Table 64. System Security details (continued)
Option Description
When set to Off, the presence of the TPM is not reported to the OS.
When set to On, the presence of the TPM is reported to the OS.
TPM Information Indicates the type of Trusted Platform Module, if present.
TPM Firmware Indicates the firmware version of a Trusted Platform Module(TPM).
TPM Heirachy Allows enabling, disabling or clearing the storage and endorsement hierarchies.
When set to Enabled, the storage and endorsement hierarchies can be used.
When set to Disabled, the storage and endorsement hierarchies cannot be used.
When set to Clear, the storage and endorsement hierarchies are cleared of any values
and then reset to Enabled.
TPM Advanced Settings
TPM PPI Bypass Provision When set to Enabled, allows the Operating System
to bypass Physical Presence Interface(PPI) prompts when issuing PPI Advanced
Configuration and Power Interface (ACPI) provisioning operations.
TPM PPI Bypass Clear When set to Enabled, allows the Operating System to bypass
Physical Presence Interface(PPI) prompts when issuing PPI Advanced Configuration and
Power Interface (ACPI) clear operations.
TPM2 Algorithm Selection Allows the user to change the cryptographic algorithms
used in the Trusted Platform Module (TPM). The available options are dependant on the
TPM firmware.
To enable TPM2 Algorithm Selection, Intel(R) TXT technology must be disabled.
AMD DRTM Enable/Disable AMD Dynamic Root of Trust Measurement (DRTM)
To enable AMD DRTM, below configurations must be enabled:
1. TPM2.0 must be enabled and the hash algorithm must be set to SHA256.
2. Transparent SME (TSME) must be enabled.
Power Button Enables or disables the power button on the front of the system. This option is set to
Enabled by default.
AC Power Recovery Sets how the system behaves after AC power is restored to the system. This option is
set to Last by default.
AC Power Recovery Delay Sets the time delay for the system to power up after AC power is restored to the system.
This option is set to Immediate by default.
User Defined Delay (120s to 600
s)
Controls the duration for which the power-on process is delayed after the AC power
supply is restored. The value is only effective if AC Power Recovery Delay is set to User
Defined. The valid range is between 120s and 600s.
UEFI Variable Access Provides varying degrees of securing UEFI variables. When set to Standard (the
default), UEFI variables are accessible in the operating system per the UEFI specification.
When set to Controlled, selected UEFI variables are protected in the environment and
new UEFI boot entries are forced to be at the end of the current boot order.
SMM Security Mitigation This option enables or disables additional UEFI SMM Security Mitigation protections.
This option is available only in UEFI boot mode. The operating system can use this
feature to help protect the secure environment created by virtualization based
security. Enabling this feature provides additional UEFI SMM Security Mitigation
protections. However, this feature may cause compatibility issue or loss of functionality
with some legacy tools or applications.
Secure Boot Enables Secure Boot, where the BIOS authenticates each pre-boot image by using the
certificates in the Secure Boot Policy. Secure Boot is set to Disabled by default.
Secure Boot Policy When Secure Boot policy is set to Standard, the BIOS uses the system manufacturer’s
key and certificates to authenticate pre-boot images. When Secure Boot policy is set to
Custom, the BIOS uses the user-defined key and certificates. Secure Boot policy is set
to Standard by default.
Pre-operating system management applications 57
To Next Page
Loading...
