Table 11. Security (continued)
Options
Description
will allow the OS to skip BIOS PPI user prompts when issuing
the clear command (OFF by default).
TPM State
This section allows the user to enable or disable the TPM. This
is the default operating state for the TPM when you want to
use its complete arrays of capabilities (enabled by default).
Intel Total Memory Encryption
Total Memory Encryption(TME)
This section allows the user to enable/disable TME to protect
memory from physical attachs including freeze spray, probing
DDR to read the cycles etc. All of the system memory
is encrypted by the TME block attached to the memory
controller
Chassis Intrusion
Chassis Intrusion
This field controls the chassis intrusion feature
●
Disabled - Will not report intrusions during POST
●
Enabled - Will report intrusions during POST
●
On-silent - Detects intrusions but does not display any
detected intrusions during POST (Selected by default)
Clear Intrusion Warning
This section contains a toggle switch to enable/disable
warnings on intrusion (OFF by default).
SMM Security Mitigation
This section allows the user to enable or disable UEFI SMM
security Mitigation protections (ON by default).
Data Wipe on Next Boot
Start Data Wipe
This section contains toggle switch which when enabled
ensures that the BIOS will queue up a data wipe cycle for
storage device(s) connected to the system board on the next
reboot (OFF by default).
Absolute
Absolute
This section lets the user enable, disable or permanently
disable the BIOS module interface of the optional Absolute
Persistence Module service from Absolute Software. The
options available are as follows:
●
Enable Absolute - Enables Absolute Persistence and load
the firmware Persistence Module (Selected by default)
●
Disable Absolute - Disables Absolute Persistence. The
firmware Persistence Module is not installed.
●
Permanently Disable Absolute - Permanently disables
Absolute Persistence module interface from further use.
UEFI Boot Path Security
UEFI Boot Path Security
This section lets the user control whether the system will
prompt the user to enter the admin password(if set) when
booting to a UEFI booth path device from F12 boot menu. The
options available are as below:
●
Never
●
Always
●
Always Except Internal HDD (Selected by default)
●
Always Except Internal HDD&PXE
72
System setup