Skip to main content
Sign Out

Welcome to Dell

My Account
  • Place orders quickly and easily
  • View orders and track your shipping status
  • Enjoy members-only rewards and discounts
  • Create and access a list of your products
  • Manage your Dell EMC sites, products, and product-level contacts using Company Administration.
Sign In Create an Account Dell Financial Services Premier Sign In Partner Program Sign In
Contact Us

Your Dell.com Carts

Integrated Dell Remote Access Controller 9 RACADM CLI Guide

PDF

bioscert

Table 1. Details of the bioscert commandThe following table explains the bioscert command and the various tasks that you can perform.
bioscert
Description Allows you to
  • View the installed Secure Boot Certificates. To view, you must have the Login privilege.
  • Export the Secure Boot Certificate to a remote share or local system. To export, you must have the Login privilege.
  • Import the Secure Boot Certificate from a remote share or local system. To import, you must have login and system control privilege.
  • Delete the installed Secure Boot Certificate. To delete, you must have login and system control privilege.
  • Restore the installed Secure Boot Certificate Sections. To restore, you must have login and system control privilege.
Synopsis
  • To view the installed Secure Boot Certificates 
    racadm bioscert view –all
  • To export the Secure Boot Certificate to a remote share or local system. 
    racadm bioscert view -t <keyType> -k <KeySubType> -v <HashValue or ThumbPrintValue>

  • racadm bioscert export -t <keyType> -k <KeySubType> -v <HashValue or ThumbPrintValue> -f <filename> -l <CIFS/NFS/HTTP/HTTPS share> -u <username> -p <password>
  • racadm bioscert import -t <keyType> -k <KeySubType> -f <filename> -l <CIFS/NFS/HTTP/HTTPS share> -u <username> -p <password>
  • racadm bioscert delete –all
  • racadm bioscert delete -t <keyType> -k <KeySubType> -v <HashValue or ThumbPrintValue>
  • racadm bioscert restore –all
  • racadm bioscert restore -t <keyType>
Input
  • -t— Specifies the key type of the Secure Boot Certificate to be exported.
    • 0—Specifies the PK (Platform Key)
    • 1—Specifies the KEK (Key Exchange Key)
    • 2—Specifies the DB (Signature Database)
    • 3—Specifies the DBX (Forbidden signatures Database)
  • -k — Specifies the Certificate type or the Hash type of the Secure Boot Certificate file to be exported.
    • 0—Specifies the Certificate type
    • 1—Specifies the Hash type (SHA - 256)
    • 2—Specifies the Hash type (SHA - 384)
    • 3—Specifies the Hash type (SHA - 512)
  • -v— Specifies the Thumbprint value or the Hash value of the Secure Boot Certificate file to be exported.
  • -f—Specifies the file name of the exported Secure Boot Certificate.
  • -l—Specifies the network location to where the Secure Boot Certificate file must be exported.
  • -u—Specifies the username for the remote share to where the Secure Boot Certificate file must be exported.
  • -p—Specifies the password for the remote share to where the Secure Boot Certificate file must be exported.
Example
  • To view the installed Secure boot Certificates. 
     racadm bioscert view –all
  • To view an installed PK Certificate 
    racadm bioscert view -t 0 -k 0 -v AB:A8:F8:BD:17:1E:35:12:90:67:CD:0E:69:66:79:9B:BE:64:52:0E
  • To view an installed DBX certificate of HASH type SHA-256. 
     racadm bioscert view -t 3 -k 1 -v 416e3e4a6722a534afba9040b6d6a69cc313f1e48e7959f57bf248d543d00245
  • Export the KEK certificate to a remote CIFS share. 
     racadm bioscert export -t 1 -k 0 -v AB:A8:F8:BD:17:1E:35:12:90:67:CD:0E:69:66:79:9B:BE:64:52:0E  
-f kek_cert.der -l //10.94.161.103/share -u admin -p mypass
  • Export the DBX (Hash Type SHA-256) to a remote NFS share. 
     racadm bioscert export -t 3 -k 1 -v 416e3e4a6722a534afba9040b6d6a69cc313f1e48e7959f57bf248d543d00245 
-f kek_cert.der -l 192.168.2.14:/share
  • Export the KEK certificate to a local share using the local racadm. 
     racadm bioscert export -t 1 -k 0 -v AB:A8:F8:BD:17:1E:35:12:90:67:CD:0E:69:66:79:9B:BE:64:52:0E   -f kek_cert.der
  • Export the KEK certificate to a local share using remote racadm. 
    racadm -r 10.94.161.119 -u root -p calvin bioscert export -t 1 -k 0 -v AB:A8:F8:BD:17:1E:35:12:90:67:CD:0E:69:66:79:9B:BE:64:52:0E -f kek_cert.der
  • Import the KEK certificate from the CIFS share to the embedded iDRAC. 
    racadm bioscert import -t 1 -k 0 -f kek_cert.der -l //10.94.161.103/share -u admin -p mypass
  • Import KEK (Hash Type SHA-256) from a CIFS share to the embedded iDRAC 
    racadm bioscert import -t 1 -k 1 -f kek_cert.der -l //192.168.2.140/licshare -u admin -p passwd
  • Import a KEK certificate from a NFS share to the embedded iDRAC. 
     racadm bioscert import -t 1 -k 0 -f kek_cert.der -l 192.168.2.14:/share
  • Import a KEK certificate from a local share using Local RACADM. 
    racadm bioscert import -t 1 -k 0 -f kek_cert.der
  • Import a KEK certificate from a local share using remote RACADM. 
    racadm -r 10.94.161.119 -u root -p calvin bioscert import -t 1 -k 0 -f kek_cert.der
  • To delete an installed KEK Secure Boot Certificate 
    racadm bioscert delete -t 3 -k 0 -v 416e3e4a6722a534afba9040b6d6a69cc313f1e48e7959f57bf248d543d00245
  • To delete an installed DBX Secure Boot Certificate of HASH type SHA-256. 
    racadm bioscert delete -t 3 -k 1 -v 416e3e4a6722a534afba9040b6d6a69cc313f1e48e7959f57bf248d543d00245
  • To delete all the installed KEK Secure Boot Certificates 
    racadm bioscert delete --all
  • To restore the installed KEK Secure Boot Certificates 
    racadm bioscert restore -t 1
  • To restore all the installed Secure Boot Certificates 
    racadm bioscert restore --all

Rate this content

Accurate
Useful
Easy to understand
Was this article helpful?
0/3000 characters
  Please provide ratings (1-5 stars).
  Please provide ratings (1-5 stars).
  Please provide ratings (1-5 stars).
  Please select whether the article was helpful or not.
  Comments cannot contain these special characters: <>()\