[if gte mso 9]>

Re: [edk2] Secure Boot - PCI device driver (NIC)

Subject: Re: [edk2] Secure Boot - PCI device driver (NIC)

From: "Richardson, Brian" <brian.richardson@intel.com>

To: "edk2-devel@lists.sourceforge.net" <edk2-devel@lists.sourceforge.net>

Date: 2013-02-05 23:47:19

Yossi:

 

You should be able to use the same UEFI Driver Image (.efi), just get it signed by the UEFI CA using Microsoft’s process. I recommend doing all of your testing with the driver unsigned to verify functionality, only signing the driver after the QA process is done.

 

You can do some preliminary testing by self-signing the driver, but this would only work for testing on a system where you can manually enroll your custom keys. Details on this process are in the “Signing UEFI Applications and Drivers for UEFI Secure Boot” document at tianocore.org …

http://sourceforge.net/projects/edk2/files/General%20Documentation/SigningUefiImages%20-v1dot30.pdf/download

 

Thanks ... br

---

Brian Richardson -- brian.richardson@intel.com -- Twitter: intel_brian

 

From: Yossef Efraim [mailto:yossefe@mellanox.com]
Sent: Tuesday, February 05, 2013 8:58 AM
To: edk2-devel@lists.sourceforge.net
Subject: [edk2] Secure Boot - PCI device driver (NIC)

 

Hi all,

 

I want to my PCI device driver (NIC) to support secure boot.

Originally I thought that I only have to take the generated *.rom file and sign it through MS UEFI FW signing.

1.       Is it enough? Or should I add code \ definition ?

2.       If I do have to add something does the EDK2 got any sample for this  ?  

 

Thanks!

 

Yossi