Dasharo Security: UEFI Secure Boot
Test cases
SBO001.001 UEFI Secure Boot (Ubuntu 20.04)
Test description
Secure boot is a verification mechanism for ensuring that code launched by firmware is trusted. This test verifies that secure boot can be enabled from Tianocore and, after the DUT reset, it is seen from the OS.
Test configuration data
FIRMWARE
= corebootBIOS_SETUP_KEY
=F2
OPERATING_SYSTEM
= Ubuntu 20.04
Test setup
- Proceed with the Generic test setup: Firmware
- Proceed with the Generic test setup: OS installer
Test steps
- Power on the DUT
- While the DUT is booting, hold the
BIOS_SETUP_KEY
to enter the UEFI Setup Menu - Enter the
Device Manager
menu using the arrow keys and Enter - Enter the
Secure Boot Configuration
submenu - Verify that the
Current Secure Boot State
field saysEnabled
- if not, select theAttempt Secure Boot
option below. - Go back to the main menu using the
ESC
key - Select the
Reset
option to apply the settings and reboot - The DUT will now attempt to boot
OPERATING_SYSTEM
with Secure Boot enabled - Log in to the default user session
- Open a terminal window and execute the following command:
sudo dmesg | grep secureboot
Expected result
The output of the command should contain the line:
secureboot: Secure boot enabled
SBO001.002 UEFI Secure Boot (Windows 10)
Test description
Secure boot is a verification mechanism for ensuring that code launched by firmware is trusted. This test verifies that secure boot can be enabled from Tianocore and, after the DUT reset, it is seen from the OS.
Test configuration data
FIRMWARE
= corebootBIOS_SETUP_KEY
=F2
OPERATING_SYSTEM
= Windows 10
Test setup
- Proceed with the Generic test setup: Firmware
- Proceed with the Generic test setup: OS installer
Test steps
- Power on the DUT
- While the DUT is booting, hold the
BIOS_SETUP_KEY
to enter the UEFI Setup Menu - Enter the
Device Manager
menu using the arrow keys and Enter - Enter the
Secure Boot Configuration
submenu - Verify that the
Current Secure Boot State
field saysEnabled
- if not, select theAttempt Secure Boot
option below. - Go back to the main menu using the
ESC
key - Select the
Reset
option to apply the settings and reboot - The DUT will now attempt to boot
OPERATING_SYSTEM
with Secure Boot enabled - Log in to the default user session
- Press Windows+R to open Run Window. Type msinfo32 and press Enter.
- In the System Information window, go to System Summary, and in the right pane select the Secure Boot State and check its state.
Expected result
The Secure Boot State should be enabled.