Table 5. System setup options—Security menu
(continued)
Security
Default: Not Set
Asset Tag
Creates a system Asset Tag that can be used by an IT
administrator to uniquely identify a particular system. Once
set in BIOS, the Asset Tag cannot be changed.
Admin Password
Enables the user to set, change, or delete the admin
password.
System Password
Enables the user to set, change, or delete the system
password.
HDD Password
Enables the user to set, change, or delete the hard drive
password.
Password Change
Allows you to enable or disable password change on the
computer.
Default: Permitted
Absolute
Enable or disable the BIOS module interface of the
optional Absolute Persistence Module service from Absolute
Software.
Default: Enabled
Firmware TPM
Displays the firmware TPM state.
Default: Enabled
PPI Bypass for Clear Command
Enable or disable the TPM Physical Presence Interface (PPI).
When enabled, this setting will allow the OS to skip BIOS PPI
user prompts when issuing the Clear command. Changes to
this setting take effect immediately.
Default: Disabled
UEFI Firmware Capsule Updates
Enables or disables BIOS updates through UEFI capsule
update packages.
Default: Enabled
Windows SMM Security Mitigations Table
Enables or disables Windows SMM Security Mitigation
protections.
Default: Disabled
Enable Pre-Boot DMA Protection
Enables or disables Pre-Boot DMA Protection.
Default: Enabled
Enable OS Kernal DMA Protection
Enables or disables OS Kernal DMA Protection.
Default: Enabled
Secure Boot
Secure Boot
Enables secure boot using only validated boot software.
Default: Disabled
Secure Boot Mode
Modifies the behavior of Secure Boot to allow evaluation
or enforcement of UEFI driver signatures. Deployed Mode
should be selected for normal operation of Secure Boot.
Default: Deployed Mode
Expert Key Management
90