From 8fc1c214fbf261639f0f890a053c0ef7d52aeb1f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20=C5=BBygowski?= Date: Tue, 24 Oct 2023 14:50:19 +0200 Subject: [PATCH] OvmfPkg: Integrate default SB keys and SB state MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Michał Żygowski --- OvmfPkg/OvmfPkgX64.dsc | 1 + OvmfPkg/OvmfPkgX64.fdf | 25 +++++++++++++++++++++++++ 2 files changed, 26 insertions(+) diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc index f844dea446..e9e0cee9b2 100644 --- a/OvmfPkg/OvmfPkgX64.dsc +++ b/OvmfPkg/OvmfPkgX64.dsc @@ -584,6 +584,7 @@ gDasharoSystemFeaturesTokenSpaceGuid.PcdSecurityShowWiFiBtOption|TRUE gDasharoSystemFeaturesTokenSpaceGuid.PcdSecurityShowCameraOption|TRUE + gEfiSecurityPkgTokenSpaceGuid.PcdSecureBootDefaultEnable|0 ################################################################################ # # Pcd Dynamic Section - list of all EDK II PCD Entries defined by this Platform diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf index 29c5e557db..df75feeeb7 100644 --- a/OvmfPkg/OvmfPkgX64.fdf +++ b/OvmfPkg/OvmfPkgX64.fdf @@ -249,6 +249,31 @@ INF OvmfPkg/PvScsiDxe/PvScsiDxe.inf INF SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf INF SecurityPkg/EnrollFromDefaultKeysApp/EnrollFromDefaultKeysApp.inf INF SecurityPkg/VariableAuthenticated/SecureBootDefaultKeysDxe/SecureBootDefaultKeysDxe.inf + + # gDefaultKEKFileGuid + FILE FREEFORM = 6F64916E-9F7A-4C35-B952-CD041EFB05A3 { + SECTION RAW = UefiPayloadPkg/SecureBootDefaultKeys/MicCorKEKCA2011_2011-06-24.crt + SECTION UI = "DefaultKekCert" + } + + # gDefaultPKFileGuid + FILE FREEFORM = 85254EA7-4759-4FC4-82D4-5EED5FB0A4A0 { + SECTION RAW = UefiPayloadPkg/SecureBootDefaultKeys/pk.crt + SECTION UI = "DefaultPkCert" + } + + # gDefaultdbFileGuid + FILE FREEFORM = C491D352-7623-4843-ACCC-2791A7574421 { + SECTION RAW = UefiPayloadPkg/SecureBootDefaultKeys/MicWinProPCA2011_2011-10-19.crt + SECTION RAW = UefiPayloadPkg/SecureBootDefaultKeys/MicCorUEFCA2011_2011-06-27.crt + SECTION UI = "DefaultDbCert" + } + + # gDefaultdbxFileGuid + FILE FREEFORM = 5740766A-718E-4DC0-9935-C36F7D3F884F { + SECTION RAW = UefiPayloadPkg/SecureBootDefaultKeys/DBXUpdate.bin + SECTION UI = "DefaultDbxCert" + } !endif INF MdeModulePkg/Universal/WatchdogTimerDxe/WatchdogTimer.inf