Security

TaiShan Server BIOS Parameter Reference (Kunpeng 920 Processor) 21

Rate and give feedback:

Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).

Security

This topic describes the parameters used for configuring security functions on the Security screen.

On the Security screen, you can set the administrator password. Figure 4-72 shows the Security screen. Table 4-52 describes the parameters.

The Security screen varies according to the server or BIOS version.

Figure 4-72 Security screen

Table 4-52 Parameters on the Security screen

Parameter	Description	Default Value
Password Status	Displays whether the password takes effect.	Installed
Set Supervisor Password	Changes the password. NOTE: The password must be a string of 8 to 16 characters, and contain at least three types of the following characters: special characters including spaces (mandatory), uppercase letters, lowercase letters, and digits. To restore the default password, see How Do I Reset the BIOS Password?.	For details about the default BIOS password, see the TaiShan Server Account List. NOTE: If the BIOS version supports the first-login password function (The BIOS does not have a password by default, and the system prompts you to set a new password when you access the Setup screen for the first time), you must set a new password before logging in to the Setup screen. For details, see Accessing the BIOS.
Clear Supervisor Password	Clears the password. NOTE: This parameter is not supported if the BIOS version supports the first-login password function (The BIOS does not have a password by default, and the system prompts you to set a new password when you access the Setup screen for the first time). For details, see Accessing the BIOS.	N/A
Set Crypto Length	Sets the password encryption algorithm. The value ranges from 32 to 48.	32
Set History Password Time	Sets the number of latest historical passwords that are saved. The value ranges from 3 to 6.	5
Set Lock Count	Sets the number of locking times. If the number of incorrect password attempts exceeds the value, the device is locked. The value ranges from 1 to 5.	3
Set Lock Time	Sets the locking time. After the locking time expires, the device is unlocked. The value ranges from 1 to 5, in minutes.	5
Set Password Minimum Length	Sets the minimum password length. The value ranges from 8 to 16. The BIOS password length must be greater than or equal to the specified value. If the length of the current password is shorter than the value of this parameter, you need to reset the password. NOTE: Only the BIOSs on the following servers support this parameter: BIOS V175 and later on TaiShan 200 servers (models 1280, 2180, 2280, 2280E, 5280, and 5180) All BIOS versions on TaiShan 200 Pro servers (models 2480, 2280, and 1280)	8
Secure Boot	Specifies whether to enable secure boot. The options are as follows: Disable Enable NOTE: When secure boot is enabled, the official EulerOS mirror system (https://repo.huaweicloud.com/euler/) must be used. Otherwise, the system cannot be accessed due to a security authentication failure.	Disable
Redfish Control	Specifies whether to enable the Redfish out-of-band configuration function. The options are as follows: Disable Enable NOTE: This parameter supports only in-band configuration. Only the BIOSs on the following servers support this parameter: BIOS V175 and later on TaiShan 200 servers (models 1280, 2180, 2280, 2280E, 5280, and 5180) BIOS V133 and later on TaiShan 200 servers (model 2280VE) All BIOS versions on TaiShan 200 Pro servers (models 2480, 2280, and 1280) When the Redfish out-of-band configuration function is disabled, the following security-related parameters support only in-band configuration. Secure Boot TPM Availability TPM2 Operation Clear TPM	Disable NOTE: If the BIOS is upgraded from a version that does not support this parameter to a version that supports this parameter, the default value is Enable.
Password Expiration Policy	Enables or disables the password expiration policy. The options are as follows: Disable Enable NOTE: This parameter supports only in-band configuration. After the password expiration policy is enabled, you need to change the password before logging in to the BIOS Setup screen if the password has expired for 180 days. This parameter is supported by BIOS V175 and later on TaiShan 200 servers (models 1280, 2180, 2280, 2280E, 5280, and 5180) and all BIOS versions on TaiShan 200 Pro servers (model 1280).	Disable
Secure Boot Certificate Configuration	Provides access to secure boot certificate configuration. NOTE: Only the BIOSs on the following servers support this menu: BIOS V159 and later on TaiShan 200 servers (models 2180, 2280, 2280VF, and 5280) BIOS V169 and later on TaiShan 200 servers (model 2280E) BIOS V168 and later on TaiShan 200 servers (model 1280) BIOS V123 and later on TaiShan 200 servers (model 5290) BIOS V125 and later on TaiShan 200 servers (model 2480) All BIOS versions on TaiShan 200 servers (model 5180) All BIOS versions on TaiShan 200 Pro servers (models 2480, 2280, and 1280)	N/A
Set Common User Password	Changes the password of a common user. NOTE: The password must be a string of 8 to 16 characters, and contain at least three types of the following characters: special characters (mandatory, including spaces), uppercase letters, lowercase letters, and digits. This parameter is supported by BIOS V332 and later on TaiShan 200 servers (models 2480 and 5290) and all BIOS versions on TaiShan 200 servers (models 2280, 5280, 2280VE, 5280VE, 2280VF) and TaiShan 200 Pro servers (models 2480 and 2280).	-
Clear Common User Password	Clears the password of a common user. NOTE: This parameter is supported by BIOS V332 and later on TaiShan 200 servers (models 2480 and 5290) and all BIOS versions on TaiShan 200 servers (models 2280, 5280, 2280VE, 5280VE, 2280VF) and TaiShan 200 Pro servers (models 2480 and 2280).	-
Certificate Warning Time Setting	Sets the certificate alarm time. NOTE: This parameter is supported by BIOS V332 and later on TaiShan 200 servers (models 2480 and 5290) and all BIOS versions on TaiShan 200 servers (models 2280, 5280, 2280VE, 5280VE, 2280VF) and TaiShan 200 Pro servers (models 2480 and 2280).	-

Figure 4-73 shows the Secure Boot Certificate Configuration screen. Table 4-53 describes the parameters.

Only the BIOSs on the following servers support this menu:

BIOS V159 and later on TaiShan 200 servers (models 2180, 2280, 2280VF, and 5280)
BIOS V169 and later on TaiShan 200 servers (model 2280E)
BIOS V168 and later on TaiShan 200 servers (model 1280)
BIOS V123 and later on TaiShan 200 servers (model 5290)
BIOS V125 and later on TaiShan 200 servers (model 2480)
All BIOS versions on TaiShan 200 servers (model 5180)
All BIOS versions on TaiShan 200 Pro servers (models 2480, 2280, and 1280)

Figure 4-73 Secure Boot Certificate Configuration screen

Table 4-53 Parameters on the Secure Boot Certificate Configuration screen

Parameter	Description	Default Value
Current Seure Boot State	Displays the secure boot status.	Disabled
Secure Boot Mode	Specifies the secure boot mode. The options are as follows: Standard Mode Custom Mode	Standard Mode
Custom Secure Boot Options	Imports and deletes signatures in the customized mode. NOTE: This parameter is available only when Secure Boot Mode is set to Custom Mode. When you access the Secure Boot Certificate Configuration screen again after reboot, the value of Secure Boot Mode changes to Standard Mode.	N/A

Parameter

Description

Default Value

Current Seure Boot State

Displays the secure boot status.

Disabled

Secure Boot Mode

Specifies the secure boot mode. The options are as follows:

Standard Mode
Custom Mode

Standard Mode

Custom Secure Boot Options

Imports and deletes signatures in the customized mode.

NOTE:

This parameter is available only when Secure Boot Mode is set to Custom Mode.
When you access the Secure Boot Certificate Configuration screen again after reboot, the value of Secure Boot Mode changes to Standard Mode.

N/A

Figure 4-74 shows the Custom Secure Boot Options screen. Table 4-54 describes the parameters.

Figure 4-74 Custom Secure Boot Options screen

Table 4-54 Parameters on the Custom Secure Boot Options screen

Parameter	Description
DB Options	Provides access to DB certificate configuration, where you can set the trustlist. NOTE: After Secure Boot is enabled, only the OS or external device that has a certificate added to the trustlist can be started.
DBX Options	Provides access to DBX certificate configuration, where you can set the blocklist.

The DB Options screen is similar to the DBX Options screen. The following uses the DB Options screen as an example.

Figure 4-75 shows the DB Options screen. Table 4-55 describes the parameters.

Figure 4-75 DB Options screen

Table 4-55 Parameters on the DB Options screen

Parameter	Description
Enroll Signature	Imports signatures.
Delete Signature	Deletes signatures.

Figure 4-76 shows the Enroll Signature screen. Table 4-56 describes the parameters.

Figure 4-76 Enroll Signature screen

Table 4-56 Parameters on the Enroll Signature screen

Parameter	Description
Enroll Signature Using File	Imports the signature using a file system.
Commit Changes and Exit	Saves the changes and exits.
Discard Changes and Exit	Discards the changes and exits.

Figure 4-77 shows the Enroll Signature Using File screen. The screen varies according to the hard drive, DVD-ROM drive, and USB flash drive configured for the server.

Figure 4-77 Enroll Signature Using File screen

Figure 4-78 shows the Delete Signature screen. Table 4-57 describes the parameters.

Figure 4-78 Delete Signature List Form screen

Table 4-57 Parameters on the Delete Signature List Form screen

Parameter	Description
Delete All Signature List	Deletes all signature lists. Selects a parameter and press Enter to delete the signature list.
Signature List, Entry-1	Deletes signature data.

Parameter

Description

Delete All Signature List

Deletes all signature lists.

Selects a parameter and press Enter to delete the signature list.

Signature List, Entry-1

Deletes signature data.

Figure 4-79 shows the Signature List, Entry-1 screen. Table 4-58 describes the parameters.

Figure 4-79 Delete Signature Data Form screen

Table 4-58 Parameters on the Delete Signature Data Form screen

Parameter	Description
Delete All Signature Data	Delete all signature data. Select a parameter and press Enter to delete all signature data.
Delete Checked Signature Data	Deletes the selected signature data. NOTE: This parameter is available only when Signature Data, Entry-1 is selected.
Signature Data, Entry-1	Selects the signature data to be deleted. The value is displayed in a checkbox and is not selected by default. Press Enter to switch the status. X indicates that this parameter is enabled.

Parameter

Description

Delete All Signature Data

Delete all signature data.

Select a parameter and press Enter to delete all signature data.

Delete Checked Signature Data

Deletes the selected signature data.

NOTE:

This parameter is available only when Signature Data, Entry-1 is selected.

Signature Data, Entry-1

Selects the signature data to be deleted.

The value is displayed in a checkbox and is not selected by default. Press Enter to switch the status. X indicates that this parameter is enabled.

Translation

简体中文

Download

Updated: 2023-03-22

Document ID: EDOC1100088647

Downloads: 421

Average rating:

This Document Applies to these Products

Related Version

Digital Signature File

Digital Signature Authentication Mode

Enterprise

Huawei Cloud

Carrier

Consumer

Corporate

Related Version

Related Documents

Digital Signature File