SecurityPkg: SecureBootConfigDxe: Support AUTH_2 enrollment to DBX
[mirror_edk2.git] / SecurityPkg / VariableAuthenticated / SecureBootConfigDxe / SecureBootConfig.vfr
CommitLineData
beda2356 1/** @file\r
2 VFR file used by the SecureBoot configuration component.\r
3\r
4de754e1 4Copyright (c) 2011 - 2017, Intel Corporation. All rights reserved.<BR>\r
20333c6d
QL
5This program and the accompanying materials\r
6are licensed and made available under the terms and conditions of the BSD License\r
7which accompanies this distribution. The full text of the license may be found at\r
beda2356 8http://opensource.org/licenses/bsd-license.php\r
9\r
20333c6d 10THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,\r
beda2356 11WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
12\r
13**/\r
14\r
15#include "SecureBootConfigNvData.h"\r
16\r
17formset\r
18 guid = SECUREBOOT_CONFIG_FORM_SET_GUID,\r
19 title = STRING_TOKEN(STR_SECUREBOOT_TITLE),\r
20 help = STRING_TOKEN(STR_SECUREBOOT_HELP),\r
21 classguid = EFI_HII_PLATFORM_SETUP_FORMSET_GUID,\r
22\r
23 varstore SECUREBOOT_CONFIGURATION,\r
24 varid = SECUREBOOT_CONFIGURATION_VARSTORE_ID,\r
25 name = SECUREBOOT_CONFIGURATION,\r
26 guid = SECUREBOOT_CONFIG_FORM_SET_GUID;\r
20333c6d 27\r
ecc722ad 28 //\r
29 // ##1 Form "Secure Boot Configuration"\r
30 //\r
beda2356 31 form formid = SECUREBOOT_CONFIGURATION_FORM_ID,\r
32 title = STRING_TOKEN(STR_SECUREBOOT_TITLE);\r
33\r
34 subtitle text = STRING_TOKEN(STR_NULL);\r
f71ed839 35\r
36 text\r
37 help = STRING_TOKEN(STR_SECURE_BOOT_STATE_HELP),\r
38 text = STRING_TOKEN(STR_SECURE_BOOT_STATE_PROMPT),\r
39 text = STRING_TOKEN(STR_SECURE_BOOT_STATE_CONTENT);\r
20333c6d 40\r
ecc722ad 41 //\r
42 // Display of Check Box: Attempt Secure Boot\r
43 //\r
e8903bb7 44 grayoutif ideqval SECUREBOOT_CONFIGURATION.HideSecureBoot == 1 OR NOT ideqval SECUREBOOT_CONFIGURATION.PhysicalPresent == 1;\r
f71ed839 45 checkbox varid = SECUREBOOT_CONFIGURATION.AttemptSecureBoot,\r
beda2356 46 questionid = KEY_SECURE_BOOT_ENABLE,\r
47 prompt = STRING_TOKEN(STR_SECURE_BOOT_PROMPT),\r
48 help = STRING_TOKEN(STR_SECURE_BOOT_HELP),\r
8f8ca22e 49 flags = INTERACTIVE | RESET_REQUIRED,\r
ecc722ad 50 endcheckbox;\r
51 endif;\r
20333c6d 52\r
ecc722ad 53 //\r
54 // Display of Oneof: 'Secure Boot Mode'\r
55 //\r
142d2dcb
CZ
56 oneof name = SecureBootMode,\r
57 questionid = KEY_SECURE_BOOT_MODE,\r
58 prompt = STRING_TOKEN(STR_SECURE_BOOT_MODE_PROMPT),\r
59 help = STRING_TOKEN(STR_SECURE_BOOT_MODE_HELP),\r
60 flags = INTERACTIVE | NUMERIC_SIZE_1,\r
61 option text = STRING_TOKEN(STR_STANDARD_MODE), value = SECURE_BOOT_MODE_STANDARD, flags = DEFAULT;\r
62 option text = STRING_TOKEN(STR_CUSTOM_MODE), value = SECURE_BOOT_MODE_CUSTOM, flags = 0;\r
63 endoneof;\r
20333c6d 64\r
ecc722ad 65 //\r
12087ff6 66 // Display of 'Current Secure Boot Mode'\r
ecc722ad 67 //\r
a365eed4 68 suppressif questionref(SecureBootMode) == SECURE_BOOT_MODE_STANDARD;\r
96832eef
CZ
69 grayoutif NOT ideqval SECUREBOOT_CONFIGURATION.PhysicalPresent == 1;\r
70 goto FORMID_SECURE_BOOT_OPTION_FORM,\r
71 prompt = STRING_TOKEN(STR_SECURE_BOOT_OPTION),\r
72 help = STRING_TOKEN(STR_SECURE_BOOT_OPTION_HELP),\r
73 flags = INTERACTIVE,\r
74 key = KEY_SECURE_BOOT_OPTION;\r
75 endif;\r
ecc722ad 76 endif;\r
96832eef 77\r
ecc722ad 78 endform;\r
20333c6d 79\r
ecc722ad 80 //\r
81 // ##2 Form: 'Custom Secure Boot Options'\r
82 //\r
83 form formid = FORMID_SECURE_BOOT_OPTION_FORM,\r
84 title = STRING_TOKEN(STR_SECURE_BOOT_OPTION_TITLE);\r
20333c6d 85\r
ecc722ad 86 subtitle text = STRING_TOKEN(STR_NULL);\r
20333c6d 87\r
ecc722ad 88 goto FORMID_SECURE_BOOT_PK_OPTION_FORM,\r
89 prompt = STRING_TOKEN(STR_SECURE_BOOT_PK_OPTION),\r
90 help = STRING_TOKEN(STR_SECURE_BOOT_PK_OPTION_HELP),\r
91 flags = INTERACTIVE,\r
92 key = KEY_SECURE_BOOT_PK_OPTION;\r
20333c6d 93\r
ecc722ad 94 subtitle text = STRING_TOKEN(STR_NULL);\r
20333c6d 95\r
ecc722ad 96 goto FORMID_SECURE_BOOT_KEK_OPTION_FORM,\r
97 prompt = STRING_TOKEN(STR_SECURE_BOOT_KEK_OPTION),\r
98 help = STRING_TOKEN(STR_SECURE_BOOT_KEK_OPTION_HELP),\r
99 flags = INTERACTIVE,\r
100 key = KEY_SECURE_BOOT_KEK_OPTION;\r
20333c6d 101\r
ecc722ad 102 subtitle text = STRING_TOKEN(STR_NULL);\r
20333c6d 103\r
ecc722ad 104 goto FORMID_SECURE_BOOT_DB_OPTION_FORM,\r
105 prompt = STRING_TOKEN(STR_SECURE_BOOT_DB_OPTION),\r
106 help = STRING_TOKEN(STR_SECURE_BOOT_DB_OPTION_HELP),\r
107 flags = INTERACTIVE,\r
108 key = KEY_SECURE_BOOT_DB_OPTION;\r
20333c6d 109\r
ecc722ad 110 subtitle text = STRING_TOKEN(STR_NULL);\r
20333c6d 111\r
ecc722ad 112 goto FORMID_SECURE_BOOT_DBX_OPTION_FORM,\r
113 prompt = STRING_TOKEN(STR_SECURE_BOOT_DBX_OPTION),\r
114 help = STRING_TOKEN(STR_SECURE_BOOT_DBX_OPTION_HELP),\r
115 flags = INTERACTIVE,\r
116 key = KEY_SECURE_BOOT_DBX_OPTION;\r
117\r
20333c6d
QL
118 subtitle text = STRING_TOKEN(STR_NULL);\r
119\r
120 goto FORMID_SECURE_BOOT_DBT_OPTION_FORM,\r
121 prompt = STRING_TOKEN(STR_SECURE_BOOT_DBT_OPTION),\r
122 help = STRING_TOKEN(STR_SECURE_BOOT_DBT_OPTION_HELP),\r
123 flags = INTERACTIVE,\r
124 key = KEY_SECURE_BOOT_DBT_OPTION;\r
125\r
ecc722ad 126 endform;\r
20333c6d 127\r
ecc722ad 128 //\r
129 // ##3 Form: 'PK Options'\r
130 //\r
131 form formid = FORMID_SECURE_BOOT_PK_OPTION_FORM,\r
132 title = STRING_TOKEN(STR_SECURE_BOOT_PK_OPTION);\r
20333c6d 133\r
ecc722ad 134 subtitle text = STRING_TOKEN(STR_NULL);\r
20333c6d 135\r
ecc722ad 136 //\r
142d2dcb 137 // Display of 'Enroll PK'\r
ecc722ad 138 //\r
ecc722ad 139 grayoutif ideqval SECUREBOOT_CONFIGURATION.HasPk == 1;\r
140 goto FORMID_ENROLL_PK_FORM,\r
141 prompt = STRING_TOKEN(STR_ENROLL_PK),\r
142 help = STRING_TOKEN(STR_ENROLL_PK_HELP),\r
143 flags = INTERACTIVE,\r
144 key = KEY_ENROLL_PK;\r
145 endif;\r
20333c6d 146\r
ecc722ad 147 subtitle text = STRING_TOKEN(STR_NULL);\r
20333c6d 148\r
ecc722ad 149 //\r
20333c6d 150 // Display of Check Box: 'Delete Pk'\r
ecc722ad 151 //\r
152 grayoutif ideqval SECUREBOOT_CONFIGURATION.HideSecureBoot == 1;\r
153 checkbox varid = SECUREBOOT_CONFIGURATION.DeletePk,\r
154 questionid = KEY_SECURE_BOOT_DELETE_PK,\r
20333c6d 155 prompt = STRING_TOKEN(STR_DELETE_PK),\r
ecc722ad 156 help = STRING_TOKEN(STR_DELETE_PK_HELP),\r
0fb450fb 157 flags = INTERACTIVE | RESET_REQUIRED,\r
beda2356 158 endcheckbox;\r
159 endif;\r
ecc722ad 160 endform;\r
20333c6d 161\r
ecc722ad 162 //\r
163 // ##4 Form: 'Enroll PK'\r
164 //\r
165 form formid = FORMID_ENROLL_PK_FORM,\r
166 title = STRING_TOKEN(STR_ENROLL_PK);\r
20333c6d 167\r
ecc722ad 168 subtitle text = STRING_TOKEN(STR_NULL);\r
169\r
762d8ddb 170 goto FORMID_ENROLL_PK_FORM,\r
ecc722ad 171 prompt = STRING_TOKEN(STR_SECURE_BOOT_ENROLL_PK_FILE),\r
172 help = STRING_TOKEN(STR_SECURE_BOOT_ENROLL_PK_FILE),\r
173 flags = INTERACTIVE,\r
762d8ddb
DB
174 key = FORMID_ENROLL_PK_FORM;\r
175\r
176 subtitle text = STRING_TOKEN(STR_NULL);\r
177 label FORMID_ENROLL_PK_FORM;\r
178 label LABEL_END;\r
179 subtitle text = STRING_TOKEN(STR_NULL);\r
180\r
181 goto FORMID_SECURE_BOOT_OPTION_FORM,\r
182 prompt = STRING_TOKEN(STR_SAVE_AND_EXIT),\r
183 help = STRING_TOKEN(STR_SAVE_AND_EXIT),\r
184 flags = INTERACTIVE| RESET_REQUIRED,\r
185 key = KEY_VALUE_SAVE_AND_EXIT_PK;\r
186\r
187 goto FORMID_SECURE_BOOT_OPTION_FORM,\r
188 prompt = STRING_TOKEN(STR_NO_SAVE_AND_EXIT),\r
189 help = STRING_TOKEN(STR_NO_SAVE_AND_EXIT),\r
190 flags = INTERACTIVE,\r
191 key = KEY_VALUE_NO_SAVE_AND_EXIT_PK;\r
192\r
ecc722ad 193 endform;\r
20333c6d 194\r
ecc722ad 195 //\r
196 // ##5 Form: 'KEK Options'\r
197 //\r
198 form formid = FORMID_SECURE_BOOT_KEK_OPTION_FORM,\r
199 title = STRING_TOKEN(STR_SECURE_BOOT_KEK_OPTION);\r
200\r
201 //\r
20333c6d 202 // Display of 'Enroll KEK'\r
ecc722ad 203 //\r
204 goto FORMID_ENROLL_KEK_FORM,\r
205 prompt = STRING_TOKEN(STR_ENROLL_KEK),\r
206 help = STRING_TOKEN(STR_ENROLL_KEK_HELP),\r
207 flags = INTERACTIVE;\r
20333c6d
QL
208\r
209 subtitle text = STRING_TOKEN(STR_NULL);\r
210\r
ecc722ad 211 //\r
20333c6d 212 // Display of 'Delete KEK'\r
ecc722ad 213 //\r
214 goto FORMID_DELETE_KEK_FORM,\r
215 prompt = STRING_TOKEN(STR_DELETE_KEK),\r
216 help = STRING_TOKEN(STR_DELETE_KEK_HELP),\r
217 flags = INTERACTIVE,\r
218 key = KEY_DELETE_KEK;\r
20333c6d
QL
219\r
220 subtitle text = STRING_TOKEN(STR_NULL);\r
ecc722ad 221 endform;\r
222\r
223 //\r
20333c6d 224 // ##6 Form: 'Enroll KEK'\r
ecc722ad 225 //\r
226 form formid = FORMID_ENROLL_KEK_FORM,\r
227 title = STRING_TOKEN(STR_ENROLL_KEK_TITLE);\r
228\r
229 subtitle text = STRING_TOKEN(STR_NULL);\r
230\r
762d8ddb 231 goto FORMID_ENROLL_KEK_FORM,\r
ecc722ad 232 prompt = STRING_TOKEN(STR_FORM_ENROLL_KEK_FROM_FILE_TITLE),\r
233 help = STRING_TOKEN(STR_FORM_ENROLL_KEK_FROM_FILE_TITLE_HELP),\r
234 flags = INTERACTIVE,\r
235 key = FORMID_ENROLL_KEK_FORM;\r
236\r
237 subtitle text = STRING_TOKEN(STR_NULL);\r
238 label FORMID_ENROLL_KEK_FORM;\r
239 label LABEL_END;\r
240 subtitle text = STRING_TOKEN(STR_NULL);\r
241\r
242 string varid = SECUREBOOT_CONFIGURATION.SignatureGuid,\r
243 prompt = STRING_TOKEN(STR_SECURE_BOOT_SIGNATURE_GUID),\r
244 help = STRING_TOKEN(STR_SECURE_BOOT_SIGNATURE_GUID_HELP),\r
245 flags = INTERACTIVE,\r
246 key = KEY_SECURE_BOOT_KEK_GUID,\r
247 minsize = SECURE_BOOT_GUID_SIZE,\r
248 maxsize = SECURE_BOOT_GUID_SIZE,\r
249 endstring;\r
250\r
251 subtitle text = STRING_TOKEN(STR_NULL);\r
252 subtitle text = STRING_TOKEN(STR_NULL);\r
253\r
254 goto FORMID_SECURE_BOOT_OPTION_FORM,\r
255 prompt = STRING_TOKEN(STR_SAVE_AND_EXIT),\r
256 help = STRING_TOKEN(STR_SAVE_AND_EXIT),\r
257 flags = INTERACTIVE,\r
258 key = KEY_VALUE_SAVE_AND_EXIT_KEK;\r
20333c6d 259\r
ecc722ad 260 goto FORMID_SECURE_BOOT_OPTION_FORM,\r
261 prompt = STRING_TOKEN(STR_NO_SAVE_AND_EXIT),\r
262 help = STRING_TOKEN(STR_NO_SAVE_AND_EXIT),\r
263 flags = INTERACTIVE,\r
264 key = KEY_VALUE_NO_SAVE_AND_EXIT_KEK;\r
265\r
266 endform;\r
267\r
268 //\r
269 // ##7 Form: 'Delete KEK'\r
20333c6d 270 //\r
ecc722ad 271 form formid = FORMID_DELETE_KEK_FORM,\r
272 title = STRING_TOKEN(STR_DELETE_KEK_TITLE);\r
273\r
274 label LABEL_KEK_DELETE;\r
275 label LABEL_END;\r
20333c6d 276\r
ecc722ad 277 subtitle text = STRING_TOKEN(STR_NULL);\r
20333c6d 278\r
ecc722ad 279 endform;\r
280\r
281 //\r
282 // ##8 Form: 'DB Options'\r
283 //\r
284 form formid = FORMID_SECURE_BOOT_DB_OPTION_FORM,\r
285 title = STRING_TOKEN(STR_SECURE_BOOT_DB_OPTION);\r
286\r
287 subtitle text = STRING_TOKEN(STR_NULL);\r
288\r
289 goto SECUREBOOT_ENROLL_SIGNATURE_TO_DB,\r
290 prompt = STRING_TOKEN (STR_SECURE_BOOT_ENROLL_SIGNATURE),\r
291 help = STRING_TOKEN (STR_SECURE_BOOT_ENROLL_SIGNATURE),\r
292 flags = 0;\r
293\r
294 subtitle text = STRING_TOKEN(STR_NULL);\r
295\r
296 goto SECUREBOOT_DELETE_SIGNATURE_FROM_DB,\r
297 prompt = STRING_TOKEN (STR_SECURE_BOOT_DELETE_SIGNATURE),\r
298 help = STRING_TOKEN (STR_SECURE_BOOT_DELETE_SIGNATURE),\r
299 flags = INTERACTIVE,\r
300 key = SECUREBOOT_DELETE_SIGNATURE_FROM_DB;\r
20333c6d 301\r
ecc722ad 302 endform;\r
303\r
304 //\r
305 // ##9 Form: 'DBX Options'\r
306 //\r
307 form formid = FORMID_SECURE_BOOT_DBX_OPTION_FORM,\r
308 title = STRING_TOKEN(STR_SECURE_BOOT_DBX_OPTION);\r
309\r
310 subtitle text = STRING_TOKEN(STR_NULL);\r
311\r
312 goto SECUREBOOT_ENROLL_SIGNATURE_TO_DBX,\r
313 prompt = STRING_TOKEN (STR_SECURE_BOOT_ENROLL_SIGNATURE),\r
314 help = STRING_TOKEN (STR_SECURE_BOOT_ENROLL_SIGNATURE),\r
315 flags = 0;\r
316\r
317 subtitle text = STRING_TOKEN(STR_NULL);\r
318\r
319 goto SECUREBOOT_DELETE_SIGNATURE_FROM_DBX,\r
320 prompt = STRING_TOKEN (STR_SECURE_BOOT_DELETE_SIGNATURE),\r
321 help = STRING_TOKEN (STR_SECURE_BOOT_DELETE_SIGNATURE),\r
322 flags = INTERACTIVE,\r
323 key = SECUREBOOT_DELETE_SIGNATURE_FROM_DBX;\r
324\r
325 endform;\r
326\r
20333c6d
QL
327 //\r
328 // ##9 Form: 'DBT Options'\r
329 //\r
330 form formid = FORMID_SECURE_BOOT_DBT_OPTION_FORM,\r
331 title = STRING_TOKEN(STR_SECURE_BOOT_DBT_OPTION);\r
332\r
333 subtitle text = STRING_TOKEN(STR_NULL);\r
334\r
335 goto SECUREBOOT_ENROLL_SIGNATURE_TO_DBT,\r
336 prompt = STRING_TOKEN (STR_SECURE_BOOT_ENROLL_SIGNATURE),\r
337 help = STRING_TOKEN (STR_SECURE_BOOT_ENROLL_SIGNATURE),\r
338 flags = 0;\r
339\r
340 subtitle text = STRING_TOKEN(STR_NULL);\r
341\r
342 goto SECUREBOOT_DELETE_SIGNATURE_FROM_DBT,\r
343 prompt = STRING_TOKEN (STR_SECURE_BOOT_DELETE_SIGNATURE),\r
344 help = STRING_TOKEN (STR_SECURE_BOOT_DELETE_SIGNATURE),\r
345 flags = INTERACTIVE,\r
346 key = SECUREBOOT_DELETE_SIGNATURE_FROM_DBT;\r
347\r
348 endform;\r
349\r
ecc722ad 350 //\r
351 // Form: 'Delete Signature' for DB Options.\r
352 //\r
353 form formid = SECUREBOOT_DELETE_SIGNATURE_FROM_DB,\r
354 title = STRING_TOKEN(STR_SECURE_BOOT_DELETE_SIGNATURE);\r
355\r
356 label LABEL_DB_DELETE;\r
357 label LABEL_END;\r
358 subtitle text = STRING_TOKEN(STR_NULL);\r
20333c6d 359\r
ecc722ad 360 endform;\r
361\r
362 //\r
363 // Form: 'Delete Signature' for DBX Options.\r
364 //\r
365 form formid = SECUREBOOT_DELETE_SIGNATURE_FROM_DBX,\r
366 title = STRING_TOKEN(STR_SECURE_BOOT_DELETE_SIGNATURE);\r
367\r
368 label LABEL_DBX_DELETE;\r
369 label LABEL_END;\r
370 subtitle text = STRING_TOKEN(STR_NULL);\r
20333c6d
QL
371\r
372 endform;\r
373\r
374 //\r
375 // Form: 'Delete Signature' for DBT Options.\r
376 //\r
377 form formid = SECUREBOOT_DELETE_SIGNATURE_FROM_DBT,\r
378 title = STRING_TOKEN(STR_SECURE_BOOT_DELETE_SIGNATURE);\r
379\r
380 label LABEL_DBT_DELETE;\r
381 label LABEL_END;\r
382 subtitle text = STRING_TOKEN(STR_NULL);\r
383\r
ecc722ad 384 endform;\r
385\r
386 //\r
387 // Form: 'Enroll Signature' for DB options.\r
388 //\r
389 form formid = SECUREBOOT_ENROLL_SIGNATURE_TO_DB,\r
390 title = STRING_TOKEN(STR_SECURE_BOOT_ENROLL_SIGNATURE);\r
391\r
392 subtitle text = STRING_TOKEN(STR_NULL);\r
393\r
762d8ddb 394 goto SECUREBOOT_ENROLL_SIGNATURE_TO_DB,\r
ecc722ad 395 prompt = STRING_TOKEN(STR_SECURE_BOOT_ADD_SIGNATURE_FILE),\r
396 help = STRING_TOKEN(STR_SECURE_BOOT_ADD_SIGNATURE_FILE),\r
397 flags = INTERACTIVE,\r
398 key = SECUREBOOT_ENROLL_SIGNATURE_TO_DB;\r
399\r
400 subtitle text = STRING_TOKEN(STR_NULL);\r
401 label SECUREBOOT_ENROLL_SIGNATURE_TO_DB;\r
402 label LABEL_END;\r
403 subtitle text = STRING_TOKEN(STR_NULL);\r
404\r
405 string varid = SECUREBOOT_CONFIGURATION.SignatureGuid,\r
406 prompt = STRING_TOKEN(STR_SECURE_BOOT_SIGNATURE_GUID),\r
407 help = STRING_TOKEN(STR_SECURE_BOOT_SIGNATURE_GUID_HELP),\r
408 flags = INTERACTIVE,\r
409 key = KEY_SECURE_BOOT_SIGNATURE_GUID_DB,\r
410 minsize = SECURE_BOOT_GUID_SIZE,\r
411 maxsize = SECURE_BOOT_GUID_SIZE,\r
412 endstring;\r
413\r
414 subtitle text = STRING_TOKEN(STR_NULL);\r
415 subtitle text = STRING_TOKEN(STR_NULL);\r
416\r
417 goto FORMID_SECURE_BOOT_OPTION_FORM,\r
418 prompt = STRING_TOKEN(STR_SAVE_AND_EXIT),\r
419 help = STRING_TOKEN(STR_SAVE_AND_EXIT),\r
420 flags = INTERACTIVE,\r
421 key = KEY_VALUE_SAVE_AND_EXIT_DB;\r
20333c6d 422\r
ecc722ad 423 goto FORMID_SECURE_BOOT_OPTION_FORM,\r
424 prompt = STRING_TOKEN(STR_NO_SAVE_AND_EXIT),\r
425 help = STRING_TOKEN(STR_NO_SAVE_AND_EXIT),\r
426 flags = INTERACTIVE,\r
427 key = KEY_VALUE_NO_SAVE_AND_EXIT_DB;\r
428\r
429 endform;\r
430\r
431 //\r
432 // Form: 'Enroll Signature' for DBX options.\r
433 //\r
434 form formid = SECUREBOOT_ENROLL_SIGNATURE_TO_DBX,\r
435 title = STRING_TOKEN(STR_SECURE_BOOT_ENROLL_SIGNATURE);\r
436\r
437 subtitle text = STRING_TOKEN(STR_NULL);\r
438\r
762d8ddb 439 goto SECUREBOOT_ENROLL_SIGNATURE_TO_DBX,\r
ecc722ad 440 prompt = STRING_TOKEN(STR_SECURE_BOOT_ADD_SIGNATURE_FILE),\r
441 help = STRING_TOKEN(STR_SECURE_BOOT_ADD_SIGNATURE_FILE),\r
442 flags = INTERACTIVE,\r
443 key = SECUREBOOT_ENROLL_SIGNATURE_TO_DBX;\r
444\r
ecc722ad 445 label SECUREBOOT_ENROLL_SIGNATURE_TO_DBX;\r
446 label LABEL_END;\r
447 subtitle text = STRING_TOKEN(STR_NULL);\r
448\r
4de754e1
ZC
449 grayoutif ideqval SECUREBOOT_CONFIGURATION.FileEnrollType == 3;\r
450 string varid = SECUREBOOT_CONFIGURATION.SignatureGuid,\r
451 prompt = STRING_TOKEN(STR_SECURE_BOOT_SIGNATURE_GUID),\r
452 help = STRING_TOKEN(STR_SECURE_BOOT_SIGNATURE_GUID_HELP),\r
453 flags = INTERACTIVE,\r
454 key = KEY_SECURE_BOOT_SIGNATURE_GUID_DBX,\r
455 minsize = SECURE_BOOT_GUID_SIZE,\r
456 maxsize = SECURE_BOOT_GUID_SIZE,\r
457 endstring;\r
458 endif;\r
ecc722ad 459\r
4de754e1
ZC
460 disableif NOT ideqval SECUREBOOT_CONFIGURATION.FileEnrollType == 1;\r
461 oneof name = X509SignatureFormatInDbx,\r
462 varid = SECUREBOOT_CONFIGURATION.CertificateFormat,\r
463 prompt = STRING_TOKEN(STR_DBX_CERTIFICATE_FORMAT_PROMPT),\r
464 help = STRING_TOKEN(STR_DBX_CERTIFICATE_FORMAT_HELP),\r
465 option text = STRING_TOKEN(STR_DBX_CERTIFICATE_FORMAT_SHA256), value = 0x1, flags = DEFAULT;\r
466 option text = STRING_TOKEN(STR_DBX_CERTIFICATE_FORMAT_SHA384), value = 0x2, flags = 0;\r
467 option text = STRING_TOKEN(STR_DBX_CERTIFICATE_FORMAT_SHA512), value = 0x3, flags = 0;\r
468 option text = STRING_TOKEN(STR_DBX_CERTIFICATE_FORMAT_RAW), value = 0x4, flags = 0;\r
469 endoneof;\r
470 endif;\r
471\r
472 disableif NOT ideqval SECUREBOOT_CONFIGURATION.FileEnrollType == 2;\r
473 text\r
474 help = STRING_TOKEN(STR_DBX_PE_IMAGE_FORMAT_HELP), // Help string\r
475 text = STRING_TOKEN(STR_DBX_CERTIFICATE_FORMAT_PROMPT), // Prompt string\r
476 text = STRING_TOKEN(STR_DBX_PE_FORMAT_SHA256); // PE image type\r
477 endif;\r
478\r
479 disableif NOT ideqval SECUREBOOT_CONFIGURATION.FileEnrollType == 3;\r
480 text\r
481 help = STRING_TOKEN(STR_DBX_AUTH_2_FORMAT_HELP), // Help string\r
482 text = STRING_TOKEN(STR_DBX_CERTIFICATE_FORMAT_PROMPT), // Prompt string\r
483 text = STRING_TOKEN(STR_DBX_AUTH_2_FORMAT); // AUTH_2 image type\r
484 endif;\r
20333c6d 485\r
e9429e79 486 suppressif ideqval SECUREBOOT_CONFIGURATION.CertificateFormat == 4;\r
20333c6d
QL
487 checkbox varid = SECUREBOOT_CONFIGURATION.AlwaysRevocation,\r
488 prompt = STRING_TOKEN(STR_ALWAYS_CERTIFICATE_REVOCATION_PROMPT),\r
489 help = STRING_TOKEN(STR_ALWAYS_CERTIFICATE_REVOCATION_HELP),\r
490 flags = INTERACTIVE,\r
491 endcheckbox;\r
492\r
493 suppressif ideqval SECUREBOOT_CONFIGURATION.AlwaysRevocation == 1;\r
494 date varid = SECUREBOOT_CONFIGURATION.RevocationDate,\r
495 prompt = STRING_TOKEN(STR_CERTIFICATE_REVOCATION_DATE_PROMPT),\r
496 help = STRING_TOKEN(STR_CERTIFICATE_REVOCATION_DATE_HELP),\r
497 flags = STORAGE_NORMAL,\r
498 enddate;\r
499\r
500 time varid = SECUREBOOT_CONFIGURATION.RevocationTime,\r
501 prompt = STRING_TOKEN(STR_CERTIFICATE_REVOCATION_TIME_PROMPT),\r
502 help = STRING_TOKEN(STR_CERTIFICATE_REVOCATION_TIME_HELP),\r
503 flags = STORAGE_NORMAL,\r
504 endtime;\r
505 endif;\r
506 endif;\r
507\r
ecc722ad 508 subtitle text = STRING_TOKEN(STR_NULL);\r
509 subtitle text = STRING_TOKEN(STR_NULL);\r
510\r
511 goto FORMID_SECURE_BOOT_OPTION_FORM,\r
512 prompt = STRING_TOKEN(STR_SAVE_AND_EXIT),\r
513 help = STRING_TOKEN(STR_SAVE_AND_EXIT),\r
514 flags = INTERACTIVE,\r
515 key = KEY_VALUE_SAVE_AND_EXIT_DBX;\r
20333c6d 516\r
ecc722ad 517 goto FORMID_SECURE_BOOT_OPTION_FORM,\r
518 prompt = STRING_TOKEN(STR_NO_SAVE_AND_EXIT),\r
519 help = STRING_TOKEN(STR_NO_SAVE_AND_EXIT),\r
520 flags = INTERACTIVE,\r
521 key = KEY_VALUE_NO_SAVE_AND_EXIT_DBX;\r
522\r
523 endform;\r
524\r
20333c6d
QL
525 //\r
526 // Form: 'Enroll Signature' for DBT options.\r
527 //\r
528 form formid = SECUREBOOT_ENROLL_SIGNATURE_TO_DBT,\r
529 title = STRING_TOKEN(STR_SECURE_BOOT_ENROLL_SIGNATURE);\r
530\r
531 subtitle text = STRING_TOKEN(STR_NULL);\r
532\r
762d8ddb 533 goto SECUREBOOT_ENROLL_SIGNATURE_TO_DBT,\r
20333c6d
QL
534 prompt = STRING_TOKEN(STR_SECURE_BOOT_ADD_SIGNATURE_FILE),\r
535 help = STRING_TOKEN(STR_SECURE_BOOT_ADD_SIGNATURE_FILE),\r
536 flags = INTERACTIVE,\r
537 key = SECUREBOOT_ENROLL_SIGNATURE_TO_DBT;\r
538\r
539 subtitle text = STRING_TOKEN(STR_NULL);\r
540 label SECUREBOOT_ENROLL_SIGNATURE_TO_DBT;\r
541 label LABEL_END;\r
542 subtitle text = STRING_TOKEN(STR_NULL);\r
543\r
544 string varid = SECUREBOOT_CONFIGURATION.SignatureGuid,\r
545 prompt = STRING_TOKEN(STR_SECURE_BOOT_SIGNATURE_GUID),\r
546 help = STRING_TOKEN(STR_SECURE_BOOT_SIGNATURE_GUID_HELP),\r
547 flags = INTERACTIVE,\r
548 key = KEY_SECURE_BOOT_SIGNATURE_GUID_DBT,\r
549 minsize = SECURE_BOOT_GUID_SIZE,\r
550 maxsize = SECURE_BOOT_GUID_SIZE,\r
551 endstring;\r
552\r
553 subtitle text = STRING_TOKEN(STR_NULL);\r
554 subtitle text = STRING_TOKEN(STR_NULL);\r
555\r
556 goto FORMID_SECURE_BOOT_OPTION_FORM,\r
557 prompt = STRING_TOKEN(STR_SAVE_AND_EXIT),\r
558 help = STRING_TOKEN(STR_SAVE_AND_EXIT),\r
559 flags = INTERACTIVE,\r
560 key = KEY_VALUE_SAVE_AND_EXIT_DBT;\r
561\r
562 goto FORMID_SECURE_BOOT_OPTION_FORM,\r
563 prompt = STRING_TOKEN(STR_NO_SAVE_AND_EXIT),\r
564 help = STRING_TOKEN(STR_NO_SAVE_AND_EXIT),\r
565 flags = INTERACTIVE,\r
566 key = KEY_VALUE_NO_SAVE_AND_EXIT_DBT;\r
567\r
568 endform;\r
569\r
20333c6d 570endformset;