Skip to main content

Secure Boot Configuration

Secure Boot is a UEFI feature that prevents unauthorized firmware, operating systems, or drivers from loading. Secure Boot is essential for enhancing system security by ensuring that only trusted software is allowed to run during the boot process.

Table 1. Secure Boot Configuration
ItemOptionsDescription
Secure Boot Status

  • Disabled

  • Enabled

Display the current secure boot status.

Secure Boot Mode

  • User Mode

  • Setup Mode

  • Audit Mode

  • Deploy Mode

System performs secure boot authentication when this item is set to [User Mode] and secure boot is enabled.

Secure Boot Setting

  • Enabled

  • Disabled (Default)

Enable or disable Secure Boot. A mode change requires a system reboot.

The Secure Boot feature is Active only when Secure Boot is enabled, Platform Key (PK) is enrolled, and the system is in [User Mode] (Secure Boot Mode).

Secure Boot Policy

  • Factory Policy (Default)

  • Custom Policy

  • Delete All Keys

  • Delete PK

  • Reset All Keys to Default

Secure Boot policy options:

[Factory Policy]: Factory default keys will be used after reboot.

[Custom Policy]: Customized keys will be used after reboot.

[Delete All Keys]: PK (Platform Key), KEK (Key Exchange Key), DB (Authorized Signature Database), and DBX (Forbidden Signature Database) will be deleted after reboot.

[Delete PK]: PK will be deleted after reboot. After the PK is deleted, Secure Boot Mode will be in [Setup Mode], and Secure Boot Policy will be in [Custom Policy].

[Reset All Keys to Default]: All keys will be set to factory defaults and Secure Boot Policy will be set to [Factory Policy] after reboot.

View Secure Boot Keys

N/A

View the details of the PK, KEK, DB, and DBX.

Secure Boot Custom Policy

N/A

Customize the PK, KEK, DB, and DBX.

Note
This menu is configurable only when Secure Boot Policy is set to [Custom Policy].