36
effective after save. After reset, this mode will return to Standard mode.
In Custom mode, Secure Boot Policy variables can be configured by a physically
present user without full authentication.
The optional settings: [Standard]; [Custom].
When set as [
Custom
], user can make further settings in the following items that
show up:
Restore Factory Keys
Use this item to force system to User Mode, to install factory default Secure Boot
key databases.
Reset To Setup Mode
Key Management
This item enables expert users to modify Secure Boot Policy variables without full
authentication, which includes the following items:
Vendor Keys
Factory Key Provision
This item is for user to install factory default Secure Boot keys after the platform
reset and while the System is in Setup mode.
The optional settings: [Disabled]; [Enabled].
Restore Factory Keys
Use this item to force system into User Mode. Install factory default Secure Boot
key databases.
Reset To Setup Mode
Export Secure Boot variables
Enroll Efi Image
This item allows the image to run in Secure Boot mode.
Enroll SHA256 Hash certificate of a PE image into Authorized Signature Database
(db).
Device Guard Ready
Remove
‘UEFI CA’ from DB
Restore DB defaults
Use this item to restore DB variable to factory defaults.
Secure Boot variable/Size/Keys/Key Source
Platform Key(PK)/Key Exchange Keys/Authorized Signatures/Forbidden
Signatures/ Authorized TimeStamps/OsRecovery Signatures
Use this item to enroll Factory Defaults or load certificates from a file:
1. Public Key Certificate:
a) EFI_SIGNATURE_LIST
b) EFI_ CERT_X509 (DER)
c) EFI_ CERT_RSA2048 (bin)
d) EFI_ CERT_SHAXXX
2. Authenticated UEFI Variable
3. EFI PE/COFF Image (SHA256)
Key Source: Factory, External, Mixed.
