HP 280 G3 Maintenance And Service Manual page 53

●
●
●
●
●
●
System Security (these Data Execution Prevention (enable/disable) - Helps prevent operating system security breaches. Default is
options are hardware enabled.
dependent)
TPM - A Trusted Platform Module (TPM) is a specialized chip on a computer that stores RSA encryption
keys specific to the host system for hardware authentication. Each TPM chip contains an RSA key pair
called the Endorsement Key (EK).
- TPM Device (available/hidden). Lets you set the Trusted Platform Module as available or hidden. Default
is available.
- TPM state (enable/disable) - Select to enable the TPM.
- Clear TPM (yes/no). Select to reset the TPM to an unowned state. After the TPM is cleared, it is also
turned off. To temporarily suspend TPM operations, turn the TPM off instead of clearing it.
IMPORTANT:
and data protected by those keys.
Intel Software Guard Extensions (SGX) (enable/disable) - Intel SGX is a set of CPU instruction codes that
allows user-level code to allocate private regions of memory, called enclaves, that are protected from
processes running at higher privilege levels.
Virtuallization Technology (VTx/VTd) (enable/disable) – Enables the virtualization features of the
processor. Changing this setting requires turning the computer off and then back on. Default is disabled.
Restore Security Settings to Factory Settings (Do not reset/Reset) - Resetting to factory defaults will
erase all security keys and leave the device in a disabled state. Changing this setting requires that you
restart the computer. Default is Do not reset.
Secure Boot ●
Configuration
●
●
●
Universal Unique Identifier (UUID) number. The UUID can only be updated if the current chassis serial
number is invalid. (These ID numbers are normally set in the factory and are used to uniquely
identify the system.)
SKU number.
System family.
Feature byte.
Build ID.
Keyboard locale setting for System ID entry.
Clearing the TPM resets it to factory defaults and turns it off. You will lose all created keys
Legacy Support—Enable/Disable. Allows you to turn off all legacy support on the computer,
including booting to DOS, running legacy graphics cards, booting to legacy devices, and so on. If set
to disable, legacy boot options in Storage > Boot Order are not displayed. Default is enabled.
Secure Boot—Enable/Disable. Allows you to make sure an operating system is legitimate before
booting to it, making Windows resistant to malicious modification from preboot to full OS booting,
preventing firmware attacks. UEFI and Windows Secure Boot only allow code signed by pre-
approved digital certificates to run during the firmware and OS boot process. Default is disabled.
Secure Boot enabled also sets Legacy Support to disabled.
Key Management—This option lets you manage the custom key settings.
– Clear Secure Boot Keys—Don't Clear/Clear. Allows you to delete any previously loaded custom
boot keys. Default is Don't Clear.
– Key Ownership—HP Keys/Custom Keys. Selecting Custom Mode allows you to modify the
contents of the secure boot signature databases and the platform key (PK) that verifies kernels
during system start up, allowing you to use alternative operating systems. Selecting HP Keys
causes the computer boot using the preloaded HP-specific boot keys. Default is HP Keys.
Fast Boot—Enable/Disable. Fast boot disables the ability to interrupt boot, such as pressing f keys
to access items before the operating system loads. Default is disabled.
Computer Setup (F10) Utilities 45