Open Surface RT
Discord CommunityXDA Page
  • Open Surface RT Home
  • Get started
    • Secure Boot
    • Windows 10
    • Linux
    • Discord
  • Changelog
  • Common
    • Boot Process
      • Special Boot modes
      • Tegra SoC's
        • Fusée Gelée
          • APX Mode (USB Recovery Mode "RCM")
          • Payloads
            • Dump platform key (SBK)
      • UEFI
        • Secure Boot
          • Windows Bootmanager Exploit
          • Yahallo - Disable Secureboot
        • UEFI Boot Sequence
        • FAT32 isn't FAT32
    • Windows RT
      • Jailbreak Exploits
      • Recovery Toolkit
      • Recovery Images
    • Windows 10
      • Software Support
      • Fake Builds
      • Known Issues
  • Tools
    • Windows Media Builder
    • Surface RT & 2 Jailbreak USB
  • Surface RT
    • Linux
      • Devicetree
        • APX devicetree
        • UEFI devicetree
      • Kernel
        • Kernel source
          • grate-driver
          • Mainline
        • Configure & Build
          • Appended devicetree
        • Prebuilt binaries
      • Booting
        • Kernel parameters
        • UEFI boot
        • APX boot
          • Das U-Boot
          • Fusée Gelée
            • BCT Table
            • NvFlash (Modified)
          • Boot Linux
            • Binaries
            • Prepare SD Card
      • Root Filesystem
        • Distributions
          • postmarketOS
          • Raspberry Pi OS
        • Simple RootFS
      • Trouble Shooting
    • Hardware
      • Tegra3 - Technical Reference Manual
      • J14 OEM Debug Connector
      • UART
        • 1.8V UART with Voltage divider
        • Raspberry Pi UART-Setup
      • GPIOs
        • decode - Pin number to Letter
        • GPIOs in Linux
      • IC's
        • SPI Flash
        • MMC
          • 1 - μSD Card
          • 3 - WIFI SDIO: Marvell: 88W8797
          • 4 - eMMC
        • I2C devices
          • Bus 0 - MS HID
            • 0x00 - Microsoft: Type/Touch Cover
            • 0x28 - [WIP] Microsoft: ?SensorCollection?
              • TBC - Ambient Light Sensor
              • TBC - Kionix: KXTJ9 - Accelerometer
          • Bus 1 - 2nd Board
            • 0x2D
            • 0x39 - Display Panel ThermalZone
            • 0x5B - ATMEL: mXT1386E - TouchController
          • Bus 2 - CAMs
          • Bus 3 - HDMI DDC
          • Bus 4 - System
            • 0x0A - ACPI: Control Method Battery
            • 0x1A - Wolfson: WM8962 - AudioCodec
            • 0x2D - TI: TPS659110 - PMIC
            • 0x4C - onsemi: NCT1008 - Temperatur sensor
            • 0x60 - TI: TPS62361B - Processor Supply
        • LVDS Encoder
      • Display
      • Battery
    • Firmware
      • Extract Firmware
      • Decrypt Firmware
      • Encrypt Firmware
      • BCT
      • RPMB partition on EMMC
    • UEFI
      • ACPI Tables
        • DSDT
        • SSDT
        • WDSA
        • MADT / APIC
        • Not interesting (yet)
          • BGRT
          • CSRT
          • DBG2
          • FACP
          • FPDT
          • MSDM
          • RSDP
          • TMP2
          • XSDT
      • Memory Mapping
      • Device Tables
      • PinMux
      • Compiling GRUB2
  • Surface RT2
    • Hardware
      • Specifications
      • ACPI (DSDT) Tables
      • Memory Mapping
      • EFI System Tables
      • BCT Table
      • IC's
      • Display
      • Battery
  • Other devices
    • Lenovo Ideapad Yoga 11
      • Linux
  • Development
    • !!! PLEASE READ !!!
      • !TODO for everyone
      • CTS devNotes
        • initrd
        • !TODO
          • Surface RT
          • Surface 2
        • battery
        • TZ Exploit - CTS
        • tCover Linux support
          • Kernel module
        • Dump Bootrom
        • git for dummys [WIP!] (like me)
      • Leander devNotes
        • !TODO
        • UEFI Privilege Escalation Exploit Documentation
          • Yahallo: Free memory access
          • UEFI Privilege Escalation: Execute code in Secure mode
          • Removing trustzone
        • EFI linux booting
          • Configs we already tried
          • Qemu emulation
            • GDB Debugging
              • VSCode integration
        • EFI Signing / Secure Boot
      • GRUB2 Booting Notes
      • Cross Compiling
      • Interesting Repo's
      • Devicetree information
      • Do gifs work?
      • Uboot information
      • jwa4 Notes
        • Windows Media Builder
        • Surface RT & 2 Jailbreak USB
Powered by GitBook
On this page

Was this helpful?

Export as PDF
  1. Development
  2. !!! PLEASE READ !!!
  3. Leander devNotes

EFI Signing / Secure Boot

PreviousVSCode integrationNextGRUB2 Booting Notes

Last updated 3 years ago

Was this helpful?

Windows bootmanager exploit is deprecated, as you can now disable secure boot. Without secure boot you don't need to sign your EFI binaries. Visit for more information.

SurfaceRT/2 uses UEFI Secure Boot.

We have a test key that can be used to sign our EFI binaries so that they are trusted by the windows boot manager. (When secure boot is enabled).

Working Test Key

5D7630097BE5BDB731FC40CD4998B69914D82EAD CN=Windows OEM Test Cert 2017 (TEST ONLY), O=Microsoft Partner, OU=Windows, L=Redmond, S=Washington, C=US

can use signtool on windows to sign our EFI builds eg

signtool.exe sign /tr http://timestamp.digicert.com /td sha1 /fd sha1 /sm /sha1 5d7630097be5bdb731fc40cd4998b69914d82ead *.efi

Yahallo