UEFI 2.4 X509 Certificate Hash and RFC3161 Timestamp Verification support for Secure Boot
Main ChangeLogs includes: 1. Introduce the new GUID and structure definitions for certificate hash and timestamp support; 2. Update Image Verification Library to support DBT signature checking; 3. Update the related SecureBoot Configuration Pages; Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Qin Long <qin.long@intel.com> Reviewed-by: Guo Dong <guo.dong@intel.com> Reviewed-by: Siyuan Fu <siyuan.fu@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16380 6f19259b-4bc3-4df7-8a09-765794883524
This commit is contained in:
@@ -1,13 +1,13 @@
|
||||
/** @file
|
||||
VFR file used by the SecureBoot configuration component.
|
||||
|
||||
Copyright (c) 2011 - 2013, Intel Corporation. All rights reserved.<BR>
|
||||
This program and the accompanying materials
|
||||
are licensed and made available under the terms and conditions of the BSD License
|
||||
which accompanies this distribution. The full text of the license may be found at
|
||||
Copyright (c) 2011 - 2014, Intel Corporation. All rights reserved.<BR>
|
||||
This program and the accompanying materials
|
||||
are licensed and made available under the terms and conditions of the BSD License
|
||||
which accompanies this distribution. The full text of the license may be found at
|
||||
http://opensource.org/licenses/bsd-license.php
|
||||
|
||||
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
|
||||
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
|
||||
|
||||
**/
|
||||
@@ -24,7 +24,7 @@ formset
|
||||
varid = SECUREBOOT_CONFIGURATION_VARSTORE_ID,
|
||||
name = SECUREBOOT_CONFIGURATION,
|
||||
guid = SECUREBOOT_CONFIG_FORM_SET_GUID;
|
||||
|
||||
|
||||
//
|
||||
// ##1 Form "Secure Boot Configuration"
|
||||
//
|
||||
@@ -37,7 +37,7 @@ formset
|
||||
help = STRING_TOKEN(STR_SECURE_BOOT_STATE_HELP),
|
||||
text = STRING_TOKEN(STR_SECURE_BOOT_STATE_PROMPT),
|
||||
text = STRING_TOKEN(STR_SECURE_BOOT_STATE_CONTENT);
|
||||
|
||||
|
||||
//
|
||||
// Define of Check Box: Attempt Secure Boot
|
||||
//
|
||||
@@ -48,8 +48,8 @@ formset
|
||||
help = STRING_TOKEN(STR_NULL),
|
||||
flags = INTERACTIVE,
|
||||
endcheckbox;
|
||||
endif;
|
||||
|
||||
endif;
|
||||
|
||||
//
|
||||
// Display of Check Box: Attempt Secure Boot
|
||||
//
|
||||
@@ -61,7 +61,7 @@ formset
|
||||
flags = INTERACTIVE | RESET_REQUIRED,
|
||||
endcheckbox;
|
||||
endif;
|
||||
|
||||
|
||||
//
|
||||
// Display of Oneof: 'Secure Boot Mode'
|
||||
//
|
||||
@@ -75,14 +75,14 @@ formset
|
||||
endoneof;
|
||||
endif;
|
||||
oneof name = SecureBootMode,
|
||||
questionid = KEY_SECURE_BOOT_MODE,
|
||||
questionid = KEY_SECURE_BOOT_MODE,
|
||||
prompt = STRING_TOKEN(STR_SECURE_BOOT_MODE_PROMPT),
|
||||
help = STRING_TOKEN(STR_SECURE_BOOT_MODE_HELP),
|
||||
flags = INTERACTIVE | NUMERIC_SIZE_1,
|
||||
option text = STRING_TOKEN(STR_STANDARD_MODE), value = SECURE_BOOT_MODE_STANDARD, flags = DEFAULT;
|
||||
option text = STRING_TOKEN(STR_CUSTOM_MODE), value = SECURE_BOOT_MODE_CUSTOM, flags = 0;
|
||||
endoneof;
|
||||
|
||||
|
||||
//
|
||||
//
|
||||
// Display of 'Current Secure Boot Mode'
|
||||
@@ -97,55 +97,63 @@ formset
|
||||
endif;
|
||||
endif;
|
||||
endform;
|
||||
|
||||
|
||||
//
|
||||
// ##2 Form: 'Custom Secure Boot Options'
|
||||
//
|
||||
form formid = FORMID_SECURE_BOOT_OPTION_FORM,
|
||||
title = STRING_TOKEN(STR_SECURE_BOOT_OPTION_TITLE);
|
||||
|
||||
|
||||
subtitle text = STRING_TOKEN(STR_NULL);
|
||||
|
||||
|
||||
goto FORMID_SECURE_BOOT_PK_OPTION_FORM,
|
||||
prompt = STRING_TOKEN(STR_SECURE_BOOT_PK_OPTION),
|
||||
help = STRING_TOKEN(STR_SECURE_BOOT_PK_OPTION_HELP),
|
||||
flags = INTERACTIVE,
|
||||
key = KEY_SECURE_BOOT_PK_OPTION;
|
||||
|
||||
|
||||
subtitle text = STRING_TOKEN(STR_NULL);
|
||||
|
||||
|
||||
goto FORMID_SECURE_BOOT_KEK_OPTION_FORM,
|
||||
prompt = STRING_TOKEN(STR_SECURE_BOOT_KEK_OPTION),
|
||||
help = STRING_TOKEN(STR_SECURE_BOOT_KEK_OPTION_HELP),
|
||||
flags = INTERACTIVE,
|
||||
key = KEY_SECURE_BOOT_KEK_OPTION;
|
||||
|
||||
|
||||
subtitle text = STRING_TOKEN(STR_NULL);
|
||||
|
||||
|
||||
goto FORMID_SECURE_BOOT_DB_OPTION_FORM,
|
||||
prompt = STRING_TOKEN(STR_SECURE_BOOT_DB_OPTION),
|
||||
help = STRING_TOKEN(STR_SECURE_BOOT_DB_OPTION_HELP),
|
||||
flags = INTERACTIVE,
|
||||
key = KEY_SECURE_BOOT_DB_OPTION;
|
||||
|
||||
|
||||
subtitle text = STRING_TOKEN(STR_NULL);
|
||||
|
||||
|
||||
goto FORMID_SECURE_BOOT_DBX_OPTION_FORM,
|
||||
prompt = STRING_TOKEN(STR_SECURE_BOOT_DBX_OPTION),
|
||||
help = STRING_TOKEN(STR_SECURE_BOOT_DBX_OPTION_HELP),
|
||||
flags = INTERACTIVE,
|
||||
key = KEY_SECURE_BOOT_DBX_OPTION;
|
||||
|
||||
subtitle text = STRING_TOKEN(STR_NULL);
|
||||
|
||||
goto FORMID_SECURE_BOOT_DBT_OPTION_FORM,
|
||||
prompt = STRING_TOKEN(STR_SECURE_BOOT_DBT_OPTION),
|
||||
help = STRING_TOKEN(STR_SECURE_BOOT_DBT_OPTION_HELP),
|
||||
flags = INTERACTIVE,
|
||||
key = KEY_SECURE_BOOT_DBT_OPTION;
|
||||
|
||||
endform;
|
||||
|
||||
|
||||
//
|
||||
// ##3 Form: 'PK Options'
|
||||
//
|
||||
form formid = FORMID_SECURE_BOOT_PK_OPTION_FORM,
|
||||
title = STRING_TOKEN(STR_SECURE_BOOT_PK_OPTION);
|
||||
|
||||
|
||||
subtitle text = STRING_TOKEN(STR_NULL);
|
||||
|
||||
|
||||
//
|
||||
// Define of Check Box: 'Delete PK'
|
||||
//
|
||||
@@ -155,7 +163,7 @@ formset
|
||||
help = STRING_TOKEN(STR_NULL),
|
||||
endcheckbox;
|
||||
endif;
|
||||
|
||||
|
||||
grayoutif ideqval SECUREBOOT_CONFIGURATION.HasPk == 1;
|
||||
goto FORMID_ENROLL_PK_FORM,
|
||||
prompt = STRING_TOKEN(STR_ENROLL_PK),
|
||||
@@ -163,28 +171,28 @@ formset
|
||||
flags = INTERACTIVE,
|
||||
key = KEY_ENROLL_PK;
|
||||
endif;
|
||||
|
||||
|
||||
subtitle text = STRING_TOKEN(STR_NULL);
|
||||
|
||||
|
||||
//
|
||||
// Display of Check Box: 'Delete Pk'
|
||||
// Display of Check Box: 'Delete Pk'
|
||||
//
|
||||
grayoutif ideqval SECUREBOOT_CONFIGURATION.HideSecureBoot == 1;
|
||||
checkbox varid = SECUREBOOT_CONFIGURATION.DeletePk,
|
||||
questionid = KEY_SECURE_BOOT_DELETE_PK,
|
||||
prompt = STRING_TOKEN(STR_DELETE_PK),
|
||||
prompt = STRING_TOKEN(STR_DELETE_PK),
|
||||
help = STRING_TOKEN(STR_DELETE_PK_HELP),
|
||||
flags = INTERACTIVE | RESET_REQUIRED,
|
||||
endcheckbox;
|
||||
endif;
|
||||
endform;
|
||||
|
||||
|
||||
//
|
||||
// ##4 Form: 'Enroll PK'
|
||||
//
|
||||
form formid = FORMID_ENROLL_PK_FORM,
|
||||
title = STRING_TOKEN(STR_ENROLL_PK);
|
||||
|
||||
|
||||
subtitle text = STRING_TOKEN(STR_NULL);
|
||||
|
||||
goto FORM_FILE_EXPLORER_ID_PK,
|
||||
@@ -193,7 +201,7 @@ formset
|
||||
flags = INTERACTIVE,
|
||||
key = SECUREBOOT_ADD_PK_FILE_FORM_ID;
|
||||
endform;
|
||||
|
||||
|
||||
//
|
||||
// ##5 Form: 'KEK Options'
|
||||
//
|
||||
@@ -201,29 +209,29 @@ formset
|
||||
title = STRING_TOKEN(STR_SECURE_BOOT_KEK_OPTION);
|
||||
|
||||
//
|
||||
// Display of 'Enroll KEK'
|
||||
// Display of 'Enroll KEK'
|
||||
//
|
||||
goto FORMID_ENROLL_KEK_FORM,
|
||||
prompt = STRING_TOKEN(STR_ENROLL_KEK),
|
||||
help = STRING_TOKEN(STR_ENROLL_KEK_HELP),
|
||||
flags = INTERACTIVE;
|
||||
|
||||
subtitle text = STRING_TOKEN(STR_NULL);
|
||||
|
||||
|
||||
subtitle text = STRING_TOKEN(STR_NULL);
|
||||
|
||||
//
|
||||
// Display of 'Delete KEK'
|
||||
// Display of 'Delete KEK'
|
||||
//
|
||||
goto FORMID_DELETE_KEK_FORM,
|
||||
prompt = STRING_TOKEN(STR_DELETE_KEK),
|
||||
help = STRING_TOKEN(STR_DELETE_KEK_HELP),
|
||||
flags = INTERACTIVE,
|
||||
key = KEY_DELETE_KEK;
|
||||
|
||||
subtitle text = STRING_TOKEN(STR_NULL);
|
||||
|
||||
subtitle text = STRING_TOKEN(STR_NULL);
|
||||
endform;
|
||||
|
||||
//
|
||||
// ##6 Form: 'Enroll KEK'
|
||||
// ##6 Form: 'Enroll KEK'
|
||||
//
|
||||
form formid = FORMID_ENROLL_KEK_FORM,
|
||||
title = STRING_TOKEN(STR_ENROLL_KEK_TITLE);
|
||||
@@ -258,7 +266,7 @@ formset
|
||||
help = STRING_TOKEN(STR_SAVE_AND_EXIT),
|
||||
flags = INTERACTIVE,
|
||||
key = KEY_VALUE_SAVE_AND_EXIT_KEK;
|
||||
|
||||
|
||||
goto FORMID_SECURE_BOOT_OPTION_FORM,
|
||||
prompt = STRING_TOKEN(STR_NO_SAVE_AND_EXIT),
|
||||
help = STRING_TOKEN(STR_NO_SAVE_AND_EXIT),
|
||||
@@ -269,15 +277,15 @@ formset
|
||||
|
||||
//
|
||||
// ##7 Form: 'Delete KEK'
|
||||
//
|
||||
//
|
||||
form formid = FORMID_DELETE_KEK_FORM,
|
||||
title = STRING_TOKEN(STR_DELETE_KEK_TITLE);
|
||||
|
||||
label LABEL_KEK_DELETE;
|
||||
label LABEL_END;
|
||||
|
||||
|
||||
subtitle text = STRING_TOKEN(STR_NULL);
|
||||
|
||||
|
||||
endform;
|
||||
|
||||
//
|
||||
@@ -300,7 +308,7 @@ formset
|
||||
help = STRING_TOKEN (STR_SECURE_BOOT_DELETE_SIGNATURE),
|
||||
flags = INTERACTIVE,
|
||||
key = SECUREBOOT_DELETE_SIGNATURE_FROM_DB;
|
||||
|
||||
|
||||
endform;
|
||||
|
||||
//
|
||||
@@ -326,6 +334,29 @@ formset
|
||||
|
||||
endform;
|
||||
|
||||
//
|
||||
// ##9 Form: 'DBT Options'
|
||||
//
|
||||
form formid = FORMID_SECURE_BOOT_DBT_OPTION_FORM,
|
||||
title = STRING_TOKEN(STR_SECURE_BOOT_DBT_OPTION);
|
||||
|
||||
subtitle text = STRING_TOKEN(STR_NULL);
|
||||
|
||||
goto SECUREBOOT_ENROLL_SIGNATURE_TO_DBT,
|
||||
prompt = STRING_TOKEN (STR_SECURE_BOOT_ENROLL_SIGNATURE),
|
||||
help = STRING_TOKEN (STR_SECURE_BOOT_ENROLL_SIGNATURE),
|
||||
flags = 0;
|
||||
|
||||
subtitle text = STRING_TOKEN(STR_NULL);
|
||||
|
||||
goto SECUREBOOT_DELETE_SIGNATURE_FROM_DBT,
|
||||
prompt = STRING_TOKEN (STR_SECURE_BOOT_DELETE_SIGNATURE),
|
||||
help = STRING_TOKEN (STR_SECURE_BOOT_DELETE_SIGNATURE),
|
||||
flags = INTERACTIVE,
|
||||
key = SECUREBOOT_DELETE_SIGNATURE_FROM_DBT;
|
||||
|
||||
endform;
|
||||
|
||||
//
|
||||
// Form: 'Delete Signature' for DB Options.
|
||||
//
|
||||
@@ -335,7 +366,7 @@ formset
|
||||
label LABEL_DB_DELETE;
|
||||
label LABEL_END;
|
||||
subtitle text = STRING_TOKEN(STR_NULL);
|
||||
|
||||
|
||||
endform;
|
||||
|
||||
//
|
||||
@@ -347,7 +378,19 @@ formset
|
||||
label LABEL_DBX_DELETE;
|
||||
label LABEL_END;
|
||||
subtitle text = STRING_TOKEN(STR_NULL);
|
||||
|
||||
|
||||
endform;
|
||||
|
||||
//
|
||||
// Form: 'Delete Signature' for DBT Options.
|
||||
//
|
||||
form formid = SECUREBOOT_DELETE_SIGNATURE_FROM_DBT,
|
||||
title = STRING_TOKEN(STR_SECURE_BOOT_DELETE_SIGNATURE);
|
||||
|
||||
label LABEL_DBT_DELETE;
|
||||
label LABEL_END;
|
||||
subtitle text = STRING_TOKEN(STR_NULL);
|
||||
|
||||
endform;
|
||||
|
||||
//
|
||||
@@ -386,7 +429,7 @@ formset
|
||||
help = STRING_TOKEN(STR_SAVE_AND_EXIT),
|
||||
flags = INTERACTIVE,
|
||||
key = KEY_VALUE_SAVE_AND_EXIT_DB;
|
||||
|
||||
|
||||
goto FORMID_SECURE_BOOT_OPTION_FORM,
|
||||
prompt = STRING_TOKEN(STR_NO_SAVE_AND_EXIT),
|
||||
help = STRING_TOKEN(STR_NO_SAVE_AND_EXIT),
|
||||
@@ -409,7 +452,6 @@ formset
|
||||
flags = INTERACTIVE,
|
||||
key = SECUREBOOT_ENROLL_SIGNATURE_TO_DBX;
|
||||
|
||||
subtitle text = STRING_TOKEN(STR_NULL);
|
||||
label SECUREBOOT_ENROLL_SIGNATURE_TO_DBX;
|
||||
label LABEL_END;
|
||||
subtitle text = STRING_TOKEN(STR_NULL);
|
||||
@@ -423,6 +465,38 @@ formset
|
||||
maxsize = SECURE_BOOT_GUID_SIZE,
|
||||
endstring;
|
||||
|
||||
oneof name = SignatureFormatInDbx,
|
||||
varid = SECUREBOOT_CONFIGURATION.CertificateFormat,
|
||||
prompt = STRING_TOKEN(STR_DBX_CERTIFICATE_FORMAT_PROMPT),
|
||||
help = STRING_TOKEN(STR_DBX_CERTIFICATE_FORMAT_HELP),
|
||||
option text = STRING_TOKEN(STR_DBX_CERTIFICATE_FORMAT_SHA256), value = 0x2, flags = DEFAULT;
|
||||
option text = STRING_TOKEN(STR_DBX_CERTIFICATE_FORMAT_SHA384), value = 0x3, flags = 0;
|
||||
option text = STRING_TOKEN(STR_DBX_CERTIFICATE_FORMAT_SHA512), value = 0x4, flags = 0;
|
||||
option text = STRING_TOKEN(STR_DBX_CERTIFICATE_FORMAT_RAW), value = 0x5, flags = 0;
|
||||
endoneof;
|
||||
|
||||
suppressif ideqval SECUREBOOT_CONFIGURATION.CertificateFormat == 5;
|
||||
checkbox varid = SECUREBOOT_CONFIGURATION.AlwaysRevocation,
|
||||
prompt = STRING_TOKEN(STR_ALWAYS_CERTIFICATE_REVOCATION_PROMPT),
|
||||
help = STRING_TOKEN(STR_ALWAYS_CERTIFICATE_REVOCATION_HELP),
|
||||
flags = INTERACTIVE,
|
||||
endcheckbox;
|
||||
|
||||
suppressif ideqval SECUREBOOT_CONFIGURATION.AlwaysRevocation == 1;
|
||||
date varid = SECUREBOOT_CONFIGURATION.RevocationDate,
|
||||
prompt = STRING_TOKEN(STR_CERTIFICATE_REVOCATION_DATE_PROMPT),
|
||||
help = STRING_TOKEN(STR_CERTIFICATE_REVOCATION_DATE_HELP),
|
||||
flags = STORAGE_NORMAL,
|
||||
enddate;
|
||||
|
||||
time varid = SECUREBOOT_CONFIGURATION.RevocationTime,
|
||||
prompt = STRING_TOKEN(STR_CERTIFICATE_REVOCATION_TIME_PROMPT),
|
||||
help = STRING_TOKEN(STR_CERTIFICATE_REVOCATION_TIME_HELP),
|
||||
flags = STORAGE_NORMAL,
|
||||
endtime;
|
||||
endif;
|
||||
endif;
|
||||
|
||||
subtitle text = STRING_TOKEN(STR_NULL);
|
||||
subtitle text = STRING_TOKEN(STR_NULL);
|
||||
|
||||
@@ -431,7 +505,7 @@ formset
|
||||
help = STRING_TOKEN(STR_SAVE_AND_EXIT),
|
||||
flags = INTERACTIVE,
|
||||
key = KEY_VALUE_SAVE_AND_EXIT_DBX;
|
||||
|
||||
|
||||
goto FORMID_SECURE_BOOT_OPTION_FORM,
|
||||
prompt = STRING_TOKEN(STR_NO_SAVE_AND_EXIT),
|
||||
help = STRING_TOKEN(STR_NO_SAVE_AND_EXIT),
|
||||
@@ -440,6 +514,51 @@ formset
|
||||
|
||||
endform;
|
||||
|
||||
//
|
||||
// Form: 'Enroll Signature' for DBT options.
|
||||
//
|
||||
form formid = SECUREBOOT_ENROLL_SIGNATURE_TO_DBT,
|
||||
title = STRING_TOKEN(STR_SECURE_BOOT_ENROLL_SIGNATURE);
|
||||
|
||||
subtitle text = STRING_TOKEN(STR_NULL);
|
||||
|
||||
goto FORM_FILE_EXPLORER_ID_DBT,
|
||||
prompt = STRING_TOKEN(STR_SECURE_BOOT_ADD_SIGNATURE_FILE),
|
||||
help = STRING_TOKEN(STR_SECURE_BOOT_ADD_SIGNATURE_FILE),
|
||||
flags = INTERACTIVE,
|
||||
key = SECUREBOOT_ENROLL_SIGNATURE_TO_DBT;
|
||||
|
||||
subtitle text = STRING_TOKEN(STR_NULL);
|
||||
label SECUREBOOT_ENROLL_SIGNATURE_TO_DBT;
|
||||
label LABEL_END;
|
||||
subtitle text = STRING_TOKEN(STR_NULL);
|
||||
|
||||
string varid = SECUREBOOT_CONFIGURATION.SignatureGuid,
|
||||
prompt = STRING_TOKEN(STR_SECURE_BOOT_SIGNATURE_GUID),
|
||||
help = STRING_TOKEN(STR_SECURE_BOOT_SIGNATURE_GUID_HELP),
|
||||
flags = INTERACTIVE,
|
||||
key = KEY_SECURE_BOOT_SIGNATURE_GUID_DBT,
|
||||
minsize = SECURE_BOOT_GUID_SIZE,
|
||||
maxsize = SECURE_BOOT_GUID_SIZE,
|
||||
endstring;
|
||||
|
||||
subtitle text = STRING_TOKEN(STR_NULL);
|
||||
subtitle text = STRING_TOKEN(STR_NULL);
|
||||
|
||||
goto FORMID_SECURE_BOOT_OPTION_FORM,
|
||||
prompt = STRING_TOKEN(STR_SAVE_AND_EXIT),
|
||||
help = STRING_TOKEN(STR_SAVE_AND_EXIT),
|
||||
flags = INTERACTIVE,
|
||||
key = KEY_VALUE_SAVE_AND_EXIT_DBT;
|
||||
|
||||
goto FORMID_SECURE_BOOT_OPTION_FORM,
|
||||
prompt = STRING_TOKEN(STR_NO_SAVE_AND_EXIT),
|
||||
help = STRING_TOKEN(STR_NO_SAVE_AND_EXIT),
|
||||
flags = INTERACTIVE,
|
||||
key = KEY_VALUE_NO_SAVE_AND_EXIT_DBT;
|
||||
|
||||
endform;
|
||||
|
||||
//
|
||||
// File Explorer for PK
|
||||
//
|
||||
@@ -449,7 +568,7 @@ formset
|
||||
label FORM_FILE_EXPLORER_ID;
|
||||
label LABEL_END;
|
||||
endform;
|
||||
|
||||
|
||||
//
|
||||
// File Explorer for KEK
|
||||
//
|
||||
@@ -480,6 +599,15 @@ formset
|
||||
label LABEL_END;
|
||||
endform;
|
||||
|
||||
//
|
||||
// File Explorer for DBT
|
||||
//
|
||||
form formid = FORM_FILE_EXPLORER_ID_DBT,
|
||||
title = STRING_TOKEN(STR_FILE_EXPLORER_TITLE);
|
||||
|
||||
label FORM_FILE_EXPLORER_ID;
|
||||
label LABEL_END;
|
||||
endform;
|
||||
|
||||
//
|
||||
// Enroll Pk from File Commit Form
|
||||
@@ -489,21 +617,23 @@ formset
|
||||
|
||||
label SECUREBOOT_ADD_PK_FILE_FORM_ID;
|
||||
label LABEL_END;
|
||||
|
||||
|
||||
subtitle text = STRING_TOKEN(STR_NULL);
|
||||
|
||||
text
|
||||
help = STRING_TOKEN(STR_SAVE_AND_EXIT),
|
||||
text = STRING_TOKEN(STR_SAVE_AND_EXIT),
|
||||
text = STRING_TOKEN(STR_NULL),
|
||||
flags = INTERACTIVE,
|
||||
key = KEY_VALUE_SAVE_AND_EXIT_PK;
|
||||
|
||||
text
|
||||
help = STRING_TOKEN(STR_NO_SAVE_AND_EXIT),
|
||||
text = STRING_TOKEN(STR_NO_SAVE_AND_EXIT),
|
||||
text = STRING_TOKEN(STR_NULL),
|
||||
flags = INTERACTIVE,
|
||||
key = KEY_VALUE_NO_SAVE_AND_EXIT_PK;
|
||||
|
||||
endform;
|
||||
|
||||
endformset;
|
||||
endformset;
|
@@ -62,40 +62,40 @@
|
||||
## SOMETIMES_CONSUMES ## Variable:L"CustomMode"
|
||||
## SOMETIMES_PRODUCES ## Variable:L"CustomMode"
|
||||
gEfiCustomModeEnableGuid
|
||||
|
||||
|
||||
## SOMETIMES_CONSUMES ## Variable:L"SecureBootEnable"
|
||||
## SOMETIMES_PRODUCES ## Variable:L"SecureBootEnable"
|
||||
gEfiSecureBootEnableDisableGuid
|
||||
|
||||
|
||||
## SOMETIMES_CONSUMES ## GUID # Unique ID for the type of the signature.
|
||||
## SOMETIMES_PRODUCES ## GUID # Unique ID for the type of the signature.
|
||||
gEfiCertRsa2048Guid
|
||||
|
||||
|
||||
## SOMETIMES_CONSUMES ## GUID # Unique ID for the type of the signature.
|
||||
## SOMETIMES_PRODUCES ## GUID # Unique ID for the type of the signature.
|
||||
## SOMETIMES_PRODUCES ## GUID # Unique ID for the type of the signature.
|
||||
gEfiCertX509Guid
|
||||
|
||||
|
||||
## SOMETIMES_CONSUMES ## GUID # Unique ID for the type of the signature.
|
||||
## SOMETIMES_PRODUCES ## GUID # Unique ID for the type of the signature.
|
||||
## SOMETIMES_PRODUCES ## GUID # Unique ID for the type of the signature.
|
||||
gEfiCertSha1Guid
|
||||
|
||||
|
||||
## SOMETIMES_CONSUMES ## GUID # Unique ID for the type of the signature.
|
||||
## SOMETIMES_PRODUCES ## GUID # Unique ID for the type of the signature.
|
||||
## SOMETIMES_PRODUCES ## GUID # Unique ID for the type of the signature.
|
||||
gEfiCertSha256Guid
|
||||
|
||||
|
||||
## SOMETIMES_CONSUMES ## Variable:L"db"
|
||||
## SOMETIMES_PRODUCES ## Variable:L"db"
|
||||
## SOMETIMES_CONSUMES ## Variable:L"dbx"
|
||||
## SOMETIMES_PRODUCES ## Variable:L"dbx"
|
||||
gEfiImageSecurityDatabaseGuid
|
||||
|
||||
|
||||
## SOMETIMES_CONSUMES ## Variable:L"SetupMode"
|
||||
## SOMETIMES_PRODUCES ## Variable:L"PK"
|
||||
## SOMETIMES_CONSUMES ## Variable:L"KEK"
|
||||
## SOMETIMES_PRODUCES ## Variable:L"KEK"
|
||||
## SOMETIMES_CONSUMES ## Variable:L"SecureBoot"
|
||||
gEfiGlobalVariableGuid
|
||||
|
||||
|
||||
gEfiIfrTianoGuid ## PRODUCES ## GUID # HII opcode
|
||||
## PRODUCES ## HII
|
||||
## CONSUMES ## HII
|
||||
@@ -105,6 +105,10 @@
|
||||
gEfiFileSystemVolumeLabelInfoIdGuid ## SOMETIMES_CONSUMES ## GUID # Indicate the information type
|
||||
gEfiFileInfoGuid ## SOMETIMES_CONSUMES ## GUID # Indicate the information type
|
||||
|
||||
gEfiCertX509Sha256Guid ## SOMETIMES_PRODUCES ## GUID # Unique ID for the type of the certificate.
|
||||
gEfiCertX509Sha384Guid ## SOMETIMES_PRODUCES ## GUID # Unique ID for the type of the certificate.
|
||||
gEfiCertX509Sha512Guid ## SOMETIMES_PRODUCES ## GUID # Unique ID for the type of the certificate.
|
||||
|
||||
[Protocols]
|
||||
gEfiHiiConfigAccessProtocolGuid ## PRODUCES
|
||||
gEfiDevicePathProtocolGuid ## PRODUCES
|
||||
@@ -119,4 +123,3 @@
|
||||
|
||||
[UserExtensions.TianoCore."ExtraFiles"]
|
||||
SecureBootConfigDxeExtra.uni
|
||||
|
@@ -65,7 +65,7 @@ StrDuplicate (
|
||||
}
|
||||
|
||||
/**
|
||||
Helper function called as part of the code needed to allocate
|
||||
Helper function called as part of the code needed to allocate
|
||||
the proper sized buffer for various EFI interfaces.
|
||||
|
||||
@param[in, out] Status Current status
|
||||
@@ -122,7 +122,7 @@ GrowBuffer (
|
||||
}
|
||||
|
||||
/**
|
||||
Append file name to existing file name, and allocate a new buffer
|
||||
Append file name to existing file name, and allocate a new buffer
|
||||
to hold the appended result.
|
||||
|
||||
@param[in] Str1 The existing file name
|
||||
@@ -149,7 +149,7 @@ AppendFileName (
|
||||
Str = AllocateZeroPool (Size1 + Size2 + sizeof (CHAR16));
|
||||
ASSERT (Str != NULL);
|
||||
|
||||
TmpStr = AllocateZeroPool (Size1 + Size2 + sizeof (CHAR16));
|
||||
TmpStr = AllocateZeroPool (Size1 + Size2 + sizeof (CHAR16));
|
||||
ASSERT (TmpStr != NULL);
|
||||
|
||||
StrCat (Str, Str1);
|
||||
@@ -170,7 +170,7 @@ AppendFileName (
|
||||
//
|
||||
|
||||
//
|
||||
// Use TmpStr as a backup, as StrCpy in BaseLib does not handle copy of two strings
|
||||
// Use TmpStr as a backup, as StrCpy in BaseLib does not handle copy of two strings
|
||||
// that overlap.
|
||||
//
|
||||
StrCpy (TmpStr, Ptr + 3);
|
||||
@@ -182,7 +182,7 @@ AppendFileName (
|
||||
//
|
||||
|
||||
//
|
||||
// Use TmpStr as a backup, as StrCpy in BaseLib does not handle copy of two strings
|
||||
// Use TmpStr as a backup, as StrCpy in BaseLib does not handle copy of two strings
|
||||
// that overlap.
|
||||
//
|
||||
StrCpy (TmpStr, Ptr + 2);
|
||||
@@ -196,7 +196,7 @@ AppendFileName (
|
||||
}
|
||||
|
||||
FreePool (TmpStr);
|
||||
|
||||
|
||||
return Str;
|
||||
}
|
||||
|
||||
@@ -354,7 +354,7 @@ DestroyMenuEntry (
|
||||
Free resources allocated in Allocate Rountine.
|
||||
|
||||
@param[in, out] MenuOption Menu to be freed
|
||||
|
||||
|
||||
**/
|
||||
VOID
|
||||
FreeMenu (
|
||||
@@ -459,7 +459,7 @@ FileSystemVolumeLabelInfo (
|
||||
This function opens a file with the open mode according to the file path. The
|
||||
Attributes is valid only for EFI_FILE_MODE_CREATE.
|
||||
|
||||
@param[in, out] FilePath On input, the device path to the file.
|
||||
@param[in, out] FilePath On input, the device path to the file.
|
||||
On output, the remaining device path.
|
||||
@param[out] FileHandle Pointer to the file handle.
|
||||
@param[in] OpenMode The mode to open the file with.
|
||||
@@ -495,7 +495,7 @@ OpenFileByDevicePath(
|
||||
EFI_SIMPLE_FILE_SYSTEM_PROTOCOL *EfiSimpleFileSystemProtocol;
|
||||
EFI_FILE_PROTOCOL *Handle1;
|
||||
EFI_FILE_PROTOCOL *Handle2;
|
||||
EFI_HANDLE DeviceHandle;
|
||||
EFI_HANDLE DeviceHandle;
|
||||
|
||||
if ((FilePath == NULL || FileHandle == NULL)) {
|
||||
return EFI_INVALID_PARAMETER;
|
||||
@@ -816,7 +816,7 @@ FindFileSystem (
|
||||
if (NoSimpleFsHandles != 0) {
|
||||
FreePool (SimpleFsHandle);
|
||||
}
|
||||
|
||||
|
||||
//
|
||||
// Remember how many file system options are here
|
||||
//
|
||||
@@ -826,7 +826,7 @@ FindFileSystem (
|
||||
|
||||
|
||||
/**
|
||||
Find files under the current directory. All files and sub-directories
|
||||
Find files under the current directory. All files and sub-directories
|
||||
in current directory will be stored in DirectoryMenu for future use.
|
||||
|
||||
@param[in] MenuEntry The Menu Entry.
|
||||
@@ -892,7 +892,7 @@ FindFiles (
|
||||
if (DirInfo == NULL) {
|
||||
return EFI_OUT_OF_RESOURCES;
|
||||
}
|
||||
|
||||
|
||||
//
|
||||
// Get all files in current directory
|
||||
// Pass 1 to get Directories
|
||||
@@ -934,7 +934,7 @@ FindFiles (
|
||||
NewFileContext->FileName
|
||||
);
|
||||
NewMenuEntry->HelpString = NULL;
|
||||
|
||||
|
||||
NewFileContext->IsDir = (BOOLEAN) ((DirInfo->Attribute & EFI_FILE_DIRECTORY) == EFI_FILE_DIRECTORY);
|
||||
if (NewFileContext->IsDir) {
|
||||
BufferSize = StrLen (DirInfo->FileName) * 2 + 6;
|
||||
@@ -977,7 +977,7 @@ RefreshUpdateData (
|
||||
{
|
||||
//
|
||||
// Free current updated date
|
||||
//
|
||||
//
|
||||
if (mStartOpCodeHandle != NULL) {
|
||||
HiiFreeOpCodeHandle (mStartOpCodeHandle);
|
||||
}
|
||||
@@ -1032,6 +1032,9 @@ UpdateFileExplorePage (
|
||||
} else if (FeCurrentState == FileExplorerStateEnrollSignatureFileToDbx) {
|
||||
FormId = SECUREBOOT_ENROLL_SIGNATURE_TO_DBX;
|
||||
FileFormId = FORM_FILE_EXPLORER_ID_DBX;
|
||||
} else if (FeCurrentState == FileExplorerStateEnrollSignatureFileToDbt) {
|
||||
FormId = SECUREBOOT_ENROLL_SIGNATURE_TO_DBT;
|
||||
FileFormId = FORM_FILE_EXPLORER_ID_DBT;
|
||||
} else {
|
||||
return;
|
||||
}
|
||||
@@ -1118,7 +1121,7 @@ UpdateFileExplorer (
|
||||
//
|
||||
FreeMenu (&FsOptionMenu);
|
||||
FindFileSystem ();
|
||||
|
||||
|
||||
CreateMenuStringToken (PrivateData->HiiHandle, &FsOptionMenu);
|
||||
UpdateFileExplorePage (PrivateData->HiiHandle, &FsOptionMenu, PrivateData->FeCurrentState);
|
||||
|
||||
@@ -1156,13 +1159,15 @@ UpdateFileExplorer (
|
||||
FormId = SECUREBOOT_ENROLL_SIGNATURE_TO_DB;
|
||||
} else if (PrivateData->FeCurrentState == FileExplorerStateEnrollSignatureFileToDbx) {
|
||||
FormId = SECUREBOOT_ENROLL_SIGNATURE_TO_DBX;
|
||||
} else if (PrivateData->FeCurrentState == FileExplorerStateEnrollSignatureFileToDbt) {
|
||||
FormId = SECUREBOOT_ENROLL_SIGNATURE_TO_DBT;
|
||||
} else {
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
PrivateData->MenuEntry = NewMenuEntry;
|
||||
PrivateData->FileContext->FileName = NewFileContext->FileName;
|
||||
|
||||
|
||||
TmpDevicePath = NewFileContext->DevicePath;
|
||||
OpenFileByDevicePath (
|
||||
&TmpDevicePath,
|
||||
@@ -1200,7 +1205,7 @@ OnExit:
|
||||
}
|
||||
|
||||
/**
|
||||
Clean up the dynamic opcode at label and form specified by both LabelId.
|
||||
Clean up the dynamic opcode at label and form specified by both LabelId.
|
||||
|
||||
@param[in] LabelId It is both the Form ID and Label ID for opcode deletion.
|
||||
@param[in] PrivateData Module private data.
|
||||
@@ -1226,4 +1231,3 @@ CleanUpPage (
|
||||
mEndOpCodeHandle // LABEL_END
|
||||
);
|
||||
}
|
||||
|
||||
|
File diff suppressed because it is too large
Load Diff
@@ -2,7 +2,7 @@
|
||||
The header file of HII Config Access protocol implementation of SecureBoot
|
||||
configuration module.
|
||||
|
||||
Copyright (c) 2011 - 2012, Intel Corporation. All rights reserved.<BR>
|
||||
Copyright (c) 2011 - 2014, Intel Corporation. All rights reserved.<BR>
|
||||
This program and the accompanying materials
|
||||
are licensed and made available under the terms and conditions of the BSD License
|
||||
which accompanies this distribution. The full text of the license may be found at
|
||||
@@ -73,9 +73,18 @@ extern EFI_IFR_GUID_LABEL *mEndLabel;
|
||||
//
|
||||
#define SHA256_DIGEST_SIZE 32
|
||||
//
|
||||
// Set max digest size as SHA256 Output (32 bytes) by far
|
||||
// SHA-384 digest size in bytes
|
||||
//
|
||||
#define MAX_DIGEST_SIZE SHA256_DIGEST_SIZE
|
||||
#define SHA384_DIGEST_SIZE 48
|
||||
//
|
||||
// SHA-512 digest size in bytes
|
||||
//
|
||||
#define SHA512_DIGEST_SIZE 64
|
||||
|
||||
//
|
||||
// Set max digest size as SHA512 Output (64 bytes) by far
|
||||
//
|
||||
#define MAX_DIGEST_SIZE SHA512_DIGEST_SIZE
|
||||
|
||||
#define WIN_CERT_UEFI_RSA2048_SIZE 256
|
||||
|
||||
@@ -87,6 +96,7 @@ extern EFI_IFR_GUID_LABEL *mEndLabel;
|
||||
#define HASHALG_SHA256 0x00000002
|
||||
#define HASHALG_SHA384 0x00000003
|
||||
#define HASHALG_SHA512 0x00000004
|
||||
#define HASHALG_RAW 0x00000005
|
||||
#define HASHALG_MAX 0x00000005
|
||||
|
||||
|
||||
@@ -120,6 +130,7 @@ typedef enum _FILE_EXPLORER_STATE {
|
||||
FileExplorerStateEnrollKekFile,
|
||||
FileExplorerStateEnrollSignatureFileToDb,
|
||||
FileExplorerStateEnrollSignatureFileToDbx,
|
||||
FileExplorerStateEnrollSignatureFileToDbt,
|
||||
FileExplorerStateUnknown
|
||||
} FILE_EXPLORER_STATE;
|
||||
|
||||
@@ -316,7 +327,7 @@ BOOLEAN
|
||||
typedef struct {
|
||||
CHAR16 *Name; ///< Name for Hash Algorithm
|
||||
UINTN DigestLength; ///< Digest Length
|
||||
UINT8 *OidValue; ///< Hash Algorithm OID ASN.1 Value
|
||||
UINT8 *OidValue; ///< Hash Algorithm OID ASN.1 Value
|
||||
UINTN OidLength; ///< Length of Hash OID Value
|
||||
HASH_GET_CONTEXT_SIZE GetContextSize; ///< Pointer to Hash GetContentSize function
|
||||
HASH_INIT HashInit; ///< Pointer to Hash Init function
|
||||
@@ -471,7 +482,7 @@ DevicePathToStr (
|
||||
|
||||
|
||||
/**
|
||||
Clean up the dynamic opcode at label and form specified by both LabelId.
|
||||
Clean up the dynamic opcode at label and form specified by both LabelId.
|
||||
|
||||
@param[in] LabelId It is both the Form ID and Label ID for opcode deletion.
|
||||
@param[in] PrivateData Module private data.
|
||||
@@ -505,7 +516,7 @@ UpdateFileExplorer (
|
||||
Free resources allocated in Allocate Rountine.
|
||||
|
||||
@param[in, out] MenuOption Menu to be freed
|
||||
|
||||
|
||||
**/
|
||||
VOID
|
||||
FreeMenu (
|
||||
@@ -514,15 +525,15 @@ FreeMenu (
|
||||
|
||||
|
||||
/**
|
||||
Read file content into BufferPtr, the size of the allocate buffer
|
||||
Read file content into BufferPtr, the size of the allocate buffer
|
||||
is *FileSize plus AddtionAllocateSize.
|
||||
|
||||
@param[in] FileHandle The file to be read.
|
||||
@param[in, out] BufferPtr Pointers to the pointer of allocated buffer.
|
||||
@param[out] FileSize Size of input file
|
||||
@param[in] AddtionAllocateSize Addtion size the buffer need to be allocated.
|
||||
@param[in] AddtionAllocateSize Addtion size the buffer need to be allocated.
|
||||
In case the buffer need to contain others besides the file content.
|
||||
|
||||
|
||||
@retval EFI_SUCCESS The file was read into the buffer.
|
||||
@retval EFI_INVALID_PARAMETER A parameter was invalid.
|
||||
@retval EFI_OUT_OF_RESOURCES A memory allocation failed.
|
||||
@@ -542,7 +553,7 @@ ReadFileContent (
|
||||
Close an open file handle.
|
||||
|
||||
@param[in] FileHandle The file handle to close.
|
||||
|
||||
|
||||
**/
|
||||
VOID
|
||||
CloseFile (
|
||||
@@ -555,7 +566,7 @@ CloseFile (
|
||||
|
||||
@param[in] Integer Pointer to the nonnegative integer to be converted
|
||||
@param[in] IntSizeInWords Length of integer buffer in words
|
||||
@param[out] OctetString Converted octet string of the specified length
|
||||
@param[out] OctetString Converted octet string of the specified length
|
||||
@param[in] OSSizeInBytes Intended length of resulting octet string in bytes
|
||||
|
||||
Returns:
|
||||
@@ -587,8 +598,8 @@ Int2OctStr (
|
||||
**/
|
||||
EFI_STATUS
|
||||
StringToGuid (
|
||||
IN CHAR16 *Str,
|
||||
IN UINTN StrLen,
|
||||
IN CHAR16 *Str,
|
||||
IN UINTN StrLen,
|
||||
OUT EFI_GUID *Guid
|
||||
);
|
||||
|
||||
@@ -599,7 +610,7 @@ StringToGuid (
|
||||
@param[in] Guid Pointer to GUID to print.
|
||||
@param[in] Buffer Buffer to print Guid into.
|
||||
@param[in] BufferSize Size of Buffer.
|
||||
|
||||
|
||||
@retval Number of characters printed.
|
||||
|
||||
**/
|
||||
@@ -610,4 +621,4 @@ GuidToString (
|
||||
IN UINTN BufferSize
|
||||
);
|
||||
|
||||
#endif
|
||||
#endif
|
@@ -2,12 +2,12 @@
|
||||
Header file for NV data structure definition.
|
||||
|
||||
Copyright (c) 2011 - 2014, Intel Corporation. All rights reserved.<BR>
|
||||
This program and the accompanying materials
|
||||
are licensed and made available under the terms and conditions of the BSD License
|
||||
which accompanies this distribution. The full text of the license may be found at
|
||||
This program and the accompanying materials
|
||||
are licensed and made available under the terms and conditions of the BSD License
|
||||
which accompanies this distribution. The full text of the license may be found at
|
||||
http://opensource.org/licenses/bsd-license.php
|
||||
|
||||
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
|
||||
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
|
||||
|
||||
**/
|
||||
@@ -41,6 +41,10 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
|
||||
#define FORM_FILE_EXPLORER_ID_KEK 0x11
|
||||
#define FORM_FILE_EXPLORER_ID_DB 0x12
|
||||
#define FORM_FILE_EXPLORER_ID_DBX 0x13
|
||||
#define FORMID_SECURE_BOOT_DBT_OPTION_FORM 0x14
|
||||
#define SECUREBOOT_ENROLL_SIGNATURE_TO_DBT 0x15
|
||||
#define SECUREBOOT_DELETE_SIGNATURE_FROM_DBT 0x16
|
||||
#define FORM_FILE_EXPLORER_ID_DBT 0x17
|
||||
|
||||
#define SECURE_BOOT_MODE_CUSTOM 0x01
|
||||
#define SECURE_BOOT_MODE_STANDARD 0x00
|
||||
@@ -56,6 +60,8 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
|
||||
#define KEY_VALUE_SAVE_AND_EXIT_DBX 0x100a
|
||||
#define KEY_VALUE_NO_SAVE_AND_EXIT_DBX 0x100b
|
||||
#define KEY_HIDE_SECURE_BOOT 0x100c
|
||||
#define KEY_VALUE_SAVE_AND_EXIT_DBT 0x100d
|
||||
#define KEY_VALUE_NO_SAVE_AND_EXIT_DBT 0x100e
|
||||
|
||||
#define KEY_SECURE_BOOT_OPTION 0x1100
|
||||
#define KEY_SECURE_BOOT_PK_OPTION 0x1101
|
||||
@@ -69,10 +75,13 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
|
||||
#define KEY_SECURE_BOOT_KEK_GUID 0x110a
|
||||
#define KEY_SECURE_BOOT_SIGNATURE_GUID_DB 0x110b
|
||||
#define KEY_SECURE_BOOT_SIGNATURE_GUID_DBX 0x110c
|
||||
#define KEY_SECURE_BOOT_DBT_OPTION 0x110d
|
||||
#define KEY_SECURE_BOOT_SIGNATURE_GUID_DBT 0x110e
|
||||
|
||||
#define LABEL_KEK_DELETE 0x1200
|
||||
#define LABEL_DB_DELETE 0x1201
|
||||
#define LABEL_DBX_DELETE 0x1202
|
||||
#define LABEL_DBT_DELETE 0x1203
|
||||
#define LABEL_END 0xffff
|
||||
|
||||
#define SECURE_BOOT_MAX_ATTEMPTS_NUM 255
|
||||
@@ -93,7 +102,12 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
|
||||
//
|
||||
// Question ID 0x4000 ~ 0x4FFF is for DBX
|
||||
//
|
||||
#define OPTION_DEL_DBX_QUESTION_ID 0x4000
|
||||
#define OPTION_DEL_DBX_QUESTION_ID 0x4000
|
||||
|
||||
//
|
||||
// Question ID 0x5000 ~ 0x5FFF is for DBT
|
||||
//
|
||||
#define OPTION_DEL_DBT_QUESTION_ID 0x5000
|
||||
|
||||
#define FILE_OPTION_GOTO_OFFSET 0xC000
|
||||
#define FILE_OPTION_OFFSET 0x8000
|
||||
@@ -102,18 +116,21 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
|
||||
#define SECURE_BOOT_GUID_SIZE 36
|
||||
#define SECURE_BOOT_GUID_STORAGE_SIZE 37
|
||||
|
||||
|
||||
//
|
||||
// Nv Data structure referenced by IFR
|
||||
//
|
||||
typedef struct {
|
||||
BOOLEAN AttemptSecureBoot; //Attempt to enable/disable Secure Boot.
|
||||
BOOLEAN HideSecureBoot; //Hiden Attempt Secure Boot
|
||||
BOOLEAN AttemptSecureBoot; // Attempt to enable/disable Secure Boot
|
||||
BOOLEAN HideSecureBoot; // Hiden Attempt Secure Boot
|
||||
CHAR16 SignatureGuid[SECURE_BOOT_GUID_STORAGE_SIZE];
|
||||
BOOLEAN PhysicalPresent; //If a Physical Present User;
|
||||
UINT8 SecureBootMode; //Secure Boot Mode: Standard Or Custom
|
||||
BOOLEAN DeletePk;
|
||||
BOOLEAN HasPk; //If Pk is existed it is true;
|
||||
BOOLEAN PhysicalPresent; // If a Physical Present User
|
||||
UINT8 SecureBootMode; // Secure Boot Mode: Standard Or Custom
|
||||
BOOLEAN DeletePk;
|
||||
BOOLEAN HasPk; // If Pk is existed it is true
|
||||
BOOLEAN AlwaysRevocation; // If the certificate is always revoked. Revocation time is hidden
|
||||
UINT8 CertificateFormat; // The type of the certificate
|
||||
EFI_HII_DATE RevocationDate; // The revocation date of the certificate
|
||||
EFI_HII_TIME RevocationTime; // The revocation time of the certificate
|
||||
} SECUREBOOT_CONFIGURATION;
|
||||
|
||||
#endif
|
||||
#endif
|
Binary file not shown.
Reference in New Issue
Block a user