You can also configure default settings as necessary, and then save the configuration as the custom default
configuration. When the system loads the default settings, it uses the custom default settings instead of the
factory defaults.
Secure Boot configuration
Secure Boot is integrated in the UEFI specification on which the Hewlett Packard Enterprise implementation
of UEFI is based. Secure Boot is implemented in the BIOS and does not require special hardware. Secure
Boot ensures that each component launched during the boot process is digitally signed. Secure Boot also
ensures that the signature is validated against a set of trusted certificates embedded in the UEFI BIOS.
Secure Boot validates the software identity of the following components in the boot process:
• UEFI drivers loaded from PCIe cards
• UEFI drivers loaded from mass storage devices
• Preboot UEFI shell applications
• OS UEFI boot loaders
When enabled, only firmware components and operating systems with boot loaders that have an appropriate
digital signature can execute during the boot process. Only operating systems that support Secure Boot and
have an EFI boot loader signed with one of the authorized keys can boot. For more information about
supported operating systems, see the UEFI System Utilities and Shell release notes for your node on the
Hewlett Packard Enterprise website
.
A physically present user can customize the certificates embedded in the UEFI BIOS by adding or removing
their own certificates.
When Secure Boot is enabled, the System Maintenance Switch does not restore all manufacturing defaults
when set to the ON position. For security reasons, the following are not restored to defaults when the System
Maintenance Switch is in the ON position:
• Secure Boot is not disabled and remains enabled.
• The Boot Mode remains in UEFI Boot Mode even if the default boot mode is Legacy Boot Mode.
• The Secure Boot Database is not restored to its default state.
• iSCSI Software Initiator configuration settings are not restored to defaults.
Embedded UEFI shell
The system BIOS in all ProLiant Gen9 servers includes an Embedded UEFI Shell in the ROM. The UEFI
Shell environment provides an API, a command-line prompt, and a set of CLIs that allow scripting, file
manipulation, and system information. These features enhance the capabilities of the UEFI System Utilities.
For more information, see the following documents:
•
UEFI Shell User Guide for HPE ProLiant Gen9 Servers
Hewlett Packard Enterprise website
•
UEFI Shell Specification
Embedded Diagnostics option
The system BIOS in all ProLiant Gen9 servers includes an Embedded Diagnostics option in the ROM. The
Embedded Diagnostics option can run comprehensive diagnostics of the server hardware, including
processors, memory, drives, and other server components.
For more information on the Embedded Diagnostics option, see the UEFI System Utilities user guide for your
node on the
Hewlett Packard Enterprise website
iLO RESTful API support for UEFI
The ProLiant Gen9 servers include support for a UEFI-compliant System BIOS, along with UEFI System
Utilities and Embedded UEFI Shell preboot environments. ProLiant Gen9 servers also support configuring the
UEFI BIOS settings using the iLO RESTful API, a management interface that server management tools can
Secure Boot configuration
181