Table of Contents
Advertisement
Table A-4
Computer Setup—Security (continued)
System Security
Data Execution Prevention (enable/disable) - Helps prevent operating system security breaches.
(these options are
Default is enabled.
hardware dependent)
SVM CPU Virtualization (enable/disable). Controls the virtualization features of the processor.
Changing this setting requires turning the computer off and then back on. Default is disabled.
Virtualization Technology (VTx) (enable/disable) - Controls the virtualization features of the
processor. Changing this setting requires turning the computer off and then back on. Default is
disabled.
Virtualization Technology Directed I/O (VTd) (enable/disable) - Controls virtualization DMA
remapping features of the chipset. Changing this setting requires turning the computer off and
then back on. Default is disabled.
Trusted Execution Technology (enable/disable) - Controls the underlying processor and chipset
features needed to support a virtual appliance. Changing this setting requires turning the
computer off and then back on. Default is disabled. To enable this feature you must enable the
following features:
●
●
●
Embedded Security Device (enable/disable) - Permits activation and deactivation of the
Embedded Security Device.
NOTE:
●
●
System Security
OS management of Embedded Security Device (enable/disable) - This option allows the user to
(continued)
limit OS control of the Embedded Security Device. Default is enabled. This option is automatically
disabled if Trusted Execution Technology is enabled.
●
DriveLock Security
Allows you to assign or modify a master or user password for hard drives. When this feature is
enabled, the user is prompted to provide one of the DriveLock passwords during POST. If neither
is successfully entered, the hard drive will remain inaccessible until one of the passwords is
successfully provided during a subsequent cold-boot sequence.
NOTE:
feature is attached to the system.
Embedded Security Device Support
Virtualization Technology
Virtualization Technology Directed I/O
To configure the Embedded Security Device, a Setup password must be set.
Reset to Factory Settings (Do not reset/Reset) - Resetting to factory defaults will erase all
security keys and leave the device in a disabled state. Changing this setting requires that
you restart the computer. Default is Do not reset.
CAUTION:
The embedded security device is a critical component of many security
schemes. Erasing the security keys will prevent access to data protected by the Embedded
Security Device. Choosing Reset to Factory Settings may result in significant data loss.
Measure boot variables/devices to PCR1 - Typically, the computer measures the boot path
and saves collected metrics to PCR5 (a register in the Embedded Security Device). Bitlocker
tracks changes to any of these metrics, and forces the user to re-authenticate if it detects
any changes. Enabling this feature lets you set Bitlocker to ignore detected changes to boot
path metrics, thereby avoiding re-authentication issues associated with USB keys inserted in
a port. Default is enabled.
Reset of Embedded Security Device through OS (enable/disable) - This option allows the
user to limit the operating system ability to request a Reset to Factory Settings of the
Embedded Security Device. Default is disabled.
NOTE:
To enable this option, a Setup password must be set.
This selection will only appear when at least one drive that supports the DriveLock
Computer Setup (F10) Utilities
53
Advertisement
Table of Contents
