Compare commits
22 Commits
a2abc5e15f
...
9ca522ba15
| Author | SHA1 | Date | |
|---|---|---|---|
|
9ca522ba15 | ||
|
|
3005ff4237 | ||
|
|
d3bcf7e60e | ||
|
85f3fc6654 | ||
|
88f5720e16 | ||
|
27585e73da | ||
|
|
42a443d5cd | ||
|
|
c466cc2ca5 | ||
|
|
5c49aca613 | ||
|
|
99891bd41e | ||
|
|
3485d55709 | ||
|
|
c1a7127e01 | ||
|
|
2f21eddfb8 | ||
|
|
860c29c923 | ||
|
|
8cfead2839 | ||
|
|
30f6b2f3c7 | ||
|
|
4de32568fa | ||
|
ff91020528 | ||
|
943773983d | ||
|
|
e91ea5561d | ||
|
|
5e86b202de | ||
|
|
b764882195 |
@@ -13,6 +13,14 @@ OBJECTS = DevicePath.o UefiDevicePathLib.o DevicePathFromText.o DevicePathUtili
|
|||||||
|
|
||||||
include $(MAKEROOT)/Makefiles/app.makefile
|
include $(MAKEROOT)/Makefiles/app.makefile
|
||||||
|
|
||||||
|
GCCVERSION = $(shell gcc -dumpversion | awk -F'.' '{print $$1}')
|
||||||
|
ifneq ("$(GCCVERSION)", "5")
|
||||||
|
ifneq ($(CXX), llvm)
|
||||||
|
# gcc 12 trips over device path handling
|
||||||
|
BUILD_CFLAGS += -Wno-error=stringop-overflow
|
||||||
|
endif
|
||||||
|
endif
|
||||||
|
|
||||||
LIBS = -lCommon
|
LIBS = -lCommon
|
||||||
ifeq ($(CYGWIN), CYGWIN)
|
ifeq ($(CYGWIN), CYGWIN)
|
||||||
LIBS += -L/lib/e2fsprogs -luuid
|
LIBS += -L/lib/e2fsprogs -luuid
|
||||||
|
|||||||
@@ -542,7 +542,7 @@ GetAlignmentFromFile(char *InFile, UINT32 *Alignment)
|
|||||||
PeFileBuffer = (UINT8 *) malloc (PeFileSize);
|
PeFileBuffer = (UINT8 *) malloc (PeFileSize);
|
||||||
if (PeFileBuffer == NULL) {
|
if (PeFileBuffer == NULL) {
|
||||||
fclose (InFileHandle);
|
fclose (InFileHandle);
|
||||||
Error(NULL, 0, 4001, "Resource", "memory cannot be allocated of %s", InFileHandle);
|
Error(NULL, 0, 4001, "Resource", "memory cannot be allocated for %s", InFile);
|
||||||
return EFI_OUT_OF_RESOURCES;
|
return EFI_OUT_OF_RESOURCES;
|
||||||
}
|
}
|
||||||
fread (PeFileBuffer, sizeof (UINT8), PeFileSize, InFileHandle);
|
fread (PeFileBuffer, sizeof (UINT8), PeFileSize, InFileHandle);
|
||||||
|
|||||||
@@ -1062,7 +1062,7 @@ GetAlignmentFromFile(char *InFile, UINT32 *Alignment)
|
|||||||
PeFileBuffer = (UINT8 *) malloc (PeFileSize);
|
PeFileBuffer = (UINT8 *) malloc (PeFileSize);
|
||||||
if (PeFileBuffer == NULL) {
|
if (PeFileBuffer == NULL) {
|
||||||
fclose (InFileHandle);
|
fclose (InFileHandle);
|
||||||
Error(NULL, 0, 4001, "Resource", "memory cannot be allocated of %s", InFileHandle);
|
Error(NULL, 0, 4001, "Resource", "memory cannot be allocated for %s", InFile);
|
||||||
return EFI_OUT_OF_RESOURCES;
|
return EFI_OUT_OF_RESOURCES;
|
||||||
}
|
}
|
||||||
fread (PeFileBuffer, sizeof (UINT8), PeFileSize, InFileHandle);
|
fread (PeFileBuffer, sizeof (UINT8), PeFileSize, InFileHandle);
|
||||||
|
|||||||
@@ -2825,12 +2825,13 @@ SRes LzmaEnc_CodeOneMemBlock(CLzmaEncHandle pp, BoolInt reInit,
|
|||||||
|
|
||||||
nowPos64 = p->nowPos64;
|
nowPos64 = p->nowPos64;
|
||||||
RangeEnc_Init(&p->rc);
|
RangeEnc_Init(&p->rc);
|
||||||
p->rc.outStream = &outStream.vt;
|
|
||||||
|
|
||||||
if (desiredPackSize == 0)
|
if (desiredPackSize == 0)
|
||||||
return SZ_ERROR_OUTPUT_EOF;
|
return SZ_ERROR_OUTPUT_EOF;
|
||||||
|
|
||||||
|
p->rc.outStream = &outStream.vt;
|
||||||
res = LzmaEnc_CodeOneBlock(p, desiredPackSize, *unpackSize);
|
res = LzmaEnc_CodeOneBlock(p, desiredPackSize, *unpackSize);
|
||||||
|
p->rc.outStream = NULL;
|
||||||
|
|
||||||
*unpackSize = (UInt32)(p->nowPos64 - nowPos64);
|
*unpackSize = (UInt32)(p->nowPos64 - nowPos64);
|
||||||
*destLen -= outStream.rem;
|
*destLen -= outStream.rem;
|
||||||
|
|||||||
@@ -247,6 +247,124 @@ UpdateFrontPageForm (
|
|||||||
HiiFreeOpCodeHandle (EndOpCodeHandle);
|
HiiFreeOpCodeHandle (EndOpCodeHandle);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// FIXME: Copied from Device Manager; clean up
|
||||||
|
void ShowSecureBootConfig(void)
|
||||||
|
{
|
||||||
|
void *StartHandle;
|
||||||
|
void *EndHandle;
|
||||||
|
EFI_IFR_GUID_LABEL *StartLabel;
|
||||||
|
EFI_IFR_GUID_LABEL *EndLabel;
|
||||||
|
EFI_HII_HANDLE *HiiHandles;
|
||||||
|
EFI_HII_HANDLE HiiHandle = gFrontPagePrivate.HiiHandle;
|
||||||
|
UINTN Index;
|
||||||
|
EFI_STRING String;
|
||||||
|
EFI_STRING_ID Token;
|
||||||
|
EFI_STRING_ID TokenHelp;
|
||||||
|
EFI_IFR_FORM_SET *Buffer = NULL;
|
||||||
|
UINTN BufferSize = 0;
|
||||||
|
UINT8 ClassGuidNum;
|
||||||
|
EFI_GUID *ClassGuid;
|
||||||
|
UINTN TempSize = 0;
|
||||||
|
UINT8 *Ptr;
|
||||||
|
EFI_STATUS Status;
|
||||||
|
// XXX: Copied from SecureBootConfigDxe
|
||||||
|
EFI_GUID SecureBootConfigGuid = { 0x5daf50a5, 0xea81, 0x4de2, {0x8f, 0x9b, 0xca, 0xbd, 0xa9, 0xcf, 0x5c, 0x14}};
|
||||||
|
|
||||||
|
StartHandle = HiiAllocateOpCodeHandle();
|
||||||
|
ASSERT(StartHandle != NULL);
|
||||||
|
|
||||||
|
EndHandle = HiiAllocateOpCodeHandle();
|
||||||
|
ASSERT(EndHandle != NULL);
|
||||||
|
|
||||||
|
StartLabel = (EFI_IFR_GUID_LABEL *)HiiCreateGuidOpCode(StartHandle, &gEfiIfrTianoGuid, NULL, sizeof(*StartLabel));
|
||||||
|
StartLabel->ExtendOpCode = EFI_IFR_EXTEND_OP_LABEL;
|
||||||
|
StartLabel->Number = LABEL_DEVICES_LIST;
|
||||||
|
|
||||||
|
EndLabel = (EFI_IFR_GUID_LABEL *)HiiCreateGuidOpCode(EndHandle, &gEfiIfrTianoGuid, NULL, sizeof(*EndLabel));
|
||||||
|
EndLabel->ExtendOpCode = EFI_IFR_EXTEND_OP_LABEL;
|
||||||
|
EndLabel->Number = LABEL_END;
|
||||||
|
|
||||||
|
// Get SecureBootConfig handle
|
||||||
|
HiiHandles = HiiGetHiiHandles(&SecureBootConfigGuid);
|
||||||
|
ASSERT(HiiHandles != NULL);
|
||||||
|
|
||||||
|
// Search for formset of each class type
|
||||||
|
for (Index = 0; HiiHandles[Index] != NULL; Index++) {
|
||||||
|
Status = HiiGetFormSetFromHiiHandle(HiiHandles[Index], &Buffer, &BufferSize);
|
||||||
|
if (EFI_ERROR(Status)) {
|
||||||
|
continue;
|
||||||
|
}
|
||||||
|
|
||||||
|
Ptr = (UINT8 *)Buffer;
|
||||||
|
while (TempSize < BufferSize) {
|
||||||
|
TempSize += ((EFI_IFR_OP_HEADER *)Ptr)->Length;
|
||||||
|
if (((EFI_IFR_OP_HEADER *)Ptr)->Length <= OFFSET_OF (EFI_IFR_FORM_SET, Flags)) {
|
||||||
|
Ptr += ((EFI_IFR_OP_HEADER *)Ptr)->Length;
|
||||||
|
continue;
|
||||||
|
}
|
||||||
|
|
||||||
|
ClassGuidNum = (UINT8)(((EFI_IFR_FORM_SET *)Ptr)->Flags & 0x3);
|
||||||
|
ClassGuid = (EFI_GUID *)(VOID *)(Ptr + sizeof(EFI_IFR_FORM_SET));
|
||||||
|
while (ClassGuidNum-- > 0) {
|
||||||
|
if (CompareGuid(&gEfiHiiPlatformSetupFormsetGuid, ClassGuid) == 0) {
|
||||||
|
ClassGuid++;
|
||||||
|
continue;
|
||||||
|
}
|
||||||
|
|
||||||
|
String = HiiGetString(HiiHandles[Index], ((EFI_IFR_FORM_SET *)Ptr)->FormSetTitle, NULL);
|
||||||
|
if (String == NULL) {
|
||||||
|
String = HiiGetString(HiiHandle, STRING_TOKEN (STR_MISSING_STRING), NULL);
|
||||||
|
ASSERT (String != NULL);
|
||||||
|
}
|
||||||
|
|
||||||
|
Token = HiiSetString(HiiHandle, 0, String, NULL);
|
||||||
|
FreePool(String);
|
||||||
|
|
||||||
|
String = HiiGetString(HiiHandles[Index], ((EFI_IFR_FORM_SET *)Ptr)->Help, NULL);
|
||||||
|
if (String == NULL) {
|
||||||
|
String = HiiGetString(HiiHandle, STRING_TOKEN (STR_MISSING_STRING), NULL);
|
||||||
|
ASSERT(String != NULL);
|
||||||
|
}
|
||||||
|
|
||||||
|
TokenHelp = HiiSetString(HiiHandle, 0, String, NULL);
|
||||||
|
FreePool(String);
|
||||||
|
|
||||||
|
HiiCreateGotoExOpCode(
|
||||||
|
StartHandle,
|
||||||
|
0,
|
||||||
|
Token,
|
||||||
|
TokenHelp,
|
||||||
|
0,
|
||||||
|
0,
|
||||||
|
0,
|
||||||
|
&SecureBootConfigGuid,
|
||||||
|
0
|
||||||
|
);
|
||||||
|
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
|
||||||
|
Ptr += ((EFI_IFR_OP_HEADER *)Ptr)->Length;
|
||||||
|
}
|
||||||
|
|
||||||
|
FreePool (Buffer);
|
||||||
|
Buffer = NULL;
|
||||||
|
TempSize = 0;
|
||||||
|
BufferSize = 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
HiiUpdateForm(
|
||||||
|
HiiHandle,
|
||||||
|
&mFrontPageGuid,
|
||||||
|
FRONT_PAGE_FORM_ID,
|
||||||
|
StartHandle,
|
||||||
|
EndHandle
|
||||||
|
);
|
||||||
|
|
||||||
|
HiiFreeOpCodeHandle(StartHandle);
|
||||||
|
HiiFreeOpCodeHandle(EndHandle);
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
Initialize HII information for the FrontPage
|
Initialize HII information for the FrontPage
|
||||||
|
|
||||||
@@ -305,6 +423,8 @@ InitializeFrontPage (
|
|||||||
//
|
//
|
||||||
UpdateFrontPageForm();
|
UpdateFrontPageForm();
|
||||||
|
|
||||||
|
ShowSecureBootConfig();
|
||||||
|
|
||||||
return Status;
|
return Status;
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -968,10 +1088,10 @@ UpdateFrontPageBannerStrings (
|
|||||||
EFI_PHYSICAL_ADDRESS *Table;
|
EFI_PHYSICAL_ADDRESS *Table;
|
||||||
SMBIOS_TABLE_ENTRY_POINT *EntryPoint;
|
SMBIOS_TABLE_ENTRY_POINT *EntryPoint;
|
||||||
SMBIOS_STRUCTURE_POINTER SmbiosTable;
|
SMBIOS_STRUCTURE_POINTER SmbiosTable;
|
||||||
|
BOOLEAN CheckWebcam;
|
||||||
|
|
||||||
FirmwareConfigurationInformation();
|
FirmwareConfigurationInformation();
|
||||||
WarnNoBootableMedia ();
|
WarnNoBootableMedia ();
|
||||||
WebcamStatus();
|
|
||||||
|
|
||||||
Status = EfiGetSystemConfigurationTable (&gEfiSmbiosTableGuid, (VOID **) &Table);
|
Status = EfiGetSystemConfigurationTable (&gEfiSmbiosTableGuid, (VOID **) &Table);
|
||||||
if (EFI_ERROR (Status) || Table == NULL) {
|
if (EFI_ERROR (Status) || Table == NULL) {
|
||||||
@@ -980,7 +1100,7 @@ UpdateFrontPageBannerStrings (
|
|||||||
|
|
||||||
EntryPoint = (SMBIOS_TABLE_ENTRY_POINT*)Table;
|
EntryPoint = (SMBIOS_TABLE_ENTRY_POINT*)Table;
|
||||||
|
|
||||||
SmbiosTable = GetSmbiosTableFromType (EntryPoint, EFI_SMBIOS_TYPE_BIOS_INFORMATION , 0);
|
SmbiosTable = GetSmbiosTableFromType (EntryPoint, SMBIOS_TYPE_BIOS_INFORMATION , 0);
|
||||||
if (SmbiosTable.Raw != NULL) {
|
if (SmbiosTable.Raw != NULL) {
|
||||||
CHAR16 *FwVersion;
|
CHAR16 *FwVersion;
|
||||||
CHAR16 *TmpBuffer;
|
CHAR16 *TmpBuffer;
|
||||||
@@ -1043,6 +1163,24 @@ UpdateFrontPageBannerStrings (
|
|||||||
FreePool (ProductName);
|
FreePool (ProductName);
|
||||||
FreePool (Manufacturer);
|
FreePool (Manufacturer);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
SmbiosTable = GetSmbiosTableFromType (EntryPoint, SMBIOS_TYPE_SYSTEM_ENCLOSURE, 0);
|
||||||
|
if (SmbiosTable.Raw != NULL) {
|
||||||
|
switch (SmbiosTable.Type3->Type) {
|
||||||
|
//TODO: System76 laptops will always report the laptop chassis type,
|
||||||
|
//but we should probably handle all potential types
|
||||||
|
case MiscChassisTypeLapTop:
|
||||||
|
CheckWebcam = TRUE;
|
||||||
|
break;
|
||||||
|
default:
|
||||||
|
CheckWebcam = FALSE;
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
if (CheckWebcam) {
|
||||||
|
WebcamStatus();
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|||||||
@@ -33,8 +33,10 @@ extern EFI_FORM_BROWSER2_PROTOCOL *gFormBrowser2;
|
|||||||
// These are defined as the same with vfr file
|
// These are defined as the same with vfr file
|
||||||
//
|
//
|
||||||
#define FRONT_PAGE_FORM_ID 0x7600
|
#define FRONT_PAGE_FORM_ID 0x7600
|
||||||
|
#define FIRMWARE_INFO_FORM_ID 0x7601
|
||||||
|
|
||||||
#define LABEL_FRONTPAGE_INFORMATION 0x1000
|
#define LABEL_FRONTPAGE_INFORMATION 0x1000
|
||||||
|
#define LABEL_DEVICES_LIST 0x2000
|
||||||
#define LABEL_END 0xffff
|
#define LABEL_END 0xffff
|
||||||
|
|
||||||
#define FRONT_PAGE_FORMSET_GUID \
|
#define FRONT_PAGE_FORMSET_GUID \
|
||||||
|
|||||||
@@ -13,6 +13,7 @@
|
|||||||
#define FIRMWARE_INFO_FORM_ID 0x7601
|
#define FIRMWARE_INFO_FORM_ID 0x7601
|
||||||
|
|
||||||
#define LABEL_FRONTPAGE_INFORMATION 0x1000
|
#define LABEL_FRONTPAGE_INFORMATION 0x1000
|
||||||
|
#define LABEL_DEVICES_LIST 0x2000
|
||||||
#define LABEL_END 0xffff
|
#define LABEL_END 0xffff
|
||||||
|
|
||||||
formset
|
formset
|
||||||
@@ -36,6 +37,12 @@ formset
|
|||||||
label LABEL_END;
|
label LABEL_END;
|
||||||
|
|
||||||
subtitle text = STRING_TOKEN(STR_EMPTY_STRING);
|
subtitle text = STRING_TOKEN(STR_EMPTY_STRING);
|
||||||
|
|
||||||
|
label LABEL_DEVICES_LIST;
|
||||||
|
label LABEL_END;
|
||||||
|
|
||||||
|
subtitle text = STRING_TOKEN(STR_EMPTY_STRING);
|
||||||
|
|
||||||
goto FIRMWARE_INFO_FORM_ID,
|
goto FIRMWARE_INFO_FORM_ID,
|
||||||
prompt = STRING_TOKEN(STR_FIRMWARE_INFO),
|
prompt = STRING_TOKEN(STR_FIRMWARE_INFO),
|
||||||
help = STRING_TOKEN(STR_EMPTY_STRING);
|
help = STRING_TOKEN(STR_EMPTY_STRING);
|
||||||
@@ -56,6 +63,7 @@ formset
|
|||||||
subtitle text = STRING_TOKEN(STR_TPM_STATUS);
|
subtitle text = STRING_TOKEN(STR_TPM_STATUS);
|
||||||
subtitle text = STRING_TOKEN(STR_EMPTY_STRING);
|
subtitle text = STRING_TOKEN(STR_EMPTY_STRING);
|
||||||
subtitle text = STRING_TOKEN(STR_ME_STATUS);
|
subtitle text = STRING_TOKEN(STR_ME_STATUS);
|
||||||
|
subtitle text = STRING_TOKEN(STR_EMPTY_STRING);
|
||||||
endform;
|
endform;
|
||||||
|
|
||||||
endformset;
|
endformset;
|
||||||
|
|||||||
@@ -60,6 +60,7 @@
|
|||||||
gEfiIfrTianoGuid ## CONSUMES ## GUID (Extended IFR Guid Opcode)
|
gEfiIfrTianoGuid ## CONSUMES ## GUID (Extended IFR Guid Opcode)
|
||||||
gEfiIfrFrontPageGuid ## CONSUMES ## GUID
|
gEfiIfrFrontPageGuid ## CONSUMES ## GUID
|
||||||
gEfiSmbiosTableGuid ## CONSUMES ## GUID
|
gEfiSmbiosTableGuid ## CONSUMES ## GUID
|
||||||
|
gEfiHiiPlatformSetupFormsetGuid ## CONSUMES ## GUID
|
||||||
|
|
||||||
[Protocols]
|
[Protocols]
|
||||||
gEfiSmbiosProtocolGuid ## CONSUMES
|
gEfiSmbiosProtocolGuid ## CONSUMES
|
||||||
|
|||||||
@@ -285,7 +285,7 @@ UsbHcBulkTransfer (
|
|||||||
IN UINT8 DevSpeed,
|
IN UINT8 DevSpeed,
|
||||||
IN UINTN MaxPacket,
|
IN UINTN MaxPacket,
|
||||||
IN UINT8 BufferNum,
|
IN UINT8 BufferNum,
|
||||||
IN OUT VOID *Data[EFI_USB_MAX_BULK_BUFFER_NUM],
|
IN OUT VOID *Data[],
|
||||||
IN OUT UINTN *DataLength,
|
IN OUT UINTN *DataLength,
|
||||||
IN OUT UINT8 *DataToggle,
|
IN OUT UINT8 *DataToggle,
|
||||||
IN UINTN TimeOut,
|
IN UINTN TimeOut,
|
||||||
|
|||||||
@@ -149,7 +149,7 @@ UsbHcBulkTransfer (
|
|||||||
IN UINT8 DevSpeed,
|
IN UINT8 DevSpeed,
|
||||||
IN UINTN MaxPacket,
|
IN UINTN MaxPacket,
|
||||||
IN UINT8 BufferNum,
|
IN UINT8 BufferNum,
|
||||||
IN OUT VOID *Data[EFI_USB_MAX_BULK_BUFFER_NUM],
|
IN OUT VOID *Data[],
|
||||||
IN OUT UINTN *DataLength,
|
IN OUT UINTN *DataLength,
|
||||||
IN OUT UINT8 *DataToggle,
|
IN OUT UINT8 *DataToggle,
|
||||||
IN UINTN TimeOut,
|
IN UINTN TimeOut,
|
||||||
|
|||||||
Binary file not shown.
|
Before Width: | Height: | Size: 315 KiB After Width: | Height: | Size: 403 KiB |
@@ -1,10 +1,6 @@
|
|||||||
/** @file
|
// SPDX-License-Identifier: BSD-2-Clause-Patent
|
||||||
VFR file used by the SecureBoot configuration component.
|
// SPDX-FileCopyrightText: Copyright (c) 2011 - 2018, Intel Corporation. All rights reserved.<BR>
|
||||||
|
// SPDX-FileCopyrightText: 2023 System76 <info@system76.com>
|
||||||
Copyright (c) 2011 - 2018, Intel Corporation. All rights reserved.<BR>
|
|
||||||
SPDX-License-Identifier: BSD-2-Clause-Patent
|
|
||||||
|
|
||||||
**/
|
|
||||||
|
|
||||||
#include "SecureBootConfigNvData.h"
|
#include "SecureBootConfigNvData.h"
|
||||||
|
|
||||||
@@ -19,34 +15,19 @@ formset
|
|||||||
name = SECUREBOOT_CONFIGURATION,
|
name = SECUREBOOT_CONFIGURATION,
|
||||||
guid = SECUREBOOT_CONFIG_FORM_SET_GUID;
|
guid = SECUREBOOT_CONFIG_FORM_SET_GUID;
|
||||||
|
|
||||||
//
|
|
||||||
// ##1 Form "Secure Boot Configuration"
|
|
||||||
//
|
|
||||||
form formid = SECUREBOOT_CONFIGURATION_FORM_ID,
|
form formid = SECUREBOOT_CONFIGURATION_FORM_ID,
|
||||||
title = STRING_TOKEN(STR_SECUREBOOT_TITLE);
|
title = STRING_TOKEN(STR_SECUREBOOT_TITLE);
|
||||||
|
|
||||||
subtitle text = STRING_TOKEN(STR_NULL);
|
// FIXME: firmware-setup doesn't handle EFI_IFR_TEXT.
|
||||||
|
//text
|
||||||
|
// help = STRING_TOKEN(STR_SECURE_BOOT_STATE_HELP),
|
||||||
|
// text = STRING_TOKEN(STR_SECURE_BOOT_STATE_PROMPT),
|
||||||
|
// text = STRING_TOKEN(STR_SECURE_BOOT_STATE_CONTENT);
|
||||||
|
|
||||||
text
|
subtitle text = STRING_TOKEN(STR_SECURE_BOOT_STATE_PROMPT);
|
||||||
help = STRING_TOKEN(STR_SECURE_BOOT_STATE_HELP),
|
|
||||||
text = STRING_TOKEN(STR_SECURE_BOOT_STATE_PROMPT),
|
|
||||||
text = STRING_TOKEN(STR_SECURE_BOOT_STATE_CONTENT);
|
|
||||||
|
|
||||||
//
|
// XXX: Needed for "Secure Boot status" string to update.
|
||||||
// Display of Check Box: Attempt Secure Boot
|
suppressif TRUE;
|
||||||
//
|
|
||||||
grayoutif ideqval SECUREBOOT_CONFIGURATION.HideSecureBoot == 1 OR NOT ideqval SECUREBOOT_CONFIGURATION.PhysicalPresent == 1;
|
|
||||||
checkbox varid = SECUREBOOT_CONFIGURATION.AttemptSecureBoot,
|
|
||||||
questionid = KEY_SECURE_BOOT_ENABLE,
|
|
||||||
prompt = STRING_TOKEN(STR_SECURE_BOOT_PROMPT),
|
|
||||||
help = STRING_TOKEN(STR_SECURE_BOOT_HELP),
|
|
||||||
flags = INTERACTIVE | RESET_REQUIRED,
|
|
||||||
endcheckbox;
|
|
||||||
endif;
|
|
||||||
|
|
||||||
//
|
|
||||||
// Display of Oneof: 'Secure Boot Mode'
|
|
||||||
//
|
|
||||||
oneof name = SecureBootMode,
|
oneof name = SecureBootMode,
|
||||||
questionid = KEY_SECURE_BOOT_MODE,
|
questionid = KEY_SECURE_BOOT_MODE,
|
||||||
prompt = STRING_TOKEN(STR_SECURE_BOOT_MODE_PROMPT),
|
prompt = STRING_TOKEN(STR_SECURE_BOOT_MODE_PROMPT),
|
||||||
@@ -55,557 +36,97 @@ formset
|
|||||||
option text = STRING_TOKEN(STR_STANDARD_MODE), value = SECURE_BOOT_MODE_STANDARD, flags = DEFAULT;
|
option text = STRING_TOKEN(STR_STANDARD_MODE), value = SECURE_BOOT_MODE_STANDARD, flags = DEFAULT;
|
||||||
option text = STRING_TOKEN(STR_CUSTOM_MODE), value = SECURE_BOOT_MODE_CUSTOM, flags = 0;
|
option text = STRING_TOKEN(STR_CUSTOM_MODE), value = SECURE_BOOT_MODE_CUSTOM, flags = 0;
|
||||||
endoneof;
|
endoneof;
|
||||||
|
endif;
|
||||||
|
|
||||||
//
|
suppressif ideqval SECUREBOOT_CONFIGURATION.AttemptSecureBoot == 0;
|
||||||
// Display of 'Current Secure Boot Mode'
|
goto FORMID_SECURE_BOOT_DISABLE,
|
||||||
//
|
prompt = STRING_TOKEN(STR_SECURE_BOOT_DISABLE_PROMPT),
|
||||||
suppressif questionref(SecureBootMode) == SECURE_BOOT_MODE_STANDARD;
|
help = STRING_TOKEN(STR_NULL);
|
||||||
grayoutif NOT ideqval SECUREBOOT_CONFIGURATION.PhysicalPresent == 1;
|
|
||||||
goto FORMID_SECURE_BOOT_OPTION_FORM,
|
|
||||||
prompt = STRING_TOKEN(STR_SECURE_BOOT_OPTION),
|
|
||||||
help = STRING_TOKEN(STR_SECURE_BOOT_OPTION_HELP),
|
|
||||||
flags = INTERACTIVE,
|
|
||||||
key = KEY_SECURE_BOOT_OPTION;
|
|
||||||
endif;
|
endif;
|
||||||
|
suppressif ideqval SECUREBOOT_CONFIGURATION.AttemptSecureBoot == 1;
|
||||||
|
goto FORMID_SECURE_BOOT_ENABLE,
|
||||||
|
prompt = STRING_TOKEN(STR_SECURE_BOOT_ENABLE_PROMPT),
|
||||||
|
help = STRING_TOKEN(STR_NULL);
|
||||||
endif;
|
endif;
|
||||||
|
|
||||||
|
subtitle text = STRING_TOKEN(STR_NULL);
|
||||||
|
|
||||||
|
goto FORMID_DELETE_KEYS,
|
||||||
|
prompt = STRING_TOKEN(STR_DELETE_KEYS_PROMPT),
|
||||||
|
help = STRING_TOKEN(STR_NULL);
|
||||||
|
|
||||||
|
goto FORMID_RESTORE_KEYS,
|
||||||
|
prompt = STRING_TOKEN(STR_RESTORE_KEYS_PROMPT),
|
||||||
|
help = STRING_TOKEN(STR_NULL);
|
||||||
|
|
||||||
|
endform;
|
||||||
|
|
||||||
|
form formid = FORMID_SECURE_BOOT_ENABLE,
|
||||||
|
title = STRING_TOKEN(STR_SECUREBOOT_TITLE);
|
||||||
|
|
||||||
|
subtitle text = STRING_TOKEN(STR_ENABLE_NOTICE);
|
||||||
|
subtitle text = STRING_TOKEN(STR_NULL);
|
||||||
|
|
||||||
text
|
text
|
||||||
help = STRING_TOKEN(STR_SECURE_RESET_TO_DEFAULTS_HELP),
|
help = STRING_TOKEN(STR_NULL),
|
||||||
text = STRING_TOKEN(STR_SECURE_RESET_TO_DEFAULTS),
|
text = STRING_TOKEN(STR_ENABLE_SELECTION),
|
||||||
flags = INTERACTIVE,
|
flags = INTERACTIVE,
|
||||||
key = KEY_SECURE_BOOT_RESET_TO_DEFAULT;
|
key = KEY_SECURE_BOOT_STATE_ENABLE;
|
||||||
|
|
||||||
|
goto SECUREBOOT_CONFIGURATION_FORM_ID,
|
||||||
|
prompt = STRING_TOKEN(STR_CANCEL),
|
||||||
|
help = STRING_TOKEN(STR_NULL);
|
||||||
endform;
|
endform;
|
||||||
|
|
||||||
//
|
form formid = FORMID_SECURE_BOOT_DISABLE,
|
||||||
// ##2 Form: 'Custom Secure Boot Options'
|
title = STRING_TOKEN(STR_SECUREBOOT_TITLE);
|
||||||
//
|
|
||||||
form formid = FORMID_SECURE_BOOT_OPTION_FORM,
|
|
||||||
title = STRING_TOKEN(STR_SECURE_BOOT_OPTION_TITLE);
|
|
||||||
|
|
||||||
|
subtitle text = STRING_TOKEN(STR_DISABLE_NOTICE);
|
||||||
subtitle text = STRING_TOKEN(STR_NULL);
|
subtitle text = STRING_TOKEN(STR_NULL);
|
||||||
|
|
||||||
goto FORMID_SECURE_BOOT_PK_OPTION_FORM,
|
|
||||||
prompt = STRING_TOKEN(STR_SECURE_BOOT_PK_OPTION),
|
|
||||||
help = STRING_TOKEN(STR_SECURE_BOOT_PK_OPTION_HELP),
|
|
||||||
flags = INTERACTIVE,
|
|
||||||
key = KEY_SECURE_BOOT_PK_OPTION;
|
|
||||||
|
|
||||||
subtitle text = STRING_TOKEN(STR_NULL);
|
|
||||||
|
|
||||||
goto FORMID_SECURE_BOOT_KEK_OPTION_FORM,
|
|
||||||
prompt = STRING_TOKEN(STR_SECURE_BOOT_KEK_OPTION),
|
|
||||||
help = STRING_TOKEN(STR_SECURE_BOOT_KEK_OPTION_HELP),
|
|
||||||
flags = INTERACTIVE,
|
|
||||||
key = KEY_SECURE_BOOT_KEK_OPTION;
|
|
||||||
|
|
||||||
subtitle text = STRING_TOKEN(STR_NULL);
|
|
||||||
|
|
||||||
goto FORMID_SECURE_BOOT_DB_OPTION_FORM,
|
|
||||||
prompt = STRING_TOKEN(STR_SECURE_BOOT_DB_OPTION),
|
|
||||||
help = STRING_TOKEN(STR_SECURE_BOOT_DB_OPTION_HELP),
|
|
||||||
flags = INTERACTIVE,
|
|
||||||
key = KEY_SECURE_BOOT_DB_OPTION;
|
|
||||||
|
|
||||||
subtitle text = STRING_TOKEN(STR_NULL);
|
|
||||||
|
|
||||||
goto FORMID_SECURE_BOOT_DBX_OPTION_FORM,
|
|
||||||
prompt = STRING_TOKEN(STR_SECURE_BOOT_DBX_OPTION),
|
|
||||||
help = STRING_TOKEN(STR_SECURE_BOOT_DBX_OPTION_HELP),
|
|
||||||
flags = INTERACTIVE,
|
|
||||||
key = KEY_SECURE_BOOT_DBX_OPTION;
|
|
||||||
|
|
||||||
subtitle text = STRING_TOKEN(STR_NULL);
|
|
||||||
|
|
||||||
goto FORMID_SECURE_BOOT_DBT_OPTION_FORM,
|
|
||||||
prompt = STRING_TOKEN(STR_SECURE_BOOT_DBT_OPTION),
|
|
||||||
help = STRING_TOKEN(STR_SECURE_BOOT_DBT_OPTION_HELP),
|
|
||||||
flags = INTERACTIVE,
|
|
||||||
key = KEY_SECURE_BOOT_DBT_OPTION;
|
|
||||||
|
|
||||||
endform;
|
|
||||||
|
|
||||||
//
|
|
||||||
// ##3 Form: 'PK Options'
|
|
||||||
//
|
|
||||||
form formid = FORMID_SECURE_BOOT_PK_OPTION_FORM,
|
|
||||||
title = STRING_TOKEN(STR_SECURE_BOOT_PK_OPTION);
|
|
||||||
|
|
||||||
subtitle text = STRING_TOKEN(STR_NULL);
|
|
||||||
|
|
||||||
//
|
|
||||||
// Display of 'Enroll PK'
|
|
||||||
//
|
|
||||||
grayoutif ideqval SECUREBOOT_CONFIGURATION.HasPk == 1;
|
|
||||||
goto FORMID_ENROLL_PK_FORM,
|
|
||||||
prompt = STRING_TOKEN(STR_ENROLL_PK),
|
|
||||||
help = STRING_TOKEN(STR_ENROLL_PK_HELP),
|
|
||||||
flags = INTERACTIVE,
|
|
||||||
key = KEY_ENROLL_PK;
|
|
||||||
endif;
|
|
||||||
|
|
||||||
subtitle text = STRING_TOKEN(STR_NULL);
|
|
||||||
|
|
||||||
//
|
|
||||||
// Display of Check Box: 'Delete Pk'
|
|
||||||
//
|
|
||||||
grayoutif ideqval SECUREBOOT_CONFIGURATION.HideSecureBoot == 1;
|
|
||||||
checkbox varid = SECUREBOOT_CONFIGURATION.DeletePk,
|
|
||||||
questionid = KEY_SECURE_BOOT_DELETE_PK,
|
|
||||||
prompt = STRING_TOKEN(STR_DELETE_PK),
|
|
||||||
help = STRING_TOKEN(STR_DELETE_PK_HELP),
|
|
||||||
flags = INTERACTIVE | RESET_REQUIRED,
|
|
||||||
endcheckbox;
|
|
||||||
endif;
|
|
||||||
endform;
|
|
||||||
|
|
||||||
//
|
|
||||||
// ##4 Form: 'Enroll PK'
|
|
||||||
//
|
|
||||||
form formid = FORMID_ENROLL_PK_FORM,
|
|
||||||
title = STRING_TOKEN(STR_ENROLL_PK);
|
|
||||||
|
|
||||||
subtitle text = STRING_TOKEN(STR_NULL);
|
|
||||||
|
|
||||||
goto FORMID_ENROLL_PK_FORM,
|
|
||||||
prompt = STRING_TOKEN(STR_SECURE_BOOT_ENROLL_PK_FILE),
|
|
||||||
help = STRING_TOKEN(STR_SECURE_BOOT_ENROLL_PK_FILE),
|
|
||||||
flags = INTERACTIVE,
|
|
||||||
key = FORMID_ENROLL_PK_FORM;
|
|
||||||
|
|
||||||
subtitle text = STRING_TOKEN(STR_NULL);
|
|
||||||
label FORMID_ENROLL_PK_FORM;
|
|
||||||
label LABEL_END;
|
|
||||||
subtitle text = STRING_TOKEN(STR_NULL);
|
|
||||||
|
|
||||||
goto FORMID_SECURE_BOOT_OPTION_FORM,
|
|
||||||
prompt = STRING_TOKEN(STR_SAVE_AND_EXIT),
|
|
||||||
help = STRING_TOKEN(STR_SAVE_AND_EXIT),
|
|
||||||
flags = INTERACTIVE| RESET_REQUIRED,
|
|
||||||
key = KEY_VALUE_SAVE_AND_EXIT_PK;
|
|
||||||
|
|
||||||
goto FORMID_SECURE_BOOT_OPTION_FORM,
|
|
||||||
prompt = STRING_TOKEN(STR_NO_SAVE_AND_EXIT),
|
|
||||||
help = STRING_TOKEN(STR_NO_SAVE_AND_EXIT),
|
|
||||||
flags = INTERACTIVE,
|
|
||||||
key = KEY_VALUE_NO_SAVE_AND_EXIT_PK;
|
|
||||||
|
|
||||||
endform;
|
|
||||||
|
|
||||||
//
|
|
||||||
// ##5 Form: 'KEK Options'
|
|
||||||
//
|
|
||||||
form formid = FORMID_SECURE_BOOT_KEK_OPTION_FORM,
|
|
||||||
title = STRING_TOKEN(STR_SECURE_BOOT_KEK_OPTION);
|
|
||||||
|
|
||||||
//
|
|
||||||
// Display of 'Enroll KEK'
|
|
||||||
//
|
|
||||||
goto FORMID_ENROLL_KEK_FORM,
|
|
||||||
prompt = STRING_TOKEN(STR_ENROLL_KEK),
|
|
||||||
help = STRING_TOKEN(STR_ENROLL_KEK_HELP),
|
|
||||||
flags = INTERACTIVE;
|
|
||||||
|
|
||||||
subtitle text = STRING_TOKEN(STR_NULL);
|
|
||||||
|
|
||||||
//
|
|
||||||
// Display of 'Delete KEK'
|
|
||||||
//
|
|
||||||
goto FORMID_DELETE_KEK_FORM,
|
|
||||||
prompt = STRING_TOKEN(STR_DELETE_KEK),
|
|
||||||
help = STRING_TOKEN(STR_DELETE_KEK_HELP),
|
|
||||||
flags = INTERACTIVE,
|
|
||||||
key = KEY_DELETE_KEK;
|
|
||||||
|
|
||||||
subtitle text = STRING_TOKEN(STR_NULL);
|
|
||||||
endform;
|
|
||||||
|
|
||||||
//
|
|
||||||
// ##6 Form: 'Enroll KEK'
|
|
||||||
//
|
|
||||||
form formid = FORMID_ENROLL_KEK_FORM,
|
|
||||||
title = STRING_TOKEN(STR_ENROLL_KEK_TITLE);
|
|
||||||
|
|
||||||
subtitle text = STRING_TOKEN(STR_NULL);
|
|
||||||
|
|
||||||
goto FORMID_ENROLL_KEK_FORM,
|
|
||||||
prompt = STRING_TOKEN(STR_FORM_ENROLL_KEK_FROM_FILE_TITLE),
|
|
||||||
help = STRING_TOKEN(STR_FORM_ENROLL_KEK_FROM_FILE_TITLE_HELP),
|
|
||||||
flags = INTERACTIVE,
|
|
||||||
key = FORMID_ENROLL_KEK_FORM;
|
|
||||||
|
|
||||||
subtitle text = STRING_TOKEN(STR_NULL);
|
|
||||||
label FORMID_ENROLL_KEK_FORM;
|
|
||||||
label LABEL_END;
|
|
||||||
subtitle text = STRING_TOKEN(STR_NULL);
|
|
||||||
|
|
||||||
string varid = SECUREBOOT_CONFIGURATION.SignatureGuid,
|
|
||||||
prompt = STRING_TOKEN(STR_SECURE_BOOT_SIGNATURE_GUID),
|
|
||||||
help = STRING_TOKEN(STR_SECURE_BOOT_SIGNATURE_GUID_HELP),
|
|
||||||
flags = INTERACTIVE,
|
|
||||||
key = KEY_SECURE_BOOT_KEK_GUID,
|
|
||||||
minsize = SECURE_BOOT_GUID_SIZE,
|
|
||||||
maxsize = SECURE_BOOT_GUID_SIZE,
|
|
||||||
endstring;
|
|
||||||
|
|
||||||
subtitle text = STRING_TOKEN(STR_NULL);
|
|
||||||
subtitle text = STRING_TOKEN(STR_NULL);
|
|
||||||
|
|
||||||
goto FORMID_SECURE_BOOT_OPTION_FORM,
|
|
||||||
prompt = STRING_TOKEN(STR_SAVE_AND_EXIT),
|
|
||||||
help = STRING_TOKEN(STR_SAVE_AND_EXIT),
|
|
||||||
flags = INTERACTIVE,
|
|
||||||
key = KEY_VALUE_SAVE_AND_EXIT_KEK;
|
|
||||||
|
|
||||||
goto FORMID_SECURE_BOOT_OPTION_FORM,
|
|
||||||
prompt = STRING_TOKEN(STR_NO_SAVE_AND_EXIT),
|
|
||||||
help = STRING_TOKEN(STR_NO_SAVE_AND_EXIT),
|
|
||||||
flags = INTERACTIVE,
|
|
||||||
key = KEY_VALUE_NO_SAVE_AND_EXIT_KEK;
|
|
||||||
|
|
||||||
endform;
|
|
||||||
|
|
||||||
//
|
|
||||||
// ##7 Form: 'Delete KEK'
|
|
||||||
//
|
|
||||||
form formid = FORMID_DELETE_KEK_FORM,
|
|
||||||
title = STRING_TOKEN(STR_DELETE_KEK_TITLE);
|
|
||||||
|
|
||||||
label LABEL_KEK_DELETE;
|
|
||||||
label LABEL_END;
|
|
||||||
|
|
||||||
subtitle text = STRING_TOKEN(STR_NULL);
|
|
||||||
|
|
||||||
endform;
|
|
||||||
|
|
||||||
//
|
|
||||||
// ##8 Form: 'DB Options'
|
|
||||||
//
|
|
||||||
form formid = FORMID_SECURE_BOOT_DB_OPTION_FORM,
|
|
||||||
title = STRING_TOKEN(STR_SECURE_BOOT_DB_OPTION);
|
|
||||||
|
|
||||||
subtitle text = STRING_TOKEN(STR_NULL);
|
|
||||||
|
|
||||||
goto SECUREBOOT_ENROLL_SIGNATURE_TO_DB,
|
|
||||||
prompt = STRING_TOKEN (STR_SECURE_BOOT_ENROLL_SIGNATURE),
|
|
||||||
help = STRING_TOKEN (STR_SECURE_BOOT_ENROLL_SIGNATURE),
|
|
||||||
flags = 0;
|
|
||||||
|
|
||||||
subtitle text = STRING_TOKEN(STR_NULL);
|
|
||||||
|
|
||||||
goto SECUREBOOT_DELETE_SIGNATURE_FROM_DB,
|
|
||||||
prompt = STRING_TOKEN (STR_SECURE_BOOT_DELETE_SIGNATURE),
|
|
||||||
help = STRING_TOKEN (STR_SECURE_BOOT_DELETE_SIGNATURE),
|
|
||||||
flags = INTERACTIVE,
|
|
||||||
key = SECUREBOOT_DELETE_SIGNATURE_FROM_DB;
|
|
||||||
|
|
||||||
endform;
|
|
||||||
|
|
||||||
//
|
|
||||||
// ##9 Form: 'DBX Options'
|
|
||||||
//
|
|
||||||
form formid = FORMID_SECURE_BOOT_DBX_OPTION_FORM,
|
|
||||||
title = STRING_TOKEN(STR_SECURE_BOOT_DBX_OPTION);
|
|
||||||
|
|
||||||
subtitle text = STRING_TOKEN(STR_NULL);
|
|
||||||
|
|
||||||
goto SECUREBOOT_ENROLL_SIGNATURE_TO_DBX,
|
|
||||||
prompt = STRING_TOKEN (STR_SECURE_BOOT_ENROLL_SIGNATURE),
|
|
||||||
help = STRING_TOKEN (STR_SECURE_BOOT_ENROLL_SIGNATURE),
|
|
||||||
flags = 0;
|
|
||||||
|
|
||||||
subtitle text = STRING_TOKEN(STR_NULL);
|
|
||||||
|
|
||||||
goto SECUREBOOT_DELETE_SIGNATURE_LIST_FORM,
|
|
||||||
prompt = STRING_TOKEN (STR_SECURE_BOOT_DELETE_SIGNATURE),
|
|
||||||
help = STRING_TOKEN (STR_SECURE_BOOT_DELETE_SIGNATURE),
|
|
||||||
flags = INTERACTIVE,
|
|
||||||
key = KEY_VALUE_FROM_DBX_TO_LIST_FORM;
|
|
||||||
|
|
||||||
endform;
|
|
||||||
|
|
||||||
//
|
|
||||||
// ##9 Form: 'DBT Options'
|
|
||||||
//
|
|
||||||
form formid = FORMID_SECURE_BOOT_DBT_OPTION_FORM,
|
|
||||||
title = STRING_TOKEN(STR_SECURE_BOOT_DBT_OPTION);
|
|
||||||
|
|
||||||
subtitle text = STRING_TOKEN(STR_NULL);
|
|
||||||
|
|
||||||
goto SECUREBOOT_ENROLL_SIGNATURE_TO_DBT,
|
|
||||||
prompt = STRING_TOKEN (STR_SECURE_BOOT_ENROLL_SIGNATURE),
|
|
||||||
help = STRING_TOKEN (STR_SECURE_BOOT_ENROLL_SIGNATURE),
|
|
||||||
flags = 0;
|
|
||||||
|
|
||||||
subtitle text = STRING_TOKEN(STR_NULL);
|
|
||||||
|
|
||||||
goto SECUREBOOT_DELETE_SIGNATURE_FROM_DBT,
|
|
||||||
prompt = STRING_TOKEN (STR_SECURE_BOOT_DELETE_SIGNATURE),
|
|
||||||
help = STRING_TOKEN (STR_SECURE_BOOT_DELETE_SIGNATURE),
|
|
||||||
flags = INTERACTIVE,
|
|
||||||
key = SECUREBOOT_DELETE_SIGNATURE_FROM_DBT;
|
|
||||||
|
|
||||||
endform;
|
|
||||||
|
|
||||||
//
|
|
||||||
// Form: 'Delete Signature' for DB Options.
|
|
||||||
//
|
|
||||||
form formid = SECUREBOOT_DELETE_SIGNATURE_FROM_DB,
|
|
||||||
title = STRING_TOKEN(STR_SECURE_BOOT_DELETE_SIGNATURE);
|
|
||||||
|
|
||||||
label LABEL_DB_DELETE;
|
|
||||||
label LABEL_END;
|
|
||||||
subtitle text = STRING_TOKEN(STR_NULL);
|
|
||||||
|
|
||||||
endform;
|
|
||||||
|
|
||||||
//
|
|
||||||
// Form: Display Signature List.
|
|
||||||
//
|
|
||||||
form formid = SECUREBOOT_DELETE_SIGNATURE_LIST_FORM,
|
|
||||||
title = STRING_TOKEN(STR_SECURE_BOOT_DELETE_LIST_FORM);
|
|
||||||
|
|
||||||
subtitle text = STRING_TOKEN(STR_NULL);
|
|
||||||
|
|
||||||
grayoutif ideqval SECUREBOOT_CONFIGURATION.ListCount == 0;
|
|
||||||
label LABEL_DELETE_ALL_LIST_BUTTON;
|
|
||||||
//
|
|
||||||
// Will create a goto button dynamically here.
|
|
||||||
//
|
|
||||||
label LABEL_END;
|
|
||||||
endif;
|
|
||||||
|
|
||||||
subtitle text = STRING_TOKEN(STR_NULL);
|
|
||||||
label LABEL_SIGNATURE_LIST_START;
|
|
||||||
label LABEL_END;
|
|
||||||
subtitle text = STRING_TOKEN(STR_NULL);
|
|
||||||
|
|
||||||
endform;
|
|
||||||
|
|
||||||
//
|
|
||||||
// Form: Display Signature Data.
|
|
||||||
//
|
|
||||||
form formid = SECUREBOOT_DELETE_SIGNATURE_DATA_FORM,
|
|
||||||
title = STRING_TOKEN(STR_SECURE_BOOT_DELETE_DATA_FORM);
|
|
||||||
|
|
||||||
subtitle text = STRING_TOKEN(STR_NULL);
|
|
||||||
|
|
||||||
goto SECUREBOOT_DELETE_SIGNATURE_LIST_FORM,
|
|
||||||
prompt = STRING_TOKEN(STR_SECURE_BOOT_DELETE_ALL_DATA),
|
|
||||||
help = STRING_TOKEN(STR_SECURE_BOOT_DELETE_ALL_DATA_HELP),
|
|
||||||
flags = INTERACTIVE,
|
|
||||||
key = KEY_SECURE_BOOT_DELETE_ALL_DATA;
|
|
||||||
|
|
||||||
grayoutif ideqval SECUREBOOT_CONFIGURATION.CheckedDataCount == 0;
|
|
||||||
goto SECUREBOOT_DELETE_SIGNATURE_LIST_FORM,
|
|
||||||
prompt = STRING_TOKEN(STR_SECURE_BOOT_DELETE_CHECK_DATA),
|
|
||||||
help = STRING_TOKEN(STR_SECURE_BOOT_DELETE_CHECK_DATA_HELP),
|
|
||||||
flags = INTERACTIVE,
|
|
||||||
key = KEY_SECURE_BOOT_DELETE_CHECK_DATA;
|
|
||||||
endif;
|
|
||||||
|
|
||||||
subtitle text = STRING_TOKEN(STR_NULL);
|
|
||||||
label LABEL_SIGNATURE_DATA_START;
|
|
||||||
label LABEL_END;
|
|
||||||
subtitle text = STRING_TOKEN(STR_NULL);
|
|
||||||
|
|
||||||
endform;
|
|
||||||
|
|
||||||
|
|
||||||
//
|
|
||||||
// Form: 'Delete Signature' for DBT Options.
|
|
||||||
//
|
|
||||||
form formid = SECUREBOOT_DELETE_SIGNATURE_FROM_DBT,
|
|
||||||
title = STRING_TOKEN(STR_SECURE_BOOT_DELETE_SIGNATURE);
|
|
||||||
|
|
||||||
label LABEL_DBT_DELETE;
|
|
||||||
label LABEL_END;
|
|
||||||
subtitle text = STRING_TOKEN(STR_NULL);
|
|
||||||
|
|
||||||
endform;
|
|
||||||
|
|
||||||
//
|
|
||||||
// Form: 'Enroll Signature' for DB options.
|
|
||||||
//
|
|
||||||
form formid = SECUREBOOT_ENROLL_SIGNATURE_TO_DB,
|
|
||||||
title = STRING_TOKEN(STR_SECURE_BOOT_ENROLL_SIGNATURE);
|
|
||||||
|
|
||||||
subtitle text = STRING_TOKEN(STR_NULL);
|
|
||||||
|
|
||||||
goto SECUREBOOT_ENROLL_SIGNATURE_TO_DB,
|
|
||||||
prompt = STRING_TOKEN(STR_SECURE_BOOT_ADD_SIGNATURE_FILE),
|
|
||||||
help = STRING_TOKEN(STR_SECURE_BOOT_ADD_SIGNATURE_FILE),
|
|
||||||
flags = INTERACTIVE,
|
|
||||||
key = SECUREBOOT_ENROLL_SIGNATURE_TO_DB;
|
|
||||||
|
|
||||||
subtitle text = STRING_TOKEN(STR_NULL);
|
|
||||||
label SECUREBOOT_ENROLL_SIGNATURE_TO_DB;
|
|
||||||
label LABEL_END;
|
|
||||||
subtitle text = STRING_TOKEN(STR_NULL);
|
|
||||||
|
|
||||||
string varid = SECUREBOOT_CONFIGURATION.SignatureGuid,
|
|
||||||
prompt = STRING_TOKEN(STR_SECURE_BOOT_SIGNATURE_GUID),
|
|
||||||
help = STRING_TOKEN(STR_SECURE_BOOT_SIGNATURE_GUID_HELP),
|
|
||||||
flags = INTERACTIVE,
|
|
||||||
key = KEY_SECURE_BOOT_SIGNATURE_GUID_DB,
|
|
||||||
minsize = SECURE_BOOT_GUID_SIZE,
|
|
||||||
maxsize = SECURE_BOOT_GUID_SIZE,
|
|
||||||
endstring;
|
|
||||||
|
|
||||||
subtitle text = STRING_TOKEN(STR_NULL);
|
|
||||||
subtitle text = STRING_TOKEN(STR_NULL);
|
|
||||||
|
|
||||||
goto FORMID_SECURE_BOOT_OPTION_FORM,
|
|
||||||
prompt = STRING_TOKEN(STR_SAVE_AND_EXIT),
|
|
||||||
help = STRING_TOKEN(STR_SAVE_AND_EXIT),
|
|
||||||
flags = INTERACTIVE,
|
|
||||||
key = KEY_VALUE_SAVE_AND_EXIT_DB;
|
|
||||||
|
|
||||||
goto FORMID_SECURE_BOOT_OPTION_FORM,
|
|
||||||
prompt = STRING_TOKEN(STR_NO_SAVE_AND_EXIT),
|
|
||||||
help = STRING_TOKEN(STR_NO_SAVE_AND_EXIT),
|
|
||||||
flags = INTERACTIVE,
|
|
||||||
key = KEY_VALUE_NO_SAVE_AND_EXIT_DB;
|
|
||||||
|
|
||||||
endform;
|
|
||||||
|
|
||||||
//
|
|
||||||
// Form: 'Enroll Signature' for DBX options.
|
|
||||||
//
|
|
||||||
form formid = SECUREBOOT_ENROLL_SIGNATURE_TO_DBX,
|
|
||||||
title = STRING_TOKEN(STR_SECURE_BOOT_ENROLL_SIGNATURE);
|
|
||||||
|
|
||||||
subtitle text = STRING_TOKEN(STR_NULL);
|
|
||||||
|
|
||||||
goto SECUREBOOT_ENROLL_SIGNATURE_TO_DBX,
|
|
||||||
prompt = STRING_TOKEN(STR_SECURE_BOOT_ADD_SIGNATURE_FILE),
|
|
||||||
help = STRING_TOKEN(STR_SECURE_BOOT_ADD_SIGNATURE_FILE),
|
|
||||||
flags = INTERACTIVE,
|
|
||||||
key = SECUREBOOT_ENROLL_SIGNATURE_TO_DBX;
|
|
||||||
|
|
||||||
label SECUREBOOT_ENROLL_SIGNATURE_TO_DBX;
|
|
||||||
label LABEL_END;
|
|
||||||
subtitle text = STRING_TOKEN(STR_NULL);
|
|
||||||
|
|
||||||
grayoutif ideqval SECUREBOOT_CONFIGURATION.FileEnrollType == 3;
|
|
||||||
string varid = SECUREBOOT_CONFIGURATION.SignatureGuid,
|
|
||||||
prompt = STRING_TOKEN(STR_SECURE_BOOT_SIGNATURE_GUID),
|
|
||||||
help = STRING_TOKEN(STR_SECURE_BOOT_SIGNATURE_GUID_HELP),
|
|
||||||
flags = INTERACTIVE,
|
|
||||||
key = KEY_SECURE_BOOT_SIGNATURE_GUID_DBX,
|
|
||||||
minsize = SECURE_BOOT_GUID_SIZE,
|
|
||||||
maxsize = SECURE_BOOT_GUID_SIZE,
|
|
||||||
endstring;
|
|
||||||
endif;
|
|
||||||
|
|
||||||
disableif NOT ideqval SECUREBOOT_CONFIGURATION.FileEnrollType == 1;
|
|
||||||
oneof name = X509SignatureFormatInDbx,
|
|
||||||
varid = SECUREBOOT_CONFIGURATION.CertificateFormat,
|
|
||||||
prompt = STRING_TOKEN(STR_DBX_CERTIFICATE_FORMAT_PROMPT),
|
|
||||||
help = STRING_TOKEN(STR_DBX_CERTIFICATE_FORMAT_HELP),
|
|
||||||
option text = STRING_TOKEN(STR_DBX_CERTIFICATE_FORMAT_SHA256), value = 0x1, flags = DEFAULT;
|
|
||||||
option text = STRING_TOKEN(STR_DBX_CERTIFICATE_FORMAT_SHA384), value = 0x2, flags = 0;
|
|
||||||
option text = STRING_TOKEN(STR_DBX_CERTIFICATE_FORMAT_SHA512), value = 0x3, flags = 0;
|
|
||||||
option text = STRING_TOKEN(STR_DBX_CERTIFICATE_FORMAT_RAW), value = 0x4, flags = 0;
|
|
||||||
endoneof;
|
|
||||||
endif;
|
|
||||||
|
|
||||||
disableif NOT ideqval SECUREBOOT_CONFIGURATION.FileEnrollType == 2;
|
|
||||||
text
|
text
|
||||||
help = STRING_TOKEN(STR_DBX_PE_IMAGE_FORMAT_HELP), // Help string
|
help = STRING_TOKEN(STR_NULL),
|
||||||
text = STRING_TOKEN(STR_DBX_CERTIFICATE_FORMAT_PROMPT), // Prompt string
|
text = STRING_TOKEN(STR_DISABLE_SELECTION),
|
||||||
text = STRING_TOKEN(STR_DBX_PE_FORMAT_SHA256); // PE image type
|
|
||||||
endif;
|
|
||||||
|
|
||||||
disableif NOT ideqval SECUREBOOT_CONFIGURATION.FileEnrollType == 3;
|
|
||||||
text
|
|
||||||
help = STRING_TOKEN(STR_DBX_AUTH_2_FORMAT_HELP), // Help string
|
|
||||||
text = STRING_TOKEN(STR_DBX_CERTIFICATE_FORMAT_PROMPT), // Prompt string
|
|
||||||
text = STRING_TOKEN(STR_DBX_AUTH_2_FORMAT); // AUTH_2 image type
|
|
||||||
endif;
|
|
||||||
|
|
||||||
suppressif ideqval SECUREBOOT_CONFIGURATION.CertificateFormat == 4;
|
|
||||||
checkbox varid = SECUREBOOT_CONFIGURATION.AlwaysRevocation,
|
|
||||||
prompt = STRING_TOKEN(STR_ALWAYS_CERTIFICATE_REVOCATION_PROMPT),
|
|
||||||
help = STRING_TOKEN(STR_ALWAYS_CERTIFICATE_REVOCATION_HELP),
|
|
||||||
flags = INTERACTIVE,
|
flags = INTERACTIVE,
|
||||||
endcheckbox;
|
key = KEY_SECURE_BOOT_STATE_DISABLE;
|
||||||
|
|
||||||
suppressif ideqval SECUREBOOT_CONFIGURATION.AlwaysRevocation == 1;
|
|
||||||
date varid = SECUREBOOT_CONFIGURATION.RevocationDate,
|
|
||||||
prompt = STRING_TOKEN(STR_CERTIFICATE_REVOCATION_DATE_PROMPT),
|
|
||||||
help = STRING_TOKEN(STR_CERTIFICATE_REVOCATION_DATE_HELP),
|
|
||||||
flags = STORAGE_NORMAL,
|
|
||||||
enddate;
|
|
||||||
|
|
||||||
time varid = SECUREBOOT_CONFIGURATION.RevocationTime,
|
|
||||||
prompt = STRING_TOKEN(STR_CERTIFICATE_REVOCATION_TIME_PROMPT),
|
|
||||||
help = STRING_TOKEN(STR_CERTIFICATE_REVOCATION_TIME_HELP),
|
|
||||||
flags = STORAGE_NORMAL,
|
|
||||||
endtime;
|
|
||||||
endif;
|
|
||||||
endif;
|
|
||||||
|
|
||||||
subtitle text = STRING_TOKEN(STR_NULL);
|
|
||||||
subtitle text = STRING_TOKEN(STR_NULL);
|
|
||||||
|
|
||||||
goto FORMID_SECURE_BOOT_OPTION_FORM,
|
|
||||||
prompt = STRING_TOKEN(STR_SAVE_AND_EXIT),
|
|
||||||
help = STRING_TOKEN(STR_SAVE_AND_EXIT),
|
|
||||||
flags = INTERACTIVE,
|
|
||||||
key = KEY_VALUE_SAVE_AND_EXIT_DBX;
|
|
||||||
|
|
||||||
goto FORMID_SECURE_BOOT_OPTION_FORM,
|
|
||||||
prompt = STRING_TOKEN(STR_NO_SAVE_AND_EXIT),
|
|
||||||
help = STRING_TOKEN(STR_NO_SAVE_AND_EXIT),
|
|
||||||
flags = INTERACTIVE,
|
|
||||||
key = KEY_VALUE_NO_SAVE_AND_EXIT_DBX;
|
|
||||||
|
|
||||||
|
goto SECUREBOOT_CONFIGURATION_FORM_ID,
|
||||||
|
prompt = STRING_TOKEN(STR_CANCEL),
|
||||||
|
help = STRING_TOKEN(STR_NULL);
|
||||||
endform;
|
endform;
|
||||||
|
|
||||||
//
|
form formid = FORMID_DELETE_KEYS,
|
||||||
// Form: 'Enroll Signature' for DBT options.
|
title = STRING_TOKEN(STR_SECUREBOOT_TITLE);
|
||||||
//
|
|
||||||
form formid = SECUREBOOT_ENROLL_SIGNATURE_TO_DBT,
|
|
||||||
title = STRING_TOKEN(STR_SECURE_BOOT_ENROLL_SIGNATURE);
|
|
||||||
|
|
||||||
|
subtitle text = STRING_TOKEN(STR_DELETE_KEYS_NOTICE);
|
||||||
subtitle text = STRING_TOKEN(STR_NULL);
|
subtitle text = STRING_TOKEN(STR_NULL);
|
||||||
|
|
||||||
goto SECUREBOOT_ENROLL_SIGNATURE_TO_DBT,
|
text
|
||||||
prompt = STRING_TOKEN(STR_SECURE_BOOT_ADD_SIGNATURE_FILE),
|
help = STRING_TOKEN(STR_NULL),
|
||||||
help = STRING_TOKEN(STR_SECURE_BOOT_ADD_SIGNATURE_FILE),
|
text = STRING_TOKEN(STR_DELETE_KEYS_SELECTION),
|
||||||
flags = INTERACTIVE,
|
flags = INTERACTIVE,
|
||||||
key = SECUREBOOT_ENROLL_SIGNATURE_TO_DBT;
|
key = KEY_SECURE_BOOT_DELETE_PK;
|
||||||
|
|
||||||
subtitle text = STRING_TOKEN(STR_NULL);
|
goto SECUREBOOT_CONFIGURATION_FORM_ID,
|
||||||
label SECUREBOOT_ENROLL_SIGNATURE_TO_DBT;
|
prompt = STRING_TOKEN(STR_CANCEL),
|
||||||
label LABEL_END;
|
help = STRING_TOKEN(STR_NULL);
|
||||||
|
endform;
|
||||||
|
|
||||||
|
form formid = FORMID_RESTORE_KEYS,
|
||||||
|
title = STRING_TOKEN(STR_SECUREBOOT_TITLE);
|
||||||
|
|
||||||
|
subtitle text = STRING_TOKEN(STR_RESTORE_KEYS_NOTICE);
|
||||||
subtitle text = STRING_TOKEN(STR_NULL);
|
subtitle text = STRING_TOKEN(STR_NULL);
|
||||||
|
|
||||||
string varid = SECUREBOOT_CONFIGURATION.SignatureGuid,
|
text
|
||||||
prompt = STRING_TOKEN(STR_SECURE_BOOT_SIGNATURE_GUID),
|
help = STRING_TOKEN(STR_NULL),
|
||||||
help = STRING_TOKEN(STR_SECURE_BOOT_SIGNATURE_GUID_HELP),
|
text = STRING_TOKEN(STR_RESTORE_KEYS_SELECTION),
|
||||||
flags = INTERACTIVE,
|
flags = INTERACTIVE,
|
||||||
key = KEY_SECURE_BOOT_SIGNATURE_GUID_DBT,
|
key = KEY_RESTORE_KEYS;
|
||||||
minsize = SECURE_BOOT_GUID_SIZE,
|
|
||||||
maxsize = SECURE_BOOT_GUID_SIZE,
|
|
||||||
endstring;
|
|
||||||
|
|
||||||
subtitle text = STRING_TOKEN(STR_NULL);
|
|
||||||
subtitle text = STRING_TOKEN(STR_NULL);
|
|
||||||
|
|
||||||
goto FORMID_SECURE_BOOT_OPTION_FORM,
|
|
||||||
prompt = STRING_TOKEN(STR_SAVE_AND_EXIT),
|
|
||||||
help = STRING_TOKEN(STR_SAVE_AND_EXIT),
|
|
||||||
flags = INTERACTIVE,
|
|
||||||
key = KEY_VALUE_SAVE_AND_EXIT_DBT;
|
|
||||||
|
|
||||||
goto FORMID_SECURE_BOOT_OPTION_FORM,
|
|
||||||
prompt = STRING_TOKEN(STR_NO_SAVE_AND_EXIT),
|
|
||||||
help = STRING_TOKEN(STR_NO_SAVE_AND_EXIT),
|
|
||||||
flags = INTERACTIVE,
|
|
||||||
key = KEY_VALUE_NO_SAVE_AND_EXIT_DBT;
|
|
||||||
|
|
||||||
|
goto SECUREBOOT_CONFIGURATION_FORM_ID,
|
||||||
|
prompt = STRING_TOKEN(STR_CANCEL),
|
||||||
|
help = STRING_TOKEN(STR_NULL);
|
||||||
endform;
|
endform;
|
||||||
|
|
||||||
endformset;
|
endformset;
|
||||||
|
|||||||
@@ -3142,9 +3142,9 @@ UpdateSecureBootString(
|
|||||||
}
|
}
|
||||||
|
|
||||||
if (*SecureBoot == SECURE_BOOT_MODE_ENABLE) {
|
if (*SecureBoot == SECURE_BOOT_MODE_ENABLE) {
|
||||||
HiiSetString (Private->HiiHandle, STRING_TOKEN (STR_SECURE_BOOT_STATE_CONTENT), L"Enabled", NULL);
|
HiiSetString (Private->HiiHandle, STRING_TOKEN (STR_SECURE_BOOT_STATE_PROMPT), L"Secure Boot state: Enabled", NULL);
|
||||||
} else {
|
} else {
|
||||||
HiiSetString (Private->HiiHandle, STRING_TOKEN (STR_SECURE_BOOT_STATE_CONTENT), L"Disabled", NULL);
|
HiiSetString (Private->HiiHandle, STRING_TOKEN (STR_SECURE_BOOT_STATE_PROMPT), L"Secure Boot state: Disabled", NULL);
|
||||||
}
|
}
|
||||||
|
|
||||||
FreePool(SecureBoot);
|
FreePool(SecureBoot);
|
||||||
@@ -4324,7 +4324,7 @@ SecureBootCallback (
|
|||||||
UINT8 *SecureBootEnable;
|
UINT8 *SecureBootEnable;
|
||||||
UINT8 *Pk;
|
UINT8 *Pk;
|
||||||
UINT8 *SecureBootMode;
|
UINT8 *SecureBootMode;
|
||||||
UINT8 *SetupMode;
|
//UINT8 *SetupMode;
|
||||||
CHAR16 PromptString[100];
|
CHAR16 PromptString[100];
|
||||||
EFI_DEVICE_PATH_PROTOCOL *File;
|
EFI_DEVICE_PATH_PROTOCOL *File;
|
||||||
UINTN NameLength;
|
UINTN NameLength;
|
||||||
@@ -4332,13 +4332,11 @@ SecureBootCallback (
|
|||||||
SECUREBOOT_CONFIG_PRIVATE_DATA *PrivateData;
|
SECUREBOOT_CONFIG_PRIVATE_DATA *PrivateData;
|
||||||
BOOLEAN GetBrowserDataResult;
|
BOOLEAN GetBrowserDataResult;
|
||||||
ENROLL_KEY_ERROR EnrollKeyErrorCode;
|
ENROLL_KEY_ERROR EnrollKeyErrorCode;
|
||||||
EFI_HII_POPUP_PROTOCOL *HiiPopup;
|
|
||||||
EFI_HII_POPUP_SELECTION UserSelection;
|
|
||||||
|
|
||||||
Status = EFI_SUCCESS;
|
Status = EFI_SUCCESS;
|
||||||
SecureBootEnable = NULL;
|
SecureBootEnable = NULL;
|
||||||
SecureBootMode = NULL;
|
SecureBootMode = NULL;
|
||||||
SetupMode = NULL;
|
//SetupMode = NULL;
|
||||||
File = NULL;
|
File = NULL;
|
||||||
EnrollKeyErrorCode = None_Error;
|
EnrollKeyErrorCode = None_Error;
|
||||||
|
|
||||||
@@ -4414,27 +4412,14 @@ SecureBootCallback (
|
|||||||
if (Action == EFI_BROWSER_ACTION_CHANGING) {
|
if (Action == EFI_BROWSER_ACTION_CHANGING) {
|
||||||
|
|
||||||
switch (QuestionId) {
|
switch (QuestionId) {
|
||||||
case KEY_SECURE_BOOT_ENABLE:
|
//case KEY_SECURE_BOOT_ENABLE:
|
||||||
|
case KEY_SECURE_BOOT_STATE_ENABLE:
|
||||||
GetVariable2 (EFI_SECURE_BOOT_ENABLE_NAME, &gEfiSecureBootEnableDisableGuid, (VOID**)&SecureBootEnable, NULL);
|
GetVariable2 (EFI_SECURE_BOOT_ENABLE_NAME, &gEfiSecureBootEnableDisableGuid, (VOID**)&SecureBootEnable, NULL);
|
||||||
if (NULL != SecureBootEnable) {
|
Status = SaveSecureBootVariable(1);
|
||||||
FreePool (SecureBootEnable);
|
break;
|
||||||
if (EFI_ERROR (SaveSecureBootVariable (Value->u8))) {
|
case KEY_SECURE_BOOT_STATE_DISABLE:
|
||||||
CreatePopUp (
|
GetVariable2 (EFI_SECURE_BOOT_ENABLE_NAME, &gEfiSecureBootEnableDisableGuid, (VOID**)&SecureBootEnable, NULL);
|
||||||
EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE,
|
Status = SaveSecureBootVariable(0);
|
||||||
&Key,
|
|
||||||
L"Only Physical Presence User could disable secure boot!",
|
|
||||||
NULL
|
|
||||||
);
|
|
||||||
Status = EFI_UNSUPPORTED;
|
|
||||||
} else {
|
|
||||||
CreatePopUp (
|
|
||||||
EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE,
|
|
||||||
&Key,
|
|
||||||
L"Configuration changed, please reset the platform to take effect!",
|
|
||||||
NULL
|
|
||||||
);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case KEY_SECURE_BOOT_KEK_OPTION:
|
case KEY_SECURE_BOOT_KEK_OPTION:
|
||||||
@@ -4534,26 +4519,7 @@ SecureBootCallback (
|
|||||||
break;
|
break;
|
||||||
|
|
||||||
case KEY_SECURE_BOOT_DELETE_PK:
|
case KEY_SECURE_BOOT_DELETE_PK:
|
||||||
if (Value->u8) {
|
|
||||||
CreatePopUp (
|
|
||||||
EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE,
|
|
||||||
&Key,
|
|
||||||
L"Are you sure you want to delete PK? Secure boot will be disabled!",
|
|
||||||
L"Press 'Y' to delete PK and exit, 'N' to discard change and return",
|
|
||||||
NULL
|
|
||||||
);
|
|
||||||
if (Key.UnicodeChar == 'y' || Key.UnicodeChar == 'Y') {
|
|
||||||
Status = DeletePlatformKey();
|
Status = DeletePlatformKey();
|
||||||
if (EFI_ERROR (Status)) {
|
|
||||||
CreatePopUp (
|
|
||||||
EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE,
|
|
||||||
&Key,
|
|
||||||
L"Only Physical Presence User could delete PK in custom mode!",
|
|
||||||
NULL
|
|
||||||
);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case KEY_DELETE_KEK:
|
case KEY_DELETE_KEK:
|
||||||
@@ -4850,8 +4816,12 @@ SecureBootCallback (
|
|||||||
}
|
}
|
||||||
} else if (Action == EFI_BROWSER_ACTION_CHANGED) {
|
} else if (Action == EFI_BROWSER_ACTION_CHANGED) {
|
||||||
switch (QuestionId) {
|
switch (QuestionId) {
|
||||||
case KEY_SECURE_BOOT_ENABLE:
|
//case KEY_SECURE_BOOT_ENABLE:
|
||||||
|
case KEY_SECURE_BOOT_STATE_ENABLE:
|
||||||
|
case KEY_SECURE_BOOT_STATE_DISABLE:
|
||||||
*ActionRequest = EFI_BROWSER_ACTION_REQUEST_FORM_APPLY;
|
*ActionRequest = EFI_BROWSER_ACTION_REQUEST_FORM_APPLY;
|
||||||
|
// XXX: Is this safe?
|
||||||
|
gRT->ResetSystem(EfiResetCold, Status, 0, NULL);
|
||||||
break;
|
break;
|
||||||
case KEY_SECURE_BOOT_MODE:
|
case KEY_SECURE_BOOT_MODE:
|
||||||
mIsEnterSecureBootForm = FALSE;
|
mIsEnterSecureBootForm = FALSE;
|
||||||
@@ -4870,45 +4840,33 @@ SecureBootCallback (
|
|||||||
*ActionRequest = EFI_BROWSER_ACTION_REQUEST_FORM_APPLY;
|
*ActionRequest = EFI_BROWSER_ACTION_REQUEST_FORM_APPLY;
|
||||||
break;
|
break;
|
||||||
case KEY_SECURE_BOOT_DELETE_PK:
|
case KEY_SECURE_BOOT_DELETE_PK:
|
||||||
GetVariable2 (EFI_SETUP_MODE_NAME, &gEfiGlobalVariableGuid, (VOID**)&SetupMode, NULL);
|
//GetVariable2 (EFI_SETUP_MODE_NAME, &gEfiGlobalVariableGuid, (VOID**)&SetupMode, NULL);
|
||||||
if (SetupMode == NULL || (*SetupMode) == SETUP_MODE) {
|
//if (SetupMode == NULL || (*SetupMode) == SETUP_MODE) {
|
||||||
IfrNvData->DeletePk = TRUE;
|
// IfrNvData->DeletePk = TRUE;
|
||||||
IfrNvData->HasPk = FALSE;
|
// IfrNvData->HasPk = FALSE;
|
||||||
*ActionRequest = EFI_BROWSER_ACTION_REQUEST_SUBMIT;
|
// *ActionRequest = EFI_BROWSER_ACTION_REQUEST_SUBMIT;
|
||||||
} else {
|
//} else {
|
||||||
IfrNvData->DeletePk = FALSE;
|
// IfrNvData->DeletePk = FALSE;
|
||||||
IfrNvData->HasPk = TRUE;
|
// IfrNvData->HasPk = TRUE;
|
||||||
*ActionRequest = EFI_BROWSER_ACTION_REQUEST_FORM_APPLY;
|
// *ActionRequest = EFI_BROWSER_ACTION_REQUEST_FORM_APPLY;
|
||||||
}
|
//}
|
||||||
if (SetupMode != NULL) {
|
//if (SetupMode != NULL) {
|
||||||
FreePool (SetupMode);
|
// FreePool (SetupMode);
|
||||||
}
|
//}
|
||||||
|
// XXX: Is this safe?
|
||||||
|
gRT->ResetSystem(EfiResetCold, Status, 0, NULL);
|
||||||
break;
|
break;
|
||||||
case KEY_SECURE_BOOT_RESET_TO_DEFAULT:
|
//case KEY_SECURE_BOOT_RESET_TO_DEFAULT:
|
||||||
{
|
case KEY_RESTORE_KEYS:
|
||||||
Status = gBS->LocateProtocol (&gEfiHiiPopupProtocolGuid, NULL, (VOID **) &HiiPopup);
|
|
||||||
if (EFI_ERROR (Status)) {
|
|
||||||
return Status;
|
|
||||||
}
|
|
||||||
Status = HiiPopup->CreatePopup (
|
|
||||||
HiiPopup,
|
|
||||||
EfiHiiPopupStyleInfo,
|
|
||||||
EfiHiiPopupTypeYesNo,
|
|
||||||
Private->HiiHandle,
|
|
||||||
STRING_TOKEN (STR_RESET_TO_DEFAULTS_POPUP),
|
|
||||||
&UserSelection
|
|
||||||
);
|
|
||||||
if (UserSelection == EfiHiiPopupSelectionYes) {
|
|
||||||
Status = KeyEnrollReset();
|
Status = KeyEnrollReset();
|
||||||
}
|
|
||||||
//
|
|
||||||
// Update secure boot strings after key reset
|
// Update secure boot strings after key reset
|
||||||
//
|
|
||||||
if (Status == EFI_SUCCESS) {
|
if (Status == EFI_SUCCESS) {
|
||||||
Status = UpdateSecureBootString(Private);
|
Status = UpdateSecureBootString(Private);
|
||||||
SecureBootExtractConfigFromVariable(Private, IfrNvData);
|
SecureBootExtractConfigFromVariable(Private, IfrNvData);
|
||||||
|
// XXX: Is this safe?
|
||||||
|
gRT->ResetSystem(EfiResetCold, Status, 0, NULL);
|
||||||
}
|
}
|
||||||
}
|
break;
|
||||||
default:
|
default:
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -119,6 +119,15 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
|
|||||||
#define PE_IMAGE_FILE_TYPE 2
|
#define PE_IMAGE_FILE_TYPE 2
|
||||||
#define AUTHENTICATION_2_FILE_TYPE 3
|
#define AUTHENTICATION_2_FILE_TYPE 3
|
||||||
|
|
||||||
|
#define FORMID_SECURE_BOOT_ENABLE 0x101
|
||||||
|
#define FORMID_SECURE_BOOT_DISABLE 0x102
|
||||||
|
#define FORMID_DELETE_KEYS 0x103
|
||||||
|
#define FORMID_RESTORE_KEYS 0x104
|
||||||
|
#define KEY_SECURE_BOOT_STATE_ENABLE 0x1120
|
||||||
|
#define KEY_SECURE_BOOT_STATE_DISABLE 0x1121
|
||||||
|
#define KEY_DELETE_KEYS 0x1122
|
||||||
|
#define KEY_RESTORE_KEYS 0x1123
|
||||||
|
|
||||||
//
|
//
|
||||||
// Nv Data structure referenced by IFR
|
// Nv Data structure referenced by IFR
|
||||||
//
|
//
|
||||||
|
|||||||
@@ -138,3 +138,18 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
|
|||||||
#string STR_SIGNATURE_DATA_HELP_FORMAT_TIME #language en-US "Revocation Time:\n%s"
|
#string STR_SIGNATURE_DATA_HELP_FORMAT_TIME #language en-US "Revocation Time:\n%s"
|
||||||
|
|
||||||
#string STR_SIGNATURE_DELETE_ALL_CONFIRM #language en-US "Press 'Y' to delete all signature List."
|
#string STR_SIGNATURE_DELETE_ALL_CONFIRM #language en-US "Press 'Y' to delete all signature List."
|
||||||
|
|
||||||
|
#string STR_SECURE_BOOT_ENABLE_PROMPT #language en-US "Enable Secure Boot"
|
||||||
|
#string STR_SECURE_BOOT_DISABLE_PROMPT #language en-US "Disable Secure Boot"
|
||||||
|
#string STR_DELETE_KEYS_PROMPT #language en-US "Delete System76 and Microsoft keys (Use your own)"
|
||||||
|
#string STR_RESTORE_KEYS_PROMPT #language en-US "Restore System76 and Microsoft keys"
|
||||||
|
|
||||||
|
#string STR_ENABLE_NOTICE #language en-US "An operating system that includes Secure Boot support is required.\r\nDisable Secure Boot if your operating system does not boot."
|
||||||
|
#string STR_ENABLE_SELECTION #language en-US "Enable Secure Boot and reboot"
|
||||||
|
#string STR_DISABLE_NOTICE #language en-US "Disabling Secure Boot allows non-verified operating systems to boot\r\nand may disable some operating system security features."
|
||||||
|
#string STR_DISABLE_SELECTION #language en-US "Disable Secure Boot and reboot"
|
||||||
|
#string STR_DELETE_KEYS_NOTICE #language en-US "System and Microsoft keys will be deleted. Enroll custom keys from your\r\noperating system. Check your OS documentation for details. To facilitate\nsetup, Secure Boot is disabled until you manually activate it."
|
||||||
|
#string STR_DELETE_KEYS_SELECTION #language en-US "Delete System76 and Microsoft keys and restart"
|
||||||
|
#string STR_RESTORE_KEYS_NOTICE #language en-US "Restoring System76 and Microsoft keys will remove any custom keys you\r\nhave installed and may make your OS unbootable. Disable Secure Boot if\nyour operating system does not boot."
|
||||||
|
#string STR_RESTORE_KEYS_SELECTION #language en-US "Restore System76 and Microsoft keys and restart"
|
||||||
|
#string STR_CANCEL #language en-US "Cancel"
|
||||||
|
|||||||
@@ -192,6 +192,14 @@ PlatformBootManagerBeforeConsole (
|
|||||||
PlatformConsoleInit ();
|
PlatformConsoleInit ();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// GUID for System76 security driver
|
||||||
|
EFI_GUID SYSTEM76_SECURITY_PROTOCOL_GUID = {0x764247c4, 0xa859, 0x4a6b, {0xb5, 0x00, 0xed, 0x5d, 0x7a, 0x70, 0x7d, 0xd4}};
|
||||||
|
|
||||||
|
typedef struct {
|
||||||
|
// Run System76 security driver, will return true if we should boot immediately
|
||||||
|
BOOLEAN (EFIAPI *Run)();
|
||||||
|
} SYSTEM76_SECURITY_PROTOCOL;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
Do the platform specific action after the console is connected.
|
Do the platform specific action after the console is connected.
|
||||||
|
|
||||||
@@ -210,6 +218,8 @@ PlatformBootManagerAfterConsole (
|
|||||||
{
|
{
|
||||||
EFI_GRAPHICS_OUTPUT_BLT_PIXEL Black;
|
EFI_GRAPHICS_OUTPUT_BLT_PIXEL Black;
|
||||||
EFI_GRAPHICS_OUTPUT_BLT_PIXEL White;
|
EFI_GRAPHICS_OUTPUT_BLT_PIXEL White;
|
||||||
|
EFI_STATUS Status;
|
||||||
|
SYSTEM76_SECURITY_PROTOCOL * system76_security;
|
||||||
|
|
||||||
if (mUniversalPayloadPlatformBootManagerOverrideInstance != NULL){
|
if (mUniversalPayloadPlatformBootManagerOverrideInstance != NULL){
|
||||||
mUniversalPayloadPlatformBootManagerOverrideInstance->AfterConsole();
|
mUniversalPayloadPlatformBootManagerOverrideInstance->AfterConsole();
|
||||||
@@ -249,6 +259,16 @@ PlatformBootManagerAfterConsole (
|
|||||||
|
|
||||||
// Inject boot logo into BGRT table
|
// Inject boot logo into BGRT table
|
||||||
AddBGRT();
|
AddBGRT();
|
||||||
|
|
||||||
|
// If System76 security driver is installed
|
||||||
|
Status = gBS->LocateProtocol (&SYSTEM76_SECURITY_PROTOCOL_GUID, NULL, (VOID **) &system76_security);
|
||||||
|
if (!EFI_ERROR(Status)) {
|
||||||
|
// Run System76 security driver
|
||||||
|
if (system76_security->Run ()) {
|
||||||
|
// Skip boot timeout if requested
|
||||||
|
PcdSet16S (PcdPlatformBootTimeOut, 0);
|
||||||
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|||||||
Binary file not shown.
BIN
UefiPayloadPkg/SecureBootEnrollDefaultKeys/keys/db-system76.crt
Normal file
BIN
UefiPayloadPkg/SecureBootEnrollDefaultKeys/keys/db-system76.crt
Normal file
Binary file not shown.
BIN
UefiPayloadPkg/SecureBootEnrollDefaultKeys/keys/kek-system76.crt
Normal file
BIN
UefiPayloadPkg/SecureBootEnrollDefaultKeys/keys/kek-system76.crt
Normal file
Binary file not shown.
Binary file not shown.
@@ -260,11 +260,13 @@ INF SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf
|
|||||||
}
|
}
|
||||||
|
|
||||||
FILE FREEFORM = 6f64916e-9f7a-4c35-b952-cd041efb05a3 {
|
FILE FREEFORM = 6f64916e-9f7a-4c35-b952-cd041efb05a3 {
|
||||||
SECTION RAW = UefiPayloadPkg/SecureBootEnrollDefaultKeys/keys/kek.crt
|
SECTION RAW = UefiPayloadPkg/SecureBootEnrollDefaultKeys/keys/kek-system76.crt
|
||||||
|
SECTION RAW = UefiPayloadPkg/SecureBootEnrollDefaultKeys/keys/kek-microsoft.crt
|
||||||
SECTION UI = "KEK Default"
|
SECTION UI = "KEK Default"
|
||||||
}
|
}
|
||||||
|
|
||||||
FILE FREEFORM = c491d352-7623-4843-accc-2791a7574421 {
|
FILE FREEFORM = c491d352-7623-4843-accc-2791a7574421 {
|
||||||
|
SECTION RAW = UefiPayloadPkg/SecureBootEnrollDefaultKeys/keys/db-system76.crt
|
||||||
SECTION RAW = UefiPayloadPkg/SecureBootEnrollDefaultKeys/keys/db-1.crt
|
SECTION RAW = UefiPayloadPkg/SecureBootEnrollDefaultKeys/keys/db-1.crt
|
||||||
SECTION RAW = UefiPayloadPkg/SecureBootEnrollDefaultKeys/keys/db-2.crt
|
SECTION RAW = UefiPayloadPkg/SecureBootEnrollDefaultKeys/keys/db-2.crt
|
||||||
SECTION UI = "DB Default"
|
SECTION UI = "DB Default"
|
||||||
|
|||||||
Reference in New Issue
Block a user