• BACK

    • Secure Boot (BlizBlaze.net)

    LINKS

  • Debian Secure Boot WIKI
  • Ubuntu secure boot

    • DEF
    Secure boot is a security standard developed by members of the PC industry to help make sure that a device boots using only software that is trusted by the Original Equipment Manufacturer (OEM).

    HISTORY
    Released ,, UEFI Secure Boot (SB) is a verification mechanism for ensuring that code launched by a computer's UEFI firmware is trusted.

    Signature DATABASES and KEYS
    Before the PC is deployed the OEM stores the Secure Boot databases on the PC.
    (db) the signature database
    (dbx) revoked signatures database
    (KEK) Key Enrollment Key database
    These databases are stored on the firmware nonvolatile RAM (NV-RAM) at manufacturing time.

    SHIM
    shim is a simple software package that is designed to work as a first-stage bootloader on UEFI systems.

    KEY Commands
    Has the system booted via Secure Boot?
    # sudo mokutil --sb-state

    What keys are on my system?
    # sudo mokutil --list-enrolled

    1 2 3