Compare commits
19 Commits
a2abc5e15f
...
esrt
| Author | SHA1 | Date | |
|---|---|---|---|
|
2b549700ac | ||
|
88f5720e16 | ||
|
|
27585e73da | ||
|
|
42a443d5cd | ||
|
|
c466cc2ca5 | ||
|
|
5c49aca613 | ||
|
|
99891bd41e | ||
|
|
3485d55709 | ||
|
|
c1a7127e01 | ||
|
|
2f21eddfb8 | ||
|
|
860c29c923 | ||
|
|
8cfead2839 | ||
|
|
30f6b2f3c7 | ||
|
|
4de32568fa | ||
|
ff91020528 | ||
|
943773983d | ||
|
|
e91ea5561d | ||
|
|
5e86b202de | ||
|
|
b764882195 |
@@ -13,6 +13,14 @@ OBJECTS = DevicePath.o UefiDevicePathLib.o DevicePathFromText.o DevicePathUtili
|
||||
|
||||
include $(MAKEROOT)/Makefiles/app.makefile
|
||||
|
||||
GCCVERSION = $(shell gcc -dumpversion | awk -F'.' '{print $$1}')
|
||||
ifneq ("$(GCCVERSION)", "5")
|
||||
ifneq ($(CXX), llvm)
|
||||
# gcc 12 trips over device path handling
|
||||
BUILD_CFLAGS += -Wno-error=stringop-overflow
|
||||
endif
|
||||
endif
|
||||
|
||||
LIBS = -lCommon
|
||||
ifeq ($(CYGWIN), CYGWIN)
|
||||
LIBS += -L/lib/e2fsprogs -luuid
|
||||
|
||||
@@ -542,7 +542,7 @@ GetAlignmentFromFile(char *InFile, UINT32 *Alignment)
|
||||
PeFileBuffer = (UINT8 *) malloc (PeFileSize);
|
||||
if (PeFileBuffer == NULL) {
|
||||
fclose (InFileHandle);
|
||||
Error(NULL, 0, 4001, "Resource", "memory cannot be allocated of %s", InFileHandle);
|
||||
Error(NULL, 0, 4001, "Resource", "memory cannot be allocated for %s", InFile);
|
||||
return EFI_OUT_OF_RESOURCES;
|
||||
}
|
||||
fread (PeFileBuffer, sizeof (UINT8), PeFileSize, InFileHandle);
|
||||
|
||||
@@ -1062,7 +1062,7 @@ GetAlignmentFromFile(char *InFile, UINT32 *Alignment)
|
||||
PeFileBuffer = (UINT8 *) malloc (PeFileSize);
|
||||
if (PeFileBuffer == NULL) {
|
||||
fclose (InFileHandle);
|
||||
Error(NULL, 0, 4001, "Resource", "memory cannot be allocated of %s", InFileHandle);
|
||||
Error(NULL, 0, 4001, "Resource", "memory cannot be allocated for %s", InFile);
|
||||
return EFI_OUT_OF_RESOURCES;
|
||||
}
|
||||
fread (PeFileBuffer, sizeof (UINT8), PeFileSize, InFileHandle);
|
||||
|
||||
@@ -2825,12 +2825,13 @@ SRes LzmaEnc_CodeOneMemBlock(CLzmaEncHandle pp, BoolInt reInit,
|
||||
|
||||
nowPos64 = p->nowPos64;
|
||||
RangeEnc_Init(&p->rc);
|
||||
p->rc.outStream = &outStream.vt;
|
||||
|
||||
if (desiredPackSize == 0)
|
||||
return SZ_ERROR_OUTPUT_EOF;
|
||||
|
||||
p->rc.outStream = &outStream.vt;
|
||||
res = LzmaEnc_CodeOneBlock(p, desiredPackSize, *unpackSize);
|
||||
p->rc.outStream = NULL;
|
||||
|
||||
*unpackSize = (UInt32)(p->nowPos64 - nowPos64);
|
||||
*destLen -= outStream.rem;
|
||||
|
||||
@@ -247,6 +247,124 @@ UpdateFrontPageForm (
|
||||
HiiFreeOpCodeHandle (EndOpCodeHandle);
|
||||
}
|
||||
|
||||
// FIXME: Copied from Device Manager; clean up
|
||||
void ShowSecureBootConfig(void)
|
||||
{
|
||||
void *StartHandle;
|
||||
void *EndHandle;
|
||||
EFI_IFR_GUID_LABEL *StartLabel;
|
||||
EFI_IFR_GUID_LABEL *EndLabel;
|
||||
EFI_HII_HANDLE *HiiHandles;
|
||||
EFI_HII_HANDLE HiiHandle = gFrontPagePrivate.HiiHandle;
|
||||
UINTN Index;
|
||||
EFI_STRING String;
|
||||
EFI_STRING_ID Token;
|
||||
EFI_STRING_ID TokenHelp;
|
||||
EFI_IFR_FORM_SET *Buffer = NULL;
|
||||
UINTN BufferSize = 0;
|
||||
UINT8 ClassGuidNum;
|
||||
EFI_GUID *ClassGuid;
|
||||
UINTN TempSize = 0;
|
||||
UINT8 *Ptr;
|
||||
EFI_STATUS Status;
|
||||
// XXX: Copied from SecureBootConfigDxe
|
||||
EFI_GUID SecureBootConfigGuid = { 0x5daf50a5, 0xea81, 0x4de2, {0x8f, 0x9b, 0xca, 0xbd, 0xa9, 0xcf, 0x5c, 0x14}};
|
||||
|
||||
StartHandle = HiiAllocateOpCodeHandle();
|
||||
ASSERT(StartHandle != NULL);
|
||||
|
||||
EndHandle = HiiAllocateOpCodeHandle();
|
||||
ASSERT(EndHandle != NULL);
|
||||
|
||||
StartLabel = (EFI_IFR_GUID_LABEL *)HiiCreateGuidOpCode(StartHandle, &gEfiIfrTianoGuid, NULL, sizeof(*StartLabel));
|
||||
StartLabel->ExtendOpCode = EFI_IFR_EXTEND_OP_LABEL;
|
||||
StartLabel->Number = LABEL_DEVICES_LIST;
|
||||
|
||||
EndLabel = (EFI_IFR_GUID_LABEL *)HiiCreateGuidOpCode(EndHandle, &gEfiIfrTianoGuid, NULL, sizeof(*EndLabel));
|
||||
EndLabel->ExtendOpCode = EFI_IFR_EXTEND_OP_LABEL;
|
||||
EndLabel->Number = LABEL_END;
|
||||
|
||||
// Get SecureBootConfig handle
|
||||
HiiHandles = HiiGetHiiHandles(&SecureBootConfigGuid);
|
||||
ASSERT(HiiHandles != NULL);
|
||||
|
||||
// Search for formset of each class type
|
||||
for (Index = 0; HiiHandles[Index] != NULL; Index++) {
|
||||
Status = HiiGetFormSetFromHiiHandle(HiiHandles[Index], &Buffer, &BufferSize);
|
||||
if (EFI_ERROR(Status)) {
|
||||
continue;
|
||||
}
|
||||
|
||||
Ptr = (UINT8 *)Buffer;
|
||||
while (TempSize < BufferSize) {
|
||||
TempSize += ((EFI_IFR_OP_HEADER *)Ptr)->Length;
|
||||
if (((EFI_IFR_OP_HEADER *)Ptr)->Length <= OFFSET_OF (EFI_IFR_FORM_SET, Flags)) {
|
||||
Ptr += ((EFI_IFR_OP_HEADER *)Ptr)->Length;
|
||||
continue;
|
||||
}
|
||||
|
||||
ClassGuidNum = (UINT8)(((EFI_IFR_FORM_SET *)Ptr)->Flags & 0x3);
|
||||
ClassGuid = (EFI_GUID *)(VOID *)(Ptr + sizeof(EFI_IFR_FORM_SET));
|
||||
while (ClassGuidNum-- > 0) {
|
||||
if (CompareGuid(&gEfiHiiPlatformSetupFormsetGuid, ClassGuid) == 0) {
|
||||
ClassGuid++;
|
||||
continue;
|
||||
}
|
||||
|
||||
String = HiiGetString(HiiHandles[Index], ((EFI_IFR_FORM_SET *)Ptr)->FormSetTitle, NULL);
|
||||
if (String == NULL) {
|
||||
String = HiiGetString(HiiHandle, STRING_TOKEN (STR_MISSING_STRING), NULL);
|
||||
ASSERT (String != NULL);
|
||||
}
|
||||
|
||||
Token = HiiSetString(HiiHandle, 0, String, NULL);
|
||||
FreePool(String);
|
||||
|
||||
String = HiiGetString(HiiHandles[Index], ((EFI_IFR_FORM_SET *)Ptr)->Help, NULL);
|
||||
if (String == NULL) {
|
||||
String = HiiGetString(HiiHandle, STRING_TOKEN (STR_MISSING_STRING), NULL);
|
||||
ASSERT(String != NULL);
|
||||
}
|
||||
|
||||
TokenHelp = HiiSetString(HiiHandle, 0, String, NULL);
|
||||
FreePool(String);
|
||||
|
||||
HiiCreateGotoExOpCode(
|
||||
StartHandle,
|
||||
0,
|
||||
Token,
|
||||
TokenHelp,
|
||||
0,
|
||||
0,
|
||||
0,
|
||||
&SecureBootConfigGuid,
|
||||
0
|
||||
);
|
||||
|
||||
break;
|
||||
}
|
||||
|
||||
Ptr += ((EFI_IFR_OP_HEADER *)Ptr)->Length;
|
||||
}
|
||||
|
||||
FreePool (Buffer);
|
||||
Buffer = NULL;
|
||||
TempSize = 0;
|
||||
BufferSize = 0;
|
||||
}
|
||||
|
||||
HiiUpdateForm(
|
||||
HiiHandle,
|
||||
&mFrontPageGuid,
|
||||
FRONT_PAGE_FORM_ID,
|
||||
StartHandle,
|
||||
EndHandle
|
||||
);
|
||||
|
||||
HiiFreeOpCodeHandle(StartHandle);
|
||||
HiiFreeOpCodeHandle(EndHandle);
|
||||
}
|
||||
|
||||
/**
|
||||
Initialize HII information for the FrontPage
|
||||
|
||||
@@ -305,6 +423,8 @@ InitializeFrontPage (
|
||||
//
|
||||
UpdateFrontPageForm();
|
||||
|
||||
ShowSecureBootConfig();
|
||||
|
||||
return Status;
|
||||
}
|
||||
|
||||
|
||||
@@ -33,8 +33,10 @@ extern EFI_FORM_BROWSER2_PROTOCOL *gFormBrowser2;
|
||||
// These are defined as the same with vfr file
|
||||
//
|
||||
#define FRONT_PAGE_FORM_ID 0x7600
|
||||
#define FIRMWARE_INFO_FORM_ID 0x7601
|
||||
|
||||
#define LABEL_FRONTPAGE_INFORMATION 0x1000
|
||||
#define LABEL_DEVICES_LIST 0x2000
|
||||
#define LABEL_END 0xffff
|
||||
|
||||
#define FRONT_PAGE_FORMSET_GUID \
|
||||
|
||||
@@ -13,6 +13,7 @@
|
||||
#define FIRMWARE_INFO_FORM_ID 0x7601
|
||||
|
||||
#define LABEL_FRONTPAGE_INFORMATION 0x1000
|
||||
#define LABEL_DEVICES_LIST 0x2000
|
||||
#define LABEL_END 0xffff
|
||||
|
||||
formset
|
||||
@@ -36,6 +37,12 @@ formset
|
||||
label LABEL_END;
|
||||
|
||||
subtitle text = STRING_TOKEN(STR_EMPTY_STRING);
|
||||
|
||||
label LABEL_DEVICES_LIST;
|
||||
label LABEL_END;
|
||||
|
||||
subtitle text = STRING_TOKEN(STR_EMPTY_STRING);
|
||||
|
||||
goto FIRMWARE_INFO_FORM_ID,
|
||||
prompt = STRING_TOKEN(STR_FIRMWARE_INFO),
|
||||
help = STRING_TOKEN(STR_EMPTY_STRING);
|
||||
@@ -56,6 +63,7 @@ formset
|
||||
subtitle text = STRING_TOKEN(STR_TPM_STATUS);
|
||||
subtitle text = STRING_TOKEN(STR_EMPTY_STRING);
|
||||
subtitle text = STRING_TOKEN(STR_ME_STATUS);
|
||||
subtitle text = STRING_TOKEN(STR_EMPTY_STRING);
|
||||
endform;
|
||||
|
||||
endformset;
|
||||
|
||||
@@ -60,6 +60,7 @@
|
||||
gEfiIfrTianoGuid ## CONSUMES ## GUID (Extended IFR Guid Opcode)
|
||||
gEfiIfrFrontPageGuid ## CONSUMES ## GUID
|
||||
gEfiSmbiosTableGuid ## CONSUMES ## GUID
|
||||
gEfiHiiPlatformSetupFormsetGuid ## CONSUMES ## GUID
|
||||
|
||||
[Protocols]
|
||||
gEfiSmbiosProtocolGuid ## CONSUMES
|
||||
|
||||
@@ -285,7 +285,7 @@ UsbHcBulkTransfer (
|
||||
IN UINT8 DevSpeed,
|
||||
IN UINTN MaxPacket,
|
||||
IN UINT8 BufferNum,
|
||||
IN OUT VOID *Data[EFI_USB_MAX_BULK_BUFFER_NUM],
|
||||
IN OUT VOID *Data[],
|
||||
IN OUT UINTN *DataLength,
|
||||
IN OUT UINT8 *DataToggle,
|
||||
IN UINTN TimeOut,
|
||||
|
||||
@@ -149,7 +149,7 @@ UsbHcBulkTransfer (
|
||||
IN UINT8 DevSpeed,
|
||||
IN UINTN MaxPacket,
|
||||
IN UINT8 BufferNum,
|
||||
IN OUT VOID *Data[EFI_USB_MAX_BULK_BUFFER_NUM],
|
||||
IN OUT VOID *Data[],
|
||||
IN OUT UINTN *DataLength,
|
||||
IN OUT UINT8 *DataToggle,
|
||||
IN UINTN TimeOut,
|
||||
|
||||
@@ -1,611 +1,132 @@
|
||||
/** @file
|
||||
VFR file used by the SecureBoot configuration component.
|
||||
|
||||
Copyright (c) 2011 - 2018, Intel Corporation. All rights reserved.<BR>
|
||||
SPDX-License-Identifier: BSD-2-Clause-Patent
|
||||
|
||||
**/
|
||||
// SPDX-License-Identifier: BSD-2-Clause-Patent
|
||||
// SPDX-FileCopyrightText: Copyright (c) 2011 - 2018, Intel Corporation. All rights reserved.<BR>
|
||||
// SPDX-FileCopyrightText: 2023 System76 <info@system76.com>
|
||||
|
||||
#include "SecureBootConfigNvData.h"
|
||||
|
||||
formset
|
||||
guid = SECUREBOOT_CONFIG_FORM_SET_GUID,
|
||||
title = STRING_TOKEN(STR_SECUREBOOT_TITLE),
|
||||
help = STRING_TOKEN(STR_SECUREBOOT_HELP),
|
||||
guid = SECUREBOOT_CONFIG_FORM_SET_GUID,
|
||||
title = STRING_TOKEN(STR_SECUREBOOT_TITLE),
|
||||
help = STRING_TOKEN(STR_SECUREBOOT_HELP),
|
||||
classguid = EFI_HII_PLATFORM_SETUP_FORMSET_GUID,
|
||||
|
||||
varstore SECUREBOOT_CONFIGURATION,
|
||||
varid = SECUREBOOT_CONFIGURATION_VARSTORE_ID,
|
||||
name = SECUREBOOT_CONFIGURATION,
|
||||
guid = SECUREBOOT_CONFIG_FORM_SET_GUID;
|
||||
name = SECUREBOOT_CONFIGURATION,
|
||||
guid = SECUREBOOT_CONFIG_FORM_SET_GUID;
|
||||
|
||||
//
|
||||
// ##1 Form "Secure Boot Configuration"
|
||||
//
|
||||
form formid = SECUREBOOT_CONFIGURATION_FORM_ID,
|
||||
title = STRING_TOKEN(STR_SECUREBOOT_TITLE);
|
||||
|
||||
subtitle text = STRING_TOKEN(STR_NULL);
|
||||
// FIXME: firmware-setup doesn't handle EFI_IFR_TEXT.
|
||||
//text
|
||||
// help = STRING_TOKEN(STR_SECURE_BOOT_STATE_HELP),
|
||||
// text = STRING_TOKEN(STR_SECURE_BOOT_STATE_PROMPT),
|
||||
// text = STRING_TOKEN(STR_SECURE_BOOT_STATE_CONTENT);
|
||||
|
||||
text
|
||||
help = STRING_TOKEN(STR_SECURE_BOOT_STATE_HELP),
|
||||
text = STRING_TOKEN(STR_SECURE_BOOT_STATE_PROMPT),
|
||||
text = STRING_TOKEN(STR_SECURE_BOOT_STATE_CONTENT);
|
||||
subtitle text = STRING_TOKEN(STR_SECURE_BOOT_STATE_PROMPT);
|
||||
|
||||
//
|
||||
// Display of Check Box: Attempt Secure Boot
|
||||
//
|
||||
grayoutif ideqval SECUREBOOT_CONFIGURATION.HideSecureBoot == 1 OR NOT ideqval SECUREBOOT_CONFIGURATION.PhysicalPresent == 1;
|
||||
checkbox varid = SECUREBOOT_CONFIGURATION.AttemptSecureBoot,
|
||||
questionid = KEY_SECURE_BOOT_ENABLE,
|
||||
prompt = STRING_TOKEN(STR_SECURE_BOOT_PROMPT),
|
||||
help = STRING_TOKEN(STR_SECURE_BOOT_HELP),
|
||||
flags = INTERACTIVE | RESET_REQUIRED,
|
||||
endcheckbox;
|
||||
endif;
|
||||
|
||||
//
|
||||
// Display of Oneof: 'Secure Boot Mode'
|
||||
//
|
||||
// XXX: Needed for "Secure Boot status" string to update.
|
||||
suppressif TRUE;
|
||||
oneof name = SecureBootMode,
|
||||
questionid = KEY_SECURE_BOOT_MODE,
|
||||
prompt = STRING_TOKEN(STR_SECURE_BOOT_MODE_PROMPT),
|
||||
help = STRING_TOKEN(STR_SECURE_BOOT_MODE_HELP),
|
||||
flags = INTERACTIVE | NUMERIC_SIZE_1,
|
||||
option text = STRING_TOKEN(STR_STANDARD_MODE), value = SECURE_BOOT_MODE_STANDARD, flags = DEFAULT;
|
||||
option text = STRING_TOKEN(STR_CUSTOM_MODE), value = SECURE_BOOT_MODE_CUSTOM, flags = 0;
|
||||
questionid = KEY_SECURE_BOOT_MODE,
|
||||
prompt = STRING_TOKEN(STR_SECURE_BOOT_MODE_PROMPT),
|
||||
help = STRING_TOKEN(STR_SECURE_BOOT_MODE_HELP),
|
||||
flags = INTERACTIVE | NUMERIC_SIZE_1,
|
||||
option text = STRING_TOKEN(STR_STANDARD_MODE), value = SECURE_BOOT_MODE_STANDARD, flags = DEFAULT;
|
||||
option text = STRING_TOKEN(STR_CUSTOM_MODE), value = SECURE_BOOT_MODE_CUSTOM, flags = 0;
|
||||
endoneof;
|
||||
endif;
|
||||
|
||||
//
|
||||
// Display of 'Current Secure Boot Mode'
|
||||
//
|
||||
suppressif questionref(SecureBootMode) == SECURE_BOOT_MODE_STANDARD;
|
||||
grayoutif NOT ideqval SECUREBOOT_CONFIGURATION.PhysicalPresent == 1;
|
||||
goto FORMID_SECURE_BOOT_OPTION_FORM,
|
||||
prompt = STRING_TOKEN(STR_SECURE_BOOT_OPTION),
|
||||
help = STRING_TOKEN(STR_SECURE_BOOT_OPTION_HELP),
|
||||
flags = INTERACTIVE,
|
||||
key = KEY_SECURE_BOOT_OPTION;
|
||||
suppressif ideqval SECUREBOOT_CONFIGURATION.AttemptSecureBoot == 0;
|
||||
goto FORMID_SECURE_BOOT_DISABLE,
|
||||
prompt = STRING_TOKEN(STR_SECURE_BOOT_DISABLE_PROMPT),
|
||||
help = STRING_TOKEN(STR_NULL);
|
||||
endif;
|
||||
suppressif ideqval SECUREBOOT_CONFIGURATION.AttemptSecureBoot == 1;
|
||||
goto FORMID_SECURE_BOOT_ENABLE,
|
||||
prompt = STRING_TOKEN(STR_SECURE_BOOT_ENABLE_PROMPT),
|
||||
help = STRING_TOKEN(STR_NULL);
|
||||
endif;
|
||||
|
||||
subtitle text = STRING_TOKEN(STR_NULL);
|
||||
|
||||
goto FORMID_DELETE_KEYS,
|
||||
prompt = STRING_TOKEN(STR_DELETE_KEYS_PROMPT),
|
||||
help = STRING_TOKEN(STR_NULL);
|
||||
|
||||
goto FORMID_RESTORE_KEYS,
|
||||
prompt = STRING_TOKEN(STR_RESTORE_KEYS_PROMPT),
|
||||
help = STRING_TOKEN(STR_NULL);
|
||||
|
||||
endform;
|
||||
|
||||
form formid = FORMID_SECURE_BOOT_ENABLE,
|
||||
title = STRING_TOKEN(STR_SECUREBOOT_TITLE);
|
||||
|
||||
subtitle text = STRING_TOKEN(STR_ENABLE_NOTICE);
|
||||
subtitle text = STRING_TOKEN(STR_NULL);
|
||||
|
||||
text
|
||||
help = STRING_TOKEN(STR_SECURE_RESET_TO_DEFAULTS_HELP),
|
||||
text = STRING_TOKEN(STR_SECURE_RESET_TO_DEFAULTS),
|
||||
flags = INTERACTIVE,
|
||||
key = KEY_SECURE_BOOT_RESET_TO_DEFAULT;
|
||||
help = STRING_TOKEN(STR_NULL),
|
||||
text = STRING_TOKEN(STR_ENABLE_SELECTION),
|
||||
flags = INTERACTIVE,
|
||||
key = KEY_SECURE_BOOT_STATE_ENABLE;
|
||||
|
||||
goto SECUREBOOT_CONFIGURATION_FORM_ID,
|
||||
prompt = STRING_TOKEN(STR_CANCEL),
|
||||
help = STRING_TOKEN(STR_NULL);
|
||||
endform;
|
||||
|
||||
//
|
||||
// ##2 Form: 'Custom Secure Boot Options'
|
||||
//
|
||||
form formid = FORMID_SECURE_BOOT_OPTION_FORM,
|
||||
title = STRING_TOKEN(STR_SECURE_BOOT_OPTION_TITLE);
|
||||
form formid = FORMID_SECURE_BOOT_DISABLE,
|
||||
title = STRING_TOKEN(STR_SECUREBOOT_TITLE);
|
||||
|
||||
subtitle text = STRING_TOKEN(STR_DISABLE_NOTICE);
|
||||
subtitle text = STRING_TOKEN(STR_NULL);
|
||||
|
||||
goto FORMID_SECURE_BOOT_PK_OPTION_FORM,
|
||||
prompt = STRING_TOKEN(STR_SECURE_BOOT_PK_OPTION),
|
||||
help = STRING_TOKEN(STR_SECURE_BOOT_PK_OPTION_HELP),
|
||||
flags = INTERACTIVE,
|
||||
key = KEY_SECURE_BOOT_PK_OPTION;
|
||||
|
||||
subtitle text = STRING_TOKEN(STR_NULL);
|
||||
|
||||
goto FORMID_SECURE_BOOT_KEK_OPTION_FORM,
|
||||
prompt = STRING_TOKEN(STR_SECURE_BOOT_KEK_OPTION),
|
||||
help = STRING_TOKEN(STR_SECURE_BOOT_KEK_OPTION_HELP),
|
||||
flags = INTERACTIVE,
|
||||
key = KEY_SECURE_BOOT_KEK_OPTION;
|
||||
|
||||
subtitle text = STRING_TOKEN(STR_NULL);
|
||||
|
||||
goto FORMID_SECURE_BOOT_DB_OPTION_FORM,
|
||||
prompt = STRING_TOKEN(STR_SECURE_BOOT_DB_OPTION),
|
||||
help = STRING_TOKEN(STR_SECURE_BOOT_DB_OPTION_HELP),
|
||||
flags = INTERACTIVE,
|
||||
key = KEY_SECURE_BOOT_DB_OPTION;
|
||||
|
||||
subtitle text = STRING_TOKEN(STR_NULL);
|
||||
|
||||
goto FORMID_SECURE_BOOT_DBX_OPTION_FORM,
|
||||
prompt = STRING_TOKEN(STR_SECURE_BOOT_DBX_OPTION),
|
||||
help = STRING_TOKEN(STR_SECURE_BOOT_DBX_OPTION_HELP),
|
||||
flags = INTERACTIVE,
|
||||
key = KEY_SECURE_BOOT_DBX_OPTION;
|
||||
|
||||
subtitle text = STRING_TOKEN(STR_NULL);
|
||||
|
||||
goto FORMID_SECURE_BOOT_DBT_OPTION_FORM,
|
||||
prompt = STRING_TOKEN(STR_SECURE_BOOT_DBT_OPTION),
|
||||
help = STRING_TOKEN(STR_SECURE_BOOT_DBT_OPTION_HELP),
|
||||
flags = INTERACTIVE,
|
||||
key = KEY_SECURE_BOOT_DBT_OPTION;
|
||||
text
|
||||
help = STRING_TOKEN(STR_NULL),
|
||||
text = STRING_TOKEN(STR_DISABLE_SELECTION),
|
||||
flags = INTERACTIVE,
|
||||
key = KEY_SECURE_BOOT_STATE_DISABLE;
|
||||
|
||||
goto SECUREBOOT_CONFIGURATION_FORM_ID,
|
||||
prompt = STRING_TOKEN(STR_CANCEL),
|
||||
help = STRING_TOKEN(STR_NULL);
|
||||
endform;
|
||||
|
||||
//
|
||||
// ##3 Form: 'PK Options'
|
||||
//
|
||||
form formid = FORMID_SECURE_BOOT_PK_OPTION_FORM,
|
||||
title = STRING_TOKEN(STR_SECURE_BOOT_PK_OPTION);
|
||||
form formid = FORMID_DELETE_KEYS,
|
||||
title = STRING_TOKEN(STR_SECUREBOOT_TITLE);
|
||||
|
||||
subtitle text = STRING_TOKEN(STR_DELETE_KEYS_NOTICE);
|
||||
subtitle text = STRING_TOKEN(STR_NULL);
|
||||
|
||||
//
|
||||
// Display of 'Enroll PK'
|
||||
//
|
||||
grayoutif ideqval SECUREBOOT_CONFIGURATION.HasPk == 1;
|
||||
goto FORMID_ENROLL_PK_FORM,
|
||||
prompt = STRING_TOKEN(STR_ENROLL_PK),
|
||||
help = STRING_TOKEN(STR_ENROLL_PK_HELP),
|
||||
flags = INTERACTIVE,
|
||||
key = KEY_ENROLL_PK;
|
||||
endif;
|
||||
text
|
||||
help = STRING_TOKEN(STR_NULL),
|
||||
text = STRING_TOKEN(STR_DELETE_KEYS_SELECTION),
|
||||
flags = INTERACTIVE,
|
||||
key = KEY_SECURE_BOOT_DELETE_PK;
|
||||
|
||||
subtitle text = STRING_TOKEN(STR_NULL);
|
||||
|
||||
//
|
||||
// Display of Check Box: 'Delete Pk'
|
||||
//
|
||||
grayoutif ideqval SECUREBOOT_CONFIGURATION.HideSecureBoot == 1;
|
||||
checkbox varid = SECUREBOOT_CONFIGURATION.DeletePk,
|
||||
questionid = KEY_SECURE_BOOT_DELETE_PK,
|
||||
prompt = STRING_TOKEN(STR_DELETE_PK),
|
||||
help = STRING_TOKEN(STR_DELETE_PK_HELP),
|
||||
flags = INTERACTIVE | RESET_REQUIRED,
|
||||
endcheckbox;
|
||||
endif;
|
||||
goto SECUREBOOT_CONFIGURATION_FORM_ID,
|
||||
prompt = STRING_TOKEN(STR_CANCEL),
|
||||
help = STRING_TOKEN(STR_NULL);
|
||||
endform;
|
||||
|
||||
//
|
||||
// ##4 Form: 'Enroll PK'
|
||||
//
|
||||
form formid = FORMID_ENROLL_PK_FORM,
|
||||
title = STRING_TOKEN(STR_ENROLL_PK);
|
||||
form formid = FORMID_RESTORE_KEYS,
|
||||
title = STRING_TOKEN(STR_SECUREBOOT_TITLE);
|
||||
|
||||
subtitle text = STRING_TOKEN(STR_RESTORE_KEYS_NOTICE);
|
||||
subtitle text = STRING_TOKEN(STR_NULL);
|
||||
|
||||
goto FORMID_ENROLL_PK_FORM,
|
||||
prompt = STRING_TOKEN(STR_SECURE_BOOT_ENROLL_PK_FILE),
|
||||
help = STRING_TOKEN(STR_SECURE_BOOT_ENROLL_PK_FILE),
|
||||
flags = INTERACTIVE,
|
||||
key = FORMID_ENROLL_PK_FORM;
|
||||
|
||||
subtitle text = STRING_TOKEN(STR_NULL);
|
||||
label FORMID_ENROLL_PK_FORM;
|
||||
label LABEL_END;
|
||||
subtitle text = STRING_TOKEN(STR_NULL);
|
||||
|
||||
goto FORMID_SECURE_BOOT_OPTION_FORM,
|
||||
prompt = STRING_TOKEN(STR_SAVE_AND_EXIT),
|
||||
help = STRING_TOKEN(STR_SAVE_AND_EXIT),
|
||||
flags = INTERACTIVE| RESET_REQUIRED,
|
||||
key = KEY_VALUE_SAVE_AND_EXIT_PK;
|
||||
|
||||
goto FORMID_SECURE_BOOT_OPTION_FORM,
|
||||
prompt = STRING_TOKEN(STR_NO_SAVE_AND_EXIT),
|
||||
help = STRING_TOKEN(STR_NO_SAVE_AND_EXIT),
|
||||
flags = INTERACTIVE,
|
||||
key = KEY_VALUE_NO_SAVE_AND_EXIT_PK;
|
||||
|
||||
endform;
|
||||
|
||||
//
|
||||
// ##5 Form: 'KEK Options'
|
||||
//
|
||||
form formid = FORMID_SECURE_BOOT_KEK_OPTION_FORM,
|
||||
title = STRING_TOKEN(STR_SECURE_BOOT_KEK_OPTION);
|
||||
|
||||
//
|
||||
// Display of 'Enroll KEK'
|
||||
//
|
||||
goto FORMID_ENROLL_KEK_FORM,
|
||||
prompt = STRING_TOKEN(STR_ENROLL_KEK),
|
||||
help = STRING_TOKEN(STR_ENROLL_KEK_HELP),
|
||||
flags = INTERACTIVE;
|
||||
|
||||
subtitle text = STRING_TOKEN(STR_NULL);
|
||||
|
||||
//
|
||||
// Display of 'Delete KEK'
|
||||
//
|
||||
goto FORMID_DELETE_KEK_FORM,
|
||||
prompt = STRING_TOKEN(STR_DELETE_KEK),
|
||||
help = STRING_TOKEN(STR_DELETE_KEK_HELP),
|
||||
flags = INTERACTIVE,
|
||||
key = KEY_DELETE_KEK;
|
||||
|
||||
subtitle text = STRING_TOKEN(STR_NULL);
|
||||
endform;
|
||||
|
||||
//
|
||||
// ##6 Form: 'Enroll KEK'
|
||||
//
|
||||
form formid = FORMID_ENROLL_KEK_FORM,
|
||||
title = STRING_TOKEN(STR_ENROLL_KEK_TITLE);
|
||||
|
||||
subtitle text = STRING_TOKEN(STR_NULL);
|
||||
|
||||
goto FORMID_ENROLL_KEK_FORM,
|
||||
prompt = STRING_TOKEN(STR_FORM_ENROLL_KEK_FROM_FILE_TITLE),
|
||||
help = STRING_TOKEN(STR_FORM_ENROLL_KEK_FROM_FILE_TITLE_HELP),
|
||||
flags = INTERACTIVE,
|
||||
key = FORMID_ENROLL_KEK_FORM;
|
||||
|
||||
subtitle text = STRING_TOKEN(STR_NULL);
|
||||
label FORMID_ENROLL_KEK_FORM;
|
||||
label LABEL_END;
|
||||
subtitle text = STRING_TOKEN(STR_NULL);
|
||||
|
||||
string varid = SECUREBOOT_CONFIGURATION.SignatureGuid,
|
||||
prompt = STRING_TOKEN(STR_SECURE_BOOT_SIGNATURE_GUID),
|
||||
help = STRING_TOKEN(STR_SECURE_BOOT_SIGNATURE_GUID_HELP),
|
||||
flags = INTERACTIVE,
|
||||
key = KEY_SECURE_BOOT_KEK_GUID,
|
||||
minsize = SECURE_BOOT_GUID_SIZE,
|
||||
maxsize = SECURE_BOOT_GUID_SIZE,
|
||||
endstring;
|
||||
|
||||
subtitle text = STRING_TOKEN(STR_NULL);
|
||||
subtitle text = STRING_TOKEN(STR_NULL);
|
||||
|
||||
goto FORMID_SECURE_BOOT_OPTION_FORM,
|
||||
prompt = STRING_TOKEN(STR_SAVE_AND_EXIT),
|
||||
help = STRING_TOKEN(STR_SAVE_AND_EXIT),
|
||||
flags = INTERACTIVE,
|
||||
key = KEY_VALUE_SAVE_AND_EXIT_KEK;
|
||||
|
||||
goto FORMID_SECURE_BOOT_OPTION_FORM,
|
||||
prompt = STRING_TOKEN(STR_NO_SAVE_AND_EXIT),
|
||||
help = STRING_TOKEN(STR_NO_SAVE_AND_EXIT),
|
||||
flags = INTERACTIVE,
|
||||
key = KEY_VALUE_NO_SAVE_AND_EXIT_KEK;
|
||||
|
||||
endform;
|
||||
|
||||
//
|
||||
// ##7 Form: 'Delete KEK'
|
||||
//
|
||||
form formid = FORMID_DELETE_KEK_FORM,
|
||||
title = STRING_TOKEN(STR_DELETE_KEK_TITLE);
|
||||
|
||||
label LABEL_KEK_DELETE;
|
||||
label LABEL_END;
|
||||
|
||||
subtitle text = STRING_TOKEN(STR_NULL);
|
||||
|
||||
endform;
|
||||
|
||||
//
|
||||
// ##8 Form: 'DB Options'
|
||||
//
|
||||
form formid = FORMID_SECURE_BOOT_DB_OPTION_FORM,
|
||||
title = STRING_TOKEN(STR_SECURE_BOOT_DB_OPTION);
|
||||
|
||||
subtitle text = STRING_TOKEN(STR_NULL);
|
||||
|
||||
goto SECUREBOOT_ENROLL_SIGNATURE_TO_DB,
|
||||
prompt = STRING_TOKEN (STR_SECURE_BOOT_ENROLL_SIGNATURE),
|
||||
help = STRING_TOKEN (STR_SECURE_BOOT_ENROLL_SIGNATURE),
|
||||
flags = 0;
|
||||
|
||||
subtitle text = STRING_TOKEN(STR_NULL);
|
||||
|
||||
goto SECUREBOOT_DELETE_SIGNATURE_FROM_DB,
|
||||
prompt = STRING_TOKEN (STR_SECURE_BOOT_DELETE_SIGNATURE),
|
||||
help = STRING_TOKEN (STR_SECURE_BOOT_DELETE_SIGNATURE),
|
||||
flags = INTERACTIVE,
|
||||
key = SECUREBOOT_DELETE_SIGNATURE_FROM_DB;
|
||||
|
||||
endform;
|
||||
|
||||
//
|
||||
// ##9 Form: 'DBX Options'
|
||||
//
|
||||
form formid = FORMID_SECURE_BOOT_DBX_OPTION_FORM,
|
||||
title = STRING_TOKEN(STR_SECURE_BOOT_DBX_OPTION);
|
||||
|
||||
subtitle text = STRING_TOKEN(STR_NULL);
|
||||
|
||||
goto SECUREBOOT_ENROLL_SIGNATURE_TO_DBX,
|
||||
prompt = STRING_TOKEN (STR_SECURE_BOOT_ENROLL_SIGNATURE),
|
||||
help = STRING_TOKEN (STR_SECURE_BOOT_ENROLL_SIGNATURE),
|
||||
flags = 0;
|
||||
|
||||
subtitle text = STRING_TOKEN(STR_NULL);
|
||||
|
||||
goto SECUREBOOT_DELETE_SIGNATURE_LIST_FORM,
|
||||
prompt = STRING_TOKEN (STR_SECURE_BOOT_DELETE_SIGNATURE),
|
||||
help = STRING_TOKEN (STR_SECURE_BOOT_DELETE_SIGNATURE),
|
||||
flags = INTERACTIVE,
|
||||
key = KEY_VALUE_FROM_DBX_TO_LIST_FORM;
|
||||
|
||||
endform;
|
||||
|
||||
//
|
||||
// ##9 Form: 'DBT Options'
|
||||
//
|
||||
form formid = FORMID_SECURE_BOOT_DBT_OPTION_FORM,
|
||||
title = STRING_TOKEN(STR_SECURE_BOOT_DBT_OPTION);
|
||||
|
||||
subtitle text = STRING_TOKEN(STR_NULL);
|
||||
|
||||
goto SECUREBOOT_ENROLL_SIGNATURE_TO_DBT,
|
||||
prompt = STRING_TOKEN (STR_SECURE_BOOT_ENROLL_SIGNATURE),
|
||||
help = STRING_TOKEN (STR_SECURE_BOOT_ENROLL_SIGNATURE),
|
||||
flags = 0;
|
||||
|
||||
subtitle text = STRING_TOKEN(STR_NULL);
|
||||
|
||||
goto SECUREBOOT_DELETE_SIGNATURE_FROM_DBT,
|
||||
prompt = STRING_TOKEN (STR_SECURE_BOOT_DELETE_SIGNATURE),
|
||||
help = STRING_TOKEN (STR_SECURE_BOOT_DELETE_SIGNATURE),
|
||||
flags = INTERACTIVE,
|
||||
key = SECUREBOOT_DELETE_SIGNATURE_FROM_DBT;
|
||||
|
||||
endform;
|
||||
|
||||
//
|
||||
// Form: 'Delete Signature' for DB Options.
|
||||
//
|
||||
form formid = SECUREBOOT_DELETE_SIGNATURE_FROM_DB,
|
||||
title = STRING_TOKEN(STR_SECURE_BOOT_DELETE_SIGNATURE);
|
||||
|
||||
label LABEL_DB_DELETE;
|
||||
label LABEL_END;
|
||||
subtitle text = STRING_TOKEN(STR_NULL);
|
||||
|
||||
endform;
|
||||
|
||||
//
|
||||
// Form: Display Signature List.
|
||||
//
|
||||
form formid = SECUREBOOT_DELETE_SIGNATURE_LIST_FORM,
|
||||
title = STRING_TOKEN(STR_SECURE_BOOT_DELETE_LIST_FORM);
|
||||
|
||||
subtitle text = STRING_TOKEN(STR_NULL);
|
||||
|
||||
grayoutif ideqval SECUREBOOT_CONFIGURATION.ListCount == 0;
|
||||
label LABEL_DELETE_ALL_LIST_BUTTON;
|
||||
//
|
||||
// Will create a goto button dynamically here.
|
||||
//
|
||||
label LABEL_END;
|
||||
endif;
|
||||
|
||||
subtitle text = STRING_TOKEN(STR_NULL);
|
||||
label LABEL_SIGNATURE_LIST_START;
|
||||
label LABEL_END;
|
||||
subtitle text = STRING_TOKEN(STR_NULL);
|
||||
|
||||
endform;
|
||||
|
||||
//
|
||||
// Form: Display Signature Data.
|
||||
//
|
||||
form formid = SECUREBOOT_DELETE_SIGNATURE_DATA_FORM,
|
||||
title = STRING_TOKEN(STR_SECURE_BOOT_DELETE_DATA_FORM);
|
||||
|
||||
subtitle text = STRING_TOKEN(STR_NULL);
|
||||
|
||||
goto SECUREBOOT_DELETE_SIGNATURE_LIST_FORM,
|
||||
prompt = STRING_TOKEN(STR_SECURE_BOOT_DELETE_ALL_DATA),
|
||||
help = STRING_TOKEN(STR_SECURE_BOOT_DELETE_ALL_DATA_HELP),
|
||||
flags = INTERACTIVE,
|
||||
key = KEY_SECURE_BOOT_DELETE_ALL_DATA;
|
||||
|
||||
grayoutif ideqval SECUREBOOT_CONFIGURATION.CheckedDataCount == 0;
|
||||
goto SECUREBOOT_DELETE_SIGNATURE_LIST_FORM,
|
||||
prompt = STRING_TOKEN(STR_SECURE_BOOT_DELETE_CHECK_DATA),
|
||||
help = STRING_TOKEN(STR_SECURE_BOOT_DELETE_CHECK_DATA_HELP),
|
||||
flags = INTERACTIVE,
|
||||
key = KEY_SECURE_BOOT_DELETE_CHECK_DATA;
|
||||
endif;
|
||||
|
||||
subtitle text = STRING_TOKEN(STR_NULL);
|
||||
label LABEL_SIGNATURE_DATA_START;
|
||||
label LABEL_END;
|
||||
subtitle text = STRING_TOKEN(STR_NULL);
|
||||
|
||||
endform;
|
||||
|
||||
|
||||
//
|
||||
// Form: 'Delete Signature' for DBT Options.
|
||||
//
|
||||
form formid = SECUREBOOT_DELETE_SIGNATURE_FROM_DBT,
|
||||
title = STRING_TOKEN(STR_SECURE_BOOT_DELETE_SIGNATURE);
|
||||
|
||||
label LABEL_DBT_DELETE;
|
||||
label LABEL_END;
|
||||
subtitle text = STRING_TOKEN(STR_NULL);
|
||||
|
||||
endform;
|
||||
|
||||
//
|
||||
// Form: 'Enroll Signature' for DB options.
|
||||
//
|
||||
form formid = SECUREBOOT_ENROLL_SIGNATURE_TO_DB,
|
||||
title = STRING_TOKEN(STR_SECURE_BOOT_ENROLL_SIGNATURE);
|
||||
|
||||
subtitle text = STRING_TOKEN(STR_NULL);
|
||||
|
||||
goto SECUREBOOT_ENROLL_SIGNATURE_TO_DB,
|
||||
prompt = STRING_TOKEN(STR_SECURE_BOOT_ADD_SIGNATURE_FILE),
|
||||
help = STRING_TOKEN(STR_SECURE_BOOT_ADD_SIGNATURE_FILE),
|
||||
flags = INTERACTIVE,
|
||||
key = SECUREBOOT_ENROLL_SIGNATURE_TO_DB;
|
||||
|
||||
subtitle text = STRING_TOKEN(STR_NULL);
|
||||
label SECUREBOOT_ENROLL_SIGNATURE_TO_DB;
|
||||
label LABEL_END;
|
||||
subtitle text = STRING_TOKEN(STR_NULL);
|
||||
|
||||
string varid = SECUREBOOT_CONFIGURATION.SignatureGuid,
|
||||
prompt = STRING_TOKEN(STR_SECURE_BOOT_SIGNATURE_GUID),
|
||||
help = STRING_TOKEN(STR_SECURE_BOOT_SIGNATURE_GUID_HELP),
|
||||
flags = INTERACTIVE,
|
||||
key = KEY_SECURE_BOOT_SIGNATURE_GUID_DB,
|
||||
minsize = SECURE_BOOT_GUID_SIZE,
|
||||
maxsize = SECURE_BOOT_GUID_SIZE,
|
||||
endstring;
|
||||
|
||||
subtitle text = STRING_TOKEN(STR_NULL);
|
||||
subtitle text = STRING_TOKEN(STR_NULL);
|
||||
|
||||
goto FORMID_SECURE_BOOT_OPTION_FORM,
|
||||
prompt = STRING_TOKEN(STR_SAVE_AND_EXIT),
|
||||
help = STRING_TOKEN(STR_SAVE_AND_EXIT),
|
||||
flags = INTERACTIVE,
|
||||
key = KEY_VALUE_SAVE_AND_EXIT_DB;
|
||||
|
||||
goto FORMID_SECURE_BOOT_OPTION_FORM,
|
||||
prompt = STRING_TOKEN(STR_NO_SAVE_AND_EXIT),
|
||||
help = STRING_TOKEN(STR_NO_SAVE_AND_EXIT),
|
||||
flags = INTERACTIVE,
|
||||
key = KEY_VALUE_NO_SAVE_AND_EXIT_DB;
|
||||
|
||||
endform;
|
||||
|
||||
//
|
||||
// Form: 'Enroll Signature' for DBX options.
|
||||
//
|
||||
form formid = SECUREBOOT_ENROLL_SIGNATURE_TO_DBX,
|
||||
title = STRING_TOKEN(STR_SECURE_BOOT_ENROLL_SIGNATURE);
|
||||
|
||||
subtitle text = STRING_TOKEN(STR_NULL);
|
||||
|
||||
goto SECUREBOOT_ENROLL_SIGNATURE_TO_DBX,
|
||||
prompt = STRING_TOKEN(STR_SECURE_BOOT_ADD_SIGNATURE_FILE),
|
||||
help = STRING_TOKEN(STR_SECURE_BOOT_ADD_SIGNATURE_FILE),
|
||||
flags = INTERACTIVE,
|
||||
key = SECUREBOOT_ENROLL_SIGNATURE_TO_DBX;
|
||||
|
||||
label SECUREBOOT_ENROLL_SIGNATURE_TO_DBX;
|
||||
label LABEL_END;
|
||||
subtitle text = STRING_TOKEN(STR_NULL);
|
||||
|
||||
grayoutif ideqval SECUREBOOT_CONFIGURATION.FileEnrollType == 3;
|
||||
string varid = SECUREBOOT_CONFIGURATION.SignatureGuid,
|
||||
prompt = STRING_TOKEN(STR_SECURE_BOOT_SIGNATURE_GUID),
|
||||
help = STRING_TOKEN(STR_SECURE_BOOT_SIGNATURE_GUID_HELP),
|
||||
flags = INTERACTIVE,
|
||||
key = KEY_SECURE_BOOT_SIGNATURE_GUID_DBX,
|
||||
minsize = SECURE_BOOT_GUID_SIZE,
|
||||
maxsize = SECURE_BOOT_GUID_SIZE,
|
||||
endstring;
|
||||
endif;
|
||||
|
||||
disableif NOT ideqval SECUREBOOT_CONFIGURATION.FileEnrollType == 1;
|
||||
oneof name = X509SignatureFormatInDbx,
|
||||
varid = SECUREBOOT_CONFIGURATION.CertificateFormat,
|
||||
prompt = STRING_TOKEN(STR_DBX_CERTIFICATE_FORMAT_PROMPT),
|
||||
help = STRING_TOKEN(STR_DBX_CERTIFICATE_FORMAT_HELP),
|
||||
option text = STRING_TOKEN(STR_DBX_CERTIFICATE_FORMAT_SHA256), value = 0x1, flags = DEFAULT;
|
||||
option text = STRING_TOKEN(STR_DBX_CERTIFICATE_FORMAT_SHA384), value = 0x2, flags = 0;
|
||||
option text = STRING_TOKEN(STR_DBX_CERTIFICATE_FORMAT_SHA512), value = 0x3, flags = 0;
|
||||
option text = STRING_TOKEN(STR_DBX_CERTIFICATE_FORMAT_RAW), value = 0x4, flags = 0;
|
||||
endoneof;
|
||||
endif;
|
||||
|
||||
disableif NOT ideqval SECUREBOOT_CONFIGURATION.FileEnrollType == 2;
|
||||
text
|
||||
help = STRING_TOKEN(STR_DBX_PE_IMAGE_FORMAT_HELP), // Help string
|
||||
text = STRING_TOKEN(STR_DBX_CERTIFICATE_FORMAT_PROMPT), // Prompt string
|
||||
text = STRING_TOKEN(STR_DBX_PE_FORMAT_SHA256); // PE image type
|
||||
endif;
|
||||
|
||||
disableif NOT ideqval SECUREBOOT_CONFIGURATION.FileEnrollType == 3;
|
||||
text
|
||||
help = STRING_TOKEN(STR_DBX_AUTH_2_FORMAT_HELP), // Help string
|
||||
text = STRING_TOKEN(STR_DBX_CERTIFICATE_FORMAT_PROMPT), // Prompt string
|
||||
text = STRING_TOKEN(STR_DBX_AUTH_2_FORMAT); // AUTH_2 image type
|
||||
endif;
|
||||
|
||||
suppressif ideqval SECUREBOOT_CONFIGURATION.CertificateFormat == 4;
|
||||
checkbox varid = SECUREBOOT_CONFIGURATION.AlwaysRevocation,
|
||||
prompt = STRING_TOKEN(STR_ALWAYS_CERTIFICATE_REVOCATION_PROMPT),
|
||||
help = STRING_TOKEN(STR_ALWAYS_CERTIFICATE_REVOCATION_HELP),
|
||||
flags = INTERACTIVE,
|
||||
endcheckbox;
|
||||
|
||||
suppressif ideqval SECUREBOOT_CONFIGURATION.AlwaysRevocation == 1;
|
||||
date varid = SECUREBOOT_CONFIGURATION.RevocationDate,
|
||||
prompt = STRING_TOKEN(STR_CERTIFICATE_REVOCATION_DATE_PROMPT),
|
||||
help = STRING_TOKEN(STR_CERTIFICATE_REVOCATION_DATE_HELP),
|
||||
flags = STORAGE_NORMAL,
|
||||
enddate;
|
||||
|
||||
time varid = SECUREBOOT_CONFIGURATION.RevocationTime,
|
||||
prompt = STRING_TOKEN(STR_CERTIFICATE_REVOCATION_TIME_PROMPT),
|
||||
help = STRING_TOKEN(STR_CERTIFICATE_REVOCATION_TIME_HELP),
|
||||
flags = STORAGE_NORMAL,
|
||||
endtime;
|
||||
endif;
|
||||
endif;
|
||||
|
||||
subtitle text = STRING_TOKEN(STR_NULL);
|
||||
subtitle text = STRING_TOKEN(STR_NULL);
|
||||
|
||||
goto FORMID_SECURE_BOOT_OPTION_FORM,
|
||||
prompt = STRING_TOKEN(STR_SAVE_AND_EXIT),
|
||||
help = STRING_TOKEN(STR_SAVE_AND_EXIT),
|
||||
flags = INTERACTIVE,
|
||||
key = KEY_VALUE_SAVE_AND_EXIT_DBX;
|
||||
|
||||
goto FORMID_SECURE_BOOT_OPTION_FORM,
|
||||
prompt = STRING_TOKEN(STR_NO_SAVE_AND_EXIT),
|
||||
help = STRING_TOKEN(STR_NO_SAVE_AND_EXIT),
|
||||
flags = INTERACTIVE,
|
||||
key = KEY_VALUE_NO_SAVE_AND_EXIT_DBX;
|
||||
|
||||
endform;
|
||||
|
||||
//
|
||||
// Form: 'Enroll Signature' for DBT options.
|
||||
//
|
||||
form formid = SECUREBOOT_ENROLL_SIGNATURE_TO_DBT,
|
||||
title = STRING_TOKEN(STR_SECURE_BOOT_ENROLL_SIGNATURE);
|
||||
|
||||
subtitle text = STRING_TOKEN(STR_NULL);
|
||||
|
||||
goto SECUREBOOT_ENROLL_SIGNATURE_TO_DBT,
|
||||
prompt = STRING_TOKEN(STR_SECURE_BOOT_ADD_SIGNATURE_FILE),
|
||||
help = STRING_TOKEN(STR_SECURE_BOOT_ADD_SIGNATURE_FILE),
|
||||
flags = INTERACTIVE,
|
||||
key = SECUREBOOT_ENROLL_SIGNATURE_TO_DBT;
|
||||
|
||||
subtitle text = STRING_TOKEN(STR_NULL);
|
||||
label SECUREBOOT_ENROLL_SIGNATURE_TO_DBT;
|
||||
label LABEL_END;
|
||||
subtitle text = STRING_TOKEN(STR_NULL);
|
||||
|
||||
string varid = SECUREBOOT_CONFIGURATION.SignatureGuid,
|
||||
prompt = STRING_TOKEN(STR_SECURE_BOOT_SIGNATURE_GUID),
|
||||
help = STRING_TOKEN(STR_SECURE_BOOT_SIGNATURE_GUID_HELP),
|
||||
flags = INTERACTIVE,
|
||||
key = KEY_SECURE_BOOT_SIGNATURE_GUID_DBT,
|
||||
minsize = SECURE_BOOT_GUID_SIZE,
|
||||
maxsize = SECURE_BOOT_GUID_SIZE,
|
||||
endstring;
|
||||
|
||||
subtitle text = STRING_TOKEN(STR_NULL);
|
||||
subtitle text = STRING_TOKEN(STR_NULL);
|
||||
|
||||
goto FORMID_SECURE_BOOT_OPTION_FORM,
|
||||
prompt = STRING_TOKEN(STR_SAVE_AND_EXIT),
|
||||
help = STRING_TOKEN(STR_SAVE_AND_EXIT),
|
||||
flags = INTERACTIVE,
|
||||
key = KEY_VALUE_SAVE_AND_EXIT_DBT;
|
||||
|
||||
goto FORMID_SECURE_BOOT_OPTION_FORM,
|
||||
prompt = STRING_TOKEN(STR_NO_SAVE_AND_EXIT),
|
||||
help = STRING_TOKEN(STR_NO_SAVE_AND_EXIT),
|
||||
flags = INTERACTIVE,
|
||||
key = KEY_VALUE_NO_SAVE_AND_EXIT_DBT;
|
||||
|
||||
text
|
||||
help = STRING_TOKEN(STR_NULL),
|
||||
text = STRING_TOKEN(STR_RESTORE_KEYS_SELECTION),
|
||||
flags = INTERACTIVE,
|
||||
key = KEY_RESTORE_KEYS;
|
||||
|
||||
goto SECUREBOOT_CONFIGURATION_FORM_ID,
|
||||
prompt = STRING_TOKEN(STR_CANCEL),
|
||||
help = STRING_TOKEN(STR_NULL);
|
||||
endform;
|
||||
|
||||
endformset;
|
||||
|
||||
@@ -3142,9 +3142,9 @@ UpdateSecureBootString(
|
||||
}
|
||||
|
||||
if (*SecureBoot == SECURE_BOOT_MODE_ENABLE) {
|
||||
HiiSetString (Private->HiiHandle, STRING_TOKEN (STR_SECURE_BOOT_STATE_CONTENT), L"Enabled", NULL);
|
||||
HiiSetString (Private->HiiHandle, STRING_TOKEN (STR_SECURE_BOOT_STATE_PROMPT), L"Secure Boot state: Enabled", NULL);
|
||||
} else {
|
||||
HiiSetString (Private->HiiHandle, STRING_TOKEN (STR_SECURE_BOOT_STATE_CONTENT), L"Disabled", NULL);
|
||||
HiiSetString (Private->HiiHandle, STRING_TOKEN (STR_SECURE_BOOT_STATE_PROMPT), L"Secure Boot state: Disabled", NULL);
|
||||
}
|
||||
|
||||
FreePool(SecureBoot);
|
||||
@@ -4324,7 +4324,7 @@ SecureBootCallback (
|
||||
UINT8 *SecureBootEnable;
|
||||
UINT8 *Pk;
|
||||
UINT8 *SecureBootMode;
|
||||
UINT8 *SetupMode;
|
||||
//UINT8 *SetupMode;
|
||||
CHAR16 PromptString[100];
|
||||
EFI_DEVICE_PATH_PROTOCOL *File;
|
||||
UINTN NameLength;
|
||||
@@ -4332,13 +4332,11 @@ SecureBootCallback (
|
||||
SECUREBOOT_CONFIG_PRIVATE_DATA *PrivateData;
|
||||
BOOLEAN GetBrowserDataResult;
|
||||
ENROLL_KEY_ERROR EnrollKeyErrorCode;
|
||||
EFI_HII_POPUP_PROTOCOL *HiiPopup;
|
||||
EFI_HII_POPUP_SELECTION UserSelection;
|
||||
|
||||
Status = EFI_SUCCESS;
|
||||
SecureBootEnable = NULL;
|
||||
SecureBootMode = NULL;
|
||||
SetupMode = NULL;
|
||||
//SetupMode = NULL;
|
||||
File = NULL;
|
||||
EnrollKeyErrorCode = None_Error;
|
||||
|
||||
@@ -4414,27 +4412,14 @@ SecureBootCallback (
|
||||
if (Action == EFI_BROWSER_ACTION_CHANGING) {
|
||||
|
||||
switch (QuestionId) {
|
||||
case KEY_SECURE_BOOT_ENABLE:
|
||||
//case KEY_SECURE_BOOT_ENABLE:
|
||||
case KEY_SECURE_BOOT_STATE_ENABLE:
|
||||
GetVariable2 (EFI_SECURE_BOOT_ENABLE_NAME, &gEfiSecureBootEnableDisableGuid, (VOID**)&SecureBootEnable, NULL);
|
||||
if (NULL != SecureBootEnable) {
|
||||
FreePool (SecureBootEnable);
|
||||
if (EFI_ERROR (SaveSecureBootVariable (Value->u8))) {
|
||||
CreatePopUp (
|
||||
EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE,
|
||||
&Key,
|
||||
L"Only Physical Presence User could disable secure boot!",
|
||||
NULL
|
||||
);
|
||||
Status = EFI_UNSUPPORTED;
|
||||
} else {
|
||||
CreatePopUp (
|
||||
EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE,
|
||||
&Key,
|
||||
L"Configuration changed, please reset the platform to take effect!",
|
||||
NULL
|
||||
);
|
||||
}
|
||||
}
|
||||
Status = SaveSecureBootVariable(1);
|
||||
break;
|
||||
case KEY_SECURE_BOOT_STATE_DISABLE:
|
||||
GetVariable2 (EFI_SECURE_BOOT_ENABLE_NAME, &gEfiSecureBootEnableDisableGuid, (VOID**)&SecureBootEnable, NULL);
|
||||
Status = SaveSecureBootVariable(0);
|
||||
break;
|
||||
|
||||
case KEY_SECURE_BOOT_KEK_OPTION:
|
||||
@@ -4534,26 +4519,7 @@ SecureBootCallback (
|
||||
break;
|
||||
|
||||
case KEY_SECURE_BOOT_DELETE_PK:
|
||||
if (Value->u8) {
|
||||
CreatePopUp (
|
||||
EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE,
|
||||
&Key,
|
||||
L"Are you sure you want to delete PK? Secure boot will be disabled!",
|
||||
L"Press 'Y' to delete PK and exit, 'N' to discard change and return",
|
||||
NULL
|
||||
);
|
||||
if (Key.UnicodeChar == 'y' || Key.UnicodeChar == 'Y') {
|
||||
Status = DeletePlatformKey ();
|
||||
if (EFI_ERROR (Status)) {
|
||||
CreatePopUp (
|
||||
EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE,
|
||||
&Key,
|
||||
L"Only Physical Presence User could delete PK in custom mode!",
|
||||
NULL
|
||||
);
|
||||
}
|
||||
}
|
||||
}
|
||||
Status = DeletePlatformKey();
|
||||
break;
|
||||
|
||||
case KEY_DELETE_KEK:
|
||||
@@ -4850,8 +4816,12 @@ SecureBootCallback (
|
||||
}
|
||||
} else if (Action == EFI_BROWSER_ACTION_CHANGED) {
|
||||
switch (QuestionId) {
|
||||
case KEY_SECURE_BOOT_ENABLE:
|
||||
//case KEY_SECURE_BOOT_ENABLE:
|
||||
case KEY_SECURE_BOOT_STATE_ENABLE:
|
||||
case KEY_SECURE_BOOT_STATE_DISABLE:
|
||||
*ActionRequest = EFI_BROWSER_ACTION_REQUEST_FORM_APPLY;
|
||||
// XXX: Is this safe?
|
||||
gRT->ResetSystem(EfiResetCold, Status, 0, NULL);
|
||||
break;
|
||||
case KEY_SECURE_BOOT_MODE:
|
||||
mIsEnterSecureBootForm = FALSE;
|
||||
@@ -4870,45 +4840,33 @@ SecureBootCallback (
|
||||
*ActionRequest = EFI_BROWSER_ACTION_REQUEST_FORM_APPLY;
|
||||
break;
|
||||
case KEY_SECURE_BOOT_DELETE_PK:
|
||||
GetVariable2 (EFI_SETUP_MODE_NAME, &gEfiGlobalVariableGuid, (VOID**)&SetupMode, NULL);
|
||||
if (SetupMode == NULL || (*SetupMode) == SETUP_MODE) {
|
||||
IfrNvData->DeletePk = TRUE;
|
||||
IfrNvData->HasPk = FALSE;
|
||||
*ActionRequest = EFI_BROWSER_ACTION_REQUEST_SUBMIT;
|
||||
} else {
|
||||
IfrNvData->DeletePk = FALSE;
|
||||
IfrNvData->HasPk = TRUE;
|
||||
*ActionRequest = EFI_BROWSER_ACTION_REQUEST_FORM_APPLY;
|
||||
}
|
||||
if (SetupMode != NULL) {
|
||||
FreePool (SetupMode);
|
||||
//GetVariable2 (EFI_SETUP_MODE_NAME, &gEfiGlobalVariableGuid, (VOID**)&SetupMode, NULL);
|
||||
//if (SetupMode == NULL || (*SetupMode) == SETUP_MODE) {
|
||||
// IfrNvData->DeletePk = TRUE;
|
||||
// IfrNvData->HasPk = FALSE;
|
||||
// *ActionRequest = EFI_BROWSER_ACTION_REQUEST_SUBMIT;
|
||||
//} else {
|
||||
// IfrNvData->DeletePk = FALSE;
|
||||
// IfrNvData->HasPk = TRUE;
|
||||
// *ActionRequest = EFI_BROWSER_ACTION_REQUEST_FORM_APPLY;
|
||||
//}
|
||||
//if (SetupMode != NULL) {
|
||||
// FreePool (SetupMode);
|
||||
//}
|
||||
// XXX: Is this safe?
|
||||
gRT->ResetSystem(EfiResetCold, Status, 0, NULL);
|
||||
break;
|
||||
//case KEY_SECURE_BOOT_RESET_TO_DEFAULT:
|
||||
case KEY_RESTORE_KEYS:
|
||||
Status = KeyEnrollReset();
|
||||
// Update secure boot strings after key reset
|
||||
if (Status == EFI_SUCCESS) {
|
||||
Status = UpdateSecureBootString(Private);
|
||||
SecureBootExtractConfigFromVariable(Private, IfrNvData);
|
||||
// XXX: Is this safe?
|
||||
gRT->ResetSystem(EfiResetCold, Status, 0, NULL);
|
||||
}
|
||||
break;
|
||||
case KEY_SECURE_BOOT_RESET_TO_DEFAULT:
|
||||
{
|
||||
Status = gBS->LocateProtocol (&gEfiHiiPopupProtocolGuid, NULL, (VOID **) &HiiPopup);
|
||||
if (EFI_ERROR (Status)) {
|
||||
return Status;
|
||||
}
|
||||
Status = HiiPopup->CreatePopup (
|
||||
HiiPopup,
|
||||
EfiHiiPopupStyleInfo,
|
||||
EfiHiiPopupTypeYesNo,
|
||||
Private->HiiHandle,
|
||||
STRING_TOKEN (STR_RESET_TO_DEFAULTS_POPUP),
|
||||
&UserSelection
|
||||
);
|
||||
if (UserSelection == EfiHiiPopupSelectionYes) {
|
||||
Status = KeyEnrollReset ();
|
||||
}
|
||||
//
|
||||
// Update secure boot strings after key reset
|
||||
//
|
||||
if (Status == EFI_SUCCESS) {
|
||||
Status = UpdateSecureBootString (Private);
|
||||
SecureBootExtractConfigFromVariable (Private, IfrNvData);
|
||||
}
|
||||
}
|
||||
default:
|
||||
break;
|
||||
}
|
||||
|
||||
@@ -119,6 +119,15 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
|
||||
#define PE_IMAGE_FILE_TYPE 2
|
||||
#define AUTHENTICATION_2_FILE_TYPE 3
|
||||
|
||||
#define FORMID_SECURE_BOOT_ENABLE 0x101
|
||||
#define FORMID_SECURE_BOOT_DISABLE 0x102
|
||||
#define FORMID_DELETE_KEYS 0x103
|
||||
#define FORMID_RESTORE_KEYS 0x104
|
||||
#define KEY_SECURE_BOOT_STATE_ENABLE 0x1120
|
||||
#define KEY_SECURE_BOOT_STATE_DISABLE 0x1121
|
||||
#define KEY_DELETE_KEYS 0x1122
|
||||
#define KEY_RESTORE_KEYS 0x1123
|
||||
|
||||
//
|
||||
// Nv Data structure referenced by IFR
|
||||
//
|
||||
|
||||
@@ -138,3 +138,18 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
|
||||
#string STR_SIGNATURE_DATA_HELP_FORMAT_TIME #language en-US "Revocation Time:\n%s"
|
||||
|
||||
#string STR_SIGNATURE_DELETE_ALL_CONFIRM #language en-US "Press 'Y' to delete all signature List."
|
||||
|
||||
#string STR_SECURE_BOOT_ENABLE_PROMPT #language en-US "Enable Secure Boot"
|
||||
#string STR_SECURE_BOOT_DISABLE_PROMPT #language en-US "Disable Secure Boot"
|
||||
#string STR_DELETE_KEYS_PROMPT #language en-US "Delete System76 and Microsoft keys (Use your own)"
|
||||
#string STR_RESTORE_KEYS_PROMPT #language en-US "Restore System76 and Microsoft keys"
|
||||
|
||||
#string STR_ENABLE_NOTICE #language en-US "An operating system that includes Secure Boot support is required.\r\nDisable Secure Boot if your operating system does not boot."
|
||||
#string STR_ENABLE_SELECTION #language en-US "Enable Secure Boot and reboot"
|
||||
#string STR_DISABLE_NOTICE #language en-US "Disabling Secure Boot allows non-verified operating systems to boot\r\nand may disable some operating system security features."
|
||||
#string STR_DISABLE_SELECTION #language en-US "Disable Secure Boot and reboot"
|
||||
#string STR_DELETE_KEYS_NOTICE #language en-US "System and Microsoft keys will be deleted. Enroll custom keys from your\r\noperating system. Check your OS documentation for details. To facilitate\nsetup, Secure Boot is disabled until you manually activate it."
|
||||
#string STR_DELETE_KEYS_SELECTION #language en-US "Delete System76 and Microsoft keys and restart"
|
||||
#string STR_RESTORE_KEYS_NOTICE #language en-US "Restoring System76 and Microsoft keys will remove any custom keys you\r\nhave installed and may make your OS unbootable. Disable Secure Boot if\nyour operating system does not boot."
|
||||
#string STR_RESTORE_KEYS_SELECTION #language en-US "Restore System76 and Microsoft keys and restart"
|
||||
#string STR_CANCEL #language en-US "Cancel"
|
||||
|
||||
@@ -192,6 +192,14 @@ PlatformBootManagerBeforeConsole (
|
||||
PlatformConsoleInit ();
|
||||
}
|
||||
|
||||
// GUID for System76 security driver
|
||||
EFI_GUID SYSTEM76_SECURITY_PROTOCOL_GUID = {0x764247c4, 0xa859, 0x4a6b, {0xb5, 0x00, 0xed, 0x5d, 0x7a, 0x70, 0x7d, 0xd4}};
|
||||
|
||||
typedef struct {
|
||||
// Run System76 security driver, will return true if we should boot immediately
|
||||
BOOLEAN (EFIAPI *Run)();
|
||||
} SYSTEM76_SECURITY_PROTOCOL;
|
||||
|
||||
/**
|
||||
Do the platform specific action after the console is connected.
|
||||
|
||||
@@ -210,6 +218,8 @@ PlatformBootManagerAfterConsole (
|
||||
{
|
||||
EFI_GRAPHICS_OUTPUT_BLT_PIXEL Black;
|
||||
EFI_GRAPHICS_OUTPUT_BLT_PIXEL White;
|
||||
EFI_STATUS Status;
|
||||
SYSTEM76_SECURITY_PROTOCOL * system76_security;
|
||||
|
||||
if (mUniversalPayloadPlatformBootManagerOverrideInstance != NULL){
|
||||
mUniversalPayloadPlatformBootManagerOverrideInstance->AfterConsole();
|
||||
@@ -249,6 +259,16 @@ PlatformBootManagerAfterConsole (
|
||||
|
||||
// Inject boot logo into BGRT table
|
||||
AddBGRT();
|
||||
|
||||
// If System76 security driver is installed
|
||||
Status = gBS->LocateProtocol (&SYSTEM76_SECURITY_PROTOCOL_GUID, NULL, (VOID **) &system76_security);
|
||||
if (!EFI_ERROR(Status)) {
|
||||
// Run System76 security driver
|
||||
if (system76_security->Run ()) {
|
||||
// Skip boot timeout if requested
|
||||
PcdSet16S (PcdPlatformBootTimeOut, 0);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
|
||||
Binary file not shown.
BIN
UefiPayloadPkg/SecureBootEnrollDefaultKeys/keys/db-system76.crt
Normal file
BIN
UefiPayloadPkg/SecureBootEnrollDefaultKeys/keys/db-system76.crt
Normal file
Binary file not shown.
BIN
UefiPayloadPkg/SecureBootEnrollDefaultKeys/keys/kek-system76.crt
Normal file
BIN
UefiPayloadPkg/SecureBootEnrollDefaultKeys/keys/kek-system76.crt
Normal file
Binary file not shown.
Binary file not shown.
@@ -706,6 +706,12 @@
|
||||
}
|
||||
!endif
|
||||
|
||||
#
|
||||
# Firmware update
|
||||
#
|
||||
MdeModulePkg/Universal/EsrtDxe/EsrtDxe.inf
|
||||
MdeModulePkg/Universal/EsrtFmpDxe/EsrtFmpDxe.inf
|
||||
|
||||
#------------------------------
|
||||
# Build the shell
|
||||
#------------------------------
|
||||
|
||||
@@ -260,11 +260,13 @@ INF SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf
|
||||
}
|
||||
|
||||
FILE FREEFORM = 6f64916e-9f7a-4c35-b952-cd041efb05a3 {
|
||||
SECTION RAW = UefiPayloadPkg/SecureBootEnrollDefaultKeys/keys/kek.crt
|
||||
SECTION RAW = UefiPayloadPkg/SecureBootEnrollDefaultKeys/keys/kek-system76.crt
|
||||
SECTION RAW = UefiPayloadPkg/SecureBootEnrollDefaultKeys/keys/kek-microsoft.crt
|
||||
SECTION UI = "KEK Default"
|
||||
}
|
||||
|
||||
FILE FREEFORM = c491d352-7623-4843-accc-2791a7574421 {
|
||||
SECTION RAW = UefiPayloadPkg/SecureBootEnrollDefaultKeys/keys/db-system76.crt
|
||||
SECTION RAW = UefiPayloadPkg/SecureBootEnrollDefaultKeys/keys/db-1.crt
|
||||
SECTION RAW = UefiPayloadPkg/SecureBootEnrollDefaultKeys/keys/db-2.crt
|
||||
SECTION UI = "DB Default"
|
||||
@@ -276,6 +278,12 @@ INF SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf
|
||||
}
|
||||
!endif
|
||||
|
||||
#
|
||||
# Firmware update
|
||||
#
|
||||
INF MdeModulePkg/Universal/EsrtDxe/EsrtDxe.inf
|
||||
INF MdeModulePkg/Universal/EsrtFmpDxe/EsrtFmpDxe.inf
|
||||
|
||||
#
|
||||
# Shell
|
||||
#
|
||||
|
||||
Reference in New Issue
Block a user