// Init state of Del. State may change due to secure check\r
//\r
Del = FALSE;\r
- if ((InCustomMode () && UserPhysicalPresent ()) || ((mPlatformMode == SETUP_MODE) && !IsPk)) {\r
+ if ( (InCustomMode () && UserPhysicalPresent ())\r
+ || ( (mPlatformMode == SETUP_MODE)\r
+ && !(FeaturePcdGet (PcdRequireSelfSignedPk) && IsPk)))\r
+ {\r
Payload = (UINT8 *)Data + AUTHINFO2_SIZE (Data);\r
PayloadSize = DataSize - AUTHINFO2_SIZE (Data);\r
if (PayloadSize == 0) {\r
return Status;\r
}\r
\r
- if ((mPlatformMode != SETUP_MODE) || IsPk) {\r
+ if ( (mPlatformMode != SETUP_MODE)\r
+ || (FeaturePcdGet (PcdRequireSelfSignedPk) && IsPk))\r
+ {\r
Status = VendorKeyIsModified ();\r
}\r
} else if (mPlatformMode == USER_MODE) {\r
gEfiCertTypeRsa2048Sha256Guid ## SOMETIMES_CONSUMES ## GUID # Unique ID for the type of the certificate.\r
gEfiCertPkcs7Guid ## SOMETIMES_CONSUMES ## GUID # Unique ID for the type of the certificate.\r
gEfiCertX509Guid ## SOMETIMES_CONSUMES ## GUID # Unique ID for the type of the signature.\r
+\r
+[FeaturePcd]\r
+ gEfiMdeModulePkgTokenSpaceGuid.PcdRequireSelfSignedPk\r
## This PCD records LASA field in CC EVENTLOG ACPI table.\r
gEfiSecurityPkgTokenSpaceGuid.PcdCcEventlogAcpiTableLasa|0|UINT64|0x00010026\r
\r
+[PcdsFeatureFlag]\r
+ ## Indicates if the platform requires PK to be self-signed when setting the PK in setup mode.\r
+ # TRUE - Require PK to be self-signed.\r
+ # FALSE - Do not require PK to be self-signed.\r
+ # @Prompt Require PK to be self-signed\r
+ gEfiMdeModulePkgTokenSpaceGuid.PcdRequireSelfSignedPk|TRUE|BOOLEAN|0x00010027\r
+\r
[UserExtensions.TianoCore."ExtraFiles"]\r
SecurityPkgExtra.uni\r