Chapter 5: UEFI BIOS
89
Device Guard Ready
Remove 'UEFI CA' from DB B (available when the system is not in Device
Guard Ready)
Select and press Yes to remove Microsoft UEFI CA certificate from the DB. The options are
Yes
and No.
Restore DB defaults
Select and press Yes to restore the DB variables to factory defaults. The options are
Yes
and No.
Platform Key (PK)
This feature allows the user to configure the settings of the platform keys.
Set New Key
Select Yes to load the new platform keys (PK) from the manufacturer's defaults. Select No to load the platform keys from
a file. The options are
Yes
and No.
Provision Factory Default Keys
Select Enabled to install the default Secure-Boot keys set by the manufacturer. The options are
Disabled
and Enabled.
Key Exchange Keys
Set New Key
Select Yes to load the KEK from the manufacturer's defaults. Select No to load the KEK from a file. The options are Yes
and No.
Append Key
Select Yes to add the KEK from the manufacturer's defaults list to the existing KEK. Select No to load the KEK from a
file. The options are Yes and No.
Authorized Signatures
Set New Key
Select Yes to load the database from the manufacturer's defaults. Select No to load the DB from a file. The options are
Yes and No.
Append Key
Select Yes to add the database from the manufacturer's defaults to the existing DB. Select No to load the DB from a file.
The options are Yes and No.
Forbidden Signatures
Set New Key
Select Yes to load the DBX from the manufacturer's defaults. Select No to load the DBX from a file. The options are Yes
and No.