diff options
3 files changed, 46 insertions, 1 deletions
diff --git a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfig.vfr b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfig.vfr index ae4b71bffd..656befbb44 100644 --- a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfig.vfr +++ b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfig.vfr @@ -43,8 +43,10 @@ formset //
suppressif TRUE;
checkbox varid = SECUREBOOT_CONFIGURATION.HideSecureBoot,
+ questionid = KEY_HIDE_SECURE_BOOT,
prompt = STRING_TOKEN(STR_NULL),
help = STRING_TOKEN(STR_NULL),
+ flags = INTERACTIVE,
endcheckbox;
endif;
diff --git a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.c b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.c index 51da86b6fd..3084f3364e 100644 --- a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.c +++ b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.c @@ -2378,6 +2378,11 @@ SecureBootRouteConfig ( OUT EFI_STRING *Progress
)
{
+ UINT8 *SecureBootEnable;
+ SECUREBOOT_CONFIGURATION IfrNvData;
+ UINTN BufferSize;
+ EFI_STATUS Status;
+
if (Configuration == NULL || Progress == NULL) {
return EFI_INVALID_PARAMETER;
}
@@ -2387,6 +2392,31 @@ SecureBootRouteConfig ( return EFI_NOT_FOUND;
}
+ BufferSize = sizeof (SECUREBOOT_CONFIGURATION);
+ Status = gHiiConfigRouting->ConfigToBlock (
+ gHiiConfigRouting,
+ Configuration,
+ (UINT8 *)&IfrNvData,
+ &BufferSize,
+ Progress
+ );
+ if (EFI_ERROR (Status)) {
+ return Status;
+ }
+
+ //
+ // Store Buffer Storage back to EFI variable if needed
+ //
+ SecureBootEnable = NULL;
+ GetVariable2 (EFI_SECURE_BOOT_ENABLE_NAME, &gEfiSecureBootEnableDisableGuid, (VOID**)&SecureBootEnable, NULL);
+ if (NULL != SecureBootEnable) {
+ FreePool (SecureBootEnable);
+ Status = SaveSecureBootVariable (IfrNvData.AttemptSecureBoot);
+ if (EFI_ERROR (Status)) {
+ return Status;
+ }
+ }
+
*Progress = Configuration + StrLen (Configuration);
return EFI_SUCCESS;
}
@@ -2445,7 +2475,8 @@ SecureBootCallback ( if ((Action != EFI_BROWSER_ACTION_CHANGED) &&
(Action != EFI_BROWSER_ACTION_CHANGING) &&
- (Action != EFI_BROWSER_ACTION_FORM_CLOSE)) {
+ (Action != EFI_BROWSER_ACTION_FORM_CLOSE) &&
+ (Action != EFI_BROWSER_ACTION_DEFAULT_STANDARD)) {
return EFI_UNSUPPORTED;
}
@@ -2733,6 +2764,17 @@ SecureBootCallback ( }
break;
}
+ } else if (Action == EFI_BROWSER_ACTION_DEFAULT_STANDARD) {
+ if (QuestionId == KEY_HIDE_SECURE_BOOT) {
+ GetVariable2 (EFI_SECURE_BOOT_ENABLE_NAME, &gEfiSecureBootEnableDisableGuid, (VOID**)&SecureBootEnable, NULL);
+ if (SecureBootEnable == NULL) {
+ IfrNvData->HideSecureBoot = TRUE;
+ } else {
+ FreePool (SecureBootEnable);
+ IfrNvData->HideSecureBoot = FALSE;
+ }
+ Value->b = IfrNvData->HideSecureBoot;
+ }
} else if (Action == EFI_BROWSER_ACTION_FORM_CLOSE) {
//
// Force the platform back to Standard Mode once user leave the setup screen.
diff --git a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigNvData.h b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigNvData.h index ea43192900..c15869a625 100644 --- a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigNvData.h +++ b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigNvData.h @@ -55,6 +55,7 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. #define KEY_VALUE_NO_SAVE_AND_EXIT_KEK 0x1009
#define KEY_VALUE_SAVE_AND_EXIT_DBX 0x100a
#define KEY_VALUE_NO_SAVE_AND_EXIT_DBX 0x100b
+#define KEY_HIDE_SECURE_BOOT 0x100c
#define KEY_SECURE_BOOT_OPTION 0x1100
#define KEY_SECURE_BOOT_PK_OPTION 0x1101
|