Setup and Specifications
Option Description
UEFI Capsule Firmware Updates This option controls whether this system allows BIOS updates via UEFI capsule update packages.
This option is selected by default. Disabling this option will block BIOS updates from services such as
Microsoft Windows Update and Linux Vendor Firmware Service (LVFS)
TPM 2.0 Security Allows you to control whether the Trusted Platform Module (TPM) is visible to the operating system.
• TPM On (default)
• Clear
• PPI Bypass for Enable Commands
• PPI Bypass for Disable Commands
• PPI Bypass for Clear Commands
• Attestation Enable (default)
• Key Storage Enable (default)
• SHA-256 (default)
Choose any one option:
• Disabled
• Enabled (default)
Absolute This eld lets you Enable, Disable or Permanently Disable the BIOS module interface of the optional
Absolute Persistence Module service from Absolute Software.
• Enabled - This option is selected by default.
• Disabled
• Permanently Disabled
OROM Keyboard Access This option determines whether users are able to enter Option ROM conguration screen via hotkeys
during boot.
• Enabled (default)
• Disabled
• One Time Enable
Admin Setup Lockout Allows you to prevent users from entering Setup when Admin password is set. This option is not set
by default.
Master Password Lockout Allows you to disable master password support Hard Disk passwords need to be cleared before the
settings can be changed. This option is not set by default.
SMM Security Mitigation Allows you to enable or disable additional UEFI SMM Security Mitigation protections. This option is
not set by default.
Secure boot
Table 34. Secure Boot
Option Description
Secure Boot Enable Allows you to enable or disable Secure Boot feature
• Secure Boot Enable
Option is not selected.
Secure Boot Mode Allows you to modify the behavior of Secure Boot to allow evaluation or enforcement of UEFI driver
signatures.
• Deployed Mode (default)
32 System setup