Update the secure boot configuration UI to accept *.crt certificate file.

Signed-off-by: Fu Siyuan <siyuan.fu@intel.com> Reviewed-by: Dong Guo <guo.dong@intel.com> Reviewed-by: Ye Ting <ting.ye@intel.com> git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13546 6f19259b-4bc3-4df7-8a09-765794883524
author: sfu5 <sfu5@6f19259b-4bc3-4df7-8a09-765794883524> 2012-07-23 01:03:53 +0000
committer: sfu5 <sfu5@6f19259b-4bc3-4df7-8a09-765794883524> 2012-07-23 01:03:53 +0000
commit: e4d7370d18f01ca5081e283c9c993075f5eed197 (patch)
tree: 99756eced4569f710e12a3affc77446d4a7e3c5e /SecurityPkg/VariableAuthenticated
parent: 32177f69c40f81a8cdb2033c422f3c76f57945e5 (diff)
1 files changed, 52 insertions, 10 deletions
diff --git a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.c b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.c
index ee78ff74b..eed2c2c13 100644
--- a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.c
+++ b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.c
@@ -68,8 +68,9 @@ HASH_TABLE mHash[] = {
   { L"SHA512", 64, &mHashOidValue[40], 9, NULL,                NULL,       NULL,          NULL       }
 };
 
-
-// Variable Definitions                                           
+//
+// Variable Definitions 
+//                                          
 UINT32            mPeCoffHeaderOffset = 0;
 WIN_CERTIFICATE   *mCertificate = NULL;
 IMAGE_TYPE        mImageType;
@@ -81,6 +82,39 @@ EFI_GUID          mCertType;
 EFI_IMAGE_SECURITY_DATA_DIRECTORY    *mSecDataDir = NULL;
 EFI_IMAGE_OPTIONAL_HEADER_PTR_UNION  mNtHeader;
 
+//
+// Possible DER-encoded certificate file suffixes, end with NULL pointer.
+//
+CHAR16* mDerEncodedSuffix[] = {
+  L".cer",
+  L".der",
+  L".crt",
+  NULL
+};
+CHAR16* mSupportX509Suffix = L"*.cer/der/crt";
+
+/**
+  This code checks if the FileSuffix is one of the possible DER-encoded certificate suffix.
+
+  @param[in] FileSuffix            The suffix of the input certificate file
+
+  @retval    TRUE           It's a DER-encoded certificate.
+  @retval    FALSE          It's NOT a DER-encoded certificate.
+
+**/
+BOOLEAN
+IsDerEncodeCertificate (
+  IN CONST CHAR16         *FileSuffix
+)
+{
+  UINTN     Index; 
+  for (Index = 0; mDerEncodedSuffix[Index] != NULL; Index++) {
+    if (StrCmp (FileSuffix, mDerEncodedSuffix[Index]) == 0) {
+      return TRUE;
+    }
+  }
+  return FALSE;
+}
 
 /**
   Set Secure Boot option into variable space.
@@ -347,11 +381,11 @@ EnrollPlatformKey (
   PkCert = NULL;
 
   //
-  // Parse the file's postfix. Only support DER encoded X.509 certificate files (*.cer or *.der).
+  // Parse the file's postfix. Only support DER encoded X.509 certificate files.
   //
   FilePostFix = Private->FileContext->FileName + StrLen (Private->FileContext->FileName) - 4;
-  if ((CompareMem (FilePostFix, L".cer",4) != 0) && (CompareMem (FilePostFix, L".der",4) != 0)) {
-    DEBUG ((EFI_D_ERROR, "Unsupported file type, only DER encoded certificate file (*.cer or *.der) is supported."));
+  if (!IsDerEncodeCertificate(FilePostFix)) {
+    DEBUG ((EFI_D_ERROR, "Unsupported file type, only DER encoded certificate (%s) is supported.", mSupportX509Suffix));
     return EFI_INVALID_PARAMETER;
   }
   DEBUG ((EFI_D_INFO, "FileName= %s\n", Private->FileContext->FileName));
@@ -738,11 +772,11 @@ EnrollKeyExchangeKey (
   }
 
   //
-  // Parse the file's postfix. Supports .cer and .der file as X509 certificate, 
+  // Parse the file's postfix. Supports DER-encoded X509 certificate, 
   // and .pbk as RSA public key file.
   //
   FilePostFix = Private->FileContext->FileName + StrLen (Private->FileContext->FileName) - 4;
-  if ((CompareMem (FilePostFix, L".cer",4) == 0) || (CompareMem (FilePostFix, L".der",4) == 0)) {
+  if (IsDerEncodeCertificate(FilePostFix)) {
     return EnrollX509ToKek (Private);
   } else if (CompareMem (FilePostFix, L".pbk",4) == 0) {
     return EnrollRsa2048ToKek (Private);
@@ -1483,9 +1517,9 @@ EnrollSignatureDatabase (
   // Parse the file's postfix. 
   //
   FilePostFix = Private->FileContext->FileName + StrLen (Private->FileContext->FileName) - 4;
-  if ((CompareMem (FilePostFix, L".cer",4) == 0) || (CompareMem (FilePostFix, L".der",4) == 0)) {
+  if (IsDerEncodeCertificate(FilePostFix)) {
     //
-    // Supports .cer and .der file as X509 certificate.
+    // Supports DER-encoded X509 certificate.
     //
     return EnrollX509toSigDB (Private, VariableName);
   }
@@ -2321,6 +2355,7 @@ SecureBootCallback (
   SECUREBOOT_CONFIGURATION        *IfrNvData;
   UINT16                          LabelId;
   UINT8                           *SecureBootEnable;
+  CHAR16                          PromptString[100];
 
   SecureBootEnable = NULL;
 
@@ -2509,11 +2544,18 @@ SecureBootCallback (
       break;  
     case KEY_VALUE_SAVE_AND_EXIT_PK:
       Status = EnrollPlatformKey (Private);
+      UnicodeSPrint (
+        PromptString,
+        sizeof (PromptString),
+        L"Only DER encoded certificate file (%s) is supported.",
+        mSupportX509Suffix
+        );
       if (EFI_ERROR (Status)) {
         CreatePopUp (
           EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE,
           &Key,
-          L"ERROR: Unsupported file type, only DER encoded certificate file (*.cer or *.der) is supported!",
+          L"ERROR: Unsupported file type!",
+          PromptString,
           NULL
           );
       } else {
author	sfu5 <sfu5@6f19259b-4bc3-4df7-8a09-765794883524>	2012-07-23 01:03:53 +0000
committer	sfu5 <sfu5@6f19259b-4bc3-4df7-8a09-765794883524>	2012-07-23 01:03:53 +0000
commit	e4d7370d18f01ca5081e283c9c993075f5eed197 (patch)
tree	99756eced4569f710e12a3affc77446d4a7e3c5e /SecurityPkg/VariableAuthenticated
parent	32177f69c40f81a8cdb2033c422f3c76f57945e5 (diff)