CLI Guide
• On 12G and later systems: Standard, Custom
Description
Sets the process to authenticate pre-boot images. When set to Standard, the BIOS uses
the system manufacturer keys and certicates to authenticate pre-boot images. When set
to Custom, the BIOS uses user-dened keys and certicates. The default value is
Standard.
Example:
A:>syscfg --SecureBootPolicy=Standard
SecureBootPolicy=Standard
Applicable Systems PowerEdge 12G and later systems
UeVariableAccess
Table 237. UeVariableAccess
Valid Arguments
• On systems prior to 13G: NA
• On 13G and later systems: Standard, Controlled
Description
Secures the UEFI variables. When set to Standard, the UEFI variables are accessible from
the operating system as per the UEFI specication. When set to Controlled, selected
UEFI variables are protected in the operating system and new UEFI boot entries are pushed
to the end of the current boot order.
Example:
A:>syscfg --UefiVariableAccess=Standard
UefiVariableAccess=Standard
Applicable Systems PowerEdge 13G and later systems
SecureBootMode
Table 238. SecureBootMode
Valid Arguments
• On systems prior to 14G: NA
• On 14G and later systems: UserMode, DeployedMode.
Description
This feature congures the BIOS uses the Secure Boot Policy Objects — PK, KEK, db, dbx.
In Setup Mode and Audit Mode, PK is not present, and BIOS does not authenticate
programmatic updates to the policy objects.
In User Mode and Deployed Mode, PK is present, and BIOS performs signature verication
on programmatic attempts to update policy objects.
Deployed Mode is the most secure mode. Use Setup, Audit, or User Mode when
provisioning the system, then use Deployed Mode for normal operation. Available mode
transitions depend on the current mode and PK presence.
In Audit Mode, the BIOS performs signature verication on preboot images and logs results
in the Image Execution Information Table, but executes the images whether they pass or fail
124 SYSCFG