Wiki Home Installation GIGABYTE with UEFI SECURE BOOT

GIGABYTE with UEFI SECURE BOOT

2024-07-11
diskless, boot, gigabyte, uefi, secure boot

The following provides detailed steps for configuring UEFI secure boot on Gigabyte motherboards, including importing the Youngzsoft certificate and setting secure boot options.

  1. Before starting to configure the BIOS, prepare the USB for Secure Boot.
  2. Open BIOS then go to IO ports (Figure 1).

Figure 1

  1. Then go to “Settings>Network Stack Configuration” (Figure 2).

Figure 2

  1. Enable the network stack if it is disabled (Figure 3).

Figure 3

  1. Then in the “Boot” tab, check the settings as in the following figures 4 and 5.

Figure 4

Figure 5

  1. Finally save and exit(Figure 6).

Figure 6

  1. Once reboot done Open Secure boot page again. (Figure 7)

Figure 7

  1. Navigate to Key management.(Figure 8)

Figure 8

  1. On the Key management page click on the ‘Authenticated Signatures” and import the Youngszoft.cer that you previously created. (Figure 9)

Figure 9

  1. When opting for "Authenticated Signatures," the system will prompt you to choose the input file format. Select 'Public Key Certificate.'
  2. Following that, it will inquire whether you want to append Youngzsoft.cer , click Yes to proceed.
  3. Once you done save the changes of BIOS and go back to create boot image
  4. Once the image is ready on iCafeCloud admin panel in Boot section , edit the client PC and select secureboot in PXE field. (Figure 10)

Figure 10

  1. If your motherboard is Aorus elite disable “Factory key provision” as it reset the keys on every reboot.(Figure 11)

Figure 11

  1. If a "Failed" error persists after disconnecting the mouse as (Secure boot violation) (Figure 12)
    Follow the steps beflow

Figure 12

  1. Locate a PC that can successfully import keys (based on user experience approximately 1/2 of all PCs).
  2. Import the keys on this PC, save the changes, and navigate to "Export all DB keys".
  3. Save these keys onto a USB drive.
  4. Connect the USB drive to the PC that is unable to import keys manually.
  5. Instead of attempting to append keys from Youngzsoft.cer, update the authorized keys using the record from the USB drive (on Gigabyte motherboards, this file is typically named "db").
  6. Save the changes and exit.


Related: