Skip to content

Dasharo Security: UEFI Secure Boot

Test cases

SBO001.001 UEFI Secure Boot (Ubuntu 20.04)

Test description

Secure boot is a verification mechanism for ensuring that code launched by firmware is trusted. This test verifies that secure boot can be enabled from Tianocore and, after the DUT reset, it is seen from the OS.

Test configuration data

  1. FIRMWARE = coreboot
  2. BIOS_SETUP_KEY = F2
  3. OPERATING_SYSTEM = Ubuntu 20.04

Test setup

  1. Proceed with the Generic test setup: Firmware
  2. Proceed with the Generic test setup: OS installer

Test steps

  1. Power on the DUT
  2. While the DUT is booting, hold the BIOS_SETUP_KEY to enter the UEFI Setup Menu
  3. Enter the Device Manager menu using the arrow keys and Enter
  4. Enter the Secure Boot Configuration submenu
  5. Verify that the Current Secure Boot State field says Enabled - if not, select the Attempt Secure Boot option below.
  6. Go back to the main menu using the ESC key
  7. Select the Reset option to apply the settings and reboot
  8. The DUT will now attempt to boot OPERATING_SYSTEM with Secure Boot enabled
  9. Log in to the default user session
  10. Open a terminal window and execute the following command:
    sudo dmesg | grep secureboot

Expected result

The output of the command should contain the line:

    secureboot: Secure boot enabled

SBO001.002 UEFI Secure Boot (Windows 10)

Test description

Secure boot is a verification mechanism for ensuring that code launched by firmware is trusted. This test verifies that secure boot can be enabled from Tianocore and, after the DUT reset, it is seen from the OS.

Test configuration data

  1. FIRMWARE = coreboot
  2. BIOS_SETUP_KEY = F2
  3. OPERATING_SYSTEM = Windows 10

Test setup

  1. Proceed with the Generic test setup: Firmware
  2. Proceed with the Generic test setup: OS installer

Test steps

  1. Power on the DUT
  2. While the DUT is booting, hold the BIOS_SETUP_KEY to enter the UEFI Setup Menu
  3. Enter the Device Manager menu using the arrow keys and Enter
  4. Enter the Secure Boot Configuration submenu
  5. Verify that the Current Secure Boot State field says Enabled - if not, select the Attempt Secure Boot option below.
  6. Go back to the main menu using the ESC key
  7. Select the Reset option to apply the settings and reboot
  8. The DUT will now attempt to boot OPERATING_SYSTEM with Secure Boot enabled
  9. Log in to the default user session
  10. Press Windows+R to open Run Window. Type msinfo32 and press Enter.
  11. In the System Information window, go to System Summary, and in the right pane select the Secure Boot State and check its state.

Expected result

The Secure Boot State should be enabled.