Secure Boot Custom Policy
| Item | Description |
|---|---|
| Enroll Efi Image | Enroll the SHA256 hash of the selected EFI image binary into the Authorized Signature Database (DB). |
| Secure Boot variable | Display platform keys (PK), key exchange keys (KEK), authorized signature database (DB), and forbidden signature database (DBX). |
| Size | Display the number of key bytes. |
| Keys | Display the number of certificates (integer). |
| Key Source | Display certificate sources. The sources can be Factory Default, No Keys, Mixed, or Customized. |
| PK | Enroll a PK (from a Public Key Certificate file format) or delete the existing PK. Note There is only one PK in the system. |
| KEK | Enroll a KEK entry (from a Public Key Certificate file format), or delete an existing entry from the KEK. |
| DB | Enroll a DB entry (from a Public Key Certificate file format or an EFI image file), or delete an existing entry from the DB. |
| DBX | Enroll a DBX entry (from a Public Key Certificate file format or an EFI image file), or delete the existing entry from the DBX. |