[edk2-devel] Enabling Secure boot
Laszlo Ersek
lersek at redhat.com
Tue Apr 6 14:18:59 UTC 2021
On 04/01/21 11:03, sent888 at gmail.com wrote:
> Hi,
> I have enable the secure boot for CorebootPayloadPkg in EDK 2017 and
> got the secure boot configuration in the boot menu. But the problem is
> Attempt secure boot is disabled. Also when I changed from standard mode
> to custom mode to add vmware key in the db, after reset its not getting
> saved. This may due to NVRAM support is not there.
>
> How to make "Attempt secure boot" to be enabled?
> If NVRAM is not there, how i will add vmware keys in db database?
> Can i hardcode the keys in the edk2 source and secure boot? If so where
> to modify it?
Secure boot is based on authenticated non-volatile UEFI variables that
are described by the UEFI spec. If you don't have functional,
tamper-proof storage on your platform (virtual or otherwise) for said
non-volatile UEFI variables, secure boot will either not work, or will
not be secure in fact. (By "tamper-proof", I mean that e.g. the
operating system must be prevented from modifying said variables, unless
it invokes the appropriate UEFI runtime services.)
I don't know how this specifically applies to CorebootPayloadPkg though.
Thanks
Laszlo
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#73727): https://edk2.groups.io/g/devel/message/73727
Mute This Topic: https://groups.io/mt/81789296/1813853
Group Owner: devel+owner at edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [edk2-devel-archive at redhat.com]
-=-=-=-=-=-=-=-=-=-=-=-
More information about the edk2-devel-archive
mailing list