Table
System Security | Data Execution Prevention (enable/disable) - Helps prevent operating system security breaches. | |
(these options are | Default is enabled. | |
hardware dependent) | SVM CPU Virtualization (enable/disable). Controls the virtualization features of the processor. | |
| ||
| Changing this setting requires turning the computer off and then back on. Default is disabled. | |
| Virtualization Technology (VTx) (enable/disable) - Controls the virtualization features of the | |
| processor. Changing this setting requires turning the computer off and then back on. Default is | |
| disabled. | |
| Virtualization Technology Directed I/O (VTd) (enable/disable) - Controls virtualization DMA | |
| remapping features of the chipset. Changing this setting requires turning the computer off and then | |
| back on. Default is disabled. | |
| Trusted Execution Technology (enable/disable) - Controls the underlying processor and chipset | |
| features needed to support a virtual appliance. Changing this setting requires turning the computer | |
| off and then back on. Default is disabled. To enable this feature you must enable the following | |
| features: | |
| ● | Embedded Security Device Support |
| ● | Virtualization Technology |
| ● | Virtualization Technology Directed I/O |
| Embedded Security Device (enable/disable) - Permits activation and deactivation of the Embedded | |
| Security Device. | |
| NOTE: To configure the Embedded Security Device, a Setup password must be set. | |
| ● | Reset to Factory Settings (Do not reset/Reset) - Resetting to factory defaults will erase all |
|
| security keys and leave the device in a disabled state. Changing this setting requires that you |
|
| restart the computer. Default is Do not reset. |
|
| CAUTION: The embedded security device is a critical component of many security schemes. |
|
| Erasing the security keys will prevent access to data protected by the Embedded Security |
|
| Device. Choosing Reset to Factory Settings may result in significant data loss. |
| ● | Measure boot variables/devices to PCR1 - Typically, the computer measures the boot path and |
|
| saves collected metrics to PCR5 (a register in the Embedded Security Device). Bitlocker tracks |
|
| changes to any of these metrics, and forces the user to |
changes. Enabling this feature lets you set Bitlocker to ignore detected changes to boot path metrics, thereby avoiding
188 Chapter 8 Computer Setup (F10) Utility