Table 25. Security (continued)
Option
Description
●
Permanently Disabled
Chassis Intrusion
This field controls the chassis intrusion feature.
Choose any one of the options:
●
Disabled (default)
●
Enabled
●
On-Silent
Admin Setup Lockout
Allows you to prevent users from entering Setup when Admin password is set. This option is
not set by default.
Master Password Lockout
Allows you to disable master password support. Hard Disk passwords need to be cleared
before the settings can be changed. This option is not set by default.
SMM Security Mitigation
Allows you to enable or disable additional UEFI SMM Security Mitigation protections. This
option is not set by default.
Secure boot options
Table 26. Secure Boot
Option
Description
Secure Boot Enable
Allows you to enable or disable Secure Boot feature
●
Secure Boot Enable
This option is not selected by default.
Secure Boot Mode
Allows you to modify the behavior of Secure Boot to allow evaluation or enforcement of
UEFI driver signatures.
●
Deployed Mode (default)
●
Audit Mode
Expert key Management
Allows you to manipulate the security key databases only if the system is in Custom Mode.
The
Enable Custom Mode
option is disabled by default. The options are:
●
PK (default)
●
KEK
●
db
●
dbx
If you enable the
Custom Mode
, the relevant options for
PK, KEK, db, and dbx
appear.
The options are:
●
Save to File
- Saves the key to a user-selected file
●
Replace from File
- Replaces the current key with a key from a user-selected file
●
Append from File
- Adds a key to the current database from a user-selected file
●
Delete
- Deletes the selected key
●
Reset All Keys
- Resets to default setting
●
Delete All Key
s- Deletes all the keys
NOTE:
If you disable the Custom Mode, all the changes made will be erased and the
keys will restore to default settings.
System setup
29