From 30c8a73850b478042cc8e208298f37084940b9e7 Mon Sep 17 00:00:00 2001 From: Phil Noh Date: Wed, 11 Dec 2024 19:05:19 -0600 Subject: SecurityPkg/SecureBootConfigDxe: Enhance help in Delete Signature page Currently "Delete Signature" Setup page lists enrolled signatures and each signature is shown with signature GUID (prompt) and type (help). It is possible for some signatures to be shown with same signature GUID and type. In this case, it is difficult to identify the target signature to delete. The update enhances help information to distinguish signatures. Signed-off-by: Phil Noh --- .../SecureBootConfigDxe/SecureBootConfigImpl.c | 92 +++++++++++----------- 1 file changed, 46 insertions(+), 46 deletions(-) diff --git a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.c b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.c index 6d4560c39b..d4dc4e1402 100644 --- a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.c +++ b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.c @@ -1,6 +1,7 @@ /** @file HII Config Access protocol implementation of SecureBoot configuration module. +Copyright (C) 2024 Advanced Micro Devices, Inc. All rights reserved.
Copyright (c) 2011 - 2018, Intel Corporation. All rights reserved.
(C) Copyright 2018 Hewlett Packard Enterprise Development LP
SPDX-License-Identifier: BSD-2-Clause-Patent @@ -15,6 +16,14 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #include #include +EFI_STATUS +FormatHelpInfo ( + IN SECUREBOOT_CONFIG_PRIVATE_DATA *PrivateData, + IN EFI_SIGNATURE_LIST *ListEntry, + IN EFI_SIGNATURE_DATA *DataEntry, + OUT EFI_STRING_ID *StringId + ); + CHAR16 mSecureBootStorageName[] = L"SECUREBOOT_CONFIGURATION"; SECUREBOOT_CONFIG_PRIVATE_DATA mSecureBootConfigPrivateDateTemplate = { @@ -2619,55 +2628,46 @@ UpdateDeletePage ( GuidIndex = 0; while ((ItemDataSize > 0) && (ItemDataSize >= CertList->SignatureListSize)) { - if (CompareGuid (&CertList->SignatureType, &gEfiCertRsa2048Guid)) { - Help = STRING_TOKEN (STR_CERT_TYPE_RSA2048_SHA256_GUID); - } else if (CompareGuid (&CertList->SignatureType, &gEfiCertX509Guid)) { - Help = STRING_TOKEN (STR_CERT_TYPE_PCKS7_GUID); - } else if (CompareGuid (&CertList->SignatureType, &gEfiCertSha1Guid)) { - Help = STRING_TOKEN (STR_CERT_TYPE_SHA1_GUID); - } else if (CompareGuid (&CertList->SignatureType, &gEfiCertSha256Guid)) { - Help = STRING_TOKEN (STR_CERT_TYPE_SHA256_GUID); - } else if (CompareGuid (&CertList->SignatureType, &gEfiCertX509Sha256Guid)) { - Help = STRING_TOKEN (STR_CERT_TYPE_X509_SHA256_GUID); - } else if (CompareGuid (&CertList->SignatureType, &gEfiCertX509Sha384Guid)) { - Help = STRING_TOKEN (STR_CERT_TYPE_X509_SHA384_GUID); - } else if (CompareGuid (&CertList->SignatureType, &gEfiCertX509Sha512Guid)) { - Help = STRING_TOKEN (STR_CERT_TYPE_X509_SHA512_GUID); - } else { - // - // The signature type is not supported in current implementation. - // + if (CompareGuid (&CertList->SignatureType, &gEfiCertRsa2048Guid) || + CompareGuid (&CertList->SignatureType, &gEfiCertX509Guid) || + CompareGuid (&CertList->SignatureType, &gEfiCertSha1Guid) || + CompareGuid (&CertList->SignatureType, &gEfiCertSha256Guid) || + CompareGuid (&CertList->SignatureType, &gEfiCertX509Sha256Guid) || + CompareGuid (&CertList->SignatureType, &gEfiCertX509Sha384Guid) || + CompareGuid (&CertList->SignatureType, &gEfiCertX509Sha512Guid) + ) + { + CertCount = (CertList->SignatureListSize - sizeof (EFI_SIGNATURE_LIST) - CertList->SignatureHeaderSize) / CertList->SignatureSize; + for (Index = 0; Index < CertCount; Index++) { + Cert = (EFI_SIGNATURE_DATA *)((UINT8 *)CertList + + sizeof (EFI_SIGNATURE_LIST) + + CertList->SignatureHeaderSize + + Index * CertList->SignatureSize); + // + // Display GUID and help + // + GuidToString (&Cert->SignatureOwner, GuidStr, 100); + GuidID = HiiSetString (PrivateData->HiiHandle, 0, GuidStr, NULL); + + Status = FormatHelpInfo (PrivateData, CertList, Cert, &Help); + if (!EFI_ERROR (Status)) { + HiiCreateCheckBoxOpCode ( + StartOpCodeHandle, + (EFI_QUESTION_ID)(QuestionIdBase + GuidIndex++), + 0, + 0, + GuidID, + Help, + EFI_IFR_FLAG_CALLBACK, + 0, + NULL + ); + } + } + ItemDataSize -= CertList->SignatureListSize; CertList = (EFI_SIGNATURE_LIST *)((UINT8 *)CertList + CertList->SignatureListSize); - continue; } - - CertCount = (CertList->SignatureListSize - sizeof (EFI_SIGNATURE_LIST) - CertList->SignatureHeaderSize) / CertList->SignatureSize; - for (Index = 0; Index < CertCount; Index++) { - Cert = (EFI_SIGNATURE_DATA *)((UINT8 *)CertList - + sizeof (EFI_SIGNATURE_LIST) - + CertList->SignatureHeaderSize - + Index * CertList->SignatureSize); - // - // Display GUID and help - // - GuidToString (&Cert->SignatureOwner, GuidStr, 100); - GuidID = HiiSetString (PrivateData->HiiHandle, 0, GuidStr, NULL); - HiiCreateCheckBoxOpCode ( - StartOpCodeHandle, - (EFI_QUESTION_ID)(QuestionIdBase + GuidIndex++), - 0, - 0, - GuidID, - Help, - EFI_IFR_FLAG_CALLBACK, - 0, - NULL - ); - } - - ItemDataSize -= CertList->SignatureListSize; - CertList = (EFI_SIGNATURE_LIST *)((UINT8 *)CertList + CertList->SignatureListSize); } ON_EXIT: -- cgit