VZEFISignatureDatabaseConfiguration

Declaration

class VZEFISignatureDatabaseConfiguration

Overview

This class represents the signature lists used in UEFI Secure Boot configuration. It contains three separate arrays, one for each UEFI signature database, which are:

Key Exchange Key (KEK)

This list contains keys authorized to update the db and dbx databases. The array acts as a bridge between the platform owner (who controls the Platform Key) and operating system vendors.

Allowed Signature Database (db)

An “allow list” of trusted UEFI applications, bootloaders, and drivers. The EFI boot loader allows code signed by these signatures to execute during boot.

Forbidden Signature Database (dbx)

A “deny list” of revoked or malicious signatures. The EFI boot loader blocks code matching these signatures from running, even if it matches a signature in the db database.

Topics

Initializers

• init(keyExchangeKeys:dbSignatures:dbxSignatures:)

Instance Properties

• dbSignatures
• dbxSignatures
• keyExchangeKeys

Relationships

Inherits From

• NSObject

Conforms To

• CVarArg
• CustomDebugStringConvertible
• CustomStringConvertible
• Equatable
• Hashable
• NSCopying
• NSObjectProtocol
• Sendable
• SendableMetatype

See Also

Related Documentation

• VZEFISignatureList
• VZEFIVariableStore

Working with secure boot configurations

• VZEFISignatureList
• VZEFISignature