I've got a Windows 10 OS and I need to test out if Secure Boot works or not and the easiest way to test that I thought would be to overwrite/remove the digital signatures from EFI binaries in the Windows directory. However, after removing them/replacing them with my own signature, I find that Windows still boots up and no Secure Boot violation is triggered.
I've tried modifying the following EFI files:
bootmgr.efi
bootmgrw.efi
winresume.efi
winload.efi
Secure Boot is enabled in the BIOS (confirmed via System Information) but why does Windows still boot up? How can I get it to fail without removing all the factory keys?
bootmgfw.efi
. Everything else comes only after that.