I have a desktop with Asrock B550M pro motherboard and its firmware is UEFI.
The setup offers custom key management under Secure Boot.
I downloaded Windows UEFI CA 2023.crt from Microsoft as well as created by own certificate using OpenSSL.
I appended both the certificates as Public Certificates in db variable from the UEFI’s Custom Key Management interface.
After saving changes I went into UEFI again and confirmed that the keys are preserved, and they indeed are.
However I notice that a totally new GUID is attached to both certificates than the original one.
My own key certificate GUID starts with 4DB62.. and that of Microsoft CA-2023 is 77FA9ABD...
However see the screenshot, a new single but different GUID is attached to both certificates.
Is this the way it is or did I do something wrong? Is it simply because the custom key management mode (I guess setup mode) is not a strict mode and I am freely allowed to manipulate the keys?
Secure Boot is working fine. It now even can run EFI files signed by my own key created using OpenSSL.
