Enrolling a Secure Boot certificate key or database signature

Procedure
  1. From the System Utilities screen, select System Configuration > BIOS/Platform Configuration (RBSU) > Server Security > Secure Boot Settings > Advanced Secure Boot Options.
  2. Select an exchange key or a signatures database option.
  3. Select Enroll <option name>.
  4. Select Enroll <option name> using file.

    The File Explorer screen shows attached media devices.

  5. Select the attached media device where the certificate file is located, and then press Enter.
  6. Continue selecting the menu path for the certificate file. Press Enter after each selection.
  7. Optional: Select a Signature Owner GUID.
  8. Optional: If you selected Other for the signature owner GUID, enter a Signature GUID.

    Use the following format (36 characters): 11111111-2222-3333-4444-1234567890ab

    • For Hewlett Packard Enterprise certificates, enter: F5A96B31-DBA0-4faa-A42A-7A0C9832768E

    • For Microsoft certificates, enter: 77fa9abd-0359-4d32-bd60-28f4e78f784b

    • For SUSE certificates, enter: 2879c886-57ee-45cc-b126-f92f24f906b9

  9. Select Commit changes and exit.

Example: Enrolling a KEK entry

  1. From the System Utilities screen, select System Configuration > BIOS/Platform Configuration (RBSU) > Server Security > Secure Boot Settings > Advanced Secure Boot Options > KEK - Key Exchange Key > Enroll KEK entry.

  2. Select Enroll KEK using file.

  3. Select the location of the certificate file from an attached media device.

  4. Optional: Select a Signature Owner GUID.

  5. Optional: If you selected Other for the signature owner GUID, enter a Signature GUID.

  6. Select Commit changes and exit.