/** @file VFR file used by the SecureBoot configuration component. Copyright (c) 2011 - 2018, Intel Corporation. All rights reserved.
SPDX-License-Identifier: BSD-2-Clause-Patent **/ #include "SecureBootConfigNvData.h" formset guid = SECUREBOOT_CONFIG_FORM_SET_GUID, title = STRING_TOKEN(STR_SECUREBOOT_TITLE), help = STRING_TOKEN(STR_SECUREBOOT_HELP), classguid = EFI_HII_PLATFORM_SETUP_FORMSET_GUID, varstore SECUREBOOT_CONFIGURATION, varid = SECUREBOOT_CONFIGURATION_VARSTORE_ID, name = SECUREBOOT_CONFIGURATION, guid = SECUREBOOT_CONFIG_FORM_SET_GUID; // // ##1 Form "Secure Boot Configuration" // form formid = SECUREBOOT_CONFIGURATION_FORM_ID, title = STRING_TOKEN(STR_SECUREBOOT_TITLE); subtitle text = STRING_TOKEN(STR_NULL); text help = STRING_TOKEN(STR_SECURE_BOOT_STATE_HELP), text = STRING_TOKEN(STR_SECURE_BOOT_STATE_PROMPT), text = STRING_TOKEN(STR_SECURE_BOOT_STATE_CONTENT); // // Display of Check Box: Attempt Secure Boot // grayoutif ideqval SECUREBOOT_CONFIGURATION.HideSecureBoot == 1 OR NOT ideqval SECUREBOOT_CONFIGURATION.PhysicalPresent == 1; checkbox varid = SECUREBOOT_CONFIGURATION.AttemptSecureBoot, questionid = KEY_SECURE_BOOT_ENABLE, prompt = STRING_TOKEN(STR_SECURE_BOOT_PROMPT), help = STRING_TOKEN(STR_SECURE_BOOT_HELP), flags = INTERACTIVE | RESET_REQUIRED, endcheckbox; endif; // // Display of Oneof: 'Secure Boot Mode' // oneof name = SecureBootMode, questionid = KEY_SECURE_BOOT_MODE, prompt = STRING_TOKEN(STR_SECURE_BOOT_MODE_PROMPT), help = STRING_TOKEN(STR_SECURE_BOOT_MODE_HELP), flags = INTERACTIVE | NUMERIC_SIZE_1, option text = STRING_TOKEN(STR_STANDARD_MODE), value = SECURE_BOOT_MODE_STANDARD, flags = DEFAULT; option text = STRING_TOKEN(STR_CUSTOM_MODE), value = SECURE_BOOT_MODE_CUSTOM, flags = 0; endoneof; // // Display of 'Current Secure Boot Mode' // suppressif questionref(SecureBootMode) == SECURE_BOOT_MODE_STANDARD; grayoutif NOT ideqval SECUREBOOT_CONFIGURATION.PhysicalPresent == 1; goto FORMID_SECURE_BOOT_OPTION_FORM, prompt = STRING_TOKEN(STR_SECURE_BOOT_OPTION), help = STRING_TOKEN(STR_SECURE_BOOT_OPTION_HELP), flags = INTERACTIVE, key = KEY_SECURE_BOOT_OPTION; endif; endif; endform; // // ##2 Form: 'Custom Secure Boot Options' // form formid = FORMID_SECURE_BOOT_OPTION_FORM, title = STRING_TOKEN(STR_SECURE_BOOT_OPTION_TITLE); subtitle text = STRING_TOKEN(STR_NULL); goto FORMID_SECURE_BOOT_PK_OPTION_FORM, prompt = STRING_TOKEN(STR_SECURE_BOOT_PK_OPTION), help = STRING_TOKEN(STR_SECURE_BOOT_PK_OPTION_HELP), flags = INTERACTIVE, key = KEY_SECURE_BOOT_PK_OPTION; subtitle text = STRING_TOKEN(STR_NULL); goto FORMID_SECURE_BOOT_KEK_OPTION_FORM, prompt = STRING_TOKEN(STR_SECURE_BOOT_KEK_OPTION), help = STRING_TOKEN(STR_SECURE_BOOT_KEK_OPTION_HELP), flags = INTERACTIVE, key = KEY_SECURE_BOOT_KEK_OPTION; subtitle text = STRING_TOKEN(STR_NULL); goto FORMID_SECURE_BOOT_DB_OPTION_FORM, prompt = STRING_TOKEN(STR_SECURE_BOOT_DB_OPTION), help = STRING_TOKEN(STR_SECURE_BOOT_DB_OPTION_HELP), flags = INTERACTIVE, key = KEY_SECURE_BOOT_DB_OPTION; subtitle text = STRING_TOKEN(STR_NULL); goto FORMID_SECURE_BOOT_DBX_OPTION_FORM, prompt = STRING_TOKEN(STR_SECURE_BOOT_DBX_OPTION), help = STRING_TOKEN(STR_SECURE_BOOT_DBX_OPTION_HELP), flags = INTERACTIVE, key = KEY_SECURE_BOOT_DBX_OPTION; subtitle text = STRING_TOKEN(STR_NULL); goto FORMID_SECURE_BOOT_DBT_OPTION_FORM, prompt = STRING_TOKEN(STR_SECURE_BOOT_DBT_OPTION), help = STRING_TOKEN(STR_SECURE_BOOT_DBT_OPTION_HELP), flags = INTERACTIVE, key = KEY_SECURE_BOOT_DBT_OPTION; endform; // // ##3 Form: 'PK Options' // form formid = FORMID_SECURE_BOOT_PK_OPTION_FORM, title = STRING_TOKEN(STR_SECURE_BOOT_PK_OPTION); subtitle text = STRING_TOKEN(STR_NULL); // // Display of 'Enroll PK' // grayoutif ideqval SECUREBOOT_CONFIGURATION.HasPk == 1; goto FORMID_ENROLL_PK_FORM, prompt = STRING_TOKEN(STR_ENROLL_PK), help = STRING_TOKEN(STR_ENROLL_PK_HELP), flags = INTERACTIVE, key = KEY_ENROLL_PK; endif; subtitle text = STRING_TOKEN(STR_NULL); // // Display of Check Box: 'Delete Pk' // grayoutif ideqval SECUREBOOT_CONFIGURATION.HideSecureBoot == 1; checkbox varid = SECUREBOOT_CONFIGURATION.DeletePk, questionid = KEY_SECURE_BOOT_DELETE_PK, prompt = STRING_TOKEN(STR_DELETE_PK), help = STRING_TOKEN(STR_DELETE_PK_HELP), flags = INTERACTIVE | RESET_REQUIRED, endcheckbox; endif; endform; // // ##4 Form: 'Enroll PK' // form formid = FORMID_ENROLL_PK_FORM, title = STRING_TOKEN(STR_ENROLL_PK); subtitle text = STRING_TOKEN(STR_NULL); goto FORMID_ENROLL_PK_FORM, prompt = STRING_TOKEN(STR_SECURE_BOOT_ENROLL_PK_FILE), help = STRING_TOKEN(STR_SECURE_BOOT_ENROLL_PK_FILE), flags = INTERACTIVE, key = FORMID_ENROLL_PK_FORM; subtitle text = STRING_TOKEN(STR_NULL); label FORMID_ENROLL_PK_FORM; label LABEL_END; subtitle text = STRING_TOKEN(STR_NULL); goto FORMID_SECURE_BOOT_OPTION_FORM, prompt = STRING_TOKEN(STR_SAVE_AND_EXIT), help = STRING_TOKEN(STR_SAVE_AND_EXIT), flags = INTERACTIVE| RESET_REQUIRED, key = KEY_VALUE_SAVE_AND_EXIT_PK; goto FORMID_SECURE_BOOT_OPTION_FORM, prompt = STRING_TOKEN(STR_NO_SAVE_AND_EXIT), help = STRING_TOKEN(STR_NO_SAVE_AND_EXIT), flags = INTERACTIVE, key = KEY_VALUE_NO_SAVE_AND_EXIT_PK; endform; // // ##5 Form: 'KEK Options' // form formid = FORMID_SECURE_BOOT_KEK_OPTION_FORM, title = STRING_TOKEN(STR_SECURE_BOOT_KEK_OPTION); // // Display of 'Enroll KEK' // goto FORMID_ENROLL_KEK_FORM, prompt = STRING_TOKEN(STR_ENROLL_KEK), help = STRING_TOKEN(STR_ENROLL_KEK_HELP), flags = INTERACTIVE; subtitle text = STRING_TOKEN(STR_NULL); // // Display of 'Delete KEK' // goto FORMID_DELETE_KEK_FORM, prompt = STRING_TOKEN(STR_DELETE_KEK), help = STRING_TOKEN(STR_DELETE_KEK_HELP), flags = INTERACTIVE, key = KEY_DELETE_KEK; subtitle text = STRING_TOKEN(STR_NULL); endform; // // ##6 Form: 'Enroll KEK' // form formid = FORMID_ENROLL_KEK_FORM, title = STRING_TOKEN(STR_ENROLL_KEK_TITLE); subtitle text = STRING_TOKEN(STR_NULL); goto FORMID_ENROLL_KEK_FORM, prompt = STRING_TOKEN(STR_FORM_ENROLL_KEK_FROM_FILE_TITLE), help = STRING_TOKEN(STR_FORM_ENROLL_KEK_FROM_FILE_TITLE_HELP), flags = INTERACTIVE, key = FORMID_ENROLL_KEK_FORM; subtitle text = STRING_TOKEN(STR_NULL); label FORMID_ENROLL_KEK_FORM; label LABEL_END; subtitle text = STRING_TOKEN(STR_NULL); string varid = SECUREBOOT_CONFIGURATION.SignatureGuid, prompt = STRING_TOKEN(STR_SECURE_BOOT_SIGNATURE_GUID), help = STRING_TOKEN(STR_SECURE_BOOT_SIGNATURE_GUID_HELP), flags = INTERACTIVE, key = KEY_SECURE_BOOT_KEK_GUID, minsize = SECURE_BOOT_GUID_SIZE, maxsize = SECURE_BOOT_GUID_SIZE, endstring; subtitle text = STRING_TOKEN(STR_NULL); subtitle text = STRING_TOKEN(STR_NULL); goto FORMID_SECURE_BOOT_OPTION_FORM, prompt = STRING_TOKEN(STR_SAVE_AND_EXIT), help = STRING_TOKEN(STR_SAVE_AND_EXIT), flags = INTERACTIVE, key = KEY_VALUE_SAVE_AND_EXIT_KEK; goto FORMID_SECURE_BOOT_OPTION_FORM, prompt = STRING_TOKEN(STR_NO_SAVE_AND_EXIT), help = STRING_TOKEN(STR_NO_SAVE_AND_EXIT), flags = INTERACTIVE, key = KEY_VALUE_NO_SAVE_AND_EXIT_KEK; endform; // // ##7 Form: 'Delete KEK' // form formid = FORMID_DELETE_KEK_FORM, title = STRING_TOKEN(STR_DELETE_KEK_TITLE); label LABEL_KEK_DELETE; label LABEL_END; subtitle text = STRING_TOKEN(STR_NULL); endform; // // ##8 Form: 'DB Options' // form formid = FORMID_SECURE_BOOT_DB_OPTION_FORM, title = STRING_TOKEN(STR_SECURE_BOOT_DB_OPTION); subtitle text = STRING_TOKEN(STR_NULL); goto SECUREBOOT_ENROLL_SIGNATURE_TO_DB, prompt = STRING_TOKEN (STR_SECURE_BOOT_ENROLL_SIGNATURE), help = STRING_TOKEN (STR_SECURE_BOOT_ENROLL_SIGNATURE), flags = 0; subtitle text = STRING_TOKEN(STR_NULL); goto SECUREBOOT_DELETE_SIGNATURE_FROM_DB, prompt = STRING_TOKEN (STR_SECURE_BOOT_DELETE_SIGNATURE), help = STRING_TOKEN (STR_SECURE_BOOT_DELETE_SIGNATURE), flags = INTERACTIVE, key = SECUREBOOT_DELETE_SIGNATURE_FROM_DB; endform; // // ##9 Form: 'DBX Options' // form formid = FORMID_SECURE_BOOT_DBX_OPTION_FORM, title = STRING_TOKEN(STR_SECURE_BOOT_DBX_OPTION); subtitle text = STRING_TOKEN(STR_NULL); goto SECUREBOOT_ENROLL_SIGNATURE_TO_DBX, prompt = STRING_TOKEN (STR_SECURE_BOOT_ENROLL_SIGNATURE), help = STRING_TOKEN (STR_SECURE_BOOT_ENROLL_SIGNATURE), flags = 0; subtitle text = STRING_TOKEN(STR_NULL); goto SECUREBOOT_DELETE_SIGNATURE_LIST_FORM, prompt = STRING_TOKEN (STR_SECURE_BOOT_DELETE_SIGNATURE), help = STRING_TOKEN (STR_SECURE_BOOT_DELETE_SIGNATURE), flags = INTERACTIVE, key = KEY_VALUE_FROM_DBX_TO_LIST_FORM; endform; // // ##9 Form: 'DBT Options' // form formid = FORMID_SECURE_BOOT_DBT_OPTION_FORM, title = STRING_TOKEN(STR_SECURE_BOOT_DBT_OPTION); subtitle text = STRING_TOKEN(STR_NULL); goto SECUREBOOT_ENROLL_SIGNATURE_TO_DBT, prompt = STRING_TOKEN (STR_SECURE_BOOT_ENROLL_SIGNATURE), help = STRING_TOKEN (STR_SECURE_BOOT_ENROLL_SIGNATURE), flags = 0; subtitle text = STRING_TOKEN(STR_NULL); goto SECUREBOOT_DELETE_SIGNATURE_FROM_DBT, prompt = STRING_TOKEN (STR_SECURE_BOOT_DELETE_SIGNATURE), help = STRING_TOKEN (STR_SECURE_BOOT_DELETE_SIGNATURE), flags = INTERACTIVE, key = SECUREBOOT_DELETE_SIGNATURE_FROM_DBT; endform; // // Form: 'Delete Signature' for DB Options. // form formid = SECUREBOOT_DELETE_SIGNATURE_FROM_DB, title = STRING_TOKEN(STR_SECURE_BOOT_DELETE_SIGNATURE); label LABEL_DB_DELETE; label LABEL_END; subtitle text = STRING_TOKEN(STR_NULL); endform; // // Form: Display Signature List. // form formid = SECUREBOOT_DELETE_SIGNATURE_LIST_FORM, title = STRING_TOKEN(STR_SECURE_BOOT_DELETE_LIST_FORM); subtitle text = STRING_TOKEN(STR_NULL); grayoutif ideqval SECUREBOOT_CONFIGURATION.ListCount == 0; label LABEL_DELETE_ALL_LIST_BUTTON; // // Will create a goto button dynamically here. // label LABEL_END; endif; subtitle text = STRING_TOKEN(STR_NULL); label LABEL_SIGNATURE_LIST_START; label LABEL_END; subtitle text = STRING_TOKEN(STR_NULL); endform; // // Form: Display Signature Data. // form formid = SECUREBOOT_DELETE_SIGNATURE_DATA_FORM, title = STRING_TOKEN(STR_SECURE_BOOT_DELETE_DATA_FORM); subtitle text = STRING_TOKEN(STR_NULL); goto SECUREBOOT_DELETE_SIGNATURE_LIST_FORM, prompt = STRING_TOKEN(STR_SECURE_BOOT_DELETE_ALL_DATA), help = STRING_TOKEN(STR_SECURE_BOOT_DELETE_ALL_DATA_HELP), flags = INTERACTIVE, key = KEY_SECURE_BOOT_DELETE_ALL_DATA; grayoutif ideqval SECUREBOOT_CONFIGURATION.CheckedDataCount == 0; goto SECUREBOOT_DELETE_SIGNATURE_LIST_FORM, prompt = STRING_TOKEN(STR_SECURE_BOOT_DELETE_CHECK_DATA), help = STRING_TOKEN(STR_SECURE_BOOT_DELETE_CHECK_DATA_HELP), flags = INTERACTIVE, key = KEY_SECURE_BOOT_DELETE_CHECK_DATA; endif; subtitle text = STRING_TOKEN(STR_NULL); label LABEL_SIGNATURE_DATA_START; label LABEL_END; subtitle text = STRING_TOKEN(STR_NULL); endform; // // Form: 'Delete Signature' for DBT Options. // form formid = SECUREBOOT_DELETE_SIGNATURE_FROM_DBT, title = STRING_TOKEN(STR_SECURE_BOOT_DELETE_SIGNATURE); label LABEL_DBT_DELETE; label LABEL_END; subtitle text = STRING_TOKEN(STR_NULL); endform; // // Form: 'Enroll Signature' for DB options. // form formid = SECUREBOOT_ENROLL_SIGNATURE_TO_DB, title = STRING_TOKEN(STR_SECURE_BOOT_ENROLL_SIGNATURE); subtitle text = STRING_TOKEN(STR_NULL); goto SECUREBOOT_ENROLL_SIGNATURE_TO_DB, prompt = STRING_TOKEN(STR_SECURE_BOOT_ADD_SIGNATURE_FILE), help = STRING_TOKEN(STR_SECURE_BOOT_ADD_SIGNATURE_FILE), flags = INTERACTIVE, key = SECUREBOOT_ENROLL_SIGNATURE_TO_DB; subtitle text = STRING_TOKEN(STR_NULL); label SECUREBOOT_ENROLL_SIGNATURE_TO_DB; label LABEL_END; subtitle text = STRING_TOKEN(STR_NULL); string varid = SECUREBOOT_CONFIGURATION.SignatureGuid, prompt = STRING_TOKEN(STR_SECURE_BOOT_SIGNATURE_GUID), help = STRING_TOKEN(STR_SECURE_BOOT_SIGNATURE_GUID_HELP), flags = INTERACTIVE, key = KEY_SECURE_BOOT_SIGNATURE_GUID_DB, minsize = SECURE_BOOT_GUID_SIZE, maxsize = SECURE_BOOT_GUID_SIZE, endstring; subtitle text = STRING_TOKEN(STR_NULL); subtitle text = STRING_TOKEN(STR_NULL); goto FORMID_SECURE_BOOT_OPTION_FORM, prompt = STRING_TOKEN(STR_SAVE_AND_EXIT), help = STRING_TOKEN(STR_SAVE_AND_EXIT), flags = INTERACTIVE, key = KEY_VALUE_SAVE_AND_EXIT_DB; goto FORMID_SECURE_BOOT_OPTION_FORM, prompt = STRING_TOKEN(STR_NO_SAVE_AND_EXIT), help = STRING_TOKEN(STR_NO_SAVE_AND_EXIT), flags = INTERACTIVE, key = KEY_VALUE_NO_SAVE_AND_EXIT_DB; endform; // // Form: 'Enroll Signature' for DBX options. // form formid = SECUREBOOT_ENROLL_SIGNATURE_TO_DBX, title = STRING_TOKEN(STR_SECURE_BOOT_ENROLL_SIGNATURE); subtitle text = STRING_TOKEN(STR_NULL); goto SECUREBOOT_ENROLL_SIGNATURE_TO_DBX, prompt = STRING_TOKEN(STR_SECURE_BOOT_ADD_SIGNATURE_FILE), help = STRING_TOKEN(STR_SECURE_BOOT_ADD_SIGNATURE_FILE), flags = INTERACTIVE, key = SECUREBOOT_ENROLL_SIGNATURE_TO_DBX; label SECUREBOOT_ENROLL_SIGNATURE_TO_DBX; label LABEL_END; subtitle text = STRING_TOKEN(STR_NULL); grayoutif ideqval SECUREBOOT_CONFIGURATION.FileEnrollType == 3; string varid = SECUREBOOT_CONFIGURATION.SignatureGuid, prompt = STRING_TOKEN(STR_SECURE_BOOT_SIGNATURE_GUID), help = STRING_TOKEN(STR_SECURE_BOOT_SIGNATURE_GUID_HELP), flags = INTERACTIVE, key = KEY_SECURE_BOOT_SIGNATURE_GUID_DBX, minsize = SECURE_BOOT_GUID_SIZE, maxsize = SECURE_BOOT_GUID_SIZE, endstring; endif; disableif NOT ideqval SECUREBOOT_CONFIGURATION.FileEnrollType == 1; oneof name = X509SignatureFormatInDbx, varid = SECUREBOOT_CONFIGURATION.CertificateFormat, prompt = STRING_TOKEN(STR_DBX_CERTIFICATE_FORMAT_PROMPT), help = STRING_TOKEN(STR_DBX_CERTIFICATE_FORMAT_HELP), option text = STRING_TOKEN(STR_DBX_CERTIFICATE_FORMAT_SHA256), value = 0x1, flags = DEFAULT; option text = STRING_TOKEN(STR_DBX_CERTIFICATE_FORMAT_SHA384), value = 0x2, flags = 0; option text = STRING_TOKEN(STR_DBX_CERTIFICATE_FORMAT_SHA512), value = 0x3, flags = 0; option text = STRING_TOKEN(STR_DBX_CERTIFICATE_FORMAT_RAW), value = 0x4, flags = 0; endoneof; endif; disableif NOT ideqval SECUREBOOT_CONFIGURATION.FileEnrollType == 2; text help = STRING_TOKEN(STR_DBX_PE_IMAGE_FORMAT_HELP), // Help string text = STRING_TOKEN(STR_DBX_CERTIFICATE_FORMAT_PROMPT), // Prompt string text = STRING_TOKEN(STR_DBX_PE_FORMAT_SHA256); // PE image type endif; disableif NOT ideqval SECUREBOOT_CONFIGURATION.FileEnrollType == 3; text help = STRING_TOKEN(STR_DBX_AUTH_2_FORMAT_HELP), // Help string text = STRING_TOKEN(STR_DBX_CERTIFICATE_FORMAT_PROMPT), // Prompt string text = STRING_TOKEN(STR_DBX_AUTH_2_FORMAT); // AUTH_2 image type endif; suppressif ideqval SECUREBOOT_CONFIGURATION.CertificateFormat == 4; checkbox varid = SECUREBOOT_CONFIGURATION.AlwaysRevocation, prompt = STRING_TOKEN(STR_ALWAYS_CERTIFICATE_REVOCATION_PROMPT), help = STRING_TOKEN(STR_ALWAYS_CERTIFICATE_REVOCATION_HELP), flags = INTERACTIVE, endcheckbox; suppressif ideqval SECUREBOOT_CONFIGURATION.AlwaysRevocation == 1; date varid = SECUREBOOT_CONFIGURATION.RevocationDate, prompt = STRING_TOKEN(STR_CERTIFICATE_REVOCATION_DATE_PROMPT), help = STRING_TOKEN(STR_CERTIFICATE_REVOCATION_DATE_HELP), flags = STORAGE_NORMAL, enddate; time varid = SECUREBOOT_CONFIGURATION.RevocationTime, prompt = STRING_TOKEN(STR_CERTIFICATE_REVOCATION_TIME_PROMPT), help = STRING_TOKEN(STR_CERTIFICATE_REVOCATION_TIME_HELP), flags = STORAGE_NORMAL, endtime; endif; endif; subtitle text = STRING_TOKEN(STR_NULL); subtitle text = STRING_TOKEN(STR_NULL); goto FORMID_SECURE_BOOT_OPTION_FORM, prompt = STRING_TOKEN(STR_SAVE_AND_EXIT), help = STRING_TOKEN(STR_SAVE_AND_EXIT), flags = INTERACTIVE, key = KEY_VALUE_SAVE_AND_EXIT_DBX; goto FORMID_SECURE_BOOT_OPTION_FORM, prompt = STRING_TOKEN(STR_NO_SAVE_AND_EXIT), help = STRING_TOKEN(STR_NO_SAVE_AND_EXIT), flags = INTERACTIVE, key = KEY_VALUE_NO_SAVE_AND_EXIT_DBX; endform; // // Form: 'Enroll Signature' for DBT options. // form formid = SECUREBOOT_ENROLL_SIGNATURE_TO_DBT, title = STRING_TOKEN(STR_SECURE_BOOT_ENROLL_SIGNATURE); subtitle text = STRING_TOKEN(STR_NULL); goto SECUREBOOT_ENROLL_SIGNATURE_TO_DBT, prompt = STRING_TOKEN(STR_SECURE_BOOT_ADD_SIGNATURE_FILE), help = STRING_TOKEN(STR_SECURE_BOOT_ADD_SIGNATURE_FILE), flags = INTERACTIVE, key = SECUREBOOT_ENROLL_SIGNATURE_TO_DBT; subtitle text = STRING_TOKEN(STR_NULL); label SECUREBOOT_ENROLL_SIGNATURE_TO_DBT; label LABEL_END; subtitle text = STRING_TOKEN(STR_NULL); string varid = SECUREBOOT_CONFIGURATION.SignatureGuid, prompt = STRING_TOKEN(STR_SECURE_BOOT_SIGNATURE_GUID), help = STRING_TOKEN(STR_SECURE_BOOT_SIGNATURE_GUID_HELP), flags = INTERACTIVE, key = KEY_SECURE_BOOT_SIGNATURE_GUID_DBT, minsize = SECURE_BOOT_GUID_SIZE, maxsize = SECURE_BOOT_GUID_SIZE, endstring; subtitle text = STRING_TOKEN(STR_NULL); subtitle text = STRING_TOKEN(STR_NULL); goto FORMID_SECURE_BOOT_OPTION_FORM, prompt = STRING_TOKEN(STR_SAVE_AND_EXIT), help = STRING_TOKEN(STR_SAVE_AND_EXIT), flags = INTERACTIVE, key = KEY_VALUE_SAVE_AND_EXIT_DBT; goto FORMID_SECURE_BOOT_OPTION_FORM, prompt = STRING_TOKEN(STR_NO_SAVE_AND_EXIT), help = STRING_TOKEN(STR_NO_SAVE_AND_EXIT), flags = INTERACTIVE, key = KEY_VALUE_NO_SAVE_AND_EXIT_DBT; endform; endformset;