diff options
author | sfu5 <sfu5@6f19259b-4bc3-4df7-8a09-765794883524> | 2012-07-23 01:03:53 +0000 |
---|---|---|
committer | sfu5 <sfu5@6f19259b-4bc3-4df7-8a09-765794883524> | 2012-07-23 01:03:53 +0000 |
commit | e4d7370d18f01ca5081e283c9c993075f5eed197 (patch) | |
tree | 99756eced4569f710e12a3affc77446d4a7e3c5e /SecurityPkg/VariableAuthenticated | |
parent | 32177f69c40f81a8cdb2033c422f3c76f57945e5 (diff) | |
download | edk2-platforms-e4d7370d18f01ca5081e283c9c993075f5eed197.tar.xz |
Update the secure boot configuration UI to accept *.crt certificate file.
Signed-off-by: Fu Siyuan <siyuan.fu@intel.com>
Reviewed-by: Dong Guo <guo.dong@intel.com>
Reviewed-by: Ye Ting <ting.ye@intel.com>
git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13546 6f19259b-4bc3-4df7-8a09-765794883524
Diffstat (limited to 'SecurityPkg/VariableAuthenticated')
-rw-r--r-- | SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.c | 62 |
1 files changed, 52 insertions, 10 deletions
diff --git a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.c b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.c index ee78ff74b1..eed2c2c138 100644 --- a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.c +++ b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.c @@ -68,8 +68,9 @@ HASH_TABLE mHash[] = { { L"SHA512", 64, &mHashOidValue[40], 9, NULL, NULL, NULL, NULL }
};
-
-// Variable Definitions
+//
+// Variable Definitions
+//
UINT32 mPeCoffHeaderOffset = 0;
WIN_CERTIFICATE *mCertificate = NULL;
IMAGE_TYPE mImageType;
@@ -81,6 +82,39 @@ EFI_GUID mCertType; EFI_IMAGE_SECURITY_DATA_DIRECTORY *mSecDataDir = NULL;
EFI_IMAGE_OPTIONAL_HEADER_PTR_UNION mNtHeader;
+//
+// Possible DER-encoded certificate file suffixes, end with NULL pointer.
+//
+CHAR16* mDerEncodedSuffix[] = {
+ L".cer",
+ L".der",
+ L".crt",
+ NULL
+};
+CHAR16* mSupportX509Suffix = L"*.cer/der/crt";
+
+/**
+ This code checks if the FileSuffix is one of the possible DER-encoded certificate suffix.
+
+ @param[in] FileSuffix The suffix of the input certificate file
+
+ @retval TRUE It's a DER-encoded certificate.
+ @retval FALSE It's NOT a DER-encoded certificate.
+
+**/
+BOOLEAN
+IsDerEncodeCertificate (
+ IN CONST CHAR16 *FileSuffix
+)
+{
+ UINTN Index;
+ for (Index = 0; mDerEncodedSuffix[Index] != NULL; Index++) {
+ if (StrCmp (FileSuffix, mDerEncodedSuffix[Index]) == 0) {
+ return TRUE;
+ }
+ }
+ return FALSE;
+}
/**
Set Secure Boot option into variable space.
@@ -347,11 +381,11 @@ EnrollPlatformKey ( PkCert = NULL;
//
- // Parse the file's postfix. Only support DER encoded X.509 certificate files (*.cer or *.der).
+ // Parse the file's postfix. Only support DER encoded X.509 certificate files.
//
FilePostFix = Private->FileContext->FileName + StrLen (Private->FileContext->FileName) - 4;
- if ((CompareMem (FilePostFix, L".cer",4) != 0) && (CompareMem (FilePostFix, L".der",4) != 0)) {
- DEBUG ((EFI_D_ERROR, "Unsupported file type, only DER encoded certificate file (*.cer or *.der) is supported."));
+ if (!IsDerEncodeCertificate(FilePostFix)) {
+ DEBUG ((EFI_D_ERROR, "Unsupported file type, only DER encoded certificate (%s) is supported.", mSupportX509Suffix));
return EFI_INVALID_PARAMETER;
}
DEBUG ((EFI_D_INFO, "FileName= %s\n", Private->FileContext->FileName));
@@ -738,11 +772,11 @@ EnrollKeyExchangeKey ( }
//
- // Parse the file's postfix. Supports .cer and .der file as X509 certificate,
+ // Parse the file's postfix. Supports DER-encoded X509 certificate,
// and .pbk as RSA public key file.
//
FilePostFix = Private->FileContext->FileName + StrLen (Private->FileContext->FileName) - 4;
- if ((CompareMem (FilePostFix, L".cer",4) == 0) || (CompareMem (FilePostFix, L".der",4) == 0)) {
+ if (IsDerEncodeCertificate(FilePostFix)) {
return EnrollX509ToKek (Private);
} else if (CompareMem (FilePostFix, L".pbk",4) == 0) {
return EnrollRsa2048ToKek (Private);
@@ -1483,9 +1517,9 @@ EnrollSignatureDatabase ( // Parse the file's postfix.
//
FilePostFix = Private->FileContext->FileName + StrLen (Private->FileContext->FileName) - 4;
- if ((CompareMem (FilePostFix, L".cer",4) == 0) || (CompareMem (FilePostFix, L".der",4) == 0)) {
+ if (IsDerEncodeCertificate(FilePostFix)) {
//
- // Supports .cer and .der file as X509 certificate.
+ // Supports DER-encoded X509 certificate.
//
return EnrollX509toSigDB (Private, VariableName);
}
@@ -2321,6 +2355,7 @@ SecureBootCallback ( SECUREBOOT_CONFIGURATION *IfrNvData;
UINT16 LabelId;
UINT8 *SecureBootEnable;
+ CHAR16 PromptString[100];
SecureBootEnable = NULL;
@@ -2509,11 +2544,18 @@ SecureBootCallback ( break;
case KEY_VALUE_SAVE_AND_EXIT_PK:
Status = EnrollPlatformKey (Private);
+ UnicodeSPrint (
+ PromptString,
+ sizeof (PromptString),
+ L"Only DER encoded certificate file (%s) is supported.",
+ mSupportX509Suffix
+ );
if (EFI_ERROR (Status)) {
CreatePopUp (
EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE,
&Key,
- L"ERROR: Unsupported file type, only DER encoded certificate file (*.cer or *.der) is supported!",
+ L"ERROR: Unsupported file type!",
+ PromptString,
NULL
);
} else {
|