(Optional) Enable UEFI Secure Boot
Use this topic to enable UEFI Secure Boot.
- Check your UEFI firmware version to decide whether asserting physical presence is required before any changes to security settings.
UEFI firmware before v2.02
Asserting physical presence is required.
UEFI firmware v2.02 and later
Asserting physical presence is no longer required, all local accounts and some authorized remote accounts can directly change the settings.
Note that a Local IPMI user and password must be setup in Lenovo XClarity Controller for remote accessing to the target system.
Recommended tools:
Lenovo XClarity Provisioning Manager
Lenovo XClarity Essentials OneCLI
Using Lenovo XClarity Provisioning Manager
Steps:
Start the server and press the key specified in the on-screen instructions to display the Lenovo XClarity Provisioning Manager interface. (For more information, see the
Startup
section in the LXPM documentation compatible with your server at Lenovo XClarity Provisioning Manager portal page.)If the power-on Administrator password is required, enter the password.
From the UEFI Setup page, click .
Enable Secure Boot and save the settings.
Using Lenovo XClarity Essentials OneCLI
Run the following command to enable Secure Boot:
OneCli.exe config set SecureBootConfiguration.SecureBootSetting Enabled --bmc <userid>:<password>@<ip_address>
<userid>:<password> are the credentials used to access the BMC (Lenovo XClarity Controller interface) of your server. The default user ID is USERID, and the default password is PASSW0RD (zero, not an uppercase o)
<ip_address> is the IP address of the BMC.