Enable Admin Setup Lockout | Allows you to prevent users from entering Setup
when an administrator password is set.
- Enable Admin Setup Lockout
This option is not set by default. |
Enable CPU XD Support | Allows you to enable or disable CPU XD support. This option is enabled by default. |
Password Bypass | When enabled, it prompts for system and internal hard drive passwords when the system is powered on from the Off state. - Disabled—default
- Reboot Bypass
|
Enable Non-Admin Password Changes | Allows you to change system and hard drive password. This option is enabled by default. |
Non-Admin Setup Changes | Allows you to determine whether changes to the setup
options are allowed when an Administrator Password is set. If disabled
the setup options are locked by the admin password. - Allow Wireless Switch Changes
This option is not set by default. |
Enable UEFI Capsule Firmware Updates | Allows you to update the system BIOS through UEFI capsule update packages. - Enable UEFI Capsule Firmware Updates
This option is set by default. |
TPM 2.0 Security | Allows you to enable or disable the Trusted Platform Module (TPM) during POST. The options are: - TPM On—Default
- Clear
- PPI Bypass for Enable Command—Default
- PPI Bypass for Disbale Command
- PPI Bypass for Clear Command
- Attestation Enable—Default
- Key Storage Enable—Default
- SHA-256—Default
|
PPI Bypass for Enable Commands | This option controls the TPM Physical Presence Interface. This option is enabled by default. |
PPI Bypass for Disable Commands | This option controls the TPM Physical Presence Interface. This option is not set by default. |
PPI Bypass for Clear Commands | This option controls the TPM Physical Presence Interface. This option is not set by default. |
Attestation Enable | This option lets you control the TPM endorsement Hierarchy available in the Operating System. The option restricts the ability to use the TPM for signing and signature operations. This option is enabled by default. |
Key Storage Enable | This option lets you control the TPM endorsement Hierarchy available in the Operating System. The setting restricts the ability to use the TPM for storing owner data. This option is enabled by default. |
SHA-256 | This lets you control the SHA-256 configuration options. This option is enabled by default. |
Clear | This option lets you clear the TPM owner information. |
TPM State | This option lets you enable or disable TPM. This option is enabled by default. |
Intel Paltform Trust Technology On | This option lets you control if the Intel Platform Trust Technology feature needs to be visible in the Operating System. This option not set by default. |
Intel SGX | If enabled, it provides a secure environment for running codes and storing information of the Operating System. - Disabled
- Enabled
- Software Control—Default
|
SMM Security Mitigation | Allows you to enable or disable extra UEFI SMM Security Mitigation protection. This option is not set by default. |