Home » Dell Manuals » Servers » Dell PowerEdge R540 » Manual Viewer

Dell PowerEdge R540 EMC Installation and Service Manual - Page 60

Option, Description, Secure Boot Mode

View all Dell PowerEdge R540 manuals

Add to My Manuals
Save this manual to your list of manuals

Page 60 highlights

Option Description When TPM 2.0 is installed, TPM 2 Algorithm option is available. It enables you to select a hash algorithm from those supported by the TPM (SHA1, SHA256). TPM 2 Algorithm option must be set to SHA256, to enable TXT. Power Button Enables you to set the power button on the front of the system. This option is set to Enabled by default. AC Power Recovery Sets how the system behaves after AC power is restored to the system. This option is set to Last by default. AC Power Recovery Delay Enables you to set the time that the system should take to turn on after AC power is restored to the system. This option is set to Immediate by default. User Defined Enables you to set the User Defined Delay option when the User Defined option for AC Power Recovery Delay (60 s to 600 Delay is selected. s) UEFI Variable Access Provides varying degrees of securing UEFI variables. When set to Standard (the default), UEFI variables are accessible in the operating system per the UEFI specification. When set to Controlled, selected UEFI variables are protected in the environment, and new UEFI boot entries are forced to be at the end of the current boot order. In-Band Manageability Interface When set to Disabled, this setting hides the Management Engine's (ME), HECI devices, and the system's IPMI devices from the operating system. This prevents the operating system from changing the ME power capping settings, and blocks access to all in-band management tools. All management should be managed through out-ofband. This option is set to Enabled by default. NOTE: BIOS update requires HECI devices to be operational and DUP updates require IPMI interface to be operational. This setting needs to be set to Enabled to avoid updating errors. Secure Boot Enables Secure Boot, where the BIOS authenticates each pre-boot image by using the certificates in the Secure Boot Policy. Secure Boot is set to Disabled by default. Secure Boot Policy When Secure Boot policy is set to Standard, the BIOS uses the system manufacturer key and certificates to authenticate pre-boot images. When Secure Boot policy is set to Custom, the BIOS uses the user-defined key and certificates. Secure Boot policy is set to Standard by default. Secure Boot Mode Enables you to configure how the BIOS uses the Secure Boot Policy Objects (PK, KEK, db, dbx). If the current mode is set to Deployed Mode, the available options are User Mode and Deployed Mode. If the current mode is set to User Mode, the available options are User Mode, Audit Mode, and Deployed Mode. Options User Mode Description In User Mode, PK must be installed, and BIOS performs signature verification on programmatic attempts to update policy objects. BIOS allows unauthenticated programmatic transitions between modes. Audit Mode In Audit mode, PK is not present. BIOS does not authenticate programmatic updates to the policy objects, and transitions between modes. Audit Mode is useful for programmatically determining a working set of policy objects. BIOS performs signature verification on pre-boot images. BIOS also logs the results in the image Execution Information Table, but approves the images whether they pass or fail verification. Deployed Mode Deployed Mode is the most secure mode. In Deployed Mode, PK must be installed and the BIOS performs signature verification on programmatic attempts to update policy objects. Deployed Mode restricts the programmatic mode transitions. Secure Boot Policy Summary Secure Boot Custom Policy Settings Specifies the list of certificates and hashes that secure boot uses to authenticate images. Configures the Secure Boot Custom Policy. To enable this option, set the Secure Boot Policy to Custom. 60 Pre-operating system management applications

Section	Page
Dell EMC PowerEdge R540 Installation and Service Manual	3
Dell EMC PowerEdge R540 overview	8
Supported configurations for the PowerEdge R540 system	8
Front view of the system	9
Left control panel view	11
Status LED indicators	12
System health and system ID indicator codes	13
iDRAC Quick Sync 2 indicator codes	13
Right control panel view	14
iDRAC Direct LED indicator codes	15
Drive indicator codes	15
Back panel features	16
NIC indicator codes	20
Power supply unit indicator codes	21
LCD panel	23
Viewing Home screen	23
Setup menu	24
View menu	24
Locating the Service Tag of your system	24
System information label	26
Documentation resources	29
Technical specifications	31
System dimensions	31
Chassis weight	32
Processor specifications	32
Supported operating systems	32
Cooling fans specifications	32
PSU specifications	33
System battery	33
Expansion bus specifications	33
Memory specifications	33
Storage controller specifications	33
Drive specifications	34
Drives	34
Optical drives	34
Tape Drives	34
Ports and connectors specifications	34
USB ports	34
NIC ports	34
VGA ports	35
Serial connector	35
Internal Dual SD Module	35
Video specifications	35
Environmental specifications	35
Standard operating temperature	36
Expanded operating temperature	36
Expanded operating temperature restrictions	37
Thermal restriction matrix	37
Particulate and gaseous contamination specifications	39
Initial system setup and configuration	40
Setting up your system	40
iDRAC configuration	40
Options to set up iDRAC IP address	40
Log in to iDRAC	41
Options to install the operating system	41
Methods to download firmware and drivers	41
Downloading drivers and firmware	42
Pre-operating system management applications	43
Options to manage the pre-operating system applications	43
System Setup	43
Viewing System Setup	43
System Setup details	44
System BIOS	44
Viewing System BIOS	44
System BIOS Settings details	44
System Information	45
Viewing System Information	45
System Information details	45
Memory Settings	46
Viewing Memory Settings	46
Memory Settings details	46
Processor Settings	47
Viewing Processor Settings	47
Processor Settings details	47
SATA Settings	49
Viewing SATA Settings	49
SATA Settings details	49
NVMe Settings	50
Viewing NVMe Settings	50
NVMe Settings details	50
Boot Settings	50
Viewing Boot Settings	50
Boot Settings details	51
Choosing system boot mode	51
Changing boot order	52
Network Settings	52
Viewing Network Settings	52
Network Settings screen details	52
Integrated Devices	53
Viewing Integrated Devices	53
Integrated Devices details	53
Serial Communication	55
Viewing Serial Communication	55
Serial Communication details	56
System Profile Settings	56
Viewing System Profile Settings	56
System Profile Settings details	57
System Security	58
Viewing System Security	58
System Security Settings details	58
Creating a system and setup password	61
Using your system password to secure the system	61
Deleting or changing system and setup password	61
Operating with setup password enabled	62
Redundant OS Control	62
Viewing Redundant OS Control	62
Redundant OS Control screen details	62
Miscellaneous Settings	63
Viewing Miscellaneous Settings	63
Miscellaneous Settings details	63
iDRAC Settings utility	64
Device Settings	64
Dell Lifecycle Controller	64
Embedded system management	64
Boot Manager	65
Viewing Boot Manager	65
Boot Manager main menu	65
One-shot UEFI boot menu	65
System Utilities	65
PXE boot	65
Installing and removing system components	66
Safety instructions	66
Before working inside your system	67
After working inside your system	67
Recommended tools	67
Optional front bezel	67
Removing the front bezel	68
Installing the front bezel	68
System cover	69
Removing the system cover	69
Installing the system cover	70
Backplane cover	71
Removing the backplane cover	71
Installing the backplane cover	72
Inside the system	73
Air shroud	75
Removing the air shroud	75
Installing the air shroud	77
Cooling fans	78
Removing the cooling fan	78
Installing cooling fan	80
Internal PERC riser	82
Removing the internal PERC riser	82
Installing the internal PERC riser	84
Removing the PERC card from the internal PERC riser	85
Installing PERC card into the internal PERC riser	86
Intrusion switch	87
Removing the intrusion switch	87
Installing the intrusion switch	88
Drives	89
Removing a drive blank	89
Installing a drive blank	90
Removing a 2.5-inch drive from a 3.5-inch drive adapter	90
Installing a 2.5-inch drive into a 3.5-inch drive adapter	91
Removing a 3.5-inch drive adapter from a 3.5-inch drive carrier	92
Installing a 3.5-inch drive adapter into the 3.5-inch drive carrier	93
Removing a drive carrier	94
Installing a drive carrier	95
Removing the drive from the drive carrier	96
Installing a drive into the drive carrier	97
System memory	97
System memory guidelines	97
General memory module installation guidelines	98
Mode-specific guidelines	99
Removing a memory module	101
Installing a memory module	102
Processors and heat sinks	103
Removing a processor and heat sink module	103
Removing the non-fabric processor from the processor and heat sink module	104
Installing the non-fabric processor into a processor and heat sink module	105
Installing a processor and heat sink module	108
Expansion cards and expansion card risers	109
Expansion card installation guidelines	109
Removing expansion card from the expansion card riser	112
Installing expansion card into the expansion card riser	116
Removing expansion card from the system board	119
Installing expansion card on the system board	121
Removing an expansion card riser	123
Installing an expansion card riser	126
M.2 SSD module	128
Removing the M.2 SSD module	128
Installing the M.2 SSD module	129
Optional MicroSD or vFlash card	130
Removing the MicroSD card	130
Installing the MicroSD card	131
Optional IDSDM or vFlash module	132
Removing the optional IDSDM or vFlash card	132
Installing optional IDSDM or vFlash card	133
LOM riser card	134
Removing the LOM riser card	134
Installing the LOM riser card	135
Drive backplane	136
Backplane details	136
Removing the backplane	138
Installing the backplane	139
Removing the 3.5-inch rear drive backplane	139
Installing the 3.5-inch rear drive backplane	140
Cable routing	142
Rear drive cage	145
Removing the rear drive cage	145
Installing the rear drive cage	146
System battery	147
Optional internal USB memory key	147
Replacing the optional internal USB memory key	147
Optical drive (optional)	148
Removing the optical drive	148
Installing the optical drive	149
Power supply units	149
Hot spare feature	150
Removing a power supply unit blank	150
Installing a power supply unit blank	150
Removing a power supply unit	151
Installing a power supply unit	152
Removing a non-redundant cabled AC power supply unit	152
Installing a non-redundant cabled AC power supply unit	153
Removing a DC power supply unit	154
Installing DC power supply unit	155
Wiring instructions for a DC power supply unit	155
Assembling and connecting safety ground wire	156
Assembling DC input power wires	156
Power interposer board	157
Removing power interposer board	157
Installing power interposer board	158
Control panel	158
Removing the left control panel	158
Installing the left control panel	159
Removing the right control panel	160
Installing the right control panel	161
System board	162
Removing the system board	162
Installing the system board	164
Restoring the system using Easy Restore	166
Manually update the Service Tag	166
Entering the system Service Tag by using System Setup	166
Trusted Platform Module	167
Upgrading the Trusted Platform Module	167
Removing the TPM	167
Installing the TPM	167
Initializing TPM for BitLocker users	168
Initializing the TPM 1.2 for TXT users	168
System diagnostics	169
Dell Embedded System Diagnostics	169
Running the Embedded System Diagnostics from Boot Manager	169
Running the Embedded System Diagnostics from the Dell Lifecycle Controller	169
System diagnostic controls	170
Jumpers and connectors	171
System board jumpers and connectors	171
System board jumper settings	173
Disabling forgotten password	173
Getting help	174
Contacting Dell EMC	174
Documentation feedback	174
Accessing system information by using QRL	174
Quick Resource Locator for R540	175
Receiving automated support with SupportAssist	175

Match case Limit results 1 per page

Option

Description

When TPM 2.0 is installed,

TPM 2 Algorithm

option is available. It enables you to select a hash algorithm from

those supported by the TPM (SHA1, SHA256).

TPM 2 Algorithm

option must be set to

SHA256

, to enable TXT.

Power Button

Enables you to set the power button on the front of the system. This option is set to

Enabled

by default.

AC Power

Recovery

Sets how the system behaves after AC power is restored to the system. This option is set to

Last

by default.

AC Power

Recovery Delay

Enables you to set the time that the system should take to turn on after AC power is restored to the system. This

option is set to

Immediate

by default.

User Defined

Delay (60 s to 600

Enables you to set the

User Defined Delay

option when the

User Defined

option for

AC Power Recovery

Delay

is selected.

UEFI Variable

Access

Provides varying degrees of securing UEFI variables. When set to

Standard

(the default), UEFI variables are

accessible in the operating system per the UEFI specification. When set to

Controlled

, selected UEFI variables

are protected in the environment, and new UEFI boot entries are forced to be at the end of the current boot

order.

In-Band

Manageability

Interface

When set to

Disabled

, this setting hides the Management Engine's (ME), HECI devices, and the system's IPMI

devices from the operating system. This prevents the operating system from changing the ME power capping

settings, and blocks access to all in-band management tools. All management should be managed through out-of-

band. This option is set to

Enabled

by default.

NOTE:

BIOS update requires HECI devices to be operational and DUP updates require IPMI

interface to be operational. This setting needs to be set to Enabled to avoid updating errors.

Secure Boot

Enables Secure Boot, where the BIOS authenticates each pre-boot image by using the certificates in the Secure

Boot Policy. Secure Boot is set to

Disabled

by default.

Secure Boot

Policy

When Secure Boot policy is set to

Standard

, the BIOS uses the system manufacturer key and certificates to

authenticate pre-boot images. When Secure Boot policy is set to

Custom

, the BIOS uses the user-defined key

and certificates. Secure Boot policy is set to

Standard

by default.

Secure Boot Mode

Enables you to configure how the BIOS uses the Secure Boot Policy Objects (PK, KEK, db, dbx).

If the current mode is set to

Deployed Mode

, the available options are

User Mode

and

Deployed Mode

. If the

current mode is set to

User Mode

, the available options are

User Mode

Audit Mode

, and

Deployed Mode

Options

Description

User Mode

, PK must be installed, and BIOS performs signature verification on

programmatic attempts to update policy objects.

BIOS allows unauthenticated programmatic transitions between modes.

Audit Mode

Audit mode

, PK is not present. BIOS does not authenticate programmatic updates to

the policy objects, and transitions between modes.

Audit Mode

is useful for programmatically determining a working set of policy objects.

BIOS performs signature verification on pre-boot images. BIOS also logs the results in the

image Execution Information Table, but approves the images whether they pass or fail

verification.

Deployed Mode

is the most secure mode. In

Deployed Mode

, PK must be installed and

the BIOS performs signature verification on programmatic attempts to update policy

objects.

Deployed Mode

restricts the programmatic mode transitions.

Secure Boot

Policy Summary

Specifies the list of certificates and hashes that secure boot uses to authenticate images.

Secure Boot

Custom Policy

Settings

Configures the Secure Boot Custom Policy. To enable this option, set the

Secure Boot Policy

Custom

Pre-operating system management applications