This document serves as a starting point in developing customer ready PCs, factory deployment tools and key security best practices.
Summary and Resources includes appendices, checklists, APIs, and other references. Key Management Solutions is intended to help partners design a key management and design solution that fits their needs. Secure Boot, Windows and Key Management contains information on boot security and PKI architecture as it applies to Windows and Secure Boot. It is not intended as prescriptive guidance and does not include any new requirements. This paper addresses key management as a resource to help guide partners through deployment of the keys used by the firmware. However, these HCK resources do not address creation and management of keys for Windows deployments. Requirements, tests, and tools validating Secure Boot on Windows are available today through the Windows Hardware Certification Kit (HCK). The reader is expected to know the fundamentals of UEFI, basic understanding of Secure Boot (Chapter 27 of the UEFI specification), and PKI security model.
This is important because UEFI Secure Boot is based on the usage of Public Key Infrastructure to authenticate code before allowed to execute. It is intended as guidance beyond certification requirements, to assist in building efficient and secure processes for creating and managing Secure Boot Keys. This paper does not introduce new requirements or represent an official Windows program. Windows requirements for UEFI and Secure Boot can be found in the Windows Hardware Certification Requirements. Enterprises and customers can also use these steps to configure their servers to support Secure Boot.
0 kommentar(er)
