BIOS Configuration

Use BIOS APIs to configure properties related to BIOS. The Attribute Registry contains system-specific BIOS attributes and their dependent attributes.

Note: Changes in BIOS attributes require a system reboot to take effect. Changing a Password URI: /redfish/v1/Systems/1/Bios/Actions/Bios.ChangePassword Method: POST Payload:

Changing a Password

URI: /redfish/v1/Systems/1/Bios/Actions/Bios.ChangePassword

Method: POST

Payload:

{

"PasswordName":"AdministratorPassword" or "UserPassword",

"OldPassword":"",

"NewPassword":"Password"

}

Configuring BIOS over Redfish

URI: /registries/BiosAttributeRegistry.1.0.0.json

Method: GET

Response:

{

"@odata.type": "#AttributeRegistry.v1_3_0.AttributeRegistry",

"Description": "This registry defines a representation of BIOS Attribute instances",

"Id": "BiosAttributeRegistry.1_0_0",

"Language": "en",

"Name": "BIOS Attribute Registry",

"OwningEntity": "Supermicro",

"RegistryEntries": {

"Attributes": [

{

"AttributeName": "QuietBoot_0027",

"CurrentValue": true,

"DefaultValue": true,

"DisplayName": "Quiet Boot",

"GrayOut": false,

"HelpText": "Enables or disables Quiet Boot option",

"Hidden": false,

"MenuPath": ".\/Advanced\/Boot Feature",

"ReadOnly": false,

"Type": "Boolean"

},

Attributes: Contains the attributes and their possible values

{

"AttributeName": "OptionROMMessages_0028",

"CurrentValue": "Force BIOS",

"DefaultValue": "Force BIOS",

"DisplayName": "Option ROM Messages",

"GrayOut": false,

"HelpText": "Set display mode for Option ROM",

"Hidden": false,

"MenuPath": ".\/Advanced\/Boot Feature",

"ReadOnly": false,

"Type": "Enumeration",

"Value": [

{

"ValueDisplayName": "Force BIOS",

"ValueName": "1"

},

{

"ValueDisplayName": "Keep Current",

"ValueName": "0"

}

]

},

Menu: Contains the attributes menus and their hierarchy

"Menus": [

{

"DisplayName": "Main",

"DisplayOrder": 1,

"Hidden": false,

"MenuName": "Main",

"MenuPath": ".\/Main",

"ReadOnly": false

},

{

"DisplayName": "Advanced",

"DisplayOrder": 2,

"Hidden": false,

"MenuName": "Advanced",

"MenuPath": ".\/Advanced",

"ReadOnly": false

},

Dependencies: Lists dependencies of attributes on each component

"Dependencies": [

{

"Dependency": {

"MapFrom": [

{

"MapFromAttribute": "WatchDogFunction_002E",

"MapFromCondition": "EQU",

"MapFromProperty": "CurrentValue",

"MapFromValue": "Disabled"

}

],

"MapToAttribute": "WatchDogAction_0030",

"MapToProperty": "Hidden",

"MapToValue": true

},

"DependencyFor": "WatchDogAction_0030",

"Type": "Map"

},

Modifying BIOS Attributes

You can GET the current setting and PATCH desired settings.

URI: /redfish/v1/Systems/1/Bios

Method: PATCH

Response: 202

Payload:

{

"Attributes": {

"QuietBoot":false,

"PowerButtonFunction": "4 Seconds Override"}

}

Note: After PATCH, you need to reset the system to apply the values to BIOS.

Viewing Pending Settings

You can view any pending settings after PATCH.

URI: /redfish/v1/Systems/1/Bios/SD

Method: GET

Response: 200

{

"@odata.type": "#Bios.v1_1_1.Bios",

"@odata.id": "/redfish/v1/Systems/1/Bios/SD",

"Id": "SD",

"Name": "BIOS Configuration Pending Settings",

"AttributeRegistry": "BiosAttributeRegistry.v1_0_0",

"Description": "BIOS Configuration Pending Settings. These settings will be applied on <Font color=blue size=3>the</font> next system reboot.",

"Attributes": {

"PowerButtonFunction": "4 Seconds Override",

"QuietBoot": false

},

"@odata.etag": "\"6a07297d92419e04dfbec096920288b5\""

}

Resetting BIOS

POST a reset of the BIOS attributes to default values. After POST, you need to reset the system to apply values to BIOS.

URI: /redfish/v1/Systems/1/Bios/Actions/Bios.ResetBios

Method: POST

Response: 200

Boot Options

Use Redfish to change system boot order.

Configuring the Boot Order in System BIOS

  • BootSourceOverrideEnabled: Describes the state of the Boot Source Override feature.

    • Disabled: The system will boot normally

    • Once: The system will boot (one time) to the Boot Source OverrideTarget

    • Continuous: The system will boot to the target specified in the Boot SourceOverrideTarget until this property is set to Disabled.

  • BootSourceOverrideMode: The BIOS Boot Mode (either Legacy or UEFI) to be used when BootSourceOverrideTarget boot source is booted from.

    • Legacy: The system will boot in non-UEFI boot mode to the Boot Source Override Target.

    • UEFI: The system will boot in UEFI boot mode to the Boot Source Override Target.

    • BootSourceOverrideTarget: The current boot source to be used at the next boot instead of the normal boot device if BootSourceOverrideEnabled is true.

The values are allowed to set BootSourceOverrideTarget

  • BootSourceOVerRideMode: UEFI

    • Pxe

    • Cd

    • Usb

    • Hdd

  • BootSourceOVerRideMode: Legacy

  • None

  • Pxe

  • Cd

  • Floppy

  • Usb

  • Hdd

  • BiosSetup

  • UsbCd

  • UefiBootNext

Example: Change BootSourceOverrideTarget to boot off virtual ISO.

URI: /redfish/v1/Systems/1

Method: PATCH

Payload:

{

Boot":{

"BootSourceOverrideEnabled":"Once",

"BootSourceOverrideMode":"Legacy",

"BootSourceOverrideTarget": "UsbCd" }

}

Configuring UefiBootNext

URI: /redfish/v1/Systems/1

Method: PATCH

Payload:

{

"Boot": {

"BootSourceOverrideTarget": "UefiBootNext",

"BootNext": "Hdd"}

}

FixedBootOrder

You can check and change the current boot order.

Supported Platforms Supported BMC Firmware Redfish User Guide Version
X13/H13 01.01x Version 3.3

Changing the Boot Order

Getting the Current Boot Order

URI: /redfish/v1/Systems/1/Oem/Supermicro/FixedBootOrder

Method: GET

Response: 200

{

"@odata.type": "#SmcFixedBootOrder.v1_0_0.SmcFixedBootOrder",

"@odata.id": "/redfish/v1/Systems/1/Oem/Supermicro/FixedBootOrder",

"Id": "FixedBootOrder",

"Name": "Fixed Boot Order",

"BootModeSelected": "UEFI",

"FixedBootOrder": [

"UEFI USB CD/DVD:UEFI: ATEN Virtual CDROM YS0J",

"UEFI Hard Disk",

"UEFI AP:UEFI: Built-in EFI Shell",

"UEFI Network",

"UEFI USB Floppy",

"UEFI CD/DVD",

"UEFI USB Hard Disk",

"UEFI USB Key",

"UEFI USB Lan"

],

"FixedBootOrderDisabledItem": [

"Disabled"

],

"UEFIAP": [

"UEFI: Built-in EFI Shell"

],

"UEFIAPDisabledItem": [

"Disabled"

],

"UEFIUSBCD/DVD": [

"UEFI: ATEN Virtual CDROM YS0J"

],

"UEFIUSBCD/DVDDisabledItem": [

"Disabled"

],

"@odata.etag": "\"506cd4cf4c3409c7c1a8e90a53825cb6\""

}

Changing the Current Boot Order

For the property “FixedBootOrder,” the boot order arrangement is decided by the group.

URI: /redfish/v1/Systems/1/Oem/Supermicro/FixedBootOrder

Method: PATCH

Step 1. Set the boot order of device groups.

Payload:

{

"FixedBootOrder":["UEFI Hard Disk", "UEFI CD/DVD", "UEFI USB Hard Disk",

"UEFI USB Key:UEFI OS (USB,Port:9)", "UEFI USB Floppy",

"UEFI USB Lan", "UEFI Network:(B3/D0/F0) UEFI PXE IPv4 Intel(R) I210 Gigabit Network Connection(MAC:7cc255144d22)",

"UEFI AP:UEFI: Built-in EFI Shell"]

}

Step 2. Set the boot order of devices in each device group.

Payload:

{

"UEFIUSBKey”:["UEFI OS (USB,Port:9)”, "UEFI OS (USB,Port:6)”]

}

It is the same group setting as that in the Supermicro BIOS Setup Menu.

URI: /redfish/v1/Systems/1/Oem/Supermicro/FixedBootOrder

Method: PATCH

Payload: Please refer to the notes below

Notes:

  • The amount of Device Group of PATCH payload should be equal to that of the current fixed boot order setting.

  • The fixed boot order cannot interlace different Device Groups.

  • The amount of specific Device Group of PATCH payload should be equal to that of the current specific Device Group.

  • For each Device Group, the first boot device in the order cannot be disabled. The disabled boot device must be after another enabled device.

  • The Device Group and boot order of each Device Group should be changed if a user prefers to change both the Device Group and the specific Device Group boot order in the fix boot order setting.

  • The new setting changes take effect after the system is reset.

Response: 202

Secure Boot

UEFI Secure Boot was created to enhance security in the pre-boot environment. Secure Boot helps firmware, operating system and hardware providers cooperate to thwart the efforts of malware developers.

Note: Please use the supported BIOS to use this function.

Enabling Redfish Secure Boot by GET

URI: /redfish/v1/Systems/1/SecureBoot

Method: GET

Response: 200

{

"@odata.type": "#SecureBoot.v1_0_5.SecureBoot",

"@odata.id": "/redfish/v1/Systems/1/SecureBoot",

"Id": "Security Boot",

"Name": "SecureBoot",

"SecureBootCurrentBoot": "Disabled",

"SecureBootEnable": false,

"SecureBootMode": "SetupMode",

"Actions": {

"Oem": {},

"#SecureBoot.ResetKeys": {

"target": "/redfish/v1/Systems/1/SecureBoot/Actions/SecureBoot.ResetKeys",

"@Redfish.ActionInfo": "/redfish/v1/Systems/1/SecureBoot/ResetKeysActionInfo"

}

}

}

Enabling Redfish Secure Boot by PATCH

URI: /redfish/v1/Systems/1/SecureBoot

Method: PATCH

Payload:

{

"SecureBootEnable" : true

}

Response: 202

Confirming in Pending Settings

URI: /redfish/v1/Systems/1/Bios/SD

Method: GET

Response: 200

{

"@odata.type": "#Bios.v1_1_1.Bios",

"@odata.id": "/redfish/v1/Systems/1/Bios/SD",

"Id": "SD",

"Name": "BIOS Configuration Pending Settings",

"AttributeRegistry": "BiosAttributeRegistry.v1_0_0",

"Description": "BIOS Configuration Pending Settings. These settings will be applied on <Font color=blue size=3>the</font> next system reboot.",

"Attributes": {

"PowerButtonFunction": "4 Seconds Override",

"QuietBoot": false

},

"@odata.etag": "\"6a07297d92419e04dfbec096920288b5\""

}

ResetKeyTypes URI: /redfish/v1/Systems/1/SecureBoot/Actions/SecureBoot.ResetKeys

Method: POST

Payload:

{

"ResetKeysType": "DeleteAllKeys"

}

ResetKeysType Allowable Values:

  • "ResetAllKeysToDefault"

  • "DeleteAllKeys"

  • "DeletePK"

Enabling Secureboot in BIOS

Set the three attributes below to BIOS to enable secureboot.

URI: /redfish/v1/Systems/1/Bios

Method: PATCH

Payload:

{

"Attributes": {

"SecureBoot" : "Enabled",

"SecureBootMode": "User",

"ResetKeysType":"Delete PK Key"}

}

SecureBoot Allowable Values:

  • "Enabled"

  • "Disabled"

SecureBootMode allowable values:

  • "Setup"

  • "User"

  • "Audit"

  • "Deployed"

ResetKeyType allowable values:

  • "Disabled"

  • "Reset all keys to default"

  • "Delete all keys"

  • "Delete PK key"

Creating a Secure Boot Database

URI: /redfish/v1/Systems/1/SecureBoot/SecureBootDatabases/dbt/Certificates

Method: POST

Payload:

{

"CertificateString" : "-----BEGIN CERTIFICATE-----\[Standard PEM Format]-----END CERTIFICATE-----", "CertificateType": "PEM"

}

Response: 201

{

"@odata.type": "#Certificate.v1_0_0.Certificate",

"@odata.id": "redfish/v1/Systems/SecureBoot/SecureBootDatabases/dbt/Certificates/2",

"Id": 2,

"Name": "Authorized TimeStamps(dbt)",

"CerificateString": "-----BEGIN CERTIFICATE-----[Standard PEM Format]-----END CERTIFICATE-----",

"CeritificateType": "PEM",

"Issuer": {

"CommonName": "Microsoft Root Certificate Authority 2010",

"Subject": {

"CommonName": "Microsoft Root Certificate Authority 2010",

"ValidNotBefore": "Mar 21 13:42:24 2022 GMT",

"ValidNotAfter": "Mar 18 13:42:24 2022 GMT",

"OEM": {}

}