Git-Mirrors/privacyguides.org
1
0
Fork 0
mirror of https://github.com/privacyguides/privacyguides.org.git synced 2025-12-17 16:54:05 -05:00
Code Issues Projects Releases Packages Wiki Activity

update on microsoft KEK

Browse source
This commit is contained in:
fria 2025-10-27 07:29:41 -05:00 committed by GitHub
parent 9dd3509bff
commit 3a7456337d
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 5 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

4
blog/posts/secure-boot.md
View file

@ -82,3 +82,7 @@ The design of UEFI Secure Boot allows for users to delete the keys all the way u
Deleting the PK typically puts the system into Setup Mode, where you'll need to enroll a new PK. Deleting the PK typically puts the system into Setup Mode, where you'll need to enroll a new PK.
The PK allows updates to the KEK and by extension the signature databases so erasing it effectively disables Secure Boot until a new key is added. The PK allows updates to the KEK and by extension the signature databases so erasing it effectively disables Secure Boot until a new key is added.
Microsoft provides its own PK for OEMs to use if they don't want the responsibilty of managing the keys themselves. They also provide their own KEK via their KEK certificate authority. For Windows, it's required in order to update the database for newer signed images of Windows.
It also allows booting into non-Microsoft bootloaders like shim, allowing many Linux distributions to support secure boot without any extra configuration.