ACCESS TO THE UEFI REVOCATION LIST FILES
These files are used to update the Secure Boot Forbidden Signature Database, dbx. It contains the raw bytes passed in *Data to SetVariable()... an EFI_VARIABLE_AUTHENTICATION_2 concatenated with the new variable value. Example usage: SetVariable( "dbx", EFI_IMAGE_SECURITY_DATABASE_GUID, NV+BS+RT+AT+AppendWrite, dbxUpdateDotBin_sizeInBytes, *dbxUpdateDotBin_bytes). dbxupdate.bin already contains a Microsoft KEK signature (encoded as specified by the UEFI spec).
UEFI Revocation List files contain the, now-revoked, signatures of previously approved and signed firmware and software used in booting systems with UEFI Secure Boot enabled. They are to be used only as described in the terms below. Distribution of the data in these files to running systems could cause instability and should only be attempted by security experts and IT professionals. System OEMs can use these files to test their platform firmware.
HP Inc. has provided the following comment.
“Specific HP commercial PCs may require a BIOS update before the dbx database can be updated. HP has released a customer advisory here that describes the issue, lists the affected models and points to updated BIOS versions that address this issue.”
UEFI Revocation List Files – One file for each of the following processor architectures. The x86 and arm64 files were last updated on July 29, 2020. The revocation list file for x64 was updated on October 12, 2020 and has removed unnecessary blocks on a few applications. Please use the latest version of this file for x64 instead of the one posted on July 29th, 2020.
- UEFI Revocation List File for x86 (32 bit) - available for download here
- UEFI Revocation List File for x64 (64 bit) - available for download here
- UEFI Revocation List File for arm64 - available for download here
By downloading the UEFI Revocation List file ("UEFI Revocation List") from this website (www.uefi.org), you agree to the following terms. If you do not accept them, do not download or use the UEFI Revocation List.
These terms do not provide you with any legal rights to any intellectual property in any Microsoft product.
You may copy and use the UEFI Revocation List for your internal, reference purposes and to design, develop, and test your software, firmware or hardware, as applicable; and you may distribute the UEFI Revocation List to end users solely as part of the distribution of an operating system software product, or as part of the distribution of updates to an operating system product; and you may distribute the UEFI Revocation List to end users or through your distribution channels solely as embodied in a firmware product or hardware product that embodies nontrivial additional functionality. Without limiting the foregoing, copying or reproduction of the UEFI Revocation List to any other server or location for further reproduction or redistribution on a standalone basis is expressly prohibited.
If you are engaged in the business of developing and commercializing hardware products that include the UEFI standard, you may copy and use the UEFI Revocation List for your internal, reference purposes and to design, develop, and test your software; and you may distribute the UEFI Revocation List end users solely as part of the distribution of an operation system software product, or as part of the distribution of updates to an operation system software product. Without limiting the foregoing, copying or reproduction of the UEFI Revocation List to any other server or location for further reproduction or redistribution on a standalone basis is expressly prohibited.
The UEFI Revocation List is provided “as-is.” The information contained in the UEFI Revocation List may change without notice. Microsoft does not represent that the UEFI Revocation List is error free and you bear the entire risk of using it. NEITHER MICROSOFT NOR UEFI MAKES ANY WARRANTIES, EXPRESS OR IMPLIED, WITH RESPECT TO THE UEFI REVOCATION LIST, AND MICROSOFT AND UEFI EACH EXPRESSLY DISCLAIMS ALL OTHER EXPRESS, IMPLIED, OR STATUTORY WARRANTIES. THIS INCLUDES THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE AND NON-INFRINGEMENT.
TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, IN NO EVENT SHALL MICROSOFT OR UEFI BE LIABLE FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER ARISING OUT OF OR IN CONNECTION WITH THE USE OR DISTRIBUTION OF THE UEFI REVOCATION LIST, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION.
YOU AGREE TO RELEASE MICROSOFT (INCLUDING ITS AFFLIATES, CONTRACTORS, AGENTS, EMPLOYEES, LICENSEES AND ASSIGNEES) AND UEFI (INCLUDING ITS AFFILIATES, CONTRACTORS, AGENTS, EMPLOYEES, LICENSEES AND SUCCESSORS) FROM ANY AND ALL CLAIMS OR LIABILITY ARISING OUT OF YOUR USE OR DISTRIBUTION OF THE UEFI REVOCATION LIST AND ANY RELATED INFORMATION.