Restoring And Customizing Configuration Settings; Secure Boot Configuration - HP Apollo 2000 System Maintenance And Service Manual

◦ Browse all FAT16 and FAT32 file systems.
◦ To add a new UEFI boot option, select an X64 UEFI application with an .EFI extension. For example,
adding an OS boot loader or other UEFI application as a new UEFI boot option.
The new boot option is appended to the boot-order list. When you select a file, you are prompted to
enter the boot option description. This description, and any optional data to be passed to an .EFI
application, is then displayed in the boot menu.
• Boot to System Utilities
After pre-POST, the boot options screen appears. During this time, you can access the UEFI System
Utilities by pressing the F9 key.
• Choose between supported modes:
◦ Legacy BIOS Boot Mode
◦ UEFI Boot Mode
IMPORTANT:
If the default boot mode settings are different than the user-defined settings, the system might not
boot the OS installation if the defaults are restored. To avoid this issue, use the User Defined
Defaults feature in UEFI System Utilities to override the factory default settings.
For more information, see the UEFI System Utilities user guide for your product on the Hewlett Packard
Enterprise Information Library.

Restoring and customizing configuration settings

You can reset all configuration settings to the factory default settings, or you can restore and use the system
default configuration settings.
You can also configure default settings as necessary, and then save the configuration as the custom default
configuration. When the system loads the default settings, it uses the custom default settings instead of the
factory defaults.

Secure Boot configuration

Secure Boot is integrated in the UEFI specification on which the Hewlett Packard Enterprise implementation
of UEFI is based. Secure Boot is implemented in the BIOS and does not require special hardware. Secure
Boot ensures that each component launched during the boot process is digitally signed. Secure Boot also
ensures that the signature is validated against a set of trusted certificates embedded in the UEFI BIOS.
Secure Boot validates the software identity of the following components in the boot process:
• UEFI drivers loaded from PCIe cards
• UEFI drivers loaded from mass storage devices
• Preboot UEFI shell applications
• OS UEFI boot loaders
When enabled, only firmware components and operating systems with boot loaders that have an appropriate
digital signature can execute during the boot process. Only operating systems that support Secure Boot and
have an EFI boot loader signed with one of the authorized keys can boot. For more information about
supported operating systems, see the UEFI System Utilities and Shell release notes for your node on the
Hewlett Packard Enterprise website.
A physically present user can customize the certificates embedded in the UEFI BIOS by adding or removing
their own certificates.
When Secure Boot is enabled, the System Maintenance Switch does not restore all manufacturing defaults
when set to the ON position. For security reasons, the following are not restored to defaults when the System
Maintenance Switch is in the ON position:
Restoring and customizing configuration settings 123