Advanced Secure Boot Options; Platform Key (Pk) Options; Enroll Pk; Enrolling A Pk Certificate - HPE ProLiant Gen9 User Manual

Procedure
1. From the System Utilities screen, select System Configuration > BIOS/Platform Configuration
(RBSU) > Server Security > Secure Boot Settings > Secure Boot Enforcement and press Enter.
2. Select a setting and press Enter.
a. Enabled—Enables Secure Boot.
b. Disabled—Disables Secure Boot.

Advanced Secure Boot Options

•

Platform Key (PK) Options

• Key Exchange Key (KEK) Options
• Allowed Signatures Database (DB) Options
• Forbidden Signatures Database (DBX) Options
• Delete all keys (PK, KEK, DB, DBX)
• Reset all keys to platform defaults
NOTE:
Changing the default security certificates can cause the system to fail booting from some devices. It can also
cause the system to fail launching certain system software such as Intelligent Provisioning.
Platform Key (PK) Options
•

Enroll PK

• Delete Platform Key (PK)
Enroll PK
Use this option to enroll a PK certificate. A Platform Key protects the next key from uncontrolled modification.

Enrolling a PK certificate

Procedure
1. From the System Utilities screen, select System Configuration > BIOS/Platform Configuration
(RBSU) > Server Security > Secure Boot Settings > Advanced Secure Boot Options > Platform Key
(PK) Options > Enroll PK and press Enter.
2. Select Enroll PK Using File and press Enter.
3. Enter the name of a file on an attached media device. Supported formats include .der, .cer, and .crt.
4. (Optional) To apply a signature GUID to this key:
100 Advanced Secure Boot Options