Dell Networking - Sonic OS UEFI Secure Boot.

Résumé: Selected Dell PowerSwitch platforms include a Trusted Platform Module {TPM} that provides hardware-based encryption services to applications, such as UEFI Secure Boot. UEFI Secure Boot is a component of the BIOS that verifies and ensures the file integrity of the network operating system {NOS} to boot. The Dell PowerSwitch includes TPM and has UEFI Secure Boot enabled by default in the BIOS to allow only signed NOSs to be installed successfully. ...

Cet article concerne Cet article ne concerne pas Cet article n’est associé à aucun produit spécifique. Toutes les versions du produit ne sont pas identifiées dans cet article.
Consulter d’autres ressources

Instructions

Enterprise SONiC 4.2.0 and later releases support UEFI Secure Boot on the following platforms: 

 

  • Z9864F-ON
  • Z9664F-ON
  • Z9432F-ON
  • S5448F-ON
  • S4348F-ON
  • S4348T-ON

 

On these platforms, by default, UEFI Secure Boot is enabled. If you have disabled UEFI Secure Boot previously, to use Secure Boot, use the following procedure to enable it: 

 
Note: If you are already running Enterprise SONiC 4.1.x or a previous version on these platforms, secure boot is already disabled in the BIOS. 

  
 

  
To check if your device supports secure boot or enabled, use the following command: 

  
On a platform that does not support Secure Boot: 

  
 

  
sonic# show platform sbstatus
SecureBoot is not supported on this system

  
 

  
On a platform that supports Secure Boot: 

  
 

  
sonic# show platform sbstatus
SecureBoot is Disabled

  
 

  
Prerequisites to use secure boot

  
 

  
    
   
  • Enable the Secure Boot in the BIOS firmware.
    • 
   
  • If you are already running Enterprise SONiC 4.1.x or a previous version and would like to use the Secure Boot feature in the 4.2.0 or a later release, Install Enterprise SONiC only using the ONIE.
    • 
   
  • The file names of the image and the signature file are the same.
    • 
  

  
 

  
Enable UEFI Secure Boot.

  
 

  

   
CAUTION: Before entering BIOS to enable Secure Boot, backup your existing configuration file.

  

  
 

  
To enable UEFI Secure Boot in the BIOS firmware: 

  
 

  
    
   
  1. Attach a console to the serial port on the switch.
    2. 
   
  2. Power cycle the switch.
    3. 
   
  3. After the POWER-ON tests finish, press DEL or F2 when prompted to enter the BIOS menu. If prompted for a password, enter the service tag of the switch followed by an exclamation sign (!); for example: G0K8PK2!
    4. 
   
  4. When the BIOS menu is displayed, open the Security tab, select Enable Secure Boot, and press Enter and select Enabled.
    5. 
   
  5. Press F4 to save the change, exit the BIOS menu, and reboot the switch.
    6. 
  

  
 

  
Figure 1. Enable secure Boot in the BIOS menu. 

  
BIOS menu

  
 

  
If you do not want to use Secure Boot.

  
 

  
If you do not want to use UEFI Secure Boot, or if you use Enterprise SONiC 4.1.x or a previous version, disable UEFI Secure Boot to install or boot Enterprise SONiC on TPM-enabled switches, such as the Z9864F-ON, Z9432F-ON, Z9664F-ON, and S5448F-ON.

  
 

  
Error messages

  
 

  

   If you do not disable UEFI Secure Boot, the following error messages are displayed in the serial console during installation: 
  

  

    
  

  
ONIE:~ # onie-nos-install http://ip-address/tftpboot/SONIC/dell_sonic/Enterprise_SONiC_OS_4.5.1_Enterprise_Premium.bin
discover: Rescue mode detected. No discover stopped.
Connecting to ip-address
installer 100% |*******************************| 937M 0:00:00 ETA
ONIE: Executing installer: http://ip-address/tftpboot/SONIC/dell_sonic/Enterprise_SONiC_OS_4.5.1_Enterprise_Premium.bin
Failure: sig file is not found
ONIE:~ #

  

    
  

  

   Or later when Enterprise SONiC boots with Secure Boot enabled: 
  

  

    
  

  

   
Version 2.19.1266. Copyright (C) 2018 American Megatrends, Inc.
BIOS Date: 12/05/2018 22:05:29 Ver: 0ACHI032
Press <DEL> or <F2> to enter setup.
Entering Setup...

   

   Figure 2. Secure Boot error message.
  

  
Secure Boot error message

  
 

  
Disable UEFI Secure Boot.

  
 

  
To disable UEFI Secure Boot in the BIOS firmware:

  
    
   
  1. Attach a console to the serial port on the switch.
    2. 
   
  2. Power cycle the switch.
    3. 
   
  3. After the POWER-ON tests finish, press DEL or F2 when prompted to enter the BIOS menu. If prompted for a password, enter the service tag of the switch followed by an exclamation sign (!); for example: G0K8PK2!
    4. 
   
  4. When the BIOS menu is displayed, open the Security tab, select Enable Secure Boot, and press Enter to disable UEFI Secure Boot.
    5. 
  

  
 

  
Figure 3. BIOS menu.

  
BIOS menu

  
 

  
Press F4 to save the change, exit the BIOS menu, and reboot the switch.

  
 

  
 

        


        

        
        
Produits concernés

        Enterprise SONiC Distribution







                        

                            

    

        

            

                
                    
 Propriétés de l’article

                
            

            

                

                        
Numéro d’article: 000415396

                

                
                

                        
Type d’article: How To

                

                

                        
Dernière modification: 20 janv. 2026


                

                    

                            
Version:  1

                    


            


        

    

    

        

            

                
                    
Trouvez des réponses à vos questions auprès d’autres utilisateurs Dell

                
            

            

                

                    
                



            


        

    

    

        

            

                
                    
Services de support

                
            

            

                

                    Vérifiez si votre appareil est couvert par les services de support.