Skip to main content

Security settings

Ensure that system security settings are configured as intended.

The Physical Presence Policy Configuration must be modified temporarily in order to assert Remote Physical Presence (RPP), which is required to enable or disable Secure Boot. Again, separate topics are provided, depending on whether the system is using the graphical or text-based system setup menus.

Graphical system setup

To modify the Security settings using the graphical system setup menus, follow these steps:
  1. Continue from the System Setup screen used to configure the Processor settings reboot the server if necessary and enter the UEFI menu screen by pressing the F1 key when prompted at the bottom of the screen.
  2. Navigate to UEFI Setup > System Settings > Security > Secure Boot > Configuration.
    Figure 1. Graphical System Settings screen showing the available Security setting categories on an SR650 V3 server

  3. If necessary, change the Secure Boot Setting field to Enabled. A warning message will be displayed, stating the Legacy BIOS will be disabled when secure boot is enabled. Click OK to dismiss this warning message. A status message will be displayed, stating that Secure Boot Setting is changed successfully. Click OK to dismiss the success message. If the setting has been changed, there will be a note added to the top of the screen indicating that a reboot is required for the new setting to be effective, as shown in the following figure. Once the setting has been verified, click the Save icon and then click Yes to confirm.
    Figure 2. Graphical System Settings screen showing Secure Boot will be enabled after reboot on an SR650 V3 server

  4. Once Secure Boot has been enabled, click the Save icon, and then click Yes to confirm that settings should be saved.
  5. Click Exit UEFI Setup. A warning message is displayed asking for confirmation to exit UEFI Setup and reboot the server. Click Yes to confirm and reboot the system. The system might reboot multiple times to complete the configuration changes.

Text-based system setup

To modify the Security settings using the text-based system setup menus, follow these steps:
  1. Continue from the System Setup screen used to configure the Processor settings or reboot the server if necessary and enter the UEFI menu screen by pressing the F1 key when prompted at the bottom of the screen.
  2. Navigate to System Settings > Security > Secure Boot Configuration..
  3. If the secure boot setting needs to be changed, use the arrow keys to select the Secure Boot Setting field and then press Enter. Use the arrow keys to select Enabled and then press Enter. A warning message will be displayed, stating the Legacy BIOS will be disabled when secure boot is enabled. Press Enter to dismiss this warning message. A status message will be displayed, stating that Secure Boot Setting is changed successfully. Press Enter to dismiss the success message. The resulting system setting screen should show that Secure Boot has been enabled. Note that if the setting has been changed, there will be a note added to the bottom of the screen indicating that a reboot is required for the new setting to be effective, as shown in the following figure.
    Figure 3. Text-based System Settings screen showing Secure Boot will be enabled after rebooting this SR650 V3 server

  4. Once Secure Boot has been enabled, press the Esc key repeatedly until prompted to save your settings. Press the Y key to save system settings, exit the system settings, and reboot the system.

This completes the process to configure UEFI settings on ThinkAgile MX nodes that use Lenovo V3 servers. Make sure to follow these steps for all nodes that will participate in the Azure Stack HCI cluster.