Git-Mirrors/privacyguides.org
1
0
Fork 0
mirror of https://github.com/privacyguides/privacyguides.org.git synced 2025-12-17 16:54:05 -05:00
Code Issues Projects Releases Packages Wiki Activity

add more detail about secure boot

Browse source
This commit is contained in:
fria 2025-10-27 06:55:14 -05:00 committed by GitHub
parent 037f305083
commit 5b850c4d27
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 3 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

4
blog/posts/secure-boot.md
View file

@ -73,4 +73,6 @@ graph LR
E[Secure Firmware Update Key]
```
The PK acts as the root of trust for the KEK which in turn verifies both the signature database and revoked signature database.
The PK acts as the root of trust for the KEK which in turn verifies both the signature database and revoked signature database. They're all stored in non-volatile memory (NVRAM) so they can be erased and replaced with different keys if desired.
The secure firmware update key is typically stored in such a way that it's non-writable and protected by hardware, that way in order to flash new firmware, you always need to verify that the firmware is signed by the OEM. This process is separate from Secure Boot.