Lenovo BIOS Certs Tool and Module#
Overview#
The Lenovo BIOS Certs Tool and Module is a PowerShell-based solution for working with certificate-based BIOS authentication. For a detailed view of how to get started using this solution with Lenovo commercial PC products which support it, please visit this article
This page will provide a cmdlet reference for the functions provided in the LnvBiosCerts module.
Convert_LnvBiosConfigFile#
-
Coverts the provided ThinkBiosConfig file with or without a password and converts the settings to the signed Lenovo SetBiosSettingEx command. Also adds a SaveBiosSettings command to confirm the settings to the machine. Paths can be relative or absolute.
Parameters#
-ConfigFile <String> Required The path to the exported ThinkBiosConfig settings file -KeyFile <String> Required The path to the private key to sign the commands with -OutFileName <String> Optional Optional parameter to supply the resultant file. Defaults to {$ConfigFile}Signed.iniExample#
Get-LnvSignedWmiCommand#
-
This cmdlet makes the appropriate parameter for the specified method. Required parameters are the KeyFile location and the Method name. Other parameters will be determined based on the Method parameter. Tab complete is available to make it easier to specify the parameters.
Parameters#
-KeyFile <String> Required The location the the private key you wish to use to sign the command -Method <String> Required The name of the class that you wish to use. Includes: 'SetBiosSetting' 'SaveSettings' 'ClearBiosCertificate' 'ChangeBiosCertificateToPassword' 'LoadDefaultSettings' 'UpdateBiosCertificate'Example#
PS C:\>Get-LnvSignedWmiCommand -Method SetBiosSetting -KeyFile {KeyLocation} -SettingName {Name} -SettingValue {Value} Get-LnvSignedWmiCommand -Method SaveBiosSettings -KeyFile {KeyLocation} Get-LnvSignedWmiCommand -Method ClearBiosCertificate -KeyFile {KeyLocation} -MachineSerial {Serial} Get-LnvSignedWmiCommand -Method ChangeBiosCertificateToPassword -KeyFile {KeyLocation} -Password {Password} Get-LnvSignedWmiCommand -Method LoadDefaultSettings -KeyFile {KeyLocation} Get-LnvSignedWmiCommand -Method UpdateBiosCertificate -KeyFile {KeyLocation} -NewCertFile {CertLocation} Get-LnvSignedWmiCommand -Method SetFunctionRequest -KeyFile {KeyLocation} -FunctionName {Name} -FunctionValue {Yes|No}
Get-LnvUnlockCode#
-
Retrieves the unlock code for a provided unlock file.
Parameters#
-UnlockFile <String> Required The path to the unlock file -KeyFile <String> Required The path to the private key fileExample#
Set-LnvBiosCertificate#
-
Switches the BIOS to certificate based authorization. This requires a Supervisor password to be set (if not in System Deployment Boot Mode). Installing a certificate will remove the Supervisor and the System Management passwords if set. A reboot is required to take effect.
Parameters#
-CertFile <String> Required The PEM or DER file that contains the certificate that you wish to apply to the machine -Password <String> Optional The password that is currently on the machine. Not required if applying to a passwordless machine in System Deployment Boot Mode.Example#
Submit-LnvBiosChange#
-
Sends an invoke command to the specified class with the provided parameters.
Parameters#
-Command <String> Required A string generated by Get-LnvSignedWmiCommand or a string in the format ClassName[,Parameters]Example#