UefiPayloadPkg: Add Secureboot support
Must use RuntimeVariableDxe instead of EmuVariableDxe. Currently doesn't boot on qemu. Signed-off-by: Patrick Rudolph <patrick.rudolph@9elements.com>
This commit is contained in:
Patrick Rudolph
committed by
Tim Crawford
Tim Crawford
parent
b9564773f1
commit
eec38fd383
8
UefiPayloadPkg/SecureBootEnrollDefaultKeys/keys/README
Normal file
8
UefiPayloadPkg/SecureBootEnrollDefaultKeys/keys/README
Normal file
@@ -0,0 +1,8 @@
|
||||
# PK certificate generation
|
||||
|
||||
* Do not save private key for re-usage.
|
||||
* Generate a RSA 2048 / SHA256 x509 certificate
|
||||
* Exponent should be 65537
|
||||
* Microsoft certificates can be found here: https://docs.microsoft.com/en-us/windows-hardware/manufacture/desktop/windows-secure-boot-key-creation-and-management-guidance
|
||||
|
||||
openssl req -outform DER -newkey rsa:2048 -keyout /dev/null -passout file:<(head -c 40 /dev/urandom) -x509 -days 365 -out pk.crt
|
||||
BIN
UefiPayloadPkg/SecureBootEnrollDefaultKeys/keys/crl.bin
Normal file
BIN
UefiPayloadPkg/SecureBootEnrollDefaultKeys/keys/crl.bin
Normal file
Binary file not shown.
BIN
UefiPayloadPkg/SecureBootEnrollDefaultKeys/keys/db-1.crt
Normal file
BIN
UefiPayloadPkg/SecureBootEnrollDefaultKeys/keys/db-1.crt
Normal file
Binary file not shown.
BIN
UefiPayloadPkg/SecureBootEnrollDefaultKeys/keys/db-2.crt
Normal file
BIN
UefiPayloadPkg/SecureBootEnrollDefaultKeys/keys/db-2.crt
Normal file
Binary file not shown.
BIN
UefiPayloadPkg/SecureBootEnrollDefaultKeys/keys/kek.crt
Normal file
BIN
UefiPayloadPkg/SecureBootEnrollDefaultKeys/keys/kek.crt
Normal file
Binary file not shown.
BIN
UefiPayloadPkg/SecureBootEnrollDefaultKeys/keys/pk.crt
Normal file
BIN
UefiPayloadPkg/SecureBootEnrollDefaultKeys/keys/pk.crt
Normal file
Binary file not shown.
Reference in New Issue
Block a user