Table of Contents
Advertisement
Table 62. System Security details (continued)
Option
Secure Boot Policy Summary
Secure Boot Custom Policy
Settings
Creating a system and setup password
Prerequisites
Ensure that the password jumper is enabled. The password jumper enables or disables the system password and setup password
features. For more information, see the section.
NOTE:
If the password jumper setting is disabled, the existing system password and setup password are deleted and you
need not provide the system password to boot the system.
62
Pre-operating system management applications
Description
policy objects. The BIOS allows unauthenticated programmatic
transitions between modes.
Audit mode
In Audit Mode, PK is not present. BIOS does not authenticate
programmatic update to the policy objects and transitions
between modes. The BIOS performs a signature verification on
pre-boot images and logs the results in the image Execution
Information Table, but executes the images whether they pass
or fail verification. Audit Mode is useful for programmatic
determination of a working set of policy objects.
Deployed Mode
Deployed Mode is the most secure mode. In Deployed Mode,
PK must be installed and the BIOS performs signature verification
on programmatic attempts to update policy objects. Deployed
Mode restricts the programmatic mode transitions.
Specifies the list of certificates and hashes that secure boot uses to authenticate
images.
Platform Key (PK): Shows the Type, Issuer, Subject, Signature Owner GUID details.
Key Exchange Key (KEK) Database Entries: Shows the Type, Issuer, Subject,
Signature Owner GUID details.
Authorized Signature Database (db) Entries: Shows the Type, Issuer, Subject,
Signature Owner GUID details.
Forbidden Signature Database (dbx) Entries: Shows the number of entries in the
database.
Configures the Secure Boot Custom Policy. To enable this option, set the Secure Boot
Policy to Custom option. Below are the list of options available for Secure Boot
Custom Policy Settings screen:
Platform Key (PK): Shows the Type, Issuer, Subject, Signature Owner GUID details.
Key Exchange Key Database (KEK): Shows the Type, Issuer, Subject, Signature
Owner GUID details.
Authorized Signature Database (db): Shows the Type, Issuer, Subject, Signature
Owner GUID details.
Forbidden Signature Database (dbx): Shows the number of entries in the database.
Delete All Policy Entries (PK, KEK, db, and dbx): Enables to delete the PK, KEK, db
and dbx details.
Restore Default Policy Entries (PK, KEK, db, and dbx): Enables to restore the PK,
KEK, db and dbx details.
Export Firmware Hash Values
Advertisement
Table of Contents
