]> git.proxmox.com Git - mirror_edk2.git/blob - SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfig.vfr
projects / mirror_edk2.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
1. Set the secure boot state to Standard Mode when user leaving secure boot setup...
[mirror_edk2.git] / SecurityPkg / VariableAuthenticated / SecureBootConfigDxe / SecureBootConfig.vfr
1 /** @file
2 VFR file used by the SecureBoot configuration component.
3
4 Copyright (c) 2011 - 2013, Intel Corporation. All rights reserved.<BR>
5 This program and the accompanying materials
6 are licensed and made available under the terms and conditions of the BSD License
7 which accompanies this distribution. The full text of the license may be found at
8 http://opensource.org/licenses/bsd-license.php
9
10 THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
11 WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
12
13 **/
14
15 #include "SecureBootConfigNvData.h"
16
17 formset
18 guid = SECUREBOOT_CONFIG_FORM_SET_GUID,
19 title = STRING_TOKEN(STR_SECUREBOOT_TITLE),
20 help = STRING_TOKEN(STR_SECUREBOOT_HELP),
21 classguid = EFI_HII_PLATFORM_SETUP_FORMSET_GUID,
22
23 varstore SECUREBOOT_CONFIGURATION,
24 varid = SECUREBOOT_CONFIGURATION_VARSTORE_ID,
25 name = SECUREBOOT_CONFIGURATION,
26 guid = SECUREBOOT_CONFIG_FORM_SET_GUID;
27
28 //
29 // ##1 Form "Secure Boot Configuration"
30 //
31 form formid = SECUREBOOT_CONFIGURATION_FORM_ID,
32 title = STRING_TOKEN(STR_SECUREBOOT_TITLE);
33
34 subtitle text = STRING_TOKEN(STR_NULL);
35
36 text
37 help = STRING_TOKEN(STR_SECURE_BOOT_STATE_HELP),
38 text = STRING_TOKEN(STR_SECURE_BOOT_STATE_PROMPT),
39 text = STRING_TOKEN(STR_SECURE_BOOT_STATE_CONTENT);
40
41 //
42 // Define of Check Box: Attempt Secure Boot
43 //
44 suppressif TRUE;
45 checkbox varid = SECUREBOOT_CONFIGURATION.HideSecureBoot,
46 prompt = STRING_TOKEN(STR_NULL),
47 help = STRING_TOKEN(STR_NULL),
48 endcheckbox;
49 endif;
50
51 //
52 // Display of Check Box: Attempt Secure Boot
53 //
54 grayoutif ideqval SECUREBOOT_CONFIGURATION.HideSecureBoot == 1;
55 checkbox varid = SECUREBOOT_CONFIGURATION.AttemptSecureBoot,
56 questionid = KEY_SECURE_BOOT_ENABLE,
57 prompt = STRING_TOKEN(STR_SECURE_BOOT_PROMPT),
58 help = STRING_TOKEN(STR_SECURE_BOOT_HELP),
59 flags = INTERACTIVE | RESET_REQUIRED,
60 endcheckbox;
61 endif;
62
63 //
64 // Display of Oneof: 'Secure Boot Mode'
65 //
66 oneof varid = SECUREBOOT_CONFIGURATION.SecureBootMode,
67 questionid = KEY_SECURE_BOOT_MODE,
68 prompt = STRING_TOKEN(STR_SECURE_BOOT_MODE_PROMPT),
69 help = STRING_TOKEN(STR_SECURE_BOOT_MODE_HELP),
70 flags = INTERACTIVE,
71 option text = STRING_TOKEN(STR_STANDARD_MODE), value = SECURE_BOOT_MODE_STANDARD, flags = DEFAULT;
72 option text = STRING_TOKEN(STR_CUSTOM_MODE), value = SECURE_BOOT_MODE_CUSTOM, flags = 0;
73 endoneof;
74
75 //
76 //
77 // Display of 'Current Secure Boot Mode'
78 //
79 suppressif ideqval SECUREBOOT_CONFIGURATION.SecureBootMode == SECURE_BOOT_MODE_STANDARD;
80 grayoutif NOT ideqval SECUREBOOT_CONFIGURATION.PhysicalPresent == 1;
81 goto FORMID_SECURE_BOOT_OPTION_FORM,
82 prompt = STRING_TOKEN(STR_SECURE_BOOT_OPTION),
83 help = STRING_TOKEN(STR_SECURE_BOOT_OPTION_HELP),
84 flags = INTERACTIVE,
85 key = KEY_SECURE_BOOT_OPTION;
86 endif;
87 endif;
88 endform;
89
90 //
91 // ##2 Form: 'Custom Secure Boot Options'
92 //
93 form formid = FORMID_SECURE_BOOT_OPTION_FORM,
94 title = STRING_TOKEN(STR_SECURE_BOOT_OPTION_TITLE);
95
96 subtitle text = STRING_TOKEN(STR_NULL);
97
98 goto FORMID_SECURE_BOOT_PK_OPTION_FORM,
99 prompt = STRING_TOKEN(STR_SECURE_BOOT_PK_OPTION),
100 help = STRING_TOKEN(STR_SECURE_BOOT_PK_OPTION_HELP),
101 flags = INTERACTIVE,
102 key = KEY_SECURE_BOOT_PK_OPTION;
103
104 subtitle text = STRING_TOKEN(STR_NULL);
105
106 goto FORMID_SECURE_BOOT_KEK_OPTION_FORM,
107 prompt = STRING_TOKEN(STR_SECURE_BOOT_KEK_OPTION),
108 help = STRING_TOKEN(STR_SECURE_BOOT_KEK_OPTION_HELP),
109 flags = INTERACTIVE,
110 key = KEY_SECURE_BOOT_KEK_OPTION;
111
112 subtitle text = STRING_TOKEN(STR_NULL);
113
114 goto FORMID_SECURE_BOOT_DB_OPTION_FORM,
115 prompt = STRING_TOKEN(STR_SECURE_BOOT_DB_OPTION),
116 help = STRING_TOKEN(STR_SECURE_BOOT_DB_OPTION_HELP),
117 flags = INTERACTIVE,
118 key = KEY_SECURE_BOOT_DB_OPTION;
119
120 subtitle text = STRING_TOKEN(STR_NULL);
121
122 goto FORMID_SECURE_BOOT_DBX_OPTION_FORM,
123 prompt = STRING_TOKEN(STR_SECURE_BOOT_DBX_OPTION),
124 help = STRING_TOKEN(STR_SECURE_BOOT_DBX_OPTION_HELP),
125 flags = INTERACTIVE,
126 key = KEY_SECURE_BOOT_DBX_OPTION;
127
128 endform;
129
130 //
131 // ##3 Form: 'PK Options'
132 //
133 form formid = FORMID_SECURE_BOOT_PK_OPTION_FORM,
134 title = STRING_TOKEN(STR_SECURE_BOOT_PK_OPTION);
135
136 subtitle text = STRING_TOKEN(STR_NULL);
137
138 //
139 // Define of Check Box: 'Delete PK'
140 //
141 suppressif TRUE;
142 checkbox varid = SECUREBOOT_CONFIGURATION.DeletePk,
143 prompt = STRING_TOKEN(STR_NULL),
144 help = STRING_TOKEN(STR_NULL),
145 endcheckbox;
146 endif;
147
148 grayoutif ideqval SECUREBOOT_CONFIGURATION.HasPk == 1;
149 goto FORMID_ENROLL_PK_FORM,
150 prompt = STRING_TOKEN(STR_ENROLL_PK),
151 help = STRING_TOKEN(STR_ENROLL_PK_HELP),
152 flags = INTERACTIVE,
153 key = KEY_ENROLL_PK;
154 endif;
155
156 subtitle text = STRING_TOKEN(STR_NULL);
157
158 //
159 // Display of Check Box: 'Delete Pk'
160 //
161 grayoutif ideqval SECUREBOOT_CONFIGURATION.HideSecureBoot == 1;
162 checkbox varid = SECUREBOOT_CONFIGURATION.DeletePk,
163 questionid = KEY_SECURE_BOOT_DELETE_PK,
164 prompt = STRING_TOKEN(STR_DELETE_PK),
165 help = STRING_TOKEN(STR_DELETE_PK_HELP),
166 flags = INTERACTIVE | RESET_REQUIRED,
167 endcheckbox;
168 endif;
169 endform;
170
171 //
172 // ##4 Form: 'Enroll PK'
173 //
174 form formid = FORMID_ENROLL_PK_FORM,
175 title = STRING_TOKEN(STR_ENROLL_PK);
176
177 subtitle text = STRING_TOKEN(STR_NULL);
178
179 goto FORM_FILE_EXPLORER_ID_PK,
180 prompt = STRING_TOKEN(STR_SECURE_BOOT_ENROLL_PK_FILE),
181 help = STRING_TOKEN(STR_SECURE_BOOT_ENROLL_PK_FILE),
182 flags = INTERACTIVE,
183 key = SECUREBOOT_ADD_PK_FILE_FORM_ID;
184 endform;
185
186 //
187 // ##5 Form: 'KEK Options'
188 //
189 form formid = FORMID_SECURE_BOOT_KEK_OPTION_FORM,
190 title = STRING_TOKEN(STR_SECURE_BOOT_KEK_OPTION);
191
192 //
193 // Display of 'Enroll KEK'
194 //
195 goto FORMID_ENROLL_KEK_FORM,
196 prompt = STRING_TOKEN(STR_ENROLL_KEK),
197 help = STRING_TOKEN(STR_ENROLL_KEK_HELP),
198 flags = INTERACTIVE;
199
200 subtitle text = STRING_TOKEN(STR_NULL);
201
202 //
203 // Display of 'Delete KEK'
204 //
205 goto FORMID_DELETE_KEK_FORM,
206 prompt = STRING_TOKEN(STR_DELETE_KEK),
207 help = STRING_TOKEN(STR_DELETE_KEK_HELP),
208 flags = INTERACTIVE,
209 key = KEY_DELETE_KEK;
210
211 subtitle text = STRING_TOKEN(STR_NULL);
212 endform;
213
214 //
215 // ##6 Form: 'Enroll KEK'
216 //
217 form formid = FORMID_ENROLL_KEK_FORM,
218 title = STRING_TOKEN(STR_ENROLL_KEK_TITLE);
219
220 subtitle text = STRING_TOKEN(STR_NULL);
221
222 goto FORM_FILE_EXPLORER_ID_KEK,
223 prompt = STRING_TOKEN(STR_FORM_ENROLL_KEK_FROM_FILE_TITLE),
224 help = STRING_TOKEN(STR_FORM_ENROLL_KEK_FROM_FILE_TITLE_HELP),
225 flags = INTERACTIVE,
226 key = FORMID_ENROLL_KEK_FORM;
227
228 subtitle text = STRING_TOKEN(STR_NULL);
229 label FORMID_ENROLL_KEK_FORM;
230 label LABEL_END;
231 subtitle text = STRING_TOKEN(STR_NULL);
232
233 string varid = SECUREBOOT_CONFIGURATION.SignatureGuid,
234 prompt = STRING_TOKEN(STR_SECURE_BOOT_SIGNATURE_GUID),
235 help = STRING_TOKEN(STR_SECURE_BOOT_SIGNATURE_GUID_HELP),
236 flags = INTERACTIVE,
237 key = KEY_SECURE_BOOT_KEK_GUID,
238 minsize = SECURE_BOOT_GUID_SIZE,
239 maxsize = SECURE_BOOT_GUID_SIZE,
240 endstring;
241
242 subtitle text = STRING_TOKEN(STR_NULL);
243 subtitle text = STRING_TOKEN(STR_NULL);
244
245 goto FORMID_SECURE_BOOT_OPTION_FORM,
246 prompt = STRING_TOKEN(STR_SAVE_AND_EXIT),
247 help = STRING_TOKEN(STR_SAVE_AND_EXIT),
248 flags = INTERACTIVE,
249 key = KEY_VALUE_SAVE_AND_EXIT_KEK;
250
251 goto FORMID_SECURE_BOOT_OPTION_FORM,
252 prompt = STRING_TOKEN(STR_NO_SAVE_AND_EXIT),
253 help = STRING_TOKEN(STR_NO_SAVE_AND_EXIT),
254 flags = INTERACTIVE,
255 key = KEY_VALUE_NO_SAVE_AND_EXIT_KEK;
256
257 endform;
258
259 //
260 // ##7 Form: 'Delete KEK'
261 //
262 form formid = FORMID_DELETE_KEK_FORM,
263 title = STRING_TOKEN(STR_DELETE_KEK_TITLE);
264
265 label LABEL_KEK_DELETE;
266 label LABEL_END;
267
268 subtitle text = STRING_TOKEN(STR_NULL);
269
270 endform;
271
272 //
273 // ##8 Form: 'DB Options'
274 //
275 form formid = FORMID_SECURE_BOOT_DB_OPTION_FORM,
276 title = STRING_TOKEN(STR_SECURE_BOOT_DB_OPTION);
277
278 subtitle text = STRING_TOKEN(STR_NULL);
279
280 goto SECUREBOOT_ENROLL_SIGNATURE_TO_DB,
281 prompt = STRING_TOKEN (STR_SECURE_BOOT_ENROLL_SIGNATURE),
282 help = STRING_TOKEN (STR_SECURE_BOOT_ENROLL_SIGNATURE),
283 flags = 0;
284
285 subtitle text = STRING_TOKEN(STR_NULL);
286
287 goto SECUREBOOT_DELETE_SIGNATURE_FROM_DB,
288 prompt = STRING_TOKEN (STR_SECURE_BOOT_DELETE_SIGNATURE),
289 help = STRING_TOKEN (STR_SECURE_BOOT_DELETE_SIGNATURE),
290 flags = INTERACTIVE,
291 key = SECUREBOOT_DELETE_SIGNATURE_FROM_DB;
292
293 endform;
294
295 //
296 // ##9 Form: 'DBX Options'
297 //
298 form formid = FORMID_SECURE_BOOT_DBX_OPTION_FORM,
299 title = STRING_TOKEN(STR_SECURE_BOOT_DBX_OPTION);
300
301 subtitle text = STRING_TOKEN(STR_NULL);
302
303 goto SECUREBOOT_ENROLL_SIGNATURE_TO_DBX,
304 prompt = STRING_TOKEN (STR_SECURE_BOOT_ENROLL_SIGNATURE),
305 help = STRING_TOKEN (STR_SECURE_BOOT_ENROLL_SIGNATURE),
306 flags = 0;
307
308 subtitle text = STRING_TOKEN(STR_NULL);
309
310 goto SECUREBOOT_DELETE_SIGNATURE_FROM_DBX,
311 prompt = STRING_TOKEN (STR_SECURE_BOOT_DELETE_SIGNATURE),
312 help = STRING_TOKEN (STR_SECURE_BOOT_DELETE_SIGNATURE),
313 flags = INTERACTIVE,
314 key = SECUREBOOT_DELETE_SIGNATURE_FROM_DBX;
315
316 endform;
317
318 //
319 // Form: 'Delete Signature' for DB Options.
320 //
321 form formid = SECUREBOOT_DELETE_SIGNATURE_FROM_DB,
322 title = STRING_TOKEN(STR_SECURE_BOOT_DELETE_SIGNATURE);
323
324 label LABEL_DB_DELETE;
325 label LABEL_END;
326 subtitle text = STRING_TOKEN(STR_NULL);
327
328 endform;
329
330 //
331 // Form: 'Delete Signature' for DBX Options.
332 //
333 form formid = SECUREBOOT_DELETE_SIGNATURE_FROM_DBX,
334 title = STRING_TOKEN(STR_SECURE_BOOT_DELETE_SIGNATURE);
335
336 label LABEL_DBX_DELETE;
337 label LABEL_END;
338 subtitle text = STRING_TOKEN(STR_NULL);
339
340 endform;
341
342 //
343 // Form: 'Enroll Signature' for DB options.
344 //
345 form formid = SECUREBOOT_ENROLL_SIGNATURE_TO_DB,
346 title = STRING_TOKEN(STR_SECURE_BOOT_ENROLL_SIGNATURE);
347
348 subtitle text = STRING_TOKEN(STR_NULL);
349
350 goto FORM_FILE_EXPLORER_ID_DB,
351 prompt = STRING_TOKEN(STR_SECURE_BOOT_ADD_SIGNATURE_FILE),
352 help = STRING_TOKEN(STR_SECURE_BOOT_ADD_SIGNATURE_FILE),
353 flags = INTERACTIVE,
354 key = SECUREBOOT_ENROLL_SIGNATURE_TO_DB;
355
356 subtitle text = STRING_TOKEN(STR_NULL);
357 label SECUREBOOT_ENROLL_SIGNATURE_TO_DB;
358 label LABEL_END;
359 subtitle text = STRING_TOKEN(STR_NULL);
360
361 string varid = SECUREBOOT_CONFIGURATION.SignatureGuid,
362 prompt = STRING_TOKEN(STR_SECURE_BOOT_SIGNATURE_GUID),
363 help = STRING_TOKEN(STR_SECURE_BOOT_SIGNATURE_GUID_HELP),
364 flags = INTERACTIVE,
365 key = KEY_SECURE_BOOT_SIGNATURE_GUID_DB,
366 minsize = SECURE_BOOT_GUID_SIZE,
367 maxsize = SECURE_BOOT_GUID_SIZE,
368 endstring;
369
370 subtitle text = STRING_TOKEN(STR_NULL);
371 subtitle text = STRING_TOKEN(STR_NULL);
372
373 goto FORMID_SECURE_BOOT_OPTION_FORM,
374 prompt = STRING_TOKEN(STR_SAVE_AND_EXIT),
375 help = STRING_TOKEN(STR_SAVE_AND_EXIT),
376 flags = INTERACTIVE,
377 key = KEY_VALUE_SAVE_AND_EXIT_DB;
378
379 goto FORMID_SECURE_BOOT_OPTION_FORM,
380 prompt = STRING_TOKEN(STR_NO_SAVE_AND_EXIT),
381 help = STRING_TOKEN(STR_NO_SAVE_AND_EXIT),
382 flags = INTERACTIVE,
383 key = KEY_VALUE_NO_SAVE_AND_EXIT_DB;
384
385 endform;
386
387 //
388 // Form: 'Enroll Signature' for DBX options.
389 //
390 form formid = SECUREBOOT_ENROLL_SIGNATURE_TO_DBX,
391 title = STRING_TOKEN(STR_SECURE_BOOT_ENROLL_SIGNATURE);
392
393 subtitle text = STRING_TOKEN(STR_NULL);
394
395 goto FORM_FILE_EXPLORER_ID_DBX,
396 prompt = STRING_TOKEN(STR_SECURE_BOOT_ADD_SIGNATURE_FILE),
397 help = STRING_TOKEN(STR_SECURE_BOOT_ADD_SIGNATURE_FILE),
398 flags = INTERACTIVE,
399 key = SECUREBOOT_ENROLL_SIGNATURE_TO_DBX;
400
401 subtitle text = STRING_TOKEN(STR_NULL);
402 label SECUREBOOT_ENROLL_SIGNATURE_TO_DBX;
403 label LABEL_END;
404 subtitle text = STRING_TOKEN(STR_NULL);
405
406 string varid = SECUREBOOT_CONFIGURATION.SignatureGuid,
407 prompt = STRING_TOKEN(STR_SECURE_BOOT_SIGNATURE_GUID),
408 help = STRING_TOKEN(STR_SECURE_BOOT_SIGNATURE_GUID_HELP),
409 flags = INTERACTIVE,
410 key = KEY_SECURE_BOOT_SIGNATURE_GUID_DBX,
411 minsize = SECURE_BOOT_GUID_SIZE,
412 maxsize = SECURE_BOOT_GUID_SIZE,
413 endstring;
414
415 subtitle text = STRING_TOKEN(STR_NULL);
416 subtitle text = STRING_TOKEN(STR_NULL);
417
418 goto FORMID_SECURE_BOOT_OPTION_FORM,
419 prompt = STRING_TOKEN(STR_SAVE_AND_EXIT),
420 help = STRING_TOKEN(STR_SAVE_AND_EXIT),
421 flags = INTERACTIVE,
422 key = KEY_VALUE_SAVE_AND_EXIT_DBX;
423
424 goto FORMID_SECURE_BOOT_OPTION_FORM,
425 prompt = STRING_TOKEN(STR_NO_SAVE_AND_EXIT),
426 help = STRING_TOKEN(STR_NO_SAVE_AND_EXIT),
427 flags = INTERACTIVE,
428 key = KEY_VALUE_NO_SAVE_AND_EXIT_DBX;
429
430 endform;
431
432 //
433 // File Explorer for PK
434 //
435 form formid = FORM_FILE_EXPLORER_ID_PK,
436 title = STRING_TOKEN(STR_FILE_EXPLORER_TITLE);
437
438 label FORM_FILE_EXPLORER_ID;
439 label LABEL_END;
440 endform;
441
442 //
443 // File Explorer for KEK
444 //
445 form formid = FORM_FILE_EXPLORER_ID_KEK,
446 title = STRING_TOKEN(STR_FILE_EXPLORER_TITLE);
447
448 label FORM_FILE_EXPLORER_ID;
449 label LABEL_END;
450 endform;
451
452 //
453 // File Explorer for DB
454 //
455 form formid = FORM_FILE_EXPLORER_ID_DB,
456 title = STRING_TOKEN(STR_FILE_EXPLORER_TITLE);
457
458 label FORM_FILE_EXPLORER_ID;
459 label LABEL_END;
460 endform;
461
462 //
463 // File Explorer for DBX
464 //
465 form formid = FORM_FILE_EXPLORER_ID_DBX,
466 title = STRING_TOKEN(STR_FILE_EXPLORER_TITLE);
467
468 label FORM_FILE_EXPLORER_ID;
469 label LABEL_END;
470 endform;
471
472
473 //
474 // Enroll Pk from File Commit Form
475 //
476 form formid = SECUREBOOT_ADD_PK_FILE_FORM_ID,
477 title = STRING_TOKEN(STR_SAVE_PK_FILE);
478
479 label SECUREBOOT_ADD_PK_FILE_FORM_ID;
480 label LABEL_END;
481
482 subtitle text = STRING_TOKEN(STR_NULL);
483
484 text
485 help = STRING_TOKEN(STR_SAVE_AND_EXIT),
486 text = STRING_TOKEN(STR_SAVE_AND_EXIT),
487 text = STRING_TOKEN(STR_NULL),
488 flags = INTERACTIVE,
489 key = KEY_VALUE_SAVE_AND_EXIT_PK;
490
491 text
492 help = STRING_TOKEN(STR_NO_SAVE_AND_EXIT),
493 text = STRING_TOKEN(STR_NO_SAVE_AND_EXIT),
494 text = STRING_TOKEN(STR_NULL),
495 flags = INTERACTIVE,
496 key = KEY_VALUE_NO_SAVE_AND_EXIT_PK;
497
498 endform;
499
500 endformset;
EFI Development Kit II mirror for PVE