From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <bounce+27952+117324+7686176+12367111@groups.io>
Received: from mail02.groups.io (mail02.groups.io [66.175.222.108])
	by spool.mail.gandi.net (Postfix) with ESMTPS id B5F4EAC0A88
	for <rebecca@openfw.io>; Tue,  2 Apr 2024 05:03:52 +0000 (UTC)
DKIM-Signature: a=rsa-sha256; bh=HoFTfKRzkU8GwooqPBNMjZPlUOWQjG5XaCHzoa354pA=;
 c=relaxed/simple; d=groups.io;
 h=From:To:Cc:Subject:Date:Message-Id:MIME-Version:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Resent-Date:Resent-From:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Transfer-Encoding;
 s=20240206; t=1712034231; v=1;
 b=gpmbyxn9PpD9+c8USnEAZbc2EXt8cWx2JjYuNB3RZHx0YWyAhOM8t+vSLosatZlmE/fw26QB
 NHV5Fljo8ymLbqqWNeED860TbLcLHYtiWz8DxwgmID5bR43qhcC8kej+HM1bLPC3r0wD/nwk7Np
 tevZfMzjutRGdcood1tshXwJZLLW4j4EDVgWRQK8QXrP5qXHRvYbuOU8Dwm0LvlKK8ArkvCyqeJ
 M9s23/ViMzzp0X7NLKzHcBkACBAsSsZvsq1DF1iUQUW9U1o1EaccrGTWKEYMqbRRYLIjRNKT2a1
 h80ypojgR2G9vVC98TYo8UFB+lW1K8UhU2LvVg19wtbHA==
X-Received: by 127.0.0.2 with SMTP id JV8uYY7687511xr7vPS6wHlJ; Mon, 01 Apr 2024 22:03:51 -0700
X-Received: from mgamail.intel.com (mgamail.intel.com [198.175.65.19])
 by mx.groups.io with SMTP id smtpd.web11.5338.1712034230557412884
 for <devel@edk2.groups.io>;
 Mon, 01 Apr 2024 22:03:50 -0700
X-CSE-ConnectionGUID: VifWAQBES5emlSMihGoG3Q==
X-CSE-MsgGUID: T0fgeH7sRaWQtuNzPWzS0w==
X-IronPort-AV: E=McAfee;i="6600,9927,11031"; a="7038879"
X-IronPort-AV: E=Sophos;i="6.07,174,1708416000"; 
   d="scan'208";a="7038879"
X-Received: from fmviesa005.fm.intel.com ([10.60.135.145])
  by orvoesa111.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 01 Apr 2024 22:03:50 -0700
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="6.07,174,1708416000"; 
   d="scan'208";a="22379881"
X-Received: from mingtan1-desk1.ccr.corp.intel.com ([10.239.133.46])
  by fmviesa005.fm.intel.com with ESMTP; 01 Apr 2024 22:03:48 -0700
From: "Tan, Ming" <ming.tan@intel.com>
To: devel@edk2.groups.io
Cc: Min Xu <min.m.xu@intel.com>,
	Jiewen Yao <jiewen.yao@intel.com>,
	Dandan Bi <dandan.bi@intel.com>,
	Felix Polyudov <Felixp@ami.com>
Subject: [edk2-devel] [PATCH v3] SecurityPkg/SecureBootConfigDxe: Update UI according to UEFI spec
Date: Tue,  2 Apr 2024 13:03:42 +0800
Message-Id: <20240402050342.1996-1-ming.tan@intel.com>
MIME-Version: 1.0
Precedence: Bulk
List-Subscribe: <mailto:devel+subscribe@edk2.groups.io>
List-Help: <mailto:devel+help@edk2.groups.io>
Sender: devel@edk2.groups.io
List-Id: <devel.edk2.groups.io>
Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io
Resent-Date: Mon, 01 Apr 2024 22:03:50 -0700
Resent-From: ming.tan@intel.com
Reply-To: devel@edk2.groups.io,ming.tan@intel.com
List-Unsubscribe-Post: List-Unsubscribe=One-Click
List-Unsubscribe: <https://edk2.groups.io/g/devel/leave/12367111/7686176/1913456212/plugh>
X-Gm-Message-State: lyAJvuw4RuAVbKnAYzizElfyx7686176AA=
Content-Transfer-Encoding: quoted-printable
X-GND-Status: LEGIT
Authentication-Results: spool.mail.gandi.net;
	dkim=pass header.d=groups.io header.s=20240206 header.b=gpmbyxn9;
	dmarc=fail reason="SPF not aligned (relaxed), DKIM not aligned (relaxed)" header.from=intel.com (policy=none);
	spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce@groups.io

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D4713

In UEFI_Spec_2_10_Aug29.pdf page 1694 section 35.5.4 for
EFI_BROWSER_ACTION_FORM_OPEN:
NOTE: EFI_FORM_BROWSER2_PROTOCOL.BrowserCallback() cannot be used with
this browser action because question values have not been retrieved yet.

So should not call HiiGetBrowserData() and HiiSetBrowserData() in FORM_OPEN
call back function.

Now call SecureBootExtractConfigFromVariable() and update
IfrNvData->ListCount to save the change to EFI variable, then HII use EFI
variable to control the UI.

Cc: Min Xu <min.m.xu@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Dandan Bi<dandan.bi@intel.com>
Cc: Felix Polyudov <Felixp@ami.com>
Signed-off-by: Ming Tan <ming.tan@intel.com>
---
  V3: According to Dandan Bi's feedback, does not call SecureBootExtractCon=
figFromVariable() at last, but call it as needed.
      And add more code for update IfrNvData->ListCount.
  V2: Change code style to pass uncrustify check.

 .../SecureBootConfigImpl.c                    | 42 +++++++++++--------
 1 file changed, 25 insertions(+), 17 deletions(-)

diff --git a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBo=
otConfigImpl.c b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/Secu=
reBootConfigImpl.c
index 2c11129526..6d4560c39b 100644
--- a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfi=
gImpl.c
+++ b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfi=
gImpl.c
@@ -3366,6 +3366,8 @@ SecureBootExtractConfigFromVariable (
     ConfigData->FileEnrollType =3D UNKNOWN_FILE_TYPE;=0D
   }=0D
 =0D
+  ConfigData->ListCount =3D Private->ListCount;=0D
+=0D
   //=0D
   // If it is Physical Presence User, set the PhysicalPresent to true.=0D
   //=0D
@@ -4541,12 +4543,13 @@ SecureBootCallback (
   EFI_HII_POPUP_PROTOCOL          *HiiPopup;=0D
   EFI_HII_POPUP_SELECTION         UserSelection;=0D
 =0D
-  Status             =3D EFI_SUCCESS;=0D
-  SecureBootEnable   =3D NULL;=0D
-  SecureBootMode     =3D NULL;=0D
-  SetupMode          =3D NULL;=0D
-  File               =3D NULL;=0D
-  EnrollKeyErrorCode =3D None_Error;=0D
+  Status               =3D EFI_SUCCESS;=0D
+  SecureBootEnable     =3D NULL;=0D
+  SecureBootMode       =3D NULL;=0D
+  SetupMode            =3D NULL;=0D
+  File                 =3D NULL;=0D
+  EnrollKeyErrorCode   =3D None_Error;=0D
+  GetBrowserDataResult =3D FALSE;=0D
 =0D
   if ((This =3D=3D NULL) || (Value =3D=3D NULL) || (ActionRequest =3D=3D N=
ULL)) {=0D
     return EFI_INVALID_PARAMETER;=0D
@@ -4565,15 +4568,12 @@ SecureBootCallback (
     return EFI_OUT_OF_RESOURCES;=0D
   }=0D
 =0D
-  GetBrowserDataResult =3D HiiGetBrowserData (&gSecureBootConfigFormSetGui=
d, mSecureBootStorageName, BufferSize, (UINT8 *)IfrNvData);=0D
-=0D
   if (Action =3D=3D EFI_BROWSER_ACTION_FORM_OPEN) {=0D
     if (QuestionId =3D=3D KEY_SECURE_BOOT_MODE) {=0D
       //=0D
       // Update secure boot strings when opening this form=0D
       //=0D
-      Status =3D UpdateSecureBootString (Private);=0D
-      SecureBootExtractConfigFromVariable (Private, IfrNvData);=0D
+      Status                 =3D UpdateSecureBootString (Private);=0D
       mIsEnterSecureBootForm =3D TRUE;=0D
     } else {=0D
       //=0D
@@ -4587,23 +4587,22 @@ SecureBootCallback (
           (QuestionId =3D=3D KEY_SECURE_BOOT_DBT_OPTION))=0D
       {=0D
         CloseEnrolledFile (Private->FileContext);=0D
-      } else if (QuestionId =3D=3D KEY_SECURE_BOOT_DELETE_ALL_LIST) {=0D
-        //=0D
-        // Update ListCount field in varstore=0D
-        // Button "Delete All Signature List" is=0D
-        // enable when ListCount is greater than 0.=0D
-        //=0D
-        IfrNvData->ListCount =3D Private->ListCount;=0D
       }=0D
     }=0D
 =0D
     goto EXIT;=0D
   }=0D
 =0D
+  GetBrowserDataResult =3D HiiGetBrowserData (&gSecureBootConfigFormSetGui=
d, mSecureBootStorageName, BufferSize, (UINT8 *)IfrNvData);=0D
+=0D
   if (Action =3D=3D EFI_BROWSER_ACTION_RETRIEVE) {=0D
     Status =3D EFI_UNSUPPORTED;=0D
     if (QuestionId =3D=3D KEY_SECURE_BOOT_MODE) {=0D
       if (mIsEnterSecureBootForm) {=0D
+        if (GetBrowserDataResult) {=0D
+          SecureBootExtractConfigFromVariable (Private, IfrNvData);=0D
+        }=0D
+=0D
         Value->u8 =3D SECURE_BOOT_MODE_STANDARD;=0D
         Status    =3D EFI_SUCCESS;=0D
       }=0D
@@ -4764,6 +4763,8 @@ SecureBootCallback (
                 L"Only Physical Presence User could delete PK in custom mo=
de!",=0D
                 NULL=0D
                 );=0D
+            } else {=0D
+              SecureBootExtractConfigFromVariable (Private, IfrNvData);=0D
             }=0D
           }=0D
         }=0D
@@ -4827,6 +4828,7 @@ SecureBootCallback (
           SECUREBOOT_DELETE_SIGNATURE_LIST_FORM,=0D
           OPTION_SIGNATURE_LIST_QUESTION_ID=0D
           );=0D
+        IfrNvData->ListCount =3D Private->ListCount;=0D
         break;=0D
 =0D
       //=0D
@@ -4851,6 +4853,7 @@ SecureBootCallback (
           SECUREBOOT_DELETE_SIGNATURE_LIST_FORM,=0D
           OPTION_SIGNATURE_LIST_QUESTION_ID=0D
           );=0D
+        IfrNvData->ListCount =3D Private->ListCount;=0D
         break;=0D
 =0D
       //=0D
@@ -4875,6 +4878,7 @@ SecureBootCallback (
           SECUREBOOT_DELETE_SIGNATURE_LIST_FORM,=0D
           OPTION_SIGNATURE_LIST_QUESTION_ID=0D
           );=0D
+        IfrNvData->ListCount =3D Private->ListCount;=0D
         break;=0D
 =0D
       case SECUREBOOT_DELETE_SIGNATURE_FROM_DBT:=0D
@@ -4954,6 +4958,8 @@ SecureBootCallback (
             L"Only supports DER-encoded X509 certificate, AUTH_2 format da=
ta & executable EFI image",=0D
             NULL=0D
             );=0D
+        } else {=0D
+          IfrNvData->ListCount =3D Private->ListCount;=0D
         }=0D
 =0D
         break;=0D
@@ -5005,6 +5011,8 @@ SecureBootCallback (
             PromptString,=0D
             NULL=0D
             );=0D
+        } else {=0D
+          SecureBootExtractConfigFromVariable (Private, IfrNvData);=0D
         }=0D
 =0D
         break;=0D
--=20
2.31.1.windows.1



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#117324): https://edk2.groups.io/g/devel/message/117324
Mute This Topic: https://groups.io/mt/105282632/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-