Difference between revisions of "IC-OS Installation - UEFI Configuration - Gen2 ASUS"

Revision as of 19:39, 9 August 2023

1. UEFI - Enter Setup

Reboot or power on the server.
Watch for the screen with the ASUS logo. Press DEL (delete) a couple of times to enter the setup menu.

2. UEFI - Check Version

Check the version number at the bottom of the screen. Ensure the UEFI/BIOS version is 2.21.1280 or higher. This version was tested and found to support features required for IC-OS.
- Is your version lower than 2.21.1279? Download the latest version and follow the included instructions at the ASUS support site

3. UEFI - Advanced Settings

Change to the Advanced menu.
Select Trusted Computing
Set Security Device Support to Enabled
Set SHA256 PCR Bank to Enabled
Set Platform Hierarchy to Enabled
Set Storage Hierarchy to Enabled
Set Endorsement Hierarchy to Enabled

Note: your Trusted Computing bios page may look slightly different
Press escape to return to the Advanced main menu.
Select AMD CBS and press enter
Select CPU Common Options and press enter
Set SEV ASID Count to 253 ASIDs
Set SEV-ES ASID Space Limit Control to Manual
Set SEV-ES ASID Space Limit to 100
Set SNP Memory (RMP Table) Coverage to Enabled
Set SMEE to Enabled
Select Performance
Set SMT Control to Enabled
Press escape twice to return to the AMD CBS main menu.
Select DF Common Options and press enter
Select Memory Addressing and press enter
Set NUMA nodes per socket to NPS0
Press escape twice to return to the AMD CBS main menu.
Select UMC Common Options and press enter
Select DDR4 Common Options and press enter
Select Security and press enter
Set TSME to Disabled
Press escape three times to return to the AMD CBS main menu.
Select NBIO Common Options and press enter
Set Enable AER Cap to Enabled
Set SEV-SNP Support to Enabled
Press escape twirce to return to the Advanced main menu.

4. UEFI - AMD CBS

Other advanced settings:

Select CPU Configuration and press enter
Set SVM Mode to Enabled
Select PCI Subsystem Settings and press enter
Set SR-IOV Support to Enabled (scroll to bottom of page to find setting)
Press escape to return to the Advanced main menu.

5. UEFI - Boot Menu

Change to the Boot menu. Then set Boot Mode Select to UEFI
Select Save Changes and Exit, then select Yes' at the prompt and press enter.

The system will now reboot. Please do not unplug the IC-OS USB stick at this point.

6. Boot the IC-OS USB image

Watch for the screen with the Gigabyte logo and boot options underneath it. Press F10 a couple of times, once the options are listed.
In the boot menu, select the first partition on the USB device and press enter, e.g.:

Return to the Installation Runbook

If using the non-HSM onboarding procedure, return to the IC-OS Installation Runbook.

If using the legacy, HSM onboarding procedure, return to the NitroKey HSM installation runbook

@@ Line 7: / Line 7: @@
 ==2. UEFI - Check Version==
-#Check the version number at the bottom of the screen. Ensure the UEFI/BIOS version is '''2.21.1279''' or higher. This version was tested and found to support features required for IC-OS.
+#Check the version number at the bottom of the screen. Ensure the UEFI/BIOS version is '''2.21.1280''' or higher. This version was tested and found to support features required for IC-OS.
-#*Is your version lower than '''2.21.1279'''? Download the latest version and follow the included instructions at the [https://www.gigabyte.com/Support Gigabyte support site]
+#*Is your version lower than '''2.21.1279'''? Download the latest version and follow the included instructions at the [https://www.asus.com/us/support/ ASUS support site]
 ==3. UEFI - Advanced Settings==
 #Change to the '''Advanced''' menu.
-#Select '''Trusted Computing'''
+#:[[File:Screenshot 2023-08-09 at 2.15.18 PM.png|580px]]
-#:[[File:Gigabyte bios 17.jpg|580px]]
+# Select '''Trusted Computing'''
 #Set '''Security Device Support''' to '''Enabled'''
 #Set '''SHA256 PCR Bank''' to '''Enabled'''
@@ Line 19: / Line 19: @@
 #Set '''Storage Hierarchy''' to '''Enabled'''
 #Set '''Endorsement Hierarchy''' to '''Enabled'''
-#:[[File:Gigabyte bios 2.jpg|580px]]
+#:[[File:UEFI Menu Supermicro Advanced TrustedComputing.png|580px]]
+#:Note: your '''Trusted Computing''' bios page may look slightly different
 #Press '''escape''' to return to the '''Advanced''' main menu.
-#Select '''CPU Configuration''' and press '''enter'''
+#Select '''AMD CBS''' and press '''enter'''
-#:[[File:Giga bios CPU configuration.png|580px]]
+#:[[File:Screenshot 2023-08-09 at 2.28.43 PM.png|580px]]
-#Set '''SVM Mode''' to '''Enabled'''
+#Select '''CPU Common Options''' and press '''enter'''
-#:[[File:Giga bios SVM.png|580px]]
+#:[[File:Screenshot 2023-08-09 at 2.30.23 PM.png|580px]]
-#Select '''PCI Subsystem Settings''' and press '''enter'''
-#:[[File:Gigabyte bios 15.jpg|580px]]
-#Set '''SR-IOV Support''' to '''Enabled''' (scroll to bottom of page to find setting)
-#:[[File:Gigabyte bios 16.jpg|580px]]
-#Press '''escape''' to return to the '''Advanced''' main menu.
-==4. UEFI - AMD CBS==
-#Change to the '''AMD CBS''' menu. Then select '''CPU Common Options''' and press '''enter'''
-#:[[File:Gigabyte bios CPU common options.jpg|580px]]
 #Set '''SEV ASID Count''' to '''253 ASIDs'''
 #Set '''SEV-ES ASID Space Limit Control''' to '''Manual'''
@@ Line 45: / Line 36: @@
 #Set '''SMT Control''' to '''Enabled'''
 #:[[File:Giga bios SMT.jpg|580px]]
-#Press '''escape''' twice to return to the '''AMD CBS''' main menu.
+# Press '''escape''' twice to return to the '''AMD CBS''' main menu.
-#Select '''DF Common Options''' and press '''enter'''
+# Select '''DF Common Options''' and press '''enter'''
 #:[[File:Giga bios DF.png|580px]]
 #Select '''Memory Addressing''' and press '''enter'''
@@ Line 52: / Line 43: @@
 #Set '''NUMA nodes per socket''' to '''NPS0'''
 #:[[File:Giga bios NUMA.jpg|580px]]
-#Press '''escape''' twice to return to the '''AMD CBS''' main menu.
+# Press '''escape''' twice to return to the '''AMD CBS''' main menu.
 #Select '''UMC Common Options''' and press '''enter'''
 #:[[File:Screenshot 2023-08-03 at 5.02.37 PM.png|580px]]
@@ Line 67: / Line 58: @@
 #Set '''SEV-SNP Support''' to '''Enabled'''
 #:[[File:Screenshot 2023-08-04 at 10.06.52 AM.png|580px]]
-#Select xGMI
+# Press '''escape''' twirce to return to the '''Advanced''' main menu.
-#Press '''escape''' to return to the '''AMD CBS''' main menu.
+==4. UEFI - AMD CBS==
+----------
+Other advanced settings:
+#Select '''CPU Configuration''' and press '''enter'''
+#Set '''SVM Mode''' to '''Enabled'''
+#:[[File:Giga bios SVM.png|580px]]
+#Select '''PCI Subsystem Settings''' and press '''enter'''
+#:[[File:Gigabyte bios 15.jpg|580px]]
+#Set '''SR-IOV Support''' to '''Enabled''' (scroll to bottom of page to find setting)
+#:[[File:Gigabyte bios 16.jpg|580px]]
+# Press '''escape''' to return to the '''Advanced''' main menu.
 ==5. UEFI - Boot Menu==
@@ Line 81: / Line 87: @@
 #Watch for the screen with the Gigabyte logo and boot options underneath it. Press F10 a couple of times, once the options are listed.
 #:[[File:Gigabyte loading screen.jpg|580px]]
-#In the boot menu, select the ''first partition on the USB device'' and press '''enter''', e.g.:
+# In the boot menu, select the ''first partition on the USB device'' and press '''enter''', e.g.:
 #:[[File:SM-35.png|580px]]