Secure Boot Configuration; Embedded Uefi Shell; Embedded Diagnostics Option - HPE ProLiant DL580 Gen9 User Manual

Secure Boot configuration

Secure Boot is integrated in the UEFI specification on which the Hewlett Packard Enterprise
implementation of UEFI is based. Secure Boot is completely implemented in the BIOS and does not
require special hardware. It ensures that each component launched during the boot process is digitally
signed and that the signature is validated against a set of trusted certificates embedded in the UEFI BIOS.
Secure Boot validates the software identity of the following components in the boot process:
•
UEFI drivers loaded from PCIe cards
•
UEFI drivers loaded from mass storage devices
•
Pre-boot UEFI shell applications
•
OS UEFI boot loaders
Once enabled, only firmware components and operating systems with boot loaders that have an
appropriate digital signature can execute during the boot process. Only operating systems that support
Secure Boot and have an EFI boot loader signed with one of the authorized keys can boot when Secure
Boot is enabled. For more information about supported operating systems, see the HPE UEFI System
Utilities and Shell Release Notes for HPE ProLiant Gen9 Servers on the Hewlett Packard Enterprise
website (http://www.hpe.com/info/uefi/docs).
A physically present user can customize the certificates embedded in the UEFI BIOS by adding/removing
their own certificates.
When Secure Boot is enabled, the System Maintenance Switch does not restore all manufacturing
defaults when set to the ON position. For security reasons, the following are not restored to defaults when
the System Maintenance Switch is in the ON position:
•
Secure Boot is not disabled and remains enabled.
•
The Boot Mode remains in UEFI Boot Mode even if the default boot mode is Legacy Boot Mode.
•
The Secure Boot Database is not restored to its default state.
•
iSCSI Software Initiator configuration settings are not restored to defaults.

Embedded UEFI shell

The system BIOS in all ProLiant Gen9 servers includes an Embedded UEFI Shell in the ROM. The UEFI
Shell environment provides an API, a command line prompt, and a set of CLIs that allow scripting, file
manipulation, and system information. These features enhance the capabilities of the UEFI System
Utilities.
For more information, see the following documents:
•
HPE UEFI Shell User Guide for HPE ProLiant Gen9 Servers on the Hewlett Packard Enterprise
website (http://www.hpe.com/info/uefi/docs)
•
UEFI Shell Specification on the UEFI website (http://www.uefi.org/specifications)

Embedded Diagnostics option

The system BIOS in all ProLiant Gen9 servers includes an Embedded Diagnostics option in the ROM.
The Embedded Diagnostics option can run comprehensive diagnostics of the server hardware, including
processors, memory, drives, and other server components.
For more information on the Embedded Diagnostics option, see the HPE UEFI System Utilities User
Guide for HPE ProLiant Gen9 Servers on the Hewlett Packard Enterprise website
(http://www.hpe.com/info/uefi/docs).
Software and configuration utilities 100