Re: [edk2] [PATCH V2] SecurityPkg: SecureBootConfigDxe: Move Secure Boot string update location

Dong, Eric Thu, 14 Jan 2016 16:21:07 -0800

Reviewed-by: Eric Dong <[email protected]>

-----Original Message-----
From: Zhang, Chao B 
Sent: Thursday, January 14, 2016 4:43 PM
To: [email protected]
Cc: Dong, Eric; Fu, Siyuan; Zhang, Chao B
Subject: [PATCH V2] SecurityPkg: SecureBootConfigDxe: Move Secure Boot string 
update location


ExtractConfig is called many times, so it's not efficient to update Secure Boot 
STR_SECURE_BOOT_STATE_CONTENT, STR_CUR_SECURE_BOOT_MODE_CONTENT string in 
ExtractConfig. As these 2 strings are displayed on one form, so always update 
them when opening the form.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Chao Zhang <[email protected]>
Reviewed-by: Fu Siyuan <[email protected]>
---
 .../SecureBootConfigDxe/SecureBootConfigImpl.c     | 97 +++++++++++++---------
 1 file changed, 56 insertions(+), 41 deletions(-)

diff --git 
a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.c 
b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.c
index a685b40..d281a09 100644
--- 
a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.c
+++ b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootCo
+++ nfigImpl.c
@@ -3061,6 +3061,58 @@ ExtractSecureBootModeFromVariable(
 }
 
 /**
+
+  Update SecureBoot strings based on new Secure Boot Mode State. String 
+ includes STR_SECURE_BOOT_STATE_CONTENT and STR_CUR_SECURE_BOOT_MODE_CONTENT.
+
+  @param[in]    PrivateData         Module's private data.
+
+  @return EFI_SUCCESS              Update secure boot strings successfully.
+  @return other                          Fail to update secure boot strings.
+
+**/
+EFI_STATUS
+UpdateSecureBootString(
+  IN SECUREBOOT_CONFIG_PRIVATE_DATA  *Private
+  ) {
+  EFI_STATUS  Status;
+  UINT8       CurSecureBootMode;
+  UINT8       *SecureBoot;
+
+  //
+  // Get current secure boot state.
+  //
+  Status = GetVariable2 (EFI_SECURE_BOOT_MODE_NAME, 
+ &gEfiGlobalVariableGuid, (VOID**)&SecureBoot, NULL);  if (EFI_ERROR(Status)) {
+    return Status;
+  }
+
+  if (*SecureBoot == SECURE_BOOT_MODE_ENABLE) {
+    HiiSetString (Private->HiiHandle, STRING_TOKEN 
+ (STR_SECURE_BOOT_STATE_CONTENT), L"Enabled", NULL);  } else {
+    HiiSetString (Private->HiiHandle, STRING_TOKEN 
+ (STR_SECURE_BOOT_STATE_CONTENT), L"Disabled", NULL);  }  //  // Get 
+ current secure boot mode.
+  //
+  ExtractSecureBootModeFromVariable(&CurSecureBootMode);
+  
+  if (CurSecureBootMode == SECURE_BOOT_MODE_USER_MODE) {
+    HiiSetString (Private->HiiHandle, STRING_TOKEN 
+ (STR_CUR_SECURE_BOOT_MODE_CONTENT), L"UserMode", NULL);  } else if 
(CurSecureBootMode == SECURE_BOOT_MODE_SETUP_MODE) {
+    HiiSetString (Private->HiiHandle, STRING_TOKEN 
+ (STR_CUR_SECURE_BOOT_MODE_CONTENT), L"SetupMode", NULL);  } else if 
(CurSecureBootMode == SECURE_BOOT_MODE_AUDIT_MODE) {
+    HiiSetString (Private->HiiHandle, STRING_TOKEN 
+ (STR_CUR_SECURE_BOOT_MODE_CONTENT), L"AuditMode", NULL);  } else if 
(CurSecureBootMode == SECURE_BOOT_MODE_DEPLOYED_MODE) {
+    HiiSetString (Private->HiiHandle, STRING_TOKEN 
+ (STR_CUR_SECURE_BOOT_MODE_CONTENT), L"DeployedMode", NULL);  }
+
+  FreePool(SecureBoot);
+
+  return EFI_SUCCESS;
+}
+
+/**
   This function extracts configuration from variable.
 
   @param[in, out]  ConfigData   Point to SecureBoot configuration private data.
@@ -3191,7 +3243,6 @@ SecureBootExtractConfig (
   EFI_STRING                        ConfigRequestHdr;
   SECUREBOOT_CONFIG_PRIVATE_DATA    *PrivateData;
   BOOLEAN                           AllocatedRequest;
-  UINT8                             *SecureBoot;
 
   if (Progress == NULL || Results == NULL) {
     return EFI_INVALID_PARAMETER;
@@ -3201,7 +3252,6 @@ SecureBootExtractConfig (
   ConfigRequestHdr = NULL;
   ConfigRequest    = NULL;
   Size             = 0;
-  SecureBoot       = NULL;
 
   ZeroMem (&Configuration, sizeof (Configuration));
   PrivateData      = SECUREBOOT_CONFIG_PRIVATE_FROM_THIS (This);
@@ -3216,31 +3266,6 @@ SecureBootExtractConfig (
   //
   SecureBootExtractConfigFromVariable (&Configuration);
 
-  //
-  // Get current secure boot state.
-  //
-  GetVariable2 (EFI_SECURE_BOOT_MODE_NAME, &gEfiGlobalVariableGuid, 
(VOID**)&SecureBoot, NULL);
-
-  if (SecureBoot != NULL && *SecureBoot == SECURE_BOOT_MODE_ENABLE) {
-    HiiSetString (PrivateData->HiiHandle, STRING_TOKEN 
(STR_SECURE_BOOT_STATE_CONTENT), L"Enabled", NULL);
-  } else {
-    HiiSetString (PrivateData->HiiHandle, STRING_TOKEN 
(STR_SECURE_BOOT_STATE_CONTENT), L"Disabled", NULL);
-  }
-
-  //
-  // Get current secure boot mode
-  //
-  DEBUG((EFI_D_INFO, "Configuration.CurSecureBootMode %d\n", 
Configuration.CurSecureBootMode));
-  if (Configuration.CurSecureBootMode == SECURE_BOOT_MODE_USER_MODE) {
-    HiiSetString (PrivateData->HiiHandle, STRING_TOKEN 
(STR_CUR_SECURE_BOOT_MODE_CONTENT), L"UserMode", NULL);
-  } else if (Configuration.CurSecureBootMode == SECURE_BOOT_MODE_SETUP_MODE) {
-    HiiSetString (PrivateData->HiiHandle, STRING_TOKEN 
(STR_CUR_SECURE_BOOT_MODE_CONTENT), L"SetupMode", NULL);
-  } else if (Configuration.CurSecureBootMode == SECURE_BOOT_MODE_AUDIT_MODE) {
-    HiiSetString (PrivateData->HiiHandle, STRING_TOKEN 
(STR_CUR_SECURE_BOOT_MODE_CONTENT), L"AuditMode", NULL);
-  } else if (Configuration.CurSecureBootMode == 
SECURE_BOOT_MODE_DEPLOYED_MODE) {
-    HiiSetString (PrivateData->HiiHandle, STRING_TOKEN 
(STR_CUR_SECURE_BOOT_MODE_CONTENT), L"DeployedMode", NULL);
-  }
-
   BufferSize = sizeof (SECUREBOOT_CONFIGURATION);
   ConfigRequest = Request;
   if ((Request == NULL) || (StrStr (Request, L"OFFSET") == NULL)) { @@ 
-3285,10 +3310,6 @@ SecureBootExtractConfig (
     *Progress = Request + StrLen (Request);
   }
 
-  if (SecureBoot != NULL) {
-    FreePool (SecureBoot);
-  }
-
   return Status;
 }
 
@@ -3435,6 +3456,10 @@ SecureBootCallback (
 
   if (Action == EFI_BROWSER_ACTION_FORM_OPEN) {
     if (QuestionId == KEY_SECURE_BOOT_MODE) {
+      //
+      // Update secure boot strings when opening this form
+      //
+      Status = UpdateSecureBootString(Private);
       mIsEnterSecureBootForm = TRUE;
     } else if (QuestionId == KEY_TRANS_SECURE_BOOT_MODE){
       //
@@ -3744,16 +3769,6 @@ SecureBootCallback (
       if (IfrNvData->CurSecureBootMode != CurSecureBootMode) {
         IfrNvData->CurSecureBootMode = CurSecureBootMode;
         mIsSecureBootModeChanged = TRUE;
-
-        if (IfrNvData->CurSecureBootMode == SECURE_BOOT_MODE_USER_MODE) {
-          HiiSetString (Private->HiiHandle, STRING_TOKEN 
(STR_CUR_SECURE_BOOT_MODE_CONTENT), L"UserMode", NULL);
-        } else if (IfrNvData->CurSecureBootMode == 
SECURE_BOOT_MODE_SETUP_MODE) {
-          HiiSetString (Private->HiiHandle, STRING_TOKEN 
(STR_CUR_SECURE_BOOT_MODE_CONTENT), L"SetupMode", NULL);
-        } else if (IfrNvData->CurSecureBootMode == 
SECURE_BOOT_MODE_AUDIT_MODE) {
-          HiiSetString (Private->HiiHandle, STRING_TOKEN 
(STR_CUR_SECURE_BOOT_MODE_CONTENT), L"AuditMode", NULL);
-        } else if (IfrNvData->CurSecureBootMode == 
SECURE_BOOT_MODE_DEPLOYED_MODE) {
-          HiiSetString (Private->HiiHandle, STRING_TOKEN 
(STR_CUR_SECURE_BOOT_MODE_CONTENT), L"DeployedMode", NULL);
-        }
       }
       break;
 
--
1.9.5.msysgit.1

_______________________________________________
edk2-devel mailing list
[email protected]
https://lists.01.org/mailman/listinfo/edk2-devel

Re: [edk2] [PATCH V2] SecurityPkg: SecureBootConfigDxe: Move Secure Boot string update location

Reply via email to