/** @file\r
VFR file used by the SecureBoot configuration component.\r
\r
-Copyright (c) 2011 - 2013, Intel Corporation. All rights reserved.<BR>\r
-This program and the accompanying materials \r
-are licensed and made available under the terms and conditions of the BSD License \r
-which accompanies this distribution. The full text of the license may be found at \r
+Copyright (c) 2011 - 2014, Intel Corporation. All rights reserved.<BR>\r
+This program and the accompanying materials\r
+are licensed and made available under the terms and conditions of the BSD License\r
+which accompanies this distribution. The full text of the license may be found at\r
http://opensource.org/licenses/bsd-license.php\r
\r
-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, \r
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,\r
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
\r
**/\r
varid = SECUREBOOT_CONFIGURATION_VARSTORE_ID,\r
name = SECUREBOOT_CONFIGURATION,\r
guid = SECUREBOOT_CONFIG_FORM_SET_GUID;\r
- \r
+\r
//\r
// ##1 Form "Secure Boot Configuration"\r
//\r
help = STRING_TOKEN(STR_SECURE_BOOT_STATE_HELP),\r
text = STRING_TOKEN(STR_SECURE_BOOT_STATE_PROMPT),\r
text = STRING_TOKEN(STR_SECURE_BOOT_STATE_CONTENT);\r
- \r
+\r
//\r
// Define of Check Box: Attempt Secure Boot\r
//\r
help = STRING_TOKEN(STR_NULL),\r
flags = INTERACTIVE,\r
endcheckbox;\r
- endif; \r
- \r
+ endif;\r
+\r
//\r
// Display of Check Box: Attempt Secure Boot\r
//\r
flags = INTERACTIVE | RESET_REQUIRED,\r
endcheckbox;\r
endif;\r
- \r
+\r
//\r
// Display of Oneof: 'Secure Boot Mode'\r
//\r
- oneof varid = SECUREBOOT_CONFIGURATION.SecureBootMode,\r
- questionid = KEY_SECURE_BOOT_MODE, \r
- prompt = STRING_TOKEN(STR_SECURE_BOOT_MODE_PROMPT),\r
- help = STRING_TOKEN(STR_SECURE_BOOT_MODE_HELP),\r
- flags = INTERACTIVE,\r
- option text = STRING_TOKEN(STR_STANDARD_MODE), value = SECURE_BOOT_MODE_STANDARD, flags = DEFAULT;\r
- option text = STRING_TOKEN(STR_CUSTOM_MODE), value = SECURE_BOOT_MODE_CUSTOM, flags = 0;\r
- endoneof;\r
- \r
+ disableif TRUE;\r
+ oneof varid = SECUREBOOT_CONFIGURATION.SecureBootMode,\r
+ prompt = STRING_TOKEN(STR_SECURE_BOOT_MODE_PROMPT),\r
+ help = STRING_TOKEN(STR_SECURE_BOOT_MODE_HELP),\r
+ flags = INTERACTIVE,\r
+ option text = STRING_TOKEN(STR_STANDARD_MODE), value = SECURE_BOOT_MODE_STANDARD, flags = 0;\r
+ option text = STRING_TOKEN(STR_CUSTOM_MODE), value = SECURE_BOOT_MODE_CUSTOM, flags = 0;\r
+ endoneof;\r
+ endif;\r
+ oneof name = SecureBootMode,\r
+ questionid = KEY_SECURE_BOOT_MODE,\r
+ prompt = STRING_TOKEN(STR_SECURE_BOOT_MODE_PROMPT),\r
+ help = STRING_TOKEN(STR_SECURE_BOOT_MODE_HELP),\r
+ flags = INTERACTIVE | NUMERIC_SIZE_1,\r
+ option text = STRING_TOKEN(STR_STANDARD_MODE), value = SECURE_BOOT_MODE_STANDARD, flags = DEFAULT;\r
+ option text = STRING_TOKEN(STR_CUSTOM_MODE), value = SECURE_BOOT_MODE_CUSTOM, flags = 0;\r
+ endoneof;\r
+\r
//\r
//\r
// Display of 'Current Secure Boot Mode'\r
//\r
- suppressif ideqval SECUREBOOT_CONFIGURATION.SecureBootMode == SECURE_BOOT_MODE_STANDARD;\r
+ suppressif questionref(SecureBootMode) == SECURE_BOOT_MODE_STANDARD;\r
grayoutif NOT ideqval SECUREBOOT_CONFIGURATION.PhysicalPresent == 1;\r
goto FORMID_SECURE_BOOT_OPTION_FORM,\r
prompt = STRING_TOKEN(STR_SECURE_BOOT_OPTION),\r
endif;\r
endif;\r
endform;\r
- \r
+\r
//\r
// ##2 Form: 'Custom Secure Boot Options'\r
//\r
form formid = FORMID_SECURE_BOOT_OPTION_FORM,\r
title = STRING_TOKEN(STR_SECURE_BOOT_OPTION_TITLE);\r
- \r
+\r
subtitle text = STRING_TOKEN(STR_NULL);\r
- \r
+\r
goto FORMID_SECURE_BOOT_PK_OPTION_FORM,\r
prompt = STRING_TOKEN(STR_SECURE_BOOT_PK_OPTION),\r
help = STRING_TOKEN(STR_SECURE_BOOT_PK_OPTION_HELP),\r
flags = INTERACTIVE,\r
key = KEY_SECURE_BOOT_PK_OPTION;\r
- \r
+\r
subtitle text = STRING_TOKEN(STR_NULL);\r
- \r
+\r
goto FORMID_SECURE_BOOT_KEK_OPTION_FORM,\r
prompt = STRING_TOKEN(STR_SECURE_BOOT_KEK_OPTION),\r
help = STRING_TOKEN(STR_SECURE_BOOT_KEK_OPTION_HELP),\r
flags = INTERACTIVE,\r
key = KEY_SECURE_BOOT_KEK_OPTION;\r
- \r
+\r
subtitle text = STRING_TOKEN(STR_NULL);\r
- \r
+\r
goto FORMID_SECURE_BOOT_DB_OPTION_FORM,\r
prompt = STRING_TOKEN(STR_SECURE_BOOT_DB_OPTION),\r
help = STRING_TOKEN(STR_SECURE_BOOT_DB_OPTION_HELP),\r
flags = INTERACTIVE,\r
key = KEY_SECURE_BOOT_DB_OPTION;\r
- \r
+\r
subtitle text = STRING_TOKEN(STR_NULL);\r
- \r
+\r
goto FORMID_SECURE_BOOT_DBX_OPTION_FORM,\r
prompt = STRING_TOKEN(STR_SECURE_BOOT_DBX_OPTION),\r
help = STRING_TOKEN(STR_SECURE_BOOT_DBX_OPTION_HELP),\r
flags = INTERACTIVE,\r
key = KEY_SECURE_BOOT_DBX_OPTION;\r
\r
+ subtitle text = STRING_TOKEN(STR_NULL);\r
+\r
+ goto FORMID_SECURE_BOOT_DBT_OPTION_FORM,\r
+ prompt = STRING_TOKEN(STR_SECURE_BOOT_DBT_OPTION),\r
+ help = STRING_TOKEN(STR_SECURE_BOOT_DBT_OPTION_HELP),\r
+ flags = INTERACTIVE,\r
+ key = KEY_SECURE_BOOT_DBT_OPTION;\r
+\r
endform;\r
- \r
+\r
//\r
// ##3 Form: 'PK Options'\r
//\r
form formid = FORMID_SECURE_BOOT_PK_OPTION_FORM,\r
title = STRING_TOKEN(STR_SECURE_BOOT_PK_OPTION);\r
- \r
+\r
subtitle text = STRING_TOKEN(STR_NULL);\r
- \r
+\r
//\r
// Define of Check Box: 'Delete PK'\r
//\r
help = STRING_TOKEN(STR_NULL),\r
endcheckbox;\r
endif;\r
- \r
+\r
grayoutif ideqval SECUREBOOT_CONFIGURATION.HasPk == 1;\r
goto FORMID_ENROLL_PK_FORM,\r
prompt = STRING_TOKEN(STR_ENROLL_PK),\r
flags = INTERACTIVE,\r
key = KEY_ENROLL_PK;\r
endif;\r
- \r
+\r
subtitle text = STRING_TOKEN(STR_NULL);\r
- \r
+\r
//\r
- // Display of Check Box: 'Delete Pk' \r
+ // Display of Check Box: 'Delete Pk'\r
//\r
grayoutif ideqval SECUREBOOT_CONFIGURATION.HideSecureBoot == 1;\r
checkbox varid = SECUREBOOT_CONFIGURATION.DeletePk,\r
questionid = KEY_SECURE_BOOT_DELETE_PK,\r
- prompt = STRING_TOKEN(STR_DELETE_PK), \r
+ prompt = STRING_TOKEN(STR_DELETE_PK),\r
help = STRING_TOKEN(STR_DELETE_PK_HELP),\r
flags = INTERACTIVE | RESET_REQUIRED,\r
endcheckbox;\r
endif;\r
endform;\r
- \r
+\r
//\r
// ##4 Form: 'Enroll PK'\r
//\r
form formid = FORMID_ENROLL_PK_FORM,\r
title = STRING_TOKEN(STR_ENROLL_PK);\r
- \r
+\r
subtitle text = STRING_TOKEN(STR_NULL);\r
\r
goto FORM_FILE_EXPLORER_ID_PK,\r
flags = INTERACTIVE,\r
key = SECUREBOOT_ADD_PK_FILE_FORM_ID;\r
endform;\r
- \r
+\r
//\r
// ##5 Form: 'KEK Options'\r
//\r
title = STRING_TOKEN(STR_SECURE_BOOT_KEK_OPTION);\r
\r
//\r
- // Display of 'Enroll KEK' \r
+ // Display of 'Enroll KEK'\r
//\r
goto FORMID_ENROLL_KEK_FORM,\r
prompt = STRING_TOKEN(STR_ENROLL_KEK),\r
help = STRING_TOKEN(STR_ENROLL_KEK_HELP),\r
flags = INTERACTIVE;\r
- \r
- subtitle text = STRING_TOKEN(STR_NULL); \r
- \r
+\r
+ subtitle text = STRING_TOKEN(STR_NULL);\r
+\r
//\r
- // Display of 'Delete KEK' \r
+ // Display of 'Delete KEK'\r
//\r
goto FORMID_DELETE_KEK_FORM,\r
prompt = STRING_TOKEN(STR_DELETE_KEK),\r
help = STRING_TOKEN(STR_DELETE_KEK_HELP),\r
flags = INTERACTIVE,\r
key = KEY_DELETE_KEK;\r
- \r
- subtitle text = STRING_TOKEN(STR_NULL); \r
+\r
+ subtitle text = STRING_TOKEN(STR_NULL);\r
endform;\r
\r
//\r
- // ##6 Form: 'Enroll KEK' \r
+ // ##6 Form: 'Enroll KEK'\r
//\r
form formid = FORMID_ENROLL_KEK_FORM,\r
title = STRING_TOKEN(STR_ENROLL_KEK_TITLE);\r
help = STRING_TOKEN(STR_SAVE_AND_EXIT),\r
flags = INTERACTIVE,\r
key = KEY_VALUE_SAVE_AND_EXIT_KEK;\r
- \r
+\r
goto FORMID_SECURE_BOOT_OPTION_FORM,\r
prompt = STRING_TOKEN(STR_NO_SAVE_AND_EXIT),\r
help = STRING_TOKEN(STR_NO_SAVE_AND_EXIT),\r
\r
//\r
// ##7 Form: 'Delete KEK'\r
- // \r
+ //\r
form formid = FORMID_DELETE_KEK_FORM,\r
title = STRING_TOKEN(STR_DELETE_KEK_TITLE);\r
\r
label LABEL_KEK_DELETE;\r
label LABEL_END;\r
- \r
+\r
subtitle text = STRING_TOKEN(STR_NULL);\r
- \r
+\r
endform;\r
\r
//\r
help = STRING_TOKEN (STR_SECURE_BOOT_DELETE_SIGNATURE),\r
flags = INTERACTIVE,\r
key = SECUREBOOT_DELETE_SIGNATURE_FROM_DB;\r
- \r
+\r
endform;\r
\r
//\r
\r
endform;\r
\r
+ //\r
+ // ##9 Form: 'DBT Options'\r
+ //\r
+ form formid = FORMID_SECURE_BOOT_DBT_OPTION_FORM,\r
+ title = STRING_TOKEN(STR_SECURE_BOOT_DBT_OPTION);\r
+\r
+ subtitle text = STRING_TOKEN(STR_NULL);\r
+\r
+ goto SECUREBOOT_ENROLL_SIGNATURE_TO_DBT,\r
+ prompt = STRING_TOKEN (STR_SECURE_BOOT_ENROLL_SIGNATURE),\r
+ help = STRING_TOKEN (STR_SECURE_BOOT_ENROLL_SIGNATURE),\r
+ flags = 0;\r
+\r
+ subtitle text = STRING_TOKEN(STR_NULL);\r
+\r
+ goto SECUREBOOT_DELETE_SIGNATURE_FROM_DBT,\r
+ prompt = STRING_TOKEN (STR_SECURE_BOOT_DELETE_SIGNATURE),\r
+ help = STRING_TOKEN (STR_SECURE_BOOT_DELETE_SIGNATURE),\r
+ flags = INTERACTIVE,\r
+ key = SECUREBOOT_DELETE_SIGNATURE_FROM_DBT;\r
+\r
+ endform;\r
+\r
//\r
// Form: 'Delete Signature' for DB Options.\r
//\r
label LABEL_DB_DELETE;\r
label LABEL_END;\r
subtitle text = STRING_TOKEN(STR_NULL);\r
- \r
+\r
endform;\r
\r
//\r
label LABEL_DBX_DELETE;\r
label LABEL_END;\r
subtitle text = STRING_TOKEN(STR_NULL);\r
- \r
+\r
+ endform;\r
+\r
+ //\r
+ // Form: 'Delete Signature' for DBT Options.\r
+ //\r
+ form formid = SECUREBOOT_DELETE_SIGNATURE_FROM_DBT,\r
+ title = STRING_TOKEN(STR_SECURE_BOOT_DELETE_SIGNATURE);\r
+\r
+ label LABEL_DBT_DELETE;\r
+ label LABEL_END;\r
+ subtitle text = STRING_TOKEN(STR_NULL);\r
+\r
endform;\r
\r
//\r
help = STRING_TOKEN(STR_SAVE_AND_EXIT),\r
flags = INTERACTIVE,\r
key = KEY_VALUE_SAVE_AND_EXIT_DB;\r
- \r
+\r
goto FORMID_SECURE_BOOT_OPTION_FORM,\r
prompt = STRING_TOKEN(STR_NO_SAVE_AND_EXIT),\r
help = STRING_TOKEN(STR_NO_SAVE_AND_EXIT),\r
flags = INTERACTIVE,\r
key = SECUREBOOT_ENROLL_SIGNATURE_TO_DBX;\r
\r
- subtitle text = STRING_TOKEN(STR_NULL);\r
label SECUREBOOT_ENROLL_SIGNATURE_TO_DBX;\r
label LABEL_END;\r
subtitle text = STRING_TOKEN(STR_NULL);\r
maxsize = SECURE_BOOT_GUID_SIZE,\r
endstring;\r
\r
+ oneof name = SignatureFormatInDbx,\r
+ varid = SECUREBOOT_CONFIGURATION.CertificateFormat,\r
+ prompt = STRING_TOKEN(STR_DBX_CERTIFICATE_FORMAT_PROMPT),\r
+ help = STRING_TOKEN(STR_DBX_CERTIFICATE_FORMAT_HELP),\r
+ option text = STRING_TOKEN(STR_DBX_CERTIFICATE_FORMAT_SHA256), value = 0x2, flags = DEFAULT;\r
+ option text = STRING_TOKEN(STR_DBX_CERTIFICATE_FORMAT_SHA384), value = 0x3, flags = 0;\r
+ option text = STRING_TOKEN(STR_DBX_CERTIFICATE_FORMAT_SHA512), value = 0x4, flags = 0;\r
+ option text = STRING_TOKEN(STR_DBX_CERTIFICATE_FORMAT_RAW), value = 0x5, flags = 0;\r
+ endoneof;\r
+\r
+ suppressif ideqval SECUREBOOT_CONFIGURATION.CertificateFormat == 5;\r
+ checkbox varid = SECUREBOOT_CONFIGURATION.AlwaysRevocation,\r
+ prompt = STRING_TOKEN(STR_ALWAYS_CERTIFICATE_REVOCATION_PROMPT),\r
+ help = STRING_TOKEN(STR_ALWAYS_CERTIFICATE_REVOCATION_HELP),\r
+ flags = INTERACTIVE,\r
+ endcheckbox;\r
+\r
+ suppressif ideqval SECUREBOOT_CONFIGURATION.AlwaysRevocation == 1;\r
+ date varid = SECUREBOOT_CONFIGURATION.RevocationDate,\r
+ prompt = STRING_TOKEN(STR_CERTIFICATE_REVOCATION_DATE_PROMPT),\r
+ help = STRING_TOKEN(STR_CERTIFICATE_REVOCATION_DATE_HELP),\r
+ flags = STORAGE_NORMAL,\r
+ enddate;\r
+\r
+ time varid = SECUREBOOT_CONFIGURATION.RevocationTime,\r
+ prompt = STRING_TOKEN(STR_CERTIFICATE_REVOCATION_TIME_PROMPT),\r
+ help = STRING_TOKEN(STR_CERTIFICATE_REVOCATION_TIME_HELP),\r
+ flags = STORAGE_NORMAL,\r
+ endtime;\r
+ endif;\r
+ endif;\r
+\r
subtitle text = STRING_TOKEN(STR_NULL);\r
subtitle text = STRING_TOKEN(STR_NULL);\r
\r
help = STRING_TOKEN(STR_SAVE_AND_EXIT),\r
flags = INTERACTIVE,\r
key = KEY_VALUE_SAVE_AND_EXIT_DBX;\r
- \r
+\r
goto FORMID_SECURE_BOOT_OPTION_FORM,\r
prompt = STRING_TOKEN(STR_NO_SAVE_AND_EXIT),\r
help = STRING_TOKEN(STR_NO_SAVE_AND_EXIT),\r
\r
endform;\r
\r
+ //\r
+ // Form: 'Enroll Signature' for DBT options.\r
+ //\r
+ form formid = SECUREBOOT_ENROLL_SIGNATURE_TO_DBT,\r
+ title = STRING_TOKEN(STR_SECURE_BOOT_ENROLL_SIGNATURE);\r
+\r
+ subtitle text = STRING_TOKEN(STR_NULL);\r
+\r
+ goto FORM_FILE_EXPLORER_ID_DBT,\r
+ prompt = STRING_TOKEN(STR_SECURE_BOOT_ADD_SIGNATURE_FILE),\r
+ help = STRING_TOKEN(STR_SECURE_BOOT_ADD_SIGNATURE_FILE),\r
+ flags = INTERACTIVE,\r
+ key = SECUREBOOT_ENROLL_SIGNATURE_TO_DBT;\r
+\r
+ subtitle text = STRING_TOKEN(STR_NULL);\r
+ label SECUREBOOT_ENROLL_SIGNATURE_TO_DBT;\r
+ label LABEL_END;\r
+ subtitle text = STRING_TOKEN(STR_NULL);\r
+\r
+ string varid = SECUREBOOT_CONFIGURATION.SignatureGuid,\r
+ prompt = STRING_TOKEN(STR_SECURE_BOOT_SIGNATURE_GUID),\r
+ help = STRING_TOKEN(STR_SECURE_BOOT_SIGNATURE_GUID_HELP),\r
+ flags = INTERACTIVE,\r
+ key = KEY_SECURE_BOOT_SIGNATURE_GUID_DBT,\r
+ minsize = SECURE_BOOT_GUID_SIZE,\r
+ maxsize = SECURE_BOOT_GUID_SIZE,\r
+ endstring;\r
+\r
+ subtitle text = STRING_TOKEN(STR_NULL);\r
+ subtitle text = STRING_TOKEN(STR_NULL);\r
+\r
+ goto FORMID_SECURE_BOOT_OPTION_FORM,\r
+ prompt = STRING_TOKEN(STR_SAVE_AND_EXIT),\r
+ help = STRING_TOKEN(STR_SAVE_AND_EXIT),\r
+ flags = INTERACTIVE,\r
+ key = KEY_VALUE_SAVE_AND_EXIT_DBT;\r
+\r
+ goto FORMID_SECURE_BOOT_OPTION_FORM,\r
+ prompt = STRING_TOKEN(STR_NO_SAVE_AND_EXIT),\r
+ help = STRING_TOKEN(STR_NO_SAVE_AND_EXIT),\r
+ flags = INTERACTIVE,\r
+ key = KEY_VALUE_NO_SAVE_AND_EXIT_DBT;\r
+\r
+ endform;\r
+\r
//\r
// File Explorer for PK\r
//\r
label FORM_FILE_EXPLORER_ID;\r
label LABEL_END;\r
endform;\r
- \r
+\r
//\r
// File Explorer for KEK\r
//\r
label LABEL_END;\r
endform;\r
\r
+ //\r
+ // File Explorer for DBT\r
+ //\r
+ form formid = FORM_FILE_EXPLORER_ID_DBT,\r
+ title = STRING_TOKEN(STR_FILE_EXPLORER_TITLE);\r
+\r
+ label FORM_FILE_EXPLORER_ID;\r
+ label LABEL_END;\r
+ endform;\r
\r
//\r
// Enroll Pk from File Commit Form\r
\r
label SECUREBOOT_ADD_PK_FILE_FORM_ID;\r
label LABEL_END;\r
- \r
+\r
subtitle text = STRING_TOKEN(STR_NULL);\r
\r
text\r
\r
endform;\r
\r
-endformset;\r
+endformset;
\ No newline at end of file