Skip to content

efi/preinstall: Don't require Platform Secure Boot on AMD#524

Open
chrisccoulson wants to merge 1 commit intocanonical:masterfrom
chrisccoulson:preinstall-relax-amd-checks
Open

efi/preinstall: Don't require Platform Secure Boot on AMD#524
chrisccoulson wants to merge 1 commit intocanonical:masterfrom
chrisccoulson:preinstall-relax-amd-checks

Conversation

@chrisccoulson
Copy link
Collaborator

@chrisccoulson chrisccoulson commented Mar 6, 2026

Based on the understanding that the ASP still acts as the root-of-trust
for measurement when PSB is disabled, permit platforms with an AMD CPU
when PSB is disabled. In this case, as firmware integrity is provided by
measured boot, we require profiles to be locked to PCR0 which is not
necessary when PSB is enabled.

@chrisccoulson
efi/preinstall: Don't require Platform Secure Boot on AMD
0d943e0 
Based on the understanding that the ASP still acts as the root-of-trust
for measurement when PSB is disabled, permit platforms with an AMD CPU
when PSB is disabled. In this case, as firmware integrity is provided by
measured boot, we require profiles to be locked to PCR0 which is not
necessary when PSB is enabled.
@chrisccoulson chrisccoulson force-pushed the preinstall-relax-amd-checks branch from 9fad968 to 0d943e0 Compare March 6, 2026 17:55
@chrisccoulson chrisccoulson requested a review from pedronis March 6, 2026 17:55
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@pedronis pedronis Awaiting requested review from pedronis

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@chrisccoulson