Security
Table 33. Security
Option Description
Enable Admin Setup Lockout
OFF(enabled by default)
Password Bypass This option lets you bypass the System (Boot) Password and the internal HDD password prompts
during a system restart.
• Disabled — Always prompt for the system and internal HDD password when they are set. This
option is enabled by default.
• Reboot Bypass — Bypass the password prompts on Restarts (warm boots).
NOTE: The system will always prompt for the system and internal HDD passwords when
powered on from the o state (a cold boot). Also, the system will always prompt for
passwords on any module bay HDDs that may be present.
Non-Admin Password Change This option lets you determine whether changes to the System and Hard Disk passwords are
permitted when an administrator password is set.
Allow Non-Admin Password Changes - This option is enabled by default.
Non-Admin Setup Changes Determines whether changes to the setup option are permitted when an administrator password is
set.
UEFI Capsule Firmware Updates This option controls whether this system allows BIOS updates via UEFI capsule update packages.
This option is selected by default. Disabling this option will block BIOS updates from services such as
Microsoft Windows Update and Linux Vendor Firmware Service (LVFS)
Computrace(R) This eld lets you Activate or Disable the BIOS module interface of the optional Computrace Service
from Absolute Software. Enables or disables the optional Computrace service designed for asset
management.
• Deactivate Computrace - This option is selected by default.
• Activate Computrace
• Disable Computrace
TPM 2.0 Security Allows you to control whether the Trusted Platform Module (TPM) is visible to the operating system.
• TPM On (default)
• PPI Bypass for Enable Commands (default)
• PPI Bypass for Disable Commands
• PPI Bypass for Clear Commands
• Attestation Enable (default)
• Key Storage Enable (default)
• SHA-256 (default)
• TPM Enabled(default)
Intel SGX Software Guard Extensions (SGX) provide a secured environment for running code/storing sensitive
information in the context of the main OS.
Software Control(enabled by default)
SMM Security Mitigation Allows you to enable or disable additional UEFI SMM Security Mitigation protections. This option is
not set by default.
30 System setup
To Next Page
Loading...
