US 12,406,067 B2
Enabling UEFI secure boot key variable extensions to accommodate custom secure boot keys
Amy Christine Nelson, Round Rock, TX (US); Ibrahim Sayyed, Georgetown, TX (US); and Nicholas D. Grobelny, Evergreen, CO (US)
Assigned to Dell Products L.P., Round Rock, TX (US)
Filed by Dell Products L.P., Round Rock, TX (US)
Filed on Jan. 26, 2024, as Appl. No. 18/424,661.
Prior Publication US 2025/0245338 A1, Jul. 31, 2025
Int. Cl. G06F 21/57 (2013.01)
CPC G06F 21/575 (2013.01) 20 Claims
OG exemplary drawing
 
1. A method for provisioning an information handling system, the method comprising:
accessing a custom certificate database (CCD) including one or more certificates corresponding to one or more custom firmware features;
generating a custom db variable for the CCD, wherein the custom db variable is subordinate to a db variable associated with an original equipment manufacturer (OEM) of the information handling system;
providing the custom db variable to a basic input/output system (BIOS) of the information handling system, wherein the BIOS resides in a first nonvolatile memory (NVM) device;
responsive to the BIOS validating the custom db variable against a default platform key of the information handling system, storing the custom db variable to a second NVM device;
injecting the custom db variable into a secure boot db variable residing on the first NVM device; and
prior to executing any of the one or more custom firmware features, verifying the custom db variable with a certificate residing in the first NVM device.