This paper addresses key management as a resource to help guide partners through deployment of the keys used by the firmware. However, these HCK resources do not address creation and management of keys for Windows deployments. Requirements, tests, and tools validating Secure Boot on Windows are available today through the Windows Hardware Certification Kit (HCK). The reader is expected to know the fundamentals of UEFI, basic understanding of Secure Boot (Chapter 27 of the UEFI specification), and PKI security model. This is important because UEFI Secure Boot is based on the usage of Public Key Infrastructure to authenticate code before allowed to execute. It is intended as guidance beyond certification requirements, to assist in building efficient and secure processes for creating and managing Secure Boot Keys. This paper does not introduce new requirements or represent an official Windows program. Windows requirements for UEFI and Secure Boot can be found in the Windows Hardware Certification Requirements. The binaries are formatted to the expected EDKII format to easily integrate into firmware. Device OEMs, enterprises and customers can find the Microsoft recommended PK, KEK, DB and DBX binaries in Microsoft's Secure Boot open-source repository.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |