Hitachi Advanced Server HA820 G2 User Guide 173
Secure Boot
Secure Boot is a server security feature that is implemented in the BIOS and does not require special
hardware. Secure Boot ensures that each component launched during the boot process is digitally
signed and that the signature is validated against a set of trusted certificates embedded in the UEFI
BIOS. Secure Boot validates the software identity of the following components in the boot process:
•
UEFI drivers loaded from PCIe cards
•
UEFI drivers loaded from mass storage devices
•
Preboot UEFI Shell applications
•
OS UEFI boot loaders
When Secure Boot is enabled:
Firmware components and operating systems with boot loaders must have an appropriate digital
signature to execute during the boot process.
Operating systems must support Secure Boot and have an EFI boot loader signed with one of the
authorized keys to boot. For more information about supported operating systems, see
https://knowledge.hitachivantara.com/Documents/Servers
.
You can customize the certificates embedded in the UEFI BIOS by adding or removing your own
certificates, either from a management console directly attached to the server, or by remotely connecting
to the server using the iLO Remote Console.
You can configure Secure Boot:
•
Using the System Utilities options described in
the following sections.
•
Using the iLO RESTful API to clear and restore certificates. For more information, contact
customer support.
•
Using the secboot command in the Embedded UEFI Shell to display Secure Boot databases,
keys, and security reports.
Launching the Embedded UEFI Shell
Use the Embedded UEFI Shell option to launch the Embedded UEFI Shell. The
Embedded UEFI Shell is a preboot command-line environment for scripting and running
UEFI applications, including UEFI boot loaders. The Shell also provides CLI-based
commands you can use to obtain system information, and to configure and update the
system BIOS.
Prerequisites
Embedded UEFI Shell
is set to
Enabled
.
Procedure
1.
From the System Utilities screen, select Embedded Applications > Embedded UEFI Shell. The
Embedded UEFI Shell screen appears.
2.
Press any key to acknowledge that you are physically present.
This step ensures that certain features, such as disabling
Secure Boot
or managing the
Secure Boot
certificates
using
third-party UEFI tools, are not restricted.
To Next Page
Loading...
