diff options
Diffstat (limited to 'OvmfPkg/SecureBootConfigDxe/SecureBootConfig.vfr')
| -rw-r--r-- | OvmfPkg/SecureBootConfigDxe/SecureBootConfig.vfr | 495 |
1 files changed, 495 insertions, 0 deletions
diff --git a/OvmfPkg/SecureBootConfigDxe/SecureBootConfig.vfr b/OvmfPkg/SecureBootConfigDxe/SecureBootConfig.vfr new file mode 100644 index 0000000000..22c03c1288 --- /dev/null +++ b/OvmfPkg/SecureBootConfigDxe/SecureBootConfig.vfr @@ -0,0 +1,495 @@ +/** @file
+ VFR file used by the SecureBoot configuration component.
+
+Copyright (c) 2011 - 2012, Intel Corporation. All rights reserved.<BR>
+This program and the accompanying materials
+are licensed and made available under the terms and conditions of the BSD License
+which accompanies this distribution. The full text of the license may be found at
+http://opensource.org/licenses/bsd-license.php
+
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+
+**/
+
+#include "SecureBootConfigNvData.h"
+
+formset
+ guid = SECUREBOOT_CONFIG_FORM_SET_GUID,
+ title = STRING_TOKEN(STR_SECUREBOOT_TITLE),
+ help = STRING_TOKEN(STR_SECUREBOOT_HELP),
+ classguid = EFI_HII_PLATFORM_SETUP_FORMSET_GUID,
+
+ varstore SECUREBOOT_CONFIGURATION,
+ varid = SECUREBOOT_CONFIGURATION_VARSTORE_ID,
+ name = SECUREBOOT_CONFIGURATION,
+ guid = SECUREBOOT_CONFIG_FORM_SET_GUID;
+
+ //
+ // ##1 Form "Secure Boot Configuration"
+ //
+ form formid = SECUREBOOT_CONFIGURATION_FORM_ID,
+ title = STRING_TOKEN(STR_SECUREBOOT_TITLE);
+
+ subtitle text = STRING_TOKEN(STR_NULL);
+
+ //
+ // Define of Check Box: Attempt Secure Boot
+ //
+ suppressif TRUE;
+ checkbox varid = SECUREBOOT_CONFIGURATION.HideSecureBoot,
+ prompt = STRING_TOKEN(STR_NULL),
+ help = STRING_TOKEN(STR_NULL),
+ endcheckbox;
+ endif;
+
+ //
+ // Display of Check Box: Attempt Secure Boot
+ //
+ grayoutif ideqval SECUREBOOT_CONFIGURATION.HideSecureBoot == 1;
+ checkbox varid = SECUREBOOT_CONFIGURATION.SecureBootState,
+ questionid = KEY_SECURE_BOOT_ENABLE,
+ prompt = STRING_TOKEN(STR_SECURE_BOOT_PROMPT),
+ help = STRING_TOKEN(STR_SECURE_BOOT_HELP),
+ flags = INTERACTIVE,
+ endcheckbox;
+ endif;
+
+ //
+ // Display of Oneof: 'Secure Boot Mode'
+ //
+ oneof varid = SECUREBOOT_CONFIGURATION.SecureBootMode,
+ questionid = KEY_SECURE_BOOT_MODE,
+ prompt = STRING_TOKEN(STR_SECURE_BOOT_MODE_PROMPT),
+ help = STRING_TOKEN(STR_SECURE_BOOT_MODE_HELP),
+ flags = INTERACTIVE,
+ option text = STRING_TOKEN(STR_STANDARD_MODE), value = SECURE_BOOT_MODE_STANDARD, flags = DEFAULT;
+ option text = STRING_TOKEN(STR_CUSTOM_MODE), value = SECURE_BOOT_MODE_CUSTOM, flags = 0;
+ endoneof;
+
+ //
+ //
+ // Display of 'Current Secure Boot Mode'
+ //
+ suppressif ideqval SECUREBOOT_CONFIGURATION.SecureBootMode == SECURE_BOOT_MODE_STANDARD;
+ grayoutif NOT ideqval SECUREBOOT_CONFIGURATION.PhysicalPresent == 1;
+ goto FORMID_SECURE_BOOT_OPTION_FORM,
+ prompt = STRING_TOKEN(STR_SECURE_BOOT_OPTION),
+ help = STRING_TOKEN(STR_SECURE_BOOT_OPTION_HELP),
+ flags = INTERACTIVE,
+ key = KEY_SECURE_BOOT_OPTION;
+ endif;
+ endif;
+ endform;
+
+ //
+ // ##2 Form: 'Custom Secure Boot Options'
+ //
+ form formid = FORMID_SECURE_BOOT_OPTION_FORM,
+ title = STRING_TOKEN(STR_SECURE_BOOT_OPTION_TITLE);
+
+ subtitle text = STRING_TOKEN(STR_NULL);
+
+ goto FORMID_SECURE_BOOT_PK_OPTION_FORM,
+ prompt = STRING_TOKEN(STR_SECURE_BOOT_PK_OPTION),
+ help = STRING_TOKEN(STR_SECURE_BOOT_PK_OPTION_HELP),
+ flags = INTERACTIVE,
+ key = KEY_SECURE_BOOT_PK_OPTION;
+
+ subtitle text = STRING_TOKEN(STR_NULL);
+
+ goto FORMID_SECURE_BOOT_KEK_OPTION_FORM,
+ prompt = STRING_TOKEN(STR_SECURE_BOOT_KEK_OPTION),
+ help = STRING_TOKEN(STR_SECURE_BOOT_KEK_OPTION_HELP),
+ flags = INTERACTIVE,
+ key = KEY_SECURE_BOOT_KEK_OPTION;
+
+ subtitle text = STRING_TOKEN(STR_NULL);
+
+ goto FORMID_SECURE_BOOT_DB_OPTION_FORM,
+ prompt = STRING_TOKEN(STR_SECURE_BOOT_DB_OPTION),
+ help = STRING_TOKEN(STR_SECURE_BOOT_DB_OPTION_HELP),
+ flags = INTERACTIVE,
+ key = KEY_SECURE_BOOT_DB_OPTION;
+
+ subtitle text = STRING_TOKEN(STR_NULL);
+
+ goto FORMID_SECURE_BOOT_DBX_OPTION_FORM,
+ prompt = STRING_TOKEN(STR_SECURE_BOOT_DBX_OPTION),
+ help = STRING_TOKEN(STR_SECURE_BOOT_DBX_OPTION_HELP),
+ flags = INTERACTIVE,
+ key = KEY_SECURE_BOOT_DBX_OPTION;
+
+ endform;
+
+ //
+ // ##3 Form: 'PK Options'
+ //
+ form formid = FORMID_SECURE_BOOT_PK_OPTION_FORM,
+ title = STRING_TOKEN(STR_SECURE_BOOT_PK_OPTION);
+
+ subtitle text = STRING_TOKEN(STR_NULL);
+
+ //
+ // Define of Check Box: 'Delete PK'
+ //
+ suppressif TRUE;
+ checkbox varid = SECUREBOOT_CONFIGURATION.DeletePk,
+ prompt = STRING_TOKEN(STR_NULL),
+ help = STRING_TOKEN(STR_NULL),
+ endcheckbox;
+ endif;
+
+ grayoutif ideqval SECUREBOOT_CONFIGURATION.HasPk == 1;
+ goto FORMID_ENROLL_PK_FORM,
+ prompt = STRING_TOKEN(STR_ENROLL_PK),
+ help = STRING_TOKEN(STR_ENROLL_PK_HELP),
+ flags = INTERACTIVE,
+ key = KEY_ENROLL_PK;
+ endif;
+
+ subtitle text = STRING_TOKEN(STR_NULL);
+
+ //
+ // Display of Check Box: 'Delete Pk'
+ //
+ grayoutif ideqval SECUREBOOT_CONFIGURATION.HideSecureBoot == 1;
+ checkbox varid = SECUREBOOT_CONFIGURATION.DeletePk,
+ questionid = KEY_SECURE_BOOT_DELETE_PK,
+ prompt = STRING_TOKEN(STR_DELETE_PK),
+ help = STRING_TOKEN(STR_DELETE_PK_HELP),
+ flags = INTERACTIVE,
+ endcheckbox;
+ endif;
+ endform;
+
+ //
+ // ##4 Form: 'Enroll PK'
+ //
+ form formid = FORMID_ENROLL_PK_FORM,
+ title = STRING_TOKEN(STR_ENROLL_PK);
+
+ subtitle text = STRING_TOKEN(STR_NULL);
+
+ goto FORM_FILE_EXPLORER_ID_PK,
+ prompt = STRING_TOKEN(STR_SECURE_BOOT_ENROLL_PK_FILE),
+ help = STRING_TOKEN(STR_SECURE_BOOT_ENROLL_PK_FILE),
+ flags = INTERACTIVE,
+ key = SECUREBOOT_ADD_PK_FILE_FORM_ID;
+ endform;
+
+ //
+ // ##5 Form: 'KEK Options'
+ //
+ form formid = FORMID_SECURE_BOOT_KEK_OPTION_FORM,
+ title = STRING_TOKEN(STR_SECURE_BOOT_KEK_OPTION);
+
+ //
+ // Display of 'Enroll KEK'
+ //
+ goto FORMID_ENROLL_KEK_FORM,
+ prompt = STRING_TOKEN(STR_ENROLL_KEK),
+ help = STRING_TOKEN(STR_ENROLL_KEK_HELP),
+ flags = INTERACTIVE;
+
+ subtitle text = STRING_TOKEN(STR_NULL);
+
+ //
+ // Display of 'Delete KEK'
+ //
+ goto FORMID_DELETE_KEK_FORM,
+ prompt = STRING_TOKEN(STR_DELETE_KEK),
+ help = STRING_TOKEN(STR_DELETE_KEK_HELP),
+ flags = INTERACTIVE,
+ key = KEY_DELETE_KEK;
+
+ subtitle text = STRING_TOKEN(STR_NULL);
+ endform;
+
+ //
+ // ##6 Form: 'Enroll KEK'
+ //
+ form formid = FORMID_ENROLL_KEK_FORM,
+ title = STRING_TOKEN(STR_ENROLL_KEK_TITLE);
+
+ subtitle text = STRING_TOKEN(STR_NULL);
+
+ goto FORM_FILE_EXPLORER_ID_KEK,
+ prompt = STRING_TOKEN(STR_FORM_ENROLL_KEK_FROM_FILE_TITLE),
+ help = STRING_TOKEN(STR_FORM_ENROLL_KEK_FROM_FILE_TITLE_HELP),
+ flags = INTERACTIVE,
+ key = FORMID_ENROLL_KEK_FORM;
+
+ subtitle text = STRING_TOKEN(STR_NULL);
+ label FORMID_ENROLL_KEK_FORM;
+ label LABEL_END;
+ subtitle text = STRING_TOKEN(STR_NULL);
+
+ string varid = SECUREBOOT_CONFIGURATION.SignatureGuid,
+ prompt = STRING_TOKEN(STR_SECURE_BOOT_SIGNATURE_GUID),
+ help = STRING_TOKEN(STR_SECURE_BOOT_SIGNATURE_GUID_HELP),
+ flags = INTERACTIVE,
+ key = KEY_SECURE_BOOT_KEK_GUID,
+ minsize = SECURE_BOOT_GUID_SIZE,
+ maxsize = SECURE_BOOT_GUID_SIZE,
+ endstring;
+
+ subtitle text = STRING_TOKEN(STR_NULL);
+ subtitle text = STRING_TOKEN(STR_NULL);
+
+ goto FORMID_SECURE_BOOT_OPTION_FORM,
+ prompt = STRING_TOKEN(STR_SAVE_AND_EXIT),
+ help = STRING_TOKEN(STR_SAVE_AND_EXIT),
+ flags = INTERACTIVE,
+ key = KEY_VALUE_SAVE_AND_EXIT_KEK;
+
+ goto FORMID_SECURE_BOOT_OPTION_FORM,
+ prompt = STRING_TOKEN(STR_NO_SAVE_AND_EXIT),
+ help = STRING_TOKEN(STR_NO_SAVE_AND_EXIT),
+ flags = INTERACTIVE,
+ key = KEY_VALUE_NO_SAVE_AND_EXIT_KEK;
+
+ endform;
+
+ //
+ // ##7 Form: 'Delete KEK'
+ //
+ form formid = FORMID_DELETE_KEK_FORM,
+ title = STRING_TOKEN(STR_DELETE_KEK_TITLE);
+
+ label LABEL_KEK_DELETE;
+ label LABEL_END;
+
+ subtitle text = STRING_TOKEN(STR_NULL);
+
+ endform;
+
+ //
+ // ##8 Form: 'DB Options'
+ //
+ form formid = FORMID_SECURE_BOOT_DB_OPTION_FORM,
+ title = STRING_TOKEN(STR_SECURE_BOOT_DB_OPTION);
+
+ subtitle text = STRING_TOKEN(STR_NULL);
+
+ goto SECUREBOOT_ENROLL_SIGNATURE_TO_DB,
+ prompt = STRING_TOKEN (STR_SECURE_BOOT_ENROLL_SIGNATURE),
+ help = STRING_TOKEN (STR_SECURE_BOOT_ENROLL_SIGNATURE),
+ flags = 0;
+
+ subtitle text = STRING_TOKEN(STR_NULL);
+
+ goto SECUREBOOT_DELETE_SIGNATURE_FROM_DB,
+ prompt = STRING_TOKEN (STR_SECURE_BOOT_DELETE_SIGNATURE),
+ help = STRING_TOKEN (STR_SECURE_BOOT_DELETE_SIGNATURE),
+ flags = INTERACTIVE,
+ key = SECUREBOOT_DELETE_SIGNATURE_FROM_DB;
+
+ endform;
+
+ //
+ // ##9 Form: 'DBX Options'
+ //
+ form formid = FORMID_SECURE_BOOT_DBX_OPTION_FORM,
+ title = STRING_TOKEN(STR_SECURE_BOOT_DBX_OPTION);
+
+ subtitle text = STRING_TOKEN(STR_NULL);
+
+ goto SECUREBOOT_ENROLL_SIGNATURE_TO_DBX,
+ prompt = STRING_TOKEN (STR_SECURE_BOOT_ENROLL_SIGNATURE),
+ help = STRING_TOKEN (STR_SECURE_BOOT_ENROLL_SIGNATURE),
+ flags = 0;
+
+ subtitle text = STRING_TOKEN(STR_NULL);
+
+ goto SECUREBOOT_DELETE_SIGNATURE_FROM_DBX,
+ prompt = STRING_TOKEN (STR_SECURE_BOOT_DELETE_SIGNATURE),
+ help = STRING_TOKEN (STR_SECURE_BOOT_DELETE_SIGNATURE),
+ flags = INTERACTIVE,
+ key = SECUREBOOT_DELETE_SIGNATURE_FROM_DBX;
+
+ endform;
+
+ //
+ // Form: 'Delete Signature' for DB Options.
+ //
+ form formid = SECUREBOOT_DELETE_SIGNATURE_FROM_DB,
+ title = STRING_TOKEN(STR_SECURE_BOOT_DELETE_SIGNATURE);
+
+ label LABEL_DB_DELETE;
+ label LABEL_END;
+ subtitle text = STRING_TOKEN(STR_NULL);
+
+ endform;
+
+ //
+ // Form: 'Delete Signature' for DBX Options.
+ //
+ form formid = SECUREBOOT_DELETE_SIGNATURE_FROM_DBX,
+ title = STRING_TOKEN(STR_SECURE_BOOT_DELETE_SIGNATURE);
+
+ label LABEL_DBX_DELETE;
+ label LABEL_END;
+ subtitle text = STRING_TOKEN(STR_NULL);
+
+ endform;
+
+ //
+ // Form: 'Enroll Signature' for DB options.
+ //
+ form formid = SECUREBOOT_ENROLL_SIGNATURE_TO_DB,
+ title = STRING_TOKEN(STR_SECURE_BOOT_ENROLL_SIGNATURE);
+
+ subtitle text = STRING_TOKEN(STR_NULL);
+
+ goto FORM_FILE_EXPLORER_ID_DB,
+ prompt = STRING_TOKEN(STR_SECURE_BOOT_ADD_SIGNATURE_FILE),
+ help = STRING_TOKEN(STR_SECURE_BOOT_ADD_SIGNATURE_FILE),
+ flags = INTERACTIVE,
+ key = SECUREBOOT_ENROLL_SIGNATURE_TO_DB;
+
+ subtitle text = STRING_TOKEN(STR_NULL);
+ label SECUREBOOT_ENROLL_SIGNATURE_TO_DB;
+ label LABEL_END;
+ subtitle text = STRING_TOKEN(STR_NULL);
+
+ string varid = SECUREBOOT_CONFIGURATION.SignatureGuid,
+ prompt = STRING_TOKEN(STR_SECURE_BOOT_SIGNATURE_GUID),
+ help = STRING_TOKEN(STR_SECURE_BOOT_SIGNATURE_GUID_HELP),
+ flags = INTERACTIVE,
+ key = KEY_SECURE_BOOT_SIGNATURE_GUID_DB,
+ minsize = SECURE_BOOT_GUID_SIZE,
+ maxsize = SECURE_BOOT_GUID_SIZE,
+ endstring;
+
+ subtitle text = STRING_TOKEN(STR_NULL);
+ subtitle text = STRING_TOKEN(STR_NULL);
+
+ goto FORMID_SECURE_BOOT_OPTION_FORM,
+ prompt = STRING_TOKEN(STR_SAVE_AND_EXIT),
+ help = STRING_TOKEN(STR_SAVE_AND_EXIT),
+ flags = INTERACTIVE,
+ key = KEY_VALUE_SAVE_AND_EXIT_DB;
+
+ goto FORMID_SECURE_BOOT_OPTION_FORM,
+ prompt = STRING_TOKEN(STR_NO_SAVE_AND_EXIT),
+ help = STRING_TOKEN(STR_NO_SAVE_AND_EXIT),
+ flags = INTERACTIVE,
+ key = KEY_VALUE_NO_SAVE_AND_EXIT_DB;
+
+ endform;
+
+ //
+ // Form: 'Enroll Signature' for DBX options.
+ //
+ form formid = SECUREBOOT_ENROLL_SIGNATURE_TO_DBX,
+ title = STRING_TOKEN(STR_SECURE_BOOT_ENROLL_SIGNATURE);
+
+ subtitle text = STRING_TOKEN(STR_NULL);
+
+ goto FORM_FILE_EXPLORER_ID_DBX,
+ prompt = STRING_TOKEN(STR_SECURE_BOOT_ADD_SIGNATURE_FILE),
+ help = STRING_TOKEN(STR_SECURE_BOOT_ADD_SIGNATURE_FILE),
+ flags = INTERACTIVE,
+ key = SECUREBOOT_ENROLL_SIGNATURE_TO_DBX;
+
+ subtitle text = STRING_TOKEN(STR_NULL);
+ label SECUREBOOT_ENROLL_SIGNATURE_TO_DBX;
+ label LABEL_END;
+ subtitle text = STRING_TOKEN(STR_NULL);
+
+ string varid = SECUREBOOT_CONFIGURATION.SignatureGuid,
+ prompt = STRING_TOKEN(STR_SECURE_BOOT_SIGNATURE_GUID),
+ help = STRING_TOKEN(STR_SECURE_BOOT_SIGNATURE_GUID_HELP),
+ flags = INTERACTIVE,
+ key = KEY_SECURE_BOOT_SIGNATURE_GUID_DBX,
+ minsize = SECURE_BOOT_GUID_SIZE,
+ maxsize = SECURE_BOOT_GUID_SIZE,
+ endstring;
+
+ subtitle text = STRING_TOKEN(STR_NULL);
+ subtitle text = STRING_TOKEN(STR_NULL);
+
+ goto FORMID_SECURE_BOOT_OPTION_FORM,
+ prompt = STRING_TOKEN(STR_SAVE_AND_EXIT),
+ help = STRING_TOKEN(STR_SAVE_AND_EXIT),
+ flags = INTERACTIVE,
+ key = KEY_VALUE_SAVE_AND_EXIT_DBX;
+
+ goto FORMID_SECURE_BOOT_OPTION_FORM,
+ prompt = STRING_TOKEN(STR_NO_SAVE_AND_EXIT),
+ help = STRING_TOKEN(STR_NO_SAVE_AND_EXIT),
+ flags = INTERACTIVE,
+ key = KEY_VALUE_NO_SAVE_AND_EXIT_DBX;
+
+ endform;
+
+ //
+ // File Explorer for PK
+ //
+ form formid = FORM_FILE_EXPLORER_ID_PK,
+ title = STRING_TOKEN(STR_FILE_EXPLORER_TITLE);
+
+ label FORM_FILE_EXPLORER_ID;
+ label LABEL_END;
+ endform;
+
+ //
+ // File Explorer for KEK
+ //
+ form formid = FORM_FILE_EXPLORER_ID_KEK,
+ title = STRING_TOKEN(STR_FILE_EXPLORER_TITLE);
+
+ label FORM_FILE_EXPLORER_ID;
+ label LABEL_END;
+ endform;
+
+ //
+ // File Explorer for DB
+ //
+ form formid = FORM_FILE_EXPLORER_ID_DB,
+ title = STRING_TOKEN(STR_FILE_EXPLORER_TITLE);
+
+ label FORM_FILE_EXPLORER_ID;
+ label LABEL_END;
+ endform;
+
+ //
+ // File Explorer for DBX
+ //
+ form formid = FORM_FILE_EXPLORER_ID_DBX,
+ title = STRING_TOKEN(STR_FILE_EXPLORER_TITLE);
+
+ label FORM_FILE_EXPLORER_ID;
+ label LABEL_END;
+ endform;
+
+
+ //
+ // Enroll Pk from File Commit Form
+ //
+ form formid = SECUREBOOT_ADD_PK_FILE_FORM_ID,
+ title = STRING_TOKEN(STR_SAVE_PK_FILE);
+
+ label SECUREBOOT_ADD_PK_FILE_FORM_ID;
+ label LABEL_END;
+
+ subtitle text = STRING_TOKEN(STR_NULL);
+
+ text
+ help = STRING_TOKEN(STR_SAVE_AND_EXIT),
+ text = STRING_TOKEN(STR_SAVE_AND_EXIT),
+ text = STRING_TOKEN(STR_NULL),
+ flags = INTERACTIVE,
+ key = KEY_VALUE_SAVE_AND_EXIT_PK;
+
+ text
+ help = STRING_TOKEN(STR_NO_SAVE_AND_EXIT),
+ text = STRING_TOKEN(STR_NO_SAVE_AND_EXIT),
+ text = STRING_TOKEN(STR_NULL),
+ flags = INTERACTIVE,
+ key = KEY_VALUE_NO_SAVE_AND_EXIT_PK;
+
+ endform;
+
+endformset;
|