HP EliteDesk 800 G1 Maintenance & Service Manual page 79

System Security Data Execution Prevention (enable/disable) - Helps prevent operating system security breaches.
(these options are Default is enabled.
hardware dependent)
Virtualization Technology (VTx) (enable/disable) - Controls the virtualization features of the
processor. Changing this setting requires turning the computer off and then back on. Default is
disabled.
Embedded Security Device (enable/disable) - This option becomes available if Embedded Device is
set to Available. Embedded Security Device turns the Trusted Platform Mechanism (TPM) on and off.
●
●
To enable the Embedded Security Device and to access any security features associated with the
device, you must enter a setup password. Setting a device to 'Available' enables the operating
system to access the device. 'Hidden' makes the device unavailable, meaning it is disabled by the
BIOS and cannot be enabled by the operating system.
OS management of Embedded Security Device - Enables or disables the ability of the operating
system to control the TPM device, including turning it on and off, initializing it, and resetting it.
●
●
●
Reset to Factory Settings (reset/do not reset) - Enabling this option will clear any saved data in
the TPM and set the TPM back to factory default settings.
Resetting to factory defaults will erase all security keys and leave the device in a disabled
state. Changing this setting requires that you restart the computer. Default is Do not reset.
CAUTION: The embedded security device is a critical component of many security schemes.
Erasing the security keys will prevent access to data protected by the Embedded Security
Device. Choosing Reset to Factory Settings may result in significant data loss.
Measure boot variables/devices to PCR1 (enable/disable) - Enabling this option will allow the
operating system to log boot variables/devices to PCR1 instead of PCR5.
Typically, the computer measures the boot path and saves collected metrics to PCR5 (a register
in the Embedded Security Device). Bitlocker tracks changes to any of these metrics, and forces
the user to re-authenticate if it detects any changes. Enabling this feature lets you set Bitlocker
to ignore detected changes to boot path metrics, thereby avoiding re-authentication issues
associated with USB keys inserted in a port. Default is enabled.
Reset of Embedded Security Device through OS¯ (enable/disable) - This option allows the user
to limit the operating system ability to request a Reset to Factory Settings of the Embedded
Security Device. Default is disabled.
No PPI provisioning (enable/disable) - This option lets to set Windows 8 to bypass the PPI
(Physical Presence Interface) requirement and directly enable and take ownership of the TPM
on first boot. End-user cannot change this setting after TPM is owned/initialized, unless the
TPM is reset. Default is disabled for non-Windows 8 systems, and enabled for Windows 8.
Allow PPI policy to be changed by OS (enable/disable) - Enabling this option allows the
operating system to execute TPM operations without Physical Presence Interface. Default is
disabled.
Computer Setup (F10) Utilities
71