Server Products
Data Center Products including boards, integrated systems, Intel® Xeon® Processors, RAID Storage, and Intel® Xeon® Processors
4750 Discussions

Secure Boot PK Key change with S2600CWTR?

BBen1
Beginner
1,779 Views

Hallo,

i try to install my own Secure Boot PK Cert but dont can find an way to remove the

pre installed. So Secure Boot runs in User Mode and i cant get in Setup Mode.

Is there a way to remove the PK key oder get Secure Boot into Setup Mode?

What i found is that some Intel Boards have the Bios Menu entry to set Secure Boot Mode to Custome but this dont.

With Keytools i dont can remove the installed PK without an auth file that i dont have.

And can i even prove that this PK is really from Intel?

Used last Updates:

BIOS ID : SE5C610.86B.01.01.0016.033120161139

BMC FW Rev : 1.43.9685

Boot FW Rev : 1.07

SDR Package Version : SDR Package 1.13

Mgmt Engine (ME) FW Rev : 03.01.03.021

Product Name : S2600CWR

Part/Model Number : H12882-260

On Board Installed: TPM AXXTPME5 (but not active)

Bios Options

Keytool

0 Kudos
5 Replies
idata
Employee
531 Views

Hello,

 

 

Thank you for contacting Intel Customer Support.

 

 

We will check on this and try to find a solution for you, as soon as we have our results we will get back to you.

 

 

faugub_intel # iwork4intel
0 Kudos
BBen1
Beginner
533 Views

Thanks, would be nice to find a solution.

If you need more information or i shoud test something, let me know.

0 Kudos
idata
Employee
533 Views

Hello,

 

 

After further investigation, we can confirm that it is not possible to remove the pre installed secure boot. Also, the PK comes from Intel.

 

 

faugub_intel # iwork4intel
0 Kudos
BBen1
Beginner
533 Views

Hallo,

ok thats a major drawback for me, will that get a fix?

Otherwise is this now standard?

Test multiple times Secure Boot with custom PK cert and that works realy nice. (on other Systems)

Sincerely

0 Kudos
idata
Employee
533 Views

Hello,

 

 

There are not any announcement about it for these products. This might be added on future releases. However, by now it is not supported.

 

 

faugub_intel # iwork4intel
0 Kudos
Reply