Table
System Security (these | NOTE: | Available options are displayed depending on system configuration. | ||
options are hardware | Data Execution Prevention (enable/disable) - Helps prevent operating system security breaches. Default | |||
dependent) | ||||
is enabled. | ||||
| ||||
| SVM CPU Virtualization (enable/disable) - Controls the virtualization features of the processor. Changing | |||
| this setting requires turning the computer off and then back on. Default is disabled. | |||
|
| |||
| OS management of Embedded Security Device (enable/disable) - This option allows the user to limit OS | |||
| control of the Embedded Security Device. Default is enabled. This option is automatically disabled if | |||
| Trusted Execution Technology is enabled. | |||
| ● | Reset of Embedded Security Device through OS (enable/disable) - This option allows the user to | ||
|
| limit the operating system ability to request a Reset to Factory Settings of the Embedded Security | ||
|
| Device. Default is disabled. | ||
|
| NOTE: To enable this option, a Setup password must be set. | ||
| ● | No PPI provisioning (Windows 8.1 only) - This option lets you set Windows 8.1 to bypass the PPI | ||
|
| (Physical Presence Interface) requirement and directly enable and take ownership of the TPM on | ||
|
| first boot. You cannot change this setting after TPM is owned/initialized, unless the TPM is reset. | ||
|
| Default is disabled for | ||
| ● | Allow PPI policy to be changed by OS. Enabling this option allows the operating system to execute | ||
|
| TPM operations without Physical Presence Interface. Default is disabled. | ||
|
| NOTE: To enable this option, a Setup password must be set. | ||
|
| |||
DriveLock Security | Allows you to assign or modify a master or user password for hard drives. When this feature is enabled, | |||
| the user is prompted to provide one of the DriveLock passwords during POST. If neither is successfully | |||
| entered, the hard drive will remain inaccessible until one of the passwords is successfully provided during | |||
| a subsequent | |||
| NOTE: | This selection will only appear when at least one drive that supports the DriveLock feature is | ||
| attached to the system. | |||
|
|
| ||
Secure Boot | ● | Legacy | ||
Configuration |
| including booting to DOS, running legacy graphics cards, booting to legacy devices, and so on. If set | ||
|
| to disable, legacy boot options in Storage > Boot Order are not displayed. Default is enabled. | ||
| ● | Secure | ||
|
| booting to it, making Windows resistant to malicious modification from preboot to full OS booting, | ||
|
| preventing firmware attacks. UEFI and Windows Secure Boot only allow code signed by pre- | ||
|
| approved digital certificates to run during the firmware and OS boot process. Default is disabled, | ||
|
| except for Windows 8.1 systems which have this setting enabled. Secure Boot enabled also sets | ||
|
| Legacy Support to disabled. | ||
| ● | Key | ||
|
| ◦ | Clear Secure Boot | |
|
|
| boot keys. Default is Don't Clear. | |
|
| ◦ | Key | |
|
|
| contents of the secure boot signature databases and the platform key (PK) that verifies | |
|
|
| kernels during system start up, allowing you to use alternative operating systems. Selecting | |
|
|
| HP Keys causes the computer boot using the preloaded | |
|
|
| Keys. | |
| ● | Fast | ||
|
| to access items before the operating system loads. Default is disabled. | ||
NOTE: If Windows 8.1 detects a serious error, it will interrupt the boot process automatically and display advanced boot options.
From Windows 8.1, you can press Shift and select Restart to access the screen that lets you boot to a device or troubleshoot your computer.
Computer Setup (F10) Utilities 163