Enabling Secure boot

Enabling Secure boot

[sent888]

[-- Attachment #1: Type: text/plain, Size: 713 bytes --]

Hi,

I want to enable secure boot in edk2. I am using edk2-2017 with coreboot for Intel architecture. I compiled edk with -D -D SECURE_BOOT_ENABLE and also applied some patches, with this I am getting secure boot configuration in the Boot Menu configuration. But " *AttemptSecureBoot" is disabled.* I am tried to change to standard mode to custom mode to enroll keys but NVRAM support is not there. So after reset also same default settings coming.
As NVRAM support is not there, I am planning to hard code the keys in the code or to go with standard secure boot mode. By default the edk2 is in setup mode so secure is not enabled.
How to change the secure boot mode to default user mode?

Regards,
gsen.

[-- Attachment #2: Type: text/html, Size: 767 bytes --]

Enabling Secure boot

[sent888]

[-- Attachment #1: Type: text/plain, Size: 584 bytes --]

Hi,
I have enable the secure boot for CorebootPayloadPkg in EDK 2017 and got the secure boot configuration in the boot menu. But the problem is Attempt secure boot is disabled. Also when I changed from standard mode to custom mode to add vmware key in the db, after reset its not getting saved. This may due to NVRAM support is not there.

How to make "Attempt secure boot" to be enabled?
If NVRAM is not there, how i will add vmware keys in db database?
Can i hardcode the keys in the edk2 source and secure boot? If so where to modify it?

Regards,
gsen.

Regards,
gsen

[-- Attachment #2: Type: text/html, Size: 647 bytes --]