Änderungen von Dokument RangeeOS - Enroll MOK for Secure Boot

Zusammenfassung

• Seiteneigenschaften (3 geändert, 0 hinzugefügt, 0 gelöscht)

Details

Seiteneigenschaften

Titel

...	...	@@ -1,1 +1,1 @@
1		-RangeeOS - Enroll MOK for SecureBoot
	1	+RangeeOS - MOK für SecureBoot ausrollen

Dokument-Autor

...	...	@@ -1,1 +1,1 @@
1		-XWiki.twintrich
	1	+XWiki.rvoegeli

Inhalt

...	...	@@ -1,74 +1,34 @@
1		-(% class="wikigeneratedid" %)
2		-Starting with RangeeOS 13.00, **Secure Boot **can be used on the devices. However, before **Secure Boot **can be enabled on your own hardware, it must be ensured that our Rangee MOK (Machine Owner Key) is installed on the device.
	1	+==== **In der Kommbox, unter System -> Bootloader -> Rangee SecureBoot-Signaturschlüssel (MOK) ausrollen** ====
3	3
4		-(% class="wikigeneratedid" %)
5		-There are **two options** to start the installation of the MOK.
	3	+[[image:image.png]]
6	6
7		-(% class="box warningmessage" %)
8		-(((
9		-The installation of the MOK consists of **two steps**.
10		-The installation process is started via the Kommbox or an installation medium. However, the actual transfer to the BIOS takes place **outside of RangeeOS**.
11	11
12		-Please note that this process **cannot be performed remotely**.
13		-)))
	6	+Notieren Sie die PIN und klicken Sie auf Absenden
14	14
15		-{{toc/}}
	8	+[[image:1769098028735-778.png]]
16	16
17		-= Rolling out the key via... =
	10	+== Schritt 1 ==
18	18
19		-== ... an existing RangeeOS installation ==
	12	+[[image:step1.png]]
20	20
21		-* Navigate in the Kommbox to** System ->** **Bootloader.**
22		-* Click the **Enroll **button next to the option **Enroll Rangee SecureBoot Signing key (MOK)**.
23		-[[image:1769420162118-671.png||height="192" width="600"]]
	14	+== Schritt 2 ==
24	24
25		-* Note the displayed PIN and click **Submit**.
26		-[[image:1769420223013-526.png||height="186" width="600"]]
	16	+[[image:step2.png]]
27	27
28		-* Restart the client and follow the further instructions.
	18	+== Schritt 3 ==
29	29
30		-== ... a RangeeOS installation medium ==
	20	+[[image:step3.png]]
31	31
32		-(% class="box infomessage" %)
33		-(((
34		-The options described here are only available when booting ISO files **without the suffix “unattended”** in the file name.
35		-)))
	22	+== Schritt 4 ==
36	36
37		-* Create a USB stick for the RangeeOS installation as described [[here>>doc:HowTos.USB-Installer.WebHome]].
38		-* Boot the client from the USB stick.
39		-* (Optional) First perform the installation of RangeeOS on the device.
40		-* Select the option **Enroll MOK for Secure Boot**.
41		-[[image:1769419349061-481.png||height="412" width="600"]]
	24	+[[image:step4.png]]
42	42
43		-* Confirm the security prompt with **Yes.
44		-[[image:1769419444164-614.png||height="224" width="600"]]**
	26	+== Schritt 5 ==
45	45
46		-* Note the password displayed here.
47		-[[image:1769419480776-801.png||height="230" width="600"]]
	28	+[[image:step5.png]]
48	48
49		-* Restart the client and follow the further instructions.
	30	+== Schritt 6 ==
50	50
51		-= Transferring the key to the BIOS =
	32	+[[image:step6.png]]
52	52
53		-(% class="wikigeneratedid" %)
54		-After restarting, the client automatically starts the **Shim UEFI Key Management**, which guides you through the required steps.
55		-
56		-1. Press any key within **60 seconds** to start the installation of the key. If no key is pressed within this time, the rollout process must be started again.
57		-[[image:step1.png||height="450" width="600"]]
58		-
59		-1. Select **Enroll MOK**.
60		-[[image:step2.png||height="450" width="600"]]
61		-
62		-1. Select **Continue**.
63		-[[image:step3.png||height="450" width="600"]]
64		-
65		-1. Select **Yes**.
66		-[[image:step4.png||height="450" width="600"]]
67		-
68		-1. Enter the previously noted **PIN**.
69		-[[image:step5.png||height="450" width="600"]]
70		-
71		-1. Select **Reboot**.
72		-[[image:step6.png||height="450" width="600"]]
73		-
74		-The rollout of the MOK is now complete. You can now restart the device and enable Secure Boot in the BIOS.
	34	+