Procedure
1.
From the
System Utilities
screen, select
System Configuration
>
BIOS/Platform Configuration
(RBSU)
>
Server Security
>
Secure Boot Settings
>
Secure Boot Enforcement
and press
Enter
.
2.
Select a setting and press
Enter
:
•
Enabled
— Enables Secure Boot.
•
Disabled
— Disables Secure Boot.
Advanced Secure Boot Options
•
PK - Platform Key
—Establishes a trust relationship between the platform owner and the platform
firmware.
•
KEK - Key Exchange Key
—Protects the signature database from unauthorized modifications. No
changes can be made to the signature database without the private portion of this key.
•
DB - Allowed Signatures Database
—Maintains a secure boot allowed signature database of
signatures that are authorized to run on the platform.
•
DBX - Forbidden Signatures Database
—Maintains a secure boot blacklist signature database of
signatures that are not authorized to run on the platform
•
DBT - Timestamp Signatures Database
—Maintains signatures of codes in the timestamp signatures
database.
• Delete all keys
• Export all keys
• Reset all keys to platform defaults
NOTE:
Changing the default security certificates can cause the system to fail booting from some devices.
It can also cause the system to fail launching certain system software such as Intelligent Provisioning.
Platform Key (PK) Options
• Enroll PK
• Delete Platform Key (PK)
Enroll PK
Use this option to enroll a PK certificate. A Platform Key protects the next key from uncontrolled
modification.
Enrolling a PK certificate
Procedure
1.
From the
System Utilities
screen, select
System Configuration
>
BIOS/Platform Configuration
(RBSU)
>
Server Security
>
Secure Boot Settings
>
Advanced Secure Boot Options
>
Platform
Key (PK) Options
>
Enroll PK
and press
Enter
.
2.
Select
Enroll PK Using File
and press
Enter
.
Configuring Server Security
83