Revision: 14234
http://edk2.svn.sourceforge.net/edk2/?rev=14234&view=rev
Author: vanjeff
Date: 2013-04-02 02:12:05 +0000 (Tue, 02 Apr 2013)
Log Message:
-----------
Sync patches r13990, r14038, r14042, r14050 and r14085 from main trunk.
1. Add a NULL string to the Image Execution Information Table if the Name is
NULL in function AddImageExeInfo().
2. Add the TPL raise/restore code for VariableSmmRuntimeDxe to avoid variable
services reentry.
3. Set the secure boot state to Standard Mode when user leaving secure boot
setup page.
4. Add 'Current SecureBoot State' field to reflect current secure boot status
of the platform.
5. Fix the issue that RuntimeServiceQueryVariableInfo() in
VariableSmmRuntimeDxe always return EFI_SUCCESS.
6. Variables with state VAR_ADDED&VAR_IN_DELETED_TRANSITION should be
considered as valid variables if there is no duplicated ones with VAR_ADDED
state.
Revision Links:
--------------
http://edk2.svn.sourceforge.net/edk2/?rev=13990&view=rev
http://edk2.svn.sourceforge.net/edk2/?rev=14038&view=rev
http://edk2.svn.sourceforge.net/edk2/?rev=14042&view=rev
http://edk2.svn.sourceforge.net/edk2/?rev=14050&view=rev
http://edk2.svn.sourceforge.net/edk2/?rev=14085&view=rev
Modified Paths:
--------------
branches/UDK2010.SR1/MdeModulePkg/Universal/Variable/Pei/Variable.c
branches/UDK2010.SR1/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.c
branches/UDK2010.SR1/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
branches/UDK2010.SR1/SecurityPkg/VariableAuthenticated/Pei/Variable.c
branches/UDK2010.SR1/SecurityPkg/VariableAuthenticated/RuntimeDxe/AuthService.c
branches/UDK2010.SR1/SecurityPkg/VariableAuthenticated/RuntimeDxe/VariableSmmRuntimeDxe.c
branches/UDK2010.SR1/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfig.vfr
branches/UDK2010.SR1/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.c
branches/UDK2010.SR1/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigNvData.h
branches/UDK2010.SR1/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigStrings.uni
Modified: branches/UDK2010.SR1/MdeModulePkg/Universal/Variable/Pei/Variable.c
===================================================================
--- branches/UDK2010.SR1/MdeModulePkg/Universal/Variable/Pei/Variable.c
2013-04-01 08:28:05 UTC (rev 14233)
+++ branches/UDK2010.SR1/MdeModulePkg/Universal/Variable/Pei/Variable.c
2013-04-02 02:12:05 UTC (rev 14234)
@@ -3,7 +3,7 @@
Implement ReadOnly Variable Services required by PEIM and install
PEI ReadOnly Varaiable2 PPI. These services operates the non volatile
storage space.
-Copyright (c) 2006 - 2011, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2006 - 2013, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD
License
which accompanies this distribution. The full text of the license may be
found at
@@ -430,6 +430,7 @@
UINTN Index;
UINTN Offset;
BOOLEAN StopRecord;
+ VARIABLE_HEADER *InDeletedVariable;
if (VariableStoreHeader == NULL) {
return EFI_INVALID_PARAMETER;
@@ -446,6 +447,8 @@
PtrTrack->StartPtr = GetStartPointer (VariableStoreHeader);
PtrTrack->EndPtr = GetEndPointer (VariableStoreHeader);
+ InDeletedVariable = NULL;
+
//
// No Variable Address equals zero, so 0 as initial value is safe.
//
@@ -461,15 +464,20 @@
Offset += IndexTable->Index[Index];
MaxIndex = (VARIABLE_HEADER *) ((UINT8 *) IndexTable->StartPtr +
Offset);
if (CompareWithValidVariable (MaxIndex, VariableName, VendorGuid,
PtrTrack) == EFI_SUCCESS) {
- return EFI_SUCCESS;
+ if (PtrTrack->CurrPtr->State == (VAR_IN_DELETED_TRANSITION &
VAR_ADDED)) {
+ InDeletedVariable = PtrTrack->CurrPtr;
+ } else {
+ return EFI_SUCCESS;
+ }
}
}
if (IndexTable->GoneThrough != 0) {
//
- // If the table has all the existing variables indexed and we still
cannot find it.
+ // If the table has all the existing variables indexed, return.
//
- return EFI_NOT_FOUND;
+ PtrTrack->CurrPtr = InDeletedVariable;
+ return (PtrTrack->CurrPtr == NULL) ? EFI_NOT_FOUND : EFI_SUCCESS;
}
}
@@ -490,11 +498,11 @@
}
//
- // Find the variable by walk through non-volatile variable store
+ // Find the variable by walk through variable store
//
StopRecord = FALSE;
while ((Variable < PtrTrack->EndPtr) && IsValidVariableHeader (Variable)) {
- if (Variable->State == VAR_ADDED) {
+ if (Variable->State == VAR_ADDED || Variable->State ==
(VAR_IN_DELETED_TRANSITION & VAR_ADDED)) {
//
// Record Variable in VariableIndex HOB
//
@@ -513,7 +521,11 @@
}
if (CompareWithValidVariable (Variable, VariableName, VendorGuid,
PtrTrack) == EFI_SUCCESS) {
- return EFI_SUCCESS;
+ if (PtrTrack->CurrPtr->State == (VAR_IN_DELETED_TRANSITION &
VAR_ADDED)) {
+ InDeletedVariable = PtrTrack->CurrPtr;
+ } else {
+ return EFI_SUCCESS;
+ }
}
}
@@ -526,9 +538,9 @@
IndexTable->GoneThrough = 1;
}
- PtrTrack->CurrPtr = NULL;
+ PtrTrack->CurrPtr = InDeletedVariable;
- return EFI_NOT_FOUND;
+ return (PtrTrack->CurrPtr == NULL) ? EFI_NOT_FOUND : EFI_SUCCESS;
}
/**
@@ -691,6 +703,8 @@
VARIABLE_STORE_TYPE Type;
VARIABLE_POINTER_TRACK Variable;
VARIABLE_POINTER_TRACK VariableInHob;
+ VARIABLE_POINTER_TRACK VariablePtrTrack;
+ VARIABLE_INDEX_TABLE *IndexTable;
UINTN VarNameSize;
EFI_STATUS Status;
VARIABLE_STORE_HEADER *VariableStoreHeader[VariableStoreTypeMax];
@@ -752,7 +766,32 @@
Variable.CurrPtr = Variable.StartPtr;
}
- if (Variable.CurrPtr->State == VAR_ADDED) {
+ if (Variable.CurrPtr->State == VAR_ADDED || Variable.CurrPtr->State ==
(VAR_IN_DELETED_TRANSITION & VAR_ADDED)) {
+ if (Variable.CurrPtr->State == (VAR_IN_DELETED_TRANSITION & VAR_ADDED)) {
+ //
+ // If it is a IN_DELETED_TRANSITION variable,
+ // and there is also a same ADDED one at the same time,
+ // don't return it.
+ //
+ for (Type = (VARIABLE_STORE_TYPE) 0; Type < VariableStoreTypeMax;
Type++) {
+ if ((VariableStoreHeader[Type] != NULL) && (Variable.StartPtr ==
GetStartPointer (VariableStoreHeader[Type]))) {
+ break;
+ }
+ }
+ ASSERT (Type < VariableStoreTypeMax);
+ GetVariableStore (Type, &IndexTable);
+ Status = FindVariableEx (
+ VariableStoreHeader[Type],
+ IndexTable,
+ GetVariableNamePtr (Variable.CurrPtr),
+ &Variable.CurrPtr->VendorGuid,
+ &VariablePtrTrack
+ );
+ if (!EFI_ERROR (Status) && VariablePtrTrack.CurrPtr->State ==
VAR_ADDED) {
+ Variable.CurrPtr = GetNextVariablePtr (Variable.CurrPtr);
+ continue;
+ }
+ }
//
// Don't return NV variable when HOB overrides it
Modified:
branches/UDK2010.SR1/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.c
===================================================================
---
branches/UDK2010.SR1/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.c
2013-04-01 08:28:05 UTC (rev 14233)
+++
branches/UDK2010.SR1/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.c
2013-04-02 02:12:05 UTC (rev 14234)
@@ -4,7 +4,7 @@
and volatile storage space and install variable architecture protocol
based on SMM variable module.
-Copyright (c) 2010 - 2011, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2010 - 2013, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD
License
which accompanies this distribution. The full text of the license may be
found at
@@ -42,9 +42,53 @@
UINT8 *mVariableBuffer = NULL;
UINT8 *mVariableBufferPhysical = NULL;
UINTN mVariableBufferSize;
+EFI_LOCK mVariableServicesLock;
+/**
+ Acquires lock only at boot time. Simply returns at runtime.
+ This is a temperary function that will be removed when
+ EfiAcquireLock() in UefiLib can handle the call in UEFI
+ Runtimer driver in RT phase.
+ It calls EfiAcquireLock() at boot time, and simply returns
+ at runtime.
+
+ @param Lock A pointer to the lock to acquire.
+
+**/
+VOID
+AcquireLockOnlyAtBootTime (
+ IN EFI_LOCK *Lock
+ )
+{
+ if (!EfiAtRuntime ()) {
+ EfiAcquireLock (Lock);
+ }
+}
+
/**
+ Releases lock only at boot time. Simply returns at runtime.
+
+ This is a temperary function which will be removed when
+ EfiReleaseLock() in UefiLib can handle the call in UEFI
+ Runtimer driver in RT phase.
+ It calls EfiReleaseLock() at boot time and simply returns
+ at runtime.
+
+ @param Lock A pointer to the lock to release.
+
+**/
+VOID
+ReleaseLockOnlyAtBootTime (
+ IN EFI_LOCK *Lock
+ )
+{
+ if (!EfiAtRuntime ()) {
+ EfiReleaseLock (Lock);
+ }
+}
+
+/**
Initialize the communicate buffer using DataSize and Function.
The communicate size is: SMM_COMMUNICATE_HEADER_SIZE +
SMM_VARIABLE_COMMUNICATE_HEADER_SIZE +
@@ -153,15 +197,17 @@
if ((*DataSize != 0) && (Data == NULL)) {
return EFI_INVALID_PARAMETER;
}
-
+
+ AcquireLockOnlyAtBootTime(&mVariableServicesLock);
+
//
// Init the communicate buffer. The buffer data size is:
- // SMM_COMMUNICATE_HEADER_SIZE + SMM_VARIABLE_COMMUNICATE_HEADER_SIZE +
PayloadSize + DataSize.
+ // SMM_COMMUNICATE_HEADER_SIZE + SMM_VARIABLE_COMMUNICATE_HEADER_SIZE +
PayloadSize.
//
PayloadSize = OFFSET_OF (SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE, Name) +
StrSize (VariableName) + *DataSize;
Status = InitCommunicateBuffer ((VOID **)&SmmVariableHeader, PayloadSize,
SMM_VARIABLE_FUNCTION_GET_VARIABLE);
if (EFI_ERROR (Status)) {
- return Status;
+ goto Done;
}
ASSERT (SmmVariableHeader != NULL);
@@ -189,11 +235,13 @@
}
if (EFI_ERROR (Status)) {
- return Status;
+ goto Done;
}
CopyMem (Data, (UINT8 *)SmmVariableHeader->Name +
SmmVariableHeader->NameSize, SmmVariableHeader->DataSize);
+Done:
+ ReleaseLockOnlyAtBootTime (&mVariableServicesLock);
return Status;
}
@@ -226,7 +274,9 @@
if (VariableNameSize == NULL || VariableName == NULL || VendorGuid == NULL) {
return EFI_INVALID_PARAMETER;
}
-
+
+ AcquireLockOnlyAtBootTime(&mVariableServicesLock);
+
//
// Init the communicate buffer. The buffer data size is:
// SMM_COMMUNICATE_HEADER_SIZE + SMM_VARIABLE_COMMUNICATE_HEADER_SIZE +
PayloadSize.
@@ -234,7 +284,7 @@
PayloadSize = OFFSET_OF (SMM_VARIABLE_COMMUNICATE_GET_NEXT_VARIABLE_NAME,
Name) + *VariableNameSize;
Status = InitCommunicateBuffer ((VOID **)&SmmGetNextVariableName,
PayloadSize, SMM_VARIABLE_FUNCTION_GET_NEXT_VARIABLE_NAME);
if (EFI_ERROR (Status)) {
- return Status;
+ goto Done;
}
ASSERT (SmmGetNextVariableName != NULL);
@@ -252,12 +302,14 @@
//
*VariableNameSize = SmmGetNextVariableName->NameSize;
if (EFI_ERROR (Status)) {
- return Status;
+ goto Done;
}
CopyGuid (VendorGuid, &SmmGetNextVariableName->Guid);
CopyMem (VariableName, SmmGetNextVariableName->Name,
SmmGetNextVariableName->NameSize);
+Done:
+ ReleaseLockOnlyAtBootTime (&mVariableServicesLock);
return Status;
}
@@ -302,7 +354,9 @@
if (DataSize != 0 && Data == NULL) {
return EFI_INVALID_PARAMETER;
}
-
+
+ AcquireLockOnlyAtBootTime(&mVariableServicesLock);
+
//
// Init the communicate buffer. The buffer data size is:
// SMM_COMMUNICATE_HEADER_SIZE + SMM_VARIABLE_COMMUNICATE_HEADER_SIZE +
PayloadSize.
@@ -310,7 +364,7 @@
PayloadSize = OFFSET_OF (SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE, Name) +
StrSize (VariableName) + DataSize;
Status = InitCommunicateBuffer ((VOID **)&SmmVariableHeader, PayloadSize,
SMM_VARIABLE_FUNCTION_SET_VARIABLE);
if (EFI_ERROR (Status)) {
- return Status;
+ goto Done;
}
ASSERT (SmmVariableHeader != NULL);
@@ -325,7 +379,9 @@
// Send data to SMM.
//
Status = SendCommunicateBuffer (PayloadSize);
-
+
+Done:
+ ReleaseLockOnlyAtBootTime (&mVariableServicesLock);
return Status;
}
@@ -363,7 +419,9 @@
if(MaximumVariableStorageSize == NULL || RemainingVariableStorageSize ==
NULL || MaximumVariableSize == NULL || Attributes == 0) {
return EFI_INVALID_PARAMETER;
}
-
+
+ AcquireLockOnlyAtBootTime(&mVariableServicesLock);
+
//
// Init the communicate buffer. The buffer data size is:
// SMM_COMMUNICATE_HEADER_SIZE + SMM_VARIABLE_COMMUNICATE_HEADER_SIZE +
PayloadSize;
@@ -371,7 +429,7 @@
PayloadSize = sizeof (SMM_VARIABLE_COMMUNICATE_QUERY_VARIABLE_INFO);
Status = InitCommunicateBuffer ((VOID **)&SmmQueryVariableInfo, PayloadSize,
SMM_VARIABLE_FUNCTION_QUERY_VARIABLE_INFO);
if (EFI_ERROR (Status)) {
- return Status;
+ goto Done;
}
ASSERT (SmmQueryVariableInfo != NULL);
@@ -382,7 +440,7 @@
//
Status = SendCommunicateBuffer (PayloadSize);
if (EFI_ERROR (Status)) {
- return Status;
+ goto Done;
}
//
@@ -391,8 +449,10 @@
*MaximumVariableSize = SmmQueryVariableInfo->MaximumVariableSize;
*MaximumVariableStorageSize =
SmmQueryVariableInfo->MaximumVariableStorageSize;
*RemainingVariableStorageSize =
SmmQueryVariableInfo->RemainingVariableStorageSize;
-
- return EFI_SUCCESS;
+
+Done:
+ ReleaseLockOnlyAtBootTime (&mVariableServicesLock);
+ return Status;
}
@@ -589,7 +649,9 @@
VOID *SmmVariableWriteRegistration;
EFI_EVENT OnReadyToBootEvent;
EFI_EVENT ExitBootServiceEvent;
-
+
+ EfiInitializeLock (&mVariableServicesLock, TPL_NOTIFY);
+
//
// Smm variable service is ready
//
Modified:
branches/UDK2010.SR1/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
===================================================================
---
branches/UDK2010.SR1/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
2013-04-01 08:28:05 UTC (rev 14233)
+++
branches/UDK2010.SR1/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
2013-04-02 02:12:05 UTC (rev 14234)
@@ -715,14 +715,15 @@
if (Name != NULL) {
NameStringLen = StrSize (Name);
+ } else {
+ NameStringLen = sizeof (CHAR16);
}
- ImageExeInfoTable = NULL;
EfiGetSystemConfigurationTable (&gEfiImageSecurityDatabaseGuid, (VOID **)
&ImageExeInfoTable);
if (ImageExeInfoTable != NULL) {
//
// The table has been found!
- // We must enlarge the table to accmodate the new exe info entry.
+ // We must enlarge the table to accomodate the new exe info entry.
//
ImageExeInfoTableSize = GetImageExeInfoTableSize (ImageExeInfoTable);
} else {
@@ -755,6 +756,8 @@
if (Name != NULL) {
CopyMem ((UINT8 *) &ImageExeInfoEntry->InfoSize + sizeof (UINT32), Name,
NameStringLen);
+ } else {
+ ZeroMem ((UINT8 *) &ImageExeInfoEntry->InfoSize + sizeof (UINT32), sizeof
(CHAR16));
}
CopyMem (
(UINT8 *) &ImageExeInfoEntry->InfoSize + sizeof (UINT32) + NameStringLen,
Modified: branches/UDK2010.SR1/SecurityPkg/VariableAuthenticated/Pei/Variable.c
===================================================================
--- branches/UDK2010.SR1/SecurityPkg/VariableAuthenticated/Pei/Variable.c
2013-04-01 08:28:05 UTC (rev 14233)
+++ branches/UDK2010.SR1/SecurityPkg/VariableAuthenticated/Pei/Variable.c
2013-04-02 02:12:05 UTC (rev 14234)
@@ -3,7 +3,7 @@
ReadOnly Varaiable2 PPI. These services operates the non-volatile
storage space.
-Copyright (c) 2009 - 2011, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2009 - 2013, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD
License
which accompanies this distribution. The full text of the license may be
found at
@@ -428,6 +428,7 @@
UINTN Index;
UINTN Offset;
BOOLEAN StopRecord;
+ VARIABLE_HEADER *InDeletedVariable;
if (VariableStoreHeader == NULL) {
return EFI_INVALID_PARAMETER;
@@ -444,6 +445,8 @@
PtrTrack->StartPtr = GetStartPointer (VariableStoreHeader);
PtrTrack->EndPtr = GetEndPointer (VariableStoreHeader);
+ InDeletedVariable = NULL;
+
//
// No Variable Address equals zero, so 0 as initial value is safe.
//
@@ -459,15 +462,20 @@
Offset += IndexTable->Index[Index];
MaxIndex = (VARIABLE_HEADER *) ((UINT8 *) IndexTable->StartPtr +
Offset);
if (CompareWithValidVariable (MaxIndex, VariableName, VendorGuid,
PtrTrack) == EFI_SUCCESS) {
- return EFI_SUCCESS;
+ if (PtrTrack->CurrPtr->State == (VAR_IN_DELETED_TRANSITION &
VAR_ADDED)) {
+ InDeletedVariable = PtrTrack->CurrPtr;
+ } else {
+ return EFI_SUCCESS;
+ }
}
}
if (IndexTable->GoneThrough != 0) {
//
- // If the table has all the existing variables indexed and we still
cannot find it.
+ // If the table has all the existing variables indexed, return.
//
- return EFI_NOT_FOUND;
+ PtrTrack->CurrPtr = InDeletedVariable;
+ return (PtrTrack->CurrPtr == NULL) ? EFI_NOT_FOUND : EFI_SUCCESS;
}
}
@@ -488,11 +496,11 @@
}
//
- // Find the variable by walk through non-volatile variable store
+ // Find the variable by walk through variable store
//
StopRecord = FALSE;
while ((Variable < PtrTrack->EndPtr) && IsValidVariableHeader (Variable)) {
- if (Variable->State == VAR_ADDED) {
+ if (Variable->State == VAR_ADDED || Variable->State ==
(VAR_IN_DELETED_TRANSITION & VAR_ADDED)) {
//
// Record Variable in VariableIndex HOB
//
@@ -511,7 +519,11 @@
}
if (CompareWithValidVariable (Variable, VariableName, VendorGuid,
PtrTrack) == EFI_SUCCESS) {
- return EFI_SUCCESS;
+ if (PtrTrack->CurrPtr->State == (VAR_IN_DELETED_TRANSITION &
VAR_ADDED)) {
+ InDeletedVariable = PtrTrack->CurrPtr;
+ } else {
+ return EFI_SUCCESS;
+ }
}
}
@@ -524,9 +536,9 @@
IndexTable->GoneThrough = 1;
}
- PtrTrack->CurrPtr = NULL;
+ PtrTrack->CurrPtr = InDeletedVariable;
- return EFI_NOT_FOUND;
+ return (PtrTrack->CurrPtr == NULL) ? EFI_NOT_FOUND : EFI_SUCCESS;
}
/**
@@ -689,6 +701,8 @@
VARIABLE_STORE_TYPE Type;
VARIABLE_POINTER_TRACK Variable;
VARIABLE_POINTER_TRACK VariableInHob;
+ VARIABLE_POINTER_TRACK VariablePtrTrack;
+ VARIABLE_INDEX_TABLE *IndexTable;
UINTN VarNameSize;
EFI_STATUS Status;
VARIABLE_STORE_HEADER *VariableStoreHeader[VariableStoreTypeMax];
@@ -750,7 +764,32 @@
Variable.CurrPtr = Variable.StartPtr;
}
- if (Variable.CurrPtr->State == VAR_ADDED) {
+ if (Variable.CurrPtr->State == VAR_ADDED || Variable.CurrPtr->State ==
(VAR_IN_DELETED_TRANSITION & VAR_ADDED)) {
+ if (Variable.CurrPtr->State == (VAR_IN_DELETED_TRANSITION & VAR_ADDED)) {
+ //
+ // If it is a IN_DELETED_TRANSITION variable,
+ // and there is also a same ADDED one at the same time,
+ // don't return it.
+ //
+ for (Type = (VARIABLE_STORE_TYPE) 0; Type < VariableStoreTypeMax;
Type++) {
+ if ((VariableStoreHeader[Type] != NULL) && (Variable.StartPtr ==
GetStartPointer (VariableStoreHeader[Type]))) {
+ break;
+ }
+ }
+ ASSERT (Type < VariableStoreTypeMax);
+ GetVariableStore (Type, &IndexTable);
+ Status = FindVariableEx (
+ VariableStoreHeader[Type],
+ IndexTable,
+ GetVariableNamePtr (Variable.CurrPtr),
+ &Variable.CurrPtr->VendorGuid,
+ &VariablePtrTrack
+ );
+ if (!EFI_ERROR (Status) && VariablePtrTrack.CurrPtr->State ==
VAR_ADDED) {
+ Variable.CurrPtr = GetNextVariablePtr (Variable.CurrPtr);
+ continue;
+ }
+ }
//
// Don't return NV variable when HOB overrides it
Modified:
branches/UDK2010.SR1/SecurityPkg/VariableAuthenticated/RuntimeDxe/AuthService.c
===================================================================
---
branches/UDK2010.SR1/SecurityPkg/VariableAuthenticated/RuntimeDxe/AuthService.c
2013-04-01 08:28:05 UTC (rev 14233)
+++
branches/UDK2010.SR1/SecurityPkg/VariableAuthenticated/RuntimeDxe/AuthService.c
2013-04-02 02:12:05 UTC (rev 14234)
@@ -356,30 +356,23 @@
DEBUG ((EFI_D_INFO, "Variable %s is %x\n", EFI_SECURE_BOOT_ENABLE_NAME,
SecureBootEnable));
//
- // Check "CustomMode" variable's existence.
+ // Initialize "CustomMode" in STANDARD_SECURE_BOOT_MODE state.
//
FindVariable (EFI_CUSTOM_MODE_NAME, &gEfiCustomModeEnableGuid, &Variable,
&mVariableModuleGlobal->VariableGlobal, FALSE);
- if (Variable.CurrPtr != NULL) {
- CustomMode = *(GetVariableDataPtr (Variable.CurrPtr));
- } else {
- //
- // "CustomMode" not exist, initialize it in STANDARD_SECURE_BOOT_MODE.
- //
- CustomMode = STANDARD_SECURE_BOOT_MODE;
- Status = UpdateVariable (
- EFI_CUSTOM_MODE_NAME,
- &gEfiCustomModeEnableGuid,
- &CustomMode,
- sizeof (UINT8),
- EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS,
- 0,
- 0,
- &Variable,
- NULL
- );
- if (EFI_ERROR (Status)) {
- return Status;
- }
+ CustomMode = STANDARD_SECURE_BOOT_MODE;
+ Status = UpdateVariable (
+ EFI_CUSTOM_MODE_NAME,
+ &gEfiCustomModeEnableGuid,
+ &CustomMode,
+ sizeof (UINT8),
+ EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS,
+ 0,
+ 0,
+ &Variable,
+ NULL
+ );
+ if (EFI_ERROR (Status)) {
+ return Status;
}
DEBUG ((EFI_D_INFO, "Variable %s is %x\n", EFI_CUSTOM_MODE_NAME,
CustomMode));
Modified:
branches/UDK2010.SR1/SecurityPkg/VariableAuthenticated/RuntimeDxe/VariableSmmRuntimeDxe.c
===================================================================
---
branches/UDK2010.SR1/SecurityPkg/VariableAuthenticated/RuntimeDxe/VariableSmmRuntimeDxe.c
2013-04-01 08:28:05 UTC (rev 14233)
+++
branches/UDK2010.SR1/SecurityPkg/VariableAuthenticated/RuntimeDxe/VariableSmmRuntimeDxe.c
2013-04-02 02:12:05 UTC (rev 14234)
@@ -13,7 +13,7 @@
InitCommunicateBuffer() is really function to check the variable data size.
-Copyright (c) 2010 - 2012, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2010 - 2013, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD
License
which accompanies this distribution. The full text of the license may be
found at
@@ -52,9 +52,53 @@
UINT8 *mVariableBuffer = NULL;
UINT8 *mVariableBufferPhysical = NULL;
UINTN mVariableBufferSize;
+EFI_LOCK mVariableServicesLock;
+/**
+ Acquires lock only at boot time. Simply returns at runtime.
+ This is a temperary function that will be removed when
+ EfiAcquireLock() in UefiLib can handle the call in UEFI
+ Runtimer driver in RT phase.
+ It calls EfiAcquireLock() at boot time, and simply returns
+ at runtime.
+
+ @param Lock A pointer to the lock to acquire.
+
+**/
+VOID
+AcquireLockOnlyAtBootTime (
+ IN EFI_LOCK *Lock
+ )
+{
+ if (!EfiAtRuntime ()) {
+ EfiAcquireLock (Lock);
+ }
+}
+
/**
+ Releases lock only at boot time. Simply returns at runtime.
+
+ This is a temperary function which will be removed when
+ EfiReleaseLock() in UefiLib can handle the call in UEFI
+ Runtimer driver in RT phase.
+ It calls EfiReleaseLock() at boot time and simply returns
+ at runtime.
+
+ @param Lock A pointer to the lock to release.
+
+**/
+VOID
+ReleaseLockOnlyAtBootTime (
+ IN EFI_LOCK *Lock
+ )
+{
+ if (!EfiAtRuntime ()) {
+ EfiReleaseLock (Lock);
+ }
+}
+
+/**
Initialize the communicate buffer using DataSize and Function.
The communicate size is: SMM_COMMUNICATE_HEADER_SIZE +
SMM_VARIABLE_COMMUNICATE_HEADER_SIZE +
@@ -169,15 +213,17 @@
if ((*DataSize != 0) && (Data == NULL)) {
return EFI_INVALID_PARAMETER;
}
-
+
+ AcquireLockOnlyAtBootTime(&mVariableServicesLock);
+
//
// Init the communicate buffer. The buffer data size is:
- // SMM_COMMUNICATE_HEADER_SIZE + SMM_VARIABLE_COMMUNICATE_HEADER_SIZE +
PayloadSize + DataSize.
+ // SMM_COMMUNICATE_HEADER_SIZE + SMM_VARIABLE_COMMUNICATE_HEADER_SIZE +
PayloadSize.
//
PayloadSize = OFFSET_OF (SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE, Name) +
StrSize (VariableName) + *DataSize;
Status = InitCommunicateBuffer ((VOID **)&SmmVariableHeader, PayloadSize,
SMM_VARIABLE_FUNCTION_GET_VARIABLE);
if (EFI_ERROR (Status)) {
- return Status;
+ goto Done;
}
ASSERT (SmmVariableHeader != NULL);
@@ -205,11 +251,13 @@
}
if (EFI_ERROR (Status)) {
- return Status;
+ goto Done;
}
CopyMem (Data, (UINT8 *)SmmVariableHeader->Name +
SmmVariableHeader->NameSize, SmmVariableHeader->DataSize);
+Done:
+ ReleaseLockOnlyAtBootTime (&mVariableServicesLock);
return Status;
}
@@ -242,7 +290,9 @@
if (VariableNameSize == NULL || VariableName == NULL || VendorGuid == NULL) {
return EFI_INVALID_PARAMETER;
}
-
+
+ AcquireLockOnlyAtBootTime(&mVariableServicesLock);
+
//
// Init the communicate buffer. The buffer data size is:
// SMM_COMMUNICATE_HEADER_SIZE + SMM_VARIABLE_COMMUNICATE_HEADER_SIZE +
PayloadSize.
@@ -250,7 +300,7 @@
PayloadSize = OFFSET_OF (SMM_VARIABLE_COMMUNICATE_GET_NEXT_VARIABLE_NAME,
Name) + *VariableNameSize;
Status = InitCommunicateBuffer ((VOID **)&SmmGetNextVariableName,
PayloadSize, SMM_VARIABLE_FUNCTION_GET_NEXT_VARIABLE_NAME);
if (EFI_ERROR (Status)) {
- return Status;
+ goto Done;
}
ASSERT (SmmGetNextVariableName != NULL);
@@ -268,12 +318,14 @@
//
*VariableNameSize = SmmGetNextVariableName->NameSize;
if (EFI_ERROR (Status)) {
- return Status;
+ goto Done;
}
CopyGuid (VendorGuid, &SmmGetNextVariableName->Guid);
CopyMem (VariableName, SmmGetNextVariableName->Name,
SmmGetNextVariableName->NameSize);
+Done:
+ ReleaseLockOnlyAtBootTime (&mVariableServicesLock);
return Status;
}
@@ -321,7 +373,9 @@
if (DataSize != 0 && Data == NULL) {
return EFI_INVALID_PARAMETER;
}
-
+
+ AcquireLockOnlyAtBootTime(&mVariableServicesLock);
+
//
// Init the communicate buffer. The buffer data size is:
// SMM_COMMUNICATE_HEADER_SIZE + SMM_VARIABLE_COMMUNICATE_HEADER_SIZE +
PayloadSize.
@@ -329,7 +383,7 @@
PayloadSize = OFFSET_OF (SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE, Name) +
StrSize (VariableName) + DataSize;
Status = InitCommunicateBuffer ((VOID **)&SmmVariableHeader, PayloadSize,
SMM_VARIABLE_FUNCTION_SET_VARIABLE);
if (EFI_ERROR (Status)) {
- return Status;
+ goto Done;
}
ASSERT (SmmVariableHeader != NULL);
@@ -344,7 +398,9 @@
// Send data to SMM.
//
Status = SendCommunicateBuffer (PayloadSize);
-
+
+Done:
+ ReleaseLockOnlyAtBootTime (&mVariableServicesLock);
return Status;
}
@@ -382,7 +438,9 @@
if(MaximumVariableStorageSize == NULL || RemainingVariableStorageSize ==
NULL || MaximumVariableSize == NULL || Attributes == 0) {
return EFI_INVALID_PARAMETER;
}
-
+
+ AcquireLockOnlyAtBootTime(&mVariableServicesLock);
+
//
// Init the communicate buffer. The buffer data size is:
// SMM_COMMUNICATE_HEADER_SIZE + SMM_VARIABLE_COMMUNICATE_HEADER_SIZE +
PayloadSize;
@@ -390,7 +448,7 @@
PayloadSize = sizeof (SMM_VARIABLE_COMMUNICATE_QUERY_VARIABLE_INFO);
Status = InitCommunicateBuffer ((VOID **)&SmmQueryVariableInfo, PayloadSize,
SMM_VARIABLE_FUNCTION_QUERY_VARIABLE_INFO);
if (EFI_ERROR (Status)) {
- return Status;
+ goto Done;
}
ASSERT (SmmQueryVariableInfo != NULL);
@@ -401,7 +459,7 @@
//
Status = SendCommunicateBuffer (PayloadSize);
if (EFI_ERROR (Status)) {
- return Status;
+ goto Done;
}
//
@@ -410,8 +468,10 @@
*MaximumVariableSize = SmmQueryVariableInfo->MaximumVariableSize;
*MaximumVariableStorageSize =
SmmQueryVariableInfo->MaximumVariableStorageSize;
*RemainingVariableStorageSize =
SmmQueryVariableInfo->RemainingVariableStorageSize;
-
- return EFI_SUCCESS;
+
+Done:
+ ReleaseLockOnlyAtBootTime (&mVariableServicesLock);
+ return Status;
}
@@ -608,7 +668,9 @@
VOID *SmmVariableWriteRegistration;
EFI_EVENT OnReadyToBootEvent;
EFI_EVENT ExitBootServiceEvent;
-
+
+ EfiInitializeLock (&mVariableServicesLock, TPL_NOTIFY);
+
//
// Smm variable service is ready
//
Modified:
branches/UDK2010.SR1/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfig.vfr
===================================================================
---
branches/UDK2010.SR1/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfig.vfr
2013-04-01 08:28:05 UTC (rev 14233)
+++
branches/UDK2010.SR1/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfig.vfr
2013-04-02 02:12:05 UTC (rev 14234)
@@ -1,7 +1,7 @@
/** @file
VFR file used by the SecureBoot configuration component.
-Copyright (c) 2011 - 2012, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2011 - 2013, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD
License
which accompanies this distribution. The full text of the license may be
found at
@@ -32,7 +32,12 @@
title = STRING_TOKEN(STR_SECUREBOOT_TITLE);
subtitle text = STRING_TOKEN(STR_NULL);
-
+
+ text
+ help = STRING_TOKEN(STR_SECURE_BOOT_STATE_HELP),
+ text = STRING_TOKEN(STR_SECURE_BOOT_STATE_PROMPT),
+ text = STRING_TOKEN(STR_SECURE_BOOT_STATE_CONTENT);
+
//
// Define of Check Box: Attempt Secure Boot
//
@@ -47,7 +52,7 @@
// Display of Check Box: Attempt Secure Boot
//
grayoutif ideqval SECUREBOOT_CONFIGURATION.HideSecureBoot == 1;
- checkbox varid = SECUREBOOT_CONFIGURATION.SecureBootState,
+ checkbox varid = SECUREBOOT_CONFIGURATION.AttemptSecureBoot,
questionid = KEY_SECURE_BOOT_ENABLE,
prompt = STRING_TOKEN(STR_SECURE_BOOT_PROMPT),
help = STRING_TOKEN(STR_SECURE_BOOT_HELP),
Modified:
branches/UDK2010.SR1/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.c
===================================================================
---
branches/UDK2010.SR1/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.c
2013-04-01 08:28:05 UTC (rev 14233)
+++
branches/UDK2010.SR1/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.c
2013-04-02 02:12:05 UTC (rev 14234)
@@ -1,7 +1,7 @@
/** @file
HII Config Access protocol implementation of SecureBoot configuration module.
-Copyright (c) 2011 - 2012, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2011 - 2013, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD
License
which accompanies this distribution. The full text of the license may be
found at
@@ -253,6 +253,7 @@
if (Variable == NULL) {
return EFI_SUCCESS;
}
+ FreePool (Variable);
Data = NULL;
DataSize = 0;
@@ -279,6 +280,31 @@
}
/**
+
+ Set the platform secure boot mode into "Custom" or "Standard" mode.
+
+ @param[in] SecureBootMode New secure boot mode:
STANDARD_SECURE_BOOT_MODE or
+ CUSTOM_SECURE_BOOT_MODE.
+
+ @return EFI_SUCCESS The platform has switched to the special
mode successfully.
+ @return other Fail to operate the secure boot mode.
+
+**/
+EFI_STATUS
+SetSecureBootMode (
+ IN UINT8 SecureBootMode
+ )
+{
+ return gRT->SetVariable (
+ EFI_CUSTOM_MODE_NAME,
+ &gEfiCustomModeEnableGuid,
+ EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS,
+ sizeof (UINT8),
+ &SecureBootMode
+ );
+}
+
+/**
Generate the PK signature list from the X509 Certificate storing file (.cer)
@param[in] X509File FileHandle of X509 Certificate storing
file.
@@ -380,6 +406,11 @@
PkCert = NULL;
+ Status = SetSecureBootMode(CUSTOM_SECURE_BOOT_MODE);
+ if (EFI_ERROR (Status)) {
+ return Status;
+ }
+
//
// Parse the file's postfix. Only support DER encoded X.509 certificate
files.
//
@@ -457,6 +488,11 @@
{
EFI_STATUS Status;
+ Status = SetSecureBootMode(CUSTOM_SECURE_BOOT_MODE);
+ if (EFI_ERROR (Status)) {
+ return Status;
+ }
+
Status = DeleteVariable (
EFI_PLATFORM_KEY_NAME,
&gEfiGlobalVariableGuid
@@ -766,11 +802,17 @@
)
{
UINT16* FilePostFix;
+ EFI_STATUS Status;
if ((Private->FileContext->FileName == NULL) || (Private->SignatureGUID ==
NULL)) {
return EFI_INVALID_PARAMETER;
}
+ Status = SetSecureBootMode(CUSTOM_SECURE_BOOT_MODE);
+ if (EFI_ERROR (Status)) {
+ return Status;
+ }
+
//
// Parse the file's postfix. Supports DER-encoded X509 certificate,
// and .pbk as RSA public key file.
@@ -1508,11 +1550,17 @@
)
{
UINT16* FilePostFix;
+ EFI_STATUS Status;
if ((Private->FileContext->FileName == NULL) ||
(Private->FileContext->FHandle == NULL) || (Private->SignatureGUID == NULL)) {
return EFI_INVALID_PARAMETER;
}
+ Status = SetSecureBootMode(CUSTOM_SECURE_BOOT_MODE);
+ if (EFI_ERROR (Status)) {
+ return Status;
+ }
+
//
// Parse the file's postfix.
//
@@ -1756,6 +1804,11 @@
Cert = NULL;
Attr = 0;
DeleteKekIndex = QuestionId - OPTION_DEL_KEK_QUESTION_ID;
+
+ Status = SetSecureBootMode(CUSTOM_SECURE_BOOT_MODE);
+ if (EFI_ERROR (Status)) {
+ return Status;
+ }
//
// Get original KEK variable.
@@ -1944,6 +1997,11 @@
Cert = NULL;
Attr = 0;
+ Status = SetSecureBootMode(CUSTOM_SECURE_BOOT_MODE);
+ if (EFI_ERROR (Status)) {
+ return Status;
+ }
+
//
// Get original signature list data.
//
@@ -2103,23 +2161,25 @@
{
UINT8 *SecureBootEnable;
UINT8 *SetupMode;
- UINT8 *SecureBoot;
UINT8 *SecureBootMode;
SecureBootEnable = NULL;
SetupMode = NULL;
- SecureBoot = NULL;
SecureBootMode = NULL;
//
// If the SecureBootEnable Variable doesn't exist, hide the SecureBoot
Enable/Disable
// Checkbox.
//
+ ConfigData->AttemptSecureBoot = FALSE;
GetVariable2 (EFI_SECURE_BOOT_ENABLE_NAME, &gEfiSecureBootEnableDisableGuid,
(VOID**)&SecureBootEnable, NULL);
if (SecureBootEnable == NULL) {
ConfigData->HideSecureBoot = TRUE;
} else {
ConfigData->HideSecureBoot = FALSE;
+ if ((*SecureBootEnable) == SECURE_BOOT_ENABLE) {
+ ConfigData->AttemptSecureBoot = TRUE;
+ }
}
//
@@ -2140,16 +2200,6 @@
} else {
ConfigData->HasPk = TRUE;
}
-
- //
- // If the value of SecureBoot variable is 1, the platform is operating in
secure boot mode.
- //
- GetVariable2 (EFI_SECURE_BOOT_MODE_NAME, &gEfiGlobalVariableGuid,
(VOID**)&SecureBoot, NULL);
- if (SecureBoot != NULL && *SecureBoot == SECURE_BOOT_MODE_ENABLE) {
- ConfigData->SecureBootState = TRUE;
- } else {
- ConfigData->SecureBootState = FALSE;
- }
//
// Get the SecureBootMode from CustomMode variable.
@@ -2160,7 +2210,16 @@
} else {
ConfigData->SecureBootMode = *(SecureBootMode);
}
-
+
+ if (SecureBootEnable != NULL) {
+ FreePool (SecureBootEnable);
+ }
+ if (SetupMode != NULL) {
+ FreePool (SetupMode);
+ }
+ if (SecureBootMode != NULL) {
+ FreePool (SecureBootMode);
+ }
}
/**
@@ -2206,6 +2265,7 @@
EFI_STRING ConfigRequestHdr;
SECUREBOOT_CONFIG_PRIVATE_DATA *PrivateData;
BOOLEAN AllocatedRequest;
+ UINT8 *SecureBoot;
if (Progress == NULL || Results == NULL) {
return EFI_INVALID_PARAMETER;
@@ -2215,6 +2275,7 @@
ConfigRequestHdr = NULL;
ConfigRequest = NULL;
Size = 0;
+ SecureBoot = NULL;
ZeroMem (&Configuration, sizeof (Configuration));
PrivateData = SECUREBOOT_CONFIG_PRIVATE_FROM_THIS (This);
@@ -2228,6 +2289,19 @@
// Get Configuration from Variable.
//
SecureBootExtractConfigFromVariable (&Configuration);
+
+ //
+ // Update current secure boot state.
+ //
+ GetVariable2 (EFI_SECURE_BOOT_MODE_NAME, &gEfiGlobalVariableGuid,
(VOID**)&SecureBoot, NULL);
+ if (SecureBoot != NULL && *SecureBoot == SECURE_BOOT_MODE_ENABLE) {
+ HiiSetString (PrivateData->HiiHandle, STRING_TOKEN
(STR_SECURE_BOOT_STATE_CONTENT), L"Enabled", NULL);
+ } else {
+ HiiSetString (PrivateData->HiiHandle, STRING_TOKEN
(STR_SECURE_BOOT_STATE_CONTENT), L"Disabled", NULL);
+ }
+ if (SecureBoot != NULL) {
+ FreePool (SecureBoot);
+ }
BufferSize = sizeof (SECUREBOOT_CONFIGURATION);
ConfigRequest = Request;
@@ -2355,15 +2429,21 @@
SECUREBOOT_CONFIGURATION *IfrNvData;
UINT16 LabelId;
UINT8 *SecureBootEnable;
+ UINT8 *SecureBootMode;
+ UINT8 *SetupMode;
CHAR16 PromptString[100];
SecureBootEnable = NULL;
+ SecureBootMode = NULL;
+ SetupMode = NULL;
if ((This == NULL) || (Value == NULL) || (ActionRequest == NULL)) {
return EFI_INVALID_PARAMETER;
}
- if ((Action != EFI_BROWSER_ACTION_CHANGED) && (Action !=
EFI_BROWSER_ACTION_CHANGING)) {
+ if ((Action != EFI_BROWSER_ACTION_CHANGED) &&
+ (Action != EFI_BROWSER_ACTION_CHANGING) &&
+ (Action != EFI_BROWSER_ACTION_FORM_CLOSE)) {
return EFI_UNSUPPORTED;
}
@@ -2388,6 +2468,7 @@
case KEY_SECURE_BOOT_ENABLE:
GetVariable2 (EFI_SECURE_BOOT_ENABLE_NAME,
&gEfiSecureBootEnableDisableGuid, (VOID**)&SecureBootEnable, NULL);
if (NULL != SecureBootEnable) {
+ FreePool (SecureBootEnable);
if (EFI_ERROR (SaveSecureBootVariable (Value->u8))) {
CreatePopUp (
EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE,
@@ -2400,11 +2481,10 @@
CreatePopUp (
EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE,
&Key,
- L"Secure boot configuration is changed, please reset the platform
to take effect!",
+ L"Configuration changed, please reset the platform to take
effect!",
NULL
);
}
- *ActionRequest = EFI_BROWSER_ACTION_REQUEST_FORM_APPLY;
}
break;
@@ -2461,10 +2541,26 @@
break;
case KEY_SECURE_BOOT_DELETE_PK:
- if (Value->u8) {
+ if (Value->u8) {
+ CreatePopUp (
+ EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE,
+ &Key,
+ L"Are you sure you want to delete PK? Secure boot will be disabled!",
+ L"Press 'Y' to delete PK and exit, 'N' to discard change and return",
+ NULL
+ );
+ if (Key.UnicodeChar == 'y' || Key.UnicodeChar == 'Y') {
Status = DeletePlatformKey ();
- *ActionRequest = EFI_BROWSER_ACTION_REQUEST_FORM_APPLY;
+ if (EFI_ERROR (Status)) {
+ CreatePopUp (
+ EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE,
+ &Key,
+ L"Only Physical Presence User could delete PK in custom mode!",
+ NULL
+ );
+ }
}
+ }
break;
case KEY_DELETE_KEK:
@@ -2547,7 +2643,7 @@
} else if (Action == EFI_BROWSER_ACTION_CHANGED) {
switch (QuestionId) {
case KEY_SECURE_BOOT_ENABLE:
- *ActionRequest = EFI_BROWSER_ACTION_REQUEST_SUBMIT;
+ *ActionRequest = EFI_BROWSER_ACTION_REQUEST_FORM_APPLY;
break;
case KEY_VALUE_SAVE_AND_EXIT_PK:
Status = EnrollPlatformKey (Private);
@@ -2588,8 +2684,8 @@
break;
case KEY_SECURE_BOOT_MODE:
- GetVariable2 (EFI_CUSTOM_MODE_NAME, &gEfiCustomModeEnableGuid,
(VOID**)&SecureBootEnable, NULL);
- if (NULL != SecureBootEnable) {
+ GetVariable2 (EFI_CUSTOM_MODE_NAME, &gEfiCustomModeEnableGuid,
(VOID**)&SecureBootMode, NULL);
+ if (NULL != SecureBootMode) {
Status = gRT->SetVariable (
EFI_CUSTOM_MODE_NAME,
&gEfiCustomModeEnableGuid,
@@ -2599,6 +2695,7 @@
);
*ActionRequest = EFI_BROWSER_ACTION_REQUEST_FORM_APPLY;
IfrNvData->SecureBootMode = Value->u8;
+ FreePool (SecureBootMode);
}
break;
@@ -2619,11 +2716,33 @@
break;
case KEY_SECURE_BOOT_DELETE_PK:
- if (Value->u8) {
+ GetVariable2 (EFI_SETUP_MODE_NAME, &gEfiGlobalVariableGuid,
(VOID**)&SetupMode, NULL);
+ if (SetupMode == NULL || (*SetupMode) == SETUP_MODE) {
+ IfrNvData->DeletePk = TRUE;
+ IfrNvData->HasPk = FALSE;
*ActionRequest = EFI_BROWSER_ACTION_REQUEST_SUBMIT;
+ } else {
+ IfrNvData->DeletePk = FALSE;
+ IfrNvData->HasPk = TRUE;
+ *ActionRequest = EFI_BROWSER_ACTION_REQUEST_FORM_APPLY;
}
+ if (SetupMode != NULL) {
+ FreePool (SetupMode);
+ }
break;
}
+ } else if (Action == EFI_BROWSER_ACTION_FORM_CLOSE) {
+ //
+ // Force the platform back to Standard Mode once user leave the setup
screen.
+ //
+ GetVariable2 (EFI_CUSTOM_MODE_NAME, &gEfiCustomModeEnableGuid,
(VOID**)&SecureBootMode, NULL);
+ if (NULL != SecureBootMode && *SecureBootMode == CUSTOM_SECURE_BOOT_MODE) {
+ IfrNvData->SecureBootMode = STANDARD_SECURE_BOOT_MODE;
+ SetSecureBootMode(STANDARD_SECURE_BOOT_MODE);
+ }
+ if (SecureBootMode != NULL) {
+ FreePool (SecureBootMode);
+ }
}
if (!EFI_ERROR (Status)) {
Modified:
branches/UDK2010.SR1/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigNvData.h
===================================================================
---
branches/UDK2010.SR1/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigNvData.h
2013-04-01 08:28:05 UTC (rev 14233)
+++
branches/UDK2010.SR1/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigNvData.h
2013-04-02 02:12:05 UTC (rev 14234)
@@ -1,7 +1,7 @@
/** @file
Header file for NV data structure definition.
-Copyright (c) 2011 - 2012, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2011 - 2013, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD
License
which accompanies this distribution. The full text of the license may be
found at
@@ -106,7 +106,7 @@
// Nv Data structure referenced by IFR
//
typedef struct {
- BOOLEAN SecureBootState; //Secure Boot Disable/Enable;
+ BOOLEAN AttemptSecureBoot; //Attempt to enable/disable Secure Boot.
BOOLEAN HideSecureBoot; //Hiden Attempt Secure Boot
CHAR16 SignatureGuid[SECURE_BOOT_GUID_STORAGE_SIZE];
BOOLEAN PhysicalPresent; //If a Physical Present User;
Modified:
branches/UDK2010.SR1/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigStrings.uni
===================================================================
(Binary files differ)
This was sent by the SourceForge.net collaborative development platform, the
world's largest Open Source development site.
------------------------------------------------------------------------------
Own the Future-Intel(R) Level Up Game Demo Contest 2013
Rise to greatness in Intel's independent game demo contest. Compete
for recognition, cash, and the chance to get your game on Steam.
$5K grand prize plus 10 genre and skill prizes. Submit your demo
by 6/6/13. http://altfarm.mediaplex.com/ad/ck/12124-176961-30367-2
_______________________________________________
edk2-commits mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/edk2-commits
