Simulated BIOS Screens: Secure Boot Certificate Enrollment

This article attempts to generalize a process for enrolling secure boot certificates in a UEFI-capable BIOS.

Screen 1: Main BIOS Menu

*********************************
* ggBIOS v2.1 *
*********************************
System Information
Boot Configuration
Security Settings
Power Management
Advanced Options
Save & Exit
[Use Arrow Keys to Select, Enter to Enter Submenu]

Screen 2: Security Settings

****************************
* Security Settings *
****************************
Supervisor Password: [Not Set]
Secure Boot: [Disabled]
TPM Configuration: [Enabled]
Change Passwords
Manage Secure Boot Keys
[Use Up/Down Keys to Highlight, Enter to Modify]

Screen 3: Secure Boot Configuration

****************************
* Secure Boot Settings *
****************************
Secure Boot State: [Enabled]
Platform Mode: [Setup Mode]
Delete All Secure Boot Keys
Enroll Certificate (db database)
View Enrolled Certificates
[Esc to Go Back]

Screen 4: Enroll Certificate

****************************
* Enroll Certificate (db) *
****************************
Select Enrollment Source:
[USB Storage]
Internal Storage
Network
[Esc to Go Back]

Screen 5: USB File Browser

****************************
* USB Storage *
****************************
Volume: GG_USB (16GB)
/EFI/
/Certificates/
+ DB.cer
+ DB.crt
+ DB.esl
+ DB.auth
[Use Arrow Keys, Enter to Select File, Esc to Go Back]

Screen 6: Confirmation

****************************
* Enroll Certificate *
****************************
Selected File: /Certificates/DB.cer
Certificate Type: X.509
Enroll and Append? [Y/N]

Important Notes

• Prerequisites: Computer is Secure Boot capable, certificate is in the correct format on the USB drive.
• BIOS Navigation: The user will need to navigate to the Security Settings, enable Secure Boot, and then access the Enroll Certificate option.
• After Enrollment: Reboot the system. Successful enrollment allows Secure Boot to recognize the newly signed software.

Updated on: 15/03/2026