Skip to content

[Secure Boot KEK Update] ASUS PK-Signed KEK Update#295

Merged
Flickdm merged 1 commit intomicrosoft:mainfrom
ChengAn0519:PostSignedObjects/KEK/ASUS
Nov 11, 2025
Merged

[Secure Boot KEK Update] ASUS PK-Signed KEK Update#295
Flickdm merged 1 commit intomicrosoft:mainfrom
ChengAn0519:PostSignedObjects/KEK/ASUS

Conversation

@ChengAn0519
Copy link
Contributor

@ChengAn0519 ChengAn0519 commented Nov 11, 2025

OEM Certificate Submission

OEM Name: ASUS
Contact Email: ChengAn_Chiu@asus.com

Certificate Details

  • Platform Key Thumbprint: 282D2857EE8F28CE622C803CAB5031EDDA9412F08FA3192208344DA0C6A42A6E
  • Expiration Date: 2027-11-11

Testing Completed

  • Windows validation
  • Linux validation

Security Review

  • No known security issues

Additional Notes

Platform Key Thumbprint SHA1: B3840DFCF8AB23704E6C5E51CE6F3E38459EF9AC

@Flickdm Flickdm merged commit cd7ba8f into microsoft:main Nov 11, 2025
2 checks passed
@ChengAn0519 ChengAn0519 deleted the PostSignedObjects/KEK/ASUS branch November 12, 2025 02:30
@hughsie
Copy link

hughsie commented Nov 12, 2025

@Flickdm is this one correct? Firstly, "issued_by": "CN=DO NOT TRUST - OEM PK" doesn't inspire confidence, but I also get a failure to upload it the LVFS automatically -- there's a check for the signature ID being dec64d7746d983db3774829a00bf829d9f19e9cf -- i.e. Microsoft Corporation KEK 2K CA 2023

For the working [other] KEK I get:

$ fwupdtool firmware-parse ../secureboot_objects/PostSignedObjects/KEK/ASUS/KEKUpdate_ASUS_PK21303E44.bin efi-variable-authentication2
Loading…                 [************************************** ]
<firmware gtype="FuEfiVariableAuthentication2">
  <signers>
    <firmware gtype="FuX509Certificate">
      <id>9c9604ae03ac769478aa7a79e8ac3a7e1c4150eb</id>
      <issuer>CN=ASUS Secure Boot Root CA</issuer>
      <subject>CN=ASUS Secure Boot PK</subject>
    </firmware>
  </signers>
  <firmware gtype="FuEfiX509Signature">
    <id>dec64d7746d983db3774829a00bf829d9f19e9cf</id>
    <version>2023</version>
    <version_raw>0x7e7</version_raw>
    <version_format>number</version_format>
    <size>0x5c6</size>
    <filename>dec64d7746d983db3774829a00bf829d9f19e9cf_C=US,O=Microsoft Corporation,CN=Microsoft Corporation KEK 2K CA 2023.der</filename>
    <issuer>C=US,O=Microsoft Corporation,CN=Microsoft RSA Devices Root CA 2021</issuer>
    <subject>C=US,O=Microsoft Corporation,CN=Microsoft Corporation KEK 2K CA 2023</subject>
    <subject_name>Microsoft KEK CA</subject_name>
    <subject_vendor>Microsoft</subject_vendor>
  </firmware>
</firmware>

...and this one I get:

$ fwupdtool firmware-parse ../secureboot_objects/PostSignedObjects/KEK/ASUS/KEKUpdate_ASUS_PKB3840DFC.bin efi-variable-authentication2
Loading…                 [************************************** ]
<firmware gtype="FuEfiVariableAuthentication2">
  <signers>
    <firmware gtype="FuX509Certificate">
      <id>ec07bec352829f7b375caae4bf7861612b63f288</id>
      <issuer>CN=DO NOT TRUST - OEM PK</issuer>
      <subject>CN=DO NOT TRUST - OEM PK</subject>
    </firmware>
  </signers>
  <firmware gtype="FuEfiX509Signature">
    <flags>done-parse</flags>
    <id>9f402b1cc0243cbedc58a525789816ccca7687a9</id>
    <version>2011</version>
    <version_raw>0x7db</version_raw>
    <version_format>number</version_format>
    <size>0x5fc</size>
    <filename>9f402b1cc0243cbedc58a525789816ccca7687a9_C=US,ST=Washington,L=Redmond,O=Microsoft Corporation,CN=Microsoft Corporation KEK CA 2011.der</filename>
    <issuer>C=US,ST=Washington,L=Redmond,O=Microsoft Corporation,CN=Microsoft Corporation Third Party Marketplace Root</issuer>
    <subject>C=US,ST=Washington,L=Redmond,O=Microsoft Corporation,CN=Microsoft Corporation KEK CA 2011</subject>
    <subject_name>Microsoft KEK CA</subject_name>
    <subject_vendor>Microsoft</subject_vendor>
  </firmware>
  <firmware gtype="FuEfiX509Signature">
    <id>dec64d7746d983db3774829a00bf829d9f19e9cf</id>
    <version>2023</version>
    <version_raw>0x7e7</version_raw>
    <version_format>number</version_format>
    <size>0x5c6</size>
    <filename>dec64d7746d983db3774829a00bf829d9f19e9cf_C=US,O=Microsoft Corporation,CN=Microsoft Corporation KEK 2K CA 2023.der</filename>
    <issuer>C=US,O=Microsoft Corporation,CN=Microsoft RSA Devices Root CA 2021</issuer>
    <subject>C=US,O=Microsoft Corporation,CN=Microsoft Corporation KEK 2K CA 2023</subject>
    <subject_name>Microsoft KEK CA</subject_name>
    <subject_vendor>Microsoft</subject_vendor>
  </firmware>
</firmware>

i.e. it's two KEKs signed by a test key. I mean if that works then I guess it's fine, it's just the first one I've seen with two certs. It's certainly odd.

@hughsie
Copy link

hughsie commented Nov 17, 2025

@ChengAn0519 do you have any ideas on why this is different? Thanks.

@Flickdm
Copy link
Member

Flickdm commented Nov 17, 2025
edited
Loading

@ChengAn0519 do you have any ideas on why this is different? Thanks.

Appears that the "payload" that was used was comprised of the 2011 and 2023 KEK as two different EFI_SIGNATURE_LISTs concatenated together to make a EFI_SIGNATURE_DATABASE that can be signed.

The logic in question I've discussed in #281 :

Before appending, this payload will go through FilterSignatureList(..) in firmware.

The important line in question is line 1111

if (CompareMem (NewCert, Cert, CertList->SignatureSize) == 0) {

Here Cert is really EFI_SIGNATURE_DATA

   typedef struct _EFI_SIGNATURE_DATA {
     EFI_GUID                 SignatureOwner;
     UINT8                    SignatureData [_];
   }   EFI_SIGNATURE_DATA;

The SignatureData structure contains both the signature owner and the signature data.

Thus when the CompareMem(..) operates it will see that both the SignatureOwner and SignatureData match and throw away duplicates.

This payload if used as built will work to update a system to 2023 KEK. However (and I can't speak for Linux) Windows will assume that all signed payloads use the same payload when attempting to apply. Two CAs will cause that signature validation to fail. So as built there is an incongruency between our servicing logic and this payload.

@ChengAn0519
Copy link
Contributor Author

ChengAn0519 commented Nov 18, 2025

@hughsie
The PK's private key is securely stored at ASUS; the name issuer_by is a misuse.
This KEKUpdate is only apply ASUS NovaGo TP370QL device.
The device hava a bug that update KEKUpdate.bin will replace 2011 Microsoft KEK with 2023 Microsoft KEK,not append with 2023 Microsoft KEK.
Due to make sure 2011 KEK exist in KEK variable ,we fill 2011 and 2023 Microsoft KEK into KEKUpdate.bin.

@Flickdm
Copy link
Member

Flickdm commented Nov 18, 2025

The PK's private key is securely stored at ASUS; the name issuer_by is a misuse.
This KEKUpdate is only apply ASUS NovaGo TP370QL device.
The device hava a bug that update KEKUpdate.bin will replace 2011 Microsoft KEK with 2023 Microsoft KEK,not append with 2023 Microsoft KEK.
Due to make sure 2011 KEK exist in KEK variable ,we fill 2011 and 2023 Microsoft KEK into KEKUpdate.bin.

All good information! Thank you for the update!

@hughsie
Copy link

hughsie commented Nov 18, 2025

Okay, thanks. Uploaded as https://fwupd.org/lvfs/firmware/126771/ with this fix to the auto-uploader: https://gitlab.com/fwupd/lvfs-website/-/commit/5a303b656bb0181c0dd7b9e977aaf918ccaf8c12

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Flickdm Flickdm Flickdm approved these changes

@apop5 apop5 apop5 approved these changes

@SochiOgbuanya SochiOgbuanya Awaiting requested review from SochiOgbuanya

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@ChengAn0519 @hughsie @Flickdm @apop5

Comments