Service Manual
Option Description
• PPI Bypass for Disable Commands
• Key Storage Enable—enabled by default
• PPI Bypass for Clear Command
• SHA-256—enabled by default
• Disabled
• Enabled—selected by default
Admin Setup Lockout This option enables you to prevent users from entering Setup when
an administrator password is set.
Master Password Lockout This is an authentication information that is sometimes required to
log into a thin client's basic input/output system (BIOS) before the
machine boots up to the operating system. The Hard disk
passwords needs to be cleared before enabling the Master
Password Lockout. This option will be disabled by default.
SMM Security Mitigation This option enables you to enable and disable additional UEFI SMM
security mitigation protections.
Secure Boot screen options
Table 7. Secure Boot screen options
Options Description
Secure Boot Enable This option enables or disables the secure boot feature. By default,
the Secure Boot Enable option is not set.
Secure Boot Mode This option enables you to change the secure boot operation mode,
modifies the behavior of secure boot to allow evaluation or
enforcement of the UEFI driver signatures. The options include:
• Deployed Mode
• Audit Mode
Expert Key Management This option enables you to manipulate the security key databases
only if the system is in Custom Mode. The Enable Custom Mode
option is disabled by default. The options include:
• PK
• KEK
• db
• dbx
If you enable the Custom Mode, the relevant options for PK, KEK,
db, and dbx is displayed. The options are:
• Save to File—Saves the key to a user-selected file
• Replace from File—Replaces the current key with a key from a
user-selected file
• Append from File—Adds a key to the current database from a
user-selected file
• Delete—Deletes the selected key
• Reset All Keys—To reset the default setting
• Delete All Keys—Deletes all the keys
NOTE: If you disable the Custom Mode, all the changes
are erased and the keys are restored to the default
settings.
50 System setup