Option
Password Change
UEFI Capsule Firmware Updates
TPM 2.0 Security
Admin Setup Lockout
Master Password Lockout
SMM Security Mitigation
Secure Boot screen options
Table 7. Secure Boot screen options
Options
Secure Boot Enable
Secure Boot Mode
48
System setup
Description
This option enables you to enable the disable permission to the
system and hard drive passwords when the administrator password
is set.
By default, the Allow Non-Admin Password Changes option is
selected.
This option enables you to enable or disable UEFI Capsule
Firmware. This option controls whether this system enables BIOS
update through UEFI capsule update packages. This option is
enabled by default.
This option enables you to enable the Trusted Platform Module
Technology feature. The options include:
•
TPM On—enabled by default
•
Clear
•
PPI Bypass for Enable Commands
•
Attestation Enable—enabled by default
•
PPI Bypass for Disable Commands
•
Key Storage Enable—enabled by default
•
PPI Bypass for Clear Command
•
SHA-256—enabled by default
•
Disabled
•
Enabled—selected by default
This option enables you to prevent users from entering Setup when
an administrator password is set.
This is an authentication information that is sometimes required to
log into a thin client's basic input/output system (BIOS) before the
machine boots up to the operating system. The Hard disk
passwords needs to be cleared before enabling the Master
Password Lockout. This option will be disabled by default.
This option enables you to enable and disable additional UEFI SMM
security mitigation protections.
Description
This option enables or disables the secure boot feature. By default,
the Secure Boot Enable option is not set.
This option enables you to change the secure boot operation mode,
modifies the behavior of secure boot to allow evaluation or
enforcement of the UEFI driver signatures. The options include:
•
Deployed Mode
•
Audit Mode