Skip to main content

Secure Boot Configuration

Table 1. Secure Boot Configuration
ItemOptionsDescription
Secure Boot Status

  • Disabled

  • Enabled

Checks Secure Boot Status.

Secure Boot Mode

  • Setup Mode

  • User Mode

System performs secure boot authentication when this feature is set to [User Mode] and secure boot is enabled.

Secure Boot Setting

  • Enabled

  • Disabled (Default)

Secure Boot feature is Active when this feature is set to [Enabled], Platform Key (PK) is enrolled, and the system is in user mode.

To change the mode, resetting the platform is required.

Secure Boot Policy

  • Factory Policy (Default)

  • Custom Policy

  • Delete All Keys

  • Delete PK

  • Reset All Keys to Default

Secure Boot policy options:

[Factory Policy]: Factory default keys will be used after reboot.

[Custom Policy]: Customized keys will be used after reboot.

[Delete All Keys]: PK (Platform Key), KEK (Key Exchange Key), DB (Authorized Signature Database), and DBX (Forbidden Signature Database) will be deleted after reboot.

[Delete PK]: PK will be deleted after reboot. After the PK is deleted, Secure Boot Mode will be in [Setup Mode], and Secure Boot Policy will be in [Custom Policy].

[Reset All Keys to Default]: All keys will be set to factory defaults and Secure Boot Policy will be set to [Factory Policy] after reboot.

View Secure Boot Keys

N/A

Views the details of PK, KEK, DB, and DBX.

Secure Boot Custom Policy

N/A

Customizes PK, KEK, DB, and DBX.

Note
This feature appears only when Secure Boot Policy is set to [Custom Policy].