The words you are searching are inside this book. To get more targeted content, please make full-text search by clicking here.

Home Explore Microsoft Tools & Tests for Secure Boot

View in Fullscreen

presented by Microsoft Tools & Tests for Secure Boot UEFI Winter Plugfest – February 21-23, 2012 Presented by Jeremiah Cox (Microsoft) UEFI Plugfest – February ...

Like this book? You can publish your book online for free in a few minutes!

http://anyflip.com/ytdg/qezl/

Download PDF

Related Publications

Discover the best professional documents and content resources in AnyFlip Document Base.

Published by , 2017-03-24 04:50:03

Microsoft Tools & Tests for Secure Boot

Pages:

1 - 18

presented by Microsoft Tools & Tests for Secure Boot UEFI Winter Plugfest – February 21-23, 2012 Presented by Jeremiah Cox (Microsoft) UEFI Plugfest – February ...

presented by

Microsoft Too
Secure

UEFI Winter Plugfest –
Presented by Jerem

UEFI Plugfest – February 2012 www.u

ols & Tests for
e Boot

– February 21-23, 2012
miah Cox (Microsoft)

uefi.org Updated 2011-06-01
1

Agenda

• Inbox P
• Windo

Compa

– Tests
– Exam
– Dem

UEFI Plugfest – February 2012 www.u

Powershell Cmdlets

ows Hardware
atibility Kit

s
mples
mo

uefi.org 2

Inbox Cmdlets

• Admin Powershell: “PS c:\

• Confirm-SecureBootUEF

– Is UEFI Secure Boot “ON”, True or Fa

• SetupMode == 0 && Secu

• Set-SecureBootUEFI

– Set or Append authenticated Secure

• Get-SecureBootUEFI

– Get authenticated SecureBoot UEFI

• Format-SecureBootUEFI

– Creates EFI_SIGNATURE_LISTs & EFI

UEFI Plugfest – February www.u
2012

”\> help secureboot

FI

alse?

ureBoot == 1

eBoot UEFI variables

variable values

I

I_VARIABLE_AUTHENTICATION_2 serializations

uefi.org 3

WHCK: Secure Bo

– Proper out-of-box Se
configuration (enabl

– 1 “dbx” append sign
– 1 “dbx” append sign
– Many 1kB variables
– A 32kB variable is cr

UEFI Plugfest – February www.u
2012

oot Logo Test

ecure Boot
led, proper certs, …)
ned by an untrusted key
ned by the Microsoft KEK
are created/deleted
reated/deleted

uefi.org 4

WHCK: Secure Bo

• “\tests”

– Manufacturing Test

• Programmatically En

– Servicing Tests

• Append a cert to “db
• Append a hash to “d
• Append a cert to “db
• Append 600+ hashes

UEFI Plugfest – February www.u
2012

oot Manual Test

nable Secure Boot 5

b”, verify function
dbx”, verify function
bx”, verify function
s to “dbx”, verify size

uefi.org

WHCK: Secure Bo

• “\Generate” Examples

– How test certificates w

• The test certificates and

– How all of the tests we

• Turning certificates & ha
• You can run this yoursel

UEFI Plugfest – February www.u
2012

oot Manual Test

Demonstrate

were created

d private keys are included

ere created

ashes into signed packages
lf, substitute your own certs

uefi.org 6

WHCK: Secure Bo

• “\Examples”

– show how to configu
the Out-of-Box tests

– NOTE: The cert chain
Windows Boot Mana

• “\certs”

– All of the certs you n

UEFI Plugfest – February www.u
2012

oot Manual Test

ure Secure Boot to pass
s
n that signs the
ager will change at RC

need to boot Windows

uefi.org 7

Interactive Demon

• Switch to live demo…

UEFI Plugfest – February www.u
2012

nstrations

…

uefi.org 8

Thanks for attending the
UEFI Winter Plugfest 2012

For more information on
the Unified EFI Forum and
UEFI Specifications, visit
http://www.uefi.org

presented by

UEFI Plugfest – February 2012 www.u

uefi.org 9

Click to View FlipBook Version