TransWikia.com

"Vendor keys :modified" is being shown in uefi secure boot

Super User Asked on November 4, 2021

After installing Windows on my newly built computer ,and booting into Windows 10 I noticed that secure boot was turned off so I rebooted the computer and enabled the secure boot in the BIOS setup. At that time, "vendor keys: unmodified", was being shown under secure boot . However when I later on accessed the BIOS it showed "vendor keys: modified ".

What does this mean?

I have a gigabyte h310m motherboard.

One Answer

Secure Boot works by placing the root of trust in firmware, usually via x509 certificates.

A root CA is embedded in firmware such that it can then validate the signed bootloader, the signed bootloader can then validate the signed kernel or signed second stage boot loader, and so on. Various key databases in the firmware are used to provide flexibility and maintain strong security.

The word keys here means certificates. Microsoft has its own key/certificate, and so do computer vendors. The certificates/keys are stored in the firmware and used to verify its contents or any loaded software.

In your case, you have modified some BIOS variables by enabling secure boot. The change was verified and then signed again by the vendor key(s), which will also be required if you decide to disable secure boot. "Modified" means that you have done some modifications which were verified/signed using vendor keys.

Answered by harrymc on November 4, 2021

Add your own answers!

Ask a Question

Get help from others!

© 2024 TransWikia.com. All rights reserved. Sites we Love: PCI Database, UKBizDB, Menu Kuliner, Sharing RPP