;;****************************************************************************** ;;* Copyright (c) 2014 - 2021, Insyde Software Corporation. All Rights Reserved. ;;* ;;* You may not reproduce, distribute, publish, display, perform, modify, adapt, ;;* transmit, broadcast, present, recite, release, license or otherwise exploit ;;* any part of this publication in any form, by any means, without the prior ;;* written permission of Insyde Software Corporation. ;;* ;;****************************************************************************** ;; ;; Module Name: ;; ;; FactoryDefaultConfig.ini ;; ;; Abstract: ;; ;; The information file for FactoryCopy.bin ;; [HeaderSetting] ;; ;; Here are two ways to provide NvStoreBlockSize, NvStoreBlockNum and FactoryDefaultSize information. ;; 1. Use NvStoreBlockSize, NvStoreBlockNum and NvStoreBlockNum definition in HeaderSetting section. ;; 2. Use FlashMapFile defintion in HeaderSetting section, and then utility will get these settings from FlashMap file. ;; If user wants to generate FactoryCopy.bin while building BIOS, the suggested method is 2. ;; If user wants use tool to generate FactoryCopy.bin (user doesn't have FlashMap file), the suggested method is 1. ;; Note: If user uses these two methods at the same time, tool will use FlashMap to get these information. (method 2). ;; ; NvStoreBlockSize = 0x1000 ; NvStoreBlockNum = 0x34 ; FactoryDefaultSize = 0x2000 FlashMapFile = FlashMap.h ;; ;; Define the default owner GUID. ;; If certification doesn't specify owner GUID, it will use default owner GUID. ;; If certification specifies its owner GUID, it will use its owner GUID. ;; Note: If user doesn't specify default owner GUID, the default owner GUID is 00000000-0000-0000-0000-000000000000 ;; DefaultOwnerGUID = 77fa9abd-0359-4d32-bd60-28f4e78f784b ;; ;; TimeStamp statement to specify time stamp and this statement is optional. ;; If user doesn't write this statement, tool will use current time as time stamp. ;; The format of time stamp is AAAA/BB/CC DD:EE:FF. Ex: 2012/12/01 15:33:20, 0000/00/00 00:00:00.... ;; Fromat Definition : ;; AAAA : Year BB : Month CC : Day ;; DD : Hour EE : Minute FF : Second ;; TimeStamp = 0000/00/00 00:00:00 ;; ;; Certification format in PlatformKey, KeyExchangeKey, AuthorizedSignatureDatabase and ;; ForbiddenSignatureDatabase section: ;; FileName [OWNER_GUID = xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx] ;; ;; Support two different type file name: ;; 1. .cer file is a X509 format file. ;; 2. .auth file is a EFI_VARIABLE_AUTHENTICATION_2 format file which may contain multiple signature list. ;; [PlatformKey] TestPk.cer OWNER_GUID = 55555555-5555-5555-5555-555555555555 [KeyExchangeKey] KEK_MSFTproductionKekCA.cer [AuthorizedSignatureDatabase] db_MSFTproductionWindowsSigningCA2011.cer db_MSFTproductionUEFIsigningCA.cer SecureFlash.cer [ForbiddenSignatureDatabase] DbxUpdate.auth ;; ;; dbxupdate_x64.auth, dbxupdate_arm64.auth and dbxupdate_x86.auth are used to fix GRUB2 ;; security issue for individual architecture. User can add them to [ForbiddenSignatureDatabase] ;; (for example: DXE is x64 so we need add dbxupdate_x64.auth to fix this issue.). However, ;; adding it will cause older version Linux (before 2021/04/29) cannot boot in secure boot ;; enabled environment. Kernel default setting doesn't add it and project can decide to add it or ;; not. ;; [CapsuleSignatureDatabase] SecureFlash.cer TestRoot.cer AdlMeCapProd.cer