Secure Boot configuration
Secure Boot is implemented in the BIOS and does not require special hardware. Secure Boot ensures that
each component launched during the boot process is digitally signed. Secure Boot also ensures that the
signature is validated against a set of trusted certificates embedded in the UEFI BIOS.
Secure Boot validates the software identity of the following components in the boot process:
•
UEFI drivers loaded from PCIe cards
•
UEFI drivers loaded from mass storage devices
•
Preboot UEFI shell applications
•
OS UEFI boot loaders
When Secure Boot is enabled, only firmware components and operating systems with boot loaders that have
an appropriate digital signature can be executed during the boot process. Only operating systems that
support Secure Boot and have a UEFI boot loader signed with one of the authorized keys can boot.
User can customize the certificates embedded in the UEFI BIOS by adding or removing their own certificates.
Enabling the Trusted Platform Module
Procedure
1. To access the Aptio Setup Utility, on the enter setup prompt, press the F2 or Del key.
2. Select Advanced > Trusted Computing, and then press the Enter key.
3. Verify that the TPM device name is displayed.
4. To exit the utility, press the Esc key.
The server reboots without user input. During this system reboot, the TPM is enabled.
5. Enable TPM functionality in the OS, such as Microsoft Windows BitLocker or measured boot.
CAUTION:
When a TPM is installed and enabled on the server, data access is locked if you fail to follow the
proper procedures for updating the system or option firmware, replacing the system board, replacing
a hard drive, or modifying OS application TPM settings.
For more information on adjusting TPM usage in BitLocker, see the Microsoft website:
http://technet.microsoft.com/en-us/library/cc732774.aspx
Marvell Storage Utility
The Marvell Storage Utility (MSU) is a configuration and management utility for the embedded Marvell
88SE9230 PCIe to SATA 6Gb/s Controller. This Marvell storage controller supports hardware RAID 0, 1, and
10 levels. Use the MSU to create and manage RAID virtual disks and arrays using the drives connected to the
embedded storage controller.
To enable MSU access through GUI or CLI, install the MSU in the server.
For more information, see the Marvell Storage Utility User Guide for HPE MicroServer Gen10 in the Hewlett
Packard Enterprise Support Center website:
http://www.hpe.com/info/microservergen10-docs
Installing the Marvell Storage Utility
Procedure
1. Go to the HPE ProLiant MicroServer Gen10 download page:
58
Secure Boot configuration