diff options
| author | Guo Mang <mang.guo@intel.com> | 2016-12-23 14:32:15 +0800 |
|---|---|---|
| committer | Guo Mang <mang.guo@intel.com> | 2017-05-09 13:03:04 +0800 |
| commit | 9a857a4343040f9386dc77de6851697e7ec57264 (patch) | |
| tree | fddcf237aa54e11637e2faa46559598651054b98 /Platform/BroxtonPlatformPkg/Common/PlatformSettings/PlatformSetupDxe/Security.vfi | |
| parent | b83cfc49fc9b723c739242bc0518c01ea5a4eccd (diff) | |
| download | edk2-platforms-9a857a4343040f9386dc77de6851697e7ec57264.tar.xz | |
BroxtonPlatformPkg: Add PlatformSetupDxe
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Guo Mang <mang.guo@intel.com>
Diffstat (limited to 'Platform/BroxtonPlatformPkg/Common/PlatformSettings/PlatformSetupDxe/Security.vfi')
| -rw-r--r-- | Platform/BroxtonPlatformPkg/Common/PlatformSettings/PlatformSetupDxe/Security.vfi | 176 |
1 files changed, 176 insertions, 0 deletions
diff --git a/Platform/BroxtonPlatformPkg/Common/PlatformSettings/PlatformSetupDxe/Security.vfi b/Platform/BroxtonPlatformPkg/Common/PlatformSettings/PlatformSetupDxe/Security.vfi new file mode 100644 index 0000000000..da103b2ed2 --- /dev/null +++ b/Platform/BroxtonPlatformPkg/Common/PlatformSettings/PlatformSetupDxe/Security.vfi @@ -0,0 +1,176 @@ +// /** @file
+// Security Setup formset.
+//
+// Copyright (c) 1999 - 2016, Intel Corporation. All rights reserved.<BR>
+//
+// This program and the accompanying materials
+// are licensed and made available under the terms and conditions of the BSD License
+// which accompanies this distribution. The full text of the license may be found at
+// http://opensource.org/licenses/bsd-license.php.
+//
+// THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+// WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+//
+// **/
+
+
+//
+// Security Configuration Form
+//
+
+form formid = SECURITY_CONFIGURATION_FORM_ID,
+ title = STRING_TOKEN(STR_SECURITY_CONFIGURATION_TITLE);
+
+ //
+ // SeC related
+ //
+ subtitle text = STRING_TOKEN(STR_SEC_CONFIGURATION_SUBTITLE);
+
+ text
+ help = STRING_TOKEN(STR_NULL_STRING),
+ text = STRING_TOKEN(STR_SEC_VERSION_STRING),
+ text = STRING_TOKEN(STR_TXE_FW_VALUE),
+ flags = 0,
+ key = 0;
+
+
+ text
+ help = STRING_TOKEN(STR_NULL_STRING),
+ text = STRING_TOKEN(STR_SEC_CAPABILITY_STRING),
+ text = STRING_TOKEN(STR_SEC_CAPABILITY_VALUE),
+ flags = 0,
+ key = 0;
+
+ text
+ help = STRING_TOKEN(STR_NULL_STRING),
+ text = STRING_TOKEN(STR_SEC_FEATURE_STRING),
+ text = STRING_TOKEN(STR_SEC_FEATURE_VALUE),
+ flags = 0,
+ key = 0;
+
+ text
+ help = STRING_TOKEN(STR_NULL_STRING),
+ text = STRING_TOKEN(STR_SEC_OEMTAG_STRING),
+ text = STRING_TOKEN(STR_SEC_OEMTAG_VALUE),
+ flags = 0,
+ key = 0;
+
+ text
+ help = STRING_TOKEN(STR_SEC_TEMP_DISABLE_HELP),
+ text = STRING_TOKEN(STR_SEC_TEMP_DISABLE_STRING),
+ text = STRING_TOKEN(STR_SEC_TEMP_DISABLE_PROMPT),
+ flags = 0,
+ key = 0;
+ subtitle text = STRING_TOKEN(STR_NULL_STRING);
+
+ suppressif ideqval Setup.SeCModeEnable == 0x00;
+ grayoutif ideqval Setup.SeCEOPEnable == 1;
+ oneof varid = Setup.SecEnable,
+ prompt = STRING_TOKEN(STR_SEC_SETTING_PROMPT),
+ help = STRING_TOKEN(STR_SEC_SETTING_HELP),
+ option text = STRING_TOKEN(STR_DISABLED), value=0x00, flags=RESET_REQUIRED;
+ option text = STRING_TOKEN(STR_ENABLED), value=0x01, flags=DEFAULT | RESET_REQUIRED;
+ endoneof;
+ endif;
+ endif;
+
+ suppressif ideqval Setup.SeCOpEnable == 0x00;
+ grayoutif ideqval Setup.SeCEOPEnable == 1;
+ oneof varid = Setup.SecFlashUpdate,
+ prompt = STRING_TOKEN(STR_SEC_FLASH_UPDATE_PROMPT),
+ help = STRING_TOKEN(STR_SEC_FLASH_UPDATE_HELP),
+ option text = STRING_TOKEN(STR_DISABLED), value=0x00, flags=DEFAULT | RESET_REQUIRED;
+ option text = STRING_TOKEN(STR_ENABLED), value=0x01, flags=RESET_REQUIRED;
+ endoneof;
+
+ oneof varid = Setup.SecFirmwareUpdate,
+ prompt = STRING_TOKEN(STR_SEC_FIRMWARE_UPDATE_PROMPT),
+ help = STRING_TOKEN(STR_SEC_FIRMWARE_UPDATE_HELP),
+ option text = STRING_TOKEN(STR_DISABLED), value=0x00, flags=DEFAULT | RESET_REQUIRED;
+ option text = STRING_TOKEN(STR_ENABLED), value=0x01, flags=RESET_REQUIRED;
+ endoneof;
+ endif;
+
+ oneof varid = Setup.SeCEOPEnable,
+ prompt = STRING_TOKEN(STR_SEC_EOP_PROMPT),
+ help = STRING_TOKEN(STR_SEC_EOP_HELP),
+ option text = STRING_TOKEN(STR_DISABLED), value=0x00, flags = RESET_REQUIRED;
+ option text = STRING_TOKEN(STR_ENABLED), value=0x01, flags = DEFAULT | RESET_REQUIRED;
+ endoneof;
+
+ grayoutif ideqval Setup.SeCEOPEnable == 1;
+ text
+ help = STRING_TOKEN(STR_SEC_TEMP_DISABLE_HELP),
+ text = STRING_TOKEN(STR_SEC_UNCONFIGURATION_PROMPT),
+ flags = INTERACTIVE,
+ key = 0x1234;
+ endif;
+ endif;
+
+ subtitle text = STRING_TOKEN(STR_NULL_STRING);
+
+
+ subtitle text = STRING_TOKEN(STR_NULL_STRING);
+
+ oneof varid = Setup.SecureBootCustomMode,
+ prompt = STRING_TOKEN(STR_SECURE_BOOT_MODE_PROMPT),
+ help = STRING_TOKEN(STR_SECURE_BOOT_MODE_HELP),
+ option text = STRING_TOKEN(STR_SB_STANDARD_MODE), value=0x00, flags = DEFAULT | MANUFACTURING;
+ option text = STRING_TOKEN(STR_SB_CUSTOM_MODE), value=0x01, flags = 0;
+ endoneof;
+ oneof varid = Setup.UseProductKey,
+ prompt = STRING_TOKEN(STR_SECURE_BOOT_PRO_KEY_PROMPT),
+ help = STRING_TOKEN(STR_SECURE_BOOT_PRO_KEY_HELP),
+ option text = STRING_TOKEN(STR_DEV_KEY), value=0x00, flags = DEFAULT | RESET_REQUIRED;
+ option text = STRING_TOKEN(STR_PRO_KEY), value=0x01, flags = RESET_REQUIRED;
+ endoneof;
+ text
+ help = STRING_TOKEN(STR_CLEAR_ALL_KEYS_HELP),
+ text = STRING_TOKEN(STR_CLEAR_ALL_KEYS),
+ text = STRING_TOKEN(STR_NULL_STRING),
+ flags = INTERACTIVE,
+ key = 0x1237; //KEY_CLEAR_KEK_AND_PK;
+
+ text
+ help = STRING_TOKEN(STR_LOAD_DEFAULTS_KEYS_HELP),
+ text = STRING_TOKEN(STR_LOAD_DEFAULTS_KEYS),
+ text = STRING_TOKEN(STR_NULL_STRING),
+ flags = INTERACTIVE,
+ key = 0x1238; //KEY_LOAD_DEFAULTS_KEYS;
+
+ subtitle text = STRING_TOKEN(STR_NULL_STRING);
+
+ //
+ //TPM related
+ //
+ subtitle text = STRING_TOKEN(STR_TPM_CONFIGURATION_PROMPT);
+
+ oneof varid = Setup.TPM,
+ prompt = STRING_TOKEN(STR_TPM_PROMPT),
+ help = STRING_TOKEN(STR_TPM_HELP),
+#if (X64_BUILD_ENABLE == FALSE)
+ option text = STRING_TOKEN(STR_DISABLE), value = 0x00, flags = DEFAULT | MANUFACTURING | RESET_REQUIRED;
+ option text = STRING_TOKEN(STR_TPM_PTT), value = 0x01, flags = RESET_REQUIRED;
+ option text = STRING_TOKEN(STR_TPM_DTPM_1_2), value = 0x02, flags = RESET_REQUIRED;
+ option text = STRING_TOKEN(STR_TPM_DTPM_2_0), value = 0x03, flags = RESET_REQUIRED;
+#else
+ option text = STRING_TOKEN(STR_DISABLE), value = 0x00, flags = RESET_REQUIRED;
+ option text = STRING_TOKEN(STR_TPM_PTT), value = 0x01, flags = DEFAULT | MANUFACTURING | RESET_REQUIRED;
+ option text = STRING_TOKEN(STR_TPM_DTPM_1_2), value = 0x02, flags = RESET_REQUIRED;
+ option text = STRING_TOKEN(STR_TPM_DTPM_2_0), value = 0x03, flags = RESET_REQUIRED;
+#endif
+ endoneof;
+
+ suppressif NOT ideqval Setup.TPM == 1;
+ oneof varid = Setup.TPMSupportedBanks,
+ prompt = STRING_TOKEN(STR_TPM2_PCR_ALLOCATE_PROMPT),
+ help = STRING_TOKEN(STR_TPM2_PCR_ALLOCATE_HELP),
+ option text = STRING_TOKEN(STR_TPM2_PCR_ALLOCATE_NULL), value = TPM2_SUPPORTED_BANK_NULL, flags = RESET_REQUIRED;
+ option text = STRING_TOKEN(STR_TPM2_PCR_ALLOCATE_SHA1), value = TPM2_SUPPORTED_BANK_SHA1, flags = DEFAULT | MANUFACTURING | RESET_REQUIRED;
+ option text = STRING_TOKEN(STR_TPM2_PCR_ALLOCATE_SHA2), value = TPM2_SUPPORTED_BANK_SHA2, flags = RESET_REQUIRED;
+ option text = STRING_TOKEN(STR_TPM2_PCR_ALLOCATE_BOTH), value = TPM2_SUPPORTED_BANK_BOTH, flags = RESET_REQUIRED;
+ endoneof;
+ endif;
+
+endform;
+
|