DasharoModulePkg/Application/SovereignBootWizard: Display launch reasons

Signed-off-by: Michał Żygowski <[email protected]>

Author: miczyg1

DasharoModulePkg/Application/SovereignBootWizard/SovereignBootWizard.c

@@ -457,6 +457,7 @@ SovereignBootWizardInit (
   EFI_DEVICE_PATH_TO_TEXT_PROTOCOL       *DevPathToText;
   CHAR16                                 *NewString;
   EFI_HANDLE                             AppHandle;
+  EFI_FORM_ID                            FormId;
 
   NewString = NULL;
   AppHandle = NULL;
@@ -630,9 +631,9 @@ SovereignBootWizardInit (
       ConfigData->AppLaunchCause = SV_BOOT_LAUNCH_BOOT_WITH_DEFAULT_SETTINGS;
     }
   } else {
-    // If not provisioned, the launch cause can only be undefined or boot with defaults
+    // If not provisioned, the launch cause can not be verification failure
     if (!SvConfig->SvBootProvisioned &&
-        ConfigData->AppLaunchCause >= SV_BOOT_LAUNCH_IMAGE_VERIFICATION_FAILED)
+        ConfigData->AppLaunchCause == SV_BOOT_LAUNCH_IMAGE_VERIFICATION_FAILED)
     {
       ConfigData->AppLaunchCause = SV_BOOT_LAUNCH_BOOT_WITH_DEFAULT_SETTINGS;
     }
@@ -643,6 +644,31 @@ SovereignBootWizardInit (
     ConfigData->AppLaunchCause = SV_BOOT_LAUNCH_BOOT_WITH_DEFAULT_SETTINGS;
   }
 
+  switch (ConfigData->AppLaunchCause) {
+  case SV_BOOT_LAUNCH_BOOT_WITH_DEFAULT_SETTINGS:
+    NewString = HiiGetString(HiiHandle, STRING_TOKEN (STR_LAUNCH_CAUSE_DEFAULT_SETTINGS), NULL);
+    break;
+  case SV_BOOT_LAUNCH_IMAGE_VERIFICATION_FAILED:
+    // Override the "do not trust key" to avoid displaying "next bootloader"
+    NewString = HiiGetString(HiiHandle, STRING_TOKEN (STR_DO_NOT_TRUST_KEY2), NULL);
+    if (NewString != NULL) {
+      HiiSetString(HiiHandle, STRING_TOKEN (STR_DO_NOT_TRUST_KEY), NewString, NULL);
+    }
+
+    NewString = HiiGetString(HiiHandle, STRING_TOKEN (STR_LAUNCH_CAUSE_VERIFICATION_FAILED), NULL);
+    break;
+  case SV_BOOT_LAUNCH_VIA_SETUP:
+    NewString = HiiGetString(HiiHandle, STRING_TOKEN (STR_LAUNCH_CAUSE_SETUP), NULL);
+    break;
+  default:
+    NewString = NULL;
+    break;
+  }
+
+  if (NewString != NULL) {
+    HiiSetString(HiiHandle, STRING_TOKEN (STR_LAUNCH_REASON), NewString, NULL);
+  }
+
   //
   // Override Hotkeys, F9 and F10 won't be needed by this application
   //
@@ -655,6 +681,16 @@ SovereignBootWizardInit (
     FormBrowserEx2->RegisterHotKey (&HotKey, 0, 0, NULL);
   }
 
+  if (SvConfig->SvBootProvisioned) {
+    if (ConfigData->AppLaunchCause == SV_BOOT_LAUNCH_IMAGE_VERIFICATION_FAILED) {
+      FormId = SOVEREIGN_BOOT_WIZARD_CONFIG_FORM_ID;
+    } else {
+      FormId = SOVEREIGN_BOOT_WIZARD_INTERACTIVE_MODE_FORM_ID;
+    }
+  } else {
+    FormId = SOVEREIGN_BOOT_WIZARD_WELCOME_FORM_ID;
+  }
+
   //
   // turn off the watchdog timer
   //
@@ -666,9 +702,7 @@ SovereignBootWizardInit (
                             &HiiHandle,
                             1,
                             &gSovereignBootWizardFormSetGuid,
-                            SvConfig->SvBootProvisioned ?
-                              SOVEREIGN_BOOT_WIZARD_INTERACTIVE_MODE_FORM_ID :
-                              SOVEREIGN_BOOT_WIZARD_WELCOME_FORM_ID,
+                            FormId,
                             NULL,
                             NULL
                             );

DasharoModulePkg/Application/SovereignBootWizard/SovereignBootWizardVfr.vfr

@@ -43,6 +43,9 @@ formset
        title  = STRING_TOKEN(STR_FORM1_TITLE);
 
     subtitle text = STRING_TOKEN(STR_WELCOME_SUBTITLE);
+    subtitle text = STRING_TOKEN(STR_EMPTY_STRING);
+    subtitle text = STRING_TOKEN(STR_LAUNCH_REASON);
+    subtitle text = STRING_TOKEN(STR_WELCOME_PROMPT);
 
     // Empty text field so that none of the options are
     // highlighted/selected by default.
@@ -92,8 +95,13 @@ formset
   form formid = SOVEREIGN_BOOT_WIZARD_CONFIG_FORM_ID,
        title  = STRING_TOKEN(STR_FORM2_TITLE);
 
+  disableif ideqval SvBootData.AppLaunchCause == SV_BOOT_LAUNCH_IMAGE_VERIFICATION_FAILED;
     subtitle text = STRING_TOKEN(STR_CONFIG_SUBTITLE);
     subtitle text = STRING_TOKEN(STR_EMPTY_STRING);
+  endif;
+  disableif NOT ideqval SvBootData.AppLaunchCause == SV_BOOT_LAUNCH_IMAGE_VERIFICATION_FAILED;
+    subtitle text = STRING_TOKEN(STR_LAUNCH_REASON);
+  endif;
 
     subtitle text = STRING_TOKEN(STR_BOOTOPT_DESCRIPTION);
     subtitle text = STRING_TOKEN(STR_HW_PATH);
@@ -118,11 +126,13 @@ formset
       flags  = INTERACTIVE,
       key    = TRUST_KEY_AND_BOOT_FORM2_QUESTION_ID;
 
+  disableif ideqval SvBootData.AppLaunchCause == SV_BOOT_LAUNCH_IMAGE_VERIFICATION_FAILED;
     text
       help   = STRING_TOKEN(STR_EMPTY_STRING),
       text   = STRING_TOKEN(STR_TRUST_KEY),
       flags  = INTERACTIVE,
       key    = TRUST_KEY_FORM2_QUESTION_ID;
+  endif;
 
     text
       help   = STRING_TOKEN(STR_EMPTY_STRING),
@@ -153,8 +163,8 @@ formset
         title  = STRING_TOKEN(STR_FORM9_TITLE);
 
     subtitle text = STRING_TOKEN(STR_INTERACTIVE_MODE_SUBTITLE);
-
     subtitle text = STRING_TOKEN(STR_EMPTY_STRING);
+    subtitle text = STRING_TOKEN(STR_LAUNCH_REASON);
 
     text
       help   = STRING_TOKEN(STR_EMPTY_STRING),

DasharoModulePkg/Application/SovereignBootWizard/SovereignBootWizardVfrStrings.uni

@@ -28,10 +28,19 @@
 #string FUNCTION_NINE_STRING                     #language en-US  "F9=Reset to Defaults"
 #string FUNCTION_TEN_STRING                      #language en-US  "F10=Save"
 
+
+// Application launch causes
+#string STR_LAUNCH_REASON                        #language en-US "\n"
+#string STR_LAUNCH_CAUSE_DEFAULT_SETTINGS        #language en-US "You see this window because you are booting for the first time or restored default system settings.\n\n"
+#string STR_LAUNCH_CAUSE_SETUP                   #language en-US "You see this window because you have explicitly requested to launch the Wizard via system setup.\n"
+                                                                 "If you ended up here by mistake, please exit the application to avoid making changes to your system configuration.\n\n"
+#string STR_LAUNCH_CAUSE_VERIFICATION_FAILED     #language en-US "You see this window because the system attempted to boot an untrusted image.\n\n"
+
 // Welcome page strings
 #string STR_FORM1_TITLE                          #language en-US "Sovereign Boot Provisioning Wizard"
-#string STR_WELCOME_SUBTITLE                     #language en-US "Welcome to Sovereign Boot Provisioning Wizard!\n\n"
-                                                                 "Please select the UEFI Secure Boot scheme you would like to use:"
+#string STR_WELCOME_SUBTITLE                     #language en-US "Welcome to Sovereign Boot Provisioning Wizard!\n"
+#string STR_WELCOME_PROMPT                       #language en-US "The Wizard will assist in setting up the UEFI Secure Boot feature. "
+                                                                 "Please select the UEFI Secure Boot scheme you would like to use:\n"
 
 #string STR_SELECT_SOVEREIGN_BOOT                #language en-US "Sovereign Boot"
 #string STR_SELECT_SOVEREIGN_BOOT_HELP           #language en-US ""
@@ -42,12 +51,12 @@
 #string STR_SELECT_DEFAULT_SECURE_BOOT_HELP      #language en-US ""
 #string STR_MS_SECURE_BOOT_FEATURES              #language en-US "* Trust firmware's default certificates\n"
                                                                  "* Compatible with common operating systems\n"
-                                                                 "* Does not modify current Secure Boot settings"
+                                                                 "* Enrolls firmware's default Secure Boot keys"
 
 // Configuration page strings
 #string STR_FORM2_TITLE                          #language en-US "Sovereign Boot Provisioning Wizard"
 
-#string STR_CONFIG_SUBTITLE                      #language en-US "A new bootloader key has been detected."
+#string STR_CONFIG_SUBTITLE                      #language en-US "A new bootloader/key has been detected."
 
 #string STR_BOOTOPT_DESCRIPTION                  #language en-US "Description: "
 #string STR_HW_PATH                              #language en-US "Hardware path: "
@@ -57,8 +66,9 @@
 #string STR_TRUST_QUESTION                       #language en-US "Do you want to trust this key/image and continue booting?"
 
 #string STR_DO_NOT_TRUST_KEY                     #language en-US "[Do NOT trust, next key/bootloader]"
-#string STR_TRUST_KEY_AND_BOOT                   #language en-US "[Trust this key and boot]"
-#string STR_TRUST_KEY                            #language en-US "[Trust this key, next key/bootloader]"
+#string STR_DO_NOT_TRUST_KEY2                    #language en-US "[Do NOT trust]"
+#string STR_TRUST_KEY_AND_BOOT                   #language en-US "[Trust this key/image and boot]"
+#string STR_TRUST_KEY                            #language en-US "[Trust this key/image, next key/bootloader]"
 #string STR_SHOW_KEY_DETAILS                     #language en-US "[Show key/certificate details]"
 
 // Interactive mode strings