One of the recent and most featured announcements from Microsoft is the launch of Windows 8. For corporates intending to upgrade from Win 7 to Win 8 may choose to enable secure boot in BIOS to increase security in their systems, this will be considerable effort if done manually for IT administrators to upgrade the systems.
The UEFI specification adds a feature known as Secure boot, which can secure the boot process by preventing the loading of drivers or OS loaders that are not signed with an acceptable digital signature. For more information on UEFI and secure boot kindly refer the following : http://www.uefi.org/home/
With the release of Dell OpenManage Client Instrumentation (OMCI) 8.1.1, this effort has been made a lot easier. The OMCI offers support for Microsoft Win 8 OS and It also supports enabling of Secure Boot feature in BIOS .
Hence now the IT administrator sitting in the remote location can easily enable Secure Boot on the system. Kindly refer to the OMCI documentation at the below URL for more information about the product
The procedure to update secure boot is as follow :
- First download and install the latest BIOS from the dell support site.
- Ensure that the system is rebooted so that the new BIOS is loaded. After the BIOS update you will see that the boot mode is default legacy and secure boot is disabled.
- Once the system is rebooted, Run the below VB Script (attached with the blog - kindly remove the .txt extension from the file)
'**********************************************************************
'*** Name:SampleSecureBoot.vbs
'*** Purpose: To enable Secure Boot.
'*** Usage: cscript.exe //nologo SampleSecureBoot.vbs <systemname>
'***
'*** This sample script is provided as an example only, and has not been
'*** tested, nor is warranted in any way by Dell; Dell disclaims any
'*** liability in connection therewith. Dell provides no technical
'*** support with regard to such scripting. For more information on WMI
'*** scripting, refer to applicable Microsoft documentation.
'*** NOTE: Replace <Password> in line 53 (inside the quotes)
'*** with the desired values if there is any password set in the system.
'*** If both passwords(Admin and Boot) are set please replace it with Admin Password.
'*** If there is no password set in the system please leave it as empty.
'**********************************************************************
Option Explicit
'*** Declare variables
Dim strNameSpace
Dim strComputerName
Dim strClassName
Dim strKeyValue
Dim objInstance
Dim strPropName
Dim strPropValue
Dim oInParams
Dim objWMIService
Dim returnValue
Dim ColSystem
Dim strAttributeName(2)
Dim strAttributeValue(2)
Dim strAuthorizationToken
'*** Check that the right executable was used to run the script
'*** and that all parameters were passed
If (LCase(Right(WScript.FullName, 11)) = "wscript.exe" ) Or _
(Wscript.Arguments.Count < 1) Then
Call Usage()
WScript.Quit
End If
'*** Initialize variables
strNameSpace = "root/dcim/sysman"
strComputerName = WScript.Arguments(0)
strClassName = "DCIM_BIOSService"
strAttributeName(0) = "Secure Boot"
'*** All possible values for Secure Boot are as follows:
'*** 2 = Enable
strAttributeValue(0) = "2"
strAuthorizationToken = "<Password>"
returnValue = 0
'*** Retrieve the instance of DCIM_BIOSService class
Set objWMIService = GetObject("winmgmts:{impersonationLevel=impersonate," &_
"AuthenticationLevel=pktprivacy}\\" & strComputerName & "\" &_
strNameSpace)
Set ColSystem=objWMIService.execquery ("Select * from " &strClassName)
For each objInstance in ColSystem
Set oInParams= objInstance.Methods_("SetBIOSAttributes").InParameters.SpawnInstance_
oInParams.AttributeName = strAttributeName
oInParams.AttributeValue = strAttributeValue
oInParams.AuthorizationToken = strAuthorizationToken
Set returnValue = objInstance.ExecMethod_("SetBIOSAttributes", oInParams)
Next
'*** If any errors occurred, let the user know
If Err.Number <> 0 Then
WScript.Echo "Enabling Secure Boot failed."
End If
'*** Sub used to display the correct usage of the script
Sub Usage()
Dim strMessage
strMessage = "incorrect syntax. You should run: " & vbCRLF & _
"cscript.exe /nologo SampleSecureBoot.vbs <systemname>"
WScript.Echo strMessage
End Sub
'**********************************************************************
4. This script will enable secure boot on your system and will also set the boot options to UEFI and disable legacy option ROM feature.
5. At this stage, you will be able to boot into your current OS only if it has been installed with UEFI support.
6. You will now have to install the new Win 8 OS through the CD-DVD/PXE.
Note: Factory delivered Windows 8 systems will have default Secure Boot enabled in BIOS configuration.