Missing KEK and DB variables with secure boot disabled
Matt Fleming
matt at console-pimps.org
Fri Sep 26 08:48:47 UTC 2014
Hi folks,
I'm currently running the securebootcert test on an Intel SDV and seeing
failures for missing KEK and DB variables, despite the fact that secure
boot isn't enabled and we're in setup mode, i.e.,
securebootcert: The secure boot variable DB not found.
securebootcert: The secure boot variable KEK not found.
It's not clear to me that these should be failures in this scenario,
which is pretty common when you're working on a non-OEM machine.
What's the rationale for making these missing variables a hard fail? And
do people think it would be reasonable to relax this test in non-secure
mode?
--
Matt Fleming, Intel Open Source Technology Center
More information about the fwts-devel
mailing list