Revision: 16192
http://sourceforge.net/p/edk2/code/16192
Author: lersek
Date: 2014-10-02 08:08:14 +0000 (Thu, 02 Oct 2014)
Log Message:
-----------
OvmfPkg: SecureBootConfigDxe: remove stale fork
In the previous patch we disabled its use; there are no more clients.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Laszlo Ersek <[email protected]>
Reviewed-by: Jordan Justen <[email protected]>
Tested-by: Gary Lin <[email protected]>
Removed Paths:
-------------
trunk/edk2/OvmfPkg/SecureBootConfigDxe/SecureBootConfig.vfr
trunk/edk2/OvmfPkg/SecureBootConfigDxe/SecureBootConfigDevicePath.c
trunk/edk2/OvmfPkg/SecureBootConfigDxe/SecureBootConfigDriver.c
trunk/edk2/OvmfPkg/SecureBootConfigDxe/SecureBootConfigDxe.inf
trunk/edk2/OvmfPkg/SecureBootConfigDxe/SecureBootConfigFileExplorer.c
trunk/edk2/OvmfPkg/SecureBootConfigDxe/SecureBootConfigImpl.c
trunk/edk2/OvmfPkg/SecureBootConfigDxe/SecureBootConfigImpl.h
trunk/edk2/OvmfPkg/SecureBootConfigDxe/SecureBootConfigMisc.c
trunk/edk2/OvmfPkg/SecureBootConfigDxe/SecureBootConfigNvData.h
trunk/edk2/OvmfPkg/SecureBootConfigDxe/SecureBootConfigStrings.uni
Deleted: trunk/edk2/OvmfPkg/SecureBootConfigDxe/SecureBootConfig.vfr
===================================================================
--- trunk/edk2/OvmfPkg/SecureBootConfigDxe/SecureBootConfig.vfr 2014-10-02
08:08:05 UTC (rev 16191)
+++ trunk/edk2/OvmfPkg/SecureBootConfigDxe/SecureBootConfig.vfr 2014-10-02
08:08:14 UTC (rev 16192)
@@ -1,495 +0,0 @@
-/** @file
- VFR file used by the SecureBoot configuration component.
-
-Copyright (c) 2011 - 2012, Intel Corporation. All rights reserved.<BR>
-This program and the accompanying materials
-are licensed and made available under the terms and conditions of the BSD
License
-which accompanies this distribution. The full text of the license may be
found at
-http://opensource.org/licenses/bsd-license.php
-
-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
-
-**/
-
-#include "SecureBootConfigNvData.h"
-
-formset
- guid = SECUREBOOT_CONFIG_FORM_SET_GUID,
- title = STRING_TOKEN(STR_SECUREBOOT_TITLE),
- help = STRING_TOKEN(STR_SECUREBOOT_HELP),
- classguid = EFI_HII_PLATFORM_SETUP_FORMSET_GUID,
-
- varstore SECUREBOOT_CONFIGURATION,
- varid = SECUREBOOT_CONFIGURATION_VARSTORE_ID,
- name = SECUREBOOT_CONFIGURATION,
- guid = SECUREBOOT_CONFIG_FORM_SET_GUID;
-
- //
- // ##1 Form "Secure Boot Configuration"
- //
- form formid = SECUREBOOT_CONFIGURATION_FORM_ID,
- title = STRING_TOKEN(STR_SECUREBOOT_TITLE);
-
- subtitle text = STRING_TOKEN(STR_NULL);
-
- //
- // Define of Check Box: Attempt Secure Boot
- //
- suppressif TRUE;
- checkbox varid = SECUREBOOT_CONFIGURATION.HideSecureBoot,
- prompt = STRING_TOKEN(STR_NULL),
- help = STRING_TOKEN(STR_NULL),
- endcheckbox;
- endif;
-
- //
- // Display of Check Box: Attempt Secure Boot
- //
- grayoutif ideqval SECUREBOOT_CONFIGURATION.HideSecureBoot == 1;
- checkbox varid = SECUREBOOT_CONFIGURATION.SecureBootState,
- questionid = KEY_SECURE_BOOT_ENABLE,
- prompt = STRING_TOKEN(STR_SECURE_BOOT_PROMPT),
- help = STRING_TOKEN(STR_SECURE_BOOT_HELP),
- flags = INTERACTIVE,
- endcheckbox;
- endif;
-
- //
- // Display of Oneof: 'Secure Boot Mode'
- //
- oneof varid = SECUREBOOT_CONFIGURATION.SecureBootMode,
- questionid = KEY_SECURE_BOOT_MODE,
- prompt = STRING_TOKEN(STR_SECURE_BOOT_MODE_PROMPT),
- help = STRING_TOKEN(STR_SECURE_BOOT_MODE_HELP),
- flags = INTERACTIVE,
- option text = STRING_TOKEN(STR_STANDARD_MODE), value =
SECURE_BOOT_MODE_STANDARD, flags = DEFAULT;
- option text = STRING_TOKEN(STR_CUSTOM_MODE), value =
SECURE_BOOT_MODE_CUSTOM, flags = 0;
- endoneof;
-
- //
- //
- // Display of 'Current Secure Boot Mode'
- //
- suppressif ideqval SECUREBOOT_CONFIGURATION.SecureBootMode ==
SECURE_BOOT_MODE_STANDARD;
- grayoutif NOT ideqval SECUREBOOT_CONFIGURATION.PhysicalPresent == 1;
- goto FORMID_SECURE_BOOT_OPTION_FORM,
- prompt = STRING_TOKEN(STR_SECURE_BOOT_OPTION),
- help = STRING_TOKEN(STR_SECURE_BOOT_OPTION_HELP),
- flags = INTERACTIVE,
- key = KEY_SECURE_BOOT_OPTION;
- endif;
- endif;
- endform;
-
- //
- // ##2 Form: 'Custom Secure Boot Options'
- //
- form formid = FORMID_SECURE_BOOT_OPTION_FORM,
- title = STRING_TOKEN(STR_SECURE_BOOT_OPTION_TITLE);
-
- subtitle text = STRING_TOKEN(STR_NULL);
-
- goto FORMID_SECURE_BOOT_PK_OPTION_FORM,
- prompt = STRING_TOKEN(STR_SECURE_BOOT_PK_OPTION),
- help = STRING_TOKEN(STR_SECURE_BOOT_PK_OPTION_HELP),
- flags = INTERACTIVE,
- key = KEY_SECURE_BOOT_PK_OPTION;
-
- subtitle text = STRING_TOKEN(STR_NULL);
-
- goto FORMID_SECURE_BOOT_KEK_OPTION_FORM,
- prompt = STRING_TOKEN(STR_SECURE_BOOT_KEK_OPTION),
- help = STRING_TOKEN(STR_SECURE_BOOT_KEK_OPTION_HELP),
- flags = INTERACTIVE,
- key = KEY_SECURE_BOOT_KEK_OPTION;
-
- subtitle text = STRING_TOKEN(STR_NULL);
-
- goto FORMID_SECURE_BOOT_DB_OPTION_FORM,
- prompt = STRING_TOKEN(STR_SECURE_BOOT_DB_OPTION),
- help = STRING_TOKEN(STR_SECURE_BOOT_DB_OPTION_HELP),
- flags = INTERACTIVE,
- key = KEY_SECURE_BOOT_DB_OPTION;
-
- subtitle text = STRING_TOKEN(STR_NULL);
-
- goto FORMID_SECURE_BOOT_DBX_OPTION_FORM,
- prompt = STRING_TOKEN(STR_SECURE_BOOT_DBX_OPTION),
- help = STRING_TOKEN(STR_SECURE_BOOT_DBX_OPTION_HELP),
- flags = INTERACTIVE,
- key = KEY_SECURE_BOOT_DBX_OPTION;
-
- endform;
-
- //
- // ##3 Form: 'PK Options'
- //
- form formid = FORMID_SECURE_BOOT_PK_OPTION_FORM,
- title = STRING_TOKEN(STR_SECURE_BOOT_PK_OPTION);
-
- subtitle text = STRING_TOKEN(STR_NULL);
-
- //
- // Define of Check Box: 'Delete PK'
- //
- suppressif TRUE;
- checkbox varid = SECUREBOOT_CONFIGURATION.DeletePk,
- prompt = STRING_TOKEN(STR_NULL),
- help = STRING_TOKEN(STR_NULL),
- endcheckbox;
- endif;
-
- grayoutif ideqval SECUREBOOT_CONFIGURATION.HasPk == 1;
- goto FORMID_ENROLL_PK_FORM,
- prompt = STRING_TOKEN(STR_ENROLL_PK),
- help = STRING_TOKEN(STR_ENROLL_PK_HELP),
- flags = INTERACTIVE,
- key = KEY_ENROLL_PK;
- endif;
-
- subtitle text = STRING_TOKEN(STR_NULL);
-
- //
- // Display of Check Box: 'Delete Pk'
- //
- grayoutif ideqval SECUREBOOT_CONFIGURATION.HideSecureBoot == 1;
- checkbox varid = SECUREBOOT_CONFIGURATION.DeletePk,
- questionid = KEY_SECURE_BOOT_DELETE_PK,
- prompt = STRING_TOKEN(STR_DELETE_PK),
- help = STRING_TOKEN(STR_DELETE_PK_HELP),
- flags = INTERACTIVE,
- endcheckbox;
- endif;
- endform;
-
- //
- // ##4 Form: 'Enroll PK'
- //
- form formid = FORMID_ENROLL_PK_FORM,
- title = STRING_TOKEN(STR_ENROLL_PK);
-
- subtitle text = STRING_TOKEN(STR_NULL);
-
- goto FORM_FILE_EXPLORER_ID_PK,
- prompt = STRING_TOKEN(STR_SECURE_BOOT_ENROLL_PK_FILE),
- help = STRING_TOKEN(STR_SECURE_BOOT_ENROLL_PK_FILE),
- flags = INTERACTIVE,
- key = SECUREBOOT_ADD_PK_FILE_FORM_ID;
- endform;
-
- //
- // ##5 Form: 'KEK Options'
- //
- form formid = FORMID_SECURE_BOOT_KEK_OPTION_FORM,
- title = STRING_TOKEN(STR_SECURE_BOOT_KEK_OPTION);
-
- //
- // Display of 'Enroll KEK'
- //
- goto FORMID_ENROLL_KEK_FORM,
- prompt = STRING_TOKEN(STR_ENROLL_KEK),
- help = STRING_TOKEN(STR_ENROLL_KEK_HELP),
- flags = INTERACTIVE;
-
- subtitle text = STRING_TOKEN(STR_NULL);
-
- //
- // Display of 'Delete KEK'
- //
- goto FORMID_DELETE_KEK_FORM,
- prompt = STRING_TOKEN(STR_DELETE_KEK),
- help = STRING_TOKEN(STR_DELETE_KEK_HELP),
- flags = INTERACTIVE,
- key = KEY_DELETE_KEK;
-
- subtitle text = STRING_TOKEN(STR_NULL);
- endform;
-
- //
- // ##6 Form: 'Enroll KEK'
- //
- form formid = FORMID_ENROLL_KEK_FORM,
- title = STRING_TOKEN(STR_ENROLL_KEK_TITLE);
-
- subtitle text = STRING_TOKEN(STR_NULL);
-
- goto FORM_FILE_EXPLORER_ID_KEK,
- prompt = STRING_TOKEN(STR_FORM_ENROLL_KEK_FROM_FILE_TITLE),
- help = STRING_TOKEN(STR_FORM_ENROLL_KEK_FROM_FILE_TITLE_HELP),
- flags = INTERACTIVE,
- key = FORMID_ENROLL_KEK_FORM;
-
- subtitle text = STRING_TOKEN(STR_NULL);
- label FORMID_ENROLL_KEK_FORM;
- label LABEL_END;
- subtitle text = STRING_TOKEN(STR_NULL);
-
- string varid = SECUREBOOT_CONFIGURATION.SignatureGuid,
- prompt = STRING_TOKEN(STR_SECURE_BOOT_SIGNATURE_GUID),
- help = STRING_TOKEN(STR_SECURE_BOOT_SIGNATURE_GUID_HELP),
- flags = INTERACTIVE,
- key = KEY_SECURE_BOOT_KEK_GUID,
- minsize = SECURE_BOOT_GUID_SIZE,
- maxsize = SECURE_BOOT_GUID_SIZE,
- endstring;
-
- subtitle text = STRING_TOKEN(STR_NULL);
- subtitle text = STRING_TOKEN(STR_NULL);
-
- goto FORMID_SECURE_BOOT_OPTION_FORM,
- prompt = STRING_TOKEN(STR_SAVE_AND_EXIT),
- help = STRING_TOKEN(STR_SAVE_AND_EXIT),
- flags = INTERACTIVE,
- key = KEY_VALUE_SAVE_AND_EXIT_KEK;
-
- goto FORMID_SECURE_BOOT_OPTION_FORM,
- prompt = STRING_TOKEN(STR_NO_SAVE_AND_EXIT),
- help = STRING_TOKEN(STR_NO_SAVE_AND_EXIT),
- flags = INTERACTIVE,
- key = KEY_VALUE_NO_SAVE_AND_EXIT_KEK;
-
- endform;
-
- //
- // ##7 Form: 'Delete KEK'
- //
- form formid = FORMID_DELETE_KEK_FORM,
- title = STRING_TOKEN(STR_DELETE_KEK_TITLE);
-
- label LABEL_KEK_DELETE;
- label LABEL_END;
-
- subtitle text = STRING_TOKEN(STR_NULL);
-
- endform;
-
- //
- // ##8 Form: 'DB Options'
- //
- form formid = FORMID_SECURE_BOOT_DB_OPTION_FORM,
- title = STRING_TOKEN(STR_SECURE_BOOT_DB_OPTION);
-
- subtitle text = STRING_TOKEN(STR_NULL);
-
- goto SECUREBOOT_ENROLL_SIGNATURE_TO_DB,
- prompt = STRING_TOKEN (STR_SECURE_BOOT_ENROLL_SIGNATURE),
- help = STRING_TOKEN (STR_SECURE_BOOT_ENROLL_SIGNATURE),
- flags = 0;
-
- subtitle text = STRING_TOKEN(STR_NULL);
-
- goto SECUREBOOT_DELETE_SIGNATURE_FROM_DB,
- prompt = STRING_TOKEN (STR_SECURE_BOOT_DELETE_SIGNATURE),
- help = STRING_TOKEN (STR_SECURE_BOOT_DELETE_SIGNATURE),
- flags = INTERACTIVE,
- key = SECUREBOOT_DELETE_SIGNATURE_FROM_DB;
-
- endform;
-
- //
- // ##9 Form: 'DBX Options'
- //
- form formid = FORMID_SECURE_BOOT_DBX_OPTION_FORM,
- title = STRING_TOKEN(STR_SECURE_BOOT_DBX_OPTION);
-
- subtitle text = STRING_TOKEN(STR_NULL);
-
- goto SECUREBOOT_ENROLL_SIGNATURE_TO_DBX,
- prompt = STRING_TOKEN (STR_SECURE_BOOT_ENROLL_SIGNATURE),
- help = STRING_TOKEN (STR_SECURE_BOOT_ENROLL_SIGNATURE),
- flags = 0;
-
- subtitle text = STRING_TOKEN(STR_NULL);
-
- goto SECUREBOOT_DELETE_SIGNATURE_FROM_DBX,
- prompt = STRING_TOKEN (STR_SECURE_BOOT_DELETE_SIGNATURE),
- help = STRING_TOKEN (STR_SECURE_BOOT_DELETE_SIGNATURE),
- flags = INTERACTIVE,
- key = SECUREBOOT_DELETE_SIGNATURE_FROM_DBX;
-
- endform;
-
- //
- // Form: 'Delete Signature' for DB Options.
- //
- form formid = SECUREBOOT_DELETE_SIGNATURE_FROM_DB,
- title = STRING_TOKEN(STR_SECURE_BOOT_DELETE_SIGNATURE);
-
- label LABEL_DB_DELETE;
- label LABEL_END;
- subtitle text = STRING_TOKEN(STR_NULL);
-
- endform;
-
- //
- // Form: 'Delete Signature' for DBX Options.
- //
- form formid = SECUREBOOT_DELETE_SIGNATURE_FROM_DBX,
- title = STRING_TOKEN(STR_SECURE_BOOT_DELETE_SIGNATURE);
-
- label LABEL_DBX_DELETE;
- label LABEL_END;
- subtitle text = STRING_TOKEN(STR_NULL);
-
- endform;
-
- //
- // Form: 'Enroll Signature' for DB options.
- //
- form formid = SECUREBOOT_ENROLL_SIGNATURE_TO_DB,
- title = STRING_TOKEN(STR_SECURE_BOOT_ENROLL_SIGNATURE);
-
- subtitle text = STRING_TOKEN(STR_NULL);
-
- goto FORM_FILE_EXPLORER_ID_DB,
- prompt = STRING_TOKEN(STR_SECURE_BOOT_ADD_SIGNATURE_FILE),
- help = STRING_TOKEN(STR_SECURE_BOOT_ADD_SIGNATURE_FILE),
- flags = INTERACTIVE,
- key = SECUREBOOT_ENROLL_SIGNATURE_TO_DB;
-
- subtitle text = STRING_TOKEN(STR_NULL);
- label SECUREBOOT_ENROLL_SIGNATURE_TO_DB;
- label LABEL_END;
- subtitle text = STRING_TOKEN(STR_NULL);
-
- string varid = SECUREBOOT_CONFIGURATION.SignatureGuid,
- prompt = STRING_TOKEN(STR_SECURE_BOOT_SIGNATURE_GUID),
- help = STRING_TOKEN(STR_SECURE_BOOT_SIGNATURE_GUID_HELP),
- flags = INTERACTIVE,
- key = KEY_SECURE_BOOT_SIGNATURE_GUID_DB,
- minsize = SECURE_BOOT_GUID_SIZE,
- maxsize = SECURE_BOOT_GUID_SIZE,
- endstring;
-
- subtitle text = STRING_TOKEN(STR_NULL);
- subtitle text = STRING_TOKEN(STR_NULL);
-
- goto FORMID_SECURE_BOOT_OPTION_FORM,
- prompt = STRING_TOKEN(STR_SAVE_AND_EXIT),
- help = STRING_TOKEN(STR_SAVE_AND_EXIT),
- flags = INTERACTIVE,
- key = KEY_VALUE_SAVE_AND_EXIT_DB;
-
- goto FORMID_SECURE_BOOT_OPTION_FORM,
- prompt = STRING_TOKEN(STR_NO_SAVE_AND_EXIT),
- help = STRING_TOKEN(STR_NO_SAVE_AND_EXIT),
- flags = INTERACTIVE,
- key = KEY_VALUE_NO_SAVE_AND_EXIT_DB;
-
- endform;
-
- //
- // Form: 'Enroll Signature' for DBX options.
- //
- form formid = SECUREBOOT_ENROLL_SIGNATURE_TO_DBX,
- title = STRING_TOKEN(STR_SECURE_BOOT_ENROLL_SIGNATURE);
-
- subtitle text = STRING_TOKEN(STR_NULL);
-
- goto FORM_FILE_EXPLORER_ID_DBX,
- prompt = STRING_TOKEN(STR_SECURE_BOOT_ADD_SIGNATURE_FILE),
- help = STRING_TOKEN(STR_SECURE_BOOT_ADD_SIGNATURE_FILE),
- flags = INTERACTIVE,
- key = SECUREBOOT_ENROLL_SIGNATURE_TO_DBX;
-
- subtitle text = STRING_TOKEN(STR_NULL);
- label SECUREBOOT_ENROLL_SIGNATURE_TO_DBX;
- label LABEL_END;
- subtitle text = STRING_TOKEN(STR_NULL);
-
- string varid = SECUREBOOT_CONFIGURATION.SignatureGuid,
- prompt = STRING_TOKEN(STR_SECURE_BOOT_SIGNATURE_GUID),
- help = STRING_TOKEN(STR_SECURE_BOOT_SIGNATURE_GUID_HELP),
- flags = INTERACTIVE,
- key = KEY_SECURE_BOOT_SIGNATURE_GUID_DBX,
- minsize = SECURE_BOOT_GUID_SIZE,
- maxsize = SECURE_BOOT_GUID_SIZE,
- endstring;
-
- subtitle text = STRING_TOKEN(STR_NULL);
- subtitle text = STRING_TOKEN(STR_NULL);
-
- goto FORMID_SECURE_BOOT_OPTION_FORM,
- prompt = STRING_TOKEN(STR_SAVE_AND_EXIT),
- help = STRING_TOKEN(STR_SAVE_AND_EXIT),
- flags = INTERACTIVE,
- key = KEY_VALUE_SAVE_AND_EXIT_DBX;
-
- goto FORMID_SECURE_BOOT_OPTION_FORM,
- prompt = STRING_TOKEN(STR_NO_SAVE_AND_EXIT),
- help = STRING_TOKEN(STR_NO_SAVE_AND_EXIT),
- flags = INTERACTIVE,
- key = KEY_VALUE_NO_SAVE_AND_EXIT_DBX;
-
- endform;
-
- //
- // File Explorer for PK
- //
- form formid = FORM_FILE_EXPLORER_ID_PK,
- title = STRING_TOKEN(STR_FILE_EXPLORER_TITLE);
-
- label FORM_FILE_EXPLORER_ID;
- label LABEL_END;
- endform;
-
- //
- // File Explorer for KEK
- //
- form formid = FORM_FILE_EXPLORER_ID_KEK,
- title = STRING_TOKEN(STR_FILE_EXPLORER_TITLE);
-
- label FORM_FILE_EXPLORER_ID;
- label LABEL_END;
- endform;
-
- //
- // File Explorer for DB
- //
- form formid = FORM_FILE_EXPLORER_ID_DB,
- title = STRING_TOKEN(STR_FILE_EXPLORER_TITLE);
-
- label FORM_FILE_EXPLORER_ID;
- label LABEL_END;
- endform;
-
- //
- // File Explorer for DBX
- //
- form formid = FORM_FILE_EXPLORER_ID_DBX,
- title = STRING_TOKEN(STR_FILE_EXPLORER_TITLE);
-
- label FORM_FILE_EXPLORER_ID;
- label LABEL_END;
- endform;
-
-
- //
- // Enroll Pk from File Commit Form
- //
- form formid = SECUREBOOT_ADD_PK_FILE_FORM_ID,
- title = STRING_TOKEN(STR_SAVE_PK_FILE);
-
- label SECUREBOOT_ADD_PK_FILE_FORM_ID;
- label LABEL_END;
-
- subtitle text = STRING_TOKEN(STR_NULL);
-
- text
- help = STRING_TOKEN(STR_SAVE_AND_EXIT),
- text = STRING_TOKEN(STR_SAVE_AND_EXIT),
- text = STRING_TOKEN(STR_NULL),
- flags = INTERACTIVE,
- key = KEY_VALUE_SAVE_AND_EXIT_PK;
-
- text
- help = STRING_TOKEN(STR_NO_SAVE_AND_EXIT),
- text = STRING_TOKEN(STR_NO_SAVE_AND_EXIT),
- text = STRING_TOKEN(STR_NULL),
- flags = INTERACTIVE,
- key = KEY_VALUE_NO_SAVE_AND_EXIT_PK;
-
- endform;
-
-endformset;
Deleted: trunk/edk2/OvmfPkg/SecureBootConfigDxe/SecureBootConfigDevicePath.c
===================================================================
--- trunk/edk2/OvmfPkg/SecureBootConfigDxe/SecureBootConfigDevicePath.c
2014-10-02 08:08:05 UTC (rev 16191)
+++ trunk/edk2/OvmfPkg/SecureBootConfigDxe/SecureBootConfigDevicePath.c
2014-10-02 08:08:14 UTC (rev 16192)
@@ -1,38 +0,0 @@
-/** @file
- Internal function defines the default device path string for SecureBoot
configuration module.
-
-Copyright (c) 2012 - 2013, Intel Corporation. All rights reserved.<BR>
-This program and the accompanying materials
-are licensed and made available under the terms and conditions of the BSD
License
-which accompanies this distribution. The full text of the license may be
found at
-http://opensource.org/licenses/bsd-license.php
-
-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
-
-**/
-
-#include "SecureBootConfigImpl.h"
-
-
-/**
- This function converts an input device structure to a Unicode string.
-
- @param[in] DevPath A pointer to the device path structure.
-
- @return A new allocated Unicode string that represents the device path.
-
-**/
-CHAR16 *
-EFIAPI
-DevicePathToStr (
- IN EFI_DEVICE_PATH_PROTOCOL *DevPath
- )
-{
- return ConvertDevicePathToText (
- DevPath,
- FALSE,
- TRUE
- );
-}
-
Deleted: trunk/edk2/OvmfPkg/SecureBootConfigDxe/SecureBootConfigDriver.c
===================================================================
--- trunk/edk2/OvmfPkg/SecureBootConfigDxe/SecureBootConfigDriver.c
2014-10-02 08:08:05 UTC (rev 16191)
+++ trunk/edk2/OvmfPkg/SecureBootConfigDxe/SecureBootConfigDriver.c
2014-10-02 08:08:14 UTC (rev 16192)
@@ -1,133 +0,0 @@
-/** @file
- The module entry point for SecureBoot configuration module.
-
-Copyright (c) 2011, Intel Corporation. All rights reserved.<BR>
-This program and the accompanying materials
-are licensed and made available under the terms and conditions of the BSD
License
-which accompanies this distribution. The full text of the license may be
found at
-http://opensource.org/licenses/bsd-license.php
-
-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
-
-**/
-
-#include "SecureBootConfigImpl.h"
-
-/**
- The entry point for SecureBoot configuration driver.
-
- @param[in] ImageHandle The image handle of the driver.
- @param[in] SystemTable The system table.
-
- @retval EFI_ALREADY_STARTED The driver already exists in system.
- @retval EFI_OUT_OF_RESOURCES Fail to execute entry point due to lack of
resources.
- @retval EFI_SUCCES All the related protocols are installed on
the driver.
- @retval Others Fail to get the SecureBootEnable variable.
-
-**/
-EFI_STATUS
-EFIAPI
-SecureBootConfigDriverEntryPoint (
- IN EFI_HANDLE ImageHandle,
- IN EFI_SYSTEM_TABLE *SystemTable
- )
-{
- EFI_STATUS Status;
- SECUREBOOT_CONFIG_PRIVATE_DATA *PrivateData;
-
- //
- // If already started, return.
- //
- Status = gBS->OpenProtocol (
- ImageHandle,
- &gEfiCallerIdGuid,
- NULL,
- ImageHandle,
- ImageHandle,
- EFI_OPEN_PROTOCOL_TEST_PROTOCOL
- );
- if (!EFI_ERROR (Status)) {
- return EFI_ALREADY_STARTED;
- }
-
- //
- // Create a private data structure.
- //
- PrivateData = AllocateCopyPool (sizeof (SECUREBOOT_CONFIG_PRIVATE_DATA),
&mSecureBootConfigPrivateDateTemplate);
- if (PrivateData == NULL) {
- return EFI_OUT_OF_RESOURCES;
- }
-
- //
- // Install SecureBoot configuration form
- //
- Status = InstallSecureBootConfigForm (PrivateData);
- if (EFI_ERROR (Status)) {
- goto ErrorExit;
- }
-
- //
- // Install private GUID.
- //
- Status = gBS->InstallMultipleProtocolInterfaces (
- &ImageHandle,
- &gEfiCallerIdGuid,
- PrivateData,
- NULL
- );
-
- if (EFI_ERROR (Status)) {
- goto ErrorExit;
- }
-
- return EFI_SUCCESS;
-
-ErrorExit:
- if (PrivateData != NULL) {
- UninstallSecureBootConfigForm (PrivateData);
- }
-
- return Status;
-}
-
-/**
- Unload the SecureBoot configuration form.
-
- @param[in] ImageHandle The driver's image handle.
-
- @retval EFI_SUCCESS The SecureBoot configuration form is
unloaded.
- @retval Others Failed to unload the form.
-
-**/
-EFI_STATUS
-EFIAPI
-SecureBootConfigDriverUnload (
- IN EFI_HANDLE ImageHandle
- )
-{
- EFI_STATUS Status;
- SECUREBOOT_CONFIG_PRIVATE_DATA *PrivateData;
-
- Status = gBS->HandleProtocol (
- ImageHandle,
- &gEfiCallerIdGuid,
- (VOID **) &PrivateData
- );
- if (EFI_ERROR (Status)) {
- return Status;
- }
-
- ASSERT (PrivateData->Signature == SECUREBOOT_CONFIG_PRIVATE_DATA_SIGNATURE);
-
- gBS->UninstallMultipleProtocolInterfaces (
- &ImageHandle,
- &gEfiCallerIdGuid,
- PrivateData,
- NULL
- );
-
- UninstallSecureBootConfigForm (PrivateData);
-
- return EFI_SUCCESS;
-}
Deleted: trunk/edk2/OvmfPkg/SecureBootConfigDxe/SecureBootConfigDxe.inf
===================================================================
--- trunk/edk2/OvmfPkg/SecureBootConfigDxe/SecureBootConfigDxe.inf
2014-10-02 08:08:05 UTC (rev 16191)
+++ trunk/edk2/OvmfPkg/SecureBootConfigDxe/SecureBootConfigDxe.inf
2014-10-02 08:08:14 UTC (rev 16192)
@@ -1,90 +0,0 @@
-## @file
-# Component name for SecureBoot configuration module for OVMF.
-#
-# Need custom SecureBootConfigDxe for OVMF that does not force
-# resets after PK changes since OVMF doesn't have persistent variables
-#
-# Copyright (c) 2011 - 2013, Intel Corporation. All rights reserved.<BR>
-# This program and the accompanying materials
-# are licensed and made available under the terms and conditions of the BSD
License
-# which accompanies this distribution. The full text of the license may be
found at
-# http://opensource.org/licenses/bsd-license.php
-# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
-# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
-#
-##
-
-[Defines]
- INF_VERSION = 0x00010005
- BASE_NAME = SecureBootConfigDxe
- FILE_GUID = 68E2BC17-198D-41f1-8213-065E3A2A7C12
- MODULE_TYPE = DXE_DRIVER
- VERSION_STRING = 1.0
- ENTRY_POINT = SecureBootConfigDriverEntryPoint
- UNLOAD_IMAGE = SecureBootConfigDriverUnload
-
-#
-# VALID_ARCHITECTURES = IA32 X64 IPF EBC
-#
-
-[Sources]
- SecureBootConfigDriver.c
- SecureBootConfigImpl.c
- SecureBootConfigFileExplorer.c
- SecureBootConfigDevicePath.c
- SecureBootConfigMisc.c
- SecureBootConfigImpl.h
- SecureBootConfig.vfr
- SecureBootConfigStrings.uni
- SecureBootConfigNvData.h
-
-[Packages]
- MdePkg/MdePkg.dec
- MdeModulePkg/MdeModulePkg.dec
- SecurityPkg/SecurityPkg.dec
- CryptoPkg/CryptoPkg.dec
-
-[LibraryClasses]
- BaseLib
- BaseMemoryLib
- BaseCryptLib
- MemoryAllocationLib
- UefiLib
- UefiBootServicesTableLib
- UefiRuntimeServicesTableLib
- UefiDriverEntryPoint
- UefiHiiServicesLib
- DebugLib
- HiiLib
- PlatformSecureLib
- DevicePathLib
-
-[Guids]
- gEfiIfrTianoGuid
- gEfiCustomModeEnableGuid
- gEfiSecureBootEnableDisableGuid
- gSecureBootConfigFormSetGuid
- gEfiCertPkcs7Guid
- gEfiCertRsa2048Guid ## CONSUMES
- gEfiCertX509Guid ## CONSUMES
- gEfiCertSha1Guid ## CONSUMES
- gEfiCertSha256Guid ## CONSUMES
- gEfiCertTypeRsa2048Sha256Guid ## CONSUMES
- gEfiImageSecurityDatabaseGuid ## CONSUMES
- gEfiFileSystemVolumeLabelInfoIdGuid ## CONSUMES
- gEfiGlobalVariableGuid ## PRODUCES ## Variable Guid
- gEfiFileInfoGuid ## CONSUMES ## GUID
-
-[Protocols]
- gEfiHiiConfigAccessProtocolGuid ## PRODUCES
- gEfiHiiConfigRoutingProtocolGuid ## CONSUMES
- gEfiSimpleFileSystemProtocolGuid ## PROTOCOL CONSUMES
- gEfiLoadFileProtocolGuid ## PROTOCOL CONSUMES
- gEfiBlockIoProtocolGuid ## PROTOCOL CONSUMES
- gEfiDevicePathProtocolGuid ## PROTOCOL CONSUMES
-
-[Depex]
- gEfiHiiConfigRoutingProtocolGuid AND
- gEfiHiiDatabaseProtocolGuid AND
- gEfiVariableArchProtocolGuid AND
- gEfiVariableWriteArchProtocolGuid
Deleted: trunk/edk2/OvmfPkg/SecureBootConfigDxe/SecureBootConfigFileExplorer.c
===================================================================
--- trunk/edk2/OvmfPkg/SecureBootConfigDxe/SecureBootConfigFileExplorer.c
2014-10-02 08:08:05 UTC (rev 16191)
+++ trunk/edk2/OvmfPkg/SecureBootConfigDxe/SecureBootConfigFileExplorer.c
2014-10-02 08:08:14 UTC (rev 16192)
@@ -1,1227 +0,0 @@
-/** @file
- Internal file explorer functions for SecureBoot configuration module.
-
-Copyright (c) 2012, Intel Corporation. All rights reserved.<BR>
-This program and the accompanying materials
-are licensed and made available under the terms and conditions of the BSD
License
-which accompanies this distribution. The full text of the license may be
found at
-http://opensource.org/licenses/bsd-license.php
-
-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
-
-**/
-
-#include "SecureBootConfigImpl.h"
-
-///
-/// File system selection menu
-///
-SECUREBOOT_MENU_OPTION FsOptionMenu = {
- SECUREBOOT_MENU_OPTION_SIGNATURE,
- {NULL},
- 0
-};
-
-///
-/// Files and sub-directories in current directory menu
-///
-SECUREBOOT_MENU_OPTION DirectoryMenu = {
- SECUREBOOT_MENU_OPTION_SIGNATURE,
- {NULL},
- 0
-};
-
-VOID *mStartOpCodeHandle = NULL;
-VOID *mEndOpCodeHandle = NULL;
-EFI_IFR_GUID_LABEL *mStartLabel = NULL;
-EFI_IFR_GUID_LABEL *mEndLabel = NULL;
-
-/**
- Duplicate a string.
-
- @param[in] Src The source string.
-
- @return A new string which is duplicated copy of the source,
- or NULL if there is not enough memory.
-
-**/
-CHAR16 *
-StrDuplicate (
- IN CHAR16 *Src
- )
-{
- CHAR16 *Dest;
- UINTN Size;
-
- Size = StrSize (Src);
- Dest = AllocateZeroPool (Size);
- ASSERT (Dest != NULL);
- if (Dest != NULL) {
- CopyMem (Dest, Src, Size);
- }
-
- return Dest;
-}
-
-/**
- Helper function called as part of the code needed to allocate
- the proper sized buffer for various EFI interfaces.
-
- @param[in, out] Status Current status
- @param[in, out] Buffer Current allocated buffer, or NULL
- @param[in] BufferSize Current buffer size needed
-
- @retval TRUE If the buffer was reallocated and the caller
- should try the API again.
- @retval FALSE The caller should not call this function again.
-
-**/
-BOOLEAN
-GrowBuffer (
- IN OUT EFI_STATUS *Status,
- IN OUT VOID **Buffer,
- IN UINTN BufferSize
- )
-{
- BOOLEAN TryAgain;
-
- //
- // If this is an initial request, buffer will be null with a new buffer size
- //
- if ((*Buffer == NULL) && (BufferSize != 0)) {
- *Status = EFI_BUFFER_TOO_SMALL;
- }
- //
- // If the status code is "buffer too small", resize the buffer
- //
- TryAgain = FALSE;
- if (*Status == EFI_BUFFER_TOO_SMALL) {
-
- if (*Buffer != NULL) {
- FreePool (*Buffer);
- }
-
- *Buffer = AllocateZeroPool (BufferSize);
-
- if (*Buffer != NULL) {
- TryAgain = TRUE;
- } else {
- *Status = EFI_OUT_OF_RESOURCES;
- }
- }
- //
- // If there's an error, free the buffer
- //
- if (!TryAgain && EFI_ERROR (*Status) && (*Buffer != NULL)) {
- FreePool (*Buffer);
- *Buffer = NULL;
- }
-
- return TryAgain;
-}
-
-/**
- Append file name to existing file name, and allocate a new buffer
- to hold the appended result.
-
- @param[in] Str1 The existing file name
- @param[in] Str2 The file name to be appended
-
- @return A new string with appended result.
-
-**/
-CHAR16 *
-AppendFileName (
- IN CHAR16 *Str1,
- IN CHAR16 *Str2
- )
-{
- UINTN Size1;
- UINTN Size2;
- CHAR16 *Str;
- CHAR16 *TmpStr;
- CHAR16 *Ptr;
- CHAR16 *LastSlash;
-
- Size1 = StrSize (Str1);
- Size2 = StrSize (Str2);
- Str = AllocateZeroPool (Size1 + Size2 + sizeof (CHAR16));
- ASSERT (Str != NULL);
-
- TmpStr = AllocateZeroPool (Size1 + Size2 + sizeof (CHAR16));
- ASSERT (TmpStr != NULL);
-
- StrCat (Str, Str1);
- if (!((*Str == '\\') && (*(Str + 1) == 0))) {
- StrCat (Str, L"\\");
- }
-
- StrCat (Str, Str2);
-
- Ptr = Str;
- LastSlash = Str;
- while (*Ptr != 0) {
- if (*Ptr == '\\' && *(Ptr + 1) == '.' && *(Ptr + 2) == '.' && *(Ptr + 3)
== L'\\') {
- //
- // Convert "\Name\..\" to "\"
- // DO NOT convert the .. if it is at the end of the string. This will
- // break the .. behavior in changing directories.
- //
-
- //
- // Use TmpStr as a backup, as StrCpy in BaseLib does not handle copy of
two strings
- // that overlap.
- //
- StrCpy (TmpStr, Ptr + 3);
- StrCpy (LastSlash, TmpStr);
- Ptr = LastSlash;
- } else if (*Ptr == '\\' && *(Ptr + 1) == '.' && *(Ptr + 2) == '\\') {
- //
- // Convert a "\.\" to a "\"
- //
-
- //
- // Use TmpStr as a backup, as StrCpy in BaseLib does not handle copy of
two strings
- // that overlap.
- //
- StrCpy (TmpStr, Ptr + 2);
- StrCpy (Ptr, TmpStr);
- Ptr = LastSlash;
- } else if (*Ptr == '\\') {
- LastSlash = Ptr;
- }
-
- Ptr++;
- }
-
- FreePool (TmpStr);
-
- return Str;
-}
-
-/**
- Create a SECUREBOOT_MENU_ENTRY, and stores it in a buffer allocated from the
pool.
-
- @return The new menu entry or NULL of error happens.
-
-**/
-SECUREBOOT_MENU_ENTRY *
-CreateMenuEntry (
- VOID
- )
-{
- SECUREBOOT_MENU_ENTRY *MenuEntry;
- UINTN ContextSize;
-
- //
- // Create new menu entry
- //
- MenuEntry = AllocateZeroPool (sizeof (SECUREBOOT_MENU_ENTRY));
- if (MenuEntry == NULL) {
- return NULL;
- }
-
- ContextSize = sizeof (SECUREBOOT_FILE_CONTEXT);
- MenuEntry->FileContext = AllocateZeroPool (ContextSize);
- if (MenuEntry->FileContext == NULL) {
- FreePool (MenuEntry);
- return NULL;
- }
-
- MenuEntry->Signature = SECUREBOOT_MENU_ENTRY_SIGNATURE;
-
- return MenuEntry;
-}
-
-/**
- Get Menu Entry from the Menu Entry List by MenuNumber.
-
- If MenuNumber is great or equal to the number of Menu
- Entry in the list, then ASSERT.
-
- @param[in] MenuOption The Menu Entry List to read the menu entry.
- @param[in] MenuNumber The index of Menu Entry.
-
- @return The Menu Entry.
-
-**/
-SECUREBOOT_MENU_ENTRY *
-GetMenuEntry (
- IN SECUREBOOT_MENU_OPTION *MenuOption,
- IN UINTN MenuNumber
- )
-{
- SECUREBOOT_MENU_ENTRY *NewMenuEntry;
- UINTN Index;
- LIST_ENTRY *List;
-
- ASSERT (MenuNumber < MenuOption->MenuNumber);
-
- List = MenuOption->Head.ForwardLink;
- for (Index = 0; Index < MenuNumber; Index++) {
- List = List->ForwardLink;
- }
-
- NewMenuEntry = CR (List, SECUREBOOT_MENU_ENTRY, Link,
SECUREBOOT_MENU_ENTRY_SIGNATURE);
-
- return NewMenuEntry;
-}
-
-/**
- Create string tokens for a menu from its help strings and display strings.
-
- @param[in] HiiHandle Hii Handle of the package to be updated.
- @param[in] MenuOption The Menu whose string tokens need to be
created.
-
-**/
-VOID
-CreateMenuStringToken (
- IN EFI_HII_HANDLE HiiHandle,
- IN SECUREBOOT_MENU_OPTION *MenuOption
- )
-{
- SECUREBOOT_MENU_ENTRY *NewMenuEntry;
- UINTN Index;
-
- for (Index = 0; Index < MenuOption->MenuNumber; Index++) {
- NewMenuEntry = GetMenuEntry (MenuOption, Index);
-
- NewMenuEntry->DisplayStringToken = HiiSetString (
- HiiHandle,
- 0,
- NewMenuEntry->DisplayString,
- NULL
- );
-
- if (NewMenuEntry->HelpString == NULL) {
- NewMenuEntry->HelpStringToken = NewMenuEntry->DisplayStringToken;
- } else {
- NewMenuEntry->HelpStringToken = HiiSetString (
- HiiHandle,
- 0,
- NewMenuEntry->HelpString,
- NULL
- );
- }
- }
-}
-
-/**
- Free up all resources allocated for a SECUREBOOT_MENU_ENTRY.
-
- @param[in, out] MenuEntry A pointer to SECUREBOOT_MENU_ENTRY.
-
-**/
-VOID
-DestroyMenuEntry (
- IN OUT SECUREBOOT_MENU_ENTRY *MenuEntry
- )
-{
- SECUREBOOT_FILE_CONTEXT *FileContext;
-
-
- FileContext = (SECUREBOOT_FILE_CONTEXT *) MenuEntry->FileContext;
-
- if (!FileContext->IsRoot) {
- FreePool (FileContext->DevicePath);
- } else {
- if (FileContext->FHandle != NULL) {
- FileContext->FHandle->Close (FileContext->FHandle);
- }
- }
-
- if (FileContext->FileName != NULL) {
- FreePool (FileContext->FileName);
- }
- if (FileContext->Info != NULL) {
- FreePool (FileContext->Info);
- }
-
- FreePool (FileContext);
-
- FreePool (MenuEntry->DisplayString);
- if (MenuEntry->HelpString != NULL) {
- FreePool (MenuEntry->HelpString);
- }
-
- FreePool (MenuEntry);
-}
-
-/**
- Free resources allocated in Allocate Rountine.
-
- @param[in, out] MenuOption Menu to be freed
-
-**/
-VOID
-FreeMenu (
- IN OUT SECUREBOOT_MENU_OPTION *MenuOption
- )
-{
- SECUREBOOT_MENU_ENTRY *MenuEntry;
- while (!IsListEmpty (&MenuOption->Head)) {
- MenuEntry = CR (
- MenuOption->Head.ForwardLink,
- SECUREBOOT_MENU_ENTRY,
- Link,
- SECUREBOOT_MENU_ENTRY_SIGNATURE
- );
- RemoveEntryList (&MenuEntry->Link);
- DestroyMenuEntry (MenuEntry);
- }
- MenuOption->MenuNumber = 0;
-}
-
-/**
- This function gets the file information from an open file descriptor, and
stores it
- in a buffer allocated from pool.
-
- @param[in] FHand File Handle.
-
- @return A pointer to a buffer with file information or NULL is returned
-
-**/
-EFI_FILE_INFO *
-FileInfo (
- IN EFI_FILE_HANDLE FHand
- )
-{
- EFI_STATUS Status;
- EFI_FILE_INFO *Buffer;
- UINTN BufferSize;
-
- //
- // Initialize for GrowBuffer loop
- //
- Buffer = NULL;
- BufferSize = SIZE_OF_EFI_FILE_INFO + 200;
-
- //
- // Call the real function
- //
- while (GrowBuffer (&Status, (VOID **) &Buffer, BufferSize)) {
- Status = FHand->GetInfo (
- FHand,
- &gEfiFileInfoGuid,
- &BufferSize,
- Buffer
- );
- }
-
- return Buffer;
-}
-
-/**
- This function gets the file system information from an open file descriptor,
- and stores it in a buffer allocated from pool.
-
- @param[in] FHand The file handle.
-
- @return A pointer to a buffer with file information.
- @retval NULL is returned if failed to get Vaolume Label Info.
-
-**/
-EFI_FILE_SYSTEM_VOLUME_LABEL *
-FileSystemVolumeLabelInfo (
- IN EFI_FILE_HANDLE FHand
- )
-{
- EFI_STATUS Status;
- EFI_FILE_SYSTEM_VOLUME_LABEL *Buffer;
- UINTN BufferSize;
- //
- // Initialize for GrowBuffer loop
- //
- Buffer = NULL;
- BufferSize = SIZE_OF_EFI_FILE_SYSTEM_VOLUME_LABEL + 200;
-
- //
- // Call the real function
- //
- while (GrowBuffer (&Status, (VOID **) &Buffer, BufferSize)) {
- Status = FHand->GetInfo (
- FHand,
- &gEfiFileSystemVolumeLabelInfoIdGuid,
- &BufferSize,
- Buffer
- );
- }
-
- return Buffer;
-}
-
-/**
- This function will open a file or directory referenced by DevicePath.
-
- This function opens a file with the open mode according to the file path. The
- Attributes is valid only for EFI_FILE_MODE_CREATE.
-
- @param[in, out] FilePath On input, the device path to the file.
- On output, the remaining device path.
- @param[out] FileHandle Pointer to the file handle.
- @param[in] OpenMode The mode to open the file with.
- @param[in] Attributes The file's file attributes.
-
- @retval EFI_SUCCESS The information was set.
- @retval EFI_INVALID_PARAMETER One of the parameters has an invalid value.
- @retval EFI_UNSUPPORTED Could not open the file path.
- @retval EFI_NOT_FOUND The specified file could not be found on the
- device or the file system could not be
found on
- the device.
- @retval EFI_NO_MEDIA The device has no medium.
- @retval EFI_MEDIA_CHANGED The device has a different medium in it or
the
- medium is no longer supported.
- @retval EFI_DEVICE_ERROR The device reported an error.
- @retval EFI_VOLUME_CORRUPTED The file system structures are corrupted.
- @retval EFI_WRITE_PROTECTED The file or medium is write protected.
- @retval EFI_ACCESS_DENIED The file was opened read only.
- @retval EFI_OUT_OF_RESOURCES Not enough resources were available to open
the
- file.
- @retval EFI_VOLUME_FULL The volume is full.
-**/
-EFI_STATUS
-EFIAPI
-OpenFileByDevicePath(
- IN OUT EFI_DEVICE_PATH_PROTOCOL **FilePath,
- OUT EFI_FILE_HANDLE *FileHandle,
- IN UINT64 OpenMode,
- IN UINT64 Attributes
- )
-{
- EFI_STATUS Status;
- EFI_SIMPLE_FILE_SYSTEM_PROTOCOL *EfiSimpleFileSystemProtocol;
- EFI_FILE_PROTOCOL *Handle1;
- EFI_FILE_PROTOCOL *Handle2;
- EFI_HANDLE DeviceHandle;
-
- if ((FilePath == NULL || FileHandle == NULL)) {
- return EFI_INVALID_PARAMETER;
- }
-
- Status = gBS->LocateDevicePath (
- &gEfiSimpleFileSystemProtocolGuid,
- FilePath,
- &DeviceHandle
- );
- if (EFI_ERROR (Status)) {
- return Status;
- }
-
- Status = gBS->OpenProtocol(
- DeviceHandle,
- &gEfiSimpleFileSystemProtocolGuid,
- (VOID**)&EfiSimpleFileSystemProtocol,
- gImageHandle,
- NULL,
- EFI_OPEN_PROTOCOL_GET_PROTOCOL
- );
- if (EFI_ERROR (Status)) {
- return Status;
- }
-
- Status =
EfiSimpleFileSystemProtocol->OpenVolume(EfiSimpleFileSystemProtocol, &Handle1);
- if (EFI_ERROR (Status)) {
- FileHandle = NULL;
- return Status;
- }
-
- //
- // go down directories one node at a time.
- //
- while (!IsDevicePathEnd (*FilePath)) {
- //
- // For file system access each node should be a file path component
- //
- if (DevicePathType (*FilePath) != MEDIA_DEVICE_PATH ||
- DevicePathSubType (*FilePath) != MEDIA_FILEPATH_DP
- ) {
- FileHandle = NULL;
- return (EFI_INVALID_PARAMETER);
- }
- //
- // Open this file path node
- //
- Handle2 = Handle1;
- Handle1 = NULL;
-
- //
- // Try to test opening an existing file
- //
- Status = Handle2->Open (
- Handle2,
- &Handle1,
- ((FILEPATH_DEVICE_PATH*)*FilePath)->PathName,
- OpenMode &~EFI_FILE_MODE_CREATE,
- 0
- );
-
- //
- // see if the error was that it needs to be created
- //
- if ((EFI_ERROR (Status)) && (OpenMode != (OpenMode
&~EFI_FILE_MODE_CREATE))) {
- Status = Handle2->Open (
- Handle2,
- &Handle1,
- ((FILEPATH_DEVICE_PATH*)*FilePath)->PathName,
- OpenMode,
- Attributes
- );
- }
- //
- // Close the last node
- //
- Handle2->Close (Handle2);
-
- if (EFI_ERROR(Status)) {
- return (Status);
- }
-
- //
- // Get the next node
- //
- *FilePath = NextDevicePathNode (*FilePath);
- }
-
- //
- // This is a weak spot since if the undefined SHELL_FILE_HANDLE format
changes this must change also!
- //
- *FileHandle = (VOID*)Handle1;
- return EFI_SUCCESS;
-}
-
-/**
- Function opens and returns a file handle to the root directory of a volume.
-
- @param[in] DeviceHandle A handle for a device
-
- @return A valid file handle or NULL if error happens.
-
-**/
-EFI_FILE_HANDLE
-OpenRoot (
- IN EFI_HANDLE DeviceHandle
- )
-{
- EFI_STATUS Status;
- EFI_SIMPLE_FILE_SYSTEM_PROTOCOL *Volume;
- EFI_FILE_HANDLE File;
-
- File = NULL;
-
- //
- // File the file system interface to the device
- //
- Status = gBS->HandleProtocol (
- DeviceHandle,
- &gEfiSimpleFileSystemProtocolGuid,
- (VOID *) &Volume
- );
-
- //
- // Open the root directory of the volume
- //
- if (!EFI_ERROR (Status)) {
- Status = Volume->OpenVolume (
- Volume,
- &File
- );
- }
- //
- // Done
- //
- return EFI_ERROR (Status) ? NULL : File;
-}
-
-/**
- This function builds the FsOptionMenu list which records all
- available file system in the system. They include all instances
- of EFI_SIMPLE_FILE_SYSTEM_PROTOCOL, all instances of EFI_LOAD_FILE_SYSTEM
- and all type of legacy boot device.
-
- @retval EFI_SUCCESS Success find the file system
- @retval EFI_OUT_OF_RESOURCES Can not create menu entry
-
-**/
-EFI_STATUS
-FindFileSystem (
- VOID
- )
-{
- UINTN NoBlkIoHandles;
- UINTN NoSimpleFsHandles;
- UINTN NoLoadFileHandles;
- EFI_HANDLE *BlkIoHandle;
- EFI_HANDLE *SimpleFsHandle;
- UINT16 *VolumeLabel;
- EFI_BLOCK_IO_PROTOCOL *BlkIo;
- UINTN Index;
- EFI_STATUS Status;
- SECUREBOOT_MENU_ENTRY *MenuEntry;
- SECUREBOOT_FILE_CONTEXT *FileContext;
- UINT16 *TempStr;
- UINTN OptionNumber;
- VOID *Buffer;
-
- BOOLEAN RemovableMedia;
-
-
- NoSimpleFsHandles = 0;
- NoLoadFileHandles = 0;
- OptionNumber = 0;
- InitializeListHead (&FsOptionMenu.Head);
-
- //
- // Locate Handles that support BlockIo protocol
- //
- Status = gBS->LocateHandleBuffer (
- ByProtocol,
- &gEfiBlockIoProtocolGuid,
- NULL,
- &NoBlkIoHandles,
- &BlkIoHandle
- );
- if (!EFI_ERROR (Status)) {
-
- for (Index = 0; Index < NoBlkIoHandles; Index++) {
- Status = gBS->HandleProtocol (
- BlkIoHandle[Index],
- &gEfiBlockIoProtocolGuid,
- (VOID **) &BlkIo
- );
-
- if (EFI_ERROR (Status)) {
- continue;
- }
-
- //
- // Issue a dummy read to trigger reinstall of BlockIo protocol for
removable media
- //
- if (BlkIo->Media->RemovableMedia) {
- Buffer = AllocateZeroPool (BlkIo->Media->BlockSize);
- if (NULL == Buffer) {
- FreePool (BlkIoHandle);
- return EFI_OUT_OF_RESOURCES;
- }
-
- BlkIo->ReadBlocks (
- BlkIo,
- BlkIo->Media->MediaId,
- 0,
- BlkIo->Media->BlockSize,
- Buffer
- );
- FreePool (Buffer);
- }
- }
- FreePool (BlkIoHandle);
- }
-
- //
- // Locate Handles that support Simple File System protocol
- //
- Status = gBS->LocateHandleBuffer (
- ByProtocol,
- &gEfiSimpleFileSystemProtocolGuid,
- NULL,
- &NoSimpleFsHandles,
- &SimpleFsHandle
- );
- if (!EFI_ERROR (Status)) {
- //
- // Find all the instances of the File System prototocol
- //
- for (Index = 0; Index < NoSimpleFsHandles; Index++) {
- Status = gBS->HandleProtocol (
- SimpleFsHandle[Index],
- &gEfiBlockIoProtocolGuid,
- (VOID **) &BlkIo
- );
- if (EFI_ERROR (Status)) {
- //
- // If no block IO exists assume it's NOT a removable media
- //
- RemovableMedia = FALSE;
- } else {
- //
- // If block IO exists check to see if it's remobable media
- //
- RemovableMedia = BlkIo->Media->RemovableMedia;
- }
-
- //
- // Allocate pool for this instance.
- //
- MenuEntry = CreateMenuEntry ();
- if (NULL == MenuEntry) {
- FreePool (SimpleFsHandle);
- return EFI_OUT_OF_RESOURCES;
- }
-
- FileContext = (SECUREBOOT_FILE_CONTEXT *) MenuEntry->FileContext;
-
- FileContext->Handle = SimpleFsHandle[Index];
- MenuEntry->OptionNumber = Index;
- FileContext->FHandle = OpenRoot (FileContext->Handle);
- if (FileContext->FHandle == NULL) {
- DestroyMenuEntry (MenuEntry);
- continue;
- }
-
- MenuEntry->HelpString = DevicePathToStr (DevicePathFromHandle
(FileContext->Handle));
- FileContext->Info = FileSystemVolumeLabelInfo (FileContext->FHandle);
- FileContext->FileName = StrDuplicate (L"\\");
- FileContext->DevicePath = FileDevicePath (
- FileContext->Handle,
- FileContext->FileName
- );
- FileContext->IsDir = TRUE;
- FileContext->IsRoot = TRUE;
- FileContext->IsRemovableMedia = RemovableMedia;
- FileContext->IsLoadFile = FALSE;
-
- //
- // Get current file system's Volume Label
- //
- if (FileContext->Info == NULL) {
- VolumeLabel = L"NO FILE SYSTEM INFO";
- } else {
- if (FileContext->Info->VolumeLabel == NULL) {
- VolumeLabel = L"NULL VOLUME LABEL";
- } else {
- VolumeLabel = FileContext->Info->VolumeLabel;
- if (*VolumeLabel == 0x0000) {
- VolumeLabel = L"NO VOLUME LABEL";
- }
- }
- }
-
- TempStr = MenuEntry->HelpString;
- MenuEntry->DisplayString = AllocateZeroPool (MAX_CHAR);
- ASSERT (MenuEntry->DisplayString != NULL);
- UnicodeSPrint (
- MenuEntry->DisplayString,
- MAX_CHAR,
- L"%s, [%s]",
- VolumeLabel,
- TempStr
- );
- OptionNumber++;
- InsertTailList (&FsOptionMenu.Head, &MenuEntry->Link);
- }
- }
-
- if (NoSimpleFsHandles != 0) {
- FreePool (SimpleFsHandle);
- }
-
- //
- // Remember how many file system options are here
- //
- FsOptionMenu.MenuNumber = OptionNumber;
- return EFI_SUCCESS;
-}
-
-
-/**
- Find files under the current directory. All files and sub-directories
- in current directory will be stored in DirectoryMenu for future use.
-
- @param[in] MenuEntry The Menu Entry.
-
- @retval EFI_SUCCESS Get files from current dir successfully.
- @return Other Can't get files from current dir.
-
-**/
-EFI_STATUS
-FindFiles (
- IN SECUREBOOT_MENU_ENTRY *MenuEntry
- )
-{
- EFI_FILE_HANDLE NewDir;
- EFI_FILE_HANDLE Dir;
- EFI_FILE_INFO *DirInfo;
- UINTN BufferSize;
- UINTN DirBufferSize;
- SECUREBOOT_MENU_ENTRY *NewMenuEntry;
- SECUREBOOT_FILE_CONTEXT *FileContext;
- SECUREBOOT_FILE_CONTEXT *NewFileContext;
- UINTN Pass;
- EFI_STATUS Status;
- UINTN OptionNumber;
-
- FileContext = (SECUREBOOT_FILE_CONTEXT *) MenuEntry->FileContext;
- Dir = FileContext->FHandle;
- OptionNumber = 0;
- //
- // Open current directory to get files from it
- //
- Status = Dir->Open (
- Dir,
- &NewDir,
- FileContext->FileName,
- EFI_FILE_READ_ONLY,
- 0
- );
- if (!FileContext->IsRoot) {
- Dir->Close (Dir);
- }
-
- if (EFI_ERROR (Status)) {
- return Status;
- }
-
- DirInfo = FileInfo (NewDir);
- if (DirInfo == NULL) {
- return EFI_NOT_FOUND;
- }
-
- if ((DirInfo->Attribute & EFI_FILE_DIRECTORY) == 0) {
- return EFI_INVALID_PARAMETER;
- }
-
- FileContext->DevicePath = FileDevicePath (
- FileContext->Handle,
- FileContext->FileName
- );
-
- DirBufferSize = sizeof (EFI_FILE_INFO) + 1024;
- DirInfo = AllocateZeroPool (DirBufferSize);
- if (DirInfo == NULL) {
- return EFI_OUT_OF_RESOURCES;
- }
-
- //
- // Get all files in current directory
- // Pass 1 to get Directories
- // Pass 2 to get files that are EFI images
- //
- for (Pass = 1; Pass <= 2; Pass++) {
- NewDir->SetPosition (NewDir, 0);
- for (;;) {
- BufferSize = DirBufferSize;
- Status = NewDir->Read (NewDir, &BufferSize, DirInfo);
- if (EFI_ERROR (Status) || BufferSize == 0) {
- break;
- }
-
- if (((DirInfo->Attribute & EFI_FILE_DIRECTORY) != 0 && Pass == 2) ||
- ((DirInfo->Attribute & EFI_FILE_DIRECTORY) == 0 && Pass == 1)
- ) {
- //
- // Pass 1 is for Directories
- // Pass 2 is for file names
- //
- continue;
- }
-
- NewMenuEntry = CreateMenuEntry ();
- if (NULL == NewMenuEntry) {
- return EFI_OUT_OF_RESOURCES;
- }
-
- NewFileContext = (SECUREBOOT_FILE_CONTEXT *)
NewMenuEntry->FileContext;
- NewFileContext->Handle = FileContext->Handle;
- NewFileContext->FileName = AppendFileName (
- FileContext->FileName,
- DirInfo->FileName
- );
- NewFileContext->FHandle = NewDir;
- NewFileContext->DevicePath = FileDevicePath (
- NewFileContext->Handle,
- NewFileContext->FileName
- );
- NewMenuEntry->HelpString = NULL;
-
- NewFileContext->IsDir = (BOOLEAN) ((DirInfo->Attribute &
EFI_FILE_DIRECTORY) == EFI_FILE_DIRECTORY);
- if (NewFileContext->IsDir) {
- BufferSize = StrLen (DirInfo->FileName) * 2 + 6;
- NewMenuEntry->DisplayString = AllocateZeroPool (BufferSize);
-
- UnicodeSPrint (
- NewMenuEntry->DisplayString,
- BufferSize,
- L"<%s>",
- DirInfo->FileName
- );
-
- } else {
- NewMenuEntry->DisplayString = StrDuplicate (DirInfo->FileName);
- }
-
- NewFileContext->IsRoot = FALSE;
- NewFileContext->IsLoadFile = FALSE;
- NewFileContext->IsRemovableMedia = FALSE;
-
- NewMenuEntry->OptionNumber = OptionNumber;
- OptionNumber++;
- InsertTailList (&DirectoryMenu.Head, &NewMenuEntry->Link);
- }
- }
-
- DirectoryMenu.MenuNumber = OptionNumber;
- FreePool (DirInfo);
- return EFI_SUCCESS;
-}
-
-/**
- Refresh the global UpdateData structure.
-
-**/
-VOID
-RefreshUpdateData (
- VOID
- )
-{
- //
- // Free current updated date
- //
- if (mStartOpCodeHandle != NULL) {
- HiiFreeOpCodeHandle (mStartOpCodeHandle);
- }
-
- //
- // Create new OpCode Handle
- //
- mStartOpCodeHandle = HiiAllocateOpCodeHandle ();
-
- //
- // Create Hii Extend Label OpCode as the start opcode
- //
- mStartLabel = (EFI_IFR_GUID_LABEL *) HiiCreateGuidOpCode (
- mStartOpCodeHandle,
- &gEfiIfrTianoGuid,
- NULL,
- sizeof (EFI_IFR_GUID_LABEL)
- );
- mStartLabel->ExtendOpCode = EFI_IFR_EXTEND_OP_LABEL;
-}
-
-/**
- Update the File Explore page.
-
- @param[in] HiiHandle Hii Handle of the package to be updated.
- @param[in] MenuOption The Menu whose string tokens need to be
updated.
- @param[in] FeCurrentState Current file explorer state.
-
-**/
-VOID
-UpdateFileExplorePage (
- IN EFI_HII_HANDLE HiiHandle,
- IN SECUREBOOT_MENU_OPTION *MenuOption,
- IN FILE_EXPLORER_STATE FeCurrentState
- )
-{
- UINTN Index;
- SECUREBOOT_MENU_ENTRY *NewMenuEntry;
- SECUREBOOT_FILE_CONTEXT *NewFileContext;
- EFI_FORM_ID FormId;
- EFI_FORM_ID FileFormId;
-
- if (FeCurrentState == FileExplorerStateEnrollPkFile) {
- FormId = SECUREBOOT_ADD_PK_FILE_FORM_ID;
- FileFormId = FORM_FILE_EXPLORER_ID_PK;
- } else if (FeCurrentState == FileExplorerStateEnrollKekFile) {
- FormId = FORMID_ENROLL_KEK_FORM;
- FileFormId = FORM_FILE_EXPLORER_ID_KEK;
- } else if (FeCurrentState == FileExplorerStateEnrollSignatureFileToDb) {
- FormId = SECUREBOOT_ENROLL_SIGNATURE_TO_DB;
- FileFormId = FORM_FILE_EXPLORER_ID_DB;
- } else if (FeCurrentState == FileExplorerStateEnrollSignatureFileToDbx) {
- FormId = SECUREBOOT_ENROLL_SIGNATURE_TO_DBX;
- FileFormId = FORM_FILE_EXPLORER_ID_DBX;
- } else {
- return;
- }
-
- NewMenuEntry = NULL;
- NewFileContext = NULL;
-
- RefreshUpdateData ();
- mStartLabel->Number = FORM_FILE_EXPLORER_ID;
-
- for (Index = 0; Index < MenuOption->MenuNumber; Index++) {
- NewMenuEntry = GetMenuEntry (MenuOption, Index);
- NewFileContext = (SECUREBOOT_FILE_CONTEXT *) NewMenuEntry->FileContext;
-
- if (NewFileContext->IsDir) {
- //
- // Create Text opcode for directory.
- //
- HiiCreateActionOpCode (
- mStartOpCodeHandle,
- (UINT16) (FILE_OPTION_OFFSET + Index),
- NewMenuEntry->DisplayStringToken,
- STRING_TOKEN (STR_NULL),
- EFI_IFR_FLAG_CALLBACK,
- 0
- );
- } else {
-
- //
- // Create Goto opcode for file.
- //
- HiiCreateGotoOpCode (
- mStartOpCodeHandle,
- FormId,
- NewMenuEntry->DisplayStringToken,
- STRING_TOKEN (STR_NULL),
- EFI_IFR_FLAG_CALLBACK,
- (UINT16) (FILE_OPTION_OFFSET + Index)
- );
- }
- }
-
- HiiUpdateForm (
- HiiHandle,
- &gSecureBootConfigFormSetGuid,
- FileFormId,
- mStartOpCodeHandle, // Label FORM_FILE_EXPLORER_ID
- mEndOpCodeHandle // LABEL_END
- );
-}
-
-/**
- Update the file explorer page with the refreshed file system.
-
- @param[in] PrivateData Module private data.
- @param[in] KeyValue Key value to identify the type of data to expect.
-
- @retval TRUE Inform the caller to create a callback packet to
exit file explorer.
- @retval FALSE Indicate that there is no need to exit file explorer.
-
-**/
-BOOLEAN
-UpdateFileExplorer (
- IN SECUREBOOT_CONFIG_PRIVATE_DATA *PrivateData,
- IN UINT16 KeyValue
- )
-{
- UINT16 FileOptionMask;
- SECUREBOOT_MENU_ENTRY *NewMenuEntry;
- SECUREBOOT_FILE_CONTEXT *NewFileContext;
- EFI_FORM_ID FormId;
- BOOLEAN ExitFileExplorer;
- EFI_STATUS Status;
- EFI_DEVICE_PATH_PROTOCOL *TmpDevicePath;
-
- NewMenuEntry = NULL;
- NewFileContext = NULL;
- ExitFileExplorer = FALSE;
- FileOptionMask = (UINT16) (FILE_OPTION_MASK & KeyValue);
-
- if (PrivateData->FeDisplayContext == FileExplorerDisplayUnknown) {
- //
- // First in, display file system.
- //
- FreeMenu (&FsOptionMenu);
- FindFileSystem ();
-
- CreateMenuStringToken (PrivateData->HiiHandle, &FsOptionMenu);
- UpdateFileExplorePage (PrivateData->HiiHandle, &FsOptionMenu,
PrivateData->FeCurrentState);
-
- PrivateData->FeDisplayContext = FileExplorerDisplayFileSystem;
- } else {
- if (PrivateData->FeDisplayContext == FileExplorerDisplayFileSystem) {
- NewMenuEntry = GetMenuEntry (&FsOptionMenu, FileOptionMask);
- } else if (PrivateData->FeDisplayContext == FileExplorerDisplayDirectory) {
- NewMenuEntry = GetMenuEntry (&DirectoryMenu, FileOptionMask);
- }
-
- NewFileContext = (SECUREBOOT_FILE_CONTEXT *) NewMenuEntry->FileContext;
-
- if (NewFileContext->IsDir ) {
- PrivateData->FeDisplayContext = FileExplorerDisplayDirectory;
-
- RemoveEntryList (&NewMenuEntry->Link);
- FreeMenu (&DirectoryMenu);
- Status = FindFiles (NewMenuEntry);
- if (EFI_ERROR (Status)) {
- ExitFileExplorer = TRUE;
- goto OnExit;
- }
- CreateMenuStringToken (PrivateData->HiiHandle, &DirectoryMenu);
- DestroyMenuEntry (NewMenuEntry);
-
- UpdateFileExplorePage (PrivateData->HiiHandle, &DirectoryMenu,
PrivateData->FeCurrentState);
-
- } else {
- if (PrivateData->FeCurrentState == FileExplorerStateEnrollPkFile) {
- FormId = SECUREBOOT_ADD_PK_FILE_FORM_ID;
- } else if (PrivateData->FeCurrentState ==
FileExplorerStateEnrollKekFile) {
- FormId = FORMID_ENROLL_KEK_FORM;
- } else if (PrivateData->FeCurrentState ==
FileExplorerStateEnrollSignatureFileToDb) {
- FormId = SECUREBOOT_ENROLL_SIGNATURE_TO_DB;
- } else if (PrivateData->FeCurrentState ==
FileExplorerStateEnrollSignatureFileToDbx) {
- FormId = SECUREBOOT_ENROLL_SIGNATURE_TO_DBX;
- } else {
- return FALSE;
- }
-
- PrivateData->MenuEntry = NewMenuEntry;
- PrivateData->FileContext->FileName = NewFileContext->FileName;
-
- TmpDevicePath = NewFileContext->DevicePath;
- OpenFileByDevicePath (
- &TmpDevicePath,
- &PrivateData->FileContext->FHandle,
- EFI_FILE_MODE_READ,
- 0
- );
-
- //
- // Create Subtitle op-code for the display string of the option.
- //
- RefreshUpdateData ();
- mStartLabel->Number = FormId;
-
- HiiCreateSubTitleOpCode (
- mStartOpCodeHandle,
- NewMenuEntry->DisplayStringToken,
- 0,
- 0,
- 0
- );
-
- HiiUpdateForm (
- PrivateData->HiiHandle,
- &gSecureBootConfigFormSetGuid,
- FormId,
- mStartOpCodeHandle, // Label FormId
- mEndOpCodeHandle // LABEL_END
- );
- }
- }
-
-OnExit:
- return ExitFileExplorer;
-}
-
-/**
- Clean up the dynamic opcode at label and form specified by both LabelId.
-
- @param[in] LabelId It is both the Form ID and Label ID for opcode
deletion.
- @param[in] PrivateData Module private data.
-
-**/
-VOID
-CleanUpPage (
- IN UINT16 LabelId,
- IN SECUREBOOT_CONFIG_PRIVATE_DATA *PrivateData
- )
-{
- RefreshUpdateData ();
-
- //
- // Remove all op-codes from dynamic page
- //
- mStartLabel->Number = LabelId;
- HiiUpdateForm (
- PrivateData->HiiHandle,
- &gSecureBootConfigFormSetGuid,
- LabelId,
- mStartOpCodeHandle, // Label LabelId
- mEndOpCodeHandle // LABEL_END
- );
-}
-
Deleted: trunk/edk2/OvmfPkg/SecureBootConfigDxe/SecureBootConfigImpl.c
===================================================================
--- trunk/edk2/OvmfPkg/SecureBootConfigDxe/SecureBootConfigImpl.c
2014-10-02 08:08:05 UTC (rev 16191)
+++ trunk/edk2/OvmfPkg/SecureBootConfigDxe/SecureBootConfigImpl.c
2014-10-02 08:08:14 UTC (rev 16192)
@@ -1,2819 +0,0 @@
-/** @file
- HII Config Access protocol implementation of SecureBoot configuration module.
-
-Copyright (c) 2011 - 2012, Intel Corporation. All rights reserved.<BR>
-This program and the accompanying materials
-are licensed and made available under the terms and conditions of the BSD
License
-which accompanies this distribution. The full text of the license may be
found at
-http://opensource.org/licenses/bsd-license.php
-
-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
-
-**/
-
-#include "SecureBootConfigImpl.h"
-
-CHAR16 mSecureBootStorageName[] = L"SECUREBOOT_CONFIGURATION";
-
-SECUREBOOT_CONFIG_PRIVATE_DATA mSecureBootConfigPrivateDateTemplate = {
- SECUREBOOT_CONFIG_PRIVATE_DATA_SIGNATURE,
- {
- SecureBootExtractConfig,
- SecureBootRouteConfig,
- SecureBootCallback
- }
-};
-
-HII_VENDOR_DEVICE_PATH mSecureBootHiiVendorDevicePath = {
- {
- {
- HARDWARE_DEVICE_PATH,
- HW_VENDOR_DP,
- {
- (UINT8) (sizeof (VENDOR_DEVICE_PATH)),
- (UINT8) ((sizeof (VENDOR_DEVICE_PATH)) >> 8)
- }
- },
- SECUREBOOT_CONFIG_FORM_SET_GUID
- },
- {
- END_DEVICE_PATH_TYPE,
- END_ENTIRE_DEVICE_PATH_SUBTYPE,
- {
- (UINT8) (END_DEVICE_PATH_LENGTH),
- (UINT8) ((END_DEVICE_PATH_LENGTH) >> 8)
- }
- }
-};
-
-
-//
-// OID ASN.1 Value for Hash Algorithms
-//
-UINT8 mHashOidValue[] = {
- 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x02, 0x05, // OBJ_md5
- 0x2B, 0x0E, 0x03, 0x02, 0x1A, // OBJ_sha1
- 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x04, // OBJ_sha224
- 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, // OBJ_sha256
- 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x02, // OBJ_sha384
- 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x03, // OBJ_sha512
- };
-
-HASH_TABLE mHash[] = {
- { L"SHA1", 20, &mHashOidValue[8], 5, Sha1GetContextSize, Sha1Init,
Sha1Update, Sha1Final },
- { L"SHA224", 28, &mHashOidValue[13], 9, NULL, NULL,
NULL, NULL },
- { L"SHA256", 32, &mHashOidValue[22], 9, Sha256GetContextSize,Sha256Init,
Sha256Update, Sha256Final},
- { L"SHA384", 48, &mHashOidValue[31], 9, NULL, NULL,
NULL, NULL },
- { L"SHA512", 64, &mHashOidValue[40], 9, NULL, NULL,
NULL, NULL }
-};
-
-//
-// Variable Definitions
-//
-UINT32 mPeCoffHeaderOffset = 0;
-WIN_CERTIFICATE *mCertificate = NULL;
-IMAGE_TYPE mImageType;
-UINT8 *mImageBase = NULL;
-UINTN mImageSize = 0;
-UINT8 mImageDigest[MAX_DIGEST_SIZE];
-UINTN mImageDigestSize;
-EFI_GUID mCertType;
-EFI_IMAGE_SECURITY_DATA_DIRECTORY *mSecDataDir = NULL;
-EFI_IMAGE_OPTIONAL_HEADER_PTR_UNION mNtHeader;
-
-//
-// Possible DER-encoded certificate file suffixes, end with NULL pointer.
-//
-CHAR16* mDerEncodedSuffix[] = {
- L".cer",
- L".der",
- L".crt",
- NULL
-};
-CHAR16* mSupportX509Suffix = L"*.cer/der/crt";
-
-/**
- This code checks if the FileSuffix is one of the possible DER-encoded
certificate suffix.
-
- @param[in] FileSuffix The suffix of the input certificate file
-
- @retval TRUE It's a DER-encoded certificate.
- @retval FALSE It's NOT a DER-encoded certificate.
-
-**/
-BOOLEAN
-IsDerEncodeCertificate (
- IN CONST CHAR16 *FileSuffix
-)
-{
- UINTN Index;
- for (Index = 0; mDerEncodedSuffix[Index] != NULL; Index++) {
- if (StrCmp (FileSuffix, mDerEncodedSuffix[Index]) == 0) {
- return TRUE;
- }
- }
- return FALSE;
-}
-
-/**
- Set Secure Boot option into variable space.
-
- @param[in] VarValue The option of Secure Boot.
-
- @retval EFI_SUCCESS The operation is finished successfully.
- @retval Others Other errors as indicated.
-
-**/
-EFI_STATUS
-SaveSecureBootVariable (
- IN UINT8 VarValue
- )
-{
- EFI_STATUS Status;
-
- Status = gRT->SetVariable (
- EFI_SECURE_BOOT_ENABLE_NAME,
- &gEfiSecureBootEnableDisableGuid,
- EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS,
- sizeof (UINT8),
- &VarValue
- );
- return Status;
-}
-
-/**
- Create a time based data payload by concatenating the
EFI_VARIABLE_AUTHENTICATION_2
- descriptor with the input data. NO authentication is required in this
function.
-
- @param[in, out] DataSize On input, the size of Data buffer in bytes.
- On output, the size of data returned in Data
- buffer in bytes.
- @param[in, out] Data On input, Pointer to data buffer to be
wrapped or
- pointer to NULL to wrap an empty payload.
- On output, Pointer to the new payload date
buffer allocated from pool,
- it's caller's responsibility to free the
memory when finish using it.
-
- @retval EFI_SUCCESS Create time based payload successfully.
- @retval EFI_OUT_OF_RESOURCES There are not enough memory resourses to
create time based payload.
- @retval EFI_INVALID_PARAMETER The parameter is invalid.
- @retval Others Unexpected error happens.
-
-**/
-EFI_STATUS
-CreateTimeBasedPayload (
- IN OUT UINTN *DataSize,
- IN OUT UINT8 **Data
- )
-{
- EFI_STATUS Status;
- UINT8 *NewData;
- UINT8 *Payload;
- UINTN PayloadSize;
- EFI_VARIABLE_AUTHENTICATION_2 *DescriptorData;
- UINTN DescriptorSize;
- EFI_TIME Time;
-
- if (Data == NULL || DataSize == NULL) {
- return EFI_INVALID_PARAMETER;
- }
-
- //
- // In Setup mode or Custom mode, the variable does not need to be signed but
the
- // parameters to the SetVariable() call still need to be prepared as
authenticated
- // variable. So we create EFI_VARIABLE_AUTHENTICATED_2 descriptor without
certificate
- // data in it.
- //
- Payload = *Data;
- PayloadSize = *DataSize;
-
- DescriptorSize = OFFSET_OF (EFI_VARIABLE_AUTHENTICATION_2, AuthInfo) +
OFFSET_OF (WIN_CERTIFICATE_UEFI_GUID, CertData);
- NewData = (UINT8*) AllocateZeroPool (DescriptorSize + PayloadSize);
- if (NewData == NULL) {
- return EFI_OUT_OF_RESOURCES;
- }
-
- if ((Payload != NULL) && (PayloadSize != 0)) {
- CopyMem (NewData + DescriptorSize, Payload, PayloadSize);
- }
-
- DescriptorData = (EFI_VARIABLE_AUTHENTICATION_2 *) (NewData);
-
- ZeroMem (&Time, sizeof (EFI_TIME));
- Status = gRT->GetTime (&Time, NULL);
- if (EFI_ERROR (Status)) {
- FreePool(NewData);
- return Status;
- }
- Time.Pad1 = 0;
- Time.Nanosecond = 0;
- Time.TimeZone = 0;
- Time.Daylight = 0;
- Time.Pad2 = 0;
- CopyMem (&DescriptorData->TimeStamp, &Time, sizeof (EFI_TIME));
-
- DescriptorData->AuthInfo.Hdr.dwLength = OFFSET_OF
(WIN_CERTIFICATE_UEFI_GUID, CertData);
- DescriptorData->AuthInfo.Hdr.wRevision = 0x0200;
- DescriptorData->AuthInfo.Hdr.wCertificateType = WIN_CERT_TYPE_EFI_GUID;
- CopyGuid (&DescriptorData->AuthInfo.CertType, &gEfiCertPkcs7Guid);
-
- if (Payload != NULL) {
- FreePool(Payload);
- }
-
- *DataSize = DescriptorSize + PayloadSize;
- *Data = NewData;
- return EFI_SUCCESS;
-}
-
-/**
- Internal helper function to delete a Variable given its name and GUID, NO
authentication
- required.
-
- @param[in] VariableName Name of the Variable.
- @param[in] VendorGuid GUID of the Variable.
-
- @retval EFI_SUCCESS Variable deleted successfully.
- @retval Others The driver failed to start the device.
-
-**/
-EFI_STATUS
-DeleteVariable (
- IN CHAR16 *VariableName,
- IN EFI_GUID *VendorGuid
- )
-{
- EFI_STATUS Status;
- VOID* Variable;
- UINT8 *Data;
- UINTN DataSize;
- UINT32 Attr;
-
- GetVariable2 (VariableName, VendorGuid, &Variable, NULL);
- if (Variable == NULL) {
- return EFI_SUCCESS;
- }
-
- Data = NULL;
- DataSize = 0;
- Attr = EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS |
EFI_VARIABLE_BOOTSERVICE_ACCESS
- | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS;
-
- Status = CreateTimeBasedPayload (&DataSize, &Data);
- if (EFI_ERROR (Status)) {
- DEBUG ((EFI_D_ERROR, "Fail to create time-based data payload: %r",
Status));
- return Status;
- }
-
- Status = gRT->SetVariable (
- VariableName,
- VendorGuid,
- Attr,
- DataSize,
- Data
- );
- if (Data != NULL) {
- FreePool (Data);
- }
- return Status;
-}
-
-/**
- Generate the PK signature list from the X509 Certificate storing file (.cer)
-
- @param[in] X509File FileHandle of X509 Certificate storing
file.
- @param[out] PkCert Point to the data buffer to store the
signature list.
-
- @return EFI_UNSUPPORTED Unsupported Key Length.
- @return EFI_OUT_OF_RESOURCES There are not enough memory resourses to
form the signature list.
-
-**/
-EFI_STATUS
-CreatePkX509SignatureList (
- IN EFI_FILE_HANDLE X509File,
- OUT EFI_SIGNATURE_LIST **PkCert
- )
-{
- EFI_STATUS Status;
- UINT8 *X509Data;
- UINTN X509DataSize;
- EFI_SIGNATURE_DATA *PkCertData;
-
- X509Data = NULL;
- PkCertData = NULL;
- X509DataSize = 0;
-
- Status = ReadFileContent (X509File, (VOID**) &X509Data, &X509DataSize, 0);
- if (EFI_ERROR (Status)) {
- goto ON_EXIT;
- }
- ASSERT (X509Data != NULL);
-
- //
- // Allocate space for PK certificate list and initialize it.
- // Create PK database entry with SignatureHeaderSize equals 0.
- //
- *PkCert = (EFI_SIGNATURE_LIST*) AllocateZeroPool (
- sizeof(EFI_SIGNATURE_LIST) + sizeof(EFI_SIGNATURE_DATA) - 1
- + X509DataSize
- );
- if (*PkCert == NULL) {
- Status = EFI_OUT_OF_RESOURCES;
- goto ON_EXIT;
- }
-
- (*PkCert)->SignatureListSize = (UINT32) (sizeof(EFI_SIGNATURE_LIST)
- + sizeof(EFI_SIGNATURE_DATA) - 1
- + X509DataSize);
- (*PkCert)->SignatureSize = (UINT32) (sizeof(EFI_SIGNATURE_DATA) - 1 +
X509DataSize);
- (*PkCert)->SignatureHeaderSize = 0;
- CopyGuid (&(*PkCert)->SignatureType, &gEfiCertX509Guid);
- PkCertData = (EFI_SIGNATURE_DATA*) ((UINTN)(*PkCert)
- +
sizeof(EFI_SIGNATURE_LIST)
- +
(*PkCert)->SignatureHeaderSize);
- CopyGuid (&PkCertData->SignatureOwner, &gEfiGlobalVariableGuid);
- //
- // Fill the PK database with PKpub data from X509 certificate file.
- //
- CopyMem (&(PkCertData->SignatureData[0]), X509Data, X509DataSize);
-
-ON_EXIT:
-
- if (X509Data != NULL) {
- FreePool (X509Data);
- }
-
- if (EFI_ERROR(Status) && *PkCert != NULL) {
- FreePool (*PkCert);
- *PkCert = NULL;
- }
-
- return Status;
-}
-
-/**
- Enroll new PK into the System without original PK's authentication.
-
- The SignatureOwner GUID will be the same with PK's vendorguid.
-
- @param[in] PrivateData The module's private data.
-
- @retval EFI_SUCCESS New PK enrolled successfully.
- @retval EFI_INVALID_PARAMETER The parameter is invalid.
- @retval EFI_OUT_OF_RESOURCES Could not allocate needed resources.
-
-**/
-EFI_STATUS
-EnrollPlatformKey (
- IN SECUREBOOT_CONFIG_PRIVATE_DATA* Private
- )
-{
- EFI_STATUS Status;
- UINT32 Attr;
- UINTN DataSize;
- EFI_SIGNATURE_LIST *PkCert;
- UINT16* FilePostFix;
- UINTN NameLength;
-
- if (Private->FileContext->FileName == NULL) {
- return EFI_INVALID_PARAMETER;
- }
-
- PkCert = NULL;
-
- //
- // Parse the file's postfix. Only support DER encoded X.509 certificate
files.
- //
- NameLength = StrLen (Private->FileContext->FileName);
- if (NameLength <= 4) {
- return EFI_INVALID_PARAMETER;
- }
- FilePostFix = Private->FileContext->FileName + NameLength - 4;
- if (!IsDerEncodeCertificate(FilePostFix)) {
- DEBUG ((EFI_D_ERROR, "Unsupported file type, only DER encoded certificate
(%s) is supported.", mSupportX509Suffix));
- return EFI_INVALID_PARAMETER;
- }
- DEBUG ((EFI_D_INFO, "FileName= %s\n", Private->FileContext->FileName));
- DEBUG ((EFI_D_INFO, "FilePostFix = %s\n", FilePostFix));
-
- //
- // Prase the selected PK file and generature PK certificate list.
- //
- Status = CreatePkX509SignatureList (
- Private->FileContext->FHandle,
- &PkCert
- );
- if (EFI_ERROR (Status)) {
- goto ON_EXIT;
- }
- ASSERT (PkCert != NULL);
-
- //
- // Set Platform Key variable.
- //
- Attr = EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS
- | EFI_VARIABLE_BOOTSERVICE_ACCESS |
EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS;
- DataSize = PkCert->SignatureListSize;
- Status = CreateTimeBasedPayload (&DataSize, (UINT8**) &PkCert);
- if (EFI_ERROR (Status)) {
- DEBUG ((EFI_D_ERROR, "Fail to create time-based data payload: %r",
Status));
- goto ON_EXIT;
- }
-
- Status = gRT->SetVariable(
- EFI_PLATFORM_KEY_NAME,
- &gEfiGlobalVariableGuid,
- Attr,
- DataSize,
- PkCert
- );
- if (EFI_ERROR (Status)) {
- if (Status == EFI_OUT_OF_RESOURCES) {
- DEBUG ((EFI_D_ERROR, "Enroll PK failed with out of resource.\n"));
- }
- goto ON_EXIT;
- }
-
-ON_EXIT:
-
- if (PkCert != NULL) {
- FreePool(PkCert);
- }
-
- if (Private->FileContext->FHandle != NULL) {
- CloseFile (Private->FileContext->FHandle);
- Private->FileContext->FHandle = NULL;
- }
-
- return Status;
-}
-
-/**
- Remove the PK variable.
-
- @retval EFI_SUCCESS Delete PK successfully.
- @retval Others Could not allow to delete PK.
-
-**/
-EFI_STATUS
-DeletePlatformKey (
- VOID
-)
-{
- EFI_STATUS Status;
-
- Status = DeleteVariable (
- EFI_PLATFORM_KEY_NAME,
- &gEfiGlobalVariableGuid
- );
- return Status;
-}
-
-/**
- Enroll a new KEK item from public key storing file (*.pbk).
-
- @param[in] PrivateData The module's private data.
-
- @retval EFI_SUCCESS New KEK enrolled successfully.
- @retval EFI_INVALID_PARAMETER The parameter is invalid.
- @retval EFI_UNSUPPORTED Unsupported command.
- @retval EFI_OUT_OF_RESOURCES Could not allocate needed resources.
-
-**/
-EFI_STATUS
-EnrollRsa2048ToKek (
- IN SECUREBOOT_CONFIG_PRIVATE_DATA *Private
- )
-{
- EFI_STATUS Status;
- UINT32 Attr;
- UINTN DataSize;
- EFI_SIGNATURE_LIST *KekSigList;
- UINTN KeyBlobSize;
- UINT8 *KeyBlob;
- CPL_KEY_INFO *KeyInfo;
- EFI_SIGNATURE_DATA *KEKSigData;
- UINTN KekSigListSize;
- UINT8 *KeyBuffer;
- UINTN KeyLenInBytes;
-
- Attr = 0;
- DataSize = 0;
- KeyBuffer = NULL;
- KeyBlobSize = 0;
- KeyBlob = NULL;
- KeyInfo = NULL;
- KEKSigData = NULL;
- KekSigList = NULL;
- KekSigListSize = 0;
-
- //
- // Form the KeKpub certificate list into EFI_SIGNATURE_LIST type.
- // First, We have to parse out public key data from the pbk key file.
- //
- Status = ReadFileContent (
- Private->FileContext->FHandle,
- (VOID**) &KeyBlob,
- &KeyBlobSize,
- 0
- );
- if (EFI_ERROR (Status)) {
- goto ON_EXIT;
- }
- ASSERT (KeyBlob != NULL);
- KeyInfo = (CPL_KEY_INFO *) KeyBlob;
- if (KeyInfo->KeyLengthInBits / 8 != WIN_CERT_UEFI_RSA2048_SIZE) {
- DEBUG ((DEBUG_ERROR, "Unsupported key length, Only RSA2048 is
supported.\n"));
- Status = EFI_UNSUPPORTED;
- goto ON_EXIT;
- }
-
- //
- // Convert the Public key to fix octet string format represented in RSA
PKCS#1.
- //
- KeyLenInBytes = KeyInfo->KeyLengthInBits / 8;
- KeyBuffer = AllocateZeroPool (KeyLenInBytes);
- if (KeyBuffer == NULL) {
- Status = EFI_OUT_OF_RESOURCES;
- goto ON_EXIT;
- }
- Int2OctStr (
- (UINTN*) (KeyBlob + sizeof (CPL_KEY_INFO)),
- KeyLenInBytes / sizeof (UINTN),
- KeyBuffer,
- KeyLenInBytes
- );
- CopyMem(KeyBlob + sizeof(CPL_KEY_INFO), KeyBuffer, KeyLenInBytes);
-
- //
- // Form an new EFI_SIGNATURE_LIST.
- //
- KekSigListSize = sizeof(EFI_SIGNATURE_LIST)
- + sizeof(EFI_SIGNATURE_DATA) - 1
- + WIN_CERT_UEFI_RSA2048_SIZE;
-
- KekSigList = (EFI_SIGNATURE_LIST*) AllocateZeroPool (KekSigListSize);
- if (KekSigList == NULL) {
- Status = EFI_OUT_OF_RESOURCES;
- goto ON_EXIT;
- }
-
- KekSigList->SignatureListSize = sizeof(EFI_SIGNATURE_LIST)
- + sizeof(EFI_SIGNATURE_DATA) - 1
- + WIN_CERT_UEFI_RSA2048_SIZE;
- KekSigList->SignatureHeaderSize = 0;
- KekSigList->SignatureSize = sizeof(EFI_SIGNATURE_DATA) - 1 +
WIN_CERT_UEFI_RSA2048_SIZE;
- CopyGuid (&KekSigList->SignatureType, &gEfiCertRsa2048Guid);
-
- KEKSigData = (EFI_SIGNATURE_DATA*)((UINT8*)KekSigList +
sizeof(EFI_SIGNATURE_LIST));
- CopyGuid (&KEKSigData->SignatureOwner, Private->SignatureGUID);
- CopyMem (
- KEKSigData->SignatureData,
- KeyBlob + sizeof(CPL_KEY_INFO),
- WIN_CERT_UEFI_RSA2048_SIZE
- );
-
- //
- // Check if KEK entry has been already existed.
- // If true, use EFI_VARIABLE_APPEND_WRITE attribute to append the
- // new KEK to original variable.
- //
- Attr = EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS
- | EFI_VARIABLE_BOOTSERVICE_ACCESS |
EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS;
- Status = CreateTimeBasedPayload (&KekSigListSize, (UINT8**) &KekSigList);
- if (EFI_ERROR (Status)) {
- DEBUG ((EFI_D_ERROR, "Fail to create time-based data payload: %r",
Status));
- goto ON_EXIT;
- }
-
- Status = gRT->GetVariable(
- EFI_KEY_EXCHANGE_KEY_NAME,
- &gEfiGlobalVariableGuid,
- NULL,
- &DataSize,
- NULL
- );
- if (Status == EFI_BUFFER_TOO_SMALL) {
- Attr |= EFI_VARIABLE_APPEND_WRITE;
- } else if (Status != EFI_NOT_FOUND) {
- goto ON_EXIT;
- }
-
- //
- // Done. Now we have formed the correct KEKpub database item, just set it
into variable storage,
- //
- Status = gRT->SetVariable(
- EFI_KEY_EXCHANGE_KEY_NAME,
- &gEfiGlobalVariableGuid,
- Attr,
- KekSigListSize,
- KekSigList
- );
- if (EFI_ERROR (Status)) {
- goto ON_EXIT;
- }
-
-ON_EXIT:
-
- CloseFile (Private->FileContext->FHandle);
- Private->FileContext->FHandle = NULL;
- Private->FileContext->FileName = NULL;
-
- if (Private->SignatureGUID != NULL) {
- FreePool (Private->SignatureGUID);
- Private->SignatureGUID = NULL;
- }
-
- if (KeyBlob != NULL) {
- FreePool (KeyBlob);
- }
- if (KeyBuffer != NULL) {
- FreePool (KeyBuffer);
- }
- if (KekSigList != NULL) {
- FreePool (KekSigList);
- }
-
- return Status;
-}
-
-/**
- Enroll a new KEK item from X509 certificate file.
-
- @param[in] PrivateData The module's private data.
-
- @retval EFI_SUCCESS New X509 is enrolled successfully.
- @retval EFI_INVALID_PARAMETER The parameter is invalid.
- @retval EFI_UNSUPPORTED Unsupported command.
- @retval EFI_OUT_OF_RESOURCES Could not allocate needed resources.
-
-**/
-EFI_STATUS
-EnrollX509ToKek (
- IN SECUREBOOT_CONFIG_PRIVATE_DATA *Private
- )
-{
- EFI_STATUS Status;
- UINTN X509DataSize;
- VOID *X509Data;
- EFI_SIGNATURE_DATA *KEKSigData;
- EFI_SIGNATURE_LIST *KekSigList;
- UINTN DataSize;
- UINTN KekSigListSize;
- UINT32 Attr;
-
- X509Data = NULL;
- X509DataSize = 0;
- KekSigList = NULL;
- KekSigListSize = 0;
- DataSize = 0;
- KEKSigData = NULL;
-
- Status = ReadFileContent (
- Private->FileContext->FHandle,
- &X509Data,
- &X509DataSize,
- 0
- );
- if (EFI_ERROR (Status)) {
- goto ON_EXIT;
- }
- ASSERT (X509Data != NULL);
-
- KekSigListSize = sizeof(EFI_SIGNATURE_LIST) + sizeof(EFI_SIGNATURE_DATA) - 1
+ X509DataSize;
- KekSigList = (EFI_SIGNATURE_LIST*) AllocateZeroPool (KekSigListSize);
- if (KekSigList == NULL) {
- Status = EFI_OUT_OF_RESOURCES;
- goto ON_EXIT;
- }
-
- //
- // Fill Certificate Database parameters.
- //
- KekSigList->SignatureListSize = (UINT32) KekSigListSize;
- KekSigList->SignatureHeaderSize = 0;
- KekSigList->SignatureSize = (UINT32) (sizeof(EFI_SIGNATURE_DATA) - 1 +
X509DataSize);
- CopyGuid (&KekSigList->SignatureType, &gEfiCertX509Guid);
-
- KEKSigData = (EFI_SIGNATURE_DATA*) ((UINT8*) KekSigList + sizeof
(EFI_SIGNATURE_LIST));
- CopyGuid (&KEKSigData->SignatureOwner, Private->SignatureGUID);
- CopyMem (KEKSigData->SignatureData, X509Data, X509DataSize);
-
- //
- // Check if KEK been already existed.
- // If true, use EFI_VARIABLE_APPEND_WRITE attribute to append the
- // new kek to original variable
- //
- Attr = EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS
- | EFI_VARIABLE_BOOTSERVICE_ACCESS |
EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS;
- Status = CreateTimeBasedPayload (&KekSigListSize, (UINT8**) &KekSigList);
- if (EFI_ERROR (Status)) {
- DEBUG ((EFI_D_ERROR, "Fail to create time-based data payload: %r",
Status));
- goto ON_EXIT;
- }
-
- Status = gRT->GetVariable(
- EFI_KEY_EXCHANGE_KEY_NAME,
- &gEfiGlobalVariableGuid,
- NULL,
- &DataSize,
- NULL
- );
- if (Status == EFI_BUFFER_TOO_SMALL) {
- Attr |= EFI_VARIABLE_APPEND_WRITE;
- } else if (Status != EFI_NOT_FOUND) {
- goto ON_EXIT;
- }
-
- Status = gRT->SetVariable(
- EFI_KEY_EXCHANGE_KEY_NAME,
- &gEfiGlobalVariableGuid,
- Attr,
- KekSigListSize,
- KekSigList
- );
- if (EFI_ERROR (Status)) {
- goto ON_EXIT;
- }
-
-ON_EXIT:
-
- CloseFile (Private->FileContext->FHandle);
- Private->FileContext->FileName = NULL;
- Private->FileContext->FHandle = NULL;
-
- if (Private->SignatureGUID != NULL) {
- FreePool (Private->SignatureGUID);
- Private->SignatureGUID = NULL;
- }
-
- if (KekSigList != NULL) {
- FreePool (KekSigList);
- }
-
- return Status;
-}
-
-/**
- Enroll new KEK into the System without PK's authentication.
- The SignatureOwner GUID will be Private->SignatureGUID.
-
- @param[in] PrivateData The module's private data.
-
- @retval EFI_SUCCESS New KEK enrolled successful.
- @retval EFI_INVALID_PARAMETER The parameter is invalid.
- @retval others Fail to enroll KEK data.
-
-**/
-EFI_STATUS
-EnrollKeyExchangeKey (
- IN SECUREBOOT_CONFIG_PRIVATE_DATA *Private
- )
-{
- UINT16* FilePostFix;
- UINTN NameLength;
-
- if ((Private->FileContext->FileName == NULL) || (Private->SignatureGUID ==
NULL)) {
- return EFI_INVALID_PARAMETER;
- }
-
- //
- // Parse the file's postfix. Supports DER-encoded X509 certificate,
- // and .pbk as RSA public key file.
- //
- NameLength = StrLen (Private->FileContext->FileName);
- if (NameLength <= 4) {
- return EFI_INVALID_PARAMETER;
- }
- FilePostFix = Private->FileContext->FileName + NameLength - 4;
- if (IsDerEncodeCertificate(FilePostFix)) {
- return EnrollX509ToKek (Private);
- } else if (CompareMem (FilePostFix, L".pbk",4) == 0) {
- return EnrollRsa2048ToKek (Private);
- } else {
- return EFI_INVALID_PARAMETER;
- }
-}
-
-/**
- Enroll a new X509 certificate into Signature Database (DB or DBX) without
- KEK's authentication.
-
- @param[in] PrivateData The module's private data.
- @param[in] VariableName Variable name of signature database, must be
- EFI_IMAGE_SECURITY_DATABASE or
EFI_IMAGE_SECURITY_DATABASE1.
-
- @retval EFI_SUCCESS New X509 is enrolled successfully.
- @retval EFI_OUT_OF_RESOURCES Could not allocate needed resources.
-
-**/
-EFI_STATUS
-EnrollX509toSigDB (
- IN SECUREBOOT_CONFIG_PRIVATE_DATA *Private,
- IN CHAR16 *VariableName
- )
-{
- EFI_STATUS Status;
- UINTN X509DataSize;
- VOID *X509Data;
- EFI_SIGNATURE_LIST *SigDBCert;
- EFI_SIGNATURE_DATA *SigDBCertData;
- VOID *Data;
- UINTN DataSize;
- UINTN SigDBSize;
- UINT32 Attr;
-
- X509DataSize = 0;
- SigDBSize = 0;
- DataSize = 0;
- X509Data = NULL;
- SigDBCert = NULL;
- SigDBCertData = NULL;
- Data = NULL;
-
- Status = ReadFileContent (
- Private->FileContext->FHandle,
- &X509Data,
- &X509DataSize,
- 0
- );
- if (EFI_ERROR (Status)) {
- goto ON_EXIT;
- }
- ASSERT (X509Data != NULL);
-
- SigDBSize = sizeof(EFI_SIGNATURE_LIST) + sizeof(EFI_SIGNATURE_DATA) - 1 +
X509DataSize;
-
- Data = AllocateZeroPool (SigDBSize);
- if (Data == NULL) {
- Status = EFI_OUT_OF_RESOURCES;
- goto ON_EXIT;
- }
-
- //
- // Fill Certificate Database parameters.
- //
- SigDBCert = (EFI_SIGNATURE_LIST*) Data;
- SigDBCert->SignatureListSize = (UINT32) SigDBSize;
- SigDBCert->SignatureHeaderSize = 0;
- SigDBCert->SignatureSize = (UINT32) (sizeof(EFI_SIGNATURE_DATA) - 1 +
X509DataSize);
- CopyGuid (&SigDBCert->SignatureType, &gEfiCertX509Guid);
-
- SigDBCertData = (EFI_SIGNATURE_DATA*) ((UINT8* ) SigDBCert + sizeof
(EFI_SIGNATURE_LIST));
- CopyGuid (&SigDBCertData->SignatureOwner, Private->SignatureGUID);
- CopyMem ((UINT8* ) (SigDBCertData->SignatureData), X509Data, X509DataSize);
-
- //
- // Check if signature database entry has been already existed.
- // If true, use EFI_VARIABLE_APPEND_WRITE attribute to append the
- // new signature data to original variable
- //
- Attr = EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS
- | EFI_VARIABLE_BOOTSERVICE_ACCESS |
EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS;
- Status = CreateTimeBasedPayload (&SigDBSize, (UINT8**) &Data);
- if (EFI_ERROR (Status)) {
- DEBUG ((EFI_D_ERROR, "Fail to create time-based data payload: %r",
Status));
- goto ON_EXIT;
- }
-
- Status = gRT->GetVariable(
- VariableName,
- &gEfiImageSecurityDatabaseGuid,
- NULL,
- &DataSize,
- NULL
- );
- if (Status == EFI_BUFFER_TOO_SMALL) {
- Attr |= EFI_VARIABLE_APPEND_WRITE;
- } else if (Status != EFI_NOT_FOUND) {
- goto ON_EXIT;
- }
-
- Status = gRT->SetVariable(
- VariableName,
- &gEfiImageSecurityDatabaseGuid,
- Attr,
- SigDBSize,
- Data
- );
- if (EFI_ERROR (Status)) {
- goto ON_EXIT;
- }
-
-ON_EXIT:
-
- CloseFile (Private->FileContext->FHandle);
- Private->FileContext->FileName = NULL;
- Private->FileContext->FHandle = NULL;
-
- if (Private->SignatureGUID != NULL) {
- FreePool (Private->SignatureGUID);
- Private->SignatureGUID = NULL;
- }
-
- if (Data != NULL) {
- FreePool (Data);
- }
-
- if (X509Data != NULL) {
- FreePool (X509Data);
- }
-
- return Status;
-}
-
-/**
- Load PE/COFF image information into internal buffer and check its validity.
-
- @retval EFI_SUCCESS Successful
- @retval EFI_UNSUPPORTED Invalid PE/COFF file
- @retval EFI_ABORTED Serious error occurs, like file I/O error etc.
-
-**/
-EFI_STATUS
-LoadPeImage (
- VOID
- )
-{
- EFI_IMAGE_DOS_HEADER *DosHdr;
- EFI_IMAGE_NT_HEADERS32 *NtHeader32;
- EFI_IMAGE_NT_HEADERS64 *NtHeader64;
-
- NtHeader32 = NULL;
- NtHeader64 = NULL;
- //
- // Read the Dos header
- //
- DosHdr = (EFI_IMAGE_DOS_HEADER*)(mImageBase);
- if (DosHdr->e_magic == EFI_IMAGE_DOS_SIGNATURE)
- {
- //
- // DOS image header is present,
- // So read the PE header after the DOS image header
- //
- mPeCoffHeaderOffset = DosHdr->e_lfanew;
- }
- else
- {
- mPeCoffHeaderOffset = 0;
- }
-
- //
- // Read PE header and check the signature validity and machine compatibility
- //
- NtHeader32 = (EFI_IMAGE_NT_HEADERS32*) (mImageBase + mPeCoffHeaderOffset);
- if (NtHeader32->Signature != EFI_IMAGE_NT_SIGNATURE)
- {
- return EFI_UNSUPPORTED;
- }
-
- mNtHeader.Pe32 = NtHeader32;
-
- //
- // Check the architecture field of PE header and get the Certificate Data
Directory data
- // Note the size of FileHeader field is constant for both IA32 and X64 arch
- //
- if ((NtHeader32->FileHeader.Machine == EFI_IMAGE_MACHINE_IA32)
- || (NtHeader32->FileHeader.Machine == EFI_IMAGE_MACHINE_EBC)) {
- //
- // IA-32 Architecture
- //
- mImageType = ImageType_IA32;
- mSecDataDir = (EFI_IMAGE_SECURITY_DATA_DIRECTORY*)
&(NtHeader32->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY]);
- }
- else if ((NtHeader32->FileHeader.Machine == EFI_IMAGE_MACHINE_IA64)
- || (NtHeader32->FileHeader.Machine == EFI_IMAGE_MACHINE_X64)) {
- //
- // 64-bits Architecture
- //
- mImageType = ImageType_X64;
- NtHeader64 = (EFI_IMAGE_NT_HEADERS64 *) (mImageBase + mPeCoffHeaderOffset);
- mSecDataDir = (EFI_IMAGE_SECURITY_DATA_DIRECTORY*)
&(NtHeader64->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY]);
- } else {
- return EFI_UNSUPPORTED;
- }
-
- return EFI_SUCCESS;
-}
-
-/**
- Calculate hash of Pe/Coff image based on the authenticode image hashing in
- PE/COFF Specification 8.0 Appendix A
-
- @param[in] HashAlg Hash algorithm type.
-
- @retval TRUE Successfully hash image.
- @retval FALSE Fail in hash image.
-
-**/
-BOOLEAN
-HashPeImage (
- IN UINT32 HashAlg
- )
-{
- BOOLEAN Status;
- UINT16 Magic;
- EFI_IMAGE_SECTION_HEADER *Section;
- VOID *HashCtx;
- UINTN CtxSize;
- UINT8 *HashBase;
- UINTN HashSize;
- UINTN SumOfBytesHashed;
- EFI_IMAGE_SECTION_HEADER *SectionHeader;
- UINTN Index;
- UINTN Pos;
-
- HashCtx = NULL;
- SectionHeader = NULL;
- Status = FALSE;
-
- if ((HashAlg != HASHALG_SHA1) && (HashAlg != HASHALG_SHA256)) {
- return FALSE;
- }
-
- //
- // Initialize context of hash.
- //
- ZeroMem (mImageDigest, MAX_DIGEST_SIZE);
-
- if (HashAlg == HASHALG_SHA1) {
- mImageDigestSize = SHA1_DIGEST_SIZE;
- mCertType = gEfiCertSha1Guid;
- } else if (HashAlg == HASHALG_SHA256) {
- mImageDigestSize = SHA256_DIGEST_SIZE;
- mCertType = gEfiCertSha256Guid;
- }
-
- CtxSize = mHash[HashAlg].GetContextSize();
-
- HashCtx = AllocatePool (CtxSize);
- ASSERT (HashCtx != NULL);
-
- // 1. Load the image header into memory.
-
- // 2. Initialize a SHA hash context.
- Status = mHash[HashAlg].HashInit(HashCtx);
- if (!Status) {
- goto Done;
- }
- //
- // Measuring PE/COFF Image Header;
- // But CheckSum field and SECURITY data directory (certificate) are excluded
- //
- if (mNtHeader.Pe32->FileHeader.Machine == IMAGE_FILE_MACHINE_IA64 &&
mNtHeader.Pe32->OptionalHeader.Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) {
- //
- // NOTE: Some versions of Linux ELILO for Itanium have an incorrect magic
value
- // in the PE/COFF Header. If the MachineType is Itanium(IA64) and
the
- // Magic value in the OptionalHeader is
EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC
- // then override the magic value to EFI_IMAGE_NT_OPTIONAL_HDR64_MAGIC
- //
- Magic = EFI_IMAGE_NT_OPTIONAL_HDR64_MAGIC;
- } else {
- //
- // Get the magic value from the PE/COFF Optional Header
- //
- Magic = mNtHeader.Pe32->OptionalHeader.Magic;
- }
-
- //
- // 3. Calculate the distance from the base of the image header to the image
checksum address.
- // 4. Hash the image header from its base to beginning of the image
checksum.
- //
- HashBase = mImageBase;
- if (Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) {
- //
- // Use PE32 offset.
- //
- HashSize = (UINTN) ((UINT8 *) (&mNtHeader.Pe32->OptionalHeader.CheckSum) -
HashBase);
- } else {
- //
- // Use PE32+ offset.
- //
- HashSize = (UINTN) ((UINT8 *)
(&mNtHeader.Pe32Plus->OptionalHeader.CheckSum) - HashBase);
- }
-
- Status = mHash[HashAlg].HashUpdate(HashCtx, HashBase, HashSize);
- if (!Status) {
- goto Done;
- }
- //
- // 5. Skip over the image checksum (it occupies a single ULONG).
- // 6. Get the address of the beginning of the Cert Directory.
- // 7. Hash everything from the end of the checksum to the start of the Cert
Directory.
- //
- if (Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) {
- //
- // Use PE32 offset.
- //
- HashBase = (UINT8 *) &mNtHeader.Pe32->OptionalHeader.CheckSum + sizeof
(UINT32);
- HashSize = (UINTN) ((UINT8 *)
(&mNtHeader.Pe32->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY])
- HashBase);
- } else {
- //
- // Use PE32+ offset.
- //
- HashBase = (UINT8 *) &mNtHeader.Pe32Plus->OptionalHeader.CheckSum + sizeof
(UINT32);
- HashSize = (UINTN) ((UINT8 *)
(&mNtHeader.Pe32Plus->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY])
- HashBase);
- }
-
- Status = mHash[HashAlg].HashUpdate(HashCtx, HashBase, HashSize);
- if (!Status) {
- goto Done;
- }
- //
- // 8. Skip over the Cert Directory. (It is sizeof(IMAGE_DATA_DIRECTORY)
bytes.)
- // 9. Hash everything from the end of the Cert Directory to the end of
image header.
- //
- if (Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) {
- //
- // Use PE32 offset
- //
- HashBase = (UINT8 *)
&mNtHeader.Pe32->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY
+ 1];
- HashSize = mNtHeader.Pe32->OptionalHeader.SizeOfHeaders - (UINTN) ((UINT8
*)
(&mNtHeader.Pe32->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY
+ 1]) - mImageBase);
- } else {
- //
- // Use PE32+ offset.
- //
- HashBase = (UINT8 *)
&mNtHeader.Pe32Plus->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY
+ 1];
- HashSize = mNtHeader.Pe32Plus->OptionalHeader.SizeOfHeaders - (UINTN)
((UINT8 *)
(&mNtHeader.Pe32Plus->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY
+ 1]) - mImageBase);
- }
-
- Status = mHash[HashAlg].HashUpdate(HashCtx, HashBase, HashSize);
- if (!Status) {
- goto Done;
- }
- //
- // 10. Set the SUM_OF_BYTES_HASHED to the size of the header.
- //
- if (Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) {
- //
- // Use PE32 offset.
- //
- SumOfBytesHashed = mNtHeader.Pe32->OptionalHeader.SizeOfHeaders;
- } else {
- //
- // Use PE32+ offset
- //
- SumOfBytesHashed = mNtHeader.Pe32Plus->OptionalHeader.SizeOfHeaders;
- }
-
- //
- // 11. Build a temporary table of pointers to all the IMAGE_SECTION_HEADER
- // structures in the image. The 'NumberOfSections' field of the image
- // header indicates how big the table should be. Do not include any
- // IMAGE_SECTION_HEADERs in the table whose 'SizeOfRawData' field is
zero.
- //
- SectionHeader = (EFI_IMAGE_SECTION_HEADER *) AllocateZeroPool (sizeof
(EFI_IMAGE_SECTION_HEADER) * mNtHeader.Pe32->FileHeader.NumberOfSections);
- ASSERT (SectionHeader != NULL);
- //
- // 12. Using the 'PointerToRawData' in the referenced section headers as
- // a key, arrange the elements in the table in ascending order. In other
- // words, sort the section headers according to the disk-file offset of
- // the section.
- //
- Section = (EFI_IMAGE_SECTION_HEADER *) (
- mImageBase +
- mPeCoffHeaderOffset +
- sizeof (UINT32) +
- sizeof (EFI_IMAGE_FILE_HEADER) +
- mNtHeader.Pe32->FileHeader.SizeOfOptionalHeader
- );
- for (Index = 0; Index < mNtHeader.Pe32->FileHeader.NumberOfSections;
Index++) {
- Pos = Index;
- while ((Pos > 0) && (Section->PointerToRawData < SectionHeader[Pos -
1].PointerToRawData)) {
- CopyMem (&SectionHeader[Pos], &SectionHeader[Pos - 1], sizeof
(EFI_IMAGE_SECTION_HEADER));
- Pos--;
- }
- CopyMem (&SectionHeader[Pos], Section, sizeof (EFI_IMAGE_SECTION_HEADER));
- Section += 1;
- }
-
- //
- // 13. Walk through the sorted table, bring the corresponding section
- // into memory, and hash the entire section (using the 'SizeOfRawData'
- // field in the section header to determine the amount of data to hash).
- // 14. Add the section's 'SizeOfRawData' to SUM_OF_BYTES_HASHED .
- // 15. Repeat steps 13 and 14 for all the sections in the sorted table.
- //
- for (Index = 0; Index < mNtHeader.Pe32->FileHeader.NumberOfSections;
Index++) {
- Section = &SectionHeader[Index];
- if (Section->SizeOfRawData == 0) {
- continue;
- }
- HashBase = mImageBase + Section->PointerToRawData;
- HashSize = (UINTN) Section->SizeOfRawData;
-
- Status = mHash[HashAlg].HashUpdate(HashCtx, HashBase, HashSize);
- if (!Status) {
- goto Done;
- }
-
- SumOfBytesHashed += HashSize;
- }
-
- //
- // 16. If the file size is greater than SUM_OF_BYTES_HASHED, there is extra
- // data in the file that needs to be added to the hash. This data begins
- // at file offset SUM_OF_BYTES_HASHED and its length is:
- // FileSize - (CertDirectory->Size)
- //
- if (mImageSize > SumOfBytesHashed) {
- HashBase = mImageBase + SumOfBytesHashed;
- if (Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) {
- //
- // Use PE32 offset.
- //
- HashSize = (UINTN)(
- mImageSize -
-
mNtHeader.Pe32->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY].Size
-
- SumOfBytesHashed);
- } else {
- //
- // Use PE32+ offset.
- //
- HashSize = (UINTN)(
- mImageSize -
-
mNtHeader.Pe32Plus->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY].Size
-
- SumOfBytesHashed);
- }
-
- Status = mHash[HashAlg].HashUpdate(HashCtx, HashBase, HashSize);
- if (!Status) {
- goto Done;
- }
- }
-
- Status = mHash[HashAlg].HashFinal(HashCtx, mImageDigest);
-
-Done:
- if (HashCtx != NULL) {
- FreePool (HashCtx);
- }
- if (SectionHeader != NULL) {
- FreePool (SectionHeader);
- }
- return Status;
-}
-
-/**
- Recognize the Hash algorithm in PE/COFF Authenticode and caculate hash of
- Pe/Coff image based on the authenticated image hashing in PE/COFF
Specification
- 8.0 Appendix A
-
- @retval EFI_UNSUPPORTED Hash algorithm is not supported.
- @retval EFI_SUCCESS Hash successfully.
-
-**/
-EFI_STATUS
-HashPeImageByType (
- VOID
- )
-{
- UINT8 Index;
- WIN_CERTIFICATE_EFI_PKCS *PkcsCertData;
-
- PkcsCertData = (WIN_CERTIFICATE_EFI_PKCS *) (mImageBase +
mSecDataDir->Offset);
-
- for (Index = 0; Index < HASHALG_MAX; Index++) {
- //
- // Check the Hash algorithm in PE/COFF Authenticode.
- // According to PKCS#7 Definition:
- // SignedData ::= SEQUENCE {
- // version Version,
- // digestAlgorithms DigestAlgorithmIdentifiers,
- // contentInfo ContentInfo,
- // .... }
- // The DigestAlgorithmIdentifiers can be used to determine the hash
algorithm in PE/COFF hashing
- // This field has the fixed offset (+32) in final Authenticode ASN.1
data.
- // Fixed offset (+32) is calculated based on two bytes of length
encoding.
- //
- if ((*(PkcsCertData->CertData + 1) & TWO_BYTE_ENCODE) != TWO_BYTE_ENCODE) {
- //
- // Only support two bytes of Long Form of Length Encoding.
- //
- continue;
- }
-
- //
- if (CompareMem (PkcsCertData->CertData + 32, mHash[Index].OidValue,
mHash[Index].OidLength) == 0) {
- break;
- }
- }
-
- if (Index == HASHALG_MAX) {
- return EFI_UNSUPPORTED;
- }
-
- //
- // HASH PE Image based on Hash algorithm in PE/COFF Authenticode.
- //
- if (!HashPeImage(Index)) {
- return EFI_UNSUPPORTED;
- }
-
- return EFI_SUCCESS;
-}
-
-/**
- Enroll a new executable's signature into Signature Database.
-
- @param[in] PrivateData The module's private data.
- @param[in] VariableName Variable name of signature database, must be
- EFI_IMAGE_SECURITY_DATABASE or
EFI_IMAGE_SECURITY_DATABASE1.
-
- @retval EFI_SUCCESS New signature is enrolled successfully.
- @retval EFI_INVALID_PARAMETER The parameter is invalid.
- @retval EFI_UNSUPPORTED Unsupported command.
@@ Diff output truncated at 100000 characters. @@
------------------------------------------------------------------------------
Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer
Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS Reports
Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper
Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer
http://pubads.g.doubleclick.net/gampad/clk?id=154622311&iu=/4140/ostg.clktrk
_______________________________________________
edk2-commits mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/edk2-commits
