7.11 Stage Enabling Checklist

The following steps should be followed to enable a platform for Stage V.

  1. Update BoardPkg/Board.

    1. Deploy the UEFI secure boot variables (PK/KEK/db/dbx)

    2. Configure PcdTpmInstanceGuid to select TPM hardware. Default of gEfiTpmDeviceInstanceTpm20DtpmGuidvalue is usually correct.

  2. UEFI secure boot

    1. Update PlatformSecureLib:UserPhysicalPresent (), to check if a user is physically present to authorize change of authenticated variables
  3. For TCG trusted boot

    1. May select TPM2 instance PcdTpmInstanceGuid.

    2. May set PcdFirmwareDebuggerInitialized based on whether or not a Firmware Debugger is attached to the platform

  4. For DMA Protection

    1. May include IOMMU driver to do DMA protection, if the silicon supports IOMMU.
  5. Ensure all PCDs in the configuration section (DSC files) are correct for your board.

    1. Set gMinPlatformPkgTokenSpaceGuid.PcdBootStage = 5
  6. Ensure all required binaries in the flash file (FDF files) are correct for your board.

  7. Boot, collect log, verify test point results defined in section 7.9 Test Point Results are correct