What Are "Default Secure Boot Keys"? I Supposedly Installed Them in Bios?

JamesBacon 0 Reputation points
2023-11-12T11:58:14.24+00:00

I reset my Bios to see the default settings for Secure Boot, and after reenabling it by setting the option to 'Windows UEFI Mode', I clicked the "Secure Boot Keys" option to see what was in there

I've never tinkered with keys like this and have no real intention of doing so, but I was met with a new option that said "Install the Default Secure Boot Keys"

I figured this was something spawned from resetting the Bios that I should do so Secure Boot would work; I clicked it and it didn't seem to do anything, but the option was gone the next time I went into the Bios

according to PowerShell and System Information, Secure Boot is enabled/working, but what were those "Install Default Secure Boot Keys" that it presented me with? is this added security or something that could be exploited easier by attackers?

what exactly did I "install" when clicking that option? my OS is Windows 10 22H2

Windows 10
Windows 10
A Microsoft operating system that runs on personal computers and tablets.
11,501 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Wesley Li 8,345 Reputation points
    2023-12-26T07:26:50.7866667+00:00

    Hello

    The “Install Default Secure Boot Keys” option appears after resetting the BIOS because it restores the default Secure Boot keys to the motherboard’s firmware. The default Secure Boot keys are provided by the motherboard manufacturer. If you reset the BIOS, the default Secure Boot keys may be removed.

     Secure Boot is a feature of the UEFI (Unified Extensible Firmware Interface) specification that defines a firmware execution authentication process. It is based on the Public Key Infrastructure (PKI) process to authenticate modules before they are allowed to execute. These modules can include firmware drivers, option ROMs, UEFI drivers on disk, UEFI applications, or UEFI boot loaders. Through image authentication before execution, Secure Boot reduces the risk of pre-boot malware attacks such as rootkits.

     When Secure Boot is enabled, the computer will verify the digital signature of any executable files before allowing them to run. This verification process helps to prevent viruses and other malicious software from running on the system, making it more difficult for attackers to take control of the machine.

     So, by clicking “Install Default Secure Boot Keys”, you essentially restored the default keys that the Secure Boot uses to verify the digital signatures of the software that runs on your system. This is not something that could be exploited easier by attackers, but rather, it adds a layer of security to your system. It’s a standard procedure and doesn’t pose any security risks.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.