imx 93 Win10 IoT: Securing UEFI and Windows

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

imx 93 Win10 IoT: Securing UEFI and Windows

557 Views
aditya_h
Contributor II

I am currently exploring secure boot for imx93. I was able to enable secure boot up to UEFI stage using steps given in user guide (User Guide) . But steps for securing UEFI and windows image is not clearly described. For securing UEFI we need PK,KEK and databases. Do I need to create all the variables or it should be already present? If it is already present how do I enable it?

Labels (1)
0 Kudos
Reply
2 Replies

500 Views
Naveen_V_M
Contributor I

Do we need to create the Signature Database and forbidden signature database explicitly or are they part of UEFI infrastructure?

0 Kudos
Reply

531 Views
Harvey021
NXP TechSupport
NXP TechSupport

UEFI and Windows use their own chain of trust, which is composed of Platform Key (PK), Key Exchange Key
(KEK), forbidden signature database (dbx) and valid signature database (db). Those credentials are stored as
UEFI Secure variables. Those variables must be programmed at OEM site.

 

Regards

Harvey

0 Kudos
Reply