[if gte mso 9]>

[edk2] [CodeReview] OvmfPkg: Patch to not force a reset when PK is changed in custom mode setup

Subject: [edk2] [CodeReview] OvmfPkg: Patch to not force a reset when PK is changed in custom mode setup

From: "Rosenbaum, Lee G" <lee.g.rosenbaum@intel.com>

To: "Justen, Jordan L" <jordan.l.justen@intel.com>

Date: 2012-08-15 06:56:06

Jordan,

 

Please review this patch that does not force a reset when the PK variable is changed in Secure Boot custom mode setup.

 

[Description]

This change is now needed since the default behavior in SecurityPkg/SecureBootConfigDxe is to always do a reset when PK changes. This is not compatible with OvmfPkg since it doesn’t yet support persistent variables. 

 

OvmfPkgSecureBootConfigDxe.patch – shows the changes to OvmfXXXPkg.[dsc,fdf] to use the new SecureBootConfigDxe  from OvmfPkg instead of SecurityPkg and the new OvmfPkg/SecureBootConfigDxe  files.

 

SecureBootConfigDxePatchForOvmfSinceNoPersisitentVariables.patch - shows the changes in OvmfPkg/SecureBootConfigDxe  from the new SecurityPkg/SecureBootConfigDxe

 

[Test]

Verify signed and unsigned images with each OvmfPkg with QEMU

 

[SVN commit log]

Do not force a platform reset when PK is changed in custom mode setup

 

Signed-off-by: Lee Rosenbaum lee.g.rosenbaum@intel.com

Reviewed-by: Erik Bjorge erik.c.bjorge@intel.com

 

 

Thanks

Lee