Chapter 6: UEFI BIOS
103
Secure Boot Mode
This feature allows you to select the desired secure boot mode for the system. The options
are Standard and
Custom
.
*If Secure Boot Mode is set to Custom, Key Management features are available for
configuration:
CSM Support
This feature is for manufacturing debugging purposes.
Key Management
This submenu allows you to configure the following Key Management settings.
Factory Key Provision
Select Enabled to install the default Secure Boot keys set by the manufacturer. The options
are
Disabled
and Enabled.
*If the feature above is set to Enabled, all features below are available for configuration:
Restore Factory Keys
Select Yes to restore all factory keys to the default settings. The options are Yes and No.
Reset to Setup Mode
Select Yes to delete all Secure Boot key databases and force the system to Setup Mode.
The options are Yes and No.
Export Secure Boot variables
Use this feature to copy the NVRAM contents of the secure boot variables to a file.
Enroll Efi Image
This feature allows the image to run in Secure Boot mode.
Device Guard Ready
Remove 'UEFI CA' from DB
Use this feature to remove the Microsoft UEFI CA certificate from the database. The options
are Yes and No.
Restore DB Defaults
Select Yes to restore the DB defaults.
Platform Key (PK)
Update
Select Yes to load a factory default PK or No to load from a file on an external media.