The Authorized Signatures database (db) contains public keys and certificates that represent trusted components and OS loaders. The Authorized/Forbidden Signature keys are used to protect access to the allowed/disallowed images databases. The Key Exchange Key (KEKpub) is used to establish a trust relationship between the PC’s firmware and an OS/application during secure boot.Įach OS (and potentially each 3rd party application which needs to communicate with the firmware during secure boot) will store a public KEK key into the firmware during initial setup/first boot. If it gets comprised, the OEM will normally issue a firmware update to change it. The Platform Key (PKpub) is installed into the firmware by the OEM during manufacture. ![]() ![]() Those are the public keys/signatures used to verify the encryption used for secure boot and they’re stored in non-volatile memory on the motherboard itself.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |