During the reset, UEFI will read the value from imm.TpmTcmPolicyLock, if the value is 'Enabled' and
the imm.TpmTcmPolicy value is valid, UEFI will lock the TPM_TCM_POLICY setting.
Note: The valid values for imm.TpmTcmPolicy include 'NeitherTpmNorTcm', 'TpmOnly', and
'NationZTPM20Only'.
If the imm.TpmTcmPolicyLock is set as 'Enabled' but imm.TpmTcmPolicy value is invalid, UEFI will
reject the 'lock' request and change imm.TpmTcmPolicyLock back to 'Disabled'.
8. Read back the value to check whether the ‘Lock’ is accepted or rejected. command as below:
OneCl
i.e
xe
con
f
ig
show
imm.TpmTcmP
ol
icy
--override --imm
<user
id>:<p
assword>@<ip_address>
Note: If the read back value is changed from 'Disabled' to 'Enabled' that means the TPM_TCM_
POLICY has been locked successfully. There is no method to unlock a policy once it has been set
other than replacing system board.
imm.TpmTcmPolicyLock is defined as below:
Value 1 uses string “Enabled" , which means lock the policy. Other values are not accepted.
Enable UEFI Secure Boot
Optionally, you can enable UEFI Secure Boot.
There are two methods available to enable UEFI Secure Boot:
• From Lenovo XClarity Provisioning Manager
To enable UEFI Secure Boot from Lenovo XClarity Provisioning Manager:
1. Start the server and press F1 to display the Lenovo XClarity Provisioning Manager interface.
2. If the power-on Administrator password is required, enter the password.
3. From the UEFI Setup page, click System Settings ➙ Security ➙ Secure Boot.
4. Enable Secure Boot and save the settings.
• From Lenovo XClarity Essentials OneCLI
To enable UEFI Secure Boot from Lenovo XClarity Essentials OneCLI:
1. Download and install Lenovo XClarity Essentials OneCLI.
To download Lenovo XClarity Essentials OneCLI, go to the following site:
https://datacentersupport.lenovo.com/solutions/HT116433
2. Run the following command to enable Secure Boot:
OneCli.exe config set SecureBootConfiguration.SecureBootSetting Enabled
--bmc <userid>:<password>@<ip_address>
where:
– <userid>:<password> are the credentials used to access the BMC (Lenovo XClarity Controller
interface) of your server. The default user ID is USERID, and the default password is PASSW0RD
(zero, not an uppercase o)
– <ip_address> is the IP address of the BMC.
For more information about the Lenovo XClarity Essentials OneCLI sseett command, see:
http://sysmgt.lenovofiles.com/help/topic/toolsctr_cli_lenovo/onecli_r_set_command.html
Chapter 4. Hardware replacement procedures 213
To Next Page
Loading...
