In a couple of years, the UM790 Pro will break due to suspect UEFI keys.
The head of the PK key is:
eth6:~ # mokutil --pk
[key 1]
SHA1 Fingerprint: 2b:6c:cd:e9:09:23:0f:89:44:7d:8a:58:3d:03:a4:32:d6:86:fa:ee
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
(Negative)08:c2:d1:c3:6c:9b:51:4f:b3:7c:6a:02:08:12:cd:59
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=DO NOT TRUST - AMI Test PK
Validity
Not Before: Sep 8 14:35:29 2021 GMT
Not After : Sep 8 14:35:28 2025 GMT
Subject: CN=DO NOT TRUST - AMI Test PK
Yup, that's right, Minisforum are using an AMD test key.
It gets worse.
Here is the KEK key whicH expires in just over 3 years:
eth6:~ # mokutil --kek
[key 1]
SHA1 Fingerprint: 31:59:0b:fd:89:c9:d7:4e:d0:87:df:ac:66:33:4b:39:31:25:4b:30
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
61:0a:d1:88:00:00:00:00:00:03
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation Third Party Marketplace Root
Validity
Not Before: Jun 24 20:41:29 2011 GMT
Not After : Jun 24 20:51:29 2026 GMT
Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation KEK CA 2011
Sorry guys, but it still gets worse. Here are the DB key details, which expire in a couple of years and is using a test key.:
eth6:~ # mokutil --db
[key 1]
SHA1 Fingerprint: 69:35:dc:f3:fd:92:03:65:1b:73:ac:bc:cb:87:3e:da:f4:0e:17:cb
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
5d:7c:a3:df:8c:0d:2a:ab:49:21:c9:8c:f4:83:1e:d7
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=MG TEST OWN CA
Validity
Not Before: May 31 15:38:44 2023 GMT
Not After : May 31 15:38:43 2028 GMT
Subject: CN=MG TEST OWN Root
[...]
[key 2]
SHA1 Fingerprint: 46:de:f6:3b:5c:e6:1c:f8:ba:0d:e2:e6:63:9c:10:19:d0:ed:14:f3
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
61:08:d3:c4:00:00:00:00:00:04
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation,
CN=Microsoft Corporation Third Party Marketplace Root
Validity
Not Before: Jun 27 21:22:45 2011 GMT
Not After : Jun 27 21:32:45 2026 GMT
Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation,
[...]
[key 3]
SHA1 Fingerprint: 58:0a:6f:4c:c4:e4:b6:69:b9:eb:dc:1b:2b:3e:08:7b:80:d0:67:8d
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
61:07:76:56:00:00:00:00:00:08
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation,
CN=Microsoft Root Certificate Authority 2010
Validity
Not Before: Oct 19 18:41:42 2011 GMT
Not After : Oct 19 18:51:42 2026 GMT
Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation,
CN=Microsoft Windows Production PCA 2011
[...]
The head of the PK key is:
eth6:~ # mokutil --pk
[key 1]
SHA1 Fingerprint: 2b:6c:cd:e9:09:23:0f:89:44:7d:8a:58:3d:03:a4:32:d6:86:fa:ee
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
(Negative)08:c2:d1:c3:6c:9b:51:4f:b3:7c:6a:02:08:12:cd:59
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=DO NOT TRUST - AMI Test PK
Validity
Not Before: Sep 8 14:35:29 2021 GMT
Not After : Sep 8 14:35:28 2025 GMT
Subject: CN=DO NOT TRUST - AMI Test PK
Yup, that's right, Minisforum are using an AMD test key.
It gets worse.
Here is the KEK key whicH expires in just over 3 years:
eth6:~ # mokutil --kek
[key 1]
SHA1 Fingerprint: 31:59:0b:fd:89:c9:d7:4e:d0:87:df:ac:66:33:4b:39:31:25:4b:30
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
61:0a:d1:88:00:00:00:00:00:03
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation Third Party Marketplace Root
Validity
Not Before: Jun 24 20:41:29 2011 GMT
Not After : Jun 24 20:51:29 2026 GMT
Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation KEK CA 2011
Sorry guys, but it still gets worse. Here are the DB key details, which expire in a couple of years and is using a test key.:
eth6:~ # mokutil --db
[key 1]
SHA1 Fingerprint: 69:35:dc:f3:fd:92:03:65:1b:73:ac:bc:cb:87:3e:da:f4:0e:17:cb
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
5d:7c:a3:df:8c:0d:2a:ab:49:21:c9:8c:f4:83:1e:d7
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=MG TEST OWN CA
Validity
Not Before: May 31 15:38:44 2023 GMT
Not After : May 31 15:38:43 2028 GMT
Subject: CN=MG TEST OWN Root
[...]
[key 2]
SHA1 Fingerprint: 46:de:f6:3b:5c:e6:1c:f8:ba:0d:e2:e6:63:9c:10:19:d0:ed:14:f3
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
61:08:d3:c4:00:00:00:00:00:04
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation,
CN=Microsoft Corporation Third Party Marketplace Root
Validity
Not Before: Jun 27 21:22:45 2011 GMT
Not After : Jun 27 21:32:45 2026 GMT
Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation,
[...]
[key 3]
SHA1 Fingerprint: 58:0a:6f:4c:c4:e4:b6:69:b9:eb:dc:1b:2b:3e:08:7b:80:d0:67:8d
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
61:07:76:56:00:00:00:00:00:08
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation,
CN=Microsoft Root Certificate Authority 2010
Validity
Not Before: Oct 19 18:41:42 2011 GMT
Not After : Oct 19 18:51:42 2026 GMT
Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation,
CN=Microsoft Windows Production PCA 2011
[...]