Commit 5202f80c authored by Mathieu Trudel-Lapierre's avatar Mathieu Trudel-Lapierre Committed by Peter Jones

Rework looping in enter_mok_menu(), to allow multiple MOK changes

Rather than looping once through the possible actions (MokNew, MokDel, etc.),
revise the logic so that instead of rebooting immediately we get back to the
main menu setting a flag to replace "Continue booting" with a proper reboot.

Getting back to the menu means we can go make other changes before rebooting.
For instance, you might want to enable validation, but beforehand you also
need to enroll a MOK. You can already do so from userland; except the requests
were cleared as soon as one of them was processed.

This involves some extra cleanup of the states to avoid running the same
request more than once, removing the option from the menu once it's done, and
changing prompting functions to return an EFI_STATUS so we can better track
whether the process has succeeded.
Signed-off-by: default avatarMathieu Trudel-Lapierre <mathieu.trudel-lapierre@canonical.com>
parent 81b28b7e
......@@ -786,6 +786,14 @@ static void console_restore_mode (SIMPLE_TEXT_OUTPUT_MODE *SavedMode)
SavedMode->Attribute);
}
static INTN reset_system ()
{
uefi_call_wrapper(RT->ResetSystem, 4, EfiResetWarm,
EFI_SUCCESS, 0, NULL);
console_notify(L"Failed to reboot\n");
return -1;
}
static UINT32 get_password (CHAR16 *prompt, CHAR16 *password, UINT32 max)
{
SIMPLE_TEXT_OUTPUT_MODE SavedMode;
......@@ -1016,7 +1024,7 @@ static EFI_STATUS store_keys (void *MokNew, UINTN MokNewSize, int authenticate,
return EFI_SUCCESS;
}
static INTN mok_enrollment_prompt (void *MokNew, UINTN MokNewSize, int auth,
static EFI_STATUS mok_enrollment_prompt (void *MokNew, UINTN MokNewSize, int auth,
BOOLEAN MokX)
{
EFI_GUID shim_lock_guid = SHIM_LOCK_GUID;
......@@ -1028,17 +1036,18 @@ static INTN mok_enrollment_prompt (void *MokNew, UINTN MokNewSize, int auth,
else
title = L"[Enroll MOK]";
if (list_keys(MokNew, MokNewSize, title) != EFI_SUCCESS)
return 0;
efi_status = list_keys(MokNew, MokNewSize, title);
if (efi_status != EFI_SUCCESS)
return efi_status;
if (console_yes_no((CHAR16 *[]){L"Enroll the key(s)?", NULL}) == 0)
return 0;
return EFI_ABORTED;
efi_status = store_keys(MokNew, MokNewSize, auth, MokX);
if (efi_status != EFI_SUCCESS) {
console_notify(L"Failed to enroll keys\n");
return -1;
return efi_status;
}
if (auth) {
......@@ -1049,18 +1058,15 @@ static INTN mok_enrollment_prompt (void *MokNew, UINTN MokNewSize, int auth,
LibDeleteVariable(L"MokNew", &shim_lock_guid);
LibDeleteVariable(L"MokAuth", &shim_lock_guid);
}
console_notify(L"The system must now be rebooted");
uefi_call_wrapper(RT->ResetSystem, 4, EfiResetWarm,
EFI_SUCCESS, 0, NULL);
console_notify(L"Failed to reboot");
return -1;
}
return 0;
if (MokNew)
FreePool (MokNew);
return EFI_SUCCESS;
}
static INTN mok_reset_prompt (BOOLEAN MokX)
static EFI_STATUS mok_reset_prompt (BOOLEAN MokX)
{
EFI_GUID shim_lock_guid = SHIM_LOCK_GUID;
EFI_STATUS efi_status;
......@@ -1073,13 +1079,13 @@ static INTN mok_reset_prompt (BOOLEAN MokX)
else
prompt = L"Erase all stored keys in MokList?";
if (console_yes_no((CHAR16 *[]){prompt, NULL }) == 0)
return 0;
return EFI_ABORTED;
efi_status = store_keys(NULL, 0, TRUE, MokX);
if (efi_status != EFI_SUCCESS) {
console_notify(L"Failed to erase keys\n");
return -1;
return efi_status;
}
if (MokX) {
......@@ -1090,11 +1096,7 @@ static INTN mok_reset_prompt (BOOLEAN MokX)
LibDeleteVariable(L"MokAuth", &shim_lock_guid);
}
console_notify(L"The system must now be rebooted");
uefi_call_wrapper(RT->ResetSystem, 4, EfiResetWarm,
EFI_SUCCESS, 0, NULL);
console_notify(L"Failed to reboot\n");
return -1;
return EFI_SUCCESS;
}
static EFI_STATUS write_back_mok_list (MokListNode *list, INTN key_num,
......@@ -1427,7 +1429,7 @@ error:
return efi_status;
}
static INTN mok_deletion_prompt (void *MokDel, UINTN MokDelSize, BOOLEAN MokX)
static EFI_STATUS mok_deletion_prompt (void *MokDel, UINTN MokDelSize, BOOLEAN MokX)
{
EFI_GUID shim_lock_guid = SHIM_LOCK_GUID;
EFI_STATUS efi_status;
......@@ -1438,18 +1440,18 @@ static INTN mok_deletion_prompt (void *MokDel, UINTN MokDelSize, BOOLEAN MokX)
else
title = L"[Delete MOK]";
if (list_keys(MokDel, MokDelSize, title) != EFI_SUCCESS) {
return 0;
}
efi_status = list_keys(MokDel, MokDelSize, title);
if (efi_status != EFI_SUCCESS)
return efi_status;
if (console_yes_no((CHAR16 *[]){L"Delete the key(s)?", NULL}) == 0)
return 0;
if (console_yes_no((CHAR16 *[]){L"Delete the key(s)?", NULL}) == 0)
return EFI_ABORTED;
efi_status = delete_keys(MokDel, MokDelSize, MokX);
if (efi_status != EFI_SUCCESS) {
console_notify(L"Failed to delete keys");
return -1;
return efi_status;
}
if (MokX) {
......@@ -1460,11 +1462,10 @@ static INTN mok_deletion_prompt (void *MokDel, UINTN MokDelSize, BOOLEAN MokX)
LibDeleteVariable(L"MokDelAuth", &shim_lock_guid);
}
console_notify(L"The system must now be rebooted");
uefi_call_wrapper(RT->ResetSystem, 4, EfiResetWarm,
EFI_SUCCESS, 0, NULL);
console_notify(L"Failed to reboot");
return -1;
if (MokDel)
FreePool(MokDel);
return EFI_SUCCESS;
}
static CHAR16 get_password_charater (CHAR16 *prompt)
......@@ -1494,7 +1495,7 @@ static CHAR16 get_password_charater (CHAR16 *prompt)
return character;
}
static INTN mok_sb_prompt (void *MokSB, UINTN MokSBSize) {
static EFI_STATUS mok_sb_prompt (void *MokSB, UINTN MokSBSize) {
EFI_GUID shim_lock_guid = SHIM_LOCK_GUID;
EFI_STATUS efi_status;
SIMPLE_TEXT_OUTPUT_MODE SavedMode;
......@@ -1509,7 +1510,7 @@ static INTN mok_sb_prompt (void *MokSB, UINTN MokSBSize) {
if (MokSBSize != sizeof(MokSBvar)) {
console_notify(L"Invalid MokSB variable contents");
return -1;
return EFI_INVALID_PARAMETER;
}
uefi_call_wrapper(ST->ConOut->ClearScreen, 1, ST->ConOut);
......@@ -1538,7 +1539,7 @@ static INTN mok_sb_prompt (void *MokSB, UINTN MokSBSize) {
str = PoolPrint(L"Enter password character %d: ", pos1 + 1);
if (!str) {
console_errorbox(L"Failed to allocate buffer");
return -1;
return EFI_OUT_OF_RESOURCES;
}
pass1 = get_password_charater(str);
FreePool(str);
......@@ -1546,7 +1547,7 @@ static INTN mok_sb_prompt (void *MokSB, UINTN MokSBSize) {
str = PoolPrint(L"Enter password character %d: ", pos2 + 1);
if (!str) {
console_errorbox(L"Failed to allocate buffer");
return -1;
return EFI_OUT_OF_RESOURCES;
}
pass2 = get_password_charater(str);
FreePool(str);
......@@ -1554,7 +1555,7 @@ static INTN mok_sb_prompt (void *MokSB, UINTN MokSBSize) {
str = PoolPrint(L"Enter password character %d: ", pos3 + 1);
if (!str) {
console_errorbox(L"Failed to allocate buffer");
return -1;
return EFI_OUT_OF_RESOURCES;
}
pass3 = get_password_charater(str);
FreePool(str);
......@@ -1571,7 +1572,7 @@ static INTN mok_sb_prompt (void *MokSB, UINTN MokSBSize) {
if (fail_count >= 3) {
console_notify(L"Password limit reached");
return -1;
return EFI_ACCESS_DENIED;
}
if (var->MokSBState == 0)
......@@ -1581,7 +1582,7 @@ static INTN mok_sb_prompt (void *MokSB, UINTN MokSBSize) {
if (ret == 0) {
LibDeleteVariable(L"MokSB", &shim_lock_guid);
return -1;
return EFI_ABORTED;
}
if (var->MokSBState == 0) {
......@@ -1593,7 +1594,7 @@ static INTN mok_sb_prompt (void *MokSB, UINTN MokSBSize) {
1, &sbval);
if (efi_status != EFI_SUCCESS) {
console_notify(L"Failed to set Secure Boot state");
return -1;
return efi_status;
}
} else {
efi_status = uefi_call_wrapper(RT->SetVariable,
......@@ -1604,18 +1605,17 @@ static INTN mok_sb_prompt (void *MokSB, UINTN MokSBSize) {
0, NULL);
if (efi_status != EFI_SUCCESS) {
console_notify(L"Failed to delete Secure Boot state");
return -1;
return efi_status;
}
}
console_notify(L"The system must now be rebooted");
uefi_call_wrapper(RT->ResetSystem, 4, EfiResetWarm,
EFI_SUCCESS, 0, NULL);
console_notify(L"Failed to reboot");
return -1;
if (MokSB)
FreePool(MokSB);
return EFI_SUCCESS;
}
static INTN mok_db_prompt (void *MokDB, UINTN MokDBSize) {
static EFI_STATUS mok_db_prompt (void *MokDB, UINTN MokDBSize) {
EFI_GUID shim_lock_guid = SHIM_LOCK_GUID;
EFI_STATUS efi_status;
SIMPLE_TEXT_OUTPUT_MODE SavedMode;
......@@ -1630,7 +1630,7 @@ static INTN mok_db_prompt (void *MokDB, UINTN MokDBSize) {
if (MokDBSize != sizeof(MokDBvar)) {
console_notify(L"Invalid MokDB variable contents");
return -1;
return EFI_INVALID_PARAMETER;
}
uefi_call_wrapper(ST->ConOut->ClearScreen, 1, ST->ConOut);
......@@ -1659,7 +1659,7 @@ static INTN mok_db_prompt (void *MokDB, UINTN MokDBSize) {
str = PoolPrint(L"Enter password character %d: ", pos1 + 1);
if (!str) {
console_errorbox(L"Failed to allocate buffer");
return -1;
return EFI_OUT_OF_RESOURCES;
}
pass1 = get_password_charater(str);
FreePool(str);
......@@ -1667,7 +1667,7 @@ static INTN mok_db_prompt (void *MokDB, UINTN MokDBSize) {
str = PoolPrint(L"Enter password character %d: ", pos2 + 1);
if (!str) {
console_errorbox(L"Failed to allocate buffer");
return -1;
return EFI_OUT_OF_RESOURCES;
}
pass2 = get_password_charater(str);
FreePool(str);
......@@ -1675,7 +1675,7 @@ static INTN mok_db_prompt (void *MokDB, UINTN MokDBSize) {
str = PoolPrint(L"Enter password character %d: ", pos3 + 1);
if (!str) {
console_errorbox(L"Failed to allocate buffer");
return -1;
return EFI_OUT_OF_RESOURCES;
}
pass3 = get_password_charater(str);
FreePool(str);
......@@ -1692,7 +1692,7 @@ static INTN mok_db_prompt (void *MokDB, UINTN MokDBSize) {
if (fail_count >= 3) {
console_notify(L"Password limit reached");
return -1;
return EFI_ACCESS_DENIED;
}
if (var->MokDBState == 0)
......@@ -1702,7 +1702,7 @@ static INTN mok_db_prompt (void *MokDB, UINTN MokDBSize) {
if (ret == 0) {
LibDeleteVariable(L"MokDB", &shim_lock_guid);
return -1;
return EFI_ABORTED;
}
if (var->MokDBState == 0) {
......@@ -1714,7 +1714,7 @@ static INTN mok_db_prompt (void *MokDB, UINTN MokDBSize) {
1, &dbval);
if (efi_status != EFI_SUCCESS) {
console_notify(L"Failed to set DB state");
return -1;
return efi_status;
}
} else {
efi_status = uefi_call_wrapper(RT->SetVariable, 5,
......@@ -1725,18 +1725,17 @@ static INTN mok_db_prompt (void *MokDB, UINTN MokDBSize) {
0, NULL);
if (efi_status != EFI_SUCCESS) {
console_notify(L"Failed to delete DB state");
return -1;
return efi_status;
}
}
console_notify(L"The system must now be rebooted");
uefi_call_wrapper(RT->ResetSystem, 4, EfiResetWarm,
EFI_SUCCESS, 0, NULL);
console_notify(L"Failed to reboot");
return -1;
if (MokDB)
FreePool(MokDB);
return EFI_SUCCESS;
}
static INTN mok_pw_prompt (void *MokPW, UINTN MokPWSize) {
static EFI_STATUS mok_pw_prompt (void *MokPW, UINTN MokPWSize) {
EFI_GUID shim_lock_guid = SHIM_LOCK_GUID;
EFI_STATUS efi_status;
UINT8 hash[PASSWORD_CRYPT_SIZE];
......@@ -1744,7 +1743,7 @@ static INTN mok_pw_prompt (void *MokPW, UINTN MokPWSize) {
if (MokPWSize != SHA256_DIGEST_SIZE && MokPWSize != PASSWORD_CRYPT_SIZE) {
console_notify(L"Invalid MokPW variable contents");
return -1;
return EFI_INVALID_PARAMETER;
}
uefi_call_wrapper(ST->ConOut->ClearScreen, 1, ST->ConOut);
......@@ -1761,19 +1760,14 @@ static INTN mok_pw_prompt (void *MokPW, UINTN MokPWSize) {
if (clear) {
if (console_yes_no((CHAR16 *[]){L"Clear MOK password?", NULL}) == 0)
return 0;
return EFI_ABORTED;
uefi_call_wrapper(RT->SetVariable, 5, L"MokPWStore",
&shim_lock_guid,
EFI_VARIABLE_NON_VOLATILE
| EFI_VARIABLE_BOOTSERVICE_ACCESS,
0, NULL);
LibDeleteVariable(L"MokPW", &shim_lock_guid);
console_notify(L"The system must now be rebooted");
uefi_call_wrapper(RT->ResetSystem, 4, EfiResetWarm, EFI_SUCCESS, 0,
NULL);
console_notify(L"Failed to reboot");
return -1;
goto mokpw_done;
}
if (MokPWSize == PASSWORD_CRYPT_SIZE) {
......@@ -1786,11 +1780,11 @@ static INTN mok_pw_prompt (void *MokPW, UINTN MokPWSize) {
if (efi_status != EFI_SUCCESS) {
console_notify(L"Password limit reached");
return -1;
return efi_status;
}
if (console_yes_no((CHAR16 *[]){L"Set MOK password?", NULL}) == 0)
return 0;
return EFI_ABORTED;
efi_status = uefi_call_wrapper(RT->SetVariable, 5,
L"MokPWStore",
......@@ -1800,16 +1794,16 @@ static INTN mok_pw_prompt (void *MokPW, UINTN MokPWSize) {
MokPWSize, MokPW);
if (efi_status != EFI_SUCCESS) {
console_notify(L"Failed to set MOK password");
return -1;
return efi_status;
}
mokpw_done:
LibDeleteVariable(L"MokPW", &shim_lock_guid);
console_notify(L"The system must now be rebooted");
uefi_call_wrapper(RT->ResetSystem, 4, EfiResetWarm, EFI_SUCCESS, 0,
NULL);
console_notify(L"Failed to reboot");
return -1;
if (MokPW)
FreePool(MokPW);
return EFI_SUCCESS;
}
static BOOLEAN verify_certificate(UINT8 *cert, UINTN size)
......@@ -1921,7 +1915,7 @@ static EFI_STATUS enroll_file (void *data, UINTN datasize, BOOLEAN hash)
goto out;
}
mok_enrollment_prompt(mokbuffer, mokbuffersize, FALSE, FALSE);
status = mok_enrollment_prompt(mokbuffer, mokbuffersize, FALSE, FALSE);
out:
if (mokbuffer)
FreePool(mokbuffer);
......@@ -1929,7 +1923,7 @@ out:
return status;
}
static void mok_hash_enroll(void)
static EFI_STATUS mok_hash_enroll(void)
{
EFI_STATUS efi_status;
CHAR16 *file_name = NULL;
......@@ -1948,13 +1942,13 @@ static void mok_hash_enroll(void)
}, L"\\", L"", &file_name);
if (!file_name)
return;
return EFI_INVALID_PARAMETER;
efi_status = simple_file_open(im, file_name, &file, EFI_FILE_MODE_READ);
if (efi_status != EFI_SUCCESS) {
console_error(L"Unable to open file", efi_status);
return;
return efi_status;
}
simple_file_read_all(file, &filesize, &data);
......@@ -1962,7 +1956,7 @@ static void mok_hash_enroll(void)
if (!filesize) {
console_error(L"Unable to read file", efi_status);
return;
return EFI_BAD_BUFFER_SIZE;
}
efi_status = enroll_file(data, filesize, TRUE);
......@@ -1971,6 +1965,8 @@ static void mok_hash_enroll(void)
console_error(L"Hash failed (did you select a valid EFI binary?)", efi_status);
FreePool(data);
return efi_status;
}
static CHAR16 *der_suffix[] = {
......@@ -2001,7 +1997,7 @@ static BOOLEAN check_der_suffix (CHAR16 *file_name)
return FALSE;
}
static void mok_key_enroll(void)
static EFI_STATUS mok_key_enroll(void)
{
EFI_STATUS efi_status;
CHAR16 *file_name = NULL;
......@@ -2020,7 +2016,7 @@ static void mok_key_enroll(void)
}, L"\\", L"", &file_name);
if (!file_name)
return;
return EFI_INVALID_PARAMETER;
if (!check_der_suffix(file_name)) {
console_alertbox((CHAR16 *[]){
......@@ -2028,14 +2024,14 @@ static void mok_key_enroll(void)
L"",
L"Only DER encoded certificate (*.cer/der/crt) is supported",
NULL});
return;
return EFI_UNSUPPORTED;
}
efi_status = simple_file_open(im, file_name, &file, EFI_FILE_MODE_READ);
if (efi_status != EFI_SUCCESS) {
console_error(L"Unable to open file", efi_status);
return;
return efi_status;
}
simple_file_read_all(file, &filesize, &data);
......@@ -2043,11 +2039,13 @@ static void mok_key_enroll(void)
if (!filesize) {
console_error(L"Unable to read file", efi_status);
return;
return EFI_BAD_BUFFER_SIZE;
}
enroll_file(data, filesize, FALSE);
efi_status = enroll_file(data, filesize, FALSE);
FreePool(data);
return efi_status;
}
static BOOLEAN verify_pw(BOOLEAN *protected)
......@@ -2154,7 +2152,7 @@ static int draw_countdown()
}
typedef enum {
MOK_CONTINUE_BOOT,
MOK_BOOT,
MOK_RESET_MOK,
MOK_RESET_MOKX,
MOK_ENROLL_MOK,
......@@ -2168,6 +2166,15 @@ typedef enum {
MOK_HASH_ENROLL
} mok_menu_item;
static void free_menu(mok_menu_item *menu_item, CHAR16 **menu_strings)
{
if (menu_strings)
FreePool(menu_strings);
if (menu_item)
FreePool(menu_item);
}
static EFI_STATUS enter_mok_menu(EFI_HANDLE image_handle,
void *MokNew, UINTN MokNewSize,
void *MokDel, UINTN MokDelSize,
......@@ -2180,11 +2187,7 @@ static EFI_STATUS enter_mok_menu(EFI_HANDLE image_handle,
CHAR16 **menu_strings;
mok_menu_item *menu_item;
int choice = 0;
UINT32 MokAuth = 0;
UINT32 MokDelAuth = 0;
UINT32 MokXAuth = 0;
UINT32 MokXDelAuth = 0;
UINTN menucount = 3, i = 0;
int mok_changed = 0;
EFI_STATUS efi_status;
EFI_GUID shim_lock_guid = SHIM_LOCK_GUID;
UINT8 auth[PASSWORD_CRYPT_SIZE];
......@@ -2196,142 +2199,151 @@ static EFI_STATUS enter_mok_menu(EFI_HANDLE image_handle,
if (verify_pw(&protected) == FALSE)
return EFI_ACCESS_DENIED;
efi_status = uefi_call_wrapper(RT->GetVariable, 5, L"MokAuth",
&shim_lock_guid,
&attributes, &auth_size, auth);
if (protected == FALSE && draw_countdown() == 0)
goto out;
if ((efi_status == EFI_SUCCESS) &&
(auth_size == SHA256_DIGEST_SIZE || auth_size == PASSWORD_CRYPT_SIZE))
MokAuth = 1;
while (choice >= 0) {
UINTN menucount = 3, i = 0;
UINT32 MokAuth = 0;
UINT32 MokDelAuth = 0;
UINT32 MokXAuth = 0;
UINT32 MokXDelAuth = 0;
efi_status = uefi_call_wrapper(RT->GetVariable, 5, L"MokDelAuth",
&shim_lock_guid,
&attributes, &auth_size, auth);
efi_status = uefi_call_wrapper(RT->GetVariable, 5, L"MokAuth",
&shim_lock_guid,
&attributes, &auth_size, auth);
if ((efi_status == EFI_SUCCESS) &&
(auth_size == SHA256_DIGEST_SIZE || auth_size == PASSWORD_CRYPT_SIZE))
MokDelAuth = 1;
if ((efi_status == EFI_SUCCESS) &&
(auth_size == SHA256_DIGEST_SIZE || auth_size == PASSWORD_CRYPT_SIZE))
MokAuth = 1;
efi_status = uefi_call_wrapper(RT->GetVariable, 5, L"MokXAuth",
&shim_lock_guid,
&attributes, &auth_size, auth);
efi_status = uefi_call_wrapper(RT->GetVariable, 5, L"MokDelAuth",
&shim_lock_guid,
&attributes, &auth_size, auth);
if ((efi_status == EFI_SUCCESS) &&
(auth_size == SHA256_DIGEST_SIZE || auth_size == PASSWORD_CRYPT_SIZE))
MokXAuth = 1;
if ((efi_status == EFI_SUCCESS) &&
(auth_size == SHA256_DIGEST_SIZE || auth_size == PASSWORD_CRYPT_SIZE))
MokDelAuth = 1;
efi_status = uefi_call_wrapper(RT->GetVariable, 5, L"MokXDelAuth",
&shim_lock_guid,
&attributes, &auth_size, auth);
efi_status = uefi_call_wrapper(RT->GetVariable, 5, L"MokXAuth",
&shim_lock_guid,
&attributes, &auth_size, auth);
if ((efi_status == EFI_SUCCESS) &&
(auth_size == SHA256_DIGEST_SIZE || auth_size == PASSWORD_CRYPT_SIZE))
MokXDelAuth = 1;
if ((efi_status == EFI_SUCCESS) &&
(auth_size == SHA256_DIGEST_SIZE || auth_size == PASSWORD_CRYPT_SIZE))
MokXAuth = 1;
if (MokNew || MokAuth)
menucount++;
efi_status = uefi_call_wrapper(RT->GetVariable, 5, L"MokXDelAuth",
&shim_lock_guid,
&attributes, &auth_size, auth);
if (MokDel || MokDelAuth)
menucount++;
if ((efi_status == EFI_SUCCESS) &&
(auth_size == SHA256_DIGEST_SIZE || auth_size == PASSWORD_CRYPT_SIZE))
MokXDelAuth = 1;
if (MokXNew || MokXAuth)
menucount++;
if (MokNew || MokAuth)
menucount++;
if (MokXDel || MokXDelAuth)
menucount++;
if (MokDel || MokDelAuth)
menucount++;
if (MokSB)
menucount++;
if (MokXNew || MokXAuth)
menucount++;
if (MokPW)
menucount++;
if (MokXDel || MokXDelAuth)
menucount++;
if (MokDB)
menucount++;
if (MokSB)
menucount++;
menu_strings = AllocateZeroPool(sizeof(CHAR16 *) * (menucount + 1));
if (MokPW)
menucount++;
if (!menu_strings)
return EFI_OUT_OF_RESOURCES;
if (MokDB)
menucount++;
menu_item = AllocateZeroPool(sizeof(mok_menu_item) * menucount);
menu_strings = AllocateZeroPool(sizeof(CHAR16 *) * (menucount + 1));
if (!menu_item) {
FreePool(menu_strings);
return EFI_OUT_OF_RESOURCES;
}
if (!menu_strings)
return EFI_OUT_OF_RESOURCES;
menu_strings[i] = L"Continue boot";
menu_item[i] = MOK_CONTINUE_BOOT;
menu_item = AllocateZeroPool(sizeof(mok_menu_item) * menucount);
i++;
if (MokNew || MokAuth) {
if (!MokNew) {
menu_strings[i] = L"Reset MOK";
menu_item[i] = MOK_RESET_MOK;
} else {
menu_strings[i] = L"Enroll MOK";
menu_item[i] = MOK_ENROLL_MOK;
if (!menu_item) {
FreePool(menu_strings);
return EFI_OUT_OF_RESOURCES;
}
i++;
}
if (MokDel || MokDelAuth) {
menu_strings[i] = L"Delete MOK";
menu_item[i] = MOK_DELETE_MOK;
if (mok_changed)
menu_strings[i] = L"Reboot";
else
menu_strings[i] = L"Continue boot";
menu_item[i] = MOK_BOOT;
i++;
}
if (MokXNew || MokXAuth) {
if (!MokXNew) {
menu_strings[i] = L"Reset MOKX";
menu_item[i] = MOK_RESET_MOKX;
} else {
menu_strings[i] = L"Enroll MOKX";
menu_item[i] = MOK_ENROLL_MOKX;
if (MokNew || MokAuth) {
if (!MokNew) {
menu_strings[i] = L"Reset MOK";
menu_item[i] = MOK_RESET_MOK;
} else {
menu_strings[i] = L"Enroll MOK";
menu_item[i] = MOK_ENROLL_MOK;
}
i++;
}
i++;
}
if (MokXDel || MokXDelAuth) {
menu_strings[i] = L"Delete MOKX";
menu_item[i] = MOK_DELETE_MOKX;
i++;
}
if (MokDel || MokDelAuth) {
menu_strings[i] = L"Delete MOK";
menu_item[i] = MOK_DELETE_MOK;
i++;
}
if (MokSB) {
menu_strings[i] = L"Change Secure Boot state";
menu_item[i] = MOK_CHANGE_SB;
i++;
}
if (MokXNew || MokXAuth) {
if (!MokXNew) {
menu_strings[i] = L"Reset MOKX";
menu_item[i] = MOK_RESET_MOKX;
} else {
menu_strings[i] = L"Enroll MOKX";
menu_item[i] = MOK_ENROLL_MOKX;
}
i++;
}
if (MokPW) {
menu_strings[i] = L"Set MOK password";
menu_item[i] = MOK_SET_PW;
i++;
}
if (MokXDel || MokXDelAuth) {
menu_strings[i] = L"Delete MOKX";
menu_item[i] = MOK_DELETE_MOKX;
i++;
}
if (MokDB) {
menu_strings[i] = L"Change DB state";
menu_item[i] = MOK_CHANGE_DB;
i++;
}
if (MokSB) {
menu_strings[i] = L"Change Secure Boot state";
menu_item[i] = MOK_CHANGE_SB;
i++;
}
menu_strings[i] = L"Enroll key from disk";
menu_item[i] = MOK_KEY_ENROLL;
i++;
if (MokPW) {
menu_strings[i] = L"Set MOK password";
menu_item[i] = MOK_SET_PW;