Manualshelf

Administrator Guide

ManualsBrandsDell ManualsConverged InfrastructureGeneral Solution Resources
14151617181920212223
21 : BIOS vs. UEFI | Doc ID 20444677 | June 2018
4.5.2 iSCSI Target Configuration
The difference between iSCSI target configurations for UEFI and BIOS boot modes is the format of the
bootable image on the target. In UEFI boot mode, the image must be a UEFI bootable image. iSCSI target
configuration steps for Windows and Linux can be found on their respective official websites.
4.6 UEFI Secure Boot Configuration
There are three primary settings involved in configuring UEFI Secure Boot. All three settings are available in
BIOS Setup (System Setup > System BIOS > System Security) and iDRAC interfaces such as RACADM. The
Boot Mode must be set to UEFI; otherwise these settings are not configurable. Secure Boot is not available
when the Boot Mode is set to BIOS.
To use UEFI Secure Boot, set the “Secure Boot” setting to “Enabled”, the “Secure Boot Policy” setting to
“Standard”, and the “Secure Boot Mode” setting to “Deployed”. This configuration causes the BIOS to verify
pre-boot code modules (such as adapter firmware and OS loaders) against an industry-standard set of
certificates and hashes. The BIOS will execute only those modules signed by third parties trusted by Dell.
The first setting (Secure Boot) instructs the BIOS whether to perform integrity and authorization checks on
pre-boot code modules. When this setting is set to “Enabled” the BIOS enforces the Secure Boot policy for
each code module that is loaded during the boot process. When this setting is set to “Disabled” the BIOS
loads code modules without performing integrity and authorization checks.
The second setting (Secure Boot Policy) tells the BIOS which Secure Boot policy to enforce. When this
setting is set to “Standard” the BIOS uses an industry-standard set of certificates and hash values that
authorize common operating systems and I/O adapter firmware. The Standard policy applies to a majority of
server deployment environments. (The system BIOS will log and display an error message when a server
component, such as an expansion card or operating system, does not satisfy the policy requirements.) When
this setting is set to “Custom” the BIOS uses a set of certificates and hash values pre-defined by the system
administrator. This setting is intended for advanced users who want additional assurance beyond the
industry-standard policy. A custom policy enables the user to specify which pre-boot code modules are
trusted and executed by the system BIOS.
The third setting (Secure Boot Mode) enables automated deployment capabilities for Secure Boot that are
beyond the scope of this document. The most secure value for the Secure Boot Mode is its default value
(Deployed Mode). Advanced users can find a description of the other values for Secure Boot Mode in the
UEFI specification (version 2.7, section 31.3).
For more information on UEFI Secure Boot and configuring a custom Secure Boot policy, refer to the
following documents:
Defining a Secure Boot Policy (Dell TechCenter)
Secure Boot Management on 14G Dell EMC PowerEdge Servers (Dell TechCenter)
4.7 Integrated Device Firmware
Dell PowerEdge servers include multiple integrated devices, such as network controllers and storage
controllers. Each of these devices has firmware that initializes the hardware and contributes to the boot
process.