]> git.proxmox.com Git - mirror_edk2.git/blob - SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfig.vfr
projects / mirror_edk2.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
SecurityPkg: SecureBootConfigDxe: SecureBoot UI for Customized SecureBoot Mode
[mirror_edk2.git] / SecurityPkg / VariableAuthenticated / SecureBootConfigDxe / SecureBootConfig.vfr
1 /** @file
2 VFR file used by the SecureBoot configuration component.
3
4 Copyright (c) 2011 - 2015, Intel Corporation. All rights reserved.<BR>
5 This program and the accompanying materials
6 are licensed and made available under the terms and conditions of the BSD License
7 which accompanies this distribution. The full text of the license may be found at
8 http://opensource.org/licenses/bsd-license.php
9
10 THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
11 WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
12
13 **/
14
15 #include "SecureBootConfigNvData.h"
16
17 formset
18 guid = SECUREBOOT_CONFIG_FORM_SET_GUID,
19 title = STRING_TOKEN(STR_SECUREBOOT_TITLE),
20 help = STRING_TOKEN(STR_SECUREBOOT_HELP),
21 classguid = EFI_HII_PLATFORM_SETUP_FORMSET_GUID,
22
23 varstore SECUREBOOT_CONFIGURATION,
24 varid = SECUREBOOT_CONFIGURATION_VARSTORE_ID,
25 name = SECUREBOOT_CONFIGURATION,
26 guid = SECUREBOOT_CONFIG_FORM_SET_GUID;
27
28 //
29 // ##1 Form "Secure Boot Configuration"
30 //
31 form formid = SECUREBOOT_CONFIGURATION_FORM_ID,
32 title = STRING_TOKEN(STR_SECUREBOOT_TITLE);
33
34 subtitle text = STRING_TOKEN(STR_NULL);
35
36 //
37 // Display current secure boot mode(one of SetupMode/AuditMode/UserMode/DeployedMode)
38 //
39 text
40 help = STRING_TOKEN(STR_CUR_SECURE_BOOT_MODE_HELP),
41 text = STRING_TOKEN(STR_CUR_SECURE_BOOT_MODE_PROMPT),
42 text = STRING_TOKEN(STR_CUR_SECURE_BOOT_MODE_CONTENT);
43
44 text
45 help = STRING_TOKEN(STR_SECURE_BOOT_STATE_HELP),
46 text = STRING_TOKEN(STR_SECURE_BOOT_STATE_PROMPT),
47 text = STRING_TOKEN(STR_SECURE_BOOT_STATE_CONTENT);
48
49 //
50 // Define of Check Box: Attempt Secure Boot
51 //
52 suppressif TRUE;
53 checkbox varid = SECUREBOOT_CONFIGURATION.HideSecureBoot,
54 questionid = KEY_HIDE_SECURE_BOOT,
55 prompt = STRING_TOKEN(STR_NULL),
56 help = STRING_TOKEN(STR_NULL),
57 flags = INTERACTIVE,
58 endcheckbox;
59 endif;
60
61 //
62 // Display of Check Box: Attempt Secure Boot
63 //
64 grayoutif ideqval SECUREBOOT_CONFIGURATION.HideSecureBoot == 1;
65 checkbox varid = SECUREBOOT_CONFIGURATION.AttemptSecureBoot,
66 questionid = KEY_SECURE_BOOT_ENABLE,
67 prompt = STRING_TOKEN(STR_SECURE_BOOT_PROMPT),
68 help = STRING_TOKEN(STR_SECURE_BOOT_HELP),
69 flags = INTERACTIVE | RESET_REQUIRED,
70 endcheckbox;
71 endif;
72
73 //
74 // Display of Oneof: 'Secure Boot Mode'
75 //
76 disableif TRUE;
77 oneof varid = SECUREBOOT_CONFIGURATION.SecureBootMode,
78 prompt = STRING_TOKEN(STR_SECURE_BOOT_MODE_PROMPT),
79 help = STRING_TOKEN(STR_SECURE_BOOT_MODE_HELP),
80 flags = INTERACTIVE,
81 option text = STRING_TOKEN(STR_STANDARD_MODE), value = SECURE_BOOT_MODE_STANDARD, flags = 0;
82 option text = STRING_TOKEN(STR_CUSTOM_MODE), value = SECURE_BOOT_MODE_CUSTOM, flags = 0;
83 endoneof;
84 endif;
85 oneof name = SecureBootMode,
86 questionid = KEY_SECURE_BOOT_MODE,
87 prompt = STRING_TOKEN(STR_SECURE_BOOT_MODE_PROMPT),
88 help = STRING_TOKEN(STR_SECURE_BOOT_MODE_HELP),
89 flags = INTERACTIVE | NUMERIC_SIZE_1,
90 option text = STRING_TOKEN(STR_STANDARD_MODE), value = SECURE_BOOT_MODE_STANDARD, flags = DEFAULT;
91 option text = STRING_TOKEN(STR_CUSTOM_MODE), value = SECURE_BOOT_MODE_CUSTOM, flags = 0;
92 endoneof;
93
94 //
95 // Display PK include page
96 //
97 suppressif questionref(SecureBootMode) == SECURE_BOOT_MODE_STANDARD;
98 grayoutif NOT ideqval SECUREBOOT_CONFIGURATION.PhysicalPresent == 1;
99 goto FORMID_SECURE_BOOT_OPTION_FORM,
100 prompt = STRING_TOKEN(STR_SECURE_BOOT_OPTION),
101 help = STRING_TOKEN(STR_SECURE_BOOT_OPTION_HELP),
102 flags = INTERACTIVE,
103 key = KEY_SECURE_BOOT_OPTION;
104 endif;
105 endif;
106
107 endform;
108
109 //
110 // ##2 Form: 'Custom Secure Boot Options'
111 //
112 form formid = FORMID_SECURE_BOOT_OPTION_FORM,
113 title = STRING_TOKEN(STR_SECURE_BOOT_OPTION_TITLE);
114
115 subtitle text = STRING_TOKEN(STR_NULL);
116
117 //
118 // Display of SetupMode/UserMode/AuditMode/DeployedMode transition
119 //
120 disableif TRUE;
121 oneof varid = SECUREBOOT_CONFIGURATION.TransSecureBootMode,
122 prompt = STRING_TOKEN(STR_TRANS_SECURE_BOOT_MODE_PROMPT),
123 help = STRING_TOKEN(STR_TRANS_SECURE_BOOT_MODE_HELP),
124 flags = INTERACTIVE,
125 suppressif ideqval SECUREBOOT_CONFIGURATION.CurSecureBootMode == SECURE_BOOT_MODE_AUDIT_MODE
126 OR (ideqval SECUREBOOT_CONFIGURATION.CurSecureBootMode == SECURE_BOOT_MODE_DEPLOYED_MODE AND
127 ideqval SECUREBOOT_CONFIGURATION.PhysicalPresent == 0);
128 option text = STRING_TOKEN(STR_USER_MODE), value = SECURE_BOOT_MODE_USER_MODE, flags = 0;
129 endif
130 suppressif ideqval SECUREBOOT_CONFIGURATION.CurSecureBootMode == SECURE_BOOT_MODE_AUDIT_MODE;
131 option text = STRING_TOKEN(STR_SETUP_MODE), value = SECURE_BOOT_MODE_SETUP_MODE, flags = 0;
132 endif
133 suppressif ideqval SECUREBOOT_CONFIGURATION.CurSecureBootMode == SECURE_BOOT_MODE_DEPLOYED_MODE;
134 option text = STRING_TOKEN(STR_AUDIT_MODE), value = SECURE_BOOT_MODE_AUDIT_MODE, flags = 0;
135 endif
136 suppressif ideqval SECUREBOOT_CONFIGURATION.CurSecureBootMode == SECURE_BOOT_MODE_SETUP_MODE;
137 option text = STRING_TOKEN(STR_DEPLOYED_MODE), value = SECURE_BOOT_MODE_DEPLOYED_MODE, flags = 0;
138 endif
139 option text = STRING_TOKEN(STR_DEPLOYED_MODE), value = 4, flags = 0;
140 endoneof;
141 endif;
142 oneof name = TransSecureBootMode,
143 questionid = KEY_TRANS_SECURE_BOOT_MODE,
144 prompt = STRING_TOKEN(STR_TRANS_SECURE_BOOT_MODE_PROMPT),
145 help = STRING_TOKEN(STR_TRANS_SECURE_BOOT_MODE_HELP),
146 flags = INTERACTIVE | NUMERIC_SIZE_1,
147 suppressif ideqval SECUREBOOT_CONFIGURATION.CurSecureBootMode == SECURE_BOOT_MODE_AUDIT_MODE
148 OR (ideqval SECUREBOOT_CONFIGURATION.CurSecureBootMode == SECURE_BOOT_MODE_DEPLOYED_MODE AND
149 ideqval SECUREBOOT_CONFIGURATION.PhysicalPresent == 0);
150 option text = STRING_TOKEN(STR_USER_MODE), value = SECURE_BOOT_MODE_USER_MODE, flags = 0;
151 endif
152 suppressif ideqval SECUREBOOT_CONFIGURATION.CurSecureBootMode == SECURE_BOOT_MODE_AUDIT_MODE;
153 option text = STRING_TOKEN(STR_SETUP_MODE), value = SECURE_BOOT_MODE_SETUP_MODE, flags = 0;
154 endif
155 suppressif ideqval SECUREBOOT_CONFIGURATION.CurSecureBootMode == SECURE_BOOT_MODE_DEPLOYED_MODE;
156 option text = STRING_TOKEN(STR_AUDIT_MODE), value = SECURE_BOOT_MODE_AUDIT_MODE, flags = 0;
157 endif
158 suppressif ideqval SECUREBOOT_CONFIGURATION.CurSecureBootMode == SECURE_BOOT_MODE_SETUP_MODE;
159 option text = STRING_TOKEN(STR_DEPLOYED_MODE), value = SECURE_BOOT_MODE_DEPLOYED_MODE, flags = 0;
160 endif
161
162 endoneof;
163
164 subtitle text = STRING_TOKEN(STR_NULL);
165
166 goto FORMID_SECURE_BOOT_PK_OPTION_FORM,
167 prompt = STRING_TOKEN(STR_SECURE_BOOT_PK_OPTION),
168 help = STRING_TOKEN(STR_SECURE_BOOT_PK_OPTION_HELP),
169 flags = INTERACTIVE,
170 key = KEY_SECURE_BOOT_PK_OPTION;
171
172 subtitle text = STRING_TOKEN(STR_NULL);
173
174 goto FORMID_SECURE_BOOT_KEK_OPTION_FORM,
175 prompt = STRING_TOKEN(STR_SECURE_BOOT_KEK_OPTION),
176 help = STRING_TOKEN(STR_SECURE_BOOT_KEK_OPTION_HELP),
177 flags = INTERACTIVE,
178 key = KEY_SECURE_BOOT_KEK_OPTION;
179
180 subtitle text = STRING_TOKEN(STR_NULL);
181
182 goto FORMID_SECURE_BOOT_DB_OPTION_FORM,
183 prompt = STRING_TOKEN(STR_SECURE_BOOT_DB_OPTION),
184 help = STRING_TOKEN(STR_SECURE_BOOT_DB_OPTION_HELP),
185 flags = INTERACTIVE,
186 key = KEY_SECURE_BOOT_DB_OPTION;
187
188 subtitle text = STRING_TOKEN(STR_NULL);
189
190 goto FORMID_SECURE_BOOT_DBX_OPTION_FORM,
191 prompt = STRING_TOKEN(STR_SECURE_BOOT_DBX_OPTION),
192 help = STRING_TOKEN(STR_SECURE_BOOT_DBX_OPTION_HELP),
193 flags = INTERACTIVE,
194 key = KEY_SECURE_BOOT_DBX_OPTION;
195
196 subtitle text = STRING_TOKEN(STR_NULL);
197
198 goto FORMID_SECURE_BOOT_DBT_OPTION_FORM,
199 prompt = STRING_TOKEN(STR_SECURE_BOOT_DBT_OPTION),
200 help = STRING_TOKEN(STR_SECURE_BOOT_DBT_OPTION_HELP),
201 flags = INTERACTIVE,
202 key = KEY_SECURE_BOOT_DBT_OPTION;
203
204 endform;
205
206 //
207 // ##3 Form: 'PK Options'
208 //
209 form formid = FORMID_SECURE_BOOT_PK_OPTION_FORM,
210 title = STRING_TOKEN(STR_SECURE_BOOT_PK_OPTION);
211
212 subtitle text = STRING_TOKEN(STR_NULL);
213
214 //
215 // Define of Check Box: 'Delete PK'
216 //
217 suppressif TRUE;
218 checkbox varid = SECUREBOOT_CONFIGURATION.DeletePk,
219 prompt = STRING_TOKEN(STR_NULL),
220 help = STRING_TOKEN(STR_NULL),
221 endcheckbox;
222 endif;
223
224 grayoutif ideqval SECUREBOOT_CONFIGURATION.HasPk == 1;
225 goto FORMID_ENROLL_PK_FORM,
226 prompt = STRING_TOKEN(STR_ENROLL_PK),
227 help = STRING_TOKEN(STR_ENROLL_PK_HELP),
228 flags = INTERACTIVE,
229 key = KEY_ENROLL_PK;
230 endif;
231
232 subtitle text = STRING_TOKEN(STR_NULL);
233
234 //
235 // Display of Check Box: 'Delete Pk'
236 //
237 grayoutif ideqval SECUREBOOT_CONFIGURATION.HideSecureBoot == 1;
238 checkbox varid = SECUREBOOT_CONFIGURATION.DeletePk,
239 questionid = KEY_SECURE_BOOT_DELETE_PK,
240 prompt = STRING_TOKEN(STR_DELETE_PK),
241 help = STRING_TOKEN(STR_DELETE_PK_HELP),
242 flags = INTERACTIVE | RESET_REQUIRED,
243 endcheckbox;
244 endif;
245 endform;
246
247 //
248 // ##4 Form: 'Enroll PK'
249 //
250 form formid = FORMID_ENROLL_PK_FORM,
251 title = STRING_TOKEN(STR_ENROLL_PK);
252
253 subtitle text = STRING_TOKEN(STR_NULL);
254
255 goto FORM_FILE_EXPLORER_ID_PK,
256 prompt = STRING_TOKEN(STR_SECURE_BOOT_ENROLL_PK_FILE),
257 help = STRING_TOKEN(STR_SECURE_BOOT_ENROLL_PK_FILE),
258 flags = INTERACTIVE,
259 key = SECUREBOOT_ADD_PK_FILE_FORM_ID;
260 endform;
261
262 //
263 // ##5 Form: 'KEK Options'
264 //
265 form formid = FORMID_SECURE_BOOT_KEK_OPTION_FORM,
266 title = STRING_TOKEN(STR_SECURE_BOOT_KEK_OPTION);
267
268 //
269 // Display of 'Enroll KEK'
270 //
271 goto FORMID_ENROLL_KEK_FORM,
272 prompt = STRING_TOKEN(STR_ENROLL_KEK),
273 help = STRING_TOKEN(STR_ENROLL_KEK_HELP),
274 flags = INTERACTIVE;
275
276 subtitle text = STRING_TOKEN(STR_NULL);
277
278 //
279 // Display of 'Delete KEK'
280 //
281 goto FORMID_DELETE_KEK_FORM,
282 prompt = STRING_TOKEN(STR_DELETE_KEK),
283 help = STRING_TOKEN(STR_DELETE_KEK_HELP),
284 flags = INTERACTIVE,
285 key = KEY_DELETE_KEK;
286
287 subtitle text = STRING_TOKEN(STR_NULL);
288 endform;
289
290 //
291 // ##6 Form: 'Enroll KEK'
292 //
293 form formid = FORMID_ENROLL_KEK_FORM,
294 title = STRING_TOKEN(STR_ENROLL_KEK_TITLE);
295
296 subtitle text = STRING_TOKEN(STR_NULL);
297
298 goto FORM_FILE_EXPLORER_ID_KEK,
299 prompt = STRING_TOKEN(STR_FORM_ENROLL_KEK_FROM_FILE_TITLE),
300 help = STRING_TOKEN(STR_FORM_ENROLL_KEK_FROM_FILE_TITLE_HELP),
301 flags = INTERACTIVE,
302 key = FORMID_ENROLL_KEK_FORM;
303
304 subtitle text = STRING_TOKEN(STR_NULL);
305 label FORMID_ENROLL_KEK_FORM;
306 label LABEL_END;
307 subtitle text = STRING_TOKEN(STR_NULL);
308
309 string varid = SECUREBOOT_CONFIGURATION.SignatureGuid,
310 prompt = STRING_TOKEN(STR_SECURE_BOOT_SIGNATURE_GUID),
311 help = STRING_TOKEN(STR_SECURE_BOOT_SIGNATURE_GUID_HELP),
312 flags = INTERACTIVE,
313 key = KEY_SECURE_BOOT_KEK_GUID,
314 minsize = SECURE_BOOT_GUID_SIZE,
315 maxsize = SECURE_BOOT_GUID_SIZE,
316 endstring;
317
318 subtitle text = STRING_TOKEN(STR_NULL);
319 subtitle text = STRING_TOKEN(STR_NULL);
320
321 goto FORMID_SECURE_BOOT_OPTION_FORM,
322 prompt = STRING_TOKEN(STR_SAVE_AND_EXIT),
323 help = STRING_TOKEN(STR_SAVE_AND_EXIT),
324 flags = INTERACTIVE,
325 key = KEY_VALUE_SAVE_AND_EXIT_KEK;
326
327 goto FORMID_SECURE_BOOT_OPTION_FORM,
328 prompt = STRING_TOKEN(STR_NO_SAVE_AND_EXIT),
329 help = STRING_TOKEN(STR_NO_SAVE_AND_EXIT),
330 flags = INTERACTIVE,
331 key = KEY_VALUE_NO_SAVE_AND_EXIT_KEK;
332
333 endform;
334
335 //
336 // ##7 Form: 'Delete KEK'
337 //
338 form formid = FORMID_DELETE_KEK_FORM,
339 title = STRING_TOKEN(STR_DELETE_KEK_TITLE);
340
341 label LABEL_KEK_DELETE;
342 label LABEL_END;
343
344 subtitle text = STRING_TOKEN(STR_NULL);
345
346 endform;
347
348 //
349 // ##8 Form: 'DB Options'
350 //
351 form formid = FORMID_SECURE_BOOT_DB_OPTION_FORM,
352 title = STRING_TOKEN(STR_SECURE_BOOT_DB_OPTION);
353
354 subtitle text = STRING_TOKEN(STR_NULL);
355
356 goto SECUREBOOT_ENROLL_SIGNATURE_TO_DB,
357 prompt = STRING_TOKEN (STR_SECURE_BOOT_ENROLL_SIGNATURE),
358 help = STRING_TOKEN (STR_SECURE_BOOT_ENROLL_SIGNATURE),
359 flags = 0;
360
361 subtitle text = STRING_TOKEN(STR_NULL);
362
363 goto SECUREBOOT_DELETE_SIGNATURE_FROM_DB,
364 prompt = STRING_TOKEN (STR_SECURE_BOOT_DELETE_SIGNATURE),
365 help = STRING_TOKEN (STR_SECURE_BOOT_DELETE_SIGNATURE),
366 flags = INTERACTIVE,
367 key = SECUREBOOT_DELETE_SIGNATURE_FROM_DB;
368
369 endform;
370
371 //
372 // ##9 Form: 'DBX Options'
373 //
374 form formid = FORMID_SECURE_BOOT_DBX_OPTION_FORM,
375 title = STRING_TOKEN(STR_SECURE_BOOT_DBX_OPTION);
376
377 subtitle text = STRING_TOKEN(STR_NULL);
378
379 goto SECUREBOOT_ENROLL_SIGNATURE_TO_DBX,
380 prompt = STRING_TOKEN (STR_SECURE_BOOT_ENROLL_SIGNATURE),
381 help = STRING_TOKEN (STR_SECURE_BOOT_ENROLL_SIGNATURE),
382 flags = 0;
383
384 subtitle text = STRING_TOKEN(STR_NULL);
385
386 goto SECUREBOOT_DELETE_SIGNATURE_FROM_DBX,
387 prompt = STRING_TOKEN (STR_SECURE_BOOT_DELETE_SIGNATURE),
388 help = STRING_TOKEN (STR_SECURE_BOOT_DELETE_SIGNATURE),
389 flags = INTERACTIVE,
390 key = SECUREBOOT_DELETE_SIGNATURE_FROM_DBX;
391
392 endform;
393
394 //
395 // ##9 Form: 'DBT Options'
396 //
397 form formid = FORMID_SECURE_BOOT_DBT_OPTION_FORM,
398 title = STRING_TOKEN(STR_SECURE_BOOT_DBT_OPTION);
399
400 subtitle text = STRING_TOKEN(STR_NULL);
401
402 goto SECUREBOOT_ENROLL_SIGNATURE_TO_DBT,
403 prompt = STRING_TOKEN (STR_SECURE_BOOT_ENROLL_SIGNATURE),
404 help = STRING_TOKEN (STR_SECURE_BOOT_ENROLL_SIGNATURE),
405 flags = 0;
406
407 subtitle text = STRING_TOKEN(STR_NULL);
408
409 goto SECUREBOOT_DELETE_SIGNATURE_FROM_DBT,
410 prompt = STRING_TOKEN (STR_SECURE_BOOT_DELETE_SIGNATURE),
411 help = STRING_TOKEN (STR_SECURE_BOOT_DELETE_SIGNATURE),
412 flags = INTERACTIVE,
413 key = SECUREBOOT_DELETE_SIGNATURE_FROM_DBT;
414
415 endform;
416
417 //
418 // Form: 'Delete Signature' for DB Options.
419 //
420 form formid = SECUREBOOT_DELETE_SIGNATURE_FROM_DB,
421 title = STRING_TOKEN(STR_SECURE_BOOT_DELETE_SIGNATURE);
422
423 label LABEL_DB_DELETE;
424 label LABEL_END;
425 subtitle text = STRING_TOKEN(STR_NULL);
426
427 endform;
428
429 //
430 // Form: 'Delete Signature' for DBX Options.
431 //
432 form formid = SECUREBOOT_DELETE_SIGNATURE_FROM_DBX,
433 title = STRING_TOKEN(STR_SECURE_BOOT_DELETE_SIGNATURE);
434
435 label LABEL_DBX_DELETE;
436 label LABEL_END;
437 subtitle text = STRING_TOKEN(STR_NULL);
438
439 endform;
440
441 //
442 // Form: 'Delete Signature' for DBT Options.
443 //
444 form formid = SECUREBOOT_DELETE_SIGNATURE_FROM_DBT,
445 title = STRING_TOKEN(STR_SECURE_BOOT_DELETE_SIGNATURE);
446
447 label LABEL_DBT_DELETE;
448 label LABEL_END;
449 subtitle text = STRING_TOKEN(STR_NULL);
450
451 endform;
452
453 //
454 // Form: 'Enroll Signature' for DB options.
455 //
456 form formid = SECUREBOOT_ENROLL_SIGNATURE_TO_DB,
457 title = STRING_TOKEN(STR_SECURE_BOOT_ENROLL_SIGNATURE);
458
459 subtitle text = STRING_TOKEN(STR_NULL);
460
461 goto FORM_FILE_EXPLORER_ID_DB,
462 prompt = STRING_TOKEN(STR_SECURE_BOOT_ADD_SIGNATURE_FILE),
463 help = STRING_TOKEN(STR_SECURE_BOOT_ADD_SIGNATURE_FILE),
464 flags = INTERACTIVE,
465 key = SECUREBOOT_ENROLL_SIGNATURE_TO_DB;
466
467 subtitle text = STRING_TOKEN(STR_NULL);
468 label SECUREBOOT_ENROLL_SIGNATURE_TO_DB;
469 label LABEL_END;
470 subtitle text = STRING_TOKEN(STR_NULL);
471
472 string varid = SECUREBOOT_CONFIGURATION.SignatureGuid,
473 prompt = STRING_TOKEN(STR_SECURE_BOOT_SIGNATURE_GUID),
474 help = STRING_TOKEN(STR_SECURE_BOOT_SIGNATURE_GUID_HELP),
475 flags = INTERACTIVE,
476 key = KEY_SECURE_BOOT_SIGNATURE_GUID_DB,
477 minsize = SECURE_BOOT_GUID_SIZE,
478 maxsize = SECURE_BOOT_GUID_SIZE,
479 endstring;
480
481 subtitle text = STRING_TOKEN(STR_NULL);
482 subtitle text = STRING_TOKEN(STR_NULL);
483
484 goto FORMID_SECURE_BOOT_OPTION_FORM,
485 prompt = STRING_TOKEN(STR_SAVE_AND_EXIT),
486 help = STRING_TOKEN(STR_SAVE_AND_EXIT),
487 flags = INTERACTIVE,
488 key = KEY_VALUE_SAVE_AND_EXIT_DB;
489
490 goto FORMID_SECURE_BOOT_OPTION_FORM,
491 prompt = STRING_TOKEN(STR_NO_SAVE_AND_EXIT),
492 help = STRING_TOKEN(STR_NO_SAVE_AND_EXIT),
493 flags = INTERACTIVE,
494 key = KEY_VALUE_NO_SAVE_AND_EXIT_DB;
495
496 endform;
497
498 //
499 // Form: 'Enroll Signature' for DBX options.
500 //
501 form formid = SECUREBOOT_ENROLL_SIGNATURE_TO_DBX,
502 title = STRING_TOKEN(STR_SECURE_BOOT_ENROLL_SIGNATURE);
503
504 subtitle text = STRING_TOKEN(STR_NULL);
505
506 goto FORM_FILE_EXPLORER_ID_DBX,
507 prompt = STRING_TOKEN(STR_SECURE_BOOT_ADD_SIGNATURE_FILE),
508 help = STRING_TOKEN(STR_SECURE_BOOT_ADD_SIGNATURE_FILE),
509 flags = INTERACTIVE,
510 key = SECUREBOOT_ENROLL_SIGNATURE_TO_DBX;
511
512 label SECUREBOOT_ENROLL_SIGNATURE_TO_DBX;
513 label LABEL_END;
514 subtitle text = STRING_TOKEN(STR_NULL);
515
516 string varid = SECUREBOOT_CONFIGURATION.SignatureGuid,
517 prompt = STRING_TOKEN(STR_SECURE_BOOT_SIGNATURE_GUID),
518 help = STRING_TOKEN(STR_SECURE_BOOT_SIGNATURE_GUID_HELP),
519 flags = INTERACTIVE,
520 key = KEY_SECURE_BOOT_SIGNATURE_GUID_DBX,
521 minsize = SECURE_BOOT_GUID_SIZE,
522 maxsize = SECURE_BOOT_GUID_SIZE,
523 endstring;
524
525 oneof name = SignatureFormatInDbx,
526 varid = SECUREBOOT_CONFIGURATION.CertificateFormat,
527 prompt = STRING_TOKEN(STR_DBX_CERTIFICATE_FORMAT_PROMPT),
528 help = STRING_TOKEN(STR_DBX_CERTIFICATE_FORMAT_HELP),
529 option text = STRING_TOKEN(STR_DBX_CERTIFICATE_FORMAT_SHA256), value = 0x2, flags = DEFAULT;
530 option text = STRING_TOKEN(STR_DBX_CERTIFICATE_FORMAT_SHA384), value = 0x3, flags = 0;
531 option text = STRING_TOKEN(STR_DBX_CERTIFICATE_FORMAT_SHA512), value = 0x4, flags = 0;
532 option text = STRING_TOKEN(STR_DBX_CERTIFICATE_FORMAT_RAW), value = 0x5, flags = 0;
533 endoneof;
534
535 suppressif ideqval SECUREBOOT_CONFIGURATION.CertificateFormat == 5;
536 checkbox varid = SECUREBOOT_CONFIGURATION.AlwaysRevocation,
537 prompt = STRING_TOKEN(STR_ALWAYS_CERTIFICATE_REVOCATION_PROMPT),
538 help = STRING_TOKEN(STR_ALWAYS_CERTIFICATE_REVOCATION_HELP),
539 flags = INTERACTIVE,
540 endcheckbox;
541
542 suppressif ideqval SECUREBOOT_CONFIGURATION.AlwaysRevocation == 1;
543 date varid = SECUREBOOT_CONFIGURATION.RevocationDate,
544 prompt = STRING_TOKEN(STR_CERTIFICATE_REVOCATION_DATE_PROMPT),
545 help = STRING_TOKEN(STR_CERTIFICATE_REVOCATION_DATE_HELP),
546 flags = STORAGE_NORMAL,
547 enddate;
548
549 time varid = SECUREBOOT_CONFIGURATION.RevocationTime,
550 prompt = STRING_TOKEN(STR_CERTIFICATE_REVOCATION_TIME_PROMPT),
551 help = STRING_TOKEN(STR_CERTIFICATE_REVOCATION_TIME_HELP),
552 flags = STORAGE_NORMAL,
553 endtime;
554 endif;
555 endif;
556
557 subtitle text = STRING_TOKEN(STR_NULL);
558 subtitle text = STRING_TOKEN(STR_NULL);
559
560 goto FORMID_SECURE_BOOT_OPTION_FORM,
561 prompt = STRING_TOKEN(STR_SAVE_AND_EXIT),
562 help = STRING_TOKEN(STR_SAVE_AND_EXIT),
563 flags = INTERACTIVE,
564 key = KEY_VALUE_SAVE_AND_EXIT_DBX;
565
566 goto FORMID_SECURE_BOOT_OPTION_FORM,
567 prompt = STRING_TOKEN(STR_NO_SAVE_AND_EXIT),
568 help = STRING_TOKEN(STR_NO_SAVE_AND_EXIT),
569 flags = INTERACTIVE,
570 key = KEY_VALUE_NO_SAVE_AND_EXIT_DBX;
571
572 endform;
573
574 //
575 // Form: 'Enroll Signature' for DBT options.
576 //
577 form formid = SECUREBOOT_ENROLL_SIGNATURE_TO_DBT,
578 title = STRING_TOKEN(STR_SECURE_BOOT_ENROLL_SIGNATURE);
579
580 subtitle text = STRING_TOKEN(STR_NULL);
581
582 goto FORM_FILE_EXPLORER_ID_DBT,
583 prompt = STRING_TOKEN(STR_SECURE_BOOT_ADD_SIGNATURE_FILE),
584 help = STRING_TOKEN(STR_SECURE_BOOT_ADD_SIGNATURE_FILE),
585 flags = INTERACTIVE,
586 key = SECUREBOOT_ENROLL_SIGNATURE_TO_DBT;
587
588 subtitle text = STRING_TOKEN(STR_NULL);
589 label SECUREBOOT_ENROLL_SIGNATURE_TO_DBT;
590 label LABEL_END;
591 subtitle text = STRING_TOKEN(STR_NULL);
592
593 string varid = SECUREBOOT_CONFIGURATION.SignatureGuid,
594 prompt = STRING_TOKEN(STR_SECURE_BOOT_SIGNATURE_GUID),
595 help = STRING_TOKEN(STR_SECURE_BOOT_SIGNATURE_GUID_HELP),
596 flags = INTERACTIVE,
597 key = KEY_SECURE_BOOT_SIGNATURE_GUID_DBT,
598 minsize = SECURE_BOOT_GUID_SIZE,
599 maxsize = SECURE_BOOT_GUID_SIZE,
600 endstring;
601
602 subtitle text = STRING_TOKEN(STR_NULL);
603 subtitle text = STRING_TOKEN(STR_NULL);
604
605 goto FORMID_SECURE_BOOT_OPTION_FORM,
606 prompt = STRING_TOKEN(STR_SAVE_AND_EXIT),
607 help = STRING_TOKEN(STR_SAVE_AND_EXIT),
608 flags = INTERACTIVE,
609 key = KEY_VALUE_SAVE_AND_EXIT_DBT;
610
611 goto FORMID_SECURE_BOOT_OPTION_FORM,
612 prompt = STRING_TOKEN(STR_NO_SAVE_AND_EXIT),
613 help = STRING_TOKEN(STR_NO_SAVE_AND_EXIT),
614 flags = INTERACTIVE,
615 key = KEY_VALUE_NO_SAVE_AND_EXIT_DBT;
616
617 endform;
618
619 //
620 // File Explorer for PK
621 //
622 form formid = FORM_FILE_EXPLORER_ID_PK,
623 title = STRING_TOKEN(STR_FILE_EXPLORER_TITLE);
624
625 label FORM_FILE_EXPLORER_ID;
626 label LABEL_END;
627 endform;
628
629 //
630 // File Explorer for KEK
631 //
632 form formid = FORM_FILE_EXPLORER_ID_KEK,
633 title = STRING_TOKEN(STR_FILE_EXPLORER_TITLE);
634
635 label FORM_FILE_EXPLORER_ID;
636 label LABEL_END;
637 endform;
638
639 //
640 // File Explorer for DB
641 //
642 form formid = FORM_FILE_EXPLORER_ID_DB,
643 title = STRING_TOKEN(STR_FILE_EXPLORER_TITLE);
644
645 label FORM_FILE_EXPLORER_ID;
646 label LABEL_END;
647 endform;
648
649 //
650 // File Explorer for DBX
651 //
652 form formid = FORM_FILE_EXPLORER_ID_DBX,
653 title = STRING_TOKEN(STR_FILE_EXPLORER_TITLE);
654
655 label FORM_FILE_EXPLORER_ID;
656 label LABEL_END;
657 endform;
658
659 //
660 // File Explorer for DBT
661 //
662 form formid = FORM_FILE_EXPLORER_ID_DBT,
663 title = STRING_TOKEN(STR_FILE_EXPLORER_TITLE);
664
665 label FORM_FILE_EXPLORER_ID;
666 label LABEL_END;
667 endform;
668
669 //
670 // Enroll Pk from File Commit Form
671 //
672 form formid = SECUREBOOT_ADD_PK_FILE_FORM_ID,
673 title = STRING_TOKEN(STR_SAVE_PK_FILE);
674
675 label SECUREBOOT_ADD_PK_FILE_FORM_ID;
676 label LABEL_END;
677
678 subtitle text = STRING_TOKEN(STR_NULL);
679
680 text
681 help = STRING_TOKEN(STR_SAVE_AND_EXIT),
682 text = STRING_TOKEN(STR_SAVE_AND_EXIT),
683 text = STRING_TOKEN(STR_NULL),
684 flags = INTERACTIVE,
685 key = KEY_VALUE_SAVE_AND_EXIT_PK;
686
687 text
688 help = STRING_TOKEN(STR_NO_SAVE_AND_EXIT),
689 text = STRING_TOKEN(STR_NO_SAVE_AND_EXIT),
690 text = STRING_TOKEN(STR_NULL),
691 flags = INTERACTIVE,
692 key = KEY_VALUE_NO_SAVE_AND_EXIT_PK;
693
694 endform;
695
696 endformset;
EFI Development Kit II mirror for PVE