You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
@@ -161,6 +161,8 @@ TBD: it is expected the high-level root of trust / boot flow requirements will c
|===
| ID# ^| Requirement
| `SEC_010` | MUST implement UEFI Secure Boot and Driver Signing (cite:[UEFI] Section 32)
| `SEC_011` | It MUST be possible for a physically present user to disable Secure Boot enforcement, thus allowing unsigned code to be executed.
| `SEC_012` | It MUST be possible for a physically present user to fully manage the contents of all Secure Boot key stores (PK, KEK, db and dbx). This includes the ability to delete all factory-provided keys, enrolling their own custom keys, and resetting all key stores to their factory state.
| `SEC_020` | MUST back the UEFI Authenticated Variables implementation with
a mechanism that cannot be accessed or tampered by an unauthorized
