Repository : http://git.fedorahosted.org/git/?p=docs/uefi-secure-boot-guide.git On branch : master commit bb1bf13a819a558ea3c275d0e1fe39022ed8594d Author: Florian Weimer <fweimer(a)redhat.com&gt; Date: Mon Dec 1 20:07:50 2014 +0100 List steps which may allow switching Secure Boot status in the firmware en-US/System_Configuration.xml | 84 ++++++++++++++++++++++++++++++++++++++++ 1 files changed, 84 insertions(+), 0 deletions(-) diff --git a/en-US/System_Configuration.xml b/en-US/System_Configuration.xml index 2488485..5345022 100644 --- a/en-US/System_Configuration.xml +++ b/en-US/System_Configuration.xml @@ -314,6 +314,90 @@ enabled. </para> </section> +<section id="sect-UEFI_Secure_Boot_Guide-System_Configuration-Additional"> +<title>Additional steps to enable the Secure Boot firmware option</title> +<para> +On some systems, the firmware option to switch the Secure Boot state +is not always active and cannot be selected. The following additional +measures are worth a try. +</para> +<itemizedlist> + <listitem> + <para> + Set a non-empty supervisor password in the firmware. This may + enable the Secure Boot option. After toggling this option, you + can remove the supervsior password again. Depending on the + firmware, you may have to set the password to an empty string to + disable it. + </para> + </listitem> + <listitem> + <para> + Firmware may only allow changing the Secure Boot settings after + a physical presence check. The following keyboard options may + not pass the physical presence check: + </para> + <itemizedlist> + <listitem> + <para> + a USB keyboard connected to a laptop + </para> + </listitem> + <listitem> + <para> + a Bluetooth keyboard + </para> + </listitem> + <listitem> + <para> + a serial console + </para> + </listitem> + <listitem> + <para> + an IP KVM solution or other remote management facility + </para> + </listitem> + </itemizedlist> + <para> + You can try the following options instead where applicable: + </para> + <itemizedlist> + <listitem> + <para> + a built-in keyboard or touch screen + </para> + </listitem> + <listitem> + <para> + a USB keyboard connected to a docking system, which in turn + is connected to a laptop + </para> + </listitem> + <listitem> + <para> + a PS/2 keyboard + </para> + </listitem> + <listitem> + <para> + a keyboard directly connected to a server (and not a remote + KVM solution) + </para> + </listitem> + </itemizedlist> + </listitem> + <listitem> + <para> + The Secure Boot option might be protected, but access to the + Secure Boot key store is not. Removing all keys in the key + store can disable Secure Boot even if the separate option for + this purpose cannot be switched off. + </para> + </listitem> +</itemizedlist> +</section> + <section> <title>Known issues</title> <para>