Indlela yokuvuselela izitifiketi ze-Secure Boot ku-Windows futhi ugweme izinkinga zokuphepha

Informatec Digital » Izinsiza » Indlela yokuvuselela izitifiketi ze-Secure Boot ku-Windows futhi ugweme izinkinga zokuphepha

Uma usebenzisa i-Windows 10 noma i-Windows 11 futhi une- Ukuvula Okuvikelekile kunikwe amandlaUthinteka ngqo yizinguquko zesitifiketi ezizokwenziwa abakhiqizi beMicrosoft kanye nama-PC phakathi kwamanje noJuni 2026. Lokhu akuyona inkinga yemfundiso: sikhuluma ngengxenye eqinisekisa ukuthi yini engasetshenziswa emshinini wakho kusukela ngesikhathi ucindezela inkinobho yamandla, futhi izitifiketi zayo zokuqala seziseduze nokuphelelwa yisikhathi.

Sekuyiminyaka sithatha kalula ukuthi uhlelo luvikelwe kusukela ekuqaleni, kodwa manje sekuyisikhathi sokuhlola ukuthi konke sekumi ngomumo Ukuvuselelwa kwesitifiketi se-Secure BootI-Microsoft, ama-OEM (njenge-Acer), kanye nabaphathi bezinhlelo sebeqalile ukusebenza kukho, futhi kufanelekile ukuqonda ukuthi kwenzekani, ukuthi iyini imiphumela yokungenzi lutho, nokuthi yiziphi izinyathelo ezisebenzayo ongazithatha kungakhathaliseki ukuthi ungumsebenzisi wasekhaya noma uphatha amadivayisi amaningi enkampanini.

Kungani izitifiketi ze-Secure Boot ziphelelwa yisikhathi futhi kusho ukuthini?

Indlela ye I-Secure Boot esekelwe ku-UEFI Ithembela ezitifiketini zedijithali ezigcinwe ku-firmware ukuze inqume ukuthi iyiphi ikhodi ethembekile lapho iqala: ama-boot loaders, abashayeli be-firmware, izingxenye ezibalulekile zesistimu yangaphambi kokusebenza, njll. Lo modeli waklanywa ngokuzungeza ukuhlelwa kwezihluthulelo okwakha uchungechunge lokwethembana kusukela ku-firmware kuya ku-Windows.

Kulolo hlu lwezigaba sithola, isibonelo, Ukhiye Wepulatifomu (i-PK) okuvame ukuvela ku-OEM (njenge-Acer), i Izihluthulelo Zokushintshana Ngezihluthulelo (i-KEK) kusuka ku-Microsoft kanye nomkhiqizi, kanye nezizindalwazi ezimbili ezibalulekile: i-DB (amasignesha avunyelwe) kanye ne-DBX (amasignesha asusiwe). I-DB ifaka izitifiketi kanye namasignesha abhekwa njengathembekile, kuyilapho i-DBX ibuyekezwa ngezinto okumele zivinjwe ngoba aziphephile noma ziye zaphazamiseka.

Izitifiketi zokuqala ze-Secure Boot ezikhishwe ngokubambisana yi-Acer ne-Microsoft ziqala ukusebenza kusukela ekuqaleni. 2011futhi zaklanywa cishe iminyaka eyi-15 yokuphila. Lokho kusho ukuthi kusukela Juni 2026 Lezo zitifiketi zokuqala zifinyelela usuku lwazo lokuphelelwa yisikhathi. Uma i-firmware yedivayisi yakho isathembele kuzo futhi ingakabuyekezwa kuzitifiketi ezintsha zika-2023, ukuvikelwa kwebhuthi kuzophelelwa yisikhathi.

Uma izitifiketi seziphelelwe yisikhathi, ikhompyutha ingase isavule futhi isebenzise iWindows ngendlela evamile, kodwa ingxenye ebalulekile ukuthi I-Microsoft ngeke ikwazi ukusebenzisa kahle izindlela ezintsha zokunciphisa mayelana nendawo yokuqalisa. Lokhu kufaka phakathi ukuvikelwa ku-malware elayisha ngaphambi kwesistimu, imizamo yokudlula i-BitLocker, kanye nokunye ukuhlaselwa ochungechungeni lokuqala lokwethembana.

Emishinini emidala, noma ezinhlelweni ezingasasekelwa (njengokufakwa kwe-Windows 10 ngaphandle kwe-ESU), ingozi igcina ngokuba nendawo yokuqalisa esebenza, kodwa engasebenzi kahle. ukwanda kobuso bokuhlasela ngoba ayitholi izibuyekezo zokuphepha ezifanayo futhi ayikwazi ukusizakala ngokuhoxiswa kwesimanje ku-DBX.

Umongo: ukuphela kokusekelwa kwe-Windows 10, ukuvela kwe-Windows 11, kanye nokuncika ku-Secure Boot

Isimemezelo se- ukuphela kokuphila kwe-Windows 10 Lokhu kushukumisele izigidi zabasebenzisi ukuthi zithuthukele ku-Windows 11 ukuze zigweme ukulahlekelwa yizici zokuphepha. Namuhla, isabelo semakethe sishintshele ku-Windows 11 ngokusobala, cishe singu-63% uma kuqhathaniswa no-35% we-Windows 10, ikakhulukazi ngenxa yalolo cindezelo lokuphela kokusekelwa.

Nakuba kusekhona ukufakwa kwe-Windows 10 okuneziteshi ezikhethekile ezifana ne- I-LTSC noma izinhlelo Izibuyekezo Zokuvikela Ezinwetshiwe (ESU)Iqiniso liwukuthi abantu abaningi kuzodingeka baphile nge-Windows 11 noma, okungenani, ngokusatshalaliswa kwe-Linux uma befuna ukuhlala bevikelekile. Kodwa lokho akusho ukuthi i-Windows 11 ayingeneki: manje... Ukuqinisekiswa kwezitifiketi ze-Secure Boot.

Ku-Windows 11, i-Secure Boot akuyona into eyenzeka ngengozi, kodwa i- imfuneko yokufaka ezimweni eziningi ezisekelwayo. I-Microsoft iphikelela ekuyigcineni isebenza hhayi nje kuphela ngokuphepha okuvamile, kodwa futhi ngoba izindlela eziningi zokunciphisa zincike kulolo chungechunge lokwethembana. Ngisho nasemhlabeni wemidlalo, kuvame kakhulu ukuthi izihloko zanamuhla (njengochungechunge lwe-Battlefield kanye neminye imidlalo ye-AAA) zifune lokho. I-Secure Boot ivuliwe ukuze kubulawe.

Iqoqo lakamuva lezibuyekezo zokuphepha ze-Windows 11 lifaka phakathi ngqo Ukujikeleziswa kwesitifiketi se-Boot esivikelekile eziphelelwa yisikhathi ngoJuni 2026. Ingxenye enkulu yabasebenzisi izothola lezi zitifiketi ngokuzenzakalelayo nge-Windows Update, ngaphandle kokufuna amafayela noma amaphakheji ngesandla.

Uma kwenzeka amakhompyutha edeskithophu noma ama-laptop athengwe kusukela ngo-2024-2025 kuqhubeke, abakhiqizi be-OEM sebevele befaka ngqo i- Izitifiketi ze-UEFI CA 2023 kuma-firmware abo, ngakho-ke lawa makhompyutha avela efektri ekulungele, futhi okudingeka ukwenze nje ukugcina iWindows isesikhathini futhi ungakhubazi i-Secure Boot ngaphandle kwesizathu.

Kwenzekani uma ungavuseleli izitifiketi zakho ze-Secure Boot?

Umbuzo ovame kakhulu ukuthi ingabe i-PC izoyeka yini ukuqala uma ifika osukwini lwayo lokuphelelwa yisikhathi. Impendulo, kubasebenzisi abaningi, ukuthi ikhompyutha izoyeka. Izoqhubeka nokuvula nokusebenza Njengokujwayelekile. Uzokwazi ukuvula izinhlelo zakho zokusebenza, uphequlule i-inthanethi, futhi usebenzise uhlelo lokusebenza njengoba wenza manje.

Inkinga yangempela iyinkimbinkimbi kakhulu: iqembu elinalo izitifiketi ze-Secure Boot eziphelelwe yisikhathi Kungase kuyeke ukuthola noma ukusebenzisa kahle izibuyekezo ezithile ezidinga lolu chungechunge olusha lokwethembana. Ezinye intuthuko ebalulekile yokuphepha kwezinga lokuqalisa kungenzeka zingafakwanga, okudala ubuthakathaka abahlaseli abangabusebenzisa kabi.

Ngaphezu kwalokho, lokhu kuvuselelwa kwezitifiketi kuklanyelwe ukubhekana ubuthakathaka besimanje endaweni yangaphambi kohlelo lokusebenza. Uma isisekelo sesitifiketi singabuyekezwa, i-PC ingaba yisisulu esilula se-malware ye-bootkit, ama-rootkit aqhubekayo, noma amathuluzi aklanyelwe ukudlula izindlela ezifana ne-BitLocker ezigabeni zokuqala zokuqalisa.

Kunesinye isimo okufanele sicatshangelwe: ezinye izinhlelo zokusebenza, ikakhulukazi ezindaweni zezinkampani noma zokuphepha okuphezulu, zingase idinga ukuthi i-Secure Boot iyasebenza futhi isesikhathiniUma ukuhlolwa kwangaphakathi kuthola izitifiketi eziphelelwe yisikhathi, kungase kwenqabe ukusebenzisa noma kunciphise ukusebenza, okuzothinta umkhiqizo.

Ngakho-ke, isincomo seMicrosoft sicacile: hlala ulondoloza I-Secure Boot ivuliwe futhi ibuyekeziweFaka izibuyekezo zakamuva ze-Windows 11 noma, uma kwenzeka ku-Windows 10 nge-ESU, sebenzisa wonke ama-patch okuphepha, futhi uqiniseke ukuthi unenguqulo yakamuva ye-firmware/BIOS etholakalayo kukhompyutha ngayinye.

Ungahlola kanjani isimo sezitifiketi ze-Secure Boot ku-Windows

Ukuthola ukuthi umshini wakho usuvele uyisebenzise yini izitifiketi ezintsha ze-boot ezivikelekileUngenza ukuhlola okusheshayo kusuka ku-PowerShell. I-Microsoft inikeza umyalo ohlola okuqukethwe yi-database ye-Secure Boot signature (db) futhi ubheke ngqo ukuba khona kwe- I-Windows UEFI CA 2023.

Njengoba i-PowerShell ivuliwe ngamalungelo okuphatha, ungasebenzisa into efana nalokhu:

([System.Text.Encoding]::ASCII.GetString((Get-SecureBootUEFI db).bytes) -match 'Windows UEFI CA 2023')

Uma umyalo ubuya YiqinisoLokhu kusho ukuthi idivayisi isivele isebenzisa isitifiketi esisha se-UEFI sika-2023 futhi ivikelwe ekuphelelweni yisikhathi kwezitifiketi zokuqala zika-2011. Uma kunjalo, ngeke kudingeke ukhathazeke ngaphandle kokuqhubeka nokusebenzisa izibuyekezo ezijwayelekile ze-Windows kanye ne-firmware uma sezitholakala.

Ngakolunye uhlangothi, uma inkulumo ibuya AmangaUmshini usathembele ezitifiketini eziphelelwa yisikhathi ngoJuni 2026. Kulesi simo, kungcono ukuthi uqale uhlole ukuthi i-Secure Boot ivuliwe yini ku-BIOS/UEFI, bese uphoqa noma wenze kube lula ukufika kwezibuyekezo ezidingekayo nge-Windows Update noma ngokucushwa okufanele ezindaweni eziphethwe.

Ukuze uqinisekise ukuthi i-Secure Boot ivuliwe, ungasebenzisa ithuluzi le-System Information ngomyalo msinfo32Efasiteleni elivulayo, hlola insimu ehambisana ne-“Secure Boot Status”: uma ikhombisa ukuthi “Ivuliwe”, umsebenzi uyasebenza; uma ikhombisa ukuthi “Ikhubazekile” noma “Ayisekelwa”, kuzodingeka ufake i-UEFI yebhodi lomama noma i-laptop ukuze uyivule, uma nje ihadiwe ivumela.

Uma ngemuva kokuhlola i-msinfo32 kanye nomyalo we-PowerShell ungakaboni isitifiketi sika-2023, isinyathelo esilandelayo esinengqondo yilesi I-Windows UpdateUkuhlola izibuyekezo ezisalindile, ikakhulukazi lezo ezibizwa ngokuthi izibuyekezo zokuphepha noma ze-firmware. Emishinini eminingi, ukufaka nje la maphakheji nokuqala kabusha kuzosebenzisa ngokuzenzakalelayo ukuvuselelwa kwesitifiketi.

Ukuvuselelwa ngesandla kwezitifiketi ze-Secure Boot kumakhompyutha ngamanye

Kunezimo lapho, naphezu kokuba i-Secure Boot ivuliwe futhi i-Windows Update isebenza, isibuyekezo sesisekelo sesitifiketi asisebenzi ngokuzenzakalelayo. Kulezi zimo, i-Microsoft ichaza indlela yokwenza ukuphoqa isignali yokubuyekeza ngokusebenzisa i-Windows Registry.

Inqubo ejwayelekile ihilela ukudala noma ukuguqula inani Izibuyekezo Ezitholakalayo egatsheni lokubhalisa elinikezelwe ku-Secure Boot. Ku-PowerShell enamalungelo okuphatha, ungasebenzisa umyalo ofana nalona:

reg add HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Control/Secureboot /v AvailableUpdates /t REG_DWORD /d 0x5944 /f

Kubalulekile ukuqaphela ukuthi uma unamathisela lo myalo ku-PowerShell, kufanele ufake esikhundleni ama-slash “/” endleleni yokubhalisa nge- ama-backslashes ajwayelekile e-Windows Ukuze umyalo usebenze kahle, uma leli nani selidaliwe noma selilungisiwe, iWindows kufanele ibone ukuthi inezibuyekezo zesitifiketi ezitholakalayo bese iqhubeka nokuzisebenzisa ngemva komjikelezo olandelayo we-Windows Update bese iqala kabusha.

Ngaphambi kokushintsha iRegistry, kungcono ukuqinisekisa ukuthi uhlelo luhlangabezana nezidingo eziyisisekelo: I-Secure Boot ivuliwe ku-BIOS, inguqulo ye-Windows esekelwayo (ikakhulukazi i-Windows 11 noma i-Windows 10 ene-ESU), kanye nesevisi ye-Windows Update esebenzayo. Noma yiziphi izinguquko ezingalungile kurejista zingabangela izinkinga, ngakho-ke kuyalulekwa ukuthi ube nephuzu lokusekelayo noma lokubuyisela.

Uma inqubo isiqediwe futhi ngemva kokuqala kabusha okukodwa noma ngaphezulu, ungaphinda usebenzise umyalo we-PowerShell osesha i-“Windows UEFI CA 2023” kusizindalwazi se-Secure Boot. Uma impendulo iyiqiniso kulokhu, umshini manje usebenza ne- izitifiketi ezivuselelwe futhi izindlela zokunciphisa ukuqala kwesikhathi esizayo zingasetshenziswa ngaphandle kwesithiyo.

Ukuqapha okuthuthukisiwe: imicimbi, ukuloga, kanye ne-WMI yabaphathi

Ezindaweni zebhizinisi, iMicrosoft itusa ukudlulela ngale kokuqinisekisa ngesandla ngemiyalo embalwa. Ukuqonda ukuthi iqembu ngalinye limi kuphi maqondana ne- Isibuyekezo sesitifiketi se-Secure BootKuyisihluthulelo ukubuyekeza imicimbi yesistimu nokuqoqa ulwazi oluningiliziwe usebenzisa i-PowerShell, ukuloga, kanye nemibuzo ye-WMI/CIM.

Isinyathelo sokuqala ukuhlola imicimbi yokuqalisa evikelekile Imicimbi yakamuva kakhulu, ikakhulukazi leyo enezihlonzi ezingu-1801 no-1808, ibhalwe phansi njengengxenye yamalogi ahlotshaniswa nesizindalwazi sokuqalisa esivikelekile (db) kanye nezibuyekezo zesizindalwazi sokuhoxiswa (DBX). Ukuhlaziya lezi zenzakalo zakamuva kusiza ekunqumeni ukuthi kukhona yini izibuyekezo ezisalindile, amaphutha ohlelo lokusebenza, noma izimo zempumelelo.

Ngaphezu kwalokho, kunconywa ukwenza uhlu oluningiliziwe lwamadivayisi kuyo yonke inhlangano. Izikripthi ze-PowerShell zingasetshenziswa ukuqoqa amapharamitha afana negama lomshini (i-HostName, isibonelo i-$env:COMPUTERNAME) kanye nosuku nesikhathi sokuqoqa (i-Get-Date), ukuthola isithombe esicacile semikhumbi yemishini ngesikhathi esithile.

Kusukela ku-Registry, kunezinkinobho eziningana ezibaluleke kakhulu. Okokuqala, ukhiye oyinhloko we-Secure Boot ku HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecureBootLokhu kukuvumela ukuthi uhlole amanani afana ne-SecureBootEnabled, i-HighConfidenceOptOut, kanye ne-AvailableUpdates. Le datha ikhombisa ukuthi i-Secure Boot iyasebenza yini, ukuthi idivayisi ikhethe ukusebenzisa izinqubomgomo ezithile zokuthembana, nokuthi izibuyekezo zesitifiketi ziyatholakala yini.

Ngakolunye uhlangothi, kukhona igatsha lokulungisa e- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecureBoot\ServicingLokhu kufaka phakathi amapharamitha afana ne-UEFICA2023Status, i-WindowsUEFICA2023Capable, kanye ne-UEFICA2023Error. Lawa manani abonisa ukuthi idivayisi iyakwazi yini ukwamukela izitifiketi ezintsha ze-UEFI CA 2023, ukuthi izisebenzisile yini, nokuthi ngabe kukhona amaphutha avele ngesikhathi senqubo.

Isigaba sezimfanelo zedivayisi siwusizo futhi: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecureBoot\Servicing\DeviceAttributesYilapho kugcinwa khona idatha efana ne-OEMManufacturerName, i-OEMModelSystemFamily, i-OEMModelNumber, i-FirmwareVersion, i-FirmwareReleaseDate, i-OSArchitecture, kanye ne-CanAttemptUpdateAfter. Lolu lwazi lusiza ukuhambisana kwe-firmware ehambisanayo nesimo sezibuyekezo ze-Secure Boot.

Ngokuphathelene namalogi emicimbi, kuyalulekwa ukuqoqa izinkomba ezifana nokuthi I-LatestEventId Kuhlotshaniswa ne-Secure Boot, i-BucketID kanye nezinga lokuthembela kuthathwe ku-events 1801/1808, kanye ne-Event1801Count kanye ne-Event1808Count counters. Ngale telemetry, amaqembu e-IT angathola amaphethini, amaphutha aphindaphindayo, noma amadivayisi angalokothi aqede ngempumelelo izibuyekezo zesitifiketi.

Ekugcineni, ngokusebenzisa Imibuzo ye-WMI/CIM Imininingwane eyengeziwe yesistimu iyatholakala: Inguqulo ye-Windows (Get-CimInstance Win32_OperatingSystem ye-OSVersion kanye ne-LastBootTime), umkhiqizi webhodi lomama kanye nomkhiqizo (Get-CimInstance Win32_BaseBoard), umkhiqizi wekhompyutha kanye nomodeli (Get-CIMinstance Win32_ComputerSystem).Manufacturer kanye ne-.Model), kanye nedatha ye-BIOS (Get-CIMinstance Win32_BIOS yencazelo kanye nosuku lokukhishwa). Konke lokhu kuvumela ukuhlangana kwezinguqulo ze-firmware, ihadiwe, kanye nesimo se-Secure Boot ngaphakathi kwempahla eyodwa.

Izindawo ezilawulwa ngobuhlakani kanye namadivayisi alawulwa yi-IT

Kwezinhlangano ezisebenzisa I-Intune noma ezinye izixazululo ze-MDM Ukuze uphathe amadivayisi akho e-Windows, umbuzo obalulekile ukuthi kwanele yini ukuvumela i-Windows Update ukuthi yenze umsebenzi wayo noma uma kudingeka kuthathwe izinyathelo ezengeziwe ngaphambi kuka-2026. I-Microsoft ibonise ukuthi, ezindaweni ezilawulwayo, uma nje idatha yokuxilonga Uma zivuliwe okungenani ezingeni "Elidingekayo", izibuyekezo ezidingekayo zizolethwa ngokuzenzakalelayo.

Empeleni, lokhu kusho ukuthi uma izinqubomgomo zakho ze-Intune sezivele zivumela i-telemetry futhi izinketho zakho zokubuyekeza zilungiselelwe kahle, ungaphumula. Noma kunjalo, abaphathi abaningi bayazibuza ukuthi kufanele yini badale ngesandla okhiye abathile bokubhalisa, njenge-MicrosoftUpdateManagedOptIn, noma ukuthi lezi zilungiselelwa ngokuzenzakalelayo uma idivayisi ihlangabezana nezidingo.

I-Microsoft ishicilele imibhalo ethile ekhombisa ukuthi ukhiye I-MicrosoftUpdateManagedOptIn, etholakala ku-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Secureboot, kumele isethwe ku-1 kumadivayisi anezibuyekezo eziphethwe yi-IT ze- ukuvuselelwa okuzenzakalelayo kwezitifiketi kufanele kwenziwe ngendlela efanele. Kwezinye izimo, lo khiye ungalungiselelwa ngokuzenzakalelayo, kodwa kwezinye kungase kube kuhle ukuwusebenzisa ngezinqubomgomo.

Ngakho-ke, isincomo siwukubuyekeza izinqubomgomo ze-Intune ezihlobene nokuxilonga kanye nokubuyekezwa, ukuqinisekisa isimo sangempela semishini kusetshenziswa izikripthi zesitoko, futhi, uma kudingeka, kusetshenziswe inqubomgomo yokucushwa okuqinisekisa ukuthi i-MicrosoftUpdateManagedOptIn inenani elifanele nokuthi amagatsha e-Servicing abonisa ukuhambisana ne-UEFI CA 2023.

Kubaluleke ngokulinganayo ukungacabangi ngokungacabangi ukuthi “akukho okuzodingeka kwenziwe ngo-2026.” Nakuba iMicrosoft yenza ingxenye enkulu yenqubo ibe ngokuzenzakalela, yonke inhlangano inezici zayo ezihlukile: amadivayisi ane-firmware esidala, amakhompyutha angaxhumani njalo, izinqubomgomo zenethiwekhi ezivimbelayo, noma imishini enezibuyekezo ezihlehlisiwe. uhlelo lokuqinisekisa olusebenzayo gwema izimanga ezenzeka ngomzuzu wokugcina.

Indima yama-OEM kanye nezibuyekezo ze-BIOS/firmware

Abakhiqizi bamakhompyutha kanye namabhodi ebhodi, njenge-Acer, badlala indima ebalulekile kulo lonke lolu hlelo. Balawula i- Ukhiye Weplatifomu (i-PK) kanye nengxenye ye-KEK ezitholakala ku-firmware, kanye nezinguqulo ze-BIOS/UEFI ezinquma ukuthi izizindalwazi ze-Secure Boot DB kanye ne-DBX zilayishwa futhi ziphathwa kanjani.

Ngokusho kwe-Acer, inkampani ihlela ukushicilela izibuyekezo ezithile ze-BIOS Kuma-laptop nama-desktop athintekile kwikota yokuqala ka-2026. Lezi zinguqulo zifaka phakathi i-PK, i-KEK kanye ne-DB ezibuyekezwe ngezitifiketi zika-2023, ngakho-ke ngemuva kokusebenzisa i-BIOS ikhompyutha izohambisana nochungechunge olusha lwe-Secure Boot of trust.

Amanye ama-OEM azolandela amasu afanayo, ngakho-ke abaphathi be-IT kanye nabasebenzisi bamandla kufanele baqaphele amanothi okusekela avela kubakhiqizi bawoEzimweni eziningi, inqubo izobandakanya ukulanda i-BIOS entsha kuwebhusayithi ye-OEM noma ukuyithola ngamathuluzi ayimfihlo (njengezinsiza zokuvuselela okuzenzakalelayo) nokusebenzisa isibuyekezo ngokulandela imiyalelo ejwayelekile.

Kumakhompyutha akhishwe ngo-2024 noma ngo-2025, i-BIOS ivame ukufakwa kusengaphambili nezinkinobho ze-BIOS zika-2023, noma ithole leso sibuyekezo ngemuva nje kokuthenga. Uma uthenge i-PC yakho ngaleso sikhathi, cishe usuvele unazo izinkinobho ze-BIOS. izitifiketi ezivuselelweNoma kunjalo, ukuhlolwa kwe-PowerShell kuhlale kungumqondo omuhle ukuqinisekisa lokho.

Uma kwenzeka ingqalasizinda esatshalaliswe, izikhungo zedatha, noma ama-laptop amaningi, kungadingeka ukusebenzisana nama-OEM. uhlelo lokufakwa kwe-firmware ngezigabaLokhu kugwema ukusebenzisa izibuyekezo ezibalulekile ze-BIOS kuwo wonke amadivayisi ngesikhathi esisodwa ngaphandle kokuhlola kwangaphambilini. Lokhu kuhlanganiswe nokuphathwa komjikelezo wokuphila we-cryptographic kanye ne-firmware osekuvele kusetshenziswa izinkampani eziningi.

Izindlela ezinhle kakhulu zokuphepha kwe-inthanethi eziphathelene ne-Secure Boot

Ukuvuselelwa kwesitifiketi se-Secure Boot akuyona into eyenzeka yodwa, kodwa yingxenye ye ukuphathwa komjikelezo wokuphila kwe-crypto yenhlangano. Ukuhlela ukujikeleziswa kokhiye kanye nezitifiketi, ukuhlola ukuthi yini esetshenziswayo empeleni endaweni, kanye nokugcina izilawuli zobuqotho ku-firmware kanye ne-TPM kunciphisa amathuba okuba othile aphazamise uhlelo ezigabeni zokuqala zokuqalisa.

Kulokhu, kungcono ukuhlanganisa izilawuli zokuqalisa nezinye izendlalelo zokuvikela: ukubethela kwediski usebenzisa Idrayivu Yobhalomfihlo iIzinhlelo zokuthola nokuphendula (i-EDR/XDR), ukuqapha izinguquko ze-firmware kanye nokucushwa, kanye nokubuyekezwa okuvamile kwezinqubomgomo zokuphepha ze-Windows kanye nehadiwe. Konke lokhu kusiza ukuqinisekisa ukuthi ukwehluleka okukodwa kungqimba eyodwa akuliphazamisi lonke uhlelo.

Izinkampani ezigxile ekuphepheni kwe-inthanethi kanye nokuhlolwa kokungena zinganezela inani ngokwenza ukuhlolwa kwe-boot chainLokhu kuhilela ukulingisa ukuhlaselwa kwe-firmware, i-UEFI, kanye ne-Secure Boot uqobo, nokuqinisekisa ukuthi ukuzivikela kuziphatha njengoba kulindelekile. Lezi zifundo zivame ukufaka izincomo zokwenza ngokuzenzakalelayo kanye nokuhlela izibuyekezo.

Ezinhlanganweni ezinezingqalasizinda ezisabalele kakhulu, ezithembele kumasevisi efu afana I-Azure noma i-AWS Ukusetha iziteshi zokusabalalisa kanye nokuphathwa kokuvuselelwa okuhlanganisiwe kungenza kube lula ukulawula ama-patches, izitifiketi, kanye ne-firmware. Ngaphezu kwalokho, ukusebenzisa amadeshibhodi ku-Power BI kanye nokuhlaziywa kwe-telemetry kusiza ukubeka phambili ukuthi yimaphi amadivayisi adinga ukunakwa okuphuthumayo.

Ukusetshenziswa kwamathuluzi ukuhlakanipha kokwenziwa kanye nokutholwa kwe-anomaly Izinhlelo ezigxile emicimbini yokuqalisa kanye nokuziphatha kwe-firmware ziya ngokuya zivamile. Lezi zinhlelo zingathola amaphethini angajwayelekile kuma-Secure Boot logs, ukuqalisa kabusha okungajwayelekile, noma izinguquko ekucushweni kwe-UEFI okungase kubonise ukuzama ukuhlasela noma ukungalungiselelwa kahle.

Ezingeni lokusebenza, ezinye izincomo eziyisisekelo zifaka: ukuhlola njalo i-Windows Update kanye nezimo zokuphepha ku-Windows Security Center, ukucela i-firmware esemthethweni kubakhiqizi bemishini engavuseleli ngokuzenzakalelayo, ukuhlola izibuyekezo kuma-lab ngaphambi kokufakwa kwenqwaba, kanye nokugcina izinhlelo zokuphatha ama-inventory ezibuyekeziwe kanye nezinhlelo zokuphatha ama-patch ihlelwe kahle.

Ukuhlanganisa le mikhuba nokuvuselelwa okufanele kwezitifiketi ze-Secure Boot kusiza ukugcina isimo sokuphepha esiqinile, kunciphisa amathuba okudalulwa futhi kusiza ekuhlolweni kwesikhathi esizayo, kungaba ngaphakathi noma ngaphandle.

Ngamafuphi, ukuphelelwa yisikhathi kwezitifiketi ze-Secure Boot ngoJuni 2026 kwenza kube nesidingo sokubuyekeza indlela izinhlelo zethu ezihlelwe futhi zibuyekezwa ngayo, kokubili ekhaya nasezinhlanganweni ezinkulu: ukuqinisekisa ukuthi I-Secure Boot iyasebenzaUkuqinisekisa ukuba khona kwe-Windows UEFI CA 2023 kusuka ku-PowerShell, ukuqinisekisa okhiye bokubhalisa kanye nemicimbi, ukuxhumanisa nama-OEM ukusebenzisa i-firmware yakamuva, kanye nokusebenzisa amakhono ezixazululo ze-Intune, i-WSUS, i-SCCM, noma i-MDM ukuze kusetshenziswe ngokuzenzakalelayo ukuthunyelwa kwenza umehluko phakathi kwendawo ehlala ivikelekile ezinsongweni zesimanje ngesikhathi sokuqalisa kanye naleyo, nakuba ibonakala ijwayelekile, eqoqa izingozi ezithule okunzima ukuzithola ekuqaleni.