Secure Boot Menu

Secure Boot

The following information is displayed:

  • System Mode

  • Secure Boot

Note: For detailed instructions on configuring Security Boot settings, refer to the Security Boot Configuration User's Guide at https://www.supermicro.com/support/manuals.

Secure Boot

Select Enabled to configure Secure Boot settings. The options are Disabled and Enabled.

Secure Boot Mode

Use this feature to select the desired secure boot mode for the system. The options are Standard and Custom.

Enter Audit Mode

Select Ok to enter the Audit Mode workflow. It will result in erasing the Platform Key (PK) variables and resetting the system to the Setup/Audit Mode.

Note: This submenu is available when "Secure Boot Mode" is set to Custom.

Key Management

The following information is displayed:

  • Vendor Keys

Note: This submenu is available when "Secure Boot Mode" is set to Custom.

Provision Factory Defaults

Select Enabled to install the default secure boot keys when the system is in the Setup Mode. Changes take effect after you save settings and reboot the system. The options are Disabled and Enabled.

Restore Factory Keys

Select Yes to restore manufacturer default keys to ensure system security. The options are Yes and No. Selecting Yes will reset the system to the User Mode.

Note: This submenu is available when any secure keys have been installed.

Reset To Setup Mode

This feature resets the system to the Setup Mode. The options are Yes and No.

Note: This submenu is available when any secure keys have been installed.

Enroll Efi Image

This feature allows the Efi image to run in the secure boot mode and enroll the SHA256 Hash certificate of a PE image into the Authorized Signature Database (DB).

Export Secure Boot Variables

This feature exports the NVRAM contents of secure boot variables to a storage device. The options are Yes and No.

Note: This submenu is available when any secure keys have been installed.

Secure Boot variable / Size / Keys / Key Source

Platform Key (PK)

Use this feature to enter and configure a set of values to be used as platform firmware keys for the system. These values also indicate the sizes, key numbers, and the sources of the authorized signatures. Select Update to update the platform key.

Key Exchange Keys (KEK)

Use this feature to enter and configure a set of values to be used as Key Exchange Keys for the system. These values also indicate the sizes, key numbers, and the sources of the authorized signatures. Select Update to update the Key Exchange Keys. Select Append to append the Key Exchange Keys.

Authorized Signatures (db)

Use this feature to enter and configure a set of values to be used as Authorized Signatures for the system. These values also indicate the sizes, key numbers, and sources of the authorized signatures. Select Update to update the Authorized Signatures. Select Append to append the new Authorized Signatures.

Forbidden Signatures (dbx)

Use this feature to enter and configure a set of values to be used as Forbidden Signatures for the system. These values also indicate sizes, key numbers, and key sources of the forbidden signatures. Select Update to update the Forbidden Signatures. Select Append to append the Forbidden Signature.

Authorized TimeStamps (dbt)

Use this feature to set and save the timestamps for the Authorized Signatures, which will indicate the time when these signatures are entered into the system. These values also indicate sizes, keys, and key sources of the authorized timestamps. Select Update to update the Authorized TimeStamps. Select Append to append the Authorized TimeStamps.

OsRecovery Signatures (dbr)

Use this feature to set and save the Authorized Signatures used for OS recovery. Select Update to update the OsRecovery Signatures. These values also indicate sizes, keys, and key sources of the OsRecovery Signatures. Select Append to append the OsRecovery Signatures.