/** @file The Vfr component for Security menu ;****************************************************************************** ;* Copyright (c) 2012 - 2021, Insyde Software Corp. All Rights Reserved. ;* ;* You may not reproduce, distribute, publish, display, perform, modify, adapt, ;* transmit, broadcast, present, recite, release, license or otherwise exploit ;* any part of this publication in any form, by any means, without the prior ;* written permission of Insyde Software Corporation. ;* ;****************************************************************************** */ #include "KernelSetupConfig.h" formset guid = FORMSET_ID_GUID_SECURITY, title = STRING_TOKEN(STR_SECURITY_TITLE), help = STRING_TOKEN(STR_BLANK_STRING), classguid = SETUP_UTILITY_FORMSET_CLASS_GUID, class = SETUP_UTILITY_CLASS, subclass = EFI_USER_ACCESS_TWO, #if defined(SETUP_IMAGE_SUPPORT) && FeaturePcdGet(PcdH2OFormBrowserLocalMetroDESupported) image = IMAGE_TOKEN(IMAGE_SECURITY); #endif varstore KERNEL_CONFIGURATION, // This is the data structure type varid = CONFIGURATION_VARSTORE_ID, // Optional VarStore ID name = SystemConfig, // Define referenced name in vfr guid = SYSTEM_CONFIGURATION_GUID; // GUID of this buffer storage varstore PASSWORD_CONFIGURATION, varid = PASSWORD_CONFIGURATION_VARSTORE_ID, name = PasswordConfig, guid = PASSWORD_CONFIGURATION_GUID; varstore TCG2_CONFIGURATION_INFO, varid = TCG2_CONFIGURATION_INFO_VARSTORE_ID, name = Tcg2ConfigInfo, guid = TCG2_CONFIGURATION_INFO_GUID; namevaluevarstore PasswordNameValueVar, // Define storage reference name in vfr varid = PASSWORD_NAME_VALUE_VARSTORE_ID, // Define Name value varstore ID name = STRING_TOKEN(STR_SUPERVISOR_PASSWORD_VAR_NAME), // Define Name list of this storage, refer it by PasswordNameValueVar[0] name = STRING_TOKEN(STR_USER_PASSWORD_VAR_NAME), // Define Name list of this storage, refer it by PasswordNameValueVar[1] name = STRING_TOKEN(STR_ALL_HDD_PASSWORD_VAR_NAME), // Define Name list of this storage, refer it by PasswordNameValueVar[2] name = STRING_TOKEN(STR_ALL_MASTER_HDD_PASSWORD_VAR_NAME), // Define Name list of this storage, refer it by PasswordNameValueVar[3] name = STRING_TOKEN(STR_HDD_PASSWORD_VAR_NAME), // Define Name list of this storage, refer it by PasswordNameValueVar[4] name = STRING_TOKEN(STR_MASTER_HDD_PASSWORD_VAR_NAME), // Define Name list of this storage, refer it by PasswordNameValueVar[5] guid = PASSWORD_CONFIGURATION_GUID; // GUID of this Name/Value storage form formid = ROOT_FORM_ID, title = STRING_TOKEN(STR_SECURITY_TITLE); subtitle text = STRING_TOKEN(STR_BLANK_STRING); #if FeaturePcdGet(PcdH2OTpmSupported) || FeaturePcdGet(PcdH2OTpm2Supported) || FeaturePcdGet(PcdH2OTcmSupported) #if FeaturePcdGet(PcdTpmAutoDetection) grayoutif TRUE; #endif oneof varid = SystemConfig.TpmDevice, questionid = KEY_TPM_SELECT, prompt = STRING_TOKEN(STR_TPM_DEVICE_PROMPT), help = STRING_TOKEN(STR_TPM_DEVICE_HELP), #if FeaturePcdGet(PcdTpmAutoDetection) option text = STRING_TOKEN(STR_NOT_DETECTED_TEXT), value = TPM_DEVICE_NULL, flags = 0; #endif #if FeaturePcdGet(PcdH2OTpmSupported) && FeaturePcdGet(PcdH2OTpm2Supported) option text = STRING_TOKEN(STR_TPM_1_2_TEXT_STRING), value = TPM_DEVICE_1_2, flags = 0 | INTERACTIVE; option text = STRING_TOKEN(STR_TPM2_TEXT_STRING), value = TPM_DEVICE_2_0, flags = DEFAULT | INTERACTIVE; #elif FeaturePcdGet(PcdH2OTpmSupported) option text = STRING_TOKEN(STR_TPM_1_2_TEXT_STRING), value = TPM_DEVICE_1_2, flags = DEFAULT; #elif FeaturePcdGet(PcdH2OTpm2Supported) option text = STRING_TOKEN(STR_TPM2_TEXT_STRING), value = TPM_DEVICE_2_0, flags = DEFAULT; #endif #if FeaturePcdGet(PcdH2OTcmSupported) #if FeaturePcdGet(PcdH2OTpmSupported) || FeaturePcdGet(PcdH2OTpm2Supported) option text = STRING_TOKEN(STR_TCM_TEXT_STRING), value = TPM_DEVICE_TCM, flags = 0; #else option text = STRING_TOKEN(STR_TCM_TEXT_STRING), value = TPM_DEVICE_TCM, flags = DEFAULT; #endif #endif endoneof; #if FeaturePcdGet(PcdTpmAutoDetection) endif; #endif grayoutif TRUE; label TPM_STATE_LABEL; endif; #endif #if FeaturePcdGet(PcdH2OTpmSupported) suppressif NOT ideqval SystemConfig.TpmDevice == TPM_DEVICE_1_2; grayoutif ideqval SystemConfig.UserAccessLevel == 2 AND ideqval SystemConfig.SetUserPass == 1; oneof varid = SystemConfig.TpmHide, questionid = KEY_TPM_HIDE, prompt = STRING_TOKEN(STR_TPM_AVAILABILITY_PROMPT), help = STRING_TOKEN(STR_TPM_AVAILABILITY_HELP), option text = STRING_TOKEN(STR_TPM_AVAILABLE_TEXT), value = 0, flags = DEFAULT; option text = STRING_TOKEN(STR_TPM_HIDDEN_TEXT), value = 1, flags = 0 | INTERACTIVE; endoneof; endif; endif; suppressif NOT ideqval SystemConfig.TpmDevice == TPM_DEVICE_1_2 OR ideqval SystemConfig.TpmDeviceOk == 0xFF; grayoutif ideqval SystemConfig.UserAccessLevel == 2 AND ideqval SystemConfig.SetUserPass == 1; oneof varid = SystemConfig.TpmOperation, questionid = KEY_TPM_OPERATION, prompt = STRING_TOKEN(STR_TPM_OPERATION_STRING), help = STRING_TOKEN(STR_TPM_OPERATION_HELP), option text = STRING_TOKEN(STR_NO_OPERATION_TEXT), value = 0, flags = DEFAULT; option text = STRING_TOKEN(STR_DISABLE_AND_DEACTIVATE_TEXT), value = 1, flags = 0; option text = STRING_TOKEN(STR_ENABLE_AND_ACTIVATE_TEXT), value = 2, flags = 0; endoneof; endif; endif; suppressif NOT ideqval SystemConfig.TpmDevice == TPM_DEVICE_1_2 OR ideqval SystemConfig.TpmDeviceOk == 0xFF; grayoutif (ideqval SystemConfig.UserAccessLevel == 2 AND ideqval SystemConfig.SetUserPass == 1) OR ideqval SystemConfig.GrayoutTpmClear == 1; checkbox varid = SystemConfig.TpmClear, questionid = KEY_TPM_CLEAR, prompt = STRING_TOKEN(STR_TPM_CLEAR_TEXT), help = STRING_TOKEN(STR_TPM_CLEAR_HELP), flags = INTERACTIVE, key = KEY_TPM_CLEAR, default = 0, endcheckbox; endif; endif; #endif #if FeaturePcdGet(PcdH2OTpm2Supported) // // Algorithm/PCR info // suppressif NOT ideqval SystemConfig.TpmDevice == TPM_DEVICE_2_0 OR ideqval SystemConfig.Tpm2DeviceOk == 0xFF; grayoutif TRUE; text help = STRING_TOKEN(STR_TPM2_ACTIVE_HASH_ALGO_HELP), text = STRING_TOKEN(STR_TPM2_ACTIVE_HASH_ALGO), text = STRING_TOKEN(STR_TPM2_ACTIVE_HASH_ALGO_CONTENT); text help = STRING_TOKEN(STR_TPM2_SUPPORTED_HASH_ALGO_HELP), text = STRING_TOKEN(STR_TPM2_SUPPORTED_HASH_ALGO), text = STRING_TOKEN(STR_TPM2_SUPPORTED_HASH_ALGO_CONTENT); text help = STRING_TOKEN(STR_BIOS_SUPPORTED_HASH_ALGO_HELP), text = STRING_TOKEN(STR_BIOS_SUPPORTED_HASH_ALGO), text = STRING_TOKEN(STR_BIOS_SUPPORTED_HASH_ALGO_CONTENT); endif; endif; suppressif NOT ideqval SystemConfig.TpmDevice == TPM_DEVICE_2_0 OR ideqval SystemConfig.Tpm2DeviceOk == 0xFF; grayoutif ideqval SystemConfig.UserAccessLevel == 2 AND ideqval SystemConfig.SetUserPass == 1; oneof varid = SystemConfig.TrEEVersion, questionid = KEY_TREE_PROTOCOL_VERSION, prompt = STRING_TOKEN(STR_TPM2_TREE_PROTOCOL_VERSION), help = STRING_TOKEN(STR_TPM2_TREE_PROTOCOL_VERSION_HELP), option text = STRING_TOKEN(STR_TPM2_TREE_PROTOCOL_VERSION_1_0), value = 0, flags = 0 | INTERACTIVE; option text = STRING_TOKEN(STR_TPM2_TREE_PROTOCOL_VERSION_1_1), value = 1, flags = DEFAULT; endoneof; endif; endif; suppressif NOT ideqval SystemConfig.TpmDevice == TPM_DEVICE_2_0; grayoutif ideqval SystemConfig.UserAccessLevel == 2 AND ideqval SystemConfig.SetUserPass == 1; oneof varid = SystemConfig.TpmHide, questionid = KEY_TPM2_HIDE, prompt = STRING_TOKEN(STR_TPM_AVAILABILITY_PROMPT), help = STRING_TOKEN(STR_TPM_AVAILABILITY_HELP), option text = STRING_TOKEN(STR_TPM_AVAILABLE_TEXT), value = 0, flags = DEFAULT; option text = STRING_TOKEN(STR_TPM_HIDDEN_TEXT), value = 1, flags = 0 | INTERACTIVE; endoneof; endif; endif; suppressif NOT ideqval SystemConfig.TpmDevice == TPM_DEVICE_2_0 OR ideqval SystemConfig.Tpm2DeviceOk == 0xFF; grayoutif ideqval SystemConfig.UserAccessLevel == 2 AND ideqval SystemConfig.SetUserPass == 1; label TPM_OPERATION_START_LABEL; label TPM_OPERATION_END_LABEL; endif; endif; suppressif NOT ideqval SystemConfig.TpmOperation == 23 //TCG2_PHYSICAL_PRESENCE_SET_PCR_BANKS OR ideqval SystemConfig.Tpm2DeviceOk == 0xFF; suppressif ideqval Tcg2ConfigInfo.Sha1Supported == 0; checkbox varid = Tcg2ConfigInfo.Sha1Activated, questionid = KEY_TPM2_PCR_BANKS_REQUEST_0, prompt = STRING_TOKEN(STR_TCG2_PCR_BANK_SHA1), help = STRING_TOKEN(STR_TCG2_PCR_BANK_SHA1_HELP), flags = INTERACTIVE, default = 1, endcheckbox; endif; suppressif ideqval Tcg2ConfigInfo.Sha256Supported == 0; checkbox varid = Tcg2ConfigInfo.Sha256Activated, questionid = KEY_TPM2_PCR_BANKS_REQUEST_1, prompt = STRING_TOKEN(STR_TCG2_PCR_BANK_SHA256), help = STRING_TOKEN(STR_TCG2_PCR_BANK_SHA256_HELP), flags = INTERACTIVE, default = 0, endcheckbox; endif; suppressif ideqval Tcg2ConfigInfo.Sha384Supported == 0; checkbox varid = Tcg2ConfigInfo.Sha384Activated, questionid = KEY_TPM2_PCR_BANKS_REQUEST_2, prompt = STRING_TOKEN(STR_TCG2_PCR_BANK_SHA384), help = STRING_TOKEN(STR_TCG2_PCR_BANK_SHA384_HELP), flags = INTERACTIVE, default = 0, endcheckbox; endif; suppressif ideqval Tcg2ConfigInfo.Sha512Supported == 0; checkbox varid = Tcg2ConfigInfo.Sha512Activated, questionid = KEY_TPM2_PCR_BANKS_REQUEST_3, prompt = STRING_TOKEN(STR_TCG2_PCR_BANK_SHA512), help = STRING_TOKEN(STR_TCG2_PCR_BANK_SHA512_HELP), flags = INTERACTIVE, default = 0, endcheckbox; endif; suppressif ideqval Tcg2ConfigInfo.Sm3Supported == 0; checkbox varid = Tcg2ConfigInfo.Sm3Activated, questionid = KEY_TPM2_PCR_BANKS_REQUEST_4, prompt = STRING_TOKEN(STR_TCG2_PCR_BANK_SM3_256), help = STRING_TOKEN(STR_TCG2_PCR_BANK_SM3_256_HELP), flags = INTERACTIVE, default = 0, endcheckbox; endif; endif; suppressif NOT ideqval SystemConfig.TpmDevice == TPM_DEVICE_2_0 OR ideqval SystemConfig.Tpm2DeviceOk == 0xFF; grayoutif (ideqval SystemConfig.UserAccessLevel == 2 AND ideqval SystemConfig.SetUserPass == 1); checkbox varid = SystemConfig.Tpm2Operation, questionid = KEY_TPM2_CLEAR, prompt = STRING_TOKEN(STR_TPM_CLEAR_TEXT), help = STRING_TOKEN(STR_TPM_CLEAR_HELP), flags = INTERACTIVE, key = KEY_TPM2_CLEAR, default = 0, endcheckbox; endif; endif; // // Give Tpm2Enable default vaule 1 // suppressif TRUE; checkbox varid = SystemConfig.Tpm2Enable, questionid = KEY_TPM2_ENABLE, prompt = STRING_TOKEN(STR_BLANK_STRING), help = STRING_TOKEN(STR_BLANK_STRING), default = 1, endcheckbox; endif; // // Give ActivePcrBanks default vaule 0x02 (sha256) // suppressif TRUE; oneof varid = SystemConfig.ActivePcrBanks, questionid = KEY_TPM_ACTIVE_PCR_BANKS, prompt = STRING_TOKEN(STR_BLANK_STRING), help = STRING_TOKEN(STR_BLANK_STRING), option text = STRING_TOKEN(STR_BLANK_STRING), value = 0x02, flags = DEFAULT; endoneof; endif; subtitle text = STRING_TOKEN(STR_BLANK_STRING); #endif #if FeaturePcdGet(PcdH2OTcmSupported) suppressif NOT ideqval SystemConfig.TpmDevice == TPM_DEVICE_TCM; grayoutif ideqval SystemConfig.UserAccessLevel == 2 AND ideqval SystemConfig.SetUserPass == 1; oneof varid = SystemConfig.TpmHide, questionid = KEY_TCM_HIDE, prompt = STRING_TOKEN(STR_TCM_AVAILABILITY_PROMPT), help = STRING_TOKEN(STR_TCM_AVAILABILITY_HELP), option text = STRING_TOKEN(STR_TPM_AVAILABLE_TEXT), value = 0, flags = DEFAULT; option text = STRING_TOKEN(STR_TPM_HIDDEN_TEXT), value = 1, flags = 0 | INTERACTIVE; endoneof; endif; endif; suppressif NOT ideqval SystemConfig.TpmDevice == TPM_DEVICE_TCM OR ideqval SystemConfig.TpmDeviceOk == 0xFF; grayoutif ideqval SystemConfig.UserAccessLevel == 2 AND ideqval SystemConfig.SetUserPass == 1; oneof varid = SystemConfig.TpmOperation, prompt = STRING_TOKEN(STR_TCM_OPERATION_STRING), help = STRING_TOKEN(STR_TCM_OPERATION_HELP), option text = STRING_TOKEN(STR_NO_OPERATION_TEXT), value = 0, flags = DEFAULT; option text = STRING_TOKEN(STR_DISABLE_AND_DEACTIVATE_TEXT), value = 1, flags = 0; option text = STRING_TOKEN(STR_ENABLE_AND_ACTIVATE_TEXT), value = 2, flags = 0; endoneof; endif; endif; suppressif NOT ideqval SystemConfig.TpmDevice == TPM_DEVICE_TCM OR ideqval SystemConfig.TpmDeviceOk == 0xFF; grayoutif (ideqval SystemConfig.UserAccessLevel == 2 AND ideqval SystemConfig.SetUserPass == 1) OR ideqval SystemConfig.GrayoutTpmClear == 1; checkbox varid = SystemConfig.TpmClear, questionid = KEY_TCM_CLEAR, prompt = STRING_TOKEN(STR_TCM_CLEAR_TEXT), help = STRING_TOKEN(STR_TCM_CLEAR_HELP), flags = INTERACTIVE, key = KEY_TCM_CLEAR, default = 0, endcheckbox; endif; endif; #endif grayoutif TRUE; text help = STRING_TOKEN(STR_BLANK_STRING), text = STRING_TOKEN(STR_SUPERVISOR_PASSWORD_STRING), text = STRING_TOKEN(STR_SUPERVISOR_PASSWORD_STRING2), flags = 0, key = 0; #if FeaturePcdGet(PcdSysPasswordSupportUserPswd) text help = STRING_TOKEN(STR_BLANK_STRING), text = STRING_TOKEN(STR_USER_PASSWORD_STRING), text = STRING_TOKEN(STR_USER_PASSWORD_STRING2), flags = 0, key = 0; #endif endif; subtitle text = STRING_TOKEN(STR_BLANK_STRING); // // If Supervisor Password is set, display User Access Level and // set supervisor password text is "Installed", else Hidden it. // suppressif ideqvallist SystemConfig.UserAccessLevel == 1 3 4 OR ideqval SystemConfig.SetUserPass == 0; text help = STRING_TOKEN(STR_BLANK_STRING), text = STRING_TOKEN(STR_BLANK_STRING), text = STRING_TOKEN(STR_BLANK_STRING), flags = 0, key = 0; endif; grayoutif ideqval SystemConfig.UserAccessLevel == 2 AND ideqval SystemConfig.SetUserPass == 1; suppressif ideqvallist SystemConfig.UserAccessLevel == 3 4 AND ideqval SystemConfig.SetUserPass == 1; password varid = PasswordNameValueVar[0], questionid = KEY_SUPERVISOR_PASSWORD, prompt = STRING_TOKEN(STR_SUPERVISOR_PASSWORD_PROMPT), help = STRING_TOKEN(STR_PASSWORD_HELP), flags = INTERACTIVE, key = KEY_SUPERVISOR_PASSWORD, minsize = PcdGet32 (PcdDefaultSysPasswordMinLength), maxsize = PcdGet32 (PcdDefaultSysPasswordMaxLength), encoding = 1, endpassword; endif; endif; // //Power on password // suppressif ideqval SystemConfig.SetUserPass == 1 OR ideqval SystemConfig.SupervisorFlag == 0; oneof varid = SystemConfig.PowerOnPassword, questionid = KEY_POWER_ON_PASSWORD, prompt = STRING_TOKEN(STR_PASSWORD_POWERON_STRING), help = STRING_TOKEN(STR_PASSWORD_POWERON_HELP), option text = STRING_TOKEN(STR_ENABLED_TEXT), value = 2, flags = 0; option text = STRING_TOKEN(STR_DISABLED_TEXT), value = 1, flags = DEFAULT; endoneof; endif; #if FeaturePcdGet(PcdSysPasswordSupportUserPswd) // //User Access Level // suppressif ideqval SystemConfig.SetUserPass == 1 OR ideqval SystemConfig.SupervisorFlag == 0; oneof varid = SystemConfig.UserAccessLevel, questionid = KEY_USER_ACCESS_LEVEL, prompt = STRING_TOKEN(STR_USER_ACCESS_LEVEL_STRING), help = STRING_TOKEN(STR_USER_ACCESS_LEVEL_HELP), option text = STRING_TOKEN(STR_VIEW_ONLY_TEXT), value = 2, flags = 0; option text = STRING_TOKEN(STR_LIMITED_TEXT), value = 3, flags = 0; option text = STRING_TOKEN(STR_FULL_TEXT), value = 4, flags = DEFAULT; endoneof; endif; // //Set User password // grayoutif ideqval SystemConfig.SupervisorFlag == 0; password varid = PasswordNameValueVar[1], prompt = STRING_TOKEN(STR_USER_PASSWORD_PROMPT), help = STRING_TOKEN(STR_PASSWORD_HELP), flags = INTERACTIVE, key = KEY_USER_PASSWORD, minsize = PcdGet32 (PcdDefaultSysPasswordMinLength), maxsize = PcdGet32 (PcdDefaultSysPasswordMaxLength), encoding = 1, endpassword; endif; // //Clear User password // suppressif ideqval SystemConfig.UserFlag == 0; text help = STRING_TOKEN(STR_BLANK_STRING), text = STRING_TOKEN(STR_CLEAR_USER_PASSWORD_STRING), text = STRING_TOKEN(STR_BLANK_STRING), flags = INTERACTIVE, key = KEY_CLEAR_USER_PASSWORD; endif; #endif // //Set All Hdd password // suppressif ideqval PasswordConfig.HddPasswordSupport == 0; grayoutif ideqval PasswordConfig.SetAllHddPasswordFlag == 0 OR ideqval SystemConfig.SetUserPass == 1 AND ideqval SystemConfig.UserAccessLevel == 3; password varid = PasswordNameValueVar[2], questionid = KEY_SET_ALL_HDD_PASSWORD, prompt = STRING_TOKEN(STR_CHG_HDD_PASSWORD_PROMPT), help = STRING_TOKEN(STR_HDD_SECURITY_TITLE_HELP), flags = INTERACTIVE, key = KEY_SET_ALL_HDD_PASSWORD, minsize = PcdGet16 (PcdH2OHddPasswordMinLength), maxsize = PcdGet16 (PcdH2OHddPasswordMaxLength), encoding = 2, endpassword; endif; endif; // //Set All Msater Hdd password // suppressif ideqval PasswordConfig.HddPasswordSupport == 0; grayoutif ideqval PasswordConfig.SetAllHddPasswordFlag == 0 OR ideqval PasswordConfig.SetAllMasterHddPasswordFlag == 0 OR ideqval SystemConfig.SetUserPass == 1 AND ideqval SystemConfig.UserAccessLevel == 3; password varid = PasswordNameValueVar[3], questionid = KEY_SET_ALL_MASTER_HDD_PASSWORD, prompt = STRING_TOKEN(STR_CHG_MASTER_HDD_PASSWORD_PROMPT), help = STRING_TOKEN(STR_HDD_MASTER_SECURITY_TITLE_HELP), flags = INTERACTIVE, key = KEY_SET_ALL_MASTER_HDD_PASSWORD, minsize = PcdGet16 (PcdH2OHddPasswordMinLength), maxsize = PcdGet16 (PcdH2OHddPasswordMaxLength), encoding = 2, endpassword; endif; endif; subtitle text = STRING_TOKEN(STR_BLANK_STRING); suppressif ideqval PasswordConfig.HddPasswordSupport == 0; goto STORAGE_PASSWORD_FORM_ID, questionid = KEY_STORAGE_PASSWORD_FORM_ID, prompt = STRING_TOKEN(STR_STORAGE_PASSWORD_TITLE), help = STRING_TOKEN(STR_STORAGE_PASSWORD_TITLE); endif; subtitle text = STRING_TOKEN(STR_BLANK_STRING); link; endform; form formid = STORAGE_PASSWORD_FORM_ID, title = STRING_TOKEN(STR_STORAGE_PASSWORD_TITLE); subtitle text = STRING_TOKEN(STR_BLOCKSID_STATUS); grayoutif TRUE; suppressif ideqval PasswordConfig.BlockSidEnabled == 0; text help = STRING_TOKEN(STR_BLANK_STRING), text = STRING_TOKEN(STR_BLOCK_SID_ENABLED_STRING); endif; suppressif ideqval PasswordConfig.BlockSidEnabled == 1; text help = STRING_TOKEN(STR_BLANK_STRING), text = STRING_TOKEN(STR_BLOCK_SID_DISABLED_STRING); endif; suppressif ideqval PasswordConfig.PpRequiredForEnableBlockSid == 0; text help = STRING_TOKEN(STR_BLANK_STRING), text = STRING_TOKEN(STR_PP_REQUIRED_FOR_ENABLE_BLOCK_SID_FUNC_TRUE_STRING); endif; suppressif ideqval PasswordConfig.PpRequiredForEnableBlockSid == 1; text help = STRING_TOKEN(STR_BLANK_STRING), text = STRING_TOKEN(STR_PP_REQUIRED_FOR_ENABLE_BLOCK_SID_FUNC_FALSE_STRING); endif; suppressif ideqval PasswordConfig.PpRequiredForDisableBlockSid == 0; text help = STRING_TOKEN(STR_BLANK_STRING), text = STRING_TOKEN(STR_PP_REQUIRED_FOR_DISABLE_BLOCK_SID_FUNC_TRUE_STRING); endif; suppressif ideqval PasswordConfig.PpRequiredForDisableBlockSid == 1; text help = STRING_TOKEN(STR_BLANK_STRING), text = STRING_TOKEN(STR_PP_REQUIRED_FOR_DISABLE_BLOCK_SID_FUNC_FALSE_STRING); endif; endif; oneof varid = PasswordConfig.TcgStorageAction, questionid = KEY_TCG_STORAGE_ACTION, prompt = STRING_TOKEN(STR_TCG_STORAGE_ACTION_PROMPT), help = STRING_TOKEN(STR_TCG_STORAGE_ACTION_PROMPT_HELP), option text = STRING_TOKEN(STR_TCG2_PHYSICAL_PRESENCE_NO_ACTION_STRING), value = 0, flags = DEFAULT | MANUFACTURING | RESET_REQUIRED; option text = STRING_TOKEN(STR_TCG2_PHYSICAL_PRESENCE_ENABLE_BLOCK_SID_STRING), value = 96, flags = RESET_REQUIRED; option text = STRING_TOKEN(STR_TCG2_PHYSICAL_PRESENCE_DISABLE_BLOCK_SID_STRING), value =97, flags = RESET_REQUIRED; option text = STRING_TOKEN(STR_TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_ENABLE_BLOCK_SID_FUNC_TRUE_STRING), value = 98, flags = RESET_REQUIRED; option text = STRING_TOKEN(STR_TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_ENABLE_BLOCK_SID_FUNC_FALSE_STRING), value = 99, flags = RESET_REQUIRED; option text = STRING_TOKEN(STR_TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_DISABLE_BLOCK_SID_FUNC_TRUE_STRING), value = 100, flags = RESET_REQUIRED; option text = STRING_TOKEN(STR_TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_DISABLE_BLOCK_SID_FUNC_FALSE_STRING), value = 101, flags = RESET_REQUIRED; endoneof; subtitle text = STRING_TOKEN(STR_DEVICE_LIST); // // This is where we will dynamically add choices for the Boot Manager // label LABEL_STORAGE_PASSWORD_OPTION; label LABEL_STORAGE_PASSWORD_OPTION_END; subtitle text = STRING_TOKEN(STR_LAST_STRING); subtitle text = STRING_TOKEN(STR_HELP_FOOTER); endform; form formid = STORAGE_PASSWORD_DEVICE_FORM_ID, title = STRING_TOKEN(STR_STORAGE_PASSWORD_DEVICE_TITLE); subtitle text = STRING_TOKEN(STR_BLANK_STRING); text help = STRING_TOKEN(STR_BLANK_STRING), text = STRING_TOKEN(STR_STORAGE_DEVICE_NAME), text = STRING_TOKEN(STR_STORAGE_DEVICE_NAME_STRING), flags = 0, key = 0; subtitle text = STRING_TOKEN(STR_BLANK_STRING); text help = STRING_TOKEN(STR_BLANK_STRING), text = STRING_TOKEN(STR_STORAGE_SECURITY_MODE), text = STRING_TOKEN(STR_STORAGE_SECURITY_MODE_STATUS), flags = 0, key = 0; subtitle text = STRING_TOKEN(STR_BLANK_STRING); // // Storage User Password item // grayoutif ideqval SystemConfig.UserAccessLevel == 2 AND ideqval SystemConfig.SetUserPass == 1; label LABEL_STORAGE_PASSWORD_DEVICE_USER_PASSWORD_OPTION; label LABEL_STORAGE_PASSWORD_DEVICE_USER_PASSWORD_OPTION_END; endif; // // Storage Master Password item // grayoutif ideqval SystemConfig.UserAccessLevel == 2 AND ideqval SystemConfig.SetUserPass == 1; label LABEL_STORAGE_PASSWORD_DEVICE_MASTER_PASSWORD_OPTION; label LABEL_STORAGE_PASSWORD_DEVICE_MASTER_PASSWORD_OPTION_END; endif; subtitle text = STRING_TOKEN(STR_BLANK_STRING); grayoutif ideqval SystemConfig.UserAccessLevel == 2 AND ideqval SystemConfig.SetUserPass == 1; label LABEL_STORAGE_PASSWORD_DEVICE_TCG_PSID_OPTION; label LABEL_STORAGE_PASSWORD_DEVICE_TCG_PSID_OPTION_END; endif; endform; endformset;