SBOX-5210 - User Guide, Rev. 1.0
// 77
Figure 41: BIOS Security Setup Menu --- Secure Boot Configuration --- Key Management
BIOS SETUP UTILITY
Main
Advanced
Security
Power
Event Logs
Boot
Save & Exit
Factory Default Key Provision
[Enabled]
> Enroll all Factory Default keys
> Save all Secure Boot variables
Device Guard Ready
> Remove ‘UEFI CA’ from DB
> Restore DB defaults
→
←
: Select Screen
↑
↓
: Select Item
Secure Boot variable
|
Size |
Keys | Key Source
Enter: Select
> Platform Key (PK)
|
1121 |
1 | Factory
+/-: Change Opt.
> Key Exchange Keys
|
4852 |
4 | Factory
F1: General Help
> Authorized Signatures
|
6453 |
5 | Factory
F2: Previous Values
> Forbidden Signatures
|
3724 |
77 | Factory
F3: Optimized Defaults
> Authorized TimeStamps
|
0 |
0 | No Keys
F4: Save & Exit
> OsRevovery Signatures
|
0 |
0 | No Keys
ESC: Exit
Version 2.20.1271. Copyright (C) 2019, American Megatrends, Inc.
Feature
Option
Description
Factory Default Key
Provision
[Disabled], [Enabled]
Install factory default Secure Boot keys after the platform reset
and while the System is in Setup mode
Enroll all Factory
Default Keys
[Yes], [No]
Force System to User Mode. Install factory default Secure Boot
key databases.
Save all Secure Boot
variables
Select a File system
Copy NVRAM content of Secure Boot variables to files in a root
folder on a file system device
Remove 'UEFI CA'
from DB
[Yes], [No]
Device Guard ready system must not list 'Microsoft UEFI CA'
Certificate in Authorized Signature database (db).
Restore DB defaults
[Yes], [No]
Restore DB variable to factory defaults
Platform Key (PK)
[Details], [Save To
File], [Set New Key],
[Delete Key]
Enroll Factory Defaults or load certificates from a file:
1. Public Key Certificate in (a) EFI_SIGNATURE_LIST; (b)
EFI_CERT_X509 (DER); (c) EFI_CERT_RSA2048 (bin); (d)
EFI_CERT_SHAXXX
2. Authenticated UEFI Variable
3. EFI PE / COFF Image (SHA256)
Key Source: Factory, External, Mixed
Key Exchange Keys
[Details], [Save To
File], [Set New Key],
[Append Key], [Delete
Key]
Authorized
Signatures
[Details], [Save To
File], [Set New Key],
[Append Key], [Delete
Key]
Forbidden Signatures [Details], [Save To
File], [Set New Key],
[Append Key], [Delete
Key]