Option
Description
•
Disable
Default setting: Enable
Admin Setup
Lockout
Allows you to prevent users from entering Setup when an Administrator password is set.
Default Setting: This option is enabled
Master password
lockout
This option is not enabled by default
SMM Security
Mitigation
This option enables or disables additional UEFI SMM Security Mitigation protections.
•
SMM Security Mitigation
Secure Boot screen options
Option
Description
Secure Boot Enable
This option enables or disables the
Secure Boot
feature.
•
Disabled
•
Enabled
Default setting: Disabled
Expert Key
Management
Allows you to manipulate the security key databases only if the system is in Custom Mode. The
Enable Custom
Mode
option is disabled by default. The options are:
•
PK—enabled by default
•
KEK
•
db
•
dbx
If you enable the
Custom Mode
, the relevant options for
PK, KEK, db, and dbx
appear. The options are:
•
Save to File
—Saves the key to a user-selected file
•
Replace from File
—Replaces the current key with a key from a user-selected file
•
Append from File
—Adds a key to the current database from a user-selected file
•
Delete
—Deletes the selected key
•
Reset All Keys
—Resets to default setting
•
Delete All Keys
—Deletes all the keys
NOTE:
If you disable the Custom Mode, all the changes made are erased and the keys restore to default
settings.
Intel software guard extensions screen options
Option
Description
Intel SGX Enable
This field specifies you to provide a secured environment for running code/storing sensitive information in the
context of the main OS. The options are:
•
Disabled
System setup
61