User's Manual

Table 27. Security(continued)

Option Description

• TPM On—This option is enabled by default.

• Clear

• PPI Bypass for Enable Commands

• PPI Bypass for Disbale Commands

• PPI Bypass for Clear Command

• Attestation Enable—This option is enabled by default.

• Key Storage Enable—This option is enabled by default.

• SHA-256—This option is enabled by default.

Absolute® This field lets you Enable, Disable, or Permanently Disable the BIOS module interface of the optional

Absolute Persistence Module service from Absolute® Software.

Admin Setup Lockout

Allows you to prevent users from entering Setup when an administrator password is set.

• Enable Admin Setup Lockout

By default, this option is disabled.

Master Password Lockout

Allows you to disable master password support.

• Enable Master Password Lockout

By default, this option is disabled.

NOTE: Hard Disk password should be cleared before the settings can be changed.

SMM Security Mitigation

Allows you to enable or disable additional UEFI SMM Security Mitigation protection.

• SMM Security Mitigation

By default, this option is enabled.

Secure boot

Table 28. Secure Boot

Option Description

Secure Boot Enable

Allows you to enable or disable the Secure Boot Feature.

• Secure Boot Enable—By default, this option is disabled.

Secure Boot Mode

Changes to the Secure Boot operation mode modifies the behavior

of Secure Boot to allow evaluation of UEFI driver signatures.

This options are:

• Deployed Mode—By default, this option is enabled.

• Audit Mode

Expert Key Management

Allows you to enable or disable Expert Key Management.

• Enable Custom Mode—By default, this option is disabled.

The Custom Mode Key Management options are:

• PK—By default, this option is disabled.

• KEK

• db

• dbx

26 System setup