I am using a SABERTOOTH 990FX R2.0 motherboard, and recently discovered that is has secure boot enabled and available by default in the UEFI.
There is an option to delete ALL of the keys (PK, KEK, db, etc.) (What happens if I do that, by the way?), but I am wondering; if I clear CMOS via the jumpers, would that wipe any keys stored?
Does anyone know if the keys are stored elsewhere?
I am wondering because I installed some test versions of Windows for things like stress testing and temps, and don't know if the keys installed with secure boot would interfere somehow with the fresh Windows 10 (with product key activation, not digital entitlement) installation I have planned.
If anyone could endeavor to address all of these sporadic questions, it might really help me in clarifying things into a more uniform picture for me. My general understanding of a lot of this stuff is scattered and of varying depths, to say the least.
I am not entirely sure, however, from looking at what microsoft writes about secure boot, it doesn't seem like something you can just change (except for deleting them) / the keys are part of the default configuration you'd invoke when clearing CMOS. Look under the section called Signature Databases and Keys.
On another note: Not sure I understand your situation correctly here. You have a main windows version installed and a second one for testing. You are going to upgrade the main one to windows 10 and is not sure whether it will boot afterwards because of the keys?
Let's just say I've gone through three versions of Windows in the process of building and testing this system. Started with 7, then 8, and now I've picked up a retail copy of 10, which uses a product key for activation (vs. digital entitlement). It's been a sort of slow-going side project.
I eventually am going to go with the Windows 10, but am concerned about Windows 8 having written keys to Secure Boot. If Windows 8 HAS written keys to secure boot, Windows 10 likely won't ask for it's own Product Key, and instead use the 8 key for digital entitlement via Secure Boot(?). I would like to retain / NOT consume the Windows 8 key, however. (The testing I have done has been offline, so no online or phone activation has occurred on the 7 or 8 installs as of yet).
Thanks for that article. Gonna check it out :). This whole Secure Boot thing is just throwing me for a loop, I suppose...
Anyhow (besides this article), I always try to go to the sources closest to the matter, which is microsoft here. Maybe you can even write their support an e-mail or call them up?