SecurityPkg: SecureBootConfigDxe: SecureBoot UI for Customized SecureBoot Mode

Add SecureBoot UI support for Customized SecureBoot Mode transition according to Mantis 1263. User can do secure boot mode transition through UI.
  https://mantis.uefi.org/mantis/view.php?id=1263

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Chao Zhang <chao.b.zhang@intel.com>
Reviewed-by: Zeng Star <star.zeng@intel.com>
Reviewed-by: Long Qin <qin.long@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@19134 6f19259b-4bc3-4df7-8a09-765794883524
This commit is contained in:
Chao Zhang
2015-12-07 06:20:36 +00:00
committed by czhang46
parent 4fc08e8d68
commit 96832eefea
4 changed files with 474 additions and 66 deletions

View File

@@ -1,7 +1,7 @@
/** @file
VFR file used by the SecureBoot configuration component.
Copyright (c) 2011 - 2014, Intel Corporation. All rights reserved.<BR>
Copyright (c) 2011 - 2015, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
@@ -33,6 +33,14 @@ formset
subtitle text = STRING_TOKEN(STR_NULL);
//
// Display current secure boot mode(one of SetupMode/AuditMode/UserMode/DeployedMode)
//
text
help = STRING_TOKEN(STR_CUR_SECURE_BOOT_MODE_HELP),
text = STRING_TOKEN(STR_CUR_SECURE_BOOT_MODE_PROMPT),
text = STRING_TOKEN(STR_CUR_SECURE_BOOT_MODE_CONTENT);
text
help = STRING_TOKEN(STR_SECURE_BOOT_STATE_HELP),
text = STRING_TOKEN(STR_SECURE_BOOT_STATE_PROMPT),
@@ -84,18 +92,18 @@ formset
endoneof;
//
//
// Display of 'Current Secure Boot Mode'
// Display PK include page
//
suppressif questionref(SecureBootMode) == SECURE_BOOT_MODE_STANDARD;
grayoutif NOT ideqval SECUREBOOT_CONFIGURATION.PhysicalPresent == 1;
goto FORMID_SECURE_BOOT_OPTION_FORM,
prompt = STRING_TOKEN(STR_SECURE_BOOT_OPTION),
help = STRING_TOKEN(STR_SECURE_BOOT_OPTION_HELP),
flags = INTERACTIVE,
key = KEY_SECURE_BOOT_OPTION;
endif;
grayoutif NOT ideqval SECUREBOOT_CONFIGURATION.PhysicalPresent == 1;
goto FORMID_SECURE_BOOT_OPTION_FORM,
prompt = STRING_TOKEN(STR_SECURE_BOOT_OPTION),
help = STRING_TOKEN(STR_SECURE_BOOT_OPTION_HELP),
flags = INTERACTIVE,
key = KEY_SECURE_BOOT_OPTION;
endif;
endif;
endform;
//
@@ -106,6 +114,55 @@ formset
subtitle text = STRING_TOKEN(STR_NULL);
//
// Display of SetupMode/UserMode/AuditMode/DeployedMode transition
//
disableif TRUE;
oneof varid = SECUREBOOT_CONFIGURATION.TransSecureBootMode,
prompt = STRING_TOKEN(STR_TRANS_SECURE_BOOT_MODE_PROMPT),
help = STRING_TOKEN(STR_TRANS_SECURE_BOOT_MODE_HELP),
flags = INTERACTIVE,
suppressif ideqval SECUREBOOT_CONFIGURATION.CurSecureBootMode == SECURE_BOOT_MODE_AUDIT_MODE
OR (ideqval SECUREBOOT_CONFIGURATION.CurSecureBootMode == SECURE_BOOT_MODE_DEPLOYED_MODE AND
ideqval SECUREBOOT_CONFIGURATION.PhysicalPresent == 0);
option text = STRING_TOKEN(STR_USER_MODE), value = SECURE_BOOT_MODE_USER_MODE, flags = 0;
endif
suppressif ideqval SECUREBOOT_CONFIGURATION.CurSecureBootMode == SECURE_BOOT_MODE_AUDIT_MODE;
option text = STRING_TOKEN(STR_SETUP_MODE), value = SECURE_BOOT_MODE_SETUP_MODE, flags = 0;
endif
suppressif ideqval SECUREBOOT_CONFIGURATION.CurSecureBootMode == SECURE_BOOT_MODE_DEPLOYED_MODE;
option text = STRING_TOKEN(STR_AUDIT_MODE), value = SECURE_BOOT_MODE_AUDIT_MODE, flags = 0;
endif
suppressif ideqval SECUREBOOT_CONFIGURATION.CurSecureBootMode == SECURE_BOOT_MODE_SETUP_MODE;
option text = STRING_TOKEN(STR_DEPLOYED_MODE), value = SECURE_BOOT_MODE_DEPLOYED_MODE, flags = 0;
endif
option text = STRING_TOKEN(STR_DEPLOYED_MODE), value = 4, flags = 0;
endoneof;
endif;
oneof name = TransSecureBootMode,
questionid = KEY_TRANS_SECURE_BOOT_MODE,
prompt = STRING_TOKEN(STR_TRANS_SECURE_BOOT_MODE_PROMPT),
help = STRING_TOKEN(STR_TRANS_SECURE_BOOT_MODE_HELP),
flags = INTERACTIVE | NUMERIC_SIZE_1,
suppressif ideqval SECUREBOOT_CONFIGURATION.CurSecureBootMode == SECURE_BOOT_MODE_AUDIT_MODE
OR (ideqval SECUREBOOT_CONFIGURATION.CurSecureBootMode == SECURE_BOOT_MODE_DEPLOYED_MODE AND
ideqval SECUREBOOT_CONFIGURATION.PhysicalPresent == 0);
option text = STRING_TOKEN(STR_USER_MODE), value = SECURE_BOOT_MODE_USER_MODE, flags = 0;
endif
suppressif ideqval SECUREBOOT_CONFIGURATION.CurSecureBootMode == SECURE_BOOT_MODE_AUDIT_MODE;
option text = STRING_TOKEN(STR_SETUP_MODE), value = SECURE_BOOT_MODE_SETUP_MODE, flags = 0;
endif
suppressif ideqval SECUREBOOT_CONFIGURATION.CurSecureBootMode == SECURE_BOOT_MODE_DEPLOYED_MODE;
option text = STRING_TOKEN(STR_AUDIT_MODE), value = SECURE_BOOT_MODE_AUDIT_MODE, flags = 0;
endif
suppressif ideqval SECUREBOOT_CONFIGURATION.CurSecureBootMode == SECURE_BOOT_MODE_SETUP_MODE;
option text = STRING_TOKEN(STR_DEPLOYED_MODE), value = SECURE_BOOT_MODE_DEPLOYED_MODE, flags = 0;
endif
endoneof;
subtitle text = STRING_TOKEN(STR_NULL);
goto FORMID_SECURE_BOOT_PK_OPTION_FORM,
prompt = STRING_TOKEN(STR_SECURE_BOOT_PK_OPTION),
help = STRING_TOKEN(STR_SECURE_BOOT_PK_OPTION_HELP),