Secure Boot Customization Guide - Technical whitepaper

ManualsBrandsHP ManualsDesktopsHP ProBook 650 G3 Notebook PC

Technical whitepaper

Table of contents 4

Table of contents

1 Introduction ........................................................................................................................... 7

2 Setting up a customized Secure Boot environment .............................................................. 8

2.1 Backup existing Secure Boot configuration ..................................................................................................... 8

2.2 Place your HP PC in Secure Boot setup mode ................................................................................................. 9

2.3 Obtain PK and KEK public keys ...................................................................................................................... 10

2.4 Self-signing certificates ................................................................................................................................. 10

2.4.1 Generate a new PK ............................................................................................................................ 11

2.4.2 Generate a new KEK .......................................................................................................................... 13

2.5 Install the new PK .......................................................................................................................................... 13

2.5.1 PK: Create a valid SetVariable() package ............................................................................................ 15

2.5.2 Import PK using Windows tools ......................................................................................................... 15

2.6 Install the new PK-signed KEK ....................................................................................................................... 16

2.6.1 KEK: Create a valid SetVariable() package .......................................................................................... 17

2.6.2 Import KEK Using Windows Tools ...................................................................................................... 18

2.7 Install the New KEK-signed DB and DBX ........................................................................................................ 19

2.7.1 DB ...................................................................................................................................................... 19

2.7.2 DBX .................................................................................................................................................... 22

2.8 Enable Secure Boot Once More ..................................................................................................................... 24

2.9 Add Additional Certificates to DB or DBX ....................................................................................................... 24

2.9.1 DB ...................................................................................................................................................... 25

2.9.2 DBX .................................................................................................................................................... 27

3 References .......................................................................................................................... 28