38
User's Manual |
WL051
Chapter 3
BIOS SETTINGS
Factory Key Provision
Enable or disable the provision factory default keys on next re-start. This will only take place
when the “System Mode” in the previous menu is in “Setup”, which can be achieved by moving
the cursor to the “Reset To Setup Mode” and press Enter.
Restore Factory Keys
Force system to User Mode. Configure NVRAM to contain OEM-defined factory default Secure
Boot keys.
Reset To Setup Mode
Clear the database from the NVRAM, including all the keys and signatures installed in the Key
Management menu. Press Enter and a prompt will show up for you to confirm.
Export Secure Boot variables
Export the Secure Boot settings (i.e. all keys and signatures) as files to the root directory of
a file system device. Press Enter and select a storage device listed in the pop-up menu. The
saved files will be named automatically according to the type of key/signature as listed below.
•
“PK” for Platform Keys
•
“KEK” for Key Exchange Keys
•
“db” for Authorized Signatures
•
“dbx” for Forbidden Signatures
Enroll Efi Image
Allow the image to run in Secure Boot mode. Enroll SHA256 Hash certificate of a PE image into
Authorized Signature Database (db). Press Enter and select a storage device listed in the pop-
up menu, select a directory, and then select the EFI Image document.
Remove ‘UEFI CA’ from DB
Remove Microsoft UEFI CA from the Authorized Signature database. For systems that support
Device Guard, Microsoft UEFI CA must NOT be included in the Authorized Signature database.
Restore DB defaults
Press Enter to restore the database variable to factory defaults.
Manually configure the following keys and signatures. Move the cursor to the field and press
Enter, and then a pop-up menu will show up.
Platform Key(PK), Key Exchange Keys, Authorized Signatures, Forbidden Signatures,
Authorized TimeStamps, OsRecovery Signatures
Details
List the information of enrolled keys and signatures
Export
Save the key or signature as a file to the root directory of a file system.
The saved files will be named automatically according to the type of key/
signature as previously listed in the “Export Secure Boot Variables”.
Update
Load factory default database
Append
Enroll keys and signatures from a file system
Delete
Delete keys and signatures
X
Security
X
Secure Boot
X
Key Management