Depending on the selected boot mode (BIOS or UEFI), perform the following steps before booting the machine. 

Selecting the boot order in the BIOS settings

As explained in Disk requirements, PKI Hub requires two disks. Therefore, if your machine uses BIOS boot firmware, ensure the biggest disk is placed first in the boot order. Otherwise, the system will not boot.

Importing the ELRepo key for UEFI boot

If your machine uses the UEFI boot firmware, you must import and enroll the ELRepo key.

See https://elrepo.org/tiki/SecureBootKey for more details on enrolling the ElRepo key.

To enroll the ElRepo key

  1. Run the following command to import the ELRepo key distributed with Entrust PKI Hub. 
    sudo mokutil --import /etc/pki/elrepo/SECURE-BOOT-KEY-elrepo.org.der
  2. Type the password of the sysadmin  user.
  3. Type a password for the key.
  4. Confirm the key password.
  5. Log into the console of the local machine. The following operations do not support a remote console like an SSH client. 
  6. Reboot the system and wait for the Shim UEFI key management screen.
  7. Press any key within 10 seconds to display the Perform MOK management dialog.
  8. Select Enroll MOK and press Enter to display the Enroll MOK dialog.
  9. Select View key 0 and press Enter to display the key information.
  10. Check that the serial number is 0xe9d471cfb4fe136c.
  11. Check that the SHA1 fingerprint is e1:21:a2:f6:07:2e:f2:94:de:20:0e:6b:5d:1b:49:c0:65:dc:e3:e7.
  12. Press ESC to return to the Enroll MOK dialog.
  13. Select Continue and press Enter to display the enrollment confirmation dialog.
  14. Select Yes and press Enter to display the password form.
  15. Type the key password you selected when importing the ELRepo key.
  16. Press Enter to return to the Perform MOK management dialog.
  17. Select Reboot and press Enter.