Purpose:

Share reference steps when whom is going to import public keys in BIOS.

Target Audience:

To whom already has an OS with Secure Boot signed keys and looking for how to import public keys in BIOS.

Secure Boot:

Secure Boot is a security standard developed by members of the PC industry to help ensure that a device boots using only software that is trusted by the Original Equipment Manufacturer (OEM). When the PC starts, the firmware checks the signature of each piece of boot software, including firmware drivers (Option ROMs), EFI applications, and the operating system. If the signatures are valid, the PC boots, and the firmware gives control to the operating system.

Secure Boot is designed to protect the boot process from attacks that seek to compromise it, ensuring that only trusted software is allowed to run during boot. It's an important feature for maintaining the security of a system, especially in environments where integrity and reliability are critical.

Steps:

1. Enter BIOS setup and enable/disable Secure Boot.

How to enable and disable Secure Boot in BIOS?

• Make sure Secure Boot is disabled before enter BIOS setup.

2. Select "Key Management".

3. Select "Reset To Setup Mode" to purge all key in the BIOS.

4. "Platform Key", "Key Exchange Keys", "Authorized Signatures"... items shall be "No Keys".

5. Plug an USB drive which has pre-copied your public key files.

6. Select item to import public key.

Take "Authorized Signatures" item for instance. Select "Update" > No(from a file) > USB file system > the key file > Public Key Certificate > Owner GUID > Yes(to update db)

7. If you have multiple key for same item, select "Append" instead of "Update". Expect to see multiple keys in column of Keys while it correctly be done.

8. Repeat step #6 and #7 to import other keys.

9. Save changes and reset while all BIOS configuration are completed.