Launching The Embedded Uefi Shell - HPE Apollo 4200 Gen10 Plus User Manual

Secure Boot is a server security feature that is implemented in the BIOS and does not require special hardware. Secure Boot ensures that
each component launched during the boot process is digitally signed and that the signature is validated against a set of trusted certificates
embedded in the UEFI BIOS. Secure Boot validates the software identity of the following components in the boot process:
UEFI drivers loaded from PCIe cards
UEFI drivers loaded from mass storage devices
Preboot UEFI Shell applications
OS UEFI boot loaders
When Secure Boot is enabled:
Firmware components and operating systems with boot loaders must have an appropriate digital signature to execute during the boot
process.
Operating systems must support Secure Boot and have an EFI boot loader signed with one of the authorized keys to boot. For more
information about supported operating systems, see https://www.hpe.com/servers/ossupport
You can customize the certificates embedded in the UEFI BIOS by adding or removing your own certificates, either from a management
console directly attached to the server, or by remotely connecting to the server using the iLO Remote Console.
You can configure Secure Boot:
Using the System Utilities options described in the following sections.
Using the iLO RESTful API to clear and restore certificates. For more information, see the Hewlett Packard Enterprise website
(https://www.hpe.com/info/redfish https://www.hpe.com/info/redfish).
Using the secboot command in the Embedded UEFI Shell to display Secure Boot databases, keys, and security reports.

Launching the Embedded UEFI Shell

Launching the Embedded UEFI Shell
Prerequisites Prerequisites
Embedded UEFI Shell is set to Enabled.
About this task About this task
Use the Embedded UEFI Shell option to launch the Embedded UEFI Shell. The Embedded UEFI Shell is a preboot command-line environment
for scripting and running UEFI applications, including UEFI boot loaders. The Shell also provides CLI-based commands you can use to obtain
system information, and to configure and update the system BIOS.
Procedure Procedure
1. From the System Utilities screen, select Embedded Applications > Embedded UEFI Shell.
The Embedded UEFI Shell screen appears.
2. Press any key to acknowledge that you are physically present.
This step ensures that certain features, such as disabling Secure Boot or managing the Secure Boot certificates using third-party UEFI
tools, are not restricted.
3. If an administrator password is set, enter it at the prompt and press Enter.
The Shell> prompt appears.
4. Enter the commands required to complete your task.
5. Enter the exit command to exit the Shell.
https://www.hpe.com/servers/ossupport.
HPE Apollo 4200 Gen10 Plus Server User Guide 114