TPM 2.0 Security
|
|
TPM 2.0 Security On
|
This section contains a toggle switch to select whether Trusted Platform Module(TPM) is visible to the Operating System(OS). (ON by default)
|
PPI Bypass for Enabled Commands
|
This section contains a toggle switch which controls the TPM Physical Presence Interface(PPI). When enabled, this setting allows the OS to skip BIOS PPI user prompts when issuing TPM PPI enable and activate commands (OFF by default).
|
PPI Bypass for Disabled Commands
|
This section contains a toggle switch which controls the TPM Physical Presence Interface(PPI). When enabled, this setting will allow the OS to skip BIOS PPI user prompts when issuing TPM PPI disable and deactivate commands(#2, 4, 7, 9, & 11) (OFF by default).
|
PPI Bypass for Clear Commands
|
This section contains a toggle switch which controls the TPM Physical Presence Interface(PPI). When enabled, this setting will allow the OS to skip BIOS PPI user prompts when issuing the clear command (OFF by default).
|
Attestation Enable
|
This section contains toggle switch which lets the user control whether the TPM Endorsement Hierarchy is available to the operating system (OFF by default).
|
Key Storage Enable
|
This section contains a toggle switch that allows the user to control whether TPM Storage Hierarchy is available to the operating system (ON by default).
|
SHA-256
|
This section contains a toggle switch that when enabled, allows the BIOS and the TPM to use the SHA-256 hash algorithm to extend measurements into the TPM PCRs during BIOS boot (ON by default).
|
Clear
|
This section contains toggle switch which clears the TPM owner information, and returns the TPM to the default state (OFF by default).
|
TPM State
|
This section allows the user to enable or disable the TPM. this is the normal operating state for the TPM when you want to use its complete arrays of capabilities (enabled by default).
|
Intel Software Guard Extension
|
|
Intel SGX
|
This section allows the user to select the Intel Software Guard Extension Enclave Reserve Memory Size. The options are as follows:
- Disabled
- Enabled
- Software Control (selected by default)
|
SMM Security Mitigation
|
This section allows the user to enable or disable UEFI SMM security Mitigation protections (ON by default).
|
Data Wipe on Next Boot
|
|
Start Data Wipe
|
This section contains toggle switch which when enabled ensures that the BIOS will queue up a data wipe cycle for storage device(s) connected to the motherboard on the next reboot (OFF by default).
|
Absolute
|
|
Absolute
|
This section lets the user enable, disable or permanently disable the BIOS module interface of the optional Absolute Persistence Module service from Absolute Software. The options available are as follows:
- Enable Absolute - Enables Absolute Persistence and load the firmware Persistence Module (selected by default)
- Disable Absolute - Disables Absolute Persistence. The firmware Persistence Module is not installed.
- Permanently Disable Absolute - Permanently disables Absolute Persistence module interface from further use.
|
UEFI Boot Path Security
|
|
UEFI Boot Path Security
|
This section lets the user control whether the system will prompt the user to enter the admin password(if set) when booting to a UEFI booth path device from F12 boot menu. The options available are as below:
- Never
- Always
- Always Except Internal HDD (selected by default)
- Always Except Internal HDD&PXE
|