Chapter 4: UEFI BIOS
89
Storage Hierarchy (Available when "Security Device Support" is set to Enabled)
Select Enabled for TPM Storage Hierarchy support that is intended to be used for non-privacy-
sensitive operations by a platform owner such as an IT professional or the end user. Storage
Hierarchy has an owner policy and an authorization value, both of which can be set and are
held constant (-rarely changed) through reboots. This hierarchy can be cleared or changed
independently of the other hierarchies. The options are Disabled and Enabled.
Endorsement Hierarchy (Available when "Security Device Support" is set to
Enabled)
Select Enabled for Endorsement Hierarchy support, which contains separate controls to
address privacy concerns because the primary keys in the hierarchy are certied by the
TPM key or by a manufacturer with restrictions on how an authentic TPM device that is
attached to an authentic platform can be accessed and used. A primary key can be encrypted
and certied with a certicate created by using TPM2_ActivateCredential, which allows
you to independently enable "ag, policy, and authorization values" without involving other
hierarchies. A user with privacy concerns can disable the endorsement hierarchy while still
using the storage hierarchy for TPM applications, permitting the platform software to use the
TPM. The options are Disabled and Enabled.
Physical Presence Spec Version
Use this feature to change what Physical Presence Interface (PPI) Spec Version the OS
should support. The options are 1.2 and 1.3.
TPM 2.0 InterfaceType
Use this feature to view the interface type of the TPM 2.0 device.
PH Randomization
Select Enabled for Platform Hierarchy (PH) Randomization support, which is used only during
the platform developmental stage. This feature cannot be enabled in the production platforms.
The options are Disabled and Enabled.
Disable Block Sid
Use this feature to enable or disable SID authentication performed in TCG storage devices.
The options are Disable and Enabled.
TXT Support
Select Enabled to enable Intel Trusted Execution Technology (TXT) support to enhance
system integrity and data security. The options are Disabled and Enabled.
Note 1: If this feature is set to Enabled, be sure to disable Device Function On-Hide
(EV DFX) support when it is present in the BIOS for the system to work properly.
To Next Page
Loading...
