Table 6-2 Computer Setup Security (continued)
Option Description
Security Configuration Secure Platform Management (SPM)
● SPM Current State: Displays the current state. Also lets you change the state.
● Unprovision SPM: Deprovisions SPM, which causes HP Sure Run to revert to the inactive state
and return HP Sure Recover to default settings.
● HP Sure Run Current State: Displays the current state. Also lets you change the state.
Deactivate HP Sure Run: Deactivates HP Sure Run without deprovisioning SPM.
● Smart Health Enable
● EBAM Current State: Displays the current state. Also lets you change the state.
Disable EBAM: Disables Enhanced BIOS Authentication Mode (EBAM).
● Deactivate HP Sure Run: Requires BIOS Administrator password to be configured.
● Local Access Key: Indicates that the key is present. Also lets you clear the keys and reboot.
Clear EBAM Local Access Keys and Reboot: Deletes all currently established local access keys
created for Enhanced BIOS Authentication Mode (EBAM).
Physical Presence Interface: When set to enabled, the user is notified at system power up when
changes are made to system security policy. The user must manually agree to those changes before
the change is confirmed. Default is enabled.
Smart Cover: The Smart Cover Lock (select products only) is a software-controllable solenoid lock
that restricts unauthorized access to the system’s internal components.
● Cover Lock: Default is unlock.
● Cover Removal Sensor: Lets you disable the cover sensor or configure what action is taken if
the computer cover is removed. Default is disabled.
NOTE: Notify user alerts the user with a POST error on the first boot after the sensor detects
removal of the cover. If the password is set, Administrator Password requires that the password
be entered to boot the computer if the sensor detects that the cover has been removed.
Trusted Execution Technology (TXT)
Enables Trusted Execution Technology on select Intel-based systems. Default is disabled.
NOTE: Enabling this feature disables OS management of the Trusted Platform Module (TPM),
prevents a reset of the TPM, and constrains the configuration of VTx, VTd, and TPM.
Intel Software Guard Extensions (SGX)
Intel SGX is a set of processor code instructions that allows user-level code to allocate private
regions of memory. Unlike normal process memory, SGX protects these private memory regions
from processes running at higher privilege levels.
● Software control
● Disable
● Enable
Full encryption of main memory (DRAM) (select products only)
When selected, the computer stores all data to DRAM in an encrypted format.
76
Chapter 6 Computer Setup (F10) Utility
To Next Page
Loading...
