Re: [EXTERNAL] [edk2-discuss] Customize Secure Boot Configuration

Bret Barkelew <bret.barkelew@...>

There’s a few ways you could accomplish this, but I’m not aware of any “built-in” mechanism.

To get you started, I’d take a look at the implementation of these:

The built-in version refers to database variables, but you could easily write your own that just referred to PCDs for PK and KEK (in the AuthVariableLib) and db,dbx (aka, EFI_IMAGE_SECURITY_DATABASE and EFI_IMAGE_SECURITY_DATABASE2 in DxeImageVerificationLib).

- Bret

From: Vu Dinh via<mailto:vu.dinh@...>
Sent: Tuesday, April 6, 2021 7:58 AM
Subject: [EXTERNAL] [edk2-discuss] Customize Secure Boot Configuration

Dear all,

I'm currently developing UEFI payload with Secure Boot enabled. I want
to customize Secure Boot configuration (PK, KEK, DB, DBX) at build time
of Edk2 instead of changing Secure Boot in BIOS Setup.

Please tell me what should I do to customize Secure Boot configurations.



Join to automatically receive all group messages.