Security
This section provides security details and settings.
Table 35. Security
Options Description
TPM 2.0 Security
TPM 2.0 Security On
This section contains a toggle switch to select whether
Trusted Platform Module(TPM) is visible to the Operating
System(OS).
PPI Bypass for Enabled Commands
This section contains a toggle switch which controls the TPM
Physical Presence Interface(PPI). When enabled, this setting
allows the OS to skip BIOS PPI user prompts when issuing
TPM PPI enable and activate commands.
PPI Bypass for Disabled Commands
This section contains a toggle switch which controls the TPM
Physical Presence Interface(PPI). When enabled, this setting
will allow the OS to skip BIOS PPI user prompts when issuing
TPM PPI disable and deactivate commands(#2, 4, 7, 9, & 11).
PPI Bypass for Clear Commands
This section contains a toggle switch which controls the TPM
Physical Presence Interface(PPI). When enabled, this setting
will allow the OS to skip BIOS PPI user prompts when issuing
the clear command.
Attestation Enable
This section contains toggle switch which lets the user control
whether the TPM Endorsement Hierarchy is available to the
OS.
Key Storage Enable
This sections contains a toggle switch that allows the user
to control whether TPM Storage Hierarchy is available to the
operating system.
SHA-256
This sections contains a toggle switch that when enabled,
allows the BIOS and the TPM to use the SHA-256 hash
algorithm to extend measurements into the TPM PCRs during
BIOS boot.
Clear
This section contains toggle switch which clears the TPM
owner information, and returns the TPM to the default state.
TPM State
This section allows the user to enable or disable the TPM. this
is the normal operating state for the TPM when you want to
use its complete arrays of capabilities.
Intel Software Guard Extension
Intel SGX
This sections allows the user to select the Intel Software
Guard Extension Enclave Reserve Memory Size. The options
are as follows:
● Disabled
● Enabled
● Software Control
SMM Security Mitigation
This section allows the user to enable or disable UEFI SMM
security Mitigation protections.
Data Wipe on Next Boot
32 System setup
To Next Page
Loading...
