diff options
Diffstat (limited to 'OvmfPkg/EnrollDefaultKeys')
| -rw-r--r-- | OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.c | 53 |
1 files changed, 39 insertions, 14 deletions
diff --git a/OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.c b/OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.c index 75f2749dc8..f45cb799f7 100644 --- a/OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.c +++ b/OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.c @@ -538,6 +538,13 @@ ShellAppMain ( SETTINGS Settings;
UINT8 *PkKek1;
UINTN SizeOfPkKek1;
+ BOOLEAN NoDefault;
+
+ if (Argc == 2 && StrCmp (Argv[1], L"--no-default") == 0) {
+ NoDefault = TRUE;
+ } else {
+ NoDefault = FALSE;
+ }
//
// Prepare for failure.
@@ -594,13 +601,22 @@ ShellAppMain ( //
// Enroll db.
//
- Status = EnrollListOfCerts (
- EFI_IMAGE_SECURITY_DATABASE,
- &gEfiImageSecurityDatabaseGuid,
- &gEfiCertX509Guid,
- mMicrosoftPca, mSizeOfMicrosoftPca, &gMicrosoftVendorGuid,
- mMicrosoftUefiCa, mSizeOfMicrosoftUefiCa, &gMicrosoftVendorGuid,
- NULL);
+ if (NoDefault) {
+ Status = EnrollListOfCerts (
+ EFI_IMAGE_SECURITY_DATABASE,
+ &gEfiImageSecurityDatabaseGuid,
+ &gEfiCertX509Guid,
+ PkKek1, SizeOfPkKek1, &gEfiCallerIdGuid,
+ NULL);
+ } else {
+ Status = EnrollListOfCerts (
+ EFI_IMAGE_SECURITY_DATABASE,
+ &gEfiImageSecurityDatabaseGuid,
+ &gEfiCertX509Guid,
+ mMicrosoftPca, mSizeOfMicrosoftPca, &gMicrosoftVendorGuid,
+ mMicrosoftUefiCa, mSizeOfMicrosoftUefiCa, &gMicrosoftVendorGuid,
+ NULL);
+ }
if (EFI_ERROR (Status)) {
goto FreePkKek1;
}
@@ -621,13 +637,22 @@ ShellAppMain ( //
// Enroll KEK.
//
- Status = EnrollListOfCerts (
- EFI_KEY_EXCHANGE_KEY_NAME,
- &gEfiGlobalVariableGuid,
- &gEfiCertX509Guid,
- PkKek1, SizeOfPkKek1, &gEfiCallerIdGuid,
- mMicrosoftKek, mSizeOfMicrosoftKek, &gMicrosoftVendorGuid,
- NULL);
+ if (NoDefault) {
+ Status = EnrollListOfCerts (
+ EFI_KEY_EXCHANGE_KEY_NAME,
+ &gEfiGlobalVariableGuid,
+ &gEfiCertX509Guid,
+ PkKek1, SizeOfPkKek1, &gEfiCallerIdGuid,
+ NULL);
+ } else {
+ Status = EnrollListOfCerts (
+ EFI_KEY_EXCHANGE_KEY_NAME,
+ &gEfiGlobalVariableGuid,
+ &gEfiCertX509Guid,
+ PkKek1, SizeOfPkKek1, &gEfiCallerIdGuid,
+ mMicrosoftKek, mSizeOfMicrosoftKek, &gMicrosoftVendorGuid,
+ NULL);
+ }
if (EFI_ERROR (Status)) {
goto FreePkKek1;
}
|