User Tools

Site Tools


Samsung 355E

The Samsung 355E, like all post production UEFI systems has no EFI shell, so if you want to use shell commands, you'll have to boot to a shell using a USB stick.

To activate the UEFI menus, press F2 on power on or subsequent reboot.  The system only responds to this for an instant, but if you're successful, you'll see a “Please Wait” message at the bottom right.

Once in the UEFI menus, select “Security” and then set “Secure Boot Custom Mode” to “Enabled”.  This will cause an additional “Key Management” item to appear.  To replace the Platform Key, go to “Key Management” and select “Delete the PK”.  The system will now flip into Setup Mode while preserving the contents of all the other Secure Boot variables.  To install your own Platform Key, simply boot up with a USB stick containing the LF boot environment and your own keys.  The system does not boot USB sticks by default, so you'll have to press F10 as its booting to get the Boot menu (for some reason the USB device will show up as selection UEFI: 0).

Note that the platform has a bug in that the Secure Boot variables can only be edited while “Secure Boot Custom Mode” is set to “Enabled”.  If you set it back to “Disabled”, all the secure boot variables will become read only.

In User Mode, Secure Boot can be diabled from the “Boot” tab by setting “Secure Boot” to “Disabled”.

The platform has one other bug in that deleting the Platform Key programmatically will not flip the system back into Setup Mode immediately, it must be rebooted for this change to take place.  The system will behave exactly like it's in Setup Mode, but the SetupMode EFI variable will be set to zero.  This means that without a reboot, the Linux Foundation KeyTool will not offer the option to delete keys or update them with anything other than authorised updates.

tab/samsung-355e.txt · Last modified: 2016/07/19 01:24 (external edit)