Menu Item
Description
Intel TXT
Enables or disables the Intel Trusted Execution Technology (TXT). To
enable
Intel TXT
, Virtualization Technology must be enabled and TPM
Security must be
Enabled
with Pre-boot measurements. By default, the
Intel TXT
option is set to
Off
Power Button
Enables or disables the power button on the front of the system. By
default, the
Power Button
option is set to
Enabled
.
NMI Button
Enables or disables the NMI button on the front of the system. By default,
the
NMI Button
option is set to
Disabled
.
AC Power Recovery
Sets how the system reacts after AC power is restored to the system. By
default, the
AC Power Recovery
option is set to
Last
.
AC Power Recovery Delay
Sets how the system supports staggering of power up after AC power is
restored to the system. By default, the
AC Power Recovery Delay
option
is set to
Immediate
.
User Defined Delay (60s to
240s)
Sets the
User Defined Delay
when the
User Defined
option for
AC Power
Recovery Delay
is selected.
UEFI Variable Access
Provides varying degrees of securing UEFI variables. When set to
Standard
(the default) UEFI variables are accessible in the Operating
System per the UEFI specification. When set to
Controlled
, selected UEFI
variables are protected in the environment and new UEFI boot entries are
forced to be at the end of the current boot order.
Secure Boot
Enables Secure Boot, where the BIOS authenticates each pre-boot image
using the certificates in the Secure Boot Policy. Secure Boot is disabled
by default.
Secure Boot Policy
When Secure Boot policy is
Standard
, the BIOS uses the system
manufacturer’s key and certificates to authenticate pre-boot images.
When Secure Boot policy is
Custom
, the BIOS uses the user-defined key
and certificates. Secure Boot policy is
Standard
by default.
Secure Boot Policy
Summary
Displays the list of certificates and hashes that secure boot uses to
authenticate images.
Secure Boot Custom Policy Settings screen
Secure Boot Custom Policy Settings is displayed only when
Secure Boot Policy
is set to
Custom
.
In the
System Setup Main Menu
, click
System BIOS
→
System Security
→
Secure Boot Custom Policy
Settings
.
Menu Item
Description
Platform Key
Imports, exports, deletes, or restores the platform
key (PK).
Key Exchange Key Database
Allows you to import, export, delete, or restore
entries in the Key Exchange Key (KEK) Database.
Authorized Signature Database
Imports, exports, deletes, or restores entries in the
Authorized Signature Database (db).
Forbidden Signature Database
Imports, exports, deletes, or restores entries in the
Forbidden Signature Database (dbx).
42