Download
Share
Print this page
Supermicro X12 Secure Boot Configuration Instructions
  1. Manuals
  2. Brands
  3. Supermicro Manuals
  4. Motherboard
  5. X12 Series
  6. Secure boot configuration instructions

Supermicro X12 Secure Boot Configuration Instructions

Hide thumbs Also See for X12:

Advertisement

Quick Links

Secure Boot Configuration
Instructions
for
The X12 Motherboards
USER'S GUIDE
Revision 1.0

Advertisement

loading

Related Manuals for Supermicro X12

Summary of Contents for Supermicro X12

  • Page 1 Secure Boot Configuration Instructions The X12 Motherboards USER'S GUIDE Revision 1.0...
  • Page 2 This product, including software and documentation, is the property of Supermicro and/or its licensors, and is supplied only under a license. Any use or reproduction of this product is not allowed, except as expressly permitted by the terms of said license.
  • Page 3 This user's guide provides detailed instructions on how to configure Secure Boot settings in the UEFI BIOS for the X12 motherboards that are based on the 3rd Gen Intel® Xeon® Scalable Processors. Please note that all Supermicro's products are intended to be installed, configured, and serviced by professional technicians only.
  • Page 4 Super Secure Boot Configuration Instructions for the X12 Motherboards User's Guide Contacting Supermicro Headquarters Address: Super Micro Computer, Inc. 980 Rock Ave. San Jose, CA 95131 U.S.A. Tel: +1 (408) 503-8000 Fax: +1 (408) 503-8008 Email: marketing@supermicro.com (General Information) support@supermicro.com (Technical Support) Website: www.supermicro.com...

  • Page 5: Table Of Contents

    Preface Table of Contents Preface Configuring Secure Boot Settings Section 1 Setting Your Boot Mode to UEFI ................6 Section 2 Secure Boot/Secure Boot Mode/CSM Support............7 Section 3 Secure Boot Settings ....................8 Section 4 Key Management Settings ..................11 Important keys and signatures used in Secure Boot ............15...

  • Page 6: Configuring Secure Boot Settings

    Super Secure Boot Configuration Instructions for the X12 Motherboards User's Guide Configuring Secure Boot Settings Secure Boot, a feature available in the Unified Extensible Firmware Interface (UEFI) BIOS, supports Secure Boot by preventing drivers and OS loaders from booting up without an acceptable digital signature.

  • Page 7: Section 2 Secure Boot/Secure Boot Mode/Csm Support

    Secure Boot Settings Section 2 Secure Boot/Secure Boot Mode/CSM Support To use the Secure Boot feature, you will need to have a set of platform key (PK) pre-registered in the platform on which your system is operating. You will also need to enable the Secure Boot feature, set Secure Boot mode to Custom, and disable CMS support in the BIOS Setup utility.

  • Page 8: Section 3 Secure Boot Settings

    Super Secure Boot Configuration Instructions for the X12 Motherboards User's Guide Section 3 Secure Boot Settings To properly configure the Secure Boot settings, please follow the steps below. Step 1. Set Secure Boot Mode to Standard. Press Yes to install the manufacturer default keys as needed.
  • Page 9 Secure Boot Settings Step 2. For the changes to take effect, press <F4> to save the settings and exit the BIOS Setup utility. Step 3. Press <Del> during system boot to enter the BIOS Setup utility. Navigate to the Security tab to enter the Secure Boot menu. Set CSM Support to Disabled as mentioned in Section 1.
  • Page 10 Super Secure Boot Configuration Instructions for the X12 Motherboards User's Guide Step 4. Press <Del> during system boot to enter the BIOS Setup utility. Navigate to the Security tab and enter the Secure Boot menu. Set Secure Boot to Enabled.

  • Page 11: Section 4 Key Management Settings

    Secure Boot Settings Section 4 Key Management Settings The Key Management menu, which is only available when Secure Boot Mode is set to Custom, allows Secure Boot keys to be installed via an external device and to be used for secure system boot.
  • Page 12 Super Secure Boot Configuration Instructions for the X12 Motherboards User's Guide Restore Factory Keys Select Yes and press <Enter> to restore the manufacturer default Secure Boot keys. This will also reset the system to User mode. The options are Yes and No.
  • Page 13 Secure Boot Settings Export Secure Boot Variables Use this feature to export the Secure Boot values to the files in a root folder that resides in a file system device. Enroll Efi Image This feature enrolls SHA256 hash binary data in the Authorized Signature Database (DB) and allows the image to run in Secure Boot mode.
  • Page 14 Super Secure Boot Configuration Instructions for the X12 Motherboards User's Guide Device Guard Ready Remove 'UEFI CA' from DB (Database) (available when the system is not in Device Guard Ready) Select Yes and press <Enter> to remove the Microsoft UEFI CA certificate from the database (DB).

  • Page 15: Important Keys And Signatures Used In Secure Boot

    Secure Boot Settings Important keys and signatures used in Secure Boot Platform Key (PK) The Platform Key (PK), which is pre-installed in the system firmware during manufacturing, provides the full control of key hierarchy in Secure Boot. The options are Details, Export, Update, and Delete.
  • Page 16 Super Secure Boot Configuration Instructions for the X12 Motherboards User's Guide Export: Use the arrow keys to select Export and press <Enter>. This option saves the current PKs to a FAT-formatted USB flash drive. Press <Enter> and the following screen will appear.
  • Page 17 Secure Boot Settings Update: Use the arrow keys to select Update. This will load the manufacturer defaults or load PKs from a file in an external device. Press <Enter> and the following screen will appear.
  • Page 18 Super Secure Boot Configuration Instructions for the X12 Motherboards User's Guide To load the manufacturer defaults, select Yes and press <Enter>. The following screen will appear. To load PKs from a file in an external device, select No and press <Enter>.
  • Page 19 Secure Boot Settings When the following screens appear, select the USB flash drive that contains the desired file and press <Enter>.
  • Page 20 Super Secure Boot Configuration Instructions for the X12 Motherboards User's Guide Press <Enter> and the following screen will appear. Delete: Use the arrow keys to select Delete and press <Enter> to clear the current PKs and reset the system to Setup mode.
  • Page 21 Secure Boot Settings Key Exchange Key The Key Exchange Key (KEK), which is held by the operating system vendor, can be updated by the holder of the PK and is used in Secure Boot to protect the data base that contains signatures from being illegal accessed.
  • Page 22 Super Secure Boot Configuration Instructions for the X12 Motherboards User's Guide Press <Enter> and the following screen will appear. To load the manufacturer defaults, select Yes and press <Enter>. The following screen will appear. To load KEKs from a file in an external device, select to No and press <Enter>. Refer to...
  • Page 23 Secure Boot Settings Delete: Use the arrow keys to select Delete and press <Enter>. Select Yes and press <Enter> to clear the current KEKs. Select No and press <Enter> to delete only one certificate from the key database.
  • Page 24 Super Secure Boot Configuration Instructions for the X12 Motherboards User's Guide Authorized Signatures Authorized Signature Database (DB) contains authorized signing certificates and digital signatures. The options are Details, Export, Update, Append, and Delete. Select Details to display detailed information of Authorized Signatures. Select Export to save the current DB to a FAT-formatted USB flash drive.
  • Page 25 Secure Boot Settings Forbidden Signatures Forbidden Signature Database (DBX) contains forbidden certificates and digital signatures. The options are Details, Export, Update, Append, and Delete. Select Details to display detailed information of Forbidden Signatures. Select Export to save the current DBX to a FAT-formatted USB flash drive.
  • Page 26 Super Secure Boot Configuration Instructions for the X12 Motherboards User's Guide Authorized TimeStamps Authorized Timestamp Database (DBT) issues and checks signed timestamp certificates. The options are Details, Export, Update, Append, and Delete. Select Details to display detailed information of Authorized timestamps. Select Export to save the current DBT to a FAT-formatted USB flash drive.
  • Page 27 Secure Boot Settings OsRecovery Signatures OsRecovery Signatures Database (DBR) contains recovery variables that are authorized by Secure Boot. The options are Details, Export, Update, Append, and Delete. Select Details to display detailed information of OsRecovery Signatures. Select Export to save the current DBR to a FAT-formatted USB flash drive.