diff options
| author | Jan Bobek <jbobek@nvidia.com> | 2023-01-21 06:58:35 +0800 |
|---|---|---|
| committer | mergify[bot] <37929162+mergify[bot]@users.noreply.github.com> | 2023-02-04 11:53:59 +0000 |
| commit | cc18c503e03e64860e3587f7aa54b6beccd41fb2 (patch) | |
| tree | 6da107bc389932b85deb89b85659b9effaab012b | |
| parent | f6e4824533be5e4951b17e1938e4fb53bf66b7a5 (diff) | |
| download | edk2-cc18c503e03e64860e3587f7aa54b6beccd41fb2.tar.gz edk2-cc18c503e03e64860e3587f7aa54b6beccd41fb2.tar.bz2 edk2-cc18c503e03e64860e3587f7aa54b6beccd41fb2.zip | |
SecurityPkg: don't require PK to be self-signed by default
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2506
Change the default value of PcdRequireSelfSignedPk to FALSE in
accordance with UEFI spec, which states that PK need not be
self-signed when enrolling in setup mode.
Note that this relaxes the legacy behavior, which required the PK to
be self-signed in this case.
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Signed-off-by: Jan Bobek <jbobek@nvidia.com>
Reviewed-by: Sean Brogan <sean.brogan@microsoft.com>
Acked-by: Jiewen Yao <jiewen.yao@intel.com>
| -rw-r--r-- | SecurityPkg/SecurityPkg.dec | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/SecurityPkg/SecurityPkg.dec b/SecurityPkg/SecurityPkg.dec index d3b7ad7ff6..0382090f4e 100644 --- a/SecurityPkg/SecurityPkg.dec +++ b/SecurityPkg/SecurityPkg.dec @@ -585,7 +585,7 @@ # TRUE - Require PK to be self-signed.
# FALSE - Do not require PK to be self-signed.
# @Prompt Require PK to be self-signed
- gEfiMdeModulePkgTokenSpaceGuid.PcdRequireSelfSignedPk|TRUE|BOOLEAN|0x00010027
+ gEfiMdeModulePkgTokenSpaceGuid.PcdRequireSelfSignedPk|FALSE|BOOLEAN|0x00010027
[UserExtensions.TianoCore."ExtraFiles"]
SecurityPkgExtra.uni
|