Rairii,
@Rairii@haqueers.com avatar

decided to throw securebootai.dll (from latest germanium build) into IDA, was not disappointed

there's a list of systems where db/dbx updates aren't attempted, that being:

  • any (amd64) apple system (those with secure boot just hardcodes db/dbx, without the ability to update it, right?)
  • fujitsu FJNBB38
  • a big list of HP systems: 83D5, 83DA, 83DD, 83E7, 83E8, 83E9, 8401, 8460, 8461, 8462, 8463, 8464, 8584, 8589, 8617, 8618, 8619, 8620, 869B, 86A3, 86A5, 86A8, 870B, 870C, 870F, 8710, 8711, 8712, 8713, 8714, 8715, 8717, 8718, 8719, 871A, 871B, 871C, 8723, 8724, 8725, 872B, 872C, 872D, 872E, 8736, 874D, 874E, 874F, 8750, 8751, 8752, 8753, 8754, 8755, 8760, 876D, 8779, 877D, 8780, 8783, 87EC, 880F, 8810, 882C, 882D, 8830, 8835, 8836, 885C, 887E
  • and any HP system where its custom protection against performing db/dbx updates is enabled

also:

the file doesn't exist right now, but there's code (behind a registry(?) flag) to apply "dbxupdate2024.bin", and debug strings imply that would revoke the PCA 2011 cert entirely!(GetSecureBootUpdateFilePathPCA2011RevokeDBX)

i expected that to be done, but only on new systems, fun (given that it's behind a flag it may well happen only on new systems)

  • All
  • Subscribed
  • Moderated
  • Favorites
  • random
  • kavyap
  • ngwrru68w68
  • tacticalgear
  • DreamBathrooms
  • mdbf
  • magazineikmin
  • thenastyranch
  • Youngstown
  • Durango
  • slotface
  • everett
  • vwfavf
  • rosin
  • khanakhh
  • Leos
  • anitta
  • GTA5RPClips
  • cisconetworking
  • InstantRegret
  • ethstaker
  • osvaldo12
  • tester
  • provamag3
  • modclub
  • cubers
  • normalnudes
  • megavids
  • JUstTest
  • All magazines
    •