Secure boot enable or disable recovery - Lenovo System x3850 X6 (6241), System x3950 X6 (6241)

Resolving The Problem

Source

RETAIN tip: H214939

Symptom

Secure Boot will come up in Custom Mode and appear to have no keys (setup mode in the Microsoft Logo literature). If users attempt to enable Secure Boot Mode, it will allow the transition, but it will not be accepted as there is no platform key (PK). To enable Secure Boot, move to Standard Mode and force a restart. This will then allow Secure Boot to be enabled the next time users enter the UEFI F1 Setup menu.

Affected configurations

The system may be any of the following Lenovo x86 servers:

• Lenovo System x3850 X6, type 6241, any model
• Lenovo System x3950 X6, type 6241, any model

This tip is not software specific.

This tip is not option specific.

Workaround

No workaround.

Additional information

When Secure Boot is activated using UEFI setup menus, it checks each piece of software, including the UEFI drivers (Option ROMs) and the operating system, against databases of known-good signatures. If each piece of software is valid, the firmware runs the software and the operating system. OEMs provide their drivers to IBM which are then included in the UEFI firmware. This includes the signature database (db), revoked signatures database (dbx), and the Key Enrollment Key database (KEK). These databases are stored on the flash at manufacturing time.

The signature database and the revoked signatures database list the signers or image hashes of UEFI applications, operating system loaders (such as the Microsoft Operating System Loader, or Boot Manager) and UEFI drivers that can be loaded on the server, and the revoked images for items that are no longer trusted and may not be loaded.

The Key Enrollment Key database is a separate database of signing keys that can be used to update the signature database and revoked signatures database. Microsoft requires a specified key to be included in the KEK database so that in the future Microsoft can add new operating systems to the signature database or add known bad images to the revoked signatures database.

After these databases have been added, and after final firmware validation and testing, IBM locks the firmware from editing, except for updates that are signed with the correct key or updates by a physically present user who is using firmware menus, and then generates a PK. The PK can be used to sign updates to the KEK or to turn off Secure Boot.

In general, there is a precedence order (most to least significant) of PK, KEK, db, dbx. That is:

• To update a KEK, you have to have a signature with the correct PK.
  
• To update a db or a dbx, you have to have a signature with the correct PK or KEK.
  
• A PK is required to enable Secure Boot.

The keys description is important to understand the modes we support. Secure Boot has two (2) modes: Standard and Custom.

Standard Mode allows a user to take advantage of certificates signed by Microsoft. These certificates allow UEFI to verify all option ROMs and OS are signed and valid. They include both Windows and third-party certificates for Linux. Essentially we allow these defaults in secure boot certificates to be used in our standard mode. This includes the one PK, and multiple KEK, db and dbx.

Custom Mode allows a user to install their own set of keys. The specifications for Secure Boot state allow a boot to occur in Custom Mode without a PK. This allows an OS to enroll a new PK which would then be used to validate its own KEK, db and dbx.

The IBM default Secure Boot Mode is Custom Mode and the default Disable. To take advantage of the default set of keys from Microsoft, users need to change Custom Mode to Standard Mode (System Settings --> Security --> Secure Boot Configuration). Users will then need to restart. At which time, Secure Boot can be Enabled using the F1 setup menu (System Settings, Security, Secure Boot Configuration).