EFI Signing / Secure Boot

EFI signing.

SurfaceRT/2 uses a Secure Boot

We have a test key that can be used to sign our EFI binaries so that they are trusted by the bootloader bootarm.efi (see UEFI boot sequence)

Working Test Key

5D7630097BE5BDB731FC40CD4998B69914D82EAD CN=Windows OEM Test Cert 2017 (TEST ONLY), O=Microsoft Partner, OU=Windows, L=Redmond, S=Washington, C=US

can use signtool on windows to sign our EFI builds eg

signtool.exe sign /tr http://timestamp.digicert.com /td sha1 /fd sha1 /sm /sha1 5d7630097be5bdb731fc40cd4998b69914d82ead *.efi

Signing on other OS

Golden Key (reference)

https://gist.github.com/acepace/df34b5213f1e0fae6529eb703d947187

EFI Tools (reference)

https://github.com/jelly/efitools

PreviousCross CompilingNextInteresting Repo's

Last updated

Was this helpful?