Table 6-3
System Security
(these options are
hardware dependent)
114
Chapter 6 Computer Setup (F10) Utility
Computer Setup—Security (continued)
Data Execution Prevention (enable/disable) - Helps prevent operating system security breaches.
Default is enabled.
SVM CPU Virtualization (enable/disable). Controls the virtualization features of the processor.
Changing this setting requires turning the computer off and then back on. Default is disabled.
Virtualization Technology (VTx) (enable/disable) - Controls the virtualization features of the
processor. Changing this setting requires turning the computer off and then back on. Default is
disabled.
Virtualization Technology Directed I/O (VTd) (enable/disable) - Controls virtualization DMA
remapping features of the chipset. Changing this setting requires turning the computer off and then
back on. Default is disabled.
Trusted Execution Technology (enable/disable) - Controls the underlying processor and chipset
features needed to support a virtual appliance. Changing this setting requires turning the computer
off and then back on. Default is disabled. To enable this feature you must enable the following
features:
Embedded Security Device Support
●
Virtualization Technology
●
Virtualization Technology Directed I/O
●
Embedded Security Device (enable/disable) - Permits activation and deactivation of the Embedded
Security Device.
NOTE:
To configure the Embedded Security Device, a Setup password must be set.
Reset to Factory Settings (Do not reset/Reset) - Resetting to factory defaults will erase all
●
security keys and leave the device in a disabled state. Changing this setting requires that you
restart the computer. Default is Do not reset.
CAUTION:
Erasing the security keys will prevent access to data protected by the Embedded Security
Device. Choosing Reset to Factory Settings may result in significant data loss.
Measure boot variables/devices to PCR1 - Typically, the computer measures the boot path and
●
saves collected metrics to PCR5 (a register in the Embedded Security Device). Bitlocker tracks
changes to any of these metrics, and forces the user to re-authenticate if it detects any
changes. Enabling this feature lets you set Bitlocker to ignore detected changes to boot path
metrics, thereby avoiding re-authentication issues associated with USB keys inserted in a port.
Default is enabled.
The embedded security device is a critical component of many security schemes.