Table 6-3
Computer Setup—Security (continued)
System Security
(these options are
hardware dependent)
NOTE:
Available options are displayed depending on system configuration.
Data Execution Prevention (enable/disable) - Helps prevent operating system security breaches.
Default is enabled.
Virtualization Technology (enable/disable) - Controls the virtualization features of the processor.
Changing this setting requires turning the computer off and then back on. Default is disabled.
Embedded Security Device (enable/disable) - Permits activation and deactivation of the Embedded
Security Device.
NOTE:
To configure the Embedded Security Device, a Setup password must be set.
Secure Boot
Configuration
●
Legacy Support—Enable/Disable. Allows you to turn off all legacy support on the computer,
including booting to DOS, running legacy graphics cards, booting to legacy devices, and so
on. If set to disable, legacy boot options in
Storage > Boot Order
are not displayed.
Default is enabled.
●
Secure Boot—Enable/Disable. Allows you to make sure an operating system is legitimate
before booting to it, making Windows resistant to malicious modification from preboot to full
OS booting, preventing firmware attacks. UEFI and Windows Secure Boot only allow code
signed by pre-approved digital certificates to run during the firmware and OS boot process.
Default is disabled, except for Windows 8 systems which have this setting enabled. Secure
Boot enabled also sets
Legacy Support
to disabled.
●
Key Management—This option lets you manage the custom key settings.
◦
Clear Secure Boot Keys—Don't Clear/Clear. Allows you to delete any previously loaded
custom boot keys. Default is Don't Clear.
◦
Key Ownership—HP Keys/Custom Keys. Selecting Custom Mode allows you to modify
the contents of the secure boot signature databases and the platform key (PK) that verifies
kernels during system start up, allowing you to use alternative operating systems.
Selecting HP Keys causes the computer boot using the preloaded HP-specific boot keys.
Default is HP Keys.
●
Fast Boot—Enable/Disable. Fast boot disables the ability to interrupt boot, such as pressing f
keys to access items before the operating system loads. Default is disabled.
NOTE:
If Windows 8 detects a serious error, it will interrupt the boot process automatically
and display advanced boot options.
From Windows 8, you can press
Shift
and select
Restart
to access the screen that lets you
boot to a device or troubleshoot your computer.
70
Chapter 6 Computer Setup (F10) Utility