Table of Contents
Advertisement
Option
Description
User Defined Delay
Sets the User Defined Delay option when the User Defined option for AC Power Recovery Delay is selected.
(60 s to 240 s)
UEFI Variable
Access
Provides varying degrees of securing UEFI variables. When set to Standard (the default), UEFI variables are
accessible in the operating system per the UEFI specification. When set to Controlled, selected UEFI variables are
protected in the environment and new UEFI boot entries are forced to be at the end of the current boot order.
Secure Boot
Enables Secure Boot, where the BIOS authenticates each pre-boot image by using the certificates in the Secure
Boot Policy. Secure Boot is set to Disabled by default.
Secure Boot Policy
When Secure Boot policy is set to Standard, the BIOS uses the system manufacturer's key and certificates to
authenticate pre-boot images. When Secure Boot policy is set to Custom, the BIOS uses the user-defined key and
certificates. Secure Boot policy is set to Standard by default.
Secure Boot Mode
Configures how the BIOS uses the Secure Boot Policy Objects (PK, KEK, db, dbx).
If the current mode is set to Deployed Mode, the available options are User Mode and Deployed Mode. If the
current mode is set to User Mode, the available options are User Mode, Audit Mode, and Deployed Mode.
Options
User Mode
Audit Mode
Deployed Mode
Secure Boot Policy
Specifies the list of certificates and hashes that secure boot uses to authenticate images.
Summary
Secure Boot
Configures the Secure Boot Custom Policy. To enable this option, set the Secure Boot Policy to Custom option.
Custom Policy
Settings
NOTE:
The NX3340 system does not support UEFI mode. This option cannot be used.
Description
In User Mode, PK must be installed, and BIOS performs signature verification on
programmatic attempts to update policy objects.
The BIOS allows unauthenticated programmatic transitions between modes.
In Audit mode, PK is not present. The BIOS does not authenticate programmatic updates
to the policy objects, and transitions between modes.
Audit Mode is useful for programmatically determining a working set of policy objects.
BIOS performs signature verification on pre-boot images and logs results in the image
Execution Information Table, but executes the images whether they pass or fail
verification.
Deployed Mode is the most secure mode. In Deployed Mode, PK must be installed and
the BIOS performs signature verification on programmatic attempts to update policy
objects.
Deployed Mode restricts the programmatic mode transitions.
Pre-operating system management applications
39
- Quick Links:
- Front View of the System
Hide quick links:
Advertisement
Table of Contents
