Remove SecureBoot UI support for Customized SecureBoot Mode transition according to Mantis 1263. The feature has been moved to https://github.com/tianocore/edk2-staging/tree/Customized-Secure-Boot Previous check-in hash is SHA-1: 96832eefea1025c130979dec9b7da069f77bcd96
Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Chao Zhang <[email protected]> --- .../SecureBootConfigDxe/SecureBootConfig.vfr | 37 +- .../SecureBootConfigDxe/SecureBootConfigImpl.c | 385 ++------------------- .../SecureBootConfigDxe/SecureBootConfigNvData.h | 7 - .../SecureBootConfigStrings.uni | 20 +- 4 files changed, 32 insertions(+), 417 deletions(-) diff --git a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfig.vfr b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfig.vfr index 484da2c..fefbfbf 100644 --- a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfig.vfr +++ b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfig.vfr @@ -33,14 +33,6 @@ formset subtitle text = STRING_TOKEN(STR_NULL); - // - // Display current secure boot mode(one of SetupMode/AuditMode/UserMode/DeployedMode) - // - text - help = STRING_TOKEN(STR_CUR_SECURE_BOOT_MODE_HELP), - text = STRING_TOKEN(STR_CUR_SECURE_BOOT_MODE_PROMPT), - text = STRING_TOKEN(STR_CUR_SECURE_BOOT_MODE_CONTENT); - text help = STRING_TOKEN(STR_SECURE_BOOT_STATE_HELP), text = STRING_TOKEN(STR_SECURE_BOOT_STATE_PROMPT), @@ -71,7 +63,7 @@ formset endoneof; // - // Display PK include page + // Display of 'Current Secure Boot Mode' // suppressif questionref(SecureBootMode) == SECURE_BOOT_MODE_STANDARD; grayoutif NOT ideqval SECUREBOOT_CONFIGURATION.PhysicalPresent == 1; @@ -93,33 +85,6 @@ formset subtitle text = STRING_TOKEN(STR_NULL); - // - // Display of SetupMode/UserMode/AuditMode/DeployedMode transition - // - oneof name = TransSecureBootMode, - questionid = KEY_TRANS_SECURE_BOOT_MODE, - prompt = STRING_TOKEN(STR_TRANS_SECURE_BOOT_MODE_PROMPT), - help = STRING_TOKEN(STR_TRANS_SECURE_BOOT_MODE_HELP), - flags = INTERACTIVE | NUMERIC_SIZE_1, - suppressif ideqval SECUREBOOT_CONFIGURATION.CurSecureBootMode == SECURE_BOOT_MODE_AUDIT_MODE - OR (ideqval SECUREBOOT_CONFIGURATION.CurSecureBootMode == SECURE_BOOT_MODE_DEPLOYED_MODE AND - ideqval SECUREBOOT_CONFIGURATION.PhysicalPresent == 0); - option text = STRING_TOKEN(STR_USER_MODE), value = SECURE_BOOT_MODE_USER_MODE, flags = 0; - endif - suppressif ideqval SECUREBOOT_CONFIGURATION.CurSecureBootMode == SECURE_BOOT_MODE_AUDIT_MODE; - option text = STRING_TOKEN(STR_SETUP_MODE), value = SECURE_BOOT_MODE_SETUP_MODE, flags = 0; - endif - suppressif ideqval SECUREBOOT_CONFIGURATION.CurSecureBootMode == SECURE_BOOT_MODE_DEPLOYED_MODE; - option text = STRING_TOKEN(STR_AUDIT_MODE), value = SECURE_BOOT_MODE_AUDIT_MODE, flags = 0; - endif - suppressif ideqval SECUREBOOT_CONFIGURATION.CurSecureBootMode == SECURE_BOOT_MODE_SETUP_MODE; - option text = STRING_TOKEN(STR_DEPLOYED_MODE), value = SECURE_BOOT_MODE_DEPLOYED_MODE, flags = 0; - endif - - endoneof; - - subtitle text = STRING_TOKEN(STR_NULL); - goto FORMID_SECURE_BOOT_PK_OPTION_FORM, prompt = STRING_TOKEN(STR_SECURE_BOOT_PK_OPTION), help = STRING_TOKEN(STR_SECURE_BOOT_PK_OPTION_HELP), diff --git a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.c b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.c index c8f4d97..088fa26 100644 --- a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.c +++ b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.c @@ -49,8 +49,6 @@ HII_VENDOR_DEVICE_PATH mSecureBootHiiVendorDevicePath = { BOOLEAN mIsEnterSecureBootForm = FALSE; -BOOLEAN mIsSelectedSecureBootModeForm = FALSE; -BOOLEAN mIsSecureBootModeChanged = FALSE; // // OID ASN.1 Value for Hash Algorithms @@ -2833,256 +2831,6 @@ ON_EXIT: } /** - Perform secure boot mode transition from User Mode by setting AuditMode - or DeployedMode variable. - - @param[in] NewMode New secure boot mode. - - @retval EFI_SUCCESS Secure Boot mode transition is successful. -**/ -EFI_STATUS -TransitionFromUserMode( - IN UINT8 NewMode - ) -{ - UINT8 Data; - EFI_STATUS Status; - - if (NewMode == SECURE_BOOT_MODE_AUDIT_MODE) { - Data = 1; - Status = gRT->SetVariable( - EFI_AUDIT_MODE_NAME, - &gEfiGlobalVariableGuid, - EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS, - sizeof(UINT8), - &Data - ); - return Status; - } else if (NewMode == SECURE_BOOT_MODE_DEPLOYED_MODE) { - Data = 1; - Status = gRT->SetVariable( - EFI_DEPLOYED_MODE_NAME, - &gEfiGlobalVariableGuid, - EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS, - sizeof(UINT8), - &Data - ); - return Status; - } - - // - // Other case do nothing here. May Goto enroll PK page. - // - return EFI_SUCCESS; -} - -/** - Perform secure boot mode transition from Setup Mode by setting AuditMode - variable. - - @param[in] NewMode New secure boot mode. - - @retval EFI_SUCCESS Secure Boot mode transition is successful. -**/ -EFI_STATUS -TransitionFromSetupMode( - IN UINT8 NewMode - ) -{ - UINT8 Data; - EFI_STATUS Status; - - Status = EFI_INVALID_PARAMETER; - - if (NewMode == SECURE_BOOT_MODE_AUDIT_MODE) { - Data = 1; - Status = gRT->SetVariable( - EFI_AUDIT_MODE_NAME, - &gEfiGlobalVariableGuid, - EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS, - sizeof(UINT8), - &Data - ); - return Status; - } - - // - // Other case do nothing here. May Goto enroll PK page. - // - return EFI_SUCCESS; -} - -/** - Perform secure boot mode transition from Audit Mode. Nothing is done here, - should goto enroll PK page. - - @param[in] NewMode New secure boot mode. - - @retval EFI_SUCCESS Secure Boot mode transition is successful. -**/ -EFI_STATUS -TransitionFromAuditMode( - IN UINT8 NewMode - ) -{ - // - // Other case do nothing here. Should Goto enroll PK page. - // - return EFI_SUCCESS; -} - -/** - Perform secure boot mode transition from Deployed Mode by setting Deployed Mode - variable to 0. - - @param[in] NewMode New secure boot mode. - - @retval EFI_SUCCESS Secure Boot mode transition is successful. -**/ -EFI_STATUS -TransitionFromDeployedMode( - IN UINT8 NewMode - ) -{ - UINT8 Data; - EFI_STATUS Status; - - // - // Platform specific logic. when physical presence, Allow to set DeployedMode =:0 - // to switch back to UserMode - // - if (NewMode == SECURE_BOOT_MODE_USER_MODE) { - Data = 0; - Status = gRT->SetVariable( - EFI_DEPLOYED_MODE_NAME, - &gEfiGlobalVariableGuid, - EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS, - sizeof(UINT8), - &Data - ); - DEBUG((EFI_D_INFO, "DeployedMode Status %x\n", Status)); - return Status; - } - return EFI_SUCCESS; -} - -/** - Perform main secure boot mode transition. - - @param[in] CurMode New secure boot mode. - @param[in] NewMode New secure boot mode. - - @retval EFI_SUCCESS Secure Boot mode transition is successful. -**/ -EFI_STATUS -SecureBootModeTransition( - IN UINT8 CurMode, - IN UINT8 NewMode - ) -{ - EFI_STATUS Status; - - // - // Set platform to be customized mode to ensure platform specific mode switch sucess - // - Status = SetSecureBootMode(CUSTOM_SECURE_BOOT_MODE); - if (EFI_ERROR (Status)) { - return Status; - } - - // - // SecureBootMode transition - // - switch (CurMode) { - case SECURE_BOOT_MODE_USER_MODE: - Status = TransitionFromUserMode(NewMode); - break; - - case SECURE_BOOT_MODE_SETUP_MODE: - Status = TransitionFromSetupMode(NewMode); - break; - - case SECURE_BOOT_MODE_AUDIT_MODE: - Status = TransitionFromAuditMode(NewMode); - break; - - case SECURE_BOOT_MODE_DEPLOYED_MODE: - Status = TransitionFromDeployedMode(NewMode); - break; - - default: - Status = EFI_INVALID_PARAMETER; - ASSERT(FALSE); - } - - return Status; -} - -/** - Get current secure boot mode by retrieve data from SetupMode/AuditMode/DeployedMode. - - @param[out] SecureBootMode Current secure boot mode. - -**/ -VOID -ExtractSecureBootModeFromVariable( - OUT UINT8 *SecureBootMode - ) -{ - UINT8 *SetupMode; - UINT8 *AuditMode; - UINT8 *DeployedMode; - - SetupMode = NULL; - AuditMode = NULL; - DeployedMode = NULL; - - // - // Get AuditMode/DeployedMode from variable - // - GetVariable2 (EFI_SETUP_MODE_NAME, &gEfiGlobalVariableGuid, (VOID**)&SetupMode, NULL); - GetVariable2 (EFI_AUDIT_MODE_NAME, &gEfiGlobalVariableGuid, (VOID**)&AuditMode, NULL); - GetVariable2 (EFI_DEPLOYED_MODE_NAME, &gEfiGlobalVariableGuid, (VOID**)&DeployedMode, NULL); - if (SetupMode != NULL && AuditMode != NULL && DeployedMode != NULL) { - if (*SetupMode == 0 && *AuditMode == 0 && *DeployedMode == 0) { - // - // User Mode - // - *SecureBootMode = SECURE_BOOT_MODE_USER_MODE; - } else if (*SetupMode == 1 && *AuditMode == 0 && *DeployedMode == 0) { - // - // Setup Mode - // - *SecureBootMode = SECURE_BOOT_MODE_SETUP_MODE; - } else if (*SetupMode == 1 && *AuditMode == 1 && *DeployedMode == 0) { - // - // Audit Mode - // - *SecureBootMode = SECURE_BOOT_MODE_AUDIT_MODE; - } else if (*SetupMode == 0 && *AuditMode == 0 && *DeployedMode == 1) { - // - // Deployed Mode - // - *SecureBootMode = SECURE_BOOT_MODE_DEPLOYED_MODE; - } else { - ASSERT(FALSE); - } - }else { - ASSERT(FALSE); - } - - if (SetupMode != NULL) { - FreePool (SetupMode); - } - if (DeployedMode != NULL) { - FreePool (DeployedMode); - } - if (AuditMode != NULL) { - FreePool (AuditMode); - } -} - -/** Update SecureBoot strings based on new Secure Boot Mode State. String includes STR_SECURE_BOOT_STATE_CONTENT and STR_CUR_SECURE_BOOT_MODE_CONTENT. @@ -3098,7 +2846,6 @@ UpdateSecureBootString( IN SECUREBOOT_CONFIG_PRIVATE_DATA *Private ) { - UINT8 CurSecureBootMode; UINT8 *SecureBoot; SecureBoot = NULL; @@ -3116,20 +2863,6 @@ UpdateSecureBootString( } else { HiiSetString (Private->HiiHandle, STRING_TOKEN (STR_SECURE_BOOT_STATE_CONTENT), L"Disabled", NULL); } - // - // Get current secure boot mode. - // - ExtractSecureBootModeFromVariable(&CurSecureBootMode); - - if (CurSecureBootMode == SECURE_BOOT_MODE_USER_MODE) { - HiiSetString (Private->HiiHandle, STRING_TOKEN (STR_CUR_SECURE_BOOT_MODE_CONTENT), L"UserMode", NULL); - } else if (CurSecureBootMode == SECURE_BOOT_MODE_SETUP_MODE) { - HiiSetString (Private->HiiHandle, STRING_TOKEN (STR_CUR_SECURE_BOOT_MODE_CONTENT), L"SetupMode", NULL); - } else if (CurSecureBootMode == SECURE_BOOT_MODE_AUDIT_MODE) { - HiiSetString (Private->HiiHandle, STRING_TOKEN (STR_CUR_SECURE_BOOT_MODE_CONTENT), L"AuditMode", NULL); - } else if (CurSecureBootMode == SECURE_BOOT_MODE_DEPLOYED_MODE) { - HiiSetString (Private->HiiHandle, STRING_TOKEN (STR_CUR_SECURE_BOOT_MODE_CONTENT), L"DeployedMode", NULL); - } FreePool(SecureBoot); @@ -3148,10 +2881,12 @@ SecureBootExtractConfigFromVariable ( ) { UINT8 *SecureBootEnable; + UINT8 *SetupMode; UINT8 *SecureBootMode; EFI_TIME CurrTime; SecureBootEnable = NULL; + SetupMode = NULL; SecureBootMode = NULL; // @@ -3178,24 +2913,10 @@ SecureBootExtractConfigFromVariable ( } // - // Get the SecureBootMode from CustomMode variable. - // - GetVariable2 (EFI_CUSTOM_MODE_NAME, &gEfiCustomModeEnableGuid, (VOID**)&SecureBootMode, NULL); - if (SecureBootMode == NULL) { - ConfigData->SecureBootMode = STANDARD_SECURE_BOOT_MODE; - } else { - ConfigData->SecureBootMode = *(SecureBootMode); - } - - // - // Extact current Secure Boot Mode - // - ExtractSecureBootModeFromVariable(&ConfigData->CurSecureBootMode); - - // // If there is no PK then the Delete Pk button will be gray. // - if (ConfigData->CurSecureBootMode == SECURE_BOOT_MODE_SETUP_MODE || ConfigData->CurSecureBootMode == SECURE_BOOT_MODE_AUDIT_MODE) { + GetVariable2 (EFI_SETUP_MODE_NAME, &gEfiGlobalVariableGuid, (VOID**)&SetupMode, NULL); + if (SetupMode == NULL || (*SetupMode) == SETUP_MODE) { ConfigData->HasPk = FALSE; } else { ConfigData->HasPk = TRUE; @@ -3212,7 +2933,7 @@ SecureBootExtractConfigFromVariable ( // // Fix Pk, SecureBootEnable inconsistence // - if (ConfigData->CurSecureBootMode == SECURE_BOOT_MODE_USER_MODE || ConfigData->CurSecureBootMode == SECURE_BOOT_MODE_DEPLOYED_MODE) { + if ((*SetupMode) == USER_MODE) { ConfigData->HideSecureBoot = FALSE; if ((SecureBootEnable != NULL) && (*SecureBootEnable == SECURE_BOOT_ENABLE)) { ConfigData->AttemptSecureBoot = TRUE; @@ -3221,10 +2942,22 @@ SecureBootExtractConfigFromVariable ( ConfigData->HideSecureBoot = TRUE; } + // + // Get the SecureBootMode from CustomMode variable. + // + GetVariable2 (EFI_CUSTOM_MODE_NAME, &gEfiCustomModeEnableGuid, (VOID**)&SecureBootMode, NULL); + if (SecureBootMode == NULL) { + ConfigData->SecureBootMode = STANDARD_SECURE_BOOT_MODE; + } else { + ConfigData->SecureBootMode = *(SecureBootMode); + } + if (SecureBootEnable != NULL) { FreePool (SecureBootEnable); } - + if (SetupMode != NULL) { + FreePool (SetupMode); + } if (SecureBootMode != NULL) { FreePool (SecureBootMode); } @@ -3458,18 +3191,20 @@ SecureBootCallback ( UINT8 *SecureBootEnable; UINT8 *Pk; UINT8 *SecureBootMode; + UINT8 *SetupMode; CHAR16 PromptString[100]; - UINT8 CurSecureBootMode; EFI_DEVICE_PATH_PROTOCOL *File; Status = EFI_SUCCESS; SecureBootEnable = NULL; SecureBootMode = NULL; + SetupMode = NULL; File = NULL; if ((This == NULL) || (Value == NULL) || (ActionRequest == NULL)) { return EFI_INVALID_PARAMETER; } + Private = SECUREBOOT_CONFIG_PRIVATE_FROM_THIS (This); gSecureBootPrivateData = Private; @@ -3493,13 +3228,6 @@ SecureBootCallback ( Status = UpdateSecureBootString(Private); SecureBootExtractConfigFromVariable (IfrNvData); mIsEnterSecureBootForm = TRUE; - } else if (QuestionId == KEY_TRANS_SECURE_BOOT_MODE){ - // - // Secure Boot Policy variable changes after transition. Re-sync CurSecureBootMode - // - ExtractSecureBootModeFromVariable(&IfrNvData->CurSecureBootMode); - mIsSelectedSecureBootModeForm = TRUE; - mIsSecureBootModeChanged = FALSE; } goto EXIT; } @@ -3511,12 +3239,7 @@ SecureBootCallback ( Value->u8 = SECURE_BOOT_MODE_STANDARD; Status = EFI_SUCCESS; } - } else if (QuestionId == KEY_TRANS_SECURE_BOOT_MODE) { - if (mIsSelectedSecureBootModeForm) { - Value->u8 = IfrNvData->CurSecureBootMode; - Status = EFI_SUCCESS; - } - } + } goto EXIT; } @@ -3770,57 +3493,6 @@ SecureBootCallback ( ); } break; - case KEY_TRANS_SECURE_BOOT_MODE: - // - // Pop up to alert user want to change secure boot mode - // - if ((IfrNvData->CurSecureBootMode == SECURE_BOOT_MODE_USER_MODE && - (Value->u8 == SECURE_BOOT_MODE_AUDIT_MODE || Value->u8 == SECURE_BOOT_MODE_DEPLOYED_MODE)) - ||(IfrNvData->CurSecureBootMode == SECURE_BOOT_MODE_SETUP_MODE && - Value->u8 == SECURE_BOOT_MODE_AUDIT_MODE) - ||(IfrNvData->CurSecureBootMode == SECURE_BOOT_MODE_DEPLOYED_MODE && - Value->u8 == SECURE_BOOT_MODE_USER_MODE && IfrNvData->PhysicalPresent == 1)){ - CreatePopUp ( - EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, - &Key, - L"Are you sure you want to switch secure boot mode?", - L"Press 'Y' to switch secure boot mode, 'N' to discard change and return", - NULL - ); - if (Key.UnicodeChar != 'y' && Key.UnicodeChar != 'Y') { - // - // If not 'Y'/''y' restore to defualt secure boot mode - // - Value->u8 = IfrNvData->CurSecureBootMode; - goto EXIT; - } - } else if ((IfrNvData->CurSecureBootMode == SECURE_BOOT_MODE_SETUP_MODE && Value->u8 == SECURE_BOOT_MODE_USER_MODE) - ||(IfrNvData->CurSecureBootMode == SECURE_BOOT_MODE_USER_MODE && Value->u8 == SECURE_BOOT_MODE_SETUP_MODE) - ||(IfrNvData->CurSecureBootMode == SECURE_BOOT_MODE_AUDIT_MODE && Value->u8 == SECURE_BOOT_MODE_DEPLOYED_MODE) - ||(IfrNvData->CurSecureBootMode == SECURE_BOOT_MODE_DEPLOYED_MODE && Value->u8 == SECURE_BOOT_MODE_SETUP_MODE)) { - CreatePopUp ( - EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, - &Key, - L"Secure boot mode transition requires PK change", - L"Please go to link below to update PK", - NULL - ); - } else { - Status = EFI_INVALID_PARAMETER; - goto EXIT; - } - - Status = SecureBootModeTransition(IfrNvData->CurSecureBootMode, Value->u8); - // - // Secure Boot Policy variable may change after transition. Re-sync CurSecureBootMode - // - ExtractSecureBootModeFromVariable(&CurSecureBootMode); - if (IfrNvData->CurSecureBootMode != CurSecureBootMode) { - IfrNvData->CurSecureBootMode = CurSecureBootMode; - mIsSecureBootModeChanged = TRUE; - } - break; - default: if ((QuestionId >= OPTION_DEL_KEK_QUESTION_ID) && (QuestionId < (OPTION_DEL_KEK_QUESTION_ID + OPTION_CONFIG_RANGE))) { @@ -3889,13 +3561,6 @@ SecureBootCallback ( case KEY_SECURE_BOOT_MODE: mIsEnterSecureBootForm = FALSE; break; - case KEY_TRANS_SECURE_BOOT_MODE: - mIsSelectedSecureBootModeForm = FALSE; - if (mIsSecureBootModeChanged) { - *ActionRequest = EFI_BROWSER_ACTION_REQUEST_RESET; - } - mIsSecureBootModeChanged = FALSE; - break; case KEY_SECURE_BOOT_KEK_GUID: case KEY_SECURE_BOOT_SIGNATURE_GUID_DB: case KEY_SECURE_BOOT_SIGNATURE_GUID_DBX: @@ -3914,7 +3579,8 @@ SecureBootCallback ( break; case KEY_SECURE_BOOT_DELETE_PK: - if (IfrNvData->CurSecureBootMode == SECURE_BOOT_MODE_USER_MODE || IfrNvData->CurSecureBootMode == SECURE_BOOT_MODE_DEPLOYED_MODE) { + GetVariable2 (EFI_SETUP_MODE_NAME, &gEfiGlobalVariableGuid, (VOID**)&SetupMode, NULL); + if (SetupMode == NULL || (*SetupMode) == SETUP_MODE) { IfrNvData->DeletePk = TRUE; IfrNvData->HasPk = FALSE; *ActionRequest = EFI_BROWSER_ACTION_REQUEST_SUBMIT; @@ -3923,6 +3589,9 @@ SecureBootCallback ( IfrNvData->HasPk = TRUE; *ActionRequest = EFI_BROWSER_ACTION_REQUEST_FORM_APPLY; } + if (SetupMode != NULL) { + FreePool (SetupMode); + } break; default: break; diff --git a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigNvData.h b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigNvData.h index cf8dc88..df4d72e 100644 --- a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigNvData.h +++ b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigNvData.h @@ -56,7 +56,6 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. #define KEY_HIDE_SECURE_BOOT 0x100c #define KEY_VALUE_SAVE_AND_EXIT_DBT 0x100d #define KEY_VALUE_NO_SAVE_AND_EXIT_DBT 0x100e -#define KEY_TRANS_SECURE_BOOT_MODE 0x100f #define KEY_SECURE_BOOT_OPTION 0x1100 #define KEY_SECURE_BOOT_PK_OPTION 0x1101 @@ -108,10 +107,6 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. #define SECURE_BOOT_GUID_SIZE 36 #define SECURE_BOOT_GUID_STORAGE_SIZE 37 -#define SECURE_BOOT_MODE_USER_MODE 0 -#define SECURE_BOOT_MODE_SETUP_MODE 1 -#define SECURE_BOOT_MODE_AUDIT_MODE 2 -#define SECURE_BOOT_MODE_DEPLOYED_MODE 3 // // Nv Data structure referenced by IFR @@ -122,8 +117,6 @@ typedef struct { CHAR16 SignatureGuid[SECURE_BOOT_GUID_STORAGE_SIZE]; BOOLEAN PhysicalPresent; // If a Physical Present User UINT8 SecureBootMode; // Secure Boot Mode: Standard Or Custom - UINT8 CurSecureBootMode; // Current SecureBoot Mode SetupMode/UserMode/AuditMode/DeployedMode - UINT8 TransSecureBootMode; // Trans Next SecureBoot Mode BOOLEAN DeletePk; BOOLEAN HasPk; // If Pk is existed it is true BOOLEAN AlwaysRevocation; // If the certificate is always revoked. Revocation time is hidden diff --git a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigStrings.uni b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigStrings.uni index eedd8b5..af6d83b 100644 --- a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigStrings.uni +++ b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigStrings.uni @@ -26,10 +26,6 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. #string STR_SECURE_BOOT_PROMPT #language en-US "Attempt Secure Boot" #string STR_SECURE_BOOT_HELP #language en-US "Enable/Disable the Secure Boot feature after platform reset" -#string STR_CUR_SECURE_BOOT_MODE_PROMPT #language en-US "Current Secure Boot Mode" -#string STR_CUR_SECURE_BOOT_MODE_HELP #language en-US "Current Secure Boot Mode: SetupMode/AuditMode/UserMode/DeployedMode." -#string STR_CUR_SECURE_BOOT_MODE_CONTENT #language en-US " " - #string STR_SECURE_BOOT_ENROLL_SIGNATURE #language en-US "Enroll Signature" #string STR_SECURE_BOOT_DELETE_SIGNATURE #language en-US "Delete Signature" @@ -60,11 +56,11 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. #string STR_FILE_EXPLORER_TITLE #language en-US "File Explorer" -#string STR_SECURE_BOOT_MODE_PROMPT #language en-US "Customize Secure Boot" -#string STR_SECURE_BOOT_MODE_HELP #language en-US "Customize Secure Boot: Standard/Customized. Secure Boot Policy variables can be configured without authentication in customized option" +#string STR_SECURE_BOOT_MODE_PROMPT #language en-US "Secure Boot Mode" +#string STR_SECURE_BOOT_MODE_HELP #language en-US "Secure Boot Mode: Custom Mode or Standard Mode" -#string STR_STANDARD_MODE #language en-US "Standard" -#string STR_CUSTOM_MODE #language en-US "Customized" +#string STR_STANDARD_MODE #language en-US "Standard Mode" +#string STR_CUSTOM_MODE #language en-US "Custom Mode" #string STR_SECURE_BOOT_OPTION #language en-US "Custom Secure Boot Options" #string STR_SECURE_BOOT_OPTION_HELP #language en-US "Enter into Custom Secure Boot Options Form" @@ -111,11 +107,3 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. #string STR_CERT_TYPE_X509_SHA256_GUID #language en-US "X509_SHA256_GUID" #string STR_CERT_TYPE_X509_SHA384_GUID #language en-US "X509_SHA384_GUID" #string STR_CERT_TYPE_X509_SHA512_GUID #language en-US "X509_SHA512_GUID" - -#string STR_TRANS_SECURE_BOOT_MODE_PROMPT #language en-US "Secure Boot Mode Transition" -#string STR_TRANS_SECURE_BOOT_MODE_HELP #language en-US "Secure Boot Mode Transition: SetupMode/UserMode/AuditMode/DeployedMode" - -#string STR_USER_MODE #language en-US "User Mode" -#string STR_SETUP_MODE #language en-US "Setup Mode" -#string STR_AUDIT_MODE #language en-US "Audit Mode" -#string STR_DEPLOYED_MODE #language en-US "Deployed Mode" \ No newline at end of file -- 1.9.5.msysgit.1 _______________________________________________ edk2-devel mailing list [email protected] https://lists.01.org/mailman/listinfo/edk2-devel
