Article ID: 000087846 Content Type: Install & Setup Last Reviewed: 07/06/2022

How to Install Intel-Signed Certificates in Intel® Smart Edge Server Nodes

Environment

Super Micro Server Node

BUILT IN - ARTICLE INTRO SECOND COMPONENT
Summary

Installation steps for Intel-signed Certificates

Description

Unable to install Intel-signed Certificates.

Resolution

It is necessary to change the Secure Boot settings of the Server Node and use the USB drive with Intel keys previously provided by Intel. 

  1. Go to the Advanced/Security option in BIOS
    1. Disabled the option called CSM support
    2. Save changes and reboot the system.
  2. Go to the Advanced/Security option in BIOS again
    1. Change Secure Boot Mode to Standard, Save changes and reboot the system.

The previous step enables Secure Boot.

  1. Go to the Advanced/Security option in BIOS 
    1. Revert Secure Boot Mode back to Custom
    2. Select Key Management

    From the new pop-up Window

    1. Select Reset to Setup Mode 

    From the new window select Yes

    1. Then save and reboot the system.

Load Intel Keys process:

  1. Go to the Advanced/Security option in BIOS
  2. Select Key Management
    1. Scroll to Platform Key (PK) and Hit Enter
    2. Select Update

    From the new pop-up window, Select Load Keys from the USB drive

    1. Select the USB drive with the keys.
    2. Select pk1.der
    3. Select Public Key Certificate
    4. Select GUID, then Yes, and finally Ok.

From the new pop-up window saying Reset Without Saving, select No

  1. Repeat the previous steps for:
    Key Exchange Keys - kek1.der
    Authorized Signature - dbk1.der
  2. Go back to the main BIOS screen, by pressing the Escape key
    1. Select Advanced/Trusted Computing
    2. Change Pending Operation to TPM Clear
    3. Change TXT Support to Enabled
  3. Go back to the main BIOS screen
    1. Open Boot tab and review:
    2. Boot Mode is UEFI
    3. Boot Option #1 is UEFI USB
  4. Save BIOS settings
  5. Restart the system and get into the BIOS again.
  6. Go to the Boot tab
    1. Disable Boot UEFI USB
    2. Save BIOS settings

The server will restart from the USB containing the Intel® Smart Edge software.
The process takes around 7 minutes, as soon as the system reboots, remove the Intel® Smart Edge software USB.
The system will boot from the hard drive, some automatic reboots are necessary until the system shows up  the Intel® Smart Edge Node console.