diff options
| author | Fu Siyuan <siyuan.fu@intel.com> | 2013-08-22 09:46:03 +0000 |
|---|---|---|
| committer | sfu5 <sfu5@6f19259b-4bc3-4df7-8a09-765794883524> | 2013-08-22 09:46:03 +0000 |
| commit | a365eed476687881ce0ed49af7d483fd3cb0c491 (patch) | |
| tree | 4cfb371c4f4b4b7776d90a7c089a783ba767af9c /SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfig.vfr | |
| parent | f34ac841f139e26fb76fe538f3f2e6dbabe68b35 (diff) | |
| download | edk2-platforms-a365eed476687881ce0ed49af7d483fd3cb0c491.tar.xz | |
Fix a bug in secure boot configuration driver: Enroll DB/KEK will disable Attempt Secure Boot option.
Signed-off-by: Fu Siyuan <siyuan.fu@intel.com>
Reviewed-by: Eric Dong <eric.dong@intel.com>
Reviewed-by: Ye Ting <ting.ye@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@14590 6f19259b-4bc3-4df7-8a09-765794883524
Diffstat (limited to 'SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfig.vfr')
| -rw-r--r-- | SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfig.vfr | 27 |
1 files changed, 18 insertions, 9 deletions
diff --git a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfig.vfr b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfig.vfr index 656befbb44..9685a9e0c2 100644 --- a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfig.vfr +++ b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfig.vfr @@ -65,20 +65,29 @@ formset //
// Display of Oneof: 'Secure Boot Mode'
//
- oneof varid = SECUREBOOT_CONFIGURATION.SecureBootMode,
- questionid = KEY_SECURE_BOOT_MODE,
- prompt = STRING_TOKEN(STR_SECURE_BOOT_MODE_PROMPT),
- help = STRING_TOKEN(STR_SECURE_BOOT_MODE_HELP),
- flags = INTERACTIVE,
- option text = STRING_TOKEN(STR_STANDARD_MODE), value = SECURE_BOOT_MODE_STANDARD, flags = DEFAULT;
- option text = STRING_TOKEN(STR_CUSTOM_MODE), value = SECURE_BOOT_MODE_CUSTOM, flags = 0;
- endoneof;
+ disableif TRUE;
+ oneof varid = SECUREBOOT_CONFIGURATION.SecureBootMode,
+ prompt = STRING_TOKEN(STR_SECURE_BOOT_MODE_PROMPT),
+ help = STRING_TOKEN(STR_SECURE_BOOT_MODE_HELP),
+ flags = INTERACTIVE,
+ option text = STRING_TOKEN(STR_STANDARD_MODE), value = SECURE_BOOT_MODE_STANDARD, flags = 0;
+ option text = STRING_TOKEN(STR_CUSTOM_MODE), value = SECURE_BOOT_MODE_CUSTOM, flags = 0;
+ endoneof;
+ endif;
+ oneof name = SecureBootMode,
+ questionid = KEY_SECURE_BOOT_MODE,
+ prompt = STRING_TOKEN(STR_SECURE_BOOT_MODE_PROMPT),
+ help = STRING_TOKEN(STR_SECURE_BOOT_MODE_HELP),
+ flags = INTERACTIVE | NUMERIC_SIZE_1,
+ option text = STRING_TOKEN(STR_STANDARD_MODE), value = SECURE_BOOT_MODE_STANDARD, flags = DEFAULT;
+ option text = STRING_TOKEN(STR_CUSTOM_MODE), value = SECURE_BOOT_MODE_CUSTOM, flags = 0;
+ endoneof;
//
//
// Display of 'Current Secure Boot Mode'
//
- suppressif ideqval SECUREBOOT_CONFIGURATION.SecureBootMode == SECURE_BOOT_MODE_STANDARD;
+ suppressif questionref(SecureBootMode) == SECURE_BOOT_MODE_STANDARD;
grayoutif NOT ideqval SECUREBOOT_CONFIGURATION.PhysicalPresent == 1;
goto FORMID_SECURE_BOOT_OPTION_FORM,
prompt = STRING_TOKEN(STR_SECURE_BOOT_OPTION),
|