Option
Absolute
OROM Keyboard Access
Admin Setup Lockout
Master Password Lockout
SMM Security Mitigation
Secure boot
Table 7. Secure Boot
Option
Secure Boot Enable
Secure Boot Mode
Expert key Management
Description
•
PPI Bypass for Enable Commands (default)
•
PPI Bypass for Disable Commands
•
PPI Bypass for Clear Commands
•
Attestation Enable (default)
•
Key Storage Enable (default)
•
SHA-256 (default)
Choose any one option:
•
Disabled
•
Enabled (default)
This field lets you Enable, Disable or Permanently Disable the BIOS module interface of the optional
Absolute Persistence Module service from Absolute Software.
•
Enabled - This option is selected by default.
•
Disabled
•
Permanently Disabled
This option determines whether users are able to enter Option ROM configuration screen via
hotkeys during boot.
•
Enabled (default)
•
Disabled
•
One Time Enable
Allows you to prevent users from entering Setup when Admin password is set. This option is not set
by default.
Allows you to disable master password support Hard Disk passwords need to be cleared before the
settings can be changed. This option is not set by default.
Allows you to enable or disable additional UEFI SMM Security Mitigation protections. This option is
selected by default.
Description
Allows you to enable or disable Secure Boot feature
•
Secure Boot Enable
Option is selected by default.
Allows you to modify the behavior of Secure Boot to allow evaluation or enforcement of UEFI
driver signatures.
•
Deployed Mode (default)
•
Audit Mode
Allows you to manipulate the security key databases only if the system is in Custom Mode. The
Enable Custom Mode option is disabled by default. The options are:
•
PK (default)
•
KEK
•
db
•
dbx
If you enable the Custom Mode, the relevant options for PK, KEK, db, and dbx appear. The
options are:
•
Save to File- Saves the key to a user-selected file
•
Replace from File- Replaces the current key with a key from a user-selected file
System setup
69