]> git.proxmox.com Git - mirror_edk2.git/blame - SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfig.vfr
projects / mirror_edk2.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
SecurityPkg: Add option to reset secure boot keys.
[mirror_edk2.git] / SecurityPkg / VariableAuthenticated / SecureBootConfigDxe / SecureBootConfig.vfr
CommitLineData
beda2356 1/** @file\r
2 VFR file used by the SecureBoot configuration component.\r
3\r
b3548d32 4Copyright (c) 2011 - 2018, Intel Corporation. All rights reserved.<BR>\r
289b714b 5SPDX-License-Identifier: BSD-2-Clause-Patent\r
beda2356 6\r
7**/\r
8\r
9#include "SecureBootConfigNvData.h"\r
10\r
11formset\r
12 guid = SECUREBOOT_CONFIG_FORM_SET_GUID,\r
13 title = STRING_TOKEN(STR_SECUREBOOT_TITLE),\r
14 help = STRING_TOKEN(STR_SECUREBOOT_HELP),\r
15 classguid = EFI_HII_PLATFORM_SETUP_FORMSET_GUID,\r
16\r
17 varstore SECUREBOOT_CONFIGURATION,\r
18 varid = SECUREBOOT_CONFIGURATION_VARSTORE_ID,\r
19 name = SECUREBOOT_CONFIGURATION,\r
20 guid = SECUREBOOT_CONFIG_FORM_SET_GUID;\r
20333c6d 21\r
ecc722ad 22 //\r
23 // ##1 Form "Secure Boot Configuration"\r
24 //\r
beda2356 25 form formid = SECUREBOOT_CONFIGURATION_FORM_ID,\r
26 title = STRING_TOKEN(STR_SECUREBOOT_TITLE);\r
27\r
28 subtitle text = STRING_TOKEN(STR_NULL);\r
f71ed839 29\r
30 text\r
31 help = STRING_TOKEN(STR_SECURE_BOOT_STATE_HELP),\r
32 text = STRING_TOKEN(STR_SECURE_BOOT_STATE_PROMPT),\r
33 text = STRING_TOKEN(STR_SECURE_BOOT_STATE_CONTENT);\r
20333c6d 34\r
ecc722ad 35 //\r
36 // Display of Check Box: Attempt Secure Boot\r
37 //\r
e8903bb7 38 grayoutif ideqval SECUREBOOT_CONFIGURATION.HideSecureBoot == 1 OR NOT ideqval SECUREBOOT_CONFIGURATION.PhysicalPresent == 1;\r
f71ed839 39 checkbox varid = SECUREBOOT_CONFIGURATION.AttemptSecureBoot,\r
beda2356 40 questionid = KEY_SECURE_BOOT_ENABLE,\r
41 prompt = STRING_TOKEN(STR_SECURE_BOOT_PROMPT),\r
42 help = STRING_TOKEN(STR_SECURE_BOOT_HELP),\r
8f8ca22e 43 flags = INTERACTIVE | RESET_REQUIRED,\r
ecc722ad 44 endcheckbox;\r
45 endif;\r
20333c6d 46\r
ecc722ad 47 //\r
48 // Display of Oneof: 'Secure Boot Mode'\r
49 //\r
142d2dcb
CZ		 50 oneof name = SecureBootMode,\r
51 questionid = KEY_SECURE_BOOT_MODE,\r
52 prompt = STRING_TOKEN(STR_SECURE_BOOT_MODE_PROMPT),\r
53 help = STRING_TOKEN(STR_SECURE_BOOT_MODE_HELP),\r
54 flags = INTERACTIVE | NUMERIC_SIZE_1,\r
55 option text = STRING_TOKEN(STR_STANDARD_MODE), value = SECURE_BOOT_MODE_STANDARD, flags = DEFAULT;\r
56 option text = STRING_TOKEN(STR_CUSTOM_MODE), value = SECURE_BOOT_MODE_CUSTOM, flags = 0;\r
57 endoneof;\r
20333c6d 58\r
ecc722ad 59 //\r
12087ff6 60 // Display of 'Current Secure Boot Mode'\r
ecc722ad 61 //\r
a365eed4 62 suppressif questionref(SecureBootMode) == SECURE_BOOT_MODE_STANDARD;\r
96832eef
CZ		 63 grayoutif NOT ideqval SECUREBOOT_CONFIGURATION.PhysicalPresent == 1;\r
64 goto FORMID_SECURE_BOOT_OPTION_FORM,\r
65 prompt = STRING_TOKEN(STR_SECURE_BOOT_OPTION),\r
66 help = STRING_TOKEN(STR_SECURE_BOOT_OPTION_HELP),\r
67 flags = INTERACTIVE,\r
68 key = KEY_SECURE_BOOT_OPTION;\r
69 endif;\r
ecc722ad 70 endif;\r
96832eef 71\r
55266a9b
GB		 72 text\r
73 help = STRING_TOKEN(STR_SECURE_RESET_TO_DEFAULTS_HELP),\r
74 text = STRING_TOKEN(STR_SECURE_RESET_TO_DEFAULTS),\r
75 flags = INTERACTIVE,\r
76 key = KEY_SECURE_BOOT_RESET_TO_DEFAULT;\r
77\r
ecc722ad 78 endform;\r
20333c6d 79\r
ecc722ad 80 //\r
81 // ##2 Form: 'Custom Secure Boot Options'\r
82 //\r
83 form formid = FORMID_SECURE_BOOT_OPTION_FORM,\r
84 title = STRING_TOKEN(STR_SECURE_BOOT_OPTION_TITLE);\r
20333c6d 85\r
ecc722ad 86 subtitle text = STRING_TOKEN(STR_NULL);\r
20333c6d 87\r
ecc722ad 88 goto FORMID_SECURE_BOOT_PK_OPTION_FORM,\r
89 prompt = STRING_TOKEN(STR_SECURE_BOOT_PK_OPTION),\r
90 help = STRING_TOKEN(STR_SECURE_BOOT_PK_OPTION_HELP),\r
91 flags = INTERACTIVE,\r
92 key = KEY_SECURE_BOOT_PK_OPTION;\r
20333c6d 93\r
ecc722ad 94 subtitle text = STRING_TOKEN(STR_NULL);\r
20333c6d 95\r
ecc722ad 96 goto FORMID_SECURE_BOOT_KEK_OPTION_FORM,\r
97 prompt = STRING_TOKEN(STR_SECURE_BOOT_KEK_OPTION),\r
98 help = STRING_TOKEN(STR_SECURE_BOOT_KEK_OPTION_HELP),\r
99 flags = INTERACTIVE,\r
100 key = KEY_SECURE_BOOT_KEK_OPTION;\r
20333c6d 101\r
ecc722ad 102 subtitle text = STRING_TOKEN(STR_NULL);\r
20333c6d 103\r
ecc722ad 104 goto FORMID_SECURE_BOOT_DB_OPTION_FORM,\r
105 prompt = STRING_TOKEN(STR_SECURE_BOOT_DB_OPTION),\r
106 help = STRING_TOKEN(STR_SECURE_BOOT_DB_OPTION_HELP),\r
107 flags = INTERACTIVE,\r
108 key = KEY_SECURE_BOOT_DB_OPTION;\r
20333c6d 109\r
ecc722ad 110 subtitle text = STRING_TOKEN(STR_NULL);\r
20333c6d 111\r
ecc722ad 112 goto FORMID_SECURE_BOOT_DBX_OPTION_FORM,\r
113 prompt = STRING_TOKEN(STR_SECURE_BOOT_DBX_OPTION),\r
114 help = STRING_TOKEN(STR_SECURE_BOOT_DBX_OPTION_HELP),\r
115 flags = INTERACTIVE,\r
116 key = KEY_SECURE_BOOT_DBX_OPTION;\r
117\r
20333c6d
QL		 118 subtitle text = STRING_TOKEN(STR_NULL);\r
119\r
120 goto FORMID_SECURE_BOOT_DBT_OPTION_FORM,\r
121 prompt = STRING_TOKEN(STR_SECURE_BOOT_DBT_OPTION),\r
122 help = STRING_TOKEN(STR_SECURE_BOOT_DBT_OPTION_HELP),\r
123 flags = INTERACTIVE,\r
124 key = KEY_SECURE_BOOT_DBT_OPTION;\r
125\r
ecc722ad 126 endform;\r
20333c6d 127\r
ecc722ad 128 //\r
129 // ##3 Form: 'PK Options'\r
130 //\r
131 form formid = FORMID_SECURE_BOOT_PK_OPTION_FORM,\r
132 title = STRING_TOKEN(STR_SECURE_BOOT_PK_OPTION);\r
20333c6d 133\r
ecc722ad 134 subtitle text = STRING_TOKEN(STR_NULL);\r
20333c6d 135\r
ecc722ad 136 //\r
142d2dcb 137 // Display of 'Enroll PK'\r
ecc722ad 138 //\r
ecc722ad 139 grayoutif ideqval SECUREBOOT_CONFIGURATION.HasPk == 1;\r
140 goto FORMID_ENROLL_PK_FORM,\r
141 prompt = STRING_TOKEN(STR_ENROLL_PK),\r
142 help = STRING_TOKEN(STR_ENROLL_PK_HELP),\r
143 flags = INTERACTIVE,\r
144 key = KEY_ENROLL_PK;\r
145 endif;\r
20333c6d 146\r
ecc722ad 147 subtitle text = STRING_TOKEN(STR_NULL);\r
20333c6d 148\r
ecc722ad 149 //\r
20333c6d 150 // Display of Check Box: 'Delete Pk'\r
ecc722ad 151 //\r
152 grayoutif ideqval SECUREBOOT_CONFIGURATION.HideSecureBoot == 1;\r
153 checkbox varid = SECUREBOOT_CONFIGURATION.DeletePk,\r
154 questionid = KEY_SECURE_BOOT_DELETE_PK,\r
20333c6d 155 prompt = STRING_TOKEN(STR_DELETE_PK),\r
ecc722ad 156 help = STRING_TOKEN(STR_DELETE_PK_HELP),\r
0fb450fb 157 flags = INTERACTIVE | RESET_REQUIRED,\r
beda2356 158 endcheckbox;\r
159 endif;\r
ecc722ad 160 endform;\r
20333c6d 161\r
ecc722ad 162 //\r
163 // ##4 Form: 'Enroll PK'\r
164 //\r
165 form formid = FORMID_ENROLL_PK_FORM,\r
166 title = STRING_TOKEN(STR_ENROLL_PK);\r
20333c6d 167\r
ecc722ad 168 subtitle text = STRING_TOKEN(STR_NULL);\r
169\r
762d8ddb 170 goto FORMID_ENROLL_PK_FORM,\r
ecc722ad 171 prompt = STRING_TOKEN(STR_SECURE_BOOT_ENROLL_PK_FILE),\r
172 help = STRING_TOKEN(STR_SECURE_BOOT_ENROLL_PK_FILE),\r
173 flags = INTERACTIVE,\r
762d8ddb
DB		 174 key = FORMID_ENROLL_PK_FORM;\r
175\r
176 subtitle text = STRING_TOKEN(STR_NULL);\r
177 label FORMID_ENROLL_PK_FORM;\r
178 label LABEL_END;\r
179 subtitle text = STRING_TOKEN(STR_NULL);\r
180\r
181 goto FORMID_SECURE_BOOT_OPTION_FORM,\r
182 prompt = STRING_TOKEN(STR_SAVE_AND_EXIT),\r
183 help = STRING_TOKEN(STR_SAVE_AND_EXIT),\r
184 flags = INTERACTIVE| RESET_REQUIRED,\r
185 key = KEY_VALUE_SAVE_AND_EXIT_PK;\r
186\r
187 goto FORMID_SECURE_BOOT_OPTION_FORM,\r
188 prompt = STRING_TOKEN(STR_NO_SAVE_AND_EXIT),\r
189 help = STRING_TOKEN(STR_NO_SAVE_AND_EXIT),\r
190 flags = INTERACTIVE,\r
191 key = KEY_VALUE_NO_SAVE_AND_EXIT_PK;\r
192\r
ecc722ad 193 endform;\r
20333c6d 194\r
ecc722ad 195 //\r
196 // ##5 Form: 'KEK Options'\r
197 //\r
198 form formid = FORMID_SECURE_BOOT_KEK_OPTION_FORM,\r
199 title = STRING_TOKEN(STR_SECURE_BOOT_KEK_OPTION);\r
200\r
201 //\r
20333c6d 202 // Display of 'Enroll KEK'\r
ecc722ad 203 //\r
204 goto FORMID_ENROLL_KEK_FORM,\r
205 prompt = STRING_TOKEN(STR_ENROLL_KEK),\r
206 help = STRING_TOKEN(STR_ENROLL_KEK_HELP),\r
207 flags = INTERACTIVE;\r
20333c6d
QL		 208\r
209 subtitle text = STRING_TOKEN(STR_NULL);\r
210\r
ecc722ad 211 //\r
20333c6d 212 // Display of 'Delete KEK'\r
ecc722ad 213 //\r
214 goto FORMID_DELETE_KEK_FORM,\r
215 prompt = STRING_TOKEN(STR_DELETE_KEK),\r
216 help = STRING_TOKEN(STR_DELETE_KEK_HELP),\r
217 flags = INTERACTIVE,\r
218 key = KEY_DELETE_KEK;\r
20333c6d
QL		 219\r
220 subtitle text = STRING_TOKEN(STR_NULL);\r
ecc722ad 221 endform;\r
222\r
223 //\r
20333c6d 224 // ##6 Form: 'Enroll KEK'\r
ecc722ad 225 //\r
226 form formid = FORMID_ENROLL_KEK_FORM,\r
227 title = STRING_TOKEN(STR_ENROLL_KEK_TITLE);\r
228\r
229 subtitle text = STRING_TOKEN(STR_NULL);\r
230\r
762d8ddb 231 goto FORMID_ENROLL_KEK_FORM,\r
ecc722ad 232 prompt = STRING_TOKEN(STR_FORM_ENROLL_KEK_FROM_FILE_TITLE),\r
233 help = STRING_TOKEN(STR_FORM_ENROLL_KEK_FROM_FILE_TITLE_HELP),\r
234 flags = INTERACTIVE,\r
235 key = FORMID_ENROLL_KEK_FORM;\r
236\r
237 subtitle text = STRING_TOKEN(STR_NULL);\r
238 label FORMID_ENROLL_KEK_FORM;\r
239 label LABEL_END;\r
240 subtitle text = STRING_TOKEN(STR_NULL);\r
241\r
242 string varid = SECUREBOOT_CONFIGURATION.SignatureGuid,\r
243 prompt = STRING_TOKEN(STR_SECURE_BOOT_SIGNATURE_GUID),\r
244 help = STRING_TOKEN(STR_SECURE_BOOT_SIGNATURE_GUID_HELP),\r
245 flags = INTERACTIVE,\r
246 key = KEY_SECURE_BOOT_KEK_GUID,\r
247 minsize = SECURE_BOOT_GUID_SIZE,\r
248 maxsize = SECURE_BOOT_GUID_SIZE,\r
249 endstring;\r
250\r
251 subtitle text = STRING_TOKEN(STR_NULL);\r
252 subtitle text = STRING_TOKEN(STR_NULL);\r
253\r
254 goto FORMID_SECURE_BOOT_OPTION_FORM,\r
255 prompt = STRING_TOKEN(STR_SAVE_AND_EXIT),\r
256 help = STRING_TOKEN(STR_SAVE_AND_EXIT),\r
257 flags = INTERACTIVE,\r
258 key = KEY_VALUE_SAVE_AND_EXIT_KEK;\r
20333c6d 259\r
ecc722ad 260 goto FORMID_SECURE_BOOT_OPTION_FORM,\r
261 prompt = STRING_TOKEN(STR_NO_SAVE_AND_EXIT),\r
262 help = STRING_TOKEN(STR_NO_SAVE_AND_EXIT),\r
263 flags = INTERACTIVE,\r
264 key = KEY_VALUE_NO_SAVE_AND_EXIT_KEK;\r
265\r
266 endform;\r
267\r
268 //\r
269 // ##7 Form: 'Delete KEK'\r
20333c6d 270 //\r
ecc722ad 271 form formid = FORMID_DELETE_KEK_FORM,\r
272 title = STRING_TOKEN(STR_DELETE_KEK_TITLE);\r
273\r
274 label LABEL_KEK_DELETE;\r
275 label LABEL_END;\r
20333c6d 276\r
ecc722ad 277 subtitle text = STRING_TOKEN(STR_NULL);\r
20333c6d 278\r
ecc722ad 279 endform;\r
280\r
281 //\r
282 // ##8 Form: 'DB Options'\r
283 //\r
284 form formid = FORMID_SECURE_BOOT_DB_OPTION_FORM,\r
285 title = STRING_TOKEN(STR_SECURE_BOOT_DB_OPTION);\r
286\r
287 subtitle text = STRING_TOKEN(STR_NULL);\r
288\r
289 goto SECUREBOOT_ENROLL_SIGNATURE_TO_DB,\r
290 prompt = STRING_TOKEN (STR_SECURE_BOOT_ENROLL_SIGNATURE),\r
291 help = STRING_TOKEN (STR_SECURE_BOOT_ENROLL_SIGNATURE),\r
292 flags = 0;\r
293\r
294 subtitle text = STRING_TOKEN(STR_NULL);\r
295\r
296 goto SECUREBOOT_DELETE_SIGNATURE_FROM_DB,\r
297 prompt = STRING_TOKEN (STR_SECURE_BOOT_DELETE_SIGNATURE),\r
298 help = STRING_TOKEN (STR_SECURE_BOOT_DELETE_SIGNATURE),\r
299 flags = INTERACTIVE,\r
300 key = SECUREBOOT_DELETE_SIGNATURE_FROM_DB;\r
20333c6d 301\r
ecc722ad 302 endform;\r
303\r
304 //\r
305 // ##9 Form: 'DBX Options'\r
306 //\r
307 form formid = FORMID_SECURE_BOOT_DBX_OPTION_FORM,\r
308 title = STRING_TOKEN(STR_SECURE_BOOT_DBX_OPTION);\r
309\r
310 subtitle text = STRING_TOKEN(STR_NULL);\r
311\r
312 goto SECUREBOOT_ENROLL_SIGNATURE_TO_DBX,\r
313 prompt = STRING_TOKEN (STR_SECURE_BOOT_ENROLL_SIGNATURE),\r
314 help = STRING_TOKEN (STR_SECURE_BOOT_ENROLL_SIGNATURE),\r
315 flags = 0;\r
316\r
317 subtitle text = STRING_TOKEN(STR_NULL);\r
318\r
85974aef 319 goto SECUREBOOT_DELETE_SIGNATURE_LIST_FORM,\r
ecc722ad 320 prompt = STRING_TOKEN (STR_SECURE_BOOT_DELETE_SIGNATURE),\r
321 help = STRING_TOKEN (STR_SECURE_BOOT_DELETE_SIGNATURE),\r
322 flags = INTERACTIVE,\r
85974aef 323 key = KEY_VALUE_FROM_DBX_TO_LIST_FORM;\r
ecc722ad 324\r
325 endform;\r
326\r
20333c6d
QL		 327 //\r
328 // ##9 Form: 'DBT Options'\r
329 //\r
330 form formid = FORMID_SECURE_BOOT_DBT_OPTION_FORM,\r
331 title = STRING_TOKEN(STR_SECURE_BOOT_DBT_OPTION);\r
332\r
333 subtitle text = STRING_TOKEN(STR_NULL);\r
334\r
335 goto SECUREBOOT_ENROLL_SIGNATURE_TO_DBT,\r
336 prompt = STRING_TOKEN (STR_SECURE_BOOT_ENROLL_SIGNATURE),\r
337 help = STRING_TOKEN (STR_SECURE_BOOT_ENROLL_SIGNATURE),\r
338 flags = 0;\r
339\r
340 subtitle text = STRING_TOKEN(STR_NULL);\r
341\r
342 goto SECUREBOOT_DELETE_SIGNATURE_FROM_DBT,\r
343 prompt = STRING_TOKEN (STR_SECURE_BOOT_DELETE_SIGNATURE),\r
344 help = STRING_TOKEN (STR_SECURE_BOOT_DELETE_SIGNATURE),\r
345 flags = INTERACTIVE,\r
346 key = SECUREBOOT_DELETE_SIGNATURE_FROM_DBT;\r
347\r
348 endform;\r
349\r
ecc722ad 350 //\r
351 // Form: 'Delete Signature' for DB Options.\r
352 //\r
353 form formid = SECUREBOOT_DELETE_SIGNATURE_FROM_DB,\r
354 title = STRING_TOKEN(STR_SECURE_BOOT_DELETE_SIGNATURE);\r
355\r
356 label LABEL_DB_DELETE;\r
357 label LABEL_END;\r
358 subtitle text = STRING_TOKEN(STR_NULL);\r
20333c6d 359\r
ecc722ad 360 endform;\r
361\r
362 //\r
85974aef 363 // Form: Display Signature List.\r
ecc722ad 364 //\r
85974aef 365 form formid = SECUREBOOT_DELETE_SIGNATURE_LIST_FORM,\r
366 title = STRING_TOKEN(STR_SECURE_BOOT_DELETE_LIST_FORM);\r
367\r
368 subtitle text = STRING_TOKEN(STR_NULL);\r
369\r
370 grayoutif ideqval SECUREBOOT_CONFIGURATION.ListCount == 0;\r
371 label LABEL_DELETE_ALL_LIST_BUTTON;\r
372 //\r
373 // Will create a goto button dynamically here.\r
374 //\r
375 label LABEL_END;\r
376 endif;\r
377\r
378 subtitle text = STRING_TOKEN(STR_NULL);\r
379 label LABEL_SIGNATURE_LIST_START;\r
380 label LABEL_END;\r
381 subtitle text = STRING_TOKEN(STR_NULL);\r
ecc722ad 382\r
85974aef 383 endform;\r
384\r
385 //\r
386 // Form: Display Signature Data.\r
387 //\r
388 form formid = SECUREBOOT_DELETE_SIGNATURE_DATA_FORM,\r
389 title = STRING_TOKEN(STR_SECURE_BOOT_DELETE_DATA_FORM);\r
390\r
391 subtitle text = STRING_TOKEN(STR_NULL);\r
392\r
393 goto SECUREBOOT_DELETE_SIGNATURE_LIST_FORM,\r
394 prompt = STRING_TOKEN(STR_SECURE_BOOT_DELETE_ALL_DATA),\r
395 help = STRING_TOKEN(STR_SECURE_BOOT_DELETE_ALL_DATA_HELP),\r
396 flags = INTERACTIVE,\r
397 key = KEY_SECURE_BOOT_DELETE_ALL_DATA;\r
398\r
399 grayoutif ideqval SECUREBOOT_CONFIGURATION.CheckedDataCount == 0;\r
400 goto SECUREBOOT_DELETE_SIGNATURE_LIST_FORM,\r
401 prompt = STRING_TOKEN(STR_SECURE_BOOT_DELETE_CHECK_DATA),\r
402 help = STRING_TOKEN(STR_SECURE_BOOT_DELETE_CHECK_DATA_HELP),\r
403 flags = INTERACTIVE,\r
404 key = KEY_SECURE_BOOT_DELETE_CHECK_DATA;\r
405 endif;\r
406\r
407 subtitle text = STRING_TOKEN(STR_NULL);\r
408 label LABEL_SIGNATURE_DATA_START;\r
ecc722ad 409 label LABEL_END;\r
410 subtitle text = STRING_TOKEN(STR_NULL);\r
20333c6d
QL		 411\r
412 endform;\r
413\r
85974aef 414\r
20333c6d
QL		 415 //\r
416 // Form: 'Delete Signature' for DBT Options.\r
417 //\r
418 form formid = SECUREBOOT_DELETE_SIGNATURE_FROM_DBT,\r
419 title = STRING_TOKEN(STR_SECURE_BOOT_DELETE_SIGNATURE);\r
420\r
421 label LABEL_DBT_DELETE;\r
422 label LABEL_END;\r
423 subtitle text = STRING_TOKEN(STR_NULL);\r
424\r
ecc722ad 425 endform;\r
426\r
427 //\r
428 // Form: 'Enroll Signature' for DB options.\r
429 //\r
430 form formid = SECUREBOOT_ENROLL_SIGNATURE_TO_DB,\r
431 title = STRING_TOKEN(STR_SECURE_BOOT_ENROLL_SIGNATURE);\r
432\r
433 subtitle text = STRING_TOKEN(STR_NULL);\r
434\r
762d8ddb 435 goto SECUREBOOT_ENROLL_SIGNATURE_TO_DB,\r
ecc722ad 436 prompt = STRING_TOKEN(STR_SECURE_BOOT_ADD_SIGNATURE_FILE),\r
437 help = STRING_TOKEN(STR_SECURE_BOOT_ADD_SIGNATURE_FILE),\r
438 flags = INTERACTIVE,\r
439 key = SECUREBOOT_ENROLL_SIGNATURE_TO_DB;\r
440\r
441 subtitle text = STRING_TOKEN(STR_NULL);\r
442 label SECUREBOOT_ENROLL_SIGNATURE_TO_DB;\r
443 label LABEL_END;\r
444 subtitle text = STRING_TOKEN(STR_NULL);\r
445\r
446 string varid = SECUREBOOT_CONFIGURATION.SignatureGuid,\r
447 prompt = STRING_TOKEN(STR_SECURE_BOOT_SIGNATURE_GUID),\r
448 help = STRING_TOKEN(STR_SECURE_BOOT_SIGNATURE_GUID_HELP),\r
449 flags = INTERACTIVE,\r
450 key = KEY_SECURE_BOOT_SIGNATURE_GUID_DB,\r
451 minsize = SECURE_BOOT_GUID_SIZE,\r
452 maxsize = SECURE_BOOT_GUID_SIZE,\r
453 endstring;\r
454\r
455 subtitle text = STRING_TOKEN(STR_NULL);\r
456 subtitle text = STRING_TOKEN(STR_NULL);\r
457\r
458 goto FORMID_SECURE_BOOT_OPTION_FORM,\r
459 prompt = STRING_TOKEN(STR_SAVE_AND_EXIT),\r
460 help = STRING_TOKEN(STR_SAVE_AND_EXIT),\r
461 flags = INTERACTIVE,\r
462 key = KEY_VALUE_SAVE_AND_EXIT_DB;\r
20333c6d 463\r
ecc722ad 464 goto FORMID_SECURE_BOOT_OPTION_FORM,\r
465 prompt = STRING_TOKEN(STR_NO_SAVE_AND_EXIT),\r
466 help = STRING_TOKEN(STR_NO_SAVE_AND_EXIT),\r
467 flags = INTERACTIVE,\r
468 key = KEY_VALUE_NO_SAVE_AND_EXIT_DB;\r
469\r
470 endform;\r
471\r
472 //\r
473 // Form: 'Enroll Signature' for DBX options.\r
474 //\r
475 form formid = SECUREBOOT_ENROLL_SIGNATURE_TO_DBX,\r
476 title = STRING_TOKEN(STR_SECURE_BOOT_ENROLL_SIGNATURE);\r
477\r
478 subtitle text = STRING_TOKEN(STR_NULL);\r
479\r
762d8ddb 480 goto SECUREBOOT_ENROLL_SIGNATURE_TO_DBX,\r
ecc722ad 481 prompt = STRING_TOKEN(STR_SECURE_BOOT_ADD_SIGNATURE_FILE),\r
482 help = STRING_TOKEN(STR_SECURE_BOOT_ADD_SIGNATURE_FILE),\r
483 flags = INTERACTIVE,\r
484 key = SECUREBOOT_ENROLL_SIGNATURE_TO_DBX;\r
485\r
ecc722ad 486 label SECUREBOOT_ENROLL_SIGNATURE_TO_DBX;\r
487 label LABEL_END;\r
488 subtitle text = STRING_TOKEN(STR_NULL);\r
489\r
4de754e1
ZC		 490 grayoutif ideqval SECUREBOOT_CONFIGURATION.FileEnrollType == 3;\r
491 string varid = SECUREBOOT_CONFIGURATION.SignatureGuid,\r
492 prompt = STRING_TOKEN(STR_SECURE_BOOT_SIGNATURE_GUID),\r
493 help = STRING_TOKEN(STR_SECURE_BOOT_SIGNATURE_GUID_HELP),\r
494 flags = INTERACTIVE,\r
495 key = KEY_SECURE_BOOT_SIGNATURE_GUID_DBX,\r
496 minsize = SECURE_BOOT_GUID_SIZE,\r
497 maxsize = SECURE_BOOT_GUID_SIZE,\r
498 endstring;\r
499 endif;\r
ecc722ad 500\r
4de754e1
ZC		 501 disableif NOT ideqval SECUREBOOT_CONFIGURATION.FileEnrollType == 1;\r
502 oneof name = X509SignatureFormatInDbx,\r
503 varid = SECUREBOOT_CONFIGURATION.CertificateFormat,\r
504 prompt = STRING_TOKEN(STR_DBX_CERTIFICATE_FORMAT_PROMPT),\r
505 help = STRING_TOKEN(STR_DBX_CERTIFICATE_FORMAT_HELP),\r
506 option text = STRING_TOKEN(STR_DBX_CERTIFICATE_FORMAT_SHA256), value = 0x1, flags = DEFAULT;\r
507 option text = STRING_TOKEN(STR_DBX_CERTIFICATE_FORMAT_SHA384), value = 0x2, flags = 0;\r
508 option text = STRING_TOKEN(STR_DBX_CERTIFICATE_FORMAT_SHA512), value = 0x3, flags = 0;\r
509 option text = STRING_TOKEN(STR_DBX_CERTIFICATE_FORMAT_RAW), value = 0x4, flags = 0;\r
510 endoneof;\r
511 endif;\r
512\r
513 disableif NOT ideqval SECUREBOOT_CONFIGURATION.FileEnrollType == 2;\r
514 text\r
515 help = STRING_TOKEN(STR_DBX_PE_IMAGE_FORMAT_HELP), // Help string\r
516 text = STRING_TOKEN(STR_DBX_CERTIFICATE_FORMAT_PROMPT), // Prompt string\r
517 text = STRING_TOKEN(STR_DBX_PE_FORMAT_SHA256); // PE image type\r
518 endif;\r
519\r
520 disableif NOT ideqval SECUREBOOT_CONFIGURATION.FileEnrollType == 3;\r
521 text\r
522 help = STRING_TOKEN(STR_DBX_AUTH_2_FORMAT_HELP), // Help string\r
523 text = STRING_TOKEN(STR_DBX_CERTIFICATE_FORMAT_PROMPT), // Prompt string\r
524 text = STRING_TOKEN(STR_DBX_AUTH_2_FORMAT); // AUTH_2 image type\r
525 endif;\r
20333c6d 526\r
e9429e79 527 suppressif ideqval SECUREBOOT_CONFIGURATION.CertificateFormat == 4;\r
20333c6d
QL		 528 checkbox varid = SECUREBOOT_CONFIGURATION.AlwaysRevocation,\r
529 prompt = STRING_TOKEN(STR_ALWAYS_CERTIFICATE_REVOCATION_PROMPT),\r
530 help = STRING_TOKEN(STR_ALWAYS_CERTIFICATE_REVOCATION_HELP),\r
531 flags = INTERACTIVE,\r
532 endcheckbox;\r
533\r
534 suppressif ideqval SECUREBOOT_CONFIGURATION.AlwaysRevocation == 1;\r
535 date varid = SECUREBOOT_CONFIGURATION.RevocationDate,\r
536 prompt = STRING_TOKEN(STR_CERTIFICATE_REVOCATION_DATE_PROMPT),\r
537 help = STRING_TOKEN(STR_CERTIFICATE_REVOCATION_DATE_HELP),\r
538 flags = STORAGE_NORMAL,\r
539 enddate;\r
540\r
541 time varid = SECUREBOOT_CONFIGURATION.RevocationTime,\r
542 prompt = STRING_TOKEN(STR_CERTIFICATE_REVOCATION_TIME_PROMPT),\r
543 help = STRING_TOKEN(STR_CERTIFICATE_REVOCATION_TIME_HELP),\r
544 flags = STORAGE_NORMAL,\r
545 endtime;\r
546 endif;\r
547 endif;\r
548\r
ecc722ad 549 subtitle text = STRING_TOKEN(STR_NULL);\r
550 subtitle text = STRING_TOKEN(STR_NULL);\r
551\r
552 goto FORMID_SECURE_BOOT_OPTION_FORM,\r
553 prompt = STRING_TOKEN(STR_SAVE_AND_EXIT),\r
554 help = STRING_TOKEN(STR_SAVE_AND_EXIT),\r
555 flags = INTERACTIVE,\r
556 key = KEY_VALUE_SAVE_AND_EXIT_DBX;\r
20333c6d 557\r
ecc722ad 558 goto FORMID_SECURE_BOOT_OPTION_FORM,\r
559 prompt = STRING_TOKEN(STR_NO_SAVE_AND_EXIT),\r
560 help = STRING_TOKEN(STR_NO_SAVE_AND_EXIT),\r
561 flags = INTERACTIVE,\r
562 key = KEY_VALUE_NO_SAVE_AND_EXIT_DBX;\r
563\r
564 endform;\r
565\r
20333c6d
QL		 566 //\r
567 // Form: 'Enroll Signature' for DBT options.\r
568 //\r
569 form formid = SECUREBOOT_ENROLL_SIGNATURE_TO_DBT,\r
570 title = STRING_TOKEN(STR_SECURE_BOOT_ENROLL_SIGNATURE);\r
571\r
572 subtitle text = STRING_TOKEN(STR_NULL);\r
573\r
762d8ddb 574 goto SECUREBOOT_ENROLL_SIGNATURE_TO_DBT,\r
20333c6d
QL		 575 prompt = STRING_TOKEN(STR_SECURE_BOOT_ADD_SIGNATURE_FILE),\r
576 help = STRING_TOKEN(STR_SECURE_BOOT_ADD_SIGNATURE_FILE),\r
577 flags = INTERACTIVE,\r
578 key = SECUREBOOT_ENROLL_SIGNATURE_TO_DBT;\r
579\r
580 subtitle text = STRING_TOKEN(STR_NULL);\r
581 label SECUREBOOT_ENROLL_SIGNATURE_TO_DBT;\r
582 label LABEL_END;\r
583 subtitle text = STRING_TOKEN(STR_NULL);\r
584\r
585 string varid = SECUREBOOT_CONFIGURATION.SignatureGuid,\r
586 prompt = STRING_TOKEN(STR_SECURE_BOOT_SIGNATURE_GUID),\r
587 help = STRING_TOKEN(STR_SECURE_BOOT_SIGNATURE_GUID_HELP),\r
588 flags = INTERACTIVE,\r
589 key = KEY_SECURE_BOOT_SIGNATURE_GUID_DBT,\r
590 minsize = SECURE_BOOT_GUID_SIZE,\r
591 maxsize = SECURE_BOOT_GUID_SIZE,\r
592 endstring;\r
593\r
594 subtitle text = STRING_TOKEN(STR_NULL);\r
595 subtitle text = STRING_TOKEN(STR_NULL);\r
596\r
597 goto FORMID_SECURE_BOOT_OPTION_FORM,\r
598 prompt = STRING_TOKEN(STR_SAVE_AND_EXIT),\r
599 help = STRING_TOKEN(STR_SAVE_AND_EXIT),\r
600 flags = INTERACTIVE,\r
601 key = KEY_VALUE_SAVE_AND_EXIT_DBT;\r
602\r
603 goto FORMID_SECURE_BOOT_OPTION_FORM,\r
604 prompt = STRING_TOKEN(STR_NO_SAVE_AND_EXIT),\r
605 help = STRING_TOKEN(STR_NO_SAVE_AND_EXIT),\r
606 flags = INTERACTIVE,\r
607 key = KEY_VALUE_NO_SAVE_AND_EXIT_DBT;\r
608\r
609 endform;\r
610\r
b3548d32 611endformset;\r
EFI Development Kit II mirror for PVE