Skip to content

Dasharo Security: UEFI Secure Boot

SBO001.001 Check Secure Boot default state (firmware)

Test description

Secure Boot is a verification mechanism for ensuring that code launched by firmware is trusted. This test aims to verfiy that Secure Boot state after flashing the platform with the Dasharo firmware is correct.

Test configuration data

  1. FIRMWARE = Dasharo

Test setup

  1. Proceed with the Generic test setup: firmware.

Test steps

  1. Power on the DUT.
  2. While the DUT is booting, hold the BIOS_SETUP_KEY to enter the UEFI Setup Menu.
  3. Enter the Device Manager menu using the arrow keys and Enter.
  4. Enter the Secure Boot Configuration submenu.
  5. Verify the Current Secure Boot State field.

Expected result

Secure Boot State field should inform that the current state of Secure Boot is Disabled.

SBO002.001 UEFI Secure Boot (Ubuntu 22.04)

Test description

This test verifies that Secure Boot can be enabled from boot menu and, after the DUT reset, it is seen from the OS.

Test configuration data

  1. FIRMWARE = Dasharo
  2. OPERATING_SYSTEM = Ubuntu 22.04

Test setup

  1. Proceed with the Generic test setup: firmware.
  2. Proceed with the Generic test setup: OS installer.
  3. Proceed with the Generic test setup: OS installation.

Test steps

  1. Power on the DUT.
  2. While the DUT is booting, hold the BIOS_SETUP_KEY to enter the UEFI Setup Menu.
  3. Enter the Device Manager menu using the arrow keys and Enter.
  4. Enter the Secure Boot Configuration submenu.
  5. Verify that the Current Secure Boot State field says Enabled - if not, select the Attempt Secure Boot option below.
  6. Go back to the main menu using the ESC key.
  7. Select the Reset option to apply the settings and reboot.
  8. The DUT will now attempt to boot OPERATING_SYSTEM with Secure Boot enabled.
  9. Log into the system by using the proper login and password.
  10. Open a terminal window and run the follwing command:

    sudo dmesg | grep secureboot
    
  11. Note the results.

Expected result

The output of the command should contain the line:

secureboot: Secure boot enabled

SBO002.002 UEFI Secure Boot (Windows 11)

Test description

This test verifies that Secure Boot can be enabled from boot menu and, after the DUT reset, it is seen from the OS.

Test configuration data

  1. FIRMWARE = Dasharo
  2. OPERATING_SYSTEM = Windows 11

Test setup

  1. Proceed with the Generic test setup: firmware.
  2. Proceed with the Generic test setup: OS installer.
  3. Proceed with the Generic test setup: OS installation.

Test steps

  1. Power on the DUT.
  2. While the DUT is booting, hold the BIOS_SETUP_KEY to enter the UEFI Setup Menu.
  3. Enter the Device Manager menu using the arrow keys and Enter.
  4. Enter the Secure Boot Configuration submenu.
  5. Verify that the Current Secure Boot State field says Enabled - if not, select the Attempt Secure Boot option below.
  6. Go back to the main menu using the ESC key.
  7. Select the Reset option to apply the settings and reboot.
  8. The DUT will now attempt to boot OPERATING_SYSTEM with Secure Boot enabled.
  9. Log into the system by using the proper login and password.
  10. Open Powershell as administrator and run the follwing command:

    Confirm-SecureBootUEFI
    
  11. Note the results.

Expected result

The output of the command should return the information, that Secure Boot is enabled:

True