SecureBootUEFIOverPXE
This manual test validates whether a test computer is capable of booting from the network in Secure Boot mode.
Test details
| Specifications |
|
| Platforms |
|
| Supported Releases |
|
| Expected run time (in minutes) | 60 |
| Category | Scenario |
| Timeout (in minutes) | 3600 |
| Requires reboot | false |
| Requires special configuration | false |
| Type | automatic |
Additional documentation
Tests in this feature area might have additional documentation, including prerequisites, setup, and troubleshooting information, that can be found in the following topic(s):
Running the test
Hardware requirements
The following hardware is required for testing Secure Boot over PXE:
A server that is running HLK controller and a test computer to act as the HLK proxy. Refer to Windows HLK prerequisites for more details.
A System under Test (SUT) server that meets the following requirements.
- You must configure the server according to the SecureBootUEFI test, and the server must pass the test.
- The server must have a network adapter installed that is capable of PXE boot.
- You must configure the server's BIOS settings to allow boot from the network using the network adapter.
One or two servers on the network to run DHCP and Windows Deployment Services (WDS).
You must connect all computers to the same physical network.
The following diagram shows how to configure your hardware for Secure Boot over PXE testing.
Software requirements
The following software is required for testing Secure Boot over PXE.
- The latest version of Windows HLK.
- Windows Server 2016 installation media or ISO file.
Test execution
Ensure that DHCP server is running on the DHCP-WDS server (or a separate DHCP server) and has an active DHCP scope for the network with available IP addresses.
Ensure that Windows Deployment Services (WDS) is installed on the DHCP-WDS server (or a separate WDS server).
On the WDS server, do the following:
- Open the Windows Deployment Services console. Expand Servers > Server Name. Right-click Boot Images, and then click Add Boot Image.
- In the Add Image Wizard, browse to the location of the Windows Server installation media in X:\sources\boot.wim, where X is the drive letter of the DVD or mounted ISO image. Accept all default values.
- Right-click the WDS server, and then click Properties.
- On the PXE Response tab, click Respond to all client computers (known and unknown).
- On the Boot tab, click Always continue PXE boot under both Known clients and Unknown clients.
- On the DHCP tab, if the DHCP server is installed on the same computer, select both check boxes.
Restart the System under Test (SUT) computer and force it to boot from PXE. Typically, you can press F12 during the POST stage of server boot. However, this may differ depending on the hardware manufacturer.
Monitor the progress on the client computer. A successful boot should display a Windows Setup screen with a Windows Deployment Services message.
Press Shift+F10 to display the command prompt, and then type the following command:
reg query HKLM\System\CurrentControlSet\Control\SecureBoot\StateThe registry value UEFISecureBootEnabled will be displayed. The expected value data is 0x1.
When you get the positive test results, you can run the HLK test against the HLK proxy (HLK client) test computer. You will be prompted to manually confirm that the test completed successfully.
More information
Parameters
| Parameter name | Parameter description |
|---|---|
| HasVerified | Enter YES if you have verified the scenario |
Troubleshooting
For generic troubleshooting of HLK test failures, see Troubleshooting Windows HLK Test Failures.