+ grayoutif ideqval SECUREBOOT_CONFIGURATION.FileEnrollType == 3;\r
+ string varid = SECUREBOOT_CONFIGURATION.SignatureGuid,\r
+ prompt = STRING_TOKEN(STR_SECURE_BOOT_SIGNATURE_GUID),\r
+ help = STRING_TOKEN(STR_SECURE_BOOT_SIGNATURE_GUID_HELP),\r
+ flags = INTERACTIVE,\r
+ key = KEY_SECURE_BOOT_SIGNATURE_GUID_DBX,\r
+ minsize = SECURE_BOOT_GUID_SIZE,\r
+ maxsize = SECURE_BOOT_GUID_SIZE,\r
+ endstring;\r
+ endif;\r
+\r
+ disableif NOT ideqval SECUREBOOT_CONFIGURATION.FileEnrollType == 1;\r
+ oneof name = X509SignatureFormatInDbx,\r
+ varid = SECUREBOOT_CONFIGURATION.CertificateFormat,\r
+ prompt = STRING_TOKEN(STR_DBX_CERTIFICATE_FORMAT_PROMPT),\r
+ help = STRING_TOKEN(STR_DBX_CERTIFICATE_FORMAT_HELP),\r
+ option text = STRING_TOKEN(STR_DBX_CERTIFICATE_FORMAT_SHA256), value = 0x1, flags = DEFAULT;\r
+ option text = STRING_TOKEN(STR_DBX_CERTIFICATE_FORMAT_SHA384), value = 0x2, flags = 0;\r
+ option text = STRING_TOKEN(STR_DBX_CERTIFICATE_FORMAT_SHA512), value = 0x3, flags = 0;\r
+ option text = STRING_TOKEN(STR_DBX_CERTIFICATE_FORMAT_RAW), value = 0x4, flags = 0;\r
+ endoneof;\r
+ endif;\r
+\r
+ disableif NOT ideqval SECUREBOOT_CONFIGURATION.FileEnrollType == 2;\r
+ text\r
+ help = STRING_TOKEN(STR_DBX_PE_IMAGE_FORMAT_HELP), // Help string\r
+ text = STRING_TOKEN(STR_DBX_CERTIFICATE_FORMAT_PROMPT), // Prompt string\r
+ text = STRING_TOKEN(STR_DBX_PE_FORMAT_SHA256); // PE image type\r
+ endif;\r
+\r
+ disableif NOT ideqval SECUREBOOT_CONFIGURATION.FileEnrollType == 3;\r
+ text\r
+ help = STRING_TOKEN(STR_DBX_AUTH_2_FORMAT_HELP), // Help string\r
+ text = STRING_TOKEN(STR_DBX_CERTIFICATE_FORMAT_PROMPT), // Prompt string\r
+ text = STRING_TOKEN(STR_DBX_AUTH_2_FORMAT); // AUTH_2 image type\r
+ endif;\r
+\r
+ suppressif ideqval SECUREBOOT_CONFIGURATION.CertificateFormat == 4;\r
+ checkbox varid = SECUREBOOT_CONFIGURATION.AlwaysRevocation,\r
+ prompt = STRING_TOKEN(STR_ALWAYS_CERTIFICATE_REVOCATION_PROMPT),\r
+ help = STRING_TOKEN(STR_ALWAYS_CERTIFICATE_REVOCATION_HELP),\r
+ flags = INTERACTIVE,\r
+ endcheckbox;\r
+\r
+ suppressif ideqval SECUREBOOT_CONFIGURATION.AlwaysRevocation == 1;\r
+ date varid = SECUREBOOT_CONFIGURATION.RevocationDate,\r
+ prompt = STRING_TOKEN(STR_CERTIFICATE_REVOCATION_DATE_PROMPT),\r
+ help = STRING_TOKEN(STR_CERTIFICATE_REVOCATION_DATE_HELP),\r
+ flags = STORAGE_NORMAL,\r
+ enddate;\r
+\r
+ time varid = SECUREBOOT_CONFIGURATION.RevocationTime,\r
+ prompt = STRING_TOKEN(STR_CERTIFICATE_REVOCATION_TIME_PROMPT),\r
+ help = STRING_TOKEN(STR_CERTIFICATE_REVOCATION_TIME_HELP),\r
+ flags = STORAGE_NORMAL,\r
+ endtime;\r
+ endif;\r
+ endif;\r