Manualshelf

Administrator Guide

ManualsBrandsDell ManualsConverged InfrastructureSecurity Solution Resources
11121314151617181920
Technical support and resources
ID 483
3.1.2 BIOS Live Scanning
BIOS live scanning verifies the integrity and authenticity of the BIOS image in the primary ROM when the host
is powered on. BIOS Live Scanning does not include the POST process. This AMD only feature and is
available only with iDRAC9 4.10.10.10 or higher with the Datacenter license. This feature requires
administrator privileges, or operator privileges with “Execute Debug Commands” debug privilege. This scan
can be scheduled through the iDRAC UI, RACADM, and Redfish interfaces.
3.1.3 UEFI Secure Boot Customization DHCPcurrent and new configuration
options
PowerEdge servers support Unified Extensible Firmware Interface (UEFI) Secure Boot. UEFI Secure Boot
checks the cryptographic signatures of UEFI drivers and code that is loaded before the operating system.
Secure Boot represents an industry-wide standard for security in the preboot environment. Computer system
vendors, expansion card vendors, and operating system providers collaborate on this specification to promote
interoperability.
When enabled, UEFI Secure Boot prevents unsigned (untrusted) UEFI device drivers from being loaded,
displays an error message, and does not allow the device to function. Secure Boot must be disabled to load
unsigned device drivers.
In addition, 14th and 15th generation PowerEdge servers offer customers the unique flexibility of using a
customized boot loader certificate that is not signed by Microsoft. This feature is primarily for Linux
administrators that want to sign their own operating system boot loaders. Custom certificates can be uploaded
using the preferred iDRAC API to authenticate a customer specific operating system boot loader. The NSA
cites this PowerEdge UEFI customization method for mitigating against Grub2 vulnerabilities in servers.