db and dbx

Parent Previous Next

The variable 'db' holds multiple X.509 certificates used to identify those authorities able to sign UEFI executable drivers, option ROMs, and applications such as utilities or OS boot-loaders.   This variable may also hold the hash of individual programs manually approved for execution by the system owner.

The variable 'dbx' holds any revoked X.509 certificates and the hash of any previously signed programs that have later been determined to be dangerous.  This variable may be updated by OS action in case execution must be blocked for any signed programs.