TPM 2.0 Security
|
TPM 2.0 Security On
|
This section contains a toggle switch to select whether Trusted Platform Module(TPM) is visible to the Operating System(OS). (ON by default)
|
Attestation Enable
|
This section contains a toggle switch which lets the user control whether the TPM Endorsement Hierarchy is available to the operating system (OFF by default).
|
Key Storage Enable
|
This section contains a toggle switch that allows the user to control whether TPM Storage Hierarchy is available to the operating system (ON by default).
|
SHA-256
|
This section contains a toggle switch that when enabled, allows the BIOS and the TPM to use the SHA-256 hash algorithm to extend measurements into the TPM PCRs during BIOS boot (ON by default).
|
Clear
|
This section contains a toggle switch which clears the TPM owner information, and returns the TPM to the default state (OFF by default).
|
PPI Bypass for Clear Commands
|
This section contains a toggle switch which controls the TPM Physical Presence Interface(PPI). When enabled, this setting will allow the OS to skip BIOS PPI user prompts when issuing the clear command (OFF by default).
|
TPM State
|
This section allows the user to enable or disable the TPM. This is the default operating state for the TPM when you want to use its complete arrays of capabilities (enabled by default).
|
Intel Total Memory Encryption
|
Total Memory Encryption(TME)
|
This section allows the user to enable/disable TME to protect memory from physical attachs including freeze spray, probing DDR to read the cycles etc. All of the system memory is encrypted by the TME block attached to the memory controller
|
Chassis Intrusion
|
|
Chassis Intrusion
|
This field controls the chassis intrusion feature
- Disabled - Will not report intrusions during POST
- Enabled - Will report intrusions during POST
- On-silent - Detects intrusions but does not display any detected intrusions during POST (Selected by default)
|
Clear Intrusion Warning
|
This section contains a toggle switch to enable/disable warnings on intrusion (OFF by default).
|
SMM Security Mitigation
|
This section allows the user to enable or disable UEFI SMM security Mitigation protections (ON by default).
|
Data Wipe on Next Boot
|
|
Start Data Wipe
|
This section contains toggle switch which when enabled ensures that the BIOS will queue up a data wipe cycle for storage device(s) connected to the system board on the next reboot (OFF by default).
|
Absolute
|
|
Absolute
|
This section lets the user enable, disable or permanently disable the BIOS module interface of the optional Absolute Persistence Module service from Absolute Software. The options available are as follows:
- Enable Absolute - Enables Absolute Persistence and load the firmware Persistence Module (Selected by default)
- Disable Absolute - Disables Absolute Persistence. The firmware Persistence Module is not installed.
- Permanently Disable Absolute - Permanently disables Absolute Persistence module interface from further use.
|
UEFI Boot Path Security
|
|
UEFI Boot Path Security
|
This section lets the user control whether the system will prompt the user to enter the admin password(if set) when booting to a UEFI booth path device from F12 boot menu. The options available are as below:
- Never
- Always
- Always Except Internal HDD (Selected by default)
- Always Except Internal HDD&PXE
|
SafeShutter
|
SafeShutter
|
This section allows the user to choose between dynamic and manual shutter control:
- Dynamic Shutter - Camera shutter will automatically open when user grants application permission and close when permission ends. Can be disabled by using the F9 camera mute key(LED on). This is the default selected option.
- Manual Shutter Control - Shutter opens when F9 key is pressed(LED off) and closes when F9 key is pressed(LED on)
|