CLI Guide
Table 236. UefiVariableAccess (continued)
Example:
A:>syscfg --UefiVariableAccess=Standard
UefiVariableAccess=Standard
SecureBootMode
Table 237. SecureBootMode
Valid Arguments
● On systems prior to YX4X: NA
● On YX4X and later systems: UserMode, DeployedMode.
Description
This feature configures the BIOS uses the Secure Boot Policy Objects — PK, KEK,
db, dbx. In Setup Mode and Audit Mode, PK is not present, and BIOS does not
authenticate programmatic updates to the policy objects.
In User Mode and Deployed Mode, PK is present, and BIOS performs signature
verification on programmatic attempts to update policy objects.
Deployed Mode is the most secure mode. Use Setup, Audit, or User Mode when
provisioning the system, then use Deployed Mode for normal operation. Available
mode transitions depend on the current mode and PK presence.
In Audit Mode, the BIOS performs signature verification on preboot images and logs
results in the Image Execution Information Table, but executes the images whether
they pass or fail verification. Audit Mode is useful for programmatically determining a
working set of policy objects.
Example:
A:>syscfg --SecureBootMode=UserMode
SecureBootMode=UserMode
TpmPpiBypassClear
Table 238. TpmPpiBypassClear
Valid Arguments
● On systems prior to YX4X: N/A
● On YX4X and later systems: Enabled, Disabled
Description
When set to Enabled, allows the Operating System to bypass Physical Presence
Interface (PPI) prompts when issuing PPI Advanced Configuration and Power
Interface (ACPI) clear operations.
Example:
A:>syscfg --tpmPpiByPassClear=Enabled
tpmPpiBypassClear=Enabled
TpmPpiBypassProvision
Table 239. TpmPpiBypassProvision
Valid Arguments
● On systems prior to YX4X: N/A
SYSCFG 107