What is Secure Boot Keys?

Secure Boot keys are the trust databases used by UEFI Secure Boot: PK, KEK, db, and dbx.

Why it matters

• Explains firmware trust and protection mechanisms.
• Helps debug Secure Boot, measured boot, and variable-protection behavior.
• Useful when reviewing boot security policy.

Practical example

Example: Secure Boot decides whether an image is allowed to run; Measured Boot records what actually ran.

Quick checklist

• Which policy or key database is involved?
• Is the image/variable signed or measured as expected?
• Do logs report authentication, measurement, or access-denied errors?

Quick takeaway

Secure Boot Keys is a small concept, but it often becomes important when reading logs or debugging real firmware.

Related notes

• How are db and dbx different?
• What is Image Authentication?
• What is Authenticated Variable?
• What is TPM PCR?
• What is SMM Lock?

Public references

• UEFI Specification 2.11 — Boot Manager
• UEFI Specification 2.11 — Secure Boot / Security
• EDK II SecurityPkg

Found this useful?

Save it or share it with someone learning firmware, BIOS/UEFI, and embedded systems.

Share Copy link

Nội dung liên quan

Một số bài viết, ghi chú hoặc project có liên quan đến nội dung bạn vừa đọc.

Ghi chú/UEFI Security Terms

What is Authenticated Variable?

Quick note explaining Authenticated Variable for BIOS/UEFI and embedded firmware readers.

August 12, 2025Read →

Ghi chú/BIOS Terms

What is UEFI Variable?

Quick note explaining UEFI Variable for BIOS/UEFI and embedded firmware readers.

May 16, 2026Read →

Ghi chú/UEFI Security Terms

What is Measured Boot?

Quick note explaining Measured Boot for BIOS/UEFI and embedded firmware readers.

October 18, 2023Read →

Biến note thành bài viết hoàn chỉnh

Notes là nơi ghi nhanh khái niệm.

Đọc blog Xem notes khác