Enabling Or Disabling Secure Boot; Advanced Secure Boot Options - HPE ProLiant Gen10 User Manual

• Using the System Utilities options described in the following sections.
• Using the iLO RESTful API to clear and restore certificates. For more information, see the Hewlett
Packard Enterprise website (http://www.hpe.com/info/redfish).
• Using the secboot command in the Embedded UEFI Shell to display Secure Boot databases, keys,
and security reports.

Enabling or disabling Secure Boot

Prerequisite
To enable this option:
• Set Boot Mode to UEFI Mode.
• Enable UEFI Optimized Boot.
Procedure
1. From the System Utilities screen, select System Configuration > BIOS/Platform Configuration
(RBSU) > Server Security > Secure Boot Settings > Attempt Secure Boot.
2. Select a setting.
• Enabled—Enables Secure Boot.
• Disabled—Disables Secure Boot.
3. Save your changes.
4. Reboot the server.

Advanced Secure Boot Options

• PK - Platform Key—Establishes a trust relationship between the platform owner and the platform
firmware.
• KEK - Key Exchange Key—Protects the signature database from unauthorized modifications. No
changes can be made to the signature database without the private portion of this key.
• DB - Allowed Signatures Database—Maintains a secure boot allowed signature database of
signatures that are authorized to run on the platform.
• DBX - Forbidden Signatures Database—Maintains a secure boot blacklist signature database of
signatures that are not authorized to run on the platform
• DBT - Timestamp Signatures Database—Maintains signatures of codes in the timestamp signatures
database.
• Delete all keys
• Export all keys
• Reset all keys to platform defaults
108 Enabling or disabling Secure Boot