1. Oracle Exadata Storage Server X9-2 EF, HC, and XT Service Manual
  2. Setting Up BIOS Configuration Parameters
  3. Common BIOS Setup Utility Tasks
  4. Configure UEFI Secure Boot

Configure UEFI Secure Boot

  1. Access the BIOS Setup Utility menus.
  2. On the Main Menu screen, select Security and press Enter.
  3. On the Security Settings screen, select Secure Boot and press Enter.
  4. On the Secure Boot screen, select Attempt Secure Boot and press Enter. Do one of the following:

    • Select Enabled to enable UEFI Secure Boot. Continue with Step 5 to manage policy variables.

    • Select Disabled to disable UEFI Secure Boot. Continue with Step 8 to save changes and exit from the BIOS Setup Utility.

    When enabled, Secure Boot allows you to manage Secure Boot policy variables.

  5. To manage Secure Boot policy variables, select Key Management and press Enter.

    The Key Management screen provides options to provision factory default Secure Boot keys or to enroll an Extensible Firmware Interface (EFI) image.

    • To provision factory default keys – See Step 6.

    • To enroll an EFI image – See Step 7.

  6. If you want to provision factory default keys, select Factory Key Provision and press Enter. Do one of the following:

    • Select Enabled to allow the provisioning of factory default Secure Boot keys when the system is in Setup Mode. When enabled, you can select Restore Factory Keys to force the system to User Mode and install all the factory default Secure Boot keys.

    • Select Disabled to disable the provisioning of factory default Secure Boot keys. When disabled, you can select Delete all Secure Boot Variables to remove all Secure Boot keys from the system. Selecting this option also resets the system to Setup Mode.

  7. If you want to enroll an EFI image, select Enroll Efi Image and press Enter.
    1. On the Select a File System screen, scroll through the list and select the file system that contains the EFI file, and press Enter.
    2. On the Select File screen, scroll through the list and select the EFI file (or another available file), and press Enter.
    3. On the next Select File screen, scroll through the list and select the image file that you want to run in Secure Boot mode, and press Enter.
    4. To save all Secure Boot policy variables, select Save all Secure Boot variables and press Enter.
    5. On the Select a File System screen, select the file system where you want to save the EFI file, and press Enter.

      The Secure Boot policy variables are saved to the root folder in the target file system.

  8. Press the F10 key to save the changes and exit the BIOS Setup Utility.

Related Topics: