Merged PR 613: Minor cleanup and add Virutaliztion setting (limited)

Misspelling, line end blanks, and add a settings manager for DFCI Virtualization Settings
microsoft · Dec 28, 2018 · 21173ac · 21173ac
1 parent 967e323
commit 21173ac
Show file tree

Hide file tree

Showing 11 changed files with 574 additions and 40 deletions.
diff --git a/DfciPkg/Application/DfciMenu/DfciMenu.c b/DfciPkg/Application/DfciMenu/DfciMenu.c
@@ -519,7 +519,7 @@ GetDfciParameters (
 
         Status = GetASetting (DFCI_SETTING_ID__MDM_TENANT_NAME, &Name, &NameSize);
         if (!EFI_ERROR(Status) && (NameSize >= 1)) {
-            mDfciMenuConfiguration.DfciFriendlyName = TRUE;
+            mDfciMenuConfiguration.DfciTennantName = TRUE;
             SetStringEntry (STRING_TOKEN(STR_DFCI_MDM_TENANT_NAME), Name);
             DEBUG((DEBUG_INFO, "Dfci MDM.Tenant is enabled\n"));
         }
@@ -643,8 +643,9 @@ DfciMenuEntry(
 STATIC
 EFI_STATUS
 DisplayMessageBox (
+    EFI_STRING_ID MsgToken,
     IN EFI_STATUS StatusIn,
-    IN CHAR16    *MessageText
+    IN CHAR16    *MessageText  OPTIONAL
   ) {
 
     UINT32                    MessageBoxType;
@@ -656,10 +657,6 @@ DisplayMessageBox (
     DFCI_MB_RESULT            SwmResult;
 
 
-    if (NULL == MessageText) {
-        return EFI_INVALID_PARAMETER;
-    }
-
     MessageBoxType = DFCI_MB_OK;
     SwmResult = DFCI_MB_IDOK;
     pTitle   = HiiGetString(mDfciMenuPrivate.HiiHandle, STRING_TOKEN(STR_DFCI_MB_TITLE), NULL);
@@ -672,8 +669,8 @@ DisplayMessageBox (
         }
 
         pCaption = HiiGetString(mDfciMenuPrivate.HiiHandle, STRING_TOKEN(STR_DFCI_MB_CAPTION), NULL);
-        pBody    = HiiGetString(mDfciMenuPrivate.HiiHandle, STRING_TOKEN(STR_DFCI_MB_NEW_SETTINGS), NULL);
-        if (NULL != pBody) {
+        pBody    = HiiGetString(mDfciMenuPrivate.HiiHandle, MsgToken, NULL);
+        if ((NULL != pBody) && (NULL != MessageText)) {
             pTmp = AllocatePool(MAX_MSG_SIZE);
             if (NULL != pTmp) {
                 UnicodeSPrint(pTmp, MAX_MSG_SIZE, pBody, MessageText);
@@ -687,7 +684,7 @@ DisplayMessageBox (
 
     case EFI_NOT_FOUND:
         pBody    = HiiGetString(mDfciMenuPrivate.HiiHandle, STRING_TOKEN(STR_DFCI_MB_NOT_FOUND), NULL);
-        if (NULL != pBody) {
+        if ((NULL != pBody) && (NULL != MessageText)) {
             pTmp = AllocatePool(MAX_MSG_SIZE);
             if (NULL != pTmp) {
                 UnicodeSPrint(pTmp, MAX_MSG_SIZE, pBody, MessageText);
@@ -773,6 +770,10 @@ IssueDfciNetworkRequest (
     //
     EfiEventGroupSignal (&gDfciConfigStartEventGroupGuid);
 
+    // Platform Late Locking event.  For now, just signal
+    // ReadyToBoot().
+    EfiEventGroupSignal (&gEfiEventPreReadyToBootGuid);
+
     JsonString = NULL;
     DfciIdString = NULL;
     //
@@ -812,7 +813,7 @@ IssueDfciNetworkRequest (
     //
     Url = ConvertToCHAR16 (mDfciUrl);
 
-    DisplayMessageBox (Status, Url);
+    DisplayMessageBox (STRING_TOKEN(STR_DFCI_MB_NEW_SETTINGS), Status, Url);
 
     if (NULL != Url) {
         FreePool (Url);
@@ -844,6 +845,10 @@ IssueDfciUsbRequest (
     //
     EfiEventGroupSignal (&gDfciConfigStartEventGroupGuid);
 
+    // Platform Late Locking event.  For now, just signal
+    // ReadyToBoot().
+    EfiEventGroupSignal (&gEfiEventPreReadyToBootGuid);
+
     FileName = NULL;
     JsonString = NULL;
 
@@ -889,7 +894,7 @@ IssueDfciUsbRequest (
     //
     // Inform user that operation is complete
     //
-    DisplayMessageBox (Status, FileName);
+    DisplayMessageBox (STRING_TOKEN(STR_DFCI_MB_NEW_SETTINGS), Status, FileName);
 
     if (NULL != JsonString) {
         FreePool (JsonString);
@@ -995,6 +1000,7 @@ DriverCallback (
 
                 *ActionRequest = EFI_BROWSER_ACTION_REQUEST_SUBMIT;
                 Status = EFI_SUCCESS;
+                DisplayMessageBox (STRING_TOKEN(STR_DFCI_MB_OPT_CHANGE), Status, NULL);
                 break;
 
             case DFCI_MENU_ZUM_OPT_OUT_QUESTION_ID:
@@ -1005,6 +1011,7 @@ DriverCallback (
 
                 *ActionRequest = EFI_BROWSER_ACTION_REQUEST_SUBMIT;
                 Status = EFI_SUCCESS;
+                DisplayMessageBox (STRING_TOKEN(STR_DFCI_MB_OPT_CHANGE), Status, NULL);
                 break;
 
             default:

diff --git a/DfciPkg/Application/DfciMenu/DfciMenu.h b/DfciPkg/Application/DfciMenu/DfciMenu.h
@@ -72,6 +72,7 @@ typedef struct {
     UINT8    DfciUser1Enabled;
     UINT8    DfciUser2Enabled;
     UINT8    DfciFriendlyName;
+    UINT8    DfciTennantName;
     UINT8    DfciOptInChanged;
 } DFCI_MENU_CONFIGURATION;
 

diff --git a/DfciPkg/Application/DfciMenu/DfciMenu.inf b/DfciPkg/Application/DfciMenu/DfciMenu.inf
@@ -95,6 +95,7 @@
   gDfciSettingsGuid
   gDfciSettingsManagerVarNamespace
   gEfiBootManagerPolicyNetworkGuid
+  gEfiEventPreReadyToBootGuid
 
 [Protocols]
   gDfciAuthenticationProtocolGuid

diff --git a/DfciPkg/Application/DfciMenu/DfciMenuStrings.uni b/DfciPkg/Application/DfciMenu/DfciMenuStrings.uni
@@ -144,4 +144,6 @@ ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 
 #string STR_DFCI_MB_NOT_FOUND               #language en-US  "%s not found."
 
-#string STR_DFCI_MB_INTERNAL_ERROR          #language en-US  "Internal error. Code=%r."
+#string STR_DFCI_MB_INTERNAL_ERROR          #language en-US  "Internal error. Code=%r."
+
+#string STR_DFCI_MB_OPT_CHANGE              #language en-US  "ZTD Opt In changed. Restart now to apply the change."
diff --git a/DfciPkg/Application/DfciMenu/DfciMenuVfr.Vfr b/DfciPkg/Application/DfciMenu/DfciMenuVfr.Vfr
@@ -160,28 +160,32 @@ formset
                     help    = STRING_TOKEN(STR_NULL_STRING),                    // Subject:
                     text    = STRING_TOKEN(STR_DFCI_MANAGED_BY);
 
-                suppressif  ideqval DfciMenuConfig.DfciFriendlyName == 0x00;    // If no friendly name, just
+                suppressif  NOT ideqval DfciMenuConfig.DfciFriendlyName == 0x00; // If no friendly name, just
                     text
                         help    = STRING_TOKEN(STR_NULL_STRING),                // managed by owner
                         text    = STRING_TOKEN(STR_DFCI_OWNER_SUBJECT_FIELD);
                 endif;
 
-                suppressif  NOT ideqval DfciMenuConfig.DfciFriendlyName == 0x00; // If friendly name,
+                suppressif  ideqval DfciMenuConfig.DfciFriendlyName == 0x00;    // If friendly name,
                     text
                         help    = STRING_TOKEN(STR_NULL_STRING),                // managed by MDM
                         text    = STRING_TOKEN(STR_DFCI_MDM_FRIENDLY_NAME);
 
-                    subtitle
-                        text    = STRING_TOKEN(STR_NULL_STRING),                // Group of horizontal text blocks
-                        flags   = HORIZONTAL;
+                    suppressif  ideqval DfciMenuConfig.DfciTennantName == 0x00; // If Tennant Name name,
 
-                        text
-                            help    = STRING_TOKEN(STR_NULL_STRING),            // On behalf of MDM Tenant name
-                            text    = STRING_TOKEN(STR_DFCI_ON_BEHALF_OF);
+	                    subtitle
+	                        text    = STRING_TOKEN(STR_NULL_STRING),            // Group of horizontal text blocks
+	                        flags   = HORIZONTAL;
+
+	                        text
+	                            help    = STRING_TOKEN(STR_NULL_STRING),        // On behalf of MDM Tenant name
+	                            text    = STRING_TOKEN(STR_DFCI_ON_BEHALF_OF);
+
+	                        text
+	                            help    = STRING_TOKEN(STR_NULL_STRING),
+	                            text    = STRING_TOKEN(STR_DFCI_MDM_TENANT_NAME);
+	                endif;
 
-                        text
-                            help    = STRING_TOKEN(STR_NULL_STRING),
-                            text    = STRING_TOKEN(STR_DFCI_MDM_TENANT_NAME);
                 endif;
 
                 text

diff --git a/DfciPkg/DfciPkg.dsc b/DfciPkg/DfciPkg.dsc
@@ -90,6 +90,7 @@
   DfciUiSupportLib|DfciPkg/Library/DfciUiSupportLibNull/DfciUiSupportLibNull.inf
   DfciV1SupportLib|DfciPkg/Library/DfciV1SupportLibNull/DfciV1SupportLibNull.inf
   DfciSettingsLib|DfciPkg/Library/DfciSettingsLib/DfciSettingsLib.inf
+  DfciVirtualizationSettingsLib|DfciPkg/Library/DfciVirtualizationSettings/DfciVirtualizationSettings.inf
   ZeroTouchSettingsLib|ZeroTouchPkg/Library/ZeroTouchSettings/ZeroTouchSettings.inf
   JsonLiteParserLib|MsCorePkg/Library/JsonLiteParser/JsonLiteParser.inf
 
@@ -162,11 +163,13 @@
   DfciPkg/Library/DfciXmlSettingSchemaSupportLib/DfciXmlSettingSchemaSupportLib.inf
   DfciPkg/Library/DfciXmlDeviceIdSchemaSupportLib/DfciXmlDeviceIdSchemaSupportLib.inf
   DfciPkg/Library/DfciXmlIdentitySchemaSupportLib/DfciXmlIdentitySchemaSupportLib.inf
+  DfciPkg/Library/DfciVirtualizationSettings/DfciVirtualizationSettings.inf
 
   DfciPkg/SettingsManager/SettingsManagerDxe.inf {
         #Platform should add all it settings libs here
   <LibraryClasses>
         NULL|DfciPkg/Library/DfciSettingsLib/DfciSettingsLib.inf
+        NULL|DfciPkg/Library/DfciVirtualizationSettings/DfciVirtualizationSettings.inf
         DfciSettingPermissionLib|DfciPkg/Library/DfciSettingPermissionLib/DfciSettingPermissionLib.inf
   <PcdsFeatureFlag>
      gDfciPkgTokenSpaceGuid.PcdSettingsManagerInstallProvider|TRUE

diff --git a/DfciPkg/Library/DfciSettingPermissionLib/DfciSettingPermission.c b/DfciPkg/Library/DfciSettingPermissionLib/DfciSettingPermission.c
@@ -64,7 +64,7 @@ IN CONST DFCI_AUTH_TOKEN *AuthToken OPTIONAL
       return EFI_NOT_READY;
     }
 
-    //User is trying to reset.  Check if auth token is valid for this operation.   
+    //User is trying to reset.  Check if auth token is valid for this operation.
     // Permission is based on who can change the Owner Cert and/or who can do recovery.
     Status = HasWritePermissions(DFCI_SETTING_ID__OWNER_KEY, AuthToken, &CanChange);
     if (EFI_ERROR(Status))
@@ -86,7 +86,7 @@ IN CONST DFCI_AUTH_TOKEN *AuthToken OPTIONAL
       return EFI_ACCESS_DENIED;
     }
   }
- 
+
   DEBUG((DEBUG_INFO, "%a - Auth Token good.  Lets clear the permissions.\n", __FUNCTION__));
 
   // 1. Free existing PermissionStore
@@ -95,7 +95,7 @@ IN CONST DFCI_AUTH_TOKEN *AuthToken OPTIONAL
     FreePermissionStore(mPermStore);
     mPermStore = NULL;
   }
-  
+
   // 2. Set it to defaults which is all access to all settings
   Status = InitPermStore(&mPermStore);
   if (EFI_ERROR(Status))
@@ -161,8 +161,7 @@ OUT BOOLEAN                     *Result
     return Status;
   }
 
-
-  //2. set to default. 
+  //2. set to default.
   PMask = mPermStore->DefaultPMask;
 
   //3. Set PMask to specific value if in list
@@ -278,13 +277,15 @@ IdentityChange (
       Status  = AddRequiredPermissionEntry (mPermStore, DFCI_SETTING_ID__ZTD_KEY,      DFCI_IDENTITY_INVALID,    DFCI_PERMISSION_MASK__NONE);
     }
 
-    // 4. When an Owner is entrolled and the signer is ZTD:
+    // 4. When an Owner is enrolled and the signer is ZTD:
     if (Properties.Identity == DFCI_IDENTITY_SIGNER_ZTD)
     {
       //    a. Allow ZTD to UnEnroll.
       //    b. Allow ZTD to use hard reset Recovery
+      //    c. Remove SEMM recovery permission
       Status |= AddRequiredPermissionEntry (mPermStore, DFCI_SETTING_ID__ZTD_RECOVERY, DFCI_IDENTITY_SIGNER_ZTD, DFCI_PERMISSION_MASK__NONE);
       Status |= AddRequiredPermissionEntry (mPermStore, DFCI_SETTING_ID__ZTD_UNENROLL, DFCI_IDENTITY_SIGNER_ZTD, DFCI_PERMISSION_MASK__NONE);
+      Status |= AddRequiredPermissionEntry (mPermStore, DFCI_SETTING_ID__DFCI_RECOVERY, DFCI_PERMISSION_MASK__NONE, DFCI_PERMISSION_MASK__NONE);
       return EFI_SUCCESS;
     }