Platform/BroxtonPlatformPkg/Common/PlatformSettings/PlatformSetupDxe/Security.vfi


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134

// /** @file
//  Security Setup formset.
//
//  Copyright (c) 1999 - 2017, Intel Corporation. All rights reserved.<BR>
//
//  This program and the accompanying materials
//  are licensed and made available under the terms and conditions of the BSD License
//  which accompanies this distribution.  The full text of the license may be found at
//  http://opensource.org/licenses/bsd-license.php.
//
//  THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
//  WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
//
// **/


//
// Security Configuration Form
//

form formid = SECURITY_CONFIGURATION_FORM_ID,
  title    = STRING_TOKEN(STR_SECURITY_CONFIGURATION_TITLE);

  //
  // SeC related
  //
  subtitle text = STRING_TOKEN(STR_SEC_CONFIGURATION_SUBTITLE);

  text
    help   = STRING_TOKEN(STR_NULL_STRING),
    text   = STRING_TOKEN(STR_SEC_VERSION_STRING),
    text   = STRING_TOKEN(STR_TXE_FW_VALUE),
    flags  = 0,
    key    = 0;


  text
    help   = STRING_TOKEN(STR_NULL_STRING),
    text   = STRING_TOKEN(STR_SEC_CAPABILITY_STRING),
    text   = STRING_TOKEN(STR_SEC_CAPABILITY_VALUE),
    flags  = 0,
    key    = 0;

  text
    help   = STRING_TOKEN(STR_NULL_STRING),
    text   = STRING_TOKEN(STR_SEC_FEATURE_STRING),
    text   = STRING_TOKEN(STR_SEC_FEATURE_VALUE),
    flags  = 0,
    key    = 0;

  text
    help   = STRING_TOKEN(STR_NULL_STRING),
    text   = STRING_TOKEN(STR_SEC_OEMTAG_STRING),
    text   = STRING_TOKEN(STR_SEC_OEMTAG_VALUE),
    flags  = 0,
    key    = 0;

  text
    help   = STRING_TOKEN(STR_SEC_TEMP_DISABLE_HELP),
    text   = STRING_TOKEN(STR_SEC_TEMP_DISABLE_STRING),
    text   = STRING_TOKEN(STR_SEC_TEMP_DISABLE_PROMPT),
    flags  = 0,
    key    = 0;
  subtitle text = STRING_TOKEN(STR_NULL_STRING);

  suppressif  ideqval Setup.SeCModeEnable == 0x00;
  grayoutif ideqval Setup.SeCEOPEnable == 1;
  oneof   varid   = Setup.SecEnable,
    prompt      = STRING_TOKEN(STR_SEC_SETTING_PROMPT),
    help        = STRING_TOKEN(STR_SEC_SETTING_HELP),
    option text = STRING_TOKEN(STR_DISABLE), value=0x00, flags=RESET_REQUIRED;
    option text = STRING_TOKEN(STR_ENABLE), value=0x01,  flags=DEFAULT | RESET_REQUIRED;
  endoneof;
  endif;
  endif;

  suppressif  ideqval Setup.SeCOpEnable == 0x00;
  grayoutif ideqval Setup.SeCEOPEnable == 1;
  oneof   varid   = Setup.SecFlashUpdate,
    prompt      = STRING_TOKEN(STR_SEC_FLASH_UPDATE_PROMPT),
    help        = STRING_TOKEN(STR_SEC_FLASH_UPDATE_HELP),
    option text = STRING_TOKEN(STR_DISABLE), value=0x00, flags=DEFAULT | RESET_REQUIRED;
    option text = STRING_TOKEN(STR_ENABLE), value=0x01, flags=RESET_REQUIRED;
  endoneof;

  oneof   varid   = Setup.SecFirmwareUpdate,
    prompt      = STRING_TOKEN(STR_SEC_FIRMWARE_UPDATE_PROMPT),
    help        = STRING_TOKEN(STR_SEC_FIRMWARE_UPDATE_HELP),
    option text = STRING_TOKEN(STR_DISABLE), value=0x00, flags=DEFAULT | RESET_REQUIRED;
    option text = STRING_TOKEN(STR_ENABLE), value=0x01, flags=RESET_REQUIRED;
  endoneof;
  endif;

  oneof   varid   = Setup.SeCEOPEnable,
    prompt      = STRING_TOKEN(STR_SEC_EOP_PROMPT),
    help        = STRING_TOKEN(STR_SEC_EOP_HELP),
    option text = STRING_TOKEN(STR_DISABLE), value=0x00, flags = RESET_REQUIRED;
    option text = STRING_TOKEN(STR_ENABLE), value=0x01, flags = DEFAULT | RESET_REQUIRED;
  endoneof;

  grayoutif ideqval Setup.SeCEOPEnable == 1;
  text
    help   = STRING_TOKEN(STR_SEC_TEMP_DISABLE_HELP),
    text   = STRING_TOKEN(STR_SEC_UNCONFIGURATION_PROMPT),
    flags  = INTERACTIVE,
    key    = 0x1234;
  endif;
  endif;

  //
  //TPM related
  //
  subtitle text = STRING_TOKEN(STR_TPM_CONFIGURATION_PROMPT);

  oneof   varid   = Setup.TPM,
    prompt      = STRING_TOKEN(STR_TPM_PROMPT),
    help        = STRING_TOKEN(STR_TPM_HELP),
    option text = STRING_TOKEN(STR_DISABLE), value = 0x00, flags = DEFAULT | MANUFACTURING | RESET_REQUIRED;
    option text = STRING_TOKEN(STR_TPM_PTT), value = 0x01, flags = RESET_REQUIRED;
  endoneof;

  suppressif NOT ideqval Setup.TPM == 1;
    oneof varid  = Setup.TPMSupportedBanks,
      prompt = STRING_TOKEN(STR_TPM2_PCR_ALLOCATE_PROMPT),
      help   = STRING_TOKEN(STR_TPM2_PCR_ALLOCATE_HELP),
      option text = STRING_TOKEN(STR_TPM2_PCR_ALLOCATE_NULL), value = TPM2_SUPPORTED_BANK_NULL, flags = RESET_REQUIRED;
      option text = STRING_TOKEN(STR_TPM2_PCR_ALLOCATE_SHA1), value = TPM2_SUPPORTED_BANK_SHA1, flags = DEFAULT | MANUFACTURING | RESET_REQUIRED;
      option text = STRING_TOKEN(STR_TPM2_PCR_ALLOCATE_SHA2), value = TPM2_SUPPORTED_BANK_SHA2, flags = RESET_REQUIRED;
      option text = STRING_TOKEN(STR_TPM2_PCR_ALLOCATE_BOTH), value = TPM2_SUPPORTED_BANK_BOTH, flags = RESET_REQUIRED;
    endoneof;
  endif;

endform;