sravan/system76-edk2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

UEFI 2.4 X509 Certificate Hash and RFC3161 Timestamp Verification support for Secure Boot

Browse Source 
Main ChangeLogs includes:
1. Introduce the new GUID and structure definitions for certificate hash and timestamp support;
2. Update Image Verification Library to support DBT signature checking;
3. Update the related SecureBoot Configuration Pages;

Contributed-under: TianoCore Contribution Agreement 1.0

Signed-off-by: Qin Long <qin.long@intel.com> 
Reviewed-by: Guo Dong <guo.dong@intel.com>
Reviewed-by: Siyuan Fu <siyuan.fu@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16380 6f19259b-4bc3-4df7-8a09-765794883524
This commit is contained in:
Qin Long
2014-11-14 08:41:12 +00:00
committed by qlong
parent 2e70cf8ade
commit 20333c6d56
14 changed files with 1972 additions and 588 deletions
Download Patch File Download Diff File Expand all files Collapse all files

40
SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigFileExplorer.c
View File

@@ -65,7 +65,7 @@ StrDuplicate (
}
/**
Helper function called as part of the code needed to allocate
Helper function called as part of the code needed to allocate
the proper sized buffer for various EFI interfaces.
@param[in, out] Status Current status
@@ -122,7 +122,7 @@ GrowBuffer (
}
/**
Append file name to existing file name, and allocate a new buffer
Append file name to existing file name, and allocate a new buffer
to hold the appended result.
@param[in] Str1 The existing file name
@@ -149,7 +149,7 @@ AppendFileName (
Str = AllocateZeroPool (Size1 + Size2 + sizeof (CHAR16));
ASSERT (Str != NULL);
TmpStr = AllocateZeroPool (Size1 + Size2 + sizeof (CHAR16));
TmpStr = AllocateZeroPool (Size1 + Size2 + sizeof (CHAR16));
ASSERT (TmpStr != NULL);
StrCat (Str, Str1);
@@ -170,7 +170,7 @@ AppendFileName (
//
//
// Use TmpStr as a backup, as StrCpy in BaseLib does not handle copy of two strings
// Use TmpStr as a backup, as StrCpy in BaseLib does not handle copy of two strings
// that overlap.
//
StrCpy (TmpStr, Ptr + 3);
@@ -182,7 +182,7 @@ AppendFileName (
//
//
// Use TmpStr as a backup, as StrCpy in BaseLib does not handle copy of two strings
// Use TmpStr as a backup, as StrCpy in BaseLib does not handle copy of two strings
// that overlap.
//
StrCpy (TmpStr, Ptr + 2);
@@ -196,7 +196,7 @@ AppendFileName (
}
FreePool (TmpStr);
return Str;
}
@@ -354,7 +354,7 @@ DestroyMenuEntry (
Free resources allocated in Allocate Rountine.
@param[in, out] MenuOption Menu to be freed
**/
VOID
FreeMenu (
@@ -459,7 +459,7 @@ FileSystemVolumeLabelInfo (
This function opens a file with the open mode according to the file path. The
Attributes is valid only for EFI_FILE_MODE_CREATE.
@param[in, out] FilePath On input, the device path to the file.
@param[in, out] FilePath On input, the device path to the file.
On output, the remaining device path.
@param[out] FileHandle Pointer to the file handle.
@param[in] OpenMode The mode to open the file with.
@@ -495,7 +495,7 @@ OpenFileByDevicePath(
EFI_SIMPLE_FILE_SYSTEM_PROTOCOL *EfiSimpleFileSystemProtocol;
EFI_FILE_PROTOCOL *Handle1;
EFI_FILE_PROTOCOL *Handle2;
EFI_HANDLE DeviceHandle;
EFI_HANDLE DeviceHandle;
if ((FilePath == NULL || FileHandle == NULL)) {
return EFI_INVALID_PARAMETER;
@@ -816,7 +816,7 @@ FindFileSystem (
if (NoSimpleFsHandles != 0) {
FreePool (SimpleFsHandle);
}
//
// Remember how many file system options are here
//
@@ -826,7 +826,7 @@ FindFileSystem (
/**
Find files under the current directory. All files and sub-directories
Find files under the current directory. All files and sub-directories
in current directory will be stored in DirectoryMenu for future use.
@param[in] MenuEntry The Menu Entry.
@@ -892,7 +892,7 @@ FindFiles (
if (DirInfo == NULL) {
return EFI_OUT_OF_RESOURCES;
}
//
// Get all files in current directory
// Pass 1 to get Directories
@@ -934,7 +934,7 @@ FindFiles (
NewFileContext->FileName
);
NewMenuEntry->HelpString = NULL;
NewFileContext->IsDir = (BOOLEAN) ((DirInfo->Attribute & EFI_FILE_DIRECTORY) == EFI_FILE_DIRECTORY);
if (NewFileContext->IsDir) {
BufferSize = StrLen (DirInfo->FileName) * 2 + 6;
@@ -977,7 +977,7 @@ RefreshUpdateData (
{
//
// Free current updated date
//
//
if (mStartOpCodeHandle != NULL) {
HiiFreeOpCodeHandle (mStartOpCodeHandle);
}
@@ -1032,6 +1032,9 @@ UpdateFileExplorePage (
} else if (FeCurrentState == FileExplorerStateEnrollSignatureFileToDbx) {
FormId = SECUREBOOT_ENROLL_SIGNATURE_TO_DBX;
FileFormId = FORM_FILE_EXPLORER_ID_DBX;
} else if (FeCurrentState == FileExplorerStateEnrollSignatureFileToDbt) {
FormId = SECUREBOOT_ENROLL_SIGNATURE_TO_DBT;
FileFormId = FORM_FILE_EXPLORER_ID_DBT;
} else {
return;
}
@@ -1118,7 +1121,7 @@ UpdateFileExplorer (
//
FreeMenu (&FsOptionMenu);
FindFileSystem ();
CreateMenuStringToken (PrivateData->HiiHandle, &FsOptionMenu);
UpdateFileExplorePage (PrivateData->HiiHandle, &FsOptionMenu, PrivateData->FeCurrentState);
@@ -1156,13 +1159,15 @@ UpdateFileExplorer (
FormId = SECUREBOOT_ENROLL_SIGNATURE_TO_DB;
} else if (PrivateData->FeCurrentState == FileExplorerStateEnrollSignatureFileToDbx) {
FormId = SECUREBOOT_ENROLL_SIGNATURE_TO_DBX;
} else if (PrivateData->FeCurrentState == FileExplorerStateEnrollSignatureFileToDbt) {
FormId = SECUREBOOT_ENROLL_SIGNATURE_TO_DBT;
} else {
return FALSE;
}
PrivateData->MenuEntry = NewMenuEntry;
PrivateData->FileContext->FileName = NewFileContext->FileName;
TmpDevicePath = NewFileContext->DevicePath;
OpenFileByDevicePath (
&TmpDevicePath,
@@ -1200,7 +1205,7 @@ OnExit:
}
/**
Clean up the dynamic opcode at label and form specified by both LabelId.
Clean up the dynamic opcode at label and form specified by both LabelId.
@param[in] LabelId It is both the Form ID and Label ID for opcode deletion.
@param[in] PrivateData Module private data.
@@ -1226,4 +1231,3 @@ CleanUpPage (
mEndOpCodeHandle // LABEL_END
);
}