sravan/system76-edk2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Update the secure boot configuration UI to accept *.crt certificate file.

Browse Source 
Signed-off-by: Fu Siyuan <siyuan.fu@intel.com>
Reviewed-by: Dong Guo <guo.dong@intel.com>
Reviewed-by: Ye Ting <ting.ye@intel.com>

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13546 6f19259b-4bc3-4df7-8a09-765794883524
This commit is contained in:
sfu5
2012-07-23 01:03:53 +00:00
parent 32177f69c4
commit e4d7370d18
1 changed files with 52 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

62
SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.c
View File

@ -68,8 +68,9 @@ HASH_TABLE mHash[] = {
{ L"SHA512", 64, &mHashOidValue[40], 9, NULL, NULL, NULL, NULL } { L"SHA512", 64, &mHashOidValue[40], 9, NULL, NULL, NULL, NULL }
}; };
//
// Variable Definitions // Variable Definitions
//
UINT32 mPeCoffHeaderOffset = 0; UINT32 mPeCoffHeaderOffset = 0;
WIN_CERTIFICATE *mCertificate = NULL; WIN_CERTIFICATE *mCertificate = NULL;
IMAGE_TYPE mImageType; IMAGE_TYPE mImageType;
@ -81,6 +82,39 @@ EFI_GUID mCertType;
EFI_IMAGE_SECURITY_DATA_DIRECTORY *mSecDataDir = NULL; EFI_IMAGE_SECURITY_DATA_DIRECTORY *mSecDataDir = NULL;
EFI_IMAGE_OPTIONAL_HEADER_PTR_UNION mNtHeader; EFI_IMAGE_OPTIONAL_HEADER_PTR_UNION mNtHeader;
//
// Possible DER-encoded certificate file suffixes, end with NULL pointer.
//
CHAR16* mDerEncodedSuffix[] = {
L".cer",
L".der",
L".crt",
NULL
};
CHAR16* mSupportX509Suffix = L"*.cer/der/crt";
/**
This code checks if the FileSuffix is one of the possible DER-encoded certificate suffix.
@param[in] FileSuffix The suffix of the input certificate file
@retval TRUE It's a DER-encoded certificate.
@retval FALSE It's NOT a DER-encoded certificate.
**/
BOOLEAN
IsDerEncodeCertificate (
IN CONST CHAR16 *FileSuffix
)
{
UINTN Index;
for (Index = 0; mDerEncodedSuffix[Index] != NULL; Index++) {
if (StrCmp (FileSuffix, mDerEncodedSuffix[Index]) == 0) {
return TRUE;
}
}
return FALSE;
}
/** /**
Set Secure Boot option into variable space. Set Secure Boot option into variable space.
@ -347,11 +381,11 @@ EnrollPlatformKey (
PkCert = NULL; PkCert = NULL;
// //
// Parse the file's postfix. Only support DER encoded X.509 certificate files (*.cer or *.der). // Parse the file's postfix. Only support DER encoded X.509 certificate files.
// //
FilePostFix = Private->FileContext->FileName + StrLen (Private->FileContext->FileName) - 4; FilePostFix = Private->FileContext->FileName + StrLen (Private->FileContext->FileName) - 4;
if ((CompareMem (FilePostFix, L".cer",4) != 0) && (CompareMem (FilePostFix, L".der",4) != 0)) { if (!IsDerEncodeCertificate(FilePostFix)) {
DEBUG ((EFI_D_ERROR, "Unsupported file type, only DER encoded certificate file (*.cer or *.der) is supported.")); DEBUG ((EFI_D_ERROR, "Unsupported file type, only DER encoded certificate (%s) is supported.", mSupportX509Suffix));
return EFI_INVALID_PARAMETER; return EFI_INVALID_PARAMETER;
} }
DEBUG ((EFI_D_INFO, "FileName= %s\n", Private->FileContext->FileName)); DEBUG ((EFI_D_INFO, "FileName= %s\n", Private->FileContext->FileName));
@ -738,11 +772,11 @@ EnrollKeyExchangeKey (
} }
// //
// Parse the file's postfix. Supports .cer and .der file as X509 certificate, // Parse the file's postfix. Supports DER-encoded X509 certificate,
// and .pbk as RSA public key file. // and .pbk as RSA public key file.
// //
FilePostFix = Private->FileContext->FileName + StrLen (Private->FileContext->FileName) - 4; FilePostFix = Private->FileContext->FileName + StrLen (Private->FileContext->FileName) - 4;
if ((CompareMem (FilePostFix, L".cer",4) == 0) || (CompareMem (FilePostFix, L".der",4) == 0)) { if (IsDerEncodeCertificate(FilePostFix)) {
return EnrollX509ToKek (Private); return EnrollX509ToKek (Private);
} else if (CompareMem (FilePostFix, L".pbk",4) == 0) { } else if (CompareMem (FilePostFix, L".pbk",4) == 0) {
return EnrollRsa2048ToKek (Private); return EnrollRsa2048ToKek (Private);
@ -1483,9 +1517,9 @@ EnrollSignatureDatabase (
// Parse the file's postfix. // Parse the file's postfix.
// //
FilePostFix = Private->FileContext->FileName + StrLen (Private->FileContext->FileName) - 4; FilePostFix = Private->FileContext->FileName + StrLen (Private->FileContext->FileName) - 4;
if ((CompareMem (FilePostFix, L".cer",4) == 0) || (CompareMem (FilePostFix, L".der",4) == 0)) { if (IsDerEncodeCertificate(FilePostFix)) {
// //
// Supports .cer and .der file as X509 certificate. // Supports DER-encoded X509 certificate.
// //
return EnrollX509toSigDB (Private, VariableName); return EnrollX509toSigDB (Private, VariableName);
} }
@ -2321,6 +2355,7 @@ SecureBootCallback (
SECUREBOOT_CONFIGURATION *IfrNvData; SECUREBOOT_CONFIGURATION *IfrNvData;
UINT16 LabelId; UINT16 LabelId;
UINT8 *SecureBootEnable; UINT8 *SecureBootEnable;
CHAR16 PromptString[100];
SecureBootEnable = NULL; SecureBootEnable = NULL;
@ -2509,11 +2544,18 @@ SecureBootCallback (
break; break;
case KEY_VALUE_SAVE_AND_EXIT_PK: case KEY_VALUE_SAVE_AND_EXIT_PK:
Status = EnrollPlatformKey (Private); Status = EnrollPlatformKey (Private);
UnicodeSPrint (
PromptString,
sizeof (PromptString),
L"Only DER encoded certificate file (%s) is supported.",
mSupportX509Suffix
);
if (EFI_ERROR (Status)) { if (EFI_ERROR (Status)) {
CreatePopUp ( CreatePopUp (
EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE,
&Key, &Key,
L"ERROR: Unsupported file type, only DER encoded certificate file (*.cer or *.der) is supported!", L"ERROR: Unsupported file type!",
PromptString,
NULL NULL
); );
} else { } else {