...
Step 1: Build EDK2 and StandaloneMm with SecureBoot enabled
...
Step 3Follow the steps in EDK2_00_02_04 Evaluate with OpenSBI to build the EDK2 and StandaloneMm with SecureBoot enabled
Step 2: Create Custom Keys for Secure Boot
...
This will have Invalid PE header magic issue if use the default sbsign in ubuntu 22.04, need rebuild the sbsigntools !
Step 43: Download and rebuild the latest sbsigntools
...
$ git clone https://github.com/rustyrussell/ccan.git lib/ccan.git
$ git submodule init
$ git submodule update
$ sudo apt-get install binutils-dev gnu-efi help2man
$ ./autogen.sh
$ ./configure
$ make
Step 54: Sign the EFI applicaiton by using private key, and copy the public key to the fat disk
...
$ cp *.cer ~/src/fat/
Step 65: Enroll the PK, KEK, DB keys to the EDK2 as the Custom Secure Keys
Execute the run.sh script in
https://github.com/intel-innersource/frameworks.platforms.risc-v.edk2/blob/devel-standalonemm/OvmfPkg/RiscVVirt/HowToBuildMm.MD EDK2_00_02_04 Evaluate with OpenSBI
Playing with Secure Boot in Tianocore
...
After Enrolling the PK, KEK, and DB to the Secure Boot Keys, the Secure Boot should be enabled
Step 76: Test the signed EFI application
Reboot and Execute the EmptyApplication-Riscv.efi - get Access Denied
Execute the EmptyApplication-Riscv.efi.signed - get SUCCESS
