ClayDaniels


BIOS Secure Boot Keys Project

There are four, maybe five, secure boot keys in the nvram of the bios on the motherboard. They have been placed there by the manufacturer and other parties, like Microsoft. They are:

Platform Key (PK)

Key Exchange Key (KEK)

Database Key (db)

Database Blacklist Key (dbx)

Machine Owner Key (MOK)

If you wish to take control of your computer, you may want to do more than just disabling secure boot, and provide your own secure boot keys. The very first step should be to find and make a backup copy. On FreeBSD you can use EFIVAR(8).

Example:

 # efivar -l | less
~
8be4df61-93ca-11d2-aa0d-00e098032b8c-dbxDefault
8be4df61-93ca-11d2-aa0d-00e098032b8c-dbDefault
8be4df61-93ca-11d2-aa0d-00e098032b8c-KEKDefault
8be4df61-93ca-11d2-aa0d-00e098032b8c-PKDefault
~
 # efivar -n 8be4df61-93ca-11d2-aa0d-00e098032b8c-dbxDefault -b > ~/bootkeys/dbx
 # cd bootkeys
 # ls -al
total 12
drwxr-xr-x  2 root  wheel   512 Dec 25 01:26 .
drwxr-xr-x  4 root  wheel   512 Dec 25 01:25 ..
-rw-r--r--  1 root  wheel  3849 Dec 25 01:26 dbx

Repeat for db, KEK, & PK. It's unlikey you will have a MOK already installed as that is something sometimes installed by you the owner.

Save these keys in case they need to be re-installed and also to use in the creation of new keys.

Sites of interest:


Interests

A Little C Primer https://en.wikibooks.org/wiki/A_Little_C_Primer

Netwide Assembler (NASM) Tutorial https://cs.lmu.edu/~ray/notes/nasmtutorial/

Contributions

LXDE - FreeBSD Wiki LXDE

Email Clay Daniels <clay DOT daniels DOT jr AT gmail.com>


CategoryHomepage

ClayDaniels (last edited 2020-09-05T18:09:05+0000 by ClayDaniels)