Deploying Secure Boot: Key Creation and Management

ManualsBrandsIntel ManualsOtherIntel Desktop Board DZ77SL-50K

1

2

3

4

5

6

7

8

9

Key Deployment Process

9

Create Platform

Key (PK) and

Secure FW Update

Key

Create PK Backup

(Recommended)

Add KEK (w/db,

dbx)and sign with

PKpri

Add Secure Update

Key (pub)

Enroll PKpub

Protect PKpri and

Secure Update (pri)

Ensure Network

and Physical

Security

Manage and refine

security practices

Done?

(Never really)

UEFI Summer Summit – July 2012 www.uefi.org