7.11 Stage Enabling Checklist
The following steps should be followed to enable a platform for Stage V.
Update BoardPkg/Board.
Deploy the UEFI secure boot variables (PK/KEK/db/dbx)
Configure
PcdTpmInstanceGuid
to select TPM hardware. Default ofgEfiTpmDeviceInstanceTpm20DtpmGuid
value is usually correct.
UEFI secure boot
- Update
PlatformSecureLib
:UserPhysicalPresent ()
, to check if a user is physically present to authorize change of authenticated variables
- Update
For TCG trusted boot
May select TPM2 instance
PcdTpmInstanceGuid
.May set
PcdFirmwareDebuggerInitialized
based on whether or not a Firmware Debugger is attached to the platform
For DMA Protection
- May include IOMMU driver to do DMA protection, if the silicon supports IOMMU.
Ensure all PCDs in the configuration section (DSC files) are correct for your board.
- Set
gMinPlatformPkgTokenSpaceGuid.PcdBootStage
= 5
- Set
Ensure all required binaries in the flash file (FDF files) are correct for your board.
Boot, collect log, verify test point results defined in section 7.9 Test Point Results are correct