Wednesday, 5 March 2014

Enabling UEFI Secure Boot on your Platform

If you have not seen how to setup your own EFITOOL, please click this link (Howto?) and setup before coming to this post. It would make more sense once you have the EFITOOL compiled on your Linux OS.

1. Boot system to EFI Shell:
Go to BIOS setup menu
Select CSM -> Video to UEFI only. //If your screen blank out, try use direct Graphic cable without converter
Click Disable CSM mode
Save and reboot
Look for Secure Boot mode
Check what mode it is: 
If it is in User mode, go to Disable Auto Provisioning and Clear all existing keys.
Save and reboot.
Now it should report as Setup mode.
Boot to UEFI shell.
fs3:   //or what your USB drive initialized to

2. Run Lockdown.efi.

or
3. Now on your platform update the variables, remembering to do PK last because
an update to PK usually puts the platform into secure mode

UpdateVars db db.auth
UpdateVars KEK KEK.auth
UpdateVars PK PK.auth

And you should now be running in secure mode with your own keys.

No comments:

Post a Comment