more dbxupdate.bin

[zhangyoufu]

Thank you for maintaining this repo! It's helpful to me.

I posted my collection of dbxupdate.bin at https://github.com/zhangyoufu/dbxupdate-collection which may help you refine this repo.

[hughsie]

I'm unclear what you'd like me to do.

[zhangyoufu]

I'm unclear what you'd like me to do.

some dbxupdate.bin is missing or mis-labeled in your repo

[hughsie]

Do you have a list of missing ones please? Out of interest, where did you find the ones not present in this repo?

[zhangyoufu]

summary

fwupd/dbx-firmware	SHA256	zhangyoufu/dbxupdate-collection	source	status
DBXUpdate-20100307.x64.bin	9ffd339ca62d4e14046830a3941f4292df88606b0de0e4049bcb75c5ef0f1718	dbxupdate-20131210.x86+x64.bin	KB2871690-v1	mislabeled date & arch
	de7c8dbf1d4b61b5341674ca30ef2949f3533ee7cb90763655b477f91c5d9e2a	dbxupdate-20140227.x86+x64.bin	KB2871690-v2	missing
DBXUpdate-20140413.x64.bin	a1fcafe3ce43172688ab6410140f704c0dfdbed3bf17c1b6ca59021fd979fa97	dbxupdate-20140513.x86+x64.bin	KB2962824	mislabeled date & arch
DBXUpdate-20160809.x64.bin	0a15d385e02757ac103e51f52db5e2bdd3c83b60d8337a9c2ae74fbdb303dd9b	dbxupdate-20160809.x86+x64+arm+arm64.bin	KB3172729	mislabeled arch
	528728c4a643d366445d953c6357a45656795396c09ac93b8a984b74c4bda9c3	dbxupdate-20200211.x64.bin	KB4524244	missing
	dee116097d6e04533870be7030677ac86aefbcf6d73113f50a54aec2eb22243a	dbxupdate-20200211.x86+x64+arm+arm64.bin	KB4502496 / KB4524244	missing
DBXUpdate-20200729.aa64.bin	388c8ba9245258e1d758e10fc9d29f2d2968122b9783f650c716e26e148167ab	dbxupdate-20200729.arm64.bin	UEFI Forum	ok
DBXUpdate-20200729.ia32.bin	f27c29819a9e7d955e7c668ca7a14f87ec844e8e8c3cdf7d4bae1ee30b89e5c2	dbxupdate-20200729.x86.bin	UEFI Forum	ok
DBXUpdate-20200729.x64.bin	4311abe7062c3a390d6d9b6cc11856ce4db3c5edd2bd233e336cadadb009858e	dbxupdate-20200729.x64.bin	UEFI Forum	ok
	1d0ef6d139ba323a2b293ff825701cd37fa840cb636d11760d6096e2b4ddea81	dbxupdate-20201012.x64.bin	UEFI Forum	missing
DBXUpdate-20210429.aa64.bin	f42c187f8b01b497f81fb0459164b27d16ca2af0b95c7331a82c1a27a731a885	dbxupdate-20210429.arm64.bin	UEFI Forum	ok
DBXUpdate-20210429.ia32.bin	66fce6d730e6238fbb2bfc0359b772baa70993d8cc5658499c11ec3e2cc79f6a	dbxupdate-20210429.x86.bin	UEFI Forum	ok
DBXUpdate-20210429.x64.bin	46ba1f2a0a2ed7aabe20f9b7b2a8d717cb0b514cea83c7a1a24fe25f6b208784	dbxupdate-20210429.x64.bin	UEFI Forum	ok
DBXUpdate-20220812.aa64.bin	5cec4952122a63abc90304bd3636cd287ca452314ce2262386060388a337a718	dbxupdate-20220809.arm64.bin	KB5012170 / UEFI Forum	mislabeled date
DBXUpdate-20220812.ia32.bin	7c53233fe6a8a2edb7a0af98972fa2fc1e49e3ddd4444a277ad4a948d1e5cc9c	dbxupdate-20220809.x86.bin	KB5012170 / UEFI Forum	mislabeled date
DBXUpdate-20220812.x64.bin	5257ed64cc924e69a5bf0c0e17da83fd1cce2c8a308edbf392b96e5668614ea0	dbxupdate-20220809.x64.bin	KB5012170 / UEFI Forum	mislabeled date
DBXUpdate-20230314.aa64.bin	fc9f78ccedac04bcccd5f38524350d6f4b14ff47528deef1978bd308ef8d6388	dbxupdate-20220907.arm64.bin	UEFI Forum	mislabeled date
	86362ee64aa90693b18b25427ff6387d31f866a6216e9f549ea2f1d363d409a3	dbxupdate-20220907.x64.bin	UEFI Forum	missing
DBXUpdate-20230314.ia32.bin	eef6dc24522940ca6dac1a5e23c0f663965b2317b4839f42101c8d9caa4a6aa8	dbxupdate-20230314.x86.bin	UEFI Forum	ok
DBXUpdate-20230314.x64.bin	507ab746941d1f1905e71f09a33c0028977cf3b19807a36dd17b6b550cf20be5	dbxupdate-20230314.x64.bin	UEFI Forum	ok
DBXUpdate-20230509.aa64.bin	839420e6b4036df967e9ff5264d4a304e6b642e31ae87482360892d3f9fffeff	dbxupdate-20230509.arm64.bin	UEFI Forum	ok
DBXUpdate-20230509.arm.bin	45d7b29e1f9002b98e561fac1903986255d51cfad9aab263509d9a0f057b63c9	dbxupdate-20230509.arm.bin	UEFI Forum	ok
DBXUpdate-20230509.ia32.bin	b073eb71894e933e22d935cf45bf8319543819998522785d967f51fd87c85f85	dbxupdate-20230509.x86.bin	UEFI Forum	ok
DBXUpdate-20230509.x64.bin	3e56c3d9e5b12edbd9e4006413d87fba099de1eba33d2bea566e742166cb366a	dbxupdate-20230509.x64.bin	UEFI Forum	ok

dbxupdate-20131210.x86+x64.bin

status: mislabeled date & arch
fwupd/dbx-firmware: DBXUpdate-20100307.x64.bin

The date 20100307 seems to be a misinterpret of EFI_VARIABLE_AUTHENTICATION_2.TimeStamp field, which always take the value EFI_TIME(Year=2010, Month=3, Day=6, Hour=19, Minute=17, Second=21, Nanosecond=0, TimeZone=0, Daylight=0) for whatever reason.

If you parse the PKCS7 signature part, you will found that the signing KEK leaf cert has NotBefore=20121010T182454Z, which means that this dbxupdate.bin cannot be published at 20100307.

You can download this file from KB2871690-v1, which was published on 2013-12-10.

This file targets both x86 & x64. There are 2 x86 entries and 7 x64 entries in this file:

PE256 Authenticode	arch
80b4d96931bf0d02fd91a61e19d14f1da452e66db2408ca8604d411f92659f0a	x64
f52f83a3fa9cfbd6920f722824dbe4034534d25b8507246b3b957dac6e1bce7a	x64
c5d9d8a186e2c82d09afaa2a6f7f2e73870d3e64f72c4e08ef67796a840f0fbd	x64
363384d14d1f2e0b7815626484c459ad57a318ef4396266048d058c5a19bbf76	x86
1aec84b84b6c65a51220a9be7181965230210d62d6d33c48999c6b295a2b0a06	x64
e6ca68e94146629af03f69c2f86e6bef62f930b37c6fbcc878b78df98c0334e5	x86
c3a99a460da464a057c3586d83cef5f4ae08b7103979ed8932742df0ed530c66	x64
58fb941aef95a25943b3fb5f2510a0df3fe44c58c95e0ab80487297568ab9771	x64
5391c3a2fb112102a6aa1edc25ae77e19f5d6f09cd09eeb2509922bfcd5992ea	x64

Download URL:

• https://catalog.s.download.windowsupdate.com/msdownload/update/software/secu/2013/11/windows8-rt-kb2871690-x86_561070e595909b7974094d938211edbc15e30f66.cab
• https://catalog.s.download.windowsupdate.com/msdownload/update/software/secu/2013/11/windows8-rt-kb2871690-x64_7e609af111f8911448b5ecc8bcf8403fd5a6ce35.cab

dbxupdate-20140227.x86+x64.bin

status: missing

You can download this file from KB2871690-v2, which was published on 2014-02-27.
The dbxupdate entries was same as KB2871690-v1. Only the signing KEK leaf cert was updated.

Download URL:

• https://catalog.s.download.windowsupdate.com/msdownload/update/software/secu/2014/02/windows8-rt-kb2871690-v2-x86_4ea7af4cf8dc0472584b985e72b1a6b5f3579335.cab
• https://catalog.s.download.windowsupdate.com/msdownload/update/software/secu/2014/02/windows8-rt-kb2871690-v2-x64_566a16e0052965618f2bd96359b2719b214d102d.cab

dbxupdate-20140513.x86+x64.bin

status: mislabeled date & arch
fwupd/dbx-firmware: DBXUpdate-20140413.x64.bin

KB2962824 (incl. KB2920189 & KB2961908) was published on 2014-05-13. Maybe 20140413 was a typo?

This file appends 4 x64 entries in addition to KB2871690. It targets both x86 & x64.

dbxupdate-20160809.x86+x64+arm+arm64.bin

status: mislabeled arch
fwupd/dbx-firmware: DBXUpdate-20160809.x64.bin

This files appends 16 entries for each arch:

PE256 Authenticode	arch
075eea060589548ba060b2feed10da3c20c7fe9b17cd026b94e8a683b8115238	arm64
07e6c6a858646fb1efc67903fe28b116011f2367fe92e6be2b36999eff39d09e	arm
09df5f4e511208ec78b96d12d08125fdb603868de39f6f72927852599b659c26	arm64
0bbb4392daac7ab89b30a4ac657531b97bfaab04f90b0dafe5f9b6eb90a06374	arm
0c189339762df336ab3dd006a463df715a39cfb0f492465c600e6c6bd7bd898c	arm
0d0dbeca6f29eca06f331a7d72e4884b12097fb348983a2a14a0d73f4f10140f	arm64
0dc9f3fb99962148c3ca833632758d3ed4fc8d0b0007b95b31e6528f2acd5bfc	arm64
106faceacfecfd4e303b74f480a08098e2d0802b936f8ec774ce21f31686689c	x64
174e3a0b5b43c6a607bbd3404f05341e3dcf396267ce94f8b50e2e23a9da920c	x64
18333429ff0562ed9f97033e1148dceee52dbe2e496d5410b5cfd6c864d2d10f	arm64
2b99cf26422e92fe365fbf4bc30d27086c9ee14b7a6fff44fb2f6b9001699939	x64
2bbf2ca7b8f1d91f27ee52b6fb2a5dd049b85a2b9b529c5d6662068104b055f8	x86
2c73d93325ba6dcbe589d4a4c63c5b935559ef92fbf050ed50c4e2085206f17d	x86
2e70916786a6f773511fa7181fab0f1d70b557c6322ea923b2a8d3b92b51af7d	x64
306628fa5477305728ba4a467de7d0387a54f569d3769fce5e75ec89d28d1593	x86
3608edbaf5ad0f41a414a1777abf2faf5e670334675ec3995e6935829e0caad2	arm64
3841d221368d1583d75c0a02e62160394d6c4e0a6760b6f607b90362bc855b02	x86
3fce9b9fdf3ef09d5452b0f95ee481c2b7f06d743a737971558e70136ace3e73	x64
4397daca839e7f63077cb50c92df43bc2d2fb2a8f59f26fc7a0e4bd4d9751692	x86
47cc086127e2069a86e03a6bef2cd410f8c55a6d6bdb362168c31b2ce32a5adf	x64
518831fe7382b514d03e15c621228b8ab65479bd0cbfa3c5c1d0f48d9c306135	arm
5ae949ea8855eb93e439dbc65bda2e42852c2fdf6789fa146736e3c3410f2b5c	arm
6b1d138078e4418aa68deb7bb35e066092cf479eeb8ce4cd12e7d072ccb42f66	x86
6c8854478dd559e29351b826c06cb8bfef2b94ad3538358772d193f82ed1ca11	arm64
6f1428ff71c9db0ed5af1f2e7bbfcbab647cc265ddf5b293cdb626f50a3a785e	x86
71f2906fd222497e54a34662ab2497fcc81020770ff51368e9e3d9bfcbfd6375	x64
726b3eb654046a30f3f83d9b96ce03f670e9a806d1708a0371e62dc49d2c23c1	arm
72e0bd1867cf5d9d56ab158adf3bddbc82bf32a8d8aa1d8c5e2f6df29428d6d8	arm
7827af99362cfaf0717dade4b1bfe0438ad171c15addc248b75bf8caa44bb2c5	arm
81a8b965bb84d3876b9429a95481cc955318cfaa1412d808c8a33bfd33fff0e4	arm
82db3bceb4f60843ce9d97c3d187cd9b5941cd3de8100e586f2bda5637575f67	x64
895a9785f617ca1d7ed44fc1a1470b71f3f1223862d9ff9dcc3ae2df92163daf	x86
8ad64859f195b5f58dafaa940b6a6167acd67a886e8f469364177221c55945b9	x64
8bf434b49e00ccf71502a2cd900865cb01ec3b3da03c35be505fdf7bd563f521	arm64
8d8ea289cfe70a1c07ab7365cb28ee51edd33cf2506de888fbadd60ebf80481c	x64
9998d363c491be16bd74ba10b94d9291001611736fdca643a36664bc0f315a42	arm
9e4a69173161682e55fde8fef560eb88ec1ffedcaf04001f66c0caf707b2b734	x86
a6b5151f3655d3a2af0d472759796be4a4200e5495a7d869754c4848857408a7	arm64
a7f32f508d4eb0fead9a087ef94ed1ba0aec5de6f7ef6ff0a62b93bedf5d458d	x86
ad6826e1946d26d3eaf3685c88d97d85de3b4dcb3d0ee2ae81c70560d13c5720	arm
aeebae3151271273ed95aa2e671139ed31a98567303a332298f83709a9d55aa1	x64
afe2030afb7d2cda13f9fa333a02e34f6751afec11b010dbcd441fdf4c4002b3	arm64
b54f1ee636631fad68058d3b0937031ac1b90ccb17062a391cca68afdbe40d55	x86
b8f078d983a24ac433216393883514cd932c33af18e7dd70884c8235f4275736	arm64
b97a0889059c035ff1d54b6db53b11b9766668d9f955247c028b2837d7a04cd9	x86
bc87a668e81966489cb508ee805183c19e6acd24cf17799ca062d2e384da0ea7	arm64
c409bdac4775add8db92aa22b5b718fb8c94a1462c1fe9a416b95d8a3388c2fc	x64
c617c1a8b1ee2a811c28b5a81b4c83d7c98b5b0c27281d610207ebe692c2967f	x64
c90f336617b8e7f983975413c997f10b73eb267fd8a10cb9e3bdbfc667abdb8b	x64
cb6b858b40d3a098765815b592c1514a49604fafd60819da88d7a76e9778fef7	arm64
ce3bfabe59d67ce8ac8dfd4a16f7c43ef9c224513fbc655957d735fa29f540ce	arm64
d8cbeb9735f5672b367e4f96cdc74969615d17074ae96c724d42ce0216f8f3fa	arm
e92c22eb3b5642d65c1ec2caf247d2594738eebb7fb3841a44956f59e2b0d1fa	arm
fddd6e3d29ea84c7743dad4a1bdbc700b5fec1b391f932409086acc71dd6dbd8	x86
fe63a84f782cc9d3fcf2ccf9fc11fbd03760878758d26285ed12669bdc6e6d01	arm
fecfb232d12e994b6d485d2c7167728aa5525984ad5ca61e7516221f079a1436	x86
ca171d614a8d7e121c93948cd0fe55d39981f9d11aa96e03450a415227c2c65b	arm
55b99b0de53dbcfe485aa9c737cf3fb616ef3d91fab599aa7cab19eda763b5ba	arm
77dd190fa30d88ff5e3b011a0ae61e6209780c130b535ecb87e6f0888a0b6b2f	arm64
c83cb13922ad99f560744675dd37cc94dcad5a1fcba6472fee341171d939e884	arm64
3b0287533e0cc3d0ec1aa823cbf0a941aad8721579d1c499802dd1c3a636b8a9	x86
939aeef4f5fa51e23340c3f2e49048ce8872526afdf752c3a7f3a3f2bc9f6049	x86
64575bd912789a2e14ad56f6341f52af6bf80cf94400785975e9f04e2d64d745	x64
45c7c8ae750acfbb48fc37527d6412dd644daed8913ccd8a24c94d856967df8e	x64

dbxupdate-20200211.x86+x64+arm+arm64.bin & dbxupdate-20200211.x64.bin

status: missing

OS Version	arch	KB	dbxupdate.bin
Windows 10 1507 and older	x86/x64/arm	KB4502496	dbxupdate-20200211.x86+x64+arm+arm64.bin
Windows 10 1607/1703/1709/1803	x86/x64/arm64	KB4524244	dbxupdate-20200211.x86+x64+arm+arm64.bin
Windows 10 1809/1903/1909	x86	KB4524244	dbxupdate-20160809.x86+x64+arm+arm64.bin
Windows 10 1809/1903/1909	x64	KB4524244	dbxupdate-20200211.x64.bin
Windows 10 1809/1903/1909	arm64	KB4524244	? (unable to find sample)

Download URL:

• x86+x64+arm+arm64:
  • https://catalog.s.download.windowsupdate.com/msdownload/update/software/secu/2019/11/windows8.1-kb4502496-x86_c940ff936b466ca9fb8139ec42d654f523905e14.cab
  • https://catalog.s.download.windowsupdate.com/msdownload/update/software/secu/2019/11/windows8.1-kb4502496-x64_434af1f60ac2f1dfe4ade5030001b548835534fd.cab
  • https://catalog.s.download.windowsupdate.com/msdownload/update/software/secu/2019/11/windows8.1-kb4502496-arm_2c2a2e67282a4f3bdd088fa16344fd78c5aab6b1.cab
• x64 only:
  • https://catalog.s.download.windowsupdate.com/msdownload/update/software/secu/2019/11/windows10.0-kb4524244-x64_c4ba8051c05198b56dff75aebca66b7ef63f5d8f.cab

dbxupdate-20201012.x64.bin

status: missing

UEFI Forum made some changes on dbxupdate-20200729.x64.bin:

• add Cisco cert
• deduplicate some entries
• removed some entries

Download URL: https://web.archive.org/web/20210422192825if_/https://uefi.org/sites/default/files/resources/dbxupdate_x64.bin

dbxupdate-20220809.{x86,x64,arm64}.bin

status: mislabeled date

UEFI Forum states that these files were released on 20220812. But according to Wayback Machine, they were actually published between 20220814 and 20220817.
KB5012170 has the same sets of files, and was released on 20220809.

dbxupdate-20220907.x64.bin & dbxupdate-20220907.arm64.bin

status:

• x64: missing
• arm64: mislabeled date

The 20220907 release appends 1 x64 entry and 1 arm64 entry from VMware.
The 20230314 release appends 2 x86 entries and 2 x64 entries from Trend Micro. Arm64 not changed.

Download URL:

• x64: https://web.archive.org/web/20240226045216if_/https://uefi.org/sites/default/files/resources/DBXUpdate_2.bin
• arm64: https://web.archive.org/web/20221115182926if_/https://uefi.org/sites/default/files/resources/DBXUpdate_3.bin