Table of Contents
Advertisement
Table 7. Security (continued)
Option
SMM Security Mitigation
Secure boot
Table 8. Secure Boot
Option
Secure Boot Enable
Secure Boot Mode
Expert key Management
Intel Software Guard Extensions
Table 9. Intel Software Guard Extensions
Option
Intel SGX Enable
Enclave Memory Size
Description
Allows you to enable or disable additional UEFI SMM Security Mitigation protections. This
option is not set by default.
Description
Allows you to enable or disable Secure Boot feature
● Secure Boot Enable
Option is not selected.
Allows you to modify the behavior of Secure Boot to allow evaluation or enforcement of
UEFI driver signatures.
● Deployed Mode (default)
● Audit Mode
Allows you to manipulate the security key databases only if the system is in Custom Mode.
The Enable Custom Mode option is disabled by default. The options are:
● PK (default)
● KEK
● db
● dbx
If you enable the Custom Mode, the relevant options for PK, KEK, db, and dbx appear.
The options are:
● Save to File- Saves the key to a user-selected file
● Replace from File- Replaces the current key with a key from a user-selected file
● Append from File- Adds a key to the current database from a user-selected file
● Delete- Deletes the selected key
● Reset All Keys- Resets to default setting
● Delete All Keys- Deletes all the keys
NOTE:
If you disable the Custom Mode, all the changes made will be erased and the
keys will restore to default settings.
Description
This field specifies you to provide a secured environment for
running code/storing sensitive information in the context of
the main OS.
Click one of the following options:
● Disabled
● Enabled
● Software controlled—Default
This option sets SGX Enclave Reserve Memory Size
Click one of the following options:
● 32 MB
● 64 MB
● 128 MB—Default
BIOS setup
101
Advertisement
Table of Contents
