
+///
+SECUREBOOT_MENU_OPTION FsOptionMenu = {
+ SECUREBOOT_MENU_OPTION_SIGNATURE,
+ {NULL},
+ 0
+};
+
+///
+/// Files and sub-directories in current directory menu
+///
+SECUREBOOT_MENU_OPTION DirectoryMenu = {
+ SECUREBOOT_MENU_OPTION_SIGNATURE,
+ {NULL},
+ 0
+};
+
VOID *mStartOpCodeHandle = NULL;
VOID *mEndOpCodeHandle = NULL;
EFI_IFR_GUID_LABEL *mStartLabel = NULL;
EFI_IFR_GUID_LABEL *mEndLabel = NULL;
/**
- Refresh the global UpdateData structure.
+ Duplicate a string.
+
+ @param[in] Src The source string.
+
+ @return A new string which is duplicated copy of the source,
+ or NULL if there is not enough memory.
**/
-VOID
-RefreshUpdateData (
- VOID
+CHAR16 *
+StrDuplicate (
+ IN CHAR16 *Src
+ )
+{
+ CHAR16 *Dest;
+ UINTN Size;
+
+ Size = StrSize (Src);
+ Dest = AllocateZeroPool (Size);
+ ASSERT (Dest != NULL);
+ if (Dest != NULL) {
+ CopyMem (Dest, Src, Size);
+ }
+
+ return Dest;
+}
+
+/**
+ Helper function called as part of the code needed to allocate
+ the proper sized buffer for various EFI interfaces.
+
+ @param[in, out] Status Current status
+ @param[in, out] Buffer Current allocated buffer, or NULL
+ @param[in] BufferSize Current buffer size needed
+
+ @retval TRUE If the buffer was reallocated and the caller
+ should try the API again.
+ @retval FALSE The caller should not call this function again.
+
+**/
+BOOLEAN
+GrowBuffer (
+ IN OUT EFI_STATUS *Status,
+ IN OUT VOID **Buffer,
+ IN UINTN BufferSize
)
{
+ BOOLEAN TryAgain;
+
//
- // Free current updated date
+ // If this is an initial request, buffer will be null with a new buffer size
//
- if (mStartOpCodeHandle != NULL) {
- HiiFreeOpCodeHandle (mStartOpCodeHandle);
+ if ((*Buffer == NULL) && (BufferSize != 0)) {
+ *Status = EFI_BUFFER_TOO_SMALL;
}
+ //
+ // If the status code is "buffer too small", resize the buffer
+ //
+ TryAgain = FALSE;
+ if (*Status == EFI_BUFFER_TOO_SMALL) {
+
+ if (*Buffer != NULL) {
+ FreePool (*Buffer);
+ }
+ *Buffer = AllocateZeroPool (BufferSize);
+
+ if (*Buffer != NULL) {
+ TryAgain = TRUE;
+ } else {
+ *Status = EFI_OUT_OF_RESOURCES;
+ }
+ }
//
- // Create new OpCode Handle
+ // If there's an error, free the buffer
//
- mStartOpCodeHandle = HiiAllocateOpCodeHandle ();
+ if (!TryAgain && EFI_ERROR (*Status) && (*Buffer != NULL)) {
+ FreePool (*Buffer);
+ *Buffer = NULL;
+ }
+
+ return TryAgain;
+}
+
+/**
+ Append file name to existing file name, and allocate a new buffer
+ to hold the appended result.
+
+ @param[in] Str1 The existing file name
+ @param[in] Str2 The file name to be appended
+
+ @return A new string with appended result.
+
+**/
+CHAR16 *
+AppendFileName (
+ IN CHAR16 *Str1,
+ IN CHAR16 *Str2
+ )
+{
+ UINTN Size1;
+ UINTN Size2;
+ UINTN BufferSize;
+ CHAR16 *Str;
+ CHAR16 *TmpStr;
+ CHAR16 *Ptr;
+ CHAR16 *LastSlash;
+
+ Size1 = StrSize (Str1);
+ Size2 = StrSize (Str2);
+ BufferSize = Size1 + Size2 + sizeof (CHAR16);
+ Str = AllocateZeroPool (BufferSize);
+ ASSERT (Str != NULL);
+
+ TmpStr = AllocateZeroPool (BufferSize);
+ ASSERT (TmpStr != NULL);
+
+ StrCatS (Str, BufferSize / sizeof (CHAR16), Str1);
+
+ if (!((*Str == '\\') && (*(Str + 1) == 0))) {
+ StrCatS (Str, BufferSize / sizeof (CHAR16), L"\\");
+ }
+
+ StrCatS (Str, BufferSize / sizeof (CHAR16), Str2);
+
+ Ptr = Str;
+ LastSlash = Str;
+ while (*Ptr != 0) {
+ if (*Ptr == '\\' && *(Ptr + 1) == '.' && *(Ptr + 2) == '.' && *(Ptr + 3)
== L'\\') {
+ //
+ // Convert "\Name\..\" to "\"
+ // DO NOT convert the .. if it is at the end of the string. This will
+ // break the .. behavior in changing directories.
+ //
+
+ //
+ // Use TmpStr as a backup, as StrCpyS in BaseLib does not handle copy of
two strings
+ // that overlap.
+ //
+ StrCpyS (TmpStr, BufferSize / sizeof (CHAR16), Ptr + 3);
+ StrCpyS (LastSlash, BufferSize / sizeof (CHAR16), TmpStr);
+ Ptr = LastSlash;
+ } else if (*Ptr == '\\' && *(Ptr + 1) == '.' && *(Ptr + 2) == '\\') {
+ //
+ // Convert a "\.\" to a "\"
+ //
+
+ //
+ // Use TmpStr as a backup, as StrCpyS in BaseLib does not handle copy of
two strings
+ // that overlap.
+ //
+ StrCpyS (TmpStr, BufferSize / sizeof (CHAR16), Ptr + 2);
+ StrCpyS (Ptr, BufferSize / sizeof (CHAR16), TmpStr);
+ Ptr = LastSlash;
+ } else if (*Ptr == '\\') {
+ LastSlash = Ptr;
+ }
+
+ Ptr++;
+ }
+
+ FreePool (TmpStr);
+
+ return Str;
+}
+
+/**
+ Create a SECUREBOOT_MENU_ENTRY, and stores it in a buffer allocated from the
pool.
+
+ @return The new menu entry or NULL of error happens.
+
+**/
+SECUREBOOT_MENU_ENTRY *
+CreateMenuEntry (
+ VOID
+ )
+{
+ SECUREBOOT_MENU_ENTRY *MenuEntry;
+ UINTN ContextSize;
//
- // Create Hii Extend Label OpCode as the start opcode
+ // Create new menu entry
//
- mStartLabel = (EFI_IFR_GUID_LABEL *) HiiCreateGuidOpCode (
- mStartOpCodeHandle,
- &gEfiIfrTianoGuid,
- NULL,
- sizeof (EFI_IFR_GUID_LABEL)
+ MenuEntry = AllocateZeroPool (sizeof (SECUREBOOT_MENU_ENTRY));
+ if (MenuEntry == NULL) {
+ return NULL;
+ }
+
+ ContextSize = sizeof (SECUREBOOT_FILE_CONTEXT);
+ MenuEntry->FileContext = AllocateZeroPool (ContextSize);
+ if (MenuEntry->FileContext == NULL) {
+ FreePool (MenuEntry);
+ return NULL;
+ }
+
+ MenuEntry->Signature = SECUREBOOT_MENU_ENTRY_SIGNATURE;
+
+ return MenuEntry;
+}
+
+/**
+ Get Menu Entry from the Menu Entry List by MenuNumber.
+
+ If MenuNumber is great or equal to the number of Menu
+ Entry in the list, then ASSERT.
+
+ @param[in] MenuOption The Menu Entry List to read the menu entry.
+ @param[in] MenuNumber The index of Menu Entry.
+
+ @return The Menu Entry.
+
+**/
+SECUREBOOT_MENU_ENTRY *
+GetMenuEntry (
+ IN SECUREBOOT_MENU_OPTION *MenuOption,
+ IN UINTN MenuNumber
+ )
+{
+ SECUREBOOT_MENU_ENTRY *NewMenuEntry;
+ UINTN Index;
+ LIST_ENTRY *List;
+
+ ASSERT (MenuNumber < MenuOption->MenuNumber);
+
+ List = MenuOption->Head.ForwardLink;
+ for (Index = 0; Index < MenuNumber; Index++) {
+ List = List->ForwardLink;
+ }
+
+ NewMenuEntry = CR (List, SECUREBOOT_MENU_ENTRY, Link,
SECUREBOOT_MENU_ENTRY_SIGNATURE);
+
+ return NewMenuEntry;
+}
+
+/**
+ Create string tokens for a menu from its help strings and display strings.
+
+ @param[in] HiiHandle Hii Handle of the package to be updated.
+ @param[in] MenuOption The Menu whose string tokens need to be
created.
+
+**/
+VOID
+CreateMenuStringToken (
+ IN EFI_HII_HANDLE HiiHandle,
+ IN SECUREBOOT_MENU_OPTION *MenuOption
+ )
+{
+ SECUREBOOT_MENU_ENTRY *NewMenuEntry;
+ UINTN Index;
+
+ for (Index = 0; Index < MenuOption->MenuNumber; Index++) {
+ NewMenuEntry = GetMenuEntry (MenuOption, Index);
+
+ NewMenuEntry->DisplayStringToken = HiiSetString (
+ HiiHandle,
+ 0,
+ NewMenuEntry->DisplayString,
+ NULL
);
- mStartLabel->ExtendOpCode = EFI_IFR_EXTEND_OP_LABEL;
+
+ if (NewMenuEntry->HelpString == NULL) {
+ NewMenuEntry->HelpStringToken = NewMenuEntry->DisplayStringToken;
+ } else {
+ NewMenuEntry->HelpStringToken = HiiSetString (
+ HiiHandle,
+ 0,
+ NewMenuEntry->HelpString,
+ NULL
+ );
+ }
+ }
}
/**
- Clean up the dynamic opcode at label and form specified by both LabelId.
+ Free up all resources allocated for a SECUREBOOT_MENU_ENTRY.
- @param[in] LabelId It is both the Form ID and Label ID for opcode
deletion.
- @param[in] PrivateData Module private data.
+ @param[in, out] MenuEntry A pointer to SECUREBOOT_MENU_ENTRY.
**/
VOID
-CleanUpPage (
- IN UINT16 LabelId,
- IN SECUREBOOT_CONFIG_PRIVATE_DATA *PrivateData
+DestroyMenuEntry (
+ IN OUT SECUREBOOT_MENU_ENTRY *MenuEntry
)
{
- RefreshUpdateData ();
+ SECUREBOOT_FILE_CONTEXT *FileContext;
+
+
+ FileContext = (SECUREBOOT_FILE_CONTEXT *) MenuEntry->FileContext;
+
+ if (!FileContext->IsRoot && FileContext->DevicePath != NULL) {
+ FreePool (FileContext->DevicePath);
+ } else {
+ if (FileContext->FHandle != NULL) {
+ FileContext->FHandle->Close (FileContext->FHandle);
+ }
+ }
+
+ if (FileContext->FileName != NULL) {
+ FreePool (FileContext->FileName);
+ }
+ if (FileContext->Info != NULL) {
+ FreePool (FileContext->Info);
+ }
+
+ FreePool (FileContext);
+
+ if (MenuEntry->DisplayString != NULL) {
+ FreePool (MenuEntry->DisplayString);
+ }
+ if (MenuEntry->HelpString != NULL) {
+ FreePool (MenuEntry->HelpString);
+ }
+
+ FreePool (MenuEntry);
+}
+
+/**
+ Free resources allocated in Allocate Rountine.
+
+ @param[in, out] MenuOption Menu to be freed
+
+**/
+VOID
+FreeMenu (
+ IN OUT SECUREBOOT_MENU_OPTION *MenuOption
+ )
+{
+ SECUREBOOT_MENU_ENTRY *MenuEntry;
+ while (!IsListEmpty (&MenuOption->Head)) {
+ MenuEntry = CR (
+ MenuOption->Head.ForwardLink,
+ SECUREBOOT_MENU_ENTRY,
+ Link,
+ SECUREBOOT_MENU_ENTRY_SIGNATURE
+ );
+ RemoveEntryList (&MenuEntry->Link);
+ DestroyMenuEntry (MenuEntry);
+ }
+ MenuOption->MenuNumber = 0;
+}
+
+/**
+ This function gets the file information from an open file descriptor, and
stores it
+ in a buffer allocated from pool.
+
+ @param[in] FHand File Handle.
+
+ @return A pointer to a buffer with file information or NULL is returned
+
+**/
+EFI_FILE_INFO *
+FileInfo (
+ IN EFI_FILE_HANDLE FHand
+ )
+{
+ EFI_STATUS Status;
+ EFI_FILE_INFO *Buffer;
+ UINTN BufferSize;
//
- // Remove all op-codes from dynamic page
+ // Initialize for GrowBuffer loop
//
- mStartLabel->Number = LabelId;
- HiiUpdateForm (
- PrivateData->HiiHandle,
- &gSecureBootConfigFormSetGuid,
- LabelId,
- mStartOpCodeHandle, // Label LabelId
- mEndOpCodeHandle // LABEL_END
- );
+ Buffer = NULL;
+ BufferSize = SIZE_OF_EFI_FILE_INFO + 200;
+
+ //
+ // Call the real function
+ //
+ while (GrowBuffer (&Status, (VOID **) &Buffer, BufferSize)) {
+ Status = FHand->GetInfo (
+ FHand,
+ &gEfiFileInfoGuid,
+ &BufferSize,
+ Buffer
+ );
+ }
+
+ return Buffer;
+}
+
+/**
+ This function gets the file system information from an open file descriptor,
+ and stores it in a buffer allocated from pool.
+
+ @param[in] FHand The file handle.
+
+ @return A pointer to a buffer with file information.
+ @retval NULL is returned if failed to get Vaolume Label Info.
+
+**/
+EFI_FILE_SYSTEM_VOLUME_LABEL *
+FileSystemVolumeLabelInfo (
+ IN EFI_FILE_HANDLE FHand
+ )
+{
+ EFI_STATUS Status;
+ EFI_FILE_SYSTEM_VOLUME_LABEL *Buffer;
+ UINTN BufferSize;
+ //
+ // Initialize for GrowBuffer loop
+ //
+ Buffer = NULL;
+ BufferSize = SIZE_OF_EFI_FILE_SYSTEM_VOLUME_LABEL + 200;
+
+ //
+ // Call the real function
+ //
+ while (GrowBuffer (&Status, (VOID **) &Buffer, BufferSize)) {
+ Status = FHand->GetInfo (
+ FHand,
+ &gEfiFileSystemVolumeLabelInfoIdGuid,
+ &BufferSize,
+ Buffer
+ );
+ }
+
+ return Buffer;
}
/**
This function will open a file or directory referenced by DevicePath.
@@ -217,189 +593,642 @@ OpenFileByDevicePath(
//
*FileHandle = (VOID*)Handle1;
return EFI_SUCCESS;
}
-
/**
- Extract filename from device path. The returned buffer is allocated using
AllocateCopyPool.
- The caller is responsible for freeing the allocated buffer using FreePool().
+ Function opens and returns a file handle to the root directory of a volume.
- @param DevicePath Device path.
+ @param[in] DeviceHandle A handle for a device
- @return A new allocated string that represents the file name.
+ @return A valid file handle or NULL if error happens.
**/
-CHAR16 *
-ExtractFileNameFromDevicePath (
- IN EFI_DEVICE_PATH_PROTOCOL *DevicePath
+EFI_FILE_HANDLE
+OpenRoot (
+ IN EFI_HANDLE DeviceHandle
)
{
- CHAR16 *String;
- CHAR16 *MatchString;
- CHAR16 *LastMatch;
- CHAR16 *FileName;
- UINTN Length;
+ EFI_STATUS Status;
+ EFI_SIMPLE_FILE_SYSTEM_PROTOCOL *Volume;
+ EFI_FILE_HANDLE File;
- ASSERT(DevicePath != NULL);
+ File = NULL;
- String = DevicePathToStr(DevicePath);
- MatchString = String;
- LastMatch = String;
+ //
+ // File the file system interface to the device
+ //
+ Status = gBS->HandleProtocol (
+ DeviceHandle,
+ &gEfiSimpleFileSystemProtocolGuid,
+ (VOID *) &Volume
+ );
- while(MatchString != NULL){
- LastMatch = MatchString + 1;
- MatchString = StrStr(LastMatch,L"\\");
+ //
+ // Open the root directory of the volume
+ //
+ if (!EFI_ERROR (Status)) {
+ Status = Volume->OpenVolume (
+ Volume,
+ &File
+ );
}
-
- Length = StrLen(LastMatch);
- FileName = AllocateCopyPool ((Length + 1) * sizeof(CHAR16), LastMatch);
- *(FileName + Length) = 0;
-
- FreePool(String);
-
- return FileName;
+ //
+ // Done
+ //
+ return EFI_ERROR (Status) ? NULL : File;
}
-
/**
- Update the form base on the selected file.
-
- @param FilePath Point to the file path.
- @param FormId The form need to display.
+ This function builds the FsOptionMenu list which records all
+ available file system in the system. They include all instances
+ of EFI_SIMPLE_FILE_SYSTEM_PROTOCOL, all instances of EFI_LOAD_FILE_SYSTEM
+ and all type of legacy boot device.
- @retval TRUE Exit caller function.
- @retval FALSE Not exit caller function.
+ @retval EFI_SUCCESS Success find the file system
+ @retval EFI_OUT_OF_RESOURCES Can not create menu entry
**/
-BOOLEAN
-UpdatePage(
- IN EFI_DEVICE_PATH_PROTOCOL *FilePath,
- IN EFI_FORM_ID FormId
+EFI_STATUS
+FindFileSystem (
+ VOID
)
{
- CHAR16 *FileName;
- EFI_STRING_ID StringToken;
+ UINTN NoBlkIoHandles;
+ UINTN NoSimpleFsHandles;
+ EFI_HANDLE *BlkIoHandle;
+ EFI_HANDLE *SimpleFsHandle;
+ UINT16 *VolumeLabel;
+ EFI_BLOCK_IO_PROTOCOL *BlkIo;
+ UINTN Index;
+ EFI_STATUS Status;
+ SECUREBOOT_MENU_ENTRY *MenuEntry;
+ SECUREBOOT_FILE_CONTEXT *FileContext;
+ UINT16 *TempStr;
+ UINTN OptionNumber;
+ VOID *Buffer;
+
+ BOOLEAN RemovableMedia;
+
+
+ NoSimpleFsHandles = 0;
+ OptionNumber = 0;
+ InitializeListHead (&FsOptionMenu.Head);
- if (FilePath != NULL){
- FileName = ExtractFileNameFromDevicePath(FilePath);
- StringToken = HiiSetString (gSecureBootPrivateData->HiiHandle, 0,
FileName, NULL);
- } else {
- FileName = HiiGetString (gSecureBootPrivateData->HiiHandle, STRING_TOKEN
(STR_NULL), NULL);
- ASSERT (FileName != NULL);
- StringToken = HiiSetString (gSecureBootPrivateData->HiiHandle, 0,
FileName, NULL);
+ //
+ // Locate Handles that support BlockIo protocol
+ //
+ Status = gBS->LocateHandleBuffer (
+ ByProtocol,
+ &gEfiBlockIoProtocolGuid,
+ NULL,
+ &NoBlkIoHandles,
+ &BlkIoHandle
+ );
+ if (!EFI_ERROR (Status)) {
+
+ for (Index = 0; Index < NoBlkIoHandles; Index++) {
+ Status = gBS->HandleProtocol (
+ BlkIoHandle[Index],
+ &gEfiBlockIoProtocolGuid,
+ (VOID **) &BlkIo
+ );
+
+ if (EFI_ERROR (Status)) {
+ continue;
+ }
+
+ //
+ // Issue a dummy read to trigger reinstall of BlockIo protocol for
removable media
+ //
+ if (BlkIo->Media->RemovableMedia) {
+ Buffer = AllocateZeroPool (BlkIo->Media->BlockSize);
+ if (NULL == Buffer) {
+ FreePool (BlkIoHandle);
+ return EFI_OUT_OF_RESOURCES;
+ }
+
+ BlkIo->ReadBlocks (
+ BlkIo,
+ BlkIo->Media->MediaId,
+ 0,
+ BlkIo->Media->BlockSize,
+ Buffer
+ );
+ FreePool (Buffer);
+ }
+ }
+ FreePool (BlkIoHandle);
}
- gSecureBootPrivateData->FileContext->FileName = FileName;
-
- OpenFileByDevicePath(
- &FilePath,
- &gSecureBootPrivateData->FileContext->FHandle,
- EFI_FILE_MODE_READ,
- 0
- );
//
- // Create Subtitle op-code for the display string of the option.
+ // Locate Handles that support Simple File System protocol
//
- RefreshUpdateData ();
- mStartLabel->Number = FormId;
-
- HiiCreateSubTitleOpCode (
- mStartOpCodeHandle,
- StringToken,
- 0,
- 0,
- 0
- );
+ Status = gBS->LocateHandleBuffer (
+ ByProtocol,
+ &gEfiSimpleFileSystemProtocolGuid,
+ NULL,
+ &NoSimpleFsHandles,
+ &SimpleFsHandle
+ );
+ if (!EFI_ERROR (Status)) {
+ //
+ // Find all the instances of the File System prototocol
+ //
+ for (Index = 0; Index < NoSimpleFsHandles; Index++) {
+ Status = gBS->HandleProtocol (
+ SimpleFsHandle[Index],
+ &gEfiBlockIoProtocolGuid,
+ (VOID **) &BlkIo
+ );
+ if (EFI_ERROR (Status)) {
+ //
+ // If no block IO exists assume it's NOT a removable media
+ //
+ RemovableMedia = FALSE;
+ } else {
+ //
+ // If block IO exists check to see if it's remobable media
+ //
+ RemovableMedia = BlkIo->Media->RemovableMedia;
+ }
+
+ //
+ // Allocate pool for this instance.
+ //
+ MenuEntry = CreateMenuEntry ();
+ if (NULL == MenuEntry) {
+ FreePool (SimpleFsHandle);
+ return EFI_OUT_OF_RESOURCES;
+ }
+
+ FileContext = (SECUREBOOT_FILE_CONTEXT *) MenuEntry->FileContext;
+
+ FileContext->Handle = SimpleFsHandle[Index];
+ MenuEntry->OptionNumber = Index;
+ FileContext->FHandle = OpenRoot (FileContext->Handle);
+ if (FileContext->FHandle == NULL) {
+ DestroyMenuEntry (MenuEntry);
+ continue;
+ }
+
+ MenuEntry->HelpString = DevicePathToStr (DevicePathFromHandle
(FileContext->Handle));
+ FileContext->Info = FileSystemVolumeLabelInfo (FileContext->FHandle);
+ FileContext->FileName = StrDuplicate (L"\\");
+ FileContext->DevicePath = FileDevicePath (
+ FileContext->Handle,
+ FileContext->FileName
+ );
+ FileContext->IsDir = TRUE;
+ FileContext->IsRoot = TRUE;
+ FileContext->IsRemovableMedia = RemovableMedia;
+ FileContext->IsLoadFile = FALSE;
+
+ //
+ // Get current file system's Volume Label
+ //
+ if (FileContext->Info == NULL) {
+ VolumeLabel = L"NO FILE SYSTEM INFO";
+ } else {
+ if (FileContext->Info->VolumeLabel == NULL) {
+ VolumeLabel = L"NULL VOLUME LABEL";
+ } else {
+ VolumeLabel = FileContext->Info->VolumeLabel;
+ if (*VolumeLabel == 0x0000) {
+ VolumeLabel = L"NO VOLUME LABEL";
+ }
+ }
+ }
+
+ TempStr = MenuEntry->HelpString;
+ MenuEntry->DisplayString = AllocateZeroPool (MAX_CHAR);
+ ASSERT (MenuEntry->DisplayString != NULL);
+ UnicodeSPrint (
+ MenuEntry->DisplayString,
+ MAX_CHAR,
+ L"%s, [%s]",
+ VolumeLabel,
+ TempStr
+ );
+ OptionNumber++;
+ InsertTailList (&FsOptionMenu.Head, &MenuEntry->Link);
+ }
+ }
- HiiUpdateForm (
- gSecureBootPrivateData->HiiHandle,
- &gSecureBootConfigFormSetGuid,
- FormId,
- mStartOpCodeHandle, // Label FormId
- mEndOpCodeHandle // LABEL_END
- );
+ if (NoSimpleFsHandles != 0) {
+ FreePool (SimpleFsHandle);
+ }
- return TRUE;
+ //
+ // Remember how many file system options are here
+ //
+ FsOptionMenu.MenuNumber = OptionNumber;
+ return EFI_SUCCESS;
}
+
/**
- Update the PK form base on the input file path info.
+ Find files under the current directory. All files and sub-directories
+ in current directory will be stored in DirectoryMenu for future use.
+
+ @param[in] MenuEntry The Menu Entry.
- @param FilePath Point to the file path.
+ @retval EFI_SUCCESS Get files from current dir successfully.
+ @return Other Can't get files from current dir.
- @retval TRUE Exit caller function.
- @retval FALSE Not exit caller function.
**/
-BOOLEAN
-UpdatePKFromFile (
- IN EFI_DEVICE_PATH_PROTOCOL *FilePath
+EFI_STATUS
+FindFiles (
+ IN SECUREBOOT_MENU_ENTRY *MenuEntry
)
{
- return UpdatePage(FilePath, FORMID_ENROLL_PK_FORM);
+ EFI_FILE_HANDLE NewDir;
+ EFI_FILE_HANDLE Dir;
+ EFI_FILE_INFO *DirInfo;
+ UINTN BufferSize;
+ UINTN DirBufferSize;
+ SECUREBOOT_MENU_ENTRY *NewMenuEntry;
+ SECUREBOOT_FILE_CONTEXT *FileContext;
+ SECUREBOOT_FILE_CONTEXT *NewFileContext;
+ UINTN Pass;
+ EFI_STATUS Status;
+ UINTN OptionNumber;
+
+ FileContext = (SECUREBOOT_FILE_CONTEXT *) MenuEntry->FileContext;
+ Dir = FileContext->FHandle;
+ OptionNumber = 0;
+ //
+ // Open current directory to get files from it
+ //
+ Status = Dir->Open (
+ Dir,
+ &NewDir,
+ FileContext->FileName,
+ EFI_FILE_READ_ONLY,
+ 0
+ );
+ if (!FileContext->IsRoot) {
+ Dir->Close (Dir);
+ }
+
+ if (EFI_ERROR (Status)) {
+ return Status;
+ }
+
+ DirInfo = FileInfo (NewDir);
+ if (DirInfo == NULL) {
+ return EFI_NOT_FOUND;
+ }
+
+ if ((DirInfo->Attribute & EFI_FILE_DIRECTORY) == 0) {
+ return EFI_INVALID_PARAMETER;
+ }
+
+ FileContext->DevicePath = FileDevicePath (
+ FileContext->Handle,
+ FileContext->FileName
+ );
+
+ DirBufferSize = sizeof (EFI_FILE_INFO) + 1024;
+ DirInfo = AllocateZeroPool (DirBufferSize);
+ if (DirInfo == NULL) {
+ return EFI_OUT_OF_RESOURCES;
+ }
+
+ //
+ // Get all files in current directory
+ // Pass 1 to get Directories
+ // Pass 2 to get files that are EFI images
+ //
+ for (Pass = 1; Pass <= 2; Pass++) {
+ NewDir->SetPosition (NewDir, 0);
+ for (;;) {
+ BufferSize = DirBufferSize;
+ Status = NewDir->Read (NewDir, &BufferSize, DirInfo);
+ if (EFI_ERROR (Status) || BufferSize == 0) {
+ break;
+ }
+
+ if (((DirInfo->Attribute & EFI_FILE_DIRECTORY) != 0 && Pass == 2) ||
+ ((DirInfo->Attribute & EFI_FILE_DIRECTORY) == 0 && Pass == 1)
+ ) {
+ //
+ // Pass 1 is for Directories
+ // Pass 2 is for file names
+ //
+ continue;
+ }
+
+ NewMenuEntry = CreateMenuEntry ();
+ if (NULL == NewMenuEntry) {
+ return EFI_OUT_OF_RESOURCES;
+ }
+
+ NewFileContext = (SECUREBOOT_FILE_CONTEXT *)
NewMenuEntry->FileContext;
+ NewFileContext->Handle = FileContext->Handle;
+ NewFileContext->FileName = AppendFileName (
+ FileContext->FileName,
+ DirInfo->FileName
+ );
+ NewFileContext->FHandle = NewDir;
+ NewFileContext->DevicePath = FileDevicePath (
+ NewFileContext->Handle,
+ NewFileContext->FileName
+ );
+ NewMenuEntry->HelpString = NULL;
+
+ NewFileContext->IsDir = (BOOLEAN) ((DirInfo->Attribute &
EFI_FILE_DIRECTORY) == EFI_FILE_DIRECTORY);
+ if (NewFileContext->IsDir) {
+ BufferSize = StrLen (DirInfo->FileName) * 2 + 6;
+ NewMenuEntry->DisplayString = AllocateZeroPool (BufferSize);
+
+ UnicodeSPrint (
+ NewMenuEntry->DisplayString,
+ BufferSize,
+ L"<%s>",
+ DirInfo->FileName
+ );
+
+ } else {
+ NewMenuEntry->DisplayString = StrDuplicate (DirInfo->FileName);
+ }
+
+ NewFileContext->IsRoot = FALSE;
+ NewFileContext->IsLoadFile = FALSE;
+ NewFileContext->IsRemovableMedia = FALSE;
+
+ NewMenuEntry->OptionNumber = OptionNumber;
+ OptionNumber++;
+ InsertTailList (&DirectoryMenu.Head, &NewMenuEntry->Link);
+ }
+ }
+ DirectoryMenu.MenuNumber = OptionNumber;
+ FreePool (DirInfo);
+ return EFI_SUCCESS;
}
/**
- Update the KEK form base on the input file path info.
-
- @param FilePath Point to the file path.
+ Refresh the global UpdateData structure.
- @retval TRUE Exit caller function.
- @retval FALSE Not exit caller function.
**/
-BOOLEAN
-UpdateKEKFromFile (
- IN EFI_DEVICE_PATH_PROTOCOL *FilePath
+VOID
+RefreshUpdateData (
+ VOID
)
{
- return UpdatePage(FilePath, FORMID_ENROLL_KEK_FORM);
+ //
+ // Free current updated date
+ //
+ if (mStartOpCodeHandle != NULL) {
+ HiiFreeOpCodeHandle (mStartOpCodeHandle);
+ }
+
+ //
+ // Create new OpCode Handle
+ //
+ mStartOpCodeHandle = HiiAllocateOpCodeHandle ();
+
+ //
+ // Create Hii Extend Label OpCode as the start opcode
+ //
+ mStartLabel = (EFI_IFR_GUID_LABEL *) HiiCreateGuidOpCode (
+ mStartOpCodeHandle,
+ &gEfiIfrTianoGuid,
+ NULL,
+ sizeof (EFI_IFR_GUID_LABEL)
+ );
+ mStartLabel->ExtendOpCode = EFI_IFR_EXTEND_OP_LABEL;
}
/**
- Update the DB form base on the input file path info.
+ Update the File Explore page.
- @param FilePath Point to the file path.
+ @param[in] HiiHandle Hii Handle of the package to be updated.
+ @param[in] MenuOption The Menu whose string tokens need to be
updated.
+ @param[in] FeCurrentState Current file explorer state.
- @retval TRUE Exit caller function.
- @retval FALSE Not exit caller function.
**/
-BOOLEAN
-UpdateDBFromFile (
- IN EFI_DEVICE_PATH_PROTOCOL *FilePath
+VOID
+UpdateFileExplorePage (
+ IN EFI_HII_HANDLE HiiHandle,
+ IN SECUREBOOT_MENU_OPTION *MenuOption,
+ IN FILE_EXPLORER_STATE FeCurrentState
)
{
- return UpdatePage(FilePath, SECUREBOOT_ENROLL_SIGNATURE_TO_DB);
+ UINTN Index;
+ SECUREBOOT_MENU_ENTRY *NewMenuEntry;
+ SECUREBOOT_FILE_CONTEXT *NewFileContext;
+ EFI_FORM_ID FormId;
+ EFI_FORM_ID FileFormId;
+
+ if (FeCurrentState == FileExplorerStateEnrollPkFile) {
+ FormId = SECUREBOOT_ADD_PK_FILE_FORM_ID;
+ FileFormId = FORM_FILE_EXPLORER_ID_PK;
+ } else if (FeCurrentState == FileExplorerStateEnrollKekFile) {
+ FormId = FORMID_ENROLL_KEK_FORM;
+ FileFormId = FORM_FILE_EXPLORER_ID_KEK;
+ } else if (FeCurrentState == FileExplorerStateEnrollSignatureFileToDb) {
+ FormId = SECUREBOOT_ENROLL_SIGNATURE_TO_DB;
+ FileFormId = FORM_FILE_EXPLORER_ID_DB;
+ } else if (FeCurrentState == FileExplorerStateEnrollSignatureFileToDbx) {
+ FormId = SECUREBOOT_ENROLL_SIGNATURE_TO_DBX;
+ FileFormId = FORM_FILE_EXPLORER_ID_DBX;
+ } else if (FeCurrentState == FileExplorerStateEnrollSignatureFileToDbt) {
+ FormId = SECUREBOOT_ENROLL_SIGNATURE_TO_DBT;
+ FileFormId = FORM_FILE_EXPLORER_ID_DBT;
+ } else {
+ return;
+ }
+
+ NewMenuEntry = NULL;
+ NewFileContext = NULL;
+
+ RefreshUpdateData ();
+ mStartLabel->Number = FORM_FILE_EXPLORER_ID;
+
+ for (Index = 0; Index < MenuOption->MenuNumber; Index++) {
+ NewMenuEntry = GetMenuEntry (MenuOption, Index);
+ NewFileContext = (SECUREBOOT_FILE_CONTEXT *) NewMenuEntry->FileContext;
+
+ if (NewFileContext->IsDir) {
+ //
+ // Create Text opcode for directory.
+ //
+ HiiCreateActionOpCode (
+ mStartOpCodeHandle,
+ (UINT16) (FILE_OPTION_OFFSET + Index),
+ NewMenuEntry->DisplayStringToken,
+ STRING_TOKEN (STR_NULL),
+ EFI_IFR_FLAG_CALLBACK,
+ 0
+ );
+ } else {
+
+ //
+ // Create Goto opcode for file.
+ //
+ HiiCreateGotoOpCode (
+ mStartOpCodeHandle,
+ FormId,
+ NewMenuEntry->DisplayStringToken,
+ STRING_TOKEN (STR_NULL),
+ EFI_IFR_FLAG_CALLBACK,
+ (UINT16) (FILE_OPTION_GOTO_OFFSET + Index)
+ );
+ }
+ }
+
+ HiiUpdateForm (
+ HiiHandle,
+ &gSecureBootConfigFormSetGuid,
+ FileFormId,
+ mStartOpCodeHandle, // Label FORM_FILE_EXPLORER_ID
+ mEndOpCodeHandle // LABEL_END
+ );
}
/**
- Update the DBX form base on the input file path info.
+ Update the file explorer page with the refreshed file system.
+
+ @param[in] PrivateData Module private data.
+ @param[in] KeyValue Key value to identify the type of data to expect.
- @param FilePath Point to the file path.
+ @retval TRUE Inform the caller to create a callback packet to
exit file explorer.
+ @retval FALSE Indicate that there is no need to exit file explorer.
- @retval TRUE Exit caller function.
- @retval FALSE Not exit caller function.
**/
BOOLEAN
-UpdateDBXFromFile (
- IN EFI_DEVICE_PATH_PROTOCOL *FilePath
+UpdateFileExplorer (
+ IN SECUREBOOT_CONFIG_PRIVATE_DATA *PrivateData,
+ IN UINT16 KeyValue
)
{
- return UpdatePage(FilePath, SECUREBOOT_ENROLL_SIGNATURE_TO_DBX);
+ UINT16 FileOptionMask;
+ SECUREBOOT_MENU_ENTRY *NewMenuEntry;
+ SECUREBOOT_FILE_CONTEXT *NewFileContext;
+ EFI_FORM_ID FormId;
+ BOOLEAN ExitFileExplorer;
+ EFI_STATUS Status;
+ EFI_DEVICE_PATH_PROTOCOL *TmpDevicePath;
+
+ NewMenuEntry = NULL;
+ NewFileContext = NULL;
+ ExitFileExplorer = FALSE;
+ FileOptionMask = (UINT16) (FILE_OPTION_MASK & KeyValue);
+
+ if (PrivateData->FeDisplayContext == FileExplorerDisplayUnknown) {
+ //
+ // First in, display file system.
+ //
+ FreeMenu (&FsOptionMenu);
+ FindFileSystem ();
+
+ CreateMenuStringToken (PrivateData->HiiHandle, &FsOptionMenu);
+ UpdateFileExplorePage (PrivateData->HiiHandle, &FsOptionMenu,
PrivateData->FeCurrentState);
+
+ PrivateData->FeDisplayContext = FileExplorerDisplayFileSystem;
+ } else {
+ if (PrivateData->FeDisplayContext == FileExplorerDisplayFileSystem) {
+ NewMenuEntry = GetMenuEntry (&FsOptionMenu, FileOptionMask);
+ } else if (PrivateData->FeDisplayContext == FileExplorerDisplayDirectory) {
+ NewMenuEntry = GetMenuEntry (&DirectoryMenu, FileOptionMask);
+ }
+
+ NewFileContext = (SECUREBOOT_FILE_CONTEXT *) NewMenuEntry->FileContext;
+
+ if (NewFileContext->IsDir ) {
+ PrivateData->FeDisplayContext = FileExplorerDisplayDirectory;
+
+ RemoveEntryList (&NewMenuEntry->Link);
+ FreeMenu (&DirectoryMenu);
+ Status = FindFiles (NewMenuEntry);
+ if (EFI_ERROR (Status)) {
+ ExitFileExplorer = TRUE;
+ goto OnExit;
+ }
+ CreateMenuStringToken (PrivateData->HiiHandle, &DirectoryMenu);
+ DestroyMenuEntry (NewMenuEntry);
+
+ UpdateFileExplorePage (PrivateData->HiiHandle, &DirectoryMenu,
PrivateData->FeCurrentState);
+
+ } else {
+ if (PrivateData->FeCurrentState == FileExplorerStateEnrollPkFile) {
+ FormId = SECUREBOOT_ADD_PK_FILE_FORM_ID;
+ } else if (PrivateData->FeCurrentState ==
FileExplorerStateEnrollKekFile) {
+ FormId = FORMID_ENROLL_KEK_FORM;
+ } else if (PrivateData->FeCurrentState ==
FileExplorerStateEnrollSignatureFileToDb) {
+ FormId = SECUREBOOT_ENROLL_SIGNATURE_TO_DB;
+ } else if (PrivateData->FeCurrentState ==
FileExplorerStateEnrollSignatureFileToDbx) {
+ FormId = SECUREBOOT_ENROLL_SIGNATURE_TO_DBX;
+ } else if (PrivateData->FeCurrentState ==
FileExplorerStateEnrollSignatureFileToDbt) {
+ FormId = SECUREBOOT_ENROLL_SIGNATURE_TO_DBT;
+ } else {
+ return FALSE;
+ }
+
+ PrivateData->MenuEntry = NewMenuEntry;
+ PrivateData->FileContext->FileName = NewFileContext->FileName;
+
+ TmpDevicePath = NewFileContext->DevicePath;
+ OpenFileByDevicePath (
+ &TmpDevicePath,
+ &PrivateData->FileContext->FHandle,
+ EFI_FILE_MODE_READ,
+ 0
+ );
+
+ //
+ // Create Subtitle op-code for the display string of the option.
+ //
+ RefreshUpdateData ();
+ mStartLabel->Number = FormId;
+
+ HiiCreateSubTitleOpCode (
+ mStartOpCodeHandle,
+ NewMenuEntry->DisplayStringToken,
+ 0,
+ 0,
+ 0
+ );
+
+ HiiUpdateForm (
+ PrivateData->HiiHandle,
+ &gSecureBootConfigFormSetGuid,
+ FormId,
+ mStartOpCodeHandle, // Label FormId
+ mEndOpCodeHandle // LABEL_END
+ );
+ }
+ }
+
+OnExit:
+ return ExitFileExplorer;
}
/**
- Update the DBT form base on the input file path info.
+ Clean up the dynamic opcode at label and form specified by both LabelId.
- @param FilePath Point to the file path.
+ @param[in] LabelId It is both the Form ID and Label ID for opcode
deletion.
+ @param[in] PrivateData Module private data.
- @retval TRUE Exit caller function.
- @retval FALSE Not exit caller function.
**/
-BOOLEAN
-UpdateDBTFromFile (
- IN EFI_DEVICE_PATH_PROTOCOL *FilePath
+VOID
+CleanUpPage (
+ IN UINT16 LabelId,
+ IN SECUREBOOT_CONFIG_PRIVATE_DATA *PrivateData
)
{
- return UpdatePage(FilePath, SECUREBOOT_ENROLL_SIGNATURE_TO_DBT);
-}
+ RefreshUpdateData ();
+ //
+ // Remove all op-codes from dynamic page
+ //
+ mStartLabel->Number = LabelId;
+ HiiUpdateForm (
+ PrivateData->HiiHandle,
+ &gSecureBootConfigFormSetGuid,
+ LabelId,
+ mStartOpCodeHandle, // Label LabelId
+ mEndOpCodeHandle // LABEL_END
+ );
+}
diff --git
a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.c
b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.c
index bbd2f33..e2340e6 100644
---
a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.c
+++
b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.c
@@ -95,12 +95,10 @@ CHAR16* mDerEncodedSuffix[] = {
L".crt",
NULL
};
CHAR16* mSupportX509Suffix = L"*.cer/der/crt";
-SECUREBOOT_CONFIG_PRIVATE_DATA *gSecureBootPrivateData = NULL;
-
/**
This code checks if the FileSuffix is one of the possible DER-encoded
certificate suffix.
@param[in] FileSuffix The suffix of the input certificate file
@@ -657,15 +655,11 @@ EnrollRsa2048ToKek (
ON_EXIT:
CloseFile (Private->FileContext->FHandle);
Private->FileContext->FHandle = NULL;
-
- if (Private->FileContext->FileName != NULL){
- FreePool(Private->FileContext->FileName);
- Private->FileContext->FileName = NULL;
- }
+ Private->FileContext->FileName = NULL;
if (Private->SignatureGUID != NULL) {
FreePool (Private->SignatureGUID);
Private->SignatureGUID = NULL;
}
@@ -783,15 +777,11 @@ EnrollX509ToKek (
}
ON_EXIT:
CloseFile (Private->FileContext->FHandle);
- if (Private->FileContext->FileName != NULL){
- FreePool(Private->FileContext->FileName);
- Private->FileContext->FileName = NULL;
- }
-
+ Private->FileContext->FileName = NULL;
Private->FileContext->FHandle = NULL;
if (Private->SignatureGUID != NULL) {
FreePool (Private->SignatureGUID);
Private->SignatureGUID = NULL;
@@ -957,15 +947,11 @@ EnrollX509toSigDB (
}
ON_EXIT:
CloseFile (Private->FileContext->FHandle);
- if (Private->FileContext->FileName != NULL){
- FreePool(Private->FileContext->FileName);
- Private->FileContext->FileName = NULL;
- }
-
+ Private->FileContext->FileName = NULL;
Private->FileContext->FHandle = NULL;
if (Private->SignatureGUID != NULL) {
FreePool (Private->SignatureGUID);
Private->SignatureGUID = NULL;
@@ -1521,15 +1507,11 @@ EnrollX509HashtoSigDB (
goto ON_EXIT;
}
ON_EXIT:
CloseFile (Private->FileContext->FHandle);
- if (Private->FileContext->FileName != NULL){
- FreePool(Private->FileContext->FileName);
- Private->FileContext->FileName = NULL;
- }
-
+ Private->FileContext->FileName = NULL;
Private->FileContext->FHandle = NULL;
if (Private->SignatureGUID != NULL) {
FreePool (Private->SignatureGUID);
Private->SignatureGUID = NULL;
@@ -2173,15 +2155,11 @@ EnrollImageSignatureToSigDB (
ON_EXIT:
CloseFile (Private->FileContext->FHandle);
Private->FileContext->FHandle = NULL;
-
- if (Private->FileContext->FileName != NULL){
- FreePool(Private->FileContext->FileName);
- Private->FileContext->FileName = NULL;
- }
+ Private->FileContext->FileName = NULL;
if (Private->SignatureGUID != NULL) {
FreePool (Private->SignatureGUID);
Private->SignatureGUID = NULL;
}
@@ -3454,24 +3432,20 @@ SecureBootCallback (
UINT16 LabelId;
UINT8 *SecureBootEnable;
UINT8 *SecureBootMode;
CHAR16 PromptString[100];
UINT8 CurSecureBootMode;
- EFI_DEVICE_PATH_PROTOCOL *File;
Status = EFI_SUCCESS;
SecureBootEnable = NULL;
SecureBootMode = NULL;
- File = NULL;
if ((This == NULL) || (Value == NULL) || (ActionRequest == NULL)) {
return EFI_INVALID_PARAMETER;
}
Private = SECUREBOOT_CONFIG_PRIVATE_FROM_THIS (This);
- gSecureBootPrivateData = Private;
-
//
// Retrieve uncommitted data from Browser
//
BufferSize = sizeof (SECUREBOOT_CONFIGURATION);
IfrNvData = AllocateZeroPool (BufferSize);
@@ -3485,11 +3459,10 @@ SecureBootCallback (
if (QuestionId == KEY_SECURE_BOOT_MODE) {
//
// Update secure boot strings when opening this form
//
Status = UpdateSecureBootString(Private);
- SecureBootExtractConfigFromVariable (IfrNvData);
mIsEnterSecureBootForm = TRUE;
} else if (QuestionId == KEY_TRANS_SECURE_BOOT_MODE){
//
// Secure Boot Policy variable changes after transition. Re-sync
CurSecureBootMode
//
@@ -3548,10 +3521,15 @@ SecureBootCallback (
);
}
}
break;
+ case KEY_SECURE_BOOT_OPTION:
+ FreeMenu (&DirectoryMenu);
+ FreeMenu (&FsOptionMenu);
+ break;
+
case KEY_SECURE_BOOT_KEK_OPTION:
case KEY_SECURE_BOOT_DB_OPTION:
case KEY_SECURE_BOOT_DBX_OPTION:
case KEY_SECURE_BOOT_DBT_OPTION:
//
@@ -3578,36 +3556,32 @@ SecureBootCallback (
//
// Refresh selected file.
//
CleanUpPage (LabelId, Private);
break;
- case KEY_SECURE_BOOT_PK_OPTION:
- LabelId = FORMID_ENROLL_PK_FORM;
- //
- // Refresh selected file.
- //
- CleanUpPage (LabelId, Private);
- break;
-
- case FORMID_ENROLL_PK_FORM:
- ChooseFile( NULL, NULL, (CHOOSE_HANDLER) UpdatePKFromFile, &File);
- break;
+ case SECUREBOOT_ADD_PK_FILE_FORM_ID:
case FORMID_ENROLL_KEK_FORM:
- ChooseFile( NULL, NULL, (CHOOSE_HANDLER) UpdateKEKFromFile, &File);
- break;
-
case SECUREBOOT_ENROLL_SIGNATURE_TO_DB:
- ChooseFile( NULL, NULL, (CHOOSE_HANDLER) UpdateDBFromFile, &File);
- break;
-
case SECUREBOOT_ENROLL_SIGNATURE_TO_DBX:
- ChooseFile( NULL, NULL, (CHOOSE_HANDLER) UpdateDBXFromFile, &File);
- break;
-
case SECUREBOOT_ENROLL_SIGNATURE_TO_DBT:
- ChooseFile( NULL, NULL, (CHOOSE_HANDLER) UpdateDBTFromFile, &File);
+ if (QuestionId == SECUREBOOT_ADD_PK_FILE_FORM_ID) {
+ Private->FeCurrentState = FileExplorerStateEnrollPkFile;
+ } else if (QuestionId == FORMID_ENROLL_KEK_FORM) {
+ Private->FeCurrentState = FileExplorerStateEnrollKekFile;
+ } else if (QuestionId == SECUREBOOT_ENROLL_SIGNATURE_TO_DB) {
+ Private->FeCurrentState = FileExplorerStateEnrollSignatureFileToDb;
+ } else if (QuestionId == SECUREBOOT_ENROLL_SIGNATURE_TO_DBX) {
+ Private->FeCurrentState = FileExplorerStateEnrollSignatureFileToDbx;
+ IfrNvData->CertificateFormat = HASHALG_SHA256;
+ } else {
+ Private->FeCurrentState = FileExplorerStateEnrollSignatureFileToDbt;
+ }
+
+ Private->FeDisplayContext = FileExplorerDisplayUnknown;
+ CleanUpPage (FORM_FILE_EXPLORER_ID, Private);
+ UpdateFileExplorer (Private, 0);
break;
case KEY_SECURE_BOOT_DELETE_PK:
if (Value->u8) {
CreatePopUp (
@@ -3746,28 +3720,10 @@ SecureBootCallback (
L"Only supports DER-encoded X509 certificate.",
NULL
);
}
break;
- case KEY_VALUE_SAVE_AND_EXIT_PK:
- Status = EnrollPlatformKey (Private);
- if (EFI_ERROR (Status)) {
- UnicodeSPrint (
- PromptString,
- sizeof (PromptString),
- L"Only DER encoded certificate file (%s) is supported.",
- mSupportX509Suffix
- );
- CreatePopUp (
- EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE,
- &Key,
- L"ERROR: Unsupported file type!",
- PromptString,
- NULL
- );
- }
- break;
case KEY_TRANS_SECURE_BOOT_MODE:
//
// Pop up to alert user want to change secure boot mode
//
if ((IfrNvData->CurSecureBootMode == SECURE_BOOT_MODE_USER_MODE &&
@@ -3816,11 +3772,13 @@ SecureBootCallback (
mIsSecureBootModeChanged = TRUE;
}
break;
default:
- if ((QuestionId >= OPTION_DEL_KEK_QUESTION_ID) &&
+ if (QuestionId >= FILE_OPTION_GOTO_OFFSET) {
+ UpdateFileExplorer (Private, QuestionId);
+ } else if ((QuestionId >= OPTION_DEL_KEK_QUESTION_ID) &&
(QuestionId < (OPTION_DEL_KEK_QUESTION_ID +
OPTION_CONFIG_RANGE))) {
DeleteKeyExchangeKey (Private, QuestionId);
} else if ((QuestionId >= OPTION_DEL_DB_QUESTION_ID) &&
(QuestionId < (OPTION_DEL_DB_QUESTION_ID +
OPTION_CONFIG_RANGE))) {
DeleteSignature (
@@ -3854,36 +3812,55 @@ SecureBootCallback (
OPTION_DEL_DBT_QUESTION_ID,
QuestionId - OPTION_DEL_DBT_QUESTION_ID
);
}
break;
+ }
+ } else if (Action == EFI_BROWSER_ACTION_CHANGED) {
+ switch (QuestionId) {
+ case KEY_SECURE_BOOT_ENABLE:
+ *ActionRequest = EFI_BROWSER_ACTION_REQUEST_FORM_APPLY;
+ break;
+ case KEY_VALUE_SAVE_AND_EXIT_PK:
+ Status = EnrollPlatformKey (Private);
+ if (EFI_ERROR (Status)) {
+ UnicodeSPrint (
+ PromptString,
+ sizeof (PromptString),
+ L"Only DER encoded certificate file (%s) is supported.",
+ mSupportX509Suffix
+ );
+ CreatePopUp (
+ EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE,
+ &Key,
+ L"ERROR: Unsupported file type!",
+ PromptString,
+ NULL
+ );
+ } else {
+ *ActionRequest = EFI_BROWSER_ACTION_REQUEST_RESET;
+ }
+ break;
case KEY_VALUE_NO_SAVE_AND_EXIT_PK:
case KEY_VALUE_NO_SAVE_AND_EXIT_KEK:
case KEY_VALUE_NO_SAVE_AND_EXIT_DB:
case KEY_VALUE_NO_SAVE_AND_EXIT_DBX:
case KEY_VALUE_NO_SAVE_AND_EXIT_DBT:
if (Private->FileContext->FHandle != NULL) {
CloseFile (Private->FileContext->FHandle);
Private->FileContext->FHandle = NULL;
- if (Private->FileContext->FileName!= NULL){
- FreePool(Private->FileContext->FileName);
- Private->FileContext->FileName = NULL;
- }
+ Private->FileContext->FileName = NULL;
}
if (Private->SignatureGUID != NULL) {
FreePool (Private->SignatureGUID);
Private->SignatureGUID = NULL;
}
+ *ActionRequest = EFI_BROWSER_ACTION_REQUEST_EXIT;
break;
- }
- } else if (Action == EFI_BROWSER_ACTION_CHANGED) {
- switch (QuestionId) {
- case KEY_SECURE_BOOT_ENABLE:
- *ActionRequest = EFI_BROWSER_ACTION_REQUEST_FORM_APPLY;
- break;
+
case KEY_SECURE_BOOT_MODE:
mIsEnterSecureBootForm = FALSE;
break;
case KEY_TRANS_SECURE_BOOT_MODE:
mIsSelectedSecureBootModeForm = FALSE;
@@ -3919,10 +3896,15 @@ SecureBootCallback (
IfrNvData->HasPk = TRUE;
*ActionRequest = EFI_BROWSER_ACTION_REQUEST_FORM_APPLY;
}
break;
default:
+ if (QuestionId >= FILE_OPTION_OFFSET && QuestionId <
FILE_OPTION_GOTO_OFFSET) {
+ if (UpdateFileExplorer (Private, QuestionId)) {
+ *ActionRequest = EFI_BROWSER_ACTION_REQUEST_EXIT;
+ }
+ }
break;
}
} else if (Action == EFI_BROWSER_ACTION_DEFAULT_STANDARD) {
if (QuestionId == KEY_HIDE_SECURE_BOOT) {
GetVariable2 (EFI_SECURE_BOOT_ENABLE_NAME,
&gEfiSecureBootEnableDisableGuid, (VOID**)&SecureBootEnable, NULL);
@@ -3955,15 +3937,10 @@ EXIT:
HiiSetBrowserData (&gSecureBootConfigFormSetGuid, mSecureBootStorageName,
BufferSize, (UINT8*) IfrNvData, NULL);
}
FreePool (IfrNvData);
- if (File != NULL){
- FreePool(File);
- File = NULL;
- }
-
return EFI_SUCCESS;
}
/**
This function publish the SecureBoot configuration Form.
@@ -4024,16 +4001,23 @@ InstallSecureBootConfigForm (
}
PrivateData->HiiHandle = HiiHandle;
PrivateData->FileContext = AllocateZeroPool (sizeof
(SECUREBOOT_FILE_CONTEXT));
+ PrivateData->MenuEntry = AllocateZeroPool (sizeof (SECUREBOOT_MENU_ENTRY));
- if (PrivateData->FileContext == NULL) {
+ if (PrivateData->FileContext == NULL || PrivateData->MenuEntry == NULL) {
UninstallSecureBootConfigForm (PrivateData);
return EFI_OUT_OF_RESOURCES;
}
+ PrivateData->FeCurrentState = FileExplorerStateInActive;
+ PrivateData->FeDisplayContext = FileExplorerDisplayUnknown;
+
+ InitializeListHead (&FsOptionMenu.Head);
+ InitializeListHead (&DirectoryMenu.Head);
+
//
// Init OpCode Handle and Allocate space for creation of Buffer
//
mStartOpCodeHandle = HiiAllocateOpCodeHandle ();
if (mStartOpCodeHandle == NULL) {
@@ -4109,16 +4093,23 @@ UninstallSecureBootConfigForm (
if (PrivateData->SignatureGUID != NULL) {
FreePool (PrivateData->SignatureGUID);
}
+ if (PrivateData->MenuEntry != NULL) {
+ FreePool (PrivateData->MenuEntry);
+ }
+
if (PrivateData->FileContext != NULL) {
FreePool (PrivateData->FileContext);
}
FreePool (PrivateData);
+ FreeMenu (&DirectoryMenu);
+ FreeMenu (&FsOptionMenu);
+
if (mStartOpCodeHandle != NULL) {
HiiFreeOpCodeHandle (mStartOpCodeHandle);
}
if (mEndOpCodeHandle != NULL) {
diff --git
a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.h
b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.h
index a8dbd92..bcb1c12 100644
---
a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.h
+++
b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.h
@@ -1,10 +1,10 @@
/** @file
The header file of HII Config Access protocol implementation of SecureBoot
configuration module.
-Copyright (c) 2011 - 2016, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2011 - 2014, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD
License
which accompanies this distribution. The full text of the license may be
found at
http://opensource.org/licenses/bsd-license.php
@@ -37,12 +37,10 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER
EXPRESS OR IMPLIED.
#include <Library/HiiLib.h>
#include <Library/DevicePathLib.h>
#include <Library/PrintLib.h>
#include <Library/PlatformSecureLib.h>
#include <Library/BaseCryptLib.h>
-#include <Library/FileExplorerLib.h>
-
#include <Guid/MdeModuleHii.h>
#include <Guid/AuthenticatedVariableFormat.h>
#include <Guid/FileSystemVolumeLabelInfo.h>
#include <Guid/ImageAuthentication.h>
#include <Guid/FileInfo.h>
@@ -118,10 +116,26 @@ typedef struct {
UINT64 Lun;
UINT16 TargetPortalGroupTag;
CHAR16 TargetName[1];
} ISCSI_DEVICE_PATH_WITH_NAME;
+typedef enum _FILE_EXPLORER_DISPLAY_CONTEXT {
+ FileExplorerDisplayFileSystem,
+ FileExplorerDisplayDirectory,
+ FileExplorerDisplayUnknown
+} FILE_EXPLORER_DISPLAY_CONTEXT;
+
+typedef enum _FILE_EXPLORER_STATE {
+ FileExplorerStateInActive = 0,
+ FileExplorerStateEnrollPkFile,
+ FileExplorerStateEnrollKekFile,
+ FileExplorerStateEnrollSignatureFileToDb,
+ FileExplorerStateEnrollSignatureFileToDbx,
+ FileExplorerStateEnrollSignatureFileToDbt,
+ FileExplorerStateUnknown
+} FILE_EXPLORER_STATE;
+
typedef struct {
CHAR16 *Str;
UINTN Len;
UINTN Maxlen;
} POOL_PRINT;
@@ -143,13 +157,36 @@ typedef struct {
UINTN Signature;
LIST_ENTRY Head;
UINTN MenuNumber;
} SECUREBOOT_MENU_OPTION;
+extern SECUREBOOT_MENU_OPTION FsOptionMenu;
+extern SECUREBOOT_MENU_OPTION DirectoryMenu;
+
+typedef struct {
+ UINTN Signature;
+ LIST_ENTRY Link;
+ UINTN OptionNumber;
+ UINT16 *DisplayString;
+ UINT16 *HelpString;
+ EFI_STRING_ID DisplayStringToken;
+ EFI_STRING_ID HelpStringToken;
+ VOID *FileContext;
+} SECUREBOOT_MENU_ENTRY;
+
typedef struct {
+ EFI_HANDLE Handle;
+ EFI_DEVICE_PATH_PROTOCOL *DevicePath;
EFI_FILE_HANDLE FHandle;
UINT16 *FileName;
+ EFI_FILE_SYSTEM_VOLUME_LABEL *Info;
+
+ BOOLEAN IsRoot;
+ BOOLEAN IsDir;
+ BOOLEAN IsRemovableMedia;
+ BOOLEAN IsLoadFile;
+ BOOLEAN IsBootLegacy;
} SECUREBOOT_FILE_CONTEXT;
//
// We define another format of 5th directory entry: security directory
@@ -177,17 +214,20 @@ typedef struct {
EFI_HII_CONFIG_ACCESS_PROTOCOL ConfigAccess;
EFI_HII_HANDLE HiiHandle;
EFI_HANDLE DriverHandle;
+ FILE_EXPLORER_STATE FeCurrentState;
+ FILE_EXPLORER_DISPLAY_CONTEXT FeDisplayContext;
+
+ SECUREBOOT_MENU_ENTRY *MenuEntry;
SECUREBOOT_FILE_CONTEXT *FileContext;
EFI_GUID *SignatureGUID;
} SECUREBOOT_CONFIG_PRIVATE_DATA;
extern SECUREBOOT_CONFIG_PRIVATE_DATA
mSecureBootConfigPrivateDateTemplate;
-extern SECUREBOOT_CONFIG_PRIVATE_DATA *gSecureBootPrivateData;
#define SECUREBOOT_CONFIG_PRIVATE_DATA_SIGNATURE SIGNATURE_32 ('S', 'E',
'C', 'B')
#define SECUREBOOT_CONFIG_PRIVATE_FROM_THIS(a) CR (a,
SECUREBOOT_CONFIG_PRIVATE_DATA, ConfigAccess,
SECUREBOOT_CONFIG_PRIVATE_DATA_SIGNATURE)
//
@@ -454,10 +494,39 @@ CleanUpPage (
IN SECUREBOOT_CONFIG_PRIVATE_DATA *PrivateData
);
/**
+ Update the file explorer page with the refreshed file system.
+
+ @param[in] PrivateData Module private data.
+ @param[in] KeyValue Key value to identify the type of data to expect.
+
+ @retval TRUE Inform the caller to create a callback packet to
exit file explorer.
+ @retval FALSE Indicate that there is no need to exit file explorer.
+
+**/
+BOOLEAN
+UpdateFileExplorer (
+ IN SECUREBOOT_CONFIG_PRIVATE_DATA *PrivateData,
+ IN UINT16 KeyValue
+ );
+
+
+/**
+ Free resources allocated in Allocate Rountine.
+
+ @param[in, out] MenuOption Menu to be freed
+
+**/
+VOID
+FreeMenu (
+ IN OUT SECUREBOOT_MENU_OPTION *MenuOption
+ );
+
+
+/**
Read file content into BufferPtr, the size of the allocate buffer
is *FileSize plus AddtionAllocateSize.
@param[in] FileHandle The file to be read.
@param[in, out] BufferPtr Pointers to the pointer of allocated
buffer.
@@ -550,71 +619,6 @@ GuidToString (
IN EFI_GUID *Guid,
IN CHAR16 *Buffer,
IN UINTN BufferSize
);
-/**
- Update the PK form base on the input file path info.
-
- @param FilePath Point to the file path.
-
- @retval TRUE Exit caller function.
- @retval FALSE Not exit caller function.
-**/
-BOOLEAN
-UpdatePKFromFile (
- IN EFI_DEVICE_PATH_PROTOCOL *FilePath
- );
-
-/**
- Update the KEK form base on the input file path info.
-
- @param FilePath Point to the file path.
-
- @retval TRUE Exit caller function.
- @retval FALSE Not exit caller function.
-**/
-BOOLEAN
-UpdateKEKFromFile (
- IN EFI_DEVICE_PATH_PROTOCOL *FilePath
- );
-
-/**
- Update the DB form base on the input file path info.
-
- @param FilePath Point to the file path.
-
- @retval TRUE Exit caller function.
- @retval FALSE Not exit caller function.
-**/
-BOOLEAN
-UpdateDBFromFile (
- IN EFI_DEVICE_PATH_PROTOCOL *FilePath
- );
-
-/**
- Update the DBX form base on the input file path info.
-
- @param FilePath Point to the file path.
-
- @retval TRUE Exit caller function.
- @retval FALSE Not exit caller function.
-**/
-BOOLEAN
-UpdateDBXFromFile (
- IN EFI_DEVICE_PATH_PROTOCOL *FilePath
- );
-
-/**
- Update the DBT form base on the input file path info.
-
- @param FilePath Point to the file path.
-
- @retval TRUE Exit caller function.
- @retval FALSE Not exit caller function.
-**/
-BOOLEAN
-UpdateDBTFromFile (
- IN EFI_DEVICE_PATH_PROTOCOL *FilePath
- );
-
#endif
diff --git
a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigNvData.h
b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigNvData.h
index cf8dc88..101b605 100644
---
a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigNvData.h
+++
b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigNvData.h
@@ -34,13 +34,19 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER
EXPRESS OR IMPLIED.
#define FORMID_DELETE_KEK_FORM 0x0a
#define SECUREBOOT_ENROLL_SIGNATURE_TO_DB 0x0b
#define SECUREBOOT_DELETE_SIGNATURE_FROM_DB 0x0c
#define SECUREBOOT_ENROLL_SIGNATURE_TO_DBX 0x0d
#define SECUREBOOT_DELETE_SIGNATURE_FROM_DBX 0x0e
+#define FORM_FILE_EXPLORER_ID 0x0f
+#define FORM_FILE_EXPLORER_ID_PK 0x10
+#define FORM_FILE_EXPLORER_ID_KEK 0x11
+#define FORM_FILE_EXPLORER_ID_DB 0x12
+#define FORM_FILE_EXPLORER_ID_DBX 0x13
#define FORMID_SECURE_BOOT_DBT_OPTION_FORM 0x14
#define SECUREBOOT_ENROLL_SIGNATURE_TO_DBT 0x15
#define SECUREBOOT_DELETE_SIGNATURE_FROM_DBT 0x16
+#define FORM_FILE_EXPLORER_ID_DBT 0x17
#define SECURE_BOOT_MODE_CUSTOM 0x01
#define SECURE_BOOT_MODE_STANDARD 0x00
#define KEY_SECURE_BOOT_ENABLE 0x1000
@@ -103,10 +109,14 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER
EXPRESS OR IMPLIED.
//
// Question ID 0x5000 ~ 0x5FFF is for DBT
//
#define OPTION_DEL_DBT_QUESTION_ID 0x5000
+#define FILE_OPTION_GOTO_OFFSET 0xC000
+#define FILE_OPTION_OFFSET 0x8000
+#define FILE_OPTION_MASK 0x3FFF
+
#define SECURE_BOOT_GUID_SIZE 36
#define SECURE_BOOT_GUID_STORAGE_SIZE 37
#define SECURE_BOOT_MODE_USER_MODE 0
#define SECURE_BOOT_MODE_SETUP_MODE 1
--
1.9.5.msysgit.1
_______________________________________________
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel
