Enroll Efi Image
Remove 'UEFI CA'
from DB
Restore DB defaults Restore DB variable to factory defaults
Secure Boot Variables
Enroll Factory Defaults or load certificates from a file:
1. Public Key Certificate in:
a) EFI_SIGNATURE_LIST
b) EFI_CERT_X509 (DER encoded)
c) EFI_CERT_RSA2048 (bin)
d) EFI_CERT_SHAXXX
2. Authenticated UEFI Variable
3. EFI PE/COFF Image(SHA256)
Key Source:
Default, External, Mixed
Chapter 3 – AMI BIOS Setup
Allow the image to run in Secure Boot mode. Enroll SHA256 Hash
certificate of a PE image into Authorized Signature Database (db)
Device Guard ready system must not list 'Microsoft UEFI CA'
Certificate in Authorized Signature database (db)
58