All Questions
Tagged with secure-boot security
12
questions
0
votes
1
answer
339
views
Delete PK key from terminal when secure boot is disabled
When secure boot is disabled, is it possible to delete the PK key from terminal? I know that to change the keys, you need to enter setup mode. And to enter setup mode, you need to delete the PK key. ...
0
votes
0
answers
277
views
How to get minimal vendor information about the TPM chip installed in my laptop
How do I get some minimal information about the TPM chip in my Linux laptop?
Information such as the manufacturer, manufacturer id, manufacturer version.
So far I have tried the tpm2_getcap command to ...
0
votes
1
answer
315
views
Supplemental WDAC policy Doesn't Override Block Rule from Base WDAC Policy (Microsoft Recommended Block Rules)
I'm working on creating a Windows Defender Application Control (WDAC) supplemental policy which supplements a base policy. The base policy is merged with the Microsoft Recommended Block Rules. This ...
0
votes
0
answers
283
views
Does the Microsoft update for BlackLotus mitigation SKUSiPolicy.p7b require Memory Integrity to be on and working in the Security Center?
In other words is the "Code Integrity feature" on this Microsoft kb5025885 page:
The Code Integrity Boot Policy (SKUSiPolicy.p7b) uses the Code Integrity feature of Windows to prevent ...
0
votes
2
answers
8k
views
Secure Boot Violation: Invalid Signature Detected, Check Secure Boot Policy in Setup Error - HackBGRT (how to use secure boot with it)
Update - Go to answer for steps.
First off, I am trying to enable secure Boot thus I don't consider disabling secure Boot a solution.
I have a Gigabyte B450M DS3H, with AMD Ryzen 5600 and have tried ...
1
vote
1
answer
415
views
Every time I eneble secure boot for windows 11 my pc doesnt boot and I have to reset bios settings by removing battary. Why is that?
So basically I want to update to windows 11 and I have to eneble 2 security settings TPM and secure boot I succesfully enebled Tpm but each time I try to do the same with secure boot my screen, ...
0
votes
2
answers
2k
views
Windows fails to boot after deploying a signed WDAC policy
I am trying to deploy a signed WDAC policy on a windows machine. On the first boot after deployment everything is fine but on the next boot I am sent to the UEFI firmware configuration screen
I have ...
4
votes
1
answer
5k
views
How to disable Windows Defender Application Control once and for all?
(Please read before marking this as a duplicate, thanks.)
Description
I am developing my own Win32 x86_64 application which interferes heavily with the system, is able to communicate with drivers ...
3
votes
2
answers
2k
views
Windows Defender Application Control prevents Windows to boot after second restart (signed policy)
Hy everyone!
I want to lock down some Windows 10 Terminals so that they can only run approved Software but keep the possibility to update this software.
My plan was to make use of the new Feature of ...
-2
votes
3
answers
5k
views
Why is Secure Boot needed if there is already UEFI lock?
As far as I know, enabled Secure Boot feature in UEFI stores signed keys in NVRAM for OSs' kernel images to check it's corruptness on boot level. But nothing prevents me to boot the Setup Menu and ...
1
vote
0
answers
281
views
UEFI multi-factor authentication on admin password?
Many UEFI vendors offer boot and Admin passwords for a local machine.
For a normal cold boot or reset, I would like the UEFI system to simply pick the properly signed bootloader and proceed.
Having ...
3
votes
3
answers
4k
views
what is the purpose of UEFI Secure Boot?
I heard that new computers will have a "secureboot" feature built in, and that it's supposed to keep "unsigned code" from booting.
I haven't seen any issue with a possibility to boot the wrong OS,as ...