Chapter 6: UEFI BIOS
123
Platform Key (PK)
full control of the secure boot key hierarchy. The options are Save to File, Set New, and
Erase.
Key Exchange Keys (KEK)
The Key Exchange Key (KEK), which is held by the operating system vendor, can be
updated by the holder of the PK and be used by secure boot to protect access to signa-
tures databases. The options are Save to File, Set New, Append, and Erase.
Authorized Signatures
signatures. The options are Save to File, Set New, Append, and Erase.
Forbidden Signatures
Forbidden Signature Database (DBX), which is the inverse of DB, contains forbidden
Save to File, Set New, Append, and
Erase
Authorized TimeStamps
Authorized Timestamp Database (DBT) is used to issue and check signed time stamp
OsRecovery Signatures
OsRecovery Signatures Database (DBR) contains secure boot authorized recovery vari-
ables. The options are Save to File, Set New, Append, and Erase
To Next Page
Loading...
