]> git.proxmox.com Git - mirror_edk2.git/blame_incremental - SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfig.vfr
projects / mirror_edk2.git / blame_incremental
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (non-incremental) | history | HEAD
UEFI 2.4 X509 Certificate Hash and RFC3161 Timestamp Verification support for Secure...
[mirror_edk2.git] / SecurityPkg / VariableAuthenticated / SecureBootConfigDxe / SecureBootConfig.vfr
... / ...
CommitLineData
1/** @file\r
2 VFR file used by the SecureBoot configuration component.\r
3\r
4Copyright (c) 2011 - 2014, Intel Corporation. All rights reserved.<BR>\r
5This program and the accompanying materials\r
6are licensed and made available under the terms and conditions of the BSD License\r
7which accompanies this distribution. The full text of the license may be found at\r
8http://opensource.org/licenses/bsd-license.php\r
9\r
10THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,\r
11WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
12\r
13**/\r
14\r
15#include "SecureBootConfigNvData.h"\r
16\r
17formset\r
18 guid = SECUREBOOT_CONFIG_FORM_SET_GUID,\r
19 title = STRING_TOKEN(STR_SECUREBOOT_TITLE),\r
20 help = STRING_TOKEN(STR_SECUREBOOT_HELP),\r
21 classguid = EFI_HII_PLATFORM_SETUP_FORMSET_GUID,\r
22\r
23 varstore SECUREBOOT_CONFIGURATION,\r
24 varid = SECUREBOOT_CONFIGURATION_VARSTORE_ID,\r
25 name = SECUREBOOT_CONFIGURATION,\r
26 guid = SECUREBOOT_CONFIG_FORM_SET_GUID;\r
27\r
28 //\r
29 // ##1 Form "Secure Boot Configuration"\r
30 //\r
31 form formid = SECUREBOOT_CONFIGURATION_FORM_ID,\r
32 title = STRING_TOKEN(STR_SECUREBOOT_TITLE);\r
33\r
34 subtitle text = STRING_TOKEN(STR_NULL);\r
35\r
36 text\r
37 help = STRING_TOKEN(STR_SECURE_BOOT_STATE_HELP),\r
38 text = STRING_TOKEN(STR_SECURE_BOOT_STATE_PROMPT),\r
39 text = STRING_TOKEN(STR_SECURE_BOOT_STATE_CONTENT);\r
40\r
41 //\r
42 // Define of Check Box: Attempt Secure Boot\r
43 //\r
44 suppressif TRUE;\r
45 checkbox varid = SECUREBOOT_CONFIGURATION.HideSecureBoot,\r
46 questionid = KEY_HIDE_SECURE_BOOT,\r
47 prompt = STRING_TOKEN(STR_NULL),\r
48 help = STRING_TOKEN(STR_NULL),\r
49 flags = INTERACTIVE,\r
50 endcheckbox;\r
51 endif;\r
52\r
53 //\r
54 // Display of Check Box: Attempt Secure Boot\r
55 //\r
56 grayoutif ideqval SECUREBOOT_CONFIGURATION.HideSecureBoot == 1;\r
57 checkbox varid = SECUREBOOT_CONFIGURATION.AttemptSecureBoot,\r
58 questionid = KEY_SECURE_BOOT_ENABLE,\r
59 prompt = STRING_TOKEN(STR_SECURE_BOOT_PROMPT),\r
60 help = STRING_TOKEN(STR_SECURE_BOOT_HELP),\r
61 flags = INTERACTIVE | RESET_REQUIRED,\r
62 endcheckbox;\r
63 endif;\r
64\r
65 //\r
66 // Display of Oneof: 'Secure Boot Mode'\r
67 //\r
68 disableif TRUE;\r
69 oneof varid = SECUREBOOT_CONFIGURATION.SecureBootMode,\r
70 prompt = STRING_TOKEN(STR_SECURE_BOOT_MODE_PROMPT),\r
71 help = STRING_TOKEN(STR_SECURE_BOOT_MODE_HELP),\r
72 flags = INTERACTIVE,\r
73 option text = STRING_TOKEN(STR_STANDARD_MODE), value = SECURE_BOOT_MODE_STANDARD, flags = 0;\r
74 option text = STRING_TOKEN(STR_CUSTOM_MODE), value = SECURE_BOOT_MODE_CUSTOM, flags = 0;\r
75 endoneof;\r
76 endif;\r
77 oneof name = SecureBootMode,\r
78 questionid = KEY_SECURE_BOOT_MODE,\r
79 prompt = STRING_TOKEN(STR_SECURE_BOOT_MODE_PROMPT),\r
80 help = STRING_TOKEN(STR_SECURE_BOOT_MODE_HELP),\r
81 flags = INTERACTIVE | NUMERIC_SIZE_1,\r
82 option text = STRING_TOKEN(STR_STANDARD_MODE), value = SECURE_BOOT_MODE_STANDARD, flags = DEFAULT;\r
83 option text = STRING_TOKEN(STR_CUSTOM_MODE), value = SECURE_BOOT_MODE_CUSTOM, flags = 0;\r
84 endoneof;\r
85\r
86 //\r
87 //\r
88 // Display of 'Current Secure Boot Mode'\r
89 //\r
90 suppressif questionref(SecureBootMode) == SECURE_BOOT_MODE_STANDARD;\r
91 grayoutif NOT ideqval SECUREBOOT_CONFIGURATION.PhysicalPresent == 1;\r
92 goto FORMID_SECURE_BOOT_OPTION_FORM,\r
93 prompt = STRING_TOKEN(STR_SECURE_BOOT_OPTION),\r
94 help = STRING_TOKEN(STR_SECURE_BOOT_OPTION_HELP),\r
95 flags = INTERACTIVE,\r
96 key = KEY_SECURE_BOOT_OPTION;\r
97 endif;\r
98 endif;\r
99 endform;\r
100\r
101 //\r
102 // ##2 Form: 'Custom Secure Boot Options'\r
103 //\r
104 form formid = FORMID_SECURE_BOOT_OPTION_FORM,\r
105 title = STRING_TOKEN(STR_SECURE_BOOT_OPTION_TITLE);\r
106\r
107 subtitle text = STRING_TOKEN(STR_NULL);\r
108\r
109 goto FORMID_SECURE_BOOT_PK_OPTION_FORM,\r
110 prompt = STRING_TOKEN(STR_SECURE_BOOT_PK_OPTION),\r
111 help = STRING_TOKEN(STR_SECURE_BOOT_PK_OPTION_HELP),\r
112 flags = INTERACTIVE,\r
113 key = KEY_SECURE_BOOT_PK_OPTION;\r
114\r
115 subtitle text = STRING_TOKEN(STR_NULL);\r
116\r
117 goto FORMID_SECURE_BOOT_KEK_OPTION_FORM,\r
118 prompt = STRING_TOKEN(STR_SECURE_BOOT_KEK_OPTION),\r
119 help = STRING_TOKEN(STR_SECURE_BOOT_KEK_OPTION_HELP),\r
120 flags = INTERACTIVE,\r
121 key = KEY_SECURE_BOOT_KEK_OPTION;\r
122\r
123 subtitle text = STRING_TOKEN(STR_NULL);\r
124\r
125 goto FORMID_SECURE_BOOT_DB_OPTION_FORM,\r
126 prompt = STRING_TOKEN(STR_SECURE_BOOT_DB_OPTION),\r
127 help = STRING_TOKEN(STR_SECURE_BOOT_DB_OPTION_HELP),\r
128 flags = INTERACTIVE,\r
129 key = KEY_SECURE_BOOT_DB_OPTION;\r
130\r
131 subtitle text = STRING_TOKEN(STR_NULL);\r
132\r
133 goto FORMID_SECURE_BOOT_DBX_OPTION_FORM,\r
134 prompt = STRING_TOKEN(STR_SECURE_BOOT_DBX_OPTION),\r
135 help = STRING_TOKEN(STR_SECURE_BOOT_DBX_OPTION_HELP),\r
136 flags = INTERACTIVE,\r
137 key = KEY_SECURE_BOOT_DBX_OPTION;\r
138\r
139 subtitle text = STRING_TOKEN(STR_NULL);\r
140\r
141 goto FORMID_SECURE_BOOT_DBT_OPTION_FORM,\r
142 prompt = STRING_TOKEN(STR_SECURE_BOOT_DBT_OPTION),\r
143 help = STRING_TOKEN(STR_SECURE_BOOT_DBT_OPTION_HELP),\r
144 flags = INTERACTIVE,\r
145 key = KEY_SECURE_BOOT_DBT_OPTION;\r
146\r
147 endform;\r
148\r
149 //\r
150 // ##3 Form: 'PK Options'\r
151 //\r
152 form formid = FORMID_SECURE_BOOT_PK_OPTION_FORM,\r
153 title = STRING_TOKEN(STR_SECURE_BOOT_PK_OPTION);\r
154\r
155 subtitle text = STRING_TOKEN(STR_NULL);\r
156\r
157 //\r
158 // Define of Check Box: 'Delete PK'\r
159 //\r
160 suppressif TRUE;\r
161 checkbox varid = SECUREBOOT_CONFIGURATION.DeletePk,\r
162 prompt = STRING_TOKEN(STR_NULL),\r
163 help = STRING_TOKEN(STR_NULL),\r
164 endcheckbox;\r
165 endif;\r
166\r
167 grayoutif ideqval SECUREBOOT_CONFIGURATION.HasPk == 1;\r
168 goto FORMID_ENROLL_PK_FORM,\r
169 prompt = STRING_TOKEN(STR_ENROLL_PK),\r
170 help = STRING_TOKEN(STR_ENROLL_PK_HELP),\r
171 flags = INTERACTIVE,\r
172 key = KEY_ENROLL_PK;\r
173 endif;\r
174\r
175 subtitle text = STRING_TOKEN(STR_NULL);\r
176\r
177 //\r
178 // Display of Check Box: 'Delete Pk'\r
179 //\r
180 grayoutif ideqval SECUREBOOT_CONFIGURATION.HideSecureBoot == 1;\r
181 checkbox varid = SECUREBOOT_CONFIGURATION.DeletePk,\r
182 questionid = KEY_SECURE_BOOT_DELETE_PK,\r
183 prompt = STRING_TOKEN(STR_DELETE_PK),\r
184 help = STRING_TOKEN(STR_DELETE_PK_HELP),\r
185 flags = INTERACTIVE | RESET_REQUIRED,\r
186 endcheckbox;\r
187 endif;\r
188 endform;\r
189\r
190 //\r
191 // ##4 Form: 'Enroll PK'\r
192 //\r
193 form formid = FORMID_ENROLL_PK_FORM,\r
194 title = STRING_TOKEN(STR_ENROLL_PK);\r
195\r
196 subtitle text = STRING_TOKEN(STR_NULL);\r
197\r
198 goto FORM_FILE_EXPLORER_ID_PK,\r
199 prompt = STRING_TOKEN(STR_SECURE_BOOT_ENROLL_PK_FILE),\r
200 help = STRING_TOKEN(STR_SECURE_BOOT_ENROLL_PK_FILE),\r
201 flags = INTERACTIVE,\r
202 key = SECUREBOOT_ADD_PK_FILE_FORM_ID;\r
203 endform;\r
204\r
205 //\r
206 // ##5 Form: 'KEK Options'\r
207 //\r
208 form formid = FORMID_SECURE_BOOT_KEK_OPTION_FORM,\r
209 title = STRING_TOKEN(STR_SECURE_BOOT_KEK_OPTION);\r
210\r
211 //\r
212 // Display of 'Enroll KEK'\r
213 //\r
214 goto FORMID_ENROLL_KEK_FORM,\r
215 prompt = STRING_TOKEN(STR_ENROLL_KEK),\r
216 help = STRING_TOKEN(STR_ENROLL_KEK_HELP),\r
217 flags = INTERACTIVE;\r
218\r
219 subtitle text = STRING_TOKEN(STR_NULL);\r
220\r
221 //\r
222 // Display of 'Delete KEK'\r
223 //\r
224 goto FORMID_DELETE_KEK_FORM,\r
225 prompt = STRING_TOKEN(STR_DELETE_KEK),\r
226 help = STRING_TOKEN(STR_DELETE_KEK_HELP),\r
227 flags = INTERACTIVE,\r
228 key = KEY_DELETE_KEK;\r
229\r
230 subtitle text = STRING_TOKEN(STR_NULL);\r
231 endform;\r
232\r
233 //\r
234 // ##6 Form: 'Enroll KEK'\r
235 //\r
236 form formid = FORMID_ENROLL_KEK_FORM,\r
237 title = STRING_TOKEN(STR_ENROLL_KEK_TITLE);\r
238\r
239 subtitle text = STRING_TOKEN(STR_NULL);\r
240\r
241 goto FORM_FILE_EXPLORER_ID_KEK,\r
242 prompt = STRING_TOKEN(STR_FORM_ENROLL_KEK_FROM_FILE_TITLE),\r
243 help = STRING_TOKEN(STR_FORM_ENROLL_KEK_FROM_FILE_TITLE_HELP),\r
244 flags = INTERACTIVE,\r
245 key = FORMID_ENROLL_KEK_FORM;\r
246\r
247 subtitle text = STRING_TOKEN(STR_NULL);\r
248 label FORMID_ENROLL_KEK_FORM;\r
249 label LABEL_END;\r
250 subtitle text = STRING_TOKEN(STR_NULL);\r
251\r
252 string varid = SECUREBOOT_CONFIGURATION.SignatureGuid,\r
253 prompt = STRING_TOKEN(STR_SECURE_BOOT_SIGNATURE_GUID),\r
254 help = STRING_TOKEN(STR_SECURE_BOOT_SIGNATURE_GUID_HELP),\r
255 flags = INTERACTIVE,\r
256 key = KEY_SECURE_BOOT_KEK_GUID,\r
257 minsize = SECURE_BOOT_GUID_SIZE,\r
258 maxsize = SECURE_BOOT_GUID_SIZE,\r
259 endstring;\r
260\r
261 subtitle text = STRING_TOKEN(STR_NULL);\r
262 subtitle text = STRING_TOKEN(STR_NULL);\r
263\r
264 goto FORMID_SECURE_BOOT_OPTION_FORM,\r
265 prompt = STRING_TOKEN(STR_SAVE_AND_EXIT),\r
266 help = STRING_TOKEN(STR_SAVE_AND_EXIT),\r
267 flags = INTERACTIVE,\r
268 key = KEY_VALUE_SAVE_AND_EXIT_KEK;\r
269\r
270 goto FORMID_SECURE_BOOT_OPTION_FORM,\r
271 prompt = STRING_TOKEN(STR_NO_SAVE_AND_EXIT),\r
272 help = STRING_TOKEN(STR_NO_SAVE_AND_EXIT),\r
273 flags = INTERACTIVE,\r
274 key = KEY_VALUE_NO_SAVE_AND_EXIT_KEK;\r
275\r
276 endform;\r
277\r
278 //\r
279 // ##7 Form: 'Delete KEK'\r
280 //\r
281 form formid = FORMID_DELETE_KEK_FORM,\r
282 title = STRING_TOKEN(STR_DELETE_KEK_TITLE);\r
283\r
284 label LABEL_KEK_DELETE;\r
285 label LABEL_END;\r
286\r
287 subtitle text = STRING_TOKEN(STR_NULL);\r
288\r
289 endform;\r
290\r
291 //\r
292 // ##8 Form: 'DB Options'\r
293 //\r
294 form formid = FORMID_SECURE_BOOT_DB_OPTION_FORM,\r
295 title = STRING_TOKEN(STR_SECURE_BOOT_DB_OPTION);\r
296\r
297 subtitle text = STRING_TOKEN(STR_NULL);\r
298\r
299 goto SECUREBOOT_ENROLL_SIGNATURE_TO_DB,\r
300 prompt = STRING_TOKEN (STR_SECURE_BOOT_ENROLL_SIGNATURE),\r
301 help = STRING_TOKEN (STR_SECURE_BOOT_ENROLL_SIGNATURE),\r
302 flags = 0;\r
303\r
304 subtitle text = STRING_TOKEN(STR_NULL);\r
305\r
306 goto SECUREBOOT_DELETE_SIGNATURE_FROM_DB,\r
307 prompt = STRING_TOKEN (STR_SECURE_BOOT_DELETE_SIGNATURE),\r
308 help = STRING_TOKEN (STR_SECURE_BOOT_DELETE_SIGNATURE),\r
309 flags = INTERACTIVE,\r
310 key = SECUREBOOT_DELETE_SIGNATURE_FROM_DB;\r
311\r
312 endform;\r
313\r
314 //\r
315 // ##9 Form: 'DBX Options'\r
316 //\r
317 form formid = FORMID_SECURE_BOOT_DBX_OPTION_FORM,\r
318 title = STRING_TOKEN(STR_SECURE_BOOT_DBX_OPTION);\r
319\r
320 subtitle text = STRING_TOKEN(STR_NULL);\r
321\r
322 goto SECUREBOOT_ENROLL_SIGNATURE_TO_DBX,\r
323 prompt = STRING_TOKEN (STR_SECURE_BOOT_ENROLL_SIGNATURE),\r
324 help = STRING_TOKEN (STR_SECURE_BOOT_ENROLL_SIGNATURE),\r
325 flags = 0;\r
326\r
327 subtitle text = STRING_TOKEN(STR_NULL);\r
328\r
329 goto SECUREBOOT_DELETE_SIGNATURE_FROM_DBX,\r
330 prompt = STRING_TOKEN (STR_SECURE_BOOT_DELETE_SIGNATURE),\r
331 help = STRING_TOKEN (STR_SECURE_BOOT_DELETE_SIGNATURE),\r
332 flags = INTERACTIVE,\r
333 key = SECUREBOOT_DELETE_SIGNATURE_FROM_DBX;\r
334\r
335 endform;\r
336\r
337 //\r
338 // ##9 Form: 'DBT Options'\r
339 //\r
340 form formid = FORMID_SECURE_BOOT_DBT_OPTION_FORM,\r
341 title = STRING_TOKEN(STR_SECURE_BOOT_DBT_OPTION);\r
342\r
343 subtitle text = STRING_TOKEN(STR_NULL);\r
344\r
345 goto SECUREBOOT_ENROLL_SIGNATURE_TO_DBT,\r
346 prompt = STRING_TOKEN (STR_SECURE_BOOT_ENROLL_SIGNATURE),\r
347 help = STRING_TOKEN (STR_SECURE_BOOT_ENROLL_SIGNATURE),\r
348 flags = 0;\r
349\r
350 subtitle text = STRING_TOKEN(STR_NULL);\r
351\r
352 goto SECUREBOOT_DELETE_SIGNATURE_FROM_DBT,\r
353 prompt = STRING_TOKEN (STR_SECURE_BOOT_DELETE_SIGNATURE),\r
354 help = STRING_TOKEN (STR_SECURE_BOOT_DELETE_SIGNATURE),\r
355 flags = INTERACTIVE,\r
356 key = SECUREBOOT_DELETE_SIGNATURE_FROM_DBT;\r
357\r
358 endform;\r
359\r
360 //\r
361 // Form: 'Delete Signature' for DB Options.\r
362 //\r
363 form formid = SECUREBOOT_DELETE_SIGNATURE_FROM_DB,\r
364 title = STRING_TOKEN(STR_SECURE_BOOT_DELETE_SIGNATURE);\r
365\r
366 label LABEL_DB_DELETE;\r
367 label LABEL_END;\r
368 subtitle text = STRING_TOKEN(STR_NULL);\r
369\r
370 endform;\r
371\r
372 //\r
373 // Form: 'Delete Signature' for DBX Options.\r
374 //\r
375 form formid = SECUREBOOT_DELETE_SIGNATURE_FROM_DBX,\r
376 title = STRING_TOKEN(STR_SECURE_BOOT_DELETE_SIGNATURE);\r
377\r
378 label LABEL_DBX_DELETE;\r
379 label LABEL_END;\r
380 subtitle text = STRING_TOKEN(STR_NULL);\r
381\r
382 endform;\r
383\r
384 //\r
385 // Form: 'Delete Signature' for DBT Options.\r
386 //\r
387 form formid = SECUREBOOT_DELETE_SIGNATURE_FROM_DBT,\r
388 title = STRING_TOKEN(STR_SECURE_BOOT_DELETE_SIGNATURE);\r
389\r
390 label LABEL_DBT_DELETE;\r
391 label LABEL_END;\r
392 subtitle text = STRING_TOKEN(STR_NULL);\r
393\r
394 endform;\r
395\r
396 //\r
397 // Form: 'Enroll Signature' for DB options.\r
398 //\r
399 form formid = SECUREBOOT_ENROLL_SIGNATURE_TO_DB,\r
400 title = STRING_TOKEN(STR_SECURE_BOOT_ENROLL_SIGNATURE);\r
401\r
402 subtitle text = STRING_TOKEN(STR_NULL);\r
403\r
404 goto FORM_FILE_EXPLORER_ID_DB,\r
405 prompt = STRING_TOKEN(STR_SECURE_BOOT_ADD_SIGNATURE_FILE),\r
406 help = STRING_TOKEN(STR_SECURE_BOOT_ADD_SIGNATURE_FILE),\r
407 flags = INTERACTIVE,\r
408 key = SECUREBOOT_ENROLL_SIGNATURE_TO_DB;\r
409\r
410 subtitle text = STRING_TOKEN(STR_NULL);\r
411 label SECUREBOOT_ENROLL_SIGNATURE_TO_DB;\r
412 label LABEL_END;\r
413 subtitle text = STRING_TOKEN(STR_NULL);\r
414\r
415 string varid = SECUREBOOT_CONFIGURATION.SignatureGuid,\r
416 prompt = STRING_TOKEN(STR_SECURE_BOOT_SIGNATURE_GUID),\r
417 help = STRING_TOKEN(STR_SECURE_BOOT_SIGNATURE_GUID_HELP),\r
418 flags = INTERACTIVE,\r
419 key = KEY_SECURE_BOOT_SIGNATURE_GUID_DB,\r
420 minsize = SECURE_BOOT_GUID_SIZE,\r
421 maxsize = SECURE_BOOT_GUID_SIZE,\r
422 endstring;\r
423\r
424 subtitle text = STRING_TOKEN(STR_NULL);\r
425 subtitle text = STRING_TOKEN(STR_NULL);\r
426\r
427 goto FORMID_SECURE_BOOT_OPTION_FORM,\r
428 prompt = STRING_TOKEN(STR_SAVE_AND_EXIT),\r
429 help = STRING_TOKEN(STR_SAVE_AND_EXIT),\r
430 flags = INTERACTIVE,\r
431 key = KEY_VALUE_SAVE_AND_EXIT_DB;\r
432\r
433 goto FORMID_SECURE_BOOT_OPTION_FORM,\r
434 prompt = STRING_TOKEN(STR_NO_SAVE_AND_EXIT),\r
435 help = STRING_TOKEN(STR_NO_SAVE_AND_EXIT),\r
436 flags = INTERACTIVE,\r
437 key = KEY_VALUE_NO_SAVE_AND_EXIT_DB;\r
438\r
439 endform;\r
440\r
441 //\r
442 // Form: 'Enroll Signature' for DBX options.\r
443 //\r
444 form formid = SECUREBOOT_ENROLL_SIGNATURE_TO_DBX,\r
445 title = STRING_TOKEN(STR_SECURE_BOOT_ENROLL_SIGNATURE);\r
446\r
447 subtitle text = STRING_TOKEN(STR_NULL);\r
448\r
449 goto FORM_FILE_EXPLORER_ID_DBX,\r
450 prompt = STRING_TOKEN(STR_SECURE_BOOT_ADD_SIGNATURE_FILE),\r
451 help = STRING_TOKEN(STR_SECURE_BOOT_ADD_SIGNATURE_FILE),\r
452 flags = INTERACTIVE,\r
453 key = SECUREBOOT_ENROLL_SIGNATURE_TO_DBX;\r
454\r
455 label SECUREBOOT_ENROLL_SIGNATURE_TO_DBX;\r
456 label LABEL_END;\r
457 subtitle text = STRING_TOKEN(STR_NULL);\r
458\r
459 string varid = SECUREBOOT_CONFIGURATION.SignatureGuid,\r
460 prompt = STRING_TOKEN(STR_SECURE_BOOT_SIGNATURE_GUID),\r
461 help = STRING_TOKEN(STR_SECURE_BOOT_SIGNATURE_GUID_HELP),\r
462 flags = INTERACTIVE,\r
463 key = KEY_SECURE_BOOT_SIGNATURE_GUID_DBX,\r
464 minsize = SECURE_BOOT_GUID_SIZE,\r
465 maxsize = SECURE_BOOT_GUID_SIZE,\r
466 endstring;\r
467\r
468 oneof name = SignatureFormatInDbx,\r
469 varid = SECUREBOOT_CONFIGURATION.CertificateFormat,\r
470 prompt = STRING_TOKEN(STR_DBX_CERTIFICATE_FORMAT_PROMPT),\r
471 help = STRING_TOKEN(STR_DBX_CERTIFICATE_FORMAT_HELP),\r
472 option text = STRING_TOKEN(STR_DBX_CERTIFICATE_FORMAT_SHA256), value = 0x2, flags = DEFAULT;\r
473 option text = STRING_TOKEN(STR_DBX_CERTIFICATE_FORMAT_SHA384), value = 0x3, flags = 0;\r
474 option text = STRING_TOKEN(STR_DBX_CERTIFICATE_FORMAT_SHA512), value = 0x4, flags = 0;\r
475 option text = STRING_TOKEN(STR_DBX_CERTIFICATE_FORMAT_RAW), value = 0x5, flags = 0;\r
476 endoneof;\r
477\r
478 suppressif ideqval SECUREBOOT_CONFIGURATION.CertificateFormat == 5;\r
479 checkbox varid = SECUREBOOT_CONFIGURATION.AlwaysRevocation,\r
480 prompt = STRING_TOKEN(STR_ALWAYS_CERTIFICATE_REVOCATION_PROMPT),\r
481 help = STRING_TOKEN(STR_ALWAYS_CERTIFICATE_REVOCATION_HELP),\r
482 flags = INTERACTIVE,\r
483 endcheckbox;\r
484\r
485 suppressif ideqval SECUREBOOT_CONFIGURATION.AlwaysRevocation == 1;\r
486 date varid = SECUREBOOT_CONFIGURATION.RevocationDate,\r
487 prompt = STRING_TOKEN(STR_CERTIFICATE_REVOCATION_DATE_PROMPT),\r
488 help = STRING_TOKEN(STR_CERTIFICATE_REVOCATION_DATE_HELP),\r
489 flags = STORAGE_NORMAL,\r
490 enddate;\r
491\r
492 time varid = SECUREBOOT_CONFIGURATION.RevocationTime,\r
493 prompt = STRING_TOKEN(STR_CERTIFICATE_REVOCATION_TIME_PROMPT),\r
494 help = STRING_TOKEN(STR_CERTIFICATE_REVOCATION_TIME_HELP),\r
495 flags = STORAGE_NORMAL,\r
496 endtime;\r
497 endif;\r
498 endif;\r
499\r
500 subtitle text = STRING_TOKEN(STR_NULL);\r
501 subtitle text = STRING_TOKEN(STR_NULL);\r
502\r
503 goto FORMID_SECURE_BOOT_OPTION_FORM,\r
504 prompt = STRING_TOKEN(STR_SAVE_AND_EXIT),\r
505 help = STRING_TOKEN(STR_SAVE_AND_EXIT),\r
506 flags = INTERACTIVE,\r
507 key = KEY_VALUE_SAVE_AND_EXIT_DBX;\r
508\r
509 goto FORMID_SECURE_BOOT_OPTION_FORM,\r
510 prompt = STRING_TOKEN(STR_NO_SAVE_AND_EXIT),\r
511 help = STRING_TOKEN(STR_NO_SAVE_AND_EXIT),\r
512 flags = INTERACTIVE,\r
513 key = KEY_VALUE_NO_SAVE_AND_EXIT_DBX;\r
514\r
515 endform;\r
516\r
517 //\r
518 // Form: 'Enroll Signature' for DBT options.\r
519 //\r
520 form formid = SECUREBOOT_ENROLL_SIGNATURE_TO_DBT,\r
521 title = STRING_TOKEN(STR_SECURE_BOOT_ENROLL_SIGNATURE);\r
522\r
523 subtitle text = STRING_TOKEN(STR_NULL);\r
524\r
525 goto FORM_FILE_EXPLORER_ID_DBT,\r
526 prompt = STRING_TOKEN(STR_SECURE_BOOT_ADD_SIGNATURE_FILE),\r
527 help = STRING_TOKEN(STR_SECURE_BOOT_ADD_SIGNATURE_FILE),\r
528 flags = INTERACTIVE,\r
529 key = SECUREBOOT_ENROLL_SIGNATURE_TO_DBT;\r
530\r
531 subtitle text = STRING_TOKEN(STR_NULL);\r
532 label SECUREBOOT_ENROLL_SIGNATURE_TO_DBT;\r
533 label LABEL_END;\r
534 subtitle text = STRING_TOKEN(STR_NULL);\r
535\r
536 string varid = SECUREBOOT_CONFIGURATION.SignatureGuid,\r
537 prompt = STRING_TOKEN(STR_SECURE_BOOT_SIGNATURE_GUID),\r
538 help = STRING_TOKEN(STR_SECURE_BOOT_SIGNATURE_GUID_HELP),\r
539 flags = INTERACTIVE,\r
540 key = KEY_SECURE_BOOT_SIGNATURE_GUID_DBT,\r
541 minsize = SECURE_BOOT_GUID_SIZE,\r
542 maxsize = SECURE_BOOT_GUID_SIZE,\r
543 endstring;\r
544\r
545 subtitle text = STRING_TOKEN(STR_NULL);\r
546 subtitle text = STRING_TOKEN(STR_NULL);\r
547\r
548 goto FORMID_SECURE_BOOT_OPTION_FORM,\r
549 prompt = STRING_TOKEN(STR_SAVE_AND_EXIT),\r
550 help = STRING_TOKEN(STR_SAVE_AND_EXIT),\r
551 flags = INTERACTIVE,\r
552 key = KEY_VALUE_SAVE_AND_EXIT_DBT;\r
553\r
554 goto FORMID_SECURE_BOOT_OPTION_FORM,\r
555 prompt = STRING_TOKEN(STR_NO_SAVE_AND_EXIT),\r
556 help = STRING_TOKEN(STR_NO_SAVE_AND_EXIT),\r
557 flags = INTERACTIVE,\r
558 key = KEY_VALUE_NO_SAVE_AND_EXIT_DBT;\r
559\r
560 endform;\r
561\r
562 //\r
563 // File Explorer for PK\r
564 //\r
565 form formid = FORM_FILE_EXPLORER_ID_PK,\r
566 title = STRING_TOKEN(STR_FILE_EXPLORER_TITLE);\r
567\r
568 label FORM_FILE_EXPLORER_ID;\r
569 label LABEL_END;\r
570 endform;\r
571\r
572 //\r
573 // File Explorer for KEK\r
574 //\r
575 form formid = FORM_FILE_EXPLORER_ID_KEK,\r
576 title = STRING_TOKEN(STR_FILE_EXPLORER_TITLE);\r
577\r
578 label FORM_FILE_EXPLORER_ID;\r
579 label LABEL_END;\r
580 endform;\r
581\r
582 //\r
583 // File Explorer for DB\r
584 //\r
585 form formid = FORM_FILE_EXPLORER_ID_DB,\r
586 title = STRING_TOKEN(STR_FILE_EXPLORER_TITLE);\r
587\r
588 label FORM_FILE_EXPLORER_ID;\r
589 label LABEL_END;\r
590 endform;\r
591\r
592 //\r
593 // File Explorer for DBX\r
594 //\r
595 form formid = FORM_FILE_EXPLORER_ID_DBX,\r
596 title = STRING_TOKEN(STR_FILE_EXPLORER_TITLE);\r
597\r
598 label FORM_FILE_EXPLORER_ID;\r
599 label LABEL_END;\r
600 endform;\r
601\r
602 //\r
603 // File Explorer for DBT\r
604 //\r
605 form formid = FORM_FILE_EXPLORER_ID_DBT,\r
606 title = STRING_TOKEN(STR_FILE_EXPLORER_TITLE);\r
607\r
608 label FORM_FILE_EXPLORER_ID;\r
609 label LABEL_END;\r
610 endform;\r
611\r
612 //\r
613 // Enroll Pk from File Commit Form\r
614 //\r
615 form formid = SECUREBOOT_ADD_PK_FILE_FORM_ID,\r
616 title = STRING_TOKEN(STR_SAVE_PK_FILE);\r
617\r
618 label SECUREBOOT_ADD_PK_FILE_FORM_ID;\r
619 label LABEL_END;\r
620\r
621 subtitle text = STRING_TOKEN(STR_NULL);\r
622\r
623 text\r
624 help = STRING_TOKEN(STR_SAVE_AND_EXIT),\r
625 text = STRING_TOKEN(STR_SAVE_AND_EXIT),\r
626 text = STRING_TOKEN(STR_NULL),\r
627 flags = INTERACTIVE,\r
628 key = KEY_VALUE_SAVE_AND_EXIT_PK;\r
629\r
630 text\r
631 help = STRING_TOKEN(STR_NO_SAVE_AND_EXIT),\r
632 text = STRING_TOKEN(STR_NO_SAVE_AND_EXIT),\r
633 text = STRING_TOKEN(STR_NULL),\r
634 flags = INTERACTIVE,\r
635 key = KEY_VALUE_NO_SAVE_AND_EXIT_PK;\r
636\r
637 endform;\r
638\r
639endformset;
EFI Development Kit II mirror for PVE