1/** @file 2 VFR file used by the SecureBoot configuration component. 3 4Copyright (c) 2011 - 2013, Intel Corporation. All rights reserved.<BR> 5This program and the accompanying materials 6are licensed and made available under the terms and conditions of the BSD License 7which accompanies this distribution. The full text of the license may be found at 8http://opensource.org/licenses/bsd-license.php 9 10THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, 11WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. 12 13**/ 14 15#include "SecureBootConfigNvData.h" 16 17formset 18 guid = SECUREBOOT_CONFIG_FORM_SET_GUID, 19 title = STRING_TOKEN(STR_SECUREBOOT_TITLE), 20 help = STRING_TOKEN(STR_SECUREBOOT_HELP), 21 classguid = EFI_HII_PLATFORM_SETUP_FORMSET_GUID, 22 23 varstore SECUREBOOT_CONFIGURATION, 24 varid = SECUREBOOT_CONFIGURATION_VARSTORE_ID, 25 name = SECUREBOOT_CONFIGURATION, 26 guid = SECUREBOOT_CONFIG_FORM_SET_GUID; 27 28 // 29 // ##1 Form "Secure Boot Configuration" 30 // 31 form formid = SECUREBOOT_CONFIGURATION_FORM_ID, 32 title = STRING_TOKEN(STR_SECUREBOOT_TITLE); 33 34 subtitle text = STRING_TOKEN(STR_NULL); 35 36 text 37 help = STRING_TOKEN(STR_SECURE_BOOT_STATE_HELP), 38 text = STRING_TOKEN(STR_SECURE_BOOT_STATE_PROMPT), 39 text = STRING_TOKEN(STR_SECURE_BOOT_STATE_CONTENT); 40 41 // 42 // Define of Check Box: Attempt Secure Boot 43 // 44 suppressif TRUE; 45 checkbox varid = SECUREBOOT_CONFIGURATION.HideSecureBoot, 46 questionid = KEY_HIDE_SECURE_BOOT, 47 prompt = STRING_TOKEN(STR_NULL), 48 help = STRING_TOKEN(STR_NULL), 49 flags = INTERACTIVE, 50 endcheckbox; 51 endif; 52 53 // 54 // Display of Check Box: Attempt Secure Boot 55 // 56 grayoutif ideqval SECUREBOOT_CONFIGURATION.HideSecureBoot == 1; 57 checkbox varid = SECUREBOOT_CONFIGURATION.AttemptSecureBoot, 58 questionid = KEY_SECURE_BOOT_ENABLE, 59 prompt = STRING_TOKEN(STR_SECURE_BOOT_PROMPT), 60 help = STRING_TOKEN(STR_SECURE_BOOT_HELP), 61 flags = INTERACTIVE | RESET_REQUIRED, 62 endcheckbox; 63 endif; 64 65 // 66 // Display of Oneof: 'Secure Boot Mode' 67 // 68 disableif TRUE; 69 oneof varid = SECUREBOOT_CONFIGURATION.SecureBootMode, 70 prompt = STRING_TOKEN(STR_SECURE_BOOT_MODE_PROMPT), 71 help = STRING_TOKEN(STR_SECURE_BOOT_MODE_HELP), 72 flags = INTERACTIVE, 73 option text = STRING_TOKEN(STR_STANDARD_MODE), value = SECURE_BOOT_MODE_STANDARD, flags = 0; 74 option text = STRING_TOKEN(STR_CUSTOM_MODE), value = SECURE_BOOT_MODE_CUSTOM, flags = 0; 75 endoneof; 76 endif; 77 oneof name = SecureBootMode, 78 questionid = KEY_SECURE_BOOT_MODE, 79 prompt = STRING_TOKEN(STR_SECURE_BOOT_MODE_PROMPT), 80 help = STRING_TOKEN(STR_SECURE_BOOT_MODE_HELP), 81 flags = INTERACTIVE | NUMERIC_SIZE_1, 82 option text = STRING_TOKEN(STR_STANDARD_MODE), value = SECURE_BOOT_MODE_STANDARD, flags = DEFAULT; 83 option text = STRING_TOKEN(STR_CUSTOM_MODE), value = SECURE_BOOT_MODE_CUSTOM, flags = 0; 84 endoneof; 85 86 // 87 // 88 // Display of 'Current Secure Boot Mode' 89 // 90 suppressif questionref(SecureBootMode) == SECURE_BOOT_MODE_STANDARD; 91 grayoutif NOT ideqval SECUREBOOT_CONFIGURATION.PhysicalPresent == 1; 92 goto FORMID_SECURE_BOOT_OPTION_FORM, 93 prompt = STRING_TOKEN(STR_SECURE_BOOT_OPTION), 94 help = STRING_TOKEN(STR_SECURE_BOOT_OPTION_HELP), 95 flags = INTERACTIVE, 96 key = KEY_SECURE_BOOT_OPTION; 97 endif; 98 endif; 99 endform; 100 101 // 102 // ##2 Form: 'Custom Secure Boot Options' 103 // 104 form formid = FORMID_SECURE_BOOT_OPTION_FORM, 105 title = STRING_TOKEN(STR_SECURE_BOOT_OPTION_TITLE); 106 107 subtitle text = STRING_TOKEN(STR_NULL); 108 109 goto FORMID_SECURE_BOOT_PK_OPTION_FORM, 110 prompt = STRING_TOKEN(STR_SECURE_BOOT_PK_OPTION), 111 help = STRING_TOKEN(STR_SECURE_BOOT_PK_OPTION_HELP), 112 flags = INTERACTIVE, 113 key = KEY_SECURE_BOOT_PK_OPTION; 114 115 subtitle text = STRING_TOKEN(STR_NULL); 116 117 goto FORMID_SECURE_BOOT_KEK_OPTION_FORM, 118 prompt = STRING_TOKEN(STR_SECURE_BOOT_KEK_OPTION), 119 help = STRING_TOKEN(STR_SECURE_BOOT_KEK_OPTION_HELP), 120 flags = INTERACTIVE, 121 key = KEY_SECURE_BOOT_KEK_OPTION; 122 123 subtitle text = STRING_TOKEN(STR_NULL); 124 125 goto FORMID_SECURE_BOOT_DB_OPTION_FORM, 126 prompt = STRING_TOKEN(STR_SECURE_BOOT_DB_OPTION), 127 help = STRING_TOKEN(STR_SECURE_BOOT_DB_OPTION_HELP), 128 flags = INTERACTIVE, 129 key = KEY_SECURE_BOOT_DB_OPTION; 130 131 subtitle text = STRING_TOKEN(STR_NULL); 132 133 goto FORMID_SECURE_BOOT_DBX_OPTION_FORM, 134 prompt = STRING_TOKEN(STR_SECURE_BOOT_DBX_OPTION), 135 help = STRING_TOKEN(STR_SECURE_BOOT_DBX_OPTION_HELP), 136 flags = INTERACTIVE, 137 key = KEY_SECURE_BOOT_DBX_OPTION; 138 139 endform; 140 141 // 142 // ##3 Form: 'PK Options' 143 // 144 form formid = FORMID_SECURE_BOOT_PK_OPTION_FORM, 145 title = STRING_TOKEN(STR_SECURE_BOOT_PK_OPTION); 146 147 subtitle text = STRING_TOKEN(STR_NULL); 148 149 // 150 // Define of Check Box: 'Delete PK' 151 // 152 suppressif TRUE; 153 checkbox varid = SECUREBOOT_CONFIGURATION.DeletePk, 154 prompt = STRING_TOKEN(STR_NULL), 155 help = STRING_TOKEN(STR_NULL), 156 endcheckbox; 157 endif; 158 159 grayoutif ideqval SECUREBOOT_CONFIGURATION.HasPk == 1; 160 goto FORMID_ENROLL_PK_FORM, 161 prompt = STRING_TOKEN(STR_ENROLL_PK), 162 help = STRING_TOKEN(STR_ENROLL_PK_HELP), 163 flags = INTERACTIVE, 164 key = KEY_ENROLL_PK; 165 endif; 166 167 subtitle text = STRING_TOKEN(STR_NULL); 168 169 // 170 // Display of Check Box: 'Delete Pk' 171 // 172 grayoutif ideqval SECUREBOOT_CONFIGURATION.HideSecureBoot == 1; 173 checkbox varid = SECUREBOOT_CONFIGURATION.DeletePk, 174 questionid = KEY_SECURE_BOOT_DELETE_PK, 175 prompt = STRING_TOKEN(STR_DELETE_PK), 176 help = STRING_TOKEN(STR_DELETE_PK_HELP), 177 flags = INTERACTIVE | RESET_REQUIRED, 178 endcheckbox; 179 endif; 180 endform; 181 182 // 183 // ##4 Form: 'Enroll PK' 184 // 185 form formid = FORMID_ENROLL_PK_FORM, 186 title = STRING_TOKEN(STR_ENROLL_PK); 187 188 subtitle text = STRING_TOKEN(STR_NULL); 189 190 goto FORM_FILE_EXPLORER_ID_PK, 191 prompt = STRING_TOKEN(STR_SECURE_BOOT_ENROLL_PK_FILE), 192 help = STRING_TOKEN(STR_SECURE_BOOT_ENROLL_PK_FILE), 193 flags = INTERACTIVE, 194 key = SECUREBOOT_ADD_PK_FILE_FORM_ID; 195 endform; 196 197 // 198 // ##5 Form: 'KEK Options' 199 // 200 form formid = FORMID_SECURE_BOOT_KEK_OPTION_FORM, 201 title = STRING_TOKEN(STR_SECURE_BOOT_KEK_OPTION); 202 203 // 204 // Display of 'Enroll KEK' 205 // 206 goto FORMID_ENROLL_KEK_FORM, 207 prompt = STRING_TOKEN(STR_ENROLL_KEK), 208 help = STRING_TOKEN(STR_ENROLL_KEK_HELP), 209 flags = INTERACTIVE; 210 211 subtitle text = STRING_TOKEN(STR_NULL); 212 213 // 214 // Display of 'Delete KEK' 215 // 216 goto FORMID_DELETE_KEK_FORM, 217 prompt = STRING_TOKEN(STR_DELETE_KEK), 218 help = STRING_TOKEN(STR_DELETE_KEK_HELP), 219 flags = INTERACTIVE, 220 key = KEY_DELETE_KEK; 221 222 subtitle text = STRING_TOKEN(STR_NULL); 223 endform; 224 225 // 226 // ##6 Form: 'Enroll KEK' 227 // 228 form formid = FORMID_ENROLL_KEK_FORM, 229 title = STRING_TOKEN(STR_ENROLL_KEK_TITLE); 230 231 subtitle text = STRING_TOKEN(STR_NULL); 232 233 goto FORM_FILE_EXPLORER_ID_KEK, 234 prompt = STRING_TOKEN(STR_FORM_ENROLL_KEK_FROM_FILE_TITLE), 235 help = STRING_TOKEN(STR_FORM_ENROLL_KEK_FROM_FILE_TITLE_HELP), 236 flags = INTERACTIVE, 237 key = FORMID_ENROLL_KEK_FORM; 238 239 subtitle text = STRING_TOKEN(STR_NULL); 240 label FORMID_ENROLL_KEK_FORM; 241 label LABEL_END; 242 subtitle text = STRING_TOKEN(STR_NULL); 243 244 string varid = SECUREBOOT_CONFIGURATION.SignatureGuid, 245 prompt = STRING_TOKEN(STR_SECURE_BOOT_SIGNATURE_GUID), 246 help = STRING_TOKEN(STR_SECURE_BOOT_SIGNATURE_GUID_HELP), 247 flags = INTERACTIVE, 248 key = KEY_SECURE_BOOT_KEK_GUID, 249 minsize = SECURE_BOOT_GUID_SIZE, 250 maxsize = SECURE_BOOT_GUID_SIZE, 251 endstring; 252 253 subtitle text = STRING_TOKEN(STR_NULL); 254 subtitle text = STRING_TOKEN(STR_NULL); 255 256 goto FORMID_SECURE_BOOT_OPTION_FORM, 257 prompt = STRING_TOKEN(STR_SAVE_AND_EXIT), 258 help = STRING_TOKEN(STR_SAVE_AND_EXIT), 259 flags = INTERACTIVE, 260 key = KEY_VALUE_SAVE_AND_EXIT_KEK; 261 262 goto FORMID_SECURE_BOOT_OPTION_FORM, 263 prompt = STRING_TOKEN(STR_NO_SAVE_AND_EXIT), 264 help = STRING_TOKEN(STR_NO_SAVE_AND_EXIT), 265 flags = INTERACTIVE, 266 key = KEY_VALUE_NO_SAVE_AND_EXIT_KEK; 267 268 endform; 269 270 // 271 // ##7 Form: 'Delete KEK' 272 // 273 form formid = FORMID_DELETE_KEK_FORM, 274 title = STRING_TOKEN(STR_DELETE_KEK_TITLE); 275 276 label LABEL_KEK_DELETE; 277 label LABEL_END; 278 279 subtitle text = STRING_TOKEN(STR_NULL); 280 281 endform; 282 283 // 284 // ##8 Form: 'DB Options' 285 // 286 form formid = FORMID_SECURE_BOOT_DB_OPTION_FORM, 287 title = STRING_TOKEN(STR_SECURE_BOOT_DB_OPTION); 288 289 subtitle text = STRING_TOKEN(STR_NULL); 290 291 goto SECUREBOOT_ENROLL_SIGNATURE_TO_DB, 292 prompt = STRING_TOKEN (STR_SECURE_BOOT_ENROLL_SIGNATURE), 293 help = STRING_TOKEN (STR_SECURE_BOOT_ENROLL_SIGNATURE), 294 flags = 0; 295 296 subtitle text = STRING_TOKEN(STR_NULL); 297 298 goto SECUREBOOT_DELETE_SIGNATURE_FROM_DB, 299 prompt = STRING_TOKEN (STR_SECURE_BOOT_DELETE_SIGNATURE), 300 help = STRING_TOKEN (STR_SECURE_BOOT_DELETE_SIGNATURE), 301 flags = INTERACTIVE, 302 key = SECUREBOOT_DELETE_SIGNATURE_FROM_DB; 303 304 endform; 305 306 // 307 // ##9 Form: 'DBX Options' 308 // 309 form formid = FORMID_SECURE_BOOT_DBX_OPTION_FORM, 310 title = STRING_TOKEN(STR_SECURE_BOOT_DBX_OPTION); 311 312 subtitle text = STRING_TOKEN(STR_NULL); 313 314 goto SECUREBOOT_ENROLL_SIGNATURE_TO_DBX, 315 prompt = STRING_TOKEN (STR_SECURE_BOOT_ENROLL_SIGNATURE), 316 help = STRING_TOKEN (STR_SECURE_BOOT_ENROLL_SIGNATURE), 317 flags = 0; 318 319 subtitle text = STRING_TOKEN(STR_NULL); 320 321 goto SECUREBOOT_DELETE_SIGNATURE_FROM_DBX, 322 prompt = STRING_TOKEN (STR_SECURE_BOOT_DELETE_SIGNATURE), 323 help = STRING_TOKEN (STR_SECURE_BOOT_DELETE_SIGNATURE), 324 flags = INTERACTIVE, 325 key = SECUREBOOT_DELETE_SIGNATURE_FROM_DBX; 326 327 endform; 328 329 // 330 // Form: 'Delete Signature' for DB Options. 331 // 332 form formid = SECUREBOOT_DELETE_SIGNATURE_FROM_DB, 333 title = STRING_TOKEN(STR_SECURE_BOOT_DELETE_SIGNATURE); 334 335 label LABEL_DB_DELETE; 336 label LABEL_END; 337 subtitle text = STRING_TOKEN(STR_NULL); 338 339 endform; 340 341 // 342 // Form: 'Delete Signature' for DBX Options. 343 // 344 form formid = SECUREBOOT_DELETE_SIGNATURE_FROM_DBX, 345 title = STRING_TOKEN(STR_SECURE_BOOT_DELETE_SIGNATURE); 346 347 label LABEL_DBX_DELETE; 348 label LABEL_END; 349 subtitle text = STRING_TOKEN(STR_NULL); 350 351 endform; 352 353 // 354 // Form: 'Enroll Signature' for DB options. 355 // 356 form formid = SECUREBOOT_ENROLL_SIGNATURE_TO_DB, 357 title = STRING_TOKEN(STR_SECURE_BOOT_ENROLL_SIGNATURE); 358 359 subtitle text = STRING_TOKEN(STR_NULL); 360 361 goto FORM_FILE_EXPLORER_ID_DB, 362 prompt = STRING_TOKEN(STR_SECURE_BOOT_ADD_SIGNATURE_FILE), 363 help = STRING_TOKEN(STR_SECURE_BOOT_ADD_SIGNATURE_FILE), 364 flags = INTERACTIVE, 365 key = SECUREBOOT_ENROLL_SIGNATURE_TO_DB; 366 367 subtitle text = STRING_TOKEN(STR_NULL); 368 label SECUREBOOT_ENROLL_SIGNATURE_TO_DB; 369 label LABEL_END; 370 subtitle text = STRING_TOKEN(STR_NULL); 371 372 string varid = SECUREBOOT_CONFIGURATION.SignatureGuid, 373 prompt = STRING_TOKEN(STR_SECURE_BOOT_SIGNATURE_GUID), 374 help = STRING_TOKEN(STR_SECURE_BOOT_SIGNATURE_GUID_HELP), 375 flags = INTERACTIVE, 376 key = KEY_SECURE_BOOT_SIGNATURE_GUID_DB, 377 minsize = SECURE_BOOT_GUID_SIZE, 378 maxsize = SECURE_BOOT_GUID_SIZE, 379 endstring; 380 381 subtitle text = STRING_TOKEN(STR_NULL); 382 subtitle text = STRING_TOKEN(STR_NULL); 383 384 goto FORMID_SECURE_BOOT_OPTION_FORM, 385 prompt = STRING_TOKEN(STR_SAVE_AND_EXIT), 386 help = STRING_TOKEN(STR_SAVE_AND_EXIT), 387 flags = INTERACTIVE, 388 key = KEY_VALUE_SAVE_AND_EXIT_DB; 389 390 goto FORMID_SECURE_BOOT_OPTION_FORM, 391 prompt = STRING_TOKEN(STR_NO_SAVE_AND_EXIT), 392 help = STRING_TOKEN(STR_NO_SAVE_AND_EXIT), 393 flags = INTERACTIVE, 394 key = KEY_VALUE_NO_SAVE_AND_EXIT_DB; 395 396 endform; 397 398 // 399 // Form: 'Enroll Signature' for DBX options. 400 // 401 form formid = SECUREBOOT_ENROLL_SIGNATURE_TO_DBX, 402 title = STRING_TOKEN(STR_SECURE_BOOT_ENROLL_SIGNATURE); 403 404 subtitle text = STRING_TOKEN(STR_NULL); 405 406 goto FORM_FILE_EXPLORER_ID_DBX, 407 prompt = STRING_TOKEN(STR_SECURE_BOOT_ADD_SIGNATURE_FILE), 408 help = STRING_TOKEN(STR_SECURE_BOOT_ADD_SIGNATURE_FILE), 409 flags = INTERACTIVE, 410 key = SECUREBOOT_ENROLL_SIGNATURE_TO_DBX; 411 412 subtitle text = STRING_TOKEN(STR_NULL); 413 label SECUREBOOT_ENROLL_SIGNATURE_TO_DBX; 414 label LABEL_END; 415 subtitle text = STRING_TOKEN(STR_NULL); 416 417 string varid = SECUREBOOT_CONFIGURATION.SignatureGuid, 418 prompt = STRING_TOKEN(STR_SECURE_BOOT_SIGNATURE_GUID), 419 help = STRING_TOKEN(STR_SECURE_BOOT_SIGNATURE_GUID_HELP), 420 flags = INTERACTIVE, 421 key = KEY_SECURE_BOOT_SIGNATURE_GUID_DBX, 422 minsize = SECURE_BOOT_GUID_SIZE, 423 maxsize = SECURE_BOOT_GUID_SIZE, 424 endstring; 425 426 subtitle text = STRING_TOKEN(STR_NULL); 427 subtitle text = STRING_TOKEN(STR_NULL); 428 429 goto FORMID_SECURE_BOOT_OPTION_FORM, 430 prompt = STRING_TOKEN(STR_SAVE_AND_EXIT), 431 help = STRING_TOKEN(STR_SAVE_AND_EXIT), 432 flags = INTERACTIVE, 433 key = KEY_VALUE_SAVE_AND_EXIT_DBX; 434 435 goto FORMID_SECURE_BOOT_OPTION_FORM, 436 prompt = STRING_TOKEN(STR_NO_SAVE_AND_EXIT), 437 help = STRING_TOKEN(STR_NO_SAVE_AND_EXIT), 438 flags = INTERACTIVE, 439 key = KEY_VALUE_NO_SAVE_AND_EXIT_DBX; 440 441 endform; 442 443 // 444 // File Explorer for PK 445 // 446 form formid = FORM_FILE_EXPLORER_ID_PK, 447 title = STRING_TOKEN(STR_FILE_EXPLORER_TITLE); 448 449 label FORM_FILE_EXPLORER_ID; 450 label LABEL_END; 451 endform; 452 453 // 454 // File Explorer for KEK 455 // 456 form formid = FORM_FILE_EXPLORER_ID_KEK, 457 title = STRING_TOKEN(STR_FILE_EXPLORER_TITLE); 458 459 label FORM_FILE_EXPLORER_ID; 460 label LABEL_END; 461 endform; 462 463 // 464 // File Explorer for DB 465 // 466 form formid = FORM_FILE_EXPLORER_ID_DB, 467 title = STRING_TOKEN(STR_FILE_EXPLORER_TITLE); 468 469 label FORM_FILE_EXPLORER_ID; 470 label LABEL_END; 471 endform; 472 473 // 474 // File Explorer for DBX 475 // 476 form formid = FORM_FILE_EXPLORER_ID_DBX, 477 title = STRING_TOKEN(STR_FILE_EXPLORER_TITLE); 478 479 label FORM_FILE_EXPLORER_ID; 480 label LABEL_END; 481 endform; 482 483 484 // 485 // Enroll Pk from File Commit Form 486 // 487 form formid = SECUREBOOT_ADD_PK_FILE_FORM_ID, 488 title = STRING_TOKEN(STR_SAVE_PK_FILE); 489 490 label SECUREBOOT_ADD_PK_FILE_FORM_ID; 491 label LABEL_END; 492 493 subtitle text = STRING_TOKEN(STR_NULL); 494 495 text 496 help = STRING_TOKEN(STR_SAVE_AND_EXIT), 497 text = STRING_TOKEN(STR_SAVE_AND_EXIT), 498 flags = INTERACTIVE, 499 key = KEY_VALUE_SAVE_AND_EXIT_PK; 500 501 text 502 help = STRING_TOKEN(STR_NO_SAVE_AND_EXIT), 503 text = STRING_TOKEN(STR_NO_SAVE_AND_EXIT), 504 flags = INTERACTIVE, 505 key = KEY_VALUE_NO_SAVE_AND_EXIT_PK; 506 507 endform; 508 509endformset; 510