Table 8. System setup options—Security menu(continued)
Security
PPI Bypass for SED Block SID Command Allows you to enable or disable PPI Bypass for SED Block
SID Command.
Default: Disabled
Password Change Allows you to enable or disable password change on the
computer.
Default: Permitted
Absolute Enable or disable the BIOS module interface of the optional
Absolute Persistence Module service from Absolute
Software.
Default: Enabled
Firmware TPM Displays the firmware TPM state.
Default: Enabled
PPI Bypass for Clear Command Enable or disable the TPM Physical Presence Interface
(PPI). When enabled, this setting will allow the OS to skip
BIOS PPI user prompts when issuing the Clear command.
Changes to this setting take effect immediately.
Default: Disabled
UEFI Firmware Capsule Updates Enables or disables BIOS updates through UEFI capsule
update packages.
Default: Enabled
Windows SMM Security Mitigations Table Enables or disables Windows SMM Security Mitigation
protections.
Default: Disabled
Enable Pre-Boot DMA Protection Enables or disables Pre-Boot DMA Protection.
Default: Enabled
Enable OS Kernel DMA Support Enables or disables OS Kernel DMA Support.
Default: Enabled
Secure Boot
Secure Boot Enables secure boot using only validated boot software.
Default: Disabled
Secure Boot Mode Modifies the behavior of Secure Boot to allow evaluation
or enforcement of UEFI driver signatures. Deployed Mode
should be selected for normal operation of Secure Boot.
Default: Deployed Mode
Expert Key Management
Custom Mode Allows you to enable or disable Custom Mode. When
enabled, it allows the PK, KEK, db, and dbx security key
databases to be modified.
Default: Disabled
Enable Microsoft UEFI CA Allows you to enable or disable Microsoft UEFI CA.
Default: Enabled
PK
KEK
Allows for selection of key database.
● Delete All Keys will delete the selected key.
System setup 103
To Next Page
Loading...
