Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

WIP 645-human-readable-uefi-secure-boot-key-enrollment-menu #149

Open
wants to merge 2 commits into
base: dasharo
Choose a base branch
from

Conversation

philipandag
Copy link
Contributor

No description provided.

@philipandag philipandag force-pushed the 645-human-readable-uefi-secure-boot-key-enrollment-menu branch from 0de6ca7 to 10c2fe6 Compare July 5, 2024 11:11
@philipandag philipandag changed the base branch from rebased to dasharo July 5, 2024 11:11
@philipandag philipandag force-pushed the 645-human-readable-uefi-secure-boot-key-enrollment-menu branch 5 times, most recently from 3a038b0 to be95d53 Compare July 5, 2024 12:44
@philipandag philipandag changed the base branch from dasharo to rebased July 8, 2024 05:48
@philipandag philipandag force-pushed the 645-human-readable-uefi-secure-boot-key-enrollment-menu branch 2 times, most recently from eff2ef1 to aaa71f9 Compare July 9, 2024 09:39
@philipandag philipandag marked this pull request as ready for review July 10, 2024 06:41
@philipandag philipandag marked this pull request as draft July 10, 2024 06:42
@philipandag philipandag force-pushed the 645-human-readable-uefi-secure-boot-key-enrollment-menu branch 2 times, most recently from 76092d3 to 004460d Compare July 10, 2024 10:39
@philipandag philipandag self-assigned this Jul 12, 2024
@philipandag philipandag marked this pull request as ready for review July 12, 2024 10:18
@philipandag philipandag requested a review from mkopec July 12, 2024 10:18
@philipandag
Copy link
Contributor Author

Most commits were not accepted as verified. I will try to fix it now/

@philipandag philipandag force-pushed the 645-human-readable-uefi-secure-boot-key-enrollment-menu branch 2 times, most recently from 441b34c to 13edd18 Compare July 15, 2024 12:02
@philipandag philipandag requested a review from mkopec July 15, 2024 12:05

// There is AsciiStrnToUnicodeStrS function to do that but it
// can't be used in place and allocating another
// AllocateZeroPool(100) fails with EFI_OUT_OF_RESOURCES
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If AllocateZeroPool(100) return EFI_OUT_OF_RESOURCES then everything should simply fall apart. There are plenty of places where AllocateZeroPool is used, so there must be something wrong going on here.

Copy link
Contributor Author

@philipandag philipandag Jul 16, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Maybe, that was an hypothesis i had because the certificate entries were not wrong, the list was not rendered at all, even the help on the right side. I copied the usage of AllocateZeroPool from this function, including the GOTO statement and figured that GOTO must be causing the rendering to be skipped. I should have stated that it is just a hypothesis, I did not confirm that was the cause of the error.

Either way it works fine now. Should I rewrite this using AsciiStrnToUnicodeStrS and a second buffer instead?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@philipandag Yes, let's try that

@philipandag philipandag force-pushed the 645-human-readable-uefi-secure-boot-key-enrollment-menu branch 2 times, most recently from 14c8a3b to 798523f Compare July 16, 2024 10:36
@philipandag philipandag force-pushed the 645-human-readable-uefi-secure-boot-key-enrollment-menu branch from 2c80d9c to 16be91a Compare August 2, 2024 06:23
@philipandag philipandag force-pushed the 645-human-readable-uefi-secure-boot-key-enrollment-menu branch 2 times, most recently from e8109af to 071648b Compare August 2, 2024 06:42
@philipandag
Copy link
Contributor Author

We have decided to use the X509GetCommonName function instead of X509GetSubjectName. The first one returns an ascii string which can be directly converted to unicode and displayed. The latter returns an array of bytes (UINT8) which needs to be further converted to useful text which is troublesome when using the AsciiStrToUnicodeStrS function. The feature now works on delete pages od KEK and DB keys.
image
image

@mkopec
Copy link
Member

mkopec commented Aug 7, 2024

@philipandag can you squash some of these commits? This will make dealing with this after merging (e.g. rebasing, resolving conflics) much easier down the line

@philipandag philipandag force-pushed the 645-human-readable-uefi-secure-boot-key-enrollment-menu branch from d22b913 to 19439bd Compare August 9, 2024 08:02
@philipandag
Copy link
Contributor Author

philipandag commented Aug 9, 2024

Squashed where it made sense. It seems that squashing broke the verification so another rebase is coming...

@philipandag philipandag force-pushed the 645-human-readable-uefi-secure-boot-key-enrollment-menu branch 2 times, most recently from 247fa70 to 265a269 Compare August 9, 2024 08:15
@philipandag philipandag changed the title 645-human-readable-uefi-secure-boot-key-enrollment-menu WIP 645-human-readable-uefi-secure-boot-key-enrollment-menu Aug 14, 2024
@philipandag philipandag force-pushed the 645-human-readable-uefi-secure-boot-key-enrollment-menu branch from 77bb1c7 to 65398da Compare August 14, 2024 13:12
@miczyg1 miczyg1 changed the base branch from rebased to dasharo November 7, 2024 10:16
@filipleple filipleple force-pushed the 645-human-readable-uefi-secure-boot-key-enrollment-menu branch from 58764c5 to c8bce61 Compare November 14, 2024 13:34
@filipleple filipleple assigned filipleple and unassigned philipandag Nov 14, 2024
@filipleple filipleple force-pushed the 645-human-readable-uefi-secure-boot-key-enrollment-menu branch from f69624d to ecf3f5e Compare November 19, 2024 10:48
if ((QuestionId == KEY_SECURE_BOOT_PK_OPTION)){
CloseEnrolledFile (Private->FileContext);

GetVariable2 (EFI_PLATFORM_KEY_NAME, &gEfiGlobalVariableGuid, (VOID **)&Pk, NULL);
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is Pk even needed here? I think (VOID **)&PkList should work just as good.

PkList = (EFI_SIGNATURE_LIST *)Pk;
Pk = NULL;

UINTN cnSize = 100;
Copy link
Contributor

@krystian-hebel krystian-hebel Nov 19, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is there a reason why this is set to 100?

X509GetCommonName() can return the required size by passing NULL as CommonName, that size could be then used to allocate the buffers and X509GetCommonName() can then be repeated with CommonName set to allocated buffer.

Alternatively, this length can be set to whatever fits in GUI (e.g. if multi-line name could impact test automation), but then we would have to somehow mark when the rest was truncated, e.g. by appending ... at the end, but then it may skip the important parts after generic company name.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Human readable UEFI Secure Boot key enrollment menu
5 participants