M
Miles.C
Hi,
My company is recently exploring an feature related Secure Boot, we want our hardware to enable secure boot on Windows, then lock down the firmware. Thus, no one can erase our Windows OS and install other OS. After several attempts, I noticed that Windows will not allow me to sign its .efi files with my own DB key, it will fail to boot. (eg. the bootx64.efi signed by my DB.key cannot be verified by Microsoft's certificates installed on Windows.)
I was wondering if Microsoft offers any service to customize Windows OS image creation with my org's certificates installed, then I can use our own key to sign .efi and the signed .efi file still gets recognized by the Windows OS.
Or if there is any alternative way to archive our goal above, please advise.
Thank you.
Continue reading...
My company is recently exploring an feature related Secure Boot, we want our hardware to enable secure boot on Windows, then lock down the firmware. Thus, no one can erase our Windows OS and install other OS. After several attempts, I noticed that Windows will not allow me to sign its .efi files with my own DB key, it will fail to boot. (eg. the bootx64.efi signed by my DB.key cannot be verified by Microsoft's certificates installed on Windows.)
I was wondering if Microsoft offers any service to customize Windows OS image creation with my org's certificates installed, then I can use our own key to sign .efi and the signed .efi file still gets recognized by the Windows OS.
Or if there is any alternative way to archive our goal above, please advise.
Thank you.
Continue reading...