Integrated Dell Remote Access Controller 9 RACADM CLI Guide

PDF

bioscert

Table 1. Details of the bioscert subcommandThe following table explains the bioscert subcommand and the various tasks that you can perform.
Description

Allows you to

  • View the installed Secure Boot Certificates. To view, you must have the Login privilege
  • Export the Secure Boot Certificate to a remote share or local system. To export, you must have the Login privilege
  • Import the Secure Boot Certificate from a remote share or local system. To import, you must have login and system control privilege
  • Delete the installed Secure Boot Certificate. To delete, you must have login and system control privilege
  • Restore the installed Secure Boot Certificate Sections. To restore, you must have login and system control privilege
Synopsis
  • To view the installed Secure Boot Certificates
    racadm bioscert view –all
  • To export the Secure Boot Certificate to a remote share or local system. 
    racadm bioscert view -t <keyType> -k <KeySubType> -v <HashValue or ThumbPrintValue>

  • racadm bioscert export -t <keyType> -k <KeySubType> -v <HashValue or ThumbPrintValue> -f <filename> -l <CIFS/NFS/HTTP/HTTPS share> -u <username> -p <password>
  • racadm bioscert import -t <keyType> -k <KeySubType> -f <filename> -l <CIFS/NFS/HTTP/HTTPS share> -u <username> -p <password>
  • racadm bioscert delete –all
  • racadm bioscert delete -t <keyType> -k <KeySubType> -v <HashValue or ThumbPrintValue>
  • racadm bioscert restore –all
  • racadm bioscert restore -t <keyType>
Input
  • -t— Specifies the key type of the Secure Boot Certificate to be exported.
    • 0— Specifies the PK (Platform Key)
    • 1— Specifies the KEK (Key Exchange Key)
    • 2— Specifies the DB (Signature Database)
    • 3— Specifies the DBX (Forbidden signatures Database)
  • -k — Specifies the Certificate type or the Hash type of the Secure Boot Certificate file to be exported.
    • 0— Specifies the Certificate type
    • 1— Specifies the Hash type (SHA - 256)
    • 2— Specifies the Hash type (SHA - 384)
    • 3— Specifies the Hash type (SHA - 512)
  • -v— Specifies the Thumbprint value or the Hash value of the Secure Boot Certificate file to be exported.Filename of the exported.
  • -f—Specifies the file name of the exported Secure Boot Certificate.
  • -l—Specifies the network location to where the Secure Boot Certificate file must be exported.
  • -u—Specifies the username for the remote share to where the Secure Boot Certificate file must be exported.
  • -p—Specifies the password for the remote shre to where the Secure Boot Certificate file must be exported.
Example
  • To view the installed Secure boot Certificates.
     racadm bioscert view –all
  • To view an installed PK Certificate
    racadm bioscert view -t 0 -k 0 -v AB:A8:F8:BD:17:1E:35:12:90:67:CD:0E:69:66:79:9B:BE:64:52:0E
  • To view installes DBX certificate of HASH type SHA-256
     racadm bioscert view -t 3 -k 1 -v 416e3e4a6722a534afba9040b6d6a69cc313f1e48e7959f57bf248d543d00245
  • Export the KEK certificate to a remote CIFS share
     racadm bioscert export -t 1 -k 0 -v AB:A8:F8:BD:17:1E:35:12:90:67:CD:0E:69:66:79:9B:BE:64:52:0E  
-f kek_cert.der -l //10.94.161.103/share -u admin -p mypass
  • Export the DBX (Hash Type SHA-256) to a remote NFS share
     racadm bioscert export -t 3 -k 1 -v 416e3e4a6722a534afba9040b6d6a69cc313f1e48e7959f57bf248d543d00245 
-f kek_cert.der -l 192.168.2.14:/share
  • Export the KEK certificate to a local share using the local racadm
     racadm bioscert export -t 1 -k 0 -v AB:A8:F8:BD:17:1E:35:12:90:67:CD:0E:69:66:79:9B:BE:64:52:0E   -f kek_cert.der
  • Export the KEK certificate to a local share using remote racadm
    racadm -r 10.94.161.119 -u root -p calvin bioscert export -t 1 -k 0 -v AB:A8:F8:BD:17:1E:35:12:90:67:CD:0E:69:66:79:9B:BE:64:52:0E -f kek_cert.der
  • Import the KEK certificate from the CIFS share to the embedded iDRAC
    racadm bioscert import -t 1 -k 0 -f kek_cert.der -l //10.94.161.103/share -u admin -p mypass
  • Import KEK (Hash Type SHA-256) from a CIFS share to the embedded iDRAC
    racadm bioscert import -t 1 -k 1 -f kek_cert.der -l //192.168.2.140/licshare -u admin -p passwd
  • Import KEK certificate from a NFS share to the embedded iDRAC
     racadm bioscert import -t 1 -k 0 -f kek_cert.der -l 192.168.2.14:/share
  • Import KEK certificate from a local share using Local RACADM
    racadm bioscert import -t 1 -k 0 -f kek_cert.der
  • Import KEK certificate from a local share using remote RACADM
    racadm -r 10.94.161.119 -u root -p calvin bioscert import -t 1 -k 0 -f kek_cert.der
  • To delete an installed KEK Secure Boot Certificate
    racadm bioscert delete -t 3 -k 0 -v 416e3e4a6722a534afba9040b6d6a69cc313f1e48e7959f57bf248d543d00245
  • To delete an installed DBX Secure Boot Certificate of HASH type SHA-256
    racadm bioscert delete -t 3 -k 1 -v 416e3e4a6722a534afba9040b6d6a69cc313f1e48e7959f57bf248d543d00245
  • To delete all the installed KEK Secure Boot Certificates
    racadm bioscert delete --all
  • To restore the installed KEK Secure Boot Certificates
    racadm bioscert restore -t 1
  • To restore all the installed Secure Boot Certificates
    racadm bioscert restore --all

Rate this content

Accurate
Useful
Easy to understand
Was this article helpful?
0/3000 characters
  Please provide ratings (1-5 stars).
  Please provide ratings (1-5 stars).
  Please provide ratings (1-5 stars).
  Please select whether the article was helpful or not.
  Comments cannot contain these special characters: <>()\