ADLINK Technology AmITX-CF-I User Manual page 62

7.5.1.1 Key Management
Feature
Vendor Keys
Factory Key Provision
Restore Factory Keys
Reset to Setup Mode
Export Secure Boot
variables
Enroll Efi Image
Device Guard Ready
Remove "UEFI CA" from DB
Restore DB defaults
Secure Boot variable
Platform Key (PA)
Key Exchange Keys
Authorized Signatures
Forbidden Signatures
Authorized TimeStamps
OsRecovery Signatures
56
Options
Modified
Disable
Enable
Yes
No
Yes
No
Ok
Ok
Yes
No
Yes
No
Size | Keys | Key Source
0 | 0 | No Keys
0 | 0 | No Keys
0 | 0 | No Keys
0 | 0 | No Keys
0 | 0 | No Keys
0 | 0 | No Keys
Description
Install factory default Secure Boot keys after the
platform reset and while the System is in Setup
mode.
Force System to User Mode. Install factory default
Secure Boot key databases
Delete all Secure key databases from NVRAM.
Copy NVRAM content of Secure Boot variables to
files in a root folder on a file system device.
Allow the image to run in Secure Boot mode.
Enroll SHA256 Hash certificate of a PE image into
Authorized Signature Database (db).
Device Guard ready system must not list
'Microsoft UEFI CA' Certificate in Authorized
Signature database (db).
Restore DB variable to factory defaults.
Enroll Factory Defaults or load certificates from a
file:
1. Public key Certificate:
a) EFI_SIGNATURE _LIST
b) EFI_CERT_X509 (DER)
c) EFI_CERT_RSA2048 (bin)
d) EFI_CERT_SHAXXX
2. Authenticated UEFI Variables
3. EFI PE/COFF Image (SHA256)
Key Source: Factory, External, Mixed
BIOS Setup