Chapter 6: BIOS
91
Pending Operation
Use this feature to schedule a TPM-related operation to be performed by a security (TPM)
device at the next system boot to enhance system data integrity. Your system will reboot to
carry out a pending TPM operation. The options are None and TPM Clear.
Note: Your system will reboot to carry out a pending TPM operation.
Platform Hierarchy (for TPM Version 2.0 and above)
Select Enabled for TPM Platform Hierarchy support which will allow the manufacturer to utilize
initial system boot. This early boot code is shipped with the platform and is included in the
to verify a digital signature in an attempt to manage and control the security of the platform
Enabled and Disabled.
Storage Hierarchy
Select Enabled for TPM Storage Hierarchy support that is intended to be used for non-privacy-
sensitive operations by the platform owner such as an IT professional or the end user. Storage
Hierarchy has an owner policy and an authorization value, both of which can be set and are
held constant (-rarely changed) through reboots. This hierarchy can be cleared or changed
independently of the other hierarchies. The options are Enabled and Disabled.
Endorsement Hierarchy
Select Enabled for Endorsement Hierarchy support, which contains separate controls to
by the TPM or a manufacturer to be constrained to an authentic TPM device that is attached
authorization value" without involving other hierarchies. A user with privacy concerns can
disable the endorsement hierarchy while still using the storage hierarchy for TPM applications
and permitting the platform software to use the TPM. The options are Enabled and Disabled.
PH (Platform Hierarchy) Randomization (for TPM Version 2.0 and above)
Select Enabled for Platform Hierarchy Randomization support, which is used only during the
platform developmental stage. This feature cannot be enabled in the production platforms.
The options are Disabled and Enabled.
TXT Support
Select Enabled to enable Intel Trusted Execution Technology (TXT) support to enhance
system security and data integrity. The options are Disabled and Enabled.
To Next Page
Loading...
