Secure Boot Configuration
Item
Options
Description
Physical Presence
• Asserted
• De-asserted
Display the current Physical Presence status.
Physical Presence is a form of authorization to perform
certain security functions. [Asserted] means being
authorized.
”Secure Boot Setting” and “Secure Boot Policy” is
modifiable when “Physical Presence” is asserted.
De-asserted is the default setting
Note: When the setting is De-asserted, the whole page is
grayed.
Secure Boot Status
• Disabled
• Enabled
Display the current secure boot status. Disabled is the
default setting.
Secure Boot Mode
• Setup Mode
• User Mode
System will do secure boot authentication when “Secure
Boot Mode” is [User Mode] and secure boot is enabled.
User Mode is the default setting.
Secure Boot Setting
• Enable
• Disable
Enable/Disable secure boot. This setting is modifiable
when “Physical Presence” is asserted and cannot be
loaded to default in Setup Utility. User Mode is the
default setting.
Notes:
• When you attempt to enable secure boot while CSM is
enabled, there is a prompt to tell you.
• Legacy BIOS will be disabled when secure boot is
enabled.
• When you fail to change secure boot settings, verify
physical presence and retry.
Secure Boot Policy
• Factory Policy
• Custom Policy
• Delete All Keys
• Delete PK
• Reset All Keys to
Default
This setting is modifiable when "Physical Presence" is
asserted and cannot be loaded to default in Setup Utility.
[Factory Policy]: Factory default keys will be used after
reboot. Factory Policy is the default setting.
[Custom Policy]: Customized keys will be used after
reboot.
[Delete All Keys]: PK, KEK, DB and DBX will be deleted
after reboot.
[Delete PK]: PK will be deleted after reboot.
"Secure Boot Mode" is [Setup Mode] and "Secure Boot
Policy" is [Custom Policy] after PK is deleted.
[Reset All Keys to Default]: All the keys will be set to
factory defaults and "Secure Boot Policy" is [Factory
Policy] after reboot.
Chapter 3. System configuration and boot management 41
To Next Page
Loading...
