Hi all, I'm sending out v1 of my patch series that addresses a UEFI spec non-compliance when enrolling PK in setup mode. Additional info can be found in bugzilla [1]; the changes are split into 4 patches as suggested by Laszlo Ersek in comment #4.
I've based my work on the patch by Matthew Carlson; I've credited him with co-authorship of the first patch even though in the end I decided to do the implementation a bit differently. Comments & reviews welcome! Cheers, -Jan References: 1. https://bugzilla.tianocore.org/show_bug.cgi?id=2506 Jan Bobek (4): SecurityPkg: limit verification of enrolled PK in setup mode OvmfPkg: require self-signed PK when secure boot is enabled ArmVirtPkg: require self-signed PK when secure boot is enabled SecurityPkg: don't require PK to be self-signed by default SecurityPkg/SecurityPkg.dec | 7 +++++++ ArmVirtPkg/ArmVirtCloudHv.dsc | 4 ++++ ArmVirtPkg/ArmVirtQemu.dsc | 4 ++++ ArmVirtPkg/ArmVirtQemuKernel.dsc | 4 ++++ OvmfPkg/Bhyve/BhyveX64.dsc | 3 +++ OvmfPkg/CloudHv/CloudHvX64.dsc | 3 +++ OvmfPkg/IntelTdx/IntelTdxX64.dsc | 3 +++ OvmfPkg/Microvm/MicrovmX64.dsc | 3 +++ OvmfPkg/OvmfPkgIa32.dsc | 3 +++ OvmfPkg/OvmfPkgIa32X64.dsc | 3 +++ OvmfPkg/OvmfPkgX64.dsc | 3 +++ SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf | 3 +++ SecurityPkg/Library/AuthVariableLib/AuthService.c | 9 +++++++-- 13 files changed, 50 insertions(+), 2 deletions(-) -- 2.30.2 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#98945): https://edk2.groups.io/g/devel/message/98945 Mute This Topic: https://groups.io/mt/96412382/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
