Table 3-4 Computer Setup—Security (continued)
System Security | OS management of Embedded Security Device (enable/disable) - This option allows the user to limit | |
(continued) | OS control of the Embedded Security Device. Default is enabled. This option is automatically | |
| disabled if Trusted Execution Technology is enabled. | |
| ● Reset of Embedded Security Device through OS (enable/disable) - This option allows the user | |
| to limit the operating system ability to request a Reset to Factory Settings of the Embedded | |
| Security Device. Default is disabled. | |
| NOTE: To enable this option, a Setup password must be set. | |
| ● No PPI provisioning (Windows 8 only) - This option lets you set Windows 8 to bypass the PPI | |
| (Physical Presence Interface) requirement and directly enable and take ownership of the TPM | |
| on first boot. You cannot change this setting after TPM is owned/initialized, unless the TPM is | |
| reset. Default is disabled for | |
| ● Allow PPI policy to be changed by OS. Enabling this option allows the operating system to | |
| execute TPM operations without Physical Presence Interface. Default is disabled. | |
| NOTE: To enable this option, a Setup password must be set. | |
|
| |
DriveLock Security | Allows you to assign or modify a master or user password for hard drives. When this feature is | |
| enabled, the user is prompted to provide one of the DriveLock passwords during POST. If neither is | |
| successfully entered, the hard drive will remain inaccessible until one of the passwords is | |
| successfully provided during a subsequent | |
| NOTE: This selection will only appear when at least one drive that supports the DriveLock feature | |
| is attached to the system. | |
|
| |
Secure Boot | This is a feature of Windows 8. | |
Configuration | ● Legacy | |
| ||
| including booting to DOS, running legacy graphics cards, booting to legacy devices, and so | |
| on. If set to disable, legacy boot options in Storage > Boot Order are not displayed. | |
| Default is enabled. | |
| ● Secure | |
| before booting to it, making Windows resistant to malicious modification from preboot to full | |
| OS booting, preventing firmware attacks. UEFI and Windows Secure Boot only allow code | |
| signed by | |
| Default is disabled, except for Windows 8 systems which have this setting enabled. Secure | |
| Boot enabled also sets Legacy Support to disabled. | |
| ● Key | |
| ◦ | Clear Secure Boot |
|
| custom boot keys. Default is Don't Clear. |
| ◦ | Key |
|
| the contents of the secure boot signature databases and the platform key (PK) that verifies |
|
| kernels during system start up, allowing you to use alternative operating systems. |
|
|
|
Computer Setup (F10) Utilities | 19 |