Secure Boot Settings; Secure Boot Enforcement; Enabling Or Disabling Secure Boot - HPE ProLiant Gen9 User Manual

• UEFI drivers loaded from PCIe cards
• UEFI drivers loaded from mass storage devices
• Pre-boot UEFI shell applications
• OS UEFI boot loaders
When Secure Boot is enabled:
• Firmware components and operating systems with boot loaders must have an appropriate digital signature
to execute during the boot process.
• Operating systems must support Secure Boot and have an EFI boot loader signed with one of the
authorized keys to boot. For more information about supported operating systems, see the UEFI System
Utilities and Shell Release Notes for HPE ProLiant Gen9 Servers and HPE Synergy on the Hewlett
Packard Enterprise website (http://www.hpe.com/info/ProLiantUEFI/docs.).
You can customize the certificates embedded in the UEFI BIOS by adding or removing your own certificates,
either from a management console directly attached to the server, or by remotely connecting to the server
using the iLO 4 Remote Console.
You can configure Secure Boot using:
• The System Utilities options described in the following sections.
• The RESTful API. For more information, see the Hewlett Packard Enterprise website (www.hpe.com/
support/restfulinterface/docs).
You can use the secboot command in the Embedded UEFI Shell to display Secure Boot databases, keys,
and security reports.
Before you enable Secure Boot, make sure you:
• Select UEFI Boot Mode.
• Enable UEFI Optimized Boot.

Secure Boot Settings

•

Secure Boot Enforcement

• Advanced Secure Boot Options
Secure Boot Enforcement
Use this setting to enable or disable Secure Boot.

Enabling or disabling Secure Boot

Prerequisite
To enable this option:
• Set Boot Mode to UEFI Mode.
• Enable UEFI Optimized Boot.
Secure Boot Settings 99