安全開機Secure boot

安全開機是由電腦產業成員所開發的一種安全性標準,目的是要協助確保裝置只會使用原始設備製造商 (OEM) 所信任的軟體來開機。Secure boot is a security standard developed by members of the PC industry to help make sure that a device boots using only software that is trusted by the Original Equipment Manufacturer (OEM). 當電腦啟動時,此韌體會檢查開機軟體每一個部分的簽章,包括 UEFI 韌體驅動程式 (也稱為選項 Option ROM)、EFI 應用程式和作業系統。When the PC starts, the firmware checks the signature of each piece of boot software, including UEFI firmware drivers (also known as Option ROMs), EFI applications, and the operating system. 如果簽章有效,電腦就會開機,而此韌體會將控制權交給作業系統。If the signatures are valid, the PC boots, and the firmware gives control to the operating system.

OEM 可以使用韌體製造商所提供的指示來建立安全開機金鑰,並將這些金鑰儲存在 PC 韌體中。The OEM can use instructions from the firmware manufacturer to create Secure boot keys and to store them in the PC firmware. 當您新增 UEFI 驅動程式時,您也必須確定這些驅動程式已完成簽署程序,並包含在安全開機資料庫中。When you add UEFI drivers, you'll also need to make sure these are signed and included in the Secure Boot database.

如需安全開機程序如何運作的相關資訊,包括信任式開機和測量開機,請參閱保護 Windows 10 開機程序For information on how the secure boot process works included Trusted Boot and Measured Boot, see Secure the Windows 10 boot process.

安全開機需求Secure boot requirements

為了支援安全開機,您必須提供下列各項。In order to support Secure boot, you must provide the following.

硬體需求Hardware requirement 詳細資料Details
UEFI 2.3.1 版勘誤 C 變數UEFI Version 2.3.1 Errata C variables 變數必須設定為 SecureBoot=1SetupMode=0 ,且具有所需簽章資料庫 (EFI_IMAGE_SECURITY_DATABASE) 而可將以安全方式所預先佈建的機器開機,並包含在有效 KEK 資料庫中所設定的 PK。Variables must be set to SecureBoot=1 and SetupMode=0 with a signature database (EFI_IMAGE_SECURITY_DATABASE) necessary to boot the machine securely pre-provisioned, and including a PK that is set in a valid KEK database. 如需詳細資訊,請在所下載的 Windows 硬體相容性計劃規格和原則 PDF 中,搜尋 System.Fundamentals.Firmware.UEFISecureBoot 系統需求。For more information, search for the System.Fundamentals.Firmware.UEFISecureBoot system requirements in PDF download of the Windows Hardware Compatibility Program Specifications and Policies.
UEFI v2.3.1 第 27 節UEFI v2.3.1 Section 27 平台必須公開符合 UEFI v2.3.1 第 27 節設定檔的介面。The platform must expose an interface that adheres to the profile of UEFI v2.3.1 Section 27.
UEFI 簽章資料庫UEFI signature database 平台必須已使用 UEFI 簽章資料庫 (db) 中的正確金鑰完成佈建,才能讓 Windows 開機。The platform must come provisioned with the correct keys in the UEFI Signature database (db) to allow Windows to boot. 其也必須支援對資料庫進行安全的已驗證更新。It must also support secure authenticated updates to the databases. 安全變數的儲存必須與執行中的作業系統分開,以免變數遭到修改卻沒有偵測到。Storage of secure variables must be isolated from the running operating system such that they cannot be modified without detection.
韌體簽署Firmware signing 所有韌體元件都必須使用至少具有 SHA-256 的 RSA-2048 來簽署。All firmware components must be signed using at least RSA-2048 with SHA-256.
開機管理程式Boot manager 電源開啟時,系統必須開始在韌體中執行程式碼,並根據演算法原則使用公開金鑰密碼編譯,以驗證開機順序中所有映像的簽章,直到 Windows 開機管理程式 (含) 為止。When power is turned on, the system must start executing code in the firmware and use public key cryptography as per algorithm policy to verify the signatures of all images in the boot sequence, up to and including the Windows Boot Manager.
復原保護Rollback protection 系統必須防止韌體復原到較舊的版本。The system must protect against rollback of firmware to older versions.
EFI_HASH_PROTOCOLEFI_HASH_PROTOCOL 平台提供了 EFI_HASH_PROTOCOL (透過 UEFI v2.3.1) 來卸載密碼編譯雜湊作業,以及提供 EFI_RNG_PROTOCOL (由 Microsoft 定義) 來存取平台 Entropy。The platform provides the EFI_HASH_PROTOCOL (per UEFI v2.3.1) for offloading cryptographic hash operations and the EFI_RNG_PROTOCOL (Microsoft defined) for accessing platform entropy.

簽章資料庫和金鑰Signature Databases and Keys

在部署電腦之前,身為 OEM 的您要將安全開機資料庫儲存在電腦上。Before the PC is deployed, you as the OEM store the Secure Boot databases on the PC. 這包括簽章資料庫 (db)、已撤銷簽章資料庫 (dbx) 和金鑰註冊金鑰資料庫 (KEK)。This includes the signature database (db), revoked signatures database (dbx), and Key Enrollment Key database (KEK). 這些資料庫會在製造時儲存於韌體非揮發性記憶體 (NV-RAM) 上。These databases are stored on the firmware nonvolatile RAM (NV-RAM) at manufacturing time.

簽章資料庫 (db) 和已撤銷簽章資料庫 (dbx) 會列出 UEFI 應用程式、作業系統載入器 (例如 Microsoft 作業系統載入器或開機管理程式) 以及可在裝置上載入的 UEFI 驅動程式所具有的簽署者或映像雜湊。The signature database (db) and the revoked signatures database (dbx) list the signers or image hashes of UEFI applications, operating system loaders (such as the Microsoft Operating System Loader, or Boot Manager), and UEFI drivers that can be loaded on the device. 已撤銷的清單中會包含不再受信任且不可載入的項目。The revoked list contains items that are no longer trusted and may not be loaded. 如果映像雜湊同時位於這兩個資料庫,則會優先採用已撤銷簽章資料庫 (dbx)。If an image hash is in both databases, the revoked signatures database (dbx) takes precedent.

金鑰註冊金鑰資料庫 (KEK) 是不同的簽署金鑰資料庫,可用來更新簽章資料庫和已撤銷簽章資料庫。The Key Enrollment Key database (KEK) is a separate database of signing keys that can be used to update the signature database and revoked signatures database. Microsoft 會要求 KEK 資料庫中包含指定的金鑰,如此一來,Microsoft 日後才可以將新的作業系統新增到簽章資料庫,或將已知的錯誤映像新增至已撤銷簽章資料庫。Microsoft requires a specified key to be included in the KEK database so that in the future Microsoft can add new operating systems to the signature database or add known bad images to the revoked signatures database.

新增完這些資料庫之後,以及在最後一次進行韌體驗證與測試之後,OEM 便會鎖定該韌體,使其無法進行編輯 (但使用正確金鑰所簽署的更新,以及使用韌體功能表的實際存在使用者所進行的更新除外),然後再產生平台金鑰 (PK)。After these databases have been added, and after final firmware validation and testing, the OEM locks the firmware from editing, except for updates that are signed with the correct key or updates by a physically present user who is using firmware menus, and then generates a platform key (PK). PK 可用來簽署 KEK 的更新,或用來關閉安全開機。The PK can be used to sign updates to the KEK or to turn off Secure Boot.

請連絡韌體製造商,以取得這些資料庫的建立工具與相關協助。You should contact your firmware manufacturer for tools and assistance in creating these databases.

開機順序Boot sequence

  1. 電腦開啟之後,就會根據平台金鑰來檢查簽章資料庫。After the PC is turned on, the signature databases are each checked against the platform key.
  2. 如果該韌體不受信任,UEFI 韌體就必須起始 OEM 特定的復原,以還原受信任的韌體。If the firmware is not trusted, the UEFI firmware must initiate OEM-specific recovery to restore trusted firmware.
  3. 如果 Windows 開機管理程式發生問題,則該韌體會嘗試用 Windows 開機管理程式的備份複本來開機。If there is a problem with Windows Boot Manager, the firmware will attempt to boot a backup copy of Windows Boot Manager. 如果這麼做也失敗,韌體就必須起始 OEM 特定的補救措施。If this also fails, the firmware must initiate OEM-specific remediation.
  4. Windows 開機管理程式開始執行之後,如果驅動程式或 NTOS 核心發生問題,就會載入 Windows 修復環境 (Windows RE),以便可以修復這些驅動程式或核心映像。After Windows Boot Manager has started running, if there is a problem with the drivers or NTOS kernel, Windows Recovery Environment (Windows RE) is loaded so that these drivers or the kernel image can be recovered.
  5. Windows 會載入反惡意程式碼軟體。Windows loads antimalware software.
  6. Windows 會載入其他核心驅動程式,並初始化使用者模式程序。Windows loads other kernel drivers and initializes the user mode processes.

相關主題Related topics