3.1.4.2
Key Management
Feature
Factory Key Provision
Restore Factory Keys
Enroll Efi Image
Restore DB defaults
Platform Key(PK)
SOM-5871 User Manual
Options
Description
Disabled
Provision factory default keys on next re-
Enabled
boot only when system in Setup Mode
Force system to User Mode. Configure
Press Yes or No
NVRAM to contain OEM-defined factory
default secure boot keys
Allow the image to run in Secure Boot
Check Valid File
mode. Enroll SHA256 Hash certificate of a
System Available
PE image into Authorized Signature Data-
or not
base (db)
Press Yes or No
Restore DB variable to factory defaults
Enroll factory defaults or load certificates
from a file:
1.
Update
Append
2.
3.
72
Public Key Certificate in:
a)EFI_SIGNATURE_LIST, b)
EFI_CERT_X509(DER ), c)
EFI_CERT_RSA2048 (bin), d)
EFI_CERT_SHA256, 384, 512
Authenticated UEFI Variable
EFI PE/COFF Image (SHA256)
Key Source: Factory, External, Mixed