Advanced Secure Boot Options

  • PK - Platform Key—Establishes a trust relationship between the platform owner and the platform firmware.
  • KEK - Key Exchange Key—Protects the signature database from unauthorized modifications. No changes can be made to the signature database without the private portion of this key.
  • DB - Allowed Signatures Database—Maintains a secure boot allowed signature database of signatures that are authorized to run on the platform.
  • DBX - Forbidden Signatures Database—Maintains a secure boot blacklist signature database of signatures that are not authorized to run on the platform
  • DBT - Timestamp Signatures Database—Maintains signatures of codes in the timestamp signatures database.
  • Delete all keys
  • Export all keys
  • Reset all keys to platform defaults
NOTE:

Changing the default security certificates can cause the system to fail booting from some devices. It can also cause the system to fail launching certain system software such as Intelligent Provisioning.