The most you can do is reset them and, if you do, they get reset to the preset OEM values they had when you very first powered up your PC (i.e. The H/W and/or S/W generate them when first connected to the motherboard and it’s impossible for a user to “ directly” modify them to change their values! The keys store on the motherboard are created/stored without any direct user interaction. The Forbidden Signature database (dbx) contains hashes of malicious/vulnerable components and compromised keys/certificates that will not be allowed to execute.įinally, the Secure Firmware Update Key (which is not shown in your screen shot) is used to verify any attempted firmware update was approved by the OEM for installation on that particular motherboard. The Authorized Signatures database (db) contains public keys and certificates that represent trusted components and OS loaders. The Authorized/Forbidden Signature keys are used to protect access to the allowed/disallowed images databases. The Key Exchange Key (KEKpub) is used to establish a trust relationship between the PC’s firmware and an OS/application during secure boot.Įach OS (and potentially each 3rd party application which needs to communicate with the firmware during secure boot) will store a public KEK key into the firmware during initial setup/first boot. If it gets comprised, the OEM will normally issue a firmware update to change it. The Platform Key (PKpub) is installed into the firmware by the OEM during manufacture. Those are the public keys/signatures used to verify the encryption used for secure boot and they’re stored in non-volatile memory on the motherboard itself.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |