Secure BOOT not allowing ISO throught PXE

I have set up a PXE to distribute my installation ISO on Dell Optiplex 3080. It seems that secure BOOT doesn't allow the loading of unsigned images.

I see that there is a expert key managment option in the secure boot menu in BIOS. What do I have to do for secure boot to accept my custom image ?

Thanks for the help.

Responses(2)

redxps630

7 Technologist

•

10.4K Posts

0

January 26th, 2022 15:00

can you disable secure boot temporarily to install the image then enable it afterwards if needed?

for secure boot key management read this Windows Secure Boot Key Creation and Management Guidance | Microsoft Docs

Table 1. Secure Boot

OPTION	DESCRIPTION
Secure Boot Enable	Allows you to enable or disable Secure Boot feature Secure Boot Enable This option is not selected by default.
Secure Boot Mode	Allows you to modify the behavior of Secure Boot to allow evaluation or enforcement of UEFI driver signatures. Deployed Mode (default) Audit Mode
Expert key Management	Allows you to manipulate the security key databases only if the system is in Custom Mode. The Enable Custom Mode option is disabled by default. The options are: PK (default) KEK db dbx If you enable the Custom Mode, the relevant options for PK, KEK, db, and dbx appear. The options are: Save to File- Saves the key to a user-selected file Replace from File- Replaces the current key with a key from a user-selected file Append from File- Adds a key to the current database from a user-selected file Delete- Deletes the selected key Reset All Keys- Resets to default setting Delete All Keys- Deletes all the keys

OPTION

DESCRIPTION

Secure Boot Enable

Allows you to enable or disable Secure Boot feature

Secure Boot Enable

This option is not selected by default.

Secure Boot Mode

Allows you to modify the behavior of Secure Boot to allow evaluation or enforcement of UEFI driver signatures.

Deployed Mode (default)
Audit Mode

Expert key Management

Allows you to manipulate the security key databases only if the system is in Custom Mode. The Enable Custom Mode option is disabled by default. The options are:

PK (default)
KEK
db
dbx

If you enable the Custom Mode, the relevant options for PK, KEK, db, and dbx appear. The options are:

Save to File- Saves the key to a user-selected file
Replace from File- Replaces the current key with a key from a user-selected file
Append from File- Adds a key to the current database from a user-selected file
Delete- Deletes the selected key
Reset All Keys- Resets to default setting
Delete All Keys- Deletes all the keys

O

OlenderF

2 Posts

0

January 27th, 2022 01:00

Of course I disabled secure boot to test the installation of my RedHat image and it works fine.

The problem is that secure boot is required by the client of the system at all time.

Thanks for the documenation. I'll try to find a solution to sign my RedHat image from there.

View All

No Events found!

Optiplex Desktops

Secure BOOT not allowing ISO throught PXE