]> git.proxmox.com Git - mirror_edk2.git/blame - SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfig.vfr
projects / mirror_edk2.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
SecurityPkg: SecureBootConfigDxe: SecureBoot UI for Customized SecureBoot Mode
[mirror_edk2.git] / SecurityPkg / VariableAuthenticated / SecureBootConfigDxe / SecureBootConfig.vfr
CommitLineData
beda2356 1/** @file\r
2 VFR file used by the SecureBoot configuration component.\r
3\r
96832eef 4Copyright (c) 2011 - 2015, Intel Corporation. All rights reserved.<BR>\r
20333c6d
QL		 5This program and the accompanying materials\r
6are licensed and made available under the terms and conditions of the BSD License\r
7which accompanies this distribution. The full text of the license may be found at\r
beda2356 8http://opensource.org/licenses/bsd-license.php\r
9\r
20333c6d 10THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,\r
beda2356 11WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
12\r
13**/\r
14\r
15#include "SecureBootConfigNvData.h"\r
16\r
17formset\r
18 guid = SECUREBOOT_CONFIG_FORM_SET_GUID,\r
19 title = STRING_TOKEN(STR_SECUREBOOT_TITLE),\r
20 help = STRING_TOKEN(STR_SECUREBOOT_HELP),\r
21 classguid = EFI_HII_PLATFORM_SETUP_FORMSET_GUID,\r
22\r
23 varstore SECUREBOOT_CONFIGURATION,\r
24 varid = SECUREBOOT_CONFIGURATION_VARSTORE_ID,\r
25 name = SECUREBOOT_CONFIGURATION,\r
26 guid = SECUREBOOT_CONFIG_FORM_SET_GUID;\r
20333c6d 27\r
ecc722ad 28 //\r
29 // ##1 Form "Secure Boot Configuration"\r
30 //\r
beda2356 31 form formid = SECUREBOOT_CONFIGURATION_FORM_ID,\r
32 title = STRING_TOKEN(STR_SECUREBOOT_TITLE);\r
33\r
34 subtitle text = STRING_TOKEN(STR_NULL);\r
f71ed839 35\r
96832eef
CZ		 36 //\r
37 // Display current secure boot mode(one of SetupMode/AuditMode/UserMode/DeployedMode)\r
38 //\r
39 text\r
40 help = STRING_TOKEN(STR_CUR_SECURE_BOOT_MODE_HELP),\r
41 text = STRING_TOKEN(STR_CUR_SECURE_BOOT_MODE_PROMPT),\r
42 text = STRING_TOKEN(STR_CUR_SECURE_BOOT_MODE_CONTENT);\r
43\r
f71ed839 44 text\r
45 help = STRING_TOKEN(STR_SECURE_BOOT_STATE_HELP),\r
46 text = STRING_TOKEN(STR_SECURE_BOOT_STATE_PROMPT),\r
47 text = STRING_TOKEN(STR_SECURE_BOOT_STATE_CONTENT);\r
20333c6d 48\r
ecc722ad 49 //\r
50 // Define of Check Box: Attempt Secure Boot\r
51 //\r
beda2356 52 suppressif TRUE;\r
53 checkbox varid = SECUREBOOT_CONFIGURATION.HideSecureBoot,\r
a2f2c258 54 questionid = KEY_HIDE_SECURE_BOOT,\r
beda2356 55 prompt = STRING_TOKEN(STR_NULL),\r
56 help = STRING_TOKEN(STR_NULL),\r
a2f2c258 57 flags = INTERACTIVE,\r
beda2356 58 endcheckbox;\r
20333c6d
QL		 59 endif;\r
60\r
ecc722ad 61 //\r
62 // Display of Check Box: Attempt Secure Boot\r
63 //\r
beda2356 64 grayoutif ideqval SECUREBOOT_CONFIGURATION.HideSecureBoot == 1;\r
f71ed839 65 checkbox varid = SECUREBOOT_CONFIGURATION.AttemptSecureBoot,\r
beda2356 66 questionid = KEY_SECURE_BOOT_ENABLE,\r
67 prompt = STRING_TOKEN(STR_SECURE_BOOT_PROMPT),\r
68 help = STRING_TOKEN(STR_SECURE_BOOT_HELP),\r
8f8ca22e 69 flags = INTERACTIVE | RESET_REQUIRED,\r
ecc722ad 70 endcheckbox;\r
71 endif;\r
20333c6d 72\r
ecc722ad 73 //\r
74 // Display of Oneof: 'Secure Boot Mode'\r
75 //\r
a365eed4
FS		 76 disableif TRUE;\r
77 oneof varid = SECUREBOOT_CONFIGURATION.SecureBootMode,\r
78 prompt = STRING_TOKEN(STR_SECURE_BOOT_MODE_PROMPT),\r
79 help = STRING_TOKEN(STR_SECURE_BOOT_MODE_HELP),\r
80 flags = INTERACTIVE,\r
81 option text = STRING_TOKEN(STR_STANDARD_MODE), value = SECURE_BOOT_MODE_STANDARD, flags = 0;\r
82 option text = STRING_TOKEN(STR_CUSTOM_MODE), value = SECURE_BOOT_MODE_CUSTOM, flags = 0;\r
83 endoneof;\r
84 endif;\r
85 oneof name = SecureBootMode,\r
20333c6d 86 questionid = KEY_SECURE_BOOT_MODE,\r
a365eed4
FS		 87 prompt = STRING_TOKEN(STR_SECURE_BOOT_MODE_PROMPT),\r
88 help = STRING_TOKEN(STR_SECURE_BOOT_MODE_HELP),\r
89 flags = INTERACTIVE | NUMERIC_SIZE_1,\r
90 option text = STRING_TOKEN(STR_STANDARD_MODE), value = SECURE_BOOT_MODE_STANDARD, flags = DEFAULT;\r
91 option text = STRING_TOKEN(STR_CUSTOM_MODE), value = SECURE_BOOT_MODE_CUSTOM, flags = 0;\r
92 endoneof;\r
20333c6d 93\r
ecc722ad 94 //\r
96832eef 95 // Display PK include page\r
ecc722ad 96 //\r
a365eed4 97 suppressif questionref(SecureBootMode) == SECURE_BOOT_MODE_STANDARD;\r
96832eef
CZ		 98 grayoutif NOT ideqval SECUREBOOT_CONFIGURATION.PhysicalPresent == 1;\r
99 goto FORMID_SECURE_BOOT_OPTION_FORM,\r
100 prompt = STRING_TOKEN(STR_SECURE_BOOT_OPTION),\r
101 help = STRING_TOKEN(STR_SECURE_BOOT_OPTION_HELP),\r
102 flags = INTERACTIVE,\r
103 key = KEY_SECURE_BOOT_OPTION;\r
104 endif;\r
ecc722ad 105 endif;\r
96832eef 106\r
ecc722ad 107 endform;\r
20333c6d 108\r
ecc722ad 109 //\r
110 // ##2 Form: 'Custom Secure Boot Options'\r
111 //\r
112 form formid = FORMID_SECURE_BOOT_OPTION_FORM,\r
113 title = STRING_TOKEN(STR_SECURE_BOOT_OPTION_TITLE);\r
20333c6d 114\r
ecc722ad 115 subtitle text = STRING_TOKEN(STR_NULL);\r
20333c6d 116\r
96832eef
CZ		 117 //\r
118 // Display of SetupMode/UserMode/AuditMode/DeployedMode transition\r
119 //\r
120 disableif TRUE;\r
121 oneof varid = SECUREBOOT_CONFIGURATION.TransSecureBootMode,\r
122 prompt = STRING_TOKEN(STR_TRANS_SECURE_BOOT_MODE_PROMPT),\r
123 help = STRING_TOKEN(STR_TRANS_SECURE_BOOT_MODE_HELP),\r
124 flags = INTERACTIVE,\r
125 suppressif ideqval SECUREBOOT_CONFIGURATION.CurSecureBootMode == SECURE_BOOT_MODE_AUDIT_MODE\r
126 OR (ideqval SECUREBOOT_CONFIGURATION.CurSecureBootMode == SECURE_BOOT_MODE_DEPLOYED_MODE AND\r
127 ideqval SECUREBOOT_CONFIGURATION.PhysicalPresent == 0);\r
128 option text = STRING_TOKEN(STR_USER_MODE), value = SECURE_BOOT_MODE_USER_MODE, flags = 0;\r
129 endif\r
130 suppressif ideqval SECUREBOOT_CONFIGURATION.CurSecureBootMode == SECURE_BOOT_MODE_AUDIT_MODE;\r
131 option text = STRING_TOKEN(STR_SETUP_MODE), value = SECURE_BOOT_MODE_SETUP_MODE, flags = 0;\r
132 endif\r
133 suppressif ideqval SECUREBOOT_CONFIGURATION.CurSecureBootMode == SECURE_BOOT_MODE_DEPLOYED_MODE;\r
134 option text = STRING_TOKEN(STR_AUDIT_MODE), value = SECURE_BOOT_MODE_AUDIT_MODE, flags = 0;\r
135 endif\r
136 suppressif ideqval SECUREBOOT_CONFIGURATION.CurSecureBootMode == SECURE_BOOT_MODE_SETUP_MODE;\r
137 option text = STRING_TOKEN(STR_DEPLOYED_MODE), value = SECURE_BOOT_MODE_DEPLOYED_MODE, flags = 0;\r
138 endif\r
139 option text = STRING_TOKEN(STR_DEPLOYED_MODE), value = 4, flags = 0;\r
140 endoneof;\r
141 endif;\r
142 oneof name = TransSecureBootMode,\r
143 questionid = KEY_TRANS_SECURE_BOOT_MODE,\r
144 prompt = STRING_TOKEN(STR_TRANS_SECURE_BOOT_MODE_PROMPT),\r
145 help = STRING_TOKEN(STR_TRANS_SECURE_BOOT_MODE_HELP),\r
146 flags = INTERACTIVE | NUMERIC_SIZE_1,\r
147 suppressif ideqval SECUREBOOT_CONFIGURATION.CurSecureBootMode == SECURE_BOOT_MODE_AUDIT_MODE \r
148 OR (ideqval SECUREBOOT_CONFIGURATION.CurSecureBootMode == SECURE_BOOT_MODE_DEPLOYED_MODE AND\r
149 ideqval SECUREBOOT_CONFIGURATION.PhysicalPresent == 0);\r
150 option text = STRING_TOKEN(STR_USER_MODE), value = SECURE_BOOT_MODE_USER_MODE, flags = 0;\r
151 endif\r
152 suppressif ideqval SECUREBOOT_CONFIGURATION.CurSecureBootMode == SECURE_BOOT_MODE_AUDIT_MODE;\r
153 option text = STRING_TOKEN(STR_SETUP_MODE), value = SECURE_BOOT_MODE_SETUP_MODE, flags = 0;\r
154 endif\r
155 suppressif ideqval SECUREBOOT_CONFIGURATION.CurSecureBootMode == SECURE_BOOT_MODE_DEPLOYED_MODE;\r
156 option text = STRING_TOKEN(STR_AUDIT_MODE), value = SECURE_BOOT_MODE_AUDIT_MODE, flags = 0;\r
157 endif\r
158 suppressif ideqval SECUREBOOT_CONFIGURATION.CurSecureBootMode == SECURE_BOOT_MODE_SETUP_MODE;\r
159 option text = STRING_TOKEN(STR_DEPLOYED_MODE), value = SECURE_BOOT_MODE_DEPLOYED_MODE, flags = 0;\r
160 endif\r
161\r
162 endoneof;\r
163\r
164 subtitle text = STRING_TOKEN(STR_NULL);\r
165\r
ecc722ad 166 goto FORMID_SECURE_BOOT_PK_OPTION_FORM,\r
167 prompt = STRING_TOKEN(STR_SECURE_BOOT_PK_OPTION),\r
168 help = STRING_TOKEN(STR_SECURE_BOOT_PK_OPTION_HELP),\r
169 flags = INTERACTIVE,\r
170 key = KEY_SECURE_BOOT_PK_OPTION;\r
20333c6d 171\r
ecc722ad 172 subtitle text = STRING_TOKEN(STR_NULL);\r
20333c6d 173\r
ecc722ad 174 goto FORMID_SECURE_BOOT_KEK_OPTION_FORM,\r
175 prompt = STRING_TOKEN(STR_SECURE_BOOT_KEK_OPTION),\r
176 help = STRING_TOKEN(STR_SECURE_BOOT_KEK_OPTION_HELP),\r
177 flags = INTERACTIVE,\r
178 key = KEY_SECURE_BOOT_KEK_OPTION;\r
20333c6d 179\r
ecc722ad 180 subtitle text = STRING_TOKEN(STR_NULL);\r
20333c6d 181\r
ecc722ad 182 goto FORMID_SECURE_BOOT_DB_OPTION_FORM,\r
183 prompt = STRING_TOKEN(STR_SECURE_BOOT_DB_OPTION),\r
184 help = STRING_TOKEN(STR_SECURE_BOOT_DB_OPTION_HELP),\r
185 flags = INTERACTIVE,\r
186 key = KEY_SECURE_BOOT_DB_OPTION;\r
20333c6d 187\r
ecc722ad 188 subtitle text = STRING_TOKEN(STR_NULL);\r
20333c6d 189\r
ecc722ad 190 goto FORMID_SECURE_BOOT_DBX_OPTION_FORM,\r
191 prompt = STRING_TOKEN(STR_SECURE_BOOT_DBX_OPTION),\r
192 help = STRING_TOKEN(STR_SECURE_BOOT_DBX_OPTION_HELP),\r
193 flags = INTERACTIVE,\r
194 key = KEY_SECURE_BOOT_DBX_OPTION;\r
195\r
20333c6d
QL		 196 subtitle text = STRING_TOKEN(STR_NULL);\r
197\r
198 goto FORMID_SECURE_BOOT_DBT_OPTION_FORM,\r
199 prompt = STRING_TOKEN(STR_SECURE_BOOT_DBT_OPTION),\r
200 help = STRING_TOKEN(STR_SECURE_BOOT_DBT_OPTION_HELP),\r
201 flags = INTERACTIVE,\r
202 key = KEY_SECURE_BOOT_DBT_OPTION;\r
203\r
ecc722ad 204 endform;\r
20333c6d 205\r
ecc722ad 206 //\r
207 // ##3 Form: 'PK Options'\r
208 //\r
209 form formid = FORMID_SECURE_BOOT_PK_OPTION_FORM,\r
210 title = STRING_TOKEN(STR_SECURE_BOOT_PK_OPTION);\r
20333c6d 211\r
ecc722ad 212 subtitle text = STRING_TOKEN(STR_NULL);\r
20333c6d 213\r
ecc722ad 214 //\r
215 // Define of Check Box: 'Delete PK'\r
216 //\r
217 suppressif TRUE;\r
218 checkbox varid = SECUREBOOT_CONFIGURATION.DeletePk,\r
219 prompt = STRING_TOKEN(STR_NULL),\r
220 help = STRING_TOKEN(STR_NULL),\r
221 endcheckbox;\r
222 endif;\r
20333c6d 223\r
ecc722ad 224 grayoutif ideqval SECUREBOOT_CONFIGURATION.HasPk == 1;\r
225 goto FORMID_ENROLL_PK_FORM,\r
226 prompt = STRING_TOKEN(STR_ENROLL_PK),\r
227 help = STRING_TOKEN(STR_ENROLL_PK_HELP),\r
228 flags = INTERACTIVE,\r
229 key = KEY_ENROLL_PK;\r
230 endif;\r
20333c6d 231\r
ecc722ad 232 subtitle text = STRING_TOKEN(STR_NULL);\r
20333c6d 233\r
ecc722ad 234 //\r
20333c6d 235 // Display of Check Box: 'Delete Pk'\r
ecc722ad 236 //\r
237 grayoutif ideqval SECUREBOOT_CONFIGURATION.HideSecureBoot == 1;\r
238 checkbox varid = SECUREBOOT_CONFIGURATION.DeletePk,\r
239 questionid = KEY_SECURE_BOOT_DELETE_PK,\r
20333c6d 240 prompt = STRING_TOKEN(STR_DELETE_PK),\r
ecc722ad 241 help = STRING_TOKEN(STR_DELETE_PK_HELP),\r
0fb450fb 242 flags = INTERACTIVE | RESET_REQUIRED,\r
beda2356 243 endcheckbox;\r
244 endif;\r
ecc722ad 245 endform;\r
20333c6d 246\r
ecc722ad 247 //\r
248 // ##4 Form: 'Enroll PK'\r
249 //\r
250 form formid = FORMID_ENROLL_PK_FORM,\r
251 title = STRING_TOKEN(STR_ENROLL_PK);\r
20333c6d 252\r
ecc722ad 253 subtitle text = STRING_TOKEN(STR_NULL);\r
254\r
255 goto FORM_FILE_EXPLORER_ID_PK,\r
256 prompt = STRING_TOKEN(STR_SECURE_BOOT_ENROLL_PK_FILE),\r
257 help = STRING_TOKEN(STR_SECURE_BOOT_ENROLL_PK_FILE),\r
258 flags = INTERACTIVE,\r
259 key = SECUREBOOT_ADD_PK_FILE_FORM_ID;\r
260 endform;\r
20333c6d 261\r
ecc722ad 262 //\r
263 // ##5 Form: 'KEK Options'\r
264 //\r
265 form formid = FORMID_SECURE_BOOT_KEK_OPTION_FORM,\r
266 title = STRING_TOKEN(STR_SECURE_BOOT_KEK_OPTION);\r
267\r
268 //\r
20333c6d 269 // Display of 'Enroll KEK'\r
ecc722ad 270 //\r
271 goto FORMID_ENROLL_KEK_FORM,\r
272 prompt = STRING_TOKEN(STR_ENROLL_KEK),\r
273 help = STRING_TOKEN(STR_ENROLL_KEK_HELP),\r
274 flags = INTERACTIVE;\r
20333c6d
QL		 275\r
276 subtitle text = STRING_TOKEN(STR_NULL);\r
277\r
ecc722ad 278 //\r
20333c6d 279 // Display of 'Delete KEK'\r
ecc722ad 280 //\r
281 goto FORMID_DELETE_KEK_FORM,\r
282 prompt = STRING_TOKEN(STR_DELETE_KEK),\r
283 help = STRING_TOKEN(STR_DELETE_KEK_HELP),\r
284 flags = INTERACTIVE,\r
285 key = KEY_DELETE_KEK;\r
20333c6d
QL		 286\r
287 subtitle text = STRING_TOKEN(STR_NULL);\r
ecc722ad 288 endform;\r
289\r
290 //\r
20333c6d 291 // ##6 Form: 'Enroll KEK'\r
ecc722ad 292 //\r
293 form formid = FORMID_ENROLL_KEK_FORM,\r
294 title = STRING_TOKEN(STR_ENROLL_KEK_TITLE);\r
295\r
296 subtitle text = STRING_TOKEN(STR_NULL);\r
297\r
298 goto FORM_FILE_EXPLORER_ID_KEK,\r
299 prompt = STRING_TOKEN(STR_FORM_ENROLL_KEK_FROM_FILE_TITLE),\r
300 help = STRING_TOKEN(STR_FORM_ENROLL_KEK_FROM_FILE_TITLE_HELP),\r
301 flags = INTERACTIVE,\r
302 key = FORMID_ENROLL_KEK_FORM;\r
303\r
304 subtitle text = STRING_TOKEN(STR_NULL);\r
305 label FORMID_ENROLL_KEK_FORM;\r
306 label LABEL_END;\r
307 subtitle text = STRING_TOKEN(STR_NULL);\r
308\r
309 string varid = SECUREBOOT_CONFIGURATION.SignatureGuid,\r
310 prompt = STRING_TOKEN(STR_SECURE_BOOT_SIGNATURE_GUID),\r
311 help = STRING_TOKEN(STR_SECURE_BOOT_SIGNATURE_GUID_HELP),\r
312 flags = INTERACTIVE,\r
313 key = KEY_SECURE_BOOT_KEK_GUID,\r
314 minsize = SECURE_BOOT_GUID_SIZE,\r
315 maxsize = SECURE_BOOT_GUID_SIZE,\r
316 endstring;\r
317\r
318 subtitle text = STRING_TOKEN(STR_NULL);\r
319 subtitle text = STRING_TOKEN(STR_NULL);\r
320\r
321 goto FORMID_SECURE_BOOT_OPTION_FORM,\r
322 prompt = STRING_TOKEN(STR_SAVE_AND_EXIT),\r
323 help = STRING_TOKEN(STR_SAVE_AND_EXIT),\r
324 flags = INTERACTIVE,\r
325 key = KEY_VALUE_SAVE_AND_EXIT_KEK;\r
20333c6d 326\r
ecc722ad 327 goto FORMID_SECURE_BOOT_OPTION_FORM,\r
328 prompt = STRING_TOKEN(STR_NO_SAVE_AND_EXIT),\r
329 help = STRING_TOKEN(STR_NO_SAVE_AND_EXIT),\r
330 flags = INTERACTIVE,\r
331 key = KEY_VALUE_NO_SAVE_AND_EXIT_KEK;\r
332\r
333 endform;\r
334\r
335 //\r
336 // ##7 Form: 'Delete KEK'\r
20333c6d 337 //\r
ecc722ad 338 form formid = FORMID_DELETE_KEK_FORM,\r
339 title = STRING_TOKEN(STR_DELETE_KEK_TITLE);\r
340\r
341 label LABEL_KEK_DELETE;\r
342 label LABEL_END;\r
20333c6d 343\r
ecc722ad 344 subtitle text = STRING_TOKEN(STR_NULL);\r
20333c6d 345\r
ecc722ad 346 endform;\r
347\r
348 //\r
349 // ##8 Form: 'DB Options'\r
350 //\r
351 form formid = FORMID_SECURE_BOOT_DB_OPTION_FORM,\r
352 title = STRING_TOKEN(STR_SECURE_BOOT_DB_OPTION);\r
353\r
354 subtitle text = STRING_TOKEN(STR_NULL);\r
355\r
356 goto SECUREBOOT_ENROLL_SIGNATURE_TO_DB,\r
357 prompt = STRING_TOKEN (STR_SECURE_BOOT_ENROLL_SIGNATURE),\r
358 help = STRING_TOKEN (STR_SECURE_BOOT_ENROLL_SIGNATURE),\r
359 flags = 0;\r
360\r
361 subtitle text = STRING_TOKEN(STR_NULL);\r
362\r
363 goto SECUREBOOT_DELETE_SIGNATURE_FROM_DB,\r
364 prompt = STRING_TOKEN (STR_SECURE_BOOT_DELETE_SIGNATURE),\r
365 help = STRING_TOKEN (STR_SECURE_BOOT_DELETE_SIGNATURE),\r
366 flags = INTERACTIVE,\r
367 key = SECUREBOOT_DELETE_SIGNATURE_FROM_DB;\r
20333c6d 368\r
ecc722ad 369 endform;\r
370\r
371 //\r
372 // ##9 Form: 'DBX Options'\r
373 //\r
374 form formid = FORMID_SECURE_BOOT_DBX_OPTION_FORM,\r
375 title = STRING_TOKEN(STR_SECURE_BOOT_DBX_OPTION);\r
376\r
377 subtitle text = STRING_TOKEN(STR_NULL);\r
378\r
379 goto SECUREBOOT_ENROLL_SIGNATURE_TO_DBX,\r
380 prompt = STRING_TOKEN (STR_SECURE_BOOT_ENROLL_SIGNATURE),\r
381 help = STRING_TOKEN (STR_SECURE_BOOT_ENROLL_SIGNATURE),\r
382 flags = 0;\r
383\r
384 subtitle text = STRING_TOKEN(STR_NULL);\r
385\r
386 goto SECUREBOOT_DELETE_SIGNATURE_FROM_DBX,\r
387 prompt = STRING_TOKEN (STR_SECURE_BOOT_DELETE_SIGNATURE),\r
388 help = STRING_TOKEN (STR_SECURE_BOOT_DELETE_SIGNATURE),\r
389 flags = INTERACTIVE,\r
390 key = SECUREBOOT_DELETE_SIGNATURE_FROM_DBX;\r
391\r
392 endform;\r
393\r
20333c6d
QL		 394 //\r
395 // ##9 Form: 'DBT Options'\r
396 //\r
397 form formid = FORMID_SECURE_BOOT_DBT_OPTION_FORM,\r
398 title = STRING_TOKEN(STR_SECURE_BOOT_DBT_OPTION);\r
399\r
400 subtitle text = STRING_TOKEN(STR_NULL);\r
401\r
402 goto SECUREBOOT_ENROLL_SIGNATURE_TO_DBT,\r
403 prompt = STRING_TOKEN (STR_SECURE_BOOT_ENROLL_SIGNATURE),\r
404 help = STRING_TOKEN (STR_SECURE_BOOT_ENROLL_SIGNATURE),\r
405 flags = 0;\r
406\r
407 subtitle text = STRING_TOKEN(STR_NULL);\r
408\r
409 goto SECUREBOOT_DELETE_SIGNATURE_FROM_DBT,\r
410 prompt = STRING_TOKEN (STR_SECURE_BOOT_DELETE_SIGNATURE),\r
411 help = STRING_TOKEN (STR_SECURE_BOOT_DELETE_SIGNATURE),\r
412 flags = INTERACTIVE,\r
413 key = SECUREBOOT_DELETE_SIGNATURE_FROM_DBT;\r
414\r
415 endform;\r
416\r
ecc722ad 417 //\r
418 // Form: 'Delete Signature' for DB Options.\r
419 //\r
420 form formid = SECUREBOOT_DELETE_SIGNATURE_FROM_DB,\r
421 title = STRING_TOKEN(STR_SECURE_BOOT_DELETE_SIGNATURE);\r
422\r
423 label LABEL_DB_DELETE;\r
424 label LABEL_END;\r
425 subtitle text = STRING_TOKEN(STR_NULL);\r
20333c6d 426\r
ecc722ad 427 endform;\r
428\r
429 //\r
430 // Form: 'Delete Signature' for DBX Options.\r
431 //\r
432 form formid = SECUREBOOT_DELETE_SIGNATURE_FROM_DBX,\r
433 title = STRING_TOKEN(STR_SECURE_BOOT_DELETE_SIGNATURE);\r
434\r
435 label LABEL_DBX_DELETE;\r
436 label LABEL_END;\r
437 subtitle text = STRING_TOKEN(STR_NULL);\r
20333c6d
QL		 438\r
439 endform;\r
440\r
441 //\r
442 // Form: 'Delete Signature' for DBT Options.\r
443 //\r
444 form formid = SECUREBOOT_DELETE_SIGNATURE_FROM_DBT,\r
445 title = STRING_TOKEN(STR_SECURE_BOOT_DELETE_SIGNATURE);\r
446\r
447 label LABEL_DBT_DELETE;\r
448 label LABEL_END;\r
449 subtitle text = STRING_TOKEN(STR_NULL);\r
450\r
ecc722ad 451 endform;\r
452\r
453 //\r
454 // Form: 'Enroll Signature' for DB options.\r
455 //\r
456 form formid = SECUREBOOT_ENROLL_SIGNATURE_TO_DB,\r
457 title = STRING_TOKEN(STR_SECURE_BOOT_ENROLL_SIGNATURE);\r
458\r
459 subtitle text = STRING_TOKEN(STR_NULL);\r
460\r
461 goto FORM_FILE_EXPLORER_ID_DB,\r
462 prompt = STRING_TOKEN(STR_SECURE_BOOT_ADD_SIGNATURE_FILE),\r
463 help = STRING_TOKEN(STR_SECURE_BOOT_ADD_SIGNATURE_FILE),\r
464 flags = INTERACTIVE,\r
465 key = SECUREBOOT_ENROLL_SIGNATURE_TO_DB;\r
466\r
467 subtitle text = STRING_TOKEN(STR_NULL);\r
468 label SECUREBOOT_ENROLL_SIGNATURE_TO_DB;\r
469 label LABEL_END;\r
470 subtitle text = STRING_TOKEN(STR_NULL);\r
471\r
472 string varid = SECUREBOOT_CONFIGURATION.SignatureGuid,\r
473 prompt = STRING_TOKEN(STR_SECURE_BOOT_SIGNATURE_GUID),\r
474 help = STRING_TOKEN(STR_SECURE_BOOT_SIGNATURE_GUID_HELP),\r
475 flags = INTERACTIVE,\r
476 key = KEY_SECURE_BOOT_SIGNATURE_GUID_DB,\r
477 minsize = SECURE_BOOT_GUID_SIZE,\r
478 maxsize = SECURE_BOOT_GUID_SIZE,\r
479 endstring;\r
480\r
481 subtitle text = STRING_TOKEN(STR_NULL);\r
482 subtitle text = STRING_TOKEN(STR_NULL);\r
483\r
484 goto FORMID_SECURE_BOOT_OPTION_FORM,\r
485 prompt = STRING_TOKEN(STR_SAVE_AND_EXIT),\r
486 help = STRING_TOKEN(STR_SAVE_AND_EXIT),\r
487 flags = INTERACTIVE,\r
488 key = KEY_VALUE_SAVE_AND_EXIT_DB;\r
20333c6d 489\r
ecc722ad 490 goto FORMID_SECURE_BOOT_OPTION_FORM,\r
491 prompt = STRING_TOKEN(STR_NO_SAVE_AND_EXIT),\r
492 help = STRING_TOKEN(STR_NO_SAVE_AND_EXIT),\r
493 flags = INTERACTIVE,\r
494 key = KEY_VALUE_NO_SAVE_AND_EXIT_DB;\r
495\r
496 endform;\r
497\r
498 //\r
499 // Form: 'Enroll Signature' for DBX options.\r
500 //\r
501 form formid = SECUREBOOT_ENROLL_SIGNATURE_TO_DBX,\r
502 title = STRING_TOKEN(STR_SECURE_BOOT_ENROLL_SIGNATURE);\r
503\r
504 subtitle text = STRING_TOKEN(STR_NULL);\r
505\r
506 goto FORM_FILE_EXPLORER_ID_DBX,\r
507 prompt = STRING_TOKEN(STR_SECURE_BOOT_ADD_SIGNATURE_FILE),\r
508 help = STRING_TOKEN(STR_SECURE_BOOT_ADD_SIGNATURE_FILE),\r
509 flags = INTERACTIVE,\r
510 key = SECUREBOOT_ENROLL_SIGNATURE_TO_DBX;\r
511\r
ecc722ad 512 label SECUREBOOT_ENROLL_SIGNATURE_TO_DBX;\r
513 label LABEL_END;\r
514 subtitle text = STRING_TOKEN(STR_NULL);\r
515\r
516 string varid = SECUREBOOT_CONFIGURATION.SignatureGuid,\r
517 prompt = STRING_TOKEN(STR_SECURE_BOOT_SIGNATURE_GUID),\r
518 help = STRING_TOKEN(STR_SECURE_BOOT_SIGNATURE_GUID_HELP),\r
519 flags = INTERACTIVE,\r
520 key = KEY_SECURE_BOOT_SIGNATURE_GUID_DBX,\r
521 minsize = SECURE_BOOT_GUID_SIZE,\r
522 maxsize = SECURE_BOOT_GUID_SIZE,\r
523 endstring;\r
524\r
20333c6d
QL		 525 oneof name = SignatureFormatInDbx,\r
526 varid = SECUREBOOT_CONFIGURATION.CertificateFormat,\r
527 prompt = STRING_TOKEN(STR_DBX_CERTIFICATE_FORMAT_PROMPT),\r
528 help = STRING_TOKEN(STR_DBX_CERTIFICATE_FORMAT_HELP),\r
529 option text = STRING_TOKEN(STR_DBX_CERTIFICATE_FORMAT_SHA256), value = 0x2, flags = DEFAULT;\r
530 option text = STRING_TOKEN(STR_DBX_CERTIFICATE_FORMAT_SHA384), value = 0x3, flags = 0;\r
531 option text = STRING_TOKEN(STR_DBX_CERTIFICATE_FORMAT_SHA512), value = 0x4, flags = 0;\r
532 option text = STRING_TOKEN(STR_DBX_CERTIFICATE_FORMAT_RAW), value = 0x5, flags = 0;\r
533 endoneof;\r
534\r
535 suppressif ideqval SECUREBOOT_CONFIGURATION.CertificateFormat == 5;\r
536 checkbox varid = SECUREBOOT_CONFIGURATION.AlwaysRevocation,\r
537 prompt = STRING_TOKEN(STR_ALWAYS_CERTIFICATE_REVOCATION_PROMPT),\r
538 help = STRING_TOKEN(STR_ALWAYS_CERTIFICATE_REVOCATION_HELP),\r
539 flags = INTERACTIVE,\r
540 endcheckbox;\r
541\r
542 suppressif ideqval SECUREBOOT_CONFIGURATION.AlwaysRevocation == 1;\r
543 date varid = SECUREBOOT_CONFIGURATION.RevocationDate,\r
544 prompt = STRING_TOKEN(STR_CERTIFICATE_REVOCATION_DATE_PROMPT),\r
545 help = STRING_TOKEN(STR_CERTIFICATE_REVOCATION_DATE_HELP),\r
546 flags = STORAGE_NORMAL,\r
547 enddate;\r
548\r
549 time varid = SECUREBOOT_CONFIGURATION.RevocationTime,\r
550 prompt = STRING_TOKEN(STR_CERTIFICATE_REVOCATION_TIME_PROMPT),\r
551 help = STRING_TOKEN(STR_CERTIFICATE_REVOCATION_TIME_HELP),\r
552 flags = STORAGE_NORMAL,\r
553 endtime;\r
554 endif;\r
555 endif;\r
556\r
ecc722ad 557 subtitle text = STRING_TOKEN(STR_NULL);\r
558 subtitle text = STRING_TOKEN(STR_NULL);\r
559\r
560 goto FORMID_SECURE_BOOT_OPTION_FORM,\r
561 prompt = STRING_TOKEN(STR_SAVE_AND_EXIT),\r
562 help = STRING_TOKEN(STR_SAVE_AND_EXIT),\r
563 flags = INTERACTIVE,\r
564 key = KEY_VALUE_SAVE_AND_EXIT_DBX;\r
20333c6d 565\r
ecc722ad 566 goto FORMID_SECURE_BOOT_OPTION_FORM,\r
567 prompt = STRING_TOKEN(STR_NO_SAVE_AND_EXIT),\r
568 help = STRING_TOKEN(STR_NO_SAVE_AND_EXIT),\r
569 flags = INTERACTIVE,\r
570 key = KEY_VALUE_NO_SAVE_AND_EXIT_DBX;\r
571\r
572 endform;\r
573\r
20333c6d
QL		 574 //\r
575 // Form: 'Enroll Signature' for DBT options.\r
576 //\r
577 form formid = SECUREBOOT_ENROLL_SIGNATURE_TO_DBT,\r
578 title = STRING_TOKEN(STR_SECURE_BOOT_ENROLL_SIGNATURE);\r
579\r
580 subtitle text = STRING_TOKEN(STR_NULL);\r
581\r
582 goto FORM_FILE_EXPLORER_ID_DBT,\r
583 prompt = STRING_TOKEN(STR_SECURE_BOOT_ADD_SIGNATURE_FILE),\r
584 help = STRING_TOKEN(STR_SECURE_BOOT_ADD_SIGNATURE_FILE),\r
585 flags = INTERACTIVE,\r
586 key = SECUREBOOT_ENROLL_SIGNATURE_TO_DBT;\r
587\r
588 subtitle text = STRING_TOKEN(STR_NULL);\r
589 label SECUREBOOT_ENROLL_SIGNATURE_TO_DBT;\r
590 label LABEL_END;\r
591 subtitle text = STRING_TOKEN(STR_NULL);\r
592\r
593 string varid = SECUREBOOT_CONFIGURATION.SignatureGuid,\r
594 prompt = STRING_TOKEN(STR_SECURE_BOOT_SIGNATURE_GUID),\r
595 help = STRING_TOKEN(STR_SECURE_BOOT_SIGNATURE_GUID_HELP),\r
596 flags = INTERACTIVE,\r
597 key = KEY_SECURE_BOOT_SIGNATURE_GUID_DBT,\r
598 minsize = SECURE_BOOT_GUID_SIZE,\r
599 maxsize = SECURE_BOOT_GUID_SIZE,\r
600 endstring;\r
601\r
602 subtitle text = STRING_TOKEN(STR_NULL);\r
603 subtitle text = STRING_TOKEN(STR_NULL);\r
604\r
605 goto FORMID_SECURE_BOOT_OPTION_FORM,\r
606 prompt = STRING_TOKEN(STR_SAVE_AND_EXIT),\r
607 help = STRING_TOKEN(STR_SAVE_AND_EXIT),\r
608 flags = INTERACTIVE,\r
609 key = KEY_VALUE_SAVE_AND_EXIT_DBT;\r
610\r
611 goto FORMID_SECURE_BOOT_OPTION_FORM,\r
612 prompt = STRING_TOKEN(STR_NO_SAVE_AND_EXIT),\r
613 help = STRING_TOKEN(STR_NO_SAVE_AND_EXIT),\r
614 flags = INTERACTIVE,\r
615 key = KEY_VALUE_NO_SAVE_AND_EXIT_DBT;\r
616\r
617 endform;\r
618\r
ecc722ad 619 //\r
620 // File Explorer for PK\r
621 //\r
622 form formid = FORM_FILE_EXPLORER_ID_PK,\r
623 title = STRING_TOKEN(STR_FILE_EXPLORER_TITLE);\r
624\r
625 label FORM_FILE_EXPLORER_ID;\r
626 label LABEL_END;\r
627 endform;\r
20333c6d 628\r
ecc722ad 629 //\r
630 // File Explorer for KEK\r
631 //\r
632 form formid = FORM_FILE_EXPLORER_ID_KEK,\r
633 title = STRING_TOKEN(STR_FILE_EXPLORER_TITLE);\r
634\r
635 label FORM_FILE_EXPLORER_ID;\r
636 label LABEL_END;\r
637 endform;\r
638\r
639 //\r
640 // File Explorer for DB\r
641 //\r
642 form formid = FORM_FILE_EXPLORER_ID_DB,\r
643 title = STRING_TOKEN(STR_FILE_EXPLORER_TITLE);\r
644\r
645 label FORM_FILE_EXPLORER_ID;\r
646 label LABEL_END;\r
647 endform;\r
648\r
649 //\r
650 // File Explorer for DBX\r
651 //\r
652 form formid = FORM_FILE_EXPLORER_ID_DBX,\r
653 title = STRING_TOKEN(STR_FILE_EXPLORER_TITLE);\r
654\r
655 label FORM_FILE_EXPLORER_ID;\r
656 label LABEL_END;\r
657 endform;\r
658\r
20333c6d
QL		 659 //\r
660 // File Explorer for DBT\r
661 //\r
662 form formid = FORM_FILE_EXPLORER_ID_DBT,\r
663 title = STRING_TOKEN(STR_FILE_EXPLORER_TITLE);\r
664\r
665 label FORM_FILE_EXPLORER_ID;\r
666 label LABEL_END;\r
667 endform;\r
ecc722ad 668\r
669 //\r
670 // Enroll Pk from File Commit Form\r
671 //\r
672 form formid = SECUREBOOT_ADD_PK_FILE_FORM_ID,\r
673 title = STRING_TOKEN(STR_SAVE_PK_FILE);\r
674\r
675 label SECUREBOOT_ADD_PK_FILE_FORM_ID;\r
676 label LABEL_END;\r
20333c6d 677\r
ecc722ad 678 subtitle text = STRING_TOKEN(STR_NULL);\r
679\r
680 text\r
681 help = STRING_TOKEN(STR_SAVE_AND_EXIT),\r
682 text = STRING_TOKEN(STR_SAVE_AND_EXIT),\r
20333c6d 683 text = STRING_TOKEN(STR_NULL),\r
ecc722ad 684 flags = INTERACTIVE,\r
685 key = KEY_VALUE_SAVE_AND_EXIT_PK;\r
686\r
687 text\r
688 help = STRING_TOKEN(STR_NO_SAVE_AND_EXIT),\r
689 text = STRING_TOKEN(STR_NO_SAVE_AND_EXIT),\r
20333c6d 690 text = STRING_TOKEN(STR_NULL),\r
ecc722ad 691 flags = INTERACTIVE,\r
692 key = KEY_VALUE_NO_SAVE_AND_EXIT_PK;\r
beda2356 693\r
694 endform;\r
695\r
20333c6d 696endformset;
EFI Development Kit II mirror for PVE