Table 10. System setup options—Security menu (continued)
Security
Clear
SMM Security Mitigation
Data Wipe on Next Boot
Absolute
UEFI Boot Path Security
Enable Admin Setup Lockout
Password Bypass
Enable Non-Admin Password Changes
Non-Admin Setup Changes
TPM 2.0 Security On
PPI Bypass for Enable Commands
PPI Bypass for Disable Commands
Attestation Enable
Key Storage Enable
60
System setup
Default: OFF
Enables or disables the computer to clear the PTT owner information, and
returns the PTT to the default state.
Default: OFF
Enables or disables additional UEFI SMM Security Mitigation protections.
Default: OFF
NOTE:
This feature may cause compatibility issues or loss of functionality
with some legacy tools and applications.
When enabled, the BIOS will schedule a data wipe cycle for all storage devices
connected to the system board on the next reboot.
Default: OFF
Enables, disables or permanently disable the BIOS module interface of the
optional Absolute Persistence Module service from Absolute Software.
Default: Enabled
Determines if the system will prompt the user to enter the admin password (if
set) when booting to a UEFI boot path device frim the F12 boot menu.
Default: Always Except Internal HDD.
Enables or disables the user from entering BIOS Setup when an Admin
Password is set.
Default: OFF
Bypass the System (Boot) Password and the internal hard drive password
prompts during a system restart.
Default: Disabled
Enables or disables the user to change the system and hard drive password
without the need for admin password.
Default: ON
Select whether or not the Trusted Platform Model (TPM) is visible to the OS.
Default: ON
Enables or disables the OS to skip BIOS Physical Presence Interface (PPI) user
prompts when issuing TPM PPI enabled and activate commands.
Default: OFF
Enables or disables The OS to skip BIOS PPI user prompts when issuing TPM
PPI Disable and Deactivate commands.
Default: OFF
Enables to control whether the TPM Endorsement Hierarchy is available to the
OS. Disabling this setting restricts the ability to use the TPM for signature
operations.
Default: ON
Enables to control whether the TPM Endorsement Hierarchy is available to the
OS. Disabling this setting restricts the ability to use the TPM for storing owner
data.