Key Management
Use this submenu to set the secure boot policy variables.
| Submenu item | Option | Description |
|---|---|---|
| Factory Key Provision | Disable | Enable | Install factory default Secure Boot keys after the platform reset and while the System is in Setup mode. The default option is Disable. |
| Enroll Efi Image | OK | Allow the image to run in Secure Boot mode. Enroll SHA256 Hash certificate of a PE image into Authorized Signature Database (db) |
| Device Guard Ready | ||
| Remove 'UEFI CA' from DB | N/A | Device Guard ready system must not list 'Microsoft UEFI CA' Certificate in Authorized Signature database (db) |
| Resotre DB defaults | N/A | Restore DB variable to factory defaults |
| Secure Boot variable | ||
| Platform Key(PK) | N/A | Enroll Factory Defaults or load certificates from a file:
Key Source: Factory, External, Mixed |
| Key Exchange Keys | N/A | |
| Authorized Signatures | N/A | |
| Forbidden Signatures | N/A | |
Give documentation feedback