Table 33. System setup options—Security menu (continued)
Security
Disabled
Default: OFF.
Permanently Disabled
Default: OFF.
OROM Keyboard Access Allows the user to enter option OROM configuration screens using hotkeys
during boot.
Enable
Default: ON.
Disabled
Default: OFF.
One Time Enable
Default: OFF.
Admin Setup Lockout Enable or disable users from entering Setup when an admin password is set.
Enable Admin Setup Lockout
Default: OFF.
Master Password Lockout Enable or disable master password support
Enable Master Password Lockout
Default: OFF.
SMM Security Mitigation Enable or disable additional UEFI SMM Security Mitigation protections.
Default: ON.
Table 34. System setup options—Secure Boot menu
Secure Boot
Secure Boot Enable Enables or disables the Security Boot feature.
Enable Secure Boot
Default: ON.
Secure Boot Mode Selects the Secure Boot operation mode.
Deployed Mode
Default: ON.
NOTE: Deployed Mode should be selected for full Secure Boot
precautions.
Audit Mode
Default: OFF.
Expert Key Management
Enable Custom Mode Enables or disables the keys in the PK, KEK, db, and dbx security key
databases to be modified.
Default: OFF.
Custom Mode Key Management Selects the custom values for expert key management.
Default: PK.
Table 35. System setup options—Intel Software Guard Extensions menu
Expert Key Management
Intel SGX Enable Enables or disables Intel Software Guide Extensions (SGX) to provide a
secured environment for running code/storing sensitive information.
Default: Software Controlled.
Enclave Memory Size
Sets Intel SGX Enclave Reserve Memory Size.
NOTE: Enclave Memory Size has no effect when SGX is set to Software
Controlled.
34 System setup
To Next Page
Loading...
