imx 93 Win10 IoT: Securing UEFI and Windows

aditya_h · ‎11-19-2023

I am currently exploring secure boot for imx93. I was able to enable secure boot up to UEFI stage using steps given in user guide (User Guide) . But steps for securing UEFI and windows image is not clearly described. For securing UEFI we need PK,KEK and databases. Do I need to create all the variables or it should be already present? If it is already present how do I enable it?

Naveen_V_M · ‎11-26-2023

Do we need to create the Signature Database and forbidden signature database explicitly or are they part of UEFI infrastructure?

Harvey021 · ‎11-21-2023

UEFI and Windows use their own chain of trust, which is composed of Platform Key (PK), Key Exchange Key
(KEK), forbidden signature database (dbx) and valid signature database (db). Those credentials are stored as
UEFI Secure variables. Those variables must be programmed at OEM site.

Regards

Harvey

imx 93 Win10 IoT: Securing UEFI and Windows

imx 93 Win10 IoT: Securing UEFI and Windows

Windows 10 IoT Enterprise