]> git.proxmox.com Git - mirror_edk2.git/blob - SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfig.vfr
projects / mirror_edk2.git / blob
? search:


656befbb44fb70d0a431f74bcfdce54ae211bba2
[mirror_edk2.git] / SecurityPkg / VariableAuthenticated / SecureBootConfigDxe / SecureBootConfig.vfr
1 /** @file
2 VFR file used by the SecureBoot configuration component.
3
4 Copyright (c) 2011 - 2013, Intel Corporation. All rights reserved.<BR>
5 This program and the accompanying materials
6 are licensed and made available under the terms and conditions of the BSD License
7 which accompanies this distribution. The full text of the license may be found at
8 http://opensource.org/licenses/bsd-license.php
9
10 THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
11 WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
12
13 **/
14
15 #include "SecureBootConfigNvData.h"
16
17 formset
18 guid = SECUREBOOT_CONFIG_FORM_SET_GUID,
19 title = STRING_TOKEN(STR_SECUREBOOT_TITLE),
20 help = STRING_TOKEN(STR_SECUREBOOT_HELP),
21 classguid = EFI_HII_PLATFORM_SETUP_FORMSET_GUID,
22
23 varstore SECUREBOOT_CONFIGURATION,
24 varid = SECUREBOOT_CONFIGURATION_VARSTORE_ID,
25 name = SECUREBOOT_CONFIGURATION,
26 guid = SECUREBOOT_CONFIG_FORM_SET_GUID;
27
28 //
29 // ##1 Form "Secure Boot Configuration"
30 //
31 form formid = SECUREBOOT_CONFIGURATION_FORM_ID,
32 title = STRING_TOKEN(STR_SECUREBOOT_TITLE);
33
34 subtitle text = STRING_TOKEN(STR_NULL);
35
36 text
37 help = STRING_TOKEN(STR_SECURE_BOOT_STATE_HELP),
38 text = STRING_TOKEN(STR_SECURE_BOOT_STATE_PROMPT),
39 text = STRING_TOKEN(STR_SECURE_BOOT_STATE_CONTENT);
40
41 //
42 // Define of Check Box: Attempt Secure Boot
43 //
44 suppressif TRUE;
45 checkbox varid = SECUREBOOT_CONFIGURATION.HideSecureBoot,
46 questionid = KEY_HIDE_SECURE_BOOT,
47 prompt = STRING_TOKEN(STR_NULL),
48 help = STRING_TOKEN(STR_NULL),
49 flags = INTERACTIVE,
50 endcheckbox;
51 endif;
52
53 //
54 // Display of Check Box: Attempt Secure Boot
55 //
56 grayoutif ideqval SECUREBOOT_CONFIGURATION.HideSecureBoot == 1;
57 checkbox varid = SECUREBOOT_CONFIGURATION.AttemptSecureBoot,
58 questionid = KEY_SECURE_BOOT_ENABLE,
59 prompt = STRING_TOKEN(STR_SECURE_BOOT_PROMPT),
60 help = STRING_TOKEN(STR_SECURE_BOOT_HELP),
61 flags = INTERACTIVE | RESET_REQUIRED,
62 endcheckbox;
63 endif;
64
65 //
66 // Display of Oneof: 'Secure Boot Mode'
67 //
68 oneof varid = SECUREBOOT_CONFIGURATION.SecureBootMode,
69 questionid = KEY_SECURE_BOOT_MODE,
70 prompt = STRING_TOKEN(STR_SECURE_BOOT_MODE_PROMPT),
71 help = STRING_TOKEN(STR_SECURE_BOOT_MODE_HELP),
72 flags = INTERACTIVE,
73 option text = STRING_TOKEN(STR_STANDARD_MODE), value = SECURE_BOOT_MODE_STANDARD, flags = DEFAULT;
74 option text = STRING_TOKEN(STR_CUSTOM_MODE), value = SECURE_BOOT_MODE_CUSTOM, flags = 0;
75 endoneof;
76
77 //
78 //
79 // Display of 'Current Secure Boot Mode'
80 //
81 suppressif ideqval SECUREBOOT_CONFIGURATION.SecureBootMode == SECURE_BOOT_MODE_STANDARD;
82 grayoutif NOT ideqval SECUREBOOT_CONFIGURATION.PhysicalPresent == 1;
83 goto FORMID_SECURE_BOOT_OPTION_FORM,
84 prompt = STRING_TOKEN(STR_SECURE_BOOT_OPTION),
85 help = STRING_TOKEN(STR_SECURE_BOOT_OPTION_HELP),
86 flags = INTERACTIVE,
87 key = KEY_SECURE_BOOT_OPTION;
88 endif;
89 endif;
90 endform;
91
92 //
93 // ##2 Form: 'Custom Secure Boot Options'
94 //
95 form formid = FORMID_SECURE_BOOT_OPTION_FORM,
96 title = STRING_TOKEN(STR_SECURE_BOOT_OPTION_TITLE);
97
98 subtitle text = STRING_TOKEN(STR_NULL);
99
100 goto FORMID_SECURE_BOOT_PK_OPTION_FORM,
101 prompt = STRING_TOKEN(STR_SECURE_BOOT_PK_OPTION),
102 help = STRING_TOKEN(STR_SECURE_BOOT_PK_OPTION_HELP),
103 flags = INTERACTIVE,
104 key = KEY_SECURE_BOOT_PK_OPTION;
105
106 subtitle text = STRING_TOKEN(STR_NULL);
107
108 goto FORMID_SECURE_BOOT_KEK_OPTION_FORM,
109 prompt = STRING_TOKEN(STR_SECURE_BOOT_KEK_OPTION),
110 help = STRING_TOKEN(STR_SECURE_BOOT_KEK_OPTION_HELP),
111 flags = INTERACTIVE,
112 key = KEY_SECURE_BOOT_KEK_OPTION;
113
114 subtitle text = STRING_TOKEN(STR_NULL);
115
116 goto FORMID_SECURE_BOOT_DB_OPTION_FORM,
117 prompt = STRING_TOKEN(STR_SECURE_BOOT_DB_OPTION),
118 help = STRING_TOKEN(STR_SECURE_BOOT_DB_OPTION_HELP),
119 flags = INTERACTIVE,
120 key = KEY_SECURE_BOOT_DB_OPTION;
121
122 subtitle text = STRING_TOKEN(STR_NULL);
123
124 goto FORMID_SECURE_BOOT_DBX_OPTION_FORM,
125 prompt = STRING_TOKEN(STR_SECURE_BOOT_DBX_OPTION),
126 help = STRING_TOKEN(STR_SECURE_BOOT_DBX_OPTION_HELP),
127 flags = INTERACTIVE,
128 key = KEY_SECURE_BOOT_DBX_OPTION;
129
130 endform;
131
132 //
133 // ##3 Form: 'PK Options'
134 //
135 form formid = FORMID_SECURE_BOOT_PK_OPTION_FORM,
136 title = STRING_TOKEN(STR_SECURE_BOOT_PK_OPTION);
137
138 subtitle text = STRING_TOKEN(STR_NULL);
139
140 //
141 // Define of Check Box: 'Delete PK'
142 //
143 suppressif TRUE;
144 checkbox varid = SECUREBOOT_CONFIGURATION.DeletePk,
145 prompt = STRING_TOKEN(STR_NULL),
146 help = STRING_TOKEN(STR_NULL),
147 endcheckbox;
148 endif;
149
150 grayoutif ideqval SECUREBOOT_CONFIGURATION.HasPk == 1;
151 goto FORMID_ENROLL_PK_FORM,
152 prompt = STRING_TOKEN(STR_ENROLL_PK),
153 help = STRING_TOKEN(STR_ENROLL_PK_HELP),
154 flags = INTERACTIVE,
155 key = KEY_ENROLL_PK;
156 endif;
157
158 subtitle text = STRING_TOKEN(STR_NULL);
159
160 //
161 // Display of Check Box: 'Delete Pk'
162 //
163 grayoutif ideqval SECUREBOOT_CONFIGURATION.HideSecureBoot == 1;
164 checkbox varid = SECUREBOOT_CONFIGURATION.DeletePk,
165 questionid = KEY_SECURE_BOOT_DELETE_PK,
166 prompt = STRING_TOKEN(STR_DELETE_PK),
167 help = STRING_TOKEN(STR_DELETE_PK_HELP),
168 flags = INTERACTIVE | RESET_REQUIRED,
169 endcheckbox;
170 endif;
171 endform;
172
173 //
174 // ##4 Form: 'Enroll PK'
175 //
176 form formid = FORMID_ENROLL_PK_FORM,
177 title = STRING_TOKEN(STR_ENROLL_PK);
178
179 subtitle text = STRING_TOKEN(STR_NULL);
180
181 goto FORM_FILE_EXPLORER_ID_PK,
182 prompt = STRING_TOKEN(STR_SECURE_BOOT_ENROLL_PK_FILE),
183 help = STRING_TOKEN(STR_SECURE_BOOT_ENROLL_PK_FILE),
184 flags = INTERACTIVE,
185 key = SECUREBOOT_ADD_PK_FILE_FORM_ID;
186 endform;
187
188 //
189 // ##5 Form: 'KEK Options'
190 //
191 form formid = FORMID_SECURE_BOOT_KEK_OPTION_FORM,
192 title = STRING_TOKEN(STR_SECURE_BOOT_KEK_OPTION);
193
194 //
195 // Display of 'Enroll KEK'
196 //
197 goto FORMID_ENROLL_KEK_FORM,
198 prompt = STRING_TOKEN(STR_ENROLL_KEK),
199 help = STRING_TOKEN(STR_ENROLL_KEK_HELP),
200 flags = INTERACTIVE;
201
202 subtitle text = STRING_TOKEN(STR_NULL);
203
204 //
205 // Display of 'Delete KEK'
206 //
207 goto FORMID_DELETE_KEK_FORM,
208 prompt = STRING_TOKEN(STR_DELETE_KEK),
209 help = STRING_TOKEN(STR_DELETE_KEK_HELP),
210 flags = INTERACTIVE,
211 key = KEY_DELETE_KEK;
212
213 subtitle text = STRING_TOKEN(STR_NULL);
214 endform;
215
216 //
217 // ##6 Form: 'Enroll KEK'
218 //
219 form formid = FORMID_ENROLL_KEK_FORM,
220 title = STRING_TOKEN(STR_ENROLL_KEK_TITLE);
221
222 subtitle text = STRING_TOKEN(STR_NULL);
223
224 goto FORM_FILE_EXPLORER_ID_KEK,
225 prompt = STRING_TOKEN(STR_FORM_ENROLL_KEK_FROM_FILE_TITLE),
226 help = STRING_TOKEN(STR_FORM_ENROLL_KEK_FROM_FILE_TITLE_HELP),
227 flags = INTERACTIVE,
228 key = FORMID_ENROLL_KEK_FORM;
229
230 subtitle text = STRING_TOKEN(STR_NULL);
231 label FORMID_ENROLL_KEK_FORM;
232 label LABEL_END;
233 subtitle text = STRING_TOKEN(STR_NULL);
234
235 string varid = SECUREBOOT_CONFIGURATION.SignatureGuid,
236 prompt = STRING_TOKEN(STR_SECURE_BOOT_SIGNATURE_GUID),
237 help = STRING_TOKEN(STR_SECURE_BOOT_SIGNATURE_GUID_HELP),
238 flags = INTERACTIVE,
239 key = KEY_SECURE_BOOT_KEK_GUID,
240 minsize = SECURE_BOOT_GUID_SIZE,
241 maxsize = SECURE_BOOT_GUID_SIZE,
242 endstring;
243
244 subtitle text = STRING_TOKEN(STR_NULL);
245 subtitle text = STRING_TOKEN(STR_NULL);
246
247 goto FORMID_SECURE_BOOT_OPTION_FORM,
248 prompt = STRING_TOKEN(STR_SAVE_AND_EXIT),
249 help = STRING_TOKEN(STR_SAVE_AND_EXIT),
250 flags = INTERACTIVE,
251 key = KEY_VALUE_SAVE_AND_EXIT_KEK;
252
253 goto FORMID_SECURE_BOOT_OPTION_FORM,
254 prompt = STRING_TOKEN(STR_NO_SAVE_AND_EXIT),
255 help = STRING_TOKEN(STR_NO_SAVE_AND_EXIT),
256 flags = INTERACTIVE,
257 key = KEY_VALUE_NO_SAVE_AND_EXIT_KEK;
258
259 endform;
260
261 //
262 // ##7 Form: 'Delete KEK'
263 //
264 form formid = FORMID_DELETE_KEK_FORM,
265 title = STRING_TOKEN(STR_DELETE_KEK_TITLE);
266
267 label LABEL_KEK_DELETE;
268 label LABEL_END;
269
270 subtitle text = STRING_TOKEN(STR_NULL);
271
272 endform;
273
274 //
275 // ##8 Form: 'DB Options'
276 //
277 form formid = FORMID_SECURE_BOOT_DB_OPTION_FORM,
278 title = STRING_TOKEN(STR_SECURE_BOOT_DB_OPTION);
279
280 subtitle text = STRING_TOKEN(STR_NULL);
281
282 goto SECUREBOOT_ENROLL_SIGNATURE_TO_DB,
283 prompt = STRING_TOKEN (STR_SECURE_BOOT_ENROLL_SIGNATURE),
284 help = STRING_TOKEN (STR_SECURE_BOOT_ENROLL_SIGNATURE),
285 flags = 0;
286
287 subtitle text = STRING_TOKEN(STR_NULL);
288
289 goto SECUREBOOT_DELETE_SIGNATURE_FROM_DB,
290 prompt = STRING_TOKEN (STR_SECURE_BOOT_DELETE_SIGNATURE),
291 help = STRING_TOKEN (STR_SECURE_BOOT_DELETE_SIGNATURE),
292 flags = INTERACTIVE,
293 key = SECUREBOOT_DELETE_SIGNATURE_FROM_DB;
294
295 endform;
296
297 //
298 // ##9 Form: 'DBX Options'
299 //
300 form formid = FORMID_SECURE_BOOT_DBX_OPTION_FORM,
301 title = STRING_TOKEN(STR_SECURE_BOOT_DBX_OPTION);
302
303 subtitle text = STRING_TOKEN(STR_NULL);
304
305 goto SECUREBOOT_ENROLL_SIGNATURE_TO_DBX,
306 prompt = STRING_TOKEN (STR_SECURE_BOOT_ENROLL_SIGNATURE),
307 help = STRING_TOKEN (STR_SECURE_BOOT_ENROLL_SIGNATURE),
308 flags = 0;
309
310 subtitle text = STRING_TOKEN(STR_NULL);
311
312 goto SECUREBOOT_DELETE_SIGNATURE_FROM_DBX,
313 prompt = STRING_TOKEN (STR_SECURE_BOOT_DELETE_SIGNATURE),
314 help = STRING_TOKEN (STR_SECURE_BOOT_DELETE_SIGNATURE),
315 flags = INTERACTIVE,
316 key = SECUREBOOT_DELETE_SIGNATURE_FROM_DBX;
317
318 endform;
319
320 //
321 // Form: 'Delete Signature' for DB Options.
322 //
323 form formid = SECUREBOOT_DELETE_SIGNATURE_FROM_DB,
324 title = STRING_TOKEN(STR_SECURE_BOOT_DELETE_SIGNATURE);
325
326 label LABEL_DB_DELETE;
327 label LABEL_END;
328 subtitle text = STRING_TOKEN(STR_NULL);
329
330 endform;
331
332 //
333 // Form: 'Delete Signature' for DBX Options.
334 //
335 form formid = SECUREBOOT_DELETE_SIGNATURE_FROM_DBX,
336 title = STRING_TOKEN(STR_SECURE_BOOT_DELETE_SIGNATURE);
337
338 label LABEL_DBX_DELETE;
339 label LABEL_END;
340 subtitle text = STRING_TOKEN(STR_NULL);
341
342 endform;
343
344 //
345 // Form: 'Enroll Signature' for DB options.
346 //
347 form formid = SECUREBOOT_ENROLL_SIGNATURE_TO_DB,
348 title = STRING_TOKEN(STR_SECURE_BOOT_ENROLL_SIGNATURE);
349
350 subtitle text = STRING_TOKEN(STR_NULL);
351
352 goto FORM_FILE_EXPLORER_ID_DB,
353 prompt = STRING_TOKEN(STR_SECURE_BOOT_ADD_SIGNATURE_FILE),
354 help = STRING_TOKEN(STR_SECURE_BOOT_ADD_SIGNATURE_FILE),
355 flags = INTERACTIVE,
356 key = SECUREBOOT_ENROLL_SIGNATURE_TO_DB;
357
358 subtitle text = STRING_TOKEN(STR_NULL);
359 label SECUREBOOT_ENROLL_SIGNATURE_TO_DB;
360 label LABEL_END;
361 subtitle text = STRING_TOKEN(STR_NULL);
362
363 string varid = SECUREBOOT_CONFIGURATION.SignatureGuid,
364 prompt = STRING_TOKEN(STR_SECURE_BOOT_SIGNATURE_GUID),
365 help = STRING_TOKEN(STR_SECURE_BOOT_SIGNATURE_GUID_HELP),
366 flags = INTERACTIVE,
367 key = KEY_SECURE_BOOT_SIGNATURE_GUID_DB,
368 minsize = SECURE_BOOT_GUID_SIZE,
369 maxsize = SECURE_BOOT_GUID_SIZE,
370 endstring;
371
372 subtitle text = STRING_TOKEN(STR_NULL);
373 subtitle text = STRING_TOKEN(STR_NULL);
374
375 goto FORMID_SECURE_BOOT_OPTION_FORM,
376 prompt = STRING_TOKEN(STR_SAVE_AND_EXIT),
377 help = STRING_TOKEN(STR_SAVE_AND_EXIT),
378 flags = INTERACTIVE,
379 key = KEY_VALUE_SAVE_AND_EXIT_DB;
380
381 goto FORMID_SECURE_BOOT_OPTION_FORM,
382 prompt = STRING_TOKEN(STR_NO_SAVE_AND_EXIT),
383 help = STRING_TOKEN(STR_NO_SAVE_AND_EXIT),
384 flags = INTERACTIVE,
385 key = KEY_VALUE_NO_SAVE_AND_EXIT_DB;
386
387 endform;
388
389 //
390 // Form: 'Enroll Signature' for DBX options.
391 //
392 form formid = SECUREBOOT_ENROLL_SIGNATURE_TO_DBX,
393 title = STRING_TOKEN(STR_SECURE_BOOT_ENROLL_SIGNATURE);
394
395 subtitle text = STRING_TOKEN(STR_NULL);
396
397 goto FORM_FILE_EXPLORER_ID_DBX,
398 prompt = STRING_TOKEN(STR_SECURE_BOOT_ADD_SIGNATURE_FILE),
399 help = STRING_TOKEN(STR_SECURE_BOOT_ADD_SIGNATURE_FILE),
400 flags = INTERACTIVE,
401 key = SECUREBOOT_ENROLL_SIGNATURE_TO_DBX;
402
403 subtitle text = STRING_TOKEN(STR_NULL);
404 label SECUREBOOT_ENROLL_SIGNATURE_TO_DBX;
405 label LABEL_END;
406 subtitle text = STRING_TOKEN(STR_NULL);
407
408 string varid = SECUREBOOT_CONFIGURATION.SignatureGuid,
409 prompt = STRING_TOKEN(STR_SECURE_BOOT_SIGNATURE_GUID),
410 help = STRING_TOKEN(STR_SECURE_BOOT_SIGNATURE_GUID_HELP),
411 flags = INTERACTIVE,
412 key = KEY_SECURE_BOOT_SIGNATURE_GUID_DBX,
413 minsize = SECURE_BOOT_GUID_SIZE,
414 maxsize = SECURE_BOOT_GUID_SIZE,
415 endstring;
416
417 subtitle text = STRING_TOKEN(STR_NULL);
418 subtitle text = STRING_TOKEN(STR_NULL);
419
420 goto FORMID_SECURE_BOOT_OPTION_FORM,
421 prompt = STRING_TOKEN(STR_SAVE_AND_EXIT),
422 help = STRING_TOKEN(STR_SAVE_AND_EXIT),
423 flags = INTERACTIVE,
424 key = KEY_VALUE_SAVE_AND_EXIT_DBX;
425
426 goto FORMID_SECURE_BOOT_OPTION_FORM,
427 prompt = STRING_TOKEN(STR_NO_SAVE_AND_EXIT),
428 help = STRING_TOKEN(STR_NO_SAVE_AND_EXIT),
429 flags = INTERACTIVE,
430 key = KEY_VALUE_NO_SAVE_AND_EXIT_DBX;
431
432 endform;
433
434 //
435 // File Explorer for PK
436 //
437 form formid = FORM_FILE_EXPLORER_ID_PK,
438 title = STRING_TOKEN(STR_FILE_EXPLORER_TITLE);
439
440 label FORM_FILE_EXPLORER_ID;
441 label LABEL_END;
442 endform;
443
444 //
445 // File Explorer for KEK
446 //
447 form formid = FORM_FILE_EXPLORER_ID_KEK,
448 title = STRING_TOKEN(STR_FILE_EXPLORER_TITLE);
449
450 label FORM_FILE_EXPLORER_ID;
451 label LABEL_END;
452 endform;
453
454 //
455 // File Explorer for DB
456 //
457 form formid = FORM_FILE_EXPLORER_ID_DB,
458 title = STRING_TOKEN(STR_FILE_EXPLORER_TITLE);
459
460 label FORM_FILE_EXPLORER_ID;
461 label LABEL_END;
462 endform;
463
464 //
465 // File Explorer for DBX
466 //
467 form formid = FORM_FILE_EXPLORER_ID_DBX,
468 title = STRING_TOKEN(STR_FILE_EXPLORER_TITLE);
469
470 label FORM_FILE_EXPLORER_ID;
471 label LABEL_END;
472 endform;
473
474
475 //
476 // Enroll Pk from File Commit Form
477 //
478 form formid = SECUREBOOT_ADD_PK_FILE_FORM_ID,
479 title = STRING_TOKEN(STR_SAVE_PK_FILE);
480
481 label SECUREBOOT_ADD_PK_FILE_FORM_ID;
482 label LABEL_END;
483
484 subtitle text = STRING_TOKEN(STR_NULL);
485
486 text
487 help = STRING_TOKEN(STR_SAVE_AND_EXIT),
488 text = STRING_TOKEN(STR_SAVE_AND_EXIT),
489 text = STRING_TOKEN(STR_NULL),
490 flags = INTERACTIVE,
491 key = KEY_VALUE_SAVE_AND_EXIT_PK;
492
493 text
494 help = STRING_TOKEN(STR_NO_SAVE_AND_EXIT),
495 text = STRING_TOKEN(STR_NO_SAVE_AND_EXIT),
496 text = STRING_TOKEN(STR_NULL),
497 flags = INTERACTIVE,
498 key = KEY_VALUE_NO_SAVE_AND_EXIT_PK;
499
500 endform;
501
502 endformset;
EFI Development Kit II mirror for PVE