HP 280 G4 MT Maintenance And Service Manual page 58

Table 5-3 Computer Setup—Security (continued)
Option
Network Boot
System IDs
System Security (these
options are hardware
dependent)
Secure Boot Configuration
50 Chapter 5 Computer Setup (F10) Utility
Description
Enables/disables the computer's ability to boot from an operating system installed on a network server.
Default is enabled.
Allows you to set:
● Product Name
● Serial Number
Universal Unique Identifier (UUID) number. The UUID can only be updated if the current chassis serial
●
number is invalid. (These ID numbers are normally set in the factory and are used to uniquely identify
the system.)
● SKU Number
● Family Name
Feature Byte. Default is enabled.
●
● Build ID
● Keyboard.
NOTE: Available options are displayed depending on system configuration.
Virtualization Technology (VTx/VTd) (enable/disable) - Controls the virtualization features of the processor.
Changing this setting requires turning the computer off and then back on. Default is disabled.
Intel Software Guard Extensions (SGX) (Software controlled/enable/disable)
TPM Features – Lets you configure the following TPM settings:
TPM Device
Lets you set the Trusted Platform Module as available or hidden.
TPM State
Select to enable the TPM.
Clear TPM
Select to reset the TPM to an unowned state. After the TPM is cleared, it is also turned off. To temporarily
suspend TPM operations, turn the TPM off instead of clearing it.
CAUTION: Clearing the TPM resets it to factory defaults and turns it off. You will lose all created keys and
data protected by those keys.
CAUTION: Changing the default setting of any of the Setup options on this page for operating systems that
do not support Secure Boot may prevent the system from booting successfully.
● Legacy Support—Enable/Disable. Allows you to turn off all legacy support on the computer, including
booting to DOS, running legacy graphics cards, booting to legacy devices, and so on. If set to disable,
legacy boot options in Storage > Boot Order are not displayed. Default is enabled.
Secure Boot—Enable/Disable. Allows you to make sure an operating system is legitimate before
●
booting to it, making Windows resistant to malicious modification from preboot to full OS booting,
preventing firmware attacks. UEFI and Windows Secure Boot only allow code signed by pre-approved
digital certificates to run during the firmware and OS boot process. Default is disabled, except for
Windows systems which have this setting enabled. Secure Boot enabled also sets Legacy Support to
disabled.
Key Management—This option lets you manage the custom key settings.
●
– Clear Secure Boot Keys—Don't Clear/Clear. Allows you to delete any previously loaded custom
boot keys. Default is Don't Clear.
Key Ownership—HP Keys/Custom Keys. Selecting Custom Mode allows you to modify the
–
contents of the secure boot signature databases and the platform key (PK) that verifies kernels