User manual
BAT-T USER MANUAL
45
Chapter 3
Secure Boot Mode (Custom)
This item is used to select secure boot mode, when you select standard mode,
secure boot policy is fixed; when you select custom mode, the image execution policy
and secure boot key databases are changeable.
Key Management
Scroll to this item and press <Enter> to view the following screen.
+/- : Change Opt.
Enter : Select
:Select Screen
:Select Item
F1:General Help
Aptio Setup Utility - Copyright (C) 2012 American Megatrends, Inc.
F2:Previous Values
F3:Optimized Defaults
F4:Save & Exit
ESC:Exit
Version 2.02.1205. Copyright (C) 2012 American Megatrends, Inc.
Secure Boot can be enabled if
1. System running in User mode
with enrolled Platform Key(PK)
2. CSM function is disabled
Factory Default Key Provisioning [Disabled]
Enroll All Factroy Default Keys
Save All Secure Boot Variables
Platform Key (PK) NOT INSTALLED
Delete PK
Set new PK
Key Exchange Key Database (KEK) NOT INSTALLED
Delete KEK
Set new KEK
Append KEK
Authorized Signature Database(DB) NOT INSTALLED
Delete DB
Set new DB
Append DB
Forbidden Signature Database(DBX) NOT INSTALLED
Delete DBX
Set new DBX
Append DBX
Factory Default Key Provisioning (Disabled)
Use this item to install factory default secure boot keys when system is in setup
mode.
Main Advanced Chipset M.I.B III Security Boot Exit
Enroll All Factory Default Keys
Use this item to force system to user mode--install all factory default keys (PK, KEK,
DB, DBX, DBT). And the change takes effect after reboot.
Save All Secure Boot Variables
Use this item to store content of each secure boot variable (data formatted as
EFI_SIGNATURE_LIST) to a file with matching name on selected file system’s root
folder.
Platform Key(PK) (NOT INSTALLED)
This item shows the information of the platform key.
Delete PK/KEK/DB/DBX
This item is used to delete the variable.
Set new PK/KEK/DB/DBX
These items launche the file brower to set Efi Variable from the file. The file data
must be formatted as Efi Variable with TimeBased Authenticated Header.