From nobody Mon Feb  9 17:22:51 2026
Delivered-To: importer@patchew.org
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as
 permitted sender)
  smtp.mailfrom=bounce+27952+98949+1787277+3901457@groups.io;
	arc=fail (BodyHash is different from the expected one)
Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by
 mx.zohomail.com
	with SMTPS id 1674255553017726.0617389977859;
 Fri, 20 Jan 2023 14:59:13 -0800 (PST)
Return-Path: <bounce+27952+98949+1787277+3901457@groups.io>
X-Received: by 127.0.0.2 with SMTP id NGGUYY1788612xuxJhnHdveK;
 Fri, 20 Jan 2023 14:59:12 -0800
X-Received: from NAM04-MW2-obe.outbound.protection.outlook.com
 (NAM04-MW2-obe.outbound.protection.outlook.com [40.107.101.52])
 by mx.groups.io with SMTP id smtpd.web11.89999.1674255552086575914
 for <devel@edk2.groups.io>;
 Fri, 20 Jan 2023 14:59:12 -0800
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
 b=HsugccFvZ5oQxKjkGlUS7Unsk8HvhDd7IRlTPvQTcw+dpdDbblYb4CIG6SsPabg0oCsABLbXeJmE+ZHkAu1Q5R6ZfpfMkeQTaEL0AVOZnGKNl1F56WXHXPjUtpGdSaawBIFOs3Qvg4BhFIRdp/cOvArdsSIJ5QsgWOhDH/84BWlEGBkKRV49L6AufErQ0xW5nhlgFK2BVMS8T8hmtQLngHloz1ceMW51/ePI3Bm9DrchiFAmlzg44SpEsH0EBGgARiD68VFjGkEZRAZPK5Su36xHdSGEIZlJkBhSisaFcnGQnUBCgkrQya41IvvWgYU9zTD/mCiq+zvdKCNslvvCPA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
 s=arcselector9901;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
 bh=nAbA0hErXrJC0ksrQ44m2zJEfggX1+WICduM0r5XjdA=;
 b=HmiP6UbLXl863mvlCvznu6Q60ld2WdpD89GFEO2upwZ3TZNF+YKduICYia8FhpnpnNSqntLdkywglwLBXWa9l/aSJTLcSWUowfFTGqKL8BVGTYLJcSdw01KpoutM6txrocuiZmvcsdj1a7soFfkBiZEXD+yrBekIy7aUDhfGI2ZdEYXWpVZeK4OBnkQ24WVXPsJu6SlFoJZle0EzRQ/zXAIXpN0CW/JgbGePh4PJCvHZZJc3YYNvDbi3r6lkGWOiata+GvchG2Pt/V2/gep82PBX8bnA81D9uDY8W3PkjDoswLDls1EG+1RR4XJoK/ioI7wCrI+p4OC5pzrikqpmYw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is
 216.228.117.160) smtp.rcpttodomain=edk2.groups.io smtp.mailfrom=nvidia.com;
 dmarc=pass (p=reject sp=reject pct=100) action=none header.from=nvidia.com;
 dkim=none (message not signed); arc=none
X-Received: from DS7PR05CA0022.namprd05.prod.outlook.com (2603:10b6:5:3b9::27)
 by BY5PR12MB4322.namprd12.prod.outlook.com (2603:10b6:a03:20a::20) with
 Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6002.27; Fri, 20 Jan
 2023 22:59:10 +0000
X-Received: from DS1PEPF0000E638.namprd02.prod.outlook.com
 (2603:10b6:5:3b9:cafe::22) by DS7PR05CA0022.outlook.office365.com
 (2603:10b6:5:3b9::27) with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6023.17 via Frontend
 Transport; Fri, 20 Jan 2023 22:59:09 +0000
X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 216.228.117.160)
 smtp.mailfrom=nvidia.com; dkim=none (message not signed)
 header.d=none;dmarc=pass action=none header.from=nvidia.com;
Received-SPF: pass (zohomail.com: domain of groups.io designates
 66.175.222.108 as permitted sender) client-ip=66.175.222.108;
 envelope-from=bounce+27952+98949+1787277+3901457@groups.io;
 helo=mail02.groups.io;
Received-SPF: Pass (protection.outlook.com: domain of nvidia.com designates
 216.228.117.160 as permitted sender) receiver=protection.outlook.com;
 client-ip=216.228.117.160; helo=mail.nvidia.com; pr=C
X-Received: from mail.nvidia.com (216.228.117.160) by
 DS1PEPF0000E638.mail.protection.outlook.com (10.167.17.70) with Microsoft
 SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 15.20.6002.11 via Frontend Transport; Fri, 20 Jan 2023 22:59:09 +0000
X-Received: from rnnvmail201.nvidia.com (10.129.68.8) by mail.nvidia.com
 (10.129.200.66) with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.986.36; Fri, 20 Jan
 2023 14:58:58 -0800
X-Received: from jbobek-titan.nvidia.com (10.126.231.37) by
 rnnvmail201.nvidia.com (10.129.68.8) with Microsoft SMTP Server
 (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 15.2.986.36; Fri, 20 Jan 2023 14:58:57 -0800
From: "Jan Bobek via groups.io" <jbobek=nvidia.com@groups.io>
To: <devel@edk2.groups.io>
CC: Jan Bobek <jbobek@nvidia.com>, Laszlo Ersek <lersek@redhat.com>, "Jiewen
 Yao" <jiewen.yao@intel.com>, Jian J Wang <jian.j.wang@intel.com>
Subject: [edk2-devel] [PATCH v1 4/4] SecurityPkg: don't require PK to be
 self-signed by default
Date: Fri, 20 Jan 2023 15:58:35 -0700
Message-ID: <20230120225835.42733-5-jbobek@nvidia.com>
In-Reply-To: <20230120225835.42733-1-jbobek@nvidia.com>
References: <20230120225835.42733-1-jbobek@nvidia.com>
MIME-Version: 1.0
X-Originating-IP: [10.126.231.37]
X-ClientProxiedBy: rnnvmail201.nvidia.com (10.129.68.8) To
 rnnvmail201.nvidia.com (10.129.68.8)
X-EOPAttributedMessage: 0
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: DS1PEPF0000E638:EE_|BY5PR12MB4322:EE_
X-MS-Office365-Filtering-Correlation-Id: f58a9f44-5700-4bb5-52e3-08dafb39f0bb
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam-Message-Info: 
 DX/bP5ir6ivme9kzn7XVth3rsnom3srV+9X6dVKCKQYb7BiFHDm7VUItfK9V0IHJrZ7Mge4p790amxNbiGBevvrvE2RUok9NR7lCbl8QddJ9CbEgMGPu24lEOmSx7iZ16SRj02TZRe4oVDfU2afZpf3ATCNJzFGPLLMIXnKWc8eTKV5Pb67fZfhBdKl4bWZP2BoQ61faq1UBq7+XSnxbd+eCZKgLmvd2gaPDU8vztUjLecIN2j2nJ4evi/L0T+WY3wdN0tdedo19NRZMp3Vp+8pTbGQJIgfcKmmK3stPb0sUouBcRvvyEW83UH9ATF5PnwiOQmramtIrfrpr5t03NwevwLPI0vmXqHFw1HBpzhLvUZ+8169kQ3sFdDBXaraSbqxltRpvj0rP7NXkic8NGGNVJBPrNya1SWMLw+9BhaXpnHRzfGhwvPI3L30uDmMjDtjsb8pX5DempxMjYKL08tkzxiF2F5D1ospswddYsp1AaxVhsPUVSzvOiuFT+ktW/C5uyohmWzEkM1SJRNSZnRJAjNWoqcHvOV//SjKPw8/LRd3aflFdKWSIrUMQbRpUXKDXq8e+lLA492gztURKO2sbNCGLXbxP9SgeSYDxwinDu+tAdjU31xr0KCJm5RIg8l9Y2OWGe6tLXmcN+I1V/H+bLufn58dh+MfpMM7SY/1VpHlMmc99ifJ3/sCy46k0qtqBuTwJT8eP6DzG76jXH8U8hmoQljJmR9Ts/P309CbCsVCS/DtVO67wt1S3NFik
X-OriginatorOrg: Nvidia.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 20 Jan 2023 22:59:09.5299
 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 
 f58a9f44-5700-4bb5-52e3-08dafb39f0bb
X-MS-Exchange-CrossTenant-Id: 43083d15-7273-40c1-b7db-39efd9ccc17a
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: 
 TenantId=43083d15-7273-40c1-b7db-39efd9ccc17a;Ip=[216.228.117.160];Helo=[mail.nvidia.com]
X-MS-Exchange-CrossTenant-AuthSource: 
 DS1PEPF0000E638.namprd02.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BY5PR12MB4322
Precedence: Bulk
List-Unsubscribe: <mailto:devel+unsubscribe@edk2.groups.io>
List-Subscribe: <mailto:devel+subscribe@edk2.groups.io>
List-Help: <mailto:devel+help@edk2.groups.io>
Sender: devel@edk2.groups.io
List-Id: <devel.edk2.groups.io>
Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io
Reply-To: devel@edk2.groups.io,jbobek@nvidia.com
X-Gm-Message-State: v2lnMbRCE1hAWunop1NhCktZx1787277AA=
Content-Transfer-Encoding: quoted-printable
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io;
 q=dns/txt; s=20140610; t=1674255552;
 bh=qMhkMMP8NR1Vq6d2u7GW+I+fuT4YdHmXP6ued362+xU=;
 h=CC:Content-Type:Date:From:Reply-To:Subject:To;
 b=Bxs8LYWrxFVf2qKAD6fGCbQWpeACbFFkvCio2N8q/hfZidVStwvSQuA5gow6JU5nr8W
 hrR2GuneuqAmc594QUkfU/FcqiN5CemWJjl+q0tYGQV6JTJG7iLLYfPzWguwkOkZOrHvL
 9UCIe93PmOYg3QekDKnHsEKapiDr82do2c8=
X-ZohoMail-DKIM: pass (identity @groups.io)
X-ZM-MESSAGEID: 1674255554598100017
Content-Type: text/plain; charset="utf-8"

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D2506

Change the default value of PcdRequireSelfSignedPk to FALSE in
accordance with UEFI spec, which states that PK need not be
self-signed when enrolling in setup mode.

Note that this relaxes the legacy behavior, which required the PK to
be self-signed in this case.

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Signed-off-by: Jan Bobek <jbobek@nvidia.com>
---
 SecurityPkg/SecurityPkg.dec | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/SecurityPkg/SecurityPkg.dec b/SecurityPkg/SecurityPkg.dec
index d3b7ad7ff6fb..0382090f4e75 100644
--- a/SecurityPkg/SecurityPkg.dec
+++ b/SecurityPkg/SecurityPkg.dec
@@ -585,7 +585,7 @@ [PcdsFeatureFlag]
   #   TRUE  - Require PK to be self-signed.
   #   FALSE - Do not require PK to be self-signed.
   # @Prompt Require PK to be self-signed
-  gEfiMdeModulePkgTokenSpaceGuid.PcdRequireSelfSignedPk|TRUE|BOOLEAN|0x000=
10027
+  gEfiMdeModulePkgTokenSpaceGuid.PcdRequireSelfSignedPk|FALSE|BOOLEAN|0x00=
010027
=20
 [UserExtensions.TianoCore."ExtraFiles"]
   SecurityPkgExtra.uni
--=20
2.30.2



-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#98949): https://edk2.groups.io/g/devel/message/98949
Mute This Topic: https://groups.io/mt/96412386/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-