CLI Guide

selected UEFI variables are protected in the operating system and new UEFI boot

entries are pushed to the end of the current boot order.

UefiVariableAccess=Standard

authenticate programmatic updates to the policy objects.

In User Mode and Deployed Mode, PK is present, and BIOS performs signature

verication on programmatic attempts to update policy objects.

Deployed Mode is the most secure mode. Use Setup, Audit, or User Mode when

provisioning the system, then use Deployed Mode for normal operation. Available mode

transitions depend on the current mode and PK presence.

In Audit Mode, the BIOS performs signature verication on preboot images and logs

results in the Image Execution Information Table, but executes the images whether they

pass or fail verication. Audit Mode is useful for programmatically determining a working

set of policy objects.

• On systems prior to 14G: N/A

• On 14G and later systems: Enabled, Disabled

When set to Enabled, allows the Operating System to bypass Physical Presence

Interface (PPI) prompts when issuing PPI Advanced Conguration and Power Interface

(ACPI) clear operations.

Example:

A:>syscfg --tpmPpiByPassClear=Enabled

tpmPpiBypassClear=Enabled