Secure Boot Customization Guide - Technical whitepaper
Technical whitepaper
© Copyright 2017 HP Development Company, L.P.
Table of contents 4
Table of contents
1 Introduction ........................................................................................................................... 7
2 Setting up a customized Secure Boot environment .............................................................. 8
2.1 Backup existing Secure Boot configuration ..................................................................................................... 8
2.2 Place your HP PC in Secure Boot setup mode ................................................................................................. 9
2.3 Obtain PK and KEK public keys ...................................................................................................................... 10
2.4 Self-signing certificates ................................................................................................................................. 10
2.4.1 Generate a new PK ............................................................................................................................ 11
2.4.2 Generate a new KEK .......................................................................................................................... 13
2.5 Install the new PK .......................................................................................................................................... 13
2.5.1 PK: Create a valid SetVariable() package ............................................................................................ 15
2.5.2 Import PK using Windows tools ......................................................................................................... 15
2.6 Install the new PK-signed KEK ....................................................................................................................... 16
2.6.1 KEK: Create a valid SetVariable() package .......................................................................................... 17
2.6.2 Import KEK Using Windows Tools ...................................................................................................... 18
2.7 Install the New KEK-signed DB and DBX ........................................................................................................ 19
2.7.1 DB ...................................................................................................................................................... 19
2.7.2 DBX .................................................................................................................................................... 22
2.8 Enable Secure Boot Once More ..................................................................................................................... 24
2.9 Add Additional Certificates to DB or DBX ....................................................................................................... 24
2.9.1 DB ...................................................................................................................................................... 25
2.9.2 DBX .................................................................................................................................................... 27
3 References .......................................................................................................................... 28