[mirror_edk2.git] / SecurityPkg / VariableAuthenticated / SecureBootConfigDxe / SecureBootConfig.vfr

/** @file\r
  VFR file used by the SecureBoot configuration component.\r
\r
Copyright (c) 2011 - 2016, Intel Corporation. All rights reserved.<BR>\r
This program and the accompanying materials\r
are licensed and made available under the terms and conditions of the BSD License\r
which accompanies this distribution.  The full text of the license may be found at\r
http://opensource.org/licenses/bsd-license.php\r
\r
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,\r
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
\r
**/\r
\r
#include "SecureBootConfigNvData.h"\r
\r
formset\r
  guid      = SECUREBOOT_CONFIG_FORM_SET_GUID,\r
  title     = STRING_TOKEN(STR_SECUREBOOT_TITLE),\r
  help      = STRING_TOKEN(STR_SECUREBOOT_HELP),\r
  classguid = EFI_HII_PLATFORM_SETUP_FORMSET_GUID,\r
\r
  varstore SECUREBOOT_CONFIGURATION,\r
    varid = SECUREBOOT_CONFIGURATION_VARSTORE_ID,\r
    name  = SECUREBOOT_CONFIGURATION,\r
    guid  = SECUREBOOT_CONFIG_FORM_SET_GUID;\r
\r
  //\r
  // ##1 Form "Secure Boot Configuration"\r
  //\r
  form formid = SECUREBOOT_CONFIGURATION_FORM_ID,\r
    title = STRING_TOKEN(STR_SECUREBOOT_TITLE);\r
\r
    subtitle text = STRING_TOKEN(STR_NULL);\r
\r
    text\r
      help   = STRING_TOKEN(STR_SECURE_BOOT_STATE_HELP),\r
      text   = STRING_TOKEN(STR_SECURE_BOOT_STATE_PROMPT),\r
        text   = STRING_TOKEN(STR_SECURE_BOOT_STATE_CONTENT);\r
\r
    //\r
    // Display of Check Box: Attempt Secure Boot\r
    //\r
    grayoutif ideqval SECUREBOOT_CONFIGURATION.HideSecureBoot == 1 OR NOT ideqval SECUREBOOT_CONFIGURATION.PhysicalPresent == 1;\r
    checkbox varid = SECUREBOOT_CONFIGURATION.AttemptSecureBoot,\r
          questionid = KEY_SECURE_BOOT_ENABLE,\r
          prompt = STRING_TOKEN(STR_SECURE_BOOT_PROMPT),\r
          help   = STRING_TOKEN(STR_SECURE_BOOT_HELP),\r
          flags  = INTERACTIVE | RESET_REQUIRED,\r
    endcheckbox;\r
    endif;\r
\r
    //\r
    // Display of Oneof: 'Secure Boot Mode'\r
    //\r
    oneof name = SecureBootMode,\r
          questionid = KEY_SECURE_BOOT_MODE,\r
          prompt = STRING_TOKEN(STR_SECURE_BOOT_MODE_PROMPT),\r
          help   = STRING_TOKEN(STR_SECURE_BOOT_MODE_HELP),\r
          flags  = INTERACTIVE | NUMERIC_SIZE_1,\r
          option text = STRING_TOKEN(STR_STANDARD_MODE),    value = SECURE_BOOT_MODE_STANDARD, flags = DEFAULT;\r
          option text = STRING_TOKEN(STR_CUSTOM_MODE),      value = SECURE_BOOT_MODE_CUSTOM,   flags = 0;\r
    endoneof;\r
\r
    //\r
    // Display of 'Current Secure Boot Mode'\r
    //\r
    suppressif questionref(SecureBootMode) == SECURE_BOOT_MODE_STANDARD;\r
    grayoutif NOT ideqval SECUREBOOT_CONFIGURATION.PhysicalPresent == 1;\r
    goto FORMID_SECURE_BOOT_OPTION_FORM,\r
         prompt = STRING_TOKEN(STR_SECURE_BOOT_OPTION),\r
         help   = STRING_TOKEN(STR_SECURE_BOOT_OPTION_HELP),\r
         flags  = INTERACTIVE,\r
         key    = KEY_SECURE_BOOT_OPTION;\r
    endif;\r
    endif;\r
\r
  endform;\r
\r
  //\r
  // ##2 Form: 'Custom Secure Boot Options'\r
  //\r
  form formid = FORMID_SECURE_BOOT_OPTION_FORM,\r
    title  = STRING_TOKEN(STR_SECURE_BOOT_OPTION_TITLE);\r
\r
    subtitle text = STRING_TOKEN(STR_NULL);\r
\r
    goto FORMID_SECURE_BOOT_PK_OPTION_FORM,\r
         prompt = STRING_TOKEN(STR_SECURE_BOOT_PK_OPTION),\r
         help   = STRING_TOKEN(STR_SECURE_BOOT_PK_OPTION_HELP),\r
         flags  = INTERACTIVE,\r
         key    = KEY_SECURE_BOOT_PK_OPTION;\r
\r
    subtitle text = STRING_TOKEN(STR_NULL);\r
\r
    goto FORMID_SECURE_BOOT_KEK_OPTION_FORM,\r
         prompt = STRING_TOKEN(STR_SECURE_BOOT_KEK_OPTION),\r
         help   = STRING_TOKEN(STR_SECURE_BOOT_KEK_OPTION_HELP),\r
         flags  = INTERACTIVE,\r
         key    = KEY_SECURE_BOOT_KEK_OPTION;\r
\r
    subtitle text = STRING_TOKEN(STR_NULL);\r
\r
    goto FORMID_SECURE_BOOT_DB_OPTION_FORM,\r
         prompt = STRING_TOKEN(STR_SECURE_BOOT_DB_OPTION),\r
         help   = STRING_TOKEN(STR_SECURE_BOOT_DB_OPTION_HELP),\r
         flags  = INTERACTIVE,\r
         key    = KEY_SECURE_BOOT_DB_OPTION;\r
\r
    subtitle text = STRING_TOKEN(STR_NULL);\r
\r
    goto FORMID_SECURE_BOOT_DBX_OPTION_FORM,\r
         prompt = STRING_TOKEN(STR_SECURE_BOOT_DBX_OPTION),\r
         help   = STRING_TOKEN(STR_SECURE_BOOT_DBX_OPTION_HELP),\r
         flags  = INTERACTIVE,\r
         key    = KEY_SECURE_BOOT_DBX_OPTION;\r
\r
    subtitle text = STRING_TOKEN(STR_NULL);\r
\r
    goto FORMID_SECURE_BOOT_DBT_OPTION_FORM,\r
         prompt = STRING_TOKEN(STR_SECURE_BOOT_DBT_OPTION),\r
         help   = STRING_TOKEN(STR_SECURE_BOOT_DBT_OPTION_HELP),\r
         flags  = INTERACTIVE,\r
         key    = KEY_SECURE_BOOT_DBT_OPTION;\r
\r
  endform;\r
\r
  //\r
  // ##3 Form: 'PK Options'\r
  //\r
  form formid = FORMID_SECURE_BOOT_PK_OPTION_FORM,\r
    title  = STRING_TOKEN(STR_SECURE_BOOT_PK_OPTION);\r
\r
    subtitle text = STRING_TOKEN(STR_NULL);\r
\r
    //\r
    // Display of 'Enroll PK'\r
    //\r
    grayoutif ideqval SECUREBOOT_CONFIGURATION.HasPk == 1;\r
    goto FORMID_ENROLL_PK_FORM,\r
         prompt = STRING_TOKEN(STR_ENROLL_PK),\r
         help   = STRING_TOKEN(STR_ENROLL_PK_HELP),\r
         flags  = INTERACTIVE,\r
         key    = KEY_ENROLL_PK;\r
    endif;\r
\r
    subtitle text = STRING_TOKEN(STR_NULL);\r
\r
    //\r
    // Display of Check Box: 'Delete Pk'\r
    //\r
    grayoutif ideqval SECUREBOOT_CONFIGURATION.HideSecureBoot == 1;\r
    checkbox varid = SECUREBOOT_CONFIGURATION.DeletePk,\r
          questionid = KEY_SECURE_BOOT_DELETE_PK,\r
          prompt = STRING_TOKEN(STR_DELETE_PK),\r
          help   = STRING_TOKEN(STR_DELETE_PK_HELP),\r
          flags  = INTERACTIVE | RESET_REQUIRED,\r
    endcheckbox;\r
    endif;\r
  endform;\r
\r
  //\r
  // ##4 Form: 'Enroll PK'\r
  //\r
  form formid = FORMID_ENROLL_PK_FORM,\r
    title  = STRING_TOKEN(STR_ENROLL_PK);\r
\r
    subtitle text = STRING_TOKEN(STR_NULL);\r
\r
    goto FORMID_ENROLL_PK_FORM,\r
         prompt = STRING_TOKEN(STR_SECURE_BOOT_ENROLL_PK_FILE),\r
         help = STRING_TOKEN(STR_SECURE_BOOT_ENROLL_PK_FILE),\r
         flags = INTERACTIVE,\r
         key = FORMID_ENROLL_PK_FORM;\r
\r
    subtitle text = STRING_TOKEN(STR_NULL);\r
    label FORMID_ENROLL_PK_FORM;\r
    label LABEL_END;\r
    subtitle text = STRING_TOKEN(STR_NULL);\r
\r
    goto FORMID_SECURE_BOOT_OPTION_FORM,\r
      prompt = STRING_TOKEN(STR_SAVE_AND_EXIT),\r
      help   = STRING_TOKEN(STR_SAVE_AND_EXIT),\r
      flags  = INTERACTIVE| RESET_REQUIRED,\r
      key    = KEY_VALUE_SAVE_AND_EXIT_PK;\r
\r
    goto FORMID_SECURE_BOOT_OPTION_FORM,\r
      prompt = STRING_TOKEN(STR_NO_SAVE_AND_EXIT),\r
      help   = STRING_TOKEN(STR_NO_SAVE_AND_EXIT),\r
      flags  = INTERACTIVE,\r
      key    = KEY_VALUE_NO_SAVE_AND_EXIT_PK;\r
\r
  endform;\r
\r
  //\r
  // ##5 Form: 'KEK Options'\r
  //\r
  form formid = FORMID_SECURE_BOOT_KEK_OPTION_FORM,\r
    title  = STRING_TOKEN(STR_SECURE_BOOT_KEK_OPTION);\r
\r
    //\r
    // Display of 'Enroll KEK'\r
    //\r
    goto FORMID_ENROLL_KEK_FORM,\r
         prompt = STRING_TOKEN(STR_ENROLL_KEK),\r
         help   = STRING_TOKEN(STR_ENROLL_KEK_HELP),\r
         flags  = INTERACTIVE;\r
\r
    subtitle text = STRING_TOKEN(STR_NULL);\r
\r
    //\r
    // Display of 'Delete KEK'\r
    //\r
    goto FORMID_DELETE_KEK_FORM,\r
         prompt = STRING_TOKEN(STR_DELETE_KEK),\r
         help   = STRING_TOKEN(STR_DELETE_KEK_HELP),\r
         flags  = INTERACTIVE,\r
         key    = KEY_DELETE_KEK;\r
\r
    subtitle text = STRING_TOKEN(STR_NULL);\r
  endform;\r
\r
  //\r
  // ##6 Form: 'Enroll KEK'\r
  //\r
  form formid = FORMID_ENROLL_KEK_FORM,\r
    title = STRING_TOKEN(STR_ENROLL_KEK_TITLE);\r
\r
    subtitle text = STRING_TOKEN(STR_NULL);\r
\r
    goto FORMID_ENROLL_KEK_FORM,\r
         prompt = STRING_TOKEN(STR_FORM_ENROLL_KEK_FROM_FILE_TITLE),\r
         help   = STRING_TOKEN(STR_FORM_ENROLL_KEK_FROM_FILE_TITLE_HELP),\r
         flags  = INTERACTIVE,\r
         key    = FORMID_ENROLL_KEK_FORM;\r
\r
    subtitle text = STRING_TOKEN(STR_NULL);\r
    label FORMID_ENROLL_KEK_FORM;\r
    label LABEL_END;\r
    subtitle text = STRING_TOKEN(STR_NULL);\r
\r
    string  varid   = SECUREBOOT_CONFIGURATION.SignatureGuid,\r
            prompt  = STRING_TOKEN(STR_SECURE_BOOT_SIGNATURE_GUID),\r
            help    = STRING_TOKEN(STR_SECURE_BOOT_SIGNATURE_GUID_HELP),\r
            flags   = INTERACTIVE,\r
            key     = KEY_SECURE_BOOT_KEK_GUID,\r
            minsize = SECURE_BOOT_GUID_SIZE,\r
            maxsize = SECURE_BOOT_GUID_SIZE,\r
    endstring;\r
\r
    subtitle text = STRING_TOKEN(STR_NULL);\r
    subtitle text = STRING_TOKEN(STR_NULL);\r
\r
    goto FORMID_SECURE_BOOT_OPTION_FORM,\r
      prompt = STRING_TOKEN(STR_SAVE_AND_EXIT),\r
      help   = STRING_TOKEN(STR_SAVE_AND_EXIT),\r
      flags  = INTERACTIVE,\r
      key    = KEY_VALUE_SAVE_AND_EXIT_KEK;\r
\r
    goto FORMID_SECURE_BOOT_OPTION_FORM,\r
      prompt = STRING_TOKEN(STR_NO_SAVE_AND_EXIT),\r
      help   = STRING_TOKEN(STR_NO_SAVE_AND_EXIT),\r
      flags  = INTERACTIVE,\r
      key    = KEY_VALUE_NO_SAVE_AND_EXIT_KEK;\r
\r
  endform;\r
\r
  //\r
  // ##7 Form: 'Delete KEK'\r
  //\r
  form formid = FORMID_DELETE_KEK_FORM,\r
    title  = STRING_TOKEN(STR_DELETE_KEK_TITLE);\r
\r
    label LABEL_KEK_DELETE;\r
    label LABEL_END;\r
\r
    subtitle text = STRING_TOKEN(STR_NULL);\r
\r
  endform;\r
\r
  //\r
  // ##8 Form: 'DB Options'\r
  //\r
  form formid = FORMID_SECURE_BOOT_DB_OPTION_FORM,\r
    title = STRING_TOKEN(STR_SECURE_BOOT_DB_OPTION);\r
\r
    subtitle text = STRING_TOKEN(STR_NULL);\r
\r
    goto SECUREBOOT_ENROLL_SIGNATURE_TO_DB,\r
    prompt = STRING_TOKEN (STR_SECURE_BOOT_ENROLL_SIGNATURE),\r
    help   = STRING_TOKEN (STR_SECURE_BOOT_ENROLL_SIGNATURE),\r
    flags  = 0;\r
\r
    subtitle text = STRING_TOKEN(STR_NULL);\r
\r
    goto SECUREBOOT_DELETE_SIGNATURE_FROM_DB,\r
    prompt = STRING_TOKEN (STR_SECURE_BOOT_DELETE_SIGNATURE),\r
    help   = STRING_TOKEN (STR_SECURE_BOOT_DELETE_SIGNATURE),\r
    flags  = INTERACTIVE,\r
    key    = SECUREBOOT_DELETE_SIGNATURE_FROM_DB;\r
\r
  endform;\r
\r
  //\r
  // ##9 Form: 'DBX Options'\r
  //\r
  form formid = FORMID_SECURE_BOOT_DBX_OPTION_FORM,\r
    title = STRING_TOKEN(STR_SECURE_BOOT_DBX_OPTION);\r
\r
    subtitle text = STRING_TOKEN(STR_NULL);\r
\r
    goto SECUREBOOT_ENROLL_SIGNATURE_TO_DBX,\r
    prompt = STRING_TOKEN (STR_SECURE_BOOT_ENROLL_SIGNATURE),\r
    help   = STRING_TOKEN (STR_SECURE_BOOT_ENROLL_SIGNATURE),\r
    flags  = 0;\r
\r
    subtitle text = STRING_TOKEN(STR_NULL);\r
\r
    goto SECUREBOOT_DELETE_SIGNATURE_FROM_DBX,\r
    prompt = STRING_TOKEN (STR_SECURE_BOOT_DELETE_SIGNATURE),\r
    help   = STRING_TOKEN (STR_SECURE_BOOT_DELETE_SIGNATURE),\r
    flags  = INTERACTIVE,\r
    key    = SECUREBOOT_DELETE_SIGNATURE_FROM_DBX;\r
\r
  endform;\r
\r
  //\r
  // ##9 Form: 'DBT Options'\r
  //\r
  form formid = FORMID_SECURE_BOOT_DBT_OPTION_FORM,\r
    title = STRING_TOKEN(STR_SECURE_BOOT_DBT_OPTION);\r
\r
    subtitle text = STRING_TOKEN(STR_NULL);\r
\r
    goto SECUREBOOT_ENROLL_SIGNATURE_TO_DBT,\r
    prompt = STRING_TOKEN (STR_SECURE_BOOT_ENROLL_SIGNATURE),\r
    help   = STRING_TOKEN (STR_SECURE_BOOT_ENROLL_SIGNATURE),\r
    flags  = 0;\r
\r
    subtitle text = STRING_TOKEN(STR_NULL);\r
\r
    goto SECUREBOOT_DELETE_SIGNATURE_FROM_DBT,\r
    prompt = STRING_TOKEN (STR_SECURE_BOOT_DELETE_SIGNATURE),\r
    help   = STRING_TOKEN (STR_SECURE_BOOT_DELETE_SIGNATURE),\r
    flags  = INTERACTIVE,\r
    key    = SECUREBOOT_DELETE_SIGNATURE_FROM_DBT;\r
\r
  endform;\r
\r
  //\r
  // Form: 'Delete Signature' for DB Options.\r
  //\r
  form formid = SECUREBOOT_DELETE_SIGNATURE_FROM_DB,\r
    title  = STRING_TOKEN(STR_SECURE_BOOT_DELETE_SIGNATURE);\r
\r
    label LABEL_DB_DELETE;\r
    label LABEL_END;\r
    subtitle text = STRING_TOKEN(STR_NULL);\r
\r
  endform;\r
\r
  //\r
  // Form: 'Delete Signature' for DBX Options.\r
  //\r
  form formid = SECUREBOOT_DELETE_SIGNATURE_FROM_DBX,\r
    title  = STRING_TOKEN(STR_SECURE_BOOT_DELETE_SIGNATURE);\r
\r
    label LABEL_DBX_DELETE;\r
    label LABEL_END;\r
    subtitle text = STRING_TOKEN(STR_NULL);\r
\r
  endform;\r
\r
  //\r
  // Form: 'Delete Signature' for DBT Options.\r
  //\r
  form formid = SECUREBOOT_DELETE_SIGNATURE_FROM_DBT,\r
    title  = STRING_TOKEN(STR_SECURE_BOOT_DELETE_SIGNATURE);\r
\r
    label LABEL_DBT_DELETE;\r
    label LABEL_END;\r
    subtitle text = STRING_TOKEN(STR_NULL);\r
\r
  endform;\r
\r
  //\r
  // Form: 'Enroll Signature' for DB options.\r
  //\r
  form formid = SECUREBOOT_ENROLL_SIGNATURE_TO_DB,\r
    title = STRING_TOKEN(STR_SECURE_BOOT_ENROLL_SIGNATURE);\r
\r
    subtitle text = STRING_TOKEN(STR_NULL);\r
\r
    goto SECUREBOOT_ENROLL_SIGNATURE_TO_DB,\r
         prompt = STRING_TOKEN(STR_SECURE_BOOT_ADD_SIGNATURE_FILE),\r
         help = STRING_TOKEN(STR_SECURE_BOOT_ADD_SIGNATURE_FILE),\r
         flags = INTERACTIVE,\r
         key = SECUREBOOT_ENROLL_SIGNATURE_TO_DB;\r
\r
    subtitle text = STRING_TOKEN(STR_NULL);\r
    label SECUREBOOT_ENROLL_SIGNATURE_TO_DB;\r
    label LABEL_END;\r
    subtitle text = STRING_TOKEN(STR_NULL);\r
\r
    string  varid   = SECUREBOOT_CONFIGURATION.SignatureGuid,\r
            prompt  = STRING_TOKEN(STR_SECURE_BOOT_SIGNATURE_GUID),\r
            help    = STRING_TOKEN(STR_SECURE_BOOT_SIGNATURE_GUID_HELP),\r
            flags   = INTERACTIVE,\r
            key     = KEY_SECURE_BOOT_SIGNATURE_GUID_DB,\r
            minsize = SECURE_BOOT_GUID_SIZE,\r
            maxsize = SECURE_BOOT_GUID_SIZE,\r
    endstring;\r
\r
    subtitle text = STRING_TOKEN(STR_NULL);\r
    subtitle text = STRING_TOKEN(STR_NULL);\r
\r
    goto FORMID_SECURE_BOOT_OPTION_FORM,\r
         prompt = STRING_TOKEN(STR_SAVE_AND_EXIT),\r
         help   = STRING_TOKEN(STR_SAVE_AND_EXIT),\r
         flags  = INTERACTIVE,\r
         key    = KEY_VALUE_SAVE_AND_EXIT_DB;\r
\r
    goto FORMID_SECURE_BOOT_OPTION_FORM,\r
         prompt = STRING_TOKEN(STR_NO_SAVE_AND_EXIT),\r
         help   = STRING_TOKEN(STR_NO_SAVE_AND_EXIT),\r
         flags  = INTERACTIVE,\r
         key    = KEY_VALUE_NO_SAVE_AND_EXIT_DB;\r
\r
  endform;\r
\r
  //\r
  // Form: 'Enroll Signature' for DBX options.\r
  //\r
  form formid = SECUREBOOT_ENROLL_SIGNATURE_TO_DBX,\r
    title = STRING_TOKEN(STR_SECURE_BOOT_ENROLL_SIGNATURE);\r
\r
    subtitle text = STRING_TOKEN(STR_NULL);\r
\r
    goto SECUREBOOT_ENROLL_SIGNATURE_TO_DBX,\r
         prompt = STRING_TOKEN(STR_SECURE_BOOT_ADD_SIGNATURE_FILE),\r
         help = STRING_TOKEN(STR_SECURE_BOOT_ADD_SIGNATURE_FILE),\r
         flags = INTERACTIVE,\r
         key = SECUREBOOT_ENROLL_SIGNATURE_TO_DBX;\r
\r
    label SECUREBOOT_ENROLL_SIGNATURE_TO_DBX;\r
    label LABEL_END;\r
    subtitle text = STRING_TOKEN(STR_NULL);\r
\r
    string  varid   = SECUREBOOT_CONFIGURATION.SignatureGuid,\r
            prompt  = STRING_TOKEN(STR_SECURE_BOOT_SIGNATURE_GUID),\r
            help    = STRING_TOKEN(STR_SECURE_BOOT_SIGNATURE_GUID_HELP),\r
            flags   = INTERACTIVE,\r
            key     = KEY_SECURE_BOOT_SIGNATURE_GUID_DBX,\r
            minsize = SECURE_BOOT_GUID_SIZE,\r
            maxsize = SECURE_BOOT_GUID_SIZE,\r
    endstring;\r
\r
    oneof name = SignatureFormatInDbx,\r
          varid       = SECUREBOOT_CONFIGURATION.CertificateFormat,\r
          prompt      = STRING_TOKEN(STR_DBX_CERTIFICATE_FORMAT_PROMPT),\r
          help        = STRING_TOKEN(STR_DBX_CERTIFICATE_FORMAT_HELP),\r
          option text = STRING_TOKEN(STR_DBX_CERTIFICATE_FORMAT_SHA256), value = 0x2, flags = DEFAULT;\r
          option text = STRING_TOKEN(STR_DBX_CERTIFICATE_FORMAT_SHA384), value = 0x3, flags = 0;\r
          option text = STRING_TOKEN(STR_DBX_CERTIFICATE_FORMAT_SHA512), value = 0x4, flags = 0;\r
          option text = STRING_TOKEN(STR_DBX_CERTIFICATE_FORMAT_RAW), value = 0x5, flags = 0;\r
    endoneof;\r
\r
    suppressif ideqval SECUREBOOT_CONFIGURATION.CertificateFormat == 5;\r
        checkbox varid  = SECUREBOOT_CONFIGURATION.AlwaysRevocation,\r
               prompt = STRING_TOKEN(STR_ALWAYS_CERTIFICATE_REVOCATION_PROMPT),\r
               help   = STRING_TOKEN(STR_ALWAYS_CERTIFICATE_REVOCATION_HELP),\r
               flags  = INTERACTIVE,\r
        endcheckbox;\r
\r
        suppressif ideqval SECUREBOOT_CONFIGURATION.AlwaysRevocation == 1;\r
            date  varid  = SECUREBOOT_CONFIGURATION.RevocationDate,\r
                  prompt = STRING_TOKEN(STR_CERTIFICATE_REVOCATION_DATE_PROMPT),\r
                  help   = STRING_TOKEN(STR_CERTIFICATE_REVOCATION_DATE_HELP),\r
                  flags  = STORAGE_NORMAL,\r
            enddate;\r
\r
            time varid   = SECUREBOOT_CONFIGURATION.RevocationTime,\r
                 prompt  = STRING_TOKEN(STR_CERTIFICATE_REVOCATION_TIME_PROMPT),\r
                 help    = STRING_TOKEN(STR_CERTIFICATE_REVOCATION_TIME_HELP),\r
                 flags   = STORAGE_NORMAL,\r
            endtime;\r
        endif;\r
    endif;\r
\r
    subtitle text = STRING_TOKEN(STR_NULL);\r
    subtitle text = STRING_TOKEN(STR_NULL);\r
\r
    goto FORMID_SECURE_BOOT_OPTION_FORM,\r
         prompt = STRING_TOKEN(STR_SAVE_AND_EXIT),\r
         help   = STRING_TOKEN(STR_SAVE_AND_EXIT),\r
         flags  = INTERACTIVE,\r
         key    = KEY_VALUE_SAVE_AND_EXIT_DBX;\r
\r
    goto FORMID_SECURE_BOOT_OPTION_FORM,\r
         prompt = STRING_TOKEN(STR_NO_SAVE_AND_EXIT),\r
         help   = STRING_TOKEN(STR_NO_SAVE_AND_EXIT),\r
         flags  = INTERACTIVE,\r
         key    = KEY_VALUE_NO_SAVE_AND_EXIT_DBX;\r
\r
  endform;\r
\r
  //\r
  // Form: 'Enroll Signature' for DBT options.\r
  //\r
  form formid = SECUREBOOT_ENROLL_SIGNATURE_TO_DBT,\r
    title = STRING_TOKEN(STR_SECURE_BOOT_ENROLL_SIGNATURE);\r
\r
    subtitle text = STRING_TOKEN(STR_NULL);\r
\r
    goto SECUREBOOT_ENROLL_SIGNATURE_TO_DBT,\r
         prompt = STRING_TOKEN(STR_SECURE_BOOT_ADD_SIGNATURE_FILE),\r
         help = STRING_TOKEN(STR_SECURE_BOOT_ADD_SIGNATURE_FILE),\r
         flags = INTERACTIVE,\r
         key = SECUREBOOT_ENROLL_SIGNATURE_TO_DBT;\r
\r
    subtitle text = STRING_TOKEN(STR_NULL);\r
    label SECUREBOOT_ENROLL_SIGNATURE_TO_DBT;\r
    label LABEL_END;\r
    subtitle text = STRING_TOKEN(STR_NULL);\r
\r
    string  varid   = SECUREBOOT_CONFIGURATION.SignatureGuid,\r
            prompt  = STRING_TOKEN(STR_SECURE_BOOT_SIGNATURE_GUID),\r
            help    = STRING_TOKEN(STR_SECURE_BOOT_SIGNATURE_GUID_HELP),\r
            flags   = INTERACTIVE,\r
            key     = KEY_SECURE_BOOT_SIGNATURE_GUID_DBT,\r
            minsize = SECURE_BOOT_GUID_SIZE,\r
            maxsize = SECURE_BOOT_GUID_SIZE,\r
    endstring;\r
\r
    subtitle text = STRING_TOKEN(STR_NULL);\r
    subtitle text = STRING_TOKEN(STR_NULL);\r
\r
    goto FORMID_SECURE_BOOT_OPTION_FORM,\r
         prompt = STRING_TOKEN(STR_SAVE_AND_EXIT),\r
         help   = STRING_TOKEN(STR_SAVE_AND_EXIT),\r
         flags  = INTERACTIVE,\r
         key    = KEY_VALUE_SAVE_AND_EXIT_DBT;\r
\r
    goto FORMID_SECURE_BOOT_OPTION_FORM,\r
         prompt = STRING_TOKEN(STR_NO_SAVE_AND_EXIT),\r
         help   = STRING_TOKEN(STR_NO_SAVE_AND_EXIT),\r
         flags  = INTERACTIVE,\r
         key    = KEY_VALUE_NO_SAVE_AND_EXIT_DBT;\r
\r
  endform;\r
\r
endformset;
Commit	Line	Data
	1	/** @file\r
	2	VFR file used by the SecureBoot configuration component.\r
	3	\r
	4	Copyright (c) 2011 - 2016, Intel Corporation. All rights reserved.<BR>\r
	5	This program and the accompanying materials\r
	6	are licensed and made available under the terms and conditions of the BSD License\r
	7	which accompanies this distribution. The full text of the license may be found at\r
	8	http://opensource.org/licenses/bsd-license.php\r
	9	\r
	10	THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,\r
	11	WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
	12	\r
	13	**/\r
	14	\r
	15	#include "SecureBootConfigNvData.h"\r
	16	\r
	17	formset\r
	18	guid = SECUREBOOT_CONFIG_FORM_SET_GUID,\r
	19	title = STRING_TOKEN(STR_SECUREBOOT_TITLE),\r
	20	help = STRING_TOKEN(STR_SECUREBOOT_HELP),\r
	21	classguid = EFI_HII_PLATFORM_SETUP_FORMSET_GUID,\r
	22	\r
	23	varstore SECUREBOOT_CONFIGURATION,\r
	24	varid = SECUREBOOT_CONFIGURATION_VARSTORE_ID,\r
	25	name = SECUREBOOT_CONFIGURATION,\r
	26	guid = SECUREBOOT_CONFIG_FORM_SET_GUID;\r
	27	\r
	28	//\r
	29	// ##1 Form "Secure Boot Configuration"\r
	30	//\r
	31	form formid = SECUREBOOT_CONFIGURATION_FORM_ID,\r
	32	title = STRING_TOKEN(STR_SECUREBOOT_TITLE);\r
	33	\r
	34	subtitle text = STRING_TOKEN(STR_NULL);\r
	35	\r
	36	text\r
	37	help = STRING_TOKEN(STR_SECURE_BOOT_STATE_HELP),\r
	38	text = STRING_TOKEN(STR_SECURE_BOOT_STATE_PROMPT),\r
	39	text = STRING_TOKEN(STR_SECURE_BOOT_STATE_CONTENT);\r
	40	\r
	41	//\r
	42	// Display of Check Box: Attempt Secure Boot\r
	43	//\r
	44	grayoutif ideqval SECUREBOOT_CONFIGURATION.HideSecureBoot == 1 OR NOT ideqval SECUREBOOT_CONFIGURATION.PhysicalPresent == 1;\r
	45	checkbox varid = SECUREBOOT_CONFIGURATION.AttemptSecureBoot,\r
	46	questionid = KEY_SECURE_BOOT_ENABLE,\r
	47	prompt = STRING_TOKEN(STR_SECURE_BOOT_PROMPT),\r
	48	help = STRING_TOKEN(STR_SECURE_BOOT_HELP),\r
	49	flags = INTERACTIVE \| RESET_REQUIRED,\r
	50	endcheckbox;\r
	51	endif;\r
	52	\r
	53	//\r
	54	// Display of Oneof: 'Secure Boot Mode'\r
	55	//\r
	56	oneof name = SecureBootMode,\r
	57	questionid = KEY_SECURE_BOOT_MODE,\r
	58	prompt = STRING_TOKEN(STR_SECURE_BOOT_MODE_PROMPT),\r
	59	help = STRING_TOKEN(STR_SECURE_BOOT_MODE_HELP),\r
	60	flags = INTERACTIVE \| NUMERIC_SIZE_1,\r
	61	option text = STRING_TOKEN(STR_STANDARD_MODE), value = SECURE_BOOT_MODE_STANDARD, flags = DEFAULT;\r
	62	option text = STRING_TOKEN(STR_CUSTOM_MODE), value = SECURE_BOOT_MODE_CUSTOM, flags = 0;\r
	63	endoneof;\r
	64	\r
	65	//\r
	66	// Display of 'Current Secure Boot Mode'\r
	67	//\r
	68	suppressif questionref(SecureBootMode) == SECURE_BOOT_MODE_STANDARD;\r
	69	grayoutif NOT ideqval SECUREBOOT_CONFIGURATION.PhysicalPresent == 1;\r
	70	goto FORMID_SECURE_BOOT_OPTION_FORM,\r
	71	prompt = STRING_TOKEN(STR_SECURE_BOOT_OPTION),\r
	72	help = STRING_TOKEN(STR_SECURE_BOOT_OPTION_HELP),\r
	73	flags = INTERACTIVE,\r
	74	key = KEY_SECURE_BOOT_OPTION;\r
	75	endif;\r
	76	endif;\r
	77	\r
	78	endform;\r
	79	\r
	80	//\r
	81	// ##2 Form: 'Custom Secure Boot Options'\r
	82	//\r
	83	form formid = FORMID_SECURE_BOOT_OPTION_FORM,\r
	84	title = STRING_TOKEN(STR_SECURE_BOOT_OPTION_TITLE);\r
	85	\r
	86	subtitle text = STRING_TOKEN(STR_NULL);\r
	87	\r
	88	goto FORMID_SECURE_BOOT_PK_OPTION_FORM,\r
	89	prompt = STRING_TOKEN(STR_SECURE_BOOT_PK_OPTION),\r
	90	help = STRING_TOKEN(STR_SECURE_BOOT_PK_OPTION_HELP),\r
	91	flags = INTERACTIVE,\r
	92	key = KEY_SECURE_BOOT_PK_OPTION;\r
	93	\r
	94	subtitle text = STRING_TOKEN(STR_NULL);\r
	95	\r
	96	goto FORMID_SECURE_BOOT_KEK_OPTION_FORM,\r
	97	prompt = STRING_TOKEN(STR_SECURE_BOOT_KEK_OPTION),\r
	98	help = STRING_TOKEN(STR_SECURE_BOOT_KEK_OPTION_HELP),\r
	99	flags = INTERACTIVE,\r
	100	key = KEY_SECURE_BOOT_KEK_OPTION;\r
	101	\r
	102	subtitle text = STRING_TOKEN(STR_NULL);\r
	103	\r
	104	goto FORMID_SECURE_BOOT_DB_OPTION_FORM,\r
	105	prompt = STRING_TOKEN(STR_SECURE_BOOT_DB_OPTION),\r
	106	help = STRING_TOKEN(STR_SECURE_BOOT_DB_OPTION_HELP),\r
	107	flags = INTERACTIVE,\r
	108	key = KEY_SECURE_BOOT_DB_OPTION;\r
	109	\r
	110	subtitle text = STRING_TOKEN(STR_NULL);\r
	111	\r
	112	goto FORMID_SECURE_BOOT_DBX_OPTION_FORM,\r
	113	prompt = STRING_TOKEN(STR_SECURE_BOOT_DBX_OPTION),\r
	114	help = STRING_TOKEN(STR_SECURE_BOOT_DBX_OPTION_HELP),\r
	115	flags = INTERACTIVE,\r
	116	key = KEY_SECURE_BOOT_DBX_OPTION;\r
	117	\r
	118	subtitle text = STRING_TOKEN(STR_NULL);\r
	119	\r
	120	goto FORMID_SECURE_BOOT_DBT_OPTION_FORM,\r
	121	prompt = STRING_TOKEN(STR_SECURE_BOOT_DBT_OPTION),\r
	122	help = STRING_TOKEN(STR_SECURE_BOOT_DBT_OPTION_HELP),\r
	123	flags = INTERACTIVE,\r
	124	key = KEY_SECURE_BOOT_DBT_OPTION;\r
	125	\r
	126	endform;\r
	127	\r
	128	//\r
	129	// ##3 Form: 'PK Options'\r
	130	//\r
	131	form formid = FORMID_SECURE_BOOT_PK_OPTION_FORM,\r
	132	title = STRING_TOKEN(STR_SECURE_BOOT_PK_OPTION);\r
	133	\r
	134	subtitle text = STRING_TOKEN(STR_NULL);\r
	135	\r
	136	//\r
	137	// Display of 'Enroll PK'\r
	138	//\r
	139	grayoutif ideqval SECUREBOOT_CONFIGURATION.HasPk == 1;\r
	140	goto FORMID_ENROLL_PK_FORM,\r
	141	prompt = STRING_TOKEN(STR_ENROLL_PK),\r
	142	help = STRING_TOKEN(STR_ENROLL_PK_HELP),\r
	143	flags = INTERACTIVE,\r
	144	key = KEY_ENROLL_PK;\r
	145	endif;\r
	146	\r
	147	subtitle text = STRING_TOKEN(STR_NULL);\r
	148	\r
	149	//\r
	150	// Display of Check Box: 'Delete Pk'\r
	151	//\r
	152	grayoutif ideqval SECUREBOOT_CONFIGURATION.HideSecureBoot == 1;\r
	153	checkbox varid = SECUREBOOT_CONFIGURATION.DeletePk,\r
	154	questionid = KEY_SECURE_BOOT_DELETE_PK,\r
	155	prompt = STRING_TOKEN(STR_DELETE_PK),\r
	156	help = STRING_TOKEN(STR_DELETE_PK_HELP),\r
	157	flags = INTERACTIVE \| RESET_REQUIRED,\r
	158	endcheckbox;\r
	159	endif;\r
	160	endform;\r
	161	\r
	162	//\r
	163	// ##4 Form: 'Enroll PK'\r
	164	//\r
	165	form formid = FORMID_ENROLL_PK_FORM,\r
	166	title = STRING_TOKEN(STR_ENROLL_PK);\r
	167	\r
	168	subtitle text = STRING_TOKEN(STR_NULL);\r
	169	\r
	170	goto FORMID_ENROLL_PK_FORM,\r
	171	prompt = STRING_TOKEN(STR_SECURE_BOOT_ENROLL_PK_FILE),\r
	172	help = STRING_TOKEN(STR_SECURE_BOOT_ENROLL_PK_FILE),\r
	173	flags = INTERACTIVE,\r
	174	key = FORMID_ENROLL_PK_FORM;\r
	175	\r
	176	subtitle text = STRING_TOKEN(STR_NULL);\r
	177	label FORMID_ENROLL_PK_FORM;\r
	178	label LABEL_END;\r
	179	subtitle text = STRING_TOKEN(STR_NULL);\r
	180	\r
	181	goto FORMID_SECURE_BOOT_OPTION_FORM,\r
	182	prompt = STRING_TOKEN(STR_SAVE_AND_EXIT),\r
	183	help = STRING_TOKEN(STR_SAVE_AND_EXIT),\r
	184	flags = INTERACTIVE\| RESET_REQUIRED,\r
	185	key = KEY_VALUE_SAVE_AND_EXIT_PK;\r
	186	\r
	187	goto FORMID_SECURE_BOOT_OPTION_FORM,\r
	188	prompt = STRING_TOKEN(STR_NO_SAVE_AND_EXIT),\r
	189	help = STRING_TOKEN(STR_NO_SAVE_AND_EXIT),\r
	190	flags = INTERACTIVE,\r
	191	key = KEY_VALUE_NO_SAVE_AND_EXIT_PK;\r
	192	\r
	193	endform;\r
	194	\r
	195	//\r
	196	// ##5 Form: 'KEK Options'\r
	197	//\r
	198	form formid = FORMID_SECURE_BOOT_KEK_OPTION_FORM,\r
	199	title = STRING_TOKEN(STR_SECURE_BOOT_KEK_OPTION);\r
	200	\r
	201	//\r
	202	// Display of 'Enroll KEK'\r
	203	//\r
	204	goto FORMID_ENROLL_KEK_FORM,\r
	205	prompt = STRING_TOKEN(STR_ENROLL_KEK),\r
	206	help = STRING_TOKEN(STR_ENROLL_KEK_HELP),\r
	207	flags = INTERACTIVE;\r
	208	\r
	209	subtitle text = STRING_TOKEN(STR_NULL);\r
	210	\r
	211	//\r
	212	// Display of 'Delete KEK'\r
	213	//\r
	214	goto FORMID_DELETE_KEK_FORM,\r
	215	prompt = STRING_TOKEN(STR_DELETE_KEK),\r
	216	help = STRING_TOKEN(STR_DELETE_KEK_HELP),\r
	217	flags = INTERACTIVE,\r
	218	key = KEY_DELETE_KEK;\r
	219	\r
	220	subtitle text = STRING_TOKEN(STR_NULL);\r
	221	endform;\r
	222	\r
	223	//\r
	224	// ##6 Form: 'Enroll KEK'\r
	225	//\r
	226	form formid = FORMID_ENROLL_KEK_FORM,\r
	227	title = STRING_TOKEN(STR_ENROLL_KEK_TITLE);\r
	228	\r
	229	subtitle text = STRING_TOKEN(STR_NULL);\r
	230	\r
	231	goto FORMID_ENROLL_KEK_FORM,\r
	232	prompt = STRING_TOKEN(STR_FORM_ENROLL_KEK_FROM_FILE_TITLE),\r
	233	help = STRING_TOKEN(STR_FORM_ENROLL_KEK_FROM_FILE_TITLE_HELP),\r
	234	flags = INTERACTIVE,\r
	235	key = FORMID_ENROLL_KEK_FORM;\r
	236	\r
	237	subtitle text = STRING_TOKEN(STR_NULL);\r
	238	label FORMID_ENROLL_KEK_FORM;\r
	239	label LABEL_END;\r
	240	subtitle text = STRING_TOKEN(STR_NULL);\r
	241	\r
	242	string varid = SECUREBOOT_CONFIGURATION.SignatureGuid,\r
	243	prompt = STRING_TOKEN(STR_SECURE_BOOT_SIGNATURE_GUID),\r
	244	help = STRING_TOKEN(STR_SECURE_BOOT_SIGNATURE_GUID_HELP),\r
	245	flags = INTERACTIVE,\r
	246	key = KEY_SECURE_BOOT_KEK_GUID,\r
	247	minsize = SECURE_BOOT_GUID_SIZE,\r
	248	maxsize = SECURE_BOOT_GUID_SIZE,\r
	249	endstring;\r
	250	\r
	251	subtitle text = STRING_TOKEN(STR_NULL);\r
	252	subtitle text = STRING_TOKEN(STR_NULL);\r
	253	\r
	254	goto FORMID_SECURE_BOOT_OPTION_FORM,\r
	255	prompt = STRING_TOKEN(STR_SAVE_AND_EXIT),\r
	256	help = STRING_TOKEN(STR_SAVE_AND_EXIT),\r
	257	flags = INTERACTIVE,\r
	258	key = KEY_VALUE_SAVE_AND_EXIT_KEK;\r
	259	\r
	260	goto FORMID_SECURE_BOOT_OPTION_FORM,\r
	261	prompt = STRING_TOKEN(STR_NO_SAVE_AND_EXIT),\r
	262	help = STRING_TOKEN(STR_NO_SAVE_AND_EXIT),\r
	263	flags = INTERACTIVE,\r
	264	key = KEY_VALUE_NO_SAVE_AND_EXIT_KEK;\r
	265	\r
	266	endform;\r
	267	\r
	268	//\r
	269	// ##7 Form: 'Delete KEK'\r
	270	//\r
	271	form formid = FORMID_DELETE_KEK_FORM,\r
	272	title = STRING_TOKEN(STR_DELETE_KEK_TITLE);\r
	273	\r
	274	label LABEL_KEK_DELETE;\r
	275	label LABEL_END;\r
	276	\r
	277	subtitle text = STRING_TOKEN(STR_NULL);\r
	278	\r
	279	endform;\r
	280	\r
	281	//\r
	282	// ##8 Form: 'DB Options'\r
	283	//\r
	284	form formid = FORMID_SECURE_BOOT_DB_OPTION_FORM,\r
	285	title = STRING_TOKEN(STR_SECURE_BOOT_DB_OPTION);\r
	286	\r
	287	subtitle text = STRING_TOKEN(STR_NULL);\r
	288	\r
	289	goto SECUREBOOT_ENROLL_SIGNATURE_TO_DB,\r
	290	prompt = STRING_TOKEN (STR_SECURE_BOOT_ENROLL_SIGNATURE),\r
	291	help = STRING_TOKEN (STR_SECURE_BOOT_ENROLL_SIGNATURE),\r
	292	flags = 0;\r
	293	\r
	294	subtitle text = STRING_TOKEN(STR_NULL);\r
	295	\r
	296	goto SECUREBOOT_DELETE_SIGNATURE_FROM_DB,\r
	297	prompt = STRING_TOKEN (STR_SECURE_BOOT_DELETE_SIGNATURE),\r
	298	help = STRING_TOKEN (STR_SECURE_BOOT_DELETE_SIGNATURE),\r
	299	flags = INTERACTIVE,\r
	300	key = SECUREBOOT_DELETE_SIGNATURE_FROM_DB;\r
	301	\r
	302	endform;\r
	303	\r
	304	//\r
	305	// ##9 Form: 'DBX Options'\r
	306	//\r
	307	form formid = FORMID_SECURE_BOOT_DBX_OPTION_FORM,\r
	308	title = STRING_TOKEN(STR_SECURE_BOOT_DBX_OPTION);\r
	309	\r
	310	subtitle text = STRING_TOKEN(STR_NULL);\r
	311	\r
	312	goto SECUREBOOT_ENROLL_SIGNATURE_TO_DBX,\r
	313	prompt = STRING_TOKEN (STR_SECURE_BOOT_ENROLL_SIGNATURE),\r
	314	help = STRING_TOKEN (STR_SECURE_BOOT_ENROLL_SIGNATURE),\r
	315	flags = 0;\r
	316	\r
	317	subtitle text = STRING_TOKEN(STR_NULL);\r
	318	\r
	319	goto SECUREBOOT_DELETE_SIGNATURE_FROM_DBX,\r
	320	prompt = STRING_TOKEN (STR_SECURE_BOOT_DELETE_SIGNATURE),\r
	321	help = STRING_TOKEN (STR_SECURE_BOOT_DELETE_SIGNATURE),\r
	322	flags = INTERACTIVE,\r
	323	key = SECUREBOOT_DELETE_SIGNATURE_FROM_DBX;\r
	324	\r
	325	endform;\r
	326	\r
	327	//\r
	328	// ##9 Form: 'DBT Options'\r
	329	//\r
	330	form formid = FORMID_SECURE_BOOT_DBT_OPTION_FORM,\r
	331	title = STRING_TOKEN(STR_SECURE_BOOT_DBT_OPTION);\r
	332	\r
	333	subtitle text = STRING_TOKEN(STR_NULL);\r
	334	\r
	335	goto SECUREBOOT_ENROLL_SIGNATURE_TO_DBT,\r
	336	prompt = STRING_TOKEN (STR_SECURE_BOOT_ENROLL_SIGNATURE),\r
	337	help = STRING_TOKEN (STR_SECURE_BOOT_ENROLL_SIGNATURE),\r
	338	flags = 0;\r
	339	\r
	340	subtitle text = STRING_TOKEN(STR_NULL);\r
	341	\r
	342	goto SECUREBOOT_DELETE_SIGNATURE_FROM_DBT,\r
	343	prompt = STRING_TOKEN (STR_SECURE_BOOT_DELETE_SIGNATURE),\r
	344	help = STRING_TOKEN (STR_SECURE_BOOT_DELETE_SIGNATURE),\r
	345	flags = INTERACTIVE,\r
	346	key = SECUREBOOT_DELETE_SIGNATURE_FROM_DBT;\r
	347	\r
	348	endform;\r
	349	\r
	350	//\r
	351	// Form: 'Delete Signature' for DB Options.\r
	352	//\r
	353	form formid = SECUREBOOT_DELETE_SIGNATURE_FROM_DB,\r
	354	title = STRING_TOKEN(STR_SECURE_BOOT_DELETE_SIGNATURE);\r
	355	\r
	356	label LABEL_DB_DELETE;\r
	357	label LABEL_END;\r
	358	subtitle text = STRING_TOKEN(STR_NULL);\r
	359	\r
	360	endform;\r
	361	\r
	362	//\r
	363	// Form: 'Delete Signature' for DBX Options.\r
	364	//\r
	365	form formid = SECUREBOOT_DELETE_SIGNATURE_FROM_DBX,\r
	366	title = STRING_TOKEN(STR_SECURE_BOOT_DELETE_SIGNATURE);\r
	367	\r
	368	label LABEL_DBX_DELETE;\r
	369	label LABEL_END;\r
	370	subtitle text = STRING_TOKEN(STR_NULL);\r
	371	\r
	372	endform;\r
	373	\r
	374	//\r
	375	// Form: 'Delete Signature' for DBT Options.\r
	376	//\r
	377	form formid = SECUREBOOT_DELETE_SIGNATURE_FROM_DBT,\r
	378	title = STRING_TOKEN(STR_SECURE_BOOT_DELETE_SIGNATURE);\r
	379	\r
	380	label LABEL_DBT_DELETE;\r
	381	label LABEL_END;\r
	382	subtitle text = STRING_TOKEN(STR_NULL);\r
	383	\r
	384	endform;\r
	385	\r
	386	//\r
	387	// Form: 'Enroll Signature' for DB options.\r
	388	//\r
	389	form formid = SECUREBOOT_ENROLL_SIGNATURE_TO_DB,\r
	390	title = STRING_TOKEN(STR_SECURE_BOOT_ENROLL_SIGNATURE);\r
	391	\r
	392	subtitle text = STRING_TOKEN(STR_NULL);\r
	393	\r
	394	goto SECUREBOOT_ENROLL_SIGNATURE_TO_DB,\r
	395	prompt = STRING_TOKEN(STR_SECURE_BOOT_ADD_SIGNATURE_FILE),\r
	396	help = STRING_TOKEN(STR_SECURE_BOOT_ADD_SIGNATURE_FILE),\r
	397	flags = INTERACTIVE,\r
	398	key = SECUREBOOT_ENROLL_SIGNATURE_TO_DB;\r
	399	\r
	400	subtitle text = STRING_TOKEN(STR_NULL);\r
	401	label SECUREBOOT_ENROLL_SIGNATURE_TO_DB;\r
	402	label LABEL_END;\r
	403	subtitle text = STRING_TOKEN(STR_NULL);\r
	404	\r
	405	string varid = SECUREBOOT_CONFIGURATION.SignatureGuid,\r
	406	prompt = STRING_TOKEN(STR_SECURE_BOOT_SIGNATURE_GUID),\r
	407	help = STRING_TOKEN(STR_SECURE_BOOT_SIGNATURE_GUID_HELP),\r
	408	flags = INTERACTIVE,\r
	409	key = KEY_SECURE_BOOT_SIGNATURE_GUID_DB,\r
	410	minsize = SECURE_BOOT_GUID_SIZE,\r
	411	maxsize = SECURE_BOOT_GUID_SIZE,\r
	412	endstring;\r
	413	\r
	414	subtitle text = STRING_TOKEN(STR_NULL);\r
	415	subtitle text = STRING_TOKEN(STR_NULL);\r
	416	\r
	417	goto FORMID_SECURE_BOOT_OPTION_FORM,\r
	418	prompt = STRING_TOKEN(STR_SAVE_AND_EXIT),\r
	419	help = STRING_TOKEN(STR_SAVE_AND_EXIT),\r
	420	flags = INTERACTIVE,\r
	421	key = KEY_VALUE_SAVE_AND_EXIT_DB;\r
	422	\r
	423	goto FORMID_SECURE_BOOT_OPTION_FORM,\r
	424	prompt = STRING_TOKEN(STR_NO_SAVE_AND_EXIT),\r
	425	help = STRING_TOKEN(STR_NO_SAVE_AND_EXIT),\r
	426	flags = INTERACTIVE,\r
	427	key = KEY_VALUE_NO_SAVE_AND_EXIT_DB;\r
	428	\r
	429	endform;\r
	430	\r
	431	//\r
	432	// Form: 'Enroll Signature' for DBX options.\r
	433	//\r
	434	form formid = SECUREBOOT_ENROLL_SIGNATURE_TO_DBX,\r
	435	title = STRING_TOKEN(STR_SECURE_BOOT_ENROLL_SIGNATURE);\r
	436	\r
	437	subtitle text = STRING_TOKEN(STR_NULL);\r
	438	\r
	439	goto SECUREBOOT_ENROLL_SIGNATURE_TO_DBX,\r
	440	prompt = STRING_TOKEN(STR_SECURE_BOOT_ADD_SIGNATURE_FILE),\r
	441	help = STRING_TOKEN(STR_SECURE_BOOT_ADD_SIGNATURE_FILE),\r
	442	flags = INTERACTIVE,\r
	443	key = SECUREBOOT_ENROLL_SIGNATURE_TO_DBX;\r
	444	\r
	445	label SECUREBOOT_ENROLL_SIGNATURE_TO_DBX;\r
	446	label LABEL_END;\r
	447	subtitle text = STRING_TOKEN(STR_NULL);\r
	448	\r
	449	string varid = SECUREBOOT_CONFIGURATION.SignatureGuid,\r
	450	prompt = STRING_TOKEN(STR_SECURE_BOOT_SIGNATURE_GUID),\r
	451	help = STRING_TOKEN(STR_SECURE_BOOT_SIGNATURE_GUID_HELP),\r
	452	flags = INTERACTIVE,\r
	453	key = KEY_SECURE_BOOT_SIGNATURE_GUID_DBX,\r
	454	minsize = SECURE_BOOT_GUID_SIZE,\r
	455	maxsize = SECURE_BOOT_GUID_SIZE,\r
	456	endstring;\r
	457	\r
	458	oneof name = SignatureFormatInDbx,\r
	459	varid = SECUREBOOT_CONFIGURATION.CertificateFormat,\r
	460	prompt = STRING_TOKEN(STR_DBX_CERTIFICATE_FORMAT_PROMPT),\r
	461	help = STRING_TOKEN(STR_DBX_CERTIFICATE_FORMAT_HELP),\r
	462	option text = STRING_TOKEN(STR_DBX_CERTIFICATE_FORMAT_SHA256), value = 0x2, flags = DEFAULT;\r
	463	option text = STRING_TOKEN(STR_DBX_CERTIFICATE_FORMAT_SHA384), value = 0x3, flags = 0;\r
	464	option text = STRING_TOKEN(STR_DBX_CERTIFICATE_FORMAT_SHA512), value = 0x4, flags = 0;\r
	465	option text = STRING_TOKEN(STR_DBX_CERTIFICATE_FORMAT_RAW), value = 0x5, flags = 0;\r
	466	endoneof;\r
	467	\r
	468	suppressif ideqval SECUREBOOT_CONFIGURATION.CertificateFormat == 5;\r
	469	checkbox varid = SECUREBOOT_CONFIGURATION.AlwaysRevocation,\r
	470	prompt = STRING_TOKEN(STR_ALWAYS_CERTIFICATE_REVOCATION_PROMPT),\r
	471	help = STRING_TOKEN(STR_ALWAYS_CERTIFICATE_REVOCATION_HELP),\r
	472	flags = INTERACTIVE,\r
	473	endcheckbox;\r
	474	\r
	475	suppressif ideqval SECUREBOOT_CONFIGURATION.AlwaysRevocation == 1;\r
	476	date varid = SECUREBOOT_CONFIGURATION.RevocationDate,\r
	477	prompt = STRING_TOKEN(STR_CERTIFICATE_REVOCATION_DATE_PROMPT),\r
	478	help = STRING_TOKEN(STR_CERTIFICATE_REVOCATION_DATE_HELP),\r
	479	flags = STORAGE_NORMAL,\r
	480	enddate;\r
	481	\r
	482	time varid = SECUREBOOT_CONFIGURATION.RevocationTime,\r
	483	prompt = STRING_TOKEN(STR_CERTIFICATE_REVOCATION_TIME_PROMPT),\r
	484	help = STRING_TOKEN(STR_CERTIFICATE_REVOCATION_TIME_HELP),\r
	485	flags = STORAGE_NORMAL,\r
	486	endtime;\r
	487	endif;\r
	488	endif;\r
	489	\r
	490	subtitle text = STRING_TOKEN(STR_NULL);\r
	491	subtitle text = STRING_TOKEN(STR_NULL);\r
	492	\r
	493	goto FORMID_SECURE_BOOT_OPTION_FORM,\r
	494	prompt = STRING_TOKEN(STR_SAVE_AND_EXIT),\r
	495	help = STRING_TOKEN(STR_SAVE_AND_EXIT),\r
	496	flags = INTERACTIVE,\r
	497	key = KEY_VALUE_SAVE_AND_EXIT_DBX;\r
	498	\r
	499	goto FORMID_SECURE_BOOT_OPTION_FORM,\r
	500	prompt = STRING_TOKEN(STR_NO_SAVE_AND_EXIT),\r
	501	help = STRING_TOKEN(STR_NO_SAVE_AND_EXIT),\r
	502	flags = INTERACTIVE,\r
	503	key = KEY_VALUE_NO_SAVE_AND_EXIT_DBX;\r
	504	\r
	505	endform;\r
	506	\r
	507	//\r
	508	// Form: 'Enroll Signature' for DBT options.\r
	509	//\r
	510	form formid = SECUREBOOT_ENROLL_SIGNATURE_TO_DBT,\r
	511	title = STRING_TOKEN(STR_SECURE_BOOT_ENROLL_SIGNATURE);\r
	512	\r
	513	subtitle text = STRING_TOKEN(STR_NULL);\r
	514	\r
	515	goto SECUREBOOT_ENROLL_SIGNATURE_TO_DBT,\r
	516	prompt = STRING_TOKEN(STR_SECURE_BOOT_ADD_SIGNATURE_FILE),\r
	517	help = STRING_TOKEN(STR_SECURE_BOOT_ADD_SIGNATURE_FILE),\r
	518	flags = INTERACTIVE,\r
	519	key = SECUREBOOT_ENROLL_SIGNATURE_TO_DBT;\r
	520	\r
	521	subtitle text = STRING_TOKEN(STR_NULL);\r
	522	label SECUREBOOT_ENROLL_SIGNATURE_TO_DBT;\r
	523	label LABEL_END;\r
	524	subtitle text = STRING_TOKEN(STR_NULL);\r
	525	\r
	526	string varid = SECUREBOOT_CONFIGURATION.SignatureGuid,\r
	527	prompt = STRING_TOKEN(STR_SECURE_BOOT_SIGNATURE_GUID),\r
	528	help = STRING_TOKEN(STR_SECURE_BOOT_SIGNATURE_GUID_HELP),\r
	529	flags = INTERACTIVE,\r
	530	key = KEY_SECURE_BOOT_SIGNATURE_GUID_DBT,\r
	531	minsize = SECURE_BOOT_GUID_SIZE,\r
	532	maxsize = SECURE_BOOT_GUID_SIZE,\r
	533	endstring;\r
	534	\r
	535	subtitle text = STRING_TOKEN(STR_NULL);\r
	536	subtitle text = STRING_TOKEN(STR_NULL);\r
	537	\r
	538	goto FORMID_SECURE_BOOT_OPTION_FORM,\r
	539	prompt = STRING_TOKEN(STR_SAVE_AND_EXIT),\r
	540	help = STRING_TOKEN(STR_SAVE_AND_EXIT),\r
	541	flags = INTERACTIVE,\r
	542	key = KEY_VALUE_SAVE_AND_EXIT_DBT;\r
	543	\r
	544	goto FORMID_SECURE_BOOT_OPTION_FORM,\r
	545	prompt = STRING_TOKEN(STR_NO_SAVE_AND_EXIT),\r
	546	help = STRING_TOKEN(STR_NO_SAVE_AND_EXIT),\r
	547	flags = INTERACTIVE,\r
	548	key = KEY_VALUE_NO_SAVE_AND_EXIT_DBT;\r
	549	\r
	550	endform;\r
	551	\r
	552	endformset;