-
Notifications
You must be signed in to change notification settings - Fork 15
Firmware Build Process
Doug Flick edited this page Mar 5, 2025
·
2 revisions
Assuming the platform is using the "unsigned" Secure Boot Objects (which are just EFI Signature Lists)
The secure boot binary objects are formatted to the expected UEFI data structures to enable simple integration into an EDK2 platform.
On Project Mu that uses Stuart:
- Platform add's a extdep tracking the secure boot objects
- Platform add's a plugin to convert the secure boot objects to PCDs
- Platform uses the SecureBootKeyStoreLib that uses the PCDs
On Projects that do not use stuart:
A careful balance must be considered when providing templates that offer capability and attack surface reduction.
Each additional certificate or hash increases the attack surface.