diff options
author | Jan Bobek <jbobek@nvidia.com> | 2023-01-21 06:58:33 +0800 |
---|---|---|
committer | mergify[bot] <37929162+mergify[bot]@users.noreply.github.com> | 2023-02-04 11:53:59 +0000 |
commit | f6e4824533be5e4951b17e1938e4fb53bf66b7a5 (patch) | |
tree | 9e7e461575366080e1e2a4e7a82c5b4633a789d6 /OvmfPkg/Microvm | |
parent | 566cdfc675fa0da486af34cb12cb5f2e01578a5c (diff) | |
download | edk2-f6e4824533be5e4951b17e1938e4fb53bf66b7a5.tar.gz edk2-f6e4824533be5e4951b17e1938e4fb53bf66b7a5.tar.bz2 edk2-f6e4824533be5e4951b17e1938e4fb53bf66b7a5.zip |
OvmfPkg: require self-signed PK when secure boot is enabled
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2506
In all DSC files that define SECURE_BOOT_ENABLE, opt-in into requiring
self-signed PK when SECURE_BOOT_ENABLE is TRUE.
Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jordan Justen <jordan.l.justen@intel.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Rebecca Cran <rebecca@bsdio.com>
Cc: Peter Grehan <grehan@freebsd.org>
Cc: Sebastien Boeuf <sebastien.boeuf@intel.com>
Signed-off-by: Jan Bobek <jbobek@nvidia.com>
Reviewed-by: Sean Brogan <sean.brogan@microsoft.com>
Acked-by: Jiewen Yao <jiewen.yao@intel.com>
Diffstat (limited to 'OvmfPkg/Microvm')
-rw-r--r-- | OvmfPkg/Microvm/MicrovmX64.dsc | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/OvmfPkg/Microvm/MicrovmX64.dsc b/OvmfPkg/Microvm/MicrovmX64.dsc index 1161e1f39b..0d65d21e65 100644 --- a/OvmfPkg/Microvm/MicrovmX64.dsc +++ b/OvmfPkg/Microvm/MicrovmX64.dsc @@ -476,6 +476,9 @@ gEfiMdeModulePkgTokenSpaceGuid.PcdConOutGopSupport|TRUE
gEfiMdeModulePkgTokenSpaceGuid.PcdConOutUgaSupport|FALSE
gEfiMdeModulePkgTokenSpaceGuid.PcdInstallAcpiSdtProtocol|TRUE
+!if $(SECURE_BOOT_ENABLE) == TRUE
+ gEfiMdeModulePkgTokenSpaceGuid.PcdRequireSelfSignedPk|TRUE
+!endif
[PcdsFixedAtBuild]
gEfiMdeModulePkgTokenSpaceGuid.PcdStatusCodeMemorySize|1
|