2 VFR file used by the SecureBoot configuration component.
4 Copyright (c) 2011 - 2013, Intel Corporation. All rights reserved.<BR>
5 This program and the accompanying materials
6 are licensed and made available under the terms and conditions of the BSD License
7 which accompanies this distribution. The full text of the license may be found at
8 http://opensource.org/licenses/bsd-license.php
10 THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
11 WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
15 #include "SecureBootConfigNvData.h"
18 guid = SECUREBOOT_CONFIG_FORM_SET_GUID,
19 title = STRING_TOKEN(STR_SECUREBOOT_TITLE),
20 help = STRING_TOKEN(STR_SECUREBOOT_HELP),
21 classguid = EFI_HII_PLATFORM_SETUP_FORMSET_GUID,
23 varstore SECUREBOOT_CONFIGURATION,
24 varid = SECUREBOOT_CONFIGURATION_VARSTORE_ID,
25 name = SECUREBOOT_CONFIGURATION,
26 guid = SECUREBOOT_CONFIG_FORM_SET_GUID;
29 // ##1 Form "Secure Boot Configuration"
31 form formid = SECUREBOOT_CONFIGURATION_FORM_ID,
32 title = STRING_TOKEN(STR_SECUREBOOT_TITLE);
34 subtitle text = STRING_TOKEN(STR_NULL);
37 help = STRING_TOKEN(STR_SECURE_BOOT_STATE_HELP),
38 text = STRING_TOKEN(STR_SECURE_BOOT_STATE_PROMPT),
39 text = STRING_TOKEN(STR_SECURE_BOOT_STATE_CONTENT);
42 // Define of Check Box: Attempt Secure Boot
45 checkbox varid = SECUREBOOT_CONFIGURATION.HideSecureBoot,
46 questionid = KEY_HIDE_SECURE_BOOT,
47 prompt = STRING_TOKEN(STR_NULL),
48 help = STRING_TOKEN(STR_NULL),
54 // Display of Check Box: Attempt Secure Boot
56 grayoutif ideqval SECUREBOOT_CONFIGURATION.HideSecureBoot == 1;
57 checkbox varid = SECUREBOOT_CONFIGURATION.AttemptSecureBoot,
58 questionid = KEY_SECURE_BOOT_ENABLE,
59 prompt = STRING_TOKEN(STR_SECURE_BOOT_PROMPT),
60 help = STRING_TOKEN(STR_SECURE_BOOT_HELP),
61 flags = INTERACTIVE | RESET_REQUIRED,
66 // Display of Oneof: 'Secure Boot Mode'
68 oneof varid = SECUREBOOT_CONFIGURATION.SecureBootMode,
69 questionid = KEY_SECURE_BOOT_MODE,
70 prompt = STRING_TOKEN(STR_SECURE_BOOT_MODE_PROMPT),
71 help = STRING_TOKEN(STR_SECURE_BOOT_MODE_HELP),
73 option text = STRING_TOKEN(STR_STANDARD_MODE), value = SECURE_BOOT_MODE_STANDARD, flags = DEFAULT;
74 option text = STRING_TOKEN(STR_CUSTOM_MODE), value = SECURE_BOOT_MODE_CUSTOM, flags = 0;
79 // Display of 'Current Secure Boot Mode'
81 suppressif ideqval SECUREBOOT_CONFIGURATION.SecureBootMode == SECURE_BOOT_MODE_STANDARD;
82 grayoutif NOT ideqval SECUREBOOT_CONFIGURATION.PhysicalPresent == 1;
83 goto FORMID_SECURE_BOOT_OPTION_FORM,
84 prompt = STRING_TOKEN(STR_SECURE_BOOT_OPTION),
85 help = STRING_TOKEN(STR_SECURE_BOOT_OPTION_HELP),
87 key = KEY_SECURE_BOOT_OPTION;
93 // ##2 Form: 'Custom Secure Boot Options'
95 form formid = FORMID_SECURE_BOOT_OPTION_FORM,
96 title = STRING_TOKEN(STR_SECURE_BOOT_OPTION_TITLE);
98 subtitle text = STRING_TOKEN(STR_NULL);
100 goto FORMID_SECURE_BOOT_PK_OPTION_FORM,
101 prompt = STRING_TOKEN(STR_SECURE_BOOT_PK_OPTION),
102 help = STRING_TOKEN(STR_SECURE_BOOT_PK_OPTION_HELP),
104 key = KEY_SECURE_BOOT_PK_OPTION;
106 subtitle text = STRING_TOKEN(STR_NULL);
108 goto FORMID_SECURE_BOOT_KEK_OPTION_FORM,
109 prompt = STRING_TOKEN(STR_SECURE_BOOT_KEK_OPTION),
110 help = STRING_TOKEN(STR_SECURE_BOOT_KEK_OPTION_HELP),
112 key = KEY_SECURE_BOOT_KEK_OPTION;
114 subtitle text = STRING_TOKEN(STR_NULL);
116 goto FORMID_SECURE_BOOT_DB_OPTION_FORM,
117 prompt = STRING_TOKEN(STR_SECURE_BOOT_DB_OPTION),
118 help = STRING_TOKEN(STR_SECURE_BOOT_DB_OPTION_HELP),
120 key = KEY_SECURE_BOOT_DB_OPTION;
122 subtitle text = STRING_TOKEN(STR_NULL);
124 goto FORMID_SECURE_BOOT_DBX_OPTION_FORM,
125 prompt = STRING_TOKEN(STR_SECURE_BOOT_DBX_OPTION),
126 help = STRING_TOKEN(STR_SECURE_BOOT_DBX_OPTION_HELP),
128 key = KEY_SECURE_BOOT_DBX_OPTION;
133 // ##3 Form: 'PK Options'
135 form formid = FORMID_SECURE_BOOT_PK_OPTION_FORM,
136 title = STRING_TOKEN(STR_SECURE_BOOT_PK_OPTION);
138 subtitle text = STRING_TOKEN(STR_NULL);
141 // Define of Check Box: 'Delete PK'
144 checkbox varid = SECUREBOOT_CONFIGURATION.DeletePk,
145 prompt = STRING_TOKEN(STR_NULL),
146 help = STRING_TOKEN(STR_NULL),
150 grayoutif ideqval SECUREBOOT_CONFIGURATION.HasPk == 1;
151 goto FORMID_ENROLL_PK_FORM,
152 prompt = STRING_TOKEN(STR_ENROLL_PK),
153 help = STRING_TOKEN(STR_ENROLL_PK_HELP),
158 subtitle text = STRING_TOKEN(STR_NULL);
161 // Display of Check Box: 'Delete Pk'
163 grayoutif ideqval SECUREBOOT_CONFIGURATION.HideSecureBoot == 1;
164 checkbox varid = SECUREBOOT_CONFIGURATION.DeletePk,
165 questionid = KEY_SECURE_BOOT_DELETE_PK,
166 prompt = STRING_TOKEN(STR_DELETE_PK),
167 help = STRING_TOKEN(STR_DELETE_PK_HELP),
168 flags = INTERACTIVE | RESET_REQUIRED,
174 // ##4 Form: 'Enroll PK'
176 form formid = FORMID_ENROLL_PK_FORM,
177 title = STRING_TOKEN(STR_ENROLL_PK);
179 subtitle text = STRING_TOKEN(STR_NULL);
181 goto FORM_FILE_EXPLORER_ID_PK,
182 prompt = STRING_TOKEN(STR_SECURE_BOOT_ENROLL_PK_FILE),
183 help = STRING_TOKEN(STR_SECURE_BOOT_ENROLL_PK_FILE),
185 key = SECUREBOOT_ADD_PK_FILE_FORM_ID;
189 // ##5 Form: 'KEK Options'
191 form formid = FORMID_SECURE_BOOT_KEK_OPTION_FORM,
192 title = STRING_TOKEN(STR_SECURE_BOOT_KEK_OPTION);
195 // Display of 'Enroll KEK'
197 goto FORMID_ENROLL_KEK_FORM,
198 prompt = STRING_TOKEN(STR_ENROLL_KEK),
199 help = STRING_TOKEN(STR_ENROLL_KEK_HELP),
202 subtitle text = STRING_TOKEN(STR_NULL);
205 // Display of 'Delete KEK'
207 goto FORMID_DELETE_KEK_FORM,
208 prompt = STRING_TOKEN(STR_DELETE_KEK),
209 help = STRING_TOKEN(STR_DELETE_KEK_HELP),
211 key = KEY_DELETE_KEK;
213 subtitle text = STRING_TOKEN(STR_NULL);
217 // ##6 Form: 'Enroll KEK'
219 form formid = FORMID_ENROLL_KEK_FORM,
220 title = STRING_TOKEN(STR_ENROLL_KEK_TITLE);
222 subtitle text = STRING_TOKEN(STR_NULL);
224 goto FORM_FILE_EXPLORER_ID_KEK,
225 prompt = STRING_TOKEN(STR_FORM_ENROLL_KEK_FROM_FILE_TITLE),
226 help = STRING_TOKEN(STR_FORM_ENROLL_KEK_FROM_FILE_TITLE_HELP),
228 key = FORMID_ENROLL_KEK_FORM;
230 subtitle text = STRING_TOKEN(STR_NULL);
231 label FORMID_ENROLL_KEK_FORM;
233 subtitle text = STRING_TOKEN(STR_NULL);
235 string varid = SECUREBOOT_CONFIGURATION.SignatureGuid,
236 prompt = STRING_TOKEN(STR_SECURE_BOOT_SIGNATURE_GUID),
237 help = STRING_TOKEN(STR_SECURE_BOOT_SIGNATURE_GUID_HELP),
239 key = KEY_SECURE_BOOT_KEK_GUID,
240 minsize = SECURE_BOOT_GUID_SIZE,
241 maxsize = SECURE_BOOT_GUID_SIZE,
244 subtitle text = STRING_TOKEN(STR_NULL);
245 subtitle text = STRING_TOKEN(STR_NULL);
247 goto FORMID_SECURE_BOOT_OPTION_FORM,
248 prompt = STRING_TOKEN(STR_SAVE_AND_EXIT),
249 help = STRING_TOKEN(STR_SAVE_AND_EXIT),
251 key = KEY_VALUE_SAVE_AND_EXIT_KEK;
253 goto FORMID_SECURE_BOOT_OPTION_FORM,
254 prompt = STRING_TOKEN(STR_NO_SAVE_AND_EXIT),
255 help = STRING_TOKEN(STR_NO_SAVE_AND_EXIT),
257 key = KEY_VALUE_NO_SAVE_AND_EXIT_KEK;
262 // ##7 Form: 'Delete KEK'
264 form formid = FORMID_DELETE_KEK_FORM,
265 title = STRING_TOKEN(STR_DELETE_KEK_TITLE);
267 label LABEL_KEK_DELETE;
270 subtitle text = STRING_TOKEN(STR_NULL);
275 // ##8 Form: 'DB Options'
277 form formid = FORMID_SECURE_BOOT_DB_OPTION_FORM,
278 title = STRING_TOKEN(STR_SECURE_BOOT_DB_OPTION);
280 subtitle text = STRING_TOKEN(STR_NULL);
282 goto SECUREBOOT_ENROLL_SIGNATURE_TO_DB,
283 prompt = STRING_TOKEN (STR_SECURE_BOOT_ENROLL_SIGNATURE),
284 help = STRING_TOKEN (STR_SECURE_BOOT_ENROLL_SIGNATURE),
287 subtitle text = STRING_TOKEN(STR_NULL);
289 goto SECUREBOOT_DELETE_SIGNATURE_FROM_DB,
290 prompt = STRING_TOKEN (STR_SECURE_BOOT_DELETE_SIGNATURE),
291 help = STRING_TOKEN (STR_SECURE_BOOT_DELETE_SIGNATURE),
293 key = SECUREBOOT_DELETE_SIGNATURE_FROM_DB;
298 // ##9 Form: 'DBX Options'
300 form formid = FORMID_SECURE_BOOT_DBX_OPTION_FORM,
301 title = STRING_TOKEN(STR_SECURE_BOOT_DBX_OPTION);
303 subtitle text = STRING_TOKEN(STR_NULL);
305 goto SECUREBOOT_ENROLL_SIGNATURE_TO_DBX,
306 prompt = STRING_TOKEN (STR_SECURE_BOOT_ENROLL_SIGNATURE),
307 help = STRING_TOKEN (STR_SECURE_BOOT_ENROLL_SIGNATURE),
310 subtitle text = STRING_TOKEN(STR_NULL);
312 goto SECUREBOOT_DELETE_SIGNATURE_FROM_DBX,
313 prompt = STRING_TOKEN (STR_SECURE_BOOT_DELETE_SIGNATURE),
314 help = STRING_TOKEN (STR_SECURE_BOOT_DELETE_SIGNATURE),
316 key = SECUREBOOT_DELETE_SIGNATURE_FROM_DBX;
321 // Form: 'Delete Signature' for DB Options.
323 form formid = SECUREBOOT_DELETE_SIGNATURE_FROM_DB,
324 title = STRING_TOKEN(STR_SECURE_BOOT_DELETE_SIGNATURE);
326 label LABEL_DB_DELETE;
328 subtitle text = STRING_TOKEN(STR_NULL);
333 // Form: 'Delete Signature' for DBX Options.
335 form formid = SECUREBOOT_DELETE_SIGNATURE_FROM_DBX,
336 title = STRING_TOKEN(STR_SECURE_BOOT_DELETE_SIGNATURE);
338 label LABEL_DBX_DELETE;
340 subtitle text = STRING_TOKEN(STR_NULL);
345 // Form: 'Enroll Signature' for DB options.
347 form formid = SECUREBOOT_ENROLL_SIGNATURE_TO_DB,
348 title = STRING_TOKEN(STR_SECURE_BOOT_ENROLL_SIGNATURE);
350 subtitle text = STRING_TOKEN(STR_NULL);
352 goto FORM_FILE_EXPLORER_ID_DB,
353 prompt = STRING_TOKEN(STR_SECURE_BOOT_ADD_SIGNATURE_FILE),
354 help = STRING_TOKEN(STR_SECURE_BOOT_ADD_SIGNATURE_FILE),
356 key = SECUREBOOT_ENROLL_SIGNATURE_TO_DB;
358 subtitle text = STRING_TOKEN(STR_NULL);
359 label SECUREBOOT_ENROLL_SIGNATURE_TO_DB;
361 subtitle text = STRING_TOKEN(STR_NULL);
363 string varid = SECUREBOOT_CONFIGURATION.SignatureGuid,
364 prompt = STRING_TOKEN(STR_SECURE_BOOT_SIGNATURE_GUID),
365 help = STRING_TOKEN(STR_SECURE_BOOT_SIGNATURE_GUID_HELP),
367 key = KEY_SECURE_BOOT_SIGNATURE_GUID_DB,
368 minsize = SECURE_BOOT_GUID_SIZE,
369 maxsize = SECURE_BOOT_GUID_SIZE,
372 subtitle text = STRING_TOKEN(STR_NULL);
373 subtitle text = STRING_TOKEN(STR_NULL);
375 goto FORMID_SECURE_BOOT_OPTION_FORM,
376 prompt = STRING_TOKEN(STR_SAVE_AND_EXIT),
377 help = STRING_TOKEN(STR_SAVE_AND_EXIT),
379 key = KEY_VALUE_SAVE_AND_EXIT_DB;
381 goto FORMID_SECURE_BOOT_OPTION_FORM,
382 prompt = STRING_TOKEN(STR_NO_SAVE_AND_EXIT),
383 help = STRING_TOKEN(STR_NO_SAVE_AND_EXIT),
385 key = KEY_VALUE_NO_SAVE_AND_EXIT_DB;
390 // Form: 'Enroll Signature' for DBX options.
392 form formid = SECUREBOOT_ENROLL_SIGNATURE_TO_DBX,
393 title = STRING_TOKEN(STR_SECURE_BOOT_ENROLL_SIGNATURE);
395 subtitle text = STRING_TOKEN(STR_NULL);
397 goto FORM_FILE_EXPLORER_ID_DBX,
398 prompt = STRING_TOKEN(STR_SECURE_BOOT_ADD_SIGNATURE_FILE),
399 help = STRING_TOKEN(STR_SECURE_BOOT_ADD_SIGNATURE_FILE),
401 key = SECUREBOOT_ENROLL_SIGNATURE_TO_DBX;
403 subtitle text = STRING_TOKEN(STR_NULL);
404 label SECUREBOOT_ENROLL_SIGNATURE_TO_DBX;
406 subtitle text = STRING_TOKEN(STR_NULL);
408 string varid = SECUREBOOT_CONFIGURATION.SignatureGuid,
409 prompt = STRING_TOKEN(STR_SECURE_BOOT_SIGNATURE_GUID),
410 help = STRING_TOKEN(STR_SECURE_BOOT_SIGNATURE_GUID_HELP),
412 key = KEY_SECURE_BOOT_SIGNATURE_GUID_DBX,
413 minsize = SECURE_BOOT_GUID_SIZE,
414 maxsize = SECURE_BOOT_GUID_SIZE,
417 subtitle text = STRING_TOKEN(STR_NULL);
418 subtitle text = STRING_TOKEN(STR_NULL);
420 goto FORMID_SECURE_BOOT_OPTION_FORM,
421 prompt = STRING_TOKEN(STR_SAVE_AND_EXIT),
422 help = STRING_TOKEN(STR_SAVE_AND_EXIT),
424 key = KEY_VALUE_SAVE_AND_EXIT_DBX;
426 goto FORMID_SECURE_BOOT_OPTION_FORM,
427 prompt = STRING_TOKEN(STR_NO_SAVE_AND_EXIT),
428 help = STRING_TOKEN(STR_NO_SAVE_AND_EXIT),
430 key = KEY_VALUE_NO_SAVE_AND_EXIT_DBX;
435 // File Explorer for PK
437 form formid = FORM_FILE_EXPLORER_ID_PK,
438 title = STRING_TOKEN(STR_FILE_EXPLORER_TITLE);
440 label FORM_FILE_EXPLORER_ID;
445 // File Explorer for KEK
447 form formid = FORM_FILE_EXPLORER_ID_KEK,
448 title = STRING_TOKEN(STR_FILE_EXPLORER_TITLE);
450 label FORM_FILE_EXPLORER_ID;
455 // File Explorer for DB
457 form formid = FORM_FILE_EXPLORER_ID_DB,
458 title = STRING_TOKEN(STR_FILE_EXPLORER_TITLE);
460 label FORM_FILE_EXPLORER_ID;
465 // File Explorer for DBX
467 form formid = FORM_FILE_EXPLORER_ID_DBX,
468 title = STRING_TOKEN(STR_FILE_EXPLORER_TITLE);
470 label FORM_FILE_EXPLORER_ID;
476 // Enroll Pk from File Commit Form
478 form formid = SECUREBOOT_ADD_PK_FILE_FORM_ID,
479 title = STRING_TOKEN(STR_SAVE_PK_FILE);
481 label SECUREBOOT_ADD_PK_FILE_FORM_ID;
484 subtitle text = STRING_TOKEN(STR_NULL);
487 help = STRING_TOKEN(STR_SAVE_AND_EXIT),
488 text = STRING_TOKEN(STR_SAVE_AND_EXIT),
489 text = STRING_TOKEN(STR_NULL),
491 key = KEY_VALUE_SAVE_AND_EXIT_PK;
494 help = STRING_TOKEN(STR_NO_SAVE_AND_EXIT),
495 text = STRING_TOKEN(STR_NO_SAVE_AND_EXIT),
496 text = STRING_TOKEN(STR_NULL),
498 key = KEY_VALUE_NO_SAVE_AND_EXIT_PK;