Revision: 13546
http://edk2.svn.sourceforge.net/edk2/?rev=13546&view=rev
Author: sfu5
Date: 2012-07-23 01:03:53 +0000 (Mon, 23 Jul 2012)
Log Message:
-----------
Update the secure boot configuration UI to accept *.crt certificate file.
Signed-off-by: Fu Siyuan <[email protected]>
Reviewed-by: Dong Guo <[email protected]>
Reviewed-by: Ye Ting <[email protected]>
Modified Paths:
--------------
trunk/edk2/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.c
Modified:
trunk/edk2/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.c
===================================================================
---
trunk/edk2/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.c
2012-07-23 00:59:26 UTC (rev 13545)
+++
trunk/edk2/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.c
2012-07-23 01:03:53 UTC (rev 13546)
@@ -68,8 +68,9 @@
{ L"SHA512", 64, &mHashOidValue[40], 9, NULL, NULL,
NULL, NULL }
};
-
-// Variable Definitions
+//
+// Variable Definitions
+//
UINT32 mPeCoffHeaderOffset = 0;
WIN_CERTIFICATE *mCertificate = NULL;
IMAGE_TYPE mImageType;
@@ -81,8 +82,41 @@
EFI_IMAGE_SECURITY_DATA_DIRECTORY *mSecDataDir = NULL;
EFI_IMAGE_OPTIONAL_HEADER_PTR_UNION mNtHeader;
+//
+// Possible DER-encoded certificate file suffixes, end with NULL pointer.
+//
+CHAR16* mDerEncodedSuffix[] = {
+ L".cer",
+ L".der",
+ L".crt",
+ NULL
+};
+CHAR16* mSupportX509Suffix = L"*.cer/der/crt";
/**
+ This code checks if the FileSuffix is one of the possible DER-encoded
certificate suffix.
+
+ @param[in] FileSuffix The suffix of the input certificate file
+
+ @retval TRUE It's a DER-encoded certificate.
+ @retval FALSE It's NOT a DER-encoded certificate.
+
+**/
+BOOLEAN
+IsDerEncodeCertificate (
+ IN CONST CHAR16 *FileSuffix
+)
+{
+ UINTN Index;
+ for (Index = 0; mDerEncodedSuffix[Index] != NULL; Index++) {
+ if (StrCmp (FileSuffix, mDerEncodedSuffix[Index]) == 0) {
+ return TRUE;
+ }
+ }
+ return FALSE;
+}
+
+/**
Set Secure Boot option into variable space.
@param[in] VarValue The option of Secure Boot.
@@ -347,11 +381,11 @@
PkCert = NULL;
//
- // Parse the file's postfix. Only support DER encoded X.509 certificate
files (*.cer or *.der).
+ // Parse the file's postfix. Only support DER encoded X.509 certificate
files.
//
FilePostFix = Private->FileContext->FileName + StrLen
(Private->FileContext->FileName) - 4;
- if ((CompareMem (FilePostFix, L".cer",4) != 0) && (CompareMem (FilePostFix,
L".der",4) != 0)) {
- DEBUG ((EFI_D_ERROR, "Unsupported file type, only DER encoded certificate
file (*.cer or *.der) is supported."));
+ if (!IsDerEncodeCertificate(FilePostFix)) {
+ DEBUG ((EFI_D_ERROR, "Unsupported file type, only DER encoded certificate
(%s) is supported.", mSupportX509Suffix));
return EFI_INVALID_PARAMETER;
}
DEBUG ((EFI_D_INFO, "FileName= %s\n", Private->FileContext->FileName));
@@ -738,11 +772,11 @@
}
//
- // Parse the file's postfix. Supports .cer and .der file as X509
certificate,
+ // Parse the file's postfix. Supports DER-encoded X509 certificate,
// and .pbk as RSA public key file.
//
FilePostFix = Private->FileContext->FileName + StrLen
(Private->FileContext->FileName) - 4;
- if ((CompareMem (FilePostFix, L".cer",4) == 0) || (CompareMem (FilePostFix,
L".der",4) == 0)) {
+ if (IsDerEncodeCertificate(FilePostFix)) {
return EnrollX509ToKek (Private);
} else if (CompareMem (FilePostFix, L".pbk",4) == 0) {
return EnrollRsa2048ToKek (Private);
@@ -1483,9 +1517,9 @@
// Parse the file's postfix.
//
FilePostFix = Private->FileContext->FileName + StrLen
(Private->FileContext->FileName) - 4;
- if ((CompareMem (FilePostFix, L".cer",4) == 0) || (CompareMem (FilePostFix,
L".der",4) == 0)) {
+ if (IsDerEncodeCertificate(FilePostFix)) {
//
- // Supports .cer and .der file as X509 certificate.
+ // Supports DER-encoded X509 certificate.
//
return EnrollX509toSigDB (Private, VariableName);
}
@@ -2321,6 +2355,7 @@
SECUREBOOT_CONFIGURATION *IfrNvData;
UINT16 LabelId;
UINT8 *SecureBootEnable;
+ CHAR16 PromptString[100];
SecureBootEnable = NULL;
@@ -2509,11 +2544,18 @@
break;
case KEY_VALUE_SAVE_AND_EXIT_PK:
Status = EnrollPlatformKey (Private);
+ UnicodeSPrint (
+ PromptString,
+ sizeof (PromptString),
+ L"Only DER encoded certificate file (%s) is supported.",
+ mSupportX509Suffix
+ );
if (EFI_ERROR (Status)) {
CreatePopUp (
EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE,
&Key,
- L"ERROR: Unsupported file type, only DER encoded certificate file
(*.cer or *.der) is supported!",
+ L"ERROR: Unsupported file type!",
+ PromptString,
NULL
);
} else {
This was sent by the SourceForge.net collaborative development platform, the
world's largest Open Source development site.
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
edk2-commits mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/edk2-commits
