Hi,
SVN r14370 ("Update the logic about get initial value for one storage.")
breaks Platform Key enrolment in OvmfPkg, and as a consequence Secure
Boot in general.
Normally in OvmfPkg we enrol PK, one KEK and maybe one DB entry, and
immediately boot a boot option. The "enrol PK" step happens as:
Device Manager
Secure Boot Configuration
Secure Boot Mode
-> set Custom Mode
Custom Secure Boot Options
PK Options
Enroll PK
Enroll PK Using File
-> select file
Commit Changes and Exit
Secure Boot Configuration (*)
/* ... continue with KEK ... */
At the point marked with (*), the
Attempt Secure Boot [X]
checkbox can be highlighted with the cursor, and is actually X-ed after
PK enrolment. SVN r14370 breaks this; it is impossible to navigate to,
or to set the Attempt Secure Boot checkbox. Secure Boot is hence
unreachable.
Reverting r14370 fixes the problem for me (but of course restores the
original bug that r14370 was meant to fix).
Thanks,
Laszlo
------------------------------------------------------------------------------
AlienVault Unified Security Management (USM) platform delivers complete
security visibility with the essential security capabilities. Easily and
efficiently configure, manage, and operate all of your security controls
from a single console and one unified framework. Download a free trial.
http://p.sf.net/sfu/alienvault_d2d
_______________________________________________
edk2-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/edk2-devel
