1

I've got a Windows 10 OS and I need to test out if Secure Boot works or not and the easiest way to test that I thought would be to overwrite/remove the digital signatures from EFI binaries in the Windows directory. However, after removing them/replacing them with my own signature, I find that Windows still boots up and no Secure Boot violation is triggered.

I've tried modifying the following EFI files:

bootmgr.efi
bootmgrw.efi
winresume.efi
winload.efi

Secure Boot is enabled in the BIOS (confirmed via System Information) but why does Windows still boot up? How can I get it to fail without removing all the factory keys?

Improve this question
2
  • The file that the firmware loads is bootmgfw.efi. Everything else comes only after that.
    – Daniel B
    Commented Sep 10, 2019 at 11:06
  • @DanielB I've tried modifying it's signature but it still works. Is there any way to trigger a Secure Boot violation?
    – Nubcake
    Commented Sep 10, 2019 at 11:42

1 Answer 1

Reset to default
0

I found out that I was modifying files on the Windows partition (C:\Windows\Boot\EFI) instead of the hidden EFI partition where the boot files (bootmgfw.efi) are actually located. By modifying the boot files on the EFI partition I was able to get Secure Boot to trigger a violation.

To access the EFI partition, run in an elevated command prompt:

mountvol S: /S

Where S: is an unused drive letter and you should be able to navigate through the mounted EFI partition via the command line (cd /D S:)

Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .