Cisco Systems 1.2 Manual De Usuario
• UEFI boot mode is only supported on Cisco UCS B-Series M3 and M4 Blade Servers and Cisco UCS
C-Series M3 and M4 Rack Servers.
• UEFI boot mode is not supported with the following combinations:
◦Gen-3 Emulex & QLogic adapters on Cisco UCS blade & rack servers integrated with Cisco UCS
domain.
◦PXE boot for all adapters on Cisco UCS rack servers integrated with Cisco UCS domain.
◦iSCSI boot for all adapters on Cisco UCS rack servers integrated with Cisco UCS domain.
• You cannot mix UEFI and legacy boot mode on the same server.
• Make sure an UEFI aware operating systems is installed in the device. The server will boot correctly in
UEFI mode only if the boot devices configured in the boot policy have UEFI-aware OS installed. If a
compatible OS is not present, the boot device is not displayed on the Actual Boot Order tab in the Boot
Order Details area.
compatible OS is not present, the boot device is not displayed on the Actual Boot Order tab in the Boot
Order Details area.
• In some corner cases, the UEFI boot may not succeed because the UEFI boot manager entry was not
saved correctly in the BIOS NVRAM. You can use the UEFI shell to enter the UEFI boot manager entry
manually. This situation could occur in the following situations:
manually. This situation could occur in the following situations:
◦If a blade server with UEFI boot mode enabled is disassociated from the service profile, and the
blade is manually powered on using the Equipment tab or the front panel.
◦If a blade server with UEFI boot mode enabled is disassociated from the service profile, and a
direct VIC firmware upgrade is attempted.
◦If a blade or rack server with UEFI boot mode enabled is booted off SAN LUN, and the service
profile is migrated.
UEFI Secure Boot
Cisco UCS Central supports UEFI secure boot on Cisco UCS B-Series M3 and M4 Blade Servers. When
UEFI secure boot is enabled, all executables, such as boot loaders and adapter drivers, are authenticated by
the BIOS before they can be loaded. To be authenticated, the images must be signed by either the Cisco
Certificate Authority (CA) or a Microsoft CA.
UEFI secure boot is enabled, all executables, such as boot loaders and adapter drivers, are authenticated by
the BIOS before they can be loaded. To be authenticated, the images must be signed by either the Cisco
Certificate Authority (CA) or a Microsoft CA.
The following limitations apply to UEFI secure boot:
• UEFI boot mode must be enabled in the boot policy.
• The Cisco UCS Manager software and the BIOS firmware must be at Release 2.2 or greater.
• User-generated encryption keys are not supported.
• UEFI secure boot can only be controlled by Cisco UCS Manager or Cisco UCS Central.
• If you want to downgrade to an earlier version of Cisco UCS Manager, and you have a blade server in
secure boot mode, you must disassociate and reassociate the blade server before downgrading. Otherwise,
the blade will not be discovered successfully.
the blade will not be discovered successfully.
Cisco UCS Central Software User Manual, Release 1.2
244
Server Policies
UEFI Secure Boot