From: "Yao, Jiewen" <jiewen.yao@intel.com>
To: "Bi, Dandan" <dandan.bi@intel.com>,
"Tan, Ming" <ming.tan@intel.com>,
"devel@edk2.groups.io" <devel@edk2.groups.io>
Cc: "Xu, Min M" <min.m.xu@intel.com>, "POLUDOV, FELIX" <felixp@ami.com>
Subject: Re: [edk2-devel] [PATCH v4] SecurityPkg/SecureBootConfigDxe: Update UI according to UEFI spec
Date: Sun, 7 Apr 2024 03:52:50 +0000 [thread overview]
Message-ID: <MW4SPRMB008404DB59E34391210E7F178C012@MW4SPRMB0084.namprd11.prod.outlook.com> (raw)
In-Reply-To: <MN6PR11MB8242E24228945B3CE4E9BB8DEA012@MN6PR11MB8242.namprd11.prod.outlook.com>
Thanks.https://github.com/tianocore/edk2/pull/5533
> -----Original Message-----
> From: Bi, Dandan <dandan.bi@intel.com>
> Sent: Sunday, April 7, 2024 10:07 AM
> To: Tan, Ming <ming.tan@intel.com>; devel@edk2.groups.io
> Cc: Xu, Min M <min.m.xu@intel.com>; Yao, Jiewen <jiewen.yao@intel.com>;
> POLUDOV, FELIX <felixp@ami.com>
> Subject: RE: [PATCH v4] SecurityPkg/SecureBootConfigDxe: Update UI according
> to UEFI spec
>
> Reviewed-by: Dandan Bi <dandan.bi@intel.com>
>
> -----Original Message-----
> From: Tan, Ming <ming.tan@intel.com>
> Sent: Tuesday, April 2, 2024 4:32 PM
> To: devel@edk2.groups.io
> Cc: Xu, Min M <min.m.xu@intel.com>; Yao, Jiewen <jiewen.yao@intel.com>; Bi,
> Dandan <dandan.bi@intel.com>; POLUDOV, FELIX <felixp@ami.com>
> Subject: [PATCH v4] SecurityPkg/SecureBootConfigDxe: Update UI according to
> UEFI spec
>
> REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4713
>
> In UEFI_Spec_2_10_Aug29.pdf page 1694 section 35.5.4 for
> EFI_BROWSER_ACTION_FORM_OPEN:
> NOTE: EFI_FORM_BROWSER2_PROTOCOL.BrowserCallback() cannot be used
> with this browser action because question values have not been retrieved yet.
>
> So should not call HiiGetBrowserData() and HiiSetBrowserData() in FORM_OPEN
> call back function.
>
> Now call SecureBootExtractConfigFromVariable() and update
> IfrNvData->ListCount to save the change to EFI variable, then HII use
> IfrNvData->EFI
> variable to control the UI.
>
> Cc: Min Xu <min.m.xu@intel.com>
> Cc: Jiewen Yao <jiewen.yao@intel.com>
> Cc: Dandan Bi <dandan.bi@intel.com>
> Cc: Felix Polyudov <Felixp@ami.com>
> Signed-off-by: Ming Tan <ming.tan@intel.com>
> ---
> PR: https://github.com/tianocore/edk2/pull/5411
>
> V4: Fix a Cc issue of miss a space.
> V3: According to Dandan Bi's feedback, does not call
> SecureBootExtractConfigFromVariable() at last, but call it as needed.
> And add more code for update IfrNvData->ListCount.
> V2: Change code style to pass uncrustify check.
>
> .../SecureBootConfigImpl.c | 42 +++++++++++--------
> 1 file changed, 25 insertions(+), 17 deletions(-)
>
> diff --git
> a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigIm
> pl.c
> b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigIm
> pl.c
> index 2c11129526..6d4560c39b 100644
> ---
> a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigIm
> pl.c
> +++ b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootCo
> +++ nfigImpl.c
> @@ -3366,6 +3366,8 @@ SecureBootExtractConfigFromVariable (
> ConfigData->FileEnrollType = UNKNOWN_FILE_TYPE; } + ConfigData-
> >ListCount = Private->ListCount;+ // // If it is Physical Presence User, set the
> PhysicalPresent to true. //@@ -4541,12 +4543,13 @@ SecureBootCallback (
> EFI_HII_POPUP_PROTOCOL *HiiPopup; EFI_HII_POPUP_SELECTION
> UserSelection; - Status = EFI_SUCCESS;- SecureBootEnable = NULL;-
> SecureBootMode = NULL;- SetupMode = NULL;- File = NULL;-
> EnrollKeyErrorCode = None_Error;+ Status = EFI_SUCCESS;+
> SecureBootEnable = NULL;+ SecureBootMode = NULL;+ SetupMode
> = NULL;+ File = NULL;+ EnrollKeyErrorCode = None_Error;+
> GetBrowserDataResult = FALSE; if ((This == NULL) || (Value == NULL) ||
> (ActionRequest == NULL)) { return EFI_INVALID_PARAMETER;@@ -4565,15
> +4568,12 @@ SecureBootCallback (
> return EFI_OUT_OF_RESOURCES; } - GetBrowserDataResult =
> HiiGetBrowserData (&gSecureBootConfigFormSetGuid,
> mSecureBootStorageName, BufferSize, (UINT8 *)IfrNvData);- if (Action ==
> EFI_BROWSER_ACTION_FORM_OPEN) { if (QuestionId ==
> KEY_SECURE_BOOT_MODE) { // // Update secure boot strings when
> opening this form //- Status = UpdateSecureBootString (Private);-
> SecureBootExtractConfigFromVariable (Private, IfrNvData);+ Status =
> UpdateSecureBootString (Private); mIsEnterSecureBootForm = TRUE; } else
> { //@@ -4587,23 +4587,22 @@ SecureBootCallback (
> (QuestionId == KEY_SECURE_BOOT_DBT_OPTION))
> { CloseEnrolledFile (Private->FileContext);- } else if (QuestionId ==
> KEY_SECURE_BOOT_DELETE_ALL_LIST) {- //- // Update ListCount field in
> varstore- // Button "Delete All Signature List" is- // enable when ListCount
> is greater than 0.- //- IfrNvData->ListCount = Private->ListCount; } }
> goto EXIT; } + GetBrowserDataResult = HiiGetBrowserData
> (&gSecureBootConfigFormSetGuid, mSecureBootStorageName, BufferSize,
> (UINT8 *)IfrNvData);+ if (Action == EFI_BROWSER_ACTION_RETRIEVE)
> { Status = EFI_UNSUPPORTED; if (QuestionId == KEY_SECURE_BOOT_MODE)
> { if (mIsEnterSecureBootForm) {+ if (GetBrowserDataResult) {+
> SecureBootExtractConfigFromVariable (Private, IfrNvData);+ }+ Value-
> >u8 = SECURE_BOOT_MODE_STANDARD; Status = EFI_SUCCESS; }@@ -
> 4764,6 +4763,8 @@ SecureBootCallback (
> L"Only Physical Presence User could delete PK in custom mode!",
> NULL );+ } else {+ SecureBootExtractConfigFromVariable
> (Private, IfrNvData); } } }@@ -4827,6 +4828,7 @@
> SecureBootCallback (
> SECUREBOOT_DELETE_SIGNATURE_LIST_FORM,
> OPTION_SIGNATURE_LIST_QUESTION_ID );+ IfrNvData->ListCount =
> Private->ListCount; break; //@@ -4851,6 +4853,7 @@
> SecureBootCallback (
> SECUREBOOT_DELETE_SIGNATURE_LIST_FORM,
> OPTION_SIGNATURE_LIST_QUESTION_ID );+ IfrNvData->ListCount =
> Private->ListCount; break; //@@ -4875,6 +4878,7 @@
> SecureBootCallback (
> SECUREBOOT_DELETE_SIGNATURE_LIST_FORM,
> OPTION_SIGNATURE_LIST_QUESTION_ID );+ IfrNvData->ListCount =
> Private->ListCount; break; case
> SECUREBOOT_DELETE_SIGNATURE_FROM_DBT:@@ -4954,6 +4958,8 @@
> SecureBootCallback (
> L"Only supports DER-encoded X509 certificate, AUTH_2 format data &
> executable EFI image", NULL );+ } else {+ IfrNvData-
> >ListCount = Private->ListCount; } break;@@ -5005,6 +5011,8 @@
> SecureBootCallback (
> PromptString, NULL );+ } else {+
> SecureBootExtractConfigFromVariable (Private, IfrNvData); } break;--
> 2.31.1.windows.1
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#117473): https://edk2.groups.io/g/devel/message/117473
Mute This Topic: https://groups.io/mt/105284072/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-
prev parent reply other threads:[~2024-04-07 3:52 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-04-02 8:32 [edk2-devel] [PATCH v4] SecurityPkg/SecureBootConfigDxe: Update UI according to UEFI spec Tan, Ming
2024-04-04 15:21 ` Felix Polyudov via groups.io
2024-04-07 2:07 ` Dandan Bi
2024-04-07 3:52 ` Yao, Jiewen [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=MW4SPRMB008404DB59E34391210E7F178C012@MW4SPRMB0084.namprd11.prod.outlook.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox