You can use the System Security screen to perform specific functions such as setting the system
password, setup password, and disabling the power button.
About this task
You can view
the System Security screen by clicking System Setup Main Menu > System BIOS > System Security Settings.
The System Security Settings screen
details are explained as follows:
Menu Item
Description
Intel AES-NI
Improves the speed of applications by performing
encryption and decryption using the Advanced Encryption Standard Instruction
Set and is set to Enabled by default.
System Password
Sets the system password. This option is set to Enabled by default and is read-only if the password jumper
is not installed in the system.
Setup Password
Sets the setup password. This option is read-only
if the password jumper is not installed in the system.
Password Status
Locks the system password. By default, the Password Status option is set to Unlocked.
TPM Information
Changes the operational state of the TPM. By defaultoption
is set to No TPM Present.
Intel TXT
Enables or disables the Intel Trusted Execution Technology
(TXT). To enable Intel TXT, Virtualization
Technology must be enabled and TPM Security must be Enabled with Pre-boot measurements. By default, the Intel TXT option is set to Off.
Power Button
Enables or disables the power button on the front
of the system. By default, the Power Button option is set to Enabled.
AC Power Recovery
Sets how the system reacts after AC power is restored
to the system. By default, the AC Power Recovery option is set to Last.
AC Power Recovery Delay
Sets how the system supports staggering of power
up after AC power is restored to the system. By default, the AC Power Recovery Delay option is set to Immediate.
User Defined Delay (60s to 240s)
Sets the User Defined Delay when the User Defined option for 0 is selected.
UEFI Variable Access
Provides varying degrees of securing UEFI variables.
When set to Standard (the default) UEFI variables
are accessible in the Operating System per the UEFI specification.
When set to Controlled, selected UEFI variables
are protected in the environment and new UEFI boot entries are forced
to be at the end of the current boot order.
Secure ME PCI Cfg Space
Enabled this setting will hide the PCU configuration
space for the management engine (ME) HECI device and is set to Disabled by default.
Secure Boot
Enables Secure Boot, where the BIOS authenticates
each pre-boot image using the certificates in the Secure Boot Policy.
Secure Boot is disabled by default.
Secure Boot Policy
When Secure Boot policy is Standard, the BIOS uses the system manufacturer’s key and certificates to
authenticate pre-boot images. When Secure Boot policy is Custom, the BIOS uses the user-defined key and certificates.
Secure Boot policy is Standard by default.
Secure Boot Mode
This field enabled how to use Secure boot policy
object (PK, KEK, db, dbx).
Secure Boot Policy Summary
Views the list of certificates and hashes that secure
boot uses to authenticated images.
Secure Boot
Custom Policy Settings
Secure Boot Custom Policy Settings is displayed
only when Secure Boot Policy is set to Custom.
About this task
In the System Setup Main Menu, click System BIOS > System Security > Secure Boot Custom Policy Settings.
The Secure Boot Custom Policy Settings screen details are explained as follows:
Menu Item
Description
Platform Key
Imports, exports, deletes, or restores the platform
key (PK).
Key Exchange Key Database
Allows you to import, export, delete, or restore entries
in the Key Exchange Key (KEK) Database
Authorized Signature Database
Imports, exports, deletes, or restores entries in
the Authorized Signature Database (db).
Forbidden Signature Database
Imports, exports, deletes, or restores entries in
the Forbidden Signature Database (dbx).
Data is not available for the Topic
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please select whether the article was helpful or not.
Comments cannot contain these special characters: <>()\