Secure Boot variables only store public certificates, not private keys, and they are not used for encrypting any data (only verifying signatures). The default set configures Secure Boot to allow only operating systems signed by Microsoft (and sometimes by Canonical Ltd.), plus drivers signed by the PC manufacturer. It sounds like you're not initializing BitLocker at all – these keys are for Secure Boot only, i.e. TPM Errata Date: Wednesday, September 21, 2016 Output of tpmtool getdeviceinformation command: -TPM Present: True The TPM & motherboard support the TPM2.0 specs
0 Comments
Leave a Reply. |