Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SecureBootConfigDxe/SecureBootConfigImpl.c: add default for SB state #110

Merged
merged 2 commits into from
Nov 9, 2023
Merged

SecureBootConfigDxe/SecureBootConfigImpl.c: add default for SB state #110

merged 2 commits into from
Nov 9, 2023

Conversation

mkopec
Copy link
Member

@mkopec mkopec commented Nov 9, 2023
edited
Loading

Fixes an issue where the setting would not be restored to the default value on pressing F9.

@mkopec mkopec requested a review from macpijan November 9, 2023 14:52
@mkopec mkopec self-assigned this Nov 9, 2023
@mkopec mkopec changed the title SecureBootConfigDxe/SecureBootConfigImpl.c: add default callback for … SecureBootConfigDxe/SecureBootConfigImpl.c: add default for SB state Nov 9, 2023
@macpijan
Copy link
Contributor

macpijan commented Nov 9, 2023

It works, but only when F9 is pressed in Secure Boot menu - still some improvement is likely needed here

@mkopec mkopec force-pushed the edk2_global_defaults branch 4 times, most recently from bc617a9 to 32ddb94 Compare November 9, 2023 17:05
@mkopec
SecureBootConfigDxe/SecureBootConfigImpl.c: add default for SB state
2f9a8ff 
Fixes an issue where the setting would not be restored to the default
value on pressing F9.

Signed-off-by: Michał Kopeć <[email protected]>
@mkopec mkopec force-pushed the edk2_global_defaults branch 2 times, most recently from 082e3d9 to 9fbcfc4 Compare November 9, 2023 18:29
@mkopec
Copy link
Member Author

mkopec commented Nov 9, 2023

@macpijan Fixed the Secure Boot setting not being restored and settings not being saved on reset - added a reminder to save (or discard) when selecting reset.

@macpijan
Copy link
Contributor

macpijan commented Nov 9, 2023

Thanks. Tested in QEMU as well.

@macpijan macpijan merged commit ce2549a into dasharo Nov 9, 2023
2 checks passed
@macpijan macpijan deleted the edk2_global_defaults branch November 9, 2023 19:07
@miczyg1
Copy link
Contributor

miczyg1 commented Nov 23, 2023

Okay that seems to restore SB state. But what about keys? Are they restored to defaults? Also, if someone modified the keys and didn't enroll PK, setting SB state to enabled (if PcdSecureBootDefaultEnable is true/1) will fail.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@macpijan macpijan macpijan approved these changes

@krystian-hebel krystian-hebel Awaiting requested review from krystian-hebel

Assignees

@mkopec mkopec

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@mkopec @macpijan @miczyg1