This article attempts to generalize a process for enrolling secure boot certificates in a UEFI-capable BIOS.
Screen 1: Main BIOS Menu
*********************************
* ggBIOS v2.1 *
*********************************
System Information
Boot Configuration
Security Settings
Power Management
Advanced Options
Save & Exit
[Use Arrow Keys to Select, Enter to Enter Submenu]
Screen 2: Security Settings
****************************
* Security Settings *
****************************
Supervisor Password: [Not Set]
Secure Boot: [Disabled]
TPM Configuration: [Enabled]
Change Passwords
Manage Secure Boot Keys
[Use Up/Down Keys to Highlight, Enter to Modify]
Screen 3: Secure Boot Configuration
****************************
* Secure Boot Settings *
****************************
Secure Boot State: [Enabled]
Platform Mode: [Setup Mode]
Delete All Secure Boot Keys
Enroll Certificate (db database)
View Enrolled Certificates
[Esc to Go Back]
Screen 4: Enroll Certificate
****************************
* Enroll Certificate (db) *
****************************
Select Enrollment Source:
[USB Storage]
Internal Storage
Network
[Esc to Go Back]
Screen 5: USB File Browser
****************************
* USB Storage *
****************************
Volume: GG_USB (16GB)
/EFI/
/Certificates/
+ DB.cer
+ DB.crt
+ DB.esl
+ DB.auth
[Use Arrow Keys, Enter to Select File, Esc to Go Back]
Screen 6: Confirmation
****************************
* Enroll Certificate *
****************************
Selected File: /Certificates/DB.cer
Certificate Type: X.509
Enroll and Append? [Y/N]
Important Notes
- Prerequisites: Computer is Secure Boot capable, certificate is in the correct format on the USB drive.
- BIOS Navigation: The user will need to navigate to the Security Settings, enable Secure Boot, and then access the Enroll Certificate option.
- After Enrollment: Reboot the system. Successful enrollment allows Secure Boot to recognize the newly signed software.