Table 5-3 Computer Setup—Security (continued)
Option Description
Network Boot Enables/disables the computer’s ability to boot from an operating system installed on a network server.
Default is enabled.
System IDs Allows you to set:
●
Product Name
●
Serial Number
●
Universal Unique Identier (UUID) number. The UUID can only be updated if the current chassis serial
number is invalid. (These ID numbers are normally set in the factory and are used to uniquely
identify the system.)
●
SKU Number
●
Family Name
●
Feature Byte. Default is enabled.
●
Build ID
●
Keyboard.
System Security (these
options are hardware
dependent)
NOTE: Available options are displayed depending on system conguration.
Virtualization Technology (VTx/VTd) (enable/disable) - Controls the virtualization features of the
processor. Changing this setting requires turning the computer o and then back on. Default is disabled.
Intel Software Guard Extensions (SGX) (Software controlled/enable/disable)
TPM Features – Lets you congure the following TPM settings:
TPM Device
Lets you set the Trusted Platform Module as available or hidden.
TPM State
Select to enable the TPM.
Clear TPM
Select to reset the TPM to an unowned state. After the TPM is cleared, it is also turned o. To temporarily
suspend TPM operations, turn the TPM o instead of clearing it.
CAUTION: Clearing the TPM resets it to factory defaults and turns it o. You will lose all created keys and
data protected by those keys.
Secure Boot
Conguration
CAUTION: Changing the default setting of any of the Setup options on this page for operating systems
that do not support Secure Boot may prevent the system from booting successfully.
●
Legacy Support—Enable/Disable. Allows you to turn o all legacy support on the computer,
including booting to DOS, running legacy graphics cards, booting to legacy devices, and so on. If set
to disable, legacy boot options in Storage > Boot Order are not displayed. Default is enabled.
●
Secure Boot—Enable/Disable. Allows you to make sure an operating system is legitimate before
booting to it, making Windows resistant to malicious modication from preboot to full OS booting,
preventing rmware attacks. UEFI and Windows Secure Boot only allow code signed by pre-
approved digital certicates to run during the rmware and OS boot process. Default is disabled,
except for Windows systems which have this setting enabled. Secure Boot enabled also sets Legacy
Support to disabled.
●
Key Management—This option lets you manage the custom key settings.
◦
Clear Secure Boot Keys—Don't Clear/Clear. Allows you to delete any previously loaded custom
boot keys. Default is Don't Clear.
◦
Key Ownership—HP Keys/Custom Keys. Selecting Custom Mode allows you to modify the
contents of the secure boot signature databases and the platform key (PK) that veries kernels
56 Chapter 5 Computer Setup (F10) Utility
To Next Page
Loading...
Need help?
General
Weight and Dimensions
