REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2506
Change the default value of PcdRequireSelfSignedPk to FALSE in
accordance with UEFI spec, which states that PK need not be
self-signed when enrolling in setup mode.
Note that this relaxes the legacy behavior, which required the PK to
be self-signed in this case.
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Signed-off-by: Jan Bobek <jbobek@nvidia.com>
Reviewed-by: Sean Brogan <sean.brogan@microsoft.com>
Acked-by: Jiewen Yao <jiewen.yao@intel.com>
# TRUE - Require PK to be self-signed.\r
# FALSE - Do not require PK to be self-signed.\r
# @Prompt Require PK to be self-signed\r
- gEfiMdeModulePkgTokenSpaceGuid.PcdRequireSelfSignedPk|TRUE|BOOLEAN|0x00010027\r
+ gEfiMdeModulePkgTokenSpaceGuid.PcdRequireSelfSignedPk|FALSE|BOOLEAN|0x00010027\r
\r
[UserExtensions.TianoCore."ExtraFiles"]\r
SecurityPkgExtra.uni\r