Secure Boot Attacks and Defenses

  1. UEFI Secure Boot Architecture
    1. Key Management Infrastructure
      1. Platform Key (PK)
        1. PK Role and Authority
          1. PK Enrollment Process
            1. PK Revocation Procedures
              1. PK Storage and Protection
              2. Key Exchange Key (KEK)
                1. KEK Purpose and Function
                  1. KEK Database Management
                    1. KEK Update Mechanisms
                      1. Multiple KEK Support
                      2. Signature Databases
                        1. Allowed Signature Database (db)
                          1. Forbidden Signature Database (dbx)
                            1. Database Update Procedures
                              1. Database Synchronization
                            2. Authenticated Variables
                              1. Variable Authentication Mechanisms
                                1. Secure Variable Storage
                                  1. Variable Access Control
                                    1. Variable Update Protocols
                                    2. Cryptographic Foundations
                                      1. Digital Signature Algorithms
                                        1. Hash Functions Used
                                          1. Certificate Chain Validation
                                            1. Public Key Infrastructure Integration

                                          Previous

                                          1. Fundamentals of Secure Boot

                                          Go to top

                                          Next

                                          3. The Secure Boot Process