CLI Guide
Table 10. Details of the bioscert subcommand (continued)
● racadm bioscert restore -t <keyType>
Input
● -t— Specifies the key type of the Secure Boot Certificate to be exported.
○ 0— Specifies the PK (Platform Key)
○ 1— Specifies the KEK (Key Exchange Key)
○ 2— Specifies the DB (Signature Database)
○ 3— Specifies the DBX (Forbidden signatures Database)
● -k — Specifies the Certificate type or the Hash type of the Secure Boot Certificate file to be exported.
○ 0— Specifies the Certificate type
○ 1— Specifies the Hash type (SHA - 256)
○ 2— Specifies the Hash type (SHA - 384)
○ 3— Specifies the Hash type (SHA - 512)
● -v— Specifies the Thumbprint value or the Hash value of the Secure Boot Certificate file to be
exported.Filename of the exported.
● -f—Specifies the file name of the exported Secure Boot Certificate.
● -l—Specifies the network location to where the Secure Boot Certificate file must be exported.
● -u—Specifies the username for the remote share to where the Secure Boot Certificate file must be
exported.
● -p—Specifies the password for the remote shre to where the Secure Boot Certificate file must be
exported.
Example
● To view the installed Secure boot Certificates.
racadm bioscert view –all
● To view an installed PK Certificate
racadm bioscert view -t 0 -k 0 -v
AB:A8:F8:BD:17:1E:35:12:90:67:CD:0E:69:66:79:9B:BE:64:52:0E
● To view installes DBX certificate of HASH type SHA-256
racadm bioscert view -t 3 -k 1 -v
416e3e4a6722a534afba9040b6d6a69cc313f1e48e7959f57bf248d543d00245
● Export the KEK certificate to a remote CIFS share
racadm bioscert export -t 1 -k 0 -v
AB:A8:F8:BD:17:1E:35:12:90:67:CD:0E:69:66:79:9B:BE:64:52:0E
-f kek_cert.der -l //10.94.161.103/share -u admin -p mypass
● Export the DBX (Hash Type SHA-256) to a remote NFS share
racadm bioscert export -t 3 -k 1 -v
416e3e4a6722a534afba9040b6d6a69cc313f1e48e7959f57bf248d543d00245
-f kek_cert.der -l 192.168.2.14:/share
● Export the KEK certificate to a local share using the local racadm
racadm bioscert export -t 1 -k 0 -v
AB:A8:F8:BD:17:1E:35:12:90:67:CD:0E:69:66:79:9B:BE:64:52:0E -f
kek_cert.der
● Export the KEK certificate to a local share using remote racadm
racadm -r 10.94.161.119 -u root -p calvin bioscert export -t 1 -k 0 -v
AB:A8:F8:BD:17:1E:35:12:90:67:CD:0E:69:66:79:9B:BE:64:52:0E -f
kek_cert.der
● Import the KEK certificate from the CIFS share to the embedded iDRAC
racadm bioscert import -t 1 -k 0 -f kek_cert.der -l //10.94.161.103/
share -u admin -p mypass
36
RACADM Subcommand Details