Secure boot
Table 28. Secure Boot
Option
Description
Secure Boot Enable
Allows you to enable or disable the Secure Boot Feature.
•
Secure Boot Enable
—By default, this option is disabled.
Secure Boot Mode
Changes to the Secure Boot operation mode modifies the behavior
of Secure Boot to allow evaluation of UEFI driver signatures.
This options are:
•
Deployed Mode
—By default, this option is enabled.
•
Audit Mode
Expert Key Management
Allows you to enable or disable Expert Key Management.
•
Enable Custom Mode
—By default, this option is disabled.
The Custom Mode Key Management options are:
•
PK
—By default, this option is disabled.
•
KEK
•
db
•
dbx
Intel Software Guard Extensions options
Table 29. Intel Software Guard Extensions
Option
Description
Intel SGX Enable
This field specifies you to provide a secured environment for
running code/storing sensitive information in the context of the
main OS.
Click one of the following options:
•
Disabled
•
Enabled
•
Software controlled
—Default
Enclave Memory Size
This option sets
SGX Enclave Reserve Memory Size
Click one of the following options:
•
32 MB
•
64 MB
•
128 MB
—Default
System setup
29