User manual

PK Management

ThePlatformKey(PK)locksandsecuresthermwarefromanynon‑permissible

changes.ThesystemveriesthePKbeforeyoursystementerstheOS.

Set New Key

ThisitemallowsyoutoloadthedownloadedPKfromaUSBstoragedevice.

ThePKlemustbeformattedasaUEFIvariablestructurewithtime‑basedauthenticated

variable.

Delete Key

ThisitemallowsyoutodeletethePKfromyoursystem.OncethePKisdeleted,all

thesystem’sSecureBootkeyswillnotbeactive.

Congurationoptions:[Yes][No]

KEK Management

TheKEK(Key‑exchangeKeyorKeyEnrollmentKey)managestheSignaturedatabase

(db)andRevokedSignaturedatabase(dbx).

Key‑exchangeKey(KEK)referstoMicrosoft

SecureBootKey‑EnrollmentKey(KEK).

Set New Key

AllowsyoutoloadthedownloadedKEKfromaUSBstoragedevice.

Append Key

AllowsyoutoloadtheadditionalKEKfromastoragedeviceforanadditionaldband

dbxloadedmanagement.

Delete Key

AllowsyoutodeletetheKEKfromyoursystem.Congurationoptions:[Yes][No]

TheKEKlemustbeformattedasaUEFIvariablestructurewithtime‑basedauthenticated

variable.

DB Management

Thedb(AuthorizedSignaturedatabase)liststhesignersorimagesofUEFI

applications,operatingsystemloaders,andUEFIdriversthatyoucanloadonthe

singlecomputer.

Set New Key

AllowsyoutoloadthedownloadeddbfromaUSBstoragedevice.

Append Key

Allowsyoutoloadtheadditionaldbfromastoragedevicesothatmoreimagescan

beloadedsecurely.

Delete Key

Allowsyoutodeletethedblefromyoursystem.

Congurationoptions:[Yes][No]

• TheDBlemustbeformattedasaUEFIvariablestructurewithtime‑based

authenticatedvariable.

• UEFIexecutablelesincludeUEFIbootdevices,driversandapplications.

2-44 Chapter 2: Getting started