SecurityPkg: don't require PK to be self-signed by default

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2506 Change the default value of PcdRequireSelfSignedPk to FALSE in accordance with UEFI spec, which states that PK need not be self-signed when enrolling in setup mode. Note that this relaxes the legacy behavior, which required the PK to be self-signed in this case. Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Jian J Wang <jian.j.wang@intel.com> Signed-off-by: Jan Bobek <jbobek@nvidia.com> Reviewed-by: Sean Brogan <sean.brogan@microsoft.com> Acked-by: Jiewen Yao <jiewen.yao@intel.com>
2023-01-21 06:58:35 +08:00 · 2023-01-21 06:58:35 +08:00 · cc18c503e0
parent f6e4824533
commit cc18c503e0
1 changed files with 1 additions and 1 deletions
--- a/SecurityPkg/SecurityPkg.dec
+++ b/SecurityPkg/SecurityPkg.dec
@ -585,7 +585,7 @@
  #   TRUE  - Require PK to be self-signed.
  #   FALSE - Do not require PK to be self-signed.
  # @Prompt Require PK to be self-signed
-  gEfiMdeModulePkgTokenSpaceGuid.PcdRequireSelfSignedPk|TRUE|BOOLEAN|0x00010027
+  gEfiMdeModulePkgTokenSpaceGuid.PcdRequireSelfSignedPk|FALSE|BOOLEAN|0x00010027

 [UserExtensions.TianoCore."ExtraFiles"]
  SecurityPkgExtra.uni