Table of Contents
Advertisement
The Secure boot feature provides the authentication to ensure that the switch runs the intended software and no malicious
party has altered the intended software.
Secure boot validates the firmware and operating system running on the switch and, if there is an authentication failure, it
disallows booting into the switch.
Secure boot requires an immutable Root of Trust. The BIOS is the immutable Root of Trust in your switch.
GRUB locates the SHIM LOCK protocol and registers the SHIM verify function to be used after any load image it performs.
Thereafter, the image that is loaded by GRUB is verified before it is run.
Secure boot files
For secure boot, the .bin file is replaced with the .tar file. The .tar archive file has both the .bin file and the .sig file to
verify the secure boot .bin file. You do not have to untar the .tar file to access the .bin file.
NOTE:
If you specify the .bin file, the .sig file MUST be in the same location as the .bin file.
Topics:
•
Enable BIOS secure boot
•
Disable BIOS secure boot
Enable BIOS secure boot
The Secure Boot configuration page in the BIOS Setup menu is password protected. If Secure Boot mode is not enabled on your
switch, use the following process to enable Secure Boot mode.
1. Enter the BIOS password. The default password is the switch service tag plus an exclamation mark; for example, xxxxxx!.
After first login, to change the default password, select the Security tab then select Administrator Password. Enter and
confirm the new user password. The user password range is 3–20 characters.
After you enter the password, you enter the Main tab of the BIOS user interface.
38
Secure boot
Secure boot
8
Advertisement
Table of Contents
