Skip to main content

(Optional) Enable UEFI Secure Boot

Use this topic to enable UEFI Secure Boot.

  • Check your UEFI firmware version to decide whether asserting physical presence is required before any changes to security settings.
    • UEFI firmware before v2.02

      Asserting physical presence is required.

    • UEFI firmware v2.02 and later

      Asserting physical presence is no longer required, all local accounts and some authorized remote accounts can directly change the settings.

  • Note that a Local IPMI user and password must be setup in Lenovo XClarity Controller for remote accessing to the target system.

  • Lenovo XClarity Provisioning Manager

  • Lenovo XClarity Essentials OneCLI

Using Lenovo XClarity Provisioning Manager


  1. Start the server and press the key specified in the on-screen instructions to display the Lenovo XClarity Provisioning Manager interface. (For more information, see the Startup section in the LXPM documentation compatible with your server at Lenovo XClarity Provisioning Manager portal page.)

  2. If the power-on Administrator password is required, enter the password.

  3. From the UEFI Setup page, click System Settings > Security > Secure Boot.

  4. Enable Secure Boot and save the settings.

Using Lenovo XClarity Essentials OneCLI

Run the following command to enable Secure Boot:

OneCli.exe config set SecureBootConfiguration.SecureBootSetting Enabled --bmc <userid>:<password>@<ip_address>
  • <userid>:<password> are the credentials used to access the BMC (Lenovo XClarity Controller interface) of your server. The default user ID is USERID, and the default password is PASSW0RD (zero, not an uppercase o)

  • <ip_address> is the IP address of the BMC.