OK. I know entire Secureboot related stuff... But my question is another: How to enable SecureBoot in VmWare workstation? I know that is needed another UEFI bios (the incorporated one doesn't include SecurityPkg module). How to compile a firmware file with UEDK 2010 compatible with VmWare?
You are always taking on the fun projects!
There are no currently-released VMware products that include support for UEFI Secure Boot. We don't include SecurityPkg, and our Variable Services implementation supports neither EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS nor EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS. Our release plans are confidential, so I can't say when you'll see a release which does include Secure Boot support.
It will be a huge task if you want to build your own [U]EFI firmware to run in a VMware virtual machine: Our EFI ROM images contain a quantity of VMware platform-specific code that is not included in the publicly-available EDK/UDK codebases which you'd need to replicate in order to have ROMs that booted at all.
Sorry, this doesn't help much with your project.
I would like to special thank you for right answer, as usual...
I think that your job in Firmware development is just a bit more fun than mine... Isn't it?
I've always been curious and attracted to all low-level programming (especially BIOS, EFI, and all related stuff... Did you ever heard something about the BIOS rootkit for example??), but unfortunally with the tools we have here in Italy it would be a bit a mess to let grow this kind of projects...
Now I know that I can't try to bypass SecureBoot with Workstation, it's a good fact knowing it, at least... I will save some hours in trying it!
According to eg0n post (available here: http://communities.vmware.com/thread/390128) it would be very great if in version 10 of Workstation there will be implemented SecurityPkg and SourceLevelDebugPkg (both have source code downloadable... I think that they do not require a big development effort, as my personal opinion). The latter one is very usefull in debugging EFI images. I say this, because, at the time of this post, IDA has still some issues with GDB low level EFI debugging (in detail a kind of Symbol lookup problem. I've just signaled this problem to all the good staff @ hex-rays)
Do you think that maybe I could wait something new about these in future?? :-)
Have a nice day! (also if here now it's midnight o'clock).