Table of Contents
Advertisement
The System Security Settings screen details are explained as follows:
Menu Item
Description
Improves the speed of applications by performing encryption and decryption using the Advanced
Intel AES-NI
Encryption Standard Instruction Set and is set to Enabled by default.
Sets the system password. This option is set to Enabled by default and is read-only if the password
System
jumper is not installed in the system.
Password
Sets the setup password. This option is read-only if the password jumper is not installed in the system.
Setup Password
Locks the system password. By default, the Password Status option is set to Unlocked.
Password Status
TPM Information Changes the operational state of the TPM. By defaultoption is set to No TPM Present.
Enables or disables the Intel Trusted Execution Technology (TXT). To enable Intel TXT, Virtualization
Intel TXT
Technology must be enabled and TPM Security must be Enabled with Pre-boot measurements. By
default, the Intel TXT option is set to Off.
Enables or disables the power button on the front of the system. By default, the Power Button option is
Power Button
set to Enabled.
Sets how the system reacts after AC power is restored to the system. By default, the AC Power
AC Power
Recovery option is set to Last.
Recovery
Sets how the system supports staggering of power up after AC power is restored to the system. By
AC Power
default, the AC Power Recovery Delay option is set to Immediate.
Recovery Delay
Sets the User Defined Delay when the User Defined option for 0 is selected.
User Defined
Delay (60s to
240s)
Provides varying degrees of securing UEFI variables. When set to Standard (the default) UEFI variables
UEFI Variable
are accessible in the Operating System per the UEFI specification. When set to Controlled, selected
Access
UEFI variables are protected in the environment and new UEFI boot entries are forced to be at the end of
the current boot order.
Enabled this setting will hide the PCU configuration space for the management engine (ME) HECI device
Secure ME PCI
and is set to Disabled by default.
Cfg Space
Enables Secure Boot, where the BIOS authenticates each pre-boot image using the certificates in the
Secure Boot
Secure Boot Policy. Secure Boot is disabled by default.
When Secure Boot policy is Standard, the BIOS uses the system manufacturer's key and certificates to
Secure Boot
authenticate pre-boot images. When Secure Boot policy is Custom, the BIOS uses the user-defined key
Policy
and certificates. Secure Boot policy is Standard by default.
This field enabled how to use Secure boot policy object (PK, KEK, db, dbx).
Secure Boot
Mode
Views the list of certificates and hashes that secure boot uses to authenticated images.
Secure Boot
Policy Summary
Secure Boot Custom Policy Settings
Secure Boot Custom Policy Settings is displayed only when Secure Boot Policy is set to Custom.
About this task
In the System Setup Main Menu, click System BIOS > System Security > Secure Boot Custom Policy Settings.
The Secure Boot Custom Policy Settings screen details are explained as follows:
Menu Item
Description
Imports, exports, deletes, or restores the platform key (PK).
Platform Key
Allows you to import, export, delete, or restore entries in the Key Exchange Key (KEK) Database
Key Exchange
Key Database
BIOS and UEFI
123
Advertisement
Table of Contents
