Manualshelf

Deploying Secure Boot: Key Creation and Management

ManualsBrandsIntel ManualsOtherIntel Desktop Board DB75EN
567891011121314
Other Key Creation Options
Trusted Platform Modules (TPM) or Smart Cards
Crypto processors slow for manufacturing environment
Not suitable for storing large number of keys
May not be compliant to FIPS 140-2 level 3
Software / Crypto API generated keys
Can use encrypted drives, VMs and other security options
Not as secure as using an HSM
Makecert
Intended for testing purposes only
Discouraged by Microsoft
11 UEFI Summer Summit July 2012 www.uefi.org