![](/images/new-backgrounds/1308232/308232127x1.webp)
Table 6-4 Computer Setup—Security (continued)
| CAUTION: Restoring a previously saved MBR after a disk utility or operating system has modified the | |
| MBR, may cause the data on the disk to become inaccessible. Only restore a previously saved MBR if you | |
| are confident that the current bootable disk's MBR has been corrupted or infected with a virus. | |
|
| |
System Security (these | Data Execution Prevention (enable/disable) - Helps prevent operating system security breaches. Default | |
options are hardware | is enabled. | |
dependent) | SVM CPU Virtualization (enable/disable). Controls the virtualization features of the processor. Changing | |
| ||
| this setting requires turning the computer off and then back on. Default is disabled. | |
| Virtualization Technology (VTx) (enable/disable) - Controls the virtualization features of the processor. | |
| Changing this setting requires turning the computer off and then back on. Default is disabled. | |
| Virtualization Technology Directed I/O (VTd) (enable/disable) - Controls virtualization DMA remapping | |
| features of the chipset. Changing this setting requires turning the computer off and then back on. Default | |
| is disabled. | |
| Trusted Execution Technology (enable/disable) - Controls the underlying processor and chipset features | |
| needed to support a virtual appliance. Changing this setting requires turning the computer off and then | |
| back on. Default is disabled. To enable this feature you must enable the following features: | |
| ● | Embedded Security Device Support |
| ● | Virtualization Technology |
| ● | Virtualization Technology Directed I/O |
Embedded Security Device (enable/disable) - Permits activation and deactivation of the Embedded
Security Device.
NOTE: To configure the Embedded Security Device, a Setup password must be set.
●Reset to Factory Settings (Do not reset/Reset) - Resetting to factory defaults will erase all security keys and leave the device in a disabled state. Changing this setting requires that you restart the computer. Default is Do not reset.
CAUTION: The embedded security device is a critical component of many security schemes. Erasing the security keys will prevent access to data protected by the Embedded Security Device. Choosing Reset to Factory Settings may result in significant data loss.
●Measure boot variables/devices to PCR1 - Typically, the computer measures the boot path and saves collected metrics to PCR5 (a register in the Embedded Security Device). Bitlocker tracks changes to any of these metrics, and forces the user to
System Security | OS management of Embedded Security Device (enable/disable) - This option allows the user to limit OS | |
(continued) | control of the Embedded Security Device. Default is enabled. This option is automatically disabled if | |
| Trusted Execution Technology is enabled. | |
| ● | Reset of Embedded Security Device through OS (enable/disable) - This option allows the user to |
|
| limit the operating system ability to request a Reset to Factory Settings of the Embedded Security |
|
| Device. Default is disabled. |
|
| NOTE: To enable this option, a Setup password must be set. |
| ● | No PPI provisioning (Windows 8 only) - This option lets you set Windows 8 to bypass the PPI |
|
| (Physical Presence Interface) requirement and directly enable and take ownership of the TPM on |
|
| first boot. You cannot change this setting after TPM is owned/initialized, unless the TPM is reset. |
|
| Default is disabled for |
| ● | Allow PPI policy to be changed by OS. Enabling this option allows the operating system to execute |
|
| TPM operations without Physical Presence Interface. Default is disabled. |
|
| NOTE: To enable this option, a Setup password must be set. |
|
| |
DriveLock Security | Allows you to assign or modify a master or user password for hard drives. When this feature is enabled, | |
| the user is prompted to provide one of the DriveLock passwords during POST. If neither is successfully |