ExtractConfig is called several times, it's not sufficient to update Secure
Boot STR_SECURE_BOOT_STATE_CONTENT, STR_CUR_SECURE_BOOT_MODE_CONTENT string in
ExtractConfig. Remove them to 4 places
1. SecureBootConfigDxe driver entry
2. Enroll PK
3. Delete PK
4. Change SecureBootMode
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Chao Zhang <chao.b.zh...@intel.com>
---
.../SecureBootConfigDxe/SecureBootConfigDriver.c | 6 +-
.../SecureBootConfigDxe/SecureBootConfigImpl.c | 100 ++++++++++++---------
.../SecureBootConfigDxe/SecureBootConfigImpl.h | 19 +++-
3 files changed, 80 insertions(+), 45 deletions(-)
diff --git
a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDriver.c
b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDriver.c
index 1d6c4ac..0ef91de 100644
---
a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDriver.c
+++
b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDriver.c
@@ -1,7 +1,7 @@
/** @file
The module entry point for SecureBoot configuration module.
-Copyright (c) 2011, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2011 - 2016, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD
License
which accompanies this distribution. The full text of the license may be
found at
@@ -81,7 +81,9 @@ SecureBootConfigDriverEntryPoint (
goto ErrorExit;
}
- return EFI_SUCCESS;
+ Status = UpdateSecureBootString(PrivateData);
+
+ return Status;
ErrorExit:
if (PrivateData != NULL) {
diff --git
a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.c
b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.c
index a685b40..0fbba81 100644
---
a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.c
+++
b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.c
@@ -1,7 +1,7 @@
/** @file
HII Config Access protocol implementation of SecureBoot configuration module.
-Copyright (c) 2011 - 2015, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2011 - 2016, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD
License
which accompanies this distribution. The full text of the license may be
found at
@@ -3061,6 +3061,59 @@ ExtractSecureBootModeFromVariable(
}
/**
+
+ Update SecureBoot strings based on new Secure Boot Mode State. String
includes STR_SECURE_BOOT_STATE_CONTENT
+ and STR_CUR_SECURE_BOOT_MODE_CONTENT.
+
+ @param[in] PrivateData Module's private data.
+
+ @return EFI_SUCCESS Update secure boot strings successfully.
+ @return other Fail to update secure boot strings.
+
+**/
+EFI_STATUS
+UpdateSecureBootString(
+ IN SECUREBOOT_CONFIG_PRIVATE_DATA *Private
+ ) {
+ EFI_STATUS Status;
+ UINT8 CurSecureBootMode;
+ UINT8 *SecureBoot;
+
+ //
+ // Get current secure boot state.
+ //
+ Status = GetVariable2 (EFI_SECURE_BOOT_MODE_NAME, &gEfiGlobalVariableGuid,
(VOID**)&SecureBoot, NULL);
+ if (EFI_ERROR(Status)) {
+ return Status;
+ }
+
+ if (*SecureBoot == SECURE_BOOT_MODE_ENABLE) {
+ HiiSetString (Private->HiiHandle, STRING_TOKEN
(STR_SECURE_BOOT_STATE_CONTENT), L"Enabled", NULL);
+ } else {
+ HiiSetString (Private->HiiHandle, STRING_TOKEN
(STR_SECURE_BOOT_STATE_CONTENT), L"Disabled", NULL);
+ }
+
+ //
+ // Get current secure boot mode.
+ //
+ ExtractSecureBootModeFromVariable(&CurSecureBootMode);
+
+ if (CurSecureBootMode == SECURE_BOOT_MODE_USER_MODE) {
+ HiiSetString (Private->HiiHandle, STRING_TOKEN
(STR_CUR_SECURE_BOOT_MODE_CONTENT), L"UserMode", NULL);
+ } else if (CurSecureBootMode == SECURE_BOOT_MODE_SETUP_MODE) {
+ HiiSetString (Private->HiiHandle, STRING_TOKEN
(STR_CUR_SECURE_BOOT_MODE_CONTENT), L"SetupMode", NULL);
+ } else if (CurSecureBootMode == SECURE_BOOT_MODE_AUDIT_MODE) {
+ HiiSetString (Private->HiiHandle, STRING_TOKEN
(STR_CUR_SECURE_BOOT_MODE_CONTENT), L"AuditMode", NULL);
+ } else if (CurSecureBootMode == SECURE_BOOT_MODE_DEPLOYED_MODE) {
+ HiiSetString (Private->HiiHandle, STRING_TOKEN
(STR_CUR_SECURE_BOOT_MODE_CONTENT), L"DeployedMode", NULL);
+ }
+
+ FreePool(SecureBoot);
+
+ return EFI_SUCCESS;
+}
+
+/**
This function extracts configuration from variable.
@param[in, out] ConfigData Point to SecureBoot configuration private data.
@@ -3191,7 +3244,6 @@ SecureBootExtractConfig (
EFI_STRING ConfigRequestHdr;
SECUREBOOT_CONFIG_PRIVATE_DATA *PrivateData;
BOOLEAN AllocatedRequest;
- UINT8 *SecureBoot;
if (Progress == NULL || Results == NULL) {
return EFI_INVALID_PARAMETER;
@@ -3201,7 +3253,6 @@ SecureBootExtractConfig (
ConfigRequestHdr = NULL;
ConfigRequest = NULL;
Size = 0;
- SecureBoot = NULL;
ZeroMem (&Configuration, sizeof (Configuration));
PrivateData = SECUREBOOT_CONFIG_PRIVATE_FROM_THIS (This);
@@ -3216,31 +3267,6 @@ SecureBootExtractConfig (
//
SecureBootExtractConfigFromVariable (&Configuration);
- //
- // Get current secure boot state.
- //
- GetVariable2 (EFI_SECURE_BOOT_MODE_NAME, &gEfiGlobalVariableGuid,
(VOID**)&SecureBoot, NULL);
-
- if (SecureBoot != NULL && *SecureBoot == SECURE_BOOT_MODE_ENABLE) {
- HiiSetString (PrivateData->HiiHandle, STRING_TOKEN
(STR_SECURE_BOOT_STATE_CONTENT), L"Enabled", NULL);
- } else {
- HiiSetString (PrivateData->HiiHandle, STRING_TOKEN
(STR_SECURE_BOOT_STATE_CONTENT), L"Disabled", NULL);
- }
-
- //
- // Get current secure boot mode
- //
- DEBUG((EFI_D_INFO, "Configuration.CurSecureBootMode %d\n",
Configuration.CurSecureBootMode));
- if (Configuration.CurSecureBootMode == SECURE_BOOT_MODE_USER_MODE) {
- HiiSetString (PrivateData->HiiHandle, STRING_TOKEN
(STR_CUR_SECURE_BOOT_MODE_CONTENT), L"UserMode", NULL);
- } else if (Configuration.CurSecureBootMode == SECURE_BOOT_MODE_SETUP_MODE) {
- HiiSetString (PrivateData->HiiHandle, STRING_TOKEN
(STR_CUR_SECURE_BOOT_MODE_CONTENT), L"SetupMode", NULL);
- } else if (Configuration.CurSecureBootMode == SECURE_BOOT_MODE_AUDIT_MODE) {
- HiiSetString (PrivateData->HiiHandle, STRING_TOKEN
(STR_CUR_SECURE_BOOT_MODE_CONTENT), L"AuditMode", NULL);
- } else if (Configuration.CurSecureBootMode ==
SECURE_BOOT_MODE_DEPLOYED_MODE) {
- HiiSetString (PrivateData->HiiHandle, STRING_TOKEN
(STR_CUR_SECURE_BOOT_MODE_CONTENT), L"DeployedMode", NULL);
- }
-
BufferSize = sizeof (SECUREBOOT_CONFIGURATION);
ConfigRequest = Request;
if ((Request == NULL) || (StrStr (Request, L"OFFSET") == NULL)) {
@@ -3285,10 +3311,6 @@ SecureBootExtractConfig (
*Progress = Request + StrLen (Request);
}
- if (SecureBoot != NULL) {
- FreePool (SecureBoot);
- }
-
return Status;
}
@@ -3574,6 +3596,8 @@ SecureBootCallback (
L"Only Physical Presence User could delete PK in custom mode!",
NULL
);
+ } else {
+ Status = UpdateSecureBootString(Private);
}
}
}
@@ -3744,16 +3768,7 @@ SecureBootCallback (
if (IfrNvData->CurSecureBootMode != CurSecureBootMode) {
IfrNvData->CurSecureBootMode = CurSecureBootMode;
mIsSecureBootModeChanged = TRUE;
-
- if (IfrNvData->CurSecureBootMode == SECURE_BOOT_MODE_USER_MODE) {
- HiiSetString (Private->HiiHandle, STRING_TOKEN
(STR_CUR_SECURE_BOOT_MODE_CONTENT), L"UserMode", NULL);
- } else if (IfrNvData->CurSecureBootMode ==
SECURE_BOOT_MODE_SETUP_MODE) {
- HiiSetString (Private->HiiHandle, STRING_TOKEN
(STR_CUR_SECURE_BOOT_MODE_CONTENT), L"SetupMode", NULL);
- } else if (IfrNvData->CurSecureBootMode ==
SECURE_BOOT_MODE_AUDIT_MODE) {
- HiiSetString (Private->HiiHandle, STRING_TOKEN
(STR_CUR_SECURE_BOOT_MODE_CONTENT), L"AuditMode", NULL);
- } else if (IfrNvData->CurSecureBootMode ==
SECURE_BOOT_MODE_DEPLOYED_MODE) {
- HiiSetString (Private->HiiHandle, STRING_TOKEN
(STR_CUR_SECURE_BOOT_MODE_CONTENT), L"DeployedMode", NULL);
- }
+ Status = UpdateSecureBootString(Private);
}
break;
@@ -3821,6 +3836,7 @@ SecureBootCallback (
NULL
);
} else {
+ Status = UpdateSecureBootString(Private);
*ActionRequest = EFI_BROWSER_ACTION_REQUEST_RESET;
}
break;
diff --git
a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.h
b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.h
index bcb1c12..53aee60 100644
---
a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.h
+++
b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.h
@@ -2,7 +2,7 @@
The header file of HII Config Access protocol implementation of SecureBoot
configuration module.
-Copyright (c) 2011 - 2014, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2011 - 2016, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD
License
which accompanies this distribution. The full text of the license may be
found at
@@ -621,4 +621,21 @@ GuidToString (
IN UINTN BufferSize
);
+
+/**
+
+ Update SecureBoot strings based on new Secure Boot Mode State. String
includes STR_SECURE_BOOT_STATE_CONTENT
+ and STR_CUR_SECURE_BOOT_MODE_CONTENT.
+
+ @param[in] PrivateData Module's private data.
+
+ @return EFI_SUCCESS Update secure boot strings successfully.
+ @return other Fail to update secure boot strings.
+
+**/
+EFI_STATUS
+UpdateSecureBootString(
+ IN SECUREBOOT_CONFIG_PRIVATE_DATA *Private
+ );
+
#endif
--
1.9.5.msysgit.1
_______________________________________________
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel
