Using Lifecycle Controller to Configure UEFI Secure Boot and OS Deployment

Similar documents
Lifecycle Controller with Dell Repository Manager

Shared LOM support on Modular

Using Dell Repository Manager with Dell OpenManage Essentials

Configuring Direct-Connect between a DR Series System and Backup Media Server

Dell Appliance for Wyse

Optimizing I/O Identity and Applying Persistence Policy on Network and Fibre Channel Adapters

Web Service Eventing Support for Hardware Inventory and Monitoring

Setting Up Replication between Dell DR Series Deduplication Appliances with NetVault 9.2 as Backup Software

Remote Power Management of Dell PowerEdge M1000e with Chassis Management Controller (CMC) Using Windows Remote Management (WinRM)

Dell 1741M Converged Network Adapter FCoE Boot from SAN Guide

Access Control Policies

Dell Wyse Datacenter for VMware Horizon View Cloud Pod Architecture

Deploying Solaris 11 with EqualLogic Arrays

Teradici APEX 2800 for VMware Horizon View

SUU Supporting the DUP Dependency

Dell PowerVault Network Attached Storage (NAS) Systems Running Windows Storage Server 2012 Troubleshooting Guide

Dell SupportAssist Version 1.2 For Dell OpenManage Essentials Support Matrix

FluidFS Antivirus Integration

LSI SAS i PCIe to 6Gb/s SAS HBA Running On Dell Systems Important Information

Deployment of Dell M6348 Blade Switch with Cisco 4900M Catalyst Switch (Simple Mode)

Dell Server Deployment Pack Version 2.0 for Microsoft System Center Configuration Manager User's Guide

Dell Networking MXL and PowerEdge I/O Aggregator with Cisco Nexus 5000 series fabric mode Config Sheets

Dell Networking MXL / PowerEdge I/O Aggregator with Cisco Nexus 5000 series NPV mode and Cisco MDS 9100 fabric switch Config Sheets

Dell Reseller Option Kit Important Information

Deployment of Dell M8024-k Blade Switch in Simple Mode with Cisco Nexus 5k Switch

Dell EqualLogic Storage Management Pack Suite Version 5.0 For Microsoft System Center Operations Manager And Microsoft System Center Essentials

Wired + Wireless Cloud-managed Campus Reference Architecture

Dell OptiPlex SFF AIO Stand. User s Guide. Model: IKAIO-01 1 /13

Dell Server Management Pack Suite Version For Microsoft System Center Operations Manager And System Center Essentials Installation Guide

Running Milestone XProtect with the Dell FS8600 Scale-out File System

Release Notes. Dell Server Management Pack Suite For CPS. Version 5.1.1

Dell PowerEdge R920 System Powers High Performing SQL Server Databases and Consolidates Databases

OpenManage Integration for VMware vcenter Using the vsphere Client Quick Install Guide Version 2.0

Dell SupportAssist Version For Dell OpenManage Essentials Quick Start Guide

Dell SupportAssist Version 1.2 For Dell OpenManage Essentials Quick Start Guide

Performance Baseline for Deploying Microsoft SQL Server 2012 OLTP Database Applications Using EqualLogic PS Series Hybrid Storage Arrays

Automatic Backup Server Profile in Dell PowerEdge 12 th Generation Servers

Dell Server PRO Management Pack 3.0 for Microsoft System Center Virtual Machine Manager Installation Guide

Dell Server PRO Management Pack for Microsoft System Center Virtual Machine Manager Installation Guide

High-Performance Graphics with VMware Horizon View 5.2

Filter Dialects. This Dell Technical White Paper provides information about use of filters in WS- Man enumeration and subscription

Lifecycle Controller 2 Release 1.0 Version Readme

Dell PowerEdge T620 Getting Started Guide

Using Dell EqualLogic and Multipath I/O with Citrix XenServer 6.2

Dell Data Protection for VMware Horizon View Infrastructures

Dell Repository Manager Version 1.8 Troubleshooting Guide

Dell Server Management Pack Suite Version For Microsoft System Center Operations Manager And System Center Essentials User s Guide

Wired + Wireless Cloud-managed Campus Deployment Guide Branch, Small Campus and Distributed Sites

Management Station Software Version 7.3 Installation Guide

Dell PowerVault MD Storage Array Management Pack Suite Version 5.0 For Microsoft System Center Operations Manager And Microsoft System Center

Dell EqualLogic Storage Management Pack Suite Version 5.0 For Microsoft System Center Operations Manager And System Center Essentials User s Guide

Dell PowerEdge VRTX Networking Deployment Guide for Microsoft Lync and Dell Mobility

Efficient Video Distribution Networks with Multicast: IGMP Querier and PIM-DM

Microsoft Windows Server 2012 Early Adopter Guide

Active Fabric Manager Installation Guide 1.5

Advanced Performance Tuning for Dell EqualLogic Auto-Replication

Dell PowerVault MD3400/3420/3800i/3820i/ 3800f/3820f Storage Arrays Getting Started Guide

Dell PowerEdge R720 and R720xd Getting Started Guide

Dell PowerEdge T420 Getting Started Guide

Dell PowerEdge T620 Getting Started Guide

Authors. Punita. Rajeswari Ayyaswamy. Lokesh Thutaram. Sanjeev Dambal. September, 2017

Dell PowerVault MD3460/3860i/3860f Storage Arrays Getting Started Guide

Scheduled Automatic Search using Dell Repository Manager

Virtual Machine Protection with Dell EqualLogic Virtual Storage Manager v4.0

Virtualization Support in Dell Management Console

Dell Lifecycle Controller Integration For Microsoft System Center Configuration Manager Version Installation Guide

Dell Fabric Manager Deployment Guide 1.0.0

Dell OpenManage Deployment Toolkit Version 4.3 User's Guide

VMware ESX and ESXi. Support Matrix for Dell PowerEdge Systems and Storage Platforms

Dell Repository Manager Data Center Version 1.7 User s Guide

Using Dell Repository Manager to Manage Your Repositories Efficiently

VRF lite for Dell Networking N-Series

Dell OpenManage Port Information Guide Version 7.2

Deploying High-performing SQL Server OLTP Database on PowerEdge R730xd by Using Windows Storage Spaces

Citrix XenDesktop with Provisioning Server for VDI on Dell Compellent SC8000 All Flash Arrays for 3,000 Users

Stacking Dell PowerConnect 10G Switches: M8024-k, 8024, 8024F

Using Dell Repository Manager to Update Your Local Repository

OpenManage TM Integration for VMware vcenter FAQ

Virtualization Support in Dell Management Console v1.0

OpenManage Integration for VMware vcenter for Desktop Client User's Guide Version 2.1

ClearPass NAC and Posture Assessment for Campus Networks

Overview of Microsoft Private Cloud with Dell EqualLogic Storage Arrays

Patch Management using Dell Management Console v1.0

FS8600 Snapshot and Volume Cloning Best Practices

Compatibility Matrix for VMware Infrastructure 3 and Dell PowerEdge Systems

Active Fabric Manager. Release Notes 1.5. June 2013

Accelerate SQL Server 2014 In-Memory OLTP Performance with Dell PowerEdge R920 and Express Flash NVMe PCIe SSDs

Managing and Protecting a Windows Server Hyper-V Environment using Dell EqualLogic PS Series Storage and Tools

Understanding Discovery and Inventory of Dell Devices

Setting Up the Dell DR Series System as an NFS Target on Amanda Enterprise 3.3.5

Setting Up the DR Series System as an NFS Target on Amanda Enterprise 3.3.5

Dell Lifecycle Controller Graphical User Interface Version For 13 th Generation Dell PowerEdge Servers User's Guide

Lifecycle Controller Part Replacement

Dell EMC PowerEdge Systems SUSE Linux Enterprise Server 15. Installation Instructions and Important Information

VMware Infrastructure Update 1 for Dell PowerEdge Systems. Deployment Guide. support.dell.com

Lifecycle Controller Part Replacement

Dell Lifecycle Controller Integration For Microsoft System Center Configuration Manager Version User's Guide

Remote and Branch Office Reference Architecture for VMware vsphere with Dell PowerEdge VRTX

Microsoft SharePoint Server 2010 on Dell Systems

DELL PATCH FAQs. What are the pre-requisites for performning Altiris Agent enabled patching of servers?

Transcription:

Using Lifecycle Controller to Configure UEFI Secure Boot and OS Deployment This Dell technical white paper describes the capabilities of using Lifecycle Controller to configure UEFI Secure Boot and OS Deployment on Dell PowerEdge servers. Dell Engineering September 2014 Raghavendra Venkataramudu Sumanth Vidyadhara Nagaraju S 1 Using Lifecycle Controller to Configure UEFI Secure Boot and OS Deployment

THIS WHITE PAPER IS FOR INFORMATIONAL PURPOSES ONLY, AND MAY CONTAIN TYPOGRAPHICAL ERRORS AND TECHNICAL INACCURACIES. THE CONTENT IS PROVIDED AS IS, WITHOUT EXPRESS OR IMPLIED WARRANTIES OF ANY KIND. 2014 Dell Inc. All rights reserved. Reproduction of this material in any manner whatsoever without the express written permission of Dell Inc. is strictly forbidden. For more information, contact Dell. Dell, the DELL logo, and the DELL badge are trademarks of Dell Inc. Symantec, NetBackup, and Backup Exec are trademarks of Symantec Corporation in the U.S. and other countries. Microsoft, Windows, and Windows Server are registered trademarks of Microsoft Corporation in the United States and/or other countries. Other trademarks and trade names may be used in this document to refer to either the entities claiming the marks and names or their products. Dell disclaims any proprietary interest in the marks and names of others. Trademarks used in this text: Dell, the Dell logo, Dell Boomi, Dell Precision,OptiPlex, Latitude, PowerEdge, PowerVault, PowerConnect, OpenManage, EqualLogic, Compellent, KACE, FlexAddress, Force10 and Vostro are trademarks of Dell Inc. Other Dell trademarks may be used in this document. Cisco Nexus, Cisco MDS, Cisco NX- 0S, and other Cisco Catalyst are registered trademarks of Cisco System Inc. EMC VNX, and EMC Unisphere are registered trademarks of EMC Corporation. Intel, Pentium, Xeon, Core and Celeron are registered trademarks of Intel Corporation in the U.S. and other countries. AMD is a registered trademark and AMD Opteron, AMD Phenom and AMD Sempron are trademarks of Advanced Micro Devices, Inc. Microsoft, Windows, Windows Server, Internet Explorer, MS-DOS, Windows Vista and Active Directory are either trademarks or registered trademarks of Microsoft Corporation in the United States and/or other countries. Red Hat and Red Hat Enterprise Linux are registered trademarks of Red Hat, Inc. in the United States and/or other countries. Novell and SUSE are registered trademarks of Novell Inc. in the United States and other countries. Oracle is a registered trademark of Oracle Corporation and/or its affiliates. Citrix, Xen, XenServer and XenMotion are either registered trademarks or trademarks of Citrix Systems, Inc. in the United States and/or other countries. VMware, Virtual SMP, vmotion, vcenter and vsphere are registered trademarks or trademarks of VMware, Inc. in the United States or other countries. IBM is a registered trademark of International Business Machines Corporation. Broadcom and NetXtreme are registered trademarks of Broadcom Corporation. Qlogic is a registered trademark of QLogic Corporation. Other trademarks and trade names may be used in this document to refer to either the entities claiming the marks and/or names or their products and are the property of their respective owners. Dell disclaims proprietary interest in the marks and names of others. 2 Using Lifecycle Controller to Configure UEFI Secure Boot and OS Deployment

Contents Executive summary... 4 Introduction... 5 1. Enabling Secure boot using OMSA... 6 2. Enabling Secure boot using DTK... 8 3. Enabling Secure Boot using RACADM... 10 4. Enabling Secure Boot using WS-MAN... 14 5. Secure Boot in LC UI... 18 5.1 Workflow Diagram to Install Operating System with Secure Boot Enabled through Lifecycle Controller... 18 5.2 Installing an operating system with Secure Boot enabled using Lifecycle Controller... 19 6. Error Messages and Resolution... 35 7. Warning Messages and Resolution... 37 8. Best practices... 41 A. List of operating systems that support Secure Boot... 42 B. Configuration details... 43 3 Using Lifecycle Controller to Configure UEFI Secure Boot and OS Deployment

Executive summary This white paper provides: - Detailed information on configuring UEFI Secure Boot and deploying the operating system on Dell PowerEdge servers using Lifecycle Controller. - An introduction on the Secure Boot feature and steps to enable Secure Boot using interfaces such as OMSA/DTK/RACADM/WS-MAN and Lifecycle Controller UI. - A detailed work flow on installing a Secure Boot supported operating system by enabling the Secure Boot feature using Lifecycle Controller. For a detailed information on the Unattended OS Installation in LC refer the Unattended OS Install white paper. For a detailed information on the RAID Configuration refer the Raid Configuration white paper. For a detailed information on the Secure Boot Settings refer to Defining a Secure Boot Policy on Dell Servers whitepaper. 4 Using Lifecycle Controller to Configure UEFI Secure Boot and OS Deployment

Introduction UEFI Secure Boot is a technology that eliminates a major security hole that may occur during a handoff between the UEFI firmware and UEFI operating system. In UEFI Secure Boot, each component in the chain is validated and authorized against a specific certificate before it is allowed to load or run. Secure Boot removes the legacy threat and provides software identity checking at every step of the boot Platform Firmware, Option Cards, and OS Bootloader. NOTE: You can upload the certificates only using the BIOS settings. For more information, see the Defining a Secure Boot Policy on Dell Servers white paper. When set to Enabled, UEFI Secure Boot prevents the unsigned UEFI device drivers from being loaded, displays an error message and does not allow the device to function. You must disable Secure Boot to load the usigned device drivers. On the Dell 13 th generation PowerEdge servers, you can enable or disable the Secure Boot feature using interfaces such as: Dell OpenManage Server Administrator (OMSA) Dell OpenManage Deployment Toolkit (DTK) Dell Lifecycle Controller (LC UI) Dell Remote Access Controller Admin (RACADM) idrac Web Services Management (WS-MAN) BIOS Settings 5 Using Lifecycle Controller to Configure UEFI Secure Boot and OS Deployment

1. Enabling Secure boot using OMSA 1. On the OMSA home page, navigate to System -> Main System Chassis -> BIOS. 2. Click Setup-> System Security. Figure 2 OMSA System BIOS Settings Page 6 Using Lifecycle Controller to Configure UEFI Secure Boot and OS Deployment

3. Under Secure Boot, select Enabled and click Apply. Figure 3 OMSA System BIOS Settings -> System Security Page 4. Reboot the system. Figure 4 OMSA System BIOS Settings Success Message 7 Using Lifecycle Controller to Configure UEFI Secure Boot and OS Deployment

2. Enabling Secure boot using DTK 1. Boot to System Setup -> System BIOS Settings -> Boot Settings and set the Boot Mode to UEFI. 2. Boot into DTK Media. Figure 5 Boot Mode message while loading DTK 3. Select the Dell Deployment Toolkit on the Boot Selection Page. Figure 6 Boot Selection page for DTK 8 Using Lifecycle Controller to Configure UEFI Secure Boot and OS Deployment

4. Type the following command to enable Secure Boot: syscfg --secureboot=enable Console Output: Figure 7 Enabling Secure Boot on DTK Shell 9 Using Lifecycle Controller to Configure UEFI Secure Boot and OS Deployment

3. Enabling Secure Boot using RACADM 1. Type the following command to set the Boot Mode as UEFI: racadm set bios.biosbootsettings.bootmode Uefi Console Output: Figure 8 Command to set the Boot Mode to UEFI 10 Using Lifecycle Controller to Configure UEFI Secure Boot and OS Deployment

2. Type the following commands to get the Boot Mode and Secure Boot status: racadm get bios.biosbootsettings.bootmode racadm get bios.syssecurity Console Output: Figure 9 Command to get the Boot Mode and Secure Boot Status 11 Using Lifecycle Controller to Configure UEFI Secure Boot and OS Deployment

3. Type the following command to enable Secure Boot: racadm set bios.syssecurity.secureboot Enabled Console Output: Figure 10 Command to enable Secure Boot 12 Using Lifecycle Controller to Configure UEFI Secure Boot and OS Deployment

The job remains in scheduled state till you restart the server. Restart the server to execute the job. Use -r forced at the end of Jobqueue create command to reboot the server immediately. racadm jobqueue create BIOS.Setup.1-1 Console Output: Figure 11 Display the job status 13 Using Lifecycle Controller to Configure UEFI Secure Boot and OS Deployment

4. Enabling Secure Boot using WS-MAN 1. Type the following commands to set the Boot Mode to UEFI: winrm i SetAttribute http://schemas.dmtf.org/wbem/wscim/1/cimschema/2/root/dcim/dcim_biosservice? cimnamespace=root/dcim+sys temcreationclassname=dcim_computersystem+systemname=dcim:compute rsystem+creationclassname=dcim_biosservice+name=dcim:biosservice -u:root -p:calvin -r:https://idrac_ip/wsman -SkipCNcheck - SkipCAcheck -encoding:utf-8 -a:basic @{Target="BIOS.Setup.1-1";AttributeName="BootMode";AttributeValue="Uefi"} winrm i CreateTargetedConfigJob http://schemas.dmtf.org/wbem/wscim/1/cimschema/2/root/dcim/dcim_biosservice? cimnamespace=root/dcim+sys temcreationclassname=dcim_computersystem+systemname=dcim:compute rsystem+creationclassname=dcim_biosservice+name=dcim:biosservice -u:root -p:calvin -r:https://idrac_ip/wsman -SkipCNcheck - SkipCAcheck -encoding:utf-8 -a:basic @{Target="BIOS.Setup.1-1";RebootJobType="1";ScheduledStartTime="TIME_NOW"} Console Output: Figure 12 Set the Boot Mode to UEFI 14 Using Lifecycle Controller to Configure UEFI Secure Boot and OS Deployment

2. Type the following commands to enable the Secure Boot settings: winrm i SetAttribute http://schemas.dmtf.org/wbem/wscim/1/cimschema/2/root/dcim/dcim_biosservice? cimnamespace=root/dcim+sys temcreationclassname=dcim_computersystem+systemname=dcim:compute rsystem+creationclassname=dcim_biosservice+name=dcim:biosservice -u:root -p:calvin -r:https://idrac_ip/wsman -SkipCNcheck - SkipCAcheck -encoding:utf-8 -a:basic @{Target="BIOS.Setup.1-1";AttributeName="SecureBoot";AttributeValue="Enabled"} winrm i CreateTargetedConfigJob http://schemas.dmtf.org/wbem/wscim/1/cimschema/2/root/dcim/dcim_biosservice? cimnamespace=root/dcim+sys temcreationclassname=dcim_computersystem+systemname=dcim:compute rsystem+creationclassname=dcim_biosservice+name=dcim:biosservice -u:root -p:calvin -r:https://idrac_ip/wsman -SkipCNcheck - SkipCAcheck -encoding:utf-8 -a:basic @{Target="BIOS.Setup.1-1";RebootJobType="1";ScheduledStartTime="TIME_NOW"} Console Output: Figure 13 Enable Secure Boot 15 Using Lifecycle Controller to Configure UEFI Secure Boot and OS Deployment

3. Type the following commands to schedule an OS deployment job: winrm i BootToNetworkISO http://schemas.dmtf.org/wbem/wscim/1/cimschema/2/root/dcim/dcim_osdeploymentservice? cimnamespace=root/ dcim+systemcreationclassname=dcim_computersystem+systemname=dcim :ComputerSystem+CreationClassName=DCIM_OSDeploymentService+Name= DCIM:OSDeploymentService -u:root -p:calvin - r:https://idrac_ip/wsman -SkipCNcheck -SkipCAcheck - encoding:utf-8 -a:basic @{IPAddress="CIFS share IP";ShareName="Downloads\OS\Windows\Win_2008_R2";ImageName="imag e.iso";sharetype="2";username="drac";password="tiger"} winrm i BootToNetworkISO http://schemas.dmtf.org/wbem/wscim/1/cimschema/2/root/dcim/dcim_osdeploymentservice? cimnamespace=root/ dcim+systemcreationclassname=dcim_computersystem+systemname=dcim :ComputerSystem+CreationClassName=DCIM_OSDeploymentService+Name= DCIM:OSDeploymentService -u:root -p:calvin - r:https://idrac_ip/wsman -SkipCNcheck -SkipCAcheck - encoding:utf-8 -a:basic @{IPAddress="NFS share IP";ShareName="\nfs";ImageName="image.iso";ShareType="0"} winrm e http://schemas.dmtf.org/wbem/wscim/1/cimschema/2/root/dcim/dcim_osdconcretejob -u:root -p:calvin - r:https://idrac_ip/wsman -SkipCNcheck -SkipCAcheck - encoding:utf-8 -a:basic 16 Using Lifecycle Controller to Configure UEFI Secure Boot and OS Deployment

Console Output: Figure 14 Schedule OS deployment job 17 Using Lifecycle Controller to Configure UEFI Secure Boot and OS Deployment

5. Secure Boot in LC UI 5.1 Workflow Diagram to Install Operating System with Secure Boot Enabled through Lifecycle Controller Start Press F10 to Enter the Lifecycle Controller Display the OS List and the Boot Mode Configuration Page Secure Boot Settings Click OS Deployment on the Left Pane Drivers Copied Successfully? NO Display a Critical Error Popup YES Click Deploy OS on the OS Deployment Step 1 page Display the page for Unattended Installation Is Optical media present? Manual or Unattended Installation? Unattended Present NO Manual Display the page to upload the OS Configuration File Are the Hard Drives present? Absent NO Display the Media Verification Page Present Is the Raid Controller Present? Yes Reboot Is Media Verified Successfully? YES NO Display a Warning Popup Raid Configuration Wizard Display the OS Deployment Summary Page Is Load Legacy Video Option ROM Enabled in BIOS Settings? Is Bios Boot Mode Settings applied Successfully? NO Display a Critical Error Popup YES YES Display a Warning Popup that Secure Boot Settings will be Disabled Reboot Figure 15 Workflow diagram to install operating system with Secure Boot enabled 18 Using Lifecycle Controller to Configure UEFI Secure Boot and OS Deployment

5.2 Installing an operating system with Secure Boot enabled using Lifecycle Controller 1. Press <F10> during POST to start Lifecycle Controller. Figure 16 Sever POST screen 19 Using Lifecycle Controller to Configure UEFI Secure Boot and OS Deployment

2. In the left pane, click OS Deployment and then click Deploy OS. Figure 17 OS Deployment page 20 Using Lifecycle Controller to Configure UEFI Secure Boot and OS Deployment

3. Click Go Directly to OS Deployment to continue with the OS deployment and click Next. NOTE: You can also select Configure RAID First to re-configure RAID before installing the operating system. For more information on configuring RAID, see the Creating RAID Using Lifecycle Controller at Dell TechCenter. Figure 18 Step 1-5: Select Deployment path page 21 Using Lifecycle Controller to Configure UEFI Secure Boot and OS Deployment

4. Set the Boot Mode as UEFI and Secure Boot as Enabled. The operating systems in the Available Operating System drop-down list box are populated depending on the boot mode selected. 5. Select the required operating system from the Available Operating Systems dropdown list box and click Next. NOTE: The Secure Boot option is available only if the Boot Mode is set to UEFI and the Load Legacy Video Option ROM setting is set to disabled. To disable the Load Legacy Video Option ROM setting, click System Setup System BIOS Settings Miscellaneous Settings Load Legacy Video Option ROM Disabled. NOTE: Secure Boot Policy is a read-only setting in Lifecycle Controller UI. You can change this setting only in the system BIOS settings. NOTE: If Secure Boot is set to Enabled, make sure that you select an operating system that supports Secure Boot. 22 Using Lifecycle Controller to Configure UEFI Secure Boot and OS Deployment

Figure 19 Step 2 of 5 Select an Operating System page After you click Next, a progress bar displaying the composing OS drivers appears. 23 Using Lifecycle Controller to Configure UEFI Secure Boot and OS Deployment

Figure 20 Composing OS Drivers 24 Using Lifecycle Controller to Configure UEFI Secure Boot and OS Deployment

6. Select the installation mode Unattended Install or Manual Install and click Next. If you select Unattended Install, then you must upload an OS configuration file to complete the installation. For more information on unattended OS installation, see the white paper on unattended install available at the Dell TechCenter. Figure 21 Step 3 of 5 Select Installation Mode page 25 Using Lifecycle Controller to Configure UEFI Secure Boot and OS Deployment

7. For manual installation, insert the OS media and click Next. The Reboot the System page with the summary of selections is displayed. A warning message appears if the validation fails. Figure 22 Step 4 of 5 Insert OS Media page 26 Using Lifecycle Controller to Configure UEFI Secure Boot and OS Deployment

On the Reboot the System page, the summary of selections is displayed. Verify the selections and click Finish. Figure 23 Step 5 of 5 Reboot the System page 27 Using Lifecycle Controller to Configure UEFI Secure Boot and OS Deployment

The system reboots after the settings are applied successfully. Figure 24 POST screen 28 Using Lifecycle Controller to Configure UEFI Secure Boot and OS Deployment

The following message appears during the POST when the Secure Boot settings are modified. Figure 25 POST message for Secure Boot Policy modification 29 Using Lifecycle Controller to Configure UEFI Secure Boot and OS Deployment

The system boots from the OS media and displays the progress of the files loading. Figure 26 Loading files from OS media 30 Using Lifecycle Controller to Configure UEFI Secure Boot and OS Deployment

NOTE: The screen shots bellow illustrate the installation of Windows Server 2012 R2 as an example. The Windows Setup screen appears after the drivers are loaded. Click Install now to begin installing the operating system. Figure 27 Windows Setup page 31 Using Lifecycle Controller to Configure UEFI Secure Boot and OS Deployment

Select the Language to install, Time and currency format, and Keyboard or input method and click Next. Figure 28 Windows Setup Page for Language and Keyboard settings 32 Using Lifecycle Controller to Configure UEFI Secure Boot and OS Deployment

The following screen appears when the installation begins. Your system may restart several times during the installation. Figure 29 Installing Windows screen 33 Using Lifecycle Controller to Configure UEFI Secure Boot and OS Deployment

After the installation is competed, restart the system and login. You will notice that all the drivers are successfully installed. Figure 30 OS desktop screen 34 Using Lifecycle Controller to Configure UEFI Secure Boot and OS Deployment

6. Error Messages and Resolution The following message appears when the Boot Mode settings cannot be set in the BIOS. Figure 31 Critical error- Unable to apply the boot mode settings for BIOS Resolution: 1. Perform a system reboot and attach the OS media before entering Lifecycle Controller. 2. If the problem persists, perform an idrac reset from the idrac web interface. 35 Using Lifecycle Controller to Configure UEFI Secure Boot and OS Deployment

The following error message appears when Secure Boot is Enabled and one of the device drivers fail the Secure Boot validation. This will prevent the device from being detected. Figure 32 Error message: driver validation failure with Secure Boot Resolution: If Secure Boot is not required, disable Secure Boot and proceed with loading the device driver. With Secure Boot enabled, flash the signed device driver for the failing device and continue with the process. 36 Using Lifecycle Controller to Configure UEFI Secure Boot and OS Deployment

7. Warning Messages and Resolution The following Secure Boot warning message appears when the Load Legacy Option ROM setting is enabled in BIOS Settings. Figure 33 Secure Boot warning message Resolution: You can skip this message and continue if you do not require Secure Boot. To use Secure Boot, disable the Load Legacy Video Option ROM setting (System Setup System BIOS Settings Miscellaneous Settings Load Legacy Video Option ROM Disabled). 37 Using Lifecycle Controller to Configure UEFI Secure Boot and OS Deployment

Figure 34 Load Legacy Video Option ROM setting page 38 Using Lifecycle Controller to Configure UEFI Secure Boot and OS Deployment

The following warning message appears when the inserted media fails the Dell custom validation criteria. Figure 35: Warning message for OS Media Validation Resolution: Click Yes and continue, if you are sure about the media provided for the selected operating system. Else, insert the right media and click Next. 39 Using Lifecycle Controller to Configure UEFI Secure Boot and OS Deployment

The following warning message appears when Secure Boot is enabled and the operating sytem selected for installation does not support Secure Boot. Figure 36 Secure Boot warning for unsupported OS media Resolution: Press d to disable Secure Boot. Disable Secure Boot using any of the interfaces explained in the sections above. 40 Using Lifecycle Controller to Configure UEFI Secure Boot and OS Deployment

8. Best practices It is recommended to set the Setup Password in System BIOS Settings to prevent unauthorized disabling of Secure Boot. Figure 37 System Security in System BIOS Settings page 41 Using Lifecycle Controller to Configure UEFI Secure Boot and OS Deployment

A. List of operating systems that support Secure Boot Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Red Hat Enterprise Linux 7.0 x64 42 Using Lifecycle Controller to Configure UEFI Secure Boot and OS Deployment

B. Configuration details The following table lists the components that support Secure Boot. Table 1 Component Component table Description Firmware version BIOS 1.0.XX, IDRAC 2.01.00.01, Driver pack 14.08.01, OM 8.0.1 Application Server idrac, OMSA, Lifecycle Controller and BIOS Settings Dell 13 th generation PowerEdge servers and later 43 Using Lifecycle Controller to Configure UEFI Secure Boot and OS Deployment

44 Using Lifecycle Controller to Configure UEFI Secure Boot and OS Deployment

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback