Getting started

This technical note explains how to enable and disable the Secure Boot feature in the UEFI on SNS firewalls.

Secure Boot increases the security of the system, in particular by verifying the signature of the system loaded when the SNS starts up.

Explanations on the use of the Secure Boot feature

  • When Secure Boot is enabled, you can no longer perform the following operations on the SNS firewall:
    • Reset the administrator password in single user mode,

    • Start the SNS firewall on a backup partition in a version of SNS lower than 4.2.1,

    • Start the SNS firewall on a USB key when restoring the program via USB key (USB Recovery),

    • Install a version of SNS lower than 4.2.1.

  • For security reasons, you are advised to protect the SNS firewall's UEFI control panel with a password. For more information, refer to the technical note Protecting access to the configuration panel of the UEFI on SNS firewalls,

  • When the SNS firewall has an initialized TPM, Secure Boot has to remain enabled. On 4.3 LTSB versions, this is not mandatory, but recommended. For more information, refer to the technical note Configuring the TPM and protecting private keys in SNS firewall certificates.

 

Date Description
May 21, 2025

- Paragraph "Explanations on the use of the Secure Boot feature" added to the section "Getting started"

- Tip added to check whether the Secure Boot feature is enabled, and a requirement regarding the installation of a driver was added to the "Requirements" section

December 03, 2024 - SN-XS-Series-170, SN-L-Series-2200, SN-L-Series-3200, SN-XL-Series-5200, SN-XL-Series-6200 and SNi10 firewall models added
May 25, 2023

- SN-S-Series-220, SN-S-Series-320, SN-M-Series-520, SN-M-Series-720 and SN-M-Series-920 firewall models added

- Addition of sections Disabling Secure Boot in the SNS firewall’s UEFI

June 13, 2022 - New document