Service Manual

Options Description

Secure Boot Mode This option enables you to change the secure boot operation mode,

modifies the behavior of secure boot to allow evaluation or

enforcement of the UEFI driver signatures. The options include:

• Deployed Mode

• Audit Mode

Expert Key Management This option enables you to manipulate the security key databases

only if the system is in Custom Mode. The Enable Custom Mode

option is disabled by default. The options include:

• PK

• KEK

• db

• dbx

If you enable the Custom Mode, the relevant options for PK, KEK,

db, and dbx is displayed. The options are:

• Save to File—Saves the key to a user-selected file

• Replace from File—Replaces the current key with a key from a

user-selected file

• Append from File—Adds a key to the current database from a

user-selected file

• Delete—Deletes the selected key

• Reset All Keys—To reset the default setting

• Delete All Keys—Deletes all the keys

NOTE: If you disable the Custom Mode, all the changes

are erased and the keys are restored to the default

settings.

Intel Software Guard Extensions screen options

Table 8. Intel Software Guard Extensions options

Option Description

Intel SGX Enable Enable Intel Software Guard Extensions option to provide a

secured environment for running code or storing sensitive

information with respect to the operating system. The options are:

• Disabled

• Enabled

• Software Controlled—This option is enabled by default

Enclave Memory Size This option sets the Intel Software Guard Extensions (SGX)

Enclave Reserve Memory size. When SGX is set to Software

Controlled, this setting is not available and has no effect. The

options include:

• 32 MB

• 64 MB

• 128 MB—default

System setup 71