Microsoft Download Center Archive
 | Microsoft Surface Pro UEFI CA |
Microsoft Surface Pro UEFI CA OEM PK Tool
- Surface Pro and Surface Pro 2 systems currently do not include the Microsoft UEFI Certification Authority certificate in the system UEFI Secure Boot database. If present, this certificate would be in the Allowed Database (also referred to as “db”), enabling the execution of 3rd party UEFI applications and drivers that have been signed by the Microsoft UEFI CA. The tool bundled with this release enables the addition of the Microsoft UEFI Certification Authority certificate to the db. This tool is intended for use by IT professionals and advanced users who require the execution of 3rd party UEFI applications and drivers on a Secure Boot enabled system. Users of the tool should be familiar with the concepts of UEFI, Secure Boot, and BitLocker.
Files
 | Status: LiveThis download is still available on microsoft.com. The downloads below will come directly from the Microsoft Download Center. |
| File | SHA1 Hash | Size |
|---|---|---|
 OEM_PK_Surface.zip | 2f3b5673be4140e493c56fb575cd29e2a157c744 | 399 KB |
File sizes and hashes are retrieved from the Wayback Machine’s indexes. They may not match the latest versions of files hosted on Microsoft servers.
System Requirements
Operating Systems: Windows 8, Windows 8 Enterprise, Windows 8 Pro, Windows 8.1
- Surface ProSurface Pro 2
Installation Instructions
- This tool performs the following operations on the system: 1. Adds the Microsoft UEFI Certification Authority certificate to the Allowed Database ‘db’. Keys that are currently provisioned in the db will not be affected by this step. 2. Updates the Revoked Signatures Database ‘dbx’ with the most recent UEFI revoked signatures list. This step enhances the security of the system by denying Secure Boot to components which are signed with a compromised certificate.Please refer to the documentation bundled with this release prior to use of the tool.