Secure Boot state
Secure Boot and UEFI variables Secure Boot keys status is available on the CPM.
Use the following command to display Secure Boot state information.
show card A detailHardware Data
Secure boot status : enabled
UEFI variables status : ok
where
- Secure Boot status — indicates if Secure Boot is enabled or disabled
- UEFI variables status — indicates if Secure Boot variables need updating
The system records at every boot in the security log if Secure Boot is enabled or disabled on the CPM. The following is an example of such a log message.
24 2023/05/17 06:09:03.140 EDT MAJOR: SECURITY #2241 Base Card A
"CPM A has booted with a secure-boot status of enabled"
Secure Boot UEFI variables can be obtained on the CPM card using the following command:
Secure Boot and UEFI variables Secure Boot keys status is available on the CPM.
Use the following command to display Secure Boot state information.
show card A detailHardware Data
Secure boot status : enabled
UEFI variables status : ok
where
- Secure Boot status — indicates if Secure Boot is enabled or disabled
- UEFI variables status — indicates if Secure Boot variables need updating
The system records at every boot in the security log if Secure Boot is enabled or disabled on the CPM. The following is an example of such a log message.
24 2023/05/17 06:09:03.140 EDT MAJOR: SECURITY #2241 Base Card A
"CPM A has booted with a secure-boot status of enabled"
tools dump system security secure-boot uefi-var cardThe command displays the following x509 certificates and SHA-256 hash UEFI variables:
- Platform Key (PK)
- Key Exchange Key (KEK)
- Allowed Database (DB)
- Disallowed Database (DBx)
The command displays the following x509 certificates and SHA-256 hash UEFI variables:
- Platform Key (PK)
- Key Exchange Key (KEK)
- Allowed Database (DB)
- Disallowed Database (DBx)