Operation Manual

Secure Boot screen options

Option Description

Secure Boot Enable This option enables or disables the Secure Boot feature.

• Disabled

• Enabled

Default setting: Enabled.

Expert Key

Management

Allows you to manipulate the security key databases only if the system is in Custom Mode. The Enable Custom

Mode option is disabled by default. The options are:

• PK

• KEK

• db

• dbx

If you enable the Custom Mode, the relevant options for PK, KEK, db, and dbx appear. The options are:

• Save to File—Saves the key to a user-selected le

• Replace from File—Replaces the current key with a key from a user-selected le

• Append from File—Adds a key to the current database from a user-selected le

• Delete—Deletes the selected key

• Reset All Keys—Resets to default setting

• Delete All Keys—Deletes all the keys

NOTE: If you disable the Custom Mode, all the changes made will be erased and the keys will restore to

default settings.

Intel Software Guard Extensions

Option

Description

Intel SGX Enable This elds species you to provide a secured environment for running code/storing sensitive information in the

context of the main OS. The options are:

• Disabled

• Enabled

• Software Controlled: This option is enabled by default.

Enclave Memory

Size

This option sets SGX Enclave Reserve Memory Size. The option are:

• 32 MB

• 64 MB

• 128 MB

System setup options 81