IDP/Secure Boot

From ESS-WIKI
Jump to: navigation, search

Input keys to BIOS

Requirment

  • Target Platform:
UTX-3115 or ARK-2151S ...
  • BIOS (Need support UEFI Shell )
ARK L510XF23
  • USB Flash Drive
A signed IDP bootable USB flash drive

Enroll key and certificates into UEFI

1. Insert the signed IDP3.0 bootable USB flash drive into a USB port on the Target Device
2. Apply power, press the power button, and then immediately press the Del key to enter the Boot Device Menu
3. Select Enter Setup.
4. Navigate to Boot > CSM parameters > Video. Select UEFI only.
5. Press F4, and select Yes to save changes and reboot. Immediately press the Del key to enter the Boot Device Menu.
6. Navigate to the Boot > CSM parameters > CSM Support. Select Disabled.
7. Press <F4>, and select Yes to save changes and reboot. Immediately press the Del key to enter the Boot Device Menu.
8. Navigate to Security > Secure Boot Menu > Secure Boot. Select Disabled.
9. Delete all secure boot variables. Navigate to Security > Secure Boot Menu > Secure Boot > Key Management. Select Delete All Secure Boot Variable, and then select Yes.
10. Press F4, and select Yes to save changes and reboot. Immediately press the Del key to enter the Boot Device Menu.
11. Select UEFI: Built-in EFI Shell.
12. At the Shell> prompt, type fs0: to enter VFAT partition on the USB flash drive.
13. At the fs0:\ prompt, type EFI\BOOT\BOOTIA64.efi to enroll the keys/certificates into the UEFI and lock down the BIOS. Create the KEK, db, and PK

Enable and Test Secure Boot

1. Reboot the system and press the Del key to enter the Boot Device Menu.
2. Navigate to Security > Secure Boot Menu > Secure Boot. Select Enable.
3. Navigate to Boot Device Menu > UEFI: USB flash drive
4. Press F4, and select Yes to save changes and reboot.
5. Verify the Signed USB flash drive can boot in IDP3.0 OS system successfully.