3.6.2.1
Key Management
Options Summary
Factory Key
Provision
Install factory default Secure Boot Keys after the platform reset and while the System is
in Setup mode
Restore Factory
Keys
Enroll EFI Image
Restore DB defaults Restore DB variable to factory defaults.
Platform Key (PK)
Key Exchange Keys
Authorized
Signatures
Forbidden
Signatures
Chapter 3 – AMI BIOS Setup
Disabled
Enabled
Force system to user mode. Install factory default Secure Boot key
databases.
Allow the image to run in Secure Boot mode. Enroll SHA256 Hash
of a PE image into Authorized Signature Database (db).
Enroll Factory Defaults or load certificates from a file:
1. Public Key Certificate:
a) EFI_SIGNATURE_LIST
b) EFI_CERT_X509 (DER)
c) EFI_CERT_RSA2048 (bin)
d) EFI_CERT_SHAXXX
Optimal Default, Failsafe Default
71