EFI Signing / Secure Boot

Windows bootmanager exploit is deprecated, as you can now disable secure boot. Without secure boot you don't need to sign your EFI binaries. Visit for more information.

SurfaceRT/2 uses UEFI Secure Boot.

We have a test key that can be used to sign our EFI binaries so that they are trusted by the windows boot manager. (When secure boot is enabled).

Working Test Key

5D7630097BE5BDB731FC40CD4998B69914D82EAD CN=Windows OEM Test Cert 2017 (TEST ONLY), O=Microsoft Partner, OU=Windows, L=Redmond, S=Washington, C=US

can use signtool on windows to sign our EFI builds eg

signtool.exe sign /tr http://timestamp.digicert.com /td sha1 /fd sha1 /sm /sha1 5d7630097be5bdb731fc40cd4998b69914d82ead *.efi

PreviousVSCode integration NextGRUB2 Booting Notes

Last updated 3 years ago

Was this helpful?