Anti-Theft
•ComputraceModuleActivation
Values:Disabled,Enabled,PermanentlyDisabled
Descriptions:EnabletheUEFIBIOSinterfacetoactivatethecomputracemodule.Computraceisan
optionalmonitoringservicefromAbsoluteSoftware.IfyouselectPermanentlyDisabled,youcannot
enablethissettingagain.
SecureBoot
•SecureBoot
Values:Disabled,Enabled
Descriptions:Enablethisoptiontopreventunauthorizedoperatingsystemsfromloadingwhenyou
turnonthecomputer.
Note:EnablingSecureBootrequirestosetthestartupsettingtoUEFIOnlyandCSMSupporttoNo.
•PlatformMode
Values:SetupMode,UserMode
Descriptions:Specifythesystemoperatingmode.
•SecureBootMode
Values:StandardMode,CustomMode
Descriptions:SpecifytheSecureBootmode.
•ResettoSetupMode
Descriptions:UsethisoptiontoclearthecurrentplatformkeyandresetPlatformModetoSetupMode.
•RestoreFactoryKeys
Descriptions:UsethisoptiontorestoreallkeysandcertificatesinSecureBootdatabasestothe
factorydefaults.
•ClearAllSecureBootKeys
Descriptions:UsethisoptiontoclearallkeysandcertificatesinSecureBootdatabasesandinstall
yourownkeysandcertificates.
Intel(R)SGX
•Intel(R)SGXControl
Values:Disabled,Enabled,SoftwareControlled
Descriptions:EnableordisabletheIntelSoftwareGuardExtensions(SGX)function.Ifyouselect
SoftwareControlled,SGXwillbecontrolledbytheSGXapplicationforUEFIbootOS.
•ChangeOwnerEPOCH
Value:Enter
Descriptions:ChangeOwnerEPOCHtoarandomvalue.UsethisoptiontoclearSGXuserdata.
DeviceGuard
•DeviceGuard
Values:Disabled,Enabled
Descriptions:ThisoptionisusedtosupportMicrosoftDeviceGuard.
Whenthisoptionisenabled,IntelVirtualizationTechnology,IntelVT-dFeature,SecureBoot,andOS
OptimizedDefaultsareautomaticallyenabled.Bootorderisrestrictedtocustomerimageonly.To
completetheconfigurationofDeviceGuard,youhavetosetasupervisorpassword.
Chapter6.Advancedconfiguration81
To Next Page
Loading...
