sravan/system76-edk2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

SecureBootConfig: Modify UI

Browse Source 
Rewrite the UI based on feedback from enabling the module.

Signed-off-by: Tim Crawford <tcrawford@system76.com>
This commit is contained in:
Tim Crawford
2023-01-27 13:32:00 -07:00
committed by Jeremy Soller
parent 4de32568fa
commit 30f6b2f3c7
6 changed files with 97 additions and 572 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
MdeModulePkg/Application/UiApp/FrontPage.c
View File

@ -247,7 +247,8 @@ UpdateFrontPageForm (
HiiFreeOpCodeHandle (EndOpCodeHandle); HiiFreeOpCodeHandle (EndOpCodeHandle);
} }
void UpdateFirmwareInfoForm(void) // FIXME: Copied from Device Manager; clean up
void ShowSecureBootConfig(void)
{ {
void *StartHandle; void *StartHandle;
void *EndHandle; void *EndHandle;
@ -283,8 +284,6 @@ void UpdateFirmwareInfoForm(void)
EndLabel->ExtendOpCode = EFI_IFR_EXTEND_OP_LABEL; EndLabel->ExtendOpCode = EFI_IFR_EXTEND_OP_LABEL;
EndLabel->Number = LABEL_END; EndLabel->Number = LABEL_END;
// FIXME: Copied from Device Manager; clean up
// Get SecureBootConfig handle // Get SecureBootConfig handle
HiiHandles = HiiGetHiiHandles(&SecureBootConfigGuid); HiiHandles = HiiGetHiiHandles(&SecureBootConfigGuid);
ASSERT(HiiHandles != NULL); ASSERT(HiiHandles != NULL);
@ -357,7 +356,7 @@ void UpdateFirmwareInfoForm(void)
HiiUpdateForm( HiiUpdateForm(
HiiHandle, HiiHandle,
&mFrontPageGuid, &mFrontPageGuid,
FIRMWARE_INFO_FORM_ID, FRONT_PAGE_FORM_ID,
StartHandle, StartHandle,
EndHandle EndHandle
); );
@ -424,7 +423,7 @@ InitializeFrontPage (
// //
UpdateFrontPageForm(); UpdateFrontPageForm();
UpdateFirmwareInfoForm(); ShowSecureBootConfig();
return Status; return Status;
} }

9
MdeModulePkg/Application/UiApp/FrontPageVfr.Vfr
View File

@ -37,6 +37,12 @@ formset
label LABEL_END; label LABEL_END;
subtitle text = STRING_TOKEN(STR_EMPTY_STRING); subtitle text = STRING_TOKEN(STR_EMPTY_STRING);
label LABEL_DEVICES_LIST;
label LABEL_END;
subtitle text = STRING_TOKEN(STR_EMPTY_STRING);
goto FIRMWARE_INFO_FORM_ID, goto FIRMWARE_INFO_FORM_ID,
prompt = STRING_TOKEN(STR_FIRMWARE_INFO), prompt = STRING_TOKEN(STR_FIRMWARE_INFO),
help = STRING_TOKEN(STR_EMPTY_STRING); help = STRING_TOKEN(STR_EMPTY_STRING);
@ -58,9 +64,6 @@ formset
subtitle text = STRING_TOKEN(STR_EMPTY_STRING); subtitle text = STRING_TOKEN(STR_EMPTY_STRING);
subtitle text = STRING_TOKEN(STR_ME_STATUS); subtitle text = STRING_TOKEN(STR_ME_STATUS);
subtitle text = STRING_TOKEN(STR_EMPTY_STRING); subtitle text = STRING_TOKEN(STR_EMPTY_STRING);
label LABEL_DEVICES_LIST;
label LABEL_END;
endform; endform;
endformset; endformset;

623
SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfig.vfr
View File

@ -1,611 +1,110 @@
/** @file // SPDX-License-Identifier: BSD-2-Clause-Patent
VFR file used by the SecureBoot configuration component. // SPDX-FileCopyrightText: Copyright (c) 2011 - 2018, Intel Corporation. All rights reserved.<BR>
// SPDX-FileCopyrightText: 2023 System76 <info@system76.com>
Copyright (c) 2011 - 2018, Intel Corporation. All rights reserved.<BR>
SPDX-License-Identifier: BSD-2-Clause-Patent
**/
#include "SecureBootConfigNvData.h" #include "SecureBootConfigNvData.h"
formset formset
guid = SECUREBOOT_CONFIG_FORM_SET_GUID, guid = SECUREBOOT_CONFIG_FORM_SET_GUID,
title = STRING_TOKEN(STR_SECUREBOOT_TITLE), title = STRING_TOKEN(STR_SECUREBOOT_TITLE),
help = STRING_TOKEN(STR_SECUREBOOT_HELP), help = STRING_TOKEN(STR_SECUREBOOT_HELP),
classguid = EFI_HII_PLATFORM_SETUP_FORMSET_GUID, classguid = EFI_HII_PLATFORM_SETUP_FORMSET_GUID,
varstore SECUREBOOT_CONFIGURATION, varstore SECUREBOOT_CONFIGURATION,
varid = SECUREBOOT_CONFIGURATION_VARSTORE_ID, varid = SECUREBOOT_CONFIGURATION_VARSTORE_ID,
name = SECUREBOOT_CONFIGURATION, name = SECUREBOOT_CONFIGURATION,
guid = SECUREBOOT_CONFIG_FORM_SET_GUID; guid = SECUREBOOT_CONFIG_FORM_SET_GUID;
//
// ##1 Form "Secure Boot Configuration"
//
form formid = SECUREBOOT_CONFIGURATION_FORM_ID, form formid = SECUREBOOT_CONFIGURATION_FORM_ID,
title = STRING_TOKEN(STR_SECUREBOOT_TITLE); title = STRING_TOKEN(STR_SECUREBOOT_TITLE);
subtitle text = STRING_TOKEN(STR_NULL); // FIXME: firmware-setup doesn't handle EFI_IFR_TEXT.
//text
// help = STRING_TOKEN(STR_SECURE_BOOT_STATE_HELP),
// text = STRING_TOKEN(STR_SECURE_BOOT_STATE_PROMPT),
// text = STRING_TOKEN(STR_SECURE_BOOT_STATE_CONTENT);
text subtitle text = STRING_TOKEN(STR_SECURE_BOOT_STATE_PROMPT);
help = STRING_TOKEN(STR_SECURE_BOOT_STATE_HELP),
text = STRING_TOKEN(STR_SECURE_BOOT_STATE_PROMPT),
text = STRING_TOKEN(STR_SECURE_BOOT_STATE_CONTENT);
// // XXX: Needed for "Secure Boot status" string to update.
// Display of Check Box: Attempt Secure Boot suppressif TRUE;
//
grayoutif ideqval SECUREBOOT_CONFIGURATION.HideSecureBoot == 1 OR NOT ideqval SECUREBOOT_CONFIGURATION.PhysicalPresent == 1;
checkbox varid = SECUREBOOT_CONFIGURATION.AttemptSecureBoot,
questionid = KEY_SECURE_BOOT_ENABLE,
prompt = STRING_TOKEN(STR_SECURE_BOOT_PROMPT),
help = STRING_TOKEN(STR_SECURE_BOOT_HELP),
flags = INTERACTIVE | RESET_REQUIRED,
endcheckbox;
endif;
//
// Display of Oneof: 'Secure Boot Mode'
//
oneof name = SecureBootMode, oneof name = SecureBootMode,
questionid = KEY_SECURE_BOOT_MODE, questionid = KEY_SECURE_BOOT_MODE,
prompt = STRING_TOKEN(STR_SECURE_BOOT_MODE_PROMPT), prompt = STRING_TOKEN(STR_SECURE_BOOT_MODE_PROMPT),
help = STRING_TOKEN(STR_SECURE_BOOT_MODE_HELP), help = STRING_TOKEN(STR_SECURE_BOOT_MODE_HELP),
flags = INTERACTIVE | NUMERIC_SIZE_1, flags = INTERACTIVE | NUMERIC_SIZE_1,
option text = STRING_TOKEN(STR_STANDARD_MODE), value = SECURE_BOOT_MODE_STANDARD, flags = DEFAULT; option text = STRING_TOKEN(STR_STANDARD_MODE), value = SECURE_BOOT_MODE_STANDARD, flags = DEFAULT;
option text = STRING_TOKEN(STR_CUSTOM_MODE), value = SECURE_BOOT_MODE_CUSTOM, flags = 0; option text = STRING_TOKEN(STR_CUSTOM_MODE), value = SECURE_BOOT_MODE_CUSTOM, flags = 0;
endoneof; endoneof;
//
// Display of 'Current Secure Boot Mode'
//
suppressif questionref(SecureBootMode) == SECURE_BOOT_MODE_STANDARD;
grayoutif NOT ideqval SECUREBOOT_CONFIGURATION.PhysicalPresent == 1;
goto FORMID_SECURE_BOOT_OPTION_FORM,
prompt = STRING_TOKEN(STR_SECURE_BOOT_OPTION),
help = STRING_TOKEN(STR_SECURE_BOOT_OPTION_HELP),
flags = INTERACTIVE,
key = KEY_SECURE_BOOT_OPTION;
endif;
endif; endif;
text suppressif ideqval SECUREBOOT_CONFIGURATION.AttemptSecureBoot == 0;
help = STRING_TOKEN(STR_SECURE_RESET_TO_DEFAULTS_HELP), goto FORMID_SECURE_BOOT_DISABLE,
text = STRING_TOKEN(STR_SECURE_RESET_TO_DEFAULTS), prompt = STRING_TOKEN(STR_SECURE_BOOT_DISABLE_PROMPT),
flags = INTERACTIVE, help = STRING_TOKEN(STR_NULL);
key = KEY_SECURE_BOOT_RESET_TO_DEFAULT; endif;
suppressif ideqval SECUREBOOT_CONFIGURATION.AttemptSecureBoot == 1;
endform; goto FORMID_SECURE_BOOT_ENABLE,
prompt = STRING_TOKEN(STR_SECURE_BOOT_ENABLE_PROMPT),
// help = STRING_TOKEN(STR_NULL);
// ##2 Form: 'Custom Secure Boot Options'
//
form formid = FORMID_SECURE_BOOT_OPTION_FORM,
title = STRING_TOKEN(STR_SECURE_BOOT_OPTION_TITLE);
subtitle text = STRING_TOKEN(STR_NULL);
goto FORMID_SECURE_BOOT_PK_OPTION_FORM,
prompt = STRING_TOKEN(STR_SECURE_BOOT_PK_OPTION),
help = STRING_TOKEN(STR_SECURE_BOOT_PK_OPTION_HELP),
flags = INTERACTIVE,
key = KEY_SECURE_BOOT_PK_OPTION;
subtitle text = STRING_TOKEN(STR_NULL);
goto FORMID_SECURE_BOOT_KEK_OPTION_FORM,
prompt = STRING_TOKEN(STR_SECURE_BOOT_KEK_OPTION),
help = STRING_TOKEN(STR_SECURE_BOOT_KEK_OPTION_HELP),
flags = INTERACTIVE,
key = KEY_SECURE_BOOT_KEK_OPTION;
subtitle text = STRING_TOKEN(STR_NULL);
goto FORMID_SECURE_BOOT_DB_OPTION_FORM,
prompt = STRING_TOKEN(STR_SECURE_BOOT_DB_OPTION),
help = STRING_TOKEN(STR_SECURE_BOOT_DB_OPTION_HELP),
flags = INTERACTIVE,
key = KEY_SECURE_BOOT_DB_OPTION;
subtitle text = STRING_TOKEN(STR_NULL);
goto FORMID_SECURE_BOOT_DBX_OPTION_FORM,
prompt = STRING_TOKEN(STR_SECURE_BOOT_DBX_OPTION),
help = STRING_TOKEN(STR_SECURE_BOOT_DBX_OPTION_HELP),
flags = INTERACTIVE,
key = KEY_SECURE_BOOT_DBX_OPTION;
subtitle text = STRING_TOKEN(STR_NULL);
goto FORMID_SECURE_BOOT_DBT_OPTION_FORM,
prompt = STRING_TOKEN(STR_SECURE_BOOT_DBT_OPTION),
help = STRING_TOKEN(STR_SECURE_BOOT_DBT_OPTION_HELP),
flags = INTERACTIVE,
key = KEY_SECURE_BOOT_DBT_OPTION;
endform;
//
// ##3 Form: 'PK Options'
//
form formid = FORMID_SECURE_BOOT_PK_OPTION_FORM,
title = STRING_TOKEN(STR_SECURE_BOOT_PK_OPTION);
subtitle text = STRING_TOKEN(STR_NULL);
//
// Display of 'Enroll PK'
//
grayoutif ideqval SECUREBOOT_CONFIGURATION.HasPk == 1;
goto FORMID_ENROLL_PK_FORM,
prompt = STRING_TOKEN(STR_ENROLL_PK),
help = STRING_TOKEN(STR_ENROLL_PK_HELP),
flags = INTERACTIVE,
key = KEY_ENROLL_PK;
endif; endif;
subtitle text = STRING_TOKEN(STR_NULL); subtitle text = STRING_TOKEN(STR_NULL);
// goto FORMID_DELETE_KEYS,
// Display of Check Box: 'Delete Pk' prompt = STRING_TOKEN(STR_DELETE_KEYS_PROMPT),
// help = STRING_TOKEN(STR_NULL);
grayoutif ideqval SECUREBOOT_CONFIGURATION.HideSecureBoot == 1;
checkbox varid = SECUREBOOT_CONFIGURATION.DeletePk,
questionid = KEY_SECURE_BOOT_DELETE_PK,
prompt = STRING_TOKEN(STR_DELETE_PK),
help = STRING_TOKEN(STR_DELETE_PK_HELP),
flags = INTERACTIVE | RESET_REQUIRED,
endcheckbox;
endif;
endform;
//
// ##4 Form: 'Enroll PK'
//
form formid = FORMID_ENROLL_PK_FORM,
title = STRING_TOKEN(STR_ENROLL_PK);
subtitle text = STRING_TOKEN(STR_NULL); subtitle text = STRING_TOKEN(STR_NULL);
goto FORMID_ENROLL_PK_FORM, goto FORMID_RESTORE_KEYS,
prompt = STRING_TOKEN(STR_SECURE_BOOT_ENROLL_PK_FILE), prompt = STRING_TOKEN(STR_RESTORE_KEYS_PROMPT),
help = STRING_TOKEN(STR_SECURE_BOOT_ENROLL_PK_FILE), help = STRING_TOKEN(STR_NULL);
flags = INTERACTIVE,
key = FORMID_ENROLL_PK_FORM;
subtitle text = STRING_TOKEN(STR_NULL);
label FORMID_ENROLL_PK_FORM;
label LABEL_END;
subtitle text = STRING_TOKEN(STR_NULL);
goto FORMID_SECURE_BOOT_OPTION_FORM,
prompt = STRING_TOKEN(STR_SAVE_AND_EXIT),
help = STRING_TOKEN(STR_SAVE_AND_EXIT),
flags = INTERACTIVE| RESET_REQUIRED,
key = KEY_VALUE_SAVE_AND_EXIT_PK;
goto FORMID_SECURE_BOOT_OPTION_FORM,
prompt = STRING_TOKEN(STR_NO_SAVE_AND_EXIT),
help = STRING_TOKEN(STR_NO_SAVE_AND_EXIT),
flags = INTERACTIVE,
key = KEY_VALUE_NO_SAVE_AND_EXIT_PK;
endform; endform;
// form formid = FORMID_SECURE_BOOT_ENABLE,
// ##5 Form: 'KEK Options' title = STRING_TOKEN(STR_SECUREBOOT_TITLE);
//
form formid = FORMID_SECURE_BOOT_KEK_OPTION_FORM,
title = STRING_TOKEN(STR_SECURE_BOOT_KEK_OPTION);
//
// Display of 'Enroll KEK'
//
goto FORMID_ENROLL_KEK_FORM,
prompt = STRING_TOKEN(STR_ENROLL_KEK),
help = STRING_TOKEN(STR_ENROLL_KEK_HELP),
flags = INTERACTIVE;
subtitle text = STRING_TOKEN(STR_ENABLE_NOTICE);
subtitle text = STRING_TOKEN(STR_NULL); subtitle text = STRING_TOKEN(STR_NULL);
// goto SECUREBOOT_CONFIGURATION_FORM_ID,
// Display of 'Delete KEK' prompt = STRING_TOKEN(STR_CANCEL),
// help = STRING_TOKEN(STR_NULL);
goto FORMID_DELETE_KEK_FORM,
prompt = STRING_TOKEN(STR_DELETE_KEK),
help = STRING_TOKEN(STR_DELETE_KEK_HELP),
flags = INTERACTIVE,
key = KEY_DELETE_KEK;
subtitle text = STRING_TOKEN(STR_NULL);
endform; endform;
// form formid = FORMID_SECURE_BOOT_DISABLE,
// ##6 Form: 'Enroll KEK' title = STRING_TOKEN(STR_SECUREBOOT_TITLE);
//
form formid = FORMID_ENROLL_KEK_FORM,
title = STRING_TOKEN(STR_ENROLL_KEK_TITLE);
subtitle text = STRING_TOKEN(STR_DISABLE_NOTICE);
subtitle text = STRING_TOKEN(STR_NULL); subtitle text = STRING_TOKEN(STR_NULL);
goto FORMID_ENROLL_KEK_FORM, goto SECUREBOOT_CONFIGURATION_FORM_ID,
prompt = STRING_TOKEN(STR_FORM_ENROLL_KEK_FROM_FILE_TITLE), prompt = STRING_TOKEN(STR_CANCEL),
help = STRING_TOKEN(STR_FORM_ENROLL_KEK_FROM_FILE_TITLE_HELP), help = STRING_TOKEN(STR_NULL);
flags = INTERACTIVE,
key = FORMID_ENROLL_KEK_FORM;
subtitle text = STRING_TOKEN(STR_NULL);
label FORMID_ENROLL_KEK_FORM;
label LABEL_END;
subtitle text = STRING_TOKEN(STR_NULL);
string varid = SECUREBOOT_CONFIGURATION.SignatureGuid,
prompt = STRING_TOKEN(STR_SECURE_BOOT_SIGNATURE_GUID),
help = STRING_TOKEN(STR_SECURE_BOOT_SIGNATURE_GUID_HELP),
flags = INTERACTIVE,
key = KEY_SECURE_BOOT_KEK_GUID,
minsize = SECURE_BOOT_GUID_SIZE,
maxsize = SECURE_BOOT_GUID_SIZE,
endstring;
subtitle text = STRING_TOKEN(STR_NULL);
subtitle text = STRING_TOKEN(STR_NULL);
goto FORMID_SECURE_BOOT_OPTION_FORM,
prompt = STRING_TOKEN(STR_SAVE_AND_EXIT),
help = STRING_TOKEN(STR_SAVE_AND_EXIT),
flags = INTERACTIVE,
key = KEY_VALUE_SAVE_AND_EXIT_KEK;
goto FORMID_SECURE_BOOT_OPTION_FORM,
prompt = STRING_TOKEN(STR_NO_SAVE_AND_EXIT),
help = STRING_TOKEN(STR_NO_SAVE_AND_EXIT),
flags = INTERACTIVE,
key = KEY_VALUE_NO_SAVE_AND_EXIT_KEK;
endform; endform;
// form formid = FORMID_DELETE_KEYS,
// ##7 Form: 'Delete KEK' title = STRING_TOKEN(STR_SECUREBOOT_TITLE);
//
form formid = FORMID_DELETE_KEK_FORM,
title = STRING_TOKEN(STR_DELETE_KEK_TITLE);
label LABEL_KEK_DELETE;
label LABEL_END;
subtitle text = STRING_TOKEN(STR_DELETE_KEYS_NOTICE);
subtitle text = STRING_TOKEN(STR_NULL); subtitle text = STRING_TOKEN(STR_NULL);
goto SECUREBOOT_CONFIGURATION_FORM_ID,
prompt = STRING_TOKEN(STR_CANCEL),
help = STRING_TOKEN(STR_NULL);
endform; endform;
// form formid = FORMID_RESTORE_KEYS,
// ##8 Form: 'DB Options' title = STRING_TOKEN(STR_SECUREBOOT_TITLE);
//
form formid = FORMID_SECURE_BOOT_DB_OPTION_FORM,
title = STRING_TOKEN(STR_SECURE_BOOT_DB_OPTION);
subtitle text = STRING_TOKEN(STR_RESTORE_KEYS_NOTICE);
subtitle text = STRING_TOKEN(STR_NULL); subtitle text = STRING_TOKEN(STR_NULL);
goto SECUREBOOT_ENROLL_SIGNATURE_TO_DB, goto SECUREBOOT_CONFIGURATION_FORM_ID,
prompt = STRING_TOKEN (STR_SECURE_BOOT_ENROLL_SIGNATURE), prompt = STRING_TOKEN(STR_CANCEL),
help = STRING_TOKEN (STR_SECURE_BOOT_ENROLL_SIGNATURE), help = STRING_TOKEN(STR_NULL);
flags = 0;
subtitle text = STRING_TOKEN(STR_NULL);
goto SECUREBOOT_DELETE_SIGNATURE_FROM_DB,
prompt = STRING_TOKEN (STR_SECURE_BOOT_DELETE_SIGNATURE),
help = STRING_TOKEN (STR_SECURE_BOOT_DELETE_SIGNATURE),
flags = INTERACTIVE,
key = SECUREBOOT_DELETE_SIGNATURE_FROM_DB;
endform;
//
// ##9 Form: 'DBX Options'
//
form formid = FORMID_SECURE_BOOT_DBX_OPTION_FORM,
title = STRING_TOKEN(STR_SECURE_BOOT_DBX_OPTION);
subtitle text = STRING_TOKEN(STR_NULL);
goto SECUREBOOT_ENROLL_SIGNATURE_TO_DBX,
prompt = STRING_TOKEN (STR_SECURE_BOOT_ENROLL_SIGNATURE),
help = STRING_TOKEN (STR_SECURE_BOOT_ENROLL_SIGNATURE),
flags = 0;
subtitle text = STRING_TOKEN(STR_NULL);
goto SECUREBOOT_DELETE_SIGNATURE_LIST_FORM,
prompt = STRING_TOKEN (STR_SECURE_BOOT_DELETE_SIGNATURE),
help = STRING_TOKEN (STR_SECURE_BOOT_DELETE_SIGNATURE),
flags = INTERACTIVE,
key = KEY_VALUE_FROM_DBX_TO_LIST_FORM;
endform;
//
// ##9 Form: 'DBT Options'
//
form formid = FORMID_SECURE_BOOT_DBT_OPTION_FORM,
title = STRING_TOKEN(STR_SECURE_BOOT_DBT_OPTION);
subtitle text = STRING_TOKEN(STR_NULL);
goto SECUREBOOT_ENROLL_SIGNATURE_TO_DBT,
prompt = STRING_TOKEN (STR_SECURE_BOOT_ENROLL_SIGNATURE),
help = STRING_TOKEN (STR_SECURE_BOOT_ENROLL_SIGNATURE),
flags = 0;
subtitle text = STRING_TOKEN(STR_NULL);
goto SECUREBOOT_DELETE_SIGNATURE_FROM_DBT,
prompt = STRING_TOKEN (STR_SECURE_BOOT_DELETE_SIGNATURE),
help = STRING_TOKEN (STR_SECURE_BOOT_DELETE_SIGNATURE),
flags = INTERACTIVE,
key = SECUREBOOT_DELETE_SIGNATURE_FROM_DBT;
endform;
//
// Form: 'Delete Signature' for DB Options.
//
form formid = SECUREBOOT_DELETE_SIGNATURE_FROM_DB,
title = STRING_TOKEN(STR_SECURE_BOOT_DELETE_SIGNATURE);
label LABEL_DB_DELETE;
label LABEL_END;
subtitle text = STRING_TOKEN(STR_NULL);
endform;
//
// Form: Display Signature List.
//
form formid = SECUREBOOT_DELETE_SIGNATURE_LIST_FORM,
title = STRING_TOKEN(STR_SECURE_BOOT_DELETE_LIST_FORM);
subtitle text = STRING_TOKEN(STR_NULL);
grayoutif ideqval SECUREBOOT_CONFIGURATION.ListCount == 0;
label LABEL_DELETE_ALL_LIST_BUTTON;
//
// Will create a goto button dynamically here.
//
label LABEL_END;
endif;
subtitle text = STRING_TOKEN(STR_NULL);
label LABEL_SIGNATURE_LIST_START;
label LABEL_END;
subtitle text = STRING_TOKEN(STR_NULL);
endform;
//
// Form: Display Signature Data.
//
form formid = SECUREBOOT_DELETE_SIGNATURE_DATA_FORM,
title = STRING_TOKEN(STR_SECURE_BOOT_DELETE_DATA_FORM);
subtitle text = STRING_TOKEN(STR_NULL);
goto SECUREBOOT_DELETE_SIGNATURE_LIST_FORM,
prompt = STRING_TOKEN(STR_SECURE_BOOT_DELETE_ALL_DATA),
help = STRING_TOKEN(STR_SECURE_BOOT_DELETE_ALL_DATA_HELP),
flags = INTERACTIVE,
key = KEY_SECURE_BOOT_DELETE_ALL_DATA;
grayoutif ideqval SECUREBOOT_CONFIGURATION.CheckedDataCount == 0;
goto SECUREBOOT_DELETE_SIGNATURE_LIST_FORM,
prompt = STRING_TOKEN(STR_SECURE_BOOT_DELETE_CHECK_DATA),
help = STRING_TOKEN(STR_SECURE_BOOT_DELETE_CHECK_DATA_HELP),
flags = INTERACTIVE,
key = KEY_SECURE_BOOT_DELETE_CHECK_DATA;
endif;
subtitle text = STRING_TOKEN(STR_NULL);
label LABEL_SIGNATURE_DATA_START;
label LABEL_END;
subtitle text = STRING_TOKEN(STR_NULL);
endform;
//
// Form: 'Delete Signature' for DBT Options.
//
form formid = SECUREBOOT_DELETE_SIGNATURE_FROM_DBT,
title = STRING_TOKEN(STR_SECURE_BOOT_DELETE_SIGNATURE);
label LABEL_DBT_DELETE;
label LABEL_END;
subtitle text = STRING_TOKEN(STR_NULL);
endform;
//
// Form: 'Enroll Signature' for DB options.
//
form formid = SECUREBOOT_ENROLL_SIGNATURE_TO_DB,
title = STRING_TOKEN(STR_SECURE_BOOT_ENROLL_SIGNATURE);
subtitle text = STRING_TOKEN(STR_NULL);
goto SECUREBOOT_ENROLL_SIGNATURE_TO_DB,
prompt = STRING_TOKEN(STR_SECURE_BOOT_ADD_SIGNATURE_FILE),
help = STRING_TOKEN(STR_SECURE_BOOT_ADD_SIGNATURE_FILE),
flags = INTERACTIVE,
key = SECUREBOOT_ENROLL_SIGNATURE_TO_DB;
subtitle text = STRING_TOKEN(STR_NULL);
label SECUREBOOT_ENROLL_SIGNATURE_TO_DB;
label LABEL_END;
subtitle text = STRING_TOKEN(STR_NULL);
string varid = SECUREBOOT_CONFIGURATION.SignatureGuid,
prompt = STRING_TOKEN(STR_SECURE_BOOT_SIGNATURE_GUID),
help = STRING_TOKEN(STR_SECURE_BOOT_SIGNATURE_GUID_HELP),
flags = INTERACTIVE,
key = KEY_SECURE_BOOT_SIGNATURE_GUID_DB,
minsize = SECURE_BOOT_GUID_SIZE,
maxsize = SECURE_BOOT_GUID_SIZE,
endstring;
subtitle text = STRING_TOKEN(STR_NULL);
subtitle text = STRING_TOKEN(STR_NULL);
goto FORMID_SECURE_BOOT_OPTION_FORM,
prompt = STRING_TOKEN(STR_SAVE_AND_EXIT),
help = STRING_TOKEN(STR_SAVE_AND_EXIT),
flags = INTERACTIVE,
key = KEY_VALUE_SAVE_AND_EXIT_DB;
goto FORMID_SECURE_BOOT_OPTION_FORM,
prompt = STRING_TOKEN(STR_NO_SAVE_AND_EXIT),
help = STRING_TOKEN(STR_NO_SAVE_AND_EXIT),
flags = INTERACTIVE,
key = KEY_VALUE_NO_SAVE_AND_EXIT_DB;
endform;
//
// Form: 'Enroll Signature' for DBX options.
//
form formid = SECUREBOOT_ENROLL_SIGNATURE_TO_DBX,
title = STRING_TOKEN(STR_SECURE_BOOT_ENROLL_SIGNATURE);
subtitle text = STRING_TOKEN(STR_NULL);
goto SECUREBOOT_ENROLL_SIGNATURE_TO_DBX,
prompt = STRING_TOKEN(STR_SECURE_BOOT_ADD_SIGNATURE_FILE),
help = STRING_TOKEN(STR_SECURE_BOOT_ADD_SIGNATURE_FILE),
flags = INTERACTIVE,
key = SECUREBOOT_ENROLL_SIGNATURE_TO_DBX;
label SECUREBOOT_ENROLL_SIGNATURE_TO_DBX;
label LABEL_END;
subtitle text = STRING_TOKEN(STR_NULL);
grayoutif ideqval SECUREBOOT_CONFIGURATION.FileEnrollType == 3;
string varid = SECUREBOOT_CONFIGURATION.SignatureGuid,
prompt = STRING_TOKEN(STR_SECURE_BOOT_SIGNATURE_GUID),
help = STRING_TOKEN(STR_SECURE_BOOT_SIGNATURE_GUID_HELP),
flags = INTERACTIVE,
key = KEY_SECURE_BOOT_SIGNATURE_GUID_DBX,
minsize = SECURE_BOOT_GUID_SIZE,
maxsize = SECURE_BOOT_GUID_SIZE,
endstring;
endif;
disableif NOT ideqval SECUREBOOT_CONFIGURATION.FileEnrollType == 1;
oneof name = X509SignatureFormatInDbx,
varid = SECUREBOOT_CONFIGURATION.CertificateFormat,
prompt = STRING_TOKEN(STR_DBX_CERTIFICATE_FORMAT_PROMPT),
help = STRING_TOKEN(STR_DBX_CERTIFICATE_FORMAT_HELP),
option text = STRING_TOKEN(STR_DBX_CERTIFICATE_FORMAT_SHA256), value = 0x1, flags = DEFAULT;
option text = STRING_TOKEN(STR_DBX_CERTIFICATE_FORMAT_SHA384), value = 0x2, flags = 0;
option text = STRING_TOKEN(STR_DBX_CERTIFICATE_FORMAT_SHA512), value = 0x3, flags = 0;
option text = STRING_TOKEN(STR_DBX_CERTIFICATE_FORMAT_RAW), value = 0x4, flags = 0;
endoneof;
endif;
disableif NOT ideqval SECUREBOOT_CONFIGURATION.FileEnrollType == 2;
text
help = STRING_TOKEN(STR_DBX_PE_IMAGE_FORMAT_HELP), // Help string
text = STRING_TOKEN(STR_DBX_CERTIFICATE_FORMAT_PROMPT), // Prompt string
text = STRING_TOKEN(STR_DBX_PE_FORMAT_SHA256); // PE image type
endif;
disableif NOT ideqval SECUREBOOT_CONFIGURATION.FileEnrollType == 3;
text
help = STRING_TOKEN(STR_DBX_AUTH_2_FORMAT_HELP), // Help string
text = STRING_TOKEN(STR_DBX_CERTIFICATE_FORMAT_PROMPT), // Prompt string
text = STRING_TOKEN(STR_DBX_AUTH_2_FORMAT); // AUTH_2 image type
endif;
suppressif ideqval SECUREBOOT_CONFIGURATION.CertificateFormat == 4;
checkbox varid = SECUREBOOT_CONFIGURATION.AlwaysRevocation,
prompt = STRING_TOKEN(STR_ALWAYS_CERTIFICATE_REVOCATION_PROMPT),
help = STRING_TOKEN(STR_ALWAYS_CERTIFICATE_REVOCATION_HELP),
flags = INTERACTIVE,
endcheckbox;
suppressif ideqval SECUREBOOT_CONFIGURATION.AlwaysRevocation == 1;
date varid = SECUREBOOT_CONFIGURATION.RevocationDate,
prompt = STRING_TOKEN(STR_CERTIFICATE_REVOCATION_DATE_PROMPT),
help = STRING_TOKEN(STR_CERTIFICATE_REVOCATION_DATE_HELP),
flags = STORAGE_NORMAL,
enddate;
time varid = SECUREBOOT_CONFIGURATION.RevocationTime,
prompt = STRING_TOKEN(STR_CERTIFICATE_REVOCATION_TIME_PROMPT),
help = STRING_TOKEN(STR_CERTIFICATE_REVOCATION_TIME_HELP),
flags = STORAGE_NORMAL,
endtime;
endif;
endif;
subtitle text = STRING_TOKEN(STR_NULL);
subtitle text = STRING_TOKEN(STR_NULL);
goto FORMID_SECURE_BOOT_OPTION_FORM,
prompt = STRING_TOKEN(STR_SAVE_AND_EXIT),
help = STRING_TOKEN(STR_SAVE_AND_EXIT),
flags = INTERACTIVE,
key = KEY_VALUE_SAVE_AND_EXIT_DBX;
goto FORMID_SECURE_BOOT_OPTION_FORM,
prompt = STRING_TOKEN(STR_NO_SAVE_AND_EXIT),
help = STRING_TOKEN(STR_NO_SAVE_AND_EXIT),
flags = INTERACTIVE,
key = KEY_VALUE_NO_SAVE_AND_EXIT_DBX;
endform;
//
// Form: 'Enroll Signature' for DBT options.
//
form formid = SECUREBOOT_ENROLL_SIGNATURE_TO_DBT,
title = STRING_TOKEN(STR_SECURE_BOOT_ENROLL_SIGNATURE);
subtitle text = STRING_TOKEN(STR_NULL);
goto SECUREBOOT_ENROLL_SIGNATURE_TO_DBT,
prompt = STRING_TOKEN(STR_SECURE_BOOT_ADD_SIGNATURE_FILE),
help = STRING_TOKEN(STR_SECURE_BOOT_ADD_SIGNATURE_FILE),
flags = INTERACTIVE,
key = SECUREBOOT_ENROLL_SIGNATURE_TO_DBT;
subtitle text = STRING_TOKEN(STR_NULL);
label SECUREBOOT_ENROLL_SIGNATURE_TO_DBT;
label LABEL_END;
subtitle text = STRING_TOKEN(STR_NULL);
string varid = SECUREBOOT_CONFIGURATION.SignatureGuid,
prompt = STRING_TOKEN(STR_SECURE_BOOT_SIGNATURE_GUID),
help = STRING_TOKEN(STR_SECURE_BOOT_SIGNATURE_GUID_HELP),
flags = INTERACTIVE,
key = KEY_SECURE_BOOT_SIGNATURE_GUID_DBT,
minsize = SECURE_BOOT_GUID_SIZE,
maxsize = SECURE_BOOT_GUID_SIZE,
endstring;
subtitle text = STRING_TOKEN(STR_NULL);
subtitle text = STRING_TOKEN(STR_NULL);
goto FORMID_SECURE_BOOT_OPTION_FORM,
prompt = STRING_TOKEN(STR_SAVE_AND_EXIT),
help = STRING_TOKEN(STR_SAVE_AND_EXIT),
flags = INTERACTIVE,
key = KEY_VALUE_SAVE_AND_EXIT_DBT;
goto FORMID_SECURE_BOOT_OPTION_FORM,
prompt = STRING_TOKEN(STR_NO_SAVE_AND_EXIT),
help = STRING_TOKEN(STR_NO_SAVE_AND_EXIT),
flags = INTERACTIVE,
key = KEY_VALUE_NO_SAVE_AND_EXIT_DBT;
endform; endform;
endformset; endformset;

4
SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.c
View File

@ -3142,9 +3142,9 @@ UpdateSecureBootString(
} }
if (*SecureBoot == SECURE_BOOT_MODE_ENABLE) { if (*SecureBoot == SECURE_BOOT_MODE_ENABLE) {
HiiSetString (Private->HiiHandle, STRING_TOKEN (STR_SECURE_BOOT_STATE_CONTENT), L"Enabled", NULL); HiiSetString (Private->HiiHandle, STRING_TOKEN (STR_SECURE_BOOT_STATE_PROMPT), L"Secure Boot state: Enabled", NULL);
} else { } else {
HiiSetString (Private->HiiHandle, STRING_TOKEN (STR_SECURE_BOOT_STATE_CONTENT), L"Disabled", NULL); HiiSetString (Private->HiiHandle, STRING_TOKEN (STR_SECURE_BOOT_STATE_PROMPT), L"Secure Boot state: Disabled", NULL);
} }
FreePool(SecureBoot); FreePool(SecureBoot);

9
SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigNvData.h
View File

@ -119,6 +119,15 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
#define PE_IMAGE_FILE_TYPE 2 #define PE_IMAGE_FILE_TYPE 2
#define AUTHENTICATION_2_FILE_TYPE 3 #define AUTHENTICATION_2_FILE_TYPE 3
#define FORMID_SECURE_BOOT_ENABLE 0x101
#define FORMID_SECURE_BOOT_DISABLE 0x102
#define FORMID_DELETE_KEYS 0x103
#define FORMID_RESTORE_KEYS 0x104
#define KEY_SECURE_BOOT_STATE_ENABLE 0x1120
#define KEY_SECURE_BOOT_STATE_DISABLE 0x1121
#define KEY_DELETE_KEYS 0x1122
#define KEY_RESTORE_KEYS 0x1123
// //
// Nv Data structure referenced by IFR // Nv Data structure referenced by IFR
// //

15
SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigStrings.uni
View File

@ -138,3 +138,18 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
#string STR_SIGNATURE_DATA_HELP_FORMAT_TIME #language en-US "Revocation Time:\n%s" #string STR_SIGNATURE_DATA_HELP_FORMAT_TIME #language en-US "Revocation Time:\n%s"
#string STR_SIGNATURE_DELETE_ALL_CONFIRM #language en-US "Press 'Y' to delete all signature List." #string STR_SIGNATURE_DELETE_ALL_CONFIRM #language en-US "Press 'Y' to delete all signature List."
#string STR_SECURE_BOOT_ENABLE_PROMPT #language en-US "Enable Secure Boot"
#string STR_SECURE_BOOT_DISABLE_PROMPT #language en-US "Disable Secure Boot"
#string STR_DELETE_KEYS_PROMPT #language en-US "Delete System76 and Microsoft keys (Use your own)"
#string STR_RESTORE_KEYS_PROMPT #language en-US "Restore System76 and Microsoft keys"
#string STR_ENABLE_NOTICE #language en-US "An operating system that includes Secure Boot support is required.\r\nDisable Secure Boot if your operating system does not boot."
#string STR_ENABLE_SELECTION #language en-US "Enable Secure Boot and reboot"
#string STR_DISABLE_NOTICE #language en-US "Disabling Secure Boot allows non-verified operating systems to boot\r\nand may disable some operating system security features."
#string STR_DISABLE_SELECTION #language en-US "Disable Secure Boot and reboot"
#string STR_DELETE_KEYS_NOTICE #language en-US "System and Microsoft keys will be deleted. Enroll custom keys from your\r\noperating system. Check your OS documentation for details. To facilitate setup, Secure Boot is disabled until you manually activate it."
#string STR_DELETE_KEYS_SELECTION #language en-US "Delete System76 and Microsoft keys and restart"
#string STR_RESTORE_KEYS_NOTICE #language en-US "Restoring System76 and Microsoft keys will remove any custom keys you\r\nhave installed and may make your OS unbootable. Disable Secure Boot if your operating system does not boot."
#string STR_RESTORE_KEYS_SELECTION #language en-US "Restore System76 and Microsoft keys and restart"
#string STR_CANCEL #language en-US "Cancel"