diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc index f844dea446..e9e0cee9b2 100644 --- a/OvmfPkg/OvmfPkgX64.dsc +++ b/OvmfPkg/OvmfPkgX64.dsc @@ -584,6 +584,7 @@ gDasharoSystemFeaturesTokenSpaceGuid.PcdSecurityShowWiFiBtOption|TRUE gDasharoSystemFeaturesTokenSpaceGuid.PcdSecurityShowCameraOption|TRUE + gEfiSecurityPkgTokenSpaceGuid.PcdSecureBootDefaultEnable|0 ################################################################################ # # Pcd Dynamic Section - list of all EDK II PCD Entries defined by this Platform diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf index 29c5e557db..df75feeeb7 100644 --- a/OvmfPkg/OvmfPkgX64.fdf +++ b/OvmfPkg/OvmfPkgX64.fdf @@ -249,6 +249,31 @@ INF OvmfPkg/PvScsiDxe/PvScsiDxe.inf INF SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf INF SecurityPkg/EnrollFromDefaultKeysApp/EnrollFromDefaultKeysApp.inf INF SecurityPkg/VariableAuthenticated/SecureBootDefaultKeysDxe/SecureBootDefaultKeysDxe.inf + + # gDefaultKEKFileGuid + FILE FREEFORM = 6F64916E-9F7A-4C35-B952-CD041EFB05A3 { + SECTION RAW = UefiPayloadPkg/SecureBootDefaultKeys/MicCorKEKCA2011_2011-06-24.crt + SECTION UI = "DefaultKekCert" + } + + # gDefaultPKFileGuid + FILE FREEFORM = 85254EA7-4759-4FC4-82D4-5EED5FB0A4A0 { + SECTION RAW = UefiPayloadPkg/SecureBootDefaultKeys/pk.crt + SECTION UI = "DefaultPkCert" + } + + # gDefaultdbFileGuid + FILE FREEFORM = C491D352-7623-4843-ACCC-2791A7574421 { + SECTION RAW = UefiPayloadPkg/SecureBootDefaultKeys/MicWinProPCA2011_2011-10-19.crt + SECTION RAW = UefiPayloadPkg/SecureBootDefaultKeys/MicCorUEFCA2011_2011-06-27.crt + SECTION UI = "DefaultDbCert" + } + + # gDefaultdbxFileGuid + FILE FREEFORM = 5740766A-718E-4DC0-9935-C36F7D3F884F { + SECTION RAW = UefiPayloadPkg/SecureBootDefaultKeys/DBXUpdate.bin + SECTION UI = "DefaultDbxCert" + } !endif INF MdeModulePkg/Universal/WatchdogTimerDxe/WatchdogTimer.inf