HPE ProLiant DL385 Gen10 Plus v2 Maintenance And Service Manual page 118

Hide thumbs Also See for ProLiant DL385 Gen10 Plus v2:

User manual (170 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

page of 177

/ 177
Contents
Table of Contents
Bookmarks

Table of Contents

Secure Boot

Secure Boot is a server security feature that is implemented in the BIOS and does not require special hardware. Secure Boot ensures

that each component launched during the boot process is digitally signed and that the signature is validated against a set of trusted

certificates embedded in the UEFI BIOS. Secure Boot validates the software identity of the following components in the boot process:

UEFI drivers loaded from PCIe cards

UEFI drivers loaded from mass storage devices

Preboot UEFI Shell applications

OS UEFI boot loaders

When Secure Boot is enabled:

Firmware components and operating systems with boot loaders must have an appropriate digital signature to execute during the

boot process.

Operating systems must support Secure Boot and have an EFI boot loader signed with one of the authorized keys to boot. For more

information about supported operating systems, see https://www.hpe.com/servers/ossupport

You can customize the certificates embedded in the UEFI BIOS by adding or removing your own certificates, either from a management

console directly attached to the server, or by remotely connecting to the server using the iLO Remote Console.

You can configure Secure Boot:

Using the System Utilities options described in the following sections.

Using the iLO RESTful API to clear and restore certificates. For more information, see the Hewlett Packard Enterprise website

(https://www.hpe.com/info/redfish

https://www.hpe.com/info/redfish).

Using the secboot command in the Embedded UEFI Shell to display Secure Boot databases, keys, and security reports.

Launching the Embedded UEFI Shell

Use the Embedded UEFI Shell option to launch the Embedded UEFI Shell. The Embedded UEFI Shell is a preboot command-line

environment for scripting and running UEFI applications, including UEFI boot loaders. The Shell also provides CLI-based commands you

can use to obtain system information, and to configure and update the system BIOS.

Prerequisites

Embedded UEFI Shell is set to Enabled.

Procedure

1. From the System Utilities screen, select Embedded Applications > Embedded UEFI Shell.

The Embedded UEFI Shell screen appears.

2. Press any key to acknowledge that you are physically present.

This step ensures that certain features, such as disabling Secure Boot or managing the Secure Boot certificates using third-party

UEFI tools, are not restricted.

3. If an administrator password is set, enter it at the prompt and press Enter.

The Shell> prompt appears.

4. Enter the commands required to complete your task.

5. Enter the exit command to exit the Shell.

iLO Service Port

iLO

Service Port

https://www.hpe.com/servers/ossupport.

HPE ProLiant DL385 Gen10 Plus v2 Server Maintenance and Service Guide

118

Table of Contents

HPE ProLiant DL385 Gen10 Plus v2 Maintenance And Service Manual page 118

Related Manuals for HPE ProLiant DL385 Gen10 Plus v2

Related Products for HPE ProLiant DL385 Gen10 Plus v2

Table of Contents