Table 2-3
Computer Setup—Advanced (for advanced users) (continued)
Option
Description
Secure Boot
Configuration
Configure Legacy Support and Secure Boot
Legacy Support – Lets you turn off all legacy support on the computer, including booting to DOS, running
legacy graphics cards, booting to legacy devices, and so on. Windows 7 for instance requires legacy
support, whereas Windows 10 does not.
Secure Boot – Lets you make sure an operating system is legitimate before booting to it, making
Windows resistant to malicious modification from preboot to full OS booting, preventing firmware
attacks. UEFI and Windows Secure Boot only allow code signed by pre-approved digital certificates to run
during the firmware and OS boot process.
Default is ‘Legacy Support Enable and Secure Boot Disable’ for Windows 7 and other non-Windows
configurations. Default is ‘Legacy Support Disable and Secure Boot Enable’ for Windows 10 and later
configurations.
Secure Boot Key Management
Lets you manage the custom key settings.
Clear Secure Boot Keys
Lets you delete any previously loaded custom boot keys. Clearing keys will disable secure boot. Default is
disabled.
Reset Secure Boot keys to factory defaults
Default is disabled.
Enable MS UEFI CA key
Disabling this setting alters the Secure Boot key list to further restrict the allowed software
components. Set this option to ‘disable’ to support Device Guard.
System Options
Configure Storage Controller for RAID (enable/disable)
Lets you enable onboard RAID. Default is enabled.
POST Prompt for RAID Configuration (Intel only)
When disabled, the prompt for ‘RAID option ROM’ in legacy mode is suppressed.
Virtualization Technology (VTx) (Intel only)
Controls the virtualization features of the processor. Changing this setting requires turning the computer
off and then back on. Default is disabled.
Virtualization Technology for Directed I/O (VTd) (Intel only)
Controls virtualization DMA remapping features of the chipset. Changing this setting requires turning the
computer off and then back on. Default is disabled.
Allow PCIe/PCI SERR# Interrupt (enable/disable)
Allows PCI devices to report PCI/PCIe System Error signals, such as address parity errors, data parity
errors, and critical errors other than parity. Default is enabled.
Power Button Override (disable/4 sec/15 sec)
Lets you disable or enable and select the number of seconds you have to hold down the power button for
it to force the system to power off. Default is ‘4 sec’.
Thunderbolt Mode
Auto Connect - All devices are allowed to connect without user intervention.
User Authorization (default) - Device connection is managed by the Thunderbolt Service running on the
host system.
18
Chapter 2 System management