none
Secure Boot Test Certificate RRS feed

  • Question

  • Hey Guys

    I am trying to implement SecureBoot for my DragonBoard 410c. I am following this Guide and currently I have a Problem just with a test Build
    https://docs.microsoft.com/en-us/windows/iot-core/secure-your-device/securebootandbitlocker

    I am just using the Test Certificates and no additional Config to the XML. The Packet builds and I can flush it with the FFU. Windows boots up and enables Secure Boot. (It ist enabled in the UEFI Menu of the Dragonboard) but as soon as I restart the device, it does no longer boot windows.

    I enabled RPMB and cleared the Keys before Flashing. Are there additional steps for a test deployment? I know that I need my own OEM Keys for Retail but I want to run test first.


    • Edited by Andy Koch Thursday, November 8, 2018 1:24 PM
    Thursday, November 8, 2018 1:23 PM

All replies

  • Hello Koch,

    Which build version did you test the Secure Boot? And when the device does no longer boot windows, is there some error information, the device can show start logo?

    Best Regards,

    Michael


    MSDN Community Support Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.

    Friday, November 9, 2018 3:17 AM
    Moderator
  • Hello Michael,

    I am currently running Build 10.0.17134.1

    The Device Boots up and Starts Windows (1st Time) then enables Secure Boot. When I reboot the Dragonboard. I just see the Qualcom Logo with the message to reboot my device.

    Saturday, November 10, 2018 1:05 PM
  • Hello Andy,

    Sorry for late response. Could this issue be reproduced every time? You can try to re-flush the eMMC and test this issue.

    If the issue could not be fixed, you can report this issue via Feedback Hub app.

    Best Regards,

    Michael


    MSDN Community Support Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.


    Tuesday, November 13, 2018 2:28 AM
    Moderator
  • Hi Michael,

    Yes the problem occurs every time I using the Test OEM Certificates (Even when I Build an Test Image) If I am using a real Code Signing Certificate everything works fine.

    Thursday, November 15, 2018 10:29 AM
  • Hello Andy,

    It seems that the Test OEM certificate is expired. You can check the expiration date for the test OEM certificate in certmgr.

    Best Regards,

    Michael


    MSDN Community Support Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.

    Friday, November 23, 2018 7:26 AM
    Moderator
  • Hello Michael

    Unfortunately it is not about the timestamp. I have also a real cross signed code signature certificate (which is also expired) It seems like the test certificates are not trusted for SecureBoot regardless if they are valid or not.

    Best regards,

    Andy

    Sunday, December 2, 2018 11:41 AM