diff options
| author | Michael Kubacki <michael.kubacki@microsoft.com> | 2021-12-05 14:54:12 -0800 |
|---|---|---|
| committer | mergify[bot] <37929162+mergify[bot]@users.noreply.github.com> | 2021-12-07 17:24:28 +0000 |
| commit | c411b485b63a671a1e276700cff025c73997233c (patch) | |
| tree | e7a57ca51b659161ab4bc9da95e988760ec57e7a /SecurityPkg/VariableAuthenticated | |
| parent | 39de741e2dcb8f11e9b4438e37224797643d8451 (diff) | |
| download | edk2-c411b485b63a671a1e276700cff025c73997233c.zip edk2-c411b485b63a671a1e276700cff025c73997233c.tar.gz edk2-c411b485b63a671a1e276700cff025c73997233c.tar.bz2 | |
SecurityPkg: Apply uncrustify changes
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3737
Apply uncrustify changes to .c/.h files in the SecurityPkg package
Cc: Andrew Fish <afish@apple.com>
Cc: Leif Lindholm <leif@nuviainc.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Signed-off-by: Michael Kubacki <michael.kubacki@microsoft.com>
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
Diffstat (limited to 'SecurityPkg/VariableAuthenticated')
8 files changed, 1690 insertions, 1620 deletions
diff --git a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDevicePath.c b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDevicePath.c index 1e27f7a..40d989d 100644 --- a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDevicePath.c +++ b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDevicePath.c @@ -8,7 +8,6 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #include "SecureBootConfigImpl.h"
-
/**
This function converts an input device structure to a Unicode string.
@@ -20,7 +19,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent CHAR16 *
EFIAPI
DevicePathToStr (
- IN EFI_DEVICE_PATH_PROTOCOL *DevPath
+ IN EFI_DEVICE_PATH_PROTOCOL *DevPath
)
{
return ConvertDevicePathToText (
@@ -29,4 +28,3 @@ DevicePathToStr ( TRUE
);
}
-
diff --git a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDriver.c b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDriver.c index 8936a0a..46ddcab 100644 --- a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDriver.c +++ b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDriver.c @@ -23,17 +23,17 @@ SPDX-License-Identifier: BSD-2-Clause-Patent EFI_STATUS
EFIAPI
SecureBootConfigDriverEntryPoint (
- IN EFI_HANDLE ImageHandle,
- IN EFI_SYSTEM_TABLE *SystemTable
+ IN EFI_HANDLE ImageHandle,
+ IN EFI_SYSTEM_TABLE *SystemTable
)
{
- EFI_STATUS Status;
- SECUREBOOT_CONFIG_PRIVATE_DATA *PrivateData;
+ EFI_STATUS Status;
+ SECUREBOOT_CONFIG_PRIVATE_DATA *PrivateData;
//
// If already started, return.
//
- Status = gBS->OpenProtocol (
+ Status = gBS->OpenProtocol (
ImageHandle,
&gEfiCallerIdGuid,
NULL,
@@ -100,13 +100,13 @@ SecureBootConfigDriverUnload ( IN EFI_HANDLE ImageHandle
)
{
- EFI_STATUS Status;
- SECUREBOOT_CONFIG_PRIVATE_DATA *PrivateData;
+ EFI_STATUS Status;
+ SECUREBOOT_CONFIG_PRIVATE_DATA *PrivateData;
Status = gBS->HandleProtocol (
ImageHandle,
&gEfiCallerIdGuid,
- (VOID **) &PrivateData
+ (VOID **)&PrivateData
);
if (EFI_ERROR (Status)) {
return Status;
diff --git a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigFileExplorer.c b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigFileExplorer.c index 8bea707..5a23dc5 100644 --- a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigFileExplorer.c +++ b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigFileExplorer.c @@ -8,10 +8,10 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #include "SecureBootConfigImpl.h"
-VOID *mStartOpCodeHandle = NULL;
-VOID *mEndOpCodeHandle = NULL;
-EFI_IFR_GUID_LABEL *mStartLabel = NULL;
-EFI_IFR_GUID_LABEL *mEndLabel = NULL;
+VOID *mStartOpCodeHandle = NULL;
+VOID *mEndOpCodeHandle = NULL;
+EFI_IFR_GUID_LABEL *mStartLabel = NULL;
+EFI_IFR_GUID_LABEL *mEndLabel = NULL;
/**
Refresh the global UpdateData structure.
@@ -37,12 +37,12 @@ RefreshUpdateData ( //
// Create Hii Extend Label OpCode as the start opcode
//
- mStartLabel = (EFI_IFR_GUID_LABEL *) HiiCreateGuidOpCode (
- mStartOpCodeHandle,
- &gEfiIfrTianoGuid,
- NULL,
- sizeof (EFI_IFR_GUID_LABEL)
- );
+ mStartLabel = (EFI_IFR_GUID_LABEL *)HiiCreateGuidOpCode (
+ mStartOpCodeHandle,
+ &gEfiIfrTianoGuid,
+ NULL,
+ sizeof (EFI_IFR_GUID_LABEL)
+ );
mStartLabel->ExtendOpCode = EFI_IFR_EXTEND_OP_LABEL;
}
@@ -55,8 +55,8 @@ RefreshUpdateData ( **/
VOID
CleanUpPage (
- IN UINT16 LabelId,
- IN SECUREBOOT_CONFIG_PRIVATE_DATA *PrivateData
+ IN UINT16 LabelId,
+ IN SECUREBOOT_CONFIG_PRIVATE_DATA *PrivateData
)
{
RefreshUpdateData ();
@@ -87,39 +87,38 @@ CleanUpPage ( **/
CHAR16 *
ExtractFileNameFromDevicePath (
- IN EFI_DEVICE_PATH_PROTOCOL *DevicePath
+ IN EFI_DEVICE_PATH_PROTOCOL *DevicePath
)
{
- CHAR16 *String;
- CHAR16 *MatchString;
- CHAR16 *LastMatch;
- CHAR16 *FileName;
- UINTN Length;
+ CHAR16 *String;
+ CHAR16 *MatchString;
+ CHAR16 *LastMatch;
+ CHAR16 *FileName;
+ UINTN Length;
- ASSERT(DevicePath != NULL);
+ ASSERT (DevicePath != NULL);
- String = DevicePathToStr(DevicePath);
+ String = DevicePathToStr (DevicePath);
MatchString = String;
LastMatch = String;
FileName = NULL;
- while(MatchString != NULL){
+ while (MatchString != NULL) {
LastMatch = MatchString + 1;
- MatchString = StrStr(LastMatch,L"\\");
+ MatchString = StrStr (LastMatch, L"\\");
}
- Length = StrLen(LastMatch);
- FileName = AllocateCopyPool ((Length + 1) * sizeof(CHAR16), LastMatch);
+ Length = StrLen (LastMatch);
+ FileName = AllocateCopyPool ((Length + 1) * sizeof (CHAR16), LastMatch);
if (FileName != NULL) {
*(FileName + Length) = 0;
}
- FreePool(String);
+ FreePool (String);
return FileName;
}
-
/**
Update the form base on the selected file.
@@ -131,19 +130,20 @@ ExtractFileNameFromDevicePath ( **/
BOOLEAN
-UpdatePage(
+UpdatePage (
IN EFI_DEVICE_PATH_PROTOCOL *FilePath,
IN EFI_FORM_ID FormId
)
{
- CHAR16 *FileName;
- EFI_STRING_ID StringToken;
+ CHAR16 *FileName;
+ EFI_STRING_ID StringToken;
FileName = NULL;
if (FilePath != NULL) {
- FileName = ExtractFileNameFromDevicePath(FilePath);
+ FileName = ExtractFileNameFromDevicePath (FilePath);
}
+
if (FileName == NULL) {
//
// FileName = NULL has two case:
@@ -153,6 +153,7 @@ UpdatePage( //
return TRUE;
}
+
StringToken = HiiSetString (gSecureBootPrivateData->HiiHandle, 0, FileName, NULL);
gSecureBootPrivateData->FileContext->FileName = FileName;
@@ -175,7 +176,7 @@ UpdatePage( 0,
0,
0
- );
+ );
HiiUpdateForm (
gSecureBootPrivateData->HiiHandle,
@@ -199,11 +200,10 @@ UpdatePage( BOOLEAN
EFIAPI
UpdatePKFromFile (
- IN EFI_DEVICE_PATH_PROTOCOL *FilePath
+ IN EFI_DEVICE_PATH_PROTOCOL *FilePath
)
{
- return UpdatePage(FilePath, FORMID_ENROLL_PK_FORM);
-
+ return UpdatePage (FilePath, FORMID_ENROLL_PK_FORM);
}
/**
@@ -217,10 +217,10 @@ UpdatePKFromFile ( BOOLEAN
EFIAPI
UpdateKEKFromFile (
- IN EFI_DEVICE_PATH_PROTOCOL *FilePath
+ IN EFI_DEVICE_PATH_PROTOCOL *FilePath
)
{
- return UpdatePage(FilePath, FORMID_ENROLL_KEK_FORM);
+ return UpdatePage (FilePath, FORMID_ENROLL_KEK_FORM);
}
/**
@@ -234,10 +234,10 @@ UpdateKEKFromFile ( BOOLEAN
EFIAPI
UpdateDBFromFile (
- IN EFI_DEVICE_PATH_PROTOCOL *FilePath
+ IN EFI_DEVICE_PATH_PROTOCOL *FilePath
)
{
- return UpdatePage(FilePath, SECUREBOOT_ENROLL_SIGNATURE_TO_DB);
+ return UpdatePage (FilePath, SECUREBOOT_ENROLL_SIGNATURE_TO_DB);
}
/**
@@ -251,10 +251,10 @@ UpdateDBFromFile ( BOOLEAN
EFIAPI
UpdateDBXFromFile (
- IN EFI_DEVICE_PATH_PROTOCOL *FilePath
+ IN EFI_DEVICE_PATH_PROTOCOL *FilePath
)
{
- return UpdatePage(FilePath, SECUREBOOT_ENROLL_SIGNATURE_TO_DBX);
+ return UpdatePage (FilePath, SECUREBOOT_ENROLL_SIGNATURE_TO_DBX);
}
/**
@@ -268,9 +268,8 @@ UpdateDBXFromFile ( BOOLEAN
EFIAPI
UpdateDBTFromFile (
- IN EFI_DEVICE_PATH_PROTOCOL *FilePath
+ IN EFI_DEVICE_PATH_PROTOCOL *FilePath
)
{
- return UpdatePage(FilePath, SECUREBOOT_ENROLL_SIGNATURE_TO_DBT);
+ return UpdatePage (FilePath, SECUREBOOT_ENROLL_SIGNATURE_TO_DBT);
}
-
diff --git a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.c b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.c index c19f9e7..0122e8d 100644 --- a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.c +++ b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.c @@ -13,9 +13,9 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #include <Library/SecureBootVariableLib.h>
#include <Library/SecureBootVariableProvisionLib.h>
-CHAR16 mSecureBootStorageName[] = L"SECUREBOOT_CONFIGURATION";
+CHAR16 mSecureBootStorageName[] = L"SECUREBOOT_CONFIGURATION";
-SECUREBOOT_CONFIG_PRIVATE_DATA mSecureBootConfigPrivateDateTemplate = {
+SECUREBOOT_CONFIG_PRIVATE_DATA mSecureBootConfigPrivateDateTemplate = {
SECUREBOOT_CONFIG_PRIVATE_DATA_SIGNATURE,
{
SecureBootExtractConfig,
@@ -24,14 +24,14 @@ SECUREBOOT_CONFIG_PRIVATE_DATA mSecureBootConfigPrivateDateTemplate = { }
};
-HII_VENDOR_DEVICE_PATH mSecureBootHiiVendorDevicePath = {
+HII_VENDOR_DEVICE_PATH mSecureBootHiiVendorDevicePath = {
{
{
HARDWARE_DEVICE_PATH,
HW_VENDOR_DP,
{
- (UINT8) (sizeof (VENDOR_DEVICE_PATH)),
- (UINT8) ((sizeof (VENDOR_DEVICE_PATH)) >> 8)
+ (UINT8)(sizeof (VENDOR_DEVICE_PATH)),
+ (UINT8)((sizeof (VENDOR_DEVICE_PATH)) >> 8)
}
},
SECUREBOOT_CONFIG_FORM_SET_GUID
@@ -40,69 +40,68 @@ HII_VENDOR_DEVICE_PATH mSecureBootHiiVendorDevicePath = { END_DEVICE_PATH_TYPE,
END_ENTIRE_DEVICE_PATH_SUBTYPE,
{
- (UINT8) (END_DEVICE_PATH_LENGTH),
- (UINT8) ((END_DEVICE_PATH_LENGTH) >> 8)
+ (UINT8)(END_DEVICE_PATH_LENGTH),
+ (UINT8)((END_DEVICE_PATH_LENGTH) >> 8)
}
}
};
-
-BOOLEAN mIsEnterSecureBootForm = FALSE;
+BOOLEAN mIsEnterSecureBootForm = FALSE;
//
// OID ASN.1 Value for Hash Algorithms
//
-UINT8 mHashOidValue[] = {
- 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x02, 0x05, // OBJ_md5
- 0x2B, 0x0E, 0x03, 0x02, 0x1A, // OBJ_sha1
- 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x04, // OBJ_sha224
- 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, // OBJ_sha256
- 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x02, // OBJ_sha384
- 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x03, // OBJ_sha512
- };
-
-HASH_TABLE mHash[] = {
- { L"SHA224", 28, &mHashOidValue[13], 9, NULL, NULL, NULL, NULL },
- { L"SHA256", 32, &mHashOidValue[22], 9, Sha256GetContextSize, Sha256Init, Sha256Update, Sha256Final},
- { L"SHA384", 48, &mHashOidValue[31], 9, Sha384GetContextSize, Sha384Init, Sha384Update, Sha384Final},
- { L"SHA512", 64, &mHashOidValue[40], 9, Sha512GetContextSize, Sha512Init, Sha512Update, Sha512Final}
+UINT8 mHashOidValue[] = {
+ 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x02, 0x05, // OBJ_md5
+ 0x2B, 0x0E, 0x03, 0x02, 0x1A, // OBJ_sha1
+ 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x04, // OBJ_sha224
+ 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, // OBJ_sha256
+ 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x02, // OBJ_sha384
+ 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x03, // OBJ_sha512
+};
+
+HASH_TABLE mHash[] = {
+ { L"SHA224", 28, &mHashOidValue[13], 9, NULL, NULL, NULL, NULL },
+ { L"SHA256", 32, &mHashOidValue[22], 9, Sha256GetContextSize, Sha256Init, Sha256Update, Sha256Final },
+ { L"SHA384", 48, &mHashOidValue[31], 9, Sha384GetContextSize, Sha384Init, Sha384Update, Sha384Final },
+ { L"SHA512", 64, &mHashOidValue[40], 9, Sha512GetContextSize, Sha512Init, Sha512Update, Sha512Final }
};
//
// Variable Definitions
//
-UINT32 mPeCoffHeaderOffset = 0;
-WIN_CERTIFICATE *mCertificate = NULL;
-IMAGE_TYPE mImageType;
-UINT8 *mImageBase = NULL;
-UINTN mImageSize = 0;
-UINT8 mImageDigest[MAX_DIGEST_SIZE];
-UINTN mImageDigestSize;
-EFI_GUID mCertType;
+UINT32 mPeCoffHeaderOffset = 0;
+WIN_CERTIFICATE *mCertificate = NULL;
+IMAGE_TYPE mImageType;
+UINT8 *mImageBase = NULL;
+UINTN mImageSize = 0;
+UINT8 mImageDigest[MAX_DIGEST_SIZE];
+UINTN mImageDigestSize;
+EFI_GUID mCertType;
EFI_IMAGE_SECURITY_DATA_DIRECTORY *mSecDataDir = NULL;
EFI_IMAGE_OPTIONAL_HEADER_PTR_UNION mNtHeader;
//
// Possible DER-encoded certificate file suffixes, end with NULL pointer.
//
-CHAR16* mDerEncodedSuffix[] = {
+CHAR16 *mDerEncodedSuffix[] = {
L".cer",
L".der",
L".crt",
NULL
};
-CHAR16* mSupportX509Suffix = L"*.cer/der/crt";
+CHAR16 *mSupportX509Suffix = L"*.cer/der/crt";
//
// Prompt strings during certificate enrollment.
//
-CHAR16* mX509EnrollPromptTitle[] = {
+CHAR16 *mX509EnrollPromptTitle[] = {
L"",
L"ERROR: Unsupported file type!",
L"ERROR: Unsupported certificate!",
NULL
};
-CHAR16* mX509EnrollPromptString[] = {
+CHAR16 *mX509EnrollPromptString[] = {
L"",
L"Only DER encoded certificate file (*.cer/der/crt) is supported.",
L"Public key length should be equal to or greater than 2048 bits.",
@@ -119,21 +118,21 @@ SECUREBOOT_CONFIG_PRIVATE_DATA *gSecureBootPrivateData = NULL; **/
VOID
-CloseEnrolledFile(
- IN SECUREBOOT_FILE_CONTEXT *FileContext
-)
+CloseEnrolledFile (
+ IN SECUREBOOT_FILE_CONTEXT *FileContext
+ )
{
if (FileContext->FHandle != NULL) {
CloseFile (FileContext->FHandle);
FileContext->FHandle = NULL;
}
- if (FileContext->FileName != NULL){
- FreePool(FileContext->FileName);
+ if (FileContext->FileName != NULL) {
+ FreePool (FileContext->FileName);
FileContext->FileName = NULL;
}
- FileContext->FileType = UNKNOWN_FILE_TYPE;
+ FileContext->FileType = UNKNOWN_FILE_TYPE;
}
/**
@@ -147,15 +146,17 @@ CloseEnrolledFile( **/
BOOLEAN
IsDerEncodeCertificate (
- IN CONST CHAR16 *FileSuffix
-)
+ IN CONST CHAR16 *FileSuffix
+ )
{
- UINTN Index;
+ UINTN Index;
+
for (Index = 0; mDerEncodedSuffix[Index] != NULL; Index++) {
if (StrCmp (FileSuffix, mDerEncodedSuffix[Index]) == 0) {
return TRUE;
}
}
+
return FALSE;
}
@@ -171,8 +172,8 @@ The function reads file content but won't open/close given FileHandle. **/
BOOLEAN
IsAuthentication2Format (
- IN EFI_FILE_HANDLE FileHandle
-)
+ IN EFI_FILE_HANDLE FileHandle
+ )
{
EFI_STATUS Status;
EFI_VARIABLE_AUTHENTICATION_2 *Auth2;
@@ -183,9 +184,9 @@ IsAuthentication2Format ( //
// Read the whole file content
//
- Status = ReadFileContent(
+ Status = ReadFileContent (
FileHandle,
- (VOID **) &mImageBase,
+ (VOID **)&mImageBase,
&mImageSize,
0
);
@@ -198,7 +199,7 @@ IsAuthentication2Format ( goto ON_EXIT;
}
- if (CompareGuid(&gEfiCertPkcs7Guid, &Auth2->AuthInfo.CertType)) {
+ if (CompareGuid (&gEfiCertPkcs7Guid, &Auth2->AuthInfo.CertType)) {
IsAuth2Format = TRUE;
}
@@ -225,18 +226,18 @@ ON_EXIT: **/
EFI_STATUS
SaveSecureBootVariable (
- IN UINT8 VarValue
+ IN UINT8 VarValue
)
{
- EFI_STATUS Status;
+ EFI_STATUS Status;
Status = gRT->SetVariable (
- EFI_SECURE_BOOT_ENABLE_NAME,
- &gEfiSecureBootEnableDisableGuid,
- EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS,
- sizeof (UINT8),
- &VarValue
- );
+ EFI_SECURE_BOOT_ENABLE_NAME,
+ &gEfiSecureBootEnableDisableGuid,
+ EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS,
+ sizeof (UINT8),
+ &VarValue
+ );
return Status;
}
@@ -255,27 +256,27 @@ SaveSecureBootVariable ( **/
EFI_STATUS
CheckX509Certificate (
- IN SECUREBOOT_FILE_CONTEXT* X509FileContext,
- OUT ENROLL_KEY_ERROR* Error
-)
+ IN SECUREBOOT_FILE_CONTEXT *X509FileContext,
+ OUT ENROLL_KEY_ERROR *Error
+ )
{
- EFI_STATUS Status;
- UINT16* FilePostFix;
- UINTN NameLength;
- UINT8* X509Data;
- UINTN X509DataSize;
- void* X509PubKey;
- UINTN PubKeyModSize;
+ EFI_STATUS Status;
+ UINT16 *FilePostFix;
+ UINTN NameLength;
+ UINT8 *X509Data;
+ UINTN X509DataSize;
+ void *X509PubKey;
+ UINTN PubKeyModSize;
if (X509FileContext->FileName == NULL) {
*Error = Unsupported_Type;
return EFI_INVALID_PARAMETER;
}
- X509Data = NULL;
- X509DataSize = 0;
- X509PubKey = NULL;
- PubKeyModSize = 0;
+ X509Data = NULL;
+ X509DataSize = 0;
+ X509PubKey = NULL;
+ PubKeyModSize = 0;
//
// Parse the file's postfix. Only support DER encoded X.509 certificate files.
@@ -286,19 +287,21 @@ CheckX509Certificate ( *Error = Unsupported_Type;
return EFI_INVALID_PARAMETER;
}
+
FilePostFix = X509FileContext->FileName + NameLength - 4;
if (!IsDerEncodeCertificate (FilePostFix)) {
DEBUG ((DEBUG_ERROR, "Unsupported file type, only DER encoded certificate (%s) is supported.\n", mSupportX509Suffix));
*Error = Unsupported_Type;
return EFI_INVALID_PARAMETER;
}
+
DEBUG ((DEBUG_INFO, "FileName= %s\n", X509FileContext->FileName));
DEBUG ((DEBUG_INFO, "FilePostFix = %s\n", FilePostFix));
//
// Read the certificate file content
//
- Status = ReadFileContent (X509FileContext->FHandle, (VOID**) &X509Data, &X509DataSize, 0);
+ Status = ReadFileContent (X509FileContext->FHandle, (VOID **)&X509Data, &X509DataSize, 0);
if (EFI_ERROR (Status)) {
DEBUG ((DEBUG_ERROR, "Error occured while reading the file.\n"));
goto ON_EXIT;
@@ -325,10 +328,11 @@ CheckX509Certificate ( Status = EFI_INVALID_PARAMETER;
*Error = Unqualified_Key;
}
+
RsaFree (X509PubKey);
}
- ON_EXIT:
+ON_EXIT:
if (X509Data != NULL) {
FreePool (X509Data);
}
@@ -348,47 +352,48 @@ CheckX509Certificate ( **/
EFI_STATUS
CreatePkX509SignatureList (
- IN EFI_FILE_HANDLE X509File,
- OUT EFI_SIGNATURE_LIST **PkCert
+ IN EFI_FILE_HANDLE X509File,
+ OUT EFI_SIGNATURE_LIST **PkCert
)
{
- EFI_STATUS Status;
- UINT8 *X509Data;
- UINTN X509DataSize;
- EFI_SIGNATURE_DATA *PkCertData;
+ EFI_STATUS Status;
+ UINT8 *X509Data;
+ UINTN X509DataSize;
+ EFI_SIGNATURE_DATA *PkCertData;
- X509Data = NULL;
- PkCertData = NULL;
+ X509Data = NULL;
+ PkCertData = NULL;
X509DataSize = 0;
- Status = ReadFileContent (X509File, (VOID**) &X509Data, &X509DataSize, 0);
+ Status = ReadFileContent (X509File, (VOID **)&X509Data, &X509DataSize, 0);
if (EFI_ERROR (Status)) {
goto ON_EXIT;
}
+
ASSERT (X509Data != NULL);
//
// Allocate space for PK certificate list and initialize it.
// Create PK database entry with SignatureHeaderSize equals 0.
//
- *PkCert = (EFI_SIGNATURE_LIST*) AllocateZeroPool (
- sizeof(EFI_SIGNATURE_LIST) + sizeof(EFI_SIGNATURE_DATA) - 1
- + X509DataSize
- );
+ *PkCert = (EFI_SIGNATURE_LIST *)AllocateZeroPool (
+ sizeof (EFI_SIGNATURE_LIST) + sizeof (EFI_SIGNATURE_DATA) - 1
+ + X509DataSize
+ );
if (*PkCert == NULL) {
Status = EFI_OUT_OF_RESOURCES;
goto ON_EXIT;
}
- (*PkCert)->SignatureListSize = (UINT32) (sizeof(EFI_SIGNATURE_LIST)
- + sizeof(EFI_SIGNATURE_DATA) - 1
- + X509DataSize);
- (*PkCert)->SignatureSize = (UINT32) (sizeof(EFI_SIGNATURE_DATA) - 1 + X509DataSize);
+ (*PkCert)->SignatureListSize = (UINT32)(sizeof (EFI_SIGNATURE_LIST)
+ + sizeof (EFI_SIGNATURE_DATA) - 1
+ + X509DataSize);
+ (*PkCert)->SignatureSize = (UINT32)(sizeof (EFI_SIGNATURE_DATA) - 1 + X509DataSize);
(*PkCert)->SignatureHeaderSize = 0;
CopyGuid (&(*PkCert)->SignatureType, &gEfiCertX509Guid);
- PkCertData = (EFI_SIGNATURE_DATA*) ((UINTN)(*PkCert)
- + sizeof(EFI_SIGNATURE_LIST)
- + (*PkCert)->SignatureHeaderSize);
+ PkCertData = (EFI_SIGNATURE_DATA *)((UINTN)(*PkCert)
+ + sizeof (EFI_SIGNATURE_LIST)
+ + (*PkCert)->SignatureHeaderSize);
CopyGuid (&PkCertData->SignatureOwner, &gEfiGlobalVariableGuid);
//
// Fill the PK database with PKpub data from X509 certificate file.
@@ -401,7 +406,7 @@ ON_EXIT: FreePool (X509Data);
}
- if (EFI_ERROR(Status) && *PkCert != NULL) {
+ if (EFI_ERROR (Status) && (*PkCert != NULL)) {
FreePool (*PkCert);
*PkCert = NULL;
}
@@ -423,17 +428,17 @@ ON_EXIT: **/
EFI_STATUS
EnrollPlatformKey (
- IN SECUREBOOT_CONFIG_PRIVATE_DATA* Private
+ IN SECUREBOOT_CONFIG_PRIVATE_DATA *Private
)
{
- EFI_STATUS Status;
- UINT32 Attr;
- UINTN DataSize;
- EFI_SIGNATURE_LIST *PkCert;
+ EFI_STATUS Status;
+ UINT32 Attr;
+ UINTN DataSize;
+ EFI_SIGNATURE_LIST *PkCert;
PkCert = NULL;
- Status = SetSecureBootMode(CUSTOM_SECURE_BOOT_MODE);
+ Status = SetSecureBootMode (CUSTOM_SECURE_BOOT_MODE);
if (EFI_ERROR (Status)) {
return Status;
}
@@ -442,27 +447,28 @@ EnrollPlatformKey ( // Prase the selected PK file and generate PK certificate list.
//
Status = CreatePkX509SignatureList (
- Private->FileContext->FHandle,
- &PkCert
- );
+ Private->FileContext->FHandle,
+ &PkCert
+ );
if (EFI_ERROR (Status)) {
goto ON_EXIT;
}
+
ASSERT (PkCert != NULL);
//
// Set Platform Key variable.
//
Attr = EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS
- | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS;
+ | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS;
DataSize = PkCert->SignatureListSize;
- Status = CreateTimeBasedPayload (&DataSize, (UINT8**) &PkCert);
+ Status = CreateTimeBasedPayload (&DataSize, (UINT8 **)&PkCert);
if (EFI_ERROR (Status)) {
DEBUG ((DEBUG_ERROR, "Fail to create time-based data payload: %r", Status));
goto ON_EXIT;
}
- Status = gRT->SetVariable(
+ Status = gRT->SetVariable (
EFI_PLATFORM_KEY_NAME,
&gEfiGlobalVariableGuid,
Attr,
@@ -473,16 +479,17 @@ EnrollPlatformKey ( if (Status == EFI_OUT_OF_RESOURCES) {
DEBUG ((DEBUG_ERROR, "Enroll PK failed with out of resource.\n"));
}
+
goto ON_EXIT;
}
ON_EXIT:
if (PkCert != NULL) {
- FreePool(PkCert);
+ FreePool (PkCert);
}
- CloseEnrolledFile(Private->FileContext);
+ CloseEnrolledFile (Private->FileContext);
return Status;
}
@@ -500,29 +507,29 @@ ON_EXIT: **/
EFI_STATUS
EnrollRsa2048ToKek (
- IN SECUREBOOT_CONFIG_PRIVATE_DATA *Private
+ IN SECUREBOOT_CONFIG_PRIVATE_DATA *Private
)
{
- EFI_STATUS Status;
- UINT32 Attr;
- UINTN DataSize;
- EFI_SIGNATURE_LIST *KekSigList;
- UINTN KeyBlobSize;
- UINT8 *KeyBlob;
- CPL_KEY_INFO *KeyInfo;
- EFI_SIGNATURE_DATA *KEKSigData;
- UINTN KekSigListSize;
- UINT8 *KeyBuffer;
- UINTN KeyLenInBytes;
-
- Attr = 0;
- DataSize = 0;
- KeyBuffer = NULL;
- KeyBlobSize = 0;
- KeyBlob = NULL;
- KeyInfo = NULL;
- KEKSigData = NULL;
- KekSigList = NULL;
+ EFI_STATUS Status;
+ UINT32 Attr;
+ UINTN DataSize;
+ EFI_SIGNATURE_LIST *KekSigList;
+ UINTN KeyBlobSize;
+ UINT8 *KeyBlob;
+ CPL_KEY_INFO *KeyInfo;
+ EFI_SIGNATURE_DATA *KEKSigData;
+ UINTN KekSigListSize;
+ UINT8 *KeyBuffer;
+ UINTN KeyLenInBytes;
+
+ Attr = 0;
+ DataSize = 0;
+ KeyBuffer = NULL;
+ KeyBlobSize = 0;
+ KeyBlob = NULL;
+ KeyInfo = NULL;
+ KEKSigData = NULL;
+ KekSigList = NULL;
KekSigListSize = 0;
//
@@ -531,15 +538,16 @@ EnrollRsa2048ToKek ( //
Status = ReadFileContent (
Private->FileContext->FHandle,
- (VOID**) &KeyBlob,
+ (VOID **)&KeyBlob,
&KeyBlobSize,
0
);
if (EFI_ERROR (Status)) {
goto ON_EXIT;
}
+
ASSERT (KeyBlob != NULL);
- KeyInfo = (CPL_KEY_INFO *) KeyBlob;
+ KeyInfo = (CPL_KEY_INFO *)KeyBlob;
if (KeyInfo->KeyLengthInBits / 8 != WIN_CERT_UEFI_RSA2048_SIZE) {
DEBUG ((DEBUG_ERROR, "Unsupported key length, Only RSA2048 is supported.\n"));
Status = EFI_UNSUPPORTED;
@@ -550,44 +558,45 @@ EnrollRsa2048ToKek ( // Convert the Public key to fix octet string format represented in RSA PKCS#1.
//
KeyLenInBytes = KeyInfo->KeyLengthInBits / 8;
- KeyBuffer = AllocateZeroPool (KeyLenInBytes);
+ KeyBuffer = AllocateZeroPool (KeyLenInBytes);
if (KeyBuffer == NULL) {
Status = EFI_OUT_OF_RESOURCES;
goto ON_EXIT;
}
+
Int2OctStr (
- (UINTN*) (KeyBlob + sizeof (CPL_KEY_INFO)),
+ (UINTN *)(KeyBlob + sizeof (CPL_KEY_INFO)),
KeyLenInBytes / sizeof (UINTN),
KeyBuffer,
KeyLenInBytes
);
- CopyMem(KeyBlob + sizeof(CPL_KEY_INFO), KeyBuffer, KeyLenInBytes);
+ CopyMem (KeyBlob + sizeof (CPL_KEY_INFO), KeyBuffer, KeyLenInBytes);
//
// Form an new EFI_SIGNATURE_LIST.
//
- KekSigListSize = sizeof(EFI_SIGNATURE_LIST)
- + sizeof(EFI_SIGNATURE_DATA) - 1
- + WIN_CERT_UEFI_RSA2048_SIZE;
+ KekSigListSize = sizeof (EFI_SIGNATURE_LIST)
+ + sizeof (EFI_SIGNATURE_DATA) - 1
+ + WIN_CERT_UEFI_RSA2048_SIZE;
- KekSigList = (EFI_SIGNATURE_LIST*) AllocateZeroPool (KekSigListSize);
+ KekSigList = (EFI_SIGNATURE_LIST *)AllocateZeroPool (KekSigListSize);
if (KekSigList == NULL) {
Status = EFI_OUT_OF_RESOURCES;
goto ON_EXIT;
}
- KekSigList->SignatureListSize = sizeof(EFI_SIGNATURE_LIST)
- + sizeof(EFI_SIGNATURE_DATA) - 1
+ KekSigList->SignatureListSize = sizeof (EFI_SIGNATURE_LIST)
+ + sizeof (EFI_SIGNATURE_DATA) - 1
+ WIN_CERT_UEFI_RSA2048_SIZE;
KekSigList->SignatureHeaderSize = 0;
- KekSigList->SignatureSize = sizeof(EFI_SIGNATURE_DATA) - 1 + WIN_CERT_UEFI_RSA2048_SIZE;
+ KekSigList->SignatureSize = sizeof (EFI_SIGNATURE_DATA) - 1 + WIN_CERT_UEFI_RSA2048_SIZE;
CopyGuid (&KekSigList->SignatureType, &gEfiCertRsa2048Guid);
- KEKSigData = (EFI_SIGNATURE_DATA*)((UINT8*)KekSigList + sizeof(EFI_SIGNATURE_LIST));
+ KEKSigData = (EFI_SIGNATURE_DATA *)((UINT8 *)KekSigList + sizeof (EFI_SIGNATURE_LIST));
CopyGuid (&KEKSigData->SignatureOwner, Private->SignatureGUID);
CopyMem (
KEKSigData->SignatureData,
- KeyBlob + sizeof(CPL_KEY_INFO),
+ KeyBlob + sizeof (CPL_KEY_INFO),
WIN_CERT_UEFI_RSA2048_SIZE
);
@@ -598,13 +607,13 @@ EnrollRsa2048ToKek ( //
Attr = EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS
| EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS;
- Status = CreateTimeBasedPayload (&KekSigListSize, (UINT8**) &KekSigList);
+ Status = CreateTimeBasedPayload (&KekSigListSize, (UINT8 **)&KekSigList);
if (EFI_ERROR (Status)) {
DEBUG ((DEBUG_ERROR, "Fail to create time-based data payload: %r", Status));
goto ON_EXIT;
}
- Status = gRT->GetVariable(
+ Status = gRT->GetVariable (
EFI_KEY_EXCHANGE_KEY_NAME,
&gEfiGlobalVariableGuid,
NULL,
@@ -620,7 +629,7 @@ EnrollRsa2048ToKek ( //
// Done. Now we have formed the correct KEKpub database item, just set it into variable storage,
//
- Status = gRT->SetVariable(
+ Status = gRT->SetVariable (
EFI_KEY_EXCHANGE_KEY_NAME,
&gEfiGlobalVariableGuid,
Attr,
@@ -633,7 +642,7 @@ EnrollRsa2048ToKek ( ON_EXIT:
- CloseEnrolledFile(Private->FileContext);
+ CloseEnrolledFile (Private->FileContext);
if (Private->SignatureGUID != NULL) {
FreePool (Private->SignatureGUID);
@@ -643,9 +652,11 @@ ON_EXIT: if (KeyBlob != NULL) {
FreePool (KeyBlob);
}
+
if (KeyBuffer != NULL) {
FreePool (KeyBuffer);
}
+
if (KekSigList != NULL) {
FreePool (KekSigList);
}
@@ -666,17 +677,17 @@ ON_EXIT: **/
EFI_STATUS
EnrollX509ToKek (
- IN SECUREBOOT_CONFIG_PRIVATE_DATA *Private
+ IN SECUREBOOT_CONFIG_PRIVATE_DATA *Private
)
{
- EFI_STATUS Status;
- UINTN X509DataSize;
- VOID *X509Data;
- EFI_SIGNATURE_DATA *KEKSigData;
- EFI_SIGNATURE_LIST *KekSigList;
- UINTN DataSize;
- UINTN KekSigListSize;
- UINT32 Attr;
+ EFI_STATUS Status;
+ UINTN X509DataSize;
+ VOID *X509Data;
+ EFI_SIGNATURE_DATA *KEKSigData;
+ EFI_SIGNATURE_LIST *KekSigList;
+ UINTN DataSize;
+ UINTN KekSigListSize;
+ UINT32 Attr;
X509Data = NULL;
X509DataSize = 0;
@@ -694,10 +705,11 @@ EnrollX509ToKek ( if (EFI_ERROR (Status)) {
goto ON_EXIT;
}
+
ASSERT (X509Data != NULL);
- KekSigListSize = sizeof(EFI_SIGNATURE_LIST) + sizeof(EFI_SIGNATURE_DATA) - 1 + X509DataSize;
- KekSigList = (EFI_SIGNATURE_LIST*) AllocateZeroPool (KekSigListSize);
+ KekSigListSize = sizeof (EFI_SIGNATURE_LIST) + sizeof (EFI_SIGNATURE_DATA) - 1 + X509DataSize;
+ KekSigList = (EFI_SIGNATURE_LIST *)AllocateZeroPool (KekSigListSize);
if (KekSigList == NULL) {
Status = EFI_OUT_OF_RESOURCES;
goto ON_EXIT;
@@ -706,12 +718,12 @@ EnrollX509ToKek ( //
// Fill Certificate Database parameters.
//
- KekSigList->SignatureListSize = (UINT32) KekSigListSize;
+ KekSigList->SignatureListSize = (UINT32)KekSigListSize;
KekSigList->SignatureHeaderSize = 0;
- KekSigList->SignatureSize = (UINT32) (sizeof(EFI_SIGNATURE_DATA) - 1 + X509DataSize);
+ KekSigList->SignatureSize = (UINT32)(sizeof (EFI_SIGNATURE_DATA) - 1 + X509DataSize);
CopyGuid (&KekSigList->SignatureType, &gEfiCertX509Guid);
- KEKSigData = (EFI_SIGNATURE_DATA*) ((UINT8*) KekSigList + sizeof (EFI_SIGNATURE_LIST));
+ KEKSigData = (EFI_SIGNATURE_DATA *)((UINT8 *)KekSigList + sizeof (EFI_SIGNATURE_LIST));
CopyGuid (&KEKSigData->SignatureOwner, Private->SignatureGUID);
CopyMem (KEKSigData->SignatureData, X509Data, X509DataSize);
@@ -721,14 +733,14 @@ EnrollX509ToKek ( // new kek to original variable
//
Attr = EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS
- | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS;
- Status = CreateTimeBasedPayload (&KekSigListSize, (UINT8**) &KekSigList);
+ | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS;
+ Status = CreateTimeBasedPayload (&KekSigListSize, (UINT8 **)&KekSigList);
if (EFI_ERROR (Status)) {
DEBUG ((DEBUG_ERROR, "Fail to create time-based data payload: %r", Status));
goto ON_EXIT;
}
- Status = gRT->GetVariable(
+ Status = gRT->GetVariable (
EFI_KEY_EXCHANGE_KEY_NAME,
&gEfiGlobalVariableGuid,
NULL,
@@ -741,7 +753,7 @@ EnrollX509ToKek ( goto ON_EXIT;
}
- Status = gRT->SetVariable(
+ Status = gRT->SetVariable (
EFI_KEY_EXCHANGE_KEY_NAME,
&gEfiGlobalVariableGuid,
Attr,
@@ -754,7 +766,7 @@ EnrollX509ToKek ( ON_EXIT:
- CloseEnrolledFile(Private->FileContext);
+ CloseEnrolledFile (Private->FileContext);
if (Private->SignatureGUID != NULL) {
FreePool (Private->SignatureGUID);
@@ -781,10 +793,10 @@ ON_EXIT: **/
EFI_STATUS
EnrollKeyExchangeKey (
- IN SECUREBOOT_CONFIG_PRIVATE_DATA *Private
+ IN SECUREBOOT_CONFIG_PRIVATE_DATA *Private
)
{
- UINT16* FilePostFix;
+ UINT16 *FilePostFix;
EFI_STATUS Status;
UINTN NameLength;
@@ -792,7 +804,7 @@ EnrollKeyExchangeKey ( return EFI_INVALID_PARAMETER;
}
- Status = SetSecureBootMode(CUSTOM_SECURE_BOOT_MODE);
+ Status = SetSecureBootMode (CUSTOM_SECURE_BOOT_MODE);
if (EFI_ERROR (Status)) {
return Status;
}
@@ -805,16 +817,17 @@ EnrollKeyExchangeKey ( if (NameLength <= 4) {
return EFI_INVALID_PARAMETER;
}
+
FilePostFix = Private->FileContext->FileName + NameLength - 4;
- if (IsDerEncodeCertificate(FilePostFix)) {
+ if (IsDerEncodeCertificate (FilePostFix)) {
return EnrollX509ToKek (Private);
- } else if (CompareMem (FilePostFix, L".pbk",4) == 0) {
+ } else if (CompareMem (FilePostFix, L".pbk", 4) == 0) {
return EnrollRsa2048ToKek (Private);
} else {
//
// File type is wrong, simply close it
//
- CloseEnrolledFile(Private->FileContext);
+ CloseEnrolledFile (Private->FileContext);
return EFI_INVALID_PARAMETER;
}
@@ -834,19 +847,19 @@ EnrollKeyExchangeKey ( **/
EFI_STATUS
EnrollX509toSigDB (
- IN SECUREBOOT_CONFIG_PRIVATE_DATA *Private,
- IN CHAR16 *VariableName
+ IN SECUREBOOT_CONFIG_PRIVATE_DATA *Private,
+ IN CHAR16 *VariableName
)
{
- EFI_STATUS Status;
- UINTN X509DataSize;
- VOID *X509Data;
- EFI_SIGNATURE_LIST *SigDBCert;
- EFI_SIGNATURE_DATA *SigDBCertData;
- VOID *Data;
- UINTN DataSize;
- UINTN SigDBSize;
- UINT32 Attr;
+ EFI_STATUS Status;
+ UINTN X509DataSize;
+ VOID *X509Data;
+ EFI_SIGNATURE_LIST *SigDBCert;
+ EFI_SIGNATURE_DATA *SigDBCertData;
+ VOID *Data;
+ UINTN DataSize;
+ UINTN SigDBSize;
+ UINT32 Attr;
X509DataSize = 0;
SigDBSize = 0;
@@ -865,9 +878,10 @@ EnrollX509toSigDB ( if (EFI_ERROR (Status)) {
goto ON_EXIT;
}
+
ASSERT (X509Data != NULL);
- SigDBSize = sizeof(EFI_SIGNATURE_LIST) + sizeof(EFI_SIGNATURE_DATA) - 1 + X509DataSize;
+ SigDBSize = sizeof (EFI_SIGNATURE_LIST) + sizeof (EFI_SIGNATURE_DATA) - 1 + X509DataSize;
Data = AllocateZeroPool (SigDBSize);
if (Data == NULL) {
@@ -878,15 +892,15 @@ EnrollX509toSigDB ( //
// Fill Certificate Database parameters.
//
- SigDBCert = (EFI_SIGNATURE_LIST*) Data;
- SigDBCert->SignatureListSize = (UINT32) SigDBSize;
+ SigDBCert = (EFI_SIGNATURE_LIST *)Data;
+ SigDBCert->SignatureListSize = (UINT32)SigDBSize;
SigDBCert->SignatureHeaderSize = 0;
- SigDBCert->SignatureSize = (UINT32) (sizeof(EFI_SIGNATURE_DATA) - 1 + X509DataSize);
+ SigDBCert->SignatureSize = (UINT32)(sizeof (EFI_SIGNATURE_DATA) - 1 + X509DataSize);
CopyGuid (&SigDBCert->SignatureType, &gEfiCertX509Guid);
- SigDBCertData = (EFI_SIGNATURE_DATA*) ((UINT8* ) SigDBCert + sizeof (EFI_SIGNATURE_LIST));
+ SigDBCertData = (EFI_SIGNATURE_DATA *)((UINT8 *)SigDBCert + sizeof (EFI_SIGNATURE_LIST));
CopyGuid (&SigDBCertData->SignatureOwner, Private->SignatureGUID);
- CopyMem ((UINT8* ) (SigDBCertData->SignatureData), X509Data, X509DataSize);
+ CopyMem ((UINT8 *)(SigDBCertData->SignatureData), X509Data, X509DataSize);
//
// Check if signature database entry has been already existed.
@@ -894,14 +908,14 @@ EnrollX509toSigDB ( // new signature data to original variable
//
Attr = EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS
- | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS;
- Status = CreateTimeBasedPayload (&SigDBSize, (UINT8**) &Data);
+ | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS;
+ Status = CreateTimeBasedPayload (&SigDBSize, (UINT8 **)&Data);
if (EFI_ERROR (Status)) {
DEBUG ((DEBUG_ERROR, "Fail to create time-based data payload: %r", Status));
goto ON_EXIT;
}
- Status = gRT->GetVariable(
+ Status = gRT->GetVariable (
VariableName,
&gEfiImageSecurityDatabaseGuid,
NULL,
@@ -914,7 +928,7 @@ EnrollX509toSigDB ( goto ON_EXIT;
}
- Status = gRT->SetVariable(
+ Status = gRT->SetVariable (
VariableName,
&gEfiImageSecurityDatabaseGuid,
Attr,
@@ -927,7 +941,7 @@ EnrollX509toSigDB ( ON_EXIT:
- CloseEnrolledFile(Private->FileContext);
+ CloseEnrolledFile (Private->FileContext);
if (Private->SignatureGUID != NULL) {
FreePool (Private->SignatureGUID);
@@ -958,9 +972,9 @@ ON_EXIT: **/
BOOLEAN
IsSignatureFoundInDatabase (
- IN CHAR16 *VariableName,
- IN UINT8 *Signature,
- IN UINTN SignatureSize
+ IN CHAR16 *VariableName,
+ IN UINT8 *Signature,
+ IN UINTN SignatureSize
)
{
EFI_STATUS Status;
@@ -975,15 +989,15 @@ IsSignatureFoundInDatabase ( //
// Read signature database variable.
//
- IsFound = FALSE;
- Data = NULL;
- DataSize = 0;
- Status = gRT->GetVariable (VariableName, &gEfiImageSecurityDatabaseGuid, NULL, &DataSize, NULL);
+ IsFound = FALSE;
+ Data = NULL;
+ DataSize = 0;
+ Status = gRT->GetVariable (VariableName, &gEfiImageSecurityDatabaseGuid, NULL, &DataSize, NULL);
if (Status != EFI_BUFFER_TOO_SMALL) {
return FALSE;
}
- Data = (UINT8 *) AllocateZeroPool (DataSize);
+ Data = (UINT8 *)AllocateZeroPool (DataSize);
if (Data == NULL) {
return FALSE;
}
@@ -996,11 +1010,11 @@ IsSignatureFoundInDatabase ( //
// Enumerate all signature data in SigDB to check if signature exists for executable.
//
- CertList = (EFI_SIGNATURE_LIST *) Data;
+ CertList = (EFI_SIGNATURE_LIST *)Data;
while ((DataSize > 0) && (DataSize >= CertList->SignatureListSize)) {
CertCount = (CertList->SignatureListSize - sizeof (EFI_SIGNATURE_LIST) - CertList->SignatureHeaderSize) / CertList->SignatureSize;
- Cert = (EFI_SIGNATURE_DATA *) ((UINT8 *) CertList + sizeof (EFI_SIGNATURE_LIST) + CertList->SignatureHeaderSize);
- if ((CertList->SignatureSize == sizeof(EFI_SIGNATURE_DATA) - 1 + SignatureSize) && (CompareGuid(&CertList->SignatureType, &gEfiCertX509Guid))) {
+ Cert = (EFI_SIGNATURE_DATA *)((UINT8 *)CertList + sizeof (EFI_SIGNATURE_LIST) + CertList->SignatureHeaderSize);
+ if ((CertList->SignatureSize == sizeof (EFI_SIGNATURE_DATA) - 1 + SignatureSize) && (CompareGuid (&CertList->SignatureType, &gEfiCertX509Guid))) {
for (Index = 0; Index < CertCount; Index++) {
if (CompareMem (Cert->SignatureData, Signature, SignatureSize) == 0) {
//
@@ -1009,7 +1023,8 @@ IsSignatureFoundInDatabase ( IsFound = TRUE;
break;
}
- Cert = (EFI_SIGNATURE_DATA *) ((UINT8 *) Cert + CertList->SignatureSize);
+
+ Cert = (EFI_SIGNATURE_DATA *)((UINT8 *)Cert + CertList->SignatureSize);
}
if (IsFound) {
@@ -1018,7 +1033,7 @@ IsSignatureFoundInDatabase ( }
DataSize -= CertList->SignatureListSize;
- CertList = (EFI_SIGNATURE_LIST *) ((UINT8 *) CertList + CertList->SignatureListSize);
+ CertList = (EFI_SIGNATURE_LIST *)((UINT8 *)CertList + CertList->SignatureListSize);
}
Done:
@@ -1043,17 +1058,17 @@ Done: **/
BOOLEAN
CalculateCertHash (
- IN UINT8 *CertData,
- IN UINTN CertSize,
- IN UINT32 HashAlg,
- OUT UINT8 *CertHash
+ IN UINT8 *CertData,
+ IN UINTN CertSize,
+ IN UINT32 HashAlg,
+ OUT UINT8 *CertHash
)
{
- BOOLEAN Status;
- VOID *HashCtx;
- UINTN CtxSize;
- UINT8 *TBSCert;
- UINTN TBSCertSize;
+ BOOLEAN Status;
+ VOID *HashCtx;
+ UINTN CtxSize;
+ UINT8 *TBSCert;
+ UINTN TBSCertSize;
HashCtx = NULL;
Status = FALSE;
@@ -1087,7 +1102,7 @@ CalculateCertHash ( //
// 3. Calculate the hash.
//
- Status = mHash[HashAlg].HashUpdate (HashCtx, TBSCert, TBSCertSize);
+ Status = mHash[HashAlg].HashUpdate (HashCtx, TBSCert, TBSCertSize);
if (!Status) {
goto Done;
}
@@ -1096,7 +1111,7 @@ CalculateCertHash ( // 4. Get the hash result.
//
ZeroMem (CertHash, mHash[HashAlg].DigestLength);
- Status = mHash[HashAlg].HashFinal (HashCtx, CertHash);
+ Status = mHash[HashAlg].HashFinal (HashCtx, CertHash);
Done:
if (HashCtx != NULL) {
@@ -1118,37 +1133,37 @@ Done: **/
BOOLEAN
IsCertHashFoundInDbx (
- IN UINT8 *Certificate,
- IN UINTN CertSize
+ IN UINT8 *Certificate,
+ IN UINTN CertSize
)
{
- BOOLEAN IsFound;
- EFI_STATUS Status;
- EFI_SIGNATURE_LIST *DbxList;
- EFI_SIGNATURE_DATA *CertHash;
- UINTN CertHashCount;
- UINTN Index;
- UINT32 HashAlg;
- UINT8 CertDigest[MAX_DIGEST_SIZE];
- UINT8 *DbxCertHash;
- UINTN SiglistHeaderSize;
- UINT8 *Data;
- UINTN DataSize;
+ BOOLEAN IsFound;
+ EFI_STATUS Status;
+ EFI_SIGNATURE_LIST *DbxList;
+ EFI_SIGNATURE_DATA *CertHash;
+ UINTN CertHashCount;
+ UINTN Index;
+ UINT32 HashAlg;
+ UINT8 CertDigest[MAX_DIGEST_SIZE];
+ UINT8 *DbxCertHash;
+ UINTN SiglistHeaderSize;
+ UINT8 *Data;
+ UINTN DataSize;
- IsFound = FALSE;
- HashAlg = HASHALG_MAX;
- Data = NULL;
+ IsFound = FALSE;
+ HashAlg = HASHALG_MAX;
+ Data = NULL;
//
// Read signature database variable.
//
- DataSize = 0;
- Status = gRT->GetVariable (EFI_IMAGE_SECURITY_DATABASE1, &gEfiImageSecurityDatabaseGuid, NULL, &DataSize, NULL);
+ DataSize = 0;
+ Status = gRT->GetVariable (EFI_IMAGE_SECURITY_DATABASE1, &gEfiImageSecurityDatabaseGuid, NULL, &DataSize, NULL);
if (Status != EFI_BUFFER_TOO_SMALL) {
return FALSE;
}
- Data = (UINT8 *) AllocateZeroPool (DataSize);
+ Data = (UINT8 *)AllocateZeroPool (DataSize);
if (Data == NULL) {
return FALSE;
}
@@ -1161,7 +1176,7 @@ IsCertHashFoundInDbx ( //
// Check whether the certificate hash exists in the forbidden database.
//
- DbxList = (EFI_SIGNATURE_LIST *) Data;
+ DbxList = (EFI_SIGNATURE_LIST *)Data;
while ((DataSize > 0) && (DataSize >= DbxList->SignatureListSize)) {
//
// Determine Hash Algorithm of Certificate in the forbidden database.
@@ -1174,7 +1189,7 @@ IsCertHashFoundInDbx ( HashAlg = HASHALG_SHA512;
} else {
DataSize -= DbxList->SignatureListSize;
- DbxList = (EFI_SIGNATURE_LIST *) ((UINT8 *) DbxList + DbxList->SignatureListSize);
+ DbxList = (EFI_SIGNATURE_LIST *)((UINT8 *)DbxList + DbxList->SignatureListSize);
continue;
}
@@ -1186,7 +1201,7 @@ IsCertHashFoundInDbx ( }
SiglistHeaderSize = sizeof (EFI_SIGNATURE_LIST) + DbxList->SignatureHeaderSize;
- CertHash = (EFI_SIGNATURE_DATA *) ((UINT8 *) DbxList + SiglistHeaderSize);
+ CertHash = (EFI_SIGNATURE_DATA *)((UINT8 *)DbxList + SiglistHeaderSize);
CertHashCount = (DbxList->SignatureListSize - SiglistHeaderSize) / DbxList->SignatureSize;
for (Index = 0; Index < CertHashCount; Index++) {
//
@@ -1200,11 +1215,12 @@ IsCertHashFoundInDbx ( IsFound = TRUE;
goto Done;
}
- CertHash = (EFI_SIGNATURE_DATA *) ((UINT8 *) CertHash + DbxList->SignatureSize);
+
+ CertHash = (EFI_SIGNATURE_DATA *)((UINT8 *)CertHash + DbxList->SignatureSize);
}
DataSize -= DbxList->SignatureListSize;
- DbxList = (EFI_SIGNATURE_LIST *) ((UINT8 *) DbxList + DbxList->SignatureListSize);
+ DbxList = (EFI_SIGNATURE_LIST *)((UINT8 *)DbxList + DbxList->SignatureListSize);
}
Done:
@@ -1238,8 +1254,8 @@ GetSignaturelistOffset ( OUT UINTN *Offset
)
{
- EFI_SIGNATURE_LIST *SigList;
- UINTN SiglistSize;
+ EFI_SIGNATURE_LIST *SigList;
+ UINTN SiglistSize;
if ((Database == NULL) || (DatabaseSize == 0)) {
*Offset = 0;
@@ -1253,9 +1269,11 @@ GetSignaturelistOffset ( *Offset = DatabaseSize - SiglistSize;
return TRUE;
}
+
SiglistSize -= SigList->SignatureListSize;
- SigList = (EFI_SIGNATURE_LIST *) ((UINT8 *) SigList + SigList->SignatureListSize);
+ SigList = (EFI_SIGNATURE_LIST *)((UINT8 *)SigList + SigList->SignatureListSize);
}
+
*Offset = 0;
return FALSE;
}
@@ -1277,11 +1295,11 @@ GetSignaturelistOffset ( **/
EFI_STATUS
EnrollX509HashtoSigDB (
- IN SECUREBOOT_CONFIG_PRIVATE_DATA *Private,
- IN UINT32 HashAlg,
- IN EFI_HII_DATE *RevocationDate,
- IN EFI_HII_TIME *RevocationTime,
- IN BOOLEAN AlwaysRevocation
+ IN SECUREBOOT_CONFIG_PRIVATE_DATA *Private,
+ IN UINT32 HashAlg,
+ IN EFI_HII_DATE *RevocationDate,
+ IN EFI_HII_TIME *RevocationTime,
+ IN BOOLEAN AlwaysRevocation
)
{
EFI_STATUS Status;
@@ -1299,7 +1317,7 @@ EnrollX509HashtoSigDB ( EFI_GUID SignatureType;
UINTN Offset;
UINT8 CertHash[MAX_DIGEST_SIZE];
- UINT16* FilePostFix;
+ UINT16 *FilePostFix;
UINTN NameLength;
EFI_TIME *Time;
@@ -1327,8 +1345,9 @@ EnrollX509HashtoSigDB ( if (NameLength <= 4) {
return EFI_INVALID_PARAMETER;
}
+
FilePostFix = Private->FileContext->FileName + NameLength - 4;
- if (!IsDerEncodeCertificate(FilePostFix)) {
+ if (!IsDerEncodeCertificate (FilePostFix)) {
//
// Only supports DER-encoded X509 certificate.
//
@@ -1347,6 +1366,7 @@ EnrollX509HashtoSigDB ( if (EFI_ERROR (Status)) {
goto ON_EXIT;
}
+
ASSERT (X509Data != NULL);
if (!CalculateCertHash (X509Data, X509DataSize, HashAlg, CertHash)) {
@@ -1359,7 +1379,7 @@ EnrollX509HashtoSigDB ( DataSize = 0;
Status = gRT->GetVariable (EFI_IMAGE_SECURITY_DATABASE1, &gEfiImageSecurityDatabaseGuid, NULL, &DataSize, NULL);
if (Status == EFI_BUFFER_TOO_SMALL) {
- Data = (UINT8 *) AllocateZeroPool (DataSize);
+ Data = (UINT8 *)AllocateZeroPool (DataSize);
if (Data == NULL) {
return EFI_OUT_OF_RESOURCES;
}
@@ -1373,11 +1393,12 @@ EnrollX509HashtoSigDB ( //
// Allocate memory for Signature and fill the Signature
//
- SignatureSize = sizeof(EFI_SIGNATURE_DATA) - 1 + sizeof (EFI_TIME) + mHash[HashAlg].DigestLength;
- SignatureData = (EFI_SIGNATURE_DATA *) AllocateZeroPool (SignatureSize);
+ SignatureSize = sizeof (EFI_SIGNATURE_DATA) - 1 + sizeof (EFI_TIME) + mHash[HashAlg].DigestLength;
+ SignatureData = (EFI_SIGNATURE_DATA *)AllocateZeroPool (SignatureSize);
if (SignatureData == NULL) {
return EFI_OUT_OF_RESOURCES;
}
+
CopyGuid (&SignatureData->SignatureOwner, Private->SignatureGUID);
CopyMem (SignatureData->SignatureData, CertHash, mHash[HashAlg].DigestLength);
@@ -1385,7 +1406,7 @@ EnrollX509HashtoSigDB ( // Fill the time.
//
if (!AlwaysRevocation) {
- Time = (EFI_TIME *)(&SignatureData->SignatureData + mHash[HashAlg].DigestLength);
+ Time = (EFI_TIME *)(&SignatureData->SignatureData + mHash[HashAlg].DigestLength);
Time->Year = RevocationDate->Year;
Time->Month = RevocationDate->Month;
Time->Day = RevocationDate->Day;
@@ -1398,23 +1419,23 @@ EnrollX509HashtoSigDB ( // Determine the GUID for certificate hash.
//
switch (HashAlg) {
- case HASHALG_SHA256:
- SignatureType = gEfiCertX509Sha256Guid;
- break;
- case HASHALG_SHA384:
- SignatureType = gEfiCertX509Sha384Guid;
- break;
- case HASHALG_SHA512:
- SignatureType = gEfiCertX509Sha512Guid;
- break;
- default:
- return FALSE;
+ case HASHALG_SHA256:
+ SignatureType = gEfiCertX509Sha256Guid;
+ break;
+ case HASHALG_SHA384:
+ SignatureType = gEfiCertX509Sha384Guid;
+ break;
+ case HASHALG_SHA512:
+ SignatureType = gEfiCertX509Sha512Guid;
+ break;
+ default:
+ return FALSE;
}
//
// Add signature into the new variable data buffer
//
- if (GetSignaturelistOffset((EFI_SIGNATURE_LIST *)Data, DataSize, &SignatureType, &Offset)) {
+ if (GetSignaturelistOffset ((EFI_SIGNATURE_LIST *)Data, DataSize, &SignatureType, &Offset)) {
//
// Add the signature to the found signaturelist.
//
@@ -1426,11 +1447,11 @@ EnrollX509HashtoSigDB ( }
SignatureList = (EFI_SIGNATURE_LIST *)(Data + Offset);
- SignatureListSize = (UINTN) ReadUnaligned32 ((UINT32 *)&SignatureList->SignatureListSize);
+ SignatureListSize = (UINTN)ReadUnaligned32 ((UINT32 *)&SignatureList->SignatureListSize);
CopyMem (NewData, Data, Offset + SignatureListSize);
SignatureList = (EFI_SIGNATURE_LIST *)(NewData + Offset);
- WriteUnaligned32 ((UINT32 *) &SignatureList->SignatureListSize, (UINT32)(SignatureListSize + SignatureSize));
+ WriteUnaligned32 ((UINT32 *)&SignatureList->SignatureListSize, (UINT32)(SignatureListSize + SignatureSize));
Offset += SignatureListSize;
CopyMem (NewData + Offset, SignatureData, SignatureSize);
@@ -1443,37 +1464,39 @@ EnrollX509HashtoSigDB ( //
// Create a new signaturelist, and add the signature into the signaturelist.
//
- DbSize = DataSize + sizeof(EFI_SIGNATURE_LIST) + SignatureSize;
+ DbSize = DataSize + sizeof (EFI_SIGNATURE_LIST) + SignatureSize;
NewData = AllocateZeroPool (DbSize);
if (NewData == NULL) {
Status = EFI_OUT_OF_RESOURCES;
goto ON_EXIT;
}
+
//
// Fill Certificate Database parameters.
//
- SignatureList = (EFI_SIGNATURE_LIST*) (NewData + DataSize);
- SignatureListSize = sizeof(EFI_SIGNATURE_LIST) + SignatureSize;
- WriteUnaligned32 ((UINT32 *) &SignatureList->SignatureListSize, (UINT32) SignatureListSize);
- WriteUnaligned32 ((UINT32 *) &SignatureList->SignatureSize, (UINT32) SignatureSize);
+ SignatureList = (EFI_SIGNATURE_LIST *)(NewData + DataSize);
+ SignatureListSize = sizeof (EFI_SIGNATURE_LIST) + SignatureSize;
+ WriteUnaligned32 ((UINT32 *)&SignatureList->SignatureListSize, (UINT32)SignatureListSize);
+ WriteUnaligned32 ((UINT32 *)&SignatureList->SignatureSize, (UINT32)SignatureSize);
CopyGuid (&SignatureList->SignatureType, &SignatureType);
- CopyMem ((UINT8* ) SignatureList + sizeof (EFI_SIGNATURE_LIST), SignatureData, SignatureSize);
+ CopyMem ((UINT8 *)SignatureList + sizeof (EFI_SIGNATURE_LIST), SignatureData, SignatureSize);
if ((DataSize != 0) && (Data != NULL)) {
CopyMem (NewData, Data, DataSize);
FreePool (Data);
}
+
Data = NewData;
DataSize = DbSize;
}
- Status = CreateTimeBasedPayload (&DataSize, (UINT8**) &Data);
+ Status = CreateTimeBasedPayload (&DataSize, (UINT8 **)&Data);
if (EFI_ERROR (Status)) {
goto ON_EXIT;
}
Attr = EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS
- | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS;
- Status = gRT->SetVariable(
+ | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS;
+ Status = gRT->SetVariable (
EFI_IMAGE_SECURITY_DATABASE1,
&gEfiImageSecurityDatabaseGuid,
Attr,
@@ -1486,7 +1509,7 @@ EnrollX509HashtoSigDB ( ON_EXIT:
- CloseEnrolledFile(Private->FileContext);
+ CloseEnrolledFile (Private->FileContext);
if (Private->SignatureGUID != NULL) {
FreePool (Private->SignatureGUID);
@@ -1520,26 +1543,26 @@ ON_EXIT: **/
BOOLEAN
IsX509CertInDbx (
- IN SECUREBOOT_CONFIG_PRIVATE_DATA *Private,
- IN CHAR16 *VariableName
+ IN SECUREBOOT_CONFIG_PRIVATE_DATA *Private,
+ IN CHAR16 *VariableName
)
{
- EFI_STATUS Status;
- UINTN X509DataSize;
- VOID *X509Data;
- BOOLEAN IsFound;
+ EFI_STATUS Status;
+ UINTN X509DataSize;
+ VOID *X509Data;
+ BOOLEAN IsFound;
//
// Read the certificate from file
//
- X509DataSize = 0;
- X509Data = NULL;
- Status = ReadFileContent (
- Private->FileContext->FHandle,
- &X509Data,
- &X509DataSize,
- 0
- );
+ X509DataSize = 0;
+ X509Data = NULL;
+ Status = ReadFileContent (
+ Private->FileContext->FHandle,
+ &X509Data,
+ &X509DataSize,
+ 0
+ );
if (EFI_ERROR (Status)) {
return FALSE;
}
@@ -1587,15 +1610,15 @@ ON_EXIT: EFI_STATUS
EFIAPI
SecureBootConfigImageRead (
- IN VOID *FileHandle,
- IN UINTN FileOffset,
- IN OUT UINTN *ReadSize,
- OUT VOID *Buffer
+ IN VOID *FileHandle,
+ IN UINTN FileOffset,
+ IN OUT UINTN *ReadSize,
+ OUT VOID *Buffer
)
{
- UINTN EndPosition;
+ UINTN EndPosition;
- if (FileHandle == NULL || ReadSize == NULL || Buffer == NULL) {
+ if ((FileHandle == NULL) || (ReadSize == NULL) || (Buffer == NULL)) {
return EFI_INVALID_PARAMETER;
}
@@ -1612,7 +1635,7 @@ SecureBootConfigImageRead ( *ReadSize = 0;
}
- CopyMem (Buffer, (UINT8 *)((UINTN) FileHandle + FileOffset), *ReadSize);
+ CopyMem (Buffer, (UINT8 *)((UINTN)FileHandle + FileOffset), *ReadSize);
return EFI_SUCCESS;
}
@@ -1630,18 +1653,18 @@ LoadPeImage ( VOID
)
{
- EFI_IMAGE_DOS_HEADER *DosHdr;
- EFI_IMAGE_NT_HEADERS32 *NtHeader32;
- EFI_IMAGE_NT_HEADERS64 *NtHeader64;
- PE_COFF_LOADER_IMAGE_CONTEXT ImageContext;
- EFI_STATUS Status;
+ EFI_IMAGE_DOS_HEADER *DosHdr;
+ EFI_IMAGE_NT_HEADERS32 *NtHeader32;
+ EFI_IMAGE_NT_HEADERS64 *NtHeader64;
+ PE_COFF_LOADER_IMAGE_CONTEXT ImageContext;
+ EFI_STATUS Status;
NtHeader32 = NULL;
NtHeader64 = NULL;
ZeroMem (&ImageContext, sizeof (ImageContext));
- ImageContext.Handle = (VOID *) mImageBase;
- ImageContext.ImageRead = (PE_COFF_LOADER_READ_FILE) SecureBootConfigImageRead;
+ ImageContext.Handle = (VOID *)mImageBase;
+ ImageContext.ImageRead = (PE_COFF_LOADER_READ_FILE)SecureBootConfigImageRead;
//
// Get information about the image being loaded
@@ -1658,26 +1681,22 @@ LoadPeImage ( //
// Read the Dos header
//
- DosHdr = (EFI_IMAGE_DOS_HEADER*)(mImageBase);
- if (DosHdr->e_magic == EFI_IMAGE_DOS_SIGNATURE)
- {
+ DosHdr = (EFI_IMAGE_DOS_HEADER *)(mImageBase);
+ if (DosHdr->e_magic == EFI_IMAGE_DOS_SIGNATURE) {
//
// DOS image header is present,
// So read the PE header after the DOS image header
//
mPeCoffHeaderOffset = DosHdr->e_lfanew;
- }
- else
- {
+ } else {
mPeCoffHeaderOffset = 0;
}
//
// Read PE header and check the signature validity and machine compatibility
//
- NtHeader32 = (EFI_IMAGE_NT_HEADERS32*) (mImageBase + mPeCoffHeaderOffset);
- if (NtHeader32->Signature != EFI_IMAGE_NT_SIGNATURE)
- {
+ NtHeader32 = (EFI_IMAGE_NT_HEADERS32 *)(mImageBase + mPeCoffHeaderOffset);
+ if (NtHeader32->Signature != EFI_IMAGE_NT_SIGNATURE) {
return EFI_UNSUPPORTED;
}
@@ -1687,24 +1706,25 @@ LoadPeImage ( // Check the architecture field of PE header and get the Certificate Data Directory data
// Note the size of FileHeader field is constant for both IA32 and X64 arch
//
- if ((NtHeader32->FileHeader.Machine == EFI_IMAGE_MACHINE_IA32)
- || (NtHeader32->FileHeader.Machine == EFI_IMAGE_MACHINE_EBC)
- || (NtHeader32->FileHeader.Machine == EFI_IMAGE_MACHINE_ARMTHUMB_MIXED)) {
+ if ( (NtHeader32->FileHeader.Machine == EFI_IMAGE_MACHINE_IA32)
+ || (NtHeader32->FileHeader.Machine == EFI_IMAGE_MACHINE_EBC)
+ || (NtHeader32->FileHeader.Machine == EFI_IMAGE_MACHINE_ARMTHUMB_MIXED))
+ {
//
// 32-bits Architecture
//
- mImageType = ImageType_IA32;
- mSecDataDir = (EFI_IMAGE_SECURITY_DATA_DIRECTORY*) &(NtHeader32->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY]);
- }
- else if ((NtHeader32->FileHeader.Machine == EFI_IMAGE_MACHINE_IA64)
- || (NtHeader32->FileHeader.Machine == EFI_IMAGE_MACHINE_X64)
- || (NtHeader32->FileHeader.Machine == EFI_IMAGE_MACHINE_AARCH64)) {
+ mImageType = ImageType_IA32;
+ mSecDataDir = (EFI_IMAGE_SECURITY_DATA_DIRECTORY *)&(NtHeader32->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY]);
+ } else if ( (NtHeader32->FileHeader.Machine == EFI_IMAGE_MACHINE_IA64)
+ || (NtHeader32->FileHeader.Machine == EFI_IMAGE_MACHINE_X64)
+ || (NtHeader32->FileHeader.Machine == EFI_IMAGE_MACHINE_AARCH64))
+ {
//
// 64-bits Architecture
//
- mImageType = ImageType_X64;
- NtHeader64 = (EFI_IMAGE_NT_HEADERS64 *) (mImageBase + mPeCoffHeaderOffset);
- mSecDataDir = (EFI_IMAGE_SECURITY_DATA_DIRECTORY*) &(NtHeader64->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY]);
+ mImageType = ImageType_X64;
+ NtHeader64 = (EFI_IMAGE_NT_HEADERS64 *)(mImageBase + mPeCoffHeaderOffset);
+ mSecDataDir = (EFI_IMAGE_SECURITY_DATA_DIRECTORY *)&(NtHeader64->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY]);
} else {
return EFI_UNSUPPORTED;
}
@@ -1727,7 +1747,7 @@ LoadPeImage ( **/
BOOLEAN
HashPeImage (
- IN UINT32 HashAlg
+ IN UINT32 HashAlg
)
{
BOOLEAN Status;
@@ -1754,10 +1774,10 @@ HashPeImage ( //
ZeroMem (mImageDigest, MAX_DIGEST_SIZE);
- mImageDigestSize = SHA256_DIGEST_SIZE;
- mCertType = gEfiCertSha256Guid;
+ mImageDigestSize = SHA256_DIGEST_SIZE;
+ mCertType = gEfiCertSha256Guid;
- CtxSize = mHash[HashAlg].GetContextSize();
+ CtxSize = mHash[HashAlg].GetContextSize ();
HashCtx = AllocatePool (CtxSize);
ASSERT (HashCtx != NULL);
@@ -1765,10 +1785,11 @@ HashPeImage ( // 1. Load the image header into memory.
// 2. Initialize a SHA hash context.
- Status = mHash[HashAlg].HashInit(HashCtx);
+ Status = mHash[HashAlg].HashInit (HashCtx);
if (!Status) {
goto Done;
}
+
//
// Measuring PE/COFF Image Header;
// But CheckSum field and SECURITY data directory (certificate) are excluded
@@ -1783,18 +1804,19 @@ HashPeImage ( //
// Use PE32 offset.
//
- HashSize = (UINTN) (&mNtHeader.Pe32->OptionalHeader.CheckSum) - (UINTN) HashBase;
+ HashSize = (UINTN)(&mNtHeader.Pe32->OptionalHeader.CheckSum) - (UINTN)HashBase;
} else {
//
// Use PE32+ offset.
//
- HashSize = (UINTN) (&mNtHeader.Pe32Plus->OptionalHeader.CheckSum) - (UINTN) HashBase;
+ HashSize = (UINTN)(&mNtHeader.Pe32Plus->OptionalHeader.CheckSum) - (UINTN)HashBase;
}
- Status = mHash[HashAlg].HashUpdate(HashCtx, HashBase, HashSize);
+ Status = mHash[HashAlg].HashUpdate (HashCtx, HashBase, HashSize);
if (!Status) {
goto Done;
}
+
//
// 5. Skip over the image checksum (it occupies a single ULONG).
// 6. Get the address of the beginning of the Cert Directory.
@@ -1804,20 +1826,21 @@ HashPeImage ( //
// Use PE32 offset.
//
- HashBase = (UINT8 *) &mNtHeader.Pe32->OptionalHeader.CheckSum + sizeof (UINT32);
- HashSize = (UINTN) (&mNtHeader.Pe32->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY]) - (UINTN) HashBase;
+ HashBase = (UINT8 *)&mNtHeader.Pe32->OptionalHeader.CheckSum + sizeof (UINT32);
+ HashSize = (UINTN)(&mNtHeader.Pe32->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY]) - (UINTN)HashBase;
} else {
//
// Use PE32+ offset.
//
- HashBase = (UINT8 *) &mNtHeader.Pe32Plus->OptionalHeader.CheckSum + sizeof (UINT32);
- HashSize = (UINTN) (&mNtHeader.Pe32Plus->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY]) - (UINTN) HashBase;
+ HashBase = (UINT8 *)&mNtHeader.Pe32Plus->OptionalHeader.CheckSum + sizeof (UINT32);
+ HashSize = (UINTN)(&mNtHeader.Pe32Plus->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY]) - (UINTN)HashBase;
}
- Status = mHash[HashAlg].HashUpdate(HashCtx, HashBase, HashSize);
+ Status = mHash[HashAlg].HashUpdate (HashCtx, HashBase, HashSize);
if (!Status) {
goto Done;
}
+
//
// 8. Skip over the Cert Directory. (It is sizeof(IMAGE_DATA_DIRECTORY) bytes.)
// 9. Hash everything from the end of the Cert Directory to the end of image header.
@@ -1826,20 +1849,21 @@ HashPeImage ( //
// Use PE32 offset
//
- HashBase = (UINT8 *) &mNtHeader.Pe32->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY + 1];
- HashSize = mNtHeader.Pe32->OptionalHeader.SizeOfHeaders - ((UINTN) (&mNtHeader.Pe32->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY + 1]) - (UINTN) mImageBase);
+ HashBase = (UINT8 *)&mNtHeader.Pe32->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY + 1];
+ HashSize = mNtHeader.Pe32->OptionalHeader.SizeOfHeaders - ((UINTN)(&mNtHeader.Pe32->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY + 1]) - (UINTN)mImageBase);
} else {
//
// Use PE32+ offset.
//
- HashBase = (UINT8 *) &mNtHeader.Pe32Plus->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY + 1];
- HashSize = mNtHeader.Pe32Plus->OptionalHeader.SizeOfHeaders - ((UINTN) (&mNtHeader.Pe32Plus->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY + 1]) - (UINTN) mImageBase);
+ HashBase = (UINT8 *)&mNtHeader.Pe32Plus->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY + 1];
+ HashSize = mNtHeader.Pe32Plus->OptionalHeader.SizeOfHeaders - ((UINTN)(&mNtHeader.Pe32Plus->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY + 1]) - (UINTN)mImageBase);
}
- Status = mHash[HashAlg].HashUpdate(HashCtx, HashBase, HashSize);
+ Status = mHash[HashAlg].HashUpdate (HashCtx, HashBase, HashSize);
if (!Status) {
goto Done;
}
+
//
// 10. Set the SUM_OF_BYTES_HASHED to the size of the header.
//
@@ -1861,7 +1885,7 @@ HashPeImage ( // header indicates how big the table should be. Do not include any
// IMAGE_SECTION_HEADERs in the table whose 'SizeOfRawData' field is zero.
//
- SectionHeader = (EFI_IMAGE_SECTION_HEADER *) AllocateZeroPool (sizeof (EFI_IMAGE_SECTION_HEADER) * mNtHeader.Pe32->FileHeader.NumberOfSections);
+ SectionHeader = (EFI_IMAGE_SECTION_HEADER *)AllocateZeroPool (sizeof (EFI_IMAGE_SECTION_HEADER) * mNtHeader.Pe32->FileHeader.NumberOfSections);
ASSERT (SectionHeader != NULL);
//
// 12. Using the 'PointerToRawData' in the referenced section headers as
@@ -1869,19 +1893,20 @@ HashPeImage ( // words, sort the section headers according to the disk-file offset of
// the section.
//
- Section = (EFI_IMAGE_SECTION_HEADER *) (
- mImageBase +
- mPeCoffHeaderOffset +
- sizeof (UINT32) +
- sizeof (EFI_IMAGE_FILE_HEADER) +
- mNtHeader.Pe32->FileHeader.SizeOfOptionalHeader
- );
+ Section = (EFI_IMAGE_SECTION_HEADER *)(
+ mImageBase +
+ mPeCoffHeaderOffset +
+ sizeof (UINT32) +
+ sizeof (EFI_IMAGE_FILE_HEADER) +
+ mNtHeader.Pe32->FileHeader.SizeOfOptionalHeader
+ );
for (Index = 0; Index < mNtHeader.Pe32->FileHeader.NumberOfSections; Index++) {
Pos = Index;
while ((Pos > 0) && (Section->PointerToRawData < SectionHeader[Pos - 1].PointerToRawData)) {
CopyMem (&SectionHeader[Pos], &SectionHeader[Pos - 1], sizeof (EFI_IMAGE_SECTION_HEADER));
Pos--;
}
+
CopyMem (&SectionHeader[Pos], Section, sizeof (EFI_IMAGE_SECTION_HEADER));
Section += 1;
}
@@ -1898,10 +1923,11 @@ HashPeImage ( if (Section->SizeOfRawData == 0) {
continue;
}
- HashBase = mImageBase + Section->PointerToRawData;
- HashSize = (UINTN) Section->SizeOfRawData;
- Status = mHash[HashAlg].HashUpdate(HashCtx, HashBase, HashSize);
+ HashBase = mImageBase + Section->PointerToRawData;
+ HashSize = (UINTN)Section->SizeOfRawData;
+
+ Status = mHash[HashAlg].HashUpdate (HashCtx, HashBase, HashSize);
if (!Status) {
goto Done;
}
@@ -1922,34 +1948,36 @@ HashPeImage ( // Use PE32 offset.
//
HashSize = (UINTN)(
- mImageSize -
- mNtHeader.Pe32->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY].Size -
- SumOfBytesHashed);
+ mImageSize -
+ mNtHeader.Pe32->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY].Size -
+ SumOfBytesHashed);
} else {
//
// Use PE32+ offset.
//
HashSize = (UINTN)(
- mImageSize -
- mNtHeader.Pe32Plus->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY].Size -
- SumOfBytesHashed);
+ mImageSize -
+ mNtHeader.Pe32Plus->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY].Size -
+ SumOfBytesHashed);
}
- Status = mHash[HashAlg].HashUpdate(HashCtx, HashBase, HashSize);
+ Status = mHash[HashAlg].HashUpdate (HashCtx, HashBase, HashSize);
if (!Status) {
goto Done;
}
}
- Status = mHash[HashAlg].HashFinal(HashCtx, mImageDigest);
+ Status = mHash[HashAlg].HashFinal (HashCtx, mImageDigest);
Done:
if (HashCtx != NULL) {
FreePool (HashCtx);
}
+
if (SectionHeader != NULL) {
FreePool (SectionHeader);
}
+
return Status;
}
@@ -1970,7 +1998,7 @@ HashPeImageByType ( UINT8 Index;
WIN_CERTIFICATE_EFI_PKCS *PkcsCertData;
- PkcsCertData = (WIN_CERTIFICATE_EFI_PKCS *) (mImageBase + mSecDataDir->Offset);
+ PkcsCertData = (WIN_CERTIFICATE_EFI_PKCS *)(mImageBase + mSecDataDir->Offset);
for (Index = 0; Index < HASHALG_MAX; Index++) {
//
@@ -1984,7 +2012,7 @@ HashPeImageByType ( // The DigestAlgorithmIdentifiers can be used to determine the hash algorithm in PE/COFF hashing
// This field has the fixed offset (+32) in final Authenticode ASN.1 data.
// Fixed offset (+32) is calculated based on two bytes of length encoding.
- //
+ //
if ((*(PkcsCertData->CertData + 1) & TWO_BYTE_ENCODE) != TWO_BYTE_ENCODE) {
//
// Only support two bytes of Long Form of Length Encoding.
@@ -2005,7 +2033,7 @@ HashPeImageByType ( //
// HASH PE Image based on Hash algorithm in PE/COFF Authenticode.
//
- if (!HashPeImage(Index)) {
+ if (!HashPeImage (Index)) {
return EFI_UNSUPPORTED;
}
@@ -2028,14 +2056,14 @@ HashPeImageByType ( **/
EFI_STATUS
EnrollAuthentication2Descriptor (
- IN SECUREBOOT_CONFIG_PRIVATE_DATA *Private,
- IN CHAR16 *VariableName
+ IN SECUREBOOT_CONFIG_PRIVATE_DATA *Private,
+ IN CHAR16 *VariableName
)
{
- EFI_STATUS Status;
- VOID *Data;
- UINTN DataSize;
- UINT32 Attr;
+ EFI_STATUS Status;
+ VOID *Data;
+ UINTN DataSize;
+ UINT32 Attr;
Data = NULL;
@@ -2049,15 +2077,16 @@ EnrollAuthentication2Descriptor ( //
// Read the whole file content
//
- Status = ReadFileContent(
+ Status = ReadFileContent (
Private->FileContext->FHandle,
- (VOID **) &mImageBase,
+ (VOID **)&mImageBase,
&mImageSize,
0
);
if (EFI_ERROR (Status)) {
goto ON_EXIT;
}
+
ASSERT (mImageBase != NULL);
Attr = EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS
@@ -2069,13 +2098,13 @@ EnrollAuthentication2Descriptor ( // new signature data to original variable
//
DataSize = 0;
- Status = gRT->GetVariable(
- VariableName,
- &gEfiImageSecurityDatabaseGuid,
- NULL,
- &DataSize,
- NULL
- );
+ Status = gRT->GetVariable (
+ VariableName,
+ &gEfiImageSecurityDatabaseGuid,
+ NULL,
+ &DataSize,
+ NULL
+ );
if (Status == EFI_BUFFER_TOO_SMALL) {
Attr |= EFI_VARIABLE_APPEND_WRITE;
} else if (Status != EFI_NOT_FOUND) {
@@ -2085,7 +2114,7 @@ EnrollAuthentication2Descriptor ( //
// Directly set AUTHENTICATION_2 data to SetVariable
//
- Status = gRT->SetVariable(
+ Status = gRT->SetVariable (
VariableName,
&gEfiImageSecurityDatabaseGuid,
Attr,
@@ -2093,11 +2122,11 @@ EnrollAuthentication2Descriptor ( mImageBase
);
- DEBUG((DEBUG_INFO, "Enroll AUTH_2 data to Var:%s Status: %x\n", VariableName, Status));
+ DEBUG ((DEBUG_INFO, "Enroll AUTH_2 data to Var:%s Status: %x\n", VariableName, Status));
ON_EXIT:
- CloseEnrolledFile(Private->FileContext);
+ CloseEnrolledFile (Private->FileContext);
if (Data != NULL) {
FreePool (Data);
@@ -2109,10 +2138,8 @@ ON_EXIT: }
return Status;
-
}
-
/**
Enroll a new signature of executable into Signature Database.
@@ -2129,20 +2156,20 @@ ON_EXIT: **/
EFI_STATUS
EnrollImageSignatureToSigDB (
- IN SECUREBOOT_CONFIG_PRIVATE_DATA *Private,
- IN CHAR16 *VariableName
+ IN SECUREBOOT_CONFIG_PRIVATE_DATA *Private,
+ IN CHAR16 *VariableName
)
{
- EFI_STATUS Status;
- EFI_SIGNATURE_LIST *SigDBCert;
- EFI_SIGNATURE_DATA *SigDBCertData;
- VOID *Data;
- UINTN DataSize;
- UINTN SigDBSize;
- UINT32 Attr;
- WIN_CERTIFICATE_UEFI_GUID *GuidCertData;
-
- Data = NULL;
+ EFI_STATUS Status;
+ EFI_SIGNATURE_LIST *SigDBCert;
+ EFI_SIGNATURE_DATA *SigDBCertData;
+ VOID *Data;
+ UINTN DataSize;
+ UINTN SigDBSize;
+ UINT32 Attr;
+ WIN_CERTIFICATE_UEFI_GUID *GuidCertData;
+
+ Data = NULL;
GuidCertData = NULL;
if (StrCmp (VariableName, EFI_IMAGE_SECURITY_DATABASE2) == 0) {
@@ -2161,15 +2188,16 @@ EnrollImageSignatureToSigDB ( //
// Read the whole file content
//
- Status = ReadFileContent(
+ Status = ReadFileContent (
Private->FileContext->FHandle,
- (VOID **) &mImageBase,
+ (VOID **)&mImageBase,
&mImageSize,
0
);
if (EFI_ERROR (Status)) {
goto ON_EXIT;
}
+
ASSERT (mImageBase != NULL);
Status = LoadPeImage ();
@@ -2183,29 +2211,26 @@ EnrollImageSignatureToSigDB ( goto ON_EXIT;
}
} else {
-
//
// Read the certificate data
//
mCertificate = (WIN_CERTIFICATE *)(mImageBase + mSecDataDir->Offset);
if (mCertificate->wCertificateType == WIN_CERT_TYPE_EFI_GUID) {
- GuidCertData = (WIN_CERTIFICATE_UEFI_GUID*) mCertificate;
- if (CompareMem (&GuidCertData->CertType, &gEfiCertTypeRsa2048Sha256Guid, sizeof(EFI_GUID)) != 0) {
+ GuidCertData = (WIN_CERTIFICATE_UEFI_GUID *)mCertificate;
+ if (CompareMem (&GuidCertData->CertType, &gEfiCertTypeRsa2048Sha256Guid, sizeof (EFI_GUID)) != 0) {
Status = EFI_ABORTED;
goto ON_EXIT;
}
if (!HashPeImage (HASHALG_SHA256)) {
Status = EFI_ABORTED;
- goto ON_EXIT;;
+ goto ON_EXIT;
}
-
} else if (mCertificate->wCertificateType == WIN_CERT_TYPE_PKCS_SIGNED_DATA) {
-
Status = HashPeImageByType ();
if (EFI_ERROR (Status)) {
- goto ON_EXIT;;
+ goto ON_EXIT;
}
} else {
Status = EFI_ABORTED;
@@ -2216,11 +2241,11 @@ EnrollImageSignatureToSigDB ( //
// Create a new SigDB entry.
//
- SigDBSize = sizeof(EFI_SIGNATURE_LIST)
- + sizeof(EFI_SIGNATURE_DATA) - 1
- + (UINT32) mImageDigestSize;
+ SigDBSize = sizeof (EFI_SIGNATURE_LIST)
+ + sizeof (EFI_SIGNATURE_DATA) - 1
+ + (UINT32)mImageDigestSize;
- Data = (UINT8*) AllocateZeroPool (SigDBSize);
+ Data = (UINT8 *)AllocateZeroPool (SigDBSize);
if (Data == NULL) {
Status = EFI_OUT_OF_RESOURCES;
goto ON_EXIT;
@@ -2229,19 +2254,19 @@ EnrollImageSignatureToSigDB ( //
// Adjust the Certificate Database parameters.
//
- SigDBCert = (EFI_SIGNATURE_LIST*) Data;
- SigDBCert->SignatureListSize = (UINT32) SigDBSize;
+ SigDBCert = (EFI_SIGNATURE_LIST *)Data;
+ SigDBCert->SignatureListSize = (UINT32)SigDBSize;
SigDBCert->SignatureHeaderSize = 0;
- SigDBCert->SignatureSize = sizeof(EFI_SIGNATURE_DATA) - 1 + (UINT32) mImageDigestSize;
+ SigDBCert->SignatureSize = sizeof (EFI_SIGNATURE_DATA) - 1 + (UINT32)mImageDigestSize;
CopyGuid (&SigDBCert->SignatureType, &mCertType);
- SigDBCertData = (EFI_SIGNATURE_DATA*)((UINT8*)SigDBCert + sizeof(EFI_SIGNATURE_LIST));
+ SigDBCertData = (EFI_SIGNATURE_DATA *)((UINT8 *)SigDBCert + sizeof (EFI_SIGNATURE_LIST));
CopyGuid (&SigDBCertData->SignatureOwner, Private->SignatureGUID);
CopyMem (SigDBCertData->SignatureData, mImageDigest, mImageDigestSize);
Attr = EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS
- | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS;
- Status = CreateTimeBasedPayload (&SigDBSize, (UINT8**) &Data);
+ | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS;
+ Status = CreateTimeBasedPayload (&SigDBSize, (UINT8 **)&Data);
if (EFI_ERROR (Status)) {
DEBUG ((DEBUG_ERROR, "Fail to create time-based data payload: %r", Status));
goto ON_EXIT;
@@ -2253,13 +2278,13 @@ EnrollImageSignatureToSigDB ( // new signature data to original variable
//
DataSize = 0;
- Status = gRT->GetVariable(
- VariableName,
- &gEfiImageSecurityDatabaseGuid,
- NULL,
- &DataSize,
- NULL
- );
+ Status = gRT->GetVariable (
+ VariableName,
+ &gEfiImageSecurityDatabaseGuid,
+ NULL,
+ &DataSize,
+ NULL
+ );
if (Status == EFI_BUFFER_TOO_SMALL) {
Attr |= EFI_VARIABLE_APPEND_WRITE;
} else if (Status != EFI_NOT_FOUND) {
@@ -2269,7 +2294,7 @@ EnrollImageSignatureToSigDB ( //
// Enroll the variable.
//
- Status = gRT->SetVariable(
+ Status = gRT->SetVariable (
VariableName,
&gEfiImageSecurityDatabaseGuid,
Attr,
@@ -2282,7 +2307,7 @@ EnrollImageSignatureToSigDB ( ON_EXIT:
- CloseEnrolledFile(Private->FileContext);
+ CloseEnrolledFile (Private->FileContext);
if (Private->SignatureGUID != NULL) {
FreePool (Private->SignatureGUID);
@@ -2316,13 +2341,13 @@ ON_EXIT: **/
EFI_STATUS
EnrollSignatureDatabase (
- IN SECUREBOOT_CONFIG_PRIVATE_DATA *Private,
- IN CHAR16 *VariableName
+ IN SECUREBOOT_CONFIG_PRIVATE_DATA *Private,
+ IN CHAR16 *VariableName
)
{
- UINT16* FilePostFix;
- EFI_STATUS Status;
- UINTN NameLength;
+ UINT16 *FilePostFix;
+ EFI_STATUS Status;
+ UINTN NameLength;
if ((Private->FileContext->FileName == NULL) || (Private->FileContext->FHandle == NULL) || (Private->SignatureGUID == NULL)) {
return EFI_INVALID_PARAMETER;
@@ -2340,14 +2365,15 @@ EnrollSignatureDatabase ( if (NameLength <= 4) {
return EFI_INVALID_PARAMETER;
}
+
FilePostFix = Private->FileContext->FileName + NameLength - 4;
if (IsDerEncodeCertificate (FilePostFix)) {
//
// Supports DER-encoded X509 certificate.
//
return EnrollX509toSigDB (Private, VariableName);
- } else if (IsAuthentication2Format(Private->FileContext->FHandle)){
- return EnrollAuthentication2Descriptor(Private, VariableName);
+ } else if (IsAuthentication2Format (Private->FileContext->FHandle)) {
+ return EnrollAuthentication2Descriptor (Private, VariableName);
} else {
return EnrollImageSignatureToSigDB (Private, VariableName);
}
@@ -2370,35 +2396,35 @@ EnrollSignatureDatabase ( **/
EFI_STATUS
UpdateDeletePage (
- IN SECUREBOOT_CONFIG_PRIVATE_DATA *PrivateData,
- IN CHAR16 *VariableName,
- IN EFI_GUID *VendorGuid,
- IN UINT16 LabelNumber,
- IN EFI_FORM_ID FormId,
- IN EFI_QUESTION_ID QuestionIdBase
+ IN SECUREBOOT_CONFIG_PRIVATE_DATA *PrivateData,
+ IN CHAR16 *VariableName,
+ IN EFI_GUID *VendorGuid,
+ IN UINT16 LabelNumber,
+ IN EFI_FORM_ID FormId,
+ IN EFI_QUESTION_ID QuestionIdBase
)
{
- EFI_STATUS Status;
- UINT32 Index;
- UINTN CertCount;
- UINTN GuidIndex;
- VOID *StartOpCodeHandle;
- VOID *EndOpCodeHandle;
- EFI_IFR_GUID_LABEL *StartLabel;
- EFI_IFR_GUID_LABEL *EndLabel;
- UINTN DataSize;
- UINT8 *Data;
- EFI_SIGNATURE_LIST *CertList;
- EFI_SIGNATURE_DATA *Cert;
- UINT32 ItemDataSize;
- CHAR16 *GuidStr;
- EFI_STRING_ID GuidID;
- EFI_STRING_ID Help;
-
- Data = NULL;
- CertList = NULL;
- Cert = NULL;
- GuidStr = NULL;
+ EFI_STATUS Status;
+ UINT32 Index;
+ UINTN CertCount;
+ UINTN GuidIndex;
+ VOID *StartOpCodeHandle;
+ VOID *EndOpCodeHandle;
+ EFI_IFR_GUID_LABEL *StartLabel;
+ EFI_IFR_GUID_LABEL *EndLabel;
+ UINTN DataSize;
+ UINT8 *Data;
+ EFI_SIGNATURE_LIST *CertList;
+ EFI_SIGNATURE_DATA *Cert;
+ UINT32 ItemDataSize;
+ CHAR16 *GuidStr;
+ EFI_STRING_ID GuidID;
+ EFI_STRING_ID Help;
+
+ Data = NULL;
+ CertList = NULL;
+ Cert = NULL;
+ GuidStr = NULL;
StartOpCodeHandle = NULL;
EndOpCodeHandle = NULL;
@@ -2420,34 +2446,34 @@ UpdateDeletePage ( //
// Create Hii Extend Label OpCode.
//
- StartLabel = (EFI_IFR_GUID_LABEL *) HiiCreateGuidOpCode (
- StartOpCodeHandle,
- &gEfiIfrTianoGuid,
- NULL,
- sizeof (EFI_IFR_GUID_LABEL)
- );
- StartLabel->ExtendOpCode = EFI_IFR_EXTEND_OP_LABEL;
- StartLabel->Number = LabelNumber;
+ StartLabel = (EFI_IFR_GUID_LABEL *)HiiCreateGuidOpCode (
+ StartOpCodeHandle,
+ &gEfiIfrTianoGuid,
+ NULL,
+ sizeof (EFI_IFR_GUID_LABEL)
+ );
+ StartLabel->ExtendOpCode = EFI_IFR_EXTEND_OP_LABEL;
+ StartLabel->Number = LabelNumber;
- EndLabel = (EFI_IFR_GUID_LABEL *) HiiCreateGuidOpCode (
- EndOpCodeHandle,
- &gEfiIfrTianoGuid,
- NULL,
- sizeof (EFI_IFR_GUID_LABEL)
- );
- EndLabel->ExtendOpCode = EFI_IFR_EXTEND_OP_LABEL;
- EndLabel->Number = LABEL_END;
+ EndLabel = (EFI_IFR_GUID_LABEL *)HiiCreateGuidOpCode (
+ EndOpCodeHandle,
+ &gEfiIfrTianoGuid,
+ NULL,
+ sizeof (EFI_IFR_GUID_LABEL)
+ );
+ EndLabel->ExtendOpCode = EFI_IFR_EXTEND_OP_LABEL;
+ EndLabel->Number = LABEL_END;
//
// Read Variable.
//
DataSize = 0;
- Status = gRT->GetVariable (VariableName, VendorGuid, NULL, &DataSize, Data);
- if (EFI_ERROR (Status) && Status != EFI_BUFFER_TOO_SMALL) {
+ Status = gRT->GetVariable (VariableName, VendorGuid, NULL, &DataSize, Data);
+ if (EFI_ERROR (Status) && (Status != EFI_BUFFER_TOO_SMALL)) {
goto ON_EXIT;
}
- Data = (UINT8 *) AllocateZeroPool (DataSize);
+ Data = (UINT8 *)AllocateZeroPool (DataSize);
if (Data == NULL) {
Status = EFI_OUT_OF_RESOURCES;
goto ON_EXIT;
@@ -2467,12 +2493,11 @@ UpdateDeletePage ( //
// Enumerate all KEK pub data.
//
- ItemDataSize = (UINT32) DataSize;
- CertList = (EFI_SIGNATURE_LIST *) Data;
- GuidIndex = 0;
+ ItemDataSize = (UINT32)DataSize;
+ CertList = (EFI_SIGNATURE_LIST *)Data;
+ GuidIndex = 0;
while ((ItemDataSize > 0) && (ItemDataSize >= CertList->SignatureListSize)) {
-
if (CompareGuid (&CertList->SignatureType, &gEfiCertRsa2048Guid)) {
Help = STRING_TOKEN (STR_CERT_TYPE_RSA2048_SHA256_GUID);
} else if (CompareGuid (&CertList->SignatureType, &gEfiCertX509Guid)) {
@@ -2492,24 +2517,24 @@ UpdateDeletePage ( // The signature type is not supported in current implementation.
//
ItemDataSize -= CertList->SignatureListSize;
- CertList = (EFI_SIGNATURE_LIST *) ((UINT8 *) CertList + CertList->SignatureListSize);
+ CertList = (EFI_SIGNATURE_LIST *)((UINT8 *)CertList + CertList->SignatureListSize);
continue;
}
- CertCount = (CertList->SignatureListSize - sizeof (EFI_SIGNATURE_LIST) - CertList->SignatureHeaderSize) / CertList->SignatureSize;
+ CertCount = (CertList->SignatureListSize - sizeof (EFI_SIGNATURE_LIST) - CertList->SignatureHeaderSize) / CertList->SignatureSize;
for (Index = 0; Index < CertCount; Index++) {
- Cert = (EFI_SIGNATURE_DATA *) ((UINT8 *) CertList
- + sizeof (EFI_SIGNATURE_LIST)
- + CertList->SignatureHeaderSize
- + Index * CertList->SignatureSize);
+ Cert = (EFI_SIGNATURE_DATA *)((UINT8 *)CertList
+ + sizeof (EFI_SIGNATURE_LIST)
+ + CertList->SignatureHeaderSize
+ + Index * CertList->SignatureSize);
//
// Display GUID and help
//
GuidToString (&Cert->SignatureOwner, GuidStr, 100);
- GuidID = HiiSetString (PrivateData->HiiHandle, 0, GuidStr, NULL);
+ GuidID = HiiSetString (PrivateData->HiiHandle, 0, GuidStr, NULL);
HiiCreateCheckBoxOpCode (
StartOpCodeHandle,
- (EFI_QUESTION_ID) (QuestionIdBase + GuidIndex++),
+ (EFI_QUESTION_ID)(QuestionIdBase + GuidIndex++),
0,
0,
GuidID,
@@ -2521,7 +2546,7 @@ UpdateDeletePage ( }
ItemDataSize -= CertList->SignatureListSize;
- CertList = (EFI_SIGNATURE_LIST *) ((UINT8 *) CertList + CertList->SignatureListSize);
+ CertList = (EFI_SIGNATURE_LIST *)((UINT8 *)CertList + CertList->SignatureListSize);
}
ON_EXIT:
@@ -2564,34 +2589,34 @@ ON_EXIT: **/
EFI_STATUS
DeleteKeyExchangeKey (
- IN SECUREBOOT_CONFIG_PRIVATE_DATA *PrivateData,
- IN EFI_QUESTION_ID QuestionId
+ IN SECUREBOOT_CONFIG_PRIVATE_DATA *PrivateData,
+ IN EFI_QUESTION_ID QuestionId
)
{
- EFI_STATUS Status;
- UINTN DataSize;
- UINT8 *Data;
- UINT8 *OldData;
- UINT32 Attr;
- UINT32 Index;
- EFI_SIGNATURE_LIST *CertList;
- EFI_SIGNATURE_LIST *NewCertList;
- EFI_SIGNATURE_DATA *Cert;
- UINTN CertCount;
- UINT32 Offset;
- BOOLEAN IsKEKItemFound;
- UINT32 KekDataSize;
- UINTN DeleteKekIndex;
- UINTN GuidIndex;
-
- Data = NULL;
- OldData = NULL;
- CertList = NULL;
- Cert = NULL;
- Attr = 0;
- DeleteKekIndex = QuestionId - OPTION_DEL_KEK_QUESTION_ID;
-
- Status = SetSecureBootMode(CUSTOM_SECURE_BOOT_MODE);
+ EFI_STATUS Status;
+ UINTN DataSize;
+ UINT8 *Data;
+ UINT8 *OldData;
+ UINT32 Attr;
+ UINT32 Index;
+ EFI_SIGNATURE_LIST *CertList;
+ EFI_SIGNATURE_LIST *NewCertList;
+ EFI_SIGNATURE_DATA *Cert;
+ UINTN CertCount;
+ UINT32 Offset;
+ BOOLEAN IsKEKItemFound;
+ UINT32 KekDataSize;
+ UINTN DeleteKekIndex;
+ UINTN GuidIndex;
+
+ Data = NULL;
+ OldData = NULL;
+ CertList = NULL;
+ Cert = NULL;
+ Attr = 0;
+ DeleteKekIndex = QuestionId - OPTION_DEL_KEK_QUESTION_ID;
+
+ Status = SetSecureBootMode (CUSTOM_SECURE_BOOT_MODE);
if (EFI_ERROR (Status)) {
return Status;
}
@@ -2600,28 +2625,28 @@ DeleteKeyExchangeKey ( // Get original KEK variable.
//
DataSize = 0;
- Status = gRT->GetVariable (EFI_KEY_EXCHANGE_KEY_NAME, &gEfiGlobalVariableGuid, NULL, &DataSize, NULL);
- if (EFI_ERROR(Status) && Status != EFI_BUFFER_TOO_SMALL) {
+ Status = gRT->GetVariable (EFI_KEY_EXCHANGE_KEY_NAME, &gEfiGlobalVariableGuid, NULL, &DataSize, NULL);
+ if (EFI_ERROR (Status) && (Status != EFI_BUFFER_TOO_SMALL)) {
goto ON_EXIT;
}
- OldData = (UINT8*)AllocateZeroPool(DataSize);
+ OldData = (UINT8 *)AllocateZeroPool (DataSize);
if (OldData == NULL) {
Status = EFI_OUT_OF_RESOURCES;
goto ON_EXIT;
}
Status = gRT->GetVariable (EFI_KEY_EXCHANGE_KEY_NAME, &gEfiGlobalVariableGuid, &Attr, &DataSize, OldData);
- if (EFI_ERROR(Status)) {
+ if (EFI_ERROR (Status)) {
goto ON_EXIT;
}
//
// Allocate space for new variable.
//
- Data = (UINT8*) AllocateZeroPool (DataSize);
+ Data = (UINT8 *)AllocateZeroPool (DataSize);
if (Data == NULL) {
- Status = EFI_OUT_OF_RESOURCES;
+ Status = EFI_OUT_OF_RESOURCES;
goto ON_EXIT;
}
@@ -2629,25 +2654,26 @@ DeleteKeyExchangeKey ( // Enumerate all KEK pub data and erasing the target item.
//
IsKEKItemFound = FALSE;
- KekDataSize = (UINT32) DataSize;
- CertList = (EFI_SIGNATURE_LIST *) OldData;
- Offset = 0;
- GuidIndex = 0;
+ KekDataSize = (UINT32)DataSize;
+ CertList = (EFI_SIGNATURE_LIST *)OldData;
+ Offset = 0;
+ GuidIndex = 0;
while ((KekDataSize > 0) && (KekDataSize >= CertList->SignatureListSize)) {
if (CompareGuid (&CertList->SignatureType, &gEfiCertRsa2048Guid) ||
- CompareGuid (&CertList->SignatureType, &gEfiCertX509Guid)) {
- CopyMem (Data + Offset, CertList, (sizeof(EFI_SIGNATURE_LIST) + CertList->SignatureHeaderSize));
+ CompareGuid (&CertList->SignatureType, &gEfiCertX509Guid))
+ {
+ CopyMem (Data + Offset, CertList, (sizeof (EFI_SIGNATURE_LIST) + CertList->SignatureHeaderSize));
NewCertList = (EFI_SIGNATURE_LIST *)(Data + Offset);
- Offset += (sizeof(EFI_SIGNATURE_LIST) + CertList->SignatureHeaderSize);
- Cert = (EFI_SIGNATURE_DATA *) ((UINT8 *) CertList + sizeof (EFI_SIGNATURE_LIST) + CertList->SignatureHeaderSize);
- CertCount = (CertList->SignatureListSize - sizeof (EFI_SIGNATURE_LIST) - CertList->SignatureHeaderSize) / CertList->SignatureSize;
+ Offset += (sizeof (EFI_SIGNATURE_LIST) + CertList->SignatureHeaderSize);
+ Cert = (EFI_SIGNATURE_DATA *)((UINT8 *)CertList + sizeof (EFI_SIGNATURE_LIST) + CertList->SignatureHeaderSize);
+ CertCount = (CertList->SignatureListSize - sizeof (EFI_SIGNATURE_LIST) - CertList->SignatureHeaderSize) / CertList->SignatureSize;
for (Index = 0; Index < CertCount; Index++) {
if (GuidIndex == DeleteKekIndex ) {
//
// Find it! Skip it!
//
NewCertList->SignatureListSize -= CertList->SignatureSize;
- IsKEKItemFound = TRUE;
+ IsKEKItemFound = TRUE;
} else {
//
// This item doesn't match. Copy it to the Data buffer.
@@ -2655,8 +2681,9 @@ DeleteKeyExchangeKey ( CopyMem (Data + Offset, Cert, CertList->SignatureSize);
Offset += CertList->SignatureSize;
}
+
GuidIndex++;
- Cert = (EFI_SIGNATURE_DATA *) ((UINT8*) Cert + CertList->SignatureSize);
+ Cert = (EFI_SIGNATURE_DATA *)((UINT8 *)Cert + CertList->SignatureSize);
}
} else {
//
@@ -2667,7 +2694,7 @@ DeleteKeyExchangeKey ( }
KekDataSize -= CertList->SignatureListSize;
- CertList = (EFI_SIGNATURE_LIST*) ((UINT8*) CertList + CertList->SignatureListSize);
+ CertList = (EFI_SIGNATURE_LIST *)((UINT8 *)CertList + CertList->SignatureListSize);
}
if (!IsKEKItemFound) {
@@ -2682,18 +2709,19 @@ DeleteKeyExchangeKey ( // Delete the Signature header if there is no signature in the list.
//
KekDataSize = Offset;
- CertList = (EFI_SIGNATURE_LIST*) Data;
- Offset = 0;
+ CertList = (EFI_SIGNATURE_LIST *)Data;
+ Offset = 0;
ZeroMem (OldData, KekDataSize);
while ((KekDataSize > 0) && (KekDataSize >= CertList->SignatureListSize)) {
- CertCount = (CertList->SignatureListSize - sizeof (EFI_SIGNATURE_LIST) - CertList->SignatureHeaderSize) / CertList->SignatureSize;
+ CertCount = (CertList->SignatureListSize - sizeof (EFI_SIGNATURE_LIST) - CertList->SignatureHeaderSize) / CertList->SignatureSize;
DEBUG ((DEBUG_INFO, " CertCount = %x\n", CertCount));
if (CertCount != 0) {
CopyMem (OldData + Offset, CertList, CertList->SignatureListSize);
Offset += CertList->SignatureListSize;
}
+
KekDataSize -= CertList->SignatureListSize;
- CertList = (EFI_SIGNATURE_LIST *) ((UINT8 *) CertList + CertList->SignatureListSize);
+ CertList = (EFI_SIGNATURE_LIST *)((UINT8 *)CertList + CertList->SignatureListSize);
}
DataSize = Offset;
@@ -2705,7 +2733,7 @@ DeleteKeyExchangeKey ( }
}
- Status = gRT->SetVariable(
+ Status = gRT->SetVariable (
EFI_KEY_EXCHANGE_KEY_NAME,
&gEfiGlobalVariableGuid,
Attr,
@@ -2719,11 +2747,11 @@ DeleteKeyExchangeKey ( ON_EXIT:
if (Data != NULL) {
- FreePool(Data);
+ FreePool (Data);
}
if (OldData != NULL) {
- FreePool(OldData);
+ FreePool (OldData);
}
return UpdateDeletePage (
@@ -2753,37 +2781,37 @@ ON_EXIT: **/
EFI_STATUS
DeleteSignature (
- IN SECUREBOOT_CONFIG_PRIVATE_DATA *PrivateData,
- IN CHAR16 *VariableName,
- IN EFI_GUID *VendorGuid,
- IN UINT16 LabelNumber,
- IN EFI_FORM_ID FormId,
- IN EFI_QUESTION_ID QuestionIdBase,
- IN UINTN DeleteIndex
+ IN SECUREBOOT_CONFIG_PRIVATE_DATA *PrivateData,
+ IN CHAR16 *VariableName,
+ IN EFI_GUID *VendorGuid,
+ IN UINT16 LabelNumber,
+ IN EFI_FORM_ID FormId,
+ IN EFI_QUESTION_ID QuestionIdBase,
+ IN UINTN DeleteIndex
)
{
- EFI_STATUS Status;
- UINTN DataSize;
- UINT8 *Data;
- UINT8 *OldData;
- UINT32 Attr;
- UINT32 Index;
- EFI_SIGNATURE_LIST *CertList;
- EFI_SIGNATURE_LIST *NewCertList;
- EFI_SIGNATURE_DATA *Cert;
- UINTN CertCount;
- UINT32 Offset;
- BOOLEAN IsItemFound;
- UINT32 ItemDataSize;
- UINTN GuidIndex;
-
- Data = NULL;
- OldData = NULL;
- CertList = NULL;
- Cert = NULL;
- Attr = 0;
-
- Status = SetSecureBootMode(CUSTOM_SECURE_BOOT_MODE);
+ EFI_STATUS Status;
+ UINTN DataSize;
+ UINT8 *Data;
+ UINT8 *OldData;
+ UINT32 Attr;
+ UINT32 Index;
+ EFI_SIGNATURE_LIST *CertList;
+ EFI_SIGNATURE_LIST *NewCertList;
+ EFI_SIGNATURE_DATA *Cert;
+ UINTN CertCount;
+ UINT32 Offset;
+ BOOLEAN IsItemFound;
+ UINT32 ItemDataSize;
+ UINTN GuidIndex;
+
+ Data = NULL;
+ OldData = NULL;
+ CertList = NULL;
+ Cert = NULL;
+ Attr = 0;
+
+ Status = SetSecureBootMode (CUSTOM_SECURE_BOOT_MODE);
if (EFI_ERROR (Status)) {
return Status;
}
@@ -2792,39 +2820,39 @@ DeleteSignature ( // Get original signature list data.
//
DataSize = 0;
- Status = gRT->GetVariable (VariableName, VendorGuid, NULL, &DataSize, NULL);
- if (EFI_ERROR (Status) && Status != EFI_BUFFER_TOO_SMALL) {
+ Status = gRT->GetVariable (VariableName, VendorGuid, NULL, &DataSize, NULL);
+ if (EFI_ERROR (Status) && (Status != EFI_BUFFER_TOO_SMALL)) {
goto ON_EXIT;
}
- OldData = (UINT8 *) AllocateZeroPool (DataSize);
+ OldData = (UINT8 *)AllocateZeroPool (DataSize);
if (OldData == NULL) {
Status = EFI_OUT_OF_RESOURCES;
goto ON_EXIT;
}
Status = gRT->GetVariable (VariableName, VendorGuid, &Attr, &DataSize, OldData);
- if (EFI_ERROR(Status)) {
+ if (EFI_ERROR (Status)) {
goto ON_EXIT;
}
//
// Allocate space for new variable.
//
- Data = (UINT8*) AllocateZeroPool (DataSize);
+ Data = (UINT8 *)AllocateZeroPool (DataSize);
if (Data == NULL) {
- Status = EFI_OUT_OF_RESOURCES;
+ Status = EFI_OUT_OF_RESOURCES;
goto ON_EXIT;
}
//
// Enumerate all signature data and erasing the target item.
//
- IsItemFound = FALSE;
- ItemDataSize = (UINT32) DataSize;
- CertList = (EFI_SIGNATURE_LIST *) OldData;
- Offset = 0;
- GuidIndex = 0;
+ IsItemFound = FALSE;
+ ItemDataSize = (UINT32)DataSize;
+ CertList = (EFI_SIGNATURE_LIST *)OldData;
+ Offset = 0;
+ GuidIndex = 0;
while ((ItemDataSize > 0) && (ItemDataSize >= CertList->SignatureListSize)) {
if (CompareGuid (&CertList->SignatureType, &gEfiCertRsa2048Guid) ||
CompareGuid (&CertList->SignatureType, &gEfiCertX509Guid) ||
@@ -2833,42 +2861,44 @@ DeleteSignature ( CompareGuid (&CertList->SignatureType, &gEfiCertX509Sha256Guid) ||
CompareGuid (&CertList->SignatureType, &gEfiCertX509Sha384Guid) ||
CompareGuid (&CertList->SignatureType, &gEfiCertX509Sha512Guid)
- ) {
+ )
+ {
//
// Copy EFI_SIGNATURE_LIST header then calculate the signature count in this list.
//
- CopyMem (Data + Offset, CertList, (sizeof(EFI_SIGNATURE_LIST) + CertList->SignatureHeaderSize));
- NewCertList = (EFI_SIGNATURE_LIST*) (Data + Offset);
- Offset += (sizeof(EFI_SIGNATURE_LIST) + CertList->SignatureHeaderSize);
- Cert = (EFI_SIGNATURE_DATA *) ((UINT8 *) CertList + sizeof (EFI_SIGNATURE_LIST) + CertList->SignatureHeaderSize);
- CertCount = (CertList->SignatureListSize - sizeof (EFI_SIGNATURE_LIST) - CertList->SignatureHeaderSize) / CertList->SignatureSize;
+ CopyMem (Data + Offset, CertList, (sizeof (EFI_SIGNATURE_LIST) + CertList->SignatureHeaderSize));
+ NewCertList = (EFI_SIGNATURE_LIST *)(Data + Offset);
+ Offset += (sizeof (EFI_SIGNATURE_LIST) + CertList->SignatureHeaderSize);
+ Cert = (EFI_SIGNATURE_DATA *)((UINT8 *)CertList + sizeof (EFI_SIGNATURE_LIST) + CertList->SignatureHeaderSize);
+ CertCount = (CertList->SignatureListSize - sizeof (EFI_SIGNATURE_LIST) - CertList->SignatureHeaderSize) / CertList->SignatureSize;
for (Index = 0; Index < CertCount; Index++) {
if (GuidIndex == DeleteIndex) {
//
// Find it! Skip it!
//
NewCertList->SignatureListSize -= CertList->SignatureSize;
- IsItemFound = TRUE;
+ IsItemFound = TRUE;
} else {
//
// This item doesn't match. Copy it to the Data buffer.
//
- CopyMem (Data + Offset, (UINT8*)(Cert), CertList->SignatureSize);
+ CopyMem (Data + Offset, (UINT8 *)(Cert), CertList->SignatureSize);
Offset += CertList->SignatureSize;
}
+
GuidIndex++;
- Cert = (EFI_SIGNATURE_DATA *) ((UINT8 *) Cert + CertList->SignatureSize);
+ Cert = (EFI_SIGNATURE_DATA *)((UINT8 *)Cert + CertList->SignatureSize);
}
} else {
//
// This List doesn't match. Just copy it to the Data buffer.
//
- CopyMem (Data + Offset, (UINT8*)(CertList), CertList->SignatureListSize);
+ CopyMem (Data + Offset, (UINT8 *)(CertList), CertList->SignatureListSize);
Offset += CertList->SignatureListSize;
}
ItemDataSize -= CertList->SignatureListSize;
- CertList = (EFI_SIGNATURE_LIST *) ((UINT8 *) CertList + CertList->SignatureListSize);
+ CertList = (EFI_SIGNATURE_LIST *)((UINT8 *)CertList + CertList->SignatureListSize);
}
if (!IsItemFound) {
@@ -2883,18 +2913,19 @@ DeleteSignature ( // Delete the EFI_SIGNATURE_LIST header if there is no signature in the list.
//
ItemDataSize = Offset;
- CertList = (EFI_SIGNATURE_LIST *) Data;
- Offset = 0;
+ CertList = (EFI_SIGNATURE_LIST *)Data;
+ Offset = 0;
ZeroMem (OldData, ItemDataSize);
while ((ItemDataSize > 0) && (ItemDataSize >= CertList->SignatureListSize)) {
- CertCount = (CertList->SignatureListSize - sizeof (EFI_SIGNATURE_LIST) - CertList->SignatureHeaderSize) / CertList->SignatureSize;
+ CertCount = (CertList->SignatureListSize - sizeof (EFI_SIGNATURE_LIST) - CertList->SignatureHeaderSize) / CertList->SignatureSize;
DEBUG ((DEBUG_INFO, " CertCount = %x\n", CertCount));
if (CertCount != 0) {
- CopyMem (OldData + Offset, (UINT8*)(CertList), CertList->SignatureListSize);
+ CopyMem (OldData + Offset, (UINT8 *)(CertList), CertList->SignatureListSize);
Offset += CertList->SignatureListSize;
}
+
ItemDataSize -= CertList->SignatureListSize;
- CertList = (EFI_SIGNATURE_LIST *) ((UINT8 *) CertList + CertList->SignatureListSize);
+ CertList = (EFI_SIGNATURE_LIST *)((UINT8 *)CertList + CertList->SignatureListSize);
}
DataSize = Offset;
@@ -2906,7 +2937,7 @@ DeleteSignature ( }
}
- Status = gRT->SetVariable(
+ Status = gRT->SetVariable (
VariableName,
VendorGuid,
Attr,
@@ -2920,11 +2951,11 @@ DeleteSignature ( ON_EXIT:
if (Data != NULL) {
- FreePool(Data);
+ FreePool (Data);
}
if (OldData != NULL) {
- FreePool(OldData);
+ FreePool (OldData);
}
return UpdateDeletePage (
@@ -2950,9 +2981,9 @@ ON_EXIT: **/
EFI_STATUS
DeleteSignatureEx (
- IN SECUREBOOT_CONFIG_PRIVATE_DATA *PrivateData,
- IN SIGNATURE_DELETE_TYPE DelType,
- IN UINT32 CheckedCount
+ IN SECUREBOOT_CONFIG_PRIVATE_DATA *PrivateData,
+ IN SIGNATURE_DELETE_TYPE DelType,
+ IN UINT32 CheckedCount
)
{
EFI_STATUS Status;
@@ -2969,13 +3000,13 @@ DeleteSignatureEx ( UINT8 *VariableData;
UINT8 *NewVariableData;
- Status = EFI_SUCCESS;
- VariableAttr = 0;
- VariableDataSize = 0;
- ListIndex = 0;
- Offset = 0;
- VariableData = NULL;
- NewVariableData = NULL;
+ Status = EFI_SUCCESS;
+ VariableAttr = 0;
+ VariableDataSize = 0;
+ ListIndex = 0;
+ Offset = 0;
+ VariableData = NULL;
+ NewVariableData = NULL;
if (PrivateData->VariableName == Variable_DB) {
UnicodeSPrint (VariableName, sizeof (VariableName), EFI_IMAGE_SECURITY_DATABASE);
@@ -2993,8 +3024,8 @@ DeleteSignatureEx ( &VariableAttr,
&VariableDataSize,
VariableData
- );
- if (EFI_ERROR (Status) && Status != EFI_BUFFER_TOO_SMALL) {
+ );
+ if (EFI_ERROR (Status) && (Status != EFI_BUFFER_TOO_SMALL)) {
goto ON_EXIT;
}
@@ -3010,7 +3041,7 @@ DeleteSignatureEx ( &VariableAttr,
&VariableDataSize,
VariableData
- );
+ );
if (EFI_ERROR (Status)) {
goto ON_EXIT;
}
@@ -3027,7 +3058,7 @@ DeleteSignatureEx ( }
RemainingSize = VariableDataSize;
- ListWalker = (EFI_SIGNATURE_LIST *)(VariableData);
+ ListWalker = (EFI_SIGNATURE_LIST *)(VariableData);
if (DelType == Delete_Signature_List_All) {
VariableDataSize = 0;
} else {
@@ -3039,7 +3070,7 @@ DeleteSignatureEx ( Offset += ListWalker->SignatureListSize;
RemainingSize -= ListWalker->SignatureListSize;
- ListWalker = (EFI_SIGNATURE_LIST *)((UINT8 *)ListWalker + ListWalker->SignatureListSize);
+ ListWalker = (EFI_SIGNATURE_LIST *)((UINT8 *)ListWalker + ListWalker->SignatureListSize);
ListIndex++;
}
@@ -3048,7 +3079,7 @@ DeleteSignatureEx ( // If CheckedCount == SIGNATURE_DATA_COUNTS (ListWalker) or DelType == Delete_Signature_List_One
// it means delete the whole EFI_SIGNATURE_LIST, So we just skip this EFI_SIGNATURE_LIST.
//
- if (CheckedCount < SIGNATURE_DATA_COUNTS (ListWalker) && DelType == Delete_Signature_Data) {
+ if ((CheckedCount < SIGNATURE_DATA_COUNTS (ListWalker)) && (DelType == Delete_Signature_Data)) {
NewCertList = (EFI_SIGNATURE_LIST *)(NewVariableData + Offset);
//
// Copy header.
@@ -3056,8 +3087,8 @@ DeleteSignatureEx ( CopyMem ((UINT8 *)NewVariableData + Offset, ListWalker, sizeof (EFI_SIGNATURE_LIST) + ListWalker->SignatureHeaderSize);
Offset += sizeof (EFI_SIGNATURE_LIST) + ListWalker->SignatureHeaderSize;
- DataWalker = (EFI_SIGNATURE_DATA *)((UINT8 *)ListWalker + sizeof(EFI_SIGNATURE_LIST) + ListWalker->SignatureHeaderSize);
- for (Index = 0; Index < SIGNATURE_DATA_COUNTS(ListWalker); Index = Index + 1) {
+ DataWalker = (EFI_SIGNATURE_DATA *)((UINT8 *)ListWalker + sizeof (EFI_SIGNATURE_LIST) + ListWalker->SignatureHeaderSize);
+ for (Index = 0; Index < SIGNATURE_DATA_COUNTS (ListWalker); Index = Index + 1) {
if (PrivateData->CheckArray[Index]) {
//
// Delete checked signature data, and update the size of whole signature list.
@@ -3070,17 +3101,18 @@ DeleteSignatureEx ( CopyMem ((UINT8 *)NewVariableData + Offset, DataWalker, ListWalker->SignatureSize);
Offset += ListWalker->SignatureSize;
}
+
DataWalker = (EFI_SIGNATURE_DATA *)((UINT8 *)DataWalker + ListWalker->SignatureSize);
}
}
RemainingSize -= ListWalker->SignatureListSize;
- ListWalker = (EFI_SIGNATURE_LIST *)((UINT8 *)ListWalker + ListWalker->SignatureListSize);
+ ListWalker = (EFI_SIGNATURE_LIST *)((UINT8 *)ListWalker + ListWalker->SignatureListSize);
//
// Copy remaining data, maybe 0.
//
- CopyMem((UINT8 *)NewVariableData + Offset, ListWalker, RemainingSize);
+ CopyMem ((UINT8 *)NewVariableData + Offset, ListWalker, RemainingSize);
Offset += RemainingSize;
VariableDataSize = Offset;
@@ -3100,7 +3132,7 @@ DeleteSignatureEx ( VariableAttr,
VariableDataSize,
NewVariableData
- );
+ );
if (EFI_ERROR (Status)) {
DEBUG ((DEBUG_ERROR, "Failed to set variable, Status = %r", Status));
goto ON_EXIT;
@@ -3125,18 +3157,18 @@ ON_EXIT: **/
EFI_STATUS
-UpdateSecureBootString(
+UpdateSecureBootString (
IN SECUREBOOT_CONFIG_PRIVATE_DATA *Private
)
{
- UINT8 *SecureBoot;
+ UINT8 *SecureBoot;
SecureBoot = NULL;
//
// Get current secure boot state.
//
- GetVariable2 (EFI_SECURE_BOOT_MODE_NAME, &gEfiGlobalVariableGuid, (VOID**)&SecureBoot, NULL);
+ GetVariable2 (EFI_SECURE_BOOT_MODE_NAME, &gEfiGlobalVariableGuid, (VOID **)&SecureBoot, NULL);
if (SecureBoot == NULL) {
return EFI_NOT_FOUND;
}
@@ -3147,7 +3179,7 @@ UpdateSecureBootString( HiiSetString (Private->HiiHandle, STRING_TOKEN (STR_SECURE_BOOT_STATE_CONTENT), L"Disabled", NULL);
}
- FreePool(SecureBoot);
+ FreePool (SecureBoot);
return EFI_SUCCESS;
}
@@ -3178,7 +3210,7 @@ SecureBootExtractConfigFromVariable ( // Initialize the Date and Time using system time.
//
ConfigData->CertificateFormat = HASHALG_RAW;
- ConfigData->AlwaysRevocation = TRUE;
+ ConfigData->AlwaysRevocation = TRUE;
gRT->GetTime (&CurrTime, NULL);
ConfigData->RevocationDate.Year = CurrTime.Year;
ConfigData->RevocationDate.Month = CurrTime.Month;
@@ -3195,7 +3227,7 @@ SecureBootExtractConfigFromVariable ( //
// If it is Physical Presence User, set the PhysicalPresent to true.
//
- if (UserPhysicalPresent()) {
+ if (UserPhysicalPresent ()) {
ConfigData->PhysicalPresent = TRUE;
} else {
ConfigData->PhysicalPresent = FALSE;
@@ -3204,10 +3236,10 @@ SecureBootExtractConfigFromVariable ( //
// If there is no PK then the Delete Pk button will be gray.
//
- GetVariable2 (EFI_SETUP_MODE_NAME, &gEfiGlobalVariableGuid, (VOID**)&SetupMode, NULL);
- if (SetupMode == NULL || (*SetupMode) == SETUP_MODE) {
+ GetVariable2 (EFI_SETUP_MODE_NAME, &gEfiGlobalVariableGuid, (VOID **)&SetupMode, NULL);
+ if ((SetupMode == NULL) || ((*SetupMode) == SETUP_MODE)) {
ConfigData->HasPk = FALSE;
- } else {
+ } else {
ConfigData->HasPk = TRUE;
}
@@ -3217,12 +3249,12 @@ SecureBootExtractConfigFromVariable ( // Checkbox.
//
ConfigData->AttemptSecureBoot = FALSE;
- GetVariable2 (EFI_SECURE_BOOT_ENABLE_NAME, &gEfiSecureBootEnableDisableGuid, (VOID**)&SecureBootEnable, NULL);
+ GetVariable2 (EFI_SECURE_BOOT_ENABLE_NAME, &gEfiSecureBootEnableDisableGuid, (VOID **)&SecureBootEnable, NULL);
//
// Fix Pk and SecureBootEnable inconsistency
//
- if ((SetupMode != NULL) && (*SetupMode) == USER_MODE) {
+ if ((SetupMode != NULL) && ((*SetupMode) == USER_MODE)) {
ConfigData->HideSecureBoot = FALSE;
if ((SecureBootEnable != NULL) && (*SecureBootEnable == SECURE_BOOT_ENABLE)) {
ConfigData->AttemptSecureBoot = TRUE;
@@ -3234,7 +3266,7 @@ SecureBootExtractConfigFromVariable ( //
// Get the SecureBootMode from CustomMode variable.
//
- GetVariable2 (EFI_CUSTOM_MODE_NAME, &gEfiCustomModeEnableGuid, (VOID**)&SecureBootMode, NULL);
+ GetVariable2 (EFI_CUSTOM_MODE_NAME, &gEfiCustomModeEnableGuid, (VOID **)&SecureBootMode, NULL);
if (SecureBootMode == NULL) {
ConfigData->SecureBootMode = STANDARD_SECURE_BOOT_MODE;
} else {
@@ -3244,9 +3276,11 @@ SecureBootExtractConfigFromVariable ( if (SecureBootEnable != NULL) {
FreePool (SecureBootEnable);
}
+
if (SetupMode != NULL) {
FreePool (SetupMode);
}
+
if (SecureBootMode != NULL) {
FreePool (SecureBootMode);
}
@@ -3281,22 +3315,22 @@ SecureBootExtractConfigFromVariable ( EFI_STATUS
EFIAPI
SecureBootExtractConfig (
- IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This,
- IN CONST EFI_STRING Request,
- OUT EFI_STRING *Progress,
- OUT EFI_STRING *Results
+ IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This,
+ IN CONST EFI_STRING Request,
+ OUT EFI_STRING *Progress,
+ OUT EFI_STRING *Results
)
{
- EFI_STATUS Status;
- UINTN BufferSize;
- UINTN Size;
- SECUREBOOT_CONFIGURATION Configuration;
- EFI_STRING ConfigRequest;
- EFI_STRING ConfigRequestHdr;
- SECUREBOOT_CONFIG_PRIVATE_DATA *PrivateData;
- BOOLEAN AllocatedRequest;
-
- if (Progress == NULL || Results == NULL) {
+ EFI_STATUS Status;
+ UINTN BufferSize;
+ UINTN Size;
+ SECUREBOOT_CONFIGURATION Configuration;
+ EFI_STRING ConfigRequest;
+ EFI_STRING ConfigRequestHdr;
+ SECUREBOOT_CONFIG_PRIVATE_DATA *PrivateData;
+ BOOLEAN AllocatedRequest;
+
+ if ((Progress == NULL) || (Results == NULL)) {
return EFI_INVALID_PARAMETER;
}
@@ -3306,21 +3340,21 @@ SecureBootExtractConfig ( Size = 0;
ZeroMem (&Configuration, sizeof (Configuration));
- PrivateData = SECUREBOOT_CONFIG_PRIVATE_FROM_THIS (This);
- *Progress = Request;
+ PrivateData = SECUREBOOT_CONFIG_PRIVATE_FROM_THIS (This);
+ *Progress = Request;
if ((Request != NULL) && !HiiIsConfigHdrMatch (Request, &gSecureBootConfigFormSetGuid, mSecureBootStorageName)) {
return EFI_NOT_FOUND;
}
- ZeroMem(&Configuration, sizeof(SECUREBOOT_CONFIGURATION));
+ ZeroMem (&Configuration, sizeof (SECUREBOOT_CONFIGURATION));
//
// Get Configuration from Variable.
//
SecureBootExtractConfigFromVariable (PrivateData, &Configuration);
- BufferSize = sizeof (SECUREBOOT_CONFIGURATION);
+ BufferSize = sizeof (SECUREBOOT_CONFIGURATION);
ConfigRequest = Request;
if ((Request == NULL) || (StrStr (Request, L"OFFSET") == NULL)) {
//
@@ -3330,8 +3364,8 @@ SecureBootExtractConfig ( // followed by "&OFFSET=0&WIDTH=WWWWWWWWWWWWWWWW" followed by a Null-terminator
//
ConfigRequestHdr = HiiConstructConfigHdr (&gSecureBootConfigFormSetGuid, mSecureBootStorageName, PrivateData->DriverHandle);
- Size = (StrLen (ConfigRequestHdr) + 32 + 1) * sizeof (CHAR16);
- ConfigRequest = AllocateZeroPool (Size);
+ Size = (StrLen (ConfigRequestHdr) + 32 + 1) * sizeof (CHAR16);
+ ConfigRequest = AllocateZeroPool (Size);
ASSERT (ConfigRequest != NULL);
AllocatedRequest = TRUE;
UnicodeSPrint (ConfigRequest, Size, L"%s&OFFSET=0&WIDTH=%016LX", ConfigRequestHdr, (UINT64)BufferSize);
@@ -3342,7 +3376,7 @@ SecureBootExtractConfig ( Status = gHiiConfigRouting->BlockToConfig (
gHiiConfigRouting,
ConfigRequest,
- (UINT8 *) &Configuration,
+ (UINT8 *)&Configuration,
BufferSize,
Results,
Progress
@@ -3388,17 +3422,17 @@ SecureBootExtractConfig ( EFI_STATUS
EFIAPI
SecureBootRouteConfig (
- IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This,
- IN CONST EFI_STRING Configuration,
- OUT EFI_STRING *Progress
+ IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This,
+ IN CONST EFI_STRING Configuration,
+ OUT EFI_STRING *Progress
)
{
- SECUREBOOT_CONFIGURATION IfrNvData;
- UINTN BufferSize;
- SECUREBOOT_CONFIG_PRIVATE_DATA *PrivateData;
- EFI_STATUS Status;
+ SECUREBOOT_CONFIGURATION IfrNvData;
+ UINTN BufferSize;
+ SECUREBOOT_CONFIG_PRIVATE_DATA *PrivateData;
+ EFI_STATUS Status;
- if (Configuration == NULL || Progress == NULL) {
+ if ((Configuration == NULL) || (Progress == NULL)) {
return EFI_INVALID_PARAMETER;
}
@@ -3418,13 +3452,13 @@ SecureBootRouteConfig ( // Map the Configuration to the configuration block.
//
BufferSize = sizeof (SECUREBOOT_CONFIGURATION);
- Status = gHiiConfigRouting->ConfigToBlock (
- gHiiConfigRouting,
- Configuration,
- (UINT8 *)&IfrNvData,
- &BufferSize,
- Progress
- );
+ Status = gHiiConfigRouting->ConfigToBlock (
+ gHiiConfigRouting,
+ Configuration,
+ (UINT8 *)&IfrNvData,
+ &BufferSize,
+ Progress
+ );
if (EFI_ERROR (Status)) {
return Status;
}
@@ -3456,44 +3490,44 @@ SecureBootRouteConfig ( **/
EFI_STATUS
LoadSignatureList (
- IN SECUREBOOT_CONFIG_PRIVATE_DATA *PrivateData,
- IN UINT16 LabelId,
- IN EFI_FORM_ID FormId,
- IN EFI_QUESTION_ID QuestionIdBase
+ IN SECUREBOOT_CONFIG_PRIVATE_DATA *PrivateData,
+ IN UINT16 LabelId,
+ IN EFI_FORM_ID FormId,
+ IN EFI_QUESTION_ID QuestionIdBase
)
{
- EFI_STATUS Status;
- EFI_STRING_ID ListType;
- EFI_STRING FormatNameString;
- EFI_STRING FormatHelpString;
- EFI_STRING FormatTypeString;
- EFI_SIGNATURE_LIST *ListWalker;
- EFI_IFR_GUID_LABEL *StartLabel;
- EFI_IFR_GUID_LABEL *EndLabel;
- EFI_IFR_GUID_LABEL *StartGoto;
- EFI_IFR_GUID_LABEL *EndGoto;
- EFI_FORM_ID DstFormId;
- VOID *StartOpCodeHandle;
- VOID *EndOpCodeHandle;
- VOID *StartGotoHandle;
- VOID *EndGotoHandle;
- UINTN DataSize;
- UINTN RemainingSize;
- UINT16 Index;
- UINT8 *VariableData;
- CHAR16 VariableName[BUFFER_MAX_SIZE];
- CHAR16 NameBuffer[BUFFER_MAX_SIZE];
- CHAR16 HelpBuffer[BUFFER_MAX_SIZE];
-
- Status = EFI_SUCCESS;
- FormatNameString = NULL;
- FormatHelpString = NULL;
- StartOpCodeHandle = NULL;
- EndOpCodeHandle = NULL;
- StartGotoHandle = NULL;
- EndGotoHandle = NULL;
- Index = 0;
- VariableData = NULL;
+ EFI_STATUS Status;
+ EFI_STRING_ID ListType;
+ EFI_STRING FormatNameString;
+ EFI_STRING FormatHelpString;
+ EFI_STRING FormatTypeString;
+ EFI_SIGNATURE_LIST *ListWalker;
+ EFI_IFR_GUID_LABEL *StartLabel;
+ EFI_IFR_GUID_LABEL *EndLabel;
+ EFI_IFR_GUID_LABEL *StartGoto;
+ EFI_IFR_GUID_LABEL *EndGoto;
+ EFI_FORM_ID DstFormId;
+ VOID *StartOpCodeHandle;
+ VOID *EndOpCodeHandle;
+ VOID *StartGotoHandle;
+ VOID *EndGotoHandle;
+ UINTN DataSize;
+ UINTN RemainingSize;
+ UINT16 Index;
+ UINT8 *VariableData;
+ CHAR16 VariableName[BUFFER_MAX_SIZE];
+ CHAR16 NameBuffer[BUFFER_MAX_SIZE];
+ CHAR16 HelpBuffer[BUFFER_MAX_SIZE];
+
+ Status = EFI_SUCCESS;
+ FormatNameString = NULL;
+ FormatHelpString = NULL;
+ StartOpCodeHandle = NULL;
+ EndOpCodeHandle = NULL;
+ StartGotoHandle = NULL;
+ EndGotoHandle = NULL;
+ Index = 0;
+ VariableData = NULL;
//
// Initialize the container for dynamic opcodes.
@@ -3530,36 +3564,36 @@ LoadSignatureList ( &gEfiIfrTianoGuid,
NULL,
sizeof (EFI_IFR_GUID_LABEL)
- );
- StartLabel->ExtendOpCode = EFI_IFR_EXTEND_OP_LABEL;
- StartLabel->Number = LabelId;
+ );
+ StartLabel->ExtendOpCode = EFI_IFR_EXTEND_OP_LABEL;
+ StartLabel->Number = LabelId;
EndLabel = (EFI_IFR_GUID_LABEL *)HiiCreateGuidOpCode (
EndOpCodeHandle,
&gEfiIfrTianoGuid,
NULL,
sizeof (EFI_IFR_GUID_LABEL)
- );
- EndLabel->ExtendOpCode = EFI_IFR_EXTEND_OP_LABEL;
- EndLabel->Number = LABEL_END;
+ );
+ EndLabel->ExtendOpCode = EFI_IFR_EXTEND_OP_LABEL;
+ EndLabel->Number = LABEL_END;
- StartGoto = (EFI_IFR_GUID_LABEL *)HiiCreateGuidOpCode(
+ StartGoto = (EFI_IFR_GUID_LABEL *)HiiCreateGuidOpCode (
StartGotoHandle,
&gEfiIfrTianoGuid,
NULL,
- sizeof(EFI_IFR_GUID_LABEL)
- );
- StartGoto->ExtendOpCode = EFI_IFR_EXTEND_OP_LABEL;
- StartGoto->Number = LABEL_DELETE_ALL_LIST_BUTTON;
+ sizeof (EFI_IFR_GUID_LABEL)
+ );
+ StartGoto->ExtendOpCode = EFI_IFR_EXTEND_OP_LABEL;
+ StartGoto->Number = LABEL_DELETE_ALL_LIST_BUTTON;
- EndGoto = (EFI_IFR_GUID_LABEL *)HiiCreateGuidOpCode(
+ EndGoto = (EFI_IFR_GUID_LABEL *)HiiCreateGuidOpCode (
EndGotoHandle,
&gEfiIfrTianoGuid,
NULL,
- sizeof(EFI_IFR_GUID_LABEL)
- );
+ sizeof (EFI_IFR_GUID_LABEL)
+ );
EndGoto->ExtendOpCode = EFI_IFR_EXTEND_OP_LABEL;
- EndGoto->Number = LABEL_END;
+ EndGoto->Number = LABEL_END;
if (PrivateData->VariableName == Variable_DB) {
UnicodeSPrint (VariableName, sizeof (VariableName), EFI_IMAGE_SECURITY_DATABASE);
@@ -3581,14 +3615,14 @@ LoadSignatureList ( STRING_TOKEN (STR_SECURE_BOOT_DELETE_ALL_LIST),
EFI_IFR_FLAG_CALLBACK,
KEY_SECURE_BOOT_DELETE_ALL_LIST
- );
+ );
//
// Read Variable, the variable name save in the PrivateData->VariableName.
//
DataSize = 0;
- Status = gRT->GetVariable (VariableName, &gEfiImageSecurityDatabaseGuid, NULL, &DataSize, VariableData);
- if (EFI_ERROR (Status) && Status != EFI_BUFFER_TOO_SMALL) {
+ Status = gRT->GetVariable (VariableName, &gEfiImageSecurityDatabaseGuid, NULL, &DataSize, VariableData);
+ if (EFI_ERROR (Status) && (Status != EFI_BUFFER_TOO_SMALL)) {
goto ON_EXIT;
}
@@ -3597,6 +3631,7 @@ LoadSignatureList ( Status = EFI_OUT_OF_RESOURCES;
goto ON_EXIT;
}
+
Status = gRT->GetVariable (VariableName, &gEfiImageSecurityDatabaseGuid, NULL, &DataSize, VariableData);
if (EFI_ERROR (Status)) {
goto ON_EXIT;
@@ -3604,7 +3639,7 @@ LoadSignatureList ( FormatNameString = HiiGetString (PrivateData->HiiHandle, STRING_TOKEN (STR_SIGNATURE_LIST_NAME_FORMAT), NULL);
FormatHelpString = HiiGetString (PrivateData->HiiHandle, STRING_TOKEN (STR_SIGNATURE_LIST_HELP_FORMAT), NULL);
- if (FormatNameString == NULL || FormatHelpString == NULL) {
+ if ((FormatNameString == NULL) || (FormatHelpString == NULL)) {
goto ON_EXIT;
}
@@ -3628,6 +3663,7 @@ LoadSignatureList ( } else {
ListType = STRING_TOKEN (STR_LIST_TYPE_UNKNOWN);
}
+
FormatTypeString = HiiGetString (PrivateData->HiiHandle, ListType, NULL);
if (FormatTypeString == NULL) {
goto ON_EXIT;
@@ -3637,12 +3673,13 @@ LoadSignatureList ( UnicodeSPrint (NameBuffer, sizeof (NameBuffer), FormatNameString, Index + 1);
ZeroMem (HelpBuffer, sizeof (HelpBuffer));
- UnicodeSPrint (HelpBuffer,
+ UnicodeSPrint (
+ HelpBuffer,
sizeof (HelpBuffer),
FormatHelpString,
FormatTypeString,
SIGNATURE_DATA_COUNTS (ListWalker)
- );
+ );
SECUREBOOT_FREE_NON_NULL (FormatTypeString);
FormatTypeString = NULL;
@@ -3653,10 +3690,10 @@ LoadSignatureList ( HiiSetString (PrivateData->HiiHandle, 0, HelpBuffer, NULL),
EFI_IFR_FLAG_CALLBACK,
QuestionIdBase + Index++
- );
+ );
RemainingSize -= ListWalker->SignatureListSize;
- ListWalker = (EFI_SIGNATURE_LIST *)((UINT8 *)ListWalker + ListWalker->SignatureListSize);
+ ListWalker = (EFI_SIGNATURE_LIST *)((UINT8 *)ListWalker + ListWalker->SignatureListSize);
}
ON_EXIT:
@@ -3666,7 +3703,7 @@ ON_EXIT: FormId,
StartOpCodeHandle,
EndOpCodeHandle
- );
+ );
HiiUpdateForm (
PrivateData->HiiHandle,
@@ -3674,7 +3711,7 @@ ON_EXIT: FormId,
StartGotoHandle,
EndGotoHandle
- );
+ );
SECUREBOOT_FREE_NON_OPCODE (StartOpCodeHandle);
SECUREBOOT_FREE_NON_OPCODE (EndOpCodeHandle);
@@ -3704,47 +3741,49 @@ ON_EXIT: **/
EFI_STATUS
ParseHashValue (
- IN EFI_SIGNATURE_LIST *ListEntry,
- IN EFI_SIGNATURE_DATA *DataEntry,
- OUT CHAR16 **BufferToReturn
+ IN EFI_SIGNATURE_LIST *ListEntry,
+ IN EFI_SIGNATURE_DATA *DataEntry,
+ OUT CHAR16 **BufferToReturn
)
{
- UINTN Index;
- UINTN BufferIndex;
- UINTN TotalSize;
- UINTN DataSize;
- UINTN Line;
- UINTN OneLineBytes;
+ UINTN Index;
+ UINTN BufferIndex;
+ UINTN TotalSize;
+ UINTN DataSize;
+ UINTN Line;
+ UINTN OneLineBytes;
//
// Assume that, display 8 bytes in one line.
//
OneLineBytes = 8;
- if (ListEntry == NULL || DataEntry == NULL || BufferToReturn == NULL) {
+ if ((ListEntry == NULL) || (DataEntry == NULL) || (BufferToReturn == NULL)) {
return EFI_INVALID_PARAMETER;
}
- DataSize = ListEntry->SignatureSize - sizeof(EFI_GUID);
- Line = (DataSize + OneLineBytes - 1) / OneLineBytes;
+ DataSize = ListEntry->SignatureSize - sizeof (EFI_GUID);
+ Line = (DataSize + OneLineBytes - 1) / OneLineBytes;
//
// Each byte will split two Hex-number, and each line need additional memory to save '\r\n'.
//
- TotalSize = ((DataSize + Line) * 2 * sizeof(CHAR16));
+ TotalSize = ((DataSize + Line) * 2 * sizeof (CHAR16));
- *BufferToReturn = AllocateZeroPool(TotalSize);
+ *BufferToReturn = AllocateZeroPool (TotalSize);
if (*BufferToReturn == NULL) {
return EFI_OUT_OF_RESOURCES;
}
for (Index = 0, BufferIndex = 0; Index < DataSize; Index = Index + 1) {
if ((Index > 0) && (Index % OneLineBytes == 0)) {
- BufferIndex += UnicodeSPrint(&(*BufferToReturn)[BufferIndex], TotalSize - sizeof(CHAR16) * BufferIndex, L"\n");
+ BufferIndex += UnicodeSPrint (&(*BufferToReturn)[BufferIndex], TotalSize - sizeof (CHAR16) * BufferIndex, L"\n");
}
- BufferIndex += UnicodeSPrint(&(*BufferToReturn)[BufferIndex], TotalSize - sizeof(CHAR16) * BufferIndex, L"%02x", DataEntry->SignatureData[Index]);
+
+ BufferIndex += UnicodeSPrint (&(*BufferToReturn)[BufferIndex], TotalSize - sizeof (CHAR16) * BufferIndex, L"%02x", DataEntry->SignatureData[Index]);
}
- BufferIndex += UnicodeSPrint(&(*BufferToReturn)[BufferIndex], TotalSize - sizeof(CHAR16) * BufferIndex, L"\n");
+
+ BufferIndex += UnicodeSPrint (&(*BufferToReturn)[BufferIndex], TotalSize - sizeof (CHAR16) * BufferIndex, L"\n");
return EFI_SUCCESS;
}
@@ -3764,19 +3803,19 @@ ParseHashValue ( **/
EFI_STATUS
GetCommonNameFromX509 (
- IN EFI_SIGNATURE_LIST *ListEntry,
- IN EFI_SIGNATURE_DATA *DataEntry,
- OUT CHAR16 **BufferToReturn
+ IN EFI_SIGNATURE_LIST *ListEntry,
+ IN EFI_SIGNATURE_DATA *DataEntry,
+ OUT CHAR16 **BufferToReturn
)
{
- EFI_STATUS Status;
- CHAR8 *CNBuffer;
- UINTN CNBufferSize;
+ EFI_STATUS Status;
+ CHAR8 *CNBuffer;
+ UINTN CNBufferSize;
- Status = EFI_SUCCESS;
- CNBuffer = NULL;
+ Status = EFI_SUCCESS;
+ CNBuffer = NULL;
- CNBuffer = AllocateZeroPool(256);
+ CNBuffer = AllocateZeroPool (256);
if (CNBuffer == NULL) {
Status = EFI_OUT_OF_RESOURCES;
goto ON_EXIT;
@@ -3784,13 +3823,13 @@ GetCommonNameFromX509 ( CNBufferSize = 256;
X509GetCommonName (
- (UINT8 *)DataEntry + sizeof(EFI_GUID),
- ListEntry->SignatureSize - sizeof(EFI_GUID),
+ (UINT8 *)DataEntry + sizeof (EFI_GUID),
+ ListEntry->SignatureSize - sizeof (EFI_GUID),
CNBuffer,
&CNBufferSize
- );
+ );
- *BufferToReturn = AllocateZeroPool(256 * sizeof(CHAR16));
+ *BufferToReturn = AllocateZeroPool (256 * sizeof (CHAR16));
if (*BufferToReturn == NULL) {
Status = EFI_OUT_OF_RESOURCES;
goto ON_EXIT;
@@ -3820,60 +3859,60 @@ ON_EXIT: **/
EFI_STATUS
FormatHelpInfo (
- IN SECUREBOOT_CONFIG_PRIVATE_DATA *PrivateData,
- IN EFI_SIGNATURE_LIST *ListEntry,
- IN EFI_SIGNATURE_DATA *DataEntry,
- OUT EFI_STRING_ID *StringId
+ IN SECUREBOOT_CONFIG_PRIVATE_DATA *PrivateData,
+ IN EFI_SIGNATURE_LIST *ListEntry,
+ IN EFI_SIGNATURE_DATA *DataEntry,
+ OUT EFI_STRING_ID *StringId
)
{
- EFI_STATUS Status;
- EFI_TIME *Time;
- EFI_STRING_ID ListTypeId;
- EFI_STRING FormatHelpString;
- EFI_STRING FormatTypeString;
- UINTN DataSize;
- UINTN HelpInfoIndex;
- UINTN TotalSize;
- CHAR16 GuidString[BUFFER_MAX_SIZE];
- CHAR16 TimeString[BUFFER_MAX_SIZE];
- CHAR16 *DataString;
- CHAR16 *HelpInfoString;
- BOOLEAN IsCert;
-
- Status = EFI_SUCCESS;
- Time = NULL;
- FormatTypeString = NULL;
- HelpInfoIndex = 0;
- DataString = NULL;
- HelpInfoString = NULL;
- IsCert = FALSE;
-
- if (CompareGuid(&ListEntry->SignatureType, &gEfiCertRsa2048Guid)) {
- ListTypeId = STRING_TOKEN(STR_LIST_TYPE_RSA2048_SHA256);
- DataSize = ListEntry->SignatureSize - sizeof(EFI_GUID);
- IsCert = TRUE;
- } else if (CompareGuid(&ListEntry->SignatureType, &gEfiCertX509Guid)) {
- ListTypeId = STRING_TOKEN(STR_LIST_TYPE_X509);
- DataSize = ListEntry->SignatureSize - sizeof(EFI_GUID);
- IsCert = TRUE;
- } else if (CompareGuid(&ListEntry->SignatureType, &gEfiCertSha1Guid)) {
- ListTypeId = STRING_TOKEN(STR_LIST_TYPE_SHA1);
- DataSize = 20;
- } else if (CompareGuid(&ListEntry->SignatureType, &gEfiCertSha256Guid)) {
- ListTypeId = STRING_TOKEN(STR_LIST_TYPE_SHA256);
- DataSize = 32;
- } else if (CompareGuid(&ListEntry->SignatureType, &gEfiCertX509Sha256Guid)) {
- ListTypeId = STRING_TOKEN(STR_LIST_TYPE_X509_SHA256);
- DataSize = 32;
- Time = (EFI_TIME *)(DataEntry->SignatureData + DataSize);
- } else if (CompareGuid(&ListEntry->SignatureType, &gEfiCertX509Sha384Guid)) {
- ListTypeId = STRING_TOKEN(STR_LIST_TYPE_X509_SHA384);
- DataSize = 48;
- Time = (EFI_TIME *)(DataEntry->SignatureData + DataSize);
- } else if (CompareGuid(&ListEntry->SignatureType, &gEfiCertX509Sha512Guid)) {
- ListTypeId = STRING_TOKEN(STR_LIST_TYPE_X509_SHA512);
- DataSize = 64;
- Time = (EFI_TIME *)(DataEntry->SignatureData + DataSize);
+ EFI_STATUS Status;
+ EFI_TIME *Time;
+ EFI_STRING_ID ListTypeId;
+ EFI_STRING FormatHelpString;
+ EFI_STRING FormatTypeString;
+ UINTN DataSize;
+ UINTN HelpInfoIndex;
+ UINTN TotalSize;
+ CHAR16 GuidString[BUFFER_MAX_SIZE];
+ CHAR16 TimeString[BUFFER_MAX_SIZE];
+ CHAR16 *DataString;
+ CHAR16 *HelpInfoString;
+ BOOLEAN IsCert;
+
+ Status = EFI_SUCCESS;
+ Time = NULL;
+ FormatTypeString = NULL;
+ HelpInfoIndex = 0;
+ DataString = NULL;
+ HelpInfoString = NULL;
+ IsCert = FALSE;
+
+ if (CompareGuid (&ListEntry->SignatureType, &gEfiCertRsa2048Guid)) {
+ ListTypeId = STRING_TOKEN (STR_LIST_TYPE_RSA2048_SHA256);
+ DataSize = ListEntry->SignatureSize - sizeof (EFI_GUID);
+ IsCert = TRUE;
+ } else if (CompareGuid (&ListEntry->SignatureType, &gEfiCertX509Guid)) {
+ ListTypeId = STRING_TOKEN (STR_LIST_TYPE_X509);
+ DataSize = ListEntry->SignatureSize - sizeof (EFI_GUID);
+ IsCert = TRUE;
+ } else if (CompareGuid (&ListEntry->SignatureType, &gEfiCertSha1Guid)) {
+ ListTypeId = STRING_TOKEN (STR_LIST_TYPE_SHA1);
+ DataSize = 20;
+ } else if (CompareGuid (&ListEntry->SignatureType, &gEfiCertSha256Guid)) {
+ ListTypeId = STRING_TOKEN (STR_LIST_TYPE_SHA256);
+ DataSize = 32;
+ } else if (CompareGuid (&ListEntry->SignatureType, &gEfiCertX509Sha256Guid)) {
+ ListTypeId = STRING_TOKEN (STR_LIST_TYPE_X509_SHA256);
+ DataSize = 32;
+ Time = (EFI_TIME *)(DataEntry->SignatureData + DataSize);
+ } else if (CompareGuid (&ListEntry->SignatureType, &gEfiCertX509Sha384Guid)) {
+ ListTypeId = STRING_TOKEN (STR_LIST_TYPE_X509_SHA384);
+ DataSize = 48;
+ Time = (EFI_TIME *)(DataEntry->SignatureData + DataSize);
+ } else if (CompareGuid (&ListEntry->SignatureType, &gEfiCertX509Sha512Guid)) {
+ ListTypeId = STRING_TOKEN (STR_LIST_TYPE_X509_SHA512);
+ DataSize = 64;
+ Time = (EFI_TIME *)(DataEntry->SignatureData + DataSize);
} else {
Status = EFI_UNSUPPORTED;
goto ON_EXIT;
@@ -3884,7 +3923,7 @@ FormatHelpInfo ( goto ON_EXIT;
}
- TotalSize = 1024;
+ TotalSize = 1024;
HelpInfoString = AllocateZeroPool (TotalSize);
if (HelpInfoString == NULL) {
Status = EFI_OUT_OF_RESOURCES;
@@ -3895,17 +3934,18 @@ FormatHelpInfo ( // Format GUID part.
//
ZeroMem (GuidString, sizeof (GuidString));
- GuidToString(&DataEntry->SignatureOwner, GuidString, BUFFER_MAX_SIZE);
+ GuidToString (&DataEntry->SignatureOwner, GuidString, BUFFER_MAX_SIZE);
FormatHelpString = HiiGetString (PrivateData->HiiHandle, STRING_TOKEN (STR_SIGNATURE_DATA_HELP_FORMAT_GUID), NULL);
if (FormatHelpString == NULL) {
goto ON_EXIT;
}
+
HelpInfoIndex += UnicodeSPrint (
&HelpInfoString[HelpInfoIndex],
- TotalSize - sizeof(CHAR16) * HelpInfoIndex,
+ TotalSize - sizeof (CHAR16) * HelpInfoIndex,
FormatHelpString,
GuidString
- );
+ );
SECUREBOOT_FREE_NON_NULL (FormatHelpString);
FormatHelpString = NULL;
@@ -3922,9 +3962,11 @@ FormatHelpInfo ( ParseHashValue (ListEntry, DataEntry, &DataString);
FormatHelpString = HiiGetString (PrivateData->HiiHandle, STRING_TOKEN (STR_SIGNATURE_DATA_HELP_FORMAT_HASH), NULL);
}
+
if (FormatHelpString == NULL) {
goto ON_EXIT;
}
+
HelpInfoIndex += UnicodeSPrint (
&HelpInfoString[HelpInfoIndex],
TotalSize - sizeof (CHAR16) * HelpInfoIndex,
@@ -3932,7 +3974,7 @@ FormatHelpInfo ( FormatTypeString,
DataSize,
DataString
- );
+ );
SECUREBOOT_FREE_NON_NULL (FormatHelpString);
FormatHelpString = NULL;
@@ -3951,17 +3993,18 @@ FormatHelpInfo ( Time->Hour,
Time->Minute,
Time->Second
- );
+ );
FormatHelpString = HiiGetString (PrivateData->HiiHandle, STRING_TOKEN (STR_SIGNATURE_DATA_HELP_FORMAT_TIME), NULL);
if (FormatHelpString == NULL) {
goto ON_EXIT;
}
+
UnicodeSPrint (
&HelpInfoString[HelpInfoIndex],
TotalSize - sizeof (CHAR16) * HelpInfoIndex,
FormatHelpString,
TimeString
- );
+ );
SECUREBOOT_FREE_NON_NULL (FormatHelpString);
FormatHelpString = NULL;
}
@@ -3990,35 +4033,35 @@ ON_EXIT: **/
EFI_STATUS
LoadSignatureData (
- IN SECUREBOOT_CONFIG_PRIVATE_DATA *PrivateData,
- IN UINT16 LabelId,
- IN EFI_FORM_ID FormId,
- IN EFI_QUESTION_ID QuestionIdBase,
- IN UINT16 ListIndex
+ IN SECUREBOOT_CONFIG_PRIVATE_DATA *PrivateData,
+ IN UINT16 LabelId,
+ IN EFI_FORM_ID FormId,
+ IN EFI_QUESTION_ID QuestionIdBase,
+ IN UINT16 ListIndex
)
{
- EFI_STATUS Status;
- EFI_SIGNATURE_LIST *ListWalker;
- EFI_SIGNATURE_DATA *DataWalker;
- EFI_IFR_GUID_LABEL *StartLabel;
- EFI_IFR_GUID_LABEL *EndLabel;
- EFI_STRING_ID HelpStringId;
- EFI_STRING FormatNameString;
- VOID *StartOpCodeHandle;
- VOID *EndOpCodeHandle;
- UINTN DataSize;
- UINTN RemainingSize;
- UINT16 Index;
- UINT8 *VariableData;
- CHAR16 VariableName[BUFFER_MAX_SIZE];
- CHAR16 NameBuffer[BUFFER_MAX_SIZE];
-
- Status = EFI_SUCCESS;
- FormatNameString = NULL;
- StartOpCodeHandle = NULL;
- EndOpCodeHandle = NULL;
- Index = 0;
- VariableData = NULL;
+ EFI_STATUS Status;
+ EFI_SIGNATURE_LIST *ListWalker;
+ EFI_SIGNATURE_DATA *DataWalker;
+ EFI_IFR_GUID_LABEL *StartLabel;
+ EFI_IFR_GUID_LABEL *EndLabel;
+ EFI_STRING_ID HelpStringId;
+ EFI_STRING FormatNameString;
+ VOID *StartOpCodeHandle;
+ VOID *EndOpCodeHandle;
+ UINTN DataSize;
+ UINTN RemainingSize;
+ UINT16 Index;
+ UINT8 *VariableData;
+ CHAR16 VariableName[BUFFER_MAX_SIZE];
+ CHAR16 NameBuffer[BUFFER_MAX_SIZE];
+
+ Status = EFI_SUCCESS;
+ FormatNameString = NULL;
+ StartOpCodeHandle = NULL;
+ EndOpCodeHandle = NULL;
+ Index = 0;
+ VariableData = NULL;
//
// Initialize the container for dynamic opcodes.
@@ -4043,18 +4086,18 @@ LoadSignatureData ( &gEfiIfrTianoGuid,
NULL,
sizeof (EFI_IFR_GUID_LABEL)
- );
- StartLabel->ExtendOpCode = EFI_IFR_EXTEND_OP_LABEL;
- StartLabel->Number = LabelId;
+ );
+ StartLabel->ExtendOpCode = EFI_IFR_EXTEND_OP_LABEL;
+ StartLabel->Number = LabelId;
EndLabel = (EFI_IFR_GUID_LABEL *)HiiCreateGuidOpCode (
EndOpCodeHandle,
&gEfiIfrTianoGuid,
NULL,
sizeof (EFI_IFR_GUID_LABEL)
- );
- EndLabel->ExtendOpCode = EFI_IFR_EXTEND_OP_LABEL;
- EndLabel->Number = LABEL_END;
+ );
+ EndLabel->ExtendOpCode = EFI_IFR_EXTEND_OP_LABEL;
+ EndLabel->Number = LABEL_END;
if (PrivateData->VariableName == Variable_DB) {
UnicodeSPrint (VariableName, sizeof (VariableName), EFI_IMAGE_SECURITY_DATABASE);
@@ -4070,8 +4113,8 @@ LoadSignatureData ( // Read Variable, the variable name save in the PrivateData->VariableName.
//
DataSize = 0;
- Status = gRT->GetVariable (VariableName, &gEfiImageSecurityDatabaseGuid, NULL, &DataSize, VariableData);
- if (EFI_ERROR (Status) && Status != EFI_BUFFER_TOO_SMALL) {
+ Status = gRT->GetVariable (VariableName, &gEfiImageSecurityDatabaseGuid, NULL, &DataSize, VariableData);
+ if (EFI_ERROR (Status) && (Status != EFI_BUFFER_TOO_SMALL)) {
goto ON_EXIT;
}
@@ -4080,20 +4123,21 @@ LoadSignatureData ( Status = EFI_OUT_OF_RESOURCES;
goto ON_EXIT;
}
+
Status = gRT->GetVariable (VariableName, &gEfiImageSecurityDatabaseGuid, NULL, &DataSize, VariableData);
if (EFI_ERROR (Status)) {
goto ON_EXIT;
}
RemainingSize = DataSize;
- ListWalker = (EFI_SIGNATURE_LIST *)VariableData;
+ ListWalker = (EFI_SIGNATURE_LIST *)VariableData;
//
// Skip signature list.
//
while ((RemainingSize > 0) && (RemainingSize >= ListWalker->SignatureListSize) && ListIndex-- > 0) {
RemainingSize -= ListWalker->SignatureListSize;
- ListWalker = (EFI_SIGNATURE_LIST *)((UINT8 *)ListWalker + ListWalker->SignatureListSize);
+ ListWalker = (EFI_SIGNATURE_LIST *)((UINT8 *)ListWalker + ListWalker->SignatureListSize);
}
FormatNameString = HiiGetString (PrivateData->HiiHandle, STRING_TOKEN (STR_SIGNATURE_DATA_NAME_FORMAT), NULL);
@@ -4101,8 +4145,8 @@ LoadSignatureData ( goto ON_EXIT;
}
- DataWalker = (EFI_SIGNATURE_DATA *)((UINT8 *)ListWalker + sizeof(EFI_SIGNATURE_LIST) + ListWalker->SignatureHeaderSize);
- for (Index = 0; Index < SIGNATURE_DATA_COUNTS(ListWalker); Index = Index + 1) {
+ DataWalker = (EFI_SIGNATURE_DATA *)((UINT8 *)ListWalker + sizeof (EFI_SIGNATURE_LIST) + ListWalker->SignatureHeaderSize);
+ for (Index = 0; Index < SIGNATURE_DATA_COUNTS (ListWalker); Index = Index + 1) {
//
// Format name buffer.
//
@@ -4127,9 +4171,9 @@ LoadSignatureData ( EFI_IFR_FLAG_CALLBACK,
0,
NULL
- );
+ );
- ZeroMem(NameBuffer, 100);
+ ZeroMem (NameBuffer, 100);
DataWalker = (EFI_SIGNATURE_DATA *)((UINT8 *)DataWalker + ListWalker->SignatureSize);
}
@@ -4145,7 +4189,7 @@ ON_EXIT: FormId,
StartOpCodeHandle,
EndOpCodeHandle
- );
+ );
SECUREBOOT_FREE_NON_OPCODE (StartOpCodeHandle);
SECUREBOOT_FREE_NON_OPCODE (EndOpCodeHandle);
@@ -4174,7 +4218,7 @@ KeyEnrollReset ( Status = EFI_SUCCESS;
Status = SetSecureBootMode (CUSTOM_SECURE_BOOT_MODE);
- if (EFI_ERROR(Status)) {
+ if (EFI_ERROR (Status)) {
return Status;
}
@@ -4212,20 +4256,26 @@ KeyEnrollReset ( // After PK clear, Setup Mode shall be enabled
Status = GetSetupMode (&SetupMode);
if (EFI_ERROR (Status)) {
- DEBUG ((DEBUG_ERROR, "Cannot get SetupMode variable: %r\n",
- Status));
+ DEBUG ((
+ DEBUG_ERROR,
+ "Cannot get SetupMode variable: %r\n",
+ Status
+ ));
return Status;
}
if (SetupMode == USER_MODE) {
- DEBUG((DEBUG_INFO, "Skipped - USER_MODE\n"));
+ DEBUG ((DEBUG_INFO, "Skipped - USER_MODE\n"));
return EFI_SUCCESS;
}
Status = SetSecureBootMode (CUSTOM_SECURE_BOOT_MODE);
if (EFI_ERROR (Status)) {
- DEBUG ((DEBUG_ERROR, "Cannot set CUSTOM_SECURE_BOOT_MODE: %r\n",
- Status));
+ DEBUG ((
+ DEBUG_ERROR,
+ "Cannot set CUSTOM_SECURE_BOOT_MODE: %r\n",
+ Status
+ ));
return EFI_SUCCESS;
}
@@ -4260,8 +4310,11 @@ KeyEnrollReset ( Status = SetSecureBootMode (STANDARD_SECURE_BOOT_MODE);
if (EFI_ERROR (Status)) {
- DEBUG ((DEBUG_ERROR, "Cannot set CustomMode to STANDARD_SECURE_BOOT_MODE\n"
- "Please do it manually, otherwise system can be easily compromised\n"));
+ DEBUG ((
+ DEBUG_ERROR,
+ "Cannot set CustomMode to STANDARD_SECURE_BOOT_MODE\n"
+ "Please do it manually, otherwise system can be easily compromised\n"
+ ));
}
return Status;
@@ -4278,6 +4331,7 @@ error: if (SetSecureBootMode (STANDARD_SECURE_BOOT_MODE) != EFI_SUCCESS) {
DEBUG ((DEBUG_ERROR, "Cannot set mode to Secure: %r\n", Status));
}
+
return Status;
}
@@ -4306,12 +4360,12 @@ error: EFI_STATUS
EFIAPI
SecureBootCallback (
- IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This,
- IN EFI_BROWSER_ACTION Action,
- IN EFI_QUESTION_ID QuestionId,
- IN UINT8 Type,
- IN EFI_IFR_TYPE_VALUE *Value,
- OUT EFI_BROWSER_ACTION_REQUEST *ActionRequest
+ IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This,
+ IN EFI_BROWSER_ACTION Action,
+ IN EFI_QUESTION_ID QuestionId,
+ IN UINT8 Type,
+ IN EFI_IFR_TYPE_VALUE *Value,
+ OUT EFI_BROWSER_ACTION_REQUEST *ActionRequest
)
{
EFI_INPUT_KEY Key;
@@ -4354,19 +4408,19 @@ SecureBootCallback ( // Retrieve uncommitted data from Browser
//
BufferSize = sizeof (SECUREBOOT_CONFIGURATION);
- IfrNvData = AllocateZeroPool (BufferSize);
+ IfrNvData = AllocateZeroPool (BufferSize);
if (IfrNvData == NULL) {
return EFI_OUT_OF_RESOURCES;
}
- GetBrowserDataResult = HiiGetBrowserData (&gSecureBootConfigFormSetGuid, mSecureBootStorageName, BufferSize, (UINT8 *) IfrNvData);
+ GetBrowserDataResult = HiiGetBrowserData (&gSecureBootConfigFormSetGuid, mSecureBootStorageName, BufferSize, (UINT8 *)IfrNvData);
if (Action == EFI_BROWSER_ACTION_FORM_OPEN) {
if (QuestionId == KEY_SECURE_BOOT_MODE) {
//
// Update secure boot strings when opening this form
//
- Status = UpdateSecureBootString(Private);
+ Status = UpdateSecureBootString (Private);
SecureBootExtractConfigFromVariable (Private, IfrNvData);
mIsEnterSecureBootForm = TRUE;
} else {
@@ -4378,8 +4432,9 @@ SecureBootCallback ( (QuestionId == KEY_SECURE_BOOT_KEK_OPTION) ||
(QuestionId == KEY_SECURE_BOOT_DB_OPTION) ||
(QuestionId == KEY_SECURE_BOOT_DBX_OPTION) ||
- (QuestionId == KEY_SECURE_BOOT_DBT_OPTION)) {
- CloseEnrolledFile(Private->FileContext);
+ (QuestionId == KEY_SECURE_BOOT_DBT_OPTION))
+ {
+ CloseEnrolledFile (Private->FileContext);
} else if (QuestionId == KEY_SECURE_BOOT_DELETE_ALL_LIST) {
//
// Update ListCount field in varstore
@@ -4389,6 +4444,7 @@ SecureBootCallback ( IfrNvData->ListCount = Private->ListCount;
}
}
+
goto EXIT;
}
@@ -4397,541 +4453,567 @@ SecureBootCallback ( if (QuestionId == KEY_SECURE_BOOT_MODE) {
if (mIsEnterSecureBootForm) {
Value->u8 = SECURE_BOOT_MODE_STANDARD;
- Status = EFI_SUCCESS;
+ Status = EFI_SUCCESS;
}
}
+
goto EXIT;
}
if ((Action != EFI_BROWSER_ACTION_CHANGED) &&
(Action != EFI_BROWSER_ACTION_CHANGING) &&
(Action != EFI_BROWSER_ACTION_FORM_CLOSE) &&
- (Action != EFI_BROWSER_ACTION_DEFAULT_STANDARD)) {
+ (Action != EFI_BROWSER_ACTION_DEFAULT_STANDARD))
+ {
Status = EFI_UNSUPPORTED;
goto EXIT;
}
if (Action == EFI_BROWSER_ACTION_CHANGING) {
-
switch (QuestionId) {
- case KEY_SECURE_BOOT_ENABLE:
- GetVariable2 (EFI_SECURE_BOOT_ENABLE_NAME, &gEfiSecureBootEnableDisableGuid, (VOID**)&SecureBootEnable, NULL);
- if (NULL != SecureBootEnable) {
- FreePool (SecureBootEnable);
- if (EFI_ERROR (SaveSecureBootVariable (Value->u8))) {
- CreatePopUp (
- EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE,
- &Key,
- L"Only Physical Presence User could disable secure boot!",
- NULL
- );
- Status = EFI_UNSUPPORTED;
- } else {
- CreatePopUp (
- EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE,
- &Key,
- L"Configuration changed, please reset the platform to take effect!",
- NULL
- );
+ case KEY_SECURE_BOOT_ENABLE:
+ GetVariable2 (EFI_SECURE_BOOT_ENABLE_NAME, &gEfiSecureBootEnableDisableGuid, (VOID **)&SecureBootEnable, NULL);
+ if (NULL != SecureBootEnable) {
+ FreePool (SecureBootEnable);
+ if (EFI_ERROR (SaveSecureBootVariable (Value->u8))) {
+ CreatePopUp (
+ EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE,
+ &Key,
+ L"Only Physical Presence User could disable secure boot!",
+ NULL
+ );
+ Status = EFI_UNSUPPORTED;
+ } else {
+ CreatePopUp (
+ EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE,
+ &Key,
+ L"Configuration changed, please reset the platform to take effect!",
+ NULL
+ );
+ }
}
- }
- break;
- case KEY_SECURE_BOOT_KEK_OPTION:
- case KEY_SECURE_BOOT_DB_OPTION:
- case KEY_SECURE_BOOT_DBX_OPTION:
- case KEY_SECURE_BOOT_DBT_OPTION:
- PrivateData = SECUREBOOT_CONFIG_PRIVATE_FROM_THIS (This);
- //
- // Clear Signature GUID.
- //
- ZeroMem (IfrNvData->SignatureGuid, sizeof (IfrNvData->SignatureGuid));
- if (Private->SignatureGUID == NULL) {
- Private->SignatureGUID = (EFI_GUID *) AllocateZeroPool (sizeof (EFI_GUID));
+ break;
+
+ case KEY_SECURE_BOOT_KEK_OPTION:
+ case KEY_SECURE_BOOT_DB_OPTION:
+ case KEY_SECURE_BOOT_DBX_OPTION:
+ case KEY_SECURE_BOOT_DBT_OPTION:
+ PrivateData = SECUREBOOT_CONFIG_PRIVATE_FROM_THIS (This);
+ //
+ // Clear Signature GUID.
+ //
+ ZeroMem (IfrNvData->SignatureGuid, sizeof (IfrNvData->SignatureGuid));
if (Private->SignatureGUID == NULL) {
- return EFI_OUT_OF_RESOURCES;
+ Private->SignatureGUID = (EFI_GUID *)AllocateZeroPool (sizeof (EFI_GUID));
+ if (Private->SignatureGUID == NULL) {
+ return EFI_OUT_OF_RESOURCES;
+ }
}
- }
- //
- // Cleanup VFRData once leaving PK/KEK/DB/DBX/DBT enroll/delete page
- //
- SecureBootExtractConfigFromVariable (PrivateData, IfrNvData);
-
- if (QuestionId == KEY_SECURE_BOOT_DB_OPTION) {
- LabelId = SECUREBOOT_ENROLL_SIGNATURE_TO_DB;
- } else if (QuestionId == KEY_SECURE_BOOT_DBX_OPTION) {
- LabelId = SECUREBOOT_ENROLL_SIGNATURE_TO_DBX;
- } else if (QuestionId == KEY_SECURE_BOOT_DBT_OPTION) {
- LabelId = SECUREBOOT_ENROLL_SIGNATURE_TO_DBT;
- } else {
- LabelId = FORMID_ENROLL_KEK_FORM;
- }
-
- //
- // Refresh selected file.
- //
- CleanUpPage (LabelId, Private);
- break;
- case KEY_SECURE_BOOT_PK_OPTION:
- LabelId = FORMID_ENROLL_PK_FORM;
- //
- // Refresh selected file.
- //
- CleanUpPage (LabelId, Private);
- break;
+ //
+ // Cleanup VFRData once leaving PK/KEK/DB/DBX/DBT enroll/delete page
+ //
+ SecureBootExtractConfigFromVariable (PrivateData, IfrNvData);
+
+ if (QuestionId == KEY_SECURE_BOOT_DB_OPTION) {
+ LabelId = SECUREBOOT_ENROLL_SIGNATURE_TO_DB;
+ } else if (QuestionId == KEY_SECURE_BOOT_DBX_OPTION) {
+ LabelId = SECUREBOOT_ENROLL_SIGNATURE_TO_DBX;
+ } else if (QuestionId == KEY_SECURE_BOOT_DBT_OPTION) {
+ LabelId = SECUREBOOT_ENROLL_SIGNATURE_TO_DBT;
+ } else {
+ LabelId = FORMID_ENROLL_KEK_FORM;
+ }
- case FORMID_ENROLL_PK_FORM:
- ChooseFile (NULL, NULL, UpdatePKFromFile, &File);
- break;
+ //
+ // Refresh selected file.
+ //
+ CleanUpPage (LabelId, Private);
+ break;
+ case KEY_SECURE_BOOT_PK_OPTION:
+ LabelId = FORMID_ENROLL_PK_FORM;
+ //
+ // Refresh selected file.
+ //
+ CleanUpPage (LabelId, Private);
+ break;
- case FORMID_ENROLL_KEK_FORM:
- ChooseFile (NULL, NULL, UpdateKEKFromFile, &File);
- break;
+ case FORMID_ENROLL_PK_FORM:
+ ChooseFile (NULL, NULL, UpdatePKFromFile, &File);
+ break;
- case SECUREBOOT_ENROLL_SIGNATURE_TO_DB:
- ChooseFile (NULL, NULL, UpdateDBFromFile, &File);
- break;
+ case FORMID_ENROLL_KEK_FORM:
+ ChooseFile (NULL, NULL, UpdateKEKFromFile, &File);
+ break;
- case SECUREBOOT_ENROLL_SIGNATURE_TO_DBX:
- ChooseFile (NULL, NULL, UpdateDBXFromFile, &File);
+ case SECUREBOOT_ENROLL_SIGNATURE_TO_DB:
+ ChooseFile (NULL, NULL, UpdateDBFromFile, &File);
+ break;
- if (Private->FileContext->FHandle != NULL) {
- //
- // Parse the file's postfix.
- //
- NameLength = StrLen (Private->FileContext->FileName);
- if (NameLength <= 4) {
- return FALSE;
- }
- FilePostFix = Private->FileContext->FileName + NameLength - 4;
+ case SECUREBOOT_ENROLL_SIGNATURE_TO_DBX:
+ ChooseFile (NULL, NULL, UpdateDBXFromFile, &File);
- if (IsDerEncodeCertificate (FilePostFix)) {
+ if (Private->FileContext->FHandle != NULL) {
//
- // Supports DER-encoded X509 certificate.
+ // Parse the file's postfix.
//
- IfrNvData->FileEnrollType = X509_CERT_FILE_TYPE;
- } else if (IsAuthentication2Format(Private->FileContext->FHandle)){
- IfrNvData->FileEnrollType = AUTHENTICATION_2_FILE_TYPE;
- } else {
- IfrNvData->FileEnrollType = PE_IMAGE_FILE_TYPE;
- }
- Private->FileContext->FileType = IfrNvData->FileEnrollType;
-
- //
- // Clean up Certificate Format if File type is not X509 DER
- //
- if (IfrNvData->FileEnrollType != X509_CERT_FILE_TYPE) {
- IfrNvData->CertificateFormat = HASHALG_RAW;
- }
- DEBUG((DEBUG_ERROR, "IfrNvData->FileEnrollType %d\n", Private->FileContext->FileType));
- }
+ NameLength = StrLen (Private->FileContext->FileName);
+ if (NameLength <= 4) {
+ return FALSE;
+ }
- break;
+ FilePostFix = Private->FileContext->FileName + NameLength - 4;
+
+ if (IsDerEncodeCertificate (FilePostFix)) {
+ //
+ // Supports DER-encoded X509 certificate.
+ //
+ IfrNvData->FileEnrollType = X509_CERT_FILE_TYPE;
+ } else if (IsAuthentication2Format (Private->FileContext->FHandle)) {
+ IfrNvData->FileEnrollType = AUTHENTICATION_2_FILE_TYPE;
+ } else {
+ IfrNvData->FileEnrollType = PE_IMAGE_FILE_TYPE;
+ }
- case SECUREBOOT_ENROLL_SIGNATURE_TO_DBT:
- ChooseFile (NULL, NULL, UpdateDBTFromFile, &File);
- break;
+ Private->FileContext->FileType = IfrNvData->FileEnrollType;
- case KEY_SECURE_BOOT_DELETE_PK:
- if (Value->u8) {
- CreatePopUp (
- EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE,
- &Key,
- L"Are you sure you want to delete PK? Secure boot will be disabled!",
- L"Press 'Y' to delete PK and exit, 'N' to discard change and return",
- NULL
- );
- if (Key.UnicodeChar == 'y' || Key.UnicodeChar == 'Y') {
- Status = DeletePlatformKey ();
- if (EFI_ERROR (Status)) {
- CreatePopUp (
- EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE,
- &Key,
- L"Only Physical Presence User could delete PK in custom mode!",
- NULL
- );
+ //
+ // Clean up Certificate Format if File type is not X509 DER
+ //
+ if (IfrNvData->FileEnrollType != X509_CERT_FILE_TYPE) {
+ IfrNvData->CertificateFormat = HASHALG_RAW;
}
+
+ DEBUG ((DEBUG_ERROR, "IfrNvData->FileEnrollType %d\n", Private->FileContext->FileType));
}
- }
- break;
- case KEY_DELETE_KEK:
- UpdateDeletePage (
- Private,
- EFI_KEY_EXCHANGE_KEY_NAME,
- &gEfiGlobalVariableGuid,
- LABEL_KEK_DELETE,
- FORMID_DELETE_KEK_FORM,
- OPTION_DEL_KEK_QUESTION_ID
- );
- break;
+ break;
- case SECUREBOOT_DELETE_SIGNATURE_FROM_DB:
- UpdateDeletePage (
- Private,
- EFI_IMAGE_SECURITY_DATABASE,
- &gEfiImageSecurityDatabaseGuid,
- LABEL_DB_DELETE,
- SECUREBOOT_DELETE_SIGNATURE_FROM_DB,
- OPTION_DEL_DB_QUESTION_ID
- );
- break;
+ case SECUREBOOT_ENROLL_SIGNATURE_TO_DBT:
+ ChooseFile (NULL, NULL, UpdateDBTFromFile, &File);
+ break;
- //
- // From DBX option to the level-1 form, display signature list.
- //
- case KEY_VALUE_FROM_DBX_TO_LIST_FORM:
- Private->VariableName = Variable_DBX;
- LoadSignatureList (
- Private,
- LABEL_SIGNATURE_LIST_START,
- SECUREBOOT_DELETE_SIGNATURE_LIST_FORM,
- OPTION_SIGNATURE_LIST_QUESTION_ID
- );
- break;
+ case KEY_SECURE_BOOT_DELETE_PK:
+ if (Value->u8) {
+ CreatePopUp (
+ EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE,
+ &Key,
+ L"Are you sure you want to delete PK? Secure boot will be disabled!",
+ L"Press 'Y' to delete PK and exit, 'N' to discard change and return",
+ NULL
+ );
+ if ((Key.UnicodeChar == 'y') || (Key.UnicodeChar == 'Y')) {
+ Status = DeletePlatformKey ();
+ if (EFI_ERROR (Status)) {
+ CreatePopUp (
+ EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE,
+ &Key,
+ L"Only Physical Presence User could delete PK in custom mode!",
+ NULL
+ );
+ }
+ }
+ }
- //
- // Delete all signature list and reload.
- //
- case KEY_SECURE_BOOT_DELETE_ALL_LIST:
- CreatePopUp(
- EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE,
- &Key,
- L"Press 'Y' to delete signature list.",
- L"Press other key to cancel and exit.",
- NULL
- );
+ break;
- if (Key.UnicodeChar == L'Y' || Key.UnicodeChar == L'y') {
- DeleteSignatureEx (Private, Delete_Signature_List_All, IfrNvData->CheckedDataCount);
- }
+ case KEY_DELETE_KEK:
+ UpdateDeletePage (
+ Private,
+ EFI_KEY_EXCHANGE_KEY_NAME,
+ &gEfiGlobalVariableGuid,
+ LABEL_KEK_DELETE,
+ FORMID_DELETE_KEK_FORM,
+ OPTION_DEL_KEK_QUESTION_ID
+ );
+ break;
- LoadSignatureList (
- Private,
- LABEL_SIGNATURE_LIST_START,
- SECUREBOOT_DELETE_SIGNATURE_LIST_FORM,
- OPTION_SIGNATURE_LIST_QUESTION_ID
- );
- break;
+ case SECUREBOOT_DELETE_SIGNATURE_FROM_DB:
+ UpdateDeletePage (
+ Private,
+ EFI_IMAGE_SECURITY_DATABASE,
+ &gEfiImageSecurityDatabaseGuid,
+ LABEL_DB_DELETE,
+ SECUREBOOT_DELETE_SIGNATURE_FROM_DB,
+ OPTION_DEL_DB_QUESTION_ID
+ );
+ break;
//
- // Delete one signature list and reload.
+ // From DBX option to the level-1 form, display signature list.
//
- case KEY_SECURE_BOOT_DELETE_ALL_DATA:
- CreatePopUp(
- EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE,
- &Key,
- L"Press 'Y' to delete signature data.",
- L"Press other key to cancel and exit.",
- NULL
- );
-
- if (Key.UnicodeChar == L'Y' || Key.UnicodeChar == L'y') {
- DeleteSignatureEx (Private, Delete_Signature_List_One, IfrNvData->CheckedDataCount);
- }
-
- LoadSignatureList (
- Private,
- LABEL_SIGNATURE_LIST_START,
- SECUREBOOT_DELETE_SIGNATURE_LIST_FORM,
- OPTION_SIGNATURE_LIST_QUESTION_ID
- );
- break;
+ case KEY_VALUE_FROM_DBX_TO_LIST_FORM:
+ Private->VariableName = Variable_DBX;
+ LoadSignatureList (
+ Private,
+ LABEL_SIGNATURE_LIST_START,
+ SECUREBOOT_DELETE_SIGNATURE_LIST_FORM,
+ OPTION_SIGNATURE_LIST_QUESTION_ID
+ );
+ break;
//
- // Delete checked signature data and reload.
+ // Delete all signature list and reload.
//
- case KEY_SECURE_BOOT_DELETE_CHECK_DATA:
- CreatePopUp(
- EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE,
- &Key,
- L"Press 'Y' to delete signature data.",
- L"Press other key to cancel and exit.",
- NULL
- );
-
- if (Key.UnicodeChar == L'Y' || Key.UnicodeChar == L'y') {
- DeleteSignatureEx (Private, Delete_Signature_Data, IfrNvData->CheckedDataCount);
- }
-
- LoadSignatureList (
- Private,
- LABEL_SIGNATURE_LIST_START,
- SECUREBOOT_DELETE_SIGNATURE_LIST_FORM,
- OPTION_SIGNATURE_LIST_QUESTION_ID
- );
- break;
-
- case SECUREBOOT_DELETE_SIGNATURE_FROM_DBT:
- UpdateDeletePage (
- Private,
- EFI_IMAGE_SECURITY_DATABASE2,
- &gEfiImageSecurityDatabaseGuid,
- LABEL_DBT_DELETE,
- SECUREBOOT_DELETE_SIGNATURE_FROM_DBT,
- OPTION_DEL_DBT_QUESTION_ID
- );
-
- break;
-
- case KEY_VALUE_SAVE_AND_EXIT_KEK:
- Status = EnrollKeyExchangeKey (Private);
- if (EFI_ERROR (Status)) {
+ case KEY_SECURE_BOOT_DELETE_ALL_LIST:
CreatePopUp (
EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE,
&Key,
- L"ERROR: Unsupported file type!",
- L"Only supports DER-encoded X509 certificate",
+ L"Press 'Y' to delete signature list.",
+ L"Press other key to cancel and exit.",
NULL
);
- }
- break;
- case KEY_VALUE_SAVE_AND_EXIT_DB:
- Status = EnrollSignatureDatabase (Private, EFI_IMAGE_SECURITY_DATABASE);
- if (EFI_ERROR (Status)) {
- CreatePopUp (
- EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE,
- &Key,
- L"ERROR: Unsupported file type!",
- L"Only supports DER-encoded X509 certificate and executable EFI image",
- NULL
- );
- }
- break;
+ if ((Key.UnicodeChar == L'Y') || (Key.UnicodeChar == L'y')) {
+ DeleteSignatureEx (Private, Delete_Signature_List_All, IfrNvData->CheckedDataCount);
+ }
- case KEY_VALUE_SAVE_AND_EXIT_DBX:
- if (IsX509CertInDbx (Private, EFI_IMAGE_SECURITY_DATABASE1)) {
- CreatePopUp (
- EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE,
- &Key,
- L"Enrollment failed! Same certificate had already been in the dbx!",
- NULL
+ LoadSignatureList (
+ Private,
+ LABEL_SIGNATURE_LIST_START,
+ SECUREBOOT_DELETE_SIGNATURE_LIST_FORM,
+ OPTION_SIGNATURE_LIST_QUESTION_ID
);
-
- //
- // Cert already exists in DBX. Close opened file before exit.
- //
- CloseEnrolledFile(Private->FileContext);
break;
- }
- if ((IfrNvData != NULL) && (IfrNvData->CertificateFormat < HASHALG_MAX)) {
- Status = EnrollX509HashtoSigDB (
- Private,
- IfrNvData->CertificateFormat,
- &IfrNvData->RevocationDate,
- &IfrNvData->RevocationTime,
- IfrNvData->AlwaysRevocation
- );
- IfrNvData->CertificateFormat = HASHALG_RAW;
- } else {
- Status = EnrollSignatureDatabase (Private, EFI_IMAGE_SECURITY_DATABASE1);
- }
- if (EFI_ERROR (Status)) {
+ //
+ // Delete one signature list and reload.
+ //
+ case KEY_SECURE_BOOT_DELETE_ALL_DATA:
CreatePopUp (
EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE,
&Key,
- L"ERROR: Unsupported file type!",
- L"Only supports DER-encoded X509 certificate, AUTH_2 format data & executable EFI image",
+ L"Press 'Y' to delete signature data.",
+ L"Press other key to cancel and exit.",
NULL
);
- }
- break;
- case KEY_VALUE_SAVE_AND_EXIT_DBT:
- Status = EnrollSignatureDatabase (Private, EFI_IMAGE_SECURITY_DATABASE2);
- if (EFI_ERROR (Status)) {
- CreatePopUp (
- EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE,
- &Key,
- L"ERROR: Unsupported file type!",
- L"Only supports DER-encoded X509 certificate.",
- NULL
+ if ((Key.UnicodeChar == L'Y') || (Key.UnicodeChar == L'y')) {
+ DeleteSignatureEx (Private, Delete_Signature_List_One, IfrNvData->CheckedDataCount);
+ }
+
+ LoadSignatureList (
+ Private,
+ LABEL_SIGNATURE_LIST_START,
+ SECUREBOOT_DELETE_SIGNATURE_LIST_FORM,
+ OPTION_SIGNATURE_LIST_QUESTION_ID
);
- }
- break;
- case KEY_VALUE_SAVE_AND_EXIT_PK:
+ break;
+
//
- // Check the suffix, encode type and the key strength of PK certificate.
+ // Delete checked signature data and reload.
//
- Status = CheckX509Certificate (Private->FileContext, &EnrollKeyErrorCode);
- if (EFI_ERROR (Status)) {
- if (EnrollKeyErrorCode != None_Error && EnrollKeyErrorCode < Enroll_Error_Max) {
- CreatePopUp (
- EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE,
- &Key,
- mX509EnrollPromptTitle[EnrollKeyErrorCode],
- mX509EnrollPromptString[EnrollKeyErrorCode],
- NULL
- );
- break;
- }
- } else {
- Status = EnrollPlatformKey (Private);
- }
- if (EFI_ERROR (Status)) {
- UnicodeSPrint (
- PromptString,
- sizeof (PromptString),
- L"Error status: %x.",
- Status
- );
+ case KEY_SECURE_BOOT_DELETE_CHECK_DATA:
CreatePopUp (
EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE,
&Key,
- L"ERROR: Enrollment failed!",
- PromptString,
+ L"Press 'Y' to delete signature data.",
+ L"Press other key to cancel and exit.",
NULL
);
- }
- break;
- default:
- if ((QuestionId >= OPTION_DEL_KEK_QUESTION_ID) &&
- (QuestionId < (OPTION_DEL_KEK_QUESTION_ID + OPTION_CONFIG_RANGE))) {
- DeleteKeyExchangeKey (Private, QuestionId);
- } else if ((QuestionId >= OPTION_DEL_DB_QUESTION_ID) &&
- (QuestionId < (OPTION_DEL_DB_QUESTION_ID + OPTION_CONFIG_RANGE))) {
- DeleteSignature (
+
+ if ((Key.UnicodeChar == L'Y') || (Key.UnicodeChar == L'y')) {
+ DeleteSignatureEx (Private, Delete_Signature_Data, IfrNvData->CheckedDataCount);
+ }
+
+ LoadSignatureList (
Private,
- EFI_IMAGE_SECURITY_DATABASE,
- &gEfiImageSecurityDatabaseGuid,
- LABEL_DB_DELETE,
- SECUREBOOT_DELETE_SIGNATURE_FROM_DB,
- OPTION_DEL_DB_QUESTION_ID,
- QuestionId - OPTION_DEL_DB_QUESTION_ID
+ LABEL_SIGNATURE_LIST_START,
+ SECUREBOOT_DELETE_SIGNATURE_LIST_FORM,
+ OPTION_SIGNATURE_LIST_QUESTION_ID
);
- } else if ((QuestionId >= OPTION_SIGNATURE_LIST_QUESTION_ID) &&
- (QuestionId < (OPTION_SIGNATURE_LIST_QUESTION_ID + OPTION_CONFIG_RANGE))) {
- LoadSignatureData (
- Private,
- LABEL_SIGNATURE_DATA_START,
- SECUREBOOT_DELETE_SIGNATURE_DATA_FORM,
- OPTION_SIGNATURE_DATA_QUESTION_ID,
- QuestionId - OPTION_SIGNATURE_LIST_QUESTION_ID
- );
- Private->ListIndex = QuestionId - OPTION_SIGNATURE_LIST_QUESTION_ID;
- } else if ((QuestionId >= OPTION_SIGNATURE_DATA_QUESTION_ID) &&
- (QuestionId < (OPTION_SIGNATURE_DATA_QUESTION_ID + OPTION_CONFIG_RANGE))) {
- if (Private->CheckArray[QuestionId - OPTION_SIGNATURE_DATA_QUESTION_ID]) {
- IfrNvData->CheckedDataCount--;
- Private->CheckArray[QuestionId - OPTION_SIGNATURE_DATA_QUESTION_ID] = FALSE;
- } else {
- IfrNvData->CheckedDataCount++;
- Private->CheckArray[QuestionId - OPTION_SIGNATURE_DATA_QUESTION_ID] = TRUE;
- }
- } else if ((QuestionId >= OPTION_DEL_DBT_QUESTION_ID) &&
- (QuestionId < (OPTION_DEL_DBT_QUESTION_ID + OPTION_CONFIG_RANGE))) {
- DeleteSignature (
+ break;
+
+ case SECUREBOOT_DELETE_SIGNATURE_FROM_DBT:
+ UpdateDeletePage (
Private,
EFI_IMAGE_SECURITY_DATABASE2,
&gEfiImageSecurityDatabaseGuid,
LABEL_DBT_DELETE,
SECUREBOOT_DELETE_SIGNATURE_FROM_DBT,
- OPTION_DEL_DBT_QUESTION_ID,
- QuestionId - OPTION_DEL_DBT_QUESTION_ID
+ OPTION_DEL_DBT_QUESTION_ID
);
- }
- break;
- case KEY_VALUE_NO_SAVE_AND_EXIT_PK:
- case KEY_VALUE_NO_SAVE_AND_EXIT_KEK:
- case KEY_VALUE_NO_SAVE_AND_EXIT_DB:
- case KEY_VALUE_NO_SAVE_AND_EXIT_DBX:
- case KEY_VALUE_NO_SAVE_AND_EXIT_DBT:
- CloseEnrolledFile(Private->FileContext);
+ break;
- if (Private->SignatureGUID != NULL) {
- FreePool (Private->SignatureGUID);
- Private->SignatureGUID = NULL;
- }
- break;
+ case KEY_VALUE_SAVE_AND_EXIT_KEK:
+ Status = EnrollKeyExchangeKey (Private);
+ if (EFI_ERROR (Status)) {
+ CreatePopUp (
+ EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE,
+ &Key,
+ L"ERROR: Unsupported file type!",
+ L"Only supports DER-encoded X509 certificate",
+ NULL
+ );
+ }
+
+ break;
+
+ case KEY_VALUE_SAVE_AND_EXIT_DB:
+ Status = EnrollSignatureDatabase (Private, EFI_IMAGE_SECURITY_DATABASE);
+ if (EFI_ERROR (Status)) {
+ CreatePopUp (
+ EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE,
+ &Key,
+ L"ERROR: Unsupported file type!",
+ L"Only supports DER-encoded X509 certificate and executable EFI image",
+ NULL
+ );
+ }
+
+ break;
+
+ case KEY_VALUE_SAVE_AND_EXIT_DBX:
+ if (IsX509CertInDbx (Private, EFI_IMAGE_SECURITY_DATABASE1)) {
+ CreatePopUp (
+ EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE,
+ &Key,
+ L"Enrollment failed! Same certificate had already been in the dbx!",
+ NULL
+ );
+
+ //
+ // Cert already exists in DBX. Close opened file before exit.
+ //
+ CloseEnrolledFile (Private->FileContext);
+ break;
+ }
+
+ if ((IfrNvData != NULL) && (IfrNvData->CertificateFormat < HASHALG_MAX)) {
+ Status = EnrollX509HashtoSigDB (
+ Private,
+ IfrNvData->CertificateFormat,
+ &IfrNvData->RevocationDate,
+ &IfrNvData->RevocationTime,
+ IfrNvData->AlwaysRevocation
+ );
+ IfrNvData->CertificateFormat = HASHALG_RAW;
+ } else {
+ Status = EnrollSignatureDatabase (Private, EFI_IMAGE_SECURITY_DATABASE1);
+ }
+
+ if (EFI_ERROR (Status)) {
+ CreatePopUp (
+ EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE,
+ &Key,
+ L"ERROR: Unsupported file type!",
+ L"Only supports DER-encoded X509 certificate, AUTH_2 format data & executable EFI image",
+ NULL
+ );
+ }
+
+ break;
+
+ case KEY_VALUE_SAVE_AND_EXIT_DBT:
+ Status = EnrollSignatureDatabase (Private, EFI_IMAGE_SECURITY_DATABASE2);
+ if (EFI_ERROR (Status)) {
+ CreatePopUp (
+ EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE,
+ &Key,
+ L"ERROR: Unsupported file type!",
+ L"Only supports DER-encoded X509 certificate.",
+ NULL
+ );
+ }
+
+ break;
+ case KEY_VALUE_SAVE_AND_EXIT_PK:
+ //
+ // Check the suffix, encode type and the key strength of PK certificate.
+ //
+ Status = CheckX509Certificate (Private->FileContext, &EnrollKeyErrorCode);
+ if (EFI_ERROR (Status)) {
+ if ((EnrollKeyErrorCode != None_Error) && (EnrollKeyErrorCode < Enroll_Error_Max)) {
+ CreatePopUp (
+ EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE,
+ &Key,
+ mX509EnrollPromptTitle[EnrollKeyErrorCode],
+ mX509EnrollPromptString[EnrollKeyErrorCode],
+ NULL
+ );
+ break;
+ }
+ } else {
+ Status = EnrollPlatformKey (Private);
+ }
+
+ if (EFI_ERROR (Status)) {
+ UnicodeSPrint (
+ PromptString,
+ sizeof (PromptString),
+ L"Error status: %x.",
+ Status
+ );
+ CreatePopUp (
+ EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE,
+ &Key,
+ L"ERROR: Enrollment failed!",
+ PromptString,
+ NULL
+ );
+ }
+
+ break;
+ default:
+ if ((QuestionId >= OPTION_DEL_KEK_QUESTION_ID) &&
+ (QuestionId < (OPTION_DEL_KEK_QUESTION_ID + OPTION_CONFIG_RANGE)))
+ {
+ DeleteKeyExchangeKey (Private, QuestionId);
+ } else if ((QuestionId >= OPTION_DEL_DB_QUESTION_ID) &&
+ (QuestionId < (OPTION_DEL_DB_QUESTION_ID + OPTION_CONFIG_RANGE)))
+ {
+ DeleteSignature (
+ Private,
+ EFI_IMAGE_SECURITY_DATABASE,
+ &gEfiImageSecurityDatabaseGuid,
+ LABEL_DB_DELETE,
+ SECUREBOOT_DELETE_SIGNATURE_FROM_DB,
+ OPTION_DEL_DB_QUESTION_ID,
+ QuestionId - OPTION_DEL_DB_QUESTION_ID
+ );
+ } else if ((QuestionId >= OPTION_SIGNATURE_LIST_QUESTION_ID) &&
+ (QuestionId < (OPTION_SIGNATURE_LIST_QUESTION_ID + OPTION_CONFIG_RANGE)))
+ {
+ LoadSignatureData (
+ Private,
+ LABEL_SIGNATURE_DATA_START,
+ SECUREBOOT_DELETE_SIGNATURE_DATA_FORM,
+ OPTION_SIGNATURE_DATA_QUESTION_ID,
+ QuestionId - OPTION_SIGNATURE_LIST_QUESTION_ID
+ );
+ Private->ListIndex = QuestionId - OPTION_SIGNATURE_LIST_QUESTION_ID;
+ } else if ((QuestionId >= OPTION_SIGNATURE_DATA_QUESTION_ID) &&
+ (QuestionId < (OPTION_SIGNATURE_DATA_QUESTION_ID + OPTION_CONFIG_RANGE)))
+ {
+ if (Private->CheckArray[QuestionId - OPTION_SIGNATURE_DATA_QUESTION_ID]) {
+ IfrNvData->CheckedDataCount--;
+ Private->CheckArray[QuestionId - OPTION_SIGNATURE_DATA_QUESTION_ID] = FALSE;
+ } else {
+ IfrNvData->CheckedDataCount++;
+ Private->CheckArray[QuestionId - OPTION_SIGNATURE_DATA_QUESTION_ID] = TRUE;
+ }
+ } else if ((QuestionId >= OPTION_DEL_DBT_QUESTION_ID) &&
+ (QuestionId < (OPTION_DEL_DBT_QUESTION_ID + OPTION_CONFIG_RANGE)))
+ {
+ DeleteSignature (
+ Private,
+ EFI_IMAGE_SECURITY_DATABASE2,
+ &gEfiImageSecurityDatabaseGuid,
+ LABEL_DBT_DELETE,
+ SECUREBOOT_DELETE_SIGNATURE_FROM_DBT,
+ OPTION_DEL_DBT_QUESTION_ID,
+ QuestionId - OPTION_DEL_DBT_QUESTION_ID
+ );
+ }
+
+ break;
+
+ case KEY_VALUE_NO_SAVE_AND_EXIT_PK:
+ case KEY_VALUE_NO_SAVE_AND_EXIT_KEK:
+ case KEY_VALUE_NO_SAVE_AND_EXIT_DB:
+ case KEY_VALUE_NO_SAVE_AND_EXIT_DBX:
+ case KEY_VALUE_NO_SAVE_AND_EXIT_DBT:
+ CloseEnrolledFile (Private->FileContext);
+
+ if (Private->SignatureGUID != NULL) {
+ FreePool (Private->SignatureGUID);
+ Private->SignatureGUID = NULL;
+ }
+
+ break;
}
} else if (Action == EFI_BROWSER_ACTION_CHANGED) {
switch (QuestionId) {
- case KEY_SECURE_BOOT_ENABLE:
- *ActionRequest = EFI_BROWSER_ACTION_REQUEST_FORM_APPLY;
- break;
- case KEY_SECURE_BOOT_MODE:
- mIsEnterSecureBootForm = FALSE;
- break;
- case KEY_SECURE_BOOT_KEK_GUID:
- case KEY_SECURE_BOOT_SIGNATURE_GUID_DB:
- case KEY_SECURE_BOOT_SIGNATURE_GUID_DBX:
- case KEY_SECURE_BOOT_SIGNATURE_GUID_DBT:
- ASSERT (Private->SignatureGUID != NULL);
- RStatus = StrToGuid (IfrNvData->SignatureGuid, Private->SignatureGUID);
- if (RETURN_ERROR (RStatus) || (IfrNvData->SignatureGuid[GUID_STRING_LENGTH] != L'\0')) {
- Status = EFI_INVALID_PARAMETER;
+ case KEY_SECURE_BOOT_ENABLE:
+ *ActionRequest = EFI_BROWSER_ACTION_REQUEST_FORM_APPLY;
break;
- }
+ case KEY_SECURE_BOOT_MODE:
+ mIsEnterSecureBootForm = FALSE;
+ break;
+ case KEY_SECURE_BOOT_KEK_GUID:
+ case KEY_SECURE_BOOT_SIGNATURE_GUID_DB:
+ case KEY_SECURE_BOOT_SIGNATURE_GUID_DBX:
+ case KEY_SECURE_BOOT_SIGNATURE_GUID_DBT:
+ ASSERT (Private->SignatureGUID != NULL);
+ RStatus = StrToGuid (IfrNvData->SignatureGuid, Private->SignatureGUID);
+ if (RETURN_ERROR (RStatus) || (IfrNvData->SignatureGuid[GUID_STRING_LENGTH] != L'\0')) {
+ Status = EFI_INVALID_PARAMETER;
+ break;
+ }
- *ActionRequest = EFI_BROWSER_ACTION_REQUEST_FORM_APPLY;
- break;
- case KEY_SECURE_BOOT_DELETE_PK:
- GetVariable2 (EFI_SETUP_MODE_NAME, &gEfiGlobalVariableGuid, (VOID**)&SetupMode, NULL);
- if (SetupMode == NULL || (*SetupMode) == SETUP_MODE) {
- IfrNvData->DeletePk = TRUE;
- IfrNvData->HasPk = FALSE;
- *ActionRequest = EFI_BROWSER_ACTION_REQUEST_SUBMIT;
- } else {
- IfrNvData->DeletePk = FALSE;
- IfrNvData->HasPk = TRUE;
*ActionRequest = EFI_BROWSER_ACTION_REQUEST_FORM_APPLY;
+ break;
+ case KEY_SECURE_BOOT_DELETE_PK:
+ GetVariable2 (EFI_SETUP_MODE_NAME, &gEfiGlobalVariableGuid, (VOID **)&SetupMode, NULL);
+ if ((SetupMode == NULL) || ((*SetupMode) == SETUP_MODE)) {
+ IfrNvData->DeletePk = TRUE;
+ IfrNvData->HasPk = FALSE;
+ *ActionRequest = EFI_BROWSER_ACTION_REQUEST_SUBMIT;
+ } else {
+ IfrNvData->DeletePk = FALSE;
+ IfrNvData->HasPk = TRUE;
+ *ActionRequest = EFI_BROWSER_ACTION_REQUEST_FORM_APPLY;
+ }
+
+ if (SetupMode != NULL) {
+ FreePool (SetupMode);
+ }
+
+ break;
+ case KEY_SECURE_BOOT_RESET_TO_DEFAULT:
+ {
+ Status = gBS->LocateProtocol (&gEfiHiiPopupProtocolGuid, NULL, (VOID **)&HiiPopup);
+ if (EFI_ERROR (Status)) {
+ return Status;
+ }
+
+ Status = HiiPopup->CreatePopup (
+ HiiPopup,
+ EfiHiiPopupStyleInfo,
+ EfiHiiPopupTypeYesNo,
+ Private->HiiHandle,
+ STRING_TOKEN (STR_RESET_TO_DEFAULTS_POPUP),
+ &UserSelection
+ );
+ if (UserSelection == EfiHiiPopupSelectionYes) {
+ Status = KeyEnrollReset ();
+ }
+
+ //
+ // Update secure boot strings after key reset
+ //
+ if (Status == EFI_SUCCESS) {
+ Status = UpdateSecureBootString (Private);
+ SecureBootExtractConfigFromVariable (Private, IfrNvData);
+ }
}
- if (SetupMode != NULL) {
- FreePool (SetupMode);
- }
- break;
- case KEY_SECURE_BOOT_RESET_TO_DEFAULT:
- {
- Status = gBS->LocateProtocol (&gEfiHiiPopupProtocolGuid, NULL, (VOID **) &HiiPopup);
- if (EFI_ERROR (Status)) {
- return Status;
- }
- Status = HiiPopup->CreatePopup (
- HiiPopup,
- EfiHiiPopupStyleInfo,
- EfiHiiPopupTypeYesNo,
- Private->HiiHandle,
- STRING_TOKEN (STR_RESET_TO_DEFAULTS_POPUP),
- &UserSelection
- );
- if (UserSelection == EfiHiiPopupSelectionYes) {
- Status = KeyEnrollReset ();
- }
- //
- // Update secure boot strings after key reset
- //
- if (Status == EFI_SUCCESS) {
- Status = UpdateSecureBootString (Private);
- SecureBootExtractConfigFromVariable (Private, IfrNvData);
- }
- }
- default:
- break;
+ default:
+ break;
}
} else if (Action == EFI_BROWSER_ACTION_DEFAULT_STANDARD) {
if (QuestionId == KEY_HIDE_SECURE_BOOT) {
- GetVariable2 (EFI_PLATFORM_KEY_NAME, &gEfiGlobalVariableGuid, (VOID**)&Pk, NULL);
+ GetVariable2 (EFI_PLATFORM_KEY_NAME, &gEfiGlobalVariableGuid, (VOID **)&Pk, NULL);
if (Pk == NULL) {
IfrNvData->HideSecureBoot = TRUE;
} else {
FreePool (Pk);
IfrNvData->HideSecureBoot = FALSE;
}
+
Value->b = IfrNvData->HideSecureBoot;
}
} else if (Action == EFI_BROWSER_ACTION_FORM_CLOSE) {
//
// Force the platform back to Standard Mode once user leave the setup screen.
//
- GetVariable2 (EFI_CUSTOM_MODE_NAME, &gEfiCustomModeEnableGuid, (VOID**)&SecureBootMode, NULL);
- if (NULL != SecureBootMode && *SecureBootMode == CUSTOM_SECURE_BOOT_MODE) {
+ GetVariable2 (EFI_CUSTOM_MODE_NAME, &gEfiCustomModeEnableGuid, (VOID **)&SecureBootMode, NULL);
+ if ((NULL != SecureBootMode) && (*SecureBootMode == CUSTOM_SECURE_BOOT_MODE)) {
IfrNvData->SecureBootMode = STANDARD_SECURE_BOOT_MODE;
- SetSecureBootMode(STANDARD_SECURE_BOOT_MODE);
+ SetSecureBootMode (STANDARD_SECURE_BOOT_MODE);
}
+
if (SecureBootMode != NULL) {
FreePool (SecureBootMode);
}
@@ -4949,13 +5031,13 @@ EXIT: if (!EFI_ERROR (Status) && GetBrowserDataResult) {
BufferSize = sizeof (SECUREBOOT_CONFIGURATION);
- HiiSetBrowserData (&gSecureBootConfigFormSetGuid, mSecureBootStorageName, BufferSize, (UINT8*) IfrNvData, NULL);
+ HiiSetBrowserData (&gSecureBootConfigFormSetGuid, mSecureBootStorageName, BufferSize, (UINT8 *)IfrNvData, NULL);
}
FreePool (IfrNvData);
- if (File != NULL){
- FreePool(File);
+ if (File != NULL) {
+ FreePool (File);
File = NULL;
}
@@ -4984,14 +5066,14 @@ InstallSecureBootConfigForm ( DriverHandle = NULL;
ConfigAccess = &PrivateData->ConfigAccess;
- Status = gBS->InstallMultipleProtocolInterfaces (
- &DriverHandle,
- &gEfiDevicePathProtocolGuid,
- &mSecureBootHiiVendorDevicePath,
- &gEfiHiiConfigAccessProtocolGuid,
- ConfigAccess,
- NULL
- );
+ Status = gBS->InstallMultipleProtocolInterfaces (
+ &DriverHandle,
+ &gEfiDevicePathProtocolGuid,
+ &mSecureBootHiiVendorDevicePath,
+ &gEfiHiiConfigAccessProtocolGuid,
+ ConfigAccess,
+ NULL
+ );
if (EFI_ERROR (Status)) {
return Status;
}
@@ -5047,23 +5129,23 @@ InstallSecureBootConfigForm ( //
// Create Hii Extend Label OpCode as the start opcode
//
- mStartLabel = (EFI_IFR_GUID_LABEL *) HiiCreateGuidOpCode (
- mStartOpCodeHandle,
- &gEfiIfrTianoGuid,
- NULL,
- sizeof (EFI_IFR_GUID_LABEL)
- );
+ mStartLabel = (EFI_IFR_GUID_LABEL *)HiiCreateGuidOpCode (
+ mStartOpCodeHandle,
+ &gEfiIfrTianoGuid,
+ NULL,
+ sizeof (EFI_IFR_GUID_LABEL)
+ );
mStartLabel->ExtendOpCode = EFI_IFR_EXTEND_OP_LABEL;
//
// Create Hii Extend Label OpCode as the end opcode
//
- mEndLabel = (EFI_IFR_GUID_LABEL *) HiiCreateGuidOpCode (
- mEndOpCodeHandle,
- &gEfiIfrTianoGuid,
- NULL,
- sizeof (EFI_IFR_GUID_LABEL)
- );
+ mEndLabel = (EFI_IFR_GUID_LABEL *)HiiCreateGuidOpCode (
+ mEndOpCodeHandle,
+ &gEfiIfrTianoGuid,
+ NULL,
+ sizeof (EFI_IFR_GUID_LABEL)
+ );
mEndLabel->ExtendOpCode = EFI_IFR_EXTEND_OP_LABEL;
mEndLabel->Number = LABEL_END;
@@ -5078,7 +5160,7 @@ InstallSecureBootConfigForm ( **/
VOID
UninstallSecureBootConfigForm (
- IN OUT SECUREBOOT_CONFIG_PRIVATE_DATA *PrivateData
+ IN OUT SECUREBOOT_CONFIG_PRIVATE_DATA *PrivateData
)
{
//
diff --git a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.h b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.h index 268f015..37c66f1 100644 --- a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.h +++ b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.h @@ -48,20 +48,20 @@ SPDX-License-Identifier: BSD-2-Clause-Patent //
// Tool generated IFR binary data and String package data
//
-extern UINT8 SecureBootConfigBin[];
-extern UINT8 SecureBootConfigDxeStrings[];
+extern UINT8 SecureBootConfigBin[];
+extern UINT8 SecureBootConfigDxeStrings[];
//
// Shared IFR form update data
//
-extern VOID *mStartOpCodeHandle;
-extern VOID *mEndOpCodeHandle;
-extern EFI_IFR_GUID_LABEL *mStartLabel;
-extern EFI_IFR_GUID_LABEL *mEndLabel;
+extern VOID *mStartOpCodeHandle;
+extern VOID *mEndOpCodeHandle;
+extern EFI_IFR_GUID_LABEL *mStartLabel;
+extern EFI_IFR_GUID_LABEL *mEndLabel;
-#define MAX_CHAR 480
-#define TWO_BYTE_ENCODE 0x82
-#define BUFFER_MAX_SIZE 100
+#define MAX_CHAR 480
+#define TWO_BYTE_ENCODE 0x82
+#define BUFFER_MAX_SIZE 100
//
// SHA-256 digest size in bytes
@@ -79,24 +79,24 @@ extern EFI_IFR_GUID_LABEL *mEndLabel; //
// Set max digest size as SHA512 Output (64 bytes) by far
//
-#define MAX_DIGEST_SIZE SHA512_DIGEST_SIZE
+#define MAX_DIGEST_SIZE SHA512_DIGEST_SIZE
-#define WIN_CERT_UEFI_RSA2048_SIZE 256
+#define WIN_CERT_UEFI_RSA2048_SIZE 256
//
// Support hash types
//
-#define HASHALG_SHA224 0x00000000
-#define HASHALG_SHA256 0x00000001
-#define HASHALG_SHA384 0x00000002
-#define HASHALG_SHA512 0x00000003
-#define HASHALG_RAW 0x00000004
-#define HASHALG_MAX 0x00000004
+#define HASHALG_SHA224 0x00000000
+#define HASHALG_SHA256 0x00000001
+#define HASHALG_SHA384 0x00000002
+#define HASHALG_SHA512 0x00000003
+#define HASHALG_RAW 0x00000004
+#define HASHALG_MAX 0x00000004
//
// Certificate public key minimum size (bytes)
//
-#define CER_PUBKEY_MIN_SIZE 256
+#define CER_PUBKEY_MIN_SIZE 256
//
// Types of errors may occur during certificate enrollment.
@@ -113,18 +113,18 @@ typedef enum { //
Unqualified_Key,
Enroll_Error_Max
-}ENROLL_KEY_ERROR;
+} ENROLL_KEY_ERROR;
typedef struct {
- UINTN Signature;
- LIST_ENTRY Head;
- UINTN MenuNumber;
+ UINTN Signature;
+ LIST_ENTRY Head;
+ UINTN MenuNumber;
} SECUREBOOT_MENU_OPTION;
typedef struct {
- EFI_FILE_HANDLE FHandle;
- UINT16 *FileName;
- UINT8 FileType;
+ EFI_FILE_HANDLE FHandle;
+ UINT16 *FileName;
+ UINT8 FileType;
} SECUREBOOT_FILE_CONTEXT;
#define SECUREBOOT_FREE_NON_NULL(Pointer) \
@@ -149,11 +149,11 @@ typedef struct { // We define another format of 5th directory entry: security directory
//
typedef struct {
- UINT32 Offset; // Offset of certificate
- UINT32 SizeOfCert; // size of certificate appended
+ UINT32 Offset; // Offset of certificate
+ UINT32 SizeOfCert; // size of certificate appended
} EFI_IMAGE_SECURITY_DATA_DIRECTORY;
-typedef enum{
+typedef enum {
ImageType_IA32,
ImageType_X64
} IMAGE_TYPE;
@@ -162,8 +162,8 @@ typedef enum{ /// HII specific Vendor Device Path definition.
///
typedef struct {
- VENDOR_DEVICE_PATH VendorDevicePath;
- EFI_DEVICE_PATH_PROTOCOL End;
+ VENDOR_DEVICE_PATH VendorDevicePath;
+ EFI_DEVICE_PATH_PROTOCOL End;
} HII_VENDOR_DEVICE_PATH;
typedef enum {
@@ -177,7 +177,7 @@ typedef enum { Delete_Signature_List_All,
Delete_Signature_List_One,
Delete_Signature_Data
-}SIGNATURE_DELETE_TYPE;
+} SIGNATURE_DELETE_TYPE;
typedef struct {
UINTN Signature;
@@ -196,10 +196,10 @@ typedef struct { BOOLEAN *CheckArray; // Record which signature data checked.
} SECUREBOOT_CONFIG_PRIVATE_DATA;
-extern SECUREBOOT_CONFIG_PRIVATE_DATA mSecureBootConfigPrivateDateTemplate;
-extern SECUREBOOT_CONFIG_PRIVATE_DATA *gSecureBootPrivateData;
+extern SECUREBOOT_CONFIG_PRIVATE_DATA mSecureBootConfigPrivateDateTemplate;
+extern SECUREBOOT_CONFIG_PRIVATE_DATA *gSecureBootPrivateData;
-#define SECUREBOOT_CONFIG_PRIVATE_DATA_SIGNATURE SIGNATURE_32 ('S', 'E', 'C', 'B')
+#define SECUREBOOT_CONFIG_PRIVATE_DATA_SIGNATURE SIGNATURE_32 ('S', 'E', 'C', 'B')
#define SECUREBOOT_CONFIG_PRIVATE_FROM_THIS(a) CR (a, SECUREBOOT_CONFIG_PRIVATE_DATA, ConfigAccess, SECUREBOOT_CONFIG_PRIVATE_DATA_SIGNATURE)
//
@@ -207,16 +207,15 @@ extern SECUREBOOT_CONFIG_PRIVATE_DATA *gSecureBootPrivateData; //
#pragma pack(1)
typedef struct _CPL_KEY_INFO {
- UINT32 KeyLengthInBits; // Key Length In Bits
- UINT32 BlockSize; // Operation Block Size in Bytes
- UINT32 CipherBlockSize; // Output Cipher Block Size in Bytes
- UINT32 KeyType; // Key Type
- UINT32 CipherMode; // Cipher Mode for Symmetric Algorithm
- UINT32 Flags; // Additional Key Property Flags
+ UINT32 KeyLengthInBits; // Key Length In Bits
+ UINT32 BlockSize; // Operation Block Size in Bytes
+ UINT32 CipherBlockSize; // Output Cipher Block Size in Bytes
+ UINT32 KeyType; // Key Type
+ UINT32 CipherMode; // Cipher Mode for Symmetric Algorithm
+ UINT32 Flags; // Additional Key Property Flags
} CPL_KEY_INFO;
#pragma pack()
-
/**
Retrieves the size, in bytes, of the context buffer required for hash operations.
@@ -247,7 +246,6 @@ BOOLEAN IN OUT VOID *HashContext
);
-
/**
Performs digest on a data buffer of the specified length. This function can
be called multiple times to compute the digest of long or discontinuous data streams.
@@ -308,11 +306,10 @@ typedef struct { } HASH_TABLE;
typedef struct {
- WIN_CERTIFICATE Hdr;
- UINT8 CertData[1];
+ WIN_CERTIFICATE Hdr;
+ UINT8 CertData[1];
} WIN_CERTIFICATE_EFI_PKCS;
-
/**
This function publish the SecureBoot configuration Form.
@@ -328,7 +325,6 @@ InstallSecureBootConfigForm ( IN OUT SECUREBOOT_CONFIG_PRIVATE_DATA *PrivateData
);
-
/**
This function removes SecureBoot configuration Form.
@@ -337,10 +333,9 @@ InstallSecureBootConfigForm ( **/
VOID
UninstallSecureBootConfigForm (
- IN OUT SECUREBOOT_CONFIG_PRIVATE_DATA *PrivateData
+ IN OUT SECUREBOOT_CONFIG_PRIVATE_DATA *PrivateData
);
-
/**
This function allows a caller to extract the current configuration for one
or more named elements from the target driver.
@@ -370,13 +365,12 @@ UninstallSecureBootConfigForm ( EFI_STATUS
EFIAPI
SecureBootExtractConfig (
- IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This,
- IN CONST EFI_STRING Request,
- OUT EFI_STRING *Progress,
- OUT EFI_STRING *Results
+ IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This,
+ IN CONST EFI_STRING Request,
+ OUT EFI_STRING *Progress,
+ OUT EFI_STRING *Results
);
-
/**
This function processes the results of changes in configuration.
@@ -398,12 +392,11 @@ SecureBootExtractConfig ( EFI_STATUS
EFIAPI
SecureBootRouteConfig (
- IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This,
- IN CONST EFI_STRING Configuration,
- OUT EFI_STRING *Progress
+ IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This,
+ IN CONST EFI_STRING Configuration,
+ OUT EFI_STRING *Progress
);
-
/**
This function processes the results of changes in configuration.
@@ -429,15 +422,14 @@ SecureBootRouteConfig ( EFI_STATUS
EFIAPI
SecureBootCallback (
- IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This,
- IN EFI_BROWSER_ACTION Action,
- IN EFI_QUESTION_ID QuestionId,
- IN UINT8 Type,
- IN EFI_IFR_TYPE_VALUE *Value,
- OUT EFI_BROWSER_ACTION_REQUEST *ActionRequest
+ IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This,
+ IN EFI_BROWSER_ACTION Action,
+ IN EFI_QUESTION_ID QuestionId,
+ IN UINT8 Type,
+ IN EFI_IFR_TYPE_VALUE *Value,
+ OUT EFI_BROWSER_ACTION_REQUEST *ActionRequest
);
-
/**
This function converts an input device structure to a Unicode string.
@@ -449,10 +441,9 @@ SecureBootCallback ( CHAR16 *
EFIAPI
DevicePathToStr (
- IN EFI_DEVICE_PATH_PROTOCOL *DevPath
+ IN EFI_DEVICE_PATH_PROTOCOL *DevPath
);
-
/**
Clean up the dynamic opcode at label and form specified by both LabelId.
@@ -462,11 +453,10 @@ DevicePathToStr ( **/
VOID
CleanUpPage (
- IN UINT16 LabelId,
- IN SECUREBOOT_CONFIG_PRIVATE_DATA *PrivateData
+ IN UINT16 LabelId,
+ IN SECUREBOOT_CONFIG_PRIVATE_DATA *PrivateData
);
-
/**
Read file content into BufferPtr, the size of the allocate buffer
is *FileSize plus AdditionAllocateSize.
@@ -485,13 +475,12 @@ CleanUpPage ( **/
EFI_STATUS
ReadFileContent (
- IN EFI_FILE_HANDLE FileHandle,
- IN OUT VOID **BufferPtr,
- OUT UINTN *FileSize,
- IN UINTN AdditionAllocateSize
+ IN EFI_FILE_HANDLE FileHandle,
+ IN OUT VOID **BufferPtr,
+ OUT UINTN *FileSize,
+ IN UINTN AdditionAllocateSize
);
-
/**
Close an open file handle.
@@ -500,10 +489,9 @@ ReadFileContent ( **/
VOID
CloseFile (
- IN EFI_FILE_HANDLE FileHandle
+ IN EFI_FILE_HANDLE FileHandle
);
-
/**
Converts a nonnegative integer to an octet string of a specified length.
@@ -521,10 +509,10 @@ Returns: EFI_STATUS
EFIAPI
Int2OctStr (
- IN CONST UINTN *Integer,
- IN UINTN IntSizeInWords,
- OUT UINT8 *OctetString,
- IN UINTN OSSizeInBytes
+ IN CONST UINTN *Integer,
+ IN UINTN IntSizeInWords,
+ OUT UINT8 *OctetString,
+ IN UINTN OSSizeInBytes
);
/**
@@ -555,7 +543,7 @@ GuidToString ( BOOLEAN
EFIAPI
UpdatePKFromFile (
- IN EFI_DEVICE_PATH_PROTOCOL *FilePath
+ IN EFI_DEVICE_PATH_PROTOCOL *FilePath
);
/**
@@ -569,7 +557,7 @@ UpdatePKFromFile ( BOOLEAN
EFIAPI
UpdateKEKFromFile (
- IN EFI_DEVICE_PATH_PROTOCOL *FilePath
+ IN EFI_DEVICE_PATH_PROTOCOL *FilePath
);
/**
@@ -583,7 +571,7 @@ UpdateKEKFromFile ( BOOLEAN
EFIAPI
UpdateDBFromFile (
- IN EFI_DEVICE_PATH_PROTOCOL *FilePath
+ IN EFI_DEVICE_PATH_PROTOCOL *FilePath
);
/**
@@ -597,7 +585,7 @@ UpdateDBFromFile ( BOOLEAN
EFIAPI
UpdateDBXFromFile (
- IN EFI_DEVICE_PATH_PROTOCOL *FilePath
+ IN EFI_DEVICE_PATH_PROTOCOL *FilePath
);
/**
@@ -611,7 +599,7 @@ UpdateDBXFromFile ( BOOLEAN
EFIAPI
UpdateDBTFromFile (
- IN EFI_DEVICE_PATH_PROTOCOL *FilePath
+ IN EFI_DEVICE_PATH_PROTOCOL *FilePath
);
#endif
diff --git a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigMisc.c b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigMisc.c index 3730fbe..aee1683 100644 --- a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigMisc.c +++ b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigMisc.c @@ -26,17 +26,17 @@ SPDX-License-Identifier: BSD-2-Clause-Patent **/
EFI_STATUS
ReadFileContent (
- IN EFI_FILE_HANDLE FileHandle,
- IN OUT VOID **BufferPtr,
- OUT UINTN *FileSize,
- IN UINTN AdditionAllocateSize
+ IN EFI_FILE_HANDLE FileHandle,
+ IN OUT VOID **BufferPtr,
+ OUT UINTN *FileSize,
+ IN UINTN AdditionAllocateSize
)
{
- UINTN BufferSize;
- UINT64 SourceFileSize;
- VOID *Buffer;
- EFI_STATUS Status;
+ UINTN BufferSize;
+ UINT64 SourceFileSize;
+ VOID *Buffer;
+ EFI_STATUS Status;
if ((FileHandle == NULL) || (FileSize == NULL)) {
return EFI_INVALID_PARAMETER;
@@ -47,7 +47,7 @@ ReadFileContent ( //
// Get the file size
//
- Status = FileHandle->SetPosition (FileHandle, (UINT64) -1);
+ Status = FileHandle->SetPosition (FileHandle, (UINT64)-1);
if (EFI_ERROR (Status)) {
goto ON_EXIT;
}
@@ -62,20 +62,20 @@ ReadFileContent ( goto ON_EXIT;
}
- BufferSize = (UINTN) SourceFileSize + AdditionAllocateSize;
- Buffer = AllocateZeroPool(BufferSize);
+ BufferSize = (UINTN)SourceFileSize + AdditionAllocateSize;
+ Buffer = AllocateZeroPool (BufferSize);
if (Buffer == NULL) {
return EFI_OUT_OF_RESOURCES;
}
- BufferSize = (UINTN) SourceFileSize;
+ BufferSize = (UINTN)SourceFileSize;
*FileSize = BufferSize;
Status = FileHandle->Read (FileHandle, &BufferSize, Buffer);
- if (EFI_ERROR (Status) || BufferSize != *FileSize) {
+ if (EFI_ERROR (Status) || (BufferSize != *FileSize)) {
FreePool (Buffer);
Buffer = NULL;
- Status = EFI_BAD_BUFFER_SIZE;
+ Status = EFI_BAD_BUFFER_SIZE;
goto ON_EXIT;
}
@@ -93,7 +93,7 @@ ON_EXIT: **/
VOID
CloseFile (
- IN EFI_FILE_HANDLE FileHandle
+ IN EFI_FILE_HANDLE FileHandle
)
{
if (FileHandle != NULL) {
@@ -118,10 +118,10 @@ Returns: EFI_STATUS
EFIAPI
Int2OctStr (
- IN CONST UINTN *Integer,
- IN UINTN IntSizeInWords,
- OUT UINT8 *OctetString,
- IN UINTN OSSizeInBytes
+ IN CONST UINTN *Integer,
+ IN UINTN IntSizeInWords,
+ OUT UINT8 *OctetString,
+ IN UINTN OSSizeInBytes
)
{
CONST UINT8 *Ptr1;
@@ -129,11 +129,13 @@ Int2OctStr ( for (Ptr1 = (CONST UINT8 *)Integer, Ptr2 = OctetString + OSSizeInBytes - 1;
Ptr1 < (UINT8 *)(Integer + IntSizeInWords) && Ptr2 >= OctetString;
- Ptr1++, Ptr2--) {
+ Ptr1++, Ptr2--)
+ {
*Ptr2 = *Ptr1;
}
- for (; Ptr1 < (CONST UINT8 *)(Integer + IntSizeInWords) && *Ptr1 == 0; Ptr1++);
+ for ( ; Ptr1 < (CONST UINT8 *)(Integer + IntSizeInWords) && *Ptr1 == 0; Ptr1++) {
+ }
if (Ptr1 < (CONST UINT8 *)(Integer + IntSizeInWords)) {
return EFI_BUFFER_TOO_SMALL;
@@ -163,24 +165,24 @@ GuidToString ( IN UINTN BufferSize
)
{
- UINTN Size;
+ UINTN Size;
Size = UnicodeSPrint (
- Buffer,
- BufferSize,
- L"%08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x",
- (UINTN)Guid->Data1,
- (UINTN)Guid->Data2,
- (UINTN)Guid->Data3,
- (UINTN)Guid->Data4[0],
- (UINTN)Guid->Data4[1],
- (UINTN)Guid->Data4[2],
- (UINTN)Guid->Data4[3],
- (UINTN)Guid->Data4[4],
- (UINTN)Guid->Data4[5],
- (UINTN)Guid->Data4[6],
- (UINTN)Guid->Data4[7]
- );
+ Buffer,
+ BufferSize,
+ L"%08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x",
+ (UINTN)Guid->Data1,
+ (UINTN)Guid->Data2,
+ (UINTN)Guid->Data3,
+ (UINTN)Guid->Data4[0],
+ (UINTN)Guid->Data4[1],
+ (UINTN)Guid->Data4[2],
+ (UINTN)Guid->Data4[3],
+ (UINTN)Guid->Data4[4],
+ (UINTN)Guid->Data4[5],
+ (UINTN)Guid->Data4[6],
+ (UINTN)Guid->Data4[7]
+ );
//
// SPrint will null terminate the string. The -1 skips the null
diff --git a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigNvData.h b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigNvData.h index 4ecc25e..34720bb 100644 --- a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigNvData.h +++ b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigNvData.h @@ -15,128 +15,128 @@ SPDX-License-Identifier: BSD-2-Clause-Patent //
// Used by VFR for form or button identification
//
-#define SECUREBOOT_CONFIGURATION_VARSTORE_ID 0x0001
-#define SECUREBOOT_CONFIGURATION_FORM_ID 0x01
-#define FORMID_SECURE_BOOT_OPTION_FORM 0x02
-#define FORMID_SECURE_BOOT_PK_OPTION_FORM 0x03
-#define FORMID_SECURE_BOOT_KEK_OPTION_FORM 0x04
-#define FORMID_SECURE_BOOT_DB_OPTION_FORM 0x05
-#define FORMID_SECURE_BOOT_DBX_OPTION_FORM 0x06
-#define FORMID_ENROLL_PK_FORM 0x07
-#define SECUREBOOT_ADD_PK_FILE_FORM_ID 0x08
-#define FORMID_ENROLL_KEK_FORM 0x09
-#define FORMID_DELETE_KEK_FORM 0x0a
-#define SECUREBOOT_ENROLL_SIGNATURE_TO_DB 0x0b
-#define SECUREBOOT_DELETE_SIGNATURE_FROM_DB 0x0c
-#define SECUREBOOT_ENROLL_SIGNATURE_TO_DBX 0x0d
-#define FORMID_SECURE_BOOT_DBT_OPTION_FORM 0x14
-#define SECUREBOOT_ENROLL_SIGNATURE_TO_DBT 0x15
-#define SECUREBOOT_DELETE_SIGNATURE_FROM_DBT 0x16
-#define SECUREBOOT_DELETE_SIGNATURE_LIST_FORM 0x17
-#define SECUREBOOT_DELETE_SIGNATURE_DATA_FORM 0x18
-
-#define SECURE_BOOT_MODE_CUSTOM 0x01
-#define SECURE_BOOT_MODE_STANDARD 0x00
-
-#define KEY_SECURE_BOOT_ENABLE 0x1000
-#define KEY_SECURE_BOOT_MODE 0x1001
-#define KEY_VALUE_SAVE_AND_EXIT_DB 0x1002
-#define KEY_VALUE_NO_SAVE_AND_EXIT_DB 0x1003
-#define KEY_VALUE_SAVE_AND_EXIT_PK 0x1004
-#define KEY_VALUE_NO_SAVE_AND_EXIT_PK 0x1005
-#define KEY_VALUE_SAVE_AND_EXIT_KEK 0x1008
-#define KEY_VALUE_NO_SAVE_AND_EXIT_KEK 0x1009
-#define KEY_VALUE_SAVE_AND_EXIT_DBX 0x100a
-#define KEY_VALUE_NO_SAVE_AND_EXIT_DBX 0x100b
-#define KEY_HIDE_SECURE_BOOT 0x100c
-#define KEY_VALUE_SAVE_AND_EXIT_DBT 0x100d
-#define KEY_VALUE_NO_SAVE_AND_EXIT_DBT 0x100e
-
-#define KEY_VALUE_FROM_DBX_TO_LIST_FORM 0x100f
-
-#define KEY_SECURE_BOOT_RESET_TO_DEFAULT 0x1010
-
-#define KEY_SECURE_BOOT_OPTION 0x1100
-#define KEY_SECURE_BOOT_PK_OPTION 0x1101
-#define KEY_SECURE_BOOT_KEK_OPTION 0x1102
-#define KEY_SECURE_BOOT_DB_OPTION 0x1103
-#define KEY_SECURE_BOOT_DBX_OPTION 0x1104
-#define KEY_SECURE_BOOT_DELETE_PK 0x1105
-#define KEY_ENROLL_PK 0x1106
-#define KEY_ENROLL_KEK 0x1107
-#define KEY_DELETE_KEK 0x1108
-#define KEY_SECURE_BOOT_KEK_GUID 0x110a
-#define KEY_SECURE_BOOT_SIGNATURE_GUID_DB 0x110b
-#define KEY_SECURE_BOOT_SIGNATURE_GUID_DBX 0x110c
-#define KEY_SECURE_BOOT_DBT_OPTION 0x110d
-#define KEY_SECURE_BOOT_SIGNATURE_GUID_DBT 0x110e
-#define KEY_SECURE_BOOT_DELETE_ALL_LIST 0x110f
-#define KEY_SECURE_BOOT_DELETE_ALL_DATA 0x1110
-#define KEY_SECURE_BOOT_DELETE_CHECK_DATA 0x1111
-
-#define LABEL_KEK_DELETE 0x1200
-#define LABEL_DB_DELETE 0x1201
-#define LABEL_SIGNATURE_LIST_START 0x1202
-#define LABEL_DBT_DELETE 0x1203
-#define LABEL_SIGNATURE_DATA_START 0x1204
-#define LABEL_DELETE_ALL_LIST_BUTTON 0x1300
-#define LABEL_END 0xffff
-
-#define SECURE_BOOT_MAX_ATTEMPTS_NUM 255
-
-#define CONFIG_OPTION_OFFSET 0x2000
-
-#define OPTION_CONFIG_QUESTION_ID 0x2000
-#define OPTION_CONFIG_RANGE 0x1000
+#define SECUREBOOT_CONFIGURATION_VARSTORE_ID 0x0001
+#define SECUREBOOT_CONFIGURATION_FORM_ID 0x01
+#define FORMID_SECURE_BOOT_OPTION_FORM 0x02
+#define FORMID_SECURE_BOOT_PK_OPTION_FORM 0x03
+#define FORMID_SECURE_BOOT_KEK_OPTION_FORM 0x04
+#define FORMID_SECURE_BOOT_DB_OPTION_FORM 0x05
+#define FORMID_SECURE_BOOT_DBX_OPTION_FORM 0x06
+#define FORMID_ENROLL_PK_FORM 0x07
+#define SECUREBOOT_ADD_PK_FILE_FORM_ID 0x08
+#define FORMID_ENROLL_KEK_FORM 0x09
+#define FORMID_DELETE_KEK_FORM 0x0a
+#define SECUREBOOT_ENROLL_SIGNATURE_TO_DB 0x0b
+#define SECUREBOOT_DELETE_SIGNATURE_FROM_DB 0x0c
+#define SECUREBOOT_ENROLL_SIGNATURE_TO_DBX 0x0d
+#define FORMID_SECURE_BOOT_DBT_OPTION_FORM 0x14
+#define SECUREBOOT_ENROLL_SIGNATURE_TO_DBT 0x15
+#define SECUREBOOT_DELETE_SIGNATURE_FROM_DBT 0x16
+#define SECUREBOOT_DELETE_SIGNATURE_LIST_FORM 0x17
+#define SECUREBOOT_DELETE_SIGNATURE_DATA_FORM 0x18
+
+#define SECURE_BOOT_MODE_CUSTOM 0x01
+#define SECURE_BOOT_MODE_STANDARD 0x00
+
+#define KEY_SECURE_BOOT_ENABLE 0x1000
+#define KEY_SECURE_BOOT_MODE 0x1001
+#define KEY_VALUE_SAVE_AND_EXIT_DB 0x1002
+#define KEY_VALUE_NO_SAVE_AND_EXIT_DB 0x1003
+#define KEY_VALUE_SAVE_AND_EXIT_PK 0x1004
+#define KEY_VALUE_NO_SAVE_AND_EXIT_PK 0x1005
+#define KEY_VALUE_SAVE_AND_EXIT_KEK 0x1008
+#define KEY_VALUE_NO_SAVE_AND_EXIT_KEK 0x1009
+#define KEY_VALUE_SAVE_AND_EXIT_DBX 0x100a
+#define KEY_VALUE_NO_SAVE_AND_EXIT_DBX 0x100b
+#define KEY_HIDE_SECURE_BOOT 0x100c
+#define KEY_VALUE_SAVE_AND_EXIT_DBT 0x100d
+#define KEY_VALUE_NO_SAVE_AND_EXIT_DBT 0x100e
+
+#define KEY_VALUE_FROM_DBX_TO_LIST_FORM 0x100f
+
+#define KEY_SECURE_BOOT_RESET_TO_DEFAULT 0x1010
+
+#define KEY_SECURE_BOOT_OPTION 0x1100
+#define KEY_SECURE_BOOT_PK_OPTION 0x1101
+#define KEY_SECURE_BOOT_KEK_OPTION 0x1102
+#define KEY_SECURE_BOOT_DB_OPTION 0x1103
+#define KEY_SECURE_BOOT_DBX_OPTION 0x1104
+#define KEY_SECURE_BOOT_DELETE_PK 0x1105
+#define KEY_ENROLL_PK 0x1106
+#define KEY_ENROLL_KEK 0x1107
+#define KEY_DELETE_KEK 0x1108
+#define KEY_SECURE_BOOT_KEK_GUID 0x110a
+#define KEY_SECURE_BOOT_SIGNATURE_GUID_DB 0x110b
+#define KEY_SECURE_BOOT_SIGNATURE_GUID_DBX 0x110c
+#define KEY_SECURE_BOOT_DBT_OPTION 0x110d
+#define KEY_SECURE_BOOT_SIGNATURE_GUID_DBT 0x110e
+#define KEY_SECURE_BOOT_DELETE_ALL_LIST 0x110f
+#define KEY_SECURE_BOOT_DELETE_ALL_DATA 0x1110
+#define KEY_SECURE_BOOT_DELETE_CHECK_DATA 0x1111
+
+#define LABEL_KEK_DELETE 0x1200
+#define LABEL_DB_DELETE 0x1201
+#define LABEL_SIGNATURE_LIST_START 0x1202
+#define LABEL_DBT_DELETE 0x1203
+#define LABEL_SIGNATURE_DATA_START 0x1204
+#define LABEL_DELETE_ALL_LIST_BUTTON 0x1300
+#define LABEL_END 0xffff
+
+#define SECURE_BOOT_MAX_ATTEMPTS_NUM 255
+
+#define CONFIG_OPTION_OFFSET 0x2000
+
+#define OPTION_CONFIG_QUESTION_ID 0x2000
+#define OPTION_CONFIG_RANGE 0x1000
//
// Question ID 0x2000 ~ 0x2FFF is for KEK
//
-#define OPTION_DEL_KEK_QUESTION_ID 0x2000
+#define OPTION_DEL_KEK_QUESTION_ID 0x2000
//
// Question ID 0x3000 ~ 0x3FFF is for DB
//
-#define OPTION_DEL_DB_QUESTION_ID 0x3000
+#define OPTION_DEL_DB_QUESTION_ID 0x3000
//
// Question ID 0x4000 ~ 0x4FFF is for signature list.
//
-#define OPTION_SIGNATURE_LIST_QUESTION_ID 0X4000
+#define OPTION_SIGNATURE_LIST_QUESTION_ID 0X4000
//
// Question ID 0x6000 ~ 0x6FFF is for signature data.
//
-#define OPTION_SIGNATURE_DATA_QUESTION_ID 0x6000
+#define OPTION_SIGNATURE_DATA_QUESTION_ID 0x6000
//
// Question ID 0x5000 ~ 0x5FFF is for DBT
//
-#define OPTION_DEL_DBT_QUESTION_ID 0x5000
+#define OPTION_DEL_DBT_QUESTION_ID 0x5000
-#define SECURE_BOOT_GUID_SIZE 36
-#define SECURE_BOOT_GUID_STORAGE_SIZE 37
+#define SECURE_BOOT_GUID_SIZE 36
+#define SECURE_BOOT_GUID_STORAGE_SIZE 37
-#define UNKNOWN_FILE_TYPE 0
-#define X509_CERT_FILE_TYPE 1
-#define PE_IMAGE_FILE_TYPE 2
-#define AUTHENTICATION_2_FILE_TYPE 3
+#define UNKNOWN_FILE_TYPE 0
+#define X509_CERT_FILE_TYPE 1
+#define PE_IMAGE_FILE_TYPE 2
+#define AUTHENTICATION_2_FILE_TYPE 3
//
// Nv Data structure referenced by IFR
//
typedef struct {
- BOOLEAN AttemptSecureBoot; // Attempt to enable/disable Secure Boot
- BOOLEAN HideSecureBoot; // Hidden Attempt Secure Boot
- CHAR16 SignatureGuid[SECURE_BOOT_GUID_STORAGE_SIZE];
- BOOLEAN PhysicalPresent; // If a Physical Present User
- UINT8 SecureBootMode; // Secure Boot Mode: Standard Or Custom
- BOOLEAN DeletePk;
- BOOLEAN HasPk; // If Pk is existed it is true
- BOOLEAN AlwaysRevocation; // If the certificate is always revoked. Revocation time is hidden
- UINT8 CertificateFormat; // The type of the certificate
- EFI_HII_DATE RevocationDate; // The revocation date of the certificate
- EFI_HII_TIME RevocationTime; // The revocation time of the certificate
- UINT8 FileEnrollType; // File type of signature enroll
- UINT32 ListCount; // The count of signature list.
- UINT32 CheckedDataCount; // The count of checked signature data.
+ BOOLEAN AttemptSecureBoot; // Attempt to enable/disable Secure Boot
+ BOOLEAN HideSecureBoot; // Hidden Attempt Secure Boot
+ CHAR16 SignatureGuid[SECURE_BOOT_GUID_STORAGE_SIZE];
+ BOOLEAN PhysicalPresent; // If a Physical Present User
+ UINT8 SecureBootMode; // Secure Boot Mode: Standard Or Custom
+ BOOLEAN DeletePk;
+ BOOLEAN HasPk; // If Pk is existed it is true
+ BOOLEAN AlwaysRevocation; // If the certificate is always revoked. Revocation time is hidden
+ UINT8 CertificateFormat; // The type of the certificate
+ EFI_HII_DATE RevocationDate; // The revocation date of the certificate
+ EFI_HII_TIME RevocationTime; // The revocation time of the certificate
+ UINT8 FileEnrollType; // File type of signature enroll
+ UINT32 ListCount; // The count of signature list.
+ UINT32 CheckedDataCount; // The count of checked signature data.
} SECUREBOOT_CONFIGURATION;
#endif
diff --git a/SecurityPkg/VariableAuthenticated/SecureBootDefaultKeysDxe/SecureBootDefaultKeysDxe.c b/SecurityPkg/VariableAuthenticated/SecureBootDefaultKeysDxe/SecureBootDefaultKeysDxe.c index 10bdb1b..ef7b01f 100644 --- a/SecurityPkg/VariableAuthenticated/SecureBootDefaultKeysDxe/SecureBootDefaultKeysDxe.c +++ b/SecurityPkg/VariableAuthenticated/SecureBootDefaultKeysDxe/SecureBootDefaultKeysDxe.c @@ -33,15 +33,15 @@ SPDX-License-Identifier: BSD-2-Clause-Patent EFI_STATUS
EFIAPI
SecureBootDefaultKeysEntryPoint (
- IN EFI_HANDLE ImageHandle,
- IN EFI_SYSTEM_TABLE *SystemTable
+ IN EFI_HANDLE ImageHandle,
+ IN EFI_SYSTEM_TABLE *SystemTable
)
{
EFI_STATUS Status;
Status = SecureBootInitPKDefault ();
if (EFI_ERROR (Status)) {
- DEBUG((DEBUG_ERROR, "%a: Cannot initialize PKDefault: %r\n", __FUNCTION__, Status));
+ DEBUG ((DEBUG_ERROR, "%a: Cannot initialize PKDefault: %r\n", __FUNCTION__, Status));
return Status;
}
@@ -50,6 +50,7 @@ SecureBootDefaultKeysEntryPoint ( DEBUG ((DEBUG_ERROR, "%a: Cannot initialize KEKDefault: %r\n", __FUNCTION__, Status));
return Status;
}
+
Status = SecureBootInitDbDefault ();
if (EFI_ERROR (Status)) {
DEBUG ((DEBUG_ERROR, "%a: Cannot initialize dbDefault: %r\n", __FUNCTION__, Status));
|