]> git.proxmox.com Git - mirror_edk2.git/commit
projects / mirror_edk2.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 7c138e4) | patch
SecurityPkg: limit verification of enrolled PK in setup mode
authorJan Bobek <jbobek@nvidia.com>
Fri, 20 Jan 2023 22:58:32 +0000 (06:58 +0800)
committermergify[bot] <37929162+mergify[bot]@users.noreply.github.com>
Sat, 4 Feb 2023 11:53:59 +0000 (11:53 +0000)
commit566cdfc675fa0da486af34cb12cb5f2e01578a5c
treed41f99b37ed53b32eedb4f8dfaae3914adc15441tree
parent7c138e400862a3a742489ca6f21d31afa9a3dd8acommit | diff
SecurityPkg: limit verification of enrolled PK in setup mode

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2506

Per UEFI spec, enrolling a new PK in setup mode should not require a
self-signature. Introduce a feature PCD called PcdRequireSelfSignedPk
to control this requirement. Default to TRUE in order to preserve the
legacy behavior.

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Min Xu <min.m.xu@intel.com>
Co-authored-by: Matthew Carlson <macarl@microsoft.com>
Signed-off-by: Jan Bobek <jbobek@nvidia.com>
Reviewed-by: Sean Brogan <sean.brogan@microsoft.com>
Acked-by: Jiewen Yao <jiewen.yao@intel.com>
SecurityPkg/Library/AuthVariableLib/AuthService.c diff | blob | blame | history
SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf diff | blob | blame | history
SecurityPkg/SecurityPkg.dec diff | blob | blame | history
EFI Development Kit II mirror for PVE