Table 5-2
Computer Setup—Security (continued)
Displays the current TPM version.
●
TPM Device
Lets you set the Trusted Platform Module as available or hidden.
●
TPM State
Select to enable the TPM.
●
ClearTPM
Select to reset the TPM to an unowned state. After the TPM is cleared, it is also turned off. To
temporarily suspend TPM operations, turn the TPM off instead of clearing it.
CAUTION:
Clearing the TPM resets it to factory defaults and turns it off. You will lose all created
keys and data protected by those keys.
Utilities
Hard Drive Utilities
●
Save/Restore MBR of System Hard Drive
NOTE:
Windows 10 systems are generally not formatted to include an MBR. Instead they use GUID
Partition Table (GPT) format, which better supports large hard drives.
Enabling this feature will save the Master Boot Record (MBR) of the system hard drive. If the MBR
gets changed, the user will be prompted to restore the MBR. Default is disabled.
The MBR contains information needed to successfully boot from a disk and to access the data stored
on the disk. Master Boot Record Security may prevent unintentional or malicious changes to the
MBR, such as those caused by some viruses or by the incorrect use of certain disk utilities. It also
allows you to recover the "last known good" MBR, should changes to the MBR be detected when the
system is restarted.
NOTE:
Most operating systems control access to the MBR of the current bootable disk; the BIOS
cannot prevent changes that may occur while the operating system is running.
Restores the backup Master Boot Record to the current bootable disk. Default is disabled.
Only appears if all of the following conditions are true:
–
MBR security is enabled
–
A backup copy of the MBR has been previously saved
–
The current bootable disk is the same disk from which the backup copy was saved
CAUTION:
Restoring a previously saved MBR after a disk utility or operating system has modified
the MBR, may cause the data on the disk to become inaccessible. Only restore a previously saved
MBR if you are confident that the current bootable disk's MBR has been corrupted or infected with a
virus.
●
Save/Restore GPT of System Hard Drive
Enabling this feature will save the GUID Partition Table (GPT) of the system hard drive. If the GPT is
subsequently changed, the user is prompted to choose whether to restore GPT.
●
DriveLock
Allows you to assign or modify a master or user password for hard drives. When this feature is
enabled, the user is prompted to provide one of the DriveLock passwords during POST. If neither is
successfully entered, the hard drive will remain inaccessible until one of the passwords is
successfully provided during a subsequent cold-boot sequence.
NOTE:
This selection will only appear when at least one drive that supports the DriveLock feature
is attached to the system.
CAUTION:
Be aware that these settings take place immediately. A save is not necessary.
CAUTION:
Be sure to document the DriveLock password. Losing a DriveLock password will render a
drive permanently locked.
68
Chapter 5 Computer Setup (F10) Utility