1/** @file 2 VFR file used by the SecureBoot configuration component. 3 4Copyright (c) 2011 - 2018, Intel Corporation. All rights reserved.<BR> 5SPDX-License-Identifier: BSD-2-Clause-Patent 6 7**/ 8 9#include "SecureBootConfigNvData.h" 10 11formset 12 guid = SECUREBOOT_CONFIG_FORM_SET_GUID, 13 title = STRING_TOKEN(STR_SECUREBOOT_TITLE), 14 help = STRING_TOKEN(STR_SECUREBOOT_HELP), 15 classguid = EFI_HII_PLATFORM_SETUP_FORMSET_GUID, 16 17 varstore SECUREBOOT_CONFIGURATION, 18 varid = SECUREBOOT_CONFIGURATION_VARSTORE_ID, 19 name = SECUREBOOT_CONFIGURATION, 20 guid = SECUREBOOT_CONFIG_FORM_SET_GUID; 21 22 // 23 // ##1 Form "Secure Boot Configuration" 24 // 25 form formid = SECUREBOOT_CONFIGURATION_FORM_ID, 26 title = STRING_TOKEN(STR_SECUREBOOT_TITLE); 27 28 subtitle text = STRING_TOKEN(STR_NULL); 29 30 text 31 help = STRING_TOKEN(STR_SECURE_BOOT_STATE_HELP), 32 text = STRING_TOKEN(STR_SECURE_BOOT_STATE_PROMPT), 33 text = STRING_TOKEN(STR_SECURE_BOOT_STATE_CONTENT); 34 35 // 36 // Display of Check Box: Attempt Secure Boot 37 // 38 grayoutif ideqval SECUREBOOT_CONFIGURATION.HideSecureBoot == 1 OR NOT ideqval SECUREBOOT_CONFIGURATION.PhysicalPresent == 1; 39 checkbox varid = SECUREBOOT_CONFIGURATION.AttemptSecureBoot, 40 questionid = KEY_SECURE_BOOT_ENABLE, 41 prompt = STRING_TOKEN(STR_SECURE_BOOT_PROMPT), 42 help = STRING_TOKEN(STR_SECURE_BOOT_HELP), 43 flags = INTERACTIVE | RESET_REQUIRED, 44 endcheckbox; 45 endif; 46 47 // 48 // Display of Oneof: 'Secure Boot Mode' 49 // 50 oneof name = SecureBootMode, 51 questionid = KEY_SECURE_BOOT_MODE, 52 prompt = STRING_TOKEN(STR_SECURE_BOOT_MODE_PROMPT), 53 help = STRING_TOKEN(STR_SECURE_BOOT_MODE_HELP), 54 flags = INTERACTIVE | NUMERIC_SIZE_1, 55 option text = STRING_TOKEN(STR_STANDARD_MODE), value = SECURE_BOOT_MODE_STANDARD, flags = DEFAULT; 56 option text = STRING_TOKEN(STR_CUSTOM_MODE), value = SECURE_BOOT_MODE_CUSTOM, flags = 0; 57 endoneof; 58 59 // 60 // Display of 'Current Secure Boot Mode' 61 // 62 suppressif questionref(SecureBootMode) == SECURE_BOOT_MODE_STANDARD; 63 grayoutif NOT ideqval SECUREBOOT_CONFIGURATION.PhysicalPresent == 1; 64 goto FORMID_SECURE_BOOT_OPTION_FORM, 65 prompt = STRING_TOKEN(STR_SECURE_BOOT_OPTION), 66 help = STRING_TOKEN(STR_SECURE_BOOT_OPTION_HELP), 67 flags = INTERACTIVE, 68 key = KEY_SECURE_BOOT_OPTION; 69 endif; 70 endif; 71 72 endform; 73 74 // 75 // ##2 Form: 'Custom Secure Boot Options' 76 // 77 form formid = FORMID_SECURE_BOOT_OPTION_FORM, 78 title = STRING_TOKEN(STR_SECURE_BOOT_OPTION_TITLE); 79 80 subtitle text = STRING_TOKEN(STR_NULL); 81 82 goto FORMID_SECURE_BOOT_PK_OPTION_FORM, 83 prompt = STRING_TOKEN(STR_SECURE_BOOT_PK_OPTION), 84 help = STRING_TOKEN(STR_SECURE_BOOT_PK_OPTION_HELP), 85 flags = INTERACTIVE, 86 key = KEY_SECURE_BOOT_PK_OPTION; 87 88 subtitle text = STRING_TOKEN(STR_NULL); 89 90 goto FORMID_SECURE_BOOT_KEK_OPTION_FORM, 91 prompt = STRING_TOKEN(STR_SECURE_BOOT_KEK_OPTION), 92 help = STRING_TOKEN(STR_SECURE_BOOT_KEK_OPTION_HELP), 93 flags = INTERACTIVE, 94 key = KEY_SECURE_BOOT_KEK_OPTION; 95 96 subtitle text = STRING_TOKEN(STR_NULL); 97 98 goto FORMID_SECURE_BOOT_DB_OPTION_FORM, 99 prompt = STRING_TOKEN(STR_SECURE_BOOT_DB_OPTION), 100 help = STRING_TOKEN(STR_SECURE_BOOT_DB_OPTION_HELP), 101 flags = INTERACTIVE, 102 key = KEY_SECURE_BOOT_DB_OPTION; 103 104 subtitle text = STRING_TOKEN(STR_NULL); 105 106 goto FORMID_SECURE_BOOT_DBX_OPTION_FORM, 107 prompt = STRING_TOKEN(STR_SECURE_BOOT_DBX_OPTION), 108 help = STRING_TOKEN(STR_SECURE_BOOT_DBX_OPTION_HELP), 109 flags = INTERACTIVE, 110 key = KEY_SECURE_BOOT_DBX_OPTION; 111 112 subtitle text = STRING_TOKEN(STR_NULL); 113 114 goto FORMID_SECURE_BOOT_DBT_OPTION_FORM, 115 prompt = STRING_TOKEN(STR_SECURE_BOOT_DBT_OPTION), 116 help = STRING_TOKEN(STR_SECURE_BOOT_DBT_OPTION_HELP), 117 flags = INTERACTIVE, 118 key = KEY_SECURE_BOOT_DBT_OPTION; 119 120 endform; 121 122 // 123 // ##3 Form: 'PK Options' 124 // 125 form formid = FORMID_SECURE_BOOT_PK_OPTION_FORM, 126 title = STRING_TOKEN(STR_SECURE_BOOT_PK_OPTION); 127 128 subtitle text = STRING_TOKEN(STR_NULL); 129 130 // 131 // Display of 'Enroll PK' 132 // 133 grayoutif ideqval SECUREBOOT_CONFIGURATION.HasPk == 1; 134 goto FORMID_ENROLL_PK_FORM, 135 prompt = STRING_TOKEN(STR_ENROLL_PK), 136 help = STRING_TOKEN(STR_ENROLL_PK_HELP), 137 flags = INTERACTIVE, 138 key = KEY_ENROLL_PK; 139 endif; 140 141 subtitle text = STRING_TOKEN(STR_NULL); 142 143 // 144 // Display of Check Box: 'Delete Pk' 145 // 146 grayoutif ideqval SECUREBOOT_CONFIGURATION.HideSecureBoot == 1; 147 checkbox varid = SECUREBOOT_CONFIGURATION.DeletePk, 148 questionid = KEY_SECURE_BOOT_DELETE_PK, 149 prompt = STRING_TOKEN(STR_DELETE_PK), 150 help = STRING_TOKEN(STR_DELETE_PK_HELP), 151 flags = INTERACTIVE | RESET_REQUIRED, 152 endcheckbox; 153 endif; 154 endform; 155 156 // 157 // ##4 Form: 'Enroll PK' 158 // 159 form formid = FORMID_ENROLL_PK_FORM, 160 title = STRING_TOKEN(STR_ENROLL_PK); 161 162 subtitle text = STRING_TOKEN(STR_NULL); 163 164 goto FORMID_ENROLL_PK_FORM, 165 prompt = STRING_TOKEN(STR_SECURE_BOOT_ENROLL_PK_FILE), 166 help = STRING_TOKEN(STR_SECURE_BOOT_ENROLL_PK_FILE), 167 flags = INTERACTIVE, 168 key = FORMID_ENROLL_PK_FORM; 169 170 subtitle text = STRING_TOKEN(STR_NULL); 171 label FORMID_ENROLL_PK_FORM; 172 label LABEL_END; 173 subtitle text = STRING_TOKEN(STR_NULL); 174 175 goto FORMID_SECURE_BOOT_OPTION_FORM, 176 prompt = STRING_TOKEN(STR_SAVE_AND_EXIT), 177 help = STRING_TOKEN(STR_SAVE_AND_EXIT), 178 flags = INTERACTIVE| RESET_REQUIRED, 179 key = KEY_VALUE_SAVE_AND_EXIT_PK; 180 181 goto FORMID_SECURE_BOOT_OPTION_FORM, 182 prompt = STRING_TOKEN(STR_NO_SAVE_AND_EXIT), 183 help = STRING_TOKEN(STR_NO_SAVE_AND_EXIT), 184 flags = INTERACTIVE, 185 key = KEY_VALUE_NO_SAVE_AND_EXIT_PK; 186 187 endform; 188 189 // 190 // ##5 Form: 'KEK Options' 191 // 192 form formid = FORMID_SECURE_BOOT_KEK_OPTION_FORM, 193 title = STRING_TOKEN(STR_SECURE_BOOT_KEK_OPTION); 194 195 // 196 // Display of 'Enroll KEK' 197 // 198 goto FORMID_ENROLL_KEK_FORM, 199 prompt = STRING_TOKEN(STR_ENROLL_KEK), 200 help = STRING_TOKEN(STR_ENROLL_KEK_HELP), 201 flags = INTERACTIVE; 202 203 subtitle text = STRING_TOKEN(STR_NULL); 204 205 // 206 // Display of 'Delete KEK' 207 // 208 goto FORMID_DELETE_KEK_FORM, 209 prompt = STRING_TOKEN(STR_DELETE_KEK), 210 help = STRING_TOKEN(STR_DELETE_KEK_HELP), 211 flags = INTERACTIVE, 212 key = KEY_DELETE_KEK; 213 214 subtitle text = STRING_TOKEN(STR_NULL); 215 endform; 216 217 // 218 // ##6 Form: 'Enroll KEK' 219 // 220 form formid = FORMID_ENROLL_KEK_FORM, 221 title = STRING_TOKEN(STR_ENROLL_KEK_TITLE); 222 223 subtitle text = STRING_TOKEN(STR_NULL); 224 225 goto FORMID_ENROLL_KEK_FORM, 226 prompt = STRING_TOKEN(STR_FORM_ENROLL_KEK_FROM_FILE_TITLE), 227 help = STRING_TOKEN(STR_FORM_ENROLL_KEK_FROM_FILE_TITLE_HELP), 228 flags = INTERACTIVE, 229 key = FORMID_ENROLL_KEK_FORM; 230 231 subtitle text = STRING_TOKEN(STR_NULL); 232 label FORMID_ENROLL_KEK_FORM; 233 label LABEL_END; 234 subtitle text = STRING_TOKEN(STR_NULL); 235 236 string varid = SECUREBOOT_CONFIGURATION.SignatureGuid, 237 prompt = STRING_TOKEN(STR_SECURE_BOOT_SIGNATURE_GUID), 238 help = STRING_TOKEN(STR_SECURE_BOOT_SIGNATURE_GUID_HELP), 239 flags = INTERACTIVE, 240 key = KEY_SECURE_BOOT_KEK_GUID, 241 minsize = SECURE_BOOT_GUID_SIZE, 242 maxsize = SECURE_BOOT_GUID_SIZE, 243 endstring; 244 245 subtitle text = STRING_TOKEN(STR_NULL); 246 subtitle text = STRING_TOKEN(STR_NULL); 247 248 goto FORMID_SECURE_BOOT_OPTION_FORM, 249 prompt = STRING_TOKEN(STR_SAVE_AND_EXIT), 250 help = STRING_TOKEN(STR_SAVE_AND_EXIT), 251 flags = INTERACTIVE, 252 key = KEY_VALUE_SAVE_AND_EXIT_KEK; 253 254 goto FORMID_SECURE_BOOT_OPTION_FORM, 255 prompt = STRING_TOKEN(STR_NO_SAVE_AND_EXIT), 256 help = STRING_TOKEN(STR_NO_SAVE_AND_EXIT), 257 flags = INTERACTIVE, 258 key = KEY_VALUE_NO_SAVE_AND_EXIT_KEK; 259 260 endform; 261 262 // 263 // ##7 Form: 'Delete KEK' 264 // 265 form formid = FORMID_DELETE_KEK_FORM, 266 title = STRING_TOKEN(STR_DELETE_KEK_TITLE); 267 268 label LABEL_KEK_DELETE; 269 label LABEL_END; 270 271 subtitle text = STRING_TOKEN(STR_NULL); 272 273 endform; 274 275 // 276 // ##8 Form: 'DB Options' 277 // 278 form formid = FORMID_SECURE_BOOT_DB_OPTION_FORM, 279 title = STRING_TOKEN(STR_SECURE_BOOT_DB_OPTION); 280 281 subtitle text = STRING_TOKEN(STR_NULL); 282 283 goto SECUREBOOT_ENROLL_SIGNATURE_TO_DB, 284 prompt = STRING_TOKEN (STR_SECURE_BOOT_ENROLL_SIGNATURE), 285 help = STRING_TOKEN (STR_SECURE_BOOT_ENROLL_SIGNATURE), 286 flags = 0; 287 288 subtitle text = STRING_TOKEN(STR_NULL); 289 290 goto SECUREBOOT_DELETE_SIGNATURE_FROM_DB, 291 prompt = STRING_TOKEN (STR_SECURE_BOOT_DELETE_SIGNATURE), 292 help = STRING_TOKEN (STR_SECURE_BOOT_DELETE_SIGNATURE), 293 flags = INTERACTIVE, 294 key = SECUREBOOT_DELETE_SIGNATURE_FROM_DB; 295 296 endform; 297 298 // 299 // ##9 Form: 'DBX Options' 300 // 301 form formid = FORMID_SECURE_BOOT_DBX_OPTION_FORM, 302 title = STRING_TOKEN(STR_SECURE_BOOT_DBX_OPTION); 303 304 subtitle text = STRING_TOKEN(STR_NULL); 305 306 goto SECUREBOOT_ENROLL_SIGNATURE_TO_DBX, 307 prompt = STRING_TOKEN (STR_SECURE_BOOT_ENROLL_SIGNATURE), 308 help = STRING_TOKEN (STR_SECURE_BOOT_ENROLL_SIGNATURE), 309 flags = 0; 310 311 subtitle text = STRING_TOKEN(STR_NULL); 312 313 goto SECUREBOOT_DELETE_SIGNATURE_LIST_FORM, 314 prompt = STRING_TOKEN (STR_SECURE_BOOT_DELETE_SIGNATURE), 315 help = STRING_TOKEN (STR_SECURE_BOOT_DELETE_SIGNATURE), 316 flags = INTERACTIVE, 317 key = KEY_VALUE_FROM_DBX_TO_LIST_FORM; 318 319 endform; 320 321 // 322 // ##9 Form: 'DBT Options' 323 // 324 form formid = FORMID_SECURE_BOOT_DBT_OPTION_FORM, 325 title = STRING_TOKEN(STR_SECURE_BOOT_DBT_OPTION); 326 327 subtitle text = STRING_TOKEN(STR_NULL); 328 329 goto SECUREBOOT_ENROLL_SIGNATURE_TO_DBT, 330 prompt = STRING_TOKEN (STR_SECURE_BOOT_ENROLL_SIGNATURE), 331 help = STRING_TOKEN (STR_SECURE_BOOT_ENROLL_SIGNATURE), 332 flags = 0; 333 334 subtitle text = STRING_TOKEN(STR_NULL); 335 336 goto SECUREBOOT_DELETE_SIGNATURE_FROM_DBT, 337 prompt = STRING_TOKEN (STR_SECURE_BOOT_DELETE_SIGNATURE), 338 help = STRING_TOKEN (STR_SECURE_BOOT_DELETE_SIGNATURE), 339 flags = INTERACTIVE, 340 key = SECUREBOOT_DELETE_SIGNATURE_FROM_DBT; 341 342 endform; 343 344 // 345 // Form: 'Delete Signature' for DB Options. 346 // 347 form formid = SECUREBOOT_DELETE_SIGNATURE_FROM_DB, 348 title = STRING_TOKEN(STR_SECURE_BOOT_DELETE_SIGNATURE); 349 350 label LABEL_DB_DELETE; 351 label LABEL_END; 352 subtitle text = STRING_TOKEN(STR_NULL); 353 354 endform; 355 356 // 357 // Form: Display Signature List. 358 // 359 form formid = SECUREBOOT_DELETE_SIGNATURE_LIST_FORM, 360 title = STRING_TOKEN(STR_SECURE_BOOT_DELETE_LIST_FORM); 361 362 subtitle text = STRING_TOKEN(STR_NULL); 363 364 grayoutif ideqval SECUREBOOT_CONFIGURATION.ListCount == 0; 365 label LABEL_DELETE_ALL_LIST_BUTTON; 366 // 367 // Will create a goto button dynamically here. 368 // 369 label LABEL_END; 370 endif; 371 372 subtitle text = STRING_TOKEN(STR_NULL); 373 label LABEL_SIGNATURE_LIST_START; 374 label LABEL_END; 375 subtitle text = STRING_TOKEN(STR_NULL); 376 377 endform; 378 379 // 380 // Form: Display Signature Data. 381 // 382 form formid = SECUREBOOT_DELETE_SIGNATURE_DATA_FORM, 383 title = STRING_TOKEN(STR_SECURE_BOOT_DELETE_DATA_FORM); 384 385 subtitle text = STRING_TOKEN(STR_NULL); 386 387 goto SECUREBOOT_DELETE_SIGNATURE_LIST_FORM, 388 prompt = STRING_TOKEN(STR_SECURE_BOOT_DELETE_ALL_DATA), 389 help = STRING_TOKEN(STR_SECURE_BOOT_DELETE_ALL_DATA_HELP), 390 flags = INTERACTIVE, 391 key = KEY_SECURE_BOOT_DELETE_ALL_DATA; 392 393 grayoutif ideqval SECUREBOOT_CONFIGURATION.CheckedDataCount == 0; 394 goto SECUREBOOT_DELETE_SIGNATURE_LIST_FORM, 395 prompt = STRING_TOKEN(STR_SECURE_BOOT_DELETE_CHECK_DATA), 396 help = STRING_TOKEN(STR_SECURE_BOOT_DELETE_CHECK_DATA_HELP), 397 flags = INTERACTIVE, 398 key = KEY_SECURE_BOOT_DELETE_CHECK_DATA; 399 endif; 400 401 subtitle text = STRING_TOKEN(STR_NULL); 402 label LABEL_SIGNATURE_DATA_START; 403 label LABEL_END; 404 subtitle text = STRING_TOKEN(STR_NULL); 405 406 endform; 407 408 409 // 410 // Form: 'Delete Signature' for DBT Options. 411 // 412 form formid = SECUREBOOT_DELETE_SIGNATURE_FROM_DBT, 413 title = STRING_TOKEN(STR_SECURE_BOOT_DELETE_SIGNATURE); 414 415 label LABEL_DBT_DELETE; 416 label LABEL_END; 417 subtitle text = STRING_TOKEN(STR_NULL); 418 419 endform; 420 421 // 422 // Form: 'Enroll Signature' for DB options. 423 // 424 form formid = SECUREBOOT_ENROLL_SIGNATURE_TO_DB, 425 title = STRING_TOKEN(STR_SECURE_BOOT_ENROLL_SIGNATURE); 426 427 subtitle text = STRING_TOKEN(STR_NULL); 428 429 goto SECUREBOOT_ENROLL_SIGNATURE_TO_DB, 430 prompt = STRING_TOKEN(STR_SECURE_BOOT_ADD_SIGNATURE_FILE), 431 help = STRING_TOKEN(STR_SECURE_BOOT_ADD_SIGNATURE_FILE), 432 flags = INTERACTIVE, 433 key = SECUREBOOT_ENROLL_SIGNATURE_TO_DB; 434 435 subtitle text = STRING_TOKEN(STR_NULL); 436 label SECUREBOOT_ENROLL_SIGNATURE_TO_DB; 437 label LABEL_END; 438 subtitle text = STRING_TOKEN(STR_NULL); 439 440 string varid = SECUREBOOT_CONFIGURATION.SignatureGuid, 441 prompt = STRING_TOKEN(STR_SECURE_BOOT_SIGNATURE_GUID), 442 help = STRING_TOKEN(STR_SECURE_BOOT_SIGNATURE_GUID_HELP), 443 flags = INTERACTIVE, 444 key = KEY_SECURE_BOOT_SIGNATURE_GUID_DB, 445 minsize = SECURE_BOOT_GUID_SIZE, 446 maxsize = SECURE_BOOT_GUID_SIZE, 447 endstring; 448 449 subtitle text = STRING_TOKEN(STR_NULL); 450 subtitle text = STRING_TOKEN(STR_NULL); 451 452 goto FORMID_SECURE_BOOT_OPTION_FORM, 453 prompt = STRING_TOKEN(STR_SAVE_AND_EXIT), 454 help = STRING_TOKEN(STR_SAVE_AND_EXIT), 455 flags = INTERACTIVE, 456 key = KEY_VALUE_SAVE_AND_EXIT_DB; 457 458 goto FORMID_SECURE_BOOT_OPTION_FORM, 459 prompt = STRING_TOKEN(STR_NO_SAVE_AND_EXIT), 460 help = STRING_TOKEN(STR_NO_SAVE_AND_EXIT), 461 flags = INTERACTIVE, 462 key = KEY_VALUE_NO_SAVE_AND_EXIT_DB; 463 464 endform; 465 466 // 467 // Form: 'Enroll Signature' for DBX options. 468 // 469 form formid = SECUREBOOT_ENROLL_SIGNATURE_TO_DBX, 470 title = STRING_TOKEN(STR_SECURE_BOOT_ENROLL_SIGNATURE); 471 472 subtitle text = STRING_TOKEN(STR_NULL); 473 474 goto SECUREBOOT_ENROLL_SIGNATURE_TO_DBX, 475 prompt = STRING_TOKEN(STR_SECURE_BOOT_ADD_SIGNATURE_FILE), 476 help = STRING_TOKEN(STR_SECURE_BOOT_ADD_SIGNATURE_FILE), 477 flags = INTERACTIVE, 478 key = SECUREBOOT_ENROLL_SIGNATURE_TO_DBX; 479 480 label SECUREBOOT_ENROLL_SIGNATURE_TO_DBX; 481 label LABEL_END; 482 subtitle text = STRING_TOKEN(STR_NULL); 483 484 grayoutif ideqval SECUREBOOT_CONFIGURATION.FileEnrollType == 3; 485 string varid = SECUREBOOT_CONFIGURATION.SignatureGuid, 486 prompt = STRING_TOKEN(STR_SECURE_BOOT_SIGNATURE_GUID), 487 help = STRING_TOKEN(STR_SECURE_BOOT_SIGNATURE_GUID_HELP), 488 flags = INTERACTIVE, 489 key = KEY_SECURE_BOOT_SIGNATURE_GUID_DBX, 490 minsize = SECURE_BOOT_GUID_SIZE, 491 maxsize = SECURE_BOOT_GUID_SIZE, 492 endstring; 493 endif; 494 495 disableif NOT ideqval SECUREBOOT_CONFIGURATION.FileEnrollType == 1; 496 oneof name = X509SignatureFormatInDbx, 497 varid = SECUREBOOT_CONFIGURATION.CertificateFormat, 498 prompt = STRING_TOKEN(STR_DBX_CERTIFICATE_FORMAT_PROMPT), 499 help = STRING_TOKEN(STR_DBX_CERTIFICATE_FORMAT_HELP), 500 option text = STRING_TOKEN(STR_DBX_CERTIFICATE_FORMAT_SHA256), value = 0x1, flags = DEFAULT; 501 option text = STRING_TOKEN(STR_DBX_CERTIFICATE_FORMAT_SHA384), value = 0x2, flags = 0; 502 option text = STRING_TOKEN(STR_DBX_CERTIFICATE_FORMAT_SHA512), value = 0x3, flags = 0; 503 option text = STRING_TOKEN(STR_DBX_CERTIFICATE_FORMAT_RAW), value = 0x4, flags = 0; 504 endoneof; 505 endif; 506 507 disableif NOT ideqval SECUREBOOT_CONFIGURATION.FileEnrollType == 2; 508 text 509 help = STRING_TOKEN(STR_DBX_PE_IMAGE_FORMAT_HELP), // Help string 510 text = STRING_TOKEN(STR_DBX_CERTIFICATE_FORMAT_PROMPT), // Prompt string 511 text = STRING_TOKEN(STR_DBX_PE_FORMAT_SHA256); // PE image type 512 endif; 513 514 disableif NOT ideqval SECUREBOOT_CONFIGURATION.FileEnrollType == 3; 515 text 516 help = STRING_TOKEN(STR_DBX_AUTH_2_FORMAT_HELP), // Help string 517 text = STRING_TOKEN(STR_DBX_CERTIFICATE_FORMAT_PROMPT), // Prompt string 518 text = STRING_TOKEN(STR_DBX_AUTH_2_FORMAT); // AUTH_2 image type 519 endif; 520 521 suppressif ideqval SECUREBOOT_CONFIGURATION.CertificateFormat == 4; 522 checkbox varid = SECUREBOOT_CONFIGURATION.AlwaysRevocation, 523 prompt = STRING_TOKEN(STR_ALWAYS_CERTIFICATE_REVOCATION_PROMPT), 524 help = STRING_TOKEN(STR_ALWAYS_CERTIFICATE_REVOCATION_HELP), 525 flags = INTERACTIVE, 526 endcheckbox; 527 528 suppressif ideqval SECUREBOOT_CONFIGURATION.AlwaysRevocation == 1; 529 date varid = SECUREBOOT_CONFIGURATION.RevocationDate, 530 prompt = STRING_TOKEN(STR_CERTIFICATE_REVOCATION_DATE_PROMPT), 531 help = STRING_TOKEN(STR_CERTIFICATE_REVOCATION_DATE_HELP), 532 flags = STORAGE_NORMAL, 533 enddate; 534 535 time varid = SECUREBOOT_CONFIGURATION.RevocationTime, 536 prompt = STRING_TOKEN(STR_CERTIFICATE_REVOCATION_TIME_PROMPT), 537 help = STRING_TOKEN(STR_CERTIFICATE_REVOCATION_TIME_HELP), 538 flags = STORAGE_NORMAL, 539 endtime; 540 endif; 541 endif; 542 543 subtitle text = STRING_TOKEN(STR_NULL); 544 subtitle text = STRING_TOKEN(STR_NULL); 545 546 goto FORMID_SECURE_BOOT_OPTION_FORM, 547 prompt = STRING_TOKEN(STR_SAVE_AND_EXIT), 548 help = STRING_TOKEN(STR_SAVE_AND_EXIT), 549 flags = INTERACTIVE, 550 key = KEY_VALUE_SAVE_AND_EXIT_DBX; 551 552 goto FORMID_SECURE_BOOT_OPTION_FORM, 553 prompt = STRING_TOKEN(STR_NO_SAVE_AND_EXIT), 554 help = STRING_TOKEN(STR_NO_SAVE_AND_EXIT), 555 flags = INTERACTIVE, 556 key = KEY_VALUE_NO_SAVE_AND_EXIT_DBX; 557 558 endform; 559 560 // 561 // Form: 'Enroll Signature' for DBT options. 562 // 563 form formid = SECUREBOOT_ENROLL_SIGNATURE_TO_DBT, 564 title = STRING_TOKEN(STR_SECURE_BOOT_ENROLL_SIGNATURE); 565 566 subtitle text = STRING_TOKEN(STR_NULL); 567 568 goto SECUREBOOT_ENROLL_SIGNATURE_TO_DBT, 569 prompt = STRING_TOKEN(STR_SECURE_BOOT_ADD_SIGNATURE_FILE), 570 help = STRING_TOKEN(STR_SECURE_BOOT_ADD_SIGNATURE_FILE), 571 flags = INTERACTIVE, 572 key = SECUREBOOT_ENROLL_SIGNATURE_TO_DBT; 573 574 subtitle text = STRING_TOKEN(STR_NULL); 575 label SECUREBOOT_ENROLL_SIGNATURE_TO_DBT; 576 label LABEL_END; 577 subtitle text = STRING_TOKEN(STR_NULL); 578 579 string varid = SECUREBOOT_CONFIGURATION.SignatureGuid, 580 prompt = STRING_TOKEN(STR_SECURE_BOOT_SIGNATURE_GUID), 581 help = STRING_TOKEN(STR_SECURE_BOOT_SIGNATURE_GUID_HELP), 582 flags = INTERACTIVE, 583 key = KEY_SECURE_BOOT_SIGNATURE_GUID_DBT, 584 minsize = SECURE_BOOT_GUID_SIZE, 585 maxsize = SECURE_BOOT_GUID_SIZE, 586 endstring; 587 588 subtitle text = STRING_TOKEN(STR_NULL); 589 subtitle text = STRING_TOKEN(STR_NULL); 590 591 goto FORMID_SECURE_BOOT_OPTION_FORM, 592 prompt = STRING_TOKEN(STR_SAVE_AND_EXIT), 593 help = STRING_TOKEN(STR_SAVE_AND_EXIT), 594 flags = INTERACTIVE, 595 key = KEY_VALUE_SAVE_AND_EXIT_DBT; 596 597 goto FORMID_SECURE_BOOT_OPTION_FORM, 598 prompt = STRING_TOKEN(STR_NO_SAVE_AND_EXIT), 599 help = STRING_TOKEN(STR_NO_SAVE_AND_EXIT), 600 flags = INTERACTIVE, 601 key = KEY_VALUE_NO_SAVE_AND_EXIT_DBT; 602 603 endform; 604 605endformset; 606