HP t730 Troubleshooting Manual page 29

Table A-1 Computer Setup—Security (continued)
System IDs Allows you to set:
●
●
Tool-less BIOS Update Allows you to enable the tool-less BIOS feature, in which BIOS invokes HpBiosUpdate.efi (HpBiosMgmt.efi)
and related toolsets in internal/external storage during the last stage of POST.
●
●
System Security Provides these options:
●
●
●
●
●
●
●
Secure Boot The options on this setup page are only for Windows 10 and other operating systems that support Secure
Configuration Boot. Changing the default setting of the setup options on this page for operating system that do not
support secure boot may prevent the system from booting successfully.
Legacy Support (enable/disable) – Enable or disable the legacy operating system support (Windows
Embedded Standard 7 and HP Thin-Pro).
Secure Boot (enable/disable) – Only when the Legacy Support set to disable, this item can be set to
enable. This item is for Secure Boot flow control. Secure boot is possible only if system run in user mode.
Key Management
●
●
Asset tag (18-byte identifier) – A property identification number assigned by the company to the
computer.
Ownership tag (80-byte identifier)
BIOS Update (enable/disable)
BIOS Image File Name
Data Execution Prevention (enable/disable) - Helps prevent operating system security breaches.
Default is enabled.
Virtualization Technology (enable/disable) – Controls the virtualization features of the processor.
Changing this setting requires turning the computer off and then back on. Default is disabled.
Embedded Security Device (enable/disable) – Permits activation and deactivation of the Embedded
Security Device. Changing this setting requires turning the computer off and then back on.
NOTE: To configure the Embedded Security Device, a Setup password must be set.
◦ Reset to Factory Setting (Do not reset/Reset) – Resetting to factory defaults will erase all
security keys. Changing this setting requires turning the computer off and then back on.
Default is 'Do not reset'.
◦ Measure boot variables/devices to PCR1 (disable/enable) – Typically, the computer measures
the boot path and saves collected metrics to PCR5 (a register in the Embedded Security
Device). Bitlocker tracks changes to any of these metrics, and forces the user to re-
authenticate if it detects any changes. Enabling this feature lets you set Bitlocker to ignore
detected changes to boot path metrics, thereby avoiding reauthentication issues associated
with USB keys inserted in a port. Default is enabled.
OS Management of Embedded Security Device (enable/disable) – This option allows the user to limit
operating system control of the Embedded Security Device. Changing this setting requires turning
the computer off and then back on. This
Reset of Embedded Security Device through OS (enable/disable) – This option allows the user to limit
the operating system ability to request a Reset to Factory Settings of the Embedded Security Device.
Changing this setting requires turning the computer off and then back on. Default is disable.
NOTE: To enable this option, a Setup password must be set.
No PPI provisioning (enable/disable) – This option lets you set the operating system to bypass the
PPI (Physical Presence Interface) requirement and directly enable and take ownership of the TPM on
first boot. You cannot change this setting after TPM is owned/initialized, unless the TPM is reset.
Allow PPI policy to be changed by OS (enable/disable) – Enabling this option allows the operating
system to execute TPM operations without Physical Presence Interface. Default is disabled.
Clear Secure Boot Keys (Clear/Don't Clear). Lets you clear the Secure Boot Key.
Key ownership (HP keys/Customer keys). Lets you change the keys of different owners.
Computer Setup (F10) Utilities 23