Articles on: ggRock

Simulated BIOS Screens: Secure Boot Certificate Enrollment

This article attempts to generalize a process for enrolling secure boot certificates in a UEFI-capable BIOS.


Screen 1: Main BIOS Menu


\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*
\* ggBIOS v2.1 \*
\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*
System Information
Boot Configuration
Security Settings
Power Management
Advanced Options
Save & Exit
[Use Arrow Keys to Select, Enter to Enter Submenu]


Screen 2: Security Settings


\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*
\* Security Settings \*
\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*
Supervisor Password: [Not Set]
Secure Boot: [Disabled]
TPM Configuration: [Enabled]
Change Passwords
Manage Secure Boot Keys
[Use Up/Down Keys to Highlight, Enter to Modify]


Screen 3: Secure Boot Configuration


\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*
\* Secure Boot Settings \*
\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*
Secure Boot State: [Enabled]
Platform Mode: [Setup Mode]
Delete All Secure Boot Keys
Enroll Certificate (db database)
View Enrolled Certificates
[Esc to Go Back]


Screen 4: Enroll Certificate


\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*
\* Enroll Certificate (db) \*
\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*
Select Enrollment Source:
[USB Storage]
Internal Storage
Network
[Esc to Go Back]


Screen 5: USB File Browser


\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*
\* USB Storage \*
\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*
Volume: GG\_USB (16GB)
/EFI/
/Certificates/
+ DB.cer
+ DB.crt
+ DB.esl
+ DB.auth
[Use Arrow Keys, Enter to Select File, Esc to Go Back]


Screen 6: Confirmation


\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*
\* Enroll Certificate \*
\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*
Selected File: /Certificates/DB.cer
Certificate Type: X.509
Enroll and Append? [Y/N]


Important Notes


  • Prerequisites: Computer is Secure Boot capable, certificate is in the correct format on the USB drive.
  • BIOS Navigation: The user will need to navigate to the Security Settings, enable Secure Boot, and then access the Enroll Certificate option.
  • After Enrollment: Reboot the system. Successful enrollment allows Secure Boot to recognize the newly signed software.

Updated on: 10/12/2025

Was this article helpful?

Share your feedback

Cancel

Thank you!