Enable UEFI Secure Boot

Optionally, you can enable UEFI Secure Boot.

Physical Presence must be asserted if you are going to enable UEFI Secure Boot. See Assert Physical Presence.

For information about accessing the Lenovo XClarity Controller interface, see:

XClarity Controller web interface

There are two methods available to enable UEFI Secure Boot:
  • From Lenovo XClarity Provisioning Manager

    To enable UEFI Secure Boot from Lenovo XClarity Provisioning Manager:
    1. Start the server and when prompted, press F1 to display Lenovo XClarity Provisioning Manager.

    2. If the power-on Administrator password is required, enter the password.

    3. From the UEFI Setup page, click System Settings > Security > Secure Boot.

    4. Enable Secure Boot and save the settings.

  • From Lenovo XClarity Essentials OneCLI

    To enable UEFI Secure Boot from Lenovo XClarity Essentials OneCLI:
    1. Download and install Lenovo XClarity Essentials OneCLI.

      To download Lenovo XClarity Essentials OneCLI, go to the following site:

      the XClarity Essentials OneCLI website

    2. Run the following command to enable Secure Boot:

      OneCli.exe config set SecureBootConfiguration.SecureBootSetting Enabled  --override 
                        --bmc <userid>:<password>@<ip_address>
      where:
      • <userid>:<password> are the credentials used to access the BMC (Lenovo XClarity Controller interface) of your server. The default user ID is USERID, and the default password is PASSW0RD (zero, not an uppercase o)

      • <ip_address> is the IP address of the BMC.

      For more information about the Lenovo XClarity Essentials OneCLI set command, see:

      the Lenovo XClarity Essentials set command