2 VFR file used by the SecureBoot configuration component.
4 Copyright (c) 2011 - 2015, Intel Corporation. All rights reserved.<BR>
5 This program and the accompanying materials
6 are licensed and made available under the terms and conditions of the BSD License
7 which accompanies this distribution. The full text of the license may be found at
8 http://opensource.org/licenses/bsd-license.php
10 THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
11 WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
15 #include "SecureBootConfigNvData.h"
18 guid = SECUREBOOT_CONFIG_FORM_SET_GUID,
19 title = STRING_TOKEN(STR_SECUREBOOT_TITLE),
20 help = STRING_TOKEN(STR_SECUREBOOT_HELP),
21 classguid = EFI_HII_PLATFORM_SETUP_FORMSET_GUID,
23 varstore SECUREBOOT_CONFIGURATION,
24 varid = SECUREBOOT_CONFIGURATION_VARSTORE_ID,
25 name = SECUREBOOT_CONFIGURATION,
26 guid = SECUREBOOT_CONFIG_FORM_SET_GUID;
29 // ##1 Form "Secure Boot Configuration"
31 form formid = SECUREBOOT_CONFIGURATION_FORM_ID,
32 title = STRING_TOKEN(STR_SECUREBOOT_TITLE);
34 subtitle text = STRING_TOKEN(STR_NULL);
37 // Display current secure boot mode(one of SetupMode/AuditMode/UserMode/DeployedMode)
40 help = STRING_TOKEN(STR_CUR_SECURE_BOOT_MODE_HELP),
41 text = STRING_TOKEN(STR_CUR_SECURE_BOOT_MODE_PROMPT),
42 text = STRING_TOKEN(STR_CUR_SECURE_BOOT_MODE_CONTENT);
45 help = STRING_TOKEN(STR_SECURE_BOOT_STATE_HELP),
46 text = STRING_TOKEN(STR_SECURE_BOOT_STATE_PROMPT),
47 text = STRING_TOKEN(STR_SECURE_BOOT_STATE_CONTENT);
50 // Define of Check Box: Attempt Secure Boot
53 checkbox varid = SECUREBOOT_CONFIGURATION.HideSecureBoot,
54 questionid = KEY_HIDE_SECURE_BOOT,
55 prompt = STRING_TOKEN(STR_NULL),
56 help = STRING_TOKEN(STR_NULL),
62 // Display of Check Box: Attempt Secure Boot
64 grayoutif ideqval SECUREBOOT_CONFIGURATION.HideSecureBoot == 1;
65 checkbox varid = SECUREBOOT_CONFIGURATION.AttemptSecureBoot,
66 questionid = KEY_SECURE_BOOT_ENABLE,
67 prompt = STRING_TOKEN(STR_SECURE_BOOT_PROMPT),
68 help = STRING_TOKEN(STR_SECURE_BOOT_HELP),
69 flags = INTERACTIVE | RESET_REQUIRED,
74 // Display of Oneof: 'Secure Boot Mode'
77 oneof varid = SECUREBOOT_CONFIGURATION.SecureBootMode,
78 prompt = STRING_TOKEN(STR_SECURE_BOOT_MODE_PROMPT),
79 help = STRING_TOKEN(STR_SECURE_BOOT_MODE_HELP),
81 option text = STRING_TOKEN(STR_STANDARD_MODE), value = SECURE_BOOT_MODE_STANDARD, flags = 0;
82 option text = STRING_TOKEN(STR_CUSTOM_MODE), value = SECURE_BOOT_MODE_CUSTOM, flags = 0;
85 oneof name = SecureBootMode,
86 questionid = KEY_SECURE_BOOT_MODE,
87 prompt = STRING_TOKEN(STR_SECURE_BOOT_MODE_PROMPT),
88 help = STRING_TOKEN(STR_SECURE_BOOT_MODE_HELP),
89 flags = INTERACTIVE | NUMERIC_SIZE_1,
90 option text = STRING_TOKEN(STR_STANDARD_MODE), value = SECURE_BOOT_MODE_STANDARD, flags = DEFAULT;
91 option text = STRING_TOKEN(STR_CUSTOM_MODE), value = SECURE_BOOT_MODE_CUSTOM, flags = 0;
95 // Display PK include page
97 suppressif questionref(SecureBootMode) == SECURE_BOOT_MODE_STANDARD;
98 grayoutif NOT ideqval SECUREBOOT_CONFIGURATION.PhysicalPresent == 1;
99 goto FORMID_SECURE_BOOT_OPTION_FORM,
100 prompt = STRING_TOKEN(STR_SECURE_BOOT_OPTION),
101 help = STRING_TOKEN(STR_SECURE_BOOT_OPTION_HELP),
103 key = KEY_SECURE_BOOT_OPTION;
110 // ##2 Form: 'Custom Secure Boot Options'
112 form formid = FORMID_SECURE_BOOT_OPTION_FORM,
113 title = STRING_TOKEN(STR_SECURE_BOOT_OPTION_TITLE);
115 subtitle text = STRING_TOKEN(STR_NULL);
118 // Display of SetupMode/UserMode/AuditMode/DeployedMode transition
121 oneof varid = SECUREBOOT_CONFIGURATION.TransSecureBootMode,
122 prompt = STRING_TOKEN(STR_TRANS_SECURE_BOOT_MODE_PROMPT),
123 help = STRING_TOKEN(STR_TRANS_SECURE_BOOT_MODE_HELP),
125 suppressif ideqval SECUREBOOT_CONFIGURATION.CurSecureBootMode == SECURE_BOOT_MODE_AUDIT_MODE
126 OR (ideqval SECUREBOOT_CONFIGURATION.CurSecureBootMode == SECURE_BOOT_MODE_DEPLOYED_MODE AND
127 ideqval SECUREBOOT_CONFIGURATION.PhysicalPresent == 0);
128 option text = STRING_TOKEN(STR_USER_MODE), value = SECURE_BOOT_MODE_USER_MODE, flags = 0;
130 suppressif ideqval SECUREBOOT_CONFIGURATION.CurSecureBootMode == SECURE_BOOT_MODE_AUDIT_MODE;
131 option text = STRING_TOKEN(STR_SETUP_MODE), value = SECURE_BOOT_MODE_SETUP_MODE, flags = 0;
133 suppressif ideqval SECUREBOOT_CONFIGURATION.CurSecureBootMode == SECURE_BOOT_MODE_DEPLOYED_MODE;
134 option text = STRING_TOKEN(STR_AUDIT_MODE), value = SECURE_BOOT_MODE_AUDIT_MODE, flags = 0;
136 suppressif ideqval SECUREBOOT_CONFIGURATION.CurSecureBootMode == SECURE_BOOT_MODE_SETUP_MODE;
137 option text = STRING_TOKEN(STR_DEPLOYED_MODE), value = SECURE_BOOT_MODE_DEPLOYED_MODE, flags = 0;
139 option text = STRING_TOKEN(STR_DEPLOYED_MODE), value = 4, flags = 0;
142 oneof name = TransSecureBootMode,
143 questionid = KEY_TRANS_SECURE_BOOT_MODE,
144 prompt = STRING_TOKEN(STR_TRANS_SECURE_BOOT_MODE_PROMPT),
145 help = STRING_TOKEN(STR_TRANS_SECURE_BOOT_MODE_HELP),
146 flags = INTERACTIVE | NUMERIC_SIZE_1,
147 suppressif ideqval SECUREBOOT_CONFIGURATION.CurSecureBootMode == SECURE_BOOT_MODE_AUDIT_MODE
148 OR (ideqval SECUREBOOT_CONFIGURATION.CurSecureBootMode == SECURE_BOOT_MODE_DEPLOYED_MODE AND
149 ideqval SECUREBOOT_CONFIGURATION.PhysicalPresent == 0);
150 option text = STRING_TOKEN(STR_USER_MODE), value = SECURE_BOOT_MODE_USER_MODE, flags = 0;
152 suppressif ideqval SECUREBOOT_CONFIGURATION.CurSecureBootMode == SECURE_BOOT_MODE_AUDIT_MODE;
153 option text = STRING_TOKEN(STR_SETUP_MODE), value = SECURE_BOOT_MODE_SETUP_MODE, flags = 0;
155 suppressif ideqval SECUREBOOT_CONFIGURATION.CurSecureBootMode == SECURE_BOOT_MODE_DEPLOYED_MODE;
156 option text = STRING_TOKEN(STR_AUDIT_MODE), value = SECURE_BOOT_MODE_AUDIT_MODE, flags = 0;
158 suppressif ideqval SECUREBOOT_CONFIGURATION.CurSecureBootMode == SECURE_BOOT_MODE_SETUP_MODE;
159 option text = STRING_TOKEN(STR_DEPLOYED_MODE), value = SECURE_BOOT_MODE_DEPLOYED_MODE, flags = 0;
164 subtitle text = STRING_TOKEN(STR_NULL);
166 goto FORMID_SECURE_BOOT_PK_OPTION_FORM,
167 prompt = STRING_TOKEN(STR_SECURE_BOOT_PK_OPTION),
168 help = STRING_TOKEN(STR_SECURE_BOOT_PK_OPTION_HELP),
170 key = KEY_SECURE_BOOT_PK_OPTION;
172 subtitle text = STRING_TOKEN(STR_NULL);
174 goto FORMID_SECURE_BOOT_KEK_OPTION_FORM,
175 prompt = STRING_TOKEN(STR_SECURE_BOOT_KEK_OPTION),
176 help = STRING_TOKEN(STR_SECURE_BOOT_KEK_OPTION_HELP),
178 key = KEY_SECURE_BOOT_KEK_OPTION;
180 subtitle text = STRING_TOKEN(STR_NULL);
182 goto FORMID_SECURE_BOOT_DB_OPTION_FORM,
183 prompt = STRING_TOKEN(STR_SECURE_BOOT_DB_OPTION),
184 help = STRING_TOKEN(STR_SECURE_BOOT_DB_OPTION_HELP),
186 key = KEY_SECURE_BOOT_DB_OPTION;
188 subtitle text = STRING_TOKEN(STR_NULL);
190 goto FORMID_SECURE_BOOT_DBX_OPTION_FORM,
191 prompt = STRING_TOKEN(STR_SECURE_BOOT_DBX_OPTION),
192 help = STRING_TOKEN(STR_SECURE_BOOT_DBX_OPTION_HELP),
194 key = KEY_SECURE_BOOT_DBX_OPTION;
196 subtitle text = STRING_TOKEN(STR_NULL);
198 goto FORMID_SECURE_BOOT_DBT_OPTION_FORM,
199 prompt = STRING_TOKEN(STR_SECURE_BOOT_DBT_OPTION),
200 help = STRING_TOKEN(STR_SECURE_BOOT_DBT_OPTION_HELP),
202 key = KEY_SECURE_BOOT_DBT_OPTION;
207 // ##3 Form: 'PK Options'
209 form formid = FORMID_SECURE_BOOT_PK_OPTION_FORM,
210 title = STRING_TOKEN(STR_SECURE_BOOT_PK_OPTION);
212 subtitle text = STRING_TOKEN(STR_NULL);
215 // Define of Check Box: 'Delete PK'
218 checkbox varid = SECUREBOOT_CONFIGURATION.DeletePk,
219 prompt = STRING_TOKEN(STR_NULL),
220 help = STRING_TOKEN(STR_NULL),
224 grayoutif ideqval SECUREBOOT_CONFIGURATION.HasPk == 1;
225 goto FORMID_ENROLL_PK_FORM,
226 prompt = STRING_TOKEN(STR_ENROLL_PK),
227 help = STRING_TOKEN(STR_ENROLL_PK_HELP),
232 subtitle text = STRING_TOKEN(STR_NULL);
235 // Display of Check Box: 'Delete Pk'
237 grayoutif ideqval SECUREBOOT_CONFIGURATION.HideSecureBoot == 1;
238 checkbox varid = SECUREBOOT_CONFIGURATION.DeletePk,
239 questionid = KEY_SECURE_BOOT_DELETE_PK,
240 prompt = STRING_TOKEN(STR_DELETE_PK),
241 help = STRING_TOKEN(STR_DELETE_PK_HELP),
242 flags = INTERACTIVE | RESET_REQUIRED,
248 // ##4 Form: 'Enroll PK'
250 form formid = FORMID_ENROLL_PK_FORM,
251 title = STRING_TOKEN(STR_ENROLL_PK);
253 subtitle text = STRING_TOKEN(STR_NULL);
255 goto FORM_FILE_EXPLORER_ID_PK,
256 prompt = STRING_TOKEN(STR_SECURE_BOOT_ENROLL_PK_FILE),
257 help = STRING_TOKEN(STR_SECURE_BOOT_ENROLL_PK_FILE),
259 key = SECUREBOOT_ADD_PK_FILE_FORM_ID;
263 // ##5 Form: 'KEK Options'
265 form formid = FORMID_SECURE_BOOT_KEK_OPTION_FORM,
266 title = STRING_TOKEN(STR_SECURE_BOOT_KEK_OPTION);
269 // Display of 'Enroll KEK'
271 goto FORMID_ENROLL_KEK_FORM,
272 prompt = STRING_TOKEN(STR_ENROLL_KEK),
273 help = STRING_TOKEN(STR_ENROLL_KEK_HELP),
276 subtitle text = STRING_TOKEN(STR_NULL);
279 // Display of 'Delete KEK'
281 goto FORMID_DELETE_KEK_FORM,
282 prompt = STRING_TOKEN(STR_DELETE_KEK),
283 help = STRING_TOKEN(STR_DELETE_KEK_HELP),
285 key = KEY_DELETE_KEK;
287 subtitle text = STRING_TOKEN(STR_NULL);
291 // ##6 Form: 'Enroll KEK'
293 form formid = FORMID_ENROLL_KEK_FORM,
294 title = STRING_TOKEN(STR_ENROLL_KEK_TITLE);
296 subtitle text = STRING_TOKEN(STR_NULL);
298 goto FORM_FILE_EXPLORER_ID_KEK,
299 prompt = STRING_TOKEN(STR_FORM_ENROLL_KEK_FROM_FILE_TITLE),
300 help = STRING_TOKEN(STR_FORM_ENROLL_KEK_FROM_FILE_TITLE_HELP),
302 key = FORMID_ENROLL_KEK_FORM;
304 subtitle text = STRING_TOKEN(STR_NULL);
305 label FORMID_ENROLL_KEK_FORM;
307 subtitle text = STRING_TOKEN(STR_NULL);
309 string varid = SECUREBOOT_CONFIGURATION.SignatureGuid,
310 prompt = STRING_TOKEN(STR_SECURE_BOOT_SIGNATURE_GUID),
311 help = STRING_TOKEN(STR_SECURE_BOOT_SIGNATURE_GUID_HELP),
313 key = KEY_SECURE_BOOT_KEK_GUID,
314 minsize = SECURE_BOOT_GUID_SIZE,
315 maxsize = SECURE_BOOT_GUID_SIZE,
318 subtitle text = STRING_TOKEN(STR_NULL);
319 subtitle text = STRING_TOKEN(STR_NULL);
321 goto FORMID_SECURE_BOOT_OPTION_FORM,
322 prompt = STRING_TOKEN(STR_SAVE_AND_EXIT),
323 help = STRING_TOKEN(STR_SAVE_AND_EXIT),
325 key = KEY_VALUE_SAVE_AND_EXIT_KEK;
327 goto FORMID_SECURE_BOOT_OPTION_FORM,
328 prompt = STRING_TOKEN(STR_NO_SAVE_AND_EXIT),
329 help = STRING_TOKEN(STR_NO_SAVE_AND_EXIT),
331 key = KEY_VALUE_NO_SAVE_AND_EXIT_KEK;
336 // ##7 Form: 'Delete KEK'
338 form formid = FORMID_DELETE_KEK_FORM,
339 title = STRING_TOKEN(STR_DELETE_KEK_TITLE);
341 label LABEL_KEK_DELETE;
344 subtitle text = STRING_TOKEN(STR_NULL);
349 // ##8 Form: 'DB Options'
351 form formid = FORMID_SECURE_BOOT_DB_OPTION_FORM,
352 title = STRING_TOKEN(STR_SECURE_BOOT_DB_OPTION);
354 subtitle text = STRING_TOKEN(STR_NULL);
356 goto SECUREBOOT_ENROLL_SIGNATURE_TO_DB,
357 prompt = STRING_TOKEN (STR_SECURE_BOOT_ENROLL_SIGNATURE),
358 help = STRING_TOKEN (STR_SECURE_BOOT_ENROLL_SIGNATURE),
361 subtitle text = STRING_TOKEN(STR_NULL);
363 goto SECUREBOOT_DELETE_SIGNATURE_FROM_DB,
364 prompt = STRING_TOKEN (STR_SECURE_BOOT_DELETE_SIGNATURE),
365 help = STRING_TOKEN (STR_SECURE_BOOT_DELETE_SIGNATURE),
367 key = SECUREBOOT_DELETE_SIGNATURE_FROM_DB;
372 // ##9 Form: 'DBX Options'
374 form formid = FORMID_SECURE_BOOT_DBX_OPTION_FORM,
375 title = STRING_TOKEN(STR_SECURE_BOOT_DBX_OPTION);
377 subtitle text = STRING_TOKEN(STR_NULL);
379 goto SECUREBOOT_ENROLL_SIGNATURE_TO_DBX,
380 prompt = STRING_TOKEN (STR_SECURE_BOOT_ENROLL_SIGNATURE),
381 help = STRING_TOKEN (STR_SECURE_BOOT_ENROLL_SIGNATURE),
384 subtitle text = STRING_TOKEN(STR_NULL);
386 goto SECUREBOOT_DELETE_SIGNATURE_FROM_DBX,
387 prompt = STRING_TOKEN (STR_SECURE_BOOT_DELETE_SIGNATURE),
388 help = STRING_TOKEN (STR_SECURE_BOOT_DELETE_SIGNATURE),
390 key = SECUREBOOT_DELETE_SIGNATURE_FROM_DBX;
395 // ##9 Form: 'DBT Options'
397 form formid = FORMID_SECURE_BOOT_DBT_OPTION_FORM,
398 title = STRING_TOKEN(STR_SECURE_BOOT_DBT_OPTION);
400 subtitle text = STRING_TOKEN(STR_NULL);
402 goto SECUREBOOT_ENROLL_SIGNATURE_TO_DBT,
403 prompt = STRING_TOKEN (STR_SECURE_BOOT_ENROLL_SIGNATURE),
404 help = STRING_TOKEN (STR_SECURE_BOOT_ENROLL_SIGNATURE),
407 subtitle text = STRING_TOKEN(STR_NULL);
409 goto SECUREBOOT_DELETE_SIGNATURE_FROM_DBT,
410 prompt = STRING_TOKEN (STR_SECURE_BOOT_DELETE_SIGNATURE),
411 help = STRING_TOKEN (STR_SECURE_BOOT_DELETE_SIGNATURE),
413 key = SECUREBOOT_DELETE_SIGNATURE_FROM_DBT;
418 // Form: 'Delete Signature' for DB Options.
420 form formid = SECUREBOOT_DELETE_SIGNATURE_FROM_DB,
421 title = STRING_TOKEN(STR_SECURE_BOOT_DELETE_SIGNATURE);
423 label LABEL_DB_DELETE;
425 subtitle text = STRING_TOKEN(STR_NULL);
430 // Form: 'Delete Signature' for DBX Options.
432 form formid = SECUREBOOT_DELETE_SIGNATURE_FROM_DBX,
433 title = STRING_TOKEN(STR_SECURE_BOOT_DELETE_SIGNATURE);
435 label LABEL_DBX_DELETE;
437 subtitle text = STRING_TOKEN(STR_NULL);
442 // Form: 'Delete Signature' for DBT Options.
444 form formid = SECUREBOOT_DELETE_SIGNATURE_FROM_DBT,
445 title = STRING_TOKEN(STR_SECURE_BOOT_DELETE_SIGNATURE);
447 label LABEL_DBT_DELETE;
449 subtitle text = STRING_TOKEN(STR_NULL);
454 // Form: 'Enroll Signature' for DB options.
456 form formid = SECUREBOOT_ENROLL_SIGNATURE_TO_DB,
457 title = STRING_TOKEN(STR_SECURE_BOOT_ENROLL_SIGNATURE);
459 subtitle text = STRING_TOKEN(STR_NULL);
461 goto FORM_FILE_EXPLORER_ID_DB,
462 prompt = STRING_TOKEN(STR_SECURE_BOOT_ADD_SIGNATURE_FILE),
463 help = STRING_TOKEN(STR_SECURE_BOOT_ADD_SIGNATURE_FILE),
465 key = SECUREBOOT_ENROLL_SIGNATURE_TO_DB;
467 subtitle text = STRING_TOKEN(STR_NULL);
468 label SECUREBOOT_ENROLL_SIGNATURE_TO_DB;
470 subtitle text = STRING_TOKEN(STR_NULL);
472 string varid = SECUREBOOT_CONFIGURATION.SignatureGuid,
473 prompt = STRING_TOKEN(STR_SECURE_BOOT_SIGNATURE_GUID),
474 help = STRING_TOKEN(STR_SECURE_BOOT_SIGNATURE_GUID_HELP),
476 key = KEY_SECURE_BOOT_SIGNATURE_GUID_DB,
477 minsize = SECURE_BOOT_GUID_SIZE,
478 maxsize = SECURE_BOOT_GUID_SIZE,
481 subtitle text = STRING_TOKEN(STR_NULL);
482 subtitle text = STRING_TOKEN(STR_NULL);
484 goto FORMID_SECURE_BOOT_OPTION_FORM,
485 prompt = STRING_TOKEN(STR_SAVE_AND_EXIT),
486 help = STRING_TOKEN(STR_SAVE_AND_EXIT),
488 key = KEY_VALUE_SAVE_AND_EXIT_DB;
490 goto FORMID_SECURE_BOOT_OPTION_FORM,
491 prompt = STRING_TOKEN(STR_NO_SAVE_AND_EXIT),
492 help = STRING_TOKEN(STR_NO_SAVE_AND_EXIT),
494 key = KEY_VALUE_NO_SAVE_AND_EXIT_DB;
499 // Form: 'Enroll Signature' for DBX options.
501 form formid = SECUREBOOT_ENROLL_SIGNATURE_TO_DBX,
502 title = STRING_TOKEN(STR_SECURE_BOOT_ENROLL_SIGNATURE);
504 subtitle text = STRING_TOKEN(STR_NULL);
506 goto FORM_FILE_EXPLORER_ID_DBX,
507 prompt = STRING_TOKEN(STR_SECURE_BOOT_ADD_SIGNATURE_FILE),
508 help = STRING_TOKEN(STR_SECURE_BOOT_ADD_SIGNATURE_FILE),
510 key = SECUREBOOT_ENROLL_SIGNATURE_TO_DBX;
512 label SECUREBOOT_ENROLL_SIGNATURE_TO_DBX;
514 subtitle text = STRING_TOKEN(STR_NULL);
516 string varid = SECUREBOOT_CONFIGURATION.SignatureGuid,
517 prompt = STRING_TOKEN(STR_SECURE_BOOT_SIGNATURE_GUID),
518 help = STRING_TOKEN(STR_SECURE_BOOT_SIGNATURE_GUID_HELP),
520 key = KEY_SECURE_BOOT_SIGNATURE_GUID_DBX,
521 minsize = SECURE_BOOT_GUID_SIZE,
522 maxsize = SECURE_BOOT_GUID_SIZE,
525 oneof name = SignatureFormatInDbx,
526 varid = SECUREBOOT_CONFIGURATION.CertificateFormat,
527 prompt = STRING_TOKEN(STR_DBX_CERTIFICATE_FORMAT_PROMPT),
528 help = STRING_TOKEN(STR_DBX_CERTIFICATE_FORMAT_HELP),
529 option text = STRING_TOKEN(STR_DBX_CERTIFICATE_FORMAT_SHA256), value = 0x2, flags = DEFAULT;
530 option text = STRING_TOKEN(STR_DBX_CERTIFICATE_FORMAT_SHA384), value = 0x3, flags = 0;
531 option text = STRING_TOKEN(STR_DBX_CERTIFICATE_FORMAT_SHA512), value = 0x4, flags = 0;
532 option text = STRING_TOKEN(STR_DBX_CERTIFICATE_FORMAT_RAW), value = 0x5, flags = 0;
535 suppressif ideqval SECUREBOOT_CONFIGURATION.CertificateFormat == 5;
536 checkbox varid = SECUREBOOT_CONFIGURATION.AlwaysRevocation,
537 prompt = STRING_TOKEN(STR_ALWAYS_CERTIFICATE_REVOCATION_PROMPT),
538 help = STRING_TOKEN(STR_ALWAYS_CERTIFICATE_REVOCATION_HELP),
542 suppressif ideqval SECUREBOOT_CONFIGURATION.AlwaysRevocation == 1;
543 date varid = SECUREBOOT_CONFIGURATION.RevocationDate,
544 prompt = STRING_TOKEN(STR_CERTIFICATE_REVOCATION_DATE_PROMPT),
545 help = STRING_TOKEN(STR_CERTIFICATE_REVOCATION_DATE_HELP),
546 flags = STORAGE_NORMAL,
549 time varid = SECUREBOOT_CONFIGURATION.RevocationTime,
550 prompt = STRING_TOKEN(STR_CERTIFICATE_REVOCATION_TIME_PROMPT),
551 help = STRING_TOKEN(STR_CERTIFICATE_REVOCATION_TIME_HELP),
552 flags = STORAGE_NORMAL,
557 subtitle text = STRING_TOKEN(STR_NULL);
558 subtitle text = STRING_TOKEN(STR_NULL);
560 goto FORMID_SECURE_BOOT_OPTION_FORM,
561 prompt = STRING_TOKEN(STR_SAVE_AND_EXIT),
562 help = STRING_TOKEN(STR_SAVE_AND_EXIT),
564 key = KEY_VALUE_SAVE_AND_EXIT_DBX;
566 goto FORMID_SECURE_BOOT_OPTION_FORM,
567 prompt = STRING_TOKEN(STR_NO_SAVE_AND_EXIT),
568 help = STRING_TOKEN(STR_NO_SAVE_AND_EXIT),
570 key = KEY_VALUE_NO_SAVE_AND_EXIT_DBX;
575 // Form: 'Enroll Signature' for DBT options.
577 form formid = SECUREBOOT_ENROLL_SIGNATURE_TO_DBT,
578 title = STRING_TOKEN(STR_SECURE_BOOT_ENROLL_SIGNATURE);
580 subtitle text = STRING_TOKEN(STR_NULL);
582 goto FORM_FILE_EXPLORER_ID_DBT,
583 prompt = STRING_TOKEN(STR_SECURE_BOOT_ADD_SIGNATURE_FILE),
584 help = STRING_TOKEN(STR_SECURE_BOOT_ADD_SIGNATURE_FILE),
586 key = SECUREBOOT_ENROLL_SIGNATURE_TO_DBT;
588 subtitle text = STRING_TOKEN(STR_NULL);
589 label SECUREBOOT_ENROLL_SIGNATURE_TO_DBT;
591 subtitle text = STRING_TOKEN(STR_NULL);
593 string varid = SECUREBOOT_CONFIGURATION.SignatureGuid,
594 prompt = STRING_TOKEN(STR_SECURE_BOOT_SIGNATURE_GUID),
595 help = STRING_TOKEN(STR_SECURE_BOOT_SIGNATURE_GUID_HELP),
597 key = KEY_SECURE_BOOT_SIGNATURE_GUID_DBT,
598 minsize = SECURE_BOOT_GUID_SIZE,
599 maxsize = SECURE_BOOT_GUID_SIZE,
602 subtitle text = STRING_TOKEN(STR_NULL);
603 subtitle text = STRING_TOKEN(STR_NULL);
605 goto FORMID_SECURE_BOOT_OPTION_FORM,
606 prompt = STRING_TOKEN(STR_SAVE_AND_EXIT),
607 help = STRING_TOKEN(STR_SAVE_AND_EXIT),
609 key = KEY_VALUE_SAVE_AND_EXIT_DBT;
611 goto FORMID_SECURE_BOOT_OPTION_FORM,
612 prompt = STRING_TOKEN(STR_NO_SAVE_AND_EXIT),
613 help = STRING_TOKEN(STR_NO_SAVE_AND_EXIT),
615 key = KEY_VALUE_NO_SAVE_AND_EXIT_DBT;
620 // File Explorer for PK
622 form formid = FORM_FILE_EXPLORER_ID_PK,
623 title = STRING_TOKEN(STR_FILE_EXPLORER_TITLE);
625 label FORM_FILE_EXPLORER_ID;
630 // File Explorer for KEK
632 form formid = FORM_FILE_EXPLORER_ID_KEK,
633 title = STRING_TOKEN(STR_FILE_EXPLORER_TITLE);
635 label FORM_FILE_EXPLORER_ID;
640 // File Explorer for DB
642 form formid = FORM_FILE_EXPLORER_ID_DB,
643 title = STRING_TOKEN(STR_FILE_EXPLORER_TITLE);
645 label FORM_FILE_EXPLORER_ID;
650 // File Explorer for DBX
652 form formid = FORM_FILE_EXPLORER_ID_DBX,
653 title = STRING_TOKEN(STR_FILE_EXPLORER_TITLE);
655 label FORM_FILE_EXPLORER_ID;
660 // File Explorer for DBT
662 form formid = FORM_FILE_EXPLORER_ID_DBT,
663 title = STRING_TOKEN(STR_FILE_EXPLORER_TITLE);
665 label FORM_FILE_EXPLORER_ID;
670 // Enroll Pk from File Commit Form
672 form formid = SECUREBOOT_ADD_PK_FILE_FORM_ID,
673 title = STRING_TOKEN(STR_SAVE_PK_FILE);
675 label SECUREBOOT_ADD_PK_FILE_FORM_ID;
678 subtitle text = STRING_TOKEN(STR_NULL);
681 help = STRING_TOKEN(STR_SAVE_AND_EXIT),
682 text = STRING_TOKEN(STR_SAVE_AND_EXIT),
683 text = STRING_TOKEN(STR_NULL),
685 key = KEY_VALUE_SAVE_AND_EXIT_PK;
688 help = STRING_TOKEN(STR_NO_SAVE_AND_EXIT),
689 text = STRING_TOKEN(STR_NO_SAVE_AND_EXIT),
690 text = STRING_TOKEN(STR_NULL),
692 key = KEY_VALUE_NO_SAVE_AND_EXIT_PK;