To enroll a Platform Key (PK) for enabling Secure Boot, the process usually takes place within the system BIOS or UEFI firmware settings. Here is how it generally works:
- Enter the BIOS/UEFI setup during the computer startup (commonly by pressing Delete, F2, or Esc key).
- Navigate to the Security or Boot section where Secure Boot settings are found.
- Set Secure Boot Mode to "Custom" (instead of Standard).
- Find the option to "Enroll Platform Key (PK)" or "Enroll PK" and select it. You may also see an option to "Load Default Keys."
- Select the Platform Key file from the file system if required or enroll the factory default keys.
- Enrolling the PK switches the system from Setup Mode (where Secure Boot is disabled) to User Mode (where Secure Boot can be enabled).
- After enrolling the Platform Key, enable Secure Boot if it isn't already.
- Save changes and exit BIOS setup.
The Platform Key establishes a trust relationship to enable Secure Boot, ensuring only trusted operating systems can boot. This step must be completed before Secure Boot can be successfully enabled on many systems. The exact names and BIOS navigation steps may vary depending on the motherboard or system brand.
If a key file is required, it can usually be provided by the system manufacturer or generated for custom use. Some BIOS firmware allows using default factory keys to simplify the process.
In summary, enroll the Platform Key in BIOS under Secure Boot settings by setting Secure Boot Mode to Custom and selecting Enroll PK or Load Default Keys, then enable Secure Boot and save.
