1. Configured PK to enable Secure boot.
[ PK key is located in this directory ]
[ GUUID is located in signature guid directory ]
2. Configured Key Exchange Key (KEK) certificate downloaded from http://www.microsoft.com/pkiops/certs/MicCorKEKCA2011_2011-06-24.crt
[KEK key is located in this directory ]
[ GUUID is located in signature guid directory ]
3. Configured DB certificates -one for windows and one for uEFI certificate Autority (CA),downloaded from below
Windows DB: http://www.microsoft.com/pkiops/certs/MicWinProPCA2011_2011-10-19.crt
UEFI DB: http://www.microsoft.com/pkiops/certs/MicCorUEFCA2011_2011-06-27.crt
[ WIN DB key & uEFI DB key is located in this directory]
[ GUUID is located in signature guid directory ]
4. Tried loading /unloading signed & unsigned uEFI drivers on Secure boot cabable machine. Below is the status.
SB Enabled SB Disabled
Signed UEFI driver loading in EFI Shell Success Success
Unsigned UEFI driver loading in EFI shell Failed Success
5. We are able to do pxe boot and install Windows 8.1 successfully using the signed image.
SB Enabled SB Disabled
Booting into Windows 8.1 after pxe installed Success Success
6. Tried executing powershell commands after booting into Windows 8.1 pxe installed os.
->If Secure boot was enabled in system bios.
PS C:\> Confirm-SecureBootUEFI
True
PS C:\> Get-SecureBootPolicy
Publisher
------------
77fa9abd-0359-4d32-bd60-28f4e78f7784b
->If Secure boot was disabled in system bios.
PS C:\> Confirm-SecureBootUEFI
False
PS C:\> Get-SecureBootPolicy
Get-SecureBootPolicy : Secure boot policy is not enabled on this machine.
->Signed uEFI driver & OptionROM was taken from : \\10.193.180.100\Projects\Boot\T4\v1_0_0_72\signed files
No comments:
Post a Comment