1. Oracle Server X9-2L Service Manual
  2. Setting Up BIOS Configuration Parameters

22 Setting Up BIOS Configuration Parameters

This section provides an overview of BIOS configuration management, UEFI BIOS, and the BIOS Setup Utility:

BIOS Setup Utility Menu Options

Manage the BIOS Configuration

The BIOS configuration parameters on an Oracle x86 server are manageable from the BIOS Setup Utility and Oracle ILOM. For information about using these tools to manage the BIOS configuration, refer to:

Accessing the BIOS Setup Utility

The BIOS Setup Utility allows you to view product information, and to configure, enable, and disable, or manage system components.

This section provides the following information:

BIOS Setup Utility Menus

The following table provides descriptions for the top-level BIOS Setup Utility menus.

Menu Description

Main

View general BIOS information, including version, build date and time, platform and processor, memory, and system date and time.

Advanced

Configure NVMe, network stack, PCI subsystem, SATA, disk freeze lock, processor, MD SSD and USB port, Intel platform, Intel socket, CPU, RAM disk, iSCSI, and driver health.

IO

Configure internal I/O devices, add-in cards, and PCIe connectors.

Security

Configure secure boot.

Boot

Configure the retry boot list, network boot retry, boot option priorities.

Save & Exit

Save changes and exit, discard changes and exit, discard changes, or restore the default BIOS settings.

BIOS Key Mappings

When viewing the BIOS output from a terminal using the serial console redirection feature, some terminals do not support function keys. BIOS supports the mapping of function keys to Control key sequences when serial redirection is enabled. The following table provides a description of the function key to Control key sequence mappings.

Function Key Control Key Sequence BIOS Setup Function

F1

Ctrl+Q

Activate the Setup Utility Help menu.

F2

Ctrl+E

Enter BIOS Setup Utility while the system is performing power-on self-test (POST).

F8

Ctrl+P

Activate the BIOS Boot Menu.

F10

Ctrl+S

Save and Exit changes.

F12

Ctrl+N

Activate Network boot.

Access BIOS Setup Utility Menus

You can access the BIOS Setup Utility screens from the following interfaces:

  • Use a terminal (or terminal emulator connected to a computer) through the serial port on the back panel of the server.

  • Connect to the server using the Oracle ILOM Remote System Console Plus application.

  1. Reset or power on the server.

    For example, to reset the server:

    • From the local server, press the On/Standby button on the front panel of the server to power off the server, and then press the On/Standby button again to power on the server.

    • From the Oracle ILOM web interface, click Host Management → Power Control and select Reset from the Select Action list. Click Save, and then click OK.

    • From the Oracle ILOM CLI, type reset /System

  2. After the server resets, to enter the BIOS Setup Utility, press the F2 key (Ctrl+E from a serial connection) when prompted and while the BIOS is running the power-on self-tests (POST).

    The BIOS Setup Utility Main Menu screen appears.


    This figure shows the BIOS Setup Utility Main Menu.

Navigate BIOS Setup Utility Menus

  1. In the BIOS Setup Utility, press the left and right arrow keys to select the menu options.

    As you select a menu option, the top-level menu for that menu option appears.

  2. To navigate options in a top-level menu, press the up and down arrow keys.

    Options that you can modify appear highlighted in the menu. User instructions for a selected menu option appear on the upper right side of the screen.

  3. Modify an option by pressing the + or - (plus or minus) keys, or by pressing Enter and selecting the option from the menu.

    The navigation keys appear on the lower right side of the BIOS screen.

  4. Press the Esc key to return from a sub-menu to the previous menu.

    Pressing Esc from a top-level menu is equivalent to selecting the Discard Changes and Exit option in the Save Menu.

  5. Modify parameters, as needed.
  6. Press the F10 key to save your changes and exit the BIOS Setup Utility.

    Alternatively, you can select the Save menu, and select Save Changes and Exit to save your changes and exit the BIOS Setup Utility.

    Note:

    After modifying any BIOS settings, the subsequent reboot might take longer than a typical reboot where you did not change any settings. The delay occurs because the changes to the BIOS settings are synchronized with Oracle ILOM.

Using UEFI BIOS

Oracle Server X9-2L has a Unified Extensible Firmware Interface (UEFI)-compatible BIOS, which runs with all operating systems that are supported on the server. The BIOS firmware controls the system from power-on until an operating system is booted and allows you to configure, enable, disable, or manage system components.

This section includes the following information:

Configuration Utilities for Add-In Cards

In UEFI BIOS, the configuration screens for the add-in cards appear as menu items in the BIOS Advanced Menu as part of the standard BIOS Setup Utility screens. For example, if the Oracle Storage 12 Gb SAS PCIe RAID HBA, Internal card is installed in the server, the configuration utility for the HBA appears as a menu selection.

Configure and Manage BIOS Using Oracle ILOM

Oracle Integrated Lights Out Manager (ILOM) includes BIOS configuration and management tools. You can perform the following BIOS configuration tasks using Oracle ILOM:

  • View the BIOS configuration synchronization status and synchronize the configuration parameters

  • Reset the factory defaults for the service processor (SP) and Oracle ILOM BIOS

  • Backup or restore the BIOS configuration

  • Enable UEFI diagnostics to run at system boot

For more information about Oracle ILOM BIOS configuration and management tools, refer to the Oracle Integrated Lights Out Manager (ILOM) 5.0 Documentation.

UEFI Secure Boot

Oracle Server X9-2L UEFI BIOS supports UEFI Secure Boot. UEFI Secure Boot defines how platform firmware can authenticate a digitally signed UEFI image, such as an operating system loader or a UEFI driver.

When enabled, UEFI Secure Boot provides a policy-based invocation of various UEFI executable images, using cryptographic signatures to identify the software publishers. UEFI Secure Boot also requires all third-party UEFI drivers and operating system boot loaders to be signed by Microsoft or with Key Exchange Key (KEK) by using BIOS setup.

UEFI Secure Boot is disabled by default. For configuration information, see Configure UEFI Secure Boot.

Trusted Execution Technology

Oracle Server X9-2L uses Trusted Execution Technology (TXT), which provides authenticity of a platform and its operating system.

When enabled, TXT ensures that the operating system (OS) starts in a trusted environment, and provides the OS with additional security capabilities not available to an untrusted OS. Using cryptographic techniques, TXT provides measurements of software and platform components so that system software as well as local and remote management applications may use those measurements to make trust decisions. Trusted Execution Technology defends against software-based attacks aimed at stealing sensitive information by corrupting system or BIOS code, or modifying a platform's configuration.

Trusted Execution Technology is disabled by default. For configuration information, see Configure Trusted Execution Technology.

Common BIOS Setup Utility Tasks

This section presents the procedures for some of the BIOS setup tasks that you typically perform when setting up and managing the server.

For additional information about BIOS setup tasks, refer to the Oracle X9 Series Servers Administration Guide at Oracle x86 Servers Administration, Diagnostics, and Applications Documentation.

Verify BIOS Factory Default Settings

In the BIOS Setup Utility, you can return the BIOS settings to the optimal factory default values, as well as view and edit settings as needed. Any changes that you make in the BIOS Setup Utility (using the F2 key) persist until the next time you change the settings.

  1. Ensure that a console connection is established to the server.
  2. Reset or power on the server.

    For example, to reset the server:

    • From the local server, press the On/Standby button on the front panel of the server to power off the server, and then press the On/Standby button again to power on the server.

    • From the Oracle ILOM web interface, click Host Management → Power Control and select Reset from the Select Action list. Click Save, and then click OK.

    • From the Oracle ILOM CLI, type reset /System

  3. After the server resets and begins the initialization process, when prompted, press the F2 key to access the BIOS Setup Utility.
  4. To ensure that the factory defaults are set, do the following:
    1. Press the F9 key to automatically load the optimal factory default settings.
    2. To confirm, highlight OK, and press Enter.
  5. Press the F10 key to save the changes and exit the BIOS Setup Utility.

Select a Temporary Boot Device

  1. Reset or power on the server.

    For example, to reset the server:

    • From the local server, press the On/Standby button on the front panel of the server to power off the server, and then press the On/Standby button again to power on the server.

    • From the Oracle ILOM web interface, click Host Management → Power Control and select Reset from the Select Action list. Click Save, and then click OK

    • From the Oracle ILOM CLI, type reset /System

  2. After the server resets and begins the initialization process, press the F8 key (or Ctrl+P from a serial connection) when prompted, while the UEFI BIOS is running the power-on self-test (POST) to access the boot device menu.
  3. In the Please Select Boot Device dialog box, select the boot device according to the operating system you are running, and press Enter.

    The boot device you select is in effect only for the current system boot. The permanent boot device specified using the F2 key is in effect after booting from the temporary boot device.

  4. Follow the onscreen instructions to install the operating system from the selected boot device.

Configure TPM Support

The Trusted Platform Module (TPM) feature set is enabled by default. If you want to disable it, or to enable it after it has been disabled, perform the procedure in this section.

Note:

TPM enables you to administer the TPM security hardware in your server. For additional information about implementing this feature, refer to the Windows Trusted Platform Module Management documentation provided by your operating system or third-party software vendor.

If you intend to use the TPM, configure the server to support TPM, which is enabled by default on Oracle Server X9-2L.

  1. Access the BIOS Setup Utility menus.
  2. Navigate to the Security Menu.
  3. On the Advanced Menu screen, select Trusted Computing 2.0.
  4. On the Trusted Computing 2.0 Configuration screen, select Security TPM Device Support and press Enter. Do one of the following:

    • Select Disable to disable Security TPM Device Support.

    • Select Enable to enable Security TPM Device Support.

  5. On the updated Trusted Computing 2.0 Configuration screen, press the F10 key to save the changes and exit the BIOS Setup Utility.

Configure UEFI Driver Settings

  1. Access the BIOS Setup Utility menus.
  2. In the BIOS Setup Utility menus, navigate to the IO Menu.
  3. On the IO Menu screen, select either Internal Devices or Add In Cards and press Enter to display the internal device or add-in card slot for which you want to enable or disable the PCI-E UEFI Driver.
  4. On the Internal Devices screen, select the internal device or add In card slot that you want to configure.
  5. On the PCI-E UEFI Driver Enable screen, select PCI-E UEFI Driver Enable and press Enter. Do one of the following:

    • Select Enabled to enable the PCI-E UEFI Driver setting.

    • Select Disabled to disable the PCI-E UEFI Driver setting.

  6. Press the F10 key to save the changes and exit the BIOS Setup Utility.

Configure I/O Resource Allocation

  1. Access the BIOS Setup Utility menus.
  2. In the BIOS Setup Utility menus, navigate to the IO Menu.
  3. On the IO Menu screen, select Add In Cards and press Enter to display the add-in card slots.
  4. On the Add In Cards screen, select the slot in which you want to configure the card and press Enter.
  5. On the IO resource allocation screen for that card, select IO Enable and press Enter. Do one of the following:

    • Select Enabled to enable I/O resource allocation for the I/O card.

    • Select Disabled to disable I/O resource allocation for the I/O card.

  6. Press the F10 key to save the changes and exit the BIOS Setup Utility.

Configure UEFI Secure Boot

  1. Access the BIOS Setup Utility menus.
  2. On the Main Menu screen, select Security and press Enter.
  3. On the Security Settings screen, select Secure Boot and press Enter.
  4. On the Secure Boot screen, select Attempt Secure Boot and press Enter. Do one of the following:

    • Select Enabled to enable UEFI Secure Boot. Continue with the next step to manage policy variables.

    • Select Disabled to disable UEFI Secure Boot. Continue with Step 8 to save changes and exit from the BIOS Setup Utility.

    When enabled, Secure Boot allows you to manage Secure Boot policy variables.

  5. To manage Secure Boot policy variables, select Key Management and press Enter.

    The Key Management screen provides options to provision factory default Secure Boot keys or to enroll an Extensible Firmware Interface (EFI) image.

    • To provision factory default keys – See Step 6.

    • To enroll an EFI image – See Step 7.

  6. If you want to provision factory default keys, select Factory Key Provision and press Enter. Do one of the following:

    • Select Enabled to allow the provisioning of factory default Secure Boot keys when the system is in Setup Mode. When enabled, you can select Restore Factory Keys to force the system to User Mode and install all the factory default Secure Boot keys.

    • Select Disabled to disable the provisioning of factory default Secure Boot keys. When disabled, you can select Delete all Secure Boot Variables to remove all Secure Boot keys from the system. Selecting this option also resets the system to Setup Mode.

  7. If you want to enroll an EFI image, select Enroll Efi Image and press Enter.
    1. On the Select a File System screen, scroll through the list and select the file system that contains the EFI file, and press Enter.
    2. On the Select File screen, scroll through the list and select the EFI file (or another available file), and press Enter.
    3. On the next Select File screen, scroll through the list and select the image file that you want to run in Secure Boot mode, and press Enter.
    4. To save all Secure Boot policy variables, select Save all Secure Boot variables and press Enter.
    5. On the Select a File System screen, select the file system where you want to save the EFI file, and press Enter.

      The Secure Boot policy variables are saved to the root folder in the target file system.

  8. Press the F10 key to save the changes and exit the BIOS Setup Utility.

Configure Trusted Execution Technology

  1. Verify that TPM is enabled.
  2. Access the BIOS Setup Utility menus.
  3. On the Main Menu screen, select Advanced, and press Enter.
  4. On the Advanced screen, select Intel Socket Configuration, and press Enter.
  5. On the Intel Socket Configuration screen, select Enable Intel(R) TXT and press Enter. Do one of the following:

    • Select Enabled to enable TXT.

    • Select Disabled to disable TXT.

  6. Press the F10 key to save the changes and exit the BIOS Setup Utility.

Exit BIOS Setup Utility

  1. Use the left and right arrow keys to navigate to the top-level Save & Exit Menu.
  2. Use the up and down arrow keys to select an action.
  3. Press Enter to select the option.
  4. In the confirmation dialog box, select Yes to proceed and exit the BIOS Setup Utility, or select No to stop the exit process.

    Note:

    After modifying any BIOS settings, the subsequent reboot might take longer than a typical reboot where no settings were modified. The additional delay is required to ensure that changes to the BIOS settings are synchronized with Oracle ILOM.