[PATCH 0/4] Show test key info on front page

[PATCH 0/4] Show test key info on front page

[Jiewen Yao]

This series patch supports to show the test key information
on the front page.
PcdTestKeyUsed is added to MdeModulePkg.

This PCD can be set by platform to indicate if there is any
test key used in current BIOS, such as recovery key,
or capsule update key.
Then the generic UI may consume this PCD to show warning information.

Jiewen Yao (4):
  MdeModulePkg/dec: Add PcdTestKeyUsed PCD.
  MdeModulePkg/UiApp: Show test key warning info in FrontPage.
  QuarkPlatformPkg/Bds: Produce PcdTestKeyUsed.
  Vlv2TbleDevicePkg/Bds: Produce PcdTestKeyUsed.

 MdeModulePkg/Application/UiApp/FrontPageCustomizedUi.c                     | 34 ++++++++++++++++++++
 MdeModulePkg/Application/UiApp/FrontPageStrings.uni                        |  8 ++++-
 MdeModulePkg/Application/UiApp/UiApp.inf                                   |  3 +-
 MdeModulePkg/MdeModulePkg.dec                                              | 11 +++++++
 QuarkPlatformPkg/Library/PlatformBootManagerLib/PlatformBootManager.c      | 11 +++++++
 QuarkPlatformPkg/Library/PlatformBootManagerLib/PlatformBootManager.h      |  5 +++
 QuarkPlatformPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf |  1 +
 Vlv2TbltDevicePkg/Library/PlatformBdsLib/BdsPlatform.c                     | 11 +++++++
 Vlv2TbltDevicePkg/Library/PlatformBdsLib/BdsPlatform.h                     |  5 +++
 Vlv2TbltDevicePkg/Library/PlatformBdsLib/PlatformBdsLib.inf                |  2 ++
 10 files changed, 89 insertions(+), 2 deletions(-)

-- 
2.7.4.windows.1

[PATCH 1/4] MdeModulePkg/dec: Add PcdTestKeyUsed PCD.

[Jiewen Yao]

This PCD can be set by platform to indicate if there is any
test key used in current BIOS, such as recovery key,
or capsule update key.
Then the generic UI may consume this PCD to show warning information.

Other platform driver may also consume this PCD to know such info,
and report it via platform specific way.

Cc: Eric Dong <eric.dong@intel.com>
Cc: Ruiyu Ni <ruiyu.ni@intel.com>
Cc: Feng Tian <feng.tian@intel.com>
Cc: Star Zeng <star.zeng@intel.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Liming Gao <liming.gao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Jiewen Yao <jiewen.yao@intel.com>
---
 MdeModulePkg/MdeModulePkg.dec | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/MdeModulePkg/MdeModulePkg.dec b/MdeModulePkg/MdeModulePkg.dec
index 76b4e1b..ebb207a 100644
--- a/MdeModulePkg/MdeModulePkg.dec
+++ b/MdeModulePkg/MdeModulePkg.dec
@@ -1703,6 +1703,17 @@
   # @ValidList  0x80000001 | 0x0
   gEfiMdeModulePkgTokenSpaceGuid.PcdIdentifyMappingPageTablePtr|0x0|UINT64|0x00030002
 
+  ## This dynamic PCD holds the bit mask of any test key used by the platform.
+  #   BIT 0      - 1: Test Key is used for recovery.<BR>
+  #                0: Test Key is not used for recovery.<BR>
+  #   BIT 1      - 1: Test Key used for system firmware update.<BR>
+  #                0: Test Key is not used for system firmware update.<BR>
+  #   BIT 2 ~ 31   Reserved for future use.
+  #   BIT (32+X) - 1: The BIT-X data is valid.<BR>
+  #                0: The BIT-X data is invalid.<BR>
+  # @Prompt The bit mask of any test key used by the platform.
+  gEfiMdeModulePkgTokenSpaceGuid.PcdTestKeyUsed|0x0000000000000000|UINT64|0x00030003
+
 [PcdsDynamicEx]
   ## This dynamic PCD hold the FMP capsule monotonic count value for current
   #  system firmware. It is used to ensure freshness/no replay on firmware update.
-- 
2.7.4.windows.1

[PATCH 2/4] MdeModulePkg/UiApp: Show test key warning info in FrontPage.

[Jiewen Yao]

The UiApp is updated to consume PcdTestKeyUsed to know if there is any
test key used in current BIOS, such as recovery key,
or capsule update key.
Then UiApp show warning information in front page.

Cc: Eric Dong <eric.dong@intel.com>
Cc: Ruiyu Ni <ruiyu.ni@intel.com>
Cc: Feng Tian <feng.tian@intel.com>
Cc: Star Zeng <star.zeng@intel.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Liming Gao <liming.gao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Jiewen Yao <jiewen.yao@intel.com>
---
 MdeModulePkg/Application/UiApp/FrontPageCustomizedUi.c | 34 ++++++++++++++++++++
 MdeModulePkg/Application/UiApp/FrontPageStrings.uni    |  8 ++++-
 MdeModulePkg/Application/UiApp/UiApp.inf               |  3 +-
 3 files changed, 43 insertions(+), 2 deletions(-)

diff --git a/MdeModulePkg/Application/UiApp/FrontPageCustomizedUi.c b/MdeModulePkg/Application/UiApp/FrontPageCustomizedUi.c
index 6e4f7b5..4070cd5 100644
--- a/MdeModulePkg/Application/UiApp/FrontPageCustomizedUi.c
+++ b/MdeModulePkg/Application/UiApp/FrontPageCustomizedUi.c
@@ -16,8 +16,14 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
 #include <Protocol/HiiConfigAccess.h>
 #include <Library/BaseLib.h>
 #include <Library/MemoryAllocationLib.h>
+#include "FrontPage.h"
 #include "FrontPageCustomizedUiSupport.h"
 
+#define TEST_KEY_USED_RECOVERY                 (BIT0 + BIT32)
+#define TEST_KEY_USED_FIRMWARE_UPDATE          (BIT1 + BIT33)
+
+extern FRONT_PAGE_CALLBACK_DATA  gFrontPagePrivate;
+
 /**
   Customize menus in the page.
 
@@ -129,4 +135,32 @@ UiCustomizeFrontPageBanner (
   IN OUT EFI_STRING     *BannerStr
   )
 {
+  UINT64  TestKeyUsed;
+  BOOLEAN TestKeyForRecovery;
+  BOOLEAN TestKeyForFirmwareUpdate;
+
+  if ((LineIndex == 5) && LeftOrRight) {
+    // Update STR_CUSTOMIZE_BANNER_LINE5_LEFT
+    TestKeyUsed = PcdGet64(PcdTestKeyUsed);
+    if ((TestKeyUsed & TEST_KEY_USED_RECOVERY) == TEST_KEY_USED_RECOVERY) {
+      TestKeyForRecovery = TRUE;
+    } else {
+      TestKeyForRecovery = FALSE;
+    }
+    if ((TestKeyUsed & TEST_KEY_USED_FIRMWARE_UPDATE) == TEST_KEY_USED_FIRMWARE_UPDATE) {
+      TestKeyForFirmwareUpdate = TRUE;
+    } else {
+      TestKeyForFirmwareUpdate = FALSE;
+    }
+    if (TestKeyForRecovery && TestKeyForFirmwareUpdate) {
+      *BannerStr = HiiGetString(gFrontPagePrivate.HiiHandle, STRING_TOKEN(STR_TEST_KEY_USED_RECOVERY_AND_FIRMWARE_UPDATE), NULL);
+    }
+    else if (TestKeyForRecovery) {
+      *BannerStr = HiiGetString(gFrontPagePrivate.HiiHandle, STRING_TOKEN(STR_TEST_KEY_USED_RECOVERY), NULL);
+    }
+    else if (TestKeyForFirmwareUpdate) {
+      *BannerStr = HiiGetString(gFrontPagePrivate.HiiHandle, STRING_TOKEN(STR_TEST_KEY_USED_FIRMWARE_UPDATE), NULL);
+    }
+  }
+  return;
 }
diff --git a/MdeModulePkg/Application/UiApp/FrontPageStrings.uni b/MdeModulePkg/Application/UiApp/FrontPageStrings.uni
index 71cb788..8ba19dc 100644
--- a/MdeModulePkg/Application/UiApp/FrontPageStrings.uni
+++ b/MdeModulePkg/Application/UiApp/FrontPageStrings.uni
@@ -2,7 +2,7 @@
 //
 //  String definitions for BdsPlatform formset.
 //
-//  Copyright (c) 2004 - 2015, Intel Corporation. All rights reserved.<BR>
+//  Copyright (c) 2004 - 2016, Intel Corporation. All rights reserved.<BR>
 //  This program and the accompanying materials
 //  are licensed and made available under the terms and conditions of the BSD License
 //  which accompanies this distribution.  The full text of the license may be found at
@@ -68,5 +68,11 @@
                                          #language fr-FR  ""
 #string STR_CUSTOMIZE_BANNER_LINE5_RIGHT #language en-US  ""
                                          #language fr-FR  ""
+#string STR_TEST_KEY_USED_RECOVERY                       #language en-US  "WARNING: Test key is used for recovery."
+                                                         #language fr-FR  "WARNING: Test key is used for recovery."
+#string STR_TEST_KEY_USED_FIRMWARE_UPDATE                #language en-US  "WARNING: Test key is used for firmware update."
+                                                         #language fr-FR  "WARNING: Test key is used for firmware update."
+#string STR_TEST_KEY_USED_RECOVERY_AND_FIRMWARE_UPDATE   #language en-US  "WARNING: Test key is used for recovery and update."
+                                                         #language fr-FR  "WARNING: Test key is used for recovery and update."
 #string STR_NULL_STRING                #language en-US  " "
                                        #language fr-FR  " "
diff --git a/MdeModulePkg/Application/UiApp/UiApp.inf b/MdeModulePkg/Application/UiApp/UiApp.inf
index 6df6e47..d144462 100644
--- a/MdeModulePkg/Application/UiApp/UiApp.inf
+++ b/MdeModulePkg/Application/UiApp/UiApp.inf
@@ -1,7 +1,7 @@
 ## @file
 #  UiApp module is driver for BDS phase.
 #
-#  Copyright (c) 2011 - 2015, Intel Corporation. All rights reserved.<BR>
+#  Copyright (c) 2011 - 2016, Intel Corporation. All rights reserved.<BR>
 #  This program and the accompanying materials
 #  are licensed and made available under the terms and conditions of the BSD License
 #  which accompanies this distribution.  The full text of the license may be found at
@@ -82,6 +82,7 @@
   gEfiMdeModulePkgTokenSpaceGuid.PcdSetupVideoHorizontalResolution  ## CONSUMES
   gEfiMdeModulePkgTokenSpaceGuid.PcdSetupVideoVerticalResolution    ## CONSUMES
   gEfiMdeModulePkgTokenSpaceGuid.PcdFirmwareVersionString           ## CONSUMES
+  gEfiMdeModulePkgTokenSpaceGuid.PcdTestKeyUsed                     ## CONSUMES
 
 [UserExtensions.TianoCore."ExtraFiles"]
   UiAppExtra.uni
-- 
2.7.4.windows.1

[PATCH 3/4] QuarkPlatformPkg/Bds: Produce PcdTestKeyUsed.

[Jiewen Yao]

Update BDS to produce PcdTestKeyUsed to indicate if there is any
test key used in current BIOS, such as recovery key,
or capsule update key.

Then the generic UI may consume this PCD to show warning information.

Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Kelly Steele <kelly.steele@intel.com>
Cc: Eric Dong <eric.dong@intel.com>
Cc: Ruiyu Ni <ruiyu.ni@intel.com>
Cc: Feng Tian <feng.tian@intel.com>
Cc: Star Zeng <star.zeng@intel.com>
Cc: Liming Gao <liming.gao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Jiewen Yao <jiewen.yao@intel.com>
---
 QuarkPlatformPkg/Library/PlatformBootManagerLib/PlatformBootManager.c      | 11 +++++++++++
 QuarkPlatformPkg/Library/PlatformBootManagerLib/PlatformBootManager.h      |  5 +++++
 QuarkPlatformPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf |  1 +
 3 files changed, 17 insertions(+)

diff --git a/QuarkPlatformPkg/Library/PlatformBootManagerLib/PlatformBootManager.c b/QuarkPlatformPkg/Library/PlatformBootManagerLib/PlatformBootManager.c
index 77c1efc..6fccf8d 100644
--- a/QuarkPlatformPkg/Library/PlatformBootManagerLib/PlatformBootManager.c
+++ b/QuarkPlatformPkg/Library/PlatformBootManagerLib/PlatformBootManager.c
@@ -344,6 +344,7 @@ PlatformBootManagerAfterConsole (
   ESRT_MANAGEMENT_PROTOCOL       *EsrtManagement;
   VOID                           *Buffer;
   UINTN                          Size;
+  UINT64                         TestKeyUsed;
 
   Status = gBS->LocateProtocol(&gEsrtManagementProtocolGuid, NULL, (VOID **)&EsrtManagement);
   if (EFI_ERROR(Status)) {
@@ -416,10 +417,15 @@ PlatformBootManagerAfterConsole (
              &Size
              );
   if (!EFI_ERROR(Status)) {
+    TestKeyUsed = PcdGet64(PcdTestKeyUsed);
     if ((Size == PcdGetSize(PcdRsa2048Sha256PublicKeyBuffer)) &&
         (CompareMem(Buffer, PcdGetPtr(PcdRsa2048Sha256PublicKeyBuffer), Size) == 0)) {
       Print(L"WARNING: Recovery Test Key is used.\n");
+      TestKeyUsed |= TEST_KEY_USED_RECOVERY;
+    } else {
+      TestKeyUsed |= NO_TEST_KEY_USED_RECOVERY;
     }
+    PcdSet64S(PcdTestKeyUsed, TestKeyUsed);
     FreePool(Buffer);
   }
   Status = GetSectionFromAnyFv(
@@ -430,10 +436,15 @@ PlatformBootManagerAfterConsole (
              &Size
              );
   if (!EFI_ERROR(Status)) {
+    TestKeyUsed = PcdGet64(PcdTestKeyUsed);
     if ((Size == PcdGetSize(PcdPkcs7CertBuffer)) &&
         (CompareMem(Buffer, PcdGetPtr(PcdPkcs7CertBuffer), Size) == 0)) {
       Print(L"WARNING: Capsule Test Key is used.\n");
+      TestKeyUsed |= TEST_KEY_USED_FIRMWARE_UPDATE;
+    } else {
+      TestKeyUsed |= NO_TEST_KEY_USED_FIRMWARE_UPDATE;
     }
+    PcdSet64S(PcdTestKeyUsed, TestKeyUsed);
     FreePool(Buffer);
   }
 
diff --git a/QuarkPlatformPkg/Library/PlatformBootManagerLib/PlatformBootManager.h b/QuarkPlatformPkg/Library/PlatformBootManagerLib/PlatformBootManager.h
index 395f78b..7fffe77 100644
--- a/QuarkPlatformPkg/Library/PlatformBootManagerLib/PlatformBootManager.h
+++ b/QuarkPlatformPkg/Library/PlatformBootManagerLib/PlatformBootManager.h
@@ -41,6 +41,11 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
 #include <Library/CapsuleLib.h>
 #include <Library/DxeServicesLib.h>
 
+#define TEST_KEY_USED_RECOVERY                 (BIT0 + BIT32)
+#define TEST_KEY_USED_FIRMWARE_UPDATE          (BIT1 + BIT33)
+#define NO_TEST_KEY_USED_RECOVERY              (BIT32)
+#define NO_TEST_KEY_USED_FIRMWARE_UPDATE       (BIT33)
+
 typedef struct {
   EFI_DEVICE_PATH_PROTOCOL  *DevicePath;
   UINTN                     ConnectType;
diff --git a/QuarkPlatformPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf b/QuarkPlatformPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf
index 09a01d3..eadf1fe 100644
--- a/QuarkPlatformPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf
+++ b/QuarkPlatformPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf
@@ -82,4 +82,5 @@
   gQuarkPlatformTokenSpaceGuid.PcdEdkiiPkcs7TestPublicKeyFileGuid
   gEfiSecurityPkgTokenSpaceGuid.PcdRsa2048Sha256PublicKeyBuffer
   gEfiSecurityPkgTokenSpaceGuid.PcdPkcs7CertBuffer
+  gEfiMdeModulePkgTokenSpaceGuid.PcdTestKeyUsed
 
-- 
2.7.4.windows.1

[PATCH 4/4] Vlv2TbleDevicePkg/Bds: Produce PcdTestKeyUsed.

[Jiewen Yao]

Update BDS to produce PcdTestKeyUsed to indicate if there is any
test key used in current BIOS, such as recovery key,
or capsule update key.

Then the generic UI may consume this PCD to show warning information.

Cc: David Wei <david.wei@intel.com>
Cc: Eric Dong <eric.dong@intel.com>
Cc: Ruiyu Ni <ruiyu.ni@intel.com>
Cc: Feng Tian <feng.tian@intel.com>
Cc: Star Zeng <star.zeng@intel.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Liming Gao <liming.gao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Jiewen Yao <jiewen.yao@intel.com>
---
 Vlv2TbltDevicePkg/Library/PlatformBdsLib/BdsPlatform.c      | 11 +++++++++++
 Vlv2TbltDevicePkg/Library/PlatformBdsLib/BdsPlatform.h      |  5 +++++
 Vlv2TbltDevicePkg/Library/PlatformBdsLib/PlatformBdsLib.inf |  2 ++
 3 files changed, 18 insertions(+)

diff --git a/Vlv2TbltDevicePkg/Library/PlatformBdsLib/BdsPlatform.c b/Vlv2TbltDevicePkg/Library/PlatformBdsLib/BdsPlatform.c
index 0dacac0..a699da1 100644
--- a/Vlv2TbltDevicePkg/Library/PlatformBdsLib/BdsPlatform.c
+++ b/Vlv2TbltDevicePkg/Library/PlatformBdsLib/BdsPlatform.c
@@ -2417,6 +2417,7 @@ ShowProgressHotKey (
   UINTN                         TmpStrSize;
   VOID                          *Buffer;
   UINTN                         Size;
+  UINT64                        TestKeyUsed;
 
   if (TimeoutDefault == 0) {
     return EFI_TIMEOUT;
@@ -2454,6 +2455,7 @@ ShowProgressHotKey (
              &Size
              );
   if (!EFI_ERROR(Status)) {
+    TestKeyUsed = PcdGet64(PcdTestKeyUsed);
     if ((Size == PcdGetSize(PcdRsa2048Sha256PublicKeyBuffer)) &&
         (CompareMem(Buffer, PcdGetPtr(PcdRsa2048Sha256PublicKeyBuffer), Size) == 0)) {
       TmpStr2 = L"WARNING: Recovery Test Key is used.\r\n";
@@ -2462,7 +2464,11 @@ ShowProgressHotKey (
       } else {
       SerialPortWrite((UINT8 *)"\n\nWARNING: Recovery Test Key is used.", sizeof("\n\nWARNING: Recovery Test Key is used."));
       }
+      TestKeyUsed |= TEST_KEY_USED_RECOVERY;
+    } else {
+      TestKeyUsed |= NO_TEST_KEY_USED_RECOVERY;
     }
+    PcdSet64S(PcdTestKeyUsed, TestKeyUsed);
     FreePool(Buffer);
   }
   Status = GetSectionFromAnyFv(
@@ -2473,6 +2479,7 @@ ShowProgressHotKey (
              &Size
              );
   if (!EFI_ERROR(Status)) {
+    TestKeyUsed = PcdGet64(PcdTestKeyUsed);
     if ((Size == PcdGetSize(PcdPkcs7CertBuffer)) &&
         (CompareMem(Buffer, PcdGetPtr(PcdPkcs7CertBuffer), Size) == 0)) {
       TmpStr3 = L"WARNING: Capsule Test Key is used.\r\n";
@@ -2481,7 +2488,11 @@ ShowProgressHotKey (
       } else {
         SerialPortWrite((UINT8 *)"\n\nWARNING: Capsule Test Key is used.", sizeof("\n\nWARNING: Capsule Test Key is used."));
       }
+      TestKeyUsed |= TEST_KEY_USED_FIRMWARE_UPDATE;
+    } else {
+      TestKeyUsed |= NO_TEST_KEY_USED_FIRMWARE_UPDATE;
     }
+    PcdSet64S(PcdTestKeyUsed, TestKeyUsed);
     FreePool(Buffer);
   }
 
diff --git a/Vlv2TbltDevicePkg/Library/PlatformBdsLib/BdsPlatform.h b/Vlv2TbltDevicePkg/Library/PlatformBdsLib/BdsPlatform.h
index d757243..8031035 100644
--- a/Vlv2TbltDevicePkg/Library/PlatformBdsLib/BdsPlatform.h
+++ b/Vlv2TbltDevicePkg/Library/PlatformBdsLib/BdsPlatform.h
@@ -67,6 +67,11 @@ Abstract:
 
 #include <IndustryStandard/Pci.h>
 
+#define TEST_KEY_USED_RECOVERY                 (BIT0 + BIT32)
+#define TEST_KEY_USED_FIRMWARE_UPDATE          (BIT1 + BIT33)
+#define NO_TEST_KEY_USED_RECOVERY              (BIT32)
+#define NO_TEST_KEY_USED_FIRMWARE_UPDATE       (BIT33)
+
 extern EFI_DEVICE_PATH_PROTOCOL  *gPlatformRootBridges [];
 extern BDS_CONSOLE_CONNECT_ENTRY gPlatformConsole [];
 extern EFI_DEVICE_PATH_PROTOCOL  *gPlatformAllPossiblePciVgaConsole [];
diff --git a/Vlv2TbltDevicePkg/Library/PlatformBdsLib/PlatformBdsLib.inf b/Vlv2TbltDevicePkg/Library/PlatformBdsLib/PlatformBdsLib.inf
index 6bcfb7f..7748e2d 100644
--- a/Vlv2TbltDevicePkg/Library/PlatformBdsLib/PlatformBdsLib.inf
+++ b/Vlv2TbltDevicePkg/Library/PlatformBdsLib/PlatformBdsLib.inf
@@ -125,3 +125,5 @@
   gPlatformModuleTokenSpaceGuid.PcdEdkiiPkcs7TestPublicKeyFileGuid
   gEfiSecurityPkgTokenSpaceGuid.PcdRsa2048Sha256PublicKeyBuffer
   gEfiSecurityPkgTokenSpaceGuid.PcdPkcs7CertBuffer
+  gEfiMdeModulePkgTokenSpaceGuid.PcdTestKeyUsed
+
-- 
2.7.4.windows.1

Re: [PATCH 0/4] Show test key info on front page

[Kinney, Michael D]

Jiewen,

It does not make sense to put the check for use of test keys into a platform specific 
library that requires every platform to implement that logic. The real consumers of these 
keys are the section extraction libs in the SecurityPkg.  Can we move these checks into
those libraries?

Mike 

> -----Original Message-----
> From: edk2-devel [mailto:edk2-devel-bounces@lists.01.org] On Behalf Of Jiewen Yao
> Sent: Sunday, October 9, 2016 4:58 AM
> To: edk2-devel@lists.01.org
> Subject: [edk2] [PATCH 0/4] Show test key info on front page
> 
> This series patch supports to show the test key information
> on the front page.
> PcdTestKeyUsed is added to MdeModulePkg.
> 
> This PCD can be set by platform to indicate if there is any
> test key used in current BIOS, such as recovery key,
> or capsule update key.
> Then the generic UI may consume this PCD to show warning information.
> 
> Jiewen Yao (4):
>   MdeModulePkg/dec: Add PcdTestKeyUsed PCD.
>   MdeModulePkg/UiApp: Show test key warning info in FrontPage.
>   QuarkPlatformPkg/Bds: Produce PcdTestKeyUsed.
>   Vlv2TbleDevicePkg/Bds: Produce PcdTestKeyUsed.
> 
>  MdeModulePkg/Application/UiApp/FrontPageCustomizedUi.c                     | 34
> ++++++++++++++++++++
>  MdeModulePkg/Application/UiApp/FrontPageStrings.uni                        |  8
> ++++-
>  MdeModulePkg/Application/UiApp/UiApp.inf                                   |  3 +-
>  MdeModulePkg/MdeModulePkg.dec                                              | 11
> +++++++
>  QuarkPlatformPkg/Library/PlatformBootManagerLib/PlatformBootManager.c      | 11
> +++++++
>  QuarkPlatformPkg/Library/PlatformBootManagerLib/PlatformBootManager.h      |  5 +++
>  QuarkPlatformPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf |  1 +
>  Vlv2TbltDevicePkg/Library/PlatformBdsLib/BdsPlatform.c                     | 11
> +++++++
>  Vlv2TbltDevicePkg/Library/PlatformBdsLib/BdsPlatform.h                     |  5 +++
>  Vlv2TbltDevicePkg/Library/PlatformBdsLib/PlatformBdsLib.inf                |  2 ++
>  10 files changed, 89 insertions(+), 2 deletions(-)
> 
> --
> 2.7.4.windows.1
> 
> _______________________________________________
> edk2-devel mailing list
> edk2-devel@lists.01.org
> https://lists.01.org/mailman/listinfo/edk2-devel

Re: [PATCH 4/4] Vlv2TbleDevicePkg/Bds: Produce PcdTestKeyUsed.

[Wei, David]

Reviewed-by: David Wei <david.wei@intel.com>


Thanks,
David  Wei                                 

-----Original Message-----
From: Yao, Jiewen 
Sent: Sunday, October 09, 2016 7:59 PM
To: edk2-devel@lists.01.org
Cc: Wei, David <david.wei@intel.com>; Dong, Eric <eric.dong@intel.com>; Ni, Ruiyu <ruiyu.ni@intel.com>; Tian, Feng <feng.tian@intel.com>; Zeng, Star <star.zeng@intel.com>; Kinney, Michael D <michael.d.kinney@intel.com>; Gao, Liming <liming.gao@intel.com>
Subject: [PATCH 4/4] Vlv2TbleDevicePkg/Bds: Produce PcdTestKeyUsed.

Update BDS to produce PcdTestKeyUsed to indicate if there is any
test key used in current BIOS, such as recovery key,
or capsule update key.

Then the generic UI may consume this PCD to show warning information.

Cc: David Wei <david.wei@intel.com>
Cc: Eric Dong <eric.dong@intel.com>
Cc: Ruiyu Ni <ruiyu.ni@intel.com>
Cc: Feng Tian <feng.tian@intel.com>
Cc: Star Zeng <star.zeng@intel.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Liming Gao <liming.gao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Jiewen Yao <jiewen.yao@intel.com>
---
 Vlv2TbltDevicePkg/Library/PlatformBdsLib/BdsPlatform.c      | 11 +++++++++++
 Vlv2TbltDevicePkg/Library/PlatformBdsLib/BdsPlatform.h      |  5 +++++
 Vlv2TbltDevicePkg/Library/PlatformBdsLib/PlatformBdsLib.inf |  2 ++
 3 files changed, 18 insertions(+)

diff --git a/Vlv2TbltDevicePkg/Library/PlatformBdsLib/BdsPlatform.c b/Vlv2TbltDevicePkg/Library/PlatformBdsLib/BdsPlatform.c
index 0dacac0..a699da1 100644
--- a/Vlv2TbltDevicePkg/Library/PlatformBdsLib/BdsPlatform.c
+++ b/Vlv2TbltDevicePkg/Library/PlatformBdsLib/BdsPlatform.c
@@ -2417,6 +2417,7 @@ ShowProgressHotKey (
   UINTN                         TmpStrSize;
   VOID                          *Buffer;
   UINTN                         Size;
+  UINT64                        TestKeyUsed;
 
   if (TimeoutDefault == 0) {
     return EFI_TIMEOUT;
@@ -2454,6 +2455,7 @@ ShowProgressHotKey (
              &Size
              );
   if (!EFI_ERROR(Status)) {
+    TestKeyUsed = PcdGet64(PcdTestKeyUsed);
     if ((Size == PcdGetSize(PcdRsa2048Sha256PublicKeyBuffer)) &&
         (CompareMem(Buffer, PcdGetPtr(PcdRsa2048Sha256PublicKeyBuffer), Size) == 0)) {
       TmpStr2 = L"WARNING: Recovery Test Key is used.\r\n";
@@ -2462,7 +2464,11 @@ ShowProgressHotKey (
       } else {
       SerialPortWrite((UINT8 *)"\n\nWARNING: Recovery Test Key is used.", sizeof("\n\nWARNING: Recovery Test Key is used."));
       }
+      TestKeyUsed |= TEST_KEY_USED_RECOVERY;
+    } else {
+      TestKeyUsed |= NO_TEST_KEY_USED_RECOVERY;
     }
+    PcdSet64S(PcdTestKeyUsed, TestKeyUsed);
     FreePool(Buffer);
   }
   Status = GetSectionFromAnyFv(
@@ -2473,6 +2479,7 @@ ShowProgressHotKey (
              &Size
              );
   if (!EFI_ERROR(Status)) {
+    TestKeyUsed = PcdGet64(PcdTestKeyUsed);
     if ((Size == PcdGetSize(PcdPkcs7CertBuffer)) &&
         (CompareMem(Buffer, PcdGetPtr(PcdPkcs7CertBuffer), Size) == 0)) {
       TmpStr3 = L"WARNING: Capsule Test Key is used.\r\n";
@@ -2481,7 +2488,11 @@ ShowProgressHotKey (
       } else {
         SerialPortWrite((UINT8 *)"\n\nWARNING: Capsule Test Key is used.", sizeof("\n\nWARNING: Capsule Test Key is used."));
       }
+      TestKeyUsed |= TEST_KEY_USED_FIRMWARE_UPDATE;
+    } else {
+      TestKeyUsed |= NO_TEST_KEY_USED_FIRMWARE_UPDATE;
     }
+    PcdSet64S(PcdTestKeyUsed, TestKeyUsed);
     FreePool(Buffer);
   }
 
diff --git a/Vlv2TbltDevicePkg/Library/PlatformBdsLib/BdsPlatform.h b/Vlv2TbltDevicePkg/Library/PlatformBdsLib/BdsPlatform.h
index d757243..8031035 100644
--- a/Vlv2TbltDevicePkg/Library/PlatformBdsLib/BdsPlatform.h
+++ b/Vlv2TbltDevicePkg/Library/PlatformBdsLib/BdsPlatform.h
@@ -67,6 +67,11 @@ Abstract:
 
 #include <IndustryStandard/Pci.h>
 
+#define TEST_KEY_USED_RECOVERY                 (BIT0 + BIT32)
+#define TEST_KEY_USED_FIRMWARE_UPDATE          (BIT1 + BIT33)
+#define NO_TEST_KEY_USED_RECOVERY              (BIT32)
+#define NO_TEST_KEY_USED_FIRMWARE_UPDATE       (BIT33)
+
 extern EFI_DEVICE_PATH_PROTOCOL  *gPlatformRootBridges [];
 extern BDS_CONSOLE_CONNECT_ENTRY gPlatformConsole [];
 extern EFI_DEVICE_PATH_PROTOCOL  *gPlatformAllPossiblePciVgaConsole [];
diff --git a/Vlv2TbltDevicePkg/Library/PlatformBdsLib/PlatformBdsLib.inf b/Vlv2TbltDevicePkg/Library/PlatformBdsLib/PlatformBdsLib.inf
index 6bcfb7f..7748e2d 100644
--- a/Vlv2TbltDevicePkg/Library/PlatformBdsLib/PlatformBdsLib.inf
+++ b/Vlv2TbltDevicePkg/Library/PlatformBdsLib/PlatformBdsLib.inf
@@ -125,3 +125,5 @@
   gPlatformModuleTokenSpaceGuid.PcdEdkiiPkcs7TestPublicKeyFileGuid
   gEfiSecurityPkgTokenSpaceGuid.PcdRsa2048Sha256PublicKeyBuffer
   gEfiSecurityPkgTokenSpaceGuid.PcdPkcs7CertBuffer
+  gEfiMdeModulePkgTokenSpaceGuid.PcdTestKeyUsed
+
-- 
2.7.4.windows.1

Re: [PATCH 2/4] MdeModulePkg/UiApp: Show test key warning info in FrontPage.

[Dong, Eric]

Jiewen,

For below code, the Banner is IN/OUT type. If the old value is not NULL, you should free the old buffer before point to new one.

> +    if (TestKeyForRecovery && TestKeyForFirmwareUpdate) {
> +      *BannerStr = HiiGetString(gFrontPagePrivate.HiiHandle,
> STRING_TOKEN(STR_TEST_KEY_USED_RECOVERY_AND_FIRMWARE_UPDATE), NULL);
> +    }
> +    else if (TestKeyForRecovery) {
> +      *BannerStr = HiiGetString(gFrontPagePrivate.HiiHandle, STRING_TOKEN(STR_TEST_KEY_USED_RECOVERY), NULL);
> +    }
> +    else if (TestKeyForFirmwareUpdate) {
> +      *BannerStr = HiiGetString(gFrontPagePrivate.HiiHandle, STRING_TOKEN(STR_TEST_KEY_USED_FIRMWARE_UPDATE), NULL);
> +    }

Thanks,
Eric

> -----Original Message-----
> From: Yao, Jiewen
> Sent: Sunday, October 09, 2016 7:59 PM
> To: edk2-devel@lists.01.org
> Cc: Dong, Eric; Ni, Ruiyu; Tian, Feng; Zeng, Star; Kinney, Michael D; Gao, Liming
> Subject: [PATCH 2/4] MdeModulePkg/UiApp: Show test key warning info in FrontPage.
> 
> The UiApp is updated to consume PcdTestKeyUsed to know if there is any
> test key used in current BIOS, such as recovery key,
> or capsule update key.
> Then UiApp show warning information in front page.
> 
> Cc: Eric Dong <eric.dong@intel.com>
> Cc: Ruiyu Ni <ruiyu.ni@intel.com>
> Cc: Feng Tian <feng.tian@intel.com>
> Cc: Star Zeng <star.zeng@intel.com>
> Cc: Michael D Kinney <michael.d.kinney@intel.com>
> Cc: Liming Gao <liming.gao@intel.com>
> Contributed-under: TianoCore Contribution Agreement 1.0
> Signed-off-by: Jiewen Yao <jiewen.yao@intel.com>
> ---
>  MdeModulePkg/Application/UiApp/FrontPageCustomizedUi.c | 34 ++++++++++++++++++++
>  MdeModulePkg/Application/UiApp/FrontPageStrings.uni    |  8 ++++-
>  MdeModulePkg/Application/UiApp/UiApp.inf               |  3 +-
>  3 files changed, 43 insertions(+), 2 deletions(-)
> 
> diff --git a/MdeModulePkg/Application/UiApp/FrontPageCustomizedUi.c b/MdeModulePkg/Application/UiApp/FrontPageCustomizedUi.c
> index 6e4f7b5..4070cd5 100644
> --- a/MdeModulePkg/Application/UiApp/FrontPageCustomizedUi.c
> +++ b/MdeModulePkg/Application/UiApp/FrontPageCustomizedUi.c
> @@ -16,8 +16,14 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
>  #include <Protocol/HiiConfigAccess.h>
>  #include <Library/BaseLib.h>
>  #include <Library/MemoryAllocationLib.h>
> +#include "FrontPage.h"
>  #include "FrontPageCustomizedUiSupport.h"
> 
> +#define TEST_KEY_USED_RECOVERY                 (BIT0 + BIT32)
> +#define TEST_KEY_USED_FIRMWARE_UPDATE          (BIT1 + BIT33)
> +
> +extern FRONT_PAGE_CALLBACK_DATA  gFrontPagePrivate;
> +
>  /**
>    Customize menus in the page.
> 
> @@ -129,4 +135,32 @@ UiCustomizeFrontPageBanner (
>    IN OUT EFI_STRING     *BannerStr
>    )
>  {
> +  UINT64  TestKeyUsed;
> +  BOOLEAN TestKeyForRecovery;
> +  BOOLEAN TestKeyForFirmwareUpdate;
> +
> +  if ((LineIndex == 5) && LeftOrRight) {
> +    // Update STR_CUSTOMIZE_BANNER_LINE5_LEFT
> +    TestKeyUsed = PcdGet64(PcdTestKeyUsed);
> +    if ((TestKeyUsed & TEST_KEY_USED_RECOVERY) == TEST_KEY_USED_RECOVERY) {
> +      TestKeyForRecovery = TRUE;
> +    } else {
> +      TestKeyForRecovery = FALSE;
> +    }
> +    if ((TestKeyUsed & TEST_KEY_USED_FIRMWARE_UPDATE) == TEST_KEY_USED_FIRMWARE_UPDATE) {
> +      TestKeyForFirmwareUpdate = TRUE;
> +    } else {
> +      TestKeyForFirmwareUpdate = FALSE;
> +    }
> +    if (TestKeyForRecovery && TestKeyForFirmwareUpdate) {
> +      *BannerStr = HiiGetString(gFrontPagePrivate.HiiHandle,
> STRING_TOKEN(STR_TEST_KEY_USED_RECOVERY_AND_FIRMWARE_UPDATE), NULL);
> +    }
> +    else if (TestKeyForRecovery) {
> +      *BannerStr = HiiGetString(gFrontPagePrivate.HiiHandle, STRING_TOKEN(STR_TEST_KEY_USED_RECOVERY), NULL);
> +    }
> +    else if (TestKeyForFirmwareUpdate) {
> +      *BannerStr = HiiGetString(gFrontPagePrivate.HiiHandle, STRING_TOKEN(STR_TEST_KEY_USED_FIRMWARE_UPDATE), NULL);
> +    }
> +  }
> +  return;
>  }
> diff --git a/MdeModulePkg/Application/UiApp/FrontPageStrings.uni b/MdeModulePkg/Application/UiApp/FrontPageStrings.uni
> index 71cb788..8ba19dc 100644
> --- a/MdeModulePkg/Application/UiApp/FrontPageStrings.uni
> +++ b/MdeModulePkg/Application/UiApp/FrontPageStrings.uni
> @@ -2,7 +2,7 @@
>  //
>  //  String definitions for BdsPlatform formset.
>  //
> -//  Copyright (c) 2004 - 2015, Intel Corporation. All rights reserved.<BR>
> +//  Copyright (c) 2004 - 2016, Intel Corporation. All rights reserved.<BR>
>  //  This program and the accompanying materials
>  //  are licensed and made available under the terms and conditions of the BSD License
>  //  which accompanies this distribution.  The full text of the license may be found at
> @@ -68,5 +68,11 @@
>                                           #language fr-FR  ""
>  #string STR_CUSTOMIZE_BANNER_LINE5_RIGHT #language en-US  ""
>                                           #language fr-FR  ""
> +#string STR_TEST_KEY_USED_RECOVERY                       #language en-US  "WARNING: Test key is used for recovery."
> +                                                         #language fr-FR  "WARNING: Test key is used for recovery."
> +#string STR_TEST_KEY_USED_FIRMWARE_UPDATE                #language en-US  "WARNING: Test key is used for firmware update."
> +                                                         #language fr-FR  "WARNING: Test key is used for firmware update."
> +#string STR_TEST_KEY_USED_RECOVERY_AND_FIRMWARE_UPDATE   #language en-US  "WARNING: Test key is used for recovery and
> update."
> +                                                         #language fr-FR  "WARNING: Test key is used for recovery and update."
>  #string STR_NULL_STRING                #language en-US  " "
>                                         #language fr-FR  " "
> diff --git a/MdeModulePkg/Application/UiApp/UiApp.inf b/MdeModulePkg/Application/UiApp/UiApp.inf
> index 6df6e47..d144462 100644
> --- a/MdeModulePkg/Application/UiApp/UiApp.inf
> +++ b/MdeModulePkg/Application/UiApp/UiApp.inf
> @@ -1,7 +1,7 @@
>  ## @file
>  #  UiApp module is driver for BDS phase.
>  #
> -#  Copyright (c) 2011 - 2015, Intel Corporation. All rights reserved.<BR>
> +#  Copyright (c) 2011 - 2016, Intel Corporation. All rights reserved.<BR>
>  #  This program and the accompanying materials
>  #  are licensed and made available under the terms and conditions of the BSD License
>  #  which accompanies this distribution.  The full text of the license may be found at
> @@ -82,6 +82,7 @@
>    gEfiMdeModulePkgTokenSpaceGuid.PcdSetupVideoHorizontalResolution  ## CONSUMES
>    gEfiMdeModulePkgTokenSpaceGuid.PcdSetupVideoVerticalResolution    ## CONSUMES
>    gEfiMdeModulePkgTokenSpaceGuid.PcdFirmwareVersionString           ## CONSUMES
> +  gEfiMdeModulePkgTokenSpaceGuid.PcdTestKeyUsed                     ## CONSUMES
> 
>  [UserExtensions.TianoCore."ExtraFiles"]
>    UiAppExtra.uni
> --
> 2.7.4.windows.1

Re: [PATCH 0/4] Show test key info on front page

[Gao, Liming]

Jiewen:
  If the test key file is not built into BIOS image, BIOS code can't verify the key is test key or not. I understand PcdTestKeyUsed high bit is designed for this case. But, I don't find UiApp logic to handle it. 

  Besides, could we find one common header to define BITS for PcdTestKeyUsed? If so, you don't need to define them in every module. 

Thanks
Liming
> -----Original Message-----
> From: edk2-devel [mailto:edk2-devel-bounces@lists.01.org] On Behalf Of
> Jiewen Yao
> Sent: Sunday, October 09, 2016 7:58 PM
> To: edk2-devel@lists.01.org
> Subject: [edk2] [PATCH 0/4] Show test key info on front page
> 
> This series patch supports to show the test key information
> on the front page.
> PcdTestKeyUsed is added to MdeModulePkg.
> 
> This PCD can be set by platform to indicate if there is any
> test key used in current BIOS, such as recovery key,
> or capsule update key.
> Then the generic UI may consume this PCD to show warning information.
> 
> Jiewen Yao (4):
>   MdeModulePkg/dec: Add PcdTestKeyUsed PCD.
>   MdeModulePkg/UiApp: Show test key warning info in FrontPage.
>   QuarkPlatformPkg/Bds: Produce PcdTestKeyUsed.
>   Vlv2TbleDevicePkg/Bds: Produce PcdTestKeyUsed.
> 
>  MdeModulePkg/Application/UiApp/FrontPageCustomizedUi.c                     |
> 34 ++++++++++++++++++++
>  MdeModulePkg/Application/UiApp/FrontPageStrings.uni                        |  8
> ++++-
>  MdeModulePkg/Application/UiApp/UiApp.inf                                   |  3 +-
>  MdeModulePkg/MdeModulePkg.dec                                              | 11 +++++++
> 
> QuarkPlatformPkg/Library/PlatformBootManagerLib/PlatformBootManager.
> c      | 11 +++++++
> 
> QuarkPlatformPkg/Library/PlatformBootManagerLib/PlatformBootManager.
> h      |  5 +++
> 
> QuarkPlatformPkg/Library/PlatformBootManagerLib/PlatformBootManagerL
> ib.inf |  1 +
>  Vlv2TbltDevicePkg/Library/PlatformBdsLib/BdsPlatform.c                     | 11
> +++++++
>  Vlv2TbltDevicePkg/Library/PlatformBdsLib/BdsPlatform.h                     |  5 +++
>  Vlv2TbltDevicePkg/Library/PlatformBdsLib/PlatformBdsLib.inf                |  2 ++
>  10 files changed, 89 insertions(+), 2 deletions(-)
> 
> --
> 2.7.4.windows.1
> 
> _______________________________________________
> edk2-devel mailing list
> edk2-devel@lists.01.org
> https://lists.01.org/mailman/listinfo/edk2-devel

Re: [PATCH 0/4] Show test key info on front page

[Yao, Jiewen]

Hi Mike
That is a good idea, which we did consider that before.

However, the problem is: Only Platform know which key is recovery key and which key is capsule update key.

The SecurityPkg only knows it is RSA2048SHA256 key or PKCS7 cert, it does not know what is the purpose.
It is also legal that a platform is choose another instance besides PKCS7 or RSA2048SHA256, such as SM2, which is a Chinese algo, for recovery or capsule update.

What we want to show in the UI is the "purpose" of key, not the "algorithm" of the key.
PlatformPkg knows the former, while SecurityPkg knows the latter.

Please let me know your thought.


Thank you
Yao Jiewen

From: Kinney, Michael D
Sent: Monday, October 10, 2016 1:25 AM
To: Yao, Jiewen <jiewen.yao@intel.com>; edk2-devel@lists.01.org; Kinney, Michael D <michael.d.kinney@intel.com>
Subject: RE: [edk2] [PATCH 0/4] Show test key info on front page

Jiewen,

It does not make sense to put the check for use of test keys into a platform specific
library that requires every platform to implement that logic. The real consumers of these
keys are the section extraction libs in the SecurityPkg.  Can we move these checks into
those libraries?

Mike

> -----Original Message-----
> From: edk2-devel [mailto:edk2-devel-bounces@lists.01.org] On Behalf Of Jiewen Yao
> Sent: Sunday, October 9, 2016 4:58 AM
> To: edk2-devel@lists.01.org<mailto:edk2-devel@lists.01.org>
> Subject: [edk2] [PATCH 0/4] Show test key info on front page
>
> This series patch supports to show the test key information
> on the front page.
> PcdTestKeyUsed is added to MdeModulePkg.
>
> This PCD can be set by platform to indicate if there is any
> test key used in current BIOS, such as recovery key,
> or capsule update key.
> Then the generic UI may consume this PCD to show warning information.
>
> Jiewen Yao (4):
>   MdeModulePkg/dec: Add PcdTestKeyUsed PCD.
>   MdeModulePkg/UiApp: Show test key warning info in FrontPage.
>   QuarkPlatformPkg/Bds: Produce PcdTestKeyUsed.
>   Vlv2TbleDevicePkg/Bds: Produce PcdTestKeyUsed.
>
>  MdeModulePkg/Application/UiApp/FrontPageCustomizedUi.c                     | 34
> ++++++++++++++++++++
>  MdeModulePkg/Application/UiApp/FrontPageStrings.uni                        |  8
> ++++-
>  MdeModulePkg/Application/UiApp/UiApp.inf                                   |  3 +-
>  MdeModulePkg/MdeModulePkg.dec                                              | 11
> +++++++
>  QuarkPlatformPkg/Library/PlatformBootManagerLib/PlatformBootManager.c      | 11
> +++++++
>  QuarkPlatformPkg/Library/PlatformBootManagerLib/PlatformBootManager.h      |  5 +++
>  QuarkPlatformPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf |  1 +
>  Vlv2TbltDevicePkg/Library/PlatformBdsLib/BdsPlatform.c                     | 11
> +++++++
>  Vlv2TbltDevicePkg/Library/PlatformBdsLib/BdsPlatform.h                     |  5 +++
>  Vlv2TbltDevicePkg/Library/PlatformBdsLib/PlatformBdsLib.inf                |  2 ++
>  10 files changed, 89 insertions(+), 2 deletions(-)
>
> --
> 2.7.4.windows.1
>
> _______________________________________________
> edk2-devel mailing list
> edk2-devel@lists.01.org<mailto:edk2-devel@lists.01.org>
> https://lists.01.org/mailman/listinfo/edk2-devel

Re: [PATCH 2/4] MdeModulePkg/UiApp: Show test key warning info in FrontPage.

[Yao, Jiewen]

Thanks. Got it.
I will fix it.

From: Dong, Eric
Sent: Monday, October 10, 2016 9:28 AM
To: Yao, Jiewen <jiewen.yao@intel.com>; edk2-devel@lists.01.org
Cc: Ni, Ruiyu <ruiyu.ni@intel.com>; Tian, Feng <feng.tian@intel.com>; Zeng, Star <star.zeng@intel.com>; Kinney, Michael D <michael.d.kinney@intel.com>; Gao, Liming <liming.gao@intel.com>
Subject: RE: [PATCH 2/4] MdeModulePkg/UiApp: Show test key warning info in FrontPage.

Jiewen,

For below code, the Banner is IN/OUT type. If the old value is not NULL, you should free the old buffer before point to new one.

> +    if (TestKeyForRecovery && TestKeyForFirmwareUpdate) {
> +      *BannerStr = HiiGetString(gFrontPagePrivate.HiiHandle,
> STRING_TOKEN(STR_TEST_KEY_USED_RECOVERY_AND_FIRMWARE_UPDATE), NULL);
> +    }
> +    else if (TestKeyForRecovery) {
> +      *BannerStr = HiiGetString(gFrontPagePrivate.HiiHandle, STRING_TOKEN(STR_TEST_KEY_USED_RECOVERY), NULL);
> +    }
> +    else if (TestKeyForFirmwareUpdate) {
> +      *BannerStr = HiiGetString(gFrontPagePrivate.HiiHandle, STRING_TOKEN(STR_TEST_KEY_USED_FIRMWARE_UPDATE), NULL);
> +    }

Thanks,
Eric

> -----Original Message-----
> From: Yao, Jiewen
> Sent: Sunday, October 09, 2016 7:59 PM
> To: edk2-devel@lists.01.org<mailto:edk2-devel@lists.01.org>
> Cc: Dong, Eric; Ni, Ruiyu; Tian, Feng; Zeng, Star; Kinney, Michael D; Gao, Liming
> Subject: [PATCH 2/4] MdeModulePkg/UiApp: Show test key warning info in FrontPage.
>
> The UiApp is updated to consume PcdTestKeyUsed to know if there is any
> test key used in current BIOS, such as recovery key,
> or capsule update key.
> Then UiApp show warning information in front page.
>
> Cc: Eric Dong <eric.dong@intel.com<mailto:eric.dong@intel.com>>
> Cc: Ruiyu Ni <ruiyu.ni@intel.com<mailto:ruiyu.ni@intel.com>>
> Cc: Feng Tian <feng.tian@intel.com<mailto:feng.tian@intel.com>>
> Cc: Star Zeng <star.zeng@intel.com<mailto:star.zeng@intel.com>>
> Cc: Michael D Kinney <michael.d.kinney@intel.com<mailto:michael.d.kinney@intel.com>>
> Cc: Liming Gao <liming.gao@intel.com<mailto:liming.gao@intel.com>>
> Contributed-under: TianoCore Contribution Agreement 1.0
> Signed-off-by: Jiewen Yao <jiewen.yao@intel.com<mailto:jiewen.yao@intel.com>>
> ---
>  MdeModulePkg/Application/UiApp/FrontPageCustomizedUi.c | 34 ++++++++++++++++++++
>  MdeModulePkg/Application/UiApp/FrontPageStrings.uni    |  8 ++++-
>  MdeModulePkg/Application/UiApp/UiApp.inf               |  3 +-
>  3 files changed, 43 insertions(+), 2 deletions(-)
>
> diff --git a/MdeModulePkg/Application/UiApp/FrontPageCustomizedUi.c b/MdeModulePkg/Application/UiApp/FrontPageCustomizedUi.c
> index 6e4f7b5..4070cd5 100644
> --- a/MdeModulePkg/Application/UiApp/FrontPageCustomizedUi.c
> +++ b/MdeModulePkg/Application/UiApp/FrontPageCustomizedUi.c
> @@ -16,8 +16,14 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
>  #include <Protocol/HiiConfigAccess.h>
>  #include <Library/BaseLib.h>
>  #include <Library/MemoryAllocationLib.h>
> +#include "FrontPage.h"
>  #include "FrontPageCustomizedUiSupport.h"
>
> +#define TEST_KEY_USED_RECOVERY                 (BIT0 + BIT32)
> +#define TEST_KEY_USED_FIRMWARE_UPDATE          (BIT1 + BIT33)
> +
> +extern FRONT_PAGE_CALLBACK_DATA  gFrontPagePrivate;
> +
>  /**
>    Customize menus in the page.
>
> @@ -129,4 +135,32 @@ UiCustomizeFrontPageBanner (
>    IN OUT EFI_STRING     *BannerStr
>    )
>  {
> +  UINT64  TestKeyUsed;
> +  BOOLEAN TestKeyForRecovery;
> +  BOOLEAN TestKeyForFirmwareUpdate;
> +
> +  if ((LineIndex == 5) && LeftOrRight) {
> +    // Update STR_CUSTOMIZE_BANNER_LINE5_LEFT
> +    TestKeyUsed = PcdGet64(PcdTestKeyUsed);
> +    if ((TestKeyUsed & TEST_KEY_USED_RECOVERY) == TEST_KEY_USED_RECOVERY) {
> +      TestKeyForRecovery = TRUE;
> +    } else {
> +      TestKeyForRecovery = FALSE;
> +    }
> +    if ((TestKeyUsed & TEST_KEY_USED_FIRMWARE_UPDATE) == TEST_KEY_USED_FIRMWARE_UPDATE) {
> +      TestKeyForFirmwareUpdate = TRUE;
> +    } else {
> +      TestKeyForFirmwareUpdate = FALSE;
> +    }
> +    if (TestKeyForRecovery && TestKeyForFirmwareUpdate) {
> +      *BannerStr = HiiGetString(gFrontPagePrivate.HiiHandle,
> STRING_TOKEN(STR_TEST_KEY_USED_RECOVERY_AND_FIRMWARE_UPDATE), NULL);
> +    }
> +    else if (TestKeyForRecovery) {
> +      *BannerStr = HiiGetString(gFrontPagePrivate.HiiHandle, STRING_TOKEN(STR_TEST_KEY_USED_RECOVERY), NULL);
> +    }
> +    else if (TestKeyForFirmwareUpdate) {
> +      *BannerStr = HiiGetString(gFrontPagePrivate.HiiHandle, STRING_TOKEN(STR_TEST_KEY_USED_FIRMWARE_UPDATE), NULL);
> +    }
> +  }
> +  return;
>  }
> diff --git a/MdeModulePkg/Application/UiApp/FrontPageStrings.uni b/MdeModulePkg/Application/UiApp/FrontPageStrings.uni
> index 71cb788..8ba19dc 100644
> --- a/MdeModulePkg/Application/UiApp/FrontPageStrings.uni
> +++ b/MdeModulePkg/Application/UiApp/FrontPageStrings.uni
> @@ -2,7 +2,7 @@
>  //
>  //  String definitions for BdsPlatform formset.
>  //
> -//  Copyright (c) 2004 - 2015, Intel Corporation. All rights reserved.<BR>
> +//  Copyright (c) 2004 - 2016, Intel Corporation. All rights reserved.<BR>
>  //  This program and the accompanying materials
>  //  are licensed and made available under the terms and conditions of the BSD License
>  //  which accompanies this distribution.  The full text of the license may be found at
> @@ -68,5 +68,11 @@
>                                           #language fr-FR  ""
>  #string STR_CUSTOMIZE_BANNER_LINE5_RIGHT #language en-US  ""
>                                           #language fr-FR  ""
> +#string STR_TEST_KEY_USED_RECOVERY                       #language en-US  "WARNING: Test key is used for recovery."
> +                                                         #language fr-FR  "WARNING: Test key is used for recovery."
> +#string STR_TEST_KEY_USED_FIRMWARE_UPDATE                #language en-US  "WARNING: Test key is used for firmware update."
> +                                                         #language fr-FR  "WARNING: Test key is used for firmware update."
> +#string STR_TEST_KEY_USED_RECOVERY_AND_FIRMWARE_UPDATE   #language en-US  "WARNING: Test key is used for recovery and
> update."
> +                                                         #language fr-FR  "WARNING: Test key is used for recovery and update."
>  #string STR_NULL_STRING                #language en-US  " "
>                                         #language fr-FR  " "
> diff --git a/MdeModulePkg/Application/UiApp/UiApp.inf b/MdeModulePkg/Application/UiApp/UiApp.inf
> index 6df6e47..d144462 100644
> --- a/MdeModulePkg/Application/UiApp/UiApp.inf
> +++ b/MdeModulePkg/Application/UiApp/UiApp.inf
> @@ -1,7 +1,7 @@
>  ## @file
>  #  UiApp module is driver for BDS phase.
>  #
> -#  Copyright (c) 2011 - 2015, Intel Corporation. All rights reserved.<BR>
> +#  Copyright (c) 2011 - 2016, Intel Corporation. All rights reserved.<BR>
>  #  This program and the accompanying materials
>  #  are licensed and made available under the terms and conditions of the BSD License
>  #  which accompanies this distribution.  The full text of the license may be found at
> @@ -82,6 +82,7 @@
>    gEfiMdeModulePkgTokenSpaceGuid.PcdSetupVideoHorizontalResolution  ## CONSUMES
>    gEfiMdeModulePkgTokenSpaceGuid.PcdSetupVideoVerticalResolution    ## CONSUMES
>    gEfiMdeModulePkgTokenSpaceGuid.PcdFirmwareVersionString           ## CONSUMES
> +  gEfiMdeModulePkgTokenSpaceGuid.PcdTestKeyUsed                     ## CONSUMES
>
>  [UserExtensions.TianoCore."ExtraFiles"]
>    UiAppExtra.uni
> --
> 2.7.4.windows.1