2 VFR file used by the SecureBoot configuration component.
4 Copyright (c) 2011 - 2013, Intel Corporation. All rights reserved.<BR>
5 This program and the accompanying materials
6 are licensed and made available under the terms and conditions of the BSD License
7 which accompanies this distribution. The full text of the license may be found at
8 http://opensource.org/licenses/bsd-license.php
10 THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
11 WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
15 #include "SecureBootConfigNvData.h"
18 guid = SECUREBOOT_CONFIG_FORM_SET_GUID,
19 title = STRING_TOKEN(STR_SECUREBOOT_TITLE),
20 help = STRING_TOKEN(STR_SECUREBOOT_HELP),
21 classguid = EFI_HII_PLATFORM_SETUP_FORMSET_GUID,
23 varstore SECUREBOOT_CONFIGURATION,
24 varid = SECUREBOOT_CONFIGURATION_VARSTORE_ID,
25 name = SECUREBOOT_CONFIGURATION,
26 guid = SECUREBOOT_CONFIG_FORM_SET_GUID;
29 // ##1 Form "Secure Boot Configuration"
31 form formid = SECUREBOOT_CONFIGURATION_FORM_ID,
32 title = STRING_TOKEN(STR_SECUREBOOT_TITLE);
34 subtitle text = STRING_TOKEN(STR_NULL);
37 help = STRING_TOKEN(STR_SECURE_BOOT_STATE_HELP),
38 text = STRING_TOKEN(STR_SECURE_BOOT_STATE_PROMPT),
39 text = STRING_TOKEN(STR_SECURE_BOOT_STATE_CONTENT);
42 // Define of Check Box: Attempt Secure Boot
45 checkbox varid = SECUREBOOT_CONFIGURATION.HideSecureBoot,
46 questionid = KEY_HIDE_SECURE_BOOT,
47 prompt = STRING_TOKEN(STR_NULL),
48 help = STRING_TOKEN(STR_NULL),
54 // Display of Check Box: Attempt Secure Boot
56 grayoutif ideqval SECUREBOOT_CONFIGURATION.HideSecureBoot == 1;
57 checkbox varid = SECUREBOOT_CONFIGURATION.AttemptSecureBoot,
58 questionid = KEY_SECURE_BOOT_ENABLE,
59 prompt = STRING_TOKEN(STR_SECURE_BOOT_PROMPT),
60 help = STRING_TOKEN(STR_SECURE_BOOT_HELP),
61 flags = INTERACTIVE | RESET_REQUIRED,
66 // Display of Oneof: 'Secure Boot Mode'
69 oneof varid = SECUREBOOT_CONFIGURATION.SecureBootMode,
70 prompt = STRING_TOKEN(STR_SECURE_BOOT_MODE_PROMPT),
71 help = STRING_TOKEN(STR_SECURE_BOOT_MODE_HELP),
73 option text = STRING_TOKEN(STR_STANDARD_MODE), value = SECURE_BOOT_MODE_STANDARD, flags = 0;
74 option text = STRING_TOKEN(STR_CUSTOM_MODE), value = SECURE_BOOT_MODE_CUSTOM, flags = 0;
77 oneof name = SecureBootMode,
78 questionid = KEY_SECURE_BOOT_MODE,
79 prompt = STRING_TOKEN(STR_SECURE_BOOT_MODE_PROMPT),
80 help = STRING_TOKEN(STR_SECURE_BOOT_MODE_HELP),
81 flags = INTERACTIVE | NUMERIC_SIZE_1,
82 option text = STRING_TOKEN(STR_STANDARD_MODE), value = SECURE_BOOT_MODE_STANDARD, flags = DEFAULT;
83 option text = STRING_TOKEN(STR_CUSTOM_MODE), value = SECURE_BOOT_MODE_CUSTOM, flags = 0;
88 // Display of 'Current Secure Boot Mode'
90 suppressif questionref(SecureBootMode) == SECURE_BOOT_MODE_STANDARD;
91 grayoutif NOT ideqval SECUREBOOT_CONFIGURATION.PhysicalPresent == 1;
92 goto FORMID_SECURE_BOOT_OPTION_FORM,
93 prompt = STRING_TOKEN(STR_SECURE_BOOT_OPTION),
94 help = STRING_TOKEN(STR_SECURE_BOOT_OPTION_HELP),
96 key = KEY_SECURE_BOOT_OPTION;
102 // ##2 Form: 'Custom Secure Boot Options'
104 form formid = FORMID_SECURE_BOOT_OPTION_FORM,
105 title = STRING_TOKEN(STR_SECURE_BOOT_OPTION_TITLE);
107 subtitle text = STRING_TOKEN(STR_NULL);
109 goto FORMID_SECURE_BOOT_PK_OPTION_FORM,
110 prompt = STRING_TOKEN(STR_SECURE_BOOT_PK_OPTION),
111 help = STRING_TOKEN(STR_SECURE_BOOT_PK_OPTION_HELP),
113 key = KEY_SECURE_BOOT_PK_OPTION;
115 subtitle text = STRING_TOKEN(STR_NULL);
117 goto FORMID_SECURE_BOOT_KEK_OPTION_FORM,
118 prompt = STRING_TOKEN(STR_SECURE_BOOT_KEK_OPTION),
119 help = STRING_TOKEN(STR_SECURE_BOOT_KEK_OPTION_HELP),
121 key = KEY_SECURE_BOOT_KEK_OPTION;
123 subtitle text = STRING_TOKEN(STR_NULL);
125 goto FORMID_SECURE_BOOT_DB_OPTION_FORM,
126 prompt = STRING_TOKEN(STR_SECURE_BOOT_DB_OPTION),
127 help = STRING_TOKEN(STR_SECURE_BOOT_DB_OPTION_HELP),
129 key = KEY_SECURE_BOOT_DB_OPTION;
131 subtitle text = STRING_TOKEN(STR_NULL);
133 goto FORMID_SECURE_BOOT_DBX_OPTION_FORM,
134 prompt = STRING_TOKEN(STR_SECURE_BOOT_DBX_OPTION),
135 help = STRING_TOKEN(STR_SECURE_BOOT_DBX_OPTION_HELP),
137 key = KEY_SECURE_BOOT_DBX_OPTION;
142 // ##3 Form: 'PK Options'
144 form formid = FORMID_SECURE_BOOT_PK_OPTION_FORM,
145 title = STRING_TOKEN(STR_SECURE_BOOT_PK_OPTION);
147 subtitle text = STRING_TOKEN(STR_NULL);
150 // Define of Check Box: 'Delete PK'
153 checkbox varid = SECUREBOOT_CONFIGURATION.DeletePk,
154 prompt = STRING_TOKEN(STR_NULL),
155 help = STRING_TOKEN(STR_NULL),
159 grayoutif ideqval SECUREBOOT_CONFIGURATION.HasPk == 1;
160 goto FORMID_ENROLL_PK_FORM,
161 prompt = STRING_TOKEN(STR_ENROLL_PK),
162 help = STRING_TOKEN(STR_ENROLL_PK_HELP),
167 subtitle text = STRING_TOKEN(STR_NULL);
170 // Display of Check Box: 'Delete Pk'
172 grayoutif ideqval SECUREBOOT_CONFIGURATION.HideSecureBoot == 1;
173 checkbox varid = SECUREBOOT_CONFIGURATION.DeletePk,
174 questionid = KEY_SECURE_BOOT_DELETE_PK,
175 prompt = STRING_TOKEN(STR_DELETE_PK),
176 help = STRING_TOKEN(STR_DELETE_PK_HELP),
177 flags = INTERACTIVE | RESET_REQUIRED,
183 // ##4 Form: 'Enroll PK'
185 form formid = FORMID_ENROLL_PK_FORM,
186 title = STRING_TOKEN(STR_ENROLL_PK);
188 subtitle text = STRING_TOKEN(STR_NULL);
190 goto FORM_FILE_EXPLORER_ID_PK,
191 prompt = STRING_TOKEN(STR_SECURE_BOOT_ENROLL_PK_FILE),
192 help = STRING_TOKEN(STR_SECURE_BOOT_ENROLL_PK_FILE),
194 key = SECUREBOOT_ADD_PK_FILE_FORM_ID;
198 // ##5 Form: 'KEK Options'
200 form formid = FORMID_SECURE_BOOT_KEK_OPTION_FORM,
201 title = STRING_TOKEN(STR_SECURE_BOOT_KEK_OPTION);
204 // Display of 'Enroll KEK'
206 goto FORMID_ENROLL_KEK_FORM,
207 prompt = STRING_TOKEN(STR_ENROLL_KEK),
208 help = STRING_TOKEN(STR_ENROLL_KEK_HELP),
211 subtitle text = STRING_TOKEN(STR_NULL);
214 // Display of 'Delete KEK'
216 goto FORMID_DELETE_KEK_FORM,
217 prompt = STRING_TOKEN(STR_DELETE_KEK),
218 help = STRING_TOKEN(STR_DELETE_KEK_HELP),
220 key = KEY_DELETE_KEK;
222 subtitle text = STRING_TOKEN(STR_NULL);
226 // ##6 Form: 'Enroll KEK'
228 form formid = FORMID_ENROLL_KEK_FORM,
229 title = STRING_TOKEN(STR_ENROLL_KEK_TITLE);
231 subtitle text = STRING_TOKEN(STR_NULL);
233 goto FORM_FILE_EXPLORER_ID_KEK,
234 prompt = STRING_TOKEN(STR_FORM_ENROLL_KEK_FROM_FILE_TITLE),
235 help = STRING_TOKEN(STR_FORM_ENROLL_KEK_FROM_FILE_TITLE_HELP),
237 key = FORMID_ENROLL_KEK_FORM;
239 subtitle text = STRING_TOKEN(STR_NULL);
240 label FORMID_ENROLL_KEK_FORM;
242 subtitle text = STRING_TOKEN(STR_NULL);
244 string varid = SECUREBOOT_CONFIGURATION.SignatureGuid,
245 prompt = STRING_TOKEN(STR_SECURE_BOOT_SIGNATURE_GUID),
246 help = STRING_TOKEN(STR_SECURE_BOOT_SIGNATURE_GUID_HELP),
248 key = KEY_SECURE_BOOT_KEK_GUID,
249 minsize = SECURE_BOOT_GUID_SIZE,
250 maxsize = SECURE_BOOT_GUID_SIZE,
253 subtitle text = STRING_TOKEN(STR_NULL);
254 subtitle text = STRING_TOKEN(STR_NULL);
256 goto FORMID_SECURE_BOOT_OPTION_FORM,
257 prompt = STRING_TOKEN(STR_SAVE_AND_EXIT),
258 help = STRING_TOKEN(STR_SAVE_AND_EXIT),
260 key = KEY_VALUE_SAVE_AND_EXIT_KEK;
262 goto FORMID_SECURE_BOOT_OPTION_FORM,
263 prompt = STRING_TOKEN(STR_NO_SAVE_AND_EXIT),
264 help = STRING_TOKEN(STR_NO_SAVE_AND_EXIT),
266 key = KEY_VALUE_NO_SAVE_AND_EXIT_KEK;
271 // ##7 Form: 'Delete KEK'
273 form formid = FORMID_DELETE_KEK_FORM,
274 title = STRING_TOKEN(STR_DELETE_KEK_TITLE);
276 label LABEL_KEK_DELETE;
279 subtitle text = STRING_TOKEN(STR_NULL);
284 // ##8 Form: 'DB Options'
286 form formid = FORMID_SECURE_BOOT_DB_OPTION_FORM,
287 title = STRING_TOKEN(STR_SECURE_BOOT_DB_OPTION);
289 subtitle text = STRING_TOKEN(STR_NULL);
291 goto SECUREBOOT_ENROLL_SIGNATURE_TO_DB,
292 prompt = STRING_TOKEN (STR_SECURE_BOOT_ENROLL_SIGNATURE),
293 help = STRING_TOKEN (STR_SECURE_BOOT_ENROLL_SIGNATURE),
296 subtitle text = STRING_TOKEN(STR_NULL);
298 goto SECUREBOOT_DELETE_SIGNATURE_FROM_DB,
299 prompt = STRING_TOKEN (STR_SECURE_BOOT_DELETE_SIGNATURE),
300 help = STRING_TOKEN (STR_SECURE_BOOT_DELETE_SIGNATURE),
302 key = SECUREBOOT_DELETE_SIGNATURE_FROM_DB;
307 // ##9 Form: 'DBX Options'
309 form formid = FORMID_SECURE_BOOT_DBX_OPTION_FORM,
310 title = STRING_TOKEN(STR_SECURE_BOOT_DBX_OPTION);
312 subtitle text = STRING_TOKEN(STR_NULL);
314 goto SECUREBOOT_ENROLL_SIGNATURE_TO_DBX,
315 prompt = STRING_TOKEN (STR_SECURE_BOOT_ENROLL_SIGNATURE),
316 help = STRING_TOKEN (STR_SECURE_BOOT_ENROLL_SIGNATURE),
319 subtitle text = STRING_TOKEN(STR_NULL);
321 goto SECUREBOOT_DELETE_SIGNATURE_FROM_DBX,
322 prompt = STRING_TOKEN (STR_SECURE_BOOT_DELETE_SIGNATURE),
323 help = STRING_TOKEN (STR_SECURE_BOOT_DELETE_SIGNATURE),
325 key = SECUREBOOT_DELETE_SIGNATURE_FROM_DBX;
330 // Form: 'Delete Signature' for DB Options.
332 form formid = SECUREBOOT_DELETE_SIGNATURE_FROM_DB,
333 title = STRING_TOKEN(STR_SECURE_BOOT_DELETE_SIGNATURE);
335 label LABEL_DB_DELETE;
337 subtitle text = STRING_TOKEN(STR_NULL);
342 // Form: 'Delete Signature' for DBX Options.
344 form formid = SECUREBOOT_DELETE_SIGNATURE_FROM_DBX,
345 title = STRING_TOKEN(STR_SECURE_BOOT_DELETE_SIGNATURE);
347 label LABEL_DBX_DELETE;
349 subtitle text = STRING_TOKEN(STR_NULL);
354 // Form: 'Enroll Signature' for DB options.
356 form formid = SECUREBOOT_ENROLL_SIGNATURE_TO_DB,
357 title = STRING_TOKEN(STR_SECURE_BOOT_ENROLL_SIGNATURE);
359 subtitle text = STRING_TOKEN(STR_NULL);
361 goto FORM_FILE_EXPLORER_ID_DB,
362 prompt = STRING_TOKEN(STR_SECURE_BOOT_ADD_SIGNATURE_FILE),
363 help = STRING_TOKEN(STR_SECURE_BOOT_ADD_SIGNATURE_FILE),
365 key = SECUREBOOT_ENROLL_SIGNATURE_TO_DB;
367 subtitle text = STRING_TOKEN(STR_NULL);
368 label SECUREBOOT_ENROLL_SIGNATURE_TO_DB;
370 subtitle text = STRING_TOKEN(STR_NULL);
372 string varid = SECUREBOOT_CONFIGURATION.SignatureGuid,
373 prompt = STRING_TOKEN(STR_SECURE_BOOT_SIGNATURE_GUID),
374 help = STRING_TOKEN(STR_SECURE_BOOT_SIGNATURE_GUID_HELP),
376 key = KEY_SECURE_BOOT_SIGNATURE_GUID_DB,
377 minsize = SECURE_BOOT_GUID_SIZE,
378 maxsize = SECURE_BOOT_GUID_SIZE,
381 subtitle text = STRING_TOKEN(STR_NULL);
382 subtitle text = STRING_TOKEN(STR_NULL);
384 goto FORMID_SECURE_BOOT_OPTION_FORM,
385 prompt = STRING_TOKEN(STR_SAVE_AND_EXIT),
386 help = STRING_TOKEN(STR_SAVE_AND_EXIT),
388 key = KEY_VALUE_SAVE_AND_EXIT_DB;
390 goto FORMID_SECURE_BOOT_OPTION_FORM,
391 prompt = STRING_TOKEN(STR_NO_SAVE_AND_EXIT),
392 help = STRING_TOKEN(STR_NO_SAVE_AND_EXIT),
394 key = KEY_VALUE_NO_SAVE_AND_EXIT_DB;
399 // Form: 'Enroll Signature' for DBX options.
401 form formid = SECUREBOOT_ENROLL_SIGNATURE_TO_DBX,
402 title = STRING_TOKEN(STR_SECURE_BOOT_ENROLL_SIGNATURE);
404 subtitle text = STRING_TOKEN(STR_NULL);
406 goto FORM_FILE_EXPLORER_ID_DBX,
407 prompt = STRING_TOKEN(STR_SECURE_BOOT_ADD_SIGNATURE_FILE),
408 help = STRING_TOKEN(STR_SECURE_BOOT_ADD_SIGNATURE_FILE),
410 key = SECUREBOOT_ENROLL_SIGNATURE_TO_DBX;
412 subtitle text = STRING_TOKEN(STR_NULL);
413 label SECUREBOOT_ENROLL_SIGNATURE_TO_DBX;
415 subtitle text = STRING_TOKEN(STR_NULL);
417 string varid = SECUREBOOT_CONFIGURATION.SignatureGuid,
418 prompt = STRING_TOKEN(STR_SECURE_BOOT_SIGNATURE_GUID),
419 help = STRING_TOKEN(STR_SECURE_BOOT_SIGNATURE_GUID_HELP),
421 key = KEY_SECURE_BOOT_SIGNATURE_GUID_DBX,
422 minsize = SECURE_BOOT_GUID_SIZE,
423 maxsize = SECURE_BOOT_GUID_SIZE,
426 subtitle text = STRING_TOKEN(STR_NULL);
427 subtitle text = STRING_TOKEN(STR_NULL);
429 goto FORMID_SECURE_BOOT_OPTION_FORM,
430 prompt = STRING_TOKEN(STR_SAVE_AND_EXIT),
431 help = STRING_TOKEN(STR_SAVE_AND_EXIT),
433 key = KEY_VALUE_SAVE_AND_EXIT_DBX;
435 goto FORMID_SECURE_BOOT_OPTION_FORM,
436 prompt = STRING_TOKEN(STR_NO_SAVE_AND_EXIT),
437 help = STRING_TOKEN(STR_NO_SAVE_AND_EXIT),
439 key = KEY_VALUE_NO_SAVE_AND_EXIT_DBX;
444 // File Explorer for PK
446 form formid = FORM_FILE_EXPLORER_ID_PK,
447 title = STRING_TOKEN(STR_FILE_EXPLORER_TITLE);
449 label FORM_FILE_EXPLORER_ID;
454 // File Explorer for KEK
456 form formid = FORM_FILE_EXPLORER_ID_KEK,
457 title = STRING_TOKEN(STR_FILE_EXPLORER_TITLE);
459 label FORM_FILE_EXPLORER_ID;
464 // File Explorer for DB
466 form formid = FORM_FILE_EXPLORER_ID_DB,
467 title = STRING_TOKEN(STR_FILE_EXPLORER_TITLE);
469 label FORM_FILE_EXPLORER_ID;
474 // File Explorer for DBX
476 form formid = FORM_FILE_EXPLORER_ID_DBX,
477 title = STRING_TOKEN(STR_FILE_EXPLORER_TITLE);
479 label FORM_FILE_EXPLORER_ID;
485 // Enroll Pk from File Commit Form
487 form formid = SECUREBOOT_ADD_PK_FILE_FORM_ID,
488 title = STRING_TOKEN(STR_SAVE_PK_FILE);
490 label SECUREBOOT_ADD_PK_FILE_FORM_ID;
493 subtitle text = STRING_TOKEN(STR_NULL);
496 help = STRING_TOKEN(STR_SAVE_AND_EXIT),
497 text = STRING_TOKEN(STR_SAVE_AND_EXIT),
498 text = STRING_TOKEN(STR_NULL),
500 key = KEY_VALUE_SAVE_AND_EXIT_PK;
503 help = STRING_TOKEN(STR_NO_SAVE_AND_EXIT),
504 text = STRING_TOKEN(STR_NO_SAVE_AND_EXIT),
505 text = STRING_TOKEN(STR_NULL),
507 key = KEY_VALUE_NO_SAVE_AND_EXIT_PK;