Preparing the installation
18Administration manual 4603.7988.02 ─ 03
6. Click "Next" > "Execute".
The user certificate is saved.
3.4 Configuring Secure Boot (UEFI/GPT)
For the full-disk encryption on UEFI-based workstations, Secure Boot is required. After
initializing the full-disk encryption, R&S Trusted Disk replaces pre-installed Secure
Boot certificates with Rohde & Schwarz Cybersecurity GmbH certificates. To do this,
Secure Boot must be enabled at the time of the full-disk encryption. After the full-disk
encryption is initialized, you need to activate setup mode for Secure Boot, so
R&S Trusted Disk can perform a system takeover. In this step, the certificates are
replaced and the workstation starts the R&S Trusted Disk pre-boot authentication.
Contents
● Checking the Secure Boot status............................................................................18
● Enabling Secure Boot............................................................................................. 18
3.4.1 Checking the Secure Boot status
1. Start Windows PowerShell with administrator rights.
2. Enter Confirm-SecureBootUEFI.
3. Press [Enter].
● If the return value is "True", Secure Boot is enabled on the workstation. Con-
tinue with Chapter 4, "Installation and full-disk encryption", on page 20.
● If the return value is "False", follow the instructions in Chapter 3.4.2, "Enabling
Secure Boot", on page 18.
You can also check the status in the registry. In Windows 10, the key is located at
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SecureBoot\
State. The key has the value "1" (Secure Boot enabled) or "0" (Secure Boot dis-
abled).
3.4.2 Enabling Secure Boot
Please note that different systems use different UEFI menu structures, i.e. this chapter
is not a "one fits all" instruction on enabling Secure Boot. It is only supposed to be a
rough guideline. For more detailed instructions, refer to the user documentation of the
hardware.
Configuring Secure Boot (UEFI/GPT)
To Next Page
Loading...