riscv-gnu-toolchain/qemu/roms/edk2.git - Unnamed repository; edit this file 'description' to name the repository.

diff options

author	Jan Bobek <jbobek@nvidia.com>	2023-01-21 06:58:32 +0800
committer	mergify[bot] <37929162+mergify[bot]@users.noreply.github.com>	2023-02-04 11:53:59 +0000
commit	566cdfc675fa0da486af34cb12cb5f2e01578a5c (patch)
tree	d41f99b37ed53b32eedb4f8dfaae3914adc15441 /ReadMe.rst
parent	7c138e400862a3a742489ca6f21d31afa9a3dd8a (diff)
download	edk2-566cdfc675fa0da486af34cb12cb5f2e01578a5c.zip edk2-566cdfc675fa0da486af34cb12cb5f2e01578a5c.tar.gz edk2-566cdfc675fa0da486af34cb12cb5f2e01578a5c.tar.bz2

SecurityPkg: limit verification of enrolled PK in setup mode

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2506 Per UEFI spec, enrolling a new PK in setup mode should not require a self-signature. Introduce a feature PCD called PcdRequireSelfSignedPk to control this requirement. Default to TRUE in order to preserve the legacy behavior. Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Min Xu <min.m.xu@intel.com> Co-authored-by: Matthew Carlson <macarl@microsoft.com> Signed-off-by: Jan Bobek <jbobek@nvidia.com> Reviewed-by: Sean Brogan <sean.brogan@microsoft.com> Acked-by: Jiewen Yao <jiewen.yao@intel.com>

Diffstat (limited to 'ReadMe.rst')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: