Table 8. System setup options—Security menu (continued)
Security
Password Change Allows you to enable or disable password change on the
computer.
Default: Permitted
Absolute Enable or disable the BIOS module interface of the
optional Absolute Persistence Module service from Absolute
Software.
Default: Enabled
Firmware TPM Displays the firmware TPM state.
Default: Enabled
PPI Bypass for Clear Command Enable or disable the TPM Physical Presence Interface (PPI).
When enabled, this setting will allow the OS to skip BIOS PPI
user prompts when issuing the Clear command. Changes to
this setting take effect immediately.
Default: Disabled
UEFI Firmware Capsule Updates Enables or disables BIOS updates through UEFI capsule
update packages.
Default: Enabled
Windows SMM Security Mitigations Table Enables or disables Windows SMM Security Mitigation
protections.
Default: Disabled
Enable Pre-Boot DMA Protection Enables or disables Pre-Boot DMA Protection.
Default: Enabled
Enable OS Kernel DMA Support Enables or disables OS Kernel DMA Support.
Default: Enabled
Secure Boot
Secure Boot Enables secure boot using only validated boot software.
Default: Disabled
Secure Boot Mode Modifies the behavior of Secure Boot to allow evaluation
or enforcement of UEFI driver signatures. Deployed Mode
should be selected for normal operation of Secure Boot.
Default: Deployed Mode
Expert Key Management
Custom Mode Allows you to enable or disable Custom Mode. When
enabled, it allows the PK, KEK, db, and dbx security key
databases to be modified.
Default: Disabled
Enable Microsoft UEFI CA Allows you to enable or disable Microsoft UEFI CA.
Default: Enabled
PK
KEK
db
dbx
Allows for selection of key database.
● Delete All Keys will delete the selected key.
● Reset All Keys will reset all four keys to their default
settings.
97
To Next Page
Loading...
