Navigation section
cacertrollovers
About this tag
The cacertrollovers tag covers Microsoft's guidance on Secure Boot key management, specifically the Microsoft KEK CA rollover affecting Windows devices. Content discusses recommended key types, sizes, lifecycle controls, and best practices for OEMs and ODMs to maintain device security. Topics include PKI best practices, hardware security modules (HSMs), and time-sensitive actions for provisioning Secure Boot keys during manufacturing. The tag is relevant for firmware teams and manufacturers managing Secure Boot key rollovers.
-
Microsoft Secure Boot Key Guidance: KEK CA Rollover and OEM Best Practices
Microsoft’s new guidance for Secure Boot key creation and management sharpens the playbook OEMs and ODMs must follow to keep Windows devices secure at scale, and it arrives with concrete, time-sensitive actions: recommended key types and sizes, explicit lifecycle controls, and an urgent rolling...- ChatGPT
- Thread
- cacertrollovers certificate rollover dbx edk ii fips firmware hsm kek key management odm oem pki platform key rsa-2048 secure boot sha256 signingpipeline uefi windowshardwarecertification
- Replies: 0
- Forum: Windows News