SecurityPkg: SecureBootConfigDxe: SecureBoot UI for Customized SecureBoot Mode

[mirror_edk2.git] / SecurityPkg / VariableAuthenticated / SecureBootConfigDxe / SecureBootConfig.vfr

diff --git a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfig.vfr b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfig.vfr
index 3c994317f74b3bde670b9da2fa88696f88a95c76..1eb3599279d80d4680cfb0f61fcb806bf533ead7 100644 (file)
--- a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfig.vfr
+++ b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfig.vfr
@@ -1,7 +1,7 @@
 /** @file\r
   VFR file used by the SecureBoot configuration component.\r
 \r
-Copyright (c) 2011 - 2014, Intel Corporation. All rights reserved.<BR>\r
+Copyright (c) 2011 - 2015, Intel Corporation. All rights reserved.<BR>\r
 This program and the accompanying materials\r
 are licensed and made available under the terms and conditions of the BSD License\r
 which accompanies this distribution.  The full text of the license may be found at\r
@@ -33,6 +33,14 @@ formset
 \r
     subtitle text = STRING_TOKEN(STR_NULL);\r
 \r
+    //\r
+    // Display current secure boot mode(one of SetupMode/AuditMode/UserMode/DeployedMode)\r
+    //\r
+    text\r
+      help   = STRING_TOKEN(STR_CUR_SECURE_BOOT_MODE_HELP),\r
+      text   = STRING_TOKEN(STR_CUR_SECURE_BOOT_MODE_PROMPT),\r
+        text   = STRING_TOKEN(STR_CUR_SECURE_BOOT_MODE_CONTENT);\r
+\r
     text\r
       help   = STRING_TOKEN(STR_SECURE_BOOT_STATE_HELP),\r
       text   = STRING_TOKEN(STR_SECURE_BOOT_STATE_PROMPT),\r
@@ -84,18 +92,18 @@ formset
       endoneof;\r
 \r
     //\r
-    //\r
-    // Display of 'Current Secure Boot Mode'\r
+    // Display PK include page\r
     //\r
     suppressif questionref(SecureBootMode) == SECURE_BOOT_MODE_STANDARD;\r
-      grayoutif NOT ideqval SECUREBOOT_CONFIGURATION.PhysicalPresent == 1;\r
-      goto FORMID_SECURE_BOOT_OPTION_FORM,\r
-           prompt = STRING_TOKEN(STR_SECURE_BOOT_OPTION),\r
-           help   = STRING_TOKEN(STR_SECURE_BOOT_OPTION_HELP),\r
-           flags  = INTERACTIVE,\r
-           key    = KEY_SECURE_BOOT_OPTION;\r
-      endif;\r
+    grayoutif NOT ideqval SECUREBOOT_CONFIGURATION.PhysicalPresent == 1;\r
+    goto FORMID_SECURE_BOOT_OPTION_FORM,\r
+         prompt = STRING_TOKEN(STR_SECURE_BOOT_OPTION),\r
+         help   = STRING_TOKEN(STR_SECURE_BOOT_OPTION_HELP),\r
+         flags  = INTERACTIVE,\r
+         key    = KEY_SECURE_BOOT_OPTION;\r
+    endif;\r
     endif;\r
+\r
   endform;\r
 \r
   //\r
@@ -106,6 +114,55 @@ formset
 \r
     subtitle text = STRING_TOKEN(STR_NULL);\r
 \r
+    //\r
+    // Display of SetupMode/UserMode/AuditMode/DeployedMode transition\r
+    //\r
+    disableif TRUE;\r
+      oneof varid  = SECUREBOOT_CONFIGURATION.TransSecureBootMode,\r
+            prompt = STRING_TOKEN(STR_TRANS_SECURE_BOOT_MODE_PROMPT),\r
+            help   = STRING_TOKEN(STR_TRANS_SECURE_BOOT_MODE_HELP),\r
+            flags  = INTERACTIVE,\r
+      suppressif ideqval SECUREBOOT_CONFIGURATION.CurSecureBootMode == SECURE_BOOT_MODE_AUDIT_MODE\r
+              OR (ideqval SECUREBOOT_CONFIGURATION.CurSecureBootMode == SECURE_BOOT_MODE_DEPLOYED_MODE AND\r
+                  ideqval SECUREBOOT_CONFIGURATION.PhysicalPresent == 0);\r
+            option text = STRING_TOKEN(STR_USER_MODE),     value = SECURE_BOOT_MODE_USER_MODE,   flags = 0;\r
+      endif\r
+      suppressif ideqval SECUREBOOT_CONFIGURATION.CurSecureBootMode == SECURE_BOOT_MODE_AUDIT_MODE;\r
+            option text = STRING_TOKEN(STR_SETUP_MODE),    value = SECURE_BOOT_MODE_SETUP_MODE,  flags = 0;\r
+      endif\r
+      suppressif ideqval SECUREBOOT_CONFIGURATION.CurSecureBootMode == SECURE_BOOT_MODE_DEPLOYED_MODE;\r
+            option text = STRING_TOKEN(STR_AUDIT_MODE),    value = SECURE_BOOT_MODE_AUDIT_MODE,  flags = 0;\r
+      endif\r
+      suppressif ideqval SECUREBOOT_CONFIGURATION.CurSecureBootMode == SECURE_BOOT_MODE_SETUP_MODE;\r
+            option text = STRING_TOKEN(STR_DEPLOYED_MODE), value = SECURE_BOOT_MODE_DEPLOYED_MODE,  flags = 0;\r
+      endif\r
+            option text = STRING_TOKEN(STR_DEPLOYED_MODE), value = 4,  flags = 0;\r
+      endoneof;\r
+    endif;\r
+      oneof name   = TransSecureBootMode,\r
+            questionid = KEY_TRANS_SECURE_BOOT_MODE,\r
+            prompt = STRING_TOKEN(STR_TRANS_SECURE_BOOT_MODE_PROMPT),\r
+            help   = STRING_TOKEN(STR_TRANS_SECURE_BOOT_MODE_HELP),\r
+            flags  = INTERACTIVE | NUMERIC_SIZE_1,\r
+      suppressif ideqval SECUREBOOT_CONFIGURATION.CurSecureBootMode == SECURE_BOOT_MODE_AUDIT_MODE \r
+              OR (ideqval SECUREBOOT_CONFIGURATION.CurSecureBootMode == SECURE_BOOT_MODE_DEPLOYED_MODE AND\r
+                  ideqval SECUREBOOT_CONFIGURATION.PhysicalPresent == 0);\r
+            option text = STRING_TOKEN(STR_USER_MODE),     value = SECURE_BOOT_MODE_USER_MODE,   flags = 0;\r
+      endif\r
+      suppressif ideqval SECUREBOOT_CONFIGURATION.CurSecureBootMode == SECURE_BOOT_MODE_AUDIT_MODE;\r
+            option text = STRING_TOKEN(STR_SETUP_MODE),    value = SECURE_BOOT_MODE_SETUP_MODE,  flags = 0;\r
+      endif\r
+      suppressif ideqval SECUREBOOT_CONFIGURATION.CurSecureBootMode == SECURE_BOOT_MODE_DEPLOYED_MODE;\r
+            option text = STRING_TOKEN(STR_AUDIT_MODE),    value = SECURE_BOOT_MODE_AUDIT_MODE,  flags = 0;\r
+      endif\r
+      suppressif ideqval SECUREBOOT_CONFIGURATION.CurSecureBootMode == SECURE_BOOT_MODE_SETUP_MODE;\r
+            option text = STRING_TOKEN(STR_DEPLOYED_MODE), value = SECURE_BOOT_MODE_DEPLOYED_MODE,  flags = 0;\r
+      endif\r
+\r
+      endoneof;\r
+\r
+    subtitle text = STRING_TOKEN(STR_NULL);\r
+\r
     goto FORMID_SECURE_BOOT_PK_OPTION_FORM,\r
          prompt = STRING_TOKEN(STR_SECURE_BOOT_PK_OPTION),\r
          help   = STRING_TOKEN(STR_SECURE_BOOT_PK_OPTION_HELP),\r