Option Description
Allow Non-Admin Password Changes - This option is enabled by Default setting.
TPM 2.0 Security
NOTE: TPM function is not
applied to China and
Russia.
Allows you to control whether the Trusted Platform Module (TPM) is visible to the operating
system.
• TPM On (Default setting)
• Clear
• PPI Bypass for Enable Commands (Default setting)
• PPI Bypass for Disable Commands
• PPI Bypass for Clear Commands
• Attestation Enable (Default setting)
• Key Storage Enable (Default setting)
• SHA-256 (Default setting)
Choose any one option:
• Disabled
• Enabled (Default setting)
Chassis Intrusion This field controls the chassis intrusion feature.
Choose any one of the option:
• Disabled
• Enabled (Default setting)
• On-Silent
OROM Keyboard Access
• Disabled
• Enabled (Default setting)
• One Time Enable
Admin Setup Lockout Allows you to prevent users from entering Setup when Admin password is set (Default setting: not
enabled).
Master Password Lockout Allows you to prevent users from entering Setup when Master password is set (Default setting: not
enabled).
SMM Security Mitigation Allows you to enable or disable additional UEFI SMM Security Mitigation protections (Default setting:
not enabled).
Table 6. Secure Boot
Option Description
Secure Boot Enable The option is not enabled by Default setting.
Secure Boot Mode
• Deployed Mode (Default setting)
• Audit Mode
Expert Key Management Allows you to enable or disable Custom Mode Key Management.
• Enable Custom Mode (This option is not enabled by Default setting)
If Enabled,
• PK (Default setting)
• KEK
• db
• dbx
Table 7. Intel Software Guard Extensions
Option Description
Intel SGX Enable Allows you to enable or disable Intel Software Guard Extensions.
• Disabled
20 Pre-operating system management applications
To Next Page
Loading...
