SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfig.vfr

   1 /** @file
   2   VFR file used by the SecureBoot configuration component.
   3
   4 Copyright (c) 2011 - 2018, Intel Corporation. All rights reserved.<BR>
   5 SPDX-License-Identifier: BSD-2-Clause-Patent
   6
   7 **/
   8
   9 #include "SecureBootConfigNvData.h"
  10
  11 formset
  12   guid      = SECUREBOOT_CONFIG_FORM_SET_GUID,
  13   title     = STRING_TOKEN(STR_SECUREBOOT_TITLE),
  14   help      = STRING_TOKEN(STR_SECUREBOOT_HELP),
  15   classguid = EFI_HII_PLATFORM_SETUP_FORMSET_GUID,
  16
  17   varstore SECUREBOOT_CONFIGURATION,
  18     varid = SECUREBOOT_CONFIGURATION_VARSTORE_ID,
  19     name  = SECUREBOOT_CONFIGURATION,
  20     guid  = SECUREBOOT_CONFIG_FORM_SET_GUID;
  21
  22   //
  23   // ##1 Form "Secure Boot Configuration"
  24   //
  25   form formid = SECUREBOOT_CONFIGURATION_FORM_ID,
  26     title = STRING_TOKEN(STR_SECUREBOOT_TITLE);
  27
  28     subtitle text = STRING_TOKEN(STR_NULL);
  29
  30     text
  31       help   = STRING_TOKEN(STR_SECURE_BOOT_STATE_HELP),
  32       text   = STRING_TOKEN(STR_SECURE_BOOT_STATE_PROMPT),
  33         text   = STRING_TOKEN(STR_SECURE_BOOT_STATE_CONTENT);
  34
  35     //
  36     // Display of Check Box: Attempt Secure Boot
  37     //
  38     grayoutif ideqval SECUREBOOT_CONFIGURATION.HideSecureBoot == 1 OR NOT ideqval SECUREBOOT_CONFIGURATION.PhysicalPresent == 1;
  39     checkbox varid = SECUREBOOT_CONFIGURATION.AttemptSecureBoot,
  40           questionid = KEY_SECURE_BOOT_ENABLE,
  41           prompt = STRING_TOKEN(STR_SECURE_BOOT_PROMPT),
  42           help   = STRING_TOKEN(STR_SECURE_BOOT_HELP),
  43           flags  = INTERACTIVE | RESET_REQUIRED,
  44     endcheckbox;
  45     endif;
  46
  47     //
  48     // Display of Oneof: 'Secure Boot Mode'
  49     //
  50     oneof name = SecureBootMode,
  51           questionid = KEY_SECURE_BOOT_MODE,
  52           prompt = STRING_TOKEN(STR_SECURE_BOOT_MODE_PROMPT),
  53           help   = STRING_TOKEN(STR_SECURE_BOOT_MODE_HELP),
  54           flags  = INTERACTIVE | NUMERIC_SIZE_1,
  55           option text = STRING_TOKEN(STR_STANDARD_MODE),    value = SECURE_BOOT_MODE_STANDARD, flags = DEFAULT;
  56           option text = STRING_TOKEN(STR_CUSTOM_MODE),      value = SECURE_BOOT_MODE_CUSTOM,   flags = 0;
  57     endoneof;
  58
  59     //
  60     // Display of 'Current Secure Boot Mode'
  61     //
  62     suppressif questionref(SecureBootMode) == SECURE_BOOT_MODE_STANDARD;
  63     grayoutif NOT ideqval SECUREBOOT_CONFIGURATION.PhysicalPresent == 1;
  64     goto FORMID_SECURE_BOOT_OPTION_FORM,
  65          prompt = STRING_TOKEN(STR_SECURE_BOOT_OPTION),
  66          help   = STRING_TOKEN(STR_SECURE_BOOT_OPTION_HELP),
  67          flags  = INTERACTIVE,
  68          key    = KEY_SECURE_BOOT_OPTION;
  69     endif;
  70     endif;
  71
  72     text
  73       help   = STRING_TOKEN(STR_SECURE_RESET_TO_DEFAULTS_HELP),
  74       text   = STRING_TOKEN(STR_SECURE_RESET_TO_DEFAULTS),
  75       flags  = INTERACTIVE,
  76       key    = KEY_SECURE_BOOT_RESET_TO_DEFAULT;
  77
  78   endform;
  79
  80   //
  81   // ##2 Form: 'Custom Secure Boot Options'
  82   //
  83   form formid = FORMID_SECURE_BOOT_OPTION_FORM,
  84     title  = STRING_TOKEN(STR_SECURE_BOOT_OPTION_TITLE);
  85
  86     subtitle text = STRING_TOKEN(STR_NULL);
  87
  88     goto FORMID_SECURE_BOOT_PK_OPTION_FORM,
  89          prompt = STRING_TOKEN(STR_SECURE_BOOT_PK_OPTION),
  90          help   = STRING_TOKEN(STR_SECURE_BOOT_PK_OPTION_HELP),
  91          flags  = INTERACTIVE,
  92          key    = KEY_SECURE_BOOT_PK_OPTION;
  93
  94     subtitle text = STRING_TOKEN(STR_NULL);
  95
  96     goto FORMID_SECURE_BOOT_KEK_OPTION_FORM,
  97          prompt = STRING_TOKEN(STR_SECURE_BOOT_KEK_OPTION),
  98          help   = STRING_TOKEN(STR_SECURE_BOOT_KEK_OPTION_HELP),
  99          flags  = INTERACTIVE,
 100          key    = KEY_SECURE_BOOT_KEK_OPTION;
 101
 102     subtitle text = STRING_TOKEN(STR_NULL);
 103
 104     goto FORMID_SECURE_BOOT_DB_OPTION_FORM,
 105          prompt = STRING_TOKEN(STR_SECURE_BOOT_DB_OPTION),
 106          help   = STRING_TOKEN(STR_SECURE_BOOT_DB_OPTION_HELP),
 107          flags  = INTERACTIVE,
 108          key    = KEY_SECURE_BOOT_DB_OPTION;
 109
 110     subtitle text = STRING_TOKEN(STR_NULL);
 111
 112     goto FORMID_SECURE_BOOT_DBX_OPTION_FORM,
 113          prompt = STRING_TOKEN(STR_SECURE_BOOT_DBX_OPTION),
 114          help   = STRING_TOKEN(STR_SECURE_BOOT_DBX_OPTION_HELP),
 115          flags  = INTERACTIVE,
 116          key    = KEY_SECURE_BOOT_DBX_OPTION;
 117
 118     subtitle text = STRING_TOKEN(STR_NULL);
 119
 120     goto FORMID_SECURE_BOOT_DBT_OPTION_FORM,
 121          prompt = STRING_TOKEN(STR_SECURE_BOOT_DBT_OPTION),
 122          help   = STRING_TOKEN(STR_SECURE_BOOT_DBT_OPTION_HELP),
 123          flags  = INTERACTIVE,
 124          key    = KEY_SECURE_BOOT_DBT_OPTION;
 125
 126   endform;
 127
 128   //
 129   // ##3 Form: 'PK Options'
 130   //
 131   form formid = FORMID_SECURE_BOOT_PK_OPTION_FORM,
 132     title  = STRING_TOKEN(STR_SECURE_BOOT_PK_OPTION);
 133
 134     subtitle text = STRING_TOKEN(STR_NULL);
 135
 136     //
 137     // Display of 'Enroll PK'
 138     //
 139     grayoutif ideqval SECUREBOOT_CONFIGURATION.HasPk == 1;
 140     goto FORMID_ENROLL_PK_FORM,
 141          prompt = STRING_TOKEN(STR_ENROLL_PK),
 142          help   = STRING_TOKEN(STR_ENROLL_PK_HELP),
 143          flags  = INTERACTIVE,
 144          key    = KEY_ENROLL_PK;
 145     endif;
 146
 147     subtitle text = STRING_TOKEN(STR_NULL);
 148
 149     //
 150     // Display of Check Box: 'Delete Pk'
 151     //
 152     grayoutif ideqval SECUREBOOT_CONFIGURATION.HideSecureBoot == 1;
 153     checkbox varid = SECUREBOOT_CONFIGURATION.DeletePk,
 154           questionid = KEY_SECURE_BOOT_DELETE_PK,
 155           prompt = STRING_TOKEN(STR_DELETE_PK),
 156           help   = STRING_TOKEN(STR_DELETE_PK_HELP),
 157           flags  = INTERACTIVE | RESET_REQUIRED,
 158     endcheckbox;
 159     endif;
 160   endform;
 161
 162   //
 163   // ##4 Form: 'Enroll PK'
 164   //
 165   form formid = FORMID_ENROLL_PK_FORM,
 166     title  = STRING_TOKEN(STR_ENROLL_PK);
 167
 168     subtitle text = STRING_TOKEN(STR_NULL);
 169
 170     goto FORMID_ENROLL_PK_FORM,
 171          prompt = STRING_TOKEN(STR_SECURE_BOOT_ENROLL_PK_FILE),
 172          help = STRING_TOKEN(STR_SECURE_BOOT_ENROLL_PK_FILE),
 173          flags = INTERACTIVE,
 174          key = FORMID_ENROLL_PK_FORM;
 175
 176     subtitle text = STRING_TOKEN(STR_NULL);
 177     label FORMID_ENROLL_PK_FORM;
 178     label LABEL_END;
 179     subtitle text = STRING_TOKEN(STR_NULL);
 180
 181     goto FORMID_SECURE_BOOT_OPTION_FORM,
 182       prompt = STRING_TOKEN(STR_SAVE_AND_EXIT),
 183       help   = STRING_TOKEN(STR_SAVE_AND_EXIT),
 184       flags  = INTERACTIVE| RESET_REQUIRED,
 185       key    = KEY_VALUE_SAVE_AND_EXIT_PK;
 186
 187     goto FORMID_SECURE_BOOT_OPTION_FORM,
 188       prompt = STRING_TOKEN(STR_NO_SAVE_AND_EXIT),
 189       help   = STRING_TOKEN(STR_NO_SAVE_AND_EXIT),
 190       flags  = INTERACTIVE,
 191       key    = KEY_VALUE_NO_SAVE_AND_EXIT_PK;
 192
 193   endform;
 194
 195   //
 196   // ##5 Form: 'KEK Options'
 197   //
 198   form formid = FORMID_SECURE_BOOT_KEK_OPTION_FORM,
 199     title  = STRING_TOKEN(STR_SECURE_BOOT_KEK_OPTION);
 200
 201     //
 202     // Display of 'Enroll KEK'
 203     //
 204     goto FORMID_ENROLL_KEK_FORM,
 205          prompt = STRING_TOKEN(STR_ENROLL_KEK),
 206          help   = STRING_TOKEN(STR_ENROLL_KEK_HELP),
 207          flags  = INTERACTIVE;
 208
 209     subtitle text = STRING_TOKEN(STR_NULL);
 210
 211     //
 212     // Display of 'Delete KEK'
 213     //
 214     goto FORMID_DELETE_KEK_FORM,
 215          prompt = STRING_TOKEN(STR_DELETE_KEK),
 216          help   = STRING_TOKEN(STR_DELETE_KEK_HELP),
 217          flags  = INTERACTIVE,
 218          key    = KEY_DELETE_KEK;
 219
 220     subtitle text = STRING_TOKEN(STR_NULL);
 221   endform;
 222
 223   //
 224   // ##6 Form: 'Enroll KEK'
 225   //
 226   form formid = FORMID_ENROLL_KEK_FORM,
 227     title = STRING_TOKEN(STR_ENROLL_KEK_TITLE);
 228
 229     subtitle text = STRING_TOKEN(STR_NULL);
 230
 231     goto FORMID_ENROLL_KEK_FORM,
 232          prompt = STRING_TOKEN(STR_FORM_ENROLL_KEK_FROM_FILE_TITLE),
 233          help   = STRING_TOKEN(STR_FORM_ENROLL_KEK_FROM_FILE_TITLE_HELP),
 234          flags  = INTERACTIVE,
 235          key    = FORMID_ENROLL_KEK_FORM;
 236
 237     subtitle text = STRING_TOKEN(STR_NULL);
 238     label FORMID_ENROLL_KEK_FORM;
 239     label LABEL_END;
 240     subtitle text = STRING_TOKEN(STR_NULL);
 241
 242     string  varid   = SECUREBOOT_CONFIGURATION.SignatureGuid,
 243             prompt  = STRING_TOKEN(STR_SECURE_BOOT_SIGNATURE_GUID),
 244             help    = STRING_TOKEN(STR_SECURE_BOOT_SIGNATURE_GUID_HELP),
 245             flags   = INTERACTIVE,
 246             key     = KEY_SECURE_BOOT_KEK_GUID,
 247             minsize = SECURE_BOOT_GUID_SIZE,
 248             maxsize = SECURE_BOOT_GUID_SIZE,
 249     endstring;
 250
 251     subtitle text = STRING_TOKEN(STR_NULL);
 252     subtitle text = STRING_TOKEN(STR_NULL);
 253
 254     goto FORMID_SECURE_BOOT_OPTION_FORM,
 255       prompt = STRING_TOKEN(STR_SAVE_AND_EXIT),
 256       help   = STRING_TOKEN(STR_SAVE_AND_EXIT),
 257       flags  = INTERACTIVE,
 258       key    = KEY_VALUE_SAVE_AND_EXIT_KEK;
 259
 260     goto FORMID_SECURE_BOOT_OPTION_FORM,
 261       prompt = STRING_TOKEN(STR_NO_SAVE_AND_EXIT),
 262       help   = STRING_TOKEN(STR_NO_SAVE_AND_EXIT),
 263       flags  = INTERACTIVE,
 264       key    = KEY_VALUE_NO_SAVE_AND_EXIT_KEK;
 265
 266   endform;
 267
 268   //
 269   // ##7 Form: 'Delete KEK'
 270   //
 271   form formid = FORMID_DELETE_KEK_FORM,
 272     title  = STRING_TOKEN(STR_DELETE_KEK_TITLE);
 273
 274     label LABEL_KEK_DELETE;
 275     label LABEL_END;
 276
 277     subtitle text = STRING_TOKEN(STR_NULL);
 278
 279   endform;
 280
 281   //
 282   // ##8 Form: 'DB Options'
 283   //
 284   form formid = FORMID_SECURE_BOOT_DB_OPTION_FORM,
 285     title = STRING_TOKEN(STR_SECURE_BOOT_DB_OPTION);
 286
 287     subtitle text = STRING_TOKEN(STR_NULL);
 288
 289     goto SECUREBOOT_ENROLL_SIGNATURE_TO_DB,
 290     prompt = STRING_TOKEN (STR_SECURE_BOOT_ENROLL_SIGNATURE),
 291     help   = STRING_TOKEN (STR_SECURE_BOOT_ENROLL_SIGNATURE),
 292     flags  = 0;
 293
 294     subtitle text = STRING_TOKEN(STR_NULL);
 295
 296     goto SECUREBOOT_DELETE_SIGNATURE_FROM_DB,
 297     prompt = STRING_TOKEN (STR_SECURE_BOOT_DELETE_SIGNATURE),
 298     help   = STRING_TOKEN (STR_SECURE_BOOT_DELETE_SIGNATURE),
 299     flags  = INTERACTIVE,
 300     key    = SECUREBOOT_DELETE_SIGNATURE_FROM_DB;
 301
 302   endform;
 303
 304   //
 305   // ##9 Form: 'DBX Options'
 306   //
 307   form formid = FORMID_SECURE_BOOT_DBX_OPTION_FORM,
 308     title = STRING_TOKEN(STR_SECURE_BOOT_DBX_OPTION);
 309
 310     subtitle text = STRING_TOKEN(STR_NULL);
 311
 312     goto SECUREBOOT_ENROLL_SIGNATURE_TO_DBX,
 313     prompt = STRING_TOKEN (STR_SECURE_BOOT_ENROLL_SIGNATURE),
 314     help   = STRING_TOKEN (STR_SECURE_BOOT_ENROLL_SIGNATURE),
 315     flags  = 0;
 316
 317     subtitle text = STRING_TOKEN(STR_NULL);
 318
 319     goto SECUREBOOT_DELETE_SIGNATURE_LIST_FORM,
 320     prompt = STRING_TOKEN (STR_SECURE_BOOT_DELETE_SIGNATURE),
 321     help   = STRING_TOKEN (STR_SECURE_BOOT_DELETE_SIGNATURE),
 322     flags  = INTERACTIVE,
 323     key    = KEY_VALUE_FROM_DBX_TO_LIST_FORM;
 324
 325   endform;
 326
 327   //
 328   // ##9 Form: 'DBT Options'
 329   //
 330   form formid = FORMID_SECURE_BOOT_DBT_OPTION_FORM,
 331     title = STRING_TOKEN(STR_SECURE_BOOT_DBT_OPTION);
 332
 333     subtitle text = STRING_TOKEN(STR_NULL);
 334
 335     goto SECUREBOOT_ENROLL_SIGNATURE_TO_DBT,
 336     prompt = STRING_TOKEN (STR_SECURE_BOOT_ENROLL_SIGNATURE),
 337     help   = STRING_TOKEN (STR_SECURE_BOOT_ENROLL_SIGNATURE),
 338     flags  = 0;
 339
 340     subtitle text = STRING_TOKEN(STR_NULL);
 341
 342     goto SECUREBOOT_DELETE_SIGNATURE_FROM_DBT,
 343     prompt = STRING_TOKEN (STR_SECURE_BOOT_DELETE_SIGNATURE),
 344     help   = STRING_TOKEN (STR_SECURE_BOOT_DELETE_SIGNATURE),
 345     flags  = INTERACTIVE,
 346     key    = SECUREBOOT_DELETE_SIGNATURE_FROM_DBT;
 347
 348   endform;
 349
 350   //
 351   // Form: 'Delete Signature' for DB Options.
 352   //
 353   form formid = SECUREBOOT_DELETE_SIGNATURE_FROM_DB,
 354     title  = STRING_TOKEN(STR_SECURE_BOOT_DELETE_SIGNATURE);
 355
 356     label LABEL_DB_DELETE;
 357     label LABEL_END;
 358     subtitle text = STRING_TOKEN(STR_NULL);
 359
 360   endform;
 361
 362   //
 363   // Form: Display Signature List.
 364   //
 365   form formid = SECUREBOOT_DELETE_SIGNATURE_LIST_FORM,
 366     title  = STRING_TOKEN(STR_SECURE_BOOT_DELETE_LIST_FORM);
 367
 368     subtitle text = STRING_TOKEN(STR_NULL);
 369
 370     grayoutif ideqval SECUREBOOT_CONFIGURATION.ListCount == 0;
 371       label LABEL_DELETE_ALL_LIST_BUTTON;
 372       //
 373       // Will create a goto button dynamically here.
 374       //
 375       label LABEL_END;
 376    endif;
 377
 378    subtitle text = STRING_TOKEN(STR_NULL);
 379    label LABEL_SIGNATURE_LIST_START;
 380    label LABEL_END;
 381    subtitle text = STRING_TOKEN(STR_NULL);
 382
 383   endform;
 384
 385   //
 386   // Form: Display Signature Data.
 387   //
 388   form formid = SECUREBOOT_DELETE_SIGNATURE_DATA_FORM,
 389     title = STRING_TOKEN(STR_SECURE_BOOT_DELETE_DATA_FORM);
 390
 391     subtitle text = STRING_TOKEN(STR_NULL);
 392
 393     goto SECUREBOOT_DELETE_SIGNATURE_LIST_FORM,
 394       prompt = STRING_TOKEN(STR_SECURE_BOOT_DELETE_ALL_DATA),
 395       help   = STRING_TOKEN(STR_SECURE_BOOT_DELETE_ALL_DATA_HELP),
 396       flags  = INTERACTIVE,
 397       key    = KEY_SECURE_BOOT_DELETE_ALL_DATA;
 398
 399     grayoutif ideqval SECUREBOOT_CONFIGURATION.CheckedDataCount == 0;
 400       goto SECUREBOOT_DELETE_SIGNATURE_LIST_FORM,
 401         prompt = STRING_TOKEN(STR_SECURE_BOOT_DELETE_CHECK_DATA),
 402         help   = STRING_TOKEN(STR_SECURE_BOOT_DELETE_CHECK_DATA_HELP),
 403         flags  = INTERACTIVE,
 404         key    = KEY_SECURE_BOOT_DELETE_CHECK_DATA;
 405     endif;
 406
 407     subtitle text = STRING_TOKEN(STR_NULL);
 408     label LABEL_SIGNATURE_DATA_START;
 409     label LABEL_END;
 410     subtitle text = STRING_TOKEN(STR_NULL);
 411
 412   endform;
 413
 414
 415   //
 416   // Form: 'Delete Signature' for DBT Options.
 417   //
 418   form formid = SECUREBOOT_DELETE_SIGNATURE_FROM_DBT,
 419     title  = STRING_TOKEN(STR_SECURE_BOOT_DELETE_SIGNATURE);
 420
 421     label LABEL_DBT_DELETE;
 422     label LABEL_END;
 423     subtitle text = STRING_TOKEN(STR_NULL);
 424
 425   endform;
 426
 427   //
 428   // Form: 'Enroll Signature' for DB options.
 429   //
 430   form formid = SECUREBOOT_ENROLL_SIGNATURE_TO_DB,
 431     title = STRING_TOKEN(STR_SECURE_BOOT_ENROLL_SIGNATURE);
 432
 433     subtitle text = STRING_TOKEN(STR_NULL);
 434
 435     goto SECUREBOOT_ENROLL_SIGNATURE_TO_DB,
 436          prompt = STRING_TOKEN(STR_SECURE_BOOT_ADD_SIGNATURE_FILE),
 437          help = STRING_TOKEN(STR_SECURE_BOOT_ADD_SIGNATURE_FILE),
 438          flags = INTERACTIVE,
 439          key = SECUREBOOT_ENROLL_SIGNATURE_TO_DB;
 440
 441     subtitle text = STRING_TOKEN(STR_NULL);
 442     label SECUREBOOT_ENROLL_SIGNATURE_TO_DB;
 443     label LABEL_END;
 444     subtitle text = STRING_TOKEN(STR_NULL);
 445
 446     string  varid   = SECUREBOOT_CONFIGURATION.SignatureGuid,
 447             prompt  = STRING_TOKEN(STR_SECURE_BOOT_SIGNATURE_GUID),
 448             help    = STRING_TOKEN(STR_SECURE_BOOT_SIGNATURE_GUID_HELP),
 449             flags   = INTERACTIVE,
 450             key     = KEY_SECURE_BOOT_SIGNATURE_GUID_DB,
 451             minsize = SECURE_BOOT_GUID_SIZE,
 452             maxsize = SECURE_BOOT_GUID_SIZE,
 453     endstring;
 454
 455     subtitle text = STRING_TOKEN(STR_NULL);
 456     subtitle text = STRING_TOKEN(STR_NULL);
 457
 458     goto FORMID_SECURE_BOOT_OPTION_FORM,
 459          prompt = STRING_TOKEN(STR_SAVE_AND_EXIT),
 460          help   = STRING_TOKEN(STR_SAVE_AND_EXIT),
 461          flags  = INTERACTIVE,
 462          key    = KEY_VALUE_SAVE_AND_EXIT_DB;
 463
 464     goto FORMID_SECURE_BOOT_OPTION_FORM,
 465          prompt = STRING_TOKEN(STR_NO_SAVE_AND_EXIT),
 466          help   = STRING_TOKEN(STR_NO_SAVE_AND_EXIT),
 467          flags  = INTERACTIVE,
 468          key    = KEY_VALUE_NO_SAVE_AND_EXIT_DB;
 469
 470   endform;
 471
 472   //
 473   // Form: 'Enroll Signature' for DBX options.
 474   //
 475   form formid = SECUREBOOT_ENROLL_SIGNATURE_TO_DBX,
 476     title = STRING_TOKEN(STR_SECURE_BOOT_ENROLL_SIGNATURE);
 477
 478     subtitle text = STRING_TOKEN(STR_NULL);
 479
 480     goto SECUREBOOT_ENROLL_SIGNATURE_TO_DBX,
 481          prompt = STRING_TOKEN(STR_SECURE_BOOT_ADD_SIGNATURE_FILE),
 482          help = STRING_TOKEN(STR_SECURE_BOOT_ADD_SIGNATURE_FILE),
 483          flags = INTERACTIVE,
 484          key = SECUREBOOT_ENROLL_SIGNATURE_TO_DBX;
 485
 486     label SECUREBOOT_ENROLL_SIGNATURE_TO_DBX;
 487     label LABEL_END;
 488     subtitle text = STRING_TOKEN(STR_NULL);
 489
 490     grayoutif ideqval SECUREBOOT_CONFIGURATION.FileEnrollType == 3;
 491       string  varid   = SECUREBOOT_CONFIGURATION.SignatureGuid,
 492               prompt  = STRING_TOKEN(STR_SECURE_BOOT_SIGNATURE_GUID),
 493               help    = STRING_TOKEN(STR_SECURE_BOOT_SIGNATURE_GUID_HELP),
 494               flags   = INTERACTIVE,
 495               key     = KEY_SECURE_BOOT_SIGNATURE_GUID_DBX,
 496               minsize = SECURE_BOOT_GUID_SIZE,
 497               maxsize = SECURE_BOOT_GUID_SIZE,
 498       endstring;
 499     endif;
 500
 501     disableif NOT ideqval SECUREBOOT_CONFIGURATION.FileEnrollType == 1;
 502       oneof name = X509SignatureFormatInDbx,
 503             varid       = SECUREBOOT_CONFIGURATION.CertificateFormat,
 504             prompt      = STRING_TOKEN(STR_DBX_CERTIFICATE_FORMAT_PROMPT),
 505             help        = STRING_TOKEN(STR_DBX_CERTIFICATE_FORMAT_HELP),
 506             option text = STRING_TOKEN(STR_DBX_CERTIFICATE_FORMAT_SHA256), value = 0x1, flags = DEFAULT;
 507             option text = STRING_TOKEN(STR_DBX_CERTIFICATE_FORMAT_SHA384), value = 0x2, flags = 0;
 508             option text = STRING_TOKEN(STR_DBX_CERTIFICATE_FORMAT_SHA512), value = 0x3, flags = 0;
 509             option text = STRING_TOKEN(STR_DBX_CERTIFICATE_FORMAT_RAW), value = 0x4, flags = 0;
 510       endoneof;
 511     endif;
 512
 513     disableif NOT ideqval SECUREBOOT_CONFIGURATION.FileEnrollType == 2;
 514       text
 515         help   = STRING_TOKEN(STR_DBX_PE_IMAGE_FORMAT_HELP),          // Help string
 516         text   = STRING_TOKEN(STR_DBX_CERTIFICATE_FORMAT_PROMPT),     // Prompt string
 517         text   = STRING_TOKEN(STR_DBX_PE_FORMAT_SHA256);              // PE image type
 518     endif;
 519
 520     disableif NOT ideqval SECUREBOOT_CONFIGURATION.FileEnrollType == 3;
 521       text
 522         help   = STRING_TOKEN(STR_DBX_AUTH_2_FORMAT_HELP),            // Help string
 523         text   = STRING_TOKEN(STR_DBX_CERTIFICATE_FORMAT_PROMPT),     // Prompt string
 524         text   = STRING_TOKEN(STR_DBX_AUTH_2_FORMAT);                 // AUTH_2 image type
 525     endif;
 526
 527     suppressif ideqval SECUREBOOT_CONFIGURATION.CertificateFormat == 4;
 528         checkbox varid  = SECUREBOOT_CONFIGURATION.AlwaysRevocation,
 529                prompt = STRING_TOKEN(STR_ALWAYS_CERTIFICATE_REVOCATION_PROMPT),
 530                help   = STRING_TOKEN(STR_ALWAYS_CERTIFICATE_REVOCATION_HELP),
 531                flags  = INTERACTIVE,
 532         endcheckbox;
 533
 534         suppressif ideqval SECUREBOOT_CONFIGURATION.AlwaysRevocation == 1;
 535             date  varid  = SECUREBOOT_CONFIGURATION.RevocationDate,
 536                   prompt = STRING_TOKEN(STR_CERTIFICATE_REVOCATION_DATE_PROMPT),
 537                   help   = STRING_TOKEN(STR_CERTIFICATE_REVOCATION_DATE_HELP),
 538                   flags  = STORAGE_NORMAL,
 539             enddate;
 540
 541             time varid   = SECUREBOOT_CONFIGURATION.RevocationTime,
 542                  prompt  = STRING_TOKEN(STR_CERTIFICATE_REVOCATION_TIME_PROMPT),
 543                  help    = STRING_TOKEN(STR_CERTIFICATE_REVOCATION_TIME_HELP),
 544                  flags   = STORAGE_NORMAL,
 545             endtime;
 546         endif;
 547     endif;
 548
 549     subtitle text = STRING_TOKEN(STR_NULL);
 550     subtitle text = STRING_TOKEN(STR_NULL);
 551
 552     goto FORMID_SECURE_BOOT_OPTION_FORM,
 553          prompt = STRING_TOKEN(STR_SAVE_AND_EXIT),
 554          help   = STRING_TOKEN(STR_SAVE_AND_EXIT),
 555          flags  = INTERACTIVE,
 556          key    = KEY_VALUE_SAVE_AND_EXIT_DBX;
 557
 558     goto FORMID_SECURE_BOOT_OPTION_FORM,
 559          prompt = STRING_TOKEN(STR_NO_SAVE_AND_EXIT),
 560          help   = STRING_TOKEN(STR_NO_SAVE_AND_EXIT),
 561          flags  = INTERACTIVE,
 562          key    = KEY_VALUE_NO_SAVE_AND_EXIT_DBX;
 563
 564   endform;
 565
 566   //
 567   // Form: 'Enroll Signature' for DBT options.
 568   //
 569   form formid = SECUREBOOT_ENROLL_SIGNATURE_TO_DBT,
 570     title = STRING_TOKEN(STR_SECURE_BOOT_ENROLL_SIGNATURE);
 571
 572     subtitle text = STRING_TOKEN(STR_NULL);
 573
 574     goto SECUREBOOT_ENROLL_SIGNATURE_TO_DBT,
 575          prompt = STRING_TOKEN(STR_SECURE_BOOT_ADD_SIGNATURE_FILE),
 576          help = STRING_TOKEN(STR_SECURE_BOOT_ADD_SIGNATURE_FILE),
 577          flags = INTERACTIVE,
 578          key = SECUREBOOT_ENROLL_SIGNATURE_TO_DBT;
 579
 580     subtitle text = STRING_TOKEN(STR_NULL);
 581     label SECUREBOOT_ENROLL_SIGNATURE_TO_DBT;
 582     label LABEL_END;
 583     subtitle text = STRING_TOKEN(STR_NULL);
 584
 585     string  varid   = SECUREBOOT_CONFIGURATION.SignatureGuid,
 586             prompt  = STRING_TOKEN(STR_SECURE_BOOT_SIGNATURE_GUID),
 587             help    = STRING_TOKEN(STR_SECURE_BOOT_SIGNATURE_GUID_HELP),
 588             flags   = INTERACTIVE,
 589             key     = KEY_SECURE_BOOT_SIGNATURE_GUID_DBT,
 590             minsize = SECURE_BOOT_GUID_SIZE,
 591             maxsize = SECURE_BOOT_GUID_SIZE,
 592     endstring;
 593
 594     subtitle text = STRING_TOKEN(STR_NULL);
 595     subtitle text = STRING_TOKEN(STR_NULL);
 596
 597     goto FORMID_SECURE_BOOT_OPTION_FORM,
 598          prompt = STRING_TOKEN(STR_SAVE_AND_EXIT),
 599          help   = STRING_TOKEN(STR_SAVE_AND_EXIT),
 600          flags  = INTERACTIVE,
 601          key    = KEY_VALUE_SAVE_AND_EXIT_DBT;
 602
 603     goto FORMID_SECURE_BOOT_OPTION_FORM,
 604          prompt = STRING_TOKEN(STR_NO_SAVE_AND_EXIT),
 605          help   = STRING_TOKEN(STR_NO_SAVE_AND_EXIT),
 606          flags  = INTERACTIVE,
 607          key    = KEY_VALUE_NO_SAVE_AND_EXIT_DBT;
 608
 609   endform;
 610
 611 endformset;