REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2506
Change the default value of PcdRequireSelfSignedPk to FALSE in accordance with UEFI spec, which states that PK need not be self-signed when enrolling in setup mode. Note that this relaxes the legacy behavior, which required the PK to be self-signed in this case. Cc: Jiewen Yao <jiewen....@intel.com> Cc: Jian J Wang <jian.j.w...@intel.com> Signed-off-by: Jan Bobek <jbo...@nvidia.com> --- SecurityPkg/SecurityPkg.dec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/SecurityPkg/SecurityPkg.dec b/SecurityPkg/SecurityPkg.dec index d3b7ad7ff6fb..0382090f4e75 100644 --- a/SecurityPkg/SecurityPkg.dec +++ b/SecurityPkg/SecurityPkg.dec @@ -585,7 +585,7 @@ [PcdsFeatureFlag] # TRUE - Require PK to be self-signed. # FALSE - Do not require PK to be self-signed. # @Prompt Require PK to be self-signed - gEfiMdeModulePkgTokenSpaceGuid.PcdRequireSelfSignedPk|TRUE|BOOLEAN|0x00010027 + gEfiMdeModulePkgTokenSpaceGuid.PcdRequireSelfSignedPk|FALSE|BOOLEAN|0x00010027 [UserExtensions.TianoCore."ExtraFiles"] SecurityPkgExtra.uni -- 2.30.2 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#98949): https://edk2.groups.io/g/devel/message/98949 Mute This Topic: https://groups.io/mt/96412386/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-