Skip to main content

Secure Boot Configuration

Table 1. Secure Boot Configuration
ItemOperationDescription
Secure Boot Status

  • Disabled

  • Enabled

Display the current secure boot status.

Secure Boot Mode

  • Setup Mode

  • User Mode

  • Audit Mode

  • Deploy Mode

System will do secure boot authentication when “Secure Boot Mode” is [User Mode] and secure boot is enabled.

 
Secure Boot Setting

  • Enabled

  • Disabled (Default)

Secure Boot feature is Active if Secure Boot is Enabled, Platform Key(PK) is enrolled and the System is in User mode.

The mode change requires platform reset

Warning
Legacy BIOS will be disabled when secure boot is enabled.
Secure Boot Policy

  • Factory Policy (Default)

  • Custom Policy

  • Delete All Keys

  • Delete PK

  • Reset All Keys to Default

Secure Boot policy options:

[Factory Policy]: Factory default keys will be used after reboot.

[Custom Policy]: Customized keys will be used after reboot.

[Delete All Keys]: PK, KEK, DB, and DBX will be deleted after reboot.

[Delete PK]: PK will be deleted after reboot.

Secure Boot Mode is [Setup Mode] and Secure Boot Policy is [Custom Policy] after PK is deleted.

[Reset All Keys to Default]: All keys will be set to factory defaults and Secure Boot Policy is [Factory Policy] after reboot.

Note
  • Confirm change “Secure Boot Policy”?

    • Yes

    • No

  • Press 'Yes' to install factory default keys.

    • Yes

    • No

  • Secure Boot Policy

    Secure Boot Policy is changed successfully.

View Secure Boot Keys

N/A

View the details of:

  • PK (Platform Key)

  • KEK (Key Exchange Key)

  • DB (Authorized Signature Database)

  • DBX (Forbidden Signature Database)

Secure Boot Custom Policy

N/A

Customize

  • PK (Platform Key)

  • KEK (Key Exchange Key)

  • DB (Authorized Signature Database)

  • DBX (Forbidden Signature Database)

User could enter this page when Secure Boot Policy is [Custom Policy].