Table of Contents
Advertisement
Option
Power Button
AC Power Recovery
AC Power Recovery Delay
User Defined Delay (60 s to 240 s)
UEFI Variable Access
Secure ME PCI Cfg Space
Secure Boot
Secure Boot Policy
Secure Boot Mode
Secure Boot Policy Summary
Secure Boot Custom Policy Settings
Creating a system and setup password
Prerequisite
Ensure that the password jumper is enabled. The password jumper enables or disables the system password and setup password features.
For more information, see the Server board jumper settings section.
NOTE:
If the password jumper setting is disabled, the existing system password and setup password are deleted and you need
not provide the system password to boot the system.
Steps
1
To enter System Setup, press F2 immediately after turning on or rebooting your system.
2
On the System Setup Main Menu screen, click System BIOS > System Security.
32
Pre-operating system management applications
Description
Enables or disables the power button on the front of the system. This option is set to
Enabled by default.
Sets how the system behaves after AC power is restored to the system. This option is set
to Last by default.
Sets the time delay for the system to power up after AC power is restored to the system.
This option is set to Immediate by default.
Sets the User Defined Delay option when the User Defined option for AC Power
Recovery Delay is selected.
Provides varying degrees of securing UEFI variables. When set to Standard (the default),
UEFI variables are accessible in the operating system per the UEFI specification. When set
to Controlled, selected UEFI variables are protected in the environment and new UEFI
boot entries are forced to be at the end of the current boot order.
Enabling this setting will hide the PCI configuration space for the Management Engine
(ME) HECI devices.
Enables Secure Boot, where the BIOS authenticates each pre-boot image by using the
certificates in the Secure Boot Policy. Secure Boot is disabled by default.
When Secure Boot policy is set to Standard, the BIOS uses the system manufacturer's key
and certificates to authenticate pre-boot images. When Secure Boot policy is set to
Custom, the BIOS uses the user-defined key and certificates. Secure Boot policy is set to
Standard by default.
Configures how the BIOS uses the Secure Boot Policy Objects (PK, KEK, db, dbx).
•
User Mode: In User Mode, PK must be installed, and BIOS performs signature
verification on programmatic attempts to update policy objects. The BIOS allows
unauthenticated programmatic transitions between modes.
•
Audit Mode: In Audit Mode, PK is not present. The BIOS does not authenticate
programmatic updates to the policy objects, and transitions between modes. Audit
Mode is useful for programmatically determining a working set of policy objects. BIOS
performs signature verification on pre-boot images and logs results in the image
Execution Information Table, but executes the images whether they pass or fail
verification.
•
Deployed Mode: Deployed Mode is the most secure mode. In Deployed Mode, PK
must be installed and the BIOS performs signature verification on programmatic
attempts to update policy objects. Deployed Mode restricts the programmatic mode
transitions
Specifies the list of certificates and hashes that secure boot uses to authenticate images.
Configures the Secure Boot Custom Policy.
Advertisement
Table of Contents
