Re: [EXTERNAL] [edk2-discuss] Customize Secure Boot Configuration

Home Messages Hashtags

Bret Barkelew <bret.barkelew@...> #700 There’s a few ways you could accomplish this, but I’m not aware of any “built-in” mechanism. To get you started, I’d take a look at the implementation of these: SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.inf The built-in version refers to database variables, but you could easily write your own that just referred to PCDs for PK and KEK (in the AuthVariableLib) and db,dbx (aka, EFI_IMAGE_SECURITY_DATABASE and EFI_IMAGE_SECURITY_DATABASE2 in DxeImageVerificationLib). - Bret From: Vu Dinh via groups.io<mailto:vu.dinh@...> Sent: Tuesday, April 6, 2021 7:58 AM To: discuss@edk2.groups.io<mailto:discuss@edk2.groups.io> Subject: [EXTERNAL] [edk2-discuss] Customize Secure Boot Configuration Dear all, I'm currently developing UEFI payload with Secure Boot enabled. I want to customize Secure Boot configuration (PK, KEK, DB, DBX) at build time of Edk2 instead of changing Secure Boot in BIOS Setup. Please tell me what should I do to customize Secure Boot configurations. Thanks, Vu
More All Messages By This Member

Join discuss@edk2.groups.io to automatically receive all group messages.