Did you check the platform PCDs for loading OptionROMs when SecureBoot is
enabled?
## Pcd for OptionRom.
# Image verification policy settings:
# ALWAYS_EXECUTE 0x00000000
# NEVER_EXECUTE 0x00000001
# ALLOW_EXECUTE_ON_SECURITY_VIOLATION 0x00000002
# DEFER_EXECUTE_ON_SECURITY_VIOLATION 0x00000003
# DENY_EXECUTE_ON_SECURITY_VIOLATION 0x00000004
# QUERY_USER_ON_SECURITY_VIOLATION 0x00000005
gEfiSecurityPkgTokenSpaceGuid.PcdOptionRomImageVerificationPolicy|0x00|UINT32|0x00000001
From: Richardson, Brian [mailto:[email protected]]
Sent: Tuesday, March 05, 2013 9:09 AM
To: [email protected]
Subject: Re: [edk2] Secure Boot - PCI device driver (NIC)
The EfiRom program doesn't alter the UEFI Driver, it only packages the driver
as part of the PCI Option ROM. If you used the signed driver with EfiRom then
that's what gets bundled into the OpROM image.
Thanks ... br
---
Brian Richardson --
[email protected]<mailto:[email protected]> -- Twitter:
intel_brian
From: Vladimir Sokolovsky [mailto:[email protected]]
Sent: Tuesday, March 05, 2013 10:01 AM
To: [email protected]<mailto:[email protected]>
Subject: Re: [edk2] Secure Boot - PCI device driver (NIC)
>From the PCI Option ROM.
Regards,
Vladimir
On Tue, Mar 5, 2013 at 4:58 PM, Richardson, Brian
<[email protected]<mailto:[email protected]>> wrote:
Did it load from the shell or from the PCI Option ROM?
Thanks ... br
---
Brian Richardson --
[email protected]<mailto:[email protected]> -- Twitter:
intel_brian
From: Vladimir Sokolovsky
[mailto:[email protected]<mailto:[email protected]>]
Sent: Tuesday, March 05, 2013 9:45 AM
To: [email protected]<mailto:[email protected]>
Subject: Re: [edk2] Secure Boot - PCI device driver (NIC)
Yes,
When Secure boot is disabled UEFI driver successfully loaded.
Regards,
Vladimir
On Tue, Mar 5, 2013 at 4:15 PM, Richardson, Brian
<[email protected]<mailto:[email protected]>> wrote:
The EfiRom command should not strip the signature from the signed driver. Can
you confirm that the PCI Option ROM loads the UEFI Driver when UEFI secure Boot
is disabled?
Thanks ... br
---
Brian Richardson --
[email protected]<mailto:[email protected]> -- Twitter:
intel_brian
From: Vladimir Sokolovsky
[mailto:[email protected]<mailto:[email protected]>]
Sent: Tuesday, March 05, 2013 6:04 AM
To: [email protected]<mailto:[email protected]>
Subject: Re: [edk2] Secure Boot - PCI device driver (NIC)
Hi Brian,
Is there any specific flag for EfiRom that should keep the signature of the EFI
file?
I run the following command:
# EfiRom.exe -f 0x15b3 -i 0x1003 -e 0a.01.10_uefi.efi -o 0a.01.10_uefi.rom
Then I see that the ROM image fails to be loaded during POST when UEFI Secure
boot mode is enabled while the original signed efi image can be successfully
loaded from the UEFI Shell.
Thanks,
Vladimir
------------------------------------------------------------------------------
Everyone hates slow websites. So do we.
Make your web apps faster with AppDynamics
Download AppDynamics Lite for free today:
http://p.sf.net/sfu/appdyn_d2d_feb
_______________________________________________
edk2-devel mailing list
[email protected]<mailto:[email protected]>
https://lists.sourceforge.net/lists/listinfo/edk2-devel
------------------------------------------------------------------------------
Everyone hates slow websites. So do we.
Make your web apps faster with AppDynamics
Download AppDynamics Lite for free today:
http://p.sf.net/sfu/appdyn_d2d_feb
_______________________________________________
edk2-devel mailing list
[email protected]<mailto:[email protected]>
https://lists.sourceforge.net/lists/listinfo/edk2-devel
------------------------------------------------------------------------------
Everyone hates slow websites. So do we.
Make your web apps faster with AppDynamics
Download AppDynamics Lite for free today:
http://p.sf.net/sfu/appdyn_d2d_feb
_______________________________________________
edk2-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/edk2-devel
