From: "Dandan Bi" <dandan.bi@intel.com>
To: "Tan, Ming" <ming.tan@intel.com>,
"devel@edk2.groups.io" <devel@edk2.groups.io>
Cc: "Xu, Min M" <min.m.xu@intel.com>,
"Yao, Jiewen" <jiewen.yao@intel.com>,
"POLUDOV, FELIX" <felixp@ami.com>
Subject: Re: [edk2-devel] [PATCH v4] SecurityPkg/SecureBootConfigDxe: Update UI according to UEFI spec
Date: Sun, 7 Apr 2024 02:07:05 +0000 [thread overview]
Message-ID: <MN6PR11MB8242E24228945B3CE4E9BB8DEA012@MN6PR11MB8242.namprd11.prod.outlook.com> (raw)
In-Reply-To: <20240402083219.2293-1-ming.tan@intel.com>
Reviewed-by: Dandan Bi <dandan.bi@intel.com>
-----Original Message-----
From: Tan, Ming <ming.tan@intel.com>
Sent: Tuesday, April 2, 2024 4:32 PM
To: devel@edk2.groups.io
Cc: Xu, Min M <min.m.xu@intel.com>; Yao, Jiewen <jiewen.yao@intel.com>; Bi, Dandan <dandan.bi@intel.com>; POLUDOV, FELIX <felixp@ami.com>
Subject: [PATCH v4] SecurityPkg/SecureBootConfigDxe: Update UI according to UEFI spec
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4713
In UEFI_Spec_2_10_Aug29.pdf page 1694 section 35.5.4 for
EFI_BROWSER_ACTION_FORM_OPEN:
NOTE: EFI_FORM_BROWSER2_PROTOCOL.BrowserCallback() cannot be used with this browser action because question values have not been retrieved yet.
So should not call HiiGetBrowserData() and HiiSetBrowserData() in FORM_OPEN call back function.
Now call SecureBootExtractConfigFromVariable() and update
IfrNvData->ListCount to save the change to EFI variable, then HII use
IfrNvData->EFI
variable to control the UI.
Cc: Min Xu <min.m.xu@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Dandan Bi <dandan.bi@intel.com>
Cc: Felix Polyudov <Felixp@ami.com>
Signed-off-by: Ming Tan <ming.tan@intel.com>
---
PR: https://github.com/tianocore/edk2/pull/5411
V4: Fix a Cc issue of miss a space.
V3: According to Dandan Bi's feedback, does not call SecureBootExtractConfigFromVariable() at last, but call it as needed.
And add more code for update IfrNvData->ListCount.
V2: Change code style to pass uncrustify check.
.../SecureBootConfigImpl.c | 42 +++++++++++--------
1 file changed, 25 insertions(+), 17 deletions(-)
diff --git a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.c b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.c
index 2c11129526..6d4560c39b 100644
--- a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.c
+++ b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootCo
+++ nfigImpl.c
@@ -3366,6 +3366,8 @@ SecureBootExtractConfigFromVariable (
ConfigData->FileEnrollType = UNKNOWN_FILE_TYPE; } + ConfigData->ListCount = Private->ListCount;+ // // If it is Physical Presence User, set the PhysicalPresent to true. //@@ -4541,12 +4543,13 @@ SecureBootCallback (
EFI_HII_POPUP_PROTOCOL *HiiPopup; EFI_HII_POPUP_SELECTION UserSelection; - Status = EFI_SUCCESS;- SecureBootEnable = NULL;- SecureBootMode = NULL;- SetupMode = NULL;- File = NULL;- EnrollKeyErrorCode = None_Error;+ Status = EFI_SUCCESS;+ SecureBootEnable = NULL;+ SecureBootMode = NULL;+ SetupMode = NULL;+ File = NULL;+ EnrollKeyErrorCode = None_Error;+ GetBrowserDataResult = FALSE; if ((This == NULL) || (Value == NULL) || (ActionRequest == NULL)) { return EFI_INVALID_PARAMETER;@@ -4565,15 +4568,12 @@ SecureBootCallback (
return EFI_OUT_OF_RESOURCES; } - GetBrowserDataResult = HiiGetBrowserData (&gSecureBootConfigFormSetGuid, mSecureBootStorageName, BufferSize, (UINT8 *)IfrNvData);- if (Action == EFI_BROWSER_ACTION_FORM_OPEN) { if (QuestionId == KEY_SECURE_BOOT_MODE) { // // Update secure boot strings when opening this form //- Status = UpdateSecureBootString (Private);- SecureBootExtractConfigFromVariable (Private, IfrNvData);+ Status = UpdateSecureBootString (Private); mIsEnterSecureBootForm = TRUE; } else { //@@ -4587,23 +4587,22 @@ SecureBootCallback (
(QuestionId == KEY_SECURE_BOOT_DBT_OPTION)) { CloseEnrolledFile (Private->FileContext);- } else if (QuestionId == KEY_SECURE_BOOT_DELETE_ALL_LIST) {- //- // Update ListCount field in varstore- // Button "Delete All Signature List" is- // enable when ListCount is greater than 0.- //- IfrNvData->ListCount = Private->ListCount; } } goto EXIT; } + GetBrowserDataResult = HiiGetBrowserData (&gSecureBootConfigFormSetGuid, mSecureBootStorageName, BufferSize, (UINT8 *)IfrNvData);+ if (Action == EFI_BROWSER_ACTION_RETRIEVE) { Status = EFI_UNSUPPORTED; if (QuestionId == KEY_SECURE_BOOT_MODE) { if (mIsEnterSecureBootForm) {+ if (GetBrowserDataResult) {+ SecureBootExtractConfigFromVariable (Private, IfrNvData);+ }+ Value->u8 = SECURE_BOOT_MODE_STANDARD; Status = EFI_SUCCESS; }@@ -4764,6 +4763,8 @@ SecureBootCallback (
L"Only Physical Presence User could delete PK in custom mode!", NULL );+ } else {+ SecureBootExtractConfigFromVariable (Private, IfrNvData); } } }@@ -4827,6 +4828,7 @@ SecureBootCallback (
SECUREBOOT_DELETE_SIGNATURE_LIST_FORM, OPTION_SIGNATURE_LIST_QUESTION_ID );+ IfrNvData->ListCount = Private->ListCount; break; //@@ -4851,6 +4853,7 @@ SecureBootCallback (
SECUREBOOT_DELETE_SIGNATURE_LIST_FORM, OPTION_SIGNATURE_LIST_QUESTION_ID );+ IfrNvData->ListCount = Private->ListCount; break; //@@ -4875,6 +4878,7 @@ SecureBootCallback (
SECUREBOOT_DELETE_SIGNATURE_LIST_FORM, OPTION_SIGNATURE_LIST_QUESTION_ID );+ IfrNvData->ListCount = Private->ListCount; break; case SECUREBOOT_DELETE_SIGNATURE_FROM_DBT:@@ -4954,6 +4958,8 @@ SecureBootCallback (
L"Only supports DER-encoded X509 certificate, AUTH_2 format data & executable EFI image", NULL );+ } else {+ IfrNvData->ListCount = Private->ListCount; } break;@@ -5005,6 +5011,8 @@ SecureBootCallback (
PromptString, NULL );+ } else {+ SecureBootExtractConfigFromVariable (Private, IfrNvData); } break;--
2.31.1.windows.1
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#117472): https://edk2.groups.io/g/devel/message/117472
Mute This Topic: https://groups.io/mt/105284072/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-
next prev parent reply other threads:[~2024-04-07 2:07 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-04-02 8:32 [edk2-devel] [PATCH v4] SecurityPkg/SecureBootConfigDxe: Update UI according to UEFI spec Tan, Ming
2024-04-04 15:21 ` Felix Polyudov via groups.io
2024-04-07 2:07 ` Dandan Bi [this message]
2024-04-07 3:52 ` Yao, Jiewen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=MN6PR11MB8242E24228945B3CE4E9BB8DEA012@MN6PR11MB8242.namprd11.prod.outlook.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox