Simulated BIOS Screens: Secure Boot Certificate Enrollment

This article attempts to generalize a process for enrolling secure boot certificates in a UEFI-capable BIOS.

Screen 1: Main BIOS Menu

* ggBIOS v2.1 *
System Information
Boot Configuration
Security Settings
Power Management
Advanced Options
Save & Exit

[Use Arrow Keys to Select, Enter to Enter Submenu]

Screen 2: Security Settings

* Security Settings *
Supervisor Password: [Not Set]
Secure Boot: [Disabled]
TPM Configuration: [Enabled]
Change Passwords
Manage Secure Boot Keys

[Use Up/Down Keys to Highlight, Enter to Modify]

Screen 3: Secure Boot Configuration

* Secure Boot Settings *
Secure Boot State: [Enabled]
Platform Mode: [Setup Mode]
Delete All Secure Boot Keys
Enroll Certificate (db database)
View Enrolled Certificates

[Esc to Go Back]

Screen 4: Enroll Certificate

* Enroll Certificate (db) *
Select Enrollment Source:
[USB Storage]
Internal Storage

[Esc to Go Back]

Screen 5: USB File Browser

* USB Storage *
Volume: GG_USB (16GB)
+ DB.cer
+ DB.crt
+ DB.esl
+ DB.auth

[Use Arrow Keys, Enter to Select File, Esc to Go Back]

Screen 6: Confirmation

* Enroll Certificate *
Selected File: /Certificates/DB.cer
Certificate Type: X.509

Enroll and Append? [Y/N]

Important Notes

  • Prerequisites: Computer is Secure Boot capable, certificate is in the correct format on the USB drive.
  • BIOS Navigation: The user will need to navigate to the Security Settings, enable Secure Boot, and then access the Enroll Certificate option.
  • After Enrollment: Reboot the system. Successful enrollment allows Secure Boot to recognize the newly signed software.