The System Security Settings screen details are explained as follows:
Menu Item Description
Intel AES-NI Improves the speed of applications by performing encryption and decryption using the Advanced
Encryption Standard Instruction Set and is set to Enabled by default.
System
Password
Sets the system password. This option is set to Enabled by default and is read-only if the password
jumper is not installed in the system.
Setup Password Sets the setup password. This option is read-only if the password jumper is not installed in the system.
Password Status Locks the system password. By default, the Password Status option is set to Unlocked.
TPM Information Changes the operational state of the TPM. By defaultoption is set to No TPM Present.
Intel TXT Enables or disables the Intel Trusted Execution Technology (TXT). To enable Intel TXT, Virtualization
Technology must be enabled and TPM Security must be Enabled with Pre-boot measurements. By
default, the Intel TXT option is set to Off.
Power Button Enables or disables the power button on the front of the system. By default, the Power Button option is
set to Enabled.
AC Power
Recovery
Sets how the system reacts after AC power is restored to the system. By default, the AC Power
Recovery option is set to Last.
AC Power
Recovery Delay
Sets how the system supports staggering of power up after AC power is restored to the system. By
default, the AC Power Recovery Delay option is set to Immediate.
User Defined
Delay (60s to
240s)
Sets the User Defined Delay when the User Defined option for 0 is selected.
UEFI Variable
Access
Provides varying degrees of securing UEFI variables. When set to Standard (the default) UEFI variables
are accessible in the Operating System per the UEFI specification. When set to Controlled, selected
UEFI variables are protected in the environment and new UEFI boot entries are forced to be at the end of
the current boot order.
Secure ME PCI
Cfg Space
Enabled this setting will hide the PCU configuration space for the management engine (ME) HECI device
and is set to Disabled by default.
Secure Boot Enables Secure Boot, where the BIOS authenticates each pre-boot image using the certificates in the
Secure Boot Policy. Secure Boot is disabled by default.
Secure Boot
Policy
When Secure Boot policy is Standard, the BIOS uses the system manufacturer’s key and certificates to
authenticate pre-boot images. When Secure Boot policy is Custom, the BIOS uses the user-defined key
and certificates. Secure Boot policy is Standard by default.
Secure Boot
Mode
This field enabled how to use Secure boot policy object (PK, KEK, db, dbx).
Secure Boot
Policy Summary
Views the list of certificates and hashes that secure boot uses to authenticated images.
Secure Boot Custom Policy Settings
Secure Boot Custom Policy Settings is displayed only when Secure Boot Policy is set to Custom.
About this task
In the System Setup Main Menu, click System BIOS > System Security > Secure Boot Custom Policy Settings.
The Secure Boot Custom Policy Settings screen details are explained as follows:
Menu Item Description
Platform Key Imports, exports, deletes, or restores the platform key (PK).
Key Exchange
Key Database
Allows you to import, export, delete, or restore entries in the Key Exchange Key (KEK) Database
BIOS and UEFI 123
To Next Page
Loading...
