[edk2-devel] [PATCH] SecurityPkg: Don't Verify the enrolled PK in setup mode
Lin, Derek (HPS SW)
derek.lin2 at hpe.com
Fri Aug 23 03:20:53 UTC 2019
Hi Laszlo, Chao,
Sorry for late response in this thread.
I review Mantis#1983 and this discussion again. I agree with Laszlo.
1. UEFI spec 2.8 is not very clear about PK validation in Setup mode.
2. This patch only reduce the complexity of update PK process.
Having a FeaturePCD to control this kind of behavior in EDK2 is weird. That only make things more complicated to me.
To simplify and make things clear, updating PK shall always be signed in both Setup Mode and User Mode.
Anyway, I agree with Laszlo and I'm good with current implementation now.
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#46251): https://edk2.groups.io/g/devel/message/46251
Mute This Topic: https://groups.io/mt/32283314/1813853
Group Owner: devel+owner at edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [edk2-devel-archive at redhat.com]
-=-=-=-=-=-=-=-=-=-=-=-
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/edk2-devel-archive/attachments/20190822/b1867238/attachment.htm>
More information about the edk2-devel-archive
mailing list