summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJan Bobek <jbobek@nvidia.com>2023-01-21 06:58:35 +0800
committermergify[bot] <37929162+mergify[bot]@users.noreply.github.com>2023-02-04 11:53:59 +0000
commitcc18c503e03e64860e3587f7aa54b6beccd41fb2 (patch)
tree6da107bc389932b85deb89b85659b9effaab012b
parentf6e4824533be5e4951b17e1938e4fb53bf66b7a5 (diff)
downloadedk2-cc18c503e03e64860e3587f7aa54b6beccd41fb2.tar.gz
edk2-cc18c503e03e64860e3587f7aa54b6beccd41fb2.tar.bz2
edk2-cc18c503e03e64860e3587f7aa54b6beccd41fb2.zip
SecurityPkg: don't require PK to be self-signed by default
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2506 Change the default value of PcdRequireSelfSignedPk to FALSE in accordance with UEFI spec, which states that PK need not be self-signed when enrolling in setup mode. Note that this relaxes the legacy behavior, which required the PK to be self-signed in this case. Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Jian J Wang <jian.j.wang@intel.com> Signed-off-by: Jan Bobek <jbobek@nvidia.com> Reviewed-by: Sean Brogan <sean.brogan@microsoft.com> Acked-by: Jiewen Yao <jiewen.yao@intel.com>
-rw-r--r--SecurityPkg/SecurityPkg.dec2
1 files changed, 1 insertions, 1 deletions
diff --git a/SecurityPkg/SecurityPkg.dec b/SecurityPkg/SecurityPkg.dec
index d3b7ad7ff6..0382090f4e 100644
--- a/SecurityPkg/SecurityPkg.dec
+++ b/SecurityPkg/SecurityPkg.dec
@@ -585,7 +585,7 @@
# TRUE - Require PK to be self-signed.
# FALSE - Do not require PK to be self-signed.
# @Prompt Require PK to be self-signed
- gEfiMdeModulePkgTokenSpaceGuid.PcdRequireSelfSignedPk|TRUE|BOOLEAN|0x00010027
+ gEfiMdeModulePkgTokenSpaceGuid.PcdRequireSelfSignedPk|FALSE|BOOLEAN|0x00010027
[UserExtensions.TianoCore."ExtraFiles"]
SecurityPkgExtra.uni