Deleting a platform key, Enrolling a key exchange key (kek), Enrolling – HP Unified Extensible Firmware Interface User Manual

Figure 63 Server Security—Enroll PK screen

Deleting a Platform Key

You can delete a Platform Key. This requires an immediate system reboot. Deleting the PK forces
Secure Boot to be disabled until you enroll a new PK.

To delete a Platform Key:
1.

Select Platform Key (PK) Options

→Delete Platform Key (PK) and press Enter

2.

Select a key from the list.

3.

Press Enter (Yes) in the message prompt to delete the Key or ESC to cancel.

Enrolling a Key Exchange Key (KEK)

The Key Exchange Key protects the signature database from unauthorized modifications. No
changes can be made to the signature database without the private portion of this key. Select this
option to enter the Key Exchange Key (KEK) Options menu. You can enroll or delete the KEK
certificates. The file must be in DER-encoded certificate format.

To enroll a Key Exchange Key:
1.

Select Key Exchange Key (KEK) Options

→Enroll KEK Entry and press Enter.

2.

Select Enroll KEK using File and press Enter. You can read the KEK certificate from a file on
an attached media device. Supported formats include .der, .cer, and .crt.

3.

Select Commit changes and exit to save your changes.

Accessing the BIOS/Platform Configuration (RBSU) menu

73