* Enabling Secure boot
@ 2021-04-01 9:03 sent888
2021-04-06 14:18 ` [edk2-devel] " Laszlo Ersek
0 siblings, 1 reply; 3+ messages in thread
From: sent888 @ 2021-04-01 9:03 UTC (permalink / raw)
To: devel
[-- Attachment #1: Type: text/plain, Size: 584 bytes --]
Hi,
I have enable the secure boot for CorebootPayloadPkg in EDK 2017 and got the secure boot configuration in the boot menu. But the problem is Attempt secure boot is disabled. Also when I changed from standard mode to custom mode to add vmware key in the db, after reset its not getting saved. This may due to NVRAM support is not there.
How to make "Attempt secure boot" to be enabled?
If NVRAM is not there, how i will add vmware keys in db database?
Can i hardcode the keys in the edk2 source and secure boot? If so where to modify it?
Regards,
gsen.
Regards,
gsen
[-- Attachment #2: Type: text/html, Size: 647 bytes --]
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [edk2-devel] Enabling Secure boot
2021-04-01 9:03 Enabling Secure boot sent888
@ 2021-04-06 14:18 ` Laszlo Ersek
0 siblings, 0 replies; 3+ messages in thread
From: Laszlo Ersek @ 2021-04-06 14:18 UTC (permalink / raw)
To: devel, sent888
On 04/01/21 11:03, sent888@gmail.com wrote:
> Hi,
> I have enable the secure boot for CorebootPayloadPkg in EDK 2017 and
> got the secure boot configuration in the boot menu. But the problem is
> Attempt secure boot is disabled. Also when I changed from standard mode
> to custom mode to add vmware key in the db, after reset its not getting
> saved. This may due to NVRAM support is not there.
>
> How to make "Attempt secure boot" to be enabled?
> If NVRAM is not there, how i will add vmware keys in db database?
> Can i hardcode the keys in the edk2 source and secure boot? If so where
> to modify it?
Secure boot is based on authenticated non-volatile UEFI variables that
are described by the UEFI spec. If you don't have functional,
tamper-proof storage on your platform (virtual or otherwise) for said
non-volatile UEFI variables, secure boot will either not work, or will
not be secure in fact. (By "tamper-proof", I mean that e.g. the
operating system must be prevented from modifying said variables, unless
it invokes the appropriate UEFI runtime services.)
I don't know how this specifically applies to CorebootPayloadPkg though.
Thanks
Laszlo
^ permalink raw reply [flat|nested] 3+ messages in thread
* Enabling Secure boot
@ 2021-03-31 14:02 sent888
0 siblings, 0 replies; 3+ messages in thread
From: sent888 @ 2021-03-31 14:02 UTC (permalink / raw)
To: devel
[-- Attachment #1: Type: text/plain, Size: 713 bytes --]
Hi,
I want to enable secure boot in edk2. I am using edk2-2017 with coreboot for Intel architecture. I compiled edk with -D -D SECURE_BOOT_ENABLE and also applied some patches, with this I am getting secure boot configuration in the Boot Menu configuration. But " *AttemptSecureBoot" is disabled.* I am tried to change to standard mode to custom mode to enroll keys but NVRAM support is not there. So after reset also same default settings coming.
As NVRAM support is not there, I am planning to hard code the keys in the code or to go with standard secure boot mode. By default the edk2 is in setup mode so secure is not enabled.
How to change the secure boot mode to default user mode?
Regards,
gsen.
[-- Attachment #2: Type: text/html, Size: 767 bytes --]
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2021-04-06 14:19 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2021-04-01 9:03 Enabling Secure boot sent888
2021-04-06 14:18 ` [edk2-devel] " Laszlo Ersek
-- strict thread matches above, loose matches on Subject: below --
2021-03-31 14:02 sent888
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox