Automated device provisioning for UEFI Secure Boot

2500,00  (ex. VAT)

An automated provisioning procedure is crucial for integrating UEFI Secure Boot on target platforms. Leveraging meta-secure-core layer enables automation of the process, including certificate enrollment and platform reflash. Setting a BIOS menu password enhances security.

You can read more about this product in the Description section below.

x
Category:

Description

To fully integrate UEFI Secure Boot on the target platforms, an automated provisioning procedure is essential to enroll the necessary secrets. The Software Provider will prepare documentation detailing the process to enable UEFI Secure Boot on new units, including writing keys to the BIOS NVRAM that are verified during boot and enabling kernel lockdown.

Leveraging the functionality from the meta-secure-core layer allows for the automation of the entire procedure, executable at the platform's first boot. This functionality can be incorporated into the installer image, tasked with enrolling certificates and subsequently reflashing the platform with the target image.

To enhance security and prevent accidental key deletion or resetting to default settings by unauthorized user, the final phase in provisioning a device for UEFI Secure Boot involves setting a password to secure access to the BIOS menu, provided that the BIOS implementation allows for this safeguard.

Deliverables:

  • Documentation outlining the steps to enable UEFI Secure Boot on new units, including the enrollment of secrets and kernel lockdown activation.
  • Integration of functionality for automated provisioning during the first boot, facilitating a seamless setup process for UEFI Secure Boot.