From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <bounce+27952+117472+7686176+12367111@groups.io>
Received: from mail02.groups.io (mail02.groups.io [66.175.222.108])
	by spool.mail.gandi.net (Postfix) with ESMTPS id F1B03780091
	for <rebecca@openfw.io>; Sun,  7 Apr 2024 02:07:15 +0000 (UTC)
DKIM-Signature: a=rsa-sha256; bh=1IHWnthPuSoPVriaotchN4NLF2AUKIr0GM1dSS97X0c=;
 c=relaxed/simple; d=groups.io;
 h=From:To:CC:Subject:Thread-Topic:Thread-Index:Date:Message-ID:References:In-Reply-To:Accept-Language:MIME-Version:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Resent-Date:Resent-From:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Language:Content-Type:Content-Transfer-Encoding;
 s=20240206; t=1712455634; v=1;
 b=UozhnWld5Q3pkmFU1TfDUxL0IG3rpdNL0XPAs+ujnCV4IQGNvP5JM6XaOkwKbYDSZru+7D/7
 QPRgI5Yj+gLngaIvDirdTVzq9/p7zZpw6qjuiyjTxHL3rjEEAtMG1z0tItsoe5/eTWZ9Gz5NGvZ
 49hnP+0EPfDNId7GVV50kRXBZ42aRglowTxF45kVeHFICxAe+lS2TWn7mMJACFHgywEQnaqxvHN
 WAPK9j9MS3mY8obHgU1rU/AJljTagaDHFevismty573qDLs5t0dcOc+h9azV7YT8Hj+lhk9x0+A
 Ro5n2ypreZU0tVuyjteuUvElx9qoP8tOhcITUgFXmcYaQ==
X-Received: by 127.0.0.2 with SMTP id 1iasYY7687511xBHozqrIf26; Sat, 06 Apr 2024 19:07:14 -0700
X-Received: from mgamail.intel.com (mgamail.intel.com [192.198.163.12])
 by mx.groups.io with SMTP id smtpd.web11.60149.1712455633906575622
 for <devel@edk2.groups.io>;
 Sat, 06 Apr 2024 19:07:13 -0700
X-CSE-ConnectionGUID: hVU34nrDRIuXtN2uoUrpQg==
X-CSE-MsgGUID: wmpw0uGHTW26jheDdl6JFg==
X-IronPort-AV: E=McAfee;i="6600,9927,11036"; a="11527516"
X-IronPort-AV: E=Sophos;i="6.07,184,1708416000"; 
   d="scan'208";a="11527516"
X-Received: from fmviesa004.fm.intel.com ([10.60.135.144])
  by fmvoesa106.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 06 Apr 2024 19:07:09 -0700
X-CSE-ConnectionGUID: kYpxtloTQY+bFOYFG3b+MQ==
X-CSE-MsgGUID: 2l5RfVc+SQCEzhHuxfxlQg==
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="6.07,184,1708416000"; 
   d="scan'208";a="24162225"
X-Received: from orsmsx601.amr.corp.intel.com ([10.22.229.14])
  by fmviesa004.fm.intel.com with ESMTP/TLS/AES256-GCM-SHA384; 06 Apr 2024 19:07:09 -0700
X-Received: from orsmsx611.amr.corp.intel.com (10.22.229.24) by
 ORSMSX601.amr.corp.intel.com (10.22.229.14) with Microsoft SMTP Server
 (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id
 15.1.2507.35; Sat, 6 Apr 2024 19:07:08 -0700
X-Received: from orsmsx601.amr.corp.intel.com (10.22.229.14) by
 ORSMSX611.amr.corp.intel.com (10.22.229.24) with Microsoft SMTP Server
 (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id
 15.1.2507.35; Sat, 6 Apr 2024 19:07:08 -0700
X-Received: from ORSEDG602.ED.cps.intel.com (10.7.248.7) by
 orsmsx601.amr.corp.intel.com (10.22.229.14) with Microsoft SMTP Server
 (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id
 15.1.2507.35 via Frontend Transport; Sat, 6 Apr 2024 19:07:08 -0700
X-Received: from NAM12-DM6-obe.outbound.protection.outlook.com (104.47.59.169)
 by edgegateway.intel.com (134.134.137.103) with Microsoft SMTP Server
 (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 15.1.2507.35; Sat, 6 Apr 2024 19:07:08 -0700
X-Received: from MN6PR11MB8242.namprd11.prod.outlook.com (2603:10b6:208:474::11)
 by PH0PR11MB5950.namprd11.prod.outlook.com (2603:10b6:510:14f::19) with
 Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7452.24; Sun, 7 Apr
 2024 02:07:05 +0000
X-Received: from MN6PR11MB8242.namprd11.prod.outlook.com
 ([fe80::d663:212b:6dcc:852e]) by MN6PR11MB8242.namprd11.prod.outlook.com
 ([fe80::d663:212b:6dcc:852e%7]) with mapi id 15.20.7409.031; Sun, 7 Apr 2024
 02:07:05 +0000
From: "Dandan Bi" <dandan.bi@intel.com>
To: "Tan, Ming" <ming.tan@intel.com>, "devel@edk2.groups.io"
	<devel@edk2.groups.io>
CC: "Xu, Min M" <min.m.xu@intel.com>, "Yao, Jiewen" <jiewen.yao@intel.com>,
	"POLUDOV, FELIX" <felixp@ami.com>
Subject: Re: [edk2-devel] [PATCH v4] SecurityPkg/SecureBootConfigDxe: Update UI according to UEFI spec
Thread-Topic: [PATCH v4] SecurityPkg/SecureBootConfigDxe: Update UI according
 to UEFI spec
Thread-Index: AQHahNhOUiVKkfSD0Eeu4moQYbl/arFcFpyA
Date: Sun, 7 Apr 2024 02:07:05 +0000
Message-ID: <MN6PR11MB8242E24228945B3CE4E9BB8DEA012@MN6PR11MB8242.namprd11.prod.outlook.com>
References: <20240402083219.2293-1-ming.tan@intel.com>
In-Reply-To: <20240402083219.2293-1-ming.tan@intel.com>
Accept-Language: zh-CN, en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: MN6PR11MB8242:EE_|PH0PR11MB5950:EE_
x-ld-processed: 46c98d88-e344-4ed4-8496-4ed7712e255d,ExtAddr
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam-message-info: /qZ/B6x3nU+Kw6IVt10UeTHawRfxrqB1F/BVQjNDV0Knya7FIodqj+ZO0nyyIHrsxNhbH1Z/5tm2f+9opfjKbMKQWq8tTtFT8hHqgIjFd6c7uTb9jeF5s5hnif3GZMaKd1ubCPOFED3F/Xk2jKEWNtQ4zU1I0N8qrWewfyNosyIbLsUR9suS5dVShzNKJrfis8S/oc1PSbHGSRssGCZIDZF3zuWrzYwg7LxzgS0D003t54GGzD7k2E6VWFLIs4mCwaZUKWeF8wH2QusjHzCy9xuyDpfB4hdjS/VE17fFQ0k1x/O9gk3iHkVkWfwkA6XXU5eWFDc5z8SHqT799kVYNmac7HR+UrXPo/m+nn+DAFyT7h59hQ8z5m7OYUfN30VVT1nKioQX9jj8jEEG2aR4VZrkbv3yBScBGo0cETJAn4Ah4sAxEqQwMd0mmHODdY8HLj31yKjcBMBAqad6wJmXuNed+6y0pxa8j+cVvV13NxbKuNOJFkjmQpLJheo1IyD5mcgA15sPaThVRW3+b3SXIYGn6ti1sDS/r/pPdTaoSsLXtmmO+p5YczONuEmJ7UGILeKAHg22/bFe4+dNCRY8UVfeq4RbLspCK9idXdk9TckntKiibI/J5cJQzsyJva8i
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?/y1zCQ5OGvKVNE+grMMmNQ+o47CJQMqG4t2sWjqi2A5iSLS1EDS7P6VDp9aP?=
 =?us-ascii?Q?WQPIXiJhV+Ku9Do9ebuNZNJH8nJjCwrw5U4Vc4Vyjaay9qft15eErxVzNZm+?=
 =?us-ascii?Q?KqEAoqlDqDdPsGpYXsJezRu9kV9vICJBZxDY7Ok01IbjTVAW5APRMp9G8nQB?=
 =?us-ascii?Q?vW8/shP9mue8rY3WnwbNUqudvrC0VtmdR7rRBilbbhBKS0jbNoXdpfpn1ALA?=
 =?us-ascii?Q?d3uZ7dggDErpiTv5eNe8r2wR9eXf4pimH+xzHCr2cA533ty2ERnpHtQ+RCfN?=
 =?us-ascii?Q?UoSK4O9D8YaLV+tD7voP6lck6X4E53boAeu/0oLk7gqB0GyPczOP2mO6Tmlu?=
 =?us-ascii?Q?AFQN4qK2nMm2aXUNflBdnnzRre3ZwD/iowmLBoG17MxzOXIOsfmRTI8qBK0q?=
 =?us-ascii?Q?7o9vgwZn/oBzP2evrBzaC7Iqj7QNxb8ac+80mgc5p4wY1S0GXeKxPBaCoGdz?=
 =?us-ascii?Q?U/O3ibKdWKhqv3MtnPx+njo872NLXYeLl3sSumVOSF1ZNyj9cAfKr1Mpb5mE?=
 =?us-ascii?Q?q9nnJREGxCrKbUA3ESdHSPnQSLl+wk5ap68HsACHxAUg1K9K0iV0l5H/woEf?=
 =?us-ascii?Q?aaFC51+EurGhCzk35B/Hfp5HXFuYTN2O7YGKzrtuWa7y/nI7uL/joou9UtLF?=
 =?us-ascii?Q?nMy8puLMXaPU1oDPJja3vgOaqVcDmqJ5dm7aK4/a/Y6A14ywMR4WdqKLG0IF?=
 =?us-ascii?Q?Nv5DS+zy/tcfKBQRKHYJn5d04k/xsiBmijQy0yRoClQROPUgWXSeuxp5vclF?=
 =?us-ascii?Q?otlg1rkjOlbKapBkLzX/VRPdZVALHNgCaqljYPIt1UY7f266VALgQxcLDb8d?=
 =?us-ascii?Q?shEnD6rPwjqFEFSzCUNeJBcZpzqD61MOumtKHeDUNiB0mtixMNBEuU4e4bCD?=
 =?us-ascii?Q?Ojpf4C53y1IyCBqCD/zBL5ek7cR/3YhjusEbKTP2B5K6Ol7jDT8AyUqnVFLY?=
 =?us-ascii?Q?nVQGnh8NZBGqTpBa5bqdJ42J+tjfDOGoJVAcQi2LpL28WlWRGS+jDhIxhPUU?=
 =?us-ascii?Q?LBS1/tJgaVmo/FvaOvIK4g4Da2lEHs+In8ZSQyXu1qruD1hqouw/A3iw6fFu?=
 =?us-ascii?Q?iUy2RbJn5SHrmMdYpWP2b2DVlshNDPkinio6A5dFcv5oMTszPfgGWc0OM1vS?=
 =?us-ascii?Q?rxUJ9JADqSNouZpugcevwaZrSXtfUtyuqwZkRf3H5h2k8DSMJITNTWvbTWO7?=
 =?us-ascii?Q?x+7tJ5TQzCpIV/r89TQCN50kj4aLe8tyuDB3fYIrJA2MhiLYR0rKyGialjcw?=
 =?us-ascii?Q?iSRCI7/wQ8mGhzDnjv+9+uVtzEyjcuK/LZ6v15b0yAGzYKIwC6y8EcOswfy4?=
 =?us-ascii?Q?VaNRgIoo5XEqwyLrXrr63HvHNCKcsve/cG1t5Qnl78SWjIKnvMqmhDMlt8ZH?=
 =?us-ascii?Q?4zVCBsmT1ByD/LQ7WtzC0I6jweomYQw5rriZvqyPzlL2FZZwdDiE2QHUBUE4?=
 =?us-ascii?Q?utKVZZJ/JOP+V02lMw8MIswLX4U6gmV39OSssKKwmXCwvdA8Koowv41VuK9X?=
 =?us-ascii?Q?l3McJBiKcZuMHC2eFm3m/nsTczZvXGjHkuoneH/m5pTxYLrQ0VuI6OC3AGe8?=
 =?us-ascii?Q?3nC+g/RR7lFBkpgDWMgggJJbvsE2DVNTMbjj42D6?=
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: MN6PR11MB8242.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 00a5d9c7-3a3c-4c0c-7476-08dc56a76c0f
X-MS-Exchange-CrossTenant-originalarrivaltime: 07 Apr 2024 02:07:05.1969
 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: 31/RJGrkyomQMgUuHswX5jzTKBXP5AKWWZFw7EXHChfxQTa8wBbcE6Fow+zJYAnZNh47bTbzV79vzYglziO1Nw==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH0PR11MB5950
X-OriginatorOrg: intel.com
Precedence: Bulk
List-Subscribe: <mailto:devel+subscribe@edk2.groups.io>
List-Help: <mailto:devel+help@edk2.groups.io>
Sender: devel@edk2.groups.io
List-Id: <devel.edk2.groups.io>
Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io
Resent-Date: Sat, 06 Apr 2024 19:07:13 -0700
Resent-From: dandan.bi@intel.com
Reply-To: devel@edk2.groups.io,dandan.bi@intel.com
List-Unsubscribe-Post: List-Unsubscribe=One-Click
List-Unsubscribe: <https://edk2.groups.io/g/devel/leave/12367111/7686176/1913456212/plugh>
X-Gm-Message-State: yfN6L7iZeoaYTxGna8Zpguzrx7686176AA=
Content-Language: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
X-GND-Status: LEGIT
Authentication-Results: spool.mail.gandi.net;
	dkim=pass header.d=groups.io header.s=20240206 header.b=UozhnWld;
	dmarc=fail reason="SPF not aligned (relaxed), DKIM not aligned (relaxed)" header.from=intel.com (policy=none);
	spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce@groups.io

Reviewed-by: Dandan Bi <dandan.bi@intel.com>

-----Original Message-----
From: Tan, Ming <ming.tan@intel.com>=20
Sent: Tuesday, April 2, 2024 4:32 PM
To: devel@edk2.groups.io
Cc: Xu, Min M <min.m.xu@intel.com>; Yao, Jiewen <jiewen.yao@intel.com>; Bi,=
 Dandan <dandan.bi@intel.com>; POLUDOV, FELIX <felixp@ami.com>
Subject: [PATCH v4] SecurityPkg/SecureBootConfigDxe: Update UI according to=
 UEFI spec

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D4713

In UEFI_Spec_2_10_Aug29.pdf page 1694 section 35.5.4 for
EFI_BROWSER_ACTION_FORM_OPEN:
NOTE: EFI_FORM_BROWSER2_PROTOCOL.BrowserCallback() cannot be used with this=
 browser action because question values have not been retrieved yet.

So should not call HiiGetBrowserData() and HiiSetBrowserData() in FORM_OPEN=
 call back function.

Now call SecureBootExtractConfigFromVariable() and update
IfrNvData->ListCount to save the change to EFI variable, then HII use=20
IfrNvData->EFI
variable to control the UI.

Cc: Min Xu <min.m.xu@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Dandan Bi <dandan.bi@intel.com>
Cc: Felix Polyudov <Felixp@ami.com>
Signed-off-by: Ming Tan <ming.tan@intel.com>
---
  PR: https://github.com/tianocore/edk2/pull/5411

  V4: Fix a Cc issue of miss a space.
  V3: According to Dandan Bi's feedback, does not call SecureBootExtractCon=
figFromVariable() at last, but call it as needed.
      And add more code for update IfrNvData->ListCount.
  V2: Change code style to pass uncrustify check.

 .../SecureBootConfigImpl.c                    | 42 +++++++++++--------
 1 file changed, 25 insertions(+), 17 deletions(-)

diff --git a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBo=
otConfigImpl.c b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/Secu=
reBootConfigImpl.c
index 2c11129526..6d4560c39b 100644
--- a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfi=
gImpl.c
+++ b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootCo
+++ nfigImpl.c
@@ -3366,6 +3366,8 @@ SecureBootExtractConfigFromVariable (
     ConfigData->FileEnrollType =3D UNKNOWN_FILE_TYPE;   } +  ConfigData->L=
istCount =3D Private->ListCount;+   //   // If it is Physical Presence User=
, set the PhysicalPresent to true.   //@@ -4541,12 +4543,13 @@ SecureBootCa=
llback (
   EFI_HII_POPUP_PROTOCOL          *HiiPopup;   EFI_HII_POPUP_SELECTION    =
     UserSelection; -  Status             =3D EFI_SUCCESS;-  SecureBootEnab=
le   =3D NULL;-  SecureBootMode     =3D NULL;-  SetupMode          =3D NULL=
;-  File               =3D NULL;-  EnrollKeyErrorCode =3D None_Error;+  Sta=
tus               =3D EFI_SUCCESS;+  SecureBootEnable     =3D NULL;+  Secur=
eBootMode       =3D NULL;+  SetupMode            =3D NULL;+  File          =
       =3D NULL;+  EnrollKeyErrorCode   =3D None_Error;+  GetBrowserDataRes=
ult =3D FALSE;    if ((This =3D=3D NULL) || (Value =3D=3D NULL) || (ActionR=
equest =3D=3D NULL)) {     return EFI_INVALID_PARAMETER;@@ -4565,15 +4568,1=
2 @@ SecureBootCallback (
     return EFI_OUT_OF_RESOURCES;   } -  GetBrowserDataResult =3D HiiGetBro=
wserData (&gSecureBootConfigFormSetGuid, mSecureBootStorageName, BufferSize=
, (UINT8 *)IfrNvData);-   if (Action =3D=3D EFI_BROWSER_ACTION_FORM_OPEN) {=
     if (QuestionId =3D=3D KEY_SECURE_BOOT_MODE) {       //       // Update=
 secure boot strings when opening this form       //-      Status =3D Updat=
eSecureBootString (Private);-      SecureBootExtractConfigFromVariable (Pri=
vate, IfrNvData);+      Status                 =3D UpdateSecureBootString (=
Private);       mIsEnterSecureBootForm =3D TRUE;     } else {       //@@ -4=
587,23 +4587,22 @@ SecureBootCallback (
           (QuestionId =3D=3D KEY_SECURE_BOOT_DBT_OPTION))       {         =
CloseEnrolledFile (Private->FileContext);-      } else if (QuestionId =3D=
=3D KEY_SECURE_BOOT_DELETE_ALL_LIST) {-        //-        // Update ListCou=
nt field in varstore-        // Button "Delete All Signature List" is-     =
   // enable when ListCount is greater than 0.-        //-        IfrNvData=
->ListCount =3D Private->ListCount;       }     }      goto EXIT;   } +  Ge=
tBrowserDataResult =3D HiiGetBrowserData (&gSecureBootConfigFormSetGuid, mS=
ecureBootStorageName, BufferSize, (UINT8 *)IfrNvData);+   if (Action =3D=3D=
 EFI_BROWSER_ACTION_RETRIEVE) {     Status =3D EFI_UNSUPPORTED;     if (Que=
stionId =3D=3D KEY_SECURE_BOOT_MODE) {       if (mIsEnterSecureBootForm) {+=
        if (GetBrowserDataResult) {+          SecureBootExtractConfigFromVa=
riable (Private, IfrNvData);+        }+         Value->u8 =3D SECURE_BOOT_M=
ODE_STANDARD;         Status    =3D EFI_SUCCESS;       }@@ -4764,6 +4763,8 =
@@ SecureBootCallback (
                 L"Only Physical Presence User could delete PK in custom mo=
de!",                 NULL                 );+            } else {+        =
      SecureBootExtractConfigFromVariable (Private, IfrNvData);            =
 }           }         }@@ -4827,6 +4828,7 @@ SecureBootCallback (
           SECUREBOOT_DELETE_SIGNATURE_LIST_FORM,           OPTION_SIGNATUR=
E_LIST_QUESTION_ID           );+        IfrNvData->ListCount =3D Private->L=
istCount;         break;        //@@ -4851,6 +4853,7 @@ SecureBootCallback =
(
           SECUREBOOT_DELETE_SIGNATURE_LIST_FORM,           OPTION_SIGNATUR=
E_LIST_QUESTION_ID           );+        IfrNvData->ListCount =3D Private->L=
istCount;         break;        //@@ -4875,6 +4878,7 @@ SecureBootCallback =
(
           SECUREBOOT_DELETE_SIGNATURE_LIST_FORM,           OPTION_SIGNATUR=
E_LIST_QUESTION_ID           );+        IfrNvData->ListCount =3D Private->L=
istCount;         break;        case SECUREBOOT_DELETE_SIGNATURE_FROM_DBT:@=
@ -4954,6 +4958,8 @@ SecureBootCallback (
             L"Only supports DER-encoded X509 certificate, AUTH_2 format da=
ta & executable EFI image",             NULL             );+        } else =
{+          IfrNvData->ListCount =3D Private->ListCount;         }         =
 break;@@ -5005,6 +5011,8 @@ SecureBootCallback (
             PromptString,             NULL             );+        } else {=
+          SecureBootExtractConfigFromVariable (Private, IfrNvData);       =
  }          break;--=20
2.31.1.windows.1



-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#117472): https://edk2.groups.io/g/devel/message/117472
Mute This Topic: https://groups.io/mt/105284072/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-