Secure Boot

Secure Boot is optional in UEFI, but it highly recommended. It ensures software integrity on the device. A trust relationship is established between the UEFI BIOS and the device software (bootloaders, OS, UEFI drivers and utilities). When enabled, only software or firmware signed with approved keys can be executed. This guards the system against malicious attacks, rootkits, and unauthorized software updates that could occur prior to the device’s OS launch. 

The Secure Boot mechanism relies on public/private key pairs to verify the software’s digital signature before execution. In the Secure Boot Standard Mode (default configuration), ZPE official public certificates are provided to validate Nodegrid OS images. To validate other device OS, the Secure Boot Custom Mode can use custom certificates installed in BIOS.

Requirements

• System’s Boot Mode must be UEFI.
• Minimum BIOS version for Nodegrid devices:
  • NSR-COMP-EXPN (10518T00)
  • NSR (10518T00)
  • GSR (10617T00)
  • LSR (10730T00
  • BSR (10813T00