SecurityPkg: SecureBootConfigDxe: SecureBoot UI for Customized SecureBoot Mode

Add SecureBoot UI support for Customized SecureBoot Mode transition according to Mantis 1263. User can do secure boot mode transition through UI.
  https://mantis.uefi.org/mantis/view.php?id=1263

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Chao Zhang <chao.b.zhang@intel.com>
Reviewed-by: Zeng Star <star.zeng@intel.com>
Reviewed-by: Long Qin <qin.long@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@19134 6f19259b-4bc3-4df7-8a09-765794883524

SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfig.vfr

@@ -1,7 +1,7 @@
 /** @file
   VFR file used by the SecureBoot configuration component.
 
-Copyright (c) 2011 - 2014, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2011 - 2015, Intel Corporation. All rights reserved.<BR>
 This program and the accompanying materials
 are licensed and made available under the terms and conditions of the BSD License
 which accompanies this distribution.  The full text of the license may be found at
@@ -33,6 +33,14 @@ formset
 
     subtitle text = STRING_TOKEN(STR_NULL);
 
+    //
+    // Display current secure boot mode(one of SetupMode/AuditMode/UserMode/DeployedMode)
+    //
+    text
+      help   = STRING_TOKEN(STR_CUR_SECURE_BOOT_MODE_HELP),
+      text   = STRING_TOKEN(STR_CUR_SECURE_BOOT_MODE_PROMPT),
+        text   = STRING_TOKEN(STR_CUR_SECURE_BOOT_MODE_CONTENT);
+
     text
       help   = STRING_TOKEN(STR_SECURE_BOOT_STATE_HELP),
       text   = STRING_TOKEN(STR_SECURE_BOOT_STATE_PROMPT),
@@ -84,18 +92,18 @@ formset
       endoneof;
 
     //
-    //
-    // Display of 'Current Secure Boot Mode'
+    // Display PK include page
     //
     suppressif questionref(SecureBootMode) == SECURE_BOOT_MODE_STANDARD;
-      grayoutif NOT ideqval SECUREBOOT_CONFIGURATION.PhysicalPresent == 1;
-      goto FORMID_SECURE_BOOT_OPTION_FORM,
-           prompt = STRING_TOKEN(STR_SECURE_BOOT_OPTION),
-           help   = STRING_TOKEN(STR_SECURE_BOOT_OPTION_HELP),
-           flags  = INTERACTIVE,
-           key    = KEY_SECURE_BOOT_OPTION;
-      endif;
+    grayoutif NOT ideqval SECUREBOOT_CONFIGURATION.PhysicalPresent == 1;
+    goto FORMID_SECURE_BOOT_OPTION_FORM,
+         prompt = STRING_TOKEN(STR_SECURE_BOOT_OPTION),
+         help   = STRING_TOKEN(STR_SECURE_BOOT_OPTION_HELP),
+         flags  = INTERACTIVE,
+         key    = KEY_SECURE_BOOT_OPTION;
     endif;
+    endif;
+
   endform;
 
   //
@@ -106,6 +114,55 @@ formset
 
     subtitle text = STRING_TOKEN(STR_NULL);
 
+    //
+    // Display of SetupMode/UserMode/AuditMode/DeployedMode transition
+    //
+    disableif TRUE;
+      oneof varid  = SECUREBOOT_CONFIGURATION.TransSecureBootMode,
+            prompt = STRING_TOKEN(STR_TRANS_SECURE_BOOT_MODE_PROMPT),
+            help   = STRING_TOKEN(STR_TRANS_SECURE_BOOT_MODE_HELP),
+            flags  = INTERACTIVE,
+      suppressif ideqval SECUREBOOT_CONFIGURATION.CurSecureBootMode == SECURE_BOOT_MODE_AUDIT_MODE
+              OR (ideqval SECUREBOOT_CONFIGURATION.CurSecureBootMode == SECURE_BOOT_MODE_DEPLOYED_MODE AND
+                  ideqval SECUREBOOT_CONFIGURATION.PhysicalPresent == 0);
+            option text = STRING_TOKEN(STR_USER_MODE),     value = SECURE_BOOT_MODE_USER_MODE,   flags = 0;
+      endif
+      suppressif ideqval SECUREBOOT_CONFIGURATION.CurSecureBootMode == SECURE_BOOT_MODE_AUDIT_MODE;
+            option text = STRING_TOKEN(STR_SETUP_MODE),    value = SECURE_BOOT_MODE_SETUP_MODE,  flags = 0;
+      endif
+      suppressif ideqval SECUREBOOT_CONFIGURATION.CurSecureBootMode == SECURE_BOOT_MODE_DEPLOYED_MODE;
+            option text = STRING_TOKEN(STR_AUDIT_MODE),    value = SECURE_BOOT_MODE_AUDIT_MODE,  flags = 0;
+      endif
+      suppressif ideqval SECUREBOOT_CONFIGURATION.CurSecureBootMode == SECURE_BOOT_MODE_SETUP_MODE;
+            option text = STRING_TOKEN(STR_DEPLOYED_MODE), value = SECURE_BOOT_MODE_DEPLOYED_MODE,  flags = 0;
+      endif
+            option text = STRING_TOKEN(STR_DEPLOYED_MODE), value = 4,  flags = 0;
+      endoneof;
+    endif;
+      oneof name   = TransSecureBootMode,
+            questionid = KEY_TRANS_SECURE_BOOT_MODE,
+            prompt = STRING_TOKEN(STR_TRANS_SECURE_BOOT_MODE_PROMPT),
+            help   = STRING_TOKEN(STR_TRANS_SECURE_BOOT_MODE_HELP),
+            flags  = INTERACTIVE | NUMERIC_SIZE_1,
+      suppressif ideqval SECUREBOOT_CONFIGURATION.CurSecureBootMode == SECURE_BOOT_MODE_AUDIT_MODE 
+              OR (ideqval SECUREBOOT_CONFIGURATION.CurSecureBootMode == SECURE_BOOT_MODE_DEPLOYED_MODE AND
+                  ideqval SECUREBOOT_CONFIGURATION.PhysicalPresent == 0);
+            option text = STRING_TOKEN(STR_USER_MODE),     value = SECURE_BOOT_MODE_USER_MODE,   flags = 0;
+      endif
+      suppressif ideqval SECUREBOOT_CONFIGURATION.CurSecureBootMode == SECURE_BOOT_MODE_AUDIT_MODE;
+            option text = STRING_TOKEN(STR_SETUP_MODE),    value = SECURE_BOOT_MODE_SETUP_MODE,  flags = 0;
+      endif
+      suppressif ideqval SECUREBOOT_CONFIGURATION.CurSecureBootMode == SECURE_BOOT_MODE_DEPLOYED_MODE;
+            option text = STRING_TOKEN(STR_AUDIT_MODE),    value = SECURE_BOOT_MODE_AUDIT_MODE,  flags = 0;
+      endif
+      suppressif ideqval SECUREBOOT_CONFIGURATION.CurSecureBootMode == SECURE_BOOT_MODE_SETUP_MODE;
+            option text = STRING_TOKEN(STR_DEPLOYED_MODE), value = SECURE_BOOT_MODE_DEPLOYED_MODE,  flags = 0;
+      endif
+
+      endoneof;
+
+    subtitle text = STRING_TOKEN(STR_NULL);
+
     goto FORMID_SECURE_BOOT_PK_OPTION_FORM,
          prompt = STRING_TOKEN(STR_SECURE_BOOT_PK_OPTION),
          help   = STRING_TOKEN(STR_SECURE_BOOT_PK_OPTION_HELP),