Key Management
To open the Key Management page, select Security Secure Boot Key Management from the
Setup. This function enables expert users to modify Secure Boot Policy variables without full
authentication.
Factory Key Provision: Install factory default Secure Boot keys after the platform reset while the System
is in Setup mode.
Restore Factory Keys: Force System to User Mode and restores Install factory default Secure Boot key
databases.
Reset To Setup Mode: Deletes all Secure Boot key databases from NVRAM.
Export Secure Boot variables: Copies NVRAM content of Secure Boot variables to files in a root folder
on a file system device
Enroll Efi Image: Allows the image to run in Secure Boot mode and enrolls the SHA256 Hash certificate
of a PE image into Authorized Signature Database (db).
Device Guard Ready
Remove 'UEFI CA' from DB: Removes the 'Microsoft UEFI CA' certificate in the Authorized Signature
database when in Device Guird Ready mode.
Restore DB defaults: Restores DB variable to factory defaults.
Secure Boot variable: Enrolls Factory Defaults or load certificates from a file.
1. Public Key Certificate:
a.
EFI_SIGNATURE_LIST
b.
EFI_CERT_X509 (DER)
c.
EFI_CERT_RSA20
23