2 Replies Latest reply on Oct 3, 2018 3:15 PM by georg69

    Secure Boot

    georg69

      my situation :

       

      NUC kit 5i5ryH  with latest BIOS version 0371

      windows 10 pro 1803 fully and regularly updated and installed ith BIOS in UEFI mode only (no legacy)

       

      secure boot enabled in BIOS with all keys "installed" (as you can see in attachment. i installed them in "custom mode" after clering of alla values and in "not installed" status...then i switched to "standard mode")

       

       

      in W10 ,executing "system information" tool  i see "BIOS mode" as "UEFI" and "secure boot state" to "on" (as you can see in attachment)

       

      executing in powershell the command "Confirm-SecureBootUEFI" gives "true"

       

      executing Secure Boot Checkup Utility  (from Insyde Software ) i get no warnings and all seems ok (as you can see in attachment)

       

       

      but...

       

      ... with this last  utility i feel something is wrong: the PK (platform key) under "secure boot database contents" is empty (inside BIOS i read the PK is "installed"), while under "optimal factory restore variables" is present with  "do not trust" indication

       

      even under "secure boot" tab, showing "factory default" box, i get a "PKDefault" as "do not trust"

       

      I do not understand. where am i wrong? is my "secure boot" actually enabled  and operating?

       

      why the PK value is strange  using this very specialized utility?

       

      yes, i am a securityaholic and any advice is welcome

      thanx