Änderungen von Dokument RangeeOS - Enroll MOK for Secure Boot

Zusammenfassung

• Seiteneigenschaften (3 geändert, 0 hinzugefügt, 0 gelöscht)

Details

Seiteneigenschaften

Titel

...	...	@@ -1,1 +1,1 @@
1		-RangeeOS - MOK fürSecureBoot ausrollen
	1	+RangeeOS - Enroll MOK for SecureBoot

Dokument-Autor

...	...	@@ -1,1 +1,1 @@
1		-XWiki.tgabdouri
	1	+XWiki.twintrich

Inhalt

...	...	@@ -1,9 +1,74 @@
1		-==== **In der kommbox, unter system -> bootloader -> Rangee SecureBoot-Signaturschlüssel (MOK) ausrollen** ====
	1	+(% class="wikigeneratedid" %)
	2	+Starting with RangeeOS 13.00, **Secure Boot **can be used on the devices. However, before **Secure Boot **can be enabled on your own hardware, it must be ensured that our Rangee MOK (Machine Owner Key) is installed on the device.
2	2
3		-(% class="box infomessage" id="HBefolgenSiediefolgendenAnweisungen2CumdenMOKzuregistrieren:" %)
	4	+(% class="wikigeneratedid" %)
	5	+There are **two options** to start the installation of the MOK.
	6	+
	7	+(% class="box warningmessage" %)
4	4	(((
5		-[[image:image.png]]
6		-\\\\Befolgen Sie die folgenden Anweisungen, um den MOK zu registrieren:
	9	+The installation of the MOK consists of **two steps**.
	10	+The installation process is started via the Kommbox or an installation medium. However, the actual transfer to the BIOS takes place **outside of RangeeOS**.
	11	+
	12	+Please note that this process **cannot be performed remotely**.
7	7	)))
8	8
9		-[[image:image (1).png]][[image:Schritte 2.PNG]][[image:Schritt 3.PNG]][[image:Schritte 4.PNG]][[image:Schritte 5.PNG]][[image:Schritte 6.PNG]]
	15	+{{toc/}}
	16	+
	17	+= Rolling out the key via... =
	18	+
	19	+== ... an existing RangeeOS installation ==
	20	+
	21	+* Navigate in the Kommbox to** System ->** **Bootloader.**
	22	+* Click the **Enroll **button next to the option **Enroll Rangee SecureBoot Signing key (MOK)**.
	23	+[[image:1769420162118-671.png||height="192" width="600"]]
	24	+
	25	+* Note the displayed PIN and click **Submit**.
	26	+[[image:1769420223013-526.png||height="186" width="600"]]
	27	+
	28	+* Restart the client and follow the further instructions.
	29	+
	30	+== ... a RangeeOS installation medium ==
	31	+
	32	+(% class="box infomessage" %)
	33	+(((
	34	+The options described here are only available when booting ISO files **without the suffix “unattended”** in the file name.
	35	+)))
	36	+
	37	+* Create a USB stick for the RangeeOS installation as described [[here>>doc:HowTos.USB-Installer.WebHome]].
	38	+* Boot the client from the USB stick.
	39	+* (Optional) First perform the installation of RangeeOS on the device.
	40	+* Select the option **Enroll MOK for Secure Boot**.
	41	+[[image:1769419349061-481.png||height="412" width="600"]]
	42	+
	43	+* Confirm the security prompt with **Yes.
	44	+[[image:1769419444164-614.png||height="224" width="600"]]**
	45	+
	46	+* Note the password displayed here.
	47	+[[image:1769419480776-801.png||height="230" width="600"]]
	48	+
	49	+* Restart the client and follow the further instructions.
	50	+
	51	+= Transferring the key to the BIOS =
	52	+
	53	+(% class="wikigeneratedid" %)
	54	+After restarting, the client automatically starts the **Shim UEFI Key Management**, which guides you through the required steps.
	55	+
	56	+1. Press any key within **60 seconds** to start the installation of the key. If no key is pressed within this time, the rollout process must be started again.
	57	+[[image:step1.png||height="450" width="600"]]
	58	+
	59	+1. Select **Enroll MOK**.
	60	+[[image:step2.png||height="450" width="600"]]
	61	+
	62	+1. Select **Continue**.
	63	+[[image:step3.png||height="450" width="600"]]
	64	+
	65	+1. Select **Yes**.
	66	+[[image:step4.png||height="450" width="600"]]
	67	+
	68	+1. Enter the previously noted **PIN**.
	69	+[[image:step5.png||height="450" width="600"]]
	70	+
	71	+1. Select **Reboot**.
	72	+[[image:step6.png||height="450" width="600"]]
	73	+
	74	+The rollout of the MOK is now complete. You can now restart the device and enable Secure Boot in the BIOS.