Linux Foundation Wiki

project collaboration site

User Tools

Site Tools


Acer Aspire V5-571

The Acer Aspire is a secure boot system based on the Phoenix UEFI BIOS.

To get into the UEFI startup menus, press F2 on power on or reboot.  The Secure Boot key management settings are in the Security menu and the Secure Boot enabled flag is in the Boot menu.

The 'Security' menu has four secure boot settings, one of which is read only (The Secure Boot mode).   There is no real option to place the system into setup mode by removing the platform key, there's only the option to 'Erase All Secure Boot settings' which erases every secure boot key including the platform key.  So taking ownership of this system has to be done carefully.  First you need to run KeyTool.efi to save all keys.  Then you can reboot to the UEFI menu and erase all the secure boot keys.  Then you need to reload the three variables KEK, db and dbx before you insert your own Platform Key and tip the system into User Mode.

The platform also seems to have a bug in that it doesn't seem to accept authenticated updates to any of the key databases at all.  This means that once you insert the platform key, there's no way to remove it again other than to erase all the keys and rebuild the key databases.  The platform als has a bug in that once you insert the Platform Key, the platform says it is in user mode, but in fact it doesn't perform any secure boot signed binary checks until the next reboot.

The other interesting option in the 'Security' menu is 'Select an UEFI file as trusted for executing'  This allows you to select an EFI file and add its signature to db.  This effectively means that the platform UEFI menu can operate very similarly to PreLoader because its easy to add the signature of an arbitrary binary to the signatures database.

Finally, the 'Security' menu has the option to 'Restore Secure Boot to factory Default' which initialises all the key databases back to their initial values.  Only when all keys have their initial values does the 'Secure Boot Mode' show 'Standard' once you modify anything in the secure boot variables, the mode shows as 'Custom'

tab/acer-aspire-v5-571.txt · Last modified: 2016/07/19 01:24 (external edit)