Table of Contents
Advertisement
Secure Boot
Secure Boot
Secure Boot is a server security feature that is implemented in the BIOS and does not require special hardware. Secure Boot ensures
that each component launched during the boot process is digitally signed and that the signature is validated against a set of trusted
certificates embedded in the UEFI BIOS. Secure Boot validates the software identity of the following components in the boot process:
UEFI drivers loaded from PCIe cards
UEFI drivers loaded from mass storage devices
Preboot UEFI Shell applications
OS UEFI boot loaders
When Secure Boot is enabled:
Firmware components and operating systems with boot loaders must have an appropriate digital signature to execute during the
boot process.
Operating systems must support Secure Boot and have an EFI boot loader signed with one of the authorized keys to boot. For more
information about supported operating systems, see https://www.hpe.com/servers/ossupport
You can customize the certificates embedded in the UEFI BIOS by adding or removing your own certificates, either from a management
console directly attached to the server, or by remotely connecting to the server using the iLO Remote Console.
You can configure Secure Boot:
Using the System Utilities options described in the following sections.
Using the iLO RESTful API to clear and restore certificates. For more information, see the Hewlett Packard Enterprise website
(https://www.hpe.com/info/redfish
https://www.hpe.com/info/redfish).
Using the secboot command in the Embedded UEFI Shell to display Secure Boot databases, keys, and security reports.
https://www.hpe.com/servers/ossupport.
Secure Boot
129
Advertisement
Table of Contents
Troubleshooting
