You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
WithSecureBootPolicyProfile only generates valid profiles on systems that implement UEFI >= 2.5 if deployed mode is enabled. It should support devices that are in user mode as well, as it does already for systems that implement UEFI < 2.5. The pre-install checks I'm working on right now catch this case and disable support for WithSecureBootPolicyProfile, but it should be relaxed to not require that deployed mode is enabled.
If a system is in user mode, the contents of the DeployedMode and AuditMode variables are measured to PCR7.
We may provide an option to make deployed mode a requirement. Note that the UEFI specification only permits platform specific mechanisms to exit deployed mode, so it's possible that enabling it is a non-reversible operation on some hardware.
The text was updated successfully, but these errors were encountered:
WithSecureBootPolicyProfileonly generates valid profiles on systems that implement UEFI >= 2.5 if deployed mode is enabled. It should support devices that are in user mode as well, as it does already for systems that implement UEFI < 2.5. The pre-install checks I'm working on right now catch this case and disable support forWithSecureBootPolicyProfile, but it should be relaxed to not require that deployed mode is enabled.If a system is in user mode, the contents of the
DeployedModeandAuditModevariables are measured to PCR7.We may provide an option to make deployed mode a requirement. Note that the UEFI specification only permits platform specific mechanisms to exit deployed mode, so it's possible that enabling it is a non-reversible operation on some hardware.
The text was updated successfully, but these errors were encountered: