Computer Setup—Security (continued)
Chapter 5 Computer Setup (F10) Utility
Physical Presence Interface. Notifies the user upon system power up when changes are made to system
security policy. The user must agree to the changes to confirm them. Default is enabled.
Cover Lock. Default is 'Unlock'.
Cover Removal Sensor. Lets you disable the cover sensor or configure what action is taken if the
computer cover was removed. Default is 'Disabled'.
Notify user alerts the user with a POST error on the first boot after the sensor detects
removal of the cover. If the password is set, Administrator Password requires that the password be
entered to boot the computer if the sensor detects that the cover has been removed.
Trusted Execution Technology (TXT)
Enabling this feature disables OS management of Embedded Security Device, prevents a reset of the
Embedded Security Device, and prevents the configuration of VTx, VTd, and Embedded Security
Intel Software Guard Extensions (SGX)
SGX protects select code and data from disclosure or modification.
Hard Drive Utilities
Save/Restore MBR of the system hard drive is only available with drives that have a Master Boot
Windows 10 systems are generally not formatted to include an MBR. Instead they use GUID
Partition Table (GPT) format, which better supports large hard drives.
Enabling this feature will save the Master Boot Record (MBR) of the system hard drive. If the MBR
gets changed, the user will be prompted to restore the MBR. Default is disabled.
The MBR contains information needed to successfully boot from a disk and to access the data stored
on the disk. Master Boot Record Security may prevent unintentional or malicious changes to the
MBR, such as those caused by some viruses or by the incorrect use of certain disk utilities. It also
allows you to recover the "last known good" MBR, should changes to the MBR be detected when the
system is restarted.
Most operating systems control access to the MBR of the current bootable disk; the BIOS
cannot prevent changes that may occur while the operating system is running.
Restores the backup Master Boot Record to the current bootable disk. Default is disabled.
Only appears if all of the following conditions are true:
MBR security is enabled
A backup copy of the MBR has been previously saved
The current bootable disk is the same disk from which the backup copy was saved
Restoring a previously saved MBR after a disk utility or operating system has modified
the MBR, may cause the data on the disk to become inaccessible. Only restore a previously saved
MBR if you are confident that the current bootable disk's MBR has been corrupted or infected with a
Save/Restore GPT of System Hard Drive
Enabling this feature will save the GUID Partition Table (GPT) of the system hard drive. If the GPT is
subsequently changed, the user is prompted to choose whether to restore GPT.
Boot Sector (MBR/GPT) Recovery Policy Options include:
Local user control - a prompt will appear to request user confirmation if recovery is necessary.