Reference Guide

ManualsBrandsDell ManualsC SeriesPowerEdge R6525

351

352

353

354

355

356

357

358

359

360

NOTE: This attribute cannot be disabled by using the Local RACADM.

Legal Values

● Enabled

● Disabled

Default Value Not Applicable

Write Privilege Server Control

License Required iDRAC Express or iDRAC Enterprise

Dependency Not applicable

BIOS.SysSecurity.SecureBootMode (Read or Write)

Description

This field configures how the BIOS uses the Secure Boot Policy Objects (PK, KEK, db, dbx). In Setup

Mode and Audit Mode, PK is not present, and BIOS does not authenticate programmatic updates to the

policy objects. In User Mode and Deployed Mode, PK is present, and BIOS performs signature verification

on programmatic attempts to update policy objects. Deployed Mode is the most secure mode. Use Setup,

Audit, or User Mode when provisioning the system, then use Deployed Mode for normal operation.

Available mode transitions depend on the current mode and PK presence. Refer to Figure 77 in the UEFI

2.6 specification for more information on transitions between the four modes. In Audit Mode, the BIOS

performs signature verification on pre-boot images and logs results in the Image Execution Information

Table, but executes the images whether they pass or fail verification. Audit Mode is useful for

programmatically determining a working set of policy objects.

When the value of SecureBootMode is DeployedMode AND the value of SecureBoot is Enabled, BIOS will

append a ProgReadOnlyLocal modifier to SecureBoot, SecureBootPolicy, and SecureBootMode. This

means that inband system management tools will not allow users to change these attributes when these

conditions are true. This attribute is always read-write in BIOS Setup and in out-of-band system

management tools.

Legal Values

● SetupMode

● UserMode

● AuditMode

● DeployedMode

Default Value Not Applicable

Write Privilege Server Control

License Required iDRAC Express or iDRAC Enterprise

Dependency Not applicable

BIOS.SysSecurity.SecureBootPolicy (Read or Write)

Description

Allows selecting the Secure Boot Policy. When set to Standard, the BIOS uses the key and certificates

from the system manufacturer to authenticate pre-boot images. When set to Custom, the BIOS uses the

user-customized key and certificates. Note: If Custom mode is selected, the Secure Boot Custom Policy

Settings menu is displayed. Note: Changing the default security certificates may cause the system to fail

booting from certain boot options.

When the value of SecureBootMode is DeployedMode AND the value of SecureBoot is Enabled, BIOS will

append a ProgReadOnlyLocal modifier to SecureBoot, SecureBootPolicy, and SecureBootMode. This

means that inband system management tools will not allow users to change these attributes when these

conditions are true.

Legal Values

● Standard

● Custom

Default Value Not Applicable

BIOS Attributes 351