Table 6-3 Computer Setup—Security (continued)
System Security
(these options are
hardware dependent)
Data Execution Prevention (enable/disable) - Helps prevent operating system security breaches.
Default is enabled.
SVM CPU Virtualization (enable/disable). Controls the virtualization features of the processor.
Changing this setting requires turning the computer off and then back on. Default is disabled.
Virtualization Technology (VTx) (enable/disable) - Controls the virtualization features of the
processor. Changing this setting requires turning the computer off and then back on. Default is
disabled.
Virtualization Technology Directed I/O (VTd) (enable/disable) - Controls virtualization DMA
remapping features of the chipset. Changing this setting requires turning the computer off and then
back on. Default is disabled.
Trusted Execution Technology (enable/disable) - Controls the underlying processor and chipset
features needed to support a virtual appliance. Changing this setting requires turning the computer
off and then back on. Default is disabled. To enable this feature you must enable the following
features:
●
Embedded Security Device Support
●
Virtualization Technology
●
Virtualization Technology Directed I/O
Embedded Security Device (enable/disable) - Permits activation and deactivation of the Embedded
Security Device.
NOTE: To configure the Embedded Security Device, a Setup password must be set.
●
Reset to Factory Settings (Do not reset/Reset) - Resetting to factory defaults will erase all
security keys and leave the device in a disabled state. Changing this setting requires that you
restart the computer. Default is Do not reset.
CAUTION: The embedded security device is a critical component of many security schemes.
Erasing the security keys will prevent access to data protected by the Embedded Security
Device. Choosing Reset to Factory Settings may result in significant data loss.
●
Measure boot variables/devices to PCR1 - Typically, the computer measures the boot path and
saves collected metrics to PCR5 (a register in the Embedded Security Device). Bitlocker tracks
changes to any of these metrics, and forces the user to re-authenticate if it detects any
changes. Enabling this feature lets you set Bitlocker to ignore detected changes to boot path
metrics, thereby avoiding re-authentication issues associated with USB keys inserted in a port.
Default is enabled.
114 Chapter 6 Computer Setup (F10) Utility
To Next Page
Loading...
Need help?
General
