Table 6. Security menu items (continued)

Menu item

Submenu item

Value

Comments

 

 

 

 

 

Security Chip

Security Chip

Active

If you select Active, the security chip is

 

 

Inactive

functional. If you select Inactive, the security

 

 

chip option is visible, but is not functional. If you

 

 

Disabled

 

 

select Disabled, the security chip is hidden and

 

 

 

 

the option is not functional.

 

 

 

 

 

 

Security Reporting

 

 

Enable or disable the following Security Reporting

 

Options

 

 

Options:

 

 

 

 

BIOS ROM String Reporting: BIOS text string

 

 

 

 

CMOS Reporting: CMOS data

 

 

 

 

NVRAM Reporting: Security data stored in

 

 

 

 

the Asset ID

 

 

 

 

SMBIOS Reporting: SMBIOS data

 

 

 

 

 

 

Clear Security Chip

Enter

Clear the encryption key.

 

 

 

 

Note: This item is displayed only if you have

 

 

 

 

selected Active for the security chip option.

 

 

 

 

 

 

Intel TXT Feature

Disabled

Enable or disable Intel Trusted Execution

 

 

Enabled

Technology.

 

 

 

 

 

 

 

 

 

Physical Presence for

Disabled

This option enables or disables the confirmation

 

Provisioning

Enabled

message when you change the settings of the

 

 

security chip.

 

 

 

 

 

 

 

 

 

 

Physical Presence for

Disabled

This option enables or disables the confirmation

 

Clear

Enabled

message when you clear the security chip.

 

 

 

 

 

 

 

 

UEFI BIOS

Flash BIOS Updating

Disabled

If you select Enabled, all users can update the

Update Option

by End-Users

Enabled

UEFI BIOS. If you select Disabled, only the

 

 

person who knows the supervisor password can

 

 

 

 

 

 

 

 

update the UEFI BIOS.

 

 

 

 

 

 

Secure RollBack

Disabled

If you select Enabled, you can choose to flash to

 

Prevention

Enabled

the previous version of the UEFI BIOS.

 

 

 

 

 

 

 

 

Memory

Execution Prevention

Disabled

Some computer viruses and worms cause

Protection

 

Enabled

memory buffers to overflow by running code

 

 

where only data is allowed. If the Data Execution

 

 

 

 

 

 

 

 

Prevention feature can be used with your

 

 

 

 

operating system, then by selecting Enabled

 

 

 

 

you can protect your computer against attacks

 

 

 

 

by such viruses and worms. If after choosing

 

 

 

 

Enabled you find that an application program

 

 

 

 

does not run correctly, select Disabled and reset

 

 

 

 

the setting.

 

 

 

 

 

Virtualization

Intel Virtualization

Disabled

If you select Enabled, a VMM (Virtual Machine

 

Technology

Enabled

Monitor) can utilize the additional hardware

 

 

capabilities provided by Intel Virtualization

 

 

 

 

 

 

 

 

Technology.

 

 

 

 

 

 

Intel VT-d Feature

Disabled

Intel VT-d stands for Intel Virtualization

 

 

Enabled

Technology for Directed I/O. When enabled, a

 

 

VMM can utilize the platform infrastructure for I/O

 

 

 

 

 

 

 

 

virtualization.

 

 

 

 

 

Chapter 8. Advanced configuration 123

Page 141
Image 141
Lenovo 23539KU Menu item Submenu item Value Comments Security Chip, Inactive, Bios ROM String Reporting Bios text string