Table 5. System setup options—Security menu
(continued)
Security
Default: Permitted
Absolute
Enable or disable the BIOS module interface of the
optional Absolute Persistence Module service from Absolute
Software.
Default: Enabled
Firmware TPM
Displays the firmware TPM state.
Default: Enabled
PPI Bypass for Clear Command
Enable or disable the TPM Physical Presence Interface (PPI).
When enabled, this setting will allow the OS to skip BIOS PPI
user prompts when issuing the Clear command. Changes to
this setting take effect immediately.
Default: Disabled
UEFI Firmware Capsule Updates
Enables or disables BIOS updates through UEFI capsule
update packages.
Default: Enabled
Windows SMM Security Mitigations Table
Enables or disables Windows SMM Security Mitigation
protections.
Default: Disabled
Secure Boot
Secure Boot
Enables secure boot using only validated boot software.
Default: Disabled
Secure Boot Mode
Modifies the behavior of Secure Boot to allow evaluation
or enforcement of UEFI driver signatures. Deployed Mode
should be selected for normal operation of Secure Boot.
Default: Deployed Mode
Expert Key Management
Custom Mode
Allows you to enable or disable Custom Mode. When
enabled, it allows the PK, KEK, db, and dbx security key
databases to be modified.
Default: Disabled
PK
KEK
db
dbx
Reset all Keys
Delete all Keys
Allows for selection of key database.
●
Delete All Keys will delete the selected key.
●
Reset All Keys will reset all four keys to their default
settings.
Table 6. System setup options—Boot menu
Boot
Boot List Option
Displays the available boot devices.
Default: UEFI
File Browser Add Boot Option
Allows you to set the boot path in the boot option list.
96