OnLogic Product Security Secure Boot Customization Guide

This guide details the implementation of a custom Secure Boot policy for edge devices using Unified Extensible Firmware Interfaces (UEFIs). It begins by explaining the importance of Secure Boot in protecting the pre-Operating System (OS) environment from malware that can compromise system integrity. The document outlines the components of Secure Boot, including the roles of various repositories such as the allow list (db), disallow list (dbx), Key Exchange Key (KEK), and Platform Key (PK). It emphasizes the need for customization to enhance security, particularly for environments that may use non-standard bootloaders. The guide provides a high-level overview of the process for creating and enrolling custom keys and certificates, ensuring that only authorized boot components are executed. Additionally, it addresses the challenges and considerations involved in implementing a customized Secure Boot policy, including the necessity of managing certificates securely and the potential risks associated with default configurations.