On 04/01/21 11:03, sent...@gmail.com wrote: > Hi, > I have enable the secure boot for CorebootPayloadPkg in EDK 2017 and > got the secure boot configuration in the boot menu. But the problem is > Attempt secure boot is disabled. Also when I changed from standard mode > to custom mode to add vmware key in the db, after reset its not getting > saved. This may due to NVRAM support is not there. > > How to make "Attempt secure boot" to be enabled? > If NVRAM is not there, how i will add vmware keys in db database? > Can i hardcode the keys in the edk2 source and secure boot? If so where > to modify it?
Secure boot is based on authenticated non-volatile UEFI variables that are described by the UEFI spec. If you don't have functional, tamper-proof storage on your platform (virtual or otherwise) for said non-volatile UEFI variables, secure boot will either not work, or will not be secure in fact. (By "tamper-proof", I mean that e.g. the operating system must be prevented from modifying said variables, unless it invokes the appropriate UEFI runtime services.) I don't know how this specifically applies to CorebootPayloadPkg though. Thanks Laszlo -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#73727): https://edk2.groups.io/g/devel/message/73727 Mute This Topic: https://groups.io/mt/81789296/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
