From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by spool.mail.gandi.net (Postfix) with ESMTPS id F0530AC0D63 for ; Tue, 2 Apr 2024 08:32:27 +0000 (UTC) DKIM-Signature: a=rsa-sha256; bh=JL9j4fqXyidbTJYG/evvoytiiPS3kxR7y9aGVOcO+5I=; c=relaxed/simple; d=groups.io; h=From:To:Cc:Subject:Date:Message-Id:MIME-Version:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Resent-Date:Resent-From:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Transfer-Encoding; s=20240206; t=1712046746; v=1; b=Rvxm8SeyE13Wk1HOIyd6eUdmBVSyYq5P2+AuktSNJBjIQMN9feY/XIQ/Xd5pZDCmm43ooOPw bBHQdo05sC6be+Idgtl89yvdO1FX9hZU5RMPrIJKjZSkbzDgOhXUzxRkaQyuN98VGzaAg8avSL7 PRahUzfogwW0hxa5fCNd64p9y7Tnxaw2tEDtoYIkunmXk1MWSg18BoKmn9sTdRw7AepetX7a84w nb+WYRAjV+TK/7k8x0X8oYBwiAHfowpIiD1HnUPKRkqSgJ137apzod/q6o6fA7wG5bbofGV8Gls 2tgS7zZ1kidlO3GnELVEEGnXd1yONAHKu0YagnblmdijQ== X-Received: by 127.0.0.2 with SMTP id WaLvYY7687511xctaCtUDGpO; Tue, 02 Apr 2024 01:32:26 -0700 X-Received: from mgamail.intel.com (mgamail.intel.com [198.175.65.11]) by mx.groups.io with SMTP id smtpd.web10.7324.1712046745650438506 for ; Tue, 02 Apr 2024 01:32:26 -0700 X-CSE-ConnectionGUID: q7QcdzHBTJ68UoIbOGaqhw== X-CSE-MsgGUID: pHiMxazyTzaoIHIYpBLatw== X-IronPort-AV: E=McAfee;i="6600,9927,11031"; a="17774224" X-IronPort-AV: E=Sophos;i="6.07,174,1708416000"; d="scan'208";a="17774224" X-Received: from orviesa002.jf.intel.com ([10.64.159.142]) by orvoesa103.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 02 Apr 2024 01:32:25 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.07,174,1708416000"; d="scan'208";a="49000825" X-Received: from mingtan1-desk1.ccr.corp.intel.com ([10.239.133.46]) by orviesa002.jf.intel.com with ESMTP; 02 Apr 2024 01:32:24 -0700 From: "Tan, Ming" To: devel@edk2.groups.io Cc: Min Xu , Jiewen Yao , Dandan Bi , Felix Polyudov Subject: [edk2-devel] [PATCH v4] SecurityPkg/SecureBootConfigDxe: Update UI according to UEFI spec Date: Tue, 2 Apr 2024 16:32:19 +0800 Message-Id: <20240402083219.2293-1-ming.tan@intel.com> MIME-Version: 1.0 Precedence: Bulk List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Resent-Date: Tue, 02 Apr 2024 01:32:26 -0700 Resent-From: ming.tan@intel.com Reply-To: devel@edk2.groups.io,ming.tan@intel.com List-Unsubscribe-Post: List-Unsubscribe=One-Click List-Unsubscribe: X-Gm-Message-State: 50Sga474aYpkCmY9W29Of6XLx7686176AA= Content-Transfer-Encoding: quoted-printable X-GND-Status: LEGIT Authentication-Results: spool.mail.gandi.net; dkim=pass header.d=groups.io header.s=20240206 header.b=Rvxm8Sey; dmarc=fail reason="SPF not aligned (relaxed), DKIM not aligned (relaxed)" header.from=intel.com (policy=none); spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce@groups.io REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D4713 In UEFI_Spec_2_10_Aug29.pdf page 1694 section 35.5.4 for EFI_BROWSER_ACTION_FORM_OPEN: NOTE: EFI_FORM_BROWSER2_PROTOCOL.BrowserCallback() cannot be used with this browser action because question values have not been retrieved yet. So should not call HiiGetBrowserData() and HiiSetBrowserData() in FORM_OPEN call back function. Now call SecureBootExtractConfigFromVariable() and update IfrNvData->ListCount to save the change to EFI variable, then HII use EFI variable to control the UI. Cc: Min Xu Cc: Jiewen Yao Cc: Dandan Bi Cc: Felix Polyudov Signed-off-by: Ming Tan --- PR: https://github.com/tianocore/edk2/pull/5411 V4: Fix a Cc issue of miss a space. V3: According to Dandan Bi's feedback, does not call SecureBootExtractCon= figFromVariable() at last, but call it as needed. And add more code for update IfrNvData->ListCount. V2: Change code style to pass uncrustify check. .../SecureBootConfigImpl.c | 42 +++++++++++-------- 1 file changed, 25 insertions(+), 17 deletions(-) diff --git a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBo= otConfigImpl.c b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/Secu= reBootConfigImpl.c index 2c11129526..6d4560c39b 100644 --- a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfi= gImpl.c +++ b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfi= gImpl.c @@ -3366,6 +3366,8 @@ SecureBootExtractConfigFromVariable ( ConfigData->FileEnrollType =3D UNKNOWN_FILE_TYPE;=0D }=0D =0D + ConfigData->ListCount =3D Private->ListCount;=0D +=0D //=0D // If it is Physical Presence User, set the PhysicalPresent to true.=0D //=0D @@ -4541,12 +4543,13 @@ SecureBootCallback ( EFI_HII_POPUP_PROTOCOL *HiiPopup;=0D EFI_HII_POPUP_SELECTION UserSelection;=0D =0D - Status =3D EFI_SUCCESS;=0D - SecureBootEnable =3D NULL;=0D - SecureBootMode =3D NULL;=0D - SetupMode =3D NULL;=0D - File =3D NULL;=0D - EnrollKeyErrorCode =3D None_Error;=0D + Status =3D EFI_SUCCESS;=0D + SecureBootEnable =3D NULL;=0D + SecureBootMode =3D NULL;=0D + SetupMode =3D NULL;=0D + File =3D NULL;=0D + EnrollKeyErrorCode =3D None_Error;=0D + GetBrowserDataResult =3D FALSE;=0D =0D if ((This =3D=3D NULL) || (Value =3D=3D NULL) || (ActionRequest =3D=3D N= ULL)) {=0D return EFI_INVALID_PARAMETER;=0D @@ -4565,15 +4568,12 @@ SecureBootCallback ( return EFI_OUT_OF_RESOURCES;=0D }=0D =0D - GetBrowserDataResult =3D HiiGetBrowserData (&gSecureBootConfigFormSetGui= d, mSecureBootStorageName, BufferSize, (UINT8 *)IfrNvData);=0D -=0D if (Action =3D=3D EFI_BROWSER_ACTION_FORM_OPEN) {=0D if (QuestionId =3D=3D KEY_SECURE_BOOT_MODE) {=0D //=0D // Update secure boot strings when opening this form=0D //=0D - Status =3D UpdateSecureBootString (Private);=0D - SecureBootExtractConfigFromVariable (Private, IfrNvData);=0D + Status =3D UpdateSecureBootString (Private);=0D mIsEnterSecureBootForm =3D TRUE;=0D } else {=0D //=0D @@ -4587,23 +4587,22 @@ SecureBootCallback ( (QuestionId =3D=3D KEY_SECURE_BOOT_DBT_OPTION))=0D {=0D CloseEnrolledFile (Private->FileContext);=0D - } else if (QuestionId =3D=3D KEY_SECURE_BOOT_DELETE_ALL_LIST) {=0D - //=0D - // Update ListCount field in varstore=0D - // Button "Delete All Signature List" is=0D - // enable when ListCount is greater than 0.=0D - //=0D - IfrNvData->ListCount =3D Private->ListCount;=0D }=0D }=0D =0D goto EXIT;=0D }=0D =0D + GetBrowserDataResult =3D HiiGetBrowserData (&gSecureBootConfigFormSetGui= d, mSecureBootStorageName, BufferSize, (UINT8 *)IfrNvData);=0D +=0D if (Action =3D=3D EFI_BROWSER_ACTION_RETRIEVE) {=0D Status =3D EFI_UNSUPPORTED;=0D if (QuestionId =3D=3D KEY_SECURE_BOOT_MODE) {=0D if (mIsEnterSecureBootForm) {=0D + if (GetBrowserDataResult) {=0D + SecureBootExtractConfigFromVariable (Private, IfrNvData);=0D + }=0D +=0D Value->u8 =3D SECURE_BOOT_MODE_STANDARD;=0D Status =3D EFI_SUCCESS;=0D }=0D @@ -4764,6 +4763,8 @@ SecureBootCallback ( L"Only Physical Presence User could delete PK in custom mo= de!",=0D NULL=0D );=0D + } else {=0D + SecureBootExtractConfigFromVariable (Private, IfrNvData);=0D }=0D }=0D }=0D @@ -4827,6 +4828,7 @@ SecureBootCallback ( SECUREBOOT_DELETE_SIGNATURE_LIST_FORM,=0D OPTION_SIGNATURE_LIST_QUESTION_ID=0D );=0D + IfrNvData->ListCount =3D Private->ListCount;=0D break;=0D =0D //=0D @@ -4851,6 +4853,7 @@ SecureBootCallback ( SECUREBOOT_DELETE_SIGNATURE_LIST_FORM,=0D OPTION_SIGNATURE_LIST_QUESTION_ID=0D );=0D + IfrNvData->ListCount =3D Private->ListCount;=0D break;=0D =0D //=0D @@ -4875,6 +4878,7 @@ SecureBootCallback ( SECUREBOOT_DELETE_SIGNATURE_LIST_FORM,=0D OPTION_SIGNATURE_LIST_QUESTION_ID=0D );=0D + IfrNvData->ListCount =3D Private->ListCount;=0D break;=0D =0D case SECUREBOOT_DELETE_SIGNATURE_FROM_DBT:=0D @@ -4954,6 +4958,8 @@ SecureBootCallback ( L"Only supports DER-encoded X509 certificate, AUTH_2 format da= ta & executable EFI image",=0D NULL=0D );=0D + } else {=0D + IfrNvData->ListCount =3D Private->ListCount;=0D }=0D =0D break;=0D @@ -5005,6 +5011,8 @@ SecureBootCallback ( PromptString,=0D NULL=0D );=0D + } else {=0D + SecureBootExtractConfigFromVariable (Private, IfrNvData);=0D }=0D =0D break;=0D --=20 2.31.1.windows.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#117332): https://edk2.groups.io/g/devel/message/117332 Mute This Topic: https://groups.io/mt/105284072/7686176 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io] -=-=-=-=-=-=-=-=-=-=-=-